Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
na.elf

Overview

General Information

Sample name:na.elf
Analysis ID:1528835
MD5:f3313fa87086a874824c89f96768a45e
SHA1:65341faf419680f11f4813faca3da39af23e9f43
SHA256:b1f553f261ba277bcb1e6d36f820af2cc558c86d996c30d5839a1a0087db7c9b
Tags:elfMiraiuser-abuse_ch
Infos:

Detection

Mirai
Score:96
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample tries to kill a massive number of system processes
Yara detected Mirai
Machine Learning detection for sample
Sample deletes itself
Sample is packed with UPX
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Sends malformed DNS queries
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "ps" command used to list the status of processes
Executes the "rm" command used to delete files or directories
Reads CPU information from /sys indicative of miner or evasive malware
Reads system information from the proc file system
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1528835
Start date and time:2024-10-08 11:31:58 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 53s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:na.elf
Detection:MAL
Classification:mal96.spre.troj.evad.linELF@0/12@5/0

Warnings

  • Report size exceeded maximum capacity and may have missing behavior information.

Runtime Messages

Command:/tmp/na.elf
PID:6252
Exit Code:
Exit Code Info:
Killed:True
Standard Output:
Hello, World!
[DEBUG] Checking process: PID=1, Path=/usr/lib/systemd/systemd
[DEBUG] Process is in whitelist or matches safe prefix: PID=1, Path=/usr/lib/systemd/systemd
[DEBUG] Checking process: PID=491, Path=/usr/lib/systemd/systemd-journald
[DEBUG] Process is in whitelist or matches safe prefix: PID=491, Path=/usr/lib/systemd/systemd-journald
[DEBUG] Checking process: PID=658, Path=/usr/sbin/multipathdtemd-journald
[DEBUG] Killing process: PID=658, Path=/usr/sbin/multipathdtemd-journald
[DEBUG] Checking process: PID=720, Path=/usr/bin/VGAuthServicemd-journald
[DEBUG] Killing process: PID=720, Path=/usr/bin/VGAuthServicemd-journald
[DEBUG] Checking process: PID=721, Path=/usr/bin/vmtoolsdrvicemd-journald
[DEBUG] Killing process: PID=721, Path=/usr/bin/vmtoolsdrvicemd-journald
[DEBUG] Checking process: PID=759, Path=/usr/lib/systemd/systemd-networkd
[DEBUG] Process is in whitelist or matches safe prefix: PID=759, Path=/usr/lib/systemd/systemd-networkd
[DEBUG] Checking process: PID=761, Path=/usr/lib/systemd/systemd-resolved
[DEBUG] Process is in whitelist or matches safe prefix: PID=761, Path=/usr/lib/systemd/systemd-resolved
[DEBUG] Checking process: PID=772, Path=/usr/sbin/acpidd/systemd-resolved
[DEBUG] Killing process: PID=772, Path=/usr/sbin/acpidd/systemd-resolved
[DEBUG] Checking process: PID=774, Path=/usr/sbin/avahi-daemonmd-resolved
[DEBUG] Killing process: PID=774, Path=/usr/sbin/avahi-daemonmd-resolved
[DEBUG] Checking process: PID=777, Path=/usr/bin/dbus-daemononmd-resolved
[DEBUG] Process is in whitelist or matches safe prefix: PID=777, Path=/usr/bin/dbus-daemononmd-resolved
[DEBUG] Checking process: PID=785, Path=/usr/sbin/irqbalanceonmd-resolved
[DEBUG] Killing process: PID=785, Path=/usr/sbin/irqbalanceonmd-resolved
[DEBUG] Checking process: PID=788, Path=/usr/bin/python3.8ceonmd-resolved
[DEBUG] Killing process: PID=788, Path=/usr/bin/python3.8ceonmd-resolved
[DEBUG] Checking process: PID=789, Path=/usr/lib/policykit-1/polkitdolved
[DEBUG] Process is in whitelist or matches safe prefix: PID=789, Path=/usr/lib/policykit-1/polkitdolved
[DEBUG] Checking process: PID=793, Path=/usr/sbin/rsyslogd-1/polkitdolved
[DEBUG] Process is in whitelist or matches safe prefix: PID=793, Path=/usr/sbin/rsyslogd-1/polkitdolved
[DEBUG] Checking process: PID=796, Path=/usr/libexec/switcheroo-controled
[DEBUG] Killing process: PID=796, Path=/usr/libexec/switcheroo-controled
[DEBUG] Checking process: PID=797, Path=/usr/lib/systemd/systemd-loginded
[DEBUG] Process is in whitelist or matches safe prefix: PID=797, Path=/usr/lib/systemd/systemd-loginded
[DEBUG] Checking process: PID=799, Path=/usr/lib/udisks2/udisksd-loginded
[DEBUG] Killing process: PID=799, Path=/usr/lib/udisks2/udisksd-loginded
[DEBUG] Checking process: PID=800, Path=/usr/sbin/wpa_supplicant-loginded
[DEBUG] Killing process: PID=800, Path=/usr/sbin/wpa_supplicant-loginded
[DEBUG] Checking process: PID=847, Path=/usr/sbin/ModemManagernt-loginded
[DEBUG] Killing process: PID=847, Path=/usr/sbin/ModemManagernt-loginded
[DEBUG] Checking process: PID=884, Path=/usr/bin/python3.8agernt-loginded
[DEBUG] Killing process: PID=884, Path=/usr/bin/python3.8agernt-loginded
[DEBUG] Checking process: PID=904, Path=/usr/bin/whoopsie8agernt-loginded
[DEBUG] Killing process: PID=904, Path=/usr/bin/whoopsie8agernt-loginded
[DEBUG] Checking process: PID=912, Path=/usr/sbin/kerneloopsernt-loginded
[DEBUG] Killing process: PID=912, Path=/usr/sbin/kerneloopsernt-loginded
[DEBUG] Checking process: PID=918, Path=/usr/sbin/kerneloopsernt-loginded
[DEBUG] Checking process: PID=936, Path=/usr/sbin/sshdeloopsernt-loginded
[DEBUG] Process is in whitelist or matches safe prefix: PID=936, Path=/usr/sbin/sshdeloopsernt-loginded
[DEBUG] Checking process: PID=1320, Path=/usr/sbin/gdm3eloopsernt-loginded
[DEBUG] Killing process: PID=1320, Path=/usr/sbin/gdm3eloopsernt-loginded
[DEBUG] Checking process: PID=1334, Path=/usr/lib/systemd/systemd-loginded
[DEBUG] Process is in whitelist or matches safe prefix: PID=1334, Path=/usr/lib/systemd/systemd-loginded
[DEBUG] Checking process: PID=1335, Path=/usr/lib/systemd/systemd-loginded
[DEBUG] Process is in whitelist or matches safe prefix: PID=1335, Path=/usr/lib/systemd/systemd-loginded
[DEBUG] Checking process: PID=1344, Path=/usr/bin/dbus-daemontemd-loginded
[DEBUG] Process is in whitelist or matches safe prefix: PID=1344, Path=/usr/bin/dbus-daemontemd-loginded
[DEBUG] Checking process: PID=1349, Path=/usr/libexec/rtkit-daemonloginded
[DEBUG] Killing process: PID=1349, Path=/usr/libexec/rtkit-daemonloginded
[DEBUG] Checking process: PID=1389, Path=/usr/lib/gdm3/gdm-session-workerd
[DEBUG] Killing process: PID=1389, Path=/usr/lib/gdm3/gdm-session-workerd
[DEBUG] Checking process: PID=1463, Path=/usr/lib/gdm3/gdm-x-sessionorkerd
[DEBUG] Killing process: PID=1463, Path=/usr/lib/gdm3/gdm-x-sessionorkerd
[DEBUG] Checking process: PID=1465, Path=/usr/lib/xorg/Xorgx-sessionorkerd
[DEBUG] Killing process: PID=1465, Path=/usr/lib/xorg/Xorgx-sessionorkerd
[DEBUG] Checking process: PID=1475, Path=/usr/bin/dbus-run-sessiononorkerd
[DEBUG] Killing process: PID=1475, Path=/usr/bin/dbus-run-sessiononorkerd
[DEBUG] Checking process: PID=1476, Path=/usr/bin/dbus-daemonssiononorkerd
[DEBUG] Process is in whitelist or matches safe prefix: PID=1476, Path=/usr/bin/dbus-daemonssiononorkerd
[DEBUG] Checking process: PID=1477, Path=/usr/libexec/gnome-session-binary
[DEBUG] Killing process: PID=1477, Path=/usr/libexec/gnome-session-binary
[DEBUG] Checking process: PID=1489, Path=/usr/libexec/at-spi-bus-launchery
[DEBUG] Killing process: PID=1489, Path=/usr/libexec/at-spi-bus-launchery
[DEBUG] Checking process: PID=1494, Path=/usr/bin/dbus-daemonbus-launchery
[DEBUG] Process is in whitelist or matches safe prefix: PID=1494, Path=/usr/bin/dbus-daemonbus-launchery
[DEBUG] Checking process: PID=1576, Path=/usr/bin/ibus-daemonbus-launchery
[DEBUG] Killing process: PID=1576, Path=/usr/bin/ibus-daemonbus-launchery
[DEBUG] Checking process: PID=1579, Path=/usr/libexec/ibus-memconfaunchery
[DEBUG] Killing process: PID=1579, Path=/usr/libexec/ibus-memconfaunchery
[DEBUG] Checking process: PID=1582, Path=/usr/libexec/ibus-x11confaunchery
[DEBUG] Killing process: PID=1582, Path=/usr/libexec/ibus-x11confaunchery
[DEBUG] Checking process: PID=1586, Path=/usr/libexec/ibus-portalfaunchery
[DEBUG] Killing process: PID=1586, Path=/usr/libexec/ibus-portalfaunchery
[DEBUG] Checking process: PID=1594, Path=/usr/libexec/at-spi2-registrydery
[DEBUG] Killing process: PID=1594, Path=/usr/libexec/at-spi2-registrydery
[DEBUG] Checking process: PID=1599, Path=/usr/lib/upower/upowerdgistrydery
[DEBUG] Killing process: PID=1599, Path=/usr/lib/upower/upowerdgistrydery
[DEBUG] Checking process: PID=1601, Path=/usr/bin/pulseaudiowerdgistrydery
[DEBUG] Killing process: PID=1601, Path=/usr/bin/pulseaudiowerdgistrydery
[DEBUG] Checking process: PID=1612, Path=/usr/bin/gjs-consoleerdgistrydery
[DEBUG] Killing process: PID=1612, Path=/usr/bin/gjs-consoleerdgistrydery
[DEBUG] Checking process: PID=1622, Path=/usr/libexec/gsd-sharingistrydery
[DEBUG] Killing process: PID=1622, Path=/usr/libexec/gsd-sharingistrydery
[DEBUG] Checking process: PID=1633, Path=/usr/libexec/gsd-print-notifications
[DEBUG] Killing process: PID=1633, Path=/usr/libexec/gsd-print-notifications
[DEBUG] Checking process: PID=1638, Path=/usr/libexec/gsd-rfkillnotifications
[DEBUG] Killing process: PID=1638, Path=/usr/libexec/gsd-rfkillnotifications
[DEBUG] Checking process: PID=1639, Path=/usr/libexec/gsd-smartcardifications
[DEBUG] Killing process: PID=1639, Path=/usr/libexec/gsd-smartcardifications
[DEBUG] Checking process: PID=1642, Path=/usr/libexec/gsd-datetimedifications
[DEBUG] Killing process: PID=1642, Path=/usr/libexec/gsd-datetimedifications
[DEBUG] Checking process: PID=1654, Path=/usr/libexec/gsd-screensaver-proxyns
[DEBUG] Killing process: PID=1654, Path=/usr/libexec/gsd-screensaver-proxyns
[DEBUG] Checking process: PID=1656, Path=/usr/libexec/gsd-soundnsaver-proxyns
[DEBUG] Killing process: PID=1656, Path=/usr/libexec/gsd-soundnsaver-proxyns
[DEBUG] Checking process: PID=1661, Path=/usr/libexec/gsd-a11y-settingsroxyns
[DEBUG] Killing process: PID=1661, Path=/usr/libexec/gsd-a11y-settingsroxyns
[DEBUG] Checking process: PID=1664, Path=/usr/libexec/gsd-housekeepingsroxyns
[DEBUG] Killing process: PID=1664, Path=/usr/libexec/gsd-housekeepingsroxyns
[DEBUG] Checking process: PID=1698, Path=/usr/libexec/gsd-printerepingsroxyns
[DEBUG] Killing process: PID=1698, Path=/usr/libexec/gsd-printerepingsroxyns
[DEBUG] Checking process: PID=1699, Path=/usr/libexec/colordinterepingsroxyns
[DEBUG] Killing process: PID=1699, Path=/usr/libexec/colordinterepingsroxyns
[DEBUG] Checking process: PID=1809, Path=/usr/lib/gdm3/gdm-session-workerxyns
[DEBUG] Killing process: PID=1809, Path=/usr/lib/gdm3/gdm-session-workerxyns
[DEBUG] Checking process: PID=1860, Path=/usr/lib/systemd/systemdn-workerxyns
[DEBUG] Process is in whitelist or matches safe prefix: PID=1860, Path=/usr/lib/systemd/systemdn-workerxyns
[DEBUG] Checking process: PID=1872, Path=/usr/lib/systemd/systemdn-workerxyns
[DEBUG] Process is in whitelist or matches safe prefix: PID=1872, Path=/usr/lib/systemd/systemdn-workerxyns
[DEBUG] Checking process: PID=1877, Path=/usr/bin/pulseaudiostemdn-workerxyns
[DEBUG] Killing process: PID=1877, Path=/usr/bin/pulseaudiostemdn-workerxyns
[DEBUG] Checking process: PID=1886, Path=/usr/bin/dbus-daemontemdn-workerxyns
[DEBUG] Process is in whitelist or matches safe prefix: PID=1886, Path=/usr/bin/dbus-daemontemdn-workerxyns
[DEBUG] Checking process: PID=1888, Path=/usr/lib/gdm3/gdm-x-sessionorkerxyns
[DEBUG] Killing process: PID=1888, Path=/usr/lib/gdm3/gdm-x-sessionorkerxyns
[DEBUG] Checking process: PID=1890, Path=/usr/lib/xorg/Xorgx-sessionorkerxyns
[DEBUG] Killing process: PID=1890, Path=/usr/lib/xorg/Xorgx-sessionorkerxyns
[DEBUG] Checking process: PID=1900, Path=/usr/bin/xfce4-sessionssionorkerxyns
[DEBUG] Killing process: PID=1900, Path=/usr/bin/xfce4-sessionssionorkerxyns
[DEBUG] Checking process: PID=1983, Path=/usr/bin/ssh-agentsionssionorkerxyns
[DEBUG] Killing process: PID=1983, Path=/usr/bin/ssh-agentsionssionorkerxyns
[DEBUG] Checking process: PID=2009, Path=/usr/libexec/at-spi-bus-launcherxyns
[DEBUG] Killing process: PID=2009, Path=/usr/libexec/at-spi-bus-launcherxyns
[DEBUG] Checking process: PID=2014, Path=/usr/bin/dbus-daemonbus-launcherxyns
[DEBUG] Process is in whitelist or matches safe prefix: PID=2014, Path=/usr/bin/dbus-daemonbus-launcherxyns
[DEBUG] Checking process: PID=2018, Path=/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
[DEBUG] Killing process: PID=2018, Path=/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
[DEBUG] Checking process: PID=2028, Path=/usr/bin/xfce4-screensaverxfce4/xfconf/xfconfd
[DEBUG] Killing process: PID=2028, Path=/usr/bin/xfce4-screensaverxfce4/xfconf/xfconfd
[DEBUG] Checking process: PID=2033, Path=/usr/libexec/gvfsdeensaverxfce4/xfconf/xfconfd
[DEBUG] Killing process: PID=2033, Path=/usr/libexec/gvfsdeensaverxfce4/xfconf/xfconfd
[DEBUG] Checking process: PID=2038, Path=/usr/libexec/gvfsd-fuseverxfce4/xfconf/xfconfd
[DEBUG] Killing process: PID=2038, Path=/usr/libexec/gvfsd-fuseverxfce4/xfconf/xfconfd
[DEBUG] Checking process: PID=2048, Path=/usr/bin/gpg-agent-fuseverxfce4/xfconf/xfconfd
[DEBUG] Killing process: PID=2048, Path=/usr/bin/gpg-agent-fuseverxfce4/xfconf/xfconfd
[DEBUG] Checking process: PID=2050, Path=/usr/bin/xfwm4gent-fuseverxfce4/xfconf/xfconfd
[DEBUG] Killing process: PID=2050, Path=/usr/bin/xfwm4gent-fuseverxfce4/xfconf/xfconfd
[DEBUG] Checking process: PID=2062, Path=/usr/bin/xfsettingsduseverxfce4/xfconf/xfconfd
[DEBUG] Killing process: PID=2062, Path=/usr/bin/xfsettingsduseverxfce4/xfconf/xfconfd
[DEBUG] Checking process: PID=2063, Path=/usr/bin/xfce4-paneluseverxfce4/xfconf/xfconfd
[DEBUG] Killing process: PID=2063, Path=/usr/bin/xfce4-paneluseverxfce4/xfconf/xfconfd
[DEBUG] Checking process: PID=2069, Path=/usr/bin/thunarpaneluseverxfce4/xfconf/xfconfd
[DEBUG] Killing process: PID=2069, Path=/usr/bin/thunarpaneluseverxfce4/xfconf/xfconfd
[DEBUG] Checking process: PID=2074, Path=/usr/bin/xfdesktopeluseverxfce4/xfconf/xfconfd
[DEBUG] Killing process: PID=2074, Path=/usr/bin/xfdesktopeluseverxfce4/xfconf/xfconfd
[DEBUG] Checking process: PID=2080, Path=/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
[DEBUG] Killing process: PID=2080, Path=/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
[DEBUG] Checking process: PID=2096, Path=/usr/bin/python3.8nux-gnu/xfce4/panel/wrapper-2.0
[DEBUG] Killing process: PID=2096, Path=/usr/bin/python3.8nux-gnu/xfce4/panel/wrapper-2.0
[DEBUG] Checking process: PID=2097, Path=/usr/bin/nm-appletnux-gnu/xfce4/panel/wrapper-2.0
[DEBUG] Killing process: PID=2097, Path=/usr/bin/nm-appletnux-gnu/xfce4/panel/wrapper-2.0
[DEBUG] Checking process: PID=2102, Path=/usr/bin/python3.8nux-gnu/xfce4/panel/wrapper-2.0
[DEBUG] Checking process: PID=2114, Path=/usr/libexec/evolution-data-server/evolution-alarm-notify
[DEBUG] Killing process: PID=2114, Path=/usr/libexec/evolution-data-server/evolution-alarm-notify
[DEBUG] Checking process: PID=2123, Path=/usr/bin/xfce4-power-managerserver/evolution-alarm-notify
[DEBUG] Killing process: PID=2123, Path=/usr/bin/xfce4-power-managerserver/evolution-alarm-notify
[DEBUG] Checking process: PID=2126, Path=/usr/bin/xiccd-power-managerserver/evolution-alarm-notify
[DEBUG] Killing process: PID=2126, Path=/usr/bin/xiccd-power-managerserver/evolution-alarm-notify
[DEBUG] Checking process: PID=2128, Path=/usr/libexec/dconf-serviceerserver/evolution-alarm-notify
[DEBUG] Killing process: PID=2128, Path=/usr/libexec/dconf-serviceerserver/evolution-alarm-notify
[DEBUG] Checking process: PID=2129, Path=/usr/libexec/geoclue-2.0/demos/agentvolution-alarm-notify
[DEBUG] Killing process: PID=2129, Path=/usr/libexec/geoclue-2.0/demos/agentvolution-alarm-notify
[DEBUG] Checking process: PID=2146, Path=/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
[DEBUG] Killing process: PID=2146, Path=/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
[DEBUG] Checking process: PID=2156, Path=/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifydn-agent-1
[DEBUG] Killing process: PID=2156, Path=/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifydn-agent-1
[DEBUG] Checking process: PID=2180, Path=/usr/libexec/evolution-source-registryd/xfce4-notifydn-agent-1
[DEBUG] Killing process: PID=2180, Path=/usr/libexec/evolution-source-registryd/xfce4-notifydn-agent-1
[DEBUG] Checking process: PID=2195, Path=/usr/libexec/goa-daemonsource-registryd/xfce4-notifydn-agent-1
[DEBUG] Killing process: PID=2195, Path=/usr/libexec/goa-daemonsource-registryd/xfce4-notifydn-agent-1
[DEBUG] Checking process: PID=2208, Path=/usr/libexec/goa-identity-serviceistryd/xfce4-notifydn-agent-1
[DEBUG] Killing process: PID=2208, Path=/usr/libexec/goa-identity-serviceistryd/xfce4-notifydn-agent-1
[DEBUG] Checking process: PID=2226, Path=/usr/libexec/evolution-calendar-factory/xfce4-notifydn-agent-1
[DEBUG] Killing process: PID=2226, Path=/usr/libexec/evolution-calendar-factory/xfce4-notifydn-agent-1
[DEBUG] Checking process: PID=2235, Path=/usr/lib/bluetooth/obexdalendar-factory/xfce4-notifydn-agent-1
[DEBUG] Killing process: PID=2235, Path=/usr/lib/bluetooth/obexdalendar-factory/xfce4-notifydn-agent-1
[DEBUG] Checking process: PID=2242, Path=/usr/libexec/evolution-addressbook-factoryce4-notifydn-agent-1
[DEBUG] Killing process: PID=2242, Path=/usr/libexec/evolution-addressbook-factoryce4-notifydn-agent-1
[DEBUG] Checking process: PID=2275, Path=/usr/libexec/gvfs-udisks2-volume-monitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=2275, Path=/usr/libexec/gvfs-udisks2-volume-monitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=2281, Path=/usr/libexec/gvfs-mtp-volume-monitoritorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=2281, Path=/usr/libexec/gvfs-mtp-volume-monitoritorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=2285, Path=/usr/libexec/gvfs-goa-volume-monitoritorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=2285, Path=/usr/libexec/gvfs-goa-volume-monitoritorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=2289, Path=/usr/libexec/gvfs-afc-volume-monitoritorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=2289, Path=/usr/libexec/gvfs-afc-volume-monitoritorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=2294, Path=/usr/libexec/gvfs-gphoto2-volume-monitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=2294, Path=/usr/libexec/gvfs-gphoto2-volume-monitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=2307, Path=/usr/libexec/gvfsd-metadataolume-monitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=2307, Path=/usr/libexec/gvfsd-metadataolume-monitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=2637, Path=/usr/libexec/fwupd/fwupdataolume-monitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=2637, Path=/usr/libexec/fwupd/fwupdataolume-monitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=3236, Path=/usr/lib/packagekit/packagekitde-monitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=3236, Path=/usr/lib/packagekit/packagekitde-monitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=4532, Path=/usr/lib/systemd/systemd-timedatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=4532, Path=/usr/lib/systemd/systemd-timedatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6058, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6058, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6214, Path=/usr/bin/dashemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=6214, Path=/usr/bin/dashemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6215, Path=/usr/bin/dmesgmd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=6215, Path=/usr/bin/dmesgmd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6252, Path=/tmp/na.elf (deleted)emd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Skipping self or parent: PID=6252
[DEBUG] Checking process: PID=6254, Path=/tmp/na.elf (deleted)emd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Skipping self or parent: PID=6254
[DEBUG] Checking process: PID=6257, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6257, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6258, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6258, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6259, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6259, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6260, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6260, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6261, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6261, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6262, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6262, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6263, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6263, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6264, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6264, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6265, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6265, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6266, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6266, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6267, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6267, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6268, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6268, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6269, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6269, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6270, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6270, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6271, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6271, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6272, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6272, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6273, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6273, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6274, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6274, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6275, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6275, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6276, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6276, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6284, Path=/usr/lib/upower/upowerdd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=6284, Path=/usr/lib/upower/upowerdd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6305, Path=/usr/bin/xfwm4r/upowerdd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=6305, Path=/usr/bin/xfwm4r/upowerdd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6337, Path=/usr/bin/xfce4-sessiondd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=6337, Path=/usr/bin/xfce4-sessiondd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=1, Cmdline=/sbin/init maybe-ubiquity
[DEBUG] Process is in whitelist or matches safe prefix: PID=1, Cmdline=/sbin/init maybe-ubiquity
[DEBUG] Checking process: PID=2, Cmdline=[kthreadd]
[DEBUG] Killing process: PID=2, Cmdline=[kthreadd]
[DEBUG] Checking process: PID=3, Cmdline=[rcu_gp]
[DEBUG] Killing process: PID=3, Cmdline=[rcu_gp]
[DEBUG] Checking process: PID=4, Cmdline=[rcu_par_gp]
[DEBUG] Killing process: PID=4, Cmdline=[rcu_par_gp]
[DEBUG] Checking process: PID=6, Cmdline=[kworker/0:0H-kblockd]
[DEBUG] Killing process: PID=6, Cmdline=[kworker/0:0H-kblockd]
[DEBUG] Checking process: PID=9, Cmdline=[mm_percpu_wq]
[DEBUG] Killing process: PID=9, Cmdline=[mm_percpu_wq]
[DEBUG] Checking process: PID=10, Cmdline=[ksoftirqd/0]
[DEBUG] Killing process: PID=10, Cmdline=[ksoftirqd/0]
[DEBUG] Checking process: PID=11, Cmdline=[rcu_sched]
[DEBUG] Killing process: PID=11, Cmdline=[rcu_sched]
[DEBUG] Checking process: PID=12, Cmdline=[migration/0]
[DEBUG] Killing process: PID=12, Cmdline=[migration/0]
[DEBUG] Checking process: PID=13, Cmdline=[idle_inject/0]
[DEBUG] Killing process: PID=13, Cmdline=[idle_inject/0]
[DEBUG] Checking process: PID=14, Cmdline=[cpuhp/0]
[DEBUG] Killing process: PID=14, Cmdline=[cpuhp/0]
[DEBUG] Checking process: PID=15, Cmdline=[cpuhp/1]
[DEBUG] Killing process: PID=15, Cmdline=[cpuhp/1]
[DEBUG] Checking process: PID=16, Cmdline=[idle_inject/1]
[DEBUG] Killing process: PID=16, Cmdline=[idle_inject/1]
[DEBUG] Checking process: PID=17, Cmdline=[migration/1]
[DEBUG] Killing process: PID=17, Cmdline=[migration/1]
[DEBUG] Checking process: PID=18, Cmdline=[ksoftirqd/1]
[DEBUG] Killing process: PID=18, Cmdline=[ksoftirqd/1]
[DEBUG] Checking process: PID=20, Cmdline=[kworker/1:0H-kblockd]
[DEBUG] Killing process: PID=20, Cmdline=[kworker/1:0H-kblockd]
[DEBUG] Checking process: PID=21, Cmdline=[kdevtmpfs]
[DEBUG] Killing process: PID=21, Cmdline=[kdevtmpfs]
[DEBUG] Checking process: PID=22, Cmdline=[netns]
[DEBUG] Killing process: PID=22, Cmdline=[netns]
[DEBUG] Checking process: PID=23, Cmdline=[rcu_tasks_kthre]
[DEBUG] Killing process: PID=23, Cmdline=[rcu_tasks_kthre]
[DEBUG] Checking process: PID=24, Cmdline=[kauditd]
[DEBUG] Killing process: PID=24, Cmdline=[kauditd]
[DEBUG] Checking process: PID=25, Cmdline=[khungtaskd]
[DEBUG] Killing process: PID=25, Cmdline=[khungtaskd]
[DEBUG] Checking process: PID=26, Cmdline=[oom_reaper]
[DEBUG] Killing process: PID=26, Cmdline=[oom_reaper]
[DEBUG] Checking process: PID=27, Cmdline=[writeback]
[DEBUG] Killing process: PID=27, Cmdline=[writeback]
[DEBUG] Checking process: PID=28, Cmdline=[kcompactd0]
[DEBUG] Killing process: PID=28, Cmdline=[kcompactd0]
[DEBUG] Checking process: PID=29, Cmdline=[ksmd]
[DEBUG] Killing process: PID=29, Cmdline=[ksmd]
[DEBUG] Checking process: PID=30, Cmdline=[khugepaged]
[DEBUG] Killing process: PID=30, Cmdline=[khugepaged]
[DEBUG] Checking process: PID=35, Cmdline=[kworker/1:1-cifsiod]
[DEBUG] Killing process: PID=35, Cmdline=[kworker/1:1-cifsiod]
[DEBUG] Checking process: PID=77, Cmdline=[kintegrityd]
[DEBUG] Killing process: PID=77, Cmdline=[kintegrityd]
[DEBUG] Checking process: PID=78, Cmdline=[kblockd]
[DEBUG] Killing process: PID=78, Cmdline=[kblockd]
[DEBUG] Checking process: PID=79, Cmdline=[blkcg_punt_bio]
[DEBUG] Killing process: PID=79, Cmdline=[blkcg_punt_bio]
[DEBUG] Checking process: PID=80, Cmdline=[tpm_dev_wq]
[DEBUG] Killing process: PID=80, Cmdline=[tpm_dev_wq]
[DEBUG] Checking process: PID=81, Cmdline=[ata_sff]
[DEBUG] Killing process: PID=81, Cmdline=[ata_sff]
[DEBUG] Checking process: PID=82, Cmdline=[md]
[DEBUG] Killing process: PID=82, Cmdline=[md]
[DEBUG] Checking process: PID=83, Cmdline=[edac-poller]
[DEBUG] Killing process: PID=83, Cmdline=[edac-poller]
[DEBUG] Checking process: PID=84, Cmdline=[devfreq_wq]
[DEBUG] Killing process: PID=84, Cmdline=[devfreq_wq]
[DEBUG] Checking process: PID=85, Cmdline=[watchdogd]
[DEBUG] Killing process: PID=85, Cmdline=[watchdogd]
[DEBUG] Checking process: PID=88, Cmdline=[kswapd0]
[DEBUG] Killing process: PID=88, Cmdline=[kswapd0]
[DEBUG] Checking process: PID=89, Cmdline=[ecryptfs-kthrea]
[DEBUG] Killing process: PID=89, Cmdline=[ecryptfs-kthrea]
[DEBUG] Checking process: PID=91, Cmdline=[kthrotld]
[DEBUG] Killing process: PID=91, Cmdline=[kthrotld]
[DEBUG] Checking process: PID=92, Cmdline=[irq/24-pciehp]
[DEBUG] Killing process: PID=92, Cmdline=[irq/24-pciehp]
[DEBUG] Checking process: PID=93, Cmdline=[irq/25-pciehp]
[DEBUG] Killing process: PID=93, Cmdline=[irq/25-pciehp]
[DEBUG] Checking process: PID=94, Cmdline=[irq/26-pciehp]
[DEBUG] Killing process: PID=94, Cmdline=[irq/26-pciehp]
[DEBUG] Checking process: PID=95, Cmdline=[irq/27-pciehp]
[DEBUG] Killing process: PID=95, Cmdline=[irq/27-pciehp]
[DEBUG] Checking process: PID=96, Cmdline=[irq/28-pciehp]
[DEBUG] Killing process: PID=96, Cmdline=[irq/28-pciehp]
[DEBUG] Checking process: PID=97, Cmdline=[irq/29-pciehp]
[DEBUG] Killing process: PID=97, Cmdline=[irq/29-pciehp]
[DEBUG] Checking process: PID=98, Cmdline=[irq/30-pciehp]
[DEBUG] Killing process: PID=98, Cmdline=[irq/30-pciehp]
[DEBUG] Checking process: PID=99, Cmdline=[irq/31-pciehp]
[DEBUG] Killing process: PID=99, Cmdline=[irq/31-pciehp]
[DEBUG] Checking process: PID=100, Cmdline=[irq/32-pciehp]
[DEBUG] Killing process: PID=100, Cmdline=[irq/32-pciehp]
[DEBUG] Checking process: PID=101, Cmdline=[irq/33-pciehp]
[DEBUG] Killing process: PID=101, Cmdline=[irq/33-pciehp]
[DEBUG] Checking process: PID=102, Cmdline=[irq/34-pciehp]
[DEBUG] Killing process: PID=102, Cmdline=[irq/34-pciehp]
[DEBUG] Checking process: PID=103, Cmdline=[irq/35-pciehp]
[DEBUG] Killing process: PID=103, Cmdline=[irq/35-pciehp]
[DEBUG] Checking process: PID=104, Cmdline=[irq/36-pciehp]
[DEBUG] Killing process: PID=104, Cmdline=[irq/36-pciehp]
[DEBUG] Checking process: PID=105, Cmdline=[irq/37-pciehp]
[DEBUG] Killing process: PID=105, Cmdline=[irq/37-pciehp]
[DEBUG] Checking process: PID=106, Cmdline=[irq/38-pciehp]
[DEBUG] Killing process: PID=106, Cmdline=[irq/38-pciehp]
[DEBUG] Checking process: PID=107, Cmdline=[irq/39-pciehp]
[DEBUG] Killing process: PID=107, Cmdline=[irq/39-pciehp]
[DEBUG] Checking process: PID=108, Cmdline=[irq/40-pciehp]
[DEBUG] Killing process: PID=108, Cmdline=[irq/40-pciehp]
[DEBUG] Checking process: PID=109, Cmdline=[irq/41-pciehp]
[DEBUG] Killing process: PID=109, Cmdline=[irq/41-pciehp]
[DEBUG] Checking process: PID=110, Cmdline=[irq/42-pciehp]
[DEBUG] Killing process: PID=110, Cmdline=[irq/42-pciehp]
[DEBUG] Checking process: PID=111, Cmdline=[irq/43-pciehp]
[DEBUG] Killing process: PID=111, Cmdline=[irq/43-pciehp]
[DEBUG] Checking process: PID=112, Cmdline=[irq/44-pciehp]
[DEBUG] Killing process: PID=112, Cmdline=[irq/44-pciehp]
[DEBUG] Checking process: PID=113, Cmdline=[irq/45-pciehp]
[DEBUG] Killing process: PID=113, Cmdline=[irq/45-pciehp]
[DEBUG] Checking process: PID=114, Cmdline=[irq/46-pciehp]
[DEBUG] Killing process: PID=114, Cmdline=[irq/46-pciehp]
[DEBUG] Checking process: PID=115, Cmdline=[irq/47-pciehp]
[DEBUG] Killing process: PID=115, Cmdline=[irq/47-pciehp]
[DEBUG] Checking process: PID=116, Cmdline=[irq/48-pciehp]
[DEBUG] Killing process: PID=116, Cmdline=[irq/48-pciehp]
[DEBUG] Checking process: PID=117, Cmdline=[irq/49-pciehp]
[DEBUG] Killing process: PID=117, Cmdline=[irq/49-pciehp]
[DEBUG] Checking process: PID=118, Cmdline=[irq/50-pciehp]
[DEBUG] Killing process: PID=118, Cmdline=[irq/50-pciehp]
[DEBUG] Checking process: PID=119, Cmdline=[irq/51-pciehp]
[DEBUG] Killing process: PID=119, Cmdline=[irq/51-pciehp]
[DEBUG] Checking process: PID=120, Cmdline=[irq/52-pciehp]
[DEBUG] Killing process: PID=120, Cmdline=[irq/52-pciehp]
[DEBUG] Checking process: PID=121, Cmdline=[irq/53-pciehp]
[DEBUG] Killing process: PID=121, Cmdline=[irq/53-pciehp]
[DEBUG] Checking process: PID=122, Cmdline=[irq/54-pciehp]
[DEBUG] Killing process: PID=122, Cmdline=[irq/54-pciehp]
[DEBUG] Checking process: PID=123, Cmdline=[irq/55-pciehp]
[DEBUG] Killing process: PID=123, Cmdline=[irq/55-pciehp]
[DEBUG] Checking process: PID=124, Cmdline=[acpi_thermal_pm]
[DEBUG] Killing process: PID=124, Cmdline=[acpi_thermal_pm]
[DEBUG] Checking process: PID=125, Cmdline=[scsi_eh_0]
[DEBUG] Killing process: PID=125, Cmdline=[scsi_eh_0]
[DEBUG] Checking process: PID=126, Cmdline=[scsi_tmf_0]
[DEBUG] Killing process: PID=126, Cmdline=[scsi_tmf_0]
[DEBUG] Checking process: PID=127, Cmdline=[scsi_eh_1]
[DEBUG] Killing process: PID=127, Cmdline=[scsi_eh_1]
[DEBUG] Checking process: PID=128, Cmdline=[scsi_tmf_1]
[DEBUG] Killing process: PID=128, Cmdline=[scsi_tmf_1]
[DEBUG] Checking process: PID=130, Cmdline=[vfio-irqfd-clea]
[DEBUG] Killing process: PID=130, Cmdline=[vfio-irqfd-clea]
[DEBUG] Checking process: PID=132, Cmdline=[ipv6_addrconf]
[DEBUG] Killing process: PID=132, Cmdline=[ipv6_addrconf]
[DEBUG] Checking process: PID=141, Cmdline=[kstrp]
[DEBUG] Killing process: PID=141, Cmdline=[kstrp]
[DEBUG] Checking process: PID=144, Cmdline=[kworker/u5:0]
[DEBUG] Killing process: PID=144, Cmdline=[kworker/u5:0]
[DEBUG] Checking process: PID=157, Cmdline=[charger_manager]
[DEBUG] Killing process: PID=157, Cmdline=[charger_manager]
[DEBUG] Checking process: PID=201, Cmdline=[kworker/1:2-cgroup_destroy]
[DEBUG] Killing process: PID=201, Cmdline=[kworker/1:2-cgroup_destroy]
[DEBUG] Checking process: PID=202, Cmdline=[mpt_poll_0]
[DEBUG] Killing process: PID=202, Cmdline=[mpt_poll_0]
[DEBUG] Checking process: PID=203, Cmdline=[scsi_eh_2]
[DEBUG] Killing process: PID=203, Cmdline=[scsi_eh_2]
[DEBUG] Checking process: PID=204, Cmdline=[mpt/0]
[DEBUG] Killing process: PID=204, Cmdline=[mpt/0]
[DEBUG] Checking process: PID=205, Cmdline=[scsi_tmf_2]
[DEBUG] Killing process: PID=205, Cmdline=[scsi_tmf_2]
[DEBUG] Checking process: PID=206, Cmdline=[scsi_eh_3]
[DEBUG] Killing process: PID=206, Cmdline=[scsi_eh_3]
[DEBUG] Checking process: PID=207, Cmdline=[scsi_tmf_3]
[DEBUG] Killing process: PID=207, Cmdline=[scsi_tmf_3]
[DEBUG] Checking process: PID=208, Cmdline=[scsi_eh_4]
[DEBUG] Killing process: PID=208, Cmdline=[scsi_eh_4]
[DEBUG] Checking process: PID=209, Cmdline=[scsi_tmf_4]
[DEBUG] Killing process: PID=209, Cmdline=[scsi_tmf_4]
[DEBUG] Checking process: PID=210, Cmdline=[scsi_eh_5]
[DEBUG] Killing process: PID=210, Cmdline=[scsi_eh_5]
[DEBUG] Checking process: PID=211, Cmdline=[scsi_tmf_5]
[DEBUG] Killing process: PID=211, Cmdline=[scsi_tmf_5]
[DEBUG] Checking process: PID=212, Cmdline=[scsi_eh_6]
[DEBUG] Killing process: PID=212, Cmdline=[scsi_eh_6]
[DEBUG] Checking process: PID=213, Cmdline=[scsi_tmf_6]
[DEBUG] Killing process: PID=213, Cmdline=[scsi_tmf_6]
[DEBUG] Checking process: PID=214, Cmdline=[scsi_eh_7]
[DEBUG] Killing process: PID=214, Cmdline=[scsi_eh_7]
[DEBUG] Checking process: PID=215, Cmdline=[scsi_tmf_7]
[DEBUG] Killing process: PID=215, Cmdline=[scsi_tmf_7]
[DEBUG] Checking process: PID=216, Cmdline=[scsi_eh_8]
[DEBUG] Killing process: PID=216, Cmdline=[scsi_eh_8]
[DEBUG] Checking process: PID=217, Cmdline=[scsi_tmf_8]
[DEBUG] Killing process: PID=217, Cmdline=[scsi_tmf_8]
[DEBUG] Checking process: PID=218, Cmdline=[scsi_eh_9]
[DEBUG] Killing process: PID=218, Cmdline=[scsi_eh_9]
[DEBUG] Checking process: PID=219, Cmdline=[scsi_tmf_9]
[DEBUG] Killing process: PID=219, Cmdline=[scsi_tmf_9]
[DEBUG] Checking process: PID=220, Cmdline=[scsi_eh_10]
[DEBUG] Killing process: PID=220, Cmdline=[scsi_eh_10]
[DEBUG] Checking process: PID=221, Cmdline=[scsi_tmf_10]
[DEBUG] Killing process: PID=221, Cmdline=[scsi_tmf_10]
[DEBUG] Checking process: PID=222, Cmdline=[scsi_eh_11]
[DEBUG] Killing process: PID=222, Cmdline=[scsi_eh_11]
[DEBUG] Checking process: PID=223, Cmdline=[scsi_tmf_11]
[DEBUG] Killing process: PID=223, Cmdline=[scsi_tmf_11]
[DEBUG] Checking process: PID=224, Cmdline=[scsi_eh_12]
[DEBUG] Killing process: PID=224, Cmdline=[scsi_eh_12]
[DEBUG] Checking process: PID=225, Cmdline=[scsi_tmf_12]
[DEBUG] Killing process: PID=225, Cmdline=[scsi_tmf_12]
[DEBUG] Checking process: PID=226, Cmdline=[scsi_eh_13]
[DEBUG] Killing process: PID=226, Cmdline=[scsi_eh_13]
[DEBUG] Checking process: PID=227, Cmdline=[scsi_tmf_13]
[DEBUG] Killing process: PID=227, Cmdline=[scsi_tmf_13]
[DEBUG] Checking process: PID=228, Cmdline=[scsi_eh_14]
[DEBUG] Killing process: PID=228, Cmdline=[scsi_eh_14]
[DEBUG] Checking process: PID=229, Cmdline=[scsi_tmf_14]
[DEBUG] Killing process: PID=229, Cmdline=[scsi_tmf_14]
[DEBUG] Checking process: PID=230, Cmdline=[scsi_eh_15]
[DEBUG] Killing process: PID=230, Cmdline=[scsi_eh_15]
[DEBUG] Checking process: PID=231, Cmdline=[scsi_tmf_15]
[DEBUG] Killing process: PID=231, Cmdline=[scsi_tmf_15]
[DEBUG] Checking process: PID=232, Cmdline=[kworker/1:3-cifsiod]
[DEBUG] Killing process: PID=232, Cmdline=[kworker/1:3-cifsiod]
[DEBUG] Checking process: PID=233, Cmdline=[scsi_eh_16]
[DEBUG] Killing process: PID=233, Cmdline=[scsi_eh_16]
[DEBUG] Checking process: PID=234, Cmdline=[scsi_tmf_16]
[DEBUG] Killing process: PID=234, Cmdline=[scsi_tmf_16]
[DEBUG] Checking process: PID=235, Cmdline=[scsi_eh_17]
[DEBUG] Killing process: PID=235, Cmdline=[scsi_eh_17]
[DEBUG] Checking process: PID=236, Cmdline=[cryptd]
[DEBUG] Killing process: PID=236, Cmdline=[cryptd]
[DEBUG] Checking process: PID=237, Cmdline=[scsi_tmf_17]
[DEBUG] Killing process: PID=237, Cmdline=[scsi_tmf_17]
[DEBUG] Checking process: PID=243, Cmdline=[scsi_eh_18]
[DEBUG] Killing process: PID=243, Cmdline=[scsi_eh_18]
[DEBUG] Checking process: PID=248, Cmdline=[scsi_tmf_18]
[DEBUG] Killing process: PID=248, Cmdline=[scsi_tmf_18]
[DEBUG] Checking process: PID=249, Cmdline=[scsi_eh_19]
[DEBUG] Killing process: PID=249, Cmdline=[scsi_eh_19]
[DEBUG] Checking process: PID=250, Cmdline=[scsi_tmf_19]
[DEBUG] Killing process: PID=250, Cmdline=[scsi_tmf_19]
[DEBUG] Checking process: PID=251, Cmdline=[scsi_eh_20]
[DEBUG] Killing process: PID=251, Cmdline=[scsi_eh_20]
[DEBUG] Checking process: PID=252, Cmdline=[scsi_tmf_20]
[DEBUG] Killing process: PID=252, Cmdline=[scsi_tmf_20]
[DEBUG] Checking process: PID=253, Cmdline=[scsi_eh_21]
[DEBUG] Killing process: PID=253, Cmdline=[scsi_eh_21]
[DEBUG] Checking process: PID=254, Cmdline=[scsi_tmf_21]
[DEBUG] Killing process: PID=254, Cmdline=[scsi_tmf_21]
[DEBUG] Checking process: PID=255, Cmdline=[scsi_eh_22]
[DEBUG] Killing process: PID=255, Cmdline=[scsi_eh_22]
[DEBUG] Checking process: PID=256, Cmdline=[scsi_tmf_22]
[DEBUG] Killing process: PID=256, Cmdline=[scsi_tmf_22]
[DEBUG] Checking process: PID=257, Cmdline=[scsi_eh_23]
[DEBUG] Killing process: PID=257, Cmdline=[scsi_eh_23]
[DEBUG] Checking process: PID=258, Cmdline=[scsi_tmf_23]
[DEBUG] Killing process: PID=258, Cmdline=[scsi_tmf_23]
[DEBUG] Checking process: PID=259, Cmdline=[scsi_eh_24]
[DEBUG] Killing process: PID=259, Cmdline=[scsi_eh_24]
[DEBUG] Checking process: PID=260, Cmdline=[scsi_tmf_24]
[DEBUG] Killing process: PID=260, Cmdline=[scsi_tmf_24]
[DEBUG] Checking process: PID=261, Cmdline=[scsi_eh_25]
[DEBUG] Killing process: PID=261, Cmdline=[scsi_eh_25]
[DEBUG] Checking process: PID=262, Cmdline=[scsi_tmf_25]
[DEBUG] Killing process: PID=262, Cmdline=[scsi_tmf_25]
[DEBUG] Checking process: PID=263, Cmdline=[scsi_eh_26]
[DEBUG] Killing process: PID=263, Cmdline=[scsi_eh_26]
[DEBUG] Checking process: PID=264, Cmdline=[scsi_tmf_26]
[DEBUG] Killing process: PID=264, Cmdline=[scsi_tmf_26]
[DEBUG] Checking process: PID=265, Cmdline=[scsi_eh_27]
[DEBUG] Killing process: PID=265, Cmdline=[scsi_eh_27]
[DEBUG] Checking process: PID=266, Cmdline=[scsi_tmf_27]
[DEBUG] Killing process: PID=266, Cmdline=[scsi_tmf_27]
[DEBUG] Checking process: PID=267, Cmdline=[scsi_eh_28]
[DEBUG] Killing process: PID=267, Cmdline=[scsi_eh_28]
[DEBUG] Checking process: PID=269, Cmdline=[scsi_tmf_28]
[DEBUG] Killing process: PID=269, Cmdline=[scsi_tmf_28]
[DEBUG] Checking process: PID=270, Cmdline=[scsi_eh_29]
[DEBUG] Killing process: PID=270, Cmdline=[scsi_eh_29]
[DEBUG] Checking process: PID=272, Cmdline=[scsi_tmf_29]
[DEBUG] Killing process: PID=272, Cmdline=[scsi_tmf_29]
[DEBUG] Checking process: PID=274, Cmdline=[scsi_eh_30]
[DEBUG] Killing process: PID=274, Cmdline=[scsi_eh_30]
[DEBUG] Checking process: PID=278, Cmdline=[scsi_tmf_30]
[DEBUG] Killing process: PID=278, Cmdline=[scsi_tmf_30]
[DEBUG] Checking process: PID=281, Cmdline=[scsi_eh_31]
[DEBUG] Killing process: PID=281, Cmdline=[scsi_eh_31]
[DEBUG] Checking process: PID=286, Cmdline=[scsi_tmf_31]
[DEBUG] Killing process: PID=286, Cmdline=[scsi_tmf_31]
[DEBUG] Checking process: PID=322, Cmdline=[kworker/u4:27-events_unbound]
[DEBUG] Killing process: PID=322, Cmdline=[kworker/u4:27-events_unbound]
[DEBUG] Checking process: PID=324, Cmdline=[kworker/u4:29-events_unbound]
[DEBUG] Killing process: PID=324, Cmdline=[kworker/u4:29-events_unbound]
[DEBUG] Checking process: PID=326, Cmdline=[scsi_eh_32]
[DEBUG] Killing process: PID=326, Cmdline=[scsi_eh_32]
[DEBUG] Checking process: PID=327, Cmdline=[scsi_tmf_32]
[DEBUG] Killing process: PID=327, Cmdline=[scsi_tmf_32]
[DEBUG] Checking process: PID=328, Cmdline=[kworker/1:1H-kblockd]
[DEBUG] Killing process: PID=328, Cmdline=[kworker/1:1H-kblockd]
[DEBUG] Checking process: PID=333, Cmdline=[kworker/0:1H-kblockd]
[DEBUG] Killing process: PID=333, Cmdline=[kworker/0:1H-kblockd]
[DEBUG] Checking process: PID=346, Cmdline=[kdmflush]
[DEBUG] Killing process: PID=346, Cmdline=[kdmflush]
[DEBUG] Checking process: PID=379, Cmdline=[raid5wq]
[DEBUG] Killing process: PID=379, Cmdline=[raid5wq]
[DEBUG] Checking process: PID=419, Cmdline=[jbd2/dm-0-8]
[DEBUG] Killing process: PID=419, Cmdline=[jbd2/dm-0-8]
[DEBUG] Checking process: PID=420, Cmdline=[ext4-rsv-conver]
[DEBUG] Killing process: PID=420, Cmdline=[ext4-rsv-conver]
[DEBUG] Checking process: PID=491, Cmdline=/lib/systemd/systemd-journald
[DEBUG] Killing process: PID=491, Cmdline=/lib/systemd/systemd-journald
[DEBUG] Checking process: PID=517, Cmdline=[kworker/0:3-cgroup_destroy]
[DEBUG] Killing process: PID=517, Cmdline=[kworker/0:3-cgroup_destroy]
[DEBUG] Checking process: PID=654, Cmdline=[kaluad]
[DEBUG] Killing process: PID=654, Cmdline=[kaluad]
[DEBUG] Checking process: PID=655, Cmdline=[kmpath_rdacd]
[DEBUG] Killing process: PID=655, Cmdline=[kmpath_rdacd]
[DEBUG] Checking process: PID=656, Cmdline=[kmpathd]
[DEBUG] Killing process: PID=656, Cmdline=[kmpathd]
[DEBUG] Checking process: PID=657, Cmdline=[kmpath_handlerd]
[DEBUG] Killing process: PID=657, Cmdline=[kmpath_handlerd]
[DEBUG] Checking process: PID=658, Cmdline=/sbin/multipathd -d -s
[DEBUG] Killing process: PID=658, Cmdline=/sbin/multipathd -d -s
[DEBUG] Checking process: PID=667, Cmdline=[jbd2/sda2-8]
[DEBUG] Killing process: PID=667, Cmdline=[jbd2/sda2-8]
[DEBUG] Checking process: PID=670, Cmdline=[ext4-rsv-conver]
[DEBUG] Checking process: PID=674, Cmdline=[loop0]
[DEBUG] Killing process: PID=674, Cmdline=[loop0]
[DEBUG] Checking process: PID=675, Cmdline=[loop1]
[DEBUG] Killing process: PID=675, Cmdline=[loop1]
[DEBUG] Checking process: PID=676, Cmdline=[loop2]
[DEBUG] Killing process: PID=676, Cmdline=[loop2]
[DEBUG] Checking process: PID=677, Cmdline=[loop3]
[DEBUG] Killing process: PID=677, Cmdline=[loop3]
[DEBUG] Checking process: PID=720, Cmdline=/usr/bin/VGAuthService
[DEBUG] Killing process: PID=720, Cmdline=/usr/bin/VGAuthService
[DEBUG] Checking process: PID=759, Cmdline=/lib/systemd/systemd-networkd
[DEBUG] Killing process: PID=759, Cmdline=/lib/systemd/systemd-networkd
[DEBUG] Checking process: PID=761, Cmdline=/lib/systemd/systemd-resolved
[DEBUG] Killing process: PID=761, Cmdline=/lib/systemd/systemd-resolved
[DEBUG] Checking process: PID=772, Cmdline=/usr/sbin/acpid
[DEBUG] Killing process: PID=772, Cmdline=/usr/sbin/acpid
[DEBUG] Checking process: PID=777, Cmdline=/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Process is in whitelist or matches safe prefix: PID=777, Cmdline=/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Checking process: PID=788, Cmdline=/usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
[DEBUG] Killing process: PID=788, Cmdline=/usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
[DEBUG] Checking process: PID=789, Cmdline=/usr/lib/policykit-1/polkitd --no-debug
[DEBUG] Process is in whitelist or matches safe prefix: PID=789, Cmdline=/usr/lib/policykit-1/polkitd --no-debug
[DEBUG] Checking process: PID=793, Cmdline=/usr/sbin/rsyslogd -n -iNONE
[DEBUG] Process is in whitelist or matches safe prefix: PID=793, Cmdline=/usr/sbin/rsyslogd -n -iNONE
[DEBUG] Checking process: PID=797, Cmdline=/lib/systemd/systemd-logind
[DEBUG] Killing process: PID=797, Cmdline=/lib/systemd/systemd-logind
[DEBUG] Checking process: PID=799, Cmdline=/usr/lib/udisks2/udisksd
[DEBUG] Killing process: PID=799, Cmdline=/usr/lib/udisks2/udisksd
[DEBUG] Checking process: PID=800, Cmdline=/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
[DEBUG] Killing process: PID=800, Cmdline=/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
[DEBUG] Checking process: PID=840, Cmdline=[kworker/1:4-cgroup_destroy]
[DEBUG] Killing process: PID=840, Cmdline=[kworker/1:4-cgroup_destroy]
[DEBUG] Checking process: PID=847, Cmdline=/usr/sbin/ModemManager --filter-policy=strict
[DEBUG] Killing process: PID=847, Cmdline=/usr/sbin/ModemManager --filter-policy=strict
[DEBUG] Checking process: PID=884, Cmdline=/usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
[DEBUG] Killing process: PID=884, Cmdline=/usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
[DEBUG] Checking process: PID=896, Cmdline=[kworker/0:4-cifsiod]
[DEBUG] Killing process: PID=896, Cmdline=[kworker/0:4-cifsiod]
[DEBUG] Checking process: PID=904, Cmdline=/usr/bin/whoopsie -f
[DEBUG] Killing process: PID=904, Cmdline=/usr/bin/whoopsie -f
[DEBUG] Checking process: PID=910, Cmdline=[kworker/0:5-events]
[DEBUG] Killing process: PID=910, Cmdline=[kworker/0:5-events]
[DEBUG] Checking process: PID=918, Cmdline=/usr/sbin/kerneloops
[DEBUG] Killing process: PID=918, Cmdline=/usr/sbin/kerneloops
[DEBUG] Checking process: PID=936, Cmdline=sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
[DEBUG] Process is in whitelist or matches safe prefix: PID=936, Cmdline=sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
[DEBUG] Checking process: PID=1207, Cmdline=[loop6]
[DEBUG] Killing process: PID=1207, Cmdline=[loop6]
[DEBUG] Checking process: PID=1320, Cmdline=/usr/sbin/gdm3
[DEBUG] Killing process: PID=1320, Cmdline=/usr/sbin/gdm3
[DEBUG] Checking process: PID=1334, Cmdline=/lib/systemd/systemd --user
[DEBUG] Killing process: PID=1334, Cmdline=/lib/systemd/systemd --user
[DEBUG] Checking process: PID=1335, Cmdline=(sd-pam)
[DEBUG] Killing process: PID=1335, Cmdline=(sd-pam)
[DEBUG] Checking process: PID=1344, Cmdline=/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Process is in whitelist or matches safe prefix: PID=1344, Cmdline=/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Checking process: PID=1809, Cmdline=gdm-session-worker [pam/gdm-password]
[DEBUG] Killing process: PID=1809, Cmdline=gdm-session-worker [pam/gdm-password]
[DEBUG] Checking process: PID=1860, Cmdline=/lib/systemd/systemd --user
[DEBUG] Checking process: PID=1872, Cmdline=(sd-pam)
[DEBUG] Checking process: PID=1877, Cmdline=/usr/bin/pulseaudio --daemonize=no --log-target=journal
[DEBUG] Killing process: PID=1877, Cmdline=/usr/bin/pulseaudio --daemonize=no --log-target=journal
[DEBUG] Checking process: PID=1886, Cmdline=/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Process is in whitelist or matches safe prefix: PID=1886, Cmdline=/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Checking process: PID=1888, Cmdline=/usr/lib/gdm3/gdm-x-session --register-session --run-script startxfce4
[DEBUG] Killing process: PID=1888, Cmdline=/usr/lib/gdm3/gdm-x-session --register-session --run-script startxfce4
[DEBUG] Checking process: PID=1890, Cmdline=/usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -background none -noreset -keeptty -verbose 3
[DEBUG] Killing process: PID=1890, Cmdline=/usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -background none -noreset -keeptty -verbose 3
[DEBUG] Checking process: PID=1900, Cmdline=xfce4-session
[DEBUG] Killing process: PID=1900, Cmdline=xfce4-session
[DEBUG] Checking process: PID=1983, Cmdline=/usr/bin/ssh-agent /usr/bin/im-launch startxfce4
[DEBUG] Killing process: PID=1983, Cmdline=/usr/bin/ssh-agent /usr/bin/im-launch startxfce4
[DEBUG] Checking process: PID=2048, Cmdline=/usr/bin/gpg-agent --supervised
[DEBUG] Killing process: PID=2048, Cmdline=/usr/bin/gpg-agent --supervised
[DEBUG] Checking process: PID=2062, Cmdline=xfsettingsd
[DEBUG] Killing process: PID=2062, Cmdline=xfsettingsd
[DEBUG] Checking process: PID=2102, Cmdline=/usr/bin/python3 /usr/share/system-config-printer/applet.py
[DEBUG] Killing process: PID=2102, Cmdline=/usr/bin/python3 /usr/share/system-config-printer/applet.py
[DEBUG] Checking process: PID=2746, Cmdline=[kworker/0:0-events]
[DEBUG] Killing process: PID=2746, Cmdline=[kworker/0:0-events]
[DEBUG] Checking process: PID=2749, Cmdline=[kworker/0:1-cgroup_destroy]
[DEBUG] Killing process: PID=2749, Cmdline=[kworker/0:1-cgroup_destroy]
[DEBUG] Checking process: PID=2761, Cmdline=[kworker/u4:0-events_unbound]
[DEBUG] Killing process: PID=2761, Cmdline=[kworker/u4:0-events_unbound]
[DEBUG] Checking process: PID=2882, Cmdline=[loop4]
[DEBUG] Killing process: PID=2882, Cmdline=[loop4]
[DEBUG] Checking process: PID=3021, Cmdline=[kworker/u4:1-events_unbound]
[DEBUG] Killing process: PID=3021, Cmdline=[kworker/u4:1-events_unbound]
[DEBUG] Checking process: PID=3088, Cmdline=[loop7]
[DEBUG] Killing process: PID=3088, Cmdline=[loop7]
[DEBUG] Checking process: PID=4440, Cmdline=[kworker/1:0-cgroup_destroy]
[DEBUG] Killing process: PID=4440, Cmdline=[kworker/1:0-cgroup_destroy]
[DEBUG] Checking process: PID=4445, Cmdline=[cifsiod]
[DEBUG] Killing process: PID=4445, Cmdline=[cifsiod]
[DEBUG] Checking process: PID=4446, Cmdline=[smb3decryptd]
[DEBUG] Killing process: PID=4446, Cmdline=[smb3decryptd]
[DEBUG] Checking process: PID=4447, Cmdline=[cifsfileinfoput]
[DEBUG] Killing process: PID=4447, Cmdline=[cifsfileinfoput]
[DEBUG] Checking process: PID=4448, Cmdline=[cifsoplockd]
[DEBUG] Killing process: PID=4448, Cmdline=[cifsoplockd]
[DEBUG] Checking process: PID=4499, Cmdline=[kworker/u4:2-flush-0:54]
[DEBUG] Killing process: PID=4499, Cmdline=[kworker/u4:2-flush-0:54]
[DEBUG] Checking process: PID=4505, Cmdline=[kworker/u4:3-events_unbound]
[DEBUG] Killing process: PID=4505, Cmdline=[kworker/u4:3-events_unbound]
[DEBUG] Checking process: PID=4509, Cmdline=[kworker/u4:4-events_unbound]
[DEBUG] Killing process: PID=4509, Cmdline=[kworker/u4:4-events_unbound]
[DEBUG] Checking process: PID=4511, Cmdline=[kworker/u4:5]
[DEBUG] Killing process: PID=4511, Cmdline=[kworker/u4:5]
[DEBUG] Checking process: PID=4532, Cmdline=/lib/systemd/systemd-timedated
[DEBUG] Killing process: PID=4532, Cmdline=/lib/systemd/systemd-timedated
[DEBUG] Checking process: PID=6058, Cmdline=/lib/systemd/systemd-udevd
[DEBUG] Killing process: PID=6058, Cmdline=/lib/systemd/systemd-udevd
[DEBUG] Checking process: PID=6175, Cmdline=[cifsd]
[DEBUG] Killing process: PID=6175, Cmdline=[cifsd]
[DEBUG] Checking process: PID=6252, Cmdline=/var/ftper
[DEBUG] Skipping self or parent: PID=6252
[DEBUG] Checking process: PID=6254, Cmdline=/var/ftper
[DEBUG] Skipping self or parent: PID=6254
[DEBUG] Checking process: PID=6347, Cmdline=sh -c ps -A -o pid,cmd --no-headers
[DEBUG] Killing process: PID=6347, Cmdline=sh -c ps -A -o pid,cmd --no-headers
[DEBUG] Checking process: PID=6349, Cmdline=ps -A -o pid,cmd --no-headers
[DEBUG] Killing process: PID=6349, Cmdline=ps -A -o pid,cmd --no-headers
[DEBUG] Checking process: PID=6350, Cmdline=xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
[DEBUG] Killing process: PID=6350, Cmdline=xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
[DEBUG] Checking process: PID=6351, Cmdline=xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
[DEBUG] Killing process: PID=6351, Cmdline=xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
[DEBUG] Checking process: PID=1, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1, Path=/usr/lib/systemd/systemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=658, Path=/usr/sbin/multipathdtemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=658, Path=/usr/sbin/multipathdtemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=720, Path=/usr/bin/VGAuthServicemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=720, Path=/usr/bin/VGAuthServicemd-udevdatedonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=759, Path=/usr/lib/systemd/systemd-networkddonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=759, Path=/usr/lib/systemd/systemd-networkddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=761, Path=/usr/lib/systemd/systemd-resolveddonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=761, Path=/usr/lib/systemd/systemd-resolveddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=772, Path=/usr/sbin/acpidd/systemd-resolveddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=772, Path=/usr/sbin/acpidd/systemd-resolveddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=777, Path=/usr/bin/dbus-daemontemd-resolveddonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=777, Path=/usr/bin/dbus-daemontemd-resolveddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=788, Path=/usr/bin/python3.8ontemd-resolveddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=788, Path=/usr/bin/python3.8ontemd-resolveddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=789, Path=/usr/lib/policykit-1/polkitdolveddonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=789, Path=/usr/lib/policykit-1/polkitdolveddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=793, Path=/usr/sbin/rsyslogd-1/polkitdolveddonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=793, Path=/usr/sbin/rsyslogd-1/polkitdolveddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=797, Path=/usr/lib/systemd/systemd-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=797, Path=/usr/lib/systemd/systemd-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=799, Path=/usr/lib/udisks2/udisksd-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=799, Path=/usr/lib/udisks2/udisksd-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=800, Path=/usr/sbin/wpa_supplicant-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=800, Path=/usr/sbin/wpa_supplicant-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=847, Path=/usr/sbin/ModemManagernt-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=847, Path=/usr/sbin/ModemManagernt-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=884, Path=/usr/bin/python3.8agernt-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=884, Path=/usr/bin/python3.8agernt-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=904, Path=/usr/bin/whoopsie8agernt-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=904, Path=/usr/bin/whoopsie8agernt-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=936, Path=/usr/sbin/sshdsie8agernt-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=936, Path=/usr/sbin/sshdsie8agernt-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=1320, Path=/usr/sbin/gdm3sie8agernt-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=1320, Path=/usr/sbin/gdm3sie8agernt-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=1334, Path=/usr/lib/systemd/systemd-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1334, Path=/usr/lib/systemd/systemd-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=1335, Path=/usr/lib/systemd/systemd-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1335, Path=/usr/lib/systemd/systemd-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=1344, Path=/usr/bin/dbus-daemontemd-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1344, Path=/usr/bin/dbus-daemontemd-logindeddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=1809, Path=/usr/lib/gdm3/gdm-session-workerddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=1809, Path=/usr/lib/gdm3/gdm-session-workerddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=1860, Path=/usr/lib/systemd/systemdn-workerddonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1860, Path=/usr/lib/systemd/systemdn-workerddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=1872, Path=/usr/lib/systemd/systemdn-workerddonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1872, Path=/usr/lib/systemd/systemdn-workerddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=1877, Path=/usr/bin/pulseaudiostemdn-workerddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=1877, Path=/usr/bin/pulseaudiostemdn-workerddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=1886, Path=/usr/bin/dbus-daemontemdn-workerddonitorryce4-notifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1886, Path=/usr/bin/dbus-daemontemdn-workerddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=1888, Path=/usr/lib/gdm3/gdm-x-sessionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=1888, Path=/usr/lib/gdm3/gdm-x-sessionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=1890, Path=/usr/lib/xorg/Xorgx-sessionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=1890, Path=/usr/lib/xorg/Xorgx-sessionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=1900, Path=/usr/bin/xfce4-sessionssionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=1900, Path=/usr/bin/xfce4-sessionssionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=1983, Path=/usr/bin/ssh-agentsionssionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=1983, Path=/usr/bin/ssh-agentsionssionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=2048, Path=/usr/bin/gpg-agentsionssionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=2048, Path=/usr/bin/gpg-agentsionssionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=2062, Path=/usr/bin/xfsettingsdonssionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=2062, Path=/usr/bin/xfsettingsdonssionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6252, Path=/tmp/na.elf (deleted)nssionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Skipping self or parent: PID=6252
[DEBUG] Checking process: PID=6254, Path=/tmp/na.elf (deleted)nssionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Skipping self or parent: PID=6254
[DEBUG] Checking process: PID=6352, Path=/usr/bin/xfce4-panel)nssionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=6352, Path=/usr/bin/xfce4-panel)nssionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6353, Path=/usr/lib/upower/upowerdsionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=6353, Path=/usr/lib/upower/upowerdsionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6403, Path=/usr/libexec/gvfsdowerdsionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Killing process: PID=6403, Path=/usr/libexec/gvfsdowerdsionorkerddonitorryce4-notifydn-agent-1
[DEBUG] Checking process: PID=6405, Path=/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=6405, Path=/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=6413, Path=/usr/libexec/gvfsd-fusenu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=6413, Path=/usr/libexec/gvfsd-fusenu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=6414, Path=/usr/bin/xfdesktop-fusenu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=6414, Path=/usr/bin/xfdesktop-fusenu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=6415, Path=/usr/bin/xfwm4ktop-fusenu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=6415, Path=/usr/bin/xfwm4ktop-fusenu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=6446, Path=/usr/lib/systemd/systemd-journaldfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6446, Path=/usr/lib/systemd/systemd-journaldfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1, Cmdline=/sbin/init maybe-ubiquity
[DEBUG] Process is in whitelist or matches safe prefix: PID=1, Cmdline=/sbin/init maybe-ubiquity
[DEBUG] Checking process: PID=2, Cmdline=[kthreadd]
[DEBUG] Checking process: PID=3, Cmdline=[rcu_gp]
[DEBUG] Checking process: PID=4, Cmdline=[rcu_par_gp]
[DEBUG] Checking process: PID=6, Cmdline=[kworker/0:0H-kblockd]
[DEBUG] Checking process: PID=9, Cmdline=[mm_percpu_wq]
[DEBUG] Checking process: PID=10, Cmdline=[ksoftirqd/0]
[DEBUG] Checking process: PID=11, Cmdline=[rcu_sched]
[DEBUG] Checking process: PID=12, Cmdline=[migration/0]
[DEBUG] Checking process: PID=13, Cmdline=[idle_inject/0]
[DEBUG] Checking process: PID=14, Cmdline=[cpuhp/0]
[DEBUG] Checking process: PID=15, Cmdline=[cpuhp/1]
[DEBUG] Checking process: PID=16, Cmdline=[idle_inject/1]
[DEBUG] Checking process: PID=17, Cmdline=[migration/1]
[DEBUG] Checking process: PID=18, Cmdline=[ksoftirqd/1]
[DEBUG] Checking process: PID=20, Cmdline=[kworker/1:0H-kblockd]
[DEBUG] Checking process: PID=21, Cmdline=[kdevtmpfs]
[DEBUG] Checking process: PID=22, Cmdline=[netns]
[DEBUG] Checking process: PID=23, Cmdline=[rcu_tasks_kthre]
[DEBUG] Checking process: PID=24, Cmdline=[kauditd]
[DEBUG] Checking process: PID=25, Cmdline=[khungtaskd]
[DEBUG] Checking process: PID=26, Cmdline=[oom_reaper]
[DEBUG] Checking process: PID=27, Cmdline=[writeback]
[DEBUG] Checking process: PID=28, Cmdline=[kcompactd0]
[DEBUG] Checking process: PID=29, Cmdline=[ksmd]
[DEBUG] Checking process: PID=30, Cmdline=[khugepaged]
[DEBUG] Checking process: PID=35, Cmdline=[kworker/1:1-events]
[DEBUG] Killing process: PID=35, Cmdline=[kworker/1:1-events]
[DEBUG] Checking process: PID=77, Cmdline=[kintegrityd]
[DEBUG] Checking process: PID=78, Cmdline=[kblockd]
[DEBUG] Checking process: PID=79, Cmdline=[blkcg_punt_bio]
[DEBUG] Checking process: PID=80, Cmdline=[tpm_dev_wq]
[DEBUG] Checking process: PID=81, Cmdline=[ata_sff]
[DEBUG] Checking process: PID=82, Cmdline=[md]
[DEBUG] Checking process: PID=83, Cmdline=[edac-poller]
[DEBUG] Checking process: PID=84, Cmdline=[devfreq_wq]
[DEBUG] Checking process: PID=85, Cmdline=[watchdogd]
[DEBUG] Checking process: PID=88, Cmdline=[kswapd0]
[DEBUG] Checking process: PID=89, Cmdline=[ecryptfs-kthrea]
[DEBUG] Checking process: PID=91, Cmdline=[kthrotld]
[DEBUG] Checking process: PID=92, Cmdline=[irq/24-pciehp]
[DEBUG] Checking process: PID=93, Cmdline=[irq/25-pciehp]
[DEBUG] Checking process: PID=94, Cmdline=[irq/26-pciehp]
[DEBUG] Checking process: PID=95, Cmdline=[irq/27-pciehp]
[DEBUG] Checking process: PID=96, Cmdline=[irq/28-pciehp]
[DEBUG] Checking process: PID=97, Cmdline=[irq/29-pciehp]
[DEBUG] Checking process: PID=98, Cmdline=[irq/30-pciehp]
[DEBUG] Checking process: PID=99, Cmdline=[irq/31-pciehp]
[DEBUG] Checking process: PID=100, Cmdline=[irq/32-pciehp]
[DEBUG] Checking process: PID=101, Cmdline=[irq/33-pciehp]
[DEBUG] Checking process: PID=102, Cmdline=[irq/34-pciehp]
[DEBUG] Checking process: PID=103, Cmdline=[irq/35-pciehp]
[DEBUG] Checking process: PID=104, Cmdline=[irq/36-pciehp]
[DEBUG] Checking process: PID=105, Cmdline=[irq/37-pciehp]
[DEBUG] Checking process: PID=106, Cmdline=[irq/38-pciehp]
[DEBUG] Checking process: PID=107, Cmdline=[irq/39-pciehp]
[DEBUG] Checking process: PID=108, Cmdline=[irq/40-pciehp]
[DEBUG] Checking process: PID=109, Cmdline=[irq/41-pciehp]
[DEBUG] Checking process: PID=110, Cmdline=[irq/42-pciehp]
[DEBUG] Checking process: PID=111, Cmdline=[irq/43-pciehp]
[DEBUG] Checking process: PID=112, Cmdline=[irq/44-pciehp]
[DEBUG] Checking process: PID=113, Cmdline=[irq/45-pciehp]
[DEBUG] Checking process: PID=114, Cmdline=[irq/46-pciehp]
[DEBUG] Checking process: PID=115, Cmdline=[irq/47-pciehp]
[DEBUG] Checking process: PID=116, Cmdline=[irq/48-pciehp]
[DEBUG] Checking process: PID=117, Cmdline=[irq/49-pciehp]
[DEBUG] Checking process: PID=118, Cmdline=[irq/50-pciehp]
[DEBUG] Checking process: PID=119, Cmdline=[irq/51-pciehp]
[DEBUG] Checking process: PID=120, Cmdline=[irq/52-pciehp]
[DEBUG] Checking process: PID=121, Cmdline=[irq/53-pciehp]
[DEBUG] Checking process: PID=122, Cmdline=[irq/54-pciehp]
[DEBUG] Checking process: PID=123, Cmdline=[irq/55-pciehp]
[DEBUG] Checking process: PID=124, Cmdline=[acpi_thermal_pm]
[DEBUG] Checking process: PID=125, Cmdline=[scsi_eh_0]
[DEBUG] Checking process: PID=126, Cmdline=[scsi_tmf_0]
[DEBUG] Checking process: PID=127, Cmdline=[scsi_eh_1]
[DEBUG] Checking process: PID=128, Cmdline=[scsi_tmf_1]
[DEBUG] Checking process: PID=130, Cmdline=[vfio-irqfd-clea]
[DEBUG] Checking process: PID=132, Cmdline=[ipv6_addrconf]
[DEBUG] Checking process: PID=141, Cmdline=[kstrp]
[DEBUG] Checking process: PID=144, Cmdline=[kworker/u5:0]
[DEBUG] Checking process: PID=157, Cmdline=[charger_manager]
[DEBUG] Checking process: PID=201, Cmdline=[kworker/1:2-cgroup_destroy]
[DEBUG] Checking process: PID=202, Cmdline=[mpt_poll_0]
[DEBUG] Checking process: PID=203, Cmdline=[scsi_eh_2]
[DEBUG] Checking process: PID=204, Cmdline=[mpt/0]
[DEBUG] Checking process: PID=205, Cmdline=[scsi_tmf_2]
[DEBUG] Checking process: PID=206, Cmdline=[scsi_eh_3]
[DEBUG] Checking process: PID=207, Cmdline=[scsi_tmf_3]
[DEBUG] Checking process: PID=208, Cmdline=[scsi_eh_4]
[DEBUG] Checking process: PID=209, Cmdline=[scsi_tmf_4]
[DEBUG] Checking process: PID=210, Cmdline=[scsi_eh_5]
[DEBUG] Checking process: PID=211, Cmdline=[scsi_tmf_5]
[DEBUG] Checking process: PID=212, Cmdline=[scsi_eh_6]
[DEBUG] Checking process: PID=213, Cmdline=[scsi_tmf_6]
[DEBUG] Checking process: PID=214, Cmdline=[scsi_eh_7]
[DEBUG] Checking process: PID=215, Cmdline=[scsi_tmf_7]
[DEBUG] Checking process: PID=216, Cmdline=[scsi_eh_8]
[DEBUG] Checking process: PID=217, Cmdline=[scsi_tmf_8]
[DEBUG] Checking process: PID=218, Cmdline=[scsi_eh_9]
[DEBUG] Checking process: PID=219, Cmdline=[scsi_tmf_9]
[DEBUG] Checking process: PID=220, Cmdline=[scsi_eh_10]
[DEBUG] Checking process: PID=221, Cmdline=[scsi_tmf_10]
[DEBUG] Checking process: PID=222, Cmdline=[scsi_eh_11]
[DEBUG] Checking process: PID=223, Cmdline=[scsi_tmf_11]
[DEBUG] Checking process: PID=224, Cmdline=[scsi_eh_12]
[DEBUG] Checking process: PID=225, Cmdline=[scsi_tmf_12]
[DEBUG] Checking process: PID=226, Cmdline=[scsi_eh_13]
[DEBUG] Checking process: PID=227, Cmdline=[scsi_tmf_13]
[DEBUG] Checking process: PID=228, Cmdline=[scsi_eh_14]
[DEBUG] Checking process: PID=229, Cmdline=[scsi_tmf_14]
[DEBUG] Checking process: PID=230, Cmdline=[scsi_eh_15]
[DEBUG] Checking process: PID=231, Cmdline=[scsi_tmf_15]
[DEBUG] Checking process: PID=232, Cmdline=[kworker/1:3-events]
[DEBUG] Killing process: PID=232, Cmdline=[kworker/1:3-events]
[DEBUG] Checking process: PID=233, Cmdline=[scsi_eh_16]
[DEBUG] Checking process: PID=234, Cmdline=[scsi_tmf_16]
[DEBUG] Checking process: PID=235, Cmdline=[scsi_eh_17]
[DEBUG] Checking process: PID=236, Cmdline=[cryptd]
[DEBUG] Checking process: PID=237, Cmdline=[scsi_tmf_17]
[DEBUG] Checking process: PID=243, Cmdline=[scsi_eh_18]
[DEBUG] Checking process: PID=248, Cmdline=[scsi_tmf_18]
[DEBUG] Checking process: PID=249, Cmdline=[scsi_eh_19]
[DEBUG] Checking process: PID=250, Cmdline=[scsi_tmf_19]
[DEBUG] Checking process: PID=251, Cmdline=[scsi_eh_20]
[DEBUG] Checking process: PID=252, Cmdline=[scsi_tmf_20]
[DEBUG] Checking process: PID=253, Cmdline=[scsi_eh_21]
[DEBUG] Checking process: PID=254, Cmdline=[scsi_tmf_21]
[DEBUG] Checking process: PID=255, Cmdline=[scsi_eh_22]
[DEBUG] Checking process: PID=256, Cmdline=[scsi_tmf_22]
[DEBUG] Checking process: PID=257, Cmdline=[scsi_eh_23]
[DEBUG] Checking process: PID=258, Cmdline=[scsi_tmf_23]
[DEBUG] Checking process: PID=259, Cmdline=[scsi_eh_24]
[DEBUG] Checking process: PID=260, Cmdline=[scsi_tmf_24]
[DEBUG] Checking process: PID=261, Cmdline=[scsi_eh_25]
[DEBUG] Checking process: PID=262, Cmdline=[scsi_tmf_25]
[DEBUG] Checking process: PID=263, Cmdline=[scsi_eh_26]
[DEBUG] Checking process: PID=264, Cmdline=[scsi_tmf_26]
[DEBUG] Checking process: PID=265, Cmdline=[scsi_eh_27]
[DEBUG] Checking process: PID=266, Cmdline=[scsi_tmf_27]
[DEBUG] Checking process: PID=267, Cmdline=[scsi_eh_28]
[DEBUG] Checking process: PID=269, Cmdline=[scsi_tmf_28]
[DEBUG] Checking process: PID=270, Cmdline=[scsi_eh_29]
[DEBUG] Checking process: PID=272, Cmdline=[scsi_tmf_29]
[DEBUG] Checking process: PID=274, Cmdline=[scsi_eh_30]
[DEBUG] Checking process: PID=278, Cmdline=[scsi_tmf_30]
[DEBUG] Checking process: PID=281, Cmdline=[scsi_eh_31]
[DEBUG] Checking process: PID=286, Cmdline=[scsi_tmf_31]
[DEBUG] Checking process: PID=322, Cmdline=[kworker/u4:27-events_unbound]
[DEBUG] Checking process: PID=324, Cmdline=[kworker/u4:29-events_unbound]
[DEBUG] Checking process: PID=326, Cmdline=[scsi_eh_32]
[DEBUG] Checking process: PID=327, Cmdline=[scsi_tmf_32]
[DEBUG] Checking process: PID=328, Cmdline=[kworker/1:1H-kblockd]
[DEBUG] Checking process: PID=333, Cmdline=[kworker/0:1H-kblockd]
[DEBUG] Checking process: PID=346, Cmdline=[kdmflush]
[DEBUG] Checking process: PID=379, Cmdline=[raid5wq]
[DEBUG] Checking process: PID=419, Cmdline=[jbd2/dm-0-8]
[DEBUG] Checking process: PID=420, Cmdline=[ext4-rsv-conver]
[DEBUG] Checking process: PID=517, Cmdline=[kworker/0:3-cgroup_destroy]
[DEBUG] Checking process: PID=654, Cmdline=[kaluad]
[DEBUG] Checking process: PID=655, Cmdline=[kmpath_rdacd]
[DEBUG] Checking process: PID=656, Cmdline=[kmpathd]
[DEBUG] Checking process: PID=657, Cmdline=[kmpath_handlerd]
[DEBUG] Checking process: PID=658, Cmdline=/sbin/multipathd -d -s
[DEBUG] Checking process: PID=667, Cmdline=[jbd2/sda2-8]
[DEBUG] Checking process: PID=670, Cmdline=[ext4-rsv-conver]
[DEBUG] Checking process: PID=674, Cmdline=[loop0]
[DEBUG] Checking process: PID=675, Cmdline=[loop1]
[DEBUG] Checking process: PID=676, Cmdline=[loop2]
[DEBUG] Checking process: PID=677, Cmdline=[loop3]
[DEBUG] Checking process: PID=720, Cmdline=/usr/bin/VGAuthService
[DEBUG] Checking process: PID=759, Cmdline=/lib/systemd/systemd-networkd
[DEBUG] Checking process: PID=761, Cmdline=/lib/systemd/systemd-resolved
[DEBUG] Checking process: PID=772, Cmdline=/usr/sbin/acpid
[DEBUG] Checking process: PID=777, Cmdline=/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Process is in whitelist or matches safe prefix: PID=777, Cmdline=/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Checking process: PID=788, Cmdline=/usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
[DEBUG] Checking process: PID=789, Cmdline=/usr/lib/policykit-1/polkitd --no-debug
[DEBUG] Process is in whitelist or matches safe prefix: PID=789, Cmdline=/usr/lib/policykit-1/polkitd --no-debug
[DEBUG] Checking process: PID=793, Cmdline=/usr/sbin/rsyslogd -n -iNONE
[DEBUG] Process is in whitelist or matches safe prefix: PID=793, Cmdline=/usr/sbin/rsyslogd -n -iNONE
[DEBUG] Checking process: PID=797, Cmdline=/lib/systemd/systemd-logind
[DEBUG] Checking process: PID=799, Cmdline=/usr/lib/udisks2/udisksd
[DEBUG] Checking process: PID=800, Cmdline=/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
[DEBUG] Checking process: PID=840, Cmdline=[kworker/1:4-cgroup_destroy]
[DEBUG] Checking process: PID=847, Cmdline=/usr/sbin/ModemManager --filter-policy=strict
[DEBUG] Checking process: PID=884, Cmdline=/usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
[DEBUG] Checking process: PID=896, Cmdline=[kworker/0:4-mpt_poll_0]
[DEBUG] Killing process: PID=896, Cmdline=[kworker/0:4-mpt_poll_0]
[DEBUG] Checking process: PID=904, Cmdline=/usr/bin/whoopsie -f
[DEBUG] Checking process: PID=910, Cmdline=[kworker/0:5-events]
[DEBUG] Checking process: PID=936, Cmdline=sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
[DEBUG] Process is in whitelist or matches safe prefix: PID=936, Cmdline=sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
[DEBUG] Checking process: PID=1207, Cmdline=[loop6]
[DEBUG] Checking process: PID=1320, Cmdline=/usr/sbin/gdm3
[DEBUG] Checking process: PID=1334, Cmdline=/lib/systemd/systemd --user
[DEBUG] Checking process: PID=1335, Cmdline=(sd-pam)
[DEBUG] Checking process: PID=1344, Cmdline=/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Process is in whitelist or matches safe prefix: PID=1344, Cmdline=/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Checking process: PID=1809, Cmdline=gdm-session-worker [pam/gdm-password]
[DEBUG] Checking process: PID=1860, Cmdline=/lib/systemd/systemd --user
[DEBUG] Checking process: PID=1872, Cmdline=(sd-pam)
[DEBUG] Checking process: PID=1877, Cmdline=/usr/bin/pulseaudio --daemonize=no --log-target=journal
[DEBUG] Checking process: PID=1886, Cmdline=/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Process is in whitelist or matches safe prefix: PID=1886, Cmdline=/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Checking process: PID=1888, Cmdline=/usr/lib/gdm3/gdm-x-session --register-session --run-script startxfce4
[DEBUG] Checking process: PID=1890, Cmdline=/usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -background none -noreset -keeptty -verbose 3
[DEBUG] Checking process: PID=1900, Cmdline=xfce4-session
[DEBUG] Checking process: PID=1983, Cmdline=/usr/bin/ssh-agent /usr/bin/im-launch startxfce4
[DEBUG] Checking process: PID=2048, Cmdline=/usr/bin/gpg-agent --supervised
[DEBUG] Checking process: PID=2062, Cmdline=xfsettingsd
[DEBUG] Checking process: PID=2746, Cmdline=[kworker/0:0-events]
[DEBUG] Checking process: PID=2749, Cmdline=[kworker/0:1-cgroup_destroy]
[DEBUG] Checking process: PID=2761, Cmdline=[kworker/u4:0-events_freezable_power_]
[DEBUG] Killing process: PID=2761, Cmdline=[kworker/u4:0-events_freezable_power_]
[DEBUG] Checking process: PID=2882, Cmdline=[loop4]
[DEBUG] Checking process: PID=3021, Cmdline=[kworker/u4:1-events_unbound]
[DEBUG] Checking process: PID=3088, Cmdline=[loop7]
[DEBUG] Checking process: PID=4440, Cmdline=[kworker/1:0-cifsiod]
[DEBUG] Killing process: PID=4440, Cmdline=[kworker/1:0-cifsiod]
[DEBUG] Checking process: PID=4445, Cmdline=[cifsiod]
[DEBUG] Checking process: PID=4446, Cmdline=[smb3decryptd]
[DEBUG] Checking process: PID=4447, Cmdline=[cifsfileinfoput]
[DEBUG] Checking process: PID=4448, Cmdline=[cifsoplockd]
[DEBUG] Checking process: PID=4499, Cmdline=[kworker/u4:2-flush-0:54]
[DEBUG] Checking process: PID=4505, Cmdline=[kworker/u4:3-events_unbound]
[DEBUG] Checking process: PID=4509, Cmdline=[kworker/u4:4-events_unbound]
[DEBUG] Checking process: PID=4511, Cmdline=[kworker/u4:5]
[DEBUG] Checking process: PID=6175, Cmdline=[cifsd]
[DEBUG] Checking process: PID=6252, Cmdline=/var/ftper
[DEBUG] Skipping self or parent: PID=6252
[DEBUG] Checking process: PID=6254, Cmdline=/var/ftper
[DEBUG] Skipping self or parent: PID=6254
[DEBUG] Checking process: PID=6446, Cmdline=/lib/systemd/systemd-journald
[DEBUG] Checking process: PID=6460, Cmdline=xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
[DEBUG] Killing process: PID=6460, Cmdline=xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
[DEBUG] Checking process: PID=6463, Cmdline=sh -c ps -A -o pid,cmd --no-headers
[DEBUG] Checking process: PID=6464, Cmdline=ps -A -o pid,cmd --no-headers
[DEBUG] Checking process: PID=6465, Cmdline=xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
[DEBUG] Checking process: PID=6466, Cmdline=xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
[DEBUG] Checking process: PID=6467, Cmdline=/usr/lib/upower/upowerd
[DEBUG] Killing process: PID=6467, Cmdline=/usr/lib/upower/upowerd
[DEBUG] Checking process: PID=1, Path=/usr/lib/systemd/systemd-journaldfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1, Path=/usr/lib/systemd/systemd-journaldfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=658, Path=/usr/sbin/multipathdtemd-journaldfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=658, Path=/usr/sbin/multipathdtemd-journaldfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=720, Path=/usr/bin/VGAuthServicemd-journaldfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=720, Path=/usr/bin/VGAuthServicemd-journaldfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=759, Path=/usr/lib/systemd/systemd-networkdfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=759, Path=/usr/lib/systemd/systemd-networkdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=761, Path=/usr/lib/systemd/systemd-resolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=761, Path=/usr/lib/systemd/systemd-resolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=772, Path=/usr/sbin/acpidd/systemd-resolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=772, Path=/usr/sbin/acpidd/systemd-resolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=777, Path=/usr/bin/dbus-daemontemd-resolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=777, Path=/usr/bin/dbus-daemontemd-resolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=788, Path=/usr/bin/python3.8ontemd-resolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=788, Path=/usr/bin/python3.8ontemd-resolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=789, Path=/usr/lib/policykit-1/polkitdolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=789, Path=/usr/lib/policykit-1/polkitdolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=793, Path=/usr/sbin/rsyslogd-1/polkitdolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=793, Path=/usr/sbin/rsyslogd-1/polkitdolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=797, Path=/usr/lib/systemd/systemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=797, Path=/usr/lib/systemd/systemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=799, Path=/usr/lib/udisks2/udisksd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=799, Path=/usr/lib/udisks2/udisksd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=800, Path=/usr/sbin/wpa_supplicant-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=800, Path=/usr/sbin/wpa_supplicant-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=847, Path=/usr/sbin/ModemManagernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=847, Path=/usr/sbin/ModemManagernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=884, Path=/usr/bin/python3.8agernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=884, Path=/usr/bin/python3.8agernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=904, Path=/usr/bin/whoopsie8agernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=904, Path=/usr/bin/whoopsie8agernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=936, Path=/usr/sbin/sshdsie8agernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=936, Path=/usr/sbin/sshdsie8agernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1320, Path=/usr/sbin/gdm3sie8agernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=1320, Path=/usr/sbin/gdm3sie8agernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1334, Path=/usr/lib/systemd/systemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1334, Path=/usr/lib/systemd/systemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1335, Path=/usr/lib/systemd/systemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1335, Path=/usr/lib/systemd/systemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1344, Path=/usr/bin/dbus-daemontemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1344, Path=/usr/bin/dbus-daemontemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1809, Path=/usr/lib/gdm3/gdm-session-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=1809, Path=/usr/lib/gdm3/gdm-session-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1860, Path=/usr/lib/systemd/systemdn-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1860, Path=/usr/lib/systemd/systemdn-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1872, Path=/usr/lib/systemd/systemdn-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1872, Path=/usr/lib/systemd/systemdn-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1877, Path=/usr/bin/pulseaudiostemdn-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=1877, Path=/usr/bin/pulseaudiostemdn-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1886, Path=/usr/bin/dbus-daemontemdn-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1886, Path=/usr/bin/dbus-daemontemdn-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1888, Path=/usr/lib/gdm3/gdm-x-sessionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=1888, Path=/usr/lib/gdm3/gdm-x-sessionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1890, Path=/usr/lib/xorg/Xorgx-sessionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=1890, Path=/usr/lib/xorg/Xorgx-sessionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1900, Path=/usr/bin/xfce4-sessionssionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=1900, Path=/usr/bin/xfce4-sessionssionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1983, Path=/usr/bin/ssh-agentsionssionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=1983, Path=/usr/bin/ssh-agentsionssionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=2048, Path=/usr/bin/gpg-agentsionssionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=2048, Path=/usr/bin/gpg-agentsionssionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=2062, Path=/usr/bin/xfsettingsdonssionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=2062, Path=/usr/bin/xfsettingsdonssionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=6252, Path=/tmp/na.elf (deleted)nssionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Skipping self or parent: PID=6252
[DEBUG] Checking process: PID=6254, Path=/tmp/na.elf (deleted)nssionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Skipping self or parent: PID=6254
[DEBUG] Checking process: PID=6446, Path=/usr/lib/systemd/systemd-journaldfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=6446, Path=/usr/lib/systemd/systemd-journaldfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=6465, Path=/usr/bin/xfdesktopystemd-journaldfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=6465, Path=/usr/bin/xfdesktopystemd-journaldfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=6466, Path=/usr/bin/xfwm4ktopystemd-journaldfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=6466, Path=/usr/bin/xfwm4ktopystemd-journaldfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=6516, Path=/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=6527, Path=/usr/bin/xfwm44-linux-gnu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=6527, Path=/usr/bin/xfwm44-linux-gnu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=6528, Path=/usr/libexec/gvfsdnux-gnu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=6528, Path=/usr/libexec/gvfsdnux-gnu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=6542, Path=/usr/bin/xfdesktopnux-gnu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=6542, Path=/usr/bin/xfdesktopnux-gnu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=6545, Path=/usr/bin/xfce4-panelx-gnu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=6545, Path=/usr/bin/xfce4-panelx-gnu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=6548, Path=/usr/lib/upower/upowerdnu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=6548, Path=/usr/lib/upower/upowerdnu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1, Cmdline=/sbin/init maybe-ubiquity
[DEBUG] Process is in whitelist or matches safe prefix: PID=1, Cmdline=/sbin/init maybe-ubiquity
[DEBUG] Checking process: PID=2, Cmdline=[kthreadd]
[DEBUG] Checking process: PID=3, Cmdline=[rcu_gp]
[DEBUG] Checking process: PID=4, Cmdline=[rcu_par_gp]
[DEBUG] Checking process: PID=6, Cmdline=[kworker/0:0H-kblockd]
[DEBUG] Checking process: PID=9, Cmdline=[mm_percpu_wq]
[DEBUG] Checking process: PID=10, Cmdline=[ksoftirqd/0]
[DEBUG] Checking process: PID=11, Cmdline=[rcu_sched]
[DEBUG] Checking process: PID=12, Cmdline=[migration/0]
[DEBUG] Checking process: PID=13, Cmdline=[idle_inject/0]
[DEBUG] Checking process: PID=14, Cmdline=[cpuhp/0]
[DEBUG] Checking process: PID=15, Cmdline=[cpuhp/1]
[DEBUG] Checking process: PID=16, Cmdline=[idle_inject/1]
[DEBUG] Checking process: PID=17, Cmdline=[migration/1]
[DEBUG] Checking process: PID=18, Cmdline=[ksoftirqd/1]
[DEBUG] Checking process: PID=20, Cmdline=[kworker/1:0H-kblockd]
[DEBUG] Checking process: PID=21, Cmdline=[kdevtmpfs]
[DEBUG] Checking process: PID=22, Cmdline=[netns]
[DEBUG] Checking process: PID=23, Cmdline=[rcu_tasks_kthre]
[DEBUG] Checking process: PID=24, Cmdline=[kauditd]
[DEBUG] Checking process: PID=25, Cmdline=[khungtaskd]
[DEBUG] Checking process: PID=26, Cmdline=[oom_reaper]
[DEBUG] Checking process: PID=27, Cmdline=[writeback]
[DEBUG] Checking process: PID=28, Cmdline=[kcompactd0]
[DEBUG] Checking process: PID=29, Cmdline=[ksmd]
[DEBUG] Checking process: PID=30, Cmdline=[khugepaged]
[DEBUG] Checking process: PID=35, Cmdline=[kworker/1:1-cifsiod]
[DEBUG] Checking process: PID=77, Cmdline=[kintegrityd]
[DEBUG] Checking process: PID=78, Cmdline=[kblockd]
[DEBUG] Checking process: PID=79, Cmdline=[blkcg_punt_bio]
[DEBUG] Checking process: PID=80, Cmdline=[tpm_dev_wq]
[DEBUG] Checking process: PID=81, Cmdline=[ata_sff]
[DEBUG] Checking process: PID=82, Cmdline=[md]
[DEBUG] Checking process: PID=83, Cmdline=[edac-poller]
[DEBUG] Checking process: PID=84, Cmdline=[devfreq_wq]
[DEBUG] Checking process: PID=85, Cmdline=[watchdogd]
[DEBUG] Checking process: PID=88, Cmdline=[kswapd0]
[DEBUG] Checking process: PID=89, Cmdline=[ecryptfs-kthrea]
[DEBUG] Checking process: PID=91, Cmdline=[kthrotld]
[DEBUG] Checking process: PID=92, Cmdline=[irq/24-pciehp]
[DEBUG] Checking process: PID=93, Cmdline=[irq/25-pciehp]
[DEBUG] Checking process: PID=94, Cmdline=[irq/26-pciehp]
[DEBUG] Checking process: PID=95, Cmdline=[irq/27-pciehp]
[DEBUG] Checking process: PID=96, Cmdline=[irq/28-pciehp]
[DEBUG] Checking process: PID=97, Cmdline=[irq/29-pciehp]
[DEBUG] Checking process: PID=98, Cmdline=[irq/30-pciehp]
[DEBUG] Checking process: PID=99, Cmdline=[irq/31-pciehp]
[DEBUG] Checking process: PID=100, Cmdline=[irq/32-pciehp]
[DEBUG] Checking process: PID=101, Cmdline=[irq/33-pciehp]
[DEBUG] Checking process: PID=102, Cmdline=[irq/34-pciehp]
[DEBUG] Checking process: PID=103, Cmdline=[irq/35-pciehp]
[DEBUG] Checking process: PID=104, Cmdline=[irq/36-pciehp]
[DEBUG] Checking process: PID=105, Cmdline=[irq/37-pciehp]
[DEBUG] Checking process: PID=106, Cmdline=[irq/38-pciehp]
[DEBUG] Checking process: PID=107, Cmdline=[irq/39-pciehp]
[DEBUG] Checking process: PID=108, Cmdline=[irq/40-pciehp]
[DEBUG] Checking process: PID=109, Cmdline=[irq/41-pciehp]
[DEBUG] Checking process: PID=110, Cmdline=[irq/42-pciehp]
[DEBUG] Checking process: PID=111, Cmdline=[irq/43-pciehp]
[DEBUG] Checking process: PID=112, Cmdline=[irq/44-pciehp]
[DEBUG] Checking process: PID=113, Cmdline=[irq/45-pciehp]
[DEBUG] Checking process: PID=114, Cmdline=[irq/46-pciehp]
[DEBUG] Checking process: PID=115, Cmdline=[irq/47-pciehp]
[DEBUG] Checking process: PID=116, Cmdline=[irq/48-pciehp]
[DEBUG] Checking process: PID=117, Cmdline=[irq/49-pciehp]
[DEBUG] Checking process: PID=118, Cmdline=[irq/50-pciehp]
[DEBUG] Checking process: PID=119, Cmdline=[irq/51-pciehp]
[DEBUG] Checking process: PID=120, Cmdline=[irq/52-pciehp]
[DEBUG] Checking process: PID=121, Cmdline=[irq/53-pciehp]
[DEBUG] Checking process: PID=122, Cmdline=[irq/54-pciehp]
[DEBUG] Checking process: PID=123, Cmdline=[irq/55-pciehp]
[DEBUG] Checking process: PID=124, Cmdline=[acpi_thermal_pm]
[DEBUG] Checking process: PID=125, Cmdline=[scsi_eh_0]
[DEBUG] Checking process: PID=126, Cmdline=[scsi_tmf_0]
[DEBUG] Checking process: PID=127, Cmdline=[scsi_eh_1]
[DEBUG] Checking process: PID=128, Cmdline=[scsi_tmf_1]
[DEBUG] Checking process: PID=130, Cmdline=[vfio-irqfd-clea]
[DEBUG] Checking process: PID=132, Cmdline=[ipv6_addrconf]
[DEBUG] Checking process: PID=141, Cmdline=[kstrp]
[DEBUG] Checking process: PID=144, Cmdline=[kworker/u5:0]
[DEBUG] Checking process: PID=157, Cmdline=[charger_manager]
[DEBUG] Checking process: PID=201, Cmdline=[kworker/1:2-cgroup_destroy]
[DEBUG] Checking process: PID=202, Cmdline=[mpt_poll_0]
[DEBUG] Checking process: PID=203, Cmdline=[scsi_eh_2]
[DEBUG] Checking process: PID=204, Cmdline=[mpt/0]
[DEBUG] Checking process: PID=205, Cmdline=[scsi_tmf_2]
[DEBUG] Checking process: PID=206, Cmdline=[scsi_eh_3]
[DEBUG] Checking process: PID=207, Cmdline=[scsi_tmf_3]
[DEBUG] Checking process: PID=208, Cmdline=[scsi_eh_4]
[DEBUG] Checking process: PID=209, Cmdline=[scsi_tmf_4]
[DEBUG] Checking process: PID=210, Cmdline=[scsi_eh_5]
[DEBUG] Checking process: PID=211, Cmdline=[scsi_tmf_5]
[DEBUG] Checking process: PID=212, Cmdline=[scsi_eh_6]
[DEBUG] Checking process: PID=213, Cmdline=[scsi_tmf_6]
[DEBUG] Checking process: PID=214, Cmdline=[scsi_eh_7]
[DEBUG] Checking process: PID=215, Cmdline=[scsi_tmf_7]
[DEBUG] Checking process: PID=216, Cmdline=[scsi_eh_8]
[DEBUG] Checking process: PID=217, Cmdline=[scsi_tmf_8]
[DEBUG] Checking process: PID=218, Cmdline=[scsi_eh_9]
[DEBUG] Checking process: PID=219, Cmdline=[scsi_tmf_9]
[DEBUG] Checking process: PID=220, Cmdline=[scsi_eh_10]
[DEBUG] Checking process: PID=221, Cmdline=[scsi_tmf_10]
[DEBUG] Checking process: PID=222, Cmdline=[scsi_eh_11]
[DEBUG] Checking process: PID=223, Cmdline=[scsi_tmf_11]
[DEBUG] Checking process: PID=224, Cmdline=[scsi_eh_12]
[DEBUG] Checking process: PID=225, Cmdline=[scsi_tmf_12]
[DEBUG] Checking process: PID=226, Cmdline=[scsi_eh_13]
[DEBUG] Checking process: PID=227, Cmdline=[scsi_tmf_13]
[DEBUG] Checking process: PID=228, Cmdline=[scsi_eh_14]
[DEBUG] Checking process: PID=229, Cmdline=[scsi_tmf_14]
[DEBUG] Checking process: PID=230, Cmdline=[scsi_eh_15]
[DEBUG] Checking process: PID=231, Cmdline=[scsi_tmf_15]
[DEBUG] Checking process: PID=232, Cmdline=[kworker/1:3-cifsiod]
[DEBUG] Checking process: PID=233, Cmdline=[scsi_eh_16]
[DEBUG] Checking process: PID=234, Cmdline=[scsi_tmf_16]
[DEBUG] Checking process: PID=235, Cmdline=[scsi_eh_17]
[DEBUG] Checking process: PID=236, Cmdline=[cryptd]
[DEBUG] Checking process: PID=237, Cmdline=[scsi_tmf_17]
[DEBUG] Checking process: PID=243, Cmdline=[scsi_eh_18]
[DEBUG] Checking process: PID=248, Cmdline=[scsi_tmf_18]
[DEBUG] Checking process: PID=249, Cmdline=[scsi_eh_19]
[DEBUG] Checking process: PID=250, Cmdline=[scsi_tmf_19]
[DEBUG] Checking process: PID=251, Cmdline=[scsi_eh_20]
[DEBUG] Checking process: PID=252, Cmdline=[scsi_tmf_20]
[DEBUG] Checking process: PID=253, Cmdline=[scsi_eh_21]
[DEBUG] Checking process: PID=254, Cmdline=[scsi_tmf_21]
[DEBUG] Checking process: PID=255, Cmdline=[scsi_eh_22]
[DEBUG] Checking process: PID=256, Cmdline=[scsi_tmf_22]
[DEBUG] Checking process: PID=257, Cmdline=[scsi_eh_23]
[DEBUG] Checking process: PID=258, Cmdline=[scsi_tmf_23]
[DEBUG] Checking process: PID=259, Cmdline=[scsi_eh_24]
[DEBUG] Checking process: PID=260, Cmdline=[scsi_tmf_24]
[DEBUG] Checking process: PID=261, Cmdline=[scsi_eh_25]
[DEBUG] Checking process: PID=262, Cmdline=[scsi_tmf_25]
[DEBUG] Checking process: PID=263, Cmdline=[scsi_eh_26]
[DEBUG] Checking process: PID=264, Cmdline=[scsi_tmf_26]
[DEBUG] Checking process: PID=265, Cmdline=[scsi_eh_27]
[DEBUG] Checking process: PID=266, Cmdline=[scsi_tmf_27]
[DEBUG] Checking process: PID=267, Cmdline=[scsi_eh_28]
[DEBUG] Checking process: PID=269, Cmdline=[scsi_tmf_28]
[DEBUG] Checking process: PID=270, Cmdline=[scsi_eh_29]
[DEBUG] Checking process: PID=272, Cmdline=[scsi_tmf_29]
[DEBUG] Checking process: PID=274, Cmdline=[scsi_eh_30]
[DEBUG] Checking process: PID=278, Cmdline=[scsi_tmf_30]
[DEBUG] Checking process: PID=281, Cmdline=[scsi_eh_31]
[DEBUG] Checking process: PID=286, Cmdline=[scsi_tmf_31]
[DEBUG] Checking process: PID=322, Cmdline=[kworker/u4:27-events_unbound]
[DEBUG] Checking process: PID=324, Cmdline=[kworker/u4:29-events_unbound]
[DEBUG] Checking process: PID=326, Cmdline=[scsi_eh_32]
[DEBUG] Checking process: PID=327, Cmdline=[scsi_tmf_32]
[DEBUG] Checking process: PID=328, Cmdline=[kworker/1:1H-kblockd]
[DEBUG] Checking process: PID=333, Cmdline=[kworker/0:1H-kblockd]
[DEBUG] Checking process: PID=346, Cmdline=[kdmflush]
[DEBUG] Checking process: PID=379, Cmdline=[raid5wq]
[DEBUG] Checking process: PID=419, Cmdline=[jbd2/dm-0-8]
[DEBUG] Checking process: PID=420, Cmdline=[ext4-rsv-conver]
[DEBUG] Checking process: PID=517, Cmdline=[kworker/0:3-cgroup_destroy]
[DEBUG] Checking process: PID=654, Cmdline=[kaluad]
[DEBUG] Checking process: PID=655, Cmdline=[kmpath_rdacd]
[DEBUG] Checking process: PID=656, Cmdline=[kmpathd]
[DEBUG] Checking process: PID=657, Cmdline=[kmpath_handlerd]
[DEBUG] Checking process: PID=658, Cmdline=/sbin/multipathd -d -s
[DEBUG] Checking process: PID=667, Cmdline=[jbd2/sda2-8]
[DEBUG] Checking process: PID=670, Cmdline=[ext4-rsv-conver]
[DEBUG] Checking process: PID=674, Cmdline=[loop0]
[DEBUG] Checking process: PID=675, Cmdline=[loop1]
[DEBUG] Checking process: PID=676, Cmdline=[loop2]
[DEBUG] Checking process: PID=677, Cmdline=[loop3]
[DEBUG] Checking process: PID=720, Cmdline=/usr/bin/VGAuthService
[DEBUG] Checking process: PID=759, Cmdline=/lib/systemd/systemd-networkd
[DEBUG] Checking process: PID=761, Cmdline=/lib/systemd/systemd-resolved
[DEBUG] Checking process: PID=772, Cmdline=/usr/sbin/acpid
[DEBUG] Checking process: PID=777, Cmdline=/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Process is in whitelist or matches safe prefix: PID=777, Cmdline=/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Checking process: PID=788, Cmdline=/usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
[DEBUG] Checking process: PID=789, Cmdline=/usr/lib/policykit-1/polkitd --no-debug
[DEBUG] Process is in whitelist or matches safe prefix: PID=789, Cmdline=/usr/lib/policykit-1/polkitd --no-debug
[DEBUG] Checking process: PID=793, Cmdline=/usr/sbin/rsyslogd -n -iNONE
[DEBUG] Process is in whitelist or matches safe prefix: PID=793, Cmdline=/usr/sbin/rsyslogd -n -iNONE
[DEBUG] Checking process: PID=797, Cmdline=/lib/systemd/systemd-logind
[DEBUG] Checking process: PID=799, Cmdline=/usr/lib/udisks2/udisksd
[DEBUG] Checking process: PID=800, Cmdline=/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
[DEBUG] Checking process: PID=840, Cmdline=[kworker/1:4-cgroup_destroy]
[DEBUG] Checking process: PID=847, Cmdline=/usr/sbin/ModemManager --filter-policy=strict
[DEBUG] Checking process: PID=884, Cmdline=/usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
[DEBUG] Checking process: PID=896, Cmdline=[kworker/0:4-events]
[DEBUG] Killing process: PID=896, Cmdline=[kworker/0:4-events]
[DEBUG] Checking process: PID=904, Cmdline=/usr/bin/whoopsie -f
[DEBUG] Checking process: PID=910, Cmdline=[kworker/0:5-events]
[DEBUG] Checking process: PID=936, Cmdline=sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
[DEBUG] Process is in whitelist or matches safe prefix: PID=936, Cmdline=sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
[DEBUG] Checking process: PID=1207, Cmdline=[loop6]
[DEBUG] Checking process: PID=1320, Cmdline=/usr/sbin/gdm3
[DEBUG] Checking process: PID=1334, Cmdline=/lib/systemd/systemd --user
[DEBUG] Checking process: PID=1335, Cmdline=(sd-pam)
[DEBUG] Checking process: PID=1344, Cmdline=/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Process is in whitelist or matches safe prefix: PID=1344, Cmdline=/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Checking process: PID=1809, Cmdline=gdm-session-worker [pam/gdm-password]
[DEBUG] Checking process: PID=1860, Cmdline=/lib/systemd/systemd --user
[DEBUG] Checking process: PID=1872, Cmdline=(sd-pam)
[DEBUG] Checking process: PID=1877, Cmdline=/usr/bin/pulseaudio --daemonize=no --log-target=journal
[DEBUG] Checking process: PID=1886, Cmdline=/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Process is in whitelist or matches safe prefix: PID=1886, Cmdline=/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
[DEBUG] Checking process: PID=1888, Cmdline=/usr/lib/gdm3/gdm-x-session --register-session --run-script startxfce4
[DEBUG] Checking process: PID=1890, Cmdline=/usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -background none -noreset -keeptty -verbose 3
[DEBUG] Checking process: PID=1900, Cmdline=xfce4-session
[DEBUG] Checking process: PID=1983, Cmdline=/usr/bin/ssh-agent /usr/bin/im-launch startxfce4
[DEBUG] Checking process: PID=2048, Cmdline=/usr/bin/gpg-agent --supervised
[DEBUG] Checking process: PID=2062, Cmdline=xfsettingsd
[DEBUG] Checking process: PID=2746, Cmdline=[kworker/0:0-events]
[DEBUG] Checking process: PID=2749, Cmdline=[kworker/0:1-cgroup_destroy]
[DEBUG] Checking process: PID=2761, Cmdline=[kworker/u4:0-events_freezable_power_]
[DEBUG] Checking process: PID=2882, Cmdline=[loop4]
[DEBUG] Checking process: PID=3021, Cmdline=[kworker/u4:1-events_unbound]
[DEBUG] Checking process: PID=3088, Cmdline=[loop7]
[DEBUG] Checking process: PID=4440, Cmdline=[kworker/1:0-cifsiod]
[DEBUG] Checking process: PID=4445, Cmdline=[cifsiod]
[DEBUG] Checking process: PID=4446, Cmdline=[smb3decryptd]
[DEBUG] Checking process: PID=4447, Cmdline=[cifsfileinfoput]
[DEBUG] Checking process: PID=4448, Cmdline=[cifsoplockd]
[DEBUG] Checking process: PID=4499, Cmdline=[kworker/u4:2-flush-0:54]
[DEBUG] Checking process: PID=4505, Cmdline=[kworker/u4:3-events_unbound]
[DEBUG] Checking process: PID=4509, Cmdline=[kworker/u4:4-events_unbound]
[DEBUG] Checking process: PID=4511, Cmdline=[kworker/u4:5]
[DEBUG] Checking process: PID=6175, Cmdline=[cifsd]
[DEBUG] Checking process: PID=6252, Cmdline=/var/ftper
[DEBUG] Skipping self or parent: PID=6252
[DEBUG] Checking process: PID=6254, Cmdline=/var/ftper
[DEBUG] Skipping self or parent: PID=6254
[DEBUG] Checking process: PID=6446, Cmdline=/lib/systemd/systemd-journald
[DEBUG] Checking process: PID=6516, Cmdline=/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
[DEBUG] Checking process: PID=6591, Cmdline=xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
[DEBUG] Checking process: PID=6594, Cmdline=sh -c ps -A -o pid,cmd --no-headers
[DEBUG] Checking process: PID=6595, Cmdline=ps -A -o pid,cmd --no-headers
[DEBUG] Checking process: PID=6596, Cmdline=/usr/lib/upower/upowerd
[DEBUG] Checking process: PID=1, Path=/usr/lib/systemd/systemdu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1, Path=/usr/lib/systemd/systemdu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=658, Path=/usr/sbin/multipathdtemdu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=658, Path=/usr/sbin/multipathdtemdu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=720, Path=/usr/bin/VGAuthServicemdu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Killing process: PID=720, Path=/usr/bin/VGAuthServicemdu/xfce4/xfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=759, Path=/usr/lib/systemd/systemd-networkdfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=759, Path=/usr/lib/systemd/systemd-networkdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=761, Path=/usr/lib/systemd/systemd-resolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=761, Path=/usr/lib/systemd/systemd-resolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=772, Path=/usr/sbin/acpidd/systemd-resolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=777, Path=/usr/bin/dbus-daemontemd-resolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=777, Path=/usr/bin/dbus-daemontemd-resolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=788, Path=/usr/bin/python3.8ontemd-resolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=789, Path=/usr/lib/policykit-1/polkitdolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=789, Path=/usr/lib/policykit-1/polkitdolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=793, Path=/usr/sbin/rsyslogd-1/polkitdolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=793, Path=/usr/sbin/rsyslogd-1/polkitdolvedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=797, Path=/usr/lib/systemd/systemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=797, Path=/usr/lib/systemd/systemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=799, Path=/usr/lib/udisks2/udisksd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=800, Path=/usr/sbin/wpa_supplicant-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=847, Path=/usr/sbin/ModemManagernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=884, Path=/usr/bin/python3.8agernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=904, Path=/usr/bin/whoopsie8agernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=936, Path=/usr/sbin/sshdsie8agernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=936, Path=/usr/sbin/sshdsie8agernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1320, Path=/usr/sbin/gdm3sie8agernt-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1334, Path=/usr/lib/systemd/systemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1334, Path=/usr/lib/systemd/systemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1335, Path=/usr/lib/systemd/systemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1335, Path=/usr/lib/systemd/systemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1344, Path=/usr/bin/dbus-daemontemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1344, Path=/usr/bin/dbus-daemontemd-logindedfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1809, Path=/usr/lib/gdm3/gdm-session-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1860, Path=/usr/lib/systemd/systemdn-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1860, Path=/usr/lib/systemd/systemdn-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1872, Path=/usr/lib/systemd/systemdn-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1872, Path=/usr/lib/systemd/systemdn-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1877, Path=/usr/bin/pulseaudiostemdn-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1886, Path=/usr/bin/dbus-daemontemdn-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Process is in whitelist or matches safe prefix: PID=1886, Path=/usr/bin/dbus-daemontemdn-workerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1888, Path=/usr/lib/gdm3/gdm-x-sessionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1890, Path=/usr/lib/xorg/Xorgx-sessionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1900, Path=/usr/bin/xfce4-sessionssionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=1983, Path=/usr/bin/ssh-agentsionssionorkerdfconf/xfconfdnotifydn-agent-1
[DEBUG] Checking process: PID=2048, Path=/usr/bin/gpg-agentsionssionorkerdfconf/xfconfdnotifydn-agent-1
Standard Error:

Process Tree

  • system is lnxubuntu20
  • dash New Fork (PID: 6224, Parent: 4332)
  • rm (PID: 6224, Parent: 4332, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.1brRPsfKyF /tmp/tmp.AXuv0IVXFE /tmp/tmp.c3haIYmp5I
  • dash New Fork (PID: 6225, Parent: 4332)
  • rm (PID: 6225, Parent: 4332, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.1brRPsfKyF /tmp/tmp.AXuv0IVXFE /tmp/tmp.c3haIYmp5I
  • na.elf (PID: 6252, Parent: 6153, MD5: f3313fa87086a874824c89f96768a45e) Arguments: /tmp/na.elf
    • na.elf New Fork (PID: 6253, Parent: 6252)
    • na.elf New Fork (PID: 6254, Parent: 6252)
      • na.elf New Fork (PID: 6347, Parent: 6254)
      • sh (PID: 6347, Parent: 6254, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps -A -o pid,cmd --no-headers"
        • sh New Fork (PID: 6349, Parent: 6347)
        • ps (PID: 6349, Parent: 6347, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps -A -o pid,cmd --no-headers
      • na.elf New Fork (PID: 6463, Parent: 6254)
      • sh (PID: 6463, Parent: 6254, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps -A -o pid,cmd --no-headers"
        • sh New Fork (PID: 6464, Parent: 6463)
        • ps (PID: 6464, Parent: 6463, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps -A -o pid,cmd --no-headers
      • na.elf New Fork (PID: 6594, Parent: 6254)
      • sh (PID: 6594, Parent: 6254, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps -A -o pid,cmd --no-headers"
        • sh New Fork (PID: 6595, Parent: 6594)
        • ps (PID: 6595, Parent: 6594, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps -A -o pid,cmd --no-headers
      • na.elf New Fork (PID: 6646, Parent: 6254)
      • sh (PID: 6646, Parent: 6254, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps -A -o pid,cmd --no-headers"
        • sh New Fork (PID: 6647, Parent: 6646)
        • ps (PID: 6647, Parent: 6646, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps -A -o pid,cmd --no-headers
      • na.elf New Fork (PID: 6660, Parent: 6254)
      • sh (PID: 6660, Parent: 6254, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps -A -o pid,cmd --no-headers"
        • sh New Fork (PID: 6662, Parent: 6660)
        • ps (PID: 6662, Parent: 6660, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps -A -o pid,cmd --no-headers
  • sh (PID: 6279, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
  • systemd New Fork (PID: 6284, Parent: 1)
  • upowerd (PID: 6284, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • fusermount (PID: 6296, Parent: 1860, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • gdm3 New Fork (PID: 6304, Parent: 1320)
  • Default (PID: 6304, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • xfwm4 (PID: 6305, Parent: 1900, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
  • gdm3 New Fork (PID: 6334, Parent: 1320)
  • Default (PID: 6334, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • rm (PID: 6348, Parent: 1900, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
  • xfdesktop (PID: 6350, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
  • xfwm4 (PID: 6351, Parent: 1900, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
  • xfce4-panel (PID: 6352, Parent: 1900, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
  • systemd New Fork (PID: 6353, Parent: 1)
  • upowerd (PID: 6353, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • systemd New Fork (PID: 6403, Parent: 1860)
  • gvfsd (PID: 6403, Parent: 1860, MD5: 1fa32dace8ba066189a8eadd21bb172a) Arguments: /usr/libexec/gvfsd
    • gvfsd New Fork (PID: 6412, Parent: 6403)
      • gvfsd New Fork (PID: 6413, Parent: 6412)
      • gvfsd-fuse (PID: 6413, Parent: 1860, MD5: d18fbf1cbf8eb57b17fac48b7b4be933) Arguments: /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
        • fusermount (PID: 6417, Parent: 6413, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -o rw,nosuid,nodev,subtype=gvfsd-fuse -- /run/user/1000/gvfs
  • xfconfd (PID: 6405, Parent: 6404, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • xfdesktop (PID: 6414, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
  • xfwm4 (PID: 6415, Parent: 1900, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
  • systemd New Fork (PID: 6430, Parent: 1)
  • journalctl (PID: 6430, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6446, Parent: 1)
  • systemd-journald (PID: 6446, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • xfce4-panel (PID: 6460, Parent: 1900, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
  • xfdesktop (PID: 6465, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
  • xfwm4 (PID: 6466, Parent: 1900, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
  • systemd New Fork (PID: 6467, Parent: 1)
  • upowerd (PID: 6467, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • xfconfd (PID: 6516, Parent: 6515, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • xfdesktop (PID: 6523, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
  • xfwm4 (PID: 6527, Parent: 1900, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
  • systemd New Fork (PID: 6528, Parent: 1860)
  • gvfsd (PID: 6528, Parent: 1860, MD5: 1fa32dace8ba066189a8eadd21bb172a) Arguments: /usr/libexec/gvfsd
    • gvfsd New Fork (PID: 6533, Parent: 6528)
      • gvfsd New Fork (PID: 6536, Parent: 6533)
      • gvfsd-fuse (PID: 6536, Parent: 1860, MD5: d18fbf1cbf8eb57b17fac48b7b4be933) Arguments: /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
  • systemd New Fork (PID: 6532, Parent: 1)
  • journalctl (PID: 6532, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • xfdesktop (PID: 6542, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
  • xfce4-panel (PID: 6545, Parent: 1900, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
  • systemd New Fork (PID: 6548, Parent: 1)
  • upowerd (PID: 6548, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • xfce4-panel (PID: 6591, Parent: 1900, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
    • wrapper-2.0 (PID: 6656, Parent: 6591, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 4194312 systray "Notification Area" "Area where notification icons appear"
    • wrapper-2.0 (PID: 6657, Parent: 6591, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 4194313 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
    • wrapper-2.0 (PID: 6661, Parent: 6591, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 4194315 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • wrapper-2.0 (PID: 6663, Parent: 6591, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 4194316 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
    • wrapper-2.0 (PID: 6664, Parent: 6591, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 4194317 actions "Action Buttons" "Log out, lock or other system actions"
    • wrapper-2.0 (PID: 6683, Parent: 6591, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 4194312 systray "Notification Area" "Area where notification icons appear"
    • wrapper-2.0 (PID: 6684, Parent: 6591, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 4194313 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
    • wrapper-2.0 (PID: 6685, Parent: 6591, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 4194315 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
      • xfpm-power-backlight-helper (PID: 6694, Parent: 6685, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • systemd New Fork (PID: 6596, Parent: 1)
  • upowerd (PID: 6596, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • systemd New Fork (PID: 6648, Parent: 1860)
  • gvfsd (PID: 6648, Parent: 1860, MD5: 1fa32dace8ba066189a8eadd21bb172a) Arguments: /usr/libexec/gvfsd
    • gvfsd New Fork (PID: 6652, Parent: 6648)
      • gvfsd New Fork (PID: 6653, Parent: 6652)
      • gvfsd-fuse (PID: 6653, Parent: 1860, MD5: d18fbf1cbf8eb57b17fac48b7b4be933) Arguments: /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
  • systemd New Fork (PID: 6675, Parent: 1860)
  • gvfsd (PID: 6675, Parent: 1860, MD5: 1fa32dace8ba066189a8eadd21bb172a) Arguments: /usr/libexec/gvfsd
    • gvfsd New Fork (PID: 6681, Parent: 6675)
      • gvfsd New Fork (PID: 6682, Parent: 6681)
      • gvfsd-fuse (PID: 6682, Parent: 1860, MD5: d18fbf1cbf8eb57b17fac48b7b4be933) Arguments: /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
6252.1.0000000000400000.0000000000417000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    6252.1.0000000000400000.0000000000417000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x13638:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1364c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x13660:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x13674:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x13688:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1369c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x136b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x136c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x136d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x136ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x13700:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x13714:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x13728:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1373c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x13750:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x13764:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x13778:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1378c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x137a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x137b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x137c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    6252.1.0000000000400000.0000000000417000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
    • 0xdddc:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
    6252.1.0000000000400000.0000000000417000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
    • 0xe627:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
    6252.1.0000000000400000.0000000000417000.r-x.sdmpLinux_Trojan_Gafgyt_d4227dbfunknownunknown
    • 0xb0ee:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
    • 0xb278:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
    Click to see the 31 entries

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: na.elfVirustotal: Detection: 28%Perma Link
    Source: na.elfReversingLabs: Detection: 34%
    Machine Learning detection for sample
    Source: na.elfJoe Sandbox ML: detected
    Source: /usr/bin/ps (PID: 6349)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/ps (PID: 6464)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/ps (PID: 6647)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/ps (PID: 6662)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior

    Networking

    barindex
    Sends malformed DNS queries
    Source: global trafficDNS traffic detected: malformed DNS query: cnc.merisprivate.net. [malformed]
    Source: global trafficTCP traffic: 192.168.2.23:35118 -> 194.120.230.54:57899
    Source: /tmp/na.elf (PID: 6252)Socket: 127.0.0.1:18129Jump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6446)Socket: unknown address familyJump to behavior
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
    Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
    Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
    Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
    Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
    Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
    Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
    Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
    Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
    Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
    Source: unknownTCP traffic detected without corresponding DNS query: 194.120.230.54
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: global trafficDNS traffic detected: DNS query: cnc.merisprivate.net. [malformed]
    Source: na.elfString found in binary or memory: http://upx.sf.net
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_449937aa Author: unknown
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_449937aa Author: unknown
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_449937aa Author: unknown
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
    Source: Process Memory Space: na.elf PID: 6252, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: na.elf PID: 6253, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: na.elf PID: 6254, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Sample tries to kill a massive number of system processes
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 658, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 720, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 721, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 772, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 774, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 785, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 788, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 796, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 799, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 800, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 847, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 884, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 904, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 912, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 2, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 3, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 4, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 6, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 9, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 10, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 11, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 12, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 13, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 14, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 15, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 16, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 17, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 18, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 20, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 21, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 22, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 23, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 24, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 25, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 26, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 27, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 28, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 29, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 30, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 35, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 77, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 78, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 79, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 80, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 81, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 82, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 83, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 84, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 85, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 88, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 89, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 91, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 92, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 93, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 94, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 95, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 96, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 97, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 98, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 99, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 100, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 101, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 102, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 103, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 104, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 105, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 106, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 107, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 108, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 109, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 110, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 111, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 112, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 113, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 114, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 115, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 116, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 117, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 118, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 119, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 120, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 121, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 122, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 123, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 124, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 125, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 126, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 127, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 128, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 130, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 132, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 141, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 144, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 157, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 201, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 202, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 203, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 204, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 205, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 206, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 207, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 208, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 209, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 210, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 211, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 212, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 213, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 214, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 215, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 216, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 217, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 218, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 219, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 220, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 221, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 222, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 223, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 224, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 225, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 226, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 227, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 228, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 229, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 230, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 231, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 232, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 233, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 234, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 235, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 236, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 237, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 243, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 248, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 249, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 250, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 251, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 252, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 253, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 254, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 255, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 256, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 257, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 258, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 259, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 260, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 261, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 262, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 263, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 264, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 265, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 266, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 267, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 269, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 270, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 272, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 274, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 278, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 281, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 286, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 322, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 324, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 326, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 327, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 328, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 333, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 346, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 379, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 419, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 420, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 491, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 517, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 654, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 655, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 656, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 657, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 667, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 674, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 675, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 676, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 677, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 759, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 761, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 797, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 840, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 896, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 910, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent to PID below 1000: pid: 918, result: successfulJump to behavior
    Sample tries to kill multiple processes (SIGKILL)
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 658, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 720, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 721, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 772, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 774, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 785, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 788, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 796, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 799, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 800, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 847, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 884, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 904, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 912, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1320, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1349, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1389, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1463, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1465, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1475, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1477, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1489, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1576, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1579, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1582, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1586, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1594, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1599, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1601, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1612, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1622, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1633, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1638, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1639, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1642, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1654, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1656, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1661, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1664, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1698, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1699, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1809, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1877, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1888, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1890, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1900, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1983, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2009, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2018, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2028, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2033, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2038, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2048, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2050, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2062, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2063, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2069, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2074, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2080, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2096, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2097, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2114, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2123, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2126, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2128, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2129, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2146, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2156, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2180, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2195, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2208, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2226, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2235, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2242, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2275, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2281, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2285, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2289, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2294, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2307, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2637, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 3236, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6214, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6215, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6284, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6305, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6337, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 3, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 9, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 10, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 11, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 12, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 13, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 14, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 15, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 16, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 17, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 18, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 20, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 21, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 22, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 23, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 24, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 25, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 26, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 27, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 28, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 29, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 30, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 35, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 77, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 78, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 79, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 80, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 81, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 82, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 83, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 84, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 85, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 88, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 89, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 91, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 92, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 93, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 94, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 95, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 96, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 97, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 98, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 99, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 100, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 101, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 102, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 103, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 104, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 105, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 106, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 107, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 108, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 109, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 110, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 111, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 112, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 113, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 114, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 115, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 116, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 117, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 118, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 119, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 120, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 121, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 122, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 123, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 124, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 125, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 126, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 127, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 128, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 130, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 132, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 141, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 144, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 157, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 201, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 202, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 203, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 204, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 205, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 206, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 207, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 208, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 209, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 210, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 211, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 212, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 213, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 214, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 215, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 216, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 217, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 218, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 219, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 220, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 221, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 222, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 223, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 224, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 225, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 226, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 227, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 228, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 229, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 230, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 231, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 232, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 233, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 234, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 235, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 236, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 237, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 243, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 248, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 249, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 250, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 251, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 252, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 253, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 254, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 255, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 256, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 257, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 258, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 259, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 260, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 261, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 262, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 263, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 264, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 265, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 266, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 267, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 269, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 270, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 272, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 274, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 278, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 281, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 286, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 322, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 324, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 326, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 327, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 328, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 333, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 346, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 379, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 419, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 420, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 491, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 517, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 654, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 655, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 656, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 657, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 667, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 674, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 675, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 676, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 677, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 759, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 761, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 797, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 840, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 896, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 910, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 918, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1207, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1334, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1335, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2102, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2746, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2749, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2761, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2882, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 3021, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 3088, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4440, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4445, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4446, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4447, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4448, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4499, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4505, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4509, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4511, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4532, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6058, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6175, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6347, result: no such processJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6349, result: no such processJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6350, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6351, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6352, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6353, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6403, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6405, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6413, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6414, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6415, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6460, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6467, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6465, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6466, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6527, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6528, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6542, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6545, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6548, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6648, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6656, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6658, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6657, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6661, result: successfulJump to behavior
    Source: LOAD without section mappingsProgram segment: 0x100000
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 658, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 720, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 721, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 772, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 774, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 785, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 788, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 796, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 799, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 800, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 847, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 884, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 904, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 912, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1320, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1349, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1389, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1463, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1465, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1475, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1477, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1489, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1576, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1579, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1582, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1586, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1594, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1599, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1601, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1612, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1622, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1633, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1638, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1639, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1642, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1654, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1656, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1661, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1664, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1698, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1699, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1809, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1877, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1888, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1890, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1900, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1983, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2009, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2018, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2028, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2033, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2038, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2048, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2050, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2062, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2063, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2069, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2074, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2080, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2096, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2097, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2114, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2123, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2126, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2128, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2129, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2146, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2156, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2180, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2195, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2208, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2226, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2235, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2242, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2275, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2281, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2285, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2289, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2294, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2307, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2637, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 3236, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6214, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6215, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6284, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6305, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6337, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 3, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 9, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 10, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 11, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 12, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 13, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 14, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 15, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 16, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 17, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 18, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 20, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 21, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 22, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 23, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 24, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 25, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 26, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 27, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 28, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 29, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 30, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 35, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 77, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 78, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 79, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 80, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 81, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 82, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 83, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 84, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 85, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 88, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 89, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 91, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 92, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 93, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 94, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 95, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 96, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 97, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 98, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 99, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 100, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 101, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 102, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 103, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 104, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 105, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 106, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 107, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 108, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 109, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 110, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 111, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 112, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 113, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 114, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 115, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 116, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 117, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 118, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 119, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 120, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 121, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 122, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 123, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 124, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 125, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 126, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 127, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 128, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 130, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 132, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 141, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 144, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 157, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 201, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 202, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 203, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 204, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 205, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 206, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 207, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 208, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 209, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 210, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 211, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 212, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 213, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 214, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 215, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 216, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 217, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 218, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 219, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 220, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 221, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 222, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 223, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 224, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 225, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 226, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 227, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 228, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 229, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 230, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 231, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 232, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 233, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 234, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 235, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 236, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 237, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 243, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 248, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 249, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 250, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 251, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 252, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 253, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 254, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 255, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 256, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 257, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 258, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 259, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 260, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 261, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 262, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 263, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 264, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 265, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 266, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 267, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 269, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 270, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 272, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 274, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 278, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 281, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 286, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 322, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 324, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 326, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 327, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 328, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 333, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 346, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 379, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 419, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 420, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 491, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 517, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 654, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 655, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 656, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 657, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 667, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 674, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 675, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 676, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 677, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 759, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 761, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 797, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 840, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 896, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 910, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 918, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1207, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1334, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 1335, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2102, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2746, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2749, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2761, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 2882, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 3021, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 3088, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4440, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4445, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4446, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4447, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4448, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4499, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4505, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4509, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4511, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 4532, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6058, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6175, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6347, result: no such processJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6349, result: no such processJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6350, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6351, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6352, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6353, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6403, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6405, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6413, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6414, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6415, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6460, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6467, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6465, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6466, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6527, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6528, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6542, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6545, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6548, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6648, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6656, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6658, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6657, result: successfulJump to behavior
    Source: /tmp/na.elf (PID: 6254)SIGKILL sent: pid: 6661, result: successfulJump to behavior
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_449937aa reference_sample = 6f27766534445cffb097c7c52db1fca53b2210c1b10b75594f77c34dc8b994fe, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = cf2c6b86830099f039b41aeaafbffedfb8294a1124c499e99a11f48a06cd1dfd, id = 449937aa-682a-4906-89ab-80d7127e461e, last_modified = 2021-09-16
    Source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_449937aa reference_sample = 6f27766534445cffb097c7c52db1fca53b2210c1b10b75594f77c34dc8b994fe, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = cf2c6b86830099f039b41aeaafbffedfb8294a1124c499e99a11f48a06cd1dfd, id = 449937aa-682a-4906-89ab-80d7127e461e, last_modified = 2021-09-16
    Source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_449937aa reference_sample = 6f27766534445cffb097c7c52db1fca53b2210c1b10b75594f77c34dc8b994fe, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = cf2c6b86830099f039b41aeaafbffedfb8294a1124c499e99a11f48a06cd1dfd, id = 449937aa-682a-4906-89ab-80d7127e461e, last_modified = 2021-09-16
    Source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
    Source: Process Memory Space: na.elf PID: 6252, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: na.elf PID: 6253, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: na.elf PID: 6254, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: classification engineClassification label: mal96.spre.troj.evad.linELF@0/12@5/0

    Data Obfuscation

    barindex
    Sample is packed with UPX
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

    Persistence and Installation Behavior

    barindex
    Sample reads /proc/mounts (often used for finding a writable filesystem)
    Source: /bin/fusermount (PID: 6296)File: /proc/6296/mountsJump to behavior
    Source: /bin/fusermount (PID: 6417)File: /proc/6417/mountsJump to behavior
    Source: /usr/bin/xfdesktop (PID: 6350)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6351)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6351)Directory: /usr/share/fonts/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6351)Directory: /usr/local/share/fonts/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6351)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6351)Directory: /home/saturnino/.fonts/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6351)Directory: /usr/share/fonts/X11/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6351)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6352)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/lib/upower/upowerd (PID: 6353)Directory: <invalid fd (12)>/..Jump to behavior
    Source: /usr/lib/upower/upowerd (PID: 6353)Directory: <invalid fd (11)>/..Jump to behavior
    Source: /bin/fusermount (PID: 6417)Directory: /gvfs/.Jump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6405)Directory: /home/saturnino/.cacheJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6405)Directory: /home/saturnino/.localJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6405)Directory: /home/saturnino/.configJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6405)Directory: /home/saturnino/.configJump to behavior
    Source: /usr/bin/xfdesktop (PID: 6414)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/local/share/fonts/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /home/saturnino/.fonts/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/X11/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/type1/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6446)File: /run/systemd/journal/streams/.#9:76223wJma1DJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6446)File: /run/systemd/journal/streams/.#9:76229xYYB4BJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6446)File: /run/systemd/journal/streams/.#9:762308PCR7DJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6446)File: /run/systemd/journal/streams/.#9:76231psvv0zJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6446)File: /run/systemd/journal/streams/.#9:7623272IsLCJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6446)File: /run/systemd/journal/streams/.#9:76236dJ5yeCJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6446)File: /run/systemd/journal/streams/.#9:76962YfCjRBJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6446)File: /run/systemd/journal/streams/.#9:770050PFVhBJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6446)File: /run/systemd/journal/streams/.#9:77087uqqBCDJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6446)File: /run/systemd/journal/streams/.#9:77251OvBJwEJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6460)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/bin/xfdesktop (PID: 6465)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/local/share/fonts/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /home/saturnino/.fonts/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/X11/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/type1/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
    Source: /usr/lib/upower/upowerd (PID: 6467)Directory: <invalid fd (12)>/..Jump to behavior
    Source: /usr/lib/upower/upowerd (PID: 6467)Directory: <invalid fd (11)>/..Jump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6516)Directory: /home/saturnino/.cacheJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6516)Directory: /home/saturnino/.localJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6516)Directory: /home/saturnino/.configJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6516)Directory: /home/saturnino/.configJump to behavior
    Source: /usr/bin/xfdesktop (PID: 6523)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/bin/xfwm4 (PID: 6527)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/lib/upower/upowerd (PID: 6548)Directory: <invalid fd (12)>/..Jump to behavior
    Source: /usr/lib/upower/upowerd (PID: 6548)Directory: <invalid fd (11)>/..Jump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/local/share/fonts/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /home/saturnino/.fonts/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/X11/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/type1/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /home/saturnino/.cacheJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /home/saturnino/.localJump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Directory: /home/saturnino/.configJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6657)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6661)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/local/share/fonts/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /home/saturnino/.fonts/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/X11/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/type1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /home/saturnino/.cacheJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /home/saturnino/.localJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Directory: /home/saturnino/.configJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /home/saturnino/.Xdefaults-galassia
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/local/share/fonts/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /home/saturnino/.local/share/fonts/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /home/saturnino/.fonts/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/X11/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/cMap/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/cmap/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/opentype/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/type1/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/X11/Type1/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/X11/encodings/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/X11/misc/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/X11/util/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/opentype/malayalam/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/opentype/mathjax/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/opentype/noto/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/opentype/urw-base35/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/Gargi/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/Gubbi/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/Nakula/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/Navilu/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/Sahadeva/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/Sarai/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/abyssinica/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/dejavu/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/droid/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/freefont/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/kacst/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/kacst-one/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/lao/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/lato/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/liberation/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/liberation2/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/malayalam/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/noto/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/openoffice/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/padauk/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/pagul/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/samyak/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/sinhala/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/tlwg/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/truetype/ubuntu/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/type1/urw-base35/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Directory: /usr/share/fonts/X11/encodings/large/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6683)Directory: /home/saturnino/.Xdefaults-galassia
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6684)Directory: /home/saturnino/.Xdefaults-galassia
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /home/saturnino/.Xdefaults-galassia
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/local/share/fonts/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /home/saturnino/.local/share/fonts/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /home/saturnino/.fonts/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/X11/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/cMap/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/cmap/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/opentype/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/type1/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/X11/Type1/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/X11/encodings/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/X11/misc/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/X11/util/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/opentype/malayalam/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/opentype/mathjax/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/opentype/noto/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/opentype/urw-base35/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/Gargi/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/Gubbi/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/Nakula/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/Navilu/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/Sahadeva/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/Sarai/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/abyssinica/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/dejavu/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/droid/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/freefont/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/kacst/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/kacst-one/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/lao/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/lato/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/liberation/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/liberation2/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/malayalam/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/noto/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/openoffice/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/padauk/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/pagul/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/samyak/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/sinhala/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/tlwg/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/truetype/ubuntu/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/type1/urw-base35/.uuid
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Directory: /usr/share/fonts/X11/encodings/large/.uuid
    Source: /usr/lib/upower/upowerd (PID: 6596)Directory: <invalid fd (12)>/..
    Source: /usr/lib/upower/upowerd (PID: 6596)Directory: <invalid fd (11)>/..
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/6595/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/6595/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/6595/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/6594/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/6594/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/6594/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/6596/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/6596/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/6596/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/3088/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/3088/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/3088/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/6591/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/6591/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/6591/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/230/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/230/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/230/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/110/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/110/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/110/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/231/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/231/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/231/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/111/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/111/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/111/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/232/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/232/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/232/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/112/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/112/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/112/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/233/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/233/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/233/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/113/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/113/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/113/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/234/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/234/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/234/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/1335/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/1335/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/1335/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/114/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/114/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/114/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/235/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/235/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/235/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/1334/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/1334/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/1334/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/115/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/115/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/115/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/236/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/236/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/236/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/116/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/116/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/116/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/237/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/237/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/237/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/117/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/117/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/117/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/118/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/118/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/118/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/910/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/910/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/910/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/119/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/119/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/119/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/10/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/10/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/10/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/11/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/11/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/11/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/12/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/12/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/12/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/13/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/13/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/13/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/14/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/14/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/14/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/15/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/15/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/15/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/16/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/16/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/16/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/17/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/17/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/17/cmdlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/18/statJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/18/statusJump to behavior
    Source: /usr/bin/ps (PID: 6595)File opened: /proc/18/cmdlineJump to behavior
    Source: /tmp/na.elf (PID: 6347)Shell command executed: sh -c "ps -A -o pid,cmd --no-headers"Jump to behavior
    Source: /tmp/na.elf (PID: 6463)Shell command executed: sh -c "ps -A -o pid,cmd --no-headers"Jump to behavior
    Source: /tmp/na.elf (PID: 6594)Shell command executed: sh -c "ps -A -o pid,cmd --no-headers"Jump to behavior
    Source: /tmp/na.elf (PID: 6646)Shell command executed: sh -c "ps -A -o pid,cmd --no-headers"Jump to behavior
    Source: /tmp/na.elf (PID: 6660)Shell command executed: sh -c "ps -A -o pid,cmd --no-headers"Jump to behavior
    Source: /bin/sh (PID: 6349)Ps executable: /usr/bin/ps -> ps -A -o pid,cmd --no-headersJump to behavior
    Source: /bin/sh (PID: 6464)Ps executable: /usr/bin/ps -> ps -A -o pid,cmd --no-headersJump to behavior
    Source: /bin/sh (PID: 6595)Ps executable: /usr/bin/ps -> ps -A -o pid,cmd --no-headersJump to behavior
    Source: /bin/sh (PID: 6647)Ps executable: /usr/bin/ps -> ps -A -o pid,cmd --no-headersJump to behavior
    Source: /bin/sh (PID: 6662)Ps executable: /usr/bin/ps -> ps -A -o pid,cmd --no-headersJump to behavior
    Source: /usr/bin/dash (PID: 6224)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.1brRPsfKyF /tmp/tmp.AXuv0IVXFE /tmp/tmp.c3haIYmp5IJump to behavior
    Source: /usr/bin/dash (PID: 6225)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.1brRPsfKyF /tmp/tmp.AXuv0IVXFE /tmp/tmp.c3haIYmp5IJump to behavior
    Source: /usr/bin/xfce4-session (PID: 6348)Rm executable: /usr/bin/rm -> rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51Jump to behavior
    Source: /usr/bin/ps (PID: 6349)Reads from proc file: /proc/meminfoJump to behavior
    Source: /usr/bin/ps (PID: 6464)Reads from proc file: /proc/meminfoJump to behavior
    Source: /usr/bin/ps (PID: 6595)Reads from proc file: /proc/meminfoJump to behavior
    Source: /usr/bin/ps (PID: 6647)Reads from proc file: /proc/meminfoJump to behavior
    Source: /usr/bin/ps (PID: 6662)Reads from proc file: /proc/meminfoJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6446)Reads from proc file: /proc/meminfoJump to behavior

    Hooking and other Techniques for Hiding and Protection

    barindex
    Sample deletes itself
    Source: /tmp/na.elf (PID: 6252)File: /tmp/na.elfJump to behavior
    Source: na.elfSubmission file: segment LOAD with 7.9708 entropy (max. 8.0)
    Source: /usr/bin/ps (PID: 6349)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/ps (PID: 6464)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/ps (PID: 6595)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/ps (PID: 6647)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/ps (PID: 6662)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/xfdesktop (PID: 6350)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/bin/xfwm4 (PID: 6351)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6352)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/bin/xfdesktop (PID: 6414)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/bin/xfwm4 (PID: 6415)Queries kernel information via 'uname': Jump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6446)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6460)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/bin/xfdesktop (PID: 6465)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/bin/xfwm4 (PID: 6466)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/bin/xfdesktop (PID: 6523)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/bin/xfwm4 (PID: 6527)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/bin/xfdesktop (PID: 6542)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/bin/xfce4-panel (PID: 6591)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6657)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6661)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6663)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6664)Queries kernel information via 'uname':
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6683)Queries kernel information via 'uname':
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6684)Queries kernel information via 'uname':
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6685)Queries kernel information via 'uname':
    Source: na.elf, 6254.1.00000000024bf000.00000000024c0000.rw-.sdmpBinary or memory string: /usr/bin/vmtoolsdrvicemd-journald`
    Source: na.elf, 6254.1.00000000024bf000.00000000024c0000.rw-.sdmpBinary or memory string: /usr/bin/vmtoolsdrvicemd-journald

    Stealing of Sensitive Information

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: Process Memory Space: na.elf PID: 6252, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: na.elf PID: 6253, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: na.elf PID: 6254, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: 6252.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 6254.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 6253.1.0000000000400000.0000000000417000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: Process Memory Space: na.elf PID: 6252, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: na.elf PID: 6253, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: na.elf PID: 6254, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity Information1
    Scripting    		Valid AccountsWindows Management Instrumentation1
    Scripting    		Path Interception1
    Hidden Files and Directories    		1
    OS Credential Dumping    		11
    Security Software Discovery    		Remote ServicesData from Local System1
    Encrypted Channel    		Exfiltration Over Other Network Medium2
    Service Stop
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
    Obfuscated Files or Information    		LSASS Memory1
    Process Discovery    		Remote Desktop ProtocolData from Removable Media1
    Non-Standard Port    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    File Deletion    		Security Account Manager1
    File and Directory Discovery    		SMB/Windows Admin SharesData from Network Shared Drive1
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS2
    System Information Discovery    		Distributed Component Object ModelInput Capture2
    Application Layer Protocol    		Traffic DuplicationData Destruction

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528835 Sample: na.elf Startdate: 08/10/2024 Architecture: LINUX Score: 96 68 cnc.merisprivate.net. [malformed] 2->68 70 109.202.202.202, 80 INIT7CH Switzerland 2->70 72 3 other IPs or domains 2->72 78 Malicious sample detected (through community Yara rule) 2->78 80 Multi AV Scanner detection for submitted file 2->80 82 Yara detected Mirai 2->82 86 2 other signatures 2->86 9 dash rm na.elf 2->9         started        12 systemd gvfsd 2->12         started        14 xfce4-session xfce4-panel 2->14         started        16 34 other processes 2->16 signatures3 84 Sends malformed DNS queries 68->84 process4 signatures5 88 Sample deletes itself 9->88 18 na.elf 9->18         started        21 na.elf 9->21         started        23 gvfsd 12->23         started        25 xfce4-panel wrapper-2.0 14->25         started        27 xfce4-panel wrapper-2.0 14->27         started        35 7 other processes 14->35 90 Sample reads /proc/mounts (often used for finding a writable filesystem) 16->90 29 gvfsd 16->29         started        31 gvfsd 16->31         started        33 gvfsd 16->33         started        process6 signatures7 74 Sample tries to kill a massive number of system processes 18->74 76 Sample tries to kill multiple processes (SIGKILL) 18->76 37 na.elf sh 18->37         started        39 na.elf sh 18->39         started        41 na.elf sh 18->41         started        53 2 other processes 18->53 43 gvfsd gvfsd-fuse 23->43         started        45 wrapper-2.0 xfpm-power-backlight-helper 25->45         started        47 gvfsd gvfsd-fuse 29->47         started        49 gvfsd gvfsd-fuse 31->49         started        51 gvfsd gvfsd-fuse 33->51         started        process8 process9 55 sh ps 37->55         started        57 sh ps 39->57         started        59 sh ps 41->59         started        61 gvfsd-fuse fusermount 43->61         started        64 sh ps 53->64         started        66 sh ps 53->66         started        signatures10 92 Sample reads /proc/mounts (often used for finding a writable filesystem) 61->92

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    na.elf28%VirustotalBrowse
    na.elf34%ReversingLabsLinux.Packed.Mirai
    na.elf100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://upx.sf.net0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    cnc.merisprivate.net. [malformed]
    		unknown
    		unknowntrue
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://upx.sf.netna.elftrue
      • URL Reputation: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      194.120.230.54
      		unknownunknown
      		133115HKKFGL-AS-APHKKwaifongGroupLimitedHKfalse
      109.202.202.202
      		unknownSwitzerland
      		13030INIT7CHfalse
      91.189.91.43
      		unknownUnited Kingdom
      		41231CANONICAL-ASGBfalse
      91.189.91.42
      		unknownUnited Kingdom
      		41231CANONICAL-ASGBfalse

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      194.120.230.54na.elfGet hashmaliciousUnknownBrowse
        r3M3VGE5AG.elfGet hashmaliciousUnknownBrowse
          na.elfGet hashmaliciousUnknownBrowse
            109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
            • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
            91.189.91.43na.elfGet hashmaliciousUnknownBrowse
              na.elfGet hashmaliciousUnknownBrowse
                na.elfGet hashmaliciousUnknownBrowse
                  na.elfGet hashmaliciousUnknownBrowse
                    na.elfGet hashmaliciousUnknownBrowse
                      na.elfGet hashmaliciousUnknownBrowse
                        na.elfGet hashmaliciousUnknownBrowse
                          na.elfGet hashmaliciousUnknownBrowse
                            na.elfGet hashmaliciousUnknownBrowse
                              na.elfGet hashmaliciousMiraiBrowse
                                91.189.91.42na.elfGet hashmaliciousUnknownBrowse
                                  na.elfGet hashmaliciousUnknownBrowse
                                    na.elfGet hashmaliciousUnknownBrowse
                                      na.elfGet hashmaliciousUnknownBrowse
                                        na.elfGet hashmaliciousUnknownBrowse
                                          na.elfGet hashmaliciousUnknownBrowse
                                            na.elfGet hashmaliciousUnknownBrowse
                                              na.elfGet hashmaliciousUnknownBrowse
                                                na.elfGet hashmaliciousUnknownBrowse
                                                  na.elfGet hashmaliciousUnknownBrowse

                                                    Domains

                                                    No context

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    CANONICAL-ASGBna.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 185.125.190.26
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 185.125.190.26
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 185.125.190.26
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 185.125.190.26
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    CANONICAL-ASGBna.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 185.125.190.26
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 185.125.190.26
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 185.125.190.26
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 185.125.190.26
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    INIT7CHna.elfGet hashmaliciousUnknownBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 109.202.202.202
                                                    HKKFGL-AS-APHKKwaifongGroupLimitedHKna.elfGet hashmaliciousUnknownBrowse
                                                    • 194.120.230.54
                                                    r3M3VGE5AG.elfGet hashmaliciousUnknownBrowse
                                                    • 194.120.230.54
                                                    na.elfGet hashmaliciousGafgytBrowse
                                                    • 103.218.208.171
                                                    na.elfGet hashmaliciousGafgytBrowse
                                                    • 103.218.19.2
                                                    na.elfGet hashmaliciousGafgytBrowse
                                                    • 103.218.19.0
                                                    na.elfGet hashmaliciousGafgytBrowse
                                                    • 103.218.208.182
                                                    na.elfGet hashmaliciousGafgytBrowse
                                                    • 103.218.89.105
                                                    na.elfGet hashmaliciousGafgytBrowse
                                                    • 103.218.208.188
                                                    na.elfGet hashmaliciousUnknownBrowse
                                                    • 194.120.230.54
                                                    https://asbdjdas-asd.top/Get hashmaliciousUnknownBrowse
                                                    • 39.109.126.218

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    /run/systemd/journal/streams/.#9:76223wJma1D

                                                    Download File
                                                    Process:/lib/systemd/systemd-journald
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):223
                                                    Entropy (8bit):5.518392781364306
                                                    Encrypted:false
                                                    SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmoHyQDEjSYEMuvkws+:SbFuFyLVIg1BG+f+MoHyD1Y8Zji4s
                                                    MD5:E9EF6777717447B44F5A79966F8FE834
                                                    SHA1:A1FBF8AD4049F50C2AC0D5FA6640A15C5DD44500
                                                    SHA-256:8065D7D709058CB97E2183C7766D651DE0E215727C69BC9F3B0B826D94A5A68C
                                                    SHA-512:6F9B301D6935389DCB549C149E303080A17C089FB56D6F4105097FD49835D71F84D30E7252E5F8D5D490F5F6402C6A3AFF3E13BE0CB23AC34287BD7AEE9EC2FC
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=bb9f5fabfdd74d1da56b98c2abd00f82.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.

                                                    /run/systemd/journal/streams/.#9:76229xYYB4B

                                                    Download File
                                                    Process:/lib/systemd/systemd-journald
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):205
                                                    Entropy (8bit):5.434055511486291
                                                    Encrypted:false
                                                    SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmsawiDAUQBsj2jskGt:SbFuFyLVIg1BG+f+MsawiDWmj2jfGt
                                                    MD5:B245F480219DA79A5A6149E83E34DCAF
                                                    SHA1:CA4F4EE4665669C3E3A1309B7581DE8633D40026
                                                    SHA-256:64FADC523D7439C00A25286D83AB3E2FB6F43EF0ACD061A8B4DBDF13583F3534
                                                    SHA-512:FF902449EAD149AA06472EF6B81F3C21EE153F61E492B0A716079875FD46C513753A0D0514243FEF2BBE3AEBC7BA2040795E3F972FEF5CA9EDF162B6F178328C
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=f87bdb3b7d5b4f82b7f384029315d984.IDENTIFIER=upowerd.UNIT=upower.service.

                                                    /run/systemd/journal/streams/.#9:762308PCR7D

                                                    Download File
                                                    Process:/lib/systemd/systemd-journald
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):192
                                                    Entropy (8bit):5.414118227489772
                                                    Encrypted:false
                                                    SSDEEP:3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmyMpVTNS6+Pcs228:SbFuFyLVK6g7/+BG+f+MyepS7dZjF2N9
                                                    MD5:15222462C596BFDC30D99F89B50EE0CA
                                                    SHA1:EA53D797D95B4FF73DDD515E855345EA747E905C
                                                    SHA-256:7A53E297796534EC428EF1B1FFA4B127C24FE9F2EFFB1DBB6A69E3159309E809
                                                    SHA-512:FCD42A7737577DD9F9255675EF37CD82D97FE05566DAB129EB9C7DEA08EBC26227DD68512BCAA6C481A73E8E7DB3B43681EAC9E9535BA2DBA88CC4F26F022B9D
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=8984530adc0846d79b4365f511517f17.IDENTIFIER=org.xfce.Xfconf.

                                                    /run/systemd/journal/streams/.#9:76231psvv0z

                                                    Download File
                                                    Process:/lib/systemd/systemd-journald
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):192
                                                    Entropy (8bit):5.359783834231805
                                                    Encrypted:false
                                                    SSDEEP:3:SbFVVmFyinKMsPOfvP69ms947z+h6SnLAqC+h6KV+h6CQzuxm4E4xm3UcUK9kglJ:SbFuFyLVI6g7/+BG+f+M4DMkcBb2jF2T
                                                    MD5:5851F03D39D623E424D7E45046F07533
                                                    SHA1:1B7C1F2DB61C559606395B4ACCEFEA594C0BE437
                                                    SHA-256:CC46BB8DD0B11FC3BD4CF545C70DD4306D2A22186EBE396F8068347E1982D24D
                                                    SHA-512:982E999616ACB66F9C92538817F7E0FBC49F665F73D476F5C423012CA23547CE7A29B04A4F94EE53BD1E1ADDCC063BDBBECD24BB9027EAD8921CC1B3754DAA37
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=2a62ba9ed984402b9f9eae616ff255d0.IDENTIFIER=org.xfce.Xfconf.

                                                    /run/systemd/journal/streams/.#9:7623272IsLC

                                                    Download File
                                                    Process:/lib/systemd/systemd-journald
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):183
                                                    Entropy (8bit):5.292722546354616
                                                    Encrypted:false
                                                    SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm6E0mQXrqjs2TKBv:SbFuFyLVIg1BG+f+M6E0mGrqjNA
                                                    MD5:73F9116AA9F94397CAE7B3B50C9A4CB9
                                                    SHA1:9850D7719C87D01CABE3C55A3014CADBFEB47539
                                                    SHA-256:3559A36C88FA2998CEDF46125BDC2AD693BD0E76141E2BEC5D4915437CB64C80
                                                    SHA-512:F4BCE5F89E98F42DFB529CD295CB349A9CF1AA0A953AE1FEB6FB16797731C38A3DC990442A620F08B107CE1BACB2EAAA6D629B547C047214367B83ACB6213A1E
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=0459e49430a1456f9d5f932efa5af767.IDENTIFIER=gvfsd.

                                                    /run/systemd/journal/streams/.#9:76236dJ5yeC

                                                    Download File
                                                    Process:/lib/systemd/systemd-journald
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):223
                                                    Entropy (8bit):5.522225754334142
                                                    Encrypted:false
                                                    SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm8UUKS2i0pY5Flsjsv:SbFuFyLVIg1BG+f+M8UJTi0pzji4s
                                                    MD5:B28DDCC3EC1CB1BAEFB203D9BFDB11FE
                                                    SHA1:124BEA2363C0E8C387C73159FDC0CDD8F4EA7C9F
                                                    SHA-256:9526F636A91AD3C8B050E149E24E9852331BD3EA228E47F2CC7DF27BC61347F6
                                                    SHA-512:285716F443FC3FED7B3486DD883C20C5C2D01EB231DC3997EEE9936C1FCFE517DA90F4CCA0665CC01F7CEFC75D8B239CE4F17740CBA03645947A588DA2AEE102
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=62901bbc87de4a8db5dc95c2230ba3ea.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.

                                                    /run/systemd/journal/streams/.#9:76962YfCjRB

                                                    Download File
                                                    Process:/lib/systemd/systemd-journald
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):205
                                                    Entropy (8bit):5.388957401740748
                                                    Encrypted:false
                                                    SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm4ZpRFBQ/Qwlv8jske:SbFuFyLVIg1BG+f+M4ZtmYE0jfGt
                                                    MD5:1BB620A135DC776BF683D7E751E82DBA
                                                    SHA1:348618F6DC364F96D1B3BA1DC2943882A269BC30
                                                    SHA-256:F4B14DB7BA4EAB22C2EB1DB0786BAD1202542B1945831F700A36AE3E0C93736F
                                                    SHA-512:124D14664D9A7C607C6D8103023AE81EFC09898252185CB65EE3D11C1E7407D568091DEAC6BDB176A11994501A6FB040D539048F932133B7C27CC859B2F1E644
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=213670469ae447c99d5c512221543c2e.IDENTIFIER=upowerd.UNIT=upower.service.

                                                    /run/systemd/journal/streams/.#9:770050PFVhB

                                                    Download File
                                                    Process:/lib/systemd/systemd-journald
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):205
                                                    Entropy (8bit):5.414056167729658
                                                    Encrypted:false
                                                    SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm7BcIBSTN2jskGp/:SbFuFyLVIg1BG+f+MV5BSZ2jfGt
                                                    MD5:9D4116BE30D82146AB6F3EBD88C314F0
                                                    SHA1:16BC3B344FD983A86074307B8CACE0951163E8A5
                                                    SHA-256:456428E5B930507AE88A82E683A0131C14F135D623C40EB5E9C7593F3680B95E
                                                    SHA-512:7B08DC673E2EF203B0C6A62E4BC53AF2E68704E4ACE93C9419F1773412EFEBDEE926D69B4077CE5698B97444B33E84F3E39FBB35D4097DEE7930D1B4DFFDC486
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=1bd2ed031fa941f189d1eb7256fcffb6.IDENTIFIER=upowerd.UNIT=upower.service.

                                                    /run/systemd/journal/streams/.#9:77087uqqBCD

                                                    Download File
                                                    Process:/lib/systemd/systemd-journald
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):183
                                                    Entropy (8bit):5.314580469851883
                                                    Encrypted:false
                                                    SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm5wVddJVdDmAsBJqja:SbFuFyLVIg1BG+f+MOLbdD3sBJqjNA
                                                    MD5:66B31C493361B27654B1F3924626A5C3
                                                    SHA1:3CCA32D1232195AA825C17A44F17920439BB3DB2
                                                    SHA-256:ADC80CBE821044916B1667A9A4F9159CAE1642986F0AEDE03F01190B7CDA0DF7
                                                    SHA-512:AAD101C1668766816DE1BF126A4AE2C184D52258FE1AE75CA4DE556C011A027661D014B467B260A5C90DB996116626FCD5E7F6EC3D78B6EF1C045E54E9002ED5
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3618084710834650887384b74edd9dce.IDENTIFIER=gvfsd.

                                                    /run/systemd/journal/streams/.#9:77251OvBJwE

                                                    Download File
                                                    Process:/lib/systemd/systemd-journald
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):183
                                                    Entropy (8bit):5.301888207575196
                                                    Encrypted:false
                                                    SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmsBtFUAdhxKA35qjsT:SbFuFyLVIg1BG+f+MsTPLxbEjNA
                                                    MD5:2A4C9E51D2BD2B8AA6D36430989F40AE
                                                    SHA1:7CC00B291F4F88496DFF9855BA0956ED8C80CA36
                                                    SHA-256:7D54330E4C1A4774B8C15FF076584581D73153E9C6C01766F669C7DA9F3C0D05
                                                    SHA-512:D17A740D41244BED93B5364C492D20160C50C2E64310F4730DFE46BEED2178B5C3D4503998FAB80FED9D87179519F4248743035A1C94E9AB4C5908C47366D3ED
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=f2b4005be6ca43a8b1e84b116dd16e44.IDENTIFIER=gvfsd.

                                                    /var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal

                                                    Download File
                                                    Process:/lib/systemd/systemd-journald
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):240
                                                    Entropy (8bit):1.459526019450492
                                                    Encrypted:false
                                                    SSDEEP:3:F31HlG5D+t/llW5D+t/:F3256tlW56
                                                    MD5:C5C702D37B15C3E420C5C76326232A1B
                                                    SHA1:EB725172C526DA38D78B10D45AC3159B6F81F3CD
                                                    SHA-256:B36B3509DB3E40FE81FC714343842D74FD7915C36A201E0160681886B1034BA6
                                                    SHA-512:1557E3B77CA5C286591AB0E737C7406E9C9AE236C9298C5A9E8FCD577D037382846E4175D9421EA3A3FBF4E7A5FAA782767A0100A83328394F8469A08EB8CF25
                                                    Malicious:false
                                                    Preview:LPKSHHRH......................B...+.[..j......................................B...+.[..j........................................................................................................................................................

                                                    /var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal

                                                    Download File
                                                    Process:/lib/systemd/systemd-journald
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):240
                                                    Entropy (8bit):1.4595260194504922
                                                    Encrypted:false
                                                    SSDEEP:3:F31Hli7uNE7uHl:F3y7uNE7uHl
                                                    MD5:6ECE616D73E70311E7D92BB3FCDAA08B
                                                    SHA1:56564FDE101EC2EBB94A4BC1B79D55F51E33A673
                                                    SHA-256:1561F243B7E38D04313231F3E02293426F4D015830F7D2E92A31F8D7521FABC9
                                                    SHA-512:3785DB67E93478543174A3C7614EE1839F6F24FBD036F0EF6F68C4059791103ADF3B8C381571C9A12D39513384F6A0A635389C87BC72EE47B474E2FB62845CBB
                                                    Malicious:false
                                                    Preview:LPKSHHRH..................B...I9..sG.J....................................B...I9..sG.J..........................................................................................................................................................

                                                    Static File Info

                                                    General

                                                    File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
                                                    Entropy (8bit):7.968979768947076
                                                    TrID:
                                                    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                    File name:na.elf
                                                    File size:42'948 bytes
                                                    MD5:f3313fa87086a874824c89f96768a45e
                                                    SHA1:65341faf419680f11f4813faca3da39af23e9f43
                                                    SHA256:b1f553f261ba277bcb1e6d36f820af2cc558c86d996c30d5839a1a0087db7c9b
                                                    SHA512:f839b432c5d10962d10052a10af96e38547a36a11bb1110266a56afcd1306dcca38bbe22ea6b844643b311cf31cd9f79e090c2707c7a24dd049d449368b179f4
                                                    SSDEEP:768:I08FjSU4OVZ2bl4aGYMBfiELk4SncGYx04I9kxZvn31lUhC2x0rV2:R8FpZAWppkBclq4IkJn31lU/y2
                                                    TLSH:CE13F173607BBA75E05E70B2194684D0BFBF3D17622A06AE0FB581389067D796227F50
                                                    File Content Preview:.ELF..............>.............@...................@.8...@.....................................................................(.......(.Q.....(.Q.............................Q.td....................................................rG..UPX!D.......`m..`m.

                                                    Static ELF Info

                                                    ELF header

                                                    Class:ELF64
                                                    Data:2's complement, little endian
                                                    Version:1 (current)
                                                    Machine:Advanced Micro Devices X86-64
                                                    Version Number:0x1
                                                    Type:EXEC (Executable file)
                                                    OS/ABI:UNIX - System V
                                                    ABI Version:0
                                                    Entry Point Address:0x109590
                                                    Flags:0x0
                                                    ELF Header Size:64
                                                    Program Header Offset:64
                                                    Program Header Size:56
                                                    Number of Program Headers:3
                                                    Section Header Offset:0
                                                    Section Header Size:64
                                                    Number of Section Headers:0
                                                    Header String Table Index:0

                                                    Program Segments

                                                    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                    LOAD0x00x1000000x1000000xa6cc0xa6cc7.97080x5R E0x100000
                                                    LOAD0x5280x5195280x5195280x00x00.00000x6RW 0x1000
                                                    GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Oct 8, 2024 11:32:44.365061045 CEST43928443192.168.2.2391.189.91.42
                                                    Oct 8, 2024 11:32:46.121347904 CEST3511857899192.168.2.23194.120.230.54
                                                    Oct 8, 2024 11:32:46.434498072 CEST5789935118194.120.230.54192.168.2.23
                                                    Oct 8, 2024 11:32:46.434648037 CEST3511857899192.168.2.23194.120.230.54
                                                    Oct 8, 2024 11:32:46.435580015 CEST3511857899192.168.2.23194.120.230.54
                                                    Oct 8, 2024 11:32:46.440380096 CEST5789935118194.120.230.54192.168.2.23
                                                    Oct 8, 2024 11:32:46.440432072 CEST3511857899192.168.2.23194.120.230.54
                                                    Oct 8, 2024 11:32:46.445236921 CEST5789935118194.120.230.54192.168.2.23
                                                    Oct 8, 2024 11:32:49.996289015 CEST42836443192.168.2.2391.189.91.43
                                                    Oct 8, 2024 11:32:51.532073021 CEST4251680192.168.2.23109.202.202.202
                                                    Oct 8, 2024 11:32:56.483484030 CEST3511857899192.168.2.23194.120.230.54
                                                    Oct 8, 2024 11:32:56.488426924 CEST5789935118194.120.230.54192.168.2.23
                                                    Oct 8, 2024 11:32:56.929635048 CEST5789935118194.120.230.54192.168.2.23
                                                    Oct 8, 2024 11:32:56.929723024 CEST3511857899192.168.2.23194.120.230.54
                                                    Oct 8, 2024 11:32:56.929944992 CEST5789935118194.120.230.54192.168.2.23
                                                    Oct 8, 2024 11:32:56.929995060 CEST3511857899192.168.2.23194.120.230.54
                                                    Oct 8, 2024 11:32:57.169662952 CEST5789935118194.120.230.54192.168.2.23
                                                    Oct 8, 2024 11:32:57.169723034 CEST3511857899192.168.2.23194.120.230.54
                                                    Oct 8, 2024 11:32:57.170031071 CEST5789935118194.120.230.54192.168.2.23
                                                    Oct 8, 2024 11:32:57.170072079 CEST3511857899192.168.2.23194.120.230.54
                                                    Oct 8, 2024 11:33:05.354221106 CEST43928443192.168.2.2391.189.91.42
                                                    Oct 8, 2024 11:33:15.592766047 CEST42836443192.168.2.2391.189.91.43
                                                    Oct 8, 2024 11:33:21.736038923 CEST4251680192.168.2.23109.202.202.202
                                                    Oct 8, 2024 11:33:29.445224047 CEST3511857899192.168.2.23194.120.230.54
                                                    Oct 8, 2024 11:33:29.450798988 CEST5789935118194.120.230.54192.168.2.23
                                                    Oct 8, 2024 11:33:29.450849056 CEST3511857899192.168.2.23194.120.230.54
                                                    Oct 8, 2024 11:33:46.312184095 CEST43928443192.168.2.2391.189.91.42
                                                    Oct 8, 2024 11:34:06.785264969 CEST42836443192.168.2.2391.189.91.43

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Oct 8, 2024 11:32:44.635482073 CEST3555153192.168.2.238.8.8.8
                                                    Oct 8, 2024 11:32:45.161427975 CEST53355518.8.8.8192.168.2.23
                                                    Oct 8, 2024 11:32:45.209497929 CEST3761453192.168.2.238.8.8.8
                                                    Oct 8, 2024 11:32:45.217257977 CEST53376148.8.8.8192.168.2.23
                                                    Oct 8, 2024 11:32:45.300734997 CEST5532053192.168.2.238.8.8.8
                                                    Oct 8, 2024 11:32:45.308681011 CEST53553208.8.8.8192.168.2.23
                                                    Oct 8, 2024 11:32:45.611941099 CEST5638153192.168.2.238.8.8.8
                                                    Oct 8, 2024 11:32:45.618419886 CEST53563818.8.8.8192.168.2.23
                                                    Oct 8, 2024 11:32:45.734467983 CEST4581953192.168.2.238.8.8.8
                                                    Oct 8, 2024 11:32:45.740850925 CEST53458198.8.8.8192.168.2.23

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Oct 8, 2024 11:32:44.635482073 CEST192.168.2.238.8.8.80x0Standard query (0)cnc.merisprivate.net. [malformed]256317false
                                                    Oct 8, 2024 11:32:45.209497929 CEST192.168.2.238.8.8.80x0Standard query (0)cnc.merisprivate.net. [malformed]256317false
                                                    Oct 8, 2024 11:32:45.300734997 CEST192.168.2.238.8.8.80x0Standard query (0)cnc.merisprivate.net. [malformed]256317false
                                                    Oct 8, 2024 11:32:45.611941099 CEST192.168.2.238.8.8.80x0Standard query (0)cnc.merisprivate.net. [malformed]256317false
                                                    Oct 8, 2024 11:32:45.734467983 CEST192.168.2.238.8.8.80x0Standard query (0)cnc.merisprivate.net. [malformed]256317false

                                                    System Behavior

                                                    General

                                                    Start time (UTC):09:32:40
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/dash
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:40
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/rm
                                                    Arguments:rm -f /tmp/tmp.1brRPsfKyF /tmp/tmp.AXuv0IVXFE /tmp/tmp.c3haIYmp5I
                                                    File size:72056 bytes
                                                    MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:40
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/dash
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:40
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/rm
                                                    Arguments:rm -f /tmp/tmp.1brRPsfKyF /tmp/tmp.AXuv0IVXFE /tmp/tmp.c3haIYmp5I
                                                    File size:72056 bytes
                                                    MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:43
                                                    Start date (UTC):08/10/2024
                                                    Path:/tmp/na.elf
                                                    Arguments:/tmp/na.elf
                                                    File size:42948 bytes
                                                    MD5 hash:f3313fa87086a874824c89f96768a45e

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:43
                                                    Start date (UTC):08/10/2024
                                                    Path:/tmp/na.elf
                                                    Arguments:-
                                                    File size:42948 bytes
                                                    MD5 hash:f3313fa87086a874824c89f96768a45e

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:43
                                                    Start date (UTC):08/10/2024
                                                    Path:/tmp/na.elf
                                                    Arguments:-
                                                    File size:42948 bytes
                                                    MD5 hash:f3313fa87086a874824c89f96768a45e

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/tmp/na.elf
                                                    Arguments:-
                                                    File size:42948 bytes
                                                    MD5 hash:f3313fa87086a874824c89f96768a45e

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/bin/sh
                                                    Arguments:sh -c "ps -A -o pid,cmd --no-headers"
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/bin/sh
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/ps
                                                    Arguments:ps -A -o pid,cmd --no-headers
                                                    File size:137688 bytes
                                                    MD5 hash:ab48054475a6f70f8e7fa847331f3327

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:02
                                                    Start date (UTC):08/10/2024
                                                    Path:/tmp/na.elf
                                                    Arguments:-
                                                    File size:42948 bytes
                                                    MD5 hash:f3313fa87086a874824c89f96768a45e

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:02
                                                    Start date (UTC):08/10/2024
                                                    Path:/bin/sh
                                                    Arguments:sh -c "ps -A -o pid,cmd --no-headers"
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:02
                                                    Start date (UTC):08/10/2024
                                                    Path:/bin/sh
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:02
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/ps
                                                    Arguments:ps -A -o pid,cmd --no-headers
                                                    File size:137688 bytes
                                                    MD5 hash:ab48054475a6f70f8e7fa847331f3327

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:19
                                                    Start date (UTC):08/10/2024
                                                    Path:/tmp/na.elf
                                                    Arguments:-
                                                    File size:42948 bytes
                                                    MD5 hash:f3313fa87086a874824c89f96768a45e

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:19
                                                    Start date (UTC):08/10/2024
                                                    Path:/bin/sh
                                                    Arguments:sh -c "ps -A -o pid,cmd --no-headers"
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:19
                                                    Start date (UTC):08/10/2024
                                                    Path:/bin/sh
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:19
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/ps
                                                    Arguments:ps -A -o pid,cmd --no-headers
                                                    File size:137688 bytes
                                                    MD5 hash:ab48054475a6f70f8e7fa847331f3327

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:27
                                                    Start date (UTC):08/10/2024
                                                    Path:/tmp/na.elf
                                                    Arguments:-
                                                    File size:42948 bytes
                                                    MD5 hash:f3313fa87086a874824c89f96768a45e

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:27
                                                    Start date (UTC):08/10/2024
                                                    Path:/bin/sh
                                                    Arguments:sh -c "ps -A -o pid,cmd --no-headers"
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:27
                                                    Start date (UTC):08/10/2024
                                                    Path:/bin/sh
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:27
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/ps
                                                    Arguments:ps -A -o pid,cmd --no-headers
                                                    File size:137688 bytes
                                                    MD5 hash:ab48054475a6f70f8e7fa847331f3327

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:33
                                                    Start date (UTC):08/10/2024
                                                    Path:/tmp/na.elf
                                                    Arguments:-
                                                    File size:42948 bytes
                                                    MD5 hash:f3313fa87086a874824c89f96768a45e

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:33
                                                    Start date (UTC):08/10/2024
                                                    Path:/bin/sh
                                                    Arguments:sh -c "ps -A -o pid,cmd --no-headers"
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:33
                                                    Start date (UTC):08/10/2024
                                                    Path:/bin/sh
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:33
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/ps
                                                    Arguments:ps -A -o pid,cmd --no-headers
                                                    File size:137688 bytes
                                                    MD5 hash:ab48054475a6f70f8e7fa847331f3327

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gnome-session-binary
                                                    Arguments:-
                                                    File size:334664 bytes
                                                    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/bin/sh
                                                    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gnome-session-binary
                                                    Arguments:-
                                                    File size:334664 bytes
                                                    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/upower/upowerd
                                                    Arguments:/usr/lib/upower/upowerd
                                                    File size:260328 bytes
                                                    MD5 hash:1253eea2fe5fe4017069664284e326cd

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd-fuse
                                                    Arguments:-
                                                    File size:47632 bytes
                                                    MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/bin/fusermount
                                                    Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                                                    File size:39144 bytes
                                                    MD5 hash:576a1b135c82bdcbc97a91acea900566

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/sbin/gdm3
                                                    Arguments:-
                                                    File size:453296 bytes
                                                    MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/etc/gdm3/PrimeOff/Default
                                                    Arguments:/etc/gdm3/PrimeOff/Default
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfwm4
                                                    Arguments:xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
                                                    File size:420424 bytes
                                                    MD5 hash:59defa3c00cc30d85ed77b738d55e9da

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/sbin/gdm3
                                                    Arguments:-
                                                    File size:453296 bytes
                                                    MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/etc/gdm3/PrimeOff/Default
                                                    Arguments:/etc/gdm3/PrimeOff/Default
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/rm
                                                    Arguments:rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
                                                    File size:72056 bytes
                                                    MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfdesktop
                                                    Arguments:xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
                                                    File size:473520 bytes
                                                    MD5 hash:dfb13e1581f80065dcea16f2476f16f2

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:46
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:47
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfwm4
                                                    Arguments:xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
                                                    File size:420424 bytes
                                                    MD5 hash:59defa3c00cc30d85ed77b738d55e9da

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:47
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:47
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-panel
                                                    Arguments:xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
                                                    File size:375768 bytes
                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:47
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:47
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/upower/upowerd
                                                    Arguments:/usr/lib/upower/upowerd
                                                    File size:260328 bytes
                                                    MD5 hash:1253eea2fe5fe4017069664284e326cd

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:52
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:52
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd
                                                    Arguments:/usr/libexec/gvfsd
                                                    File size:39224 bytes
                                                    MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:54
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd
                                                    Arguments:-
                                                    File size:39224 bytes
                                                    MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:54
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd
                                                    Arguments:-
                                                    File size:39224 bytes
                                                    MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:54
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd-fuse
                                                    Arguments:/usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
                                                    File size:47632 bytes
                                                    MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:55
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd-fuse
                                                    Arguments:-
                                                    File size:47632 bytes
                                                    MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:55
                                                    Start date (UTC):08/10/2024
                                                    Path:/bin/fusermount
                                                    Arguments:fusermount -o rw,nosuid,nodev,subtype=gvfsd-fuse -- /run/user/1000/gvfs
                                                    File size:39144 bytes
                                                    MD5 hash:576a1b135c82bdcbc97a91acea900566

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:52
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/dbus-daemon
                                                    Arguments:-
                                                    File size:249032 bytes
                                                    MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:52
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                                    File size:112880 bytes
                                                    MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:54
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:55
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfdesktop
                                                    Arguments:xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
                                                    File size:473520 bytes
                                                    MD5 hash:dfb13e1581f80065dcea16f2476f16f2

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:55
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:55
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfwm4
                                                    Arguments:xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
                                                    File size:420424 bytes
                                                    MD5 hash:59defa3c00cc30d85ed77b738d55e9da

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:56
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:56
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/journalctl
                                                    Arguments:/usr/bin/journalctl --smart-relinquish-var
                                                    File size:80120 bytes
                                                    MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:58
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:32:58
                                                    Start date (UTC):08/10/2024
                                                    Path:/lib/systemd/systemd-journald
                                                    Arguments:/lib/systemd/systemd-journald
                                                    File size:162032 bytes
                                                    MD5 hash:474667ece6cecb5e04c6eb897a1d0d9e

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:02
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:02
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-panel
                                                    Arguments:xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
                                                    File size:375768 bytes
                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:02
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:03
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfdesktop
                                                    Arguments:xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
                                                    File size:473520 bytes
                                                    MD5 hash:dfb13e1581f80065dcea16f2476f16f2

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:03
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:03
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfwm4
                                                    Arguments:xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
                                                    File size:420424 bytes
                                                    MD5 hash:59defa3c00cc30d85ed77b738d55e9da

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:03
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:03
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/upower/upowerd
                                                    Arguments:/usr/lib/upower/upowerd
                                                    File size:260328 bytes
                                                    MD5 hash:1253eea2fe5fe4017069664284e326cd

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:09
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/dbus-daemon
                                                    Arguments:-
                                                    File size:249032 bytes
                                                    MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:09
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                                    File size:112880 bytes
                                                    MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:11
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:11
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfdesktop
                                                    Arguments:xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
                                                    File size:473520 bytes
                                                    MD5 hash:dfb13e1581f80065dcea16f2476f16f2

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:11
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:11
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfwm4
                                                    Arguments:xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
                                                    File size:420424 bytes
                                                    MD5 hash:59defa3c00cc30d85ed77b738d55e9da

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:11
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:11
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd
                                                    Arguments:/usr/libexec/gvfsd
                                                    File size:39224 bytes
                                                    MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:14
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd
                                                    Arguments:-
                                                    File size:39224 bytes
                                                    MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:14
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd
                                                    Arguments:-
                                                    File size:39224 bytes
                                                    MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:14
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd-fuse
                                                    Arguments:/usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
                                                    File size:47632 bytes
                                                    MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:13
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:13
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/journalctl
                                                    Arguments:/usr/bin/journalctl --flush
                                                    File size:80120 bytes
                                                    MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:16
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:16
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfdesktop
                                                    Arguments:xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
                                                    File size:473520 bytes
                                                    MD5 hash:dfb13e1581f80065dcea16f2476f16f2

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:16
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:17
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-panel
                                                    Arguments:xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
                                                    File size:375768 bytes
                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:16
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:16
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/upower/upowerd
                                                    Arguments:/usr/lib/upower/upowerd
                                                    File size:260328 bytes
                                                    MD5 hash:1253eea2fe5fe4017069664284e326cd

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:19
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-session
                                                    Arguments:-
                                                    File size:264752 bytes
                                                    MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:19
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-panel
                                                    Arguments:xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
                                                    File size:375768 bytes
                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:32
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-panel
                                                    Arguments:-
                                                    File size:375768 bytes
                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:32
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 4194312 systray "Notification Area" "Area where notification icons appear"
                                                    File size:35136 bytes
                                                    MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:32
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-panel
                                                    Arguments:-
                                                    File size:375768 bytes
                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:32
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 4194313 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                                                    File size:35136 bytes
                                                    MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:33
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-panel
                                                    Arguments:-
                                                    File size:375768 bytes
                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:33
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-panel
                                                    Arguments:-
                                                    File size:375768 bytes
                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:33
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 4194315 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                                                    File size:35136 bytes
                                                    MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:33
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-panel
                                                    Arguments:-
                                                    File size:375768 bytes
                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:33
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 4194316 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                                                    File size:35136 bytes
                                                    MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                    Chronological Activities


                                                    General

                                                    Start time (UTC):09:33:34
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-panel
                                                    Arguments:-
                                                    File size:375768 bytes
                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                    General

                                                    Start time (UTC):09:33:34
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 4194317 actions "Action Buttons" "Log out, lock or other system actions"
                                                    File size:35136 bytes
                                                    MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                    General

                                                    Start time (UTC):09:33:45
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-panel
                                                    Arguments:-
                                                    File size:375768 bytes
                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                    General

                                                    Start time (UTC):09:33:45
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 4194312 systray "Notification Area" "Area where notification icons appear"
                                                    File size:35136 bytes
                                                    MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                    General

                                                    Start time (UTC):09:33:45
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-panel
                                                    Arguments:-
                                                    File size:375768 bytes
                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                    General

                                                    Start time (UTC):09:33:45
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 4194313 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                                                    File size:35136 bytes
                                                    MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                    General

                                                    Start time (UTC):09:33:45
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/bin/xfce4-panel
                                                    Arguments:-
                                                    File size:375768 bytes
                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                    General

                                                    Start time (UTC):09:33:45
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 4194315 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                                                    File size:35136 bytes
                                                    MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                    General

                                                    Start time (UTC):09:33:50
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                    Arguments:-
                                                    File size:35136 bytes
                                                    MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                    General

                                                    Start time (UTC):09:33:50
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/sbin/xfpm-power-backlight-helper
                                                    Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
                                                    File size:14656 bytes
                                                    MD5 hash:3d221ad23f28ca3259f599b1664e2427

                                                    General

                                                    Start time (UTC):09:33:20
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    General

                                                    Start time (UTC):09:33:20
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/upower/upowerd
                                                    Arguments:/usr/lib/upower/upowerd
                                                    File size:260328 bytes
                                                    MD5 hash:1253eea2fe5fe4017069664284e326cd

                                                    General

                                                    Start time (UTC):09:33:29
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    General

                                                    Start time (UTC):09:33:29
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd
                                                    Arguments:/usr/libexec/gvfsd
                                                    File size:39224 bytes
                                                    MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                                    General

                                                    Start time (UTC):09:33:29
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd
                                                    Arguments:-
                                                    File size:39224 bytes
                                                    MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                                    General

                                                    Start time (UTC):09:33:29
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd
                                                    Arguments:-
                                                    File size:39224 bytes
                                                    MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                                    General

                                                    Start time (UTC):09:33:29
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd-fuse
                                                    Arguments:/usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
                                                    File size:47632 bytes
                                                    MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                                    General

                                                    Start time (UTC):09:33:41
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    General

                                                    Start time (UTC):09:33:41
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd
                                                    Arguments:/usr/libexec/gvfsd
                                                    File size:39224 bytes
                                                    MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                                    General

                                                    Start time (UTC):09:33:41
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd
                                                    Arguments:-
                                                    File size:39224 bytes
                                                    MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                                    General

                                                    Start time (UTC):09:33:41
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd
                                                    Arguments:-
                                                    File size:39224 bytes
                                                    MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                                                    General

                                                    Start time (UTC):09:33:41
                                                    Start date (UTC):08/10/2024
                                                    Path:/usr/libexec/gvfsd-fuse
                                                    Arguments:/usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
                                                    File size:47632 bytes
                                                    MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933