Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
morte.ppc.elf

Overview

General Information

Sample name:morte.ppc.elf
Analysis ID:1648682
MD5:ef7765b6e8dffe7a82f3176fef2cd7a6
SHA1:d819f60486c844d1eb8f02fecb27e4ac7e2b9a9e
SHA256:6dc63c2065576f78dc2c0656b6934236abc2690845cf564ebe7023d0fdad4457
Tags:elfuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1648682
Start date and time:2025-03-26 04:23:13 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 42s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:morte.ppc.elf
Detection:MAL
Classification:mal64.spre.evad.linELF@0/0@0/0

Runtime Messages

Command:/tmp/morte.ppc.elf
PID:6239
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • wrapper-2.0 (PID: 6253, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 6254, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 6255, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 6276, Parent: 6255, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 6256, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 6257, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 6258, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • xfconfd (PID: 6275, Parent: 6274, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 6285, Parent: 1860)
  • xfce4-notifyd (PID: 6285, Parent: 1860, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Networking
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: morte.ppc.elfAvira: detected
Source: morte.ppc.elfVirustotal: Detection: 30%Perma Link
Source: morte.ppc.elfReversingLabs: Detection: 27%
Source: global trafficTCP traffic: 192.168.2.23:46298 -> 176.65.142.252:7575
Source: /tmp/morte.ppc.elf (PID: 6241)Socket: 127.0.0.1:40688Jump to behavior
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: morte.ppc.elf, 6247.1.00007f847801b000.00007f847801d000.rwx.sdmpString found in binary or memory: http://176.65.142.252/bins/morte.%s
Source: morte.ppc.elf, 6247.1.00007f847801b000.00007f847801d000.rwx.sdmpString found in binary or memory: http://176.65.142.252/bins/morte.%s;
Source: morte.ppc.elf, 6247.1.00007f847801a000.00007f847801b000.r-x.sdmpString found in binary or memory: http://176.65.142.252/c.sh;
Source: morte.ppc.elf, 6247.1.00007f847801a000.00007f847801b000.r-x.sdmpString found in binary or memory: http://176.65.142.252/w.sh;
Source: morte.ppc.elf, 6247.1.00007f847801b000.00007f847801d000.rwx.sdmpString found in binary or memory: http://176.65.142.252/wget.sh;
Source: morte.ppc.elfString found in binary or memory: http://upx.sf.net
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2018, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2077, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2078, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2079, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2080, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2083, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2084, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2114, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2156, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6253, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6254, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6255, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6256, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6257, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6258, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6275, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6285, result: successfulJump to behavior
Source: LOAD without section mappingsProgram segment: 0x100000
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2018, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2077, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2078, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2079, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2080, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2083, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2084, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2114, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 2156, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6253, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6254, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6255, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6256, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6257, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6258, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6275, result: successfulJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)SIGKILL sent: pid: 6285, result: successfulJump to behavior
Source: classification engineClassification label: mal64.spre.evad.linELF@0/0@0/0

Data Obfuscation

barindex
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6253)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6254)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6254)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6254)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6254)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6254)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6254)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6254)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6254)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6254)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6254)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6254)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6256)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6275)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6275)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6275)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6275)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6285)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6285)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6285)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6285)Directory: /home/saturnino/.configJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1582/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2033/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2275/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/3088/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/6072/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/6193/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1612/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1579/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1699/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1335/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1698/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2028/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1334/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1576/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2302/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/3236/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2025/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2146/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/910/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/4444/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/4445/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/912/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/4446/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/517/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/759/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/4447/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2307/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/918/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1594/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2285/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2281/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1349/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1623/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/761/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1622/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/884/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1983/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2038/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1344/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1465/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1586/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1860/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1463/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2156/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/800/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/801/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1629/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1627/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1900/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/6254/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/6253/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/6256/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/6255/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/6258/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/6257/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/3021/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/491/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2294/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2050/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1877/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/772/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1633/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/4509/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1599/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1632/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/774/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1477/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/654/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/896/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1476/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1872/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2048/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/655/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1475/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2289/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/656/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/777/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/657/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/658/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/419/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/936/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1639/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1638/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2208/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2180/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/4486/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1809/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1494/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1890/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2063/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2062/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1888/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1886/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/420/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1489/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/785/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1642/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/788/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/667/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/789/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/4477/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/4479/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/1648/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/6275/cmdlineJump to behavior
Source: /tmp/morte.ppc.elf (PID: 6243)File opened: /proc/2078/cmdlineJump to behavior
Source: morte.ppc.elfSubmission file: segment LOAD with 7.975 entropy (max. 8.0)
Source: /tmp/morte.ppc.elf (PID: 6239)Queries kernel information via 'uname': Jump to behavior
Source: /tmp/morte.ppc.elf (PID: 6241)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6253)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6254)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6255)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6256)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6257)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6258)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6285)Queries kernel information via 'uname': Jump to behavior
Source: morte.ppc.elf, 6239.1.000055ace82b8000.000055ace8368000.rw-.sdmpBinary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq
Source: morte.ppc.elf, 6247.1.000055ace82b8000.000055ace8368000.rw-.sdmpBinary or memory string: !/etc/qemu-binfmt/ppc1
Source: morte.ppc.elf, 6239.1.000055ace82b8000.000055ace8368000.rw-.sdmp, morte.ppc.elf, 6247.1.000055ace82b8000.000055ace8368000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/ppc
Source: morte.ppc.elf, 6239.1.00007ffef4ce3000.00007ffef4d04000.rw-.sdmp, morte.ppc.elf, 6247.1.00007ffef4ce3000.00007ffef4d04000.rw-.sdmpBinary or memory string: /usr/bin/qemu-ppc
Source: morte.ppc.elf, 6239.1.00007ffef4ce3000.00007ffef4d04000.rw-.sdmp, morte.ppc.elf, 6247.1.00007ffef4ce3000.00007ffef4d04000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-ppc/tmp/morte.ppc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/morte.ppc.elf

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Hidden Files and Directories		1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
Obfuscated Files or Information		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1648682 Sample: morte.ppc.elf Startdate: 26/03/2025 Architecture: LINUX Score: 64 25 176.65.142.252, 46298, 46300, 46302 WEBTRAFFICDE Germany 2->25 27 109.202.202.202, 80 INIT7CH Switzerland 2->27 29 2 other IPs or domains 2->29 31 Antivirus / Scanner detection for submitted sample 2->31 33 Multi AV Scanner detection for submitted file 2->33 35 Sample is packed with UPX 2->35 8 morte.ppc.elf 2->8         started        10 xfce4-panel wrapper-2.0 2->10         started        12 xfce4-panel wrapper-2.0 2->12         started        14 6 other processes 2->14 signatures3 process4 process5 16 morte.ppc.elf 8->16         started        18 wrapper-2.0 xfpm-power-backlight-helper 10->18         started        process6 20 morte.ppc.elf 16->20         started        23 morte.ppc.elf 16->23         started        signatures7 37 Sample tries to kill multiple processes (SIGKILL) 20->37

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
morte.ppc.elf30%VirustotalBrowse
morte.ppc.elf28%ReversingLabsLinux.Trojan.Mirai
morte.ppc.elf100%AviraEXP/ELF.Agent.F.118

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://176.65.142.252/c.sh;morte.ppc.elf, 6247.1.00007f847801a000.00007f847801b000.r-x.sdmpfalse
    		high
    http://176.65.142.252/bins/morte.%s;morte.ppc.elf, 6247.1.00007f847801b000.00007f847801d000.rwx.sdmpfalse
      		high
      http://176.65.142.252/wget.sh;morte.ppc.elf, 6247.1.00007f847801b000.00007f847801d000.rwx.sdmpfalse
        		high
        http://upx.sf.netmorte.ppc.elffalse
          		high
          http://176.65.142.252/w.sh;morte.ppc.elf, 6247.1.00007f847801a000.00007f847801b000.r-x.sdmpfalse
            		high
            http://176.65.142.252/bins/morte.%smorte.ppc.elf, 6247.1.00007f847801b000.00007f847801d000.rwx.sdmpfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              176.65.142.252
              		unknownGermany
              		8649WEBTRAFFICDEfalse
              109.202.202.202
              		unknownSwitzerland
              		13030INIT7CHfalse
              91.189.91.43
              		unknownUnited Kingdom
              		41231CANONICAL-ASGBfalse
              91.189.91.42
              		unknownUnited Kingdom
              		41231CANONICAL-ASGBfalse

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              176.65.142.252morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                morte.mpsl.elfGet hashmaliciousGafgyt, OkiruBrowse
                  morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                    morte.ppc.elfGet hashmaliciousOkiruBrowse
                      morte.m68k.elfGet hashmaliciousGafgyt, OkiruBrowse
                        morte.arm.elfGet hashmaliciousGafgyt, OkiruBrowse
                          morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                            morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                              morte.m68k.elfGet hashmaliciousGafgyt, OkiruBrowse
                                morte.mpsl.elfGet hashmaliciousGafgyt, OkiruBrowse
                                  109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                                  • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                                  91.189.91.43morte.arm6.elfGet hashmaliciousUnknownBrowse
                                    morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                      morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                                        morte.ppc.elfGet hashmaliciousOkiruBrowse
                                          morte.x86.elfGet hashmaliciousOkiruBrowse
                                            na.elfGet hashmaliciousPrometeiBrowse
                                              boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                    main_arm.elfGet hashmaliciousMiraiBrowse
                                                      91.189.91.42morte.arm6.elfGet hashmaliciousUnknownBrowse
                                                        morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                          morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                            morte.ppc.elfGet hashmaliciousOkiruBrowse
                                                              morte.x86.elfGet hashmaliciousOkiruBrowse
                                                                na.elfGet hashmaliciousPrometeiBrowse
                                                                  boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                    boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                        main_arm.elfGet hashmaliciousMiraiBrowse

                                                                          Domains

                                                                          No context

                                                                          ASNs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          CANONICAL-ASGBmorte.arm6.elfGet hashmaliciousUnknownBrowse
                                                                          • 91.189.91.42
                                                                          morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 91.189.91.42
                                                                          morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 91.189.91.42
                                                                          morte.ppc.elfGet hashmaliciousOkiruBrowse
                                                                          • 91.189.91.42
                                                                          morte.x86.elfGet hashmaliciousOkiruBrowse
                                                                          • 91.189.91.42
                                                                          boatnet.spc.elfGet hashmaliciousMiraiBrowse
                                                                          • 185.125.190.26
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 91.189.91.42
                                                                          boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                          • 91.189.91.42
                                                                          boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                                          • 185.125.190.26
                                                                          boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                                                                          • 91.189.91.42
                                                                          CANONICAL-ASGBmorte.arm6.elfGet hashmaliciousUnknownBrowse
                                                                          • 91.189.91.42
                                                                          morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 91.189.91.42
                                                                          morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 91.189.91.42
                                                                          morte.ppc.elfGet hashmaliciousOkiruBrowse
                                                                          • 91.189.91.42
                                                                          morte.x86.elfGet hashmaliciousOkiruBrowse
                                                                          • 91.189.91.42
                                                                          boatnet.spc.elfGet hashmaliciousMiraiBrowse
                                                                          • 185.125.190.26
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 91.189.91.42
                                                                          boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                          • 91.189.91.42
                                                                          boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                                          • 185.125.190.26
                                                                          boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                                                                          • 91.189.91.42
                                                                          WEBTRAFFICDEmorte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 176.65.142.252
                                                                          morte.mpsl.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 176.65.142.252
                                                                          morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 176.65.142.252
                                                                          morte.ppc.elfGet hashmaliciousOkiruBrowse
                                                                          • 176.65.142.252
                                                                          morte.m68k.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 176.65.142.252
                                                                          morte.arm.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 176.65.142.252
                                                                          zrBlUcVcif.exeGet hashmaliciousStealcBrowse
                                                                          • 176.65.142.161
                                                                          lMbZjiaGWp.exeGet hashmaliciousStealcBrowse
                                                                          • 176.65.142.161
                                                                          morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 176.65.142.252
                                                                          INIT7CHmorte.arm6.elfGet hashmaliciousUnknownBrowse
                                                                          • 109.202.202.202
                                                                          morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 109.202.202.202
                                                                          morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 109.202.202.202
                                                                          morte.ppc.elfGet hashmaliciousOkiruBrowse
                                                                          • 109.202.202.202
                                                                          morte.x86.elfGet hashmaliciousOkiruBrowse
                                                                          • 109.202.202.202
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 109.202.202.202
                                                                          boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                          • 109.202.202.202
                                                                          boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                                                                          • 109.202.202.202
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 109.202.202.202
                                                                          main_arm.elfGet hashmaliciousMiraiBrowse
                                                                          • 109.202.202.202

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          No context

                                                                          Created / dropped Files

                                                                          No created / dropped files found

                                                                          Static File Info

                                                                          General

                                                                          File type:ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (GNU/Linux), statically linked, no section header
                                                                          Entropy (8bit):7.973337445030659
                                                                          TrID:
                                                                          • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                                          • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                                          File name:morte.ppc.elf
                                                                          File size:48'348 bytes
                                                                          MD5:ef7765b6e8dffe7a82f3176fef2cd7a6
                                                                          SHA1:d819f60486c844d1eb8f02fecb27e4ac7e2b9a9e
                                                                          SHA256:6dc63c2065576f78dc2c0656b6934236abc2690845cf564ebe7023d0fdad4457
                                                                          SHA512:33bd3d8b4c4ac49de737939f14db300814167906465cacf6647020d8f6cb0de8cfd0f767cb93f0a3c58104baaf0992e098c501439bf135bc97ab123d4bab443e
                                                                          SSDEEP:768:WyU3gefmIhWRrg2UO3C2oV3sWIHUQ2+KXEUzVstXCwsJIVQyD/W4uVcqgw09H:Uf9hWRrgzdnV3sWIg+KvzCtXCrhyDO4x
                                                                          TLSH:ED23F1B44383A445DBBF3CBC2FD477C5C7B45F4AA77A59E0D980B2118C9A1A7221DE88
                                                                          File Content Preview:.ELF...........................4.........4. ...(..........................................O...O...O.................dt.Q................................UPX!...........`...`.......V.......?.E.h4...@b.............NrJ..E....5.P.eL.=..}..|.y....O.E.........FT

                                                                          Static ELF Info

                                                                          ELF header

                                                                          Class:ELF32
                                                                          Data:2's complement, big endian
                                                                          Version:1 (current)
                                                                          Machine:PowerPC
                                                                          Version Number:0x1
                                                                          Type:EXEC (Executable file)
                                                                          OS/ABI:UNIX - Linux
                                                                          ABI Version:0
                                                                          Entry Point Address:0x10a9e8
                                                                          Flags:0x0
                                                                          ELF Header Size:52
                                                                          Program Header Offset:52
                                                                          Program Header Size:32
                                                                          Number of Program Headers:3
                                                                          Section Header Offset:0
                                                                          Section Header Size:40
                                                                          Number of Section Headers:0
                                                                          Header String Table Index:0

                                                                          Program Segments

                                                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                          LOAD0x00x1000000x1000000xbbd00xbbd07.97500x5R E0x10000
                                                                          LOAD0x4f180x10034f180x10034f180x00x00.00000x6RW 0x10000
                                                                          GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                                          Network Behavior

                                                                          Download Network PCAP: filteredfull

                                                                          Network Port Distribution

                                                                          • Total Packets: 30
                                                                          • 7575 undefined
                                                                          • 443 (HTTPS)
                                                                          • 80 (HTTP)
                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Mar 26, 2025 04:23:59.606765032 CET462987575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:23:59.808794975 CET757546298176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:24:00.769857883 CET43928443192.168.2.2391.189.91.42
                                                                          Mar 26, 2025 04:24:01.811340094 CET463007575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:24:02.014944077 CET757546300176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:24:04.017453909 CET463027575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:24:04.220328093 CET757546302176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:24:06.144912004 CET42836443192.168.2.2391.189.91.43
                                                                          Mar 26, 2025 04:24:06.226280928 CET463047575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:24:06.430963993 CET757546304176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:24:07.680716038 CET4251680192.168.2.23109.202.202.202
                                                                          Mar 26, 2025 04:24:16.437407017 CET463067575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:24:16.640417099 CET757546306176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:24:20.734935999 CET43928443192.168.2.2391.189.91.42
                                                                          Mar 26, 2025 04:24:21.645062923 CET463087575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:24:21.846677065 CET757546308176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:24:23.848373890 CET463107575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:24:24.051634073 CET757546310176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:24:33.021235943 CET42836443192.168.2.2391.189.91.43
                                                                          Mar 26, 2025 04:24:33.051681995 CET463127575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:24:33.251955032 CET757546312176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:24:37.116812944 CET4251680192.168.2.23109.202.202.202
                                                                          Mar 26, 2025 04:24:37.254208088 CET463147575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:24:37.457722902 CET757546314176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:24:47.459880114 CET463167575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:24:47.662276983 CET757546316176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:24:49.666625023 CET463187575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:24:49.869724035 CET757546318176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:24:50.875607967 CET463207575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:24:51.076824903 CET757546320176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:24:56.079919100 CET463227575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:24:56.282298088 CET757546322176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:25:01.689452887 CET43928443192.168.2.2391.189.91.42
                                                                          Mar 26, 2025 04:25:03.285485029 CET463247575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:25:03.488270044 CET757546324176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:25:13.490533113 CET463267575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:25:13.693876982 CET757546326176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:25:15.698163986 CET463287575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:25:15.901520014 CET757546328176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:25:22.904453993 CET463307575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:25:23.105964899 CET757546330176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:25:32.108288050 CET463327575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:25:32.313251019 CET757546332176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:25:40.316122055 CET463347575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:25:40.516901016 CET757546334176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:25:43.520967007 CET463367575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:25:43.722085953 CET757546336176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:25:44.727713108 CET463387575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:25:44.928234100 CET757546338176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:25:50.931359053 CET463407575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:25:51.132836103 CET757546340176.65.142.252192.168.2.23
                                                                          Mar 26, 2025 04:25:59.134334087 CET463427575192.168.2.23176.65.142.252
                                                                          Mar 26, 2025 04:25:59.335732937 CET757546342176.65.142.252192.168.2.23

                                                                          System Behavior

                                                                          General

                                                                          Start time (UTC):03:23:58
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/tmp/morte.ppc.elf
                                                                          Arguments:/tmp/morte.ppc.elf
                                                                          File size:5388968 bytes
                                                                          MD5 hash:ae65271c943d3451b7f026d1fadccea6

                                                                          File Activities

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:23:58
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/tmp/morte.ppc.elf
                                                                          Arguments:-
                                                                          File size:5388968 bytes
                                                                          MD5 hash:ae65271c943d3451b7f026d1fadccea6

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:23:58
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/tmp/morte.ppc.elf
                                                                          Arguments:-
                                                                          File size:5388968 bytes
                                                                          MD5 hash:ae65271c943d3451b7f026d1fadccea6

                                                                          File Activities

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:23:58
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/tmp/morte.ppc.elf
                                                                          Arguments:-
                                                                          File size:5388968 bytes
                                                                          MD5 hash:ae65271c943d3451b7f026d1fadccea6

                                                                          File Activities

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:24:04
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/xfce4-panel
                                                                          Arguments:-
                                                                          File size:375768 bytes
                                                                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:24:04
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
                                                                          File size:35136 bytes
                                                                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                          File Activities

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:24:04
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/xfce4-panel
                                                                          Arguments:-
                                                                          File size:375768 bytes
                                                                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:24:04
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                                                                          File size:35136 bytes
                                                                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                          File Activities

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:24:04
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/xfce4-panel
                                                                          Arguments:-
                                                                          File size:375768 bytes
                                                                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:24:04
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                                                                          File size:35136 bytes
                                                                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                          File Activities

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:24:10
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                          Arguments:-
                                                                          File size:35136 bytes
                                                                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                          File Activities

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:24:10
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/sbin/xfpm-power-backlight-helper
                                                                          Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
                                                                          File size:14656 bytes
                                                                          MD5 hash:3d221ad23f28ca3259f599b1664e2427

                                                                          File Activities


                                                                          General

                                                                          Start time (UTC):03:24:04
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/xfce4-panel
                                                                          Arguments:-
                                                                          File size:375768 bytes
                                                                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:24:04
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                                                                          File size:35136 bytes
                                                                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                          File Activities

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:24:04
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/xfce4-panel
                                                                          Arguments:-
                                                                          File size:375768 bytes
                                                                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:24:04
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                                                                          File size:35136 bytes
                                                                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                          File Activities

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:24:04
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/xfce4-panel
                                                                          Arguments:-
                                                                          File size:375768 bytes
                                                                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:24:04
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
                                                                          File size:35136 bytes
                                                                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                          File Activities

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:24:10
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/dbus-daemon
                                                                          Arguments:-
                                                                          File size:249032 bytes
                                                                          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:24:10
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                                                          File size:112880 bytes
                                                                          MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                                                                          File Activities

                                                                          Process Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:24:14
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/systemd/systemd
                                                                          Arguments:-
                                                                          File size:1620224 bytes
                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:24:14
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                                                                          File size:112872 bytes
                                                                          MD5 hash:eee956f1b227c1d5031f9c61223255d1

                                                                          File Activities

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities