Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
morte.x64.elf

Overview

General Information

Sample name:morte.x64.elf
Analysis ID:1648683
MD5:e681750995ed25652241464ab20207d7
SHA1:b37ba9aa69746901b4e9d01c1302efe7ceb2cb9c
SHA256:4ec049596057ec70f7fe8cb230b33f4b7b62610533940ef63d7570b5ec267299
Tags:elfuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1648683
Start date and time:2025-03-26 04:23:13 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 26s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:morte.x64.elf
Detection:MAL
Classification:mal64.spre.evad.linELF@0/0@0/0
  • VT rate limit hit for: http://176.65.142.252/bins/morte.x64
  • VT rate limit hit for: http://176.65.142.252/bins/morte.x64;

Runtime Messages

Command:/tmp/morte.x64.elf
PID:5429
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • wrapper-2.0 (PID: 5442, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5443, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 5444, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 5464, Parent: 5444, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 5445, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 5446, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 5447, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • xfconfd (PID: 5463, Parent: 5462, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 5472, Parent: 2935)
  • xfce4-notifyd (PID: 5472, Parent: 2935, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • cleanup

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5436.1.0000000000400000.000000000041a000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
  • 0xe1a8:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5436.1.0000000000400000.000000000041a000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
  • 0xea1f:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
5436.1.0000000000400000.000000000041a000.r-x.sdmpLinux_Trojan_Gafgyt_d4227dbfunknownunknown
  • 0xb5e2:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
  • 0xb7d4:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5436.1.0000000000400000.000000000041a000.r-x.sdmpLinux_Trojan_Gafgyt_d996d335unknownunknown
  • 0x114a6:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
5436.1.0000000000400000.000000000041a000.r-x.sdmpLinux_Trojan_Gafgyt_d0c57a2eunknownunknown
  • 0x1658e:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
Click to see the 60 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Networking
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: morte.x64.elfVirustotal: Detection: 39%Perma Link
Source: morte.x64.elfReversingLabs: Detection: 36%
Source: global trafficTCP traffic: 192.168.2.13:50160 -> 176.65.142.252:7575
Source: /tmp/morte.x64.elf (PID: 5430)Socket: 127.0.0.1:25576Jump to behavior
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
Source: morte.x64.elf, 5437.1.0000000000400000.000000000041a000.r-x.sdmpString found in binary or memory: http://176.65.142.252/bins/morte.%s
Source: morte.x64.elf, 5437.1.0000000000400000.000000000041a000.r-x.sdmpString found in binary or memory: http://176.65.142.252/bins/morte.%s;
Source: morte.x64.elf, 5437.1.00007ffce7ffc000.00007ffce8000000.rwx.sdmpString found in binary or memory: http://176.65.142.252/bins/morte.x64
Source: morte.x64.elf, 5437.1.00007ffce7ffc000.00007ffce8000000.rwx.sdmpString found in binary or memory: http://176.65.142.252/bins/morte.x64;
Source: morte.x64.elf, 5429.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5434.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5435.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5436.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5437.1.0000000000400000.000000000041a000.r-x.sdmpString found in binary or memory: http://176.65.142.252/c.sh;
Source: morte.x64.elf, 5429.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5434.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5435.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5436.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5437.1.0000000000400000.000000000041a000.r-x.sdmpString found in binary or memory: http://176.65.142.252/w.sh;
Source: morte.x64.elf, 5437.1.0000000000400000.000000000041a000.r-x.sdmpString found in binary or memory: http://176.65.142.252/wget.sh;
Source: morte.x64.elfString found in binary or memory: http://upx.sf.net

System Summary

barindex
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3104, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3161, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3162, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3163, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3164, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3165, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3170, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3182, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3208, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3212, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5434, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5442, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5443, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5444, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5445, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5446, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5447, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5463, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5472, result: successfulJump to behavior
Source: LOAD without section mappingsProgram segment: 0x100000
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3104, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3161, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3162, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3163, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3164, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3165, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3170, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3182, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3208, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 3212, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5434, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5442, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5443, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5444, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5445, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5446, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5447, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5463, result: successfulJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)SIGKILL sent: pid: 5472, result: successfulJump to behavior
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: 5429.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: classification engineClassification label: mal64.spre.evad.linELF@0/0@0/0

Data Obfuscation

barindex
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5463)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5463)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5463)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5463)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5472)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5472)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5472)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5472)Directory: /home/saturnino/.configJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3122/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3117/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3114/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/5412/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/5413/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/914/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/518/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/519/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/917/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3134/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3375/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3132/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3095/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/5270/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1745/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1866/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1588/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/884/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1982/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/765/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3246/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/767/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/800/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1906/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/802/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/803/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1748/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3780/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/5442/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/5443/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/5444/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3420/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1482/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/490/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1480/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1755/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1238/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1875/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/2964/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3413/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1751/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1872/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/2961/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1475/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/656/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/778/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/657/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/5434/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/658/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/659/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/418/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/936/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/419/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/816/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1879/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1891/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3310/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3153/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/780/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/660/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1921/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3704/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3705/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/783/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1765/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3706/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/2974/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1400/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1884/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3424/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/2972/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3147/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/2970/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1881/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3146/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3300/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/5445/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/5446/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/5447/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1805/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1925/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1804/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1648/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1922/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3429/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3703/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/5463/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3442/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3165/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3164/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3163/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3162/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/790/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3161/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/792/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/793/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/672/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1930/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/674/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/795/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/3315/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1411/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/2984/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/1410/cmdlineJump to behavior
Source: /tmp/morte.x64.elf (PID: 5431)File opened: /proc/797/cmdlineJump to behavior
Source: morte.x64.elfSubmission file: segment LOAD with 7.9797 entropy (max. 8.0)
Source: /tmp/morte.x64.elf (PID: 5430)Queries kernel information via 'uname': Jump to behavior
Source: /tmp/morte.x64.elf (PID: 5435)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5447)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5472)Queries kernel information via 'uname': Jump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Hidden Files and Directories		1
OS Credential Dumping		1
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
Obfuscated Files or Information		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1648683 Sample: morte.x64.elf Startdate: 26/03/2025 Architecture: LINUX Score: 64 32 176.65.142.252, 50160, 50162, 50164 WEBTRAFFICDE Germany 2->32 34 Malicious sample detected (through community Yara rule) 2->34 36 Multi AV Scanner detection for submitted file 2->36 38 Sample is packed with UPX 2->38 9 morte.x64.elf 2->9         started        11 xfce4-panel wrapper-2.0 2->11         started        13 xfce4-panel wrapper-2.0 2->13         started        15 6 other processes 2->15 signatures3 process4 process5 17 morte.x64.elf 9->17         started        19 wrapper-2.0 xfpm-power-backlight-helper 11->19         started        process6 21 morte.x64.elf 17->21         started        24 morte.x64.elf 17->24         started        26 morte.x64.elf 17->26         started        signatures7 40 Sample tries to kill multiple processes (SIGKILL) 21->40 28 morte.x64.elf 24->28         started        30 morte.x64.elf 24->30         started        process8

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
morte.x64.elf39%VirustotalBrowse
morte.x64.elf36%ReversingLabsLinux.Backdoor.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://176.65.142.252/c.sh;morte.x64.elf, 5429.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5434.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5435.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5436.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5437.1.0000000000400000.000000000041a000.r-x.sdmpfalse
    		high
    http://176.65.142.252/bins/morte.%s;morte.x64.elf, 5437.1.0000000000400000.000000000041a000.r-x.sdmpfalse
      		high
      http://176.65.142.252/bins/morte.x64;morte.x64.elf, 5437.1.00007ffce7ffc000.00007ffce8000000.rwx.sdmpfalse
        		unknown
        http://176.65.142.252/wget.sh;morte.x64.elf, 5437.1.0000000000400000.000000000041a000.r-x.sdmpfalse
          		high
          http://upx.sf.netmorte.x64.elffalse
            		high
            http://176.65.142.252/w.sh;morte.x64.elf, 5429.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5434.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5435.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5436.1.0000000000400000.000000000041a000.r-x.sdmp, morte.x64.elf, 5437.1.0000000000400000.000000000041a000.r-x.sdmpfalse
              		high
              http://176.65.142.252/bins/morte.%smorte.x64.elf, 5437.1.0000000000400000.000000000041a000.r-x.sdmpfalse
                		high
                http://176.65.142.252/bins/morte.x64morte.x64.elf, 5437.1.00007ffce7ffc000.00007ffce8000000.rwx.sdmpfalse
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  176.65.142.252
                  		unknownGermany
                  		8649WEBTRAFFICDEfalse

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  176.65.142.252morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                    morte.mpsl.elfGet hashmaliciousGafgyt, OkiruBrowse
                      morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                        morte.ppc.elfGet hashmaliciousOkiruBrowse
                          morte.m68k.elfGet hashmaliciousGafgyt, OkiruBrowse
                            morte.arm.elfGet hashmaliciousGafgyt, OkiruBrowse
                              morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                                  morte.m68k.elfGet hashmaliciousGafgyt, OkiruBrowse
                                    morte.mpsl.elfGet hashmaliciousGafgyt, OkiruBrowse

                                      Domains

                                      No context

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      WEBTRAFFICDEmorte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                      • 176.65.142.252
                                      morte.mpsl.elfGet hashmaliciousGafgyt, OkiruBrowse
                                      • 176.65.142.252
                                      morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                                      • 176.65.142.252
                                      morte.ppc.elfGet hashmaliciousOkiruBrowse
                                      • 176.65.142.252
                                      morte.m68k.elfGet hashmaliciousGafgyt, OkiruBrowse
                                      • 176.65.142.252
                                      morte.arm.elfGet hashmaliciousGafgyt, OkiruBrowse
                                      • 176.65.142.252
                                      zrBlUcVcif.exeGet hashmaliciousStealcBrowse
                                      • 176.65.142.161
                                      lMbZjiaGWp.exeGet hashmaliciousStealcBrowse
                                      • 176.65.142.161
                                      morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                      • 176.65.142.252

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      No created / dropped files found

                                      Static File Info

                                      General

                                      File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
                                      Entropy (8bit):7.978494890733626
                                      TrID:
                                      • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                      File name:morte.x64.elf
                                      File size:51'984 bytes
                                      MD5:e681750995ed25652241464ab20207d7
                                      SHA1:b37ba9aa69746901b4e9d01c1302efe7ceb2cb9c
                                      SHA256:4ec049596057ec70f7fe8cb230b33f4b7b62610533940ef63d7570b5ec267299
                                      SHA512:a352f399119965172d44635559d60315d89edc4b3f07df3768177bb9838580c431b2e9cbebff4ad6f2fdb31a037010dc8e9ef8ab9967d91321860bb01be13eb8
                                      SSDEEP:768:N0cNdga9RUfFwFAr1rDGchnHowc7EGjPykZBb9FfzhmMzvTQstsPJHYtI6Tx0wS:N0SRLAr1rygHowWbXZBzzAMz8RQI8pS
                                      TLSH:503302EF8047D79AC09D6B3F6C3C17886C63B4099C07472B45BA77ADACF58106C75AA2
                                      File Content Preview:.ELF..............>.............@...................@.8...@...............................................................................R.......R.............................Q.td....................................................}G..UPX!D.......h/..h/.

                                      Static ELF Info

                                      ELF header

                                      Class:ELF64
                                      Data:2's complement, little endian
                                      Version:1 (current)
                                      Machine:Advanced Micro Devices X86-64
                                      Version Number:0x1
                                      Type:EXEC (Executable file)
                                      OS/ABI:UNIX - System V
                                      ABI Version:0
                                      Entry Point Address:0x10b8c8
                                      Flags:0x0
                                      ELF Header Size:64
                                      Program Header Offset:64
                                      Program Header Size:56
                                      Number of Program Headers:3
                                      Section Header Offset:0
                                      Section Header Size:64
                                      Number of Section Headers:0
                                      Header String Table Index:0

                                      Program Segments

                                      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                      LOAD0x00x1000000x1000000xca040xca047.97970x5R E0x100000
                                      LOAD0xfa00x529fa00x529fa00x00x00.00000x6RW 0x1000
                                      GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                                      Network Behavior

                                      Download Network PCAP: filteredfull

                                      TimestampSource PortDest PortSource IPDest IP
                                      Mar 26, 2025 04:24:03.433481932 CET501607575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:24:03.635775089 CET757550160176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:24:06.658421993 CET501627575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:24:06.863193989 CET757550162176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:24:12.881599903 CET501647575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:24:13.084475040 CET757550164176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:24:21.088649035 CET501667575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:24:21.290553093 CET757550166176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:24:26.304727077 CET501687575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:24:26.504863977 CET757550168176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:24:29.506576061 CET501707575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:24:29.713763952 CET757550170176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:24:32.716303110 CET501727575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:24:32.918535948 CET757550172176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:24:37.920232058 CET501747575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:24:38.126621962 CET757550174176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:24:47.129884958 CET501767575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:24:47.335181952 CET757550176176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:24:56.338699102 CET501787575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:24:56.542648077 CET757550178176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:25:01.545550108 CET501807575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:25:01.748022079 CET757550180176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:25:08.750927925 CET501827575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:25:08.953476906 CET757550182176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:25:11.956093073 CET501847575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:25:12.157970905 CET757550184176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:25:18.160985947 CET501867575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:25:18.365181923 CET757550186176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:25:24.368065119 CET501887575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:25:24.568455935 CET757550188176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:25:28.571372032 CET501907575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:25:28.772372007 CET757550190176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:25:34.774303913 CET501927575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:25:34.976052999 CET757550192176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:25:37.980142117 CET501947575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:25:38.194752932 CET757550194176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:25:39.198575020 CET501967575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:25:39.402760983 CET757550196176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:25:44.406250000 CET501987575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:25:44.607004881 CET757550198176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:25:47.611082077 CET502007575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:25:47.813158989 CET757550200176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:25:53.817082882 CET502027575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:25:54.020224094 CET757550202176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:25:55.024754047 CET502047575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:25:55.229600906 CET757550204176.65.142.252192.168.2.13
                                      Mar 26, 2025 04:26:04.232011080 CET502067575192.168.2.13176.65.142.252
                                      Mar 26, 2025 04:26:04.434377909 CET757550206176.65.142.252192.168.2.13

                                      System Behavior

                                      General

                                      Start time (UTC):03:24:00
                                      Start date (UTC):26/03/2025
                                      Path:/tmp/morte.x64.elf
                                      Arguments:/tmp/morte.x64.elf
                                      File size:51984 bytes
                                      MD5 hash:e681750995ed25652241464ab20207d7

                                      Process Activities

                                      Network Activities


                                      General

                                      Start time (UTC):03:24:00
                                      Start date (UTC):26/03/2025
                                      Path:/tmp/morte.x64.elf
                                      Arguments:-
                                      File size:51984 bytes
                                      MD5 hash:e681750995ed25652241464ab20207d7

                                      Process Activities

                                      System Activities

                                      Network Activities


                                      General

                                      Start time (UTC):03:24:00
                                      Start date (UTC):26/03/2025
                                      Path:/tmp/morte.x64.elf
                                      Arguments:-
                                      File size:51984 bytes
                                      MD5 hash:e681750995ed25652241464ab20207d7

                                      File Activities

                                      Process Activities


                                      General

                                      Start time (UTC):03:24:00
                                      Start date (UTC):26/03/2025
                                      Path:/tmp/morte.x64.elf
                                      Arguments:-
                                      File size:51984 bytes
                                      MD5 hash:e681750995ed25652241464ab20207d7

                                      Process Activities


                                      General

                                      Start time (UTC):03:24:00
                                      Start date (UTC):26/03/2025
                                      Path:/tmp/morte.x64.elf
                                      Arguments:-
                                      File size:51984 bytes
                                      MD5 hash:e681750995ed25652241464ab20207d7

                                      Process Activities

                                      System Activities

                                      Network Activities


                                      General

                                      Start time (UTC):03:24:00
                                      Start date (UTC):26/03/2025
                                      Path:/tmp/morte.x64.elf
                                      Arguments:-
                                      File size:51984 bytes
                                      MD5 hash:e681750995ed25652241464ab20207d7

                                      Network Activities


                                      General

                                      Start time (UTC):03:24:02
                                      Start date (UTC):26/03/2025
                                      Path:/tmp/morte.x64.elf
                                      Arguments:-
                                      File size:51984 bytes
                                      MD5 hash:e681750995ed25652241464ab20207d7

                                      File Activities


                                      General

                                      Start time (UTC):03:24:05
                                      Start date (UTC):26/03/2025
                                      Path:/usr/bin/xfce4-panel
                                      Arguments:-
                                      File size:375768 bytes
                                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                      Process Activities


                                      General

                                      Start time (UTC):03:24:05
                                      Start date (UTC):26/03/2025
                                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
                                      File size:35136 bytes
                                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                                      File Activities

                                      Process Activities

                                      System Activities

                                      Network Activities


                                      General

                                      Start time (UTC):03:24:05
                                      Start date (UTC):26/03/2025
                                      Path:/usr/bin/xfce4-panel
                                      Arguments:-
                                      File size:375768 bytes
                                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                      Process Activities


                                      General

                                      Start time (UTC):03:24:05
                                      Start date (UTC):26/03/2025
                                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                                      File size:35136 bytes
                                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                                      File Activities

                                      Process Activities

                                      System Activities

                                      Network Activities


                                      General

                                      Start time (UTC):03:24:06
                                      Start date (UTC):26/03/2025
                                      Path:/usr/bin/xfce4-panel
                                      Arguments:-
                                      File size:375768 bytes
                                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                      Process Activities


                                      General

                                      Start time (UTC):03:24:06
                                      Start date (UTC):26/03/2025
                                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                                      File size:35136 bytes
                                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                                      File Activities

                                      Process Activities

                                      System Activities

                                      Network Activities


                                      General

                                      Start time (UTC):03:24:12
                                      Start date (UTC):26/03/2025
                                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                      Arguments:-
                                      File size:35136 bytes
                                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                                      File Activities

                                      Process Activities


                                      General

                                      Start time (UTC):03:24:12
                                      Start date (UTC):26/03/2025
                                      Path:/usr/sbin/xfpm-power-backlight-helper
                                      Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
                                      File size:14656 bytes
                                      MD5 hash:3d221ad23f28ca3259f599b1664e2427

                                      File Activities


                                      General

                                      Start time (UTC):03:24:06
                                      Start date (UTC):26/03/2025
                                      Path:/usr/bin/xfce4-panel
                                      Arguments:-
                                      File size:375768 bytes
                                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                      Process Activities


                                      General

                                      Start time (UTC):03:24:06
                                      Start date (UTC):26/03/2025
                                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                                      File size:35136 bytes
                                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                                      File Activities

                                      Process Activities

                                      System Activities

                                      Network Activities


                                      General

                                      Start time (UTC):03:24:06
                                      Start date (UTC):26/03/2025
                                      Path:/usr/bin/xfce4-panel
                                      Arguments:-
                                      File size:375768 bytes
                                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                      Process Activities


                                      General

                                      Start time (UTC):03:24:06
                                      Start date (UTC):26/03/2025
                                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                                      File size:35136 bytes
                                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                                      File Activities

                                      Process Activities

                                      System Activities

                                      Network Activities


                                      General

                                      Start time (UTC):03:24:06
                                      Start date (UTC):26/03/2025
                                      Path:/usr/bin/xfce4-panel
                                      Arguments:-
                                      File size:375768 bytes
                                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                      Process Activities


                                      General

                                      Start time (UTC):03:24:06
                                      Start date (UTC):26/03/2025
                                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
                                      File size:35136 bytes
                                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                                      File Activities

                                      Process Activities

                                      System Activities

                                      Network Activities


                                      General

                                      Start time (UTC):03:24:12
                                      Start date (UTC):26/03/2025
                                      Path:/usr/bin/dbus-daemon
                                      Arguments:-
                                      File size:249032 bytes
                                      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                      Process Activities


                                      General

                                      Start time (UTC):03:24:12
                                      Start date (UTC):26/03/2025
                                      Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                      File size:112880 bytes
                                      MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                                      File Activities

                                      Process Activities

                                      Network Activities


                                      General

                                      Start time (UTC):03:24:15
                                      Start date (UTC):26/03/2025
                                      Path:/usr/lib/systemd/systemd
                                      Arguments:-
                                      File size:1620224 bytes
                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                      Process Activities


                                      General

                                      Start time (UTC):03:24:15
                                      Start date (UTC):26/03/2025
                                      Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                                      File size:112872 bytes
                                      MD5 hash:eee956f1b227c1d5031f9c61223255d1

                                      File Activities

                                      Process Activities

                                      System Activities

                                      Network Activities