Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Linux Analysis Report
morte.x86.elf

Overview

General Information

Sample name:morte.x86.elf
Analysis ID:1648685
MD5:8861638404342a55c97beccb79c8c122
SHA1:17e11d2096d183b7d39ffd912b06759e32be6411
SHA256:f413f39c992de5367d25ed5ac325b91076978a0296ca833fbff89ae8492ddd9d
Tags:elfuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Executes the "rm" command used to delete files or directories
Sample contains only a LOAD segment without any section mappings
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1648685
Start date and time:2025-03-26 04:28:16 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 38s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:morte.x86.elf
Detection:MAL
Classification:mal64.spre.evad.linELF@0/1@0/0
  • VT rate limit hit for: http://176.65.142.252/bins/morte.x64
  • VT rate limit hit for: http://176.65.142.252/bins/morte.x64;

Runtime Messages

Command:/tmp/morte.x86.elf
PID:6223
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • wrapper-2.0 (PID: 6235, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 6236, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 6237, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 6259, Parent: 6237, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 6238, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 6241, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 6242, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • xfconfd (PID: 6258, Parent: 6257, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 6268, Parent: 1860)
  • xfce4-notifyd (PID: 6268, Parent: 1860, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • dash New Fork (PID: 6271, Parent: 4331)
  • rm (PID: 6271, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.oJA6BkE3kC /tmp/tmp.6QveFjvfsl /tmp/tmp.Xaul1CYlQr
  • dash New Fork (PID: 6272, Parent: 4331)
  • cat (PID: 6272, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.oJA6BkE3kC
  • dash New Fork (PID: 6273, Parent: 4331)
  • head (PID: 6273, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 6274, Parent: 4331)
  • tr (PID: 6274, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 6275, Parent: 4331)
  • cut (PID: 6275, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 6276, Parent: 4331)
  • cat (PID: 6276, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.oJA6BkE3kC
  • dash New Fork (PID: 6277, Parent: 4331)
  • head (PID: 6277, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 6278, Parent: 4331)
  • tr (PID: 6278, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 6279, Parent: 4331)
  • cut (PID: 6279, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 6281, Parent: 4331)
  • rm (PID: 6281, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.oJA6BkE3kC /tmp/tmp.6QveFjvfsl /tmp/tmp.Xaul1CYlQr
  • cleanup

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
6228.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_268aac0bunknownunknown
  • 0x4a6f:$a: 24 18 0F B7 44 24 20 8B 54 24 1C 83 F9 01 8B 7E 0C 89 04 24 8B
6228.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_0cb1699cunknownunknown
  • 0x4a22:$a: DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 10 0F B7 02 83 E9 02 83
6228.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_70ef58f1unknownunknown
  • 0x6c6d:$a: 89 D0 8B 19 01 D8 0F B6 5C 24 10 30 18 89 D0 8B 19 01 D8 0F B6 5C
  • 0x6ced:$a: 89 D0 8B 19 01 D8 0F B6 5C 24 10 30 18 89 D0 8B 19 01 D8 0F B6 5C
6228.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_3a85a418unknownunknown
  • 0x2287:$a: 01 D8 66 C1 C8 08 C1 C8 10 66 C1 C8 08 66 83 7C 24 2C FF 89
6228.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_2e3f67a9unknownunknown
  • 0x582:$a: 53 83 EC 04 0F B6 74 24 14 8B 5C 24 18 8B 7C 24 20 0F B6 44
  • 0x5e2:$a: 53 83 EC 04 0F B6 74 24 14 8B 5C 24 18 8B 7C 24 20 0F B6 44
Click to see the 27 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Networking
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: morte.x86.elfReversingLabs: Detection: 33%
Source: unknownHTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.23:33608 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 7.154.5.8
Source: unknownTCP traffic detected without corresponding DNS query: 7.154.5.8
Source: unknownTCP traffic detected without corresponding DNS query: 7.154.5.8
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 7.154.5.8
Source: unknownTCP traffic detected without corresponding DNS query: 7.154.5.8
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 7.154.5.8
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 7.154.5.8
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: morte.x86.elf, 6230.1.0000000008048000.000000000805c000.r-x.sdmpString found in binary or memory: http://176.65.142.252/bins/morte.%s
Source: morte.x86.elf, 6230.1.0000000008048000.000000000805c000.r-x.sdmpString found in binary or memory: http://176.65.142.252/bins/morte.%s;
Source: morte.x86.elf, 6228.1.00000000ff7fc000.00000000ff800000.rwx.sdmp, morte.x86.elf, 6229.1.00000000ff7fc000.00000000ff800000.rwx.sdmp, morte.x86.elf, 6230.1.00000000ff7fc000.00000000ff800000.rwx.sdmpString found in binary or memory: http://176.65.142.252/bins/morte.x64
Source: morte.x86.elf, 6228.1.00000000ff7fc000.00000000ff800000.rwx.sdmp, morte.x86.elf, 6229.1.00000000ff7fc000.00000000ff800000.rwx.sdmp, morte.x86.elf, 6230.1.00000000ff7fc000.00000000ff800000.rwx.sdmpString found in binary or memory: http://176.65.142.252/bins/morte.x64;
Source: morte.x86.elf, 6223.1.0000000008048000.000000000805c000.r-x.sdmp, morte.x86.elf, 6228.1.0000000008048000.000000000805c000.r-x.sdmp, morte.x86.elf, 6229.1.0000000008048000.000000000805c000.r-x.sdmp, morte.x86.elf, 6230.1.0000000008048000.000000000805c000.r-x.sdmpString found in binary or memory: http://176.65.142.252/c.sh;
Source: morte.x86.elf, 6223.1.0000000008048000.000000000805c000.r-x.sdmp, morte.x86.elf, 6228.1.0000000008048000.000000000805c000.r-x.sdmp, morte.x86.elf, 6229.1.0000000008048000.000000000805c000.r-x.sdmp, morte.x86.elf, 6230.1.0000000008048000.000000000805c000.r-x.sdmpString found in binary or memory: http://176.65.142.252/w.sh;
Source: morte.x86.elf, 6230.1.0000000008048000.000000000805c000.r-x.sdmpString found in binary or memory: http://176.65.142.252/wget.sh;
Source: morte.x86.elfString found in binary or memory: http://upx.sf.net
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33608
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 33608 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
Source: unknownHTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.23:33608 version: TLS 1.2

System Summary

barindex
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b Author: unknown
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c Author: unknown
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 Author: unknown
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a85a418 Author: unknown
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 Author: unknown
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c Author: unknown
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b Author: unknown
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c Author: unknown
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 Author: unknown
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a85a418 Author: unknown
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 Author: unknown
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c Author: unknown
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b Author: unknown
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c Author: unknown
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 Author: unknown
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a85a418 Author: unknown
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 Author: unknown
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c Author: unknown
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b Author: unknown
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c Author: unknown
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 Author: unknown
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a85a418 Author: unknown
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 Author: unknown
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c Author: unknown
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2018, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2077, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2078, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2079, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2080, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2083, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2084, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2114, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2156, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6228, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6229, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6235, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6236, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6237, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6238, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6241, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6242, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6258, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6268, result: successfulJump to behavior
Source: xfce4-panel.xml.new.31.drOLE indicator, VBA macros: true
Source: xfce4-panel.xml.new.31.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: LOAD without section mappingsProgram segment: 0xc01000
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2018, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2077, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2078, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2079, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2080, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2083, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2084, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2114, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 2156, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6228, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6229, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6235, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6236, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6237, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6238, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6241, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6242, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6258, result: successfulJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)SIGKILL sent: pid: 6268, result: successfulJump to behavior
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 9c581721bf82af7dc6482a2c41af5fb3404e01c82545c7b2b29230f707014781, id = 268aac0b-c5c7-4035-8381-4e182de91e32, last_modified = 2021-09-16
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6e44c68bba8c9fb53ac85080b9ad765579f027cabfea5055a0bb3a85b8671089, id = 0cb1699c-9a08-4885-aa7f-0f1ee2543cac, last_modified = 2021-09-16
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c46eac9185e5f396456004d1e0c42b54a9318e0450f797c55703122cfb8fea89, id = 70ef58f1-ac74-4e33-ae03-e68d1d5a4379, last_modified = 2021-09-16
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a85a418 reference_sample = 86a43b39b157f47ab12e9dc1013b4eec0e1792092d4cef2772a21a9bf4fc518a, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 554aff5770bfe8fdeae94f5f5a0fd7f7786340a95633433d8e686af1c25b8cec, id = 3a85a418-2bd9-445a-86cb-657ca7edf566, last_modified = 2021-09-16
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6a06815f3d2e5f1a7a67f4264953dbb2e9d14e5f3486b178da845eab5b922d4f, id = 2e3f67a9-6fd5-4457-a626-3a9015bdb401, last_modified = 2021-09-16
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 95279bc45936ca867efb30040354c8ff81de31dccda051cfd40b4fb268c228c5, id = 0d73971c-4253-4e7d-b1e1-20b031197f9e, last_modified = 2021-09-16
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6228.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 9c581721bf82af7dc6482a2c41af5fb3404e01c82545c7b2b29230f707014781, id = 268aac0b-c5c7-4035-8381-4e182de91e32, last_modified = 2021-09-16
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6e44c68bba8c9fb53ac85080b9ad765579f027cabfea5055a0bb3a85b8671089, id = 0cb1699c-9a08-4885-aa7f-0f1ee2543cac, last_modified = 2021-09-16
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c46eac9185e5f396456004d1e0c42b54a9318e0450f797c55703122cfb8fea89, id = 70ef58f1-ac74-4e33-ae03-e68d1d5a4379, last_modified = 2021-09-16
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a85a418 reference_sample = 86a43b39b157f47ab12e9dc1013b4eec0e1792092d4cef2772a21a9bf4fc518a, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 554aff5770bfe8fdeae94f5f5a0fd7f7786340a95633433d8e686af1c25b8cec, id = 3a85a418-2bd9-445a-86cb-657ca7edf566, last_modified = 2021-09-16
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6a06815f3d2e5f1a7a67f4264953dbb2e9d14e5f3486b178da845eab5b922d4f, id = 2e3f67a9-6fd5-4457-a626-3a9015bdb401, last_modified = 2021-09-16
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 95279bc45936ca867efb30040354c8ff81de31dccda051cfd40b4fb268c228c5, id = 0d73971c-4253-4e7d-b1e1-20b031197f9e, last_modified = 2021-09-16
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6230.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 9c581721bf82af7dc6482a2c41af5fb3404e01c82545c7b2b29230f707014781, id = 268aac0b-c5c7-4035-8381-4e182de91e32, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6e44c68bba8c9fb53ac85080b9ad765579f027cabfea5055a0bb3a85b8671089, id = 0cb1699c-9a08-4885-aa7f-0f1ee2543cac, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c46eac9185e5f396456004d1e0c42b54a9318e0450f797c55703122cfb8fea89, id = 70ef58f1-ac74-4e33-ae03-e68d1d5a4379, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a85a418 reference_sample = 86a43b39b157f47ab12e9dc1013b4eec0e1792092d4cef2772a21a9bf4fc518a, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 554aff5770bfe8fdeae94f5f5a0fd7f7786340a95633433d8e686af1c25b8cec, id = 3a85a418-2bd9-445a-86cb-657ca7edf566, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6a06815f3d2e5f1a7a67f4264953dbb2e9d14e5f3486b178da845eab5b922d4f, id = 2e3f67a9-6fd5-4457-a626-3a9015bdb401, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 95279bc45936ca867efb30040354c8ff81de31dccda051cfd40b4fb268c228c5, id = 0d73971c-4253-4e7d-b1e1-20b031197f9e, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 9c581721bf82af7dc6482a2c41af5fb3404e01c82545c7b2b29230f707014781, id = 268aac0b-c5c7-4035-8381-4e182de91e32, last_modified = 2021-09-16
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6e44c68bba8c9fb53ac85080b9ad765579f027cabfea5055a0bb3a85b8671089, id = 0cb1699c-9a08-4885-aa7f-0f1ee2543cac, last_modified = 2021-09-16
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c46eac9185e5f396456004d1e0c42b54a9318e0450f797c55703122cfb8fea89, id = 70ef58f1-ac74-4e33-ae03-e68d1d5a4379, last_modified = 2021-09-16
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a85a418 reference_sample = 86a43b39b157f47ab12e9dc1013b4eec0e1792092d4cef2772a21a9bf4fc518a, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 554aff5770bfe8fdeae94f5f5a0fd7f7786340a95633433d8e686af1c25b8cec, id = 3a85a418-2bd9-445a-86cb-657ca7edf566, last_modified = 2021-09-16
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6a06815f3d2e5f1a7a67f4264953dbb2e9d14e5f3486b178da845eab5b922d4f, id = 2e3f67a9-6fd5-4457-a626-3a9015bdb401, last_modified = 2021-09-16
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 95279bc45936ca867efb30040354c8ff81de31dccda051cfd40b4fb268c228c5, id = 0d73971c-4253-4e7d-b1e1-20b031197f9e, last_modified = 2021-09-16
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6229.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: classification engineClassification label: mal64.spre.evad.linELF@0/1@0/0

Data Obfuscation

barindex
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6235)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6238)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6258)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6258)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6258)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6258)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6268)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6268)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6268)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6268)Directory: /home/saturnino/.configJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/4331/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/6236/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/6235/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1582/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2033/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2275/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/3088/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1612/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1579/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1699/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1335/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1698/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2028/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1334/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1576/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2302/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/3236/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2025/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2146/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/910/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/912/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/6229/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/517/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/759/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/6228/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2307/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/918/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/6241/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/4460/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/6242/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1594/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2285/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2281/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1349/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1623/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/761/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1622/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/884/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1983/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2038/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1344/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1465/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1586/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1860/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1463/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2156/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/800/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/6238/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/801/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/6237/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/4457/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1629/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/4458/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/4459/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1627/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1900/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/6258/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/3021/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/491/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2294/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2050/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1877/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/772/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1633/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1599/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1632/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/774/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1477/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/654/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/896/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1476/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1872/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2048/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/655/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1475/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2289/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/656/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/777/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/657/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/658/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/419/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/936/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1639/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1638/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2208/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2180/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/4483/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/6300/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/4486/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/6302/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1809/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/6268/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/6301/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1494/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1890/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2063/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/2062/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1888/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1886/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/420/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1489/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/785/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/1642/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/788/cmdlineJump to behavior
Source: /tmp/morte.x86.elf (PID: 6225)File opened: /proc/667/cmdlineJump to behavior
Source: /usr/bin/dash (PID: 6271)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.oJA6BkE3kC /tmp/tmp.6QveFjvfsl /tmp/tmp.Xaul1CYlQrJump to behavior
Source: /usr/bin/dash (PID: 6281)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.oJA6BkE3kC /tmp/tmp.6QveFjvfsl /tmp/tmp.Xaul1CYlQrJump to behavior
Source: morte.x86.elfSubmission file: segment LOAD with 7.9672 entropy (max. 8.0)
Source: /tmp/morte.x86.elf (PID: 6224)Queries kernel information via 'uname': Jump to behavior
Source: /tmp/morte.x86.elf (PID: 6229)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6235)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6236)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6237)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6238)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6268)Queries kernel information via 'uname': Jump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path Interception1
Hidden Files and Directories		1
OS Credential Dumping		1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
Obfuscated Files or Information		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1648685 Sample: morte.x86.elf Startdate: 26/03/2025 Architecture: LINUX Score: 64 30 7.154.5.8, 23 LEVEL3US United States 2->30 32 109.202.202.202, 80 INIT7CH Switzerland 2->32 34 3 other IPs or domains 2->34 36 Malicious sample detected (through community Yara rule) 2->36 38 Multi AV Scanner detection for submitted file 2->38 40 Sample is packed with UPX 2->40 9 morte.x86.elf 2->9         started        11 xfce4-panel wrapper-2.0 2->11         started        13 xfce4-panel wrapper-2.0 2->13         started        15 16 other processes 2->15 signatures3 process4 process5 17 morte.x86.elf 9->17         started        19 wrapper-2.0 xfpm-power-backlight-helper 11->19         started        process6 21 morte.x86.elf 17->21         started        24 morte.x86.elf 17->24         started        signatures7 42 Sample tries to kill multiple processes (SIGKILL) 21->42 26 morte.x86.elf 24->26         started        28 morte.x86.elf 24->28         started        process8

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
morte.x86.elf33%ReversingLabsLinux.Backdoor.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://176.65.142.252/bins/morte.x64100%Avira URL Cloudmalware
http://176.65.142.252/bins/morte.x64;100%Avira URL Cloudmalware

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://176.65.142.252/c.sh;morte.x86.elf, 6223.1.0000000008048000.000000000805c000.r-x.sdmp, morte.x86.elf, 6228.1.0000000008048000.000000000805c000.r-x.sdmp, morte.x86.elf, 6229.1.0000000008048000.000000000805c000.r-x.sdmp, morte.x86.elf, 6230.1.0000000008048000.000000000805c000.r-x.sdmpfalse
    		high
    http://176.65.142.252/bins/morte.%s;morte.x86.elf, 6230.1.0000000008048000.000000000805c000.r-x.sdmpfalse
      		high
      http://176.65.142.252/bins/morte.x64;morte.x86.elf, 6228.1.00000000ff7fc000.00000000ff800000.rwx.sdmp, morte.x86.elf, 6229.1.00000000ff7fc000.00000000ff800000.rwx.sdmp, morte.x86.elf, 6230.1.00000000ff7fc000.00000000ff800000.rwx.sdmpfalse
      • Avira URL Cloud: malware
      		unknown
      http://176.65.142.252/wget.sh;morte.x86.elf, 6230.1.0000000008048000.000000000805c000.r-x.sdmpfalse
        		high
        http://upx.sf.netmorte.x86.elffalse
          		high
          http://176.65.142.252/w.sh;morte.x86.elf, 6223.1.0000000008048000.000000000805c000.r-x.sdmp, morte.x86.elf, 6228.1.0000000008048000.000000000805c000.r-x.sdmp, morte.x86.elf, 6229.1.0000000008048000.000000000805c000.r-x.sdmp, morte.x86.elf, 6230.1.0000000008048000.000000000805c000.r-x.sdmpfalse
            		high
            http://176.65.142.252/bins/morte.%smorte.x86.elf, 6230.1.0000000008048000.000000000805c000.r-x.sdmpfalse
              		high
              http://176.65.142.252/bins/morte.x64morte.x86.elf, 6228.1.00000000ff7fc000.00000000ff800000.rwx.sdmp, morte.x86.elf, 6229.1.00000000ff7fc000.00000000ff800000.rwx.sdmp, morte.x86.elf, 6230.1.00000000ff7fc000.00000000ff800000.rwx.sdmpfalse
              • Avira URL Cloud: malware
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              54.171.230.55
              		unknownUnited States
              		16509AMAZON-02USfalse
              7.154.5.8
              		unknownUnited States
              		3356LEVEL3USfalse
              109.202.202.202
              		unknownSwitzerland
              		13030INIT7CHfalse
              91.189.91.43
              		unknownUnited Kingdom
              		41231CANONICAL-ASGBfalse
              91.189.91.42
              		unknownUnited Kingdom
              		41231CANONICAL-ASGBfalse

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              54.171.230.55main_ppc.elfGet hashmaliciousMiraiBrowse
                main_arm5.elfGet hashmaliciousMiraiBrowse
                  na.elfGet hashmaliciousPrometeiBrowse
                    sh4.elfGet hashmaliciousUnknownBrowse
                      na.elfGet hashmaliciousPrometeiBrowse
                        main_m68k.elfGet hashmaliciousMiraiBrowse
                          boatnet.arm5.elfGet hashmaliciousMiraiBrowse
                            mips.elfGet hashmaliciousMiraiBrowse
                              main_sh4.elfGet hashmaliciousMiraiBrowse
                                main_mpsl.elfGet hashmaliciousMiraiBrowse
                                  109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                                  • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                                  91.189.91.43morte.ppc.elfGet hashmaliciousUnknownBrowse
                                    morte.arm6.elfGet hashmaliciousUnknownBrowse
                                      morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                        morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                                          morte.ppc.elfGet hashmaliciousOkiruBrowse
                                            morte.x86.elfGet hashmaliciousOkiruBrowse
                                              na.elfGet hashmaliciousPrometeiBrowse
                                                boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                  boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                      91.189.91.42morte.ppc.elfGet hashmaliciousUnknownBrowse
                                                        morte.arm6.elfGet hashmaliciousUnknownBrowse
                                                          morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                            morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                              morte.ppc.elfGet hashmaliciousOkiruBrowse
                                                                morte.x86.elfGet hashmaliciousOkiruBrowse
                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                    boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                      boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                                                                        na.elfGet hashmaliciousPrometeiBrowse

                                                                          Domains

                                                                          No context

                                                                          ASNs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          CANONICAL-ASGBmorte.ppc.elfGet hashmaliciousUnknownBrowse
                                                                          • 91.189.91.42
                                                                          morte.arm6.elfGet hashmaliciousUnknownBrowse
                                                                          • 91.189.91.42
                                                                          morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 91.189.91.42
                                                                          morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 91.189.91.42
                                                                          morte.ppc.elfGet hashmaliciousOkiruBrowse
                                                                          • 91.189.91.42
                                                                          morte.x86.elfGet hashmaliciousOkiruBrowse
                                                                          • 91.189.91.42
                                                                          boatnet.spc.elfGet hashmaliciousMiraiBrowse
                                                                          • 185.125.190.26
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 91.189.91.42
                                                                          boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                          • 91.189.91.42
                                                                          boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                                          • 185.125.190.26
                                                                          CANONICAL-ASGBmorte.ppc.elfGet hashmaliciousUnknownBrowse
                                                                          • 91.189.91.42
                                                                          morte.arm6.elfGet hashmaliciousUnknownBrowse
                                                                          • 91.189.91.42
                                                                          morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 91.189.91.42
                                                                          morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 91.189.91.42
                                                                          morte.ppc.elfGet hashmaliciousOkiruBrowse
                                                                          • 91.189.91.42
                                                                          morte.x86.elfGet hashmaliciousOkiruBrowse
                                                                          • 91.189.91.42
                                                                          boatnet.spc.elfGet hashmaliciousMiraiBrowse
                                                                          • 185.125.190.26
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 91.189.91.42
                                                                          boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                          • 91.189.91.42
                                                                          boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                                          • 185.125.190.26
                                                                          LEVEL3USboatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                          • 156.139.26.109
                                                                          boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                                                                          • 156.139.26.116
                                                                          arm.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 9.6.7.135
                                                                          ppc.elfGet hashmaliciousOkiruBrowse
                                                                          • 8.66.184.183
                                                                          mips.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 8.118.131.255
                                                                          m68k.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 4.21.112.136
                                                                          sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 205.192.241.134
                                                                          x86.elfGet hashmaliciousOkiruBrowse
                                                                          • 8.114.22.246
                                                                          Ec0AgD2t1q.exeGet hashmaliciousDarkVision RatBrowse
                                                                          • 4.28.136.57
                                                                          g4za.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                          • 8.96.5.42
                                                                          AMAZON-02USG3b6ylc4ml.exeGet hashmaliciousVidarBrowse
                                                                          • 108.138.128.56
                                                                          N47SyCplyy.exeGet hashmaliciousVidarBrowse
                                                                          • 108.139.47.92
                                                                          Payment advice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                          • 13.248.169.48
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 34.249.145.219
                                                                          boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                          • 34.249.145.219
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 54.170.242.139
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 34.249.145.219
                                                                          main_ppc.elfGet hashmaliciousMiraiBrowse
                                                                          • 34.249.145.219
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 34.249.145.219
                                                                          main_arm5.elfGet hashmaliciousMiraiBrowse
                                                                          • 54.171.230.55
                                                                          INIT7CHmorte.ppc.elfGet hashmaliciousUnknownBrowse
                                                                          • 109.202.202.202
                                                                          morte.arm6.elfGet hashmaliciousUnknownBrowse
                                                                          • 109.202.202.202
                                                                          morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 109.202.202.202
                                                                          morte.sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                          • 109.202.202.202
                                                                          morte.ppc.elfGet hashmaliciousOkiruBrowse
                                                                          • 109.202.202.202
                                                                          morte.x86.elfGet hashmaliciousOkiruBrowse
                                                                          • 109.202.202.202
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 109.202.202.202
                                                                          boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                          • 109.202.202.202
                                                                          boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                                                                          • 109.202.202.202
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 109.202.202.202

                                                                          JA3 Fingerprints

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          fb4726d465c5f28b84cd6d14cedd13a7main_arm5.elfGet hashmaliciousMiraiBrowse
                                                                          • 54.171.230.55
                                                                          ppc.elfGet hashmaliciousUnknownBrowse
                                                                          • 54.171.230.55
                                                                          mips.elfGet hashmaliciousMiraiBrowse
                                                                          • 54.171.230.55
                                                                          boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                          • 54.171.230.55
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 54.171.230.55
                                                                          arm.elfGet hashmaliciousMiraiBrowse
                                                                          • 54.171.230.55
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 54.171.230.55
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 54.171.230.55
                                                                          arm5.elfGet hashmaliciousUnknownBrowse
                                                                          • 54.171.230.55
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                          • 54.171.230.55

                                                                          Dropped Files

                                                                          No context

                                                                          Created / dropped Files

                                                                          Process:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                                                          File Type:XML 1.0 document, ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):5128
                                                                          Entropy (8bit):4.457618060812407
                                                                          Encrypted:false
                                                                          SSDEEP:96:R14GBdYLSNUH+ZAFQrSRR6dn0tWlTDFwIfM/vfzPpjT9I3jZ/qeH2Wg:74GnYLSNUH+ZAyrSRRYn0taTDKIfMPzv
                                                                          MD5:2A2A7C34B585CDAE5E123F3C5100C253
                                                                          SHA1:E814B1B1531B25581DB76CB813C85E53E1390BA4
                                                                          SHA-256:BCA18B654D038B69B25ACDF84CFF99BF521A1B54F482F1DE2B54CE13AC219A04
                                                                          SHA-512:CEC7A3A7A6AD6C2A6D101A3BF6D89A01EBDCEB0121AA3DE1CEA024268410B39E4E9188382439C7C3FD734C66764B66B13F1D277700B00A2FCB35CB67E31996DD
                                                                          Malicious:false
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<channel name="xfce4-panel" version="1.0">. <property name="configver" type="int" value="2"/>. <property name="panels" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <property name="panel-1" type="empty">. <property name="position" type="string" value="p=6;x=0;y=0"/>. <property name="length" type="uint" value="100"/>. <property name="position-locked" type="bool" value="true"/>. <property name="icon-size" type="uint" value="16"/>. <property name="size" type="uint" value="26"/>. <property name="plugin-ids" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <value type="int" value="3"/>. <value type="int" value="4"/>. <value type="int" value="5"/>. <value type="int" value="6"/>. <value type="int" value="7"/>. <value type="int" value="8"/>. <value type="int" value="9"/>. <value type="in

                                                                          Static File Info

                                                                          General

                                                                          File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
                                                                          Entropy (8bit):7.965197699253663
                                                                          TrID:
                                                                          • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                                          • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                                          File name:morte.x86.elf
                                                                          File size:40'512 bytes
                                                                          MD5:8861638404342a55c97beccb79c8c122
                                                                          SHA1:17e11d2096d183b7d39ffd912b06759e32be6411
                                                                          SHA256:f413f39c992de5367d25ed5ac325b91076978a0296ca833fbff89ae8492ddd9d
                                                                          SHA512:4026f97f463b6b4d52a94bf437664f4817dd4b9a0f3b113374cb97befdb3a61acddf81da7a913f6b014ddaa827697b7a253a27e5dd7e4a4d2d52d01246d087ed
                                                                          SSDEEP:768:mgR6c8dM1XVzT135/XUUxm5SjalmtbdAs97WtxS/HA3Q4MPfHQ4GnbcuyD7UHQR8:mgJGGPRA5xYtbdHOvM3/Gnouy8Hy8
                                                                          TLSH:BF03F1B7C2FD8224D91540FA659F76EB1122C40EDFA8D39FDF48603D8EC9E682808385
                                                                          File Content Preview:.ELF....................X...4...........4. ...(.....................L...L....................T...T..................Q.td.............................-[.UPX!........L|..L|......V..........?..k.I/.j....\.h.blz.e.m......4.0.N..9....}t......%'8...5q....z$....

                                                                          Static ELF Info

                                                                          ELF header

                                                                          Class:ELF32
                                                                          Data:2's complement, little endian
                                                                          Version:1 (current)
                                                                          Machine:Intel 80386
                                                                          Version Number:0x1
                                                                          Type:EXEC (Executable file)
                                                                          OS/ABI:UNIX - Linux
                                                                          ABI Version:0
                                                                          Entry Point Address:0xc09b58
                                                                          Flags:0x0
                                                                          ELF Header Size:52
                                                                          Program Header Offset:52
                                                                          Program Header Size:32
                                                                          Number of Program Headers:3
                                                                          Section Header Offset:0
                                                                          Section Header Size:40
                                                                          Number of Section Headers:0
                                                                          Header String Table Index:0

                                                                          Program Segments

                                                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                          LOAD0x00xc010000xc010000x9d4c0x9d4c7.96720x5R E0x1000
                                                                          LOAD0x4ac0x80654ac0x80654ac0x00x00.00000x6RW 0x1000
                                                                          GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                                          Network Behavior

                                                                          Download Network PCAP: filteredfull

                                                                          Network Port Distribution

                                                                          • Total Packets: 31
                                                                          • 443 (HTTPS)
                                                                          • 80 (HTTP)
                                                                          • 23 (Telnet)
                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Mar 26, 2025 04:29:01.490006924 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:02.105370998 CET4137023192.168.2.237.154.5.8
                                                                          Mar 26, 2025 04:29:03.121824980 CET4137023192.168.2.237.154.5.8
                                                                          Mar 26, 2025 04:29:05.137567043 CET4137023192.168.2.237.154.5.8
                                                                          Mar 26, 2025 04:29:05.329493046 CET42836443192.168.2.2391.189.91.43
                                                                          Mar 26, 2025 04:29:06.609302998 CET4251680192.168.2.23109.202.202.202
                                                                          Mar 26, 2025 04:29:06.865276098 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:09.168883085 CET4137023192.168.2.237.154.5.8
                                                                          Mar 26, 2025 04:29:17.359776020 CET4137023192.168.2.237.154.5.8
                                                                          Mar 26, 2025 04:29:17.615736008 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:17.840094090 CET4433360854.171.230.55192.168.2.23
                                                                          Mar 26, 2025 04:29:19.778039932 CET4433360854.171.230.55192.168.2.23
                                                                          Mar 26, 2025 04:29:19.778058052 CET4433360854.171.230.55192.168.2.23
                                                                          Mar 26, 2025 04:29:19.778080940 CET4433360854.171.230.55192.168.2.23
                                                                          Mar 26, 2025 04:29:19.778085947 CET4433360854.171.230.55192.168.2.23
                                                                          Mar 26, 2025 04:29:19.778096914 CET4433360854.171.230.55192.168.2.23
                                                                          Mar 26, 2025 04:29:19.778110027 CET4433360854.171.230.55192.168.2.23
                                                                          Mar 26, 2025 04:29:19.778165102 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:19.778208971 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:19.778208971 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:19.778208971 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:19.778208971 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:19.778208971 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:19.779439926 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:19.999741077 CET4433360854.171.230.55192.168.2.23
                                                                          Mar 26, 2025 04:29:20.000129938 CET4433360854.171.230.55192.168.2.23
                                                                          Mar 26, 2025 04:29:20.000175953 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:20.000430107 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:20.169363976 CET4433360854.171.230.55192.168.2.23
                                                                          Mar 26, 2025 04:29:20.169385910 CET4433360854.171.230.55192.168.2.23
                                                                          Mar 26, 2025 04:29:20.169461012 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:20.169461012 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:20.170600891 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:20.478703976 CET4433360854.171.230.55192.168.2.23
                                                                          Mar 26, 2025 04:29:20.570343018 CET4433360854.171.230.55192.168.2.23
                                                                          Mar 26, 2025 04:29:20.570483923 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:20.638995886 CET4433360854.171.230.55192.168.2.23
                                                                          Mar 26, 2025 04:29:20.640312910 CET33608443192.168.2.2354.171.230.55
                                                                          Mar 26, 2025 04:29:20.943253040 CET43928443192.168.2.2391.189.91.42
                                                                          Mar 26, 2025 04:29:31.181962967 CET42836443192.168.2.2391.189.91.43
                                                                          Mar 26, 2025 04:29:33.485836983 CET4137023192.168.2.237.154.5.8
                                                                          Mar 26, 2025 04:29:37.325144053 CET4251680192.168.2.23109.202.202.202
                                                                          Mar 26, 2025 04:30:01.897811890 CET43928443192.168.2.2391.189.91.42
                                                                          Mar 26, 2025 04:30:05.993247032 CET4137023192.168.2.237.154.5.8
                                                                          Mar 26, 2025 04:30:22.375035048 CET42836443192.168.2.2391.189.91.43

                                                                          HTTPS Connections

                                                                          TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                          Mar 26, 2025 04:29:19.778110027 CET54.171.230.55443192.168.2.2333608CN=motd.ubuntu.com CN=R10, O=Let's Encrypt, C=USCN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USSat Mar 22 09:18:05 CET 2025 Wed Mar 13 01:00:00 CET 2024Fri Jun 20 10:18:04 CEST 2025 Sat Mar 13 00:59:59 CET 2027771,4866-4867-4865-49196-49200-163-159-52393-52392-52394-49327-49325-49315-49311-49245-49249-49239-49235-49195-49199-162-158-49326-49324-49314-49310-49244-49248-49238-49234-49188-49192-107-106-49267-49271-196-195-49187-49191-103-64-49266-49270-190-189-49162-49172-57-56-136-135-49161-49171-51-50-69-68-157-49313-49309-49233-156-49312-49308-49232-61-192-60-186-53-132-47-65-255,0-11-10-35-22-23-13-43-45-51,29-23-30-25-24,0-1-2fb4726d465c5f28b84cd6d14cedd13a7
                                                                          CN=R10, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USWed Mar 13 01:00:00 CET 2024Sat Mar 13 00:59:59 CET 2027

                                                                          System Behavior

                                                                          General

                                                                          Start time (UTC):03:29:01
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/tmp/morte.x86.elf
                                                                          Arguments:/tmp/morte.x86.elf
                                                                          File size:40512 bytes
                                                                          MD5 hash:8861638404342a55c97beccb79c8c122

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:01
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/tmp/morte.x86.elf
                                                                          Arguments:-
                                                                          File size:40512 bytes
                                                                          MD5 hash:8861638404342a55c97beccb79c8c122

                                                                          Process Activities

                                                                          System Activities


                                                                          General

                                                                          Start time (UTC):03:29:01
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/tmp/morte.x86.elf
                                                                          Arguments:-
                                                                          File size:40512 bytes
                                                                          MD5 hash:8861638404342a55c97beccb79c8c122

                                                                          File Activities

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:01
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/tmp/morte.x86.elf
                                                                          Arguments:-
                                                                          File size:40512 bytes
                                                                          MD5 hash:8861638404342a55c97beccb79c8c122

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:01
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/tmp/morte.x86.elf
                                                                          Arguments:-
                                                                          File size:40512 bytes
                                                                          MD5 hash:8861638404342a55c97beccb79c8c122

                                                                          System Activities


                                                                          General

                                                                          Start time (UTC):03:29:01
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/tmp/morte.x86.elf
                                                                          Arguments:-
                                                                          File size:40512 bytes
                                                                          MD5 hash:8861638404342a55c97beccb79c8c122

                                                                          General

                                                                          Start time (UTC):03:29:06
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/xfce4-panel
                                                                          Arguments:-
                                                                          File size:375768 bytes
                                                                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:06
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
                                                                          File size:35136 bytes
                                                                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                          File Activities

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:29:06
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/xfce4-panel
                                                                          Arguments:-
                                                                          File size:375768 bytes
                                                                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:06
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                                                                          File size:35136 bytes
                                                                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                          File Activities

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:29:06
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/xfce4-panel
                                                                          Arguments:-
                                                                          File size:375768 bytes
                                                                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:06
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                                                                          File size:35136 bytes
                                                                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                          File Activities

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:29:12
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                          Arguments:-
                                                                          File size:35136 bytes
                                                                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                          File Activities

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:12
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/sbin/xfpm-power-backlight-helper
                                                                          Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
                                                                          File size:14656 bytes
                                                                          MD5 hash:3d221ad23f28ca3259f599b1664e2427

                                                                          File Activities


                                                                          General

                                                                          Start time (UTC):03:29:06
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/xfce4-panel
                                                                          Arguments:-
                                                                          File size:375768 bytes
                                                                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:06
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                                                                          File size:35136 bytes
                                                                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                          File Activities

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:29:06
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/xfce4-panel
                                                                          Arguments:-
                                                                          File size:375768 bytes
                                                                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:06
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                                                                          File size:35136 bytes
                                                                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                          File Activities

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:29:06
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/xfce4-panel
                                                                          Arguments:-
                                                                          File size:375768 bytes
                                                                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:06
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
                                                                          File size:35136 bytes
                                                                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                          File Activities

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:29:12
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/dbus-daemon
                                                                          Arguments:-
                                                                          File size:249032 bytes
                                                                          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:12
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                                                          File size:112880 bytes
                                                                          MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                                                                          File Activities

                                                                          Process Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:29:16
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/systemd/systemd
                                                                          Arguments:-
                                                                          File size:1620224 bytes
                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:16
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                                                                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                                                                          File size:112872 bytes
                                                                          MD5 hash:eee956f1b227c1d5031f9c61223255d1

                                                                          File Activities

                                                                          Process Activities

                                                                          System Activities

                                                                          Network Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/dash
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/rm
                                                                          Arguments:rm -f /tmp/tmp.oJA6BkE3kC /tmp/tmp.6QveFjvfsl /tmp/tmp.Xaul1CYlQr
                                                                          File size:72056 bytes
                                                                          MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                          File Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/dash
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/cat
                                                                          Arguments:cat /tmp/tmp.oJA6BkE3kC
                                                                          File size:43416 bytes
                                                                          MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

                                                                          File Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/dash
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/head
                                                                          Arguments:head -n 10
                                                                          File size:47480 bytes
                                                                          MD5 hash:fd96a67145172477dd57131396fc9608

                                                                          File Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/dash
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/tr
                                                                          Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
                                                                          File size:51544 bytes
                                                                          MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

                                                                          File Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/dash
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/cut
                                                                          Arguments:cut -c -80
                                                                          File size:47480 bytes
                                                                          MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

                                                                          File Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/dash
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/cat
                                                                          Arguments:cat /tmp/tmp.oJA6BkE3kC
                                                                          File size:43416 bytes
                                                                          MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

                                                                          File Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/dash
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/head
                                                                          Arguments:head -n 10
                                                                          File size:47480 bytes
                                                                          MD5 hash:fd96a67145172477dd57131396fc9608

                                                                          File Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/dash
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/tr
                                                                          Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
                                                                          File size:51544 bytes
                                                                          MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

                                                                          File Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/dash
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:19
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/cut
                                                                          Arguments:cut -c -80
                                                                          File size:47480 bytes
                                                                          MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

                                                                          File Activities


                                                                          General

                                                                          Start time (UTC):03:29:20
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/dash
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Process Activities


                                                                          General

                                                                          Start time (UTC):03:29:20
                                                                          Start date (UTC):26/03/2025
                                                                          Path:/usr/bin/rm
                                                                          Arguments:rm -f /tmp/tmp.oJA6BkE3kC /tmp/tmp.6QveFjvfsl /tmp/tmp.Xaul1CYlQr
                                                                          File size:72056 bytes
                                                                          MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                          File Activities