Linux Analysis Report SZAYTvvY9Y

AV Detection:

Multi AV Scanner detection for submitted file

Source: SZAYTvvY9Y	Virustotal: Detection: 37%			Perma Link
Source: SZAYTvvY9Y	ReversingLabs: Detection: 54%

Bitcoin Miner:

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pulseaudio (PID: 5378)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 5494)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated (PID: 5516)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5536)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5548)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/gnome-shell (PID: 5576)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/pulseaudio (PID: 5761)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:33922
Source: Traffic	Snort IDS: 215 BACKDOOR MISC Linux rootkit attempt 192.168.2.23:44254 -> 190.129.192.73:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44110
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:33922
Source: Traffic	Snort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:34004
Source: Traffic	Snort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44148
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:34004
Source: Traffic	Snort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44180
Source: Traffic	Snort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:34032
Source: Traffic	Snort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44192
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:34032
Source: Traffic	Snort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44200
Source: Traffic	Snort IDS: 215 BACKDOOR MISC Linux rootkit attempt 192.168.2.23:60222 -> 190.149.60.33:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44240
Source: Traffic	Snort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:34100
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:34652
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:34652
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:34100
Source: Traffic	Snort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44286
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:34698
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:34698
Source: Traffic	Snort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44350
Source: Traffic	Snort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:34202
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:34778
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:34778
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:34804 -> 85.128.17.228:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44372
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:34202
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:34804
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:34804
Source: Traffic	Snort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44404
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:34834
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:34834
Source: Traffic	Snort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:34328
Source: Traffic	Snort IDS: 215 BACKDOOR MISC Linux rootkit attempt 192.168.2.23:34940 -> 85.128.17.228:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:34328
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:34940
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:34940
Source: Traffic	Snort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:34422
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:34988
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:34988
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 69.7.118.87:23 -> 192.168.2.23:35250
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 69.7.118.87:23 -> 192.168.2.23:35250
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:34422
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:35020
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:35020
Source: Traffic	Snort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:34462
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:35046
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:35046
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:34462
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:35058
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:35058

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52914
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52924
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52932
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52940
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52948
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52954
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52960
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52968
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52972
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52974
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52978
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52980
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52984
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52986
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52988
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52990
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52994
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52996
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53002

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:42798 -> 31.133.0.49:3456
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 171.156.140.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 13.69.119.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 145.55.111.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 164.75.72.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 206.71.44.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 139.42.188.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 36.155.158.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 64.90.26.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 199.161.164.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 199.56.244.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 147.215.81.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 92.180.166.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 166.59.123.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 63.176.53.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 178.157.2.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 50.14.90.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 175.230.64.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 162.92.97.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 61.77.140.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 173.41.196.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 74.197.176.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 38.97.125.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 52.222.86.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 183.108.174.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 113.37.174.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 114.251.88.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 182.130.230.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 95.128.73.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 213.164.21.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 138.243.42.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 1.215.174.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 122.135.93.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 147.51.12.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 195.248.71.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 1.248.174.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 117.109.181.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 202.186.2.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 129.192.219.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 124.202.239.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 139.227.132.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 182.117.148.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 102.133.186.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 190.202.115.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 166.129.171.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 38.225.72.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 147.0.143.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 138.111.128.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 188.200.197.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 189.188.40.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 219.9.175.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 75.73.42.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 166.174.223.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 78.107.66.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 43.97.174.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 119.217.81.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 37.61.140.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 130.121.229.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 183.142.205.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 208.46.127.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 196.53.137.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 169.144.87.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 64.93.38.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 115.132.223.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 70.208.137.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 204.34.186.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 205.147.242.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 176.195.153.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 75.81.24.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 89.224.128.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 1.158.77.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 103.118.21.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 86.214.217.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 115.119.159.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 207.123.182.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 197.190.9.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 1.64.230.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 52.191.235.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 99.189.103.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 68.75.255.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 159.178.7.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 95.47.48.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 18.26.155.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 167.206.203.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 70.22.201.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 177.157.179.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 180.172.143.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 156.155.205.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 186.157.179.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 137.38.1.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 203.143.37.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 185.146.68.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 81.19.212.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 90.112.203.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 149.155.239.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 102.90.116.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 83.97.79.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 120.99.5.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 223.71.234.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 131.177.50.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 137.196.114.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 102.71.138.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 186.83.215.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 194.24.131.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 2.240.226.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 188.151.238.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 18.38.212.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 52.229.27.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 208.84.64.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 38.179.143.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 179.253.19.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 5.178.20.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 95.205.194.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 61.4.161.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 120.249.40.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 149.190.28.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 47.141.34.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 178.62.124.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 124.57.26.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 98.245.118.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 68.123.192.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 75.181.74.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 135.54.87.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 167.51.241.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 140.209.198.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 137.2.179.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 199.128.245.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 152.217.81.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 90.115.194.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 54.142.67.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 103.65.206.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 76.151.42.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 141.105.225.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 124.141.149.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 9.206.113.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 165.102.194.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 81.92.89.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 148.39.192.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 66.177.211.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 153.148.174.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 175.14.135.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 145.94.35.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 130.156.16.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 74.46.142.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 177.242.248.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 53.39.89.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 147.93.207.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 111.112.118.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 103.244.219.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 78.46.242.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 154.66.158.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 25.64.111.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 117.132.37.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 146.183.233.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 112.136.174.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 27.89.23.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 114.38.130.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 68.70.104.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 101.172.58.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 123.6.88.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 98.62.76.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 128.8.100.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 58.37.110.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 5.53.94.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 168.133.215.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 182.178.37.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 58.179.66.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 75.74.166.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 35.30.198.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 205.51.180.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 137.206.223.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 126.223.30.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 27.110.248.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 102.25.2.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 82.234.203.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 186.218.210.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 78.212.85.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 154.146.231.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 218.226.209.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 12.181.228.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 197.197.160.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 105.164.70.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 47.26.76.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 20.251.214.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 156.207.10.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 181.146.109.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 133.192.211.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 114.7.68.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 84.66.131.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 20.73.194.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 152.222.204.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 130.240.187.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 85.157.228.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 219.144.124.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 44.134.205.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 121.190.169.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 211.160.233.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 149.196.231.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 83.123.22.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 76.118.197.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 23.2.4.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 156.77.93.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 77.218.170.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 100.144.154.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 71.240.105.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 124.206.88.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 135.35.199.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 125.50.2.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 129.231.108.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 62.57.131.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 204.7.230.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 4.95.239.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 34.11.253.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 129.177.111.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 66.114.22.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 61.63.64.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 162.56.10.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 13.93.28.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 115.113.93.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 145.242.218.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 58.31.99.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 221.47.72.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 12.81.5.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 90.80.111.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 144.98.238.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 158.185.56.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 88.217.156.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 218.228.112.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 185.35.249.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 2.127.247.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 35.28.33.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 161.36.207.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 90.51.230.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 2.18.132.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 38.78.91.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 115.17.200.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 13.174.89.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 178.196.227.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 170.155.48.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 130.21.117.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 114.170.43.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 223.200.14.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 49.125.149.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 34.228.161.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 27.73.79.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 194.46.176.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 180.95.91.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 80.76.238.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 45.182.72.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 208.242.246.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 14.78.239.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 80.122.167.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 196.156.233.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 118.102.53.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 110.43.223.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 178.72.93.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 58.235.195.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 62.225.85.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 59.215.147.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 219.22.19.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 14.161.148.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 25.7.215.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 75.91.226.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 191.130.44.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 85.128.122.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 164.100.145.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 223.197.214.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 138.99.132.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 143.108.140.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 218.89.18.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 151.204.69.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 165.67.238.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 155.114.117.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 129.154.83.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 57.119.13.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 52.159.23.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 162.200.66.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 177.209.66.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 220.247.204.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 58.241.48.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 130.116.252.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 62.205.65.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 72.61.82.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 103.235.146.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 175.40.13.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 1.239.220.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 142.157.176.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 27.233.214.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 219.244.135.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 155.166.189.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 20.118.56.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 150.144.77.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 60.15.39.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 60.225.242.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 49.139.58.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 67.81.217.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 59.158.255.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 110.218.32.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 46.237.218.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 194.148.109.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 73.207.38.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 182.63.74.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 145.144.101.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 72.173.92.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 1.175.209.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 216.76.181.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 14.253.81.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 34.205.68.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 31.226.124.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 60.122.93.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 216.53.102.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 89.176.72.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 135.18.28.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 136.67.179.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 45.138.128.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 223.92.181.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 106.231.45.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 104.116.70.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 170.28.126.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 209.150.121.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 63.116.82.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 138.229.78.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 170.69.244.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 150.187.91.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 58.189.120.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 34.22.135.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 59.219.129.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 72.121.149.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 95.60.254.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 147.119.62.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 49.198.108.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 139.247.36.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 23.22.139.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 183.78.153.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 153.211.23.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 93.0.31.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 198.208.90.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 190.44.250.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 64.128.26.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 178.226.77.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 120.141.130.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 173.54.225.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 125.35.162.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 133.133.177.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 180.29.180.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 201.62.34.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 37.43.24.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 92.80.63.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 45.32.210.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 101.151.211.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 114.126.24.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 154.36.188.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 35.159.63.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 115.252.31.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 112.209.56.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 43.231.10.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 158.194.67.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 119.61.71.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 141.197.253.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 80.10.208.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 130.134.244.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 101.137.1.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 195.33.188.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 120.44.153.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 4.186.35.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 90.147.152.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 220.56.165.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 219.15.29.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 40.166.113.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 188.154.8.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 1.86.171.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 174.64.168.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 180.225.88.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 82.135.67.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 68.147.3.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 182.176.30.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 198.109.115.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 153.67.47.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 219.185.55.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 203.41.120.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 158.80.188.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 126.110.24.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 101.210.204.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 44.251.155.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 206.114.35.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 201.169.96.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 73.186.154.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 219.183.30.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 32.237.241.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 65.199.59.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 207.244.148.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 188.187.253.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 223.64.254.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 148.10.210.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 71.101.199.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 113.210.214.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 121.231.69.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 125.170.79.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 175.249.176.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 112.155.126.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 161.89.114.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 134.219.23.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 151.157.174.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 223.136.184.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 206.167.118.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 181.31.153.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 147.95.180.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 166.180.56.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 187.250.182.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 115.158.73.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 40.94.146.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 135.16.229.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 74.70.118.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 178.224.55.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 95.181.131.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 133.87.19.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 159.129.118.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 177.231.187.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 25.111.239.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 180.35.188.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 148.2.186.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 146.161.236.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 179.185.48.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 176.59.220.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 63.181.89.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 142.115.158.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 194.132.138.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 116.153.174.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 1.27.65.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 159.92.130.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 120.149.228.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 147.79.230.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 83.144.81.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 146.227.43.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 161.156.188.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 40.116.252.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 8.96.183.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 208.190.2.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 38.61.19.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 184.47.233.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 164.8.137.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 1.174.119.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 102.142.45.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 160.46.48.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 75.224.147.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 104.113.237.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 166.197.234.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 104.150.166.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 47.39.206.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 106.204.216.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 12.221.15.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 42.187.139.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 115.167.231.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 149.39.255.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 104.227.15.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 187.185.141.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 130.25.146.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 186.18.104.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 19.10.220.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 185.190.181.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 173.99.223.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 79.198.188.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 75.89.206.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 82.220.134.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 118.10.117.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 210.63.59.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 202.212.134.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 195.8.168.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 96.172.198.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 106.185.88.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 67.61.229.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 99.177.195.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 213.163.68.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 155.13.53.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 143.21.201.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 64.198.152.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 193.224.26.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 114.95.48.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 133.128.94.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 9.187.63.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 96.141.172.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 166.154.187.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 195.238.193.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 197.105.121.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 161.226.57.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 168.143.45.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 98.67.242.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 194.48.107.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 100.153.224.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 145.238.125.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 60.237.191.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 66.56.122.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 213.182.23.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 44.234.142.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 219.241.83.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 83.254.205.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 182.127.238.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 169.99.212.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 163.32.197.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:49645 -> 144.17.224.243:2323

Sample listens on a socket

Source: /tmp/SZAYTvvY9Y (PID: 5243)	Socket: 127.0.0.1::34561			Jump to behavior
Source: /tmp/SZAYTvvY9Y (PID: 5243)	Socket: 0.0.0.0::23			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	Socket: <unknown socket type>:unknown			Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5426)	Socket: <unknown socket type>:unknown			Jump to behavior
Source: /usr/libexec/gnome-session-binary (PID: 5427)	Socket: <unknown socket type>:unknown			Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 5494)	Socket: <unknown socket type>:unknown			Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5514)	Socket: <unknown socket type>:unknown			Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5535)	Socket: <unknown socket type>:unknown			Jump to behavior
Source: /usr/libexec/gnome-session-binary (PID: 5515)	Socket: <unknown socket type>:unknown			Jump to behavior
Source: /usr/bin/ibus-daemon (PID: 5623)	Socket: <unknown socket type>:unknown			Jump to behavior

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Connects to IPs without corresponding DNS lookups

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 31.133.0.49
Source: unknown	TCP traffic detected without corresponding DNS query: 171.156.140.92
Source: unknown	TCP traffic detected without corresponding DNS query: 92.230.46.98
Source: unknown	TCP traffic detected without corresponding DNS query: 128.146.30.93
Source: unknown	TCP traffic detected without corresponding DNS query: 4.2.238.247
Source: unknown	TCP traffic detected without corresponding DNS query: 43.21.94.232
Source: unknown	TCP traffic detected without corresponding DNS query: 61.75.144.181
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.119.219
Source: unknown	TCP traffic detected without corresponding DNS query: 27.193.248.53
Source: unknown	TCP traffic detected without corresponding DNS query: 27.40.58.27
Source: unknown	TCP traffic detected without corresponding DNS query: 63.160.245.31
Source: unknown	TCP traffic detected without corresponding DNS query: 125.163.96.77
Source: unknown	TCP traffic detected without corresponding DNS query: 47.219.185.254
Source: unknown	TCP traffic detected without corresponding DNS query: 129.48.221.40
Source: unknown	TCP traffic detected without corresponding DNS query: 175.67.20.221
Source: unknown	TCP traffic detected without corresponding DNS query: 20.119.46.252
Source: unknown	TCP traffic detected without corresponding DNS query: 175.27.187.21
Source: unknown	TCP traffic detected without corresponding DNS query: 197.252.201.236
Source: unknown	TCP traffic detected without corresponding DNS query: 161.41.203.90
Source: unknown	TCP traffic detected without corresponding DNS query: 32.144.142.174
Source: unknown	TCP traffic detected without corresponding DNS query: 172.192.7.255
Source: unknown	TCP traffic detected without corresponding DNS query: 188.152.133.49
Source: unknown	TCP traffic detected without corresponding DNS query: 133.227.152.217
Source: unknown	TCP traffic detected without corresponding DNS query: 67.194.253.162
Source: unknown	TCP traffic detected without corresponding DNS query: 14.133.211.236
Source: unknown	TCP traffic detected without corresponding DNS query: 101.246.218.146
Source: unknown	TCP traffic detected without corresponding DNS query: 53.12.207.28
Source: unknown	TCP traffic detected without corresponding DNS query: 135.96.102.84
Source: unknown	TCP traffic detected without corresponding DNS query: 99.69.238.116
Source: unknown	TCP traffic detected without corresponding DNS query: 184.205.116.64
Source: unknown	TCP traffic detected without corresponding DNS query: 145.55.111.250
Source: unknown	TCP traffic detected without corresponding DNS query: 222.59.97.45
Source: unknown	TCP traffic detected without corresponding DNS query: 122.148.237.175
Source: unknown	TCP traffic detected without corresponding DNS query: 24.166.188.148
Source: unknown	TCP traffic detected without corresponding DNS query: 88.185.182.115
Source: unknown	TCP traffic detected without corresponding DNS query: 114.201.194.140
Source: unknown	TCP traffic detected without corresponding DNS query: 79.18.200.185
Source: unknown	TCP traffic detected without corresponding DNS query: 143.191.232.46
Source: unknown	TCP traffic detected without corresponding DNS query: 48.124.5.39
Source: unknown	TCP traffic detected without corresponding DNS query: 161.202.172.175
Source: unknown	TCP traffic detected without corresponding DNS query: 164.75.72.7
Source: unknown	TCP traffic detected without corresponding DNS query: 40.17.109.241
Source: unknown	TCP traffic detected without corresponding DNS query: 183.113.135.68
Source: unknown	TCP traffic detected without corresponding DNS query: 187.77.197.79
Source: unknown	TCP traffic detected without corresponding DNS query: 34.64.83.130
Source: unknown	TCP traffic detected without corresponding DNS query: 75.74.90.142
Source: unknown	TCP traffic detected without corresponding DNS query: 159.220.227.250
Source: unknown	TCP traffic detected without corresponding DNS query: 98.87.173.43

URLs found in memory or binary data

Source: Xorg.0.log.106.dr	String found in binary or memory: http://wiki.x.org
Source: Xorg.0.log.106.dr	String found in binary or memory: http://www.ubuntu.com/support)

System Summary:

Malicious sample detected (through community Yara rule)

Source: SZAYTvvY9Y, type: SAMPLE	Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 5247.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 5250.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 5243.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 5248.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF malware Mirai related Author: Florian Roth

Yara signature match

Source: SZAYTvvY9Y, type: SAMPLE	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: SZAYTvvY9Y, type: SAMPLE	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5243.1.0000000060ca3480.0000000056a06d25.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5247.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5247.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5250.1.0000000060ca3480.0000000056a06d25.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5248.1.0000000060ca3480.0000000056a06d25.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5250.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5250.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5243.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5243.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5248.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5248.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5247.1.0000000060ca3480.0000000056a06d25.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =

Sample tries to kill a process (SIGKILL)

Source: /tmp/SZAYTvvY9Y (PID: 5247)	SIGKILL sent: pid: 491, result: successful			Jump to behavior
Source: /tmp/SZAYTvvY9Y (PID: 5247)	SIGKILL sent: pid: 1477, result: successful			Jump to behavior
Source: /tmp/SZAYTvvY9Y (PID: 5247)	SIGKILL sent: pid: 1877, result: successful			Jump to behavior
Source: /tmp/SZAYTvvY9Y (PID: 5247)	SIGKILL sent: pid: 1900, result: successful			Jump to behavior
Source: /tmp/SZAYTvvY9Y (PID: 5247)	SIGKILL sent: pid: 2009, result: successful			Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5514)	SIGKILL sent: pid: 5529, result: successful			Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5514)	SIGKILL sent: pid: 5750, result: successful			Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5514)	SIGKILL sent: pid: 5874, result: successful			Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5535)	SIGKILL sent: pid: 5867, result: successful			Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Found detection on Joe Sandbox Cloud Basic with higher score

Source: SZAYTvvY9Y

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Classification label

Source: classification engine

Classification label: mal100.troj.evad.lin@0/112@0/0

Persistence and Installation Behavior:

Sample tries to persist itself using .desktop files

Source: /usr/bin/srm (PID: 5344)

File: /home/saturnino/.config/autostart/jbxkick.desktop

Jump to behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /usr/bin/dbus-daemon (PID: 5426)	File: /proc/5426/mounts			Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5514)	File: /proc/5514/mounts			Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5535)	File: /proc/5535/mounts			Jump to behavior
Source: /usr/bin/gjs (PID: 5875)	File: /proc/5875/mounts			Jump to behavior
Source: /usr/bin/gnome-shell (PID: 5576)	File: /proc/5576/mounts			Jump to behavior
Source: /bin/fusermount (PID: 5479)	File: /proc/5479/mounts

Writes Python files to disk

Source: /usr/bin/srm (PID: 5344)

Python file created: /var/jbxinit.linux.py

Jump to dropped file

Executes the "grep" command used to find patterns in files or piped streams

Source: /bin/sh (PID: 5404)

Grep executable: /usr/bin/grep -> grep -F .utf8

Jump to behavior

Reads system information from the proc file system

Source: /lib/systemd/systemd-journald (PID: 5275)

Reads from proc file: /proc/meminfo

Jump to behavior

Enumerates processes within the "proc" file system

Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/5385/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/5385/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/5385/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/5385/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/5385/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/5385/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/5385/cgroup			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2078/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2078/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2078/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2078/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2078/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2078/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2078/cgroup			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2077/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2077/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2077/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2077/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2077/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2077/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2077/cgroup			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2033/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2033/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2033/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2033/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2033/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2033/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2033/cgroup			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2074/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2074/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2074/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2074/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2074/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2074/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2074/cgroup			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2074/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/cgroup			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/cgroup			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/cgroup			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2028/cgroup			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1334/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1334/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1334/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1334/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1334/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1334/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1334/cgroup			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1334/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1334/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1334/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1334/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1334/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1334/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1334/cgroup			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1532/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1532/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1532/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1532/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1532/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1532/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/1532/cgroup			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2302/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2302/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2302/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2302/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2302/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2302/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/2302/cgroup			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/cgroup			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/cgroup			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/comm			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/cmdline			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/status			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/attr/current			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/sessionid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/loginuid			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	File opened: /proc/797/cgroup			Jump to behavior

Creates hidden files and/or directories

Source: /usr/lib/accountsservice/accounts-daemon (PID: 5385)

Directory: /root/.cache

Jump to behavior

Sample tries to set the executable flag

Source: /usr/lib/accountsservice/accounts-daemon (PID: 5385)	File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)			Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5385)	File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)			Jump to behavior

Executes commands using a shell command-line interpreter

Source: /usr/share/language-tools/language-options (PID: 5402)	Shell command executed: sh -c "locale -a | grep -F .utf8 "			Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 5506)	Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""			Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 5752)	Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""			Jump to behavior

Executes the "rm" command used to delete files or directories

Source: /usr/bin/python2.7 (PID: 5347)

Rm executable: /usr/bin/rm -> rm -fr /var/jbxkick /var/jbxinit.linux.py /home/saturnino/.config/autostart/jbxkick.desktop

Jump to behavior

Writes log files to disk

Source: /usr/bin/xdotool (PID: 5343)	Log file created: /var/jbx/logs/jbxinit.linux.out.log
Source: /usr/bin/umount (PID: 5348)	Log file created: /var/jbx/logs/jbxinit.linux.out.log			Jump to dropped file
Source: /usr/lib/xorg/Xorg (PID: 5494)	Log file created: /var/log/Xorg.0.log			Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

Sample deletes itself

Source: /tmp/SZAYTvvY9Y (PID: 5243)

File: /tmp/SZAYTvvY9Y

Jump to behavior

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52914
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52924
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52932
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52940
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52948
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52954
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52960
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52968
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52972
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52974
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52978
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52980
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52984
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52986
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52988
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52990
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52994
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52996
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53002

Malware Analysis System Evasion:

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pulseaudio (PID: 5378)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 5494)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated (PID: 5516)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5536)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5548)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/gnome-shell (PID: 5576)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/pulseaudio (PID: 5761)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/SZAYTvvY9Y (PID: 5243)	Queries kernel information via 'uname':			Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5275)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/xdotool (PID: 5343)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/pulseaudio (PID: 5378)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/lib/gdm3/gdm-session-worker (PID: 5405)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/libexec/gnome-session-binary (PID: 5427)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/lib/gdm3/gdm-session-worker (PID: 5473)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/lib/gdm3/gdm-x-session (PID: 5490)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 5494)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/libexec/at-spi-bus-launcher (PID: 5530)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/libexec/at-spi2-registryd (PID: 5868)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/libexec/gnome-session-binary (PID: 5515)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated (PID: 5516)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5536)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5548)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/gnome-shell (PID: 5576)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/libexec/ibus-x11 (PID: 5749)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/libexec/gsd-wacom (PID: 5892)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/libexec/gsd-color (PID: 5894)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-keyboard (PID: 5895)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-smartcard (PID: 5898)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-media-keys (PID: 5903)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-power (PID: 5914)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 5761)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-hostnamed (PID: 5940)	Queries kernel information via 'uname':
Source: /usr/libexec/fprintd (PID: 6302)	Queries kernel information via 'uname':

Deletes log files

Source: /usr/lib/xorg/Xorg (PID: 5494)

Truncated file: /var/log/Xorg.pid-5494.log

Jump to behavior

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.840] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.604] (**) vmware(0): Default mode "800x600": 50.0 MHz, 48.1 kHz, 72.2 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.972] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.766] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.720] (==) vmware(0): DPI set to (96, 96)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.507] (II) vmware(0): Modeline "1152x864"x70.0 96.77 1152 1224 1344 1536 864 865 868 900 -hsync +vsync (63.0 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 503.718] (==) Matched vmware as autoconfigured driver 0
Source: Xorg.0.log.106.dr	Binary or memory string: [ 513.829] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
Source: Xorg.0.log.106.dr	Binary or memory string: [ 514.970] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.024] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.836] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.003] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.620] (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.902] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.268] (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.689] (II) vmware(0): Modeline "720x400"x85.0 35.50 720 756 828 936 400 401 404 446 -hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 513.838] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.212] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 515.112] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.052] (II) vmware(0): Not using default mode "1024x576" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.706] (**) vmware(0): Default mode "640x360": 17.8 MHz, 22.2 kHz, 59.3 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 515.118] (II) event2 - VirtualPS/2 VMware VMMouse: device removed
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.262] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.763] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.303] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.238] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.610] (==) vmware(0): Using HW cursor
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.885] (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.619] (II) vmware(0): Clock range: 0.00 to 400000.00 MHz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 509.185] (==) vmware(0): Silken mouse enabled
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.783] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.600] (II) vmware(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.848] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.029] (II) vmware(0): Not using default mode "864x486" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.372] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 514.897] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.133] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.908] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.809] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.487] (**) vmware(0): Default mode "1152x864": 108.0 MHz, 67.5 kHz, 75.0 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.579] (--) vmware(0): mheig: 885
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.663] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.678] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.706] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.628] (II) vmware(0): Not using default mode "360x200" (bad mode clock/interlace/doublescan)
Source: SZAYTvvY9Y, 5243.1.00000000d71a4cb7.000000000598c956.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.065] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 515.052] (**) VirtualPS/2 VMware VMMouse: always reports core events
Source: Xorg.0.log.106.dr	Binary or memory string: [ 504.967] (II) vmware: driver for VMware SVGA: vmware0405, vmware0710
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.936] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.061] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.277] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 503.761] (II) Loading /usr/lib/xorg/modules/drivers/vmware_drv.so
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.696] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.898] (II) vmware(0): Not using default mode "800x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.576] (II) vmware(0): Modeline "832x624"x74.6 57.28 832 864 928 1152 624 625 628 667 -hsync -vsync (49.7 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.160] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.378] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.460] (II) vmware(0): Modeline "vmwlegacy-default-800x600"x60.0 36.25 800 801 802 1002 600 601 602 603 (36.2 kHz ez)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.582] (--) vmware(0): depth: 24
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.181] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.229] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 515.184] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.952] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.544] (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.208] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.616] (II) vmware(0): Modeline "800x600"x60.3 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 515.020] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event2)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.013] (II) vmware(0): Not using default mode "720x405" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.580] (**) vmware(0): Default mode "960x540": 40.8 MHz, 33.5 kHz, 59.6 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.529] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 515.163] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.829] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.516] (II) vmware(0): Modeline "1152x864"x60.0 81.62 1152 1216 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.563] (**) vmware(0): Default mode "1024x576": 46.5 MHz, 35.9 kHz, 59.9 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.749] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.483] (II) vmware(0): Modeline "1152x864"x85.0 119.65 1152 1224 1352 1552 864 865 868 907 -hsync +vsync (77.1 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.667] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.041] (II) vmware(0): Not using default mode "960x540" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.616] (==) vmware(0): Using gamma correction (1.0, 1.0, 1.0)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.634] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.669] (II) vmware(0): Modeline "640x480"x72.8 31.50 640 664 704 832 480 489 492 520 -hsync -vsync (37.9 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.440] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.806] (II) vmware(0): Not using default mode "416x312" (bad mode clock/interlace/doublescan)
Source: SZAYTvvY9Y, 5243.1.000000005f9a004a.00000000839dc569.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel
Source: Xorg.0.log.106.dr	Binary or memory string: [ 503.743] (II) LoadModule: "vmware"
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.656] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.354] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.572] (--) vmware(0): pbase: 0xe8000000
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.611] (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.773] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.803] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.107] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.637] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.414] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.175] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.258] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.613] (==) vmware(0): Will set up a driver mode with dimensions 800x600.
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.457] (**) vmware(0): *Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.255] (WW) vmware(0): Disabling 3D support.
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.044] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.286] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.597] (--) vmware(0): vis: 4
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.233] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.360] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 515.167] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.964] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.451] (II) vmware(0): Virtual size is 800x600 (pitch 1176)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.712] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.588] (**) vmware(0): Default mode "800x600": 56.3 MHz, 53.7 kHz, 85.1 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.585] (--) vmware(0): bpp: 32
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.112] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.472] (**) vmware(0): Default mode "1152x864": 121.5 MHz, 77.5 kHz, 85.1 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.729] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.571] (**) vmware(0): Default mode "832x624": 57.3 MHz, 49.7 kHz, 74.6 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.968] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 515.154] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.986] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.307] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 515.107] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.607] (==) vmware(0): Default visual is TrueColor
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.992] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.074] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.871] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.431] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.650] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 515.024] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.048] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.191] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.816] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 513.860] (**) VirtualPS/2 VMware VMMouse: always reports core events
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.170] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.716] (II) vmware(0): Modeline "640x350"x85.1 31.50 640 672 736 832 350 382 385 445 +hsync -vsync (37.9 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.716] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.088] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.745] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.343] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.956] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.625] (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.155] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.093] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.651] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.5 kHz, 75.0 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.813] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.246] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.940] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.722] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.326] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.982] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.867] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.960] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 514.975] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.787] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.503] (**) vmware(0): Default mode "1152x864": 96.8 MHz, 63.0 kHz, 70.0 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.124] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.742] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 514.933] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
Source: Xorg.0.log.106.dr	Binary or memory string: [ 513.916] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.759] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.164] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 503.816] (II) Module vmware: vendor="X.Org Foundation"
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.844] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.079] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.553] (**) vmware(0): Default mode "1024x768": 65.0 MHz, 48.4 kHz, 60.0 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.685] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.979] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.083] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.646] (II) vmware(0): Modeline "640x480"x85.0 36.00 640 696 752 832 480 481 484 509 -hsync -vsync (43.3 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 515.136] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 9)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.269] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.710] (II) vmware(0): Modeline "640x360"x59.3 17.75 640 688 720 800 360 363 368 374 +hsync -vsync (22.2 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.625] (II) vmware(0): Modeline "800x600"x56.2 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.678] (**) vmware(0): Default mode "720x405": 22.5 MHz, 25.1 kHz, 59.5 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.713] (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 515.188] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.221] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.317] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.793] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.408] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.700] (**) vmware(0): Default mode "640x360": 18.0 MHz, 22.5 kHz, 59.8 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.752] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.204] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.944] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.144] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.569] (--) vmware(0): vram: 4194304
Source: Xorg.0.log.106.dr	Binary or memory string: [ 513.820] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.989] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.282] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.682] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.880] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.777] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.607] (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.889] (II) vmware(0): Not using default mode "720x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 514.939] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.195] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.641] (**) vmware(0): Default mode "640x480": 36.0 MHz, 43.3 kHz, 85.0 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.526] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.735] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.664] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.9 kHz, 72.8 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 513.978] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.018] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.446] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.511] (**) vmware(0): Default mode "1152x864": 81.6 MHz, 53.7 kHz, 60.0 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.584] (II) vmware(0): Modeline "960x540"x59.6 40.75 960 992 1088 1216 540 543 548 562 -hsync +vsync (33.5 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.596] (**) vmware(0): Default mode "800x600": 49.5 MHz, 46.9 kHz, 75.0 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.833] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.819] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.311] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.070] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.800] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 509.173] (==) vmware(0): Backing store enabled
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.703] (II) vmware(0): Modeline "640x360"x59.8 18.00 640 664 720 800 360 363 368 376 -hsync +vsync (22.5 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.893] (II) vmware(0): Not using default mode "1600x1024" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.633] (**) vmware(0): Default mode "864x486": 32.5 MHz, 30.3 kHz, 59.9 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.790] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.566] (--) vmware(0): bpp: 32
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.260] (WW) vmware(0): Disabling Render Acceleration.
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.554] (--) vmware(0): caps: 0xFDFF83E2
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.709] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.640] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.685] (**) vmware(0): Default mode "720x400": 35.5 MHz, 37.9 kHz, 85.0 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.464] (**) vmware(0): Default mode "1152x864": 143.5 MHz, 91.5 kHz, 100.0 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 508.927] (II) vmware(0): Initialized VMware Xinerama extension.
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.770] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.056] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 515.199] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.689] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.561] (--) vmware(0): depth: 24
Source: Xorg.0.log.106.dr	Binary or memory string: [ 514.992] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse1)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.419] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.475] (II) vmware(0): Modeline "1152x864"x85.1 121.50 1152 1216 1344 1568 864 865 868 911 +hsync -vsync (77.5 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.396] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.521] (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 515.028] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
Source: Xorg.0.log.106.dr	Binary or memory string: [ 509.193] (II) vmware(0): Initialized VMware Xv extension successfully.
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.549] (II) vmware(0): Modeline "1024x768"x70.1 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.672] (**) vmware(0): Default mode "640x480": 25.2 MHz, 31.5 kHz, 59.9 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.337] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.535] (**) vmware(0): Default mode "1024x768": 78.8 MHz, 60.0 kHz, 75.0 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 508.934] (II) vmware(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.725] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.604] (==) vmware(0): RGB weight 888
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.186] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.823] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.246] (EE) vmware(0): Failed to open drm.
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.675] (II) vmware(0): Not using default mode "512x384i" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.384] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.796] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.539] (II) vmware(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.495] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.719] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.149] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.479] (**) vmware(0): Default mode "1152x864": 119.7 MHz, 77.1 kHz, 85.0 Hz
Source: SZAYTvvY9Y, 5243.1.00000000d71a4cb7.000000000598c956.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.250] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.592] (II) vmware(0): Modeline "800x600"x85.1 56.30 800 832 896 1048 600 601 604 631 +hsync +vsync (53.7 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.693] (**) vmware(0): Default mode "640x400": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.499] (II) vmware(0): Modeline "1152x864"x75.0 104.99 1152 1224 1352 1552 864 865 868 902 -hsync +vsync (67.6 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.622] (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.780] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.697] (II) vmware(0): Modeline "640x400"x85.1 31.50 640 672 736 832 400 401 404 445 -hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.390] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.631] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.291] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.675] (II) vmware(0): Modeline "640x480"x59.9 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.644] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.264] (WW) vmware(0): Disabling RandR12+ support.
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.637] (II) vmware(0): Modeline "864x486"x59.9 32.50 864 888 968 1072 486 489 494 506 -hsync +vsync (30.3 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.861] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.702] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.199] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.402] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.852] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.739] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.468] (II) vmware(0): Modeline "1152x864"x100.0 143.47 1152 1232 1360 1568 864 865 868 915 -hsync +vsync (91.5 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.826] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 514.050] (II) event3 - VirtualPS/2 VMware VMMouse: device removed
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.692] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.656] (II) vmware(0): Modeline "640x480"x75.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.591] (--) vmware(0): w.grn: 8
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.242] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.599] (==) vmware(0): Depth 24, (==) framebuffer bpp 32
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.594] (--) vmware(0): w.blu: 8
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.266] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.103] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.295] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.299] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.682] (II) vmware(0): Modeline "720x405"x59.5 22.50 720 744 808 896 405 408 413 422 -hsync +vsync (25.1 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.348] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
Source: SZAYTvvY9Y, 5243.1.000000005f9a004a.00000000839dc569.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/SZAYTvvY9YSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/SZAYTvvY9Y
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.254] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.699] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.273] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.558] (II) vmware(0): Modeline "1024x768"x60.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.996] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.588] (--) vmware(0): w.red: 8
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.115] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.036] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.567] (II) vmware(0): Modeline "1024x576"x59.9 46.50 1024 1064 1160 1296 576 579 584 599 -hsync +vsync (35.9 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.948] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 508.609] (II) vmware(0): Initialized VMWARE_CTRL extension version 0.2
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.732] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.876] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.094] (II) vmware(0): Creating default Display subsection in Screen section
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.491] (II) vmware(0): Modeline "1152x864"x75.0 108.00 1152 1216 1344 1600 864 865 868 900 +hsync +vsync (67.5 kHz d)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.671] (II) vmware(0): Not using default mode "1024x768i" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.925] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.366] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 506.975] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.138] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.098] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.000] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.117] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 505.576] (--) vmware(0): mwidt: 1176
Source: Xorg.0.log.106.dr	Binary or memory string: [ 514.430] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 8)
Source: Xorg.0.log.106.dr	Binary or memory string: [ 507.033] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)

Language, Device and Operating System Detection:

Reads system files that contain records of logged in users

Source: /usr/lib/accountsservice/accounts-daemon (PID: 5385)

Logged in records file read: /var/log/wtmp

Jump to behavior

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: SZAYTvvY9Y, type: SAMPLE
Source: Yara match	File source: 5247.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5250.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5243.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5248.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected Mirai

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: SZAYTvvY9Y, type: SAMPLE
Source: Yara match	File source: 5247.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5250.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5243.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5248.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY