Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Linux Analysis Report SZAYTvvY9Y

Overview

General Information

Sample Name:SZAYTvvY9Y
Analysis ID:513239
MD5:f274fb7e2b929c40da1fcc2c0ed1db8b
SHA1:a0285f5e70c6dc90815d065f527b26b7e54cad06
SHA256:6708e5ebbe503d06a63775601a9bd50a592d7e8bcbe142975635a51128bfb895
Tags:32elfmipsmirai
Infos:

Detection

Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sample tries to persist itself using .desktop files
Sample deletes itself
Reads system files that contain records of logged in users
Uses known network protocols on non-standard ports
Sample reads /proc/mounts (often used for finding a writable filesystem)
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Writes Python files to disk
Executes the "grep" command used to find patterns in files or piped streams
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Deletes log files
Creates hidden files and/or directories
Sample has stripped symbol table
Sample tries to set the executable flag
Executes commands using a shell command-line interpreter
Executes the "rm" command used to delete files or directories

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:513239
Start date:01.11.2021
Start time:23:34:08
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 8s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:SZAYTvvY9Y
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal100.troj.evad.lin@0/112@0/0
Warnings:
Show All
  • Connection to analysis system has been lost, crash info: Unknown
  • TCP Packets have been reduced to 100
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.

Process Tree

  • system is lnxubuntu20
  • SZAYTvvY9Y (PID: 5243, Parent: 5112, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/SZAYTvvY9Y
  • systemd New Fork (PID: 5255, Parent: 1)
  • journalctl (PID: 5255, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5275, Parent: 1)
  • systemd-journald (PID: 5275, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5280, Parent: 1)
  • journalctl (PID: 5280, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • gdm3 New Fork (PID: 5324, Parent: 1320)
  • Default (PID: 5324, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5342, Parent: 1320)
  • Default (PID: 5342, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • dash New Fork (PID: 5343, Parent: 5113)
  • xdotool (PID: 5343, Parent: 5113, MD5: 38ea1b4bfcc631da4576723b24e1510e) Arguments: xdotool windowminimize
  • srm (PID: 5344, Parent: 4485, MD5: 5d0db044b173f989a73a0790b19e79fa) Arguments: srm -fr /var/jbxkick /var/jbxinit.linux.py /home/saturnino/.config/autostart/jbxkick.desktop
  • rm (PID: 5347, Parent: 4485, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -fr /var/jbxkick /var/jbxinit.linux.py /home/saturnino/.config/autostart/jbxkick.desktop
  • umount (PID: 5348, Parent: 2258, MD5: 2a1758ef6cf863f285bc8a918edbc0be) Arguments: umount -v /var/jbxall
  • udisksd New Fork (PID: 5371, Parent: 799)
  • dumpe2fs (PID: 5371, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/sda2
  • udisksd New Fork (PID: 5373, Parent: 799)
  • dumpe2fs (PID: 5373, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • systemd New Fork (PID: 5378, Parent: 1860)
  • pulseaudio (PID: 5378, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5385, Parent: 1)
  • accounts-daemon (PID: 5385, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 5400, Parent: 5385, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 5401, Parent: 5400, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 5402, Parent: 5401, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 5403, Parent: 5402)
          • locale (PID: 5403, Parent: 5402, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 5404, Parent: 5402)
          • grep (PID: 5404, Parent: 5402, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • Default (PID: 5386, Parent: 1809, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PostSession/Default
  • gdm3 New Fork (PID: 5405, Parent: 1320)
  • gdm-session-worker (PID: 5405, Parent: 1320, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
    • gdm-wayland-session (PID: 5422, Parent: 5405, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
      • dbus-run-session (PID: 5425, Parent: 5422, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
        • dbus-daemon (PID: 5426, Parent: 5425, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
          • dbus-daemon New Fork (PID: 5430, Parent: 5426)
            • false (PID: 5431, Parent: 5430, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5433, Parent: 5426)
            • false (PID: 5434, Parent: 5433, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5435, Parent: 5426)
            • false (PID: 5436, Parent: 5435, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5437, Parent: 5426)
            • false (PID: 5438, Parent: 5437, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5439, Parent: 5426)
            • false (PID: 5440, Parent: 5439, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5441, Parent: 5426)
            • false (PID: 5442, Parent: 5441, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5444, Parent: 5426)
            • false (PID: 5445, Parent: 5444, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • gnome-session (PID: 5427, Parent: 5425, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: gnome-session --autostart /usr/share/gdm/greeter/autostart
        • gnome-session-binary (PID: 5427, Parent: 5425, MD5: d9b90be4f7db60cb3c2d3da6a1d31bfb) Arguments: /usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
          • session-migration (PID: 5446, Parent: 5427, MD5: 5227af42ebf14ac2fe2acddb002f68dc) Arguments: session-migration
          • sh (PID: 5447, Parent: 5427, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
          • gnome-shell (PID: 5447, Parent: 5427, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
  • gdm3 New Fork (PID: 5416, Parent: 1320)
  • Default (PID: 5416, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5473, Parent: 1320)
  • gdm-session-worker (PID: 5473, Parent: 1320, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
    • gdm-x-session (PID: 5490, Parent: 5473, MD5: 498a824333f1c1ec7767f4612d1887cc) Arguments: /usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
      • Xorg (PID: 5494, Parent: 5490, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg.wrap (PID: 5494, Parent: 5490, MD5: 48993830888200ecf19dd7def0884dfd) Arguments: /usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg (PID: 5494, Parent: 5490, MD5: 730cf4c45a7ee8bea88abf165463b7f8) Arguments: /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
        • Xorg New Fork (PID: 5506, Parent: 5494)
        • sh (PID: 5506, Parent: 5494, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
          • sh New Fork (PID: 5507, Parent: 5506)
          • xkbcomp (PID: 5507, Parent: 5506, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
        • Xorg New Fork (PID: 5752, Parent: 5494)
        • sh (PID: 5752, Parent: 5494, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
          • sh New Fork (PID: 5753, Parent: 5752)
          • xkbcomp (PID: 5753, Parent: 5752, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
      • Default (PID: 5512, Parent: 5490, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/Prime/Default
      • dbus-run-session (PID: 5513, Parent: 5490, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
        • dbus-daemon (PID: 5514, Parent: 5513, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
          • dbus-daemon New Fork (PID: 5529, Parent: 5514)
            • at-spi-bus-launcher (PID: 5530, Parent: 5529, MD5: 1563f274acd4e7ba530a55bdc4c95682) Arguments: /usr/libexec/at-spi-bus-launcher
              • dbus-daemon (PID: 5535, Parent: 5530, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
                • dbus-daemon New Fork (PID: 5867, Parent: 5535)
                  • at-spi2-registryd (PID: 5868, Parent: 5867, MD5: 1d904c2693452edebc7ede3a9e24d440) Arguments: /usr/libexec/at-spi2-registryd --use-gnome-session
          • dbus-daemon New Fork (PID: 5559, Parent: 5514)
            • false (PID: 5560, Parent: 5559, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5562, Parent: 5514)
            • false (PID: 5563, Parent: 5562, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5564, Parent: 5514)
            • false (PID: 5565, Parent: 5564, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5566, Parent: 5514)
            • false (PID: 5567, Parent: 5566, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5568, Parent: 5514)
            • false (PID: 5569, Parent: 5568, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5570, Parent: 5514)
            • false (PID: 5571, Parent: 5570, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5573, Parent: 5514)
            • false (PID: 5574, Parent: 5573, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5750, Parent: 5514)
            • ibus-portal (PID: 5751, Parent: 5750, MD5: 562ad55bd9a4d54bd7b76746b01e37d3) Arguments: /usr/libexec/ibus-portal
          • dbus-daemon New Fork (PID: 5874, Parent: 5514)
            • gjs (PID: 5875, Parent: 5874, MD5: 5f3eceb792bb65c22f23d1efb4fde3ad) Arguments: /usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
          • dbus-daemon New Fork (PID: 5936, Parent: 5514)
            • false (PID: 5937, Parent: 5936, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • gnome-session (PID: 5515, Parent: 5513, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: gnome-session --autostart /usr/share/gdm/greeter/autostart
        • gnome-session-binary (PID: 5515, Parent: 5513, MD5: d9b90be4f7db60cb3c2d3da6a1d31bfb) Arguments: /usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
          • session-migration (PID: 5575, Parent: 5515, MD5: 5227af42ebf14ac2fe2acddb002f68dc) Arguments: session-migration
          • sh (PID: 5576, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
          • gnome-shell (PID: 5576, Parent: 5515, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
            • ibus-daemon (PID: 5623, Parent: 5576, MD5: 1e00fb9860b198c73f6e364e3ff16f31) Arguments: ibus-daemon --panel disable --xim
              • ibus-memconf (PID: 5746, Parent: 5623, MD5: 523e939905910d06598e66385761a822) Arguments: /usr/libexec/ibus-memconf
              • ibus-daemon New Fork (PID: 5748, Parent: 5623)
                • ibus-x11 (PID: 5749, Parent: 1, MD5: 2aa1e54666191243814c2733d6992dbd) Arguments: /usr/libexec/ibus-x11 --kill-daemon
              • ibus-engine-simple (PID: 5915, Parent: 5623, MD5: 0238866d5e8802a0ce1b1b9af8cb1376) Arguments: /usr/libexec/ibus-engine-simple
          • sh (PID: 5890, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
          • gsd-sharing (PID: 5890, Parent: 5515, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
          • sh (PID: 5892, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
          • gsd-wacom (PID: 5892, Parent: 5515, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
          • sh (PID: 5894, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
          • gsd-color (PID: 5894, Parent: 5515, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color
          • sh (PID: 5895, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
          • gsd-keyboard (PID: 5895, Parent: 5515, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard
          • sh (PID: 5896, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
          • sh (PID: 5897, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
          • gsd-rfkill (PID: 5897, Parent: 5515, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
          • sh (PID: 5898, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
          • gsd-smartcard (PID: 5898, Parent: 5515, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard
          • sh (PID: 5899, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
          • gsd-datetime (PID: 5899, Parent: 5515, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime
          • sh (PID: 5903, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
          • gsd-media-keys (PID: 5903, Parent: 5515, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys
          • sh (PID: 5904, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
          • gsd-screensaver-proxy (PID: 5904, Parent: 5515, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy
          • sh (PID: 5905, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
          • gsd-sound (PID: 5905, Parent: 5515, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound
          • sh (PID: 5909, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
          • gsd-a11y-settings (PID: 5909, Parent: 5515, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings
          • sh (PID: 5911, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
          • gsd-housekeeping (PID: 5911, Parent: 5515, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
          • sh (PID: 5914, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
          • gsd-power (PID: 5914, Parent: 5515, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power
          • sh (PID: 6417, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
          • spice-vdagent (PID: 6417, Parent: 5515, MD5: 80fb7f613aa78d1b8a229dbcf4577a9d) Arguments: /usr/bin/spice-vdagent
          • sh (PID: 6419, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
          • xbrlapi (PID: 6419, Parent: 5515, MD5: 0cfe25df39d38af32d6265ed947ca5b9) Arguments: xbrlapi -q
  • gdm3 New Fork (PID: 5474, Parent: 1320)
  • Default (PID: 5474, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5475, Parent: 1320)
  • Default (PID: 5475, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • fusermount (PID: 5479, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 5491, Parent: 1)
  • systemd-user-runtime-dir (PID: 5491, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 1000
  • systemd New Fork (PID: 5600, Parent: 1)
  • systemd-localed (PID: 5600, Parent: 1, MD5: 1244af9646256d49594f2a8203329aa9) Arguments: /lib/systemd/systemd-localed
  • systemd New Fork (PID: 5761, Parent: 1334)
  • pulseaudio (PID: 5761, Parent: 1334, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5764, Parent: 1)
  • geoclue (PID: 5764, Parent: 1, MD5: 30ac5455f3c598dde91dc87477fb19f7) Arguments: /usr/libexec/geoclue
  • systemd New Fork (PID: 5940, Parent: 1)
  • systemd-hostnamed (PID: 5940, Parent: 1, MD5: 2cc8a5576629a2d5bd98e49a4b8bef65) Arguments: /lib/systemd/systemd-hostnamed
  • systemd New Fork (PID: 6175, Parent: 1)
  • systemd-localed (PID: 6175, Parent: 1, MD5: 1244af9646256d49594f2a8203329aa9) Arguments: /lib/systemd/systemd-localed
  • systemd New Fork (PID: 6302, Parent: 1)
  • fprintd (PID: 6302, Parent: 1, MD5: b0d8829f05cd028529b84b061b660e84) Arguments: /usr/libexec/fprintd
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
SZAYTvvY9YSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0x168c4:$xo1: \x175 366;uotj
  • 0x16934:$xo1: \x175 366;uotj
  • 0x169a4:$xo1: \x175 366;uotj
  • 0x16a14:$xo1: \x175 366;uotj
  • 0x16a84:$xo1: \x175 366;uotj
SZAYTvvY9YMAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
  • 0x16480:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
SZAYTvvY9YJoeSecurity_Mirai_5Yara detected MiraiJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      5243.1.0000000060ca3480.0000000056a06d25.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
      • 0x2284:$xo1: \x175 366;uotj
      • 0x22f8:$xo1: \x175 366;uotj
      • 0x236c:$xo1: \x175 366;uotj
      • 0x23e0:$xo1: \x175 366;uotj
      • 0x2454:$xo1: \x175 366;uotj
      5247.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
      • 0x168c4:$xo1: \x175 366;uotj
      • 0x16934:$xo1: \x175 366;uotj
      • 0x169a4:$xo1: \x175 366;uotj
      • 0x16a14:$xo1: \x175 366;uotj
      • 0x16a84:$xo1: \x175 366;uotj
      5247.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmpMAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
      • 0x16480:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
      5247.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
        5250.1.0000000060ca3480.0000000056a06d25.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
        • 0x2284:$xo1: \x175 366;uotj
        • 0x22f8:$xo1: \x175 366;uotj
        • 0x236c:$xo1: \x175 366;uotj
        • 0x23e0:$xo1: \x175 366;uotj
        • 0x2454:$xo1: \x175 366;uotj
        Click to see the 11 entries

        Jbx Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Multi AV Scanner detection for submitted fileShow sources
        Source: SZAYTvvY9YVirustotal: Detection: 37%Perma Link
        Source: SZAYTvvY9YReversingLabs: Detection: 54%
        Source: /usr/bin/pulseaudio (PID: 5378)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/lib/xorg/Xorg (PID: 5494)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/libexec/gnome-session-check-accelerated (PID: 5516)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5536)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5548)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/gnome-shell (PID: 5576)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pulseaudio (PID: 5761)Reads CPU info from /sys: /sys/devices/system/cpu/online

        Networking:

        barindex
        Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
        Source: TrafficSnort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:33922
        Source: TrafficSnort IDS: 215 BACKDOOR MISC Linux rootkit attempt 192.168.2.23:44254 -> 190.129.192.73:23
        Source: TrafficSnort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44110
        Source: TrafficSnort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:33922
        Source: TrafficSnort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:34004
        Source: TrafficSnort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44148
        Source: TrafficSnort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:34004
        Source: TrafficSnort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44180
        Source: TrafficSnort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:34032
        Source: TrafficSnort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44192
        Source: TrafficSnort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:34032
        Source: TrafficSnort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44200
        Source: TrafficSnort IDS: 215 BACKDOOR MISC Linux rootkit attempt 192.168.2.23:60222 -> 190.149.60.33:23
        Source: TrafficSnort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44240
        Source: TrafficSnort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:34100
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:34652
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:34652
        Source: TrafficSnort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:34100
        Source: TrafficSnort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44286
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:34698
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:34698
        Source: TrafficSnort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44350
        Source: TrafficSnort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:34202
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:34778
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:34778
        Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:34804 -> 85.128.17.228:23
        Source: TrafficSnort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44372
        Source: TrafficSnort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:34202
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:34804
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:34804
        Source: TrafficSnort IDS: 716 INFO TELNET access 202.94.51.156:23 -> 192.168.2.23:44404
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:34834
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:34834
        Source: TrafficSnort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:34328
        Source: TrafficSnort IDS: 215 BACKDOOR MISC Linux rootkit attempt 192.168.2.23:34940 -> 85.128.17.228:23
        Source: TrafficSnort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:34328
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:34940
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:34940
        Source: TrafficSnort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:34422
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:34988
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:34988
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 69.7.118.87:23 -> 192.168.2.23:35250
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 69.7.118.87:23 -> 192.168.2.23:35250
        Source: TrafficSnort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:34422
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:35020
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:35020
        Source: TrafficSnort IDS: 716 INFO TELNET access 122.152.54.24:23 -> 192.168.2.23:34462
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:35046
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:35046
        Source: TrafficSnort IDS: 492 INFO TELNET login failed 122.152.54.24:23 -> 192.168.2.23:34462
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.128.17.228:23 -> 192.168.2.23:35058
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.128.17.228:23 -> 192.168.2.23:35058
        Uses known network protocols on non-standard portsShow sources
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52914
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52924
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52932
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52940
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52948
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52954
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52960
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52968
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52972
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52974
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52978
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52980
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52984
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52986
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52988
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52990
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52994
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52996
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53002
        Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
        Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
        Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
        Source: global trafficTCP traffic: 192.168.2.23:42798 -> 31.133.0.49:3456
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 171.156.140.92:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 13.69.119.219:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 145.55.111.250:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 164.75.72.7:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 206.71.44.153:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 139.42.188.239:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 36.155.158.114:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 64.90.26.250:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 199.161.164.206:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 199.56.244.77:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 147.215.81.51:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 92.180.166.99:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 166.59.123.112:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 63.176.53.228:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 178.157.2.84:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 50.14.90.156:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 175.230.64.214:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 162.92.97.0:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 61.77.140.163:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 173.41.196.169:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 74.197.176.22:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 38.97.125.66:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 52.222.86.6:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 183.108.174.21:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 113.37.174.171:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 114.251.88.184:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 182.130.230.198:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 95.128.73.95:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 213.164.21.128:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 138.243.42.27:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 1.215.174.140:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 122.135.93.236:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 147.51.12.250:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 195.248.71.28:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 1.248.174.101:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 117.109.181.111:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 202.186.2.179:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 129.192.219.32:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 124.202.239.138:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 139.227.132.240:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 182.117.148.228:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 102.133.186.207:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 190.202.115.134:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 166.129.171.220:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 38.225.72.10:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 147.0.143.254:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 138.111.128.119:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 188.200.197.71:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 189.188.40.30:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 219.9.175.69:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 75.73.42.10:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 166.174.223.84:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 78.107.66.250:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 43.97.174.99:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 119.217.81.3:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 37.61.140.83:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 130.121.229.87:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 183.142.205.148:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 208.46.127.45:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 196.53.137.58:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 169.144.87.164:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 64.93.38.171:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 115.132.223.120:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 70.208.137.19:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 204.34.186.218:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 205.147.242.235:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 176.195.153.242:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 75.81.24.210:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 89.224.128.104:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 1.158.77.177:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 103.118.21.193:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 86.214.217.133:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 115.119.159.175:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 207.123.182.180:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 197.190.9.168:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 1.64.230.35:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 52.191.235.84:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 99.189.103.96:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 68.75.255.78:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 159.178.7.114:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 95.47.48.145:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 18.26.155.153:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 167.206.203.161:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 70.22.201.42:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 177.157.179.143:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 180.172.143.107:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 156.155.205.149:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 186.157.179.174:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 137.38.1.69:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 203.143.37.139:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 185.146.68.95:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 81.19.212.83:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 90.112.203.102:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 149.155.239.118:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 102.90.116.241:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 83.97.79.168:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 120.99.5.27:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 223.71.234.45:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 131.177.50.143:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 137.196.114.181:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 102.71.138.236:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 186.83.215.223:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 194.24.131.224:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 2.240.226.248:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 188.151.238.27:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 18.38.212.36:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 52.229.27.204:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 208.84.64.141:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 38.179.143.100:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 179.253.19.150:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 5.178.20.8:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 95.205.194.251:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 61.4.161.234:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 120.249.40.152:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 149.190.28.90:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 47.141.34.126:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 178.62.124.125:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 124.57.26.9:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 98.245.118.136:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 68.123.192.107:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 75.181.74.213:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 135.54.87.142:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 167.51.241.72:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 140.209.198.111:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 137.2.179.198:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 199.128.245.200:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 152.217.81.68:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 90.115.194.60:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 54.142.67.147:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 103.65.206.174:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 76.151.42.85:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 141.105.225.35:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 124.141.149.90:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 9.206.113.168:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 165.102.194.99:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 81.92.89.124:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 148.39.192.197:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 66.177.211.220:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 153.148.174.248:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 175.14.135.239:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 145.94.35.90:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 130.156.16.131:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 74.46.142.121:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 177.242.248.148:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 53.39.89.157:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 147.93.207.181:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 111.112.118.180:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 103.244.219.205:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 78.46.242.22:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 154.66.158.55:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 25.64.111.7:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 117.132.37.141:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 146.183.233.58:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 112.136.174.171:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 27.89.23.18:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 114.38.130.72:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 68.70.104.179:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 101.172.58.129:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 123.6.88.161:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 98.62.76.191:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 128.8.100.32:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 58.37.110.165:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 5.53.94.179:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 168.133.215.182:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 182.178.37.119:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 58.179.66.158:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 75.74.166.143:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 35.30.198.228:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 205.51.180.28:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 137.206.223.141:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 126.223.30.18:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 27.110.248.100:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 102.25.2.25:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 82.234.203.157:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 186.218.210.122:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 78.212.85.102:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 154.146.231.45:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 218.226.209.248:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 12.181.228.22:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 197.197.160.223:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 105.164.70.105:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 47.26.76.244:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 20.251.214.158:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 156.207.10.152:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 181.146.109.173:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 133.192.211.242:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 114.7.68.112:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 84.66.131.38:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 20.73.194.11:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 152.222.204.52:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 130.240.187.45:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 85.157.228.11:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 219.144.124.182:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 44.134.205.32:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 121.190.169.11:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 211.160.233.185:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 149.196.231.109:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 83.123.22.192:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 76.118.197.5:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 23.2.4.195:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 156.77.93.234:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 77.218.170.101:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 100.144.154.72:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 71.240.105.132:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 124.206.88.104:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 135.35.199.17:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 125.50.2.71:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 129.231.108.77:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 62.57.131.136:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 204.7.230.167:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 4.95.239.0:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 34.11.253.71:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 129.177.111.241:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 66.114.22.255:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 61.63.64.51:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 162.56.10.139:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 13.93.28.252:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 115.113.93.98:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 145.242.218.137:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 58.31.99.247:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 221.47.72.228:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 12.81.5.154:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 90.80.111.132:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 144.98.238.10:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 158.185.56.232:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 88.217.156.91:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 218.228.112.116:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 185.35.249.116:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 2.127.247.148:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 35.28.33.17:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 161.36.207.213:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 90.51.230.228:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 2.18.132.169:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 38.78.91.111:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 115.17.200.112:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 13.174.89.241:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 178.196.227.0:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 170.155.48.13:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 130.21.117.184:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 114.170.43.181:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 223.200.14.11:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 49.125.149.229:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 34.228.161.156:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 27.73.79.56:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 194.46.176.127:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 180.95.91.66:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 80.76.238.163:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 45.182.72.180:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 208.242.246.110:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 14.78.239.82:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 80.122.167.237:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 196.156.233.84:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 118.102.53.184:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 110.43.223.102:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 178.72.93.241:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 58.235.195.40:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 62.225.85.234:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 59.215.147.109:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 219.22.19.61:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 14.161.148.133:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 25.7.215.249:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 75.91.226.21:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 191.130.44.241:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 85.128.122.173:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 164.100.145.169:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 223.197.214.65:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 138.99.132.163:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 143.108.140.25:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 218.89.18.173:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 151.204.69.78:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 165.67.238.32:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 155.114.117.203:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 129.154.83.148:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 57.119.13.48:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 52.159.23.168:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 162.200.66.17:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 177.209.66.24:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 220.247.204.53:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 58.241.48.235:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 130.116.252.175:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 62.205.65.75:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 72.61.82.47:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 103.235.146.212:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 175.40.13.250:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 1.239.220.107:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 142.157.176.244:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 27.233.214.171:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 219.244.135.172:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 155.166.189.41:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 20.118.56.189:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 150.144.77.184:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 60.15.39.104:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 60.225.242.124:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 49.139.58.235:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 67.81.217.88:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 59.158.255.55:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 110.218.32.189:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 46.237.218.69:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 194.148.109.229:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 73.207.38.55:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 182.63.74.112:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 145.144.101.233:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 72.173.92.199:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 1.175.209.179:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 216.76.181.189:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 14.253.81.73:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 34.205.68.107:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 31.226.124.227:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 60.122.93.108:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 216.53.102.20:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 89.176.72.22:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 135.18.28.193:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 136.67.179.242:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 45.138.128.10:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 223.92.181.47:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 106.231.45.35:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 104.116.70.87:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 170.28.126.196:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 209.150.121.174:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 63.116.82.186:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 138.229.78.43:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 170.69.244.8:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 150.187.91.16:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 58.189.120.127:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 34.22.135.88:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 59.219.129.110:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 72.121.149.96:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 95.60.254.250:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 147.119.62.86:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 49.198.108.83:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 139.247.36.155:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 23.22.139.109:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 183.78.153.49:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 153.211.23.91:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 93.0.31.100:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 198.208.90.195:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 190.44.250.247:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 64.128.26.232:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 178.226.77.177:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 120.141.130.238:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 173.54.225.110:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 125.35.162.207:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 133.133.177.229:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 180.29.180.221:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 201.62.34.152:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 37.43.24.152:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 92.80.63.119:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 45.32.210.111:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 101.151.211.70:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 114.126.24.223:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 154.36.188.115:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 35.159.63.116:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 115.252.31.123:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 112.209.56.8:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 43.231.10.114:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 158.194.67.133:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 119.61.71.29:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 141.197.253.186:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 80.10.208.101:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 130.134.244.154:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 101.137.1.0:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 195.33.188.179:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 120.44.153.134:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 4.186.35.165:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 90.147.152.254:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 220.56.165.93:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 219.15.29.56:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 40.166.113.175:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 188.154.8.176:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 1.86.171.133:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 174.64.168.51:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 180.225.88.143:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 82.135.67.199:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 68.147.3.35:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 182.176.30.119:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 198.109.115.185:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 153.67.47.8:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 219.185.55.118:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 203.41.120.195:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 158.80.188.239:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 126.110.24.69:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 101.210.204.62:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 44.251.155.250:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 206.114.35.137:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 201.169.96.176:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 73.186.154.124:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 219.183.30.190:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 32.237.241.10:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 65.199.59.66:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 207.244.148.26:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 188.187.253.255:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 223.64.254.172:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 148.10.210.233:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 71.101.199.150:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 113.210.214.194:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 121.231.69.157:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 125.170.79.131:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 175.249.176.123:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 112.155.126.128:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 161.89.114.23:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 134.219.23.69:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 151.157.174.65:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 223.136.184.157:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 206.167.118.5:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 181.31.153.104:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 147.95.180.149:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 166.180.56.196:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 187.250.182.159:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 115.158.73.215:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 40.94.146.241:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 135.16.229.38:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 74.70.118.201:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 178.224.55.136:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 95.181.131.224:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 133.87.19.81:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 159.129.118.124:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 177.231.187.255:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 25.111.239.54:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 180.35.188.151:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 148.2.186.119:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 146.161.236.222:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 179.185.48.25:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 176.59.220.241:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 63.181.89.166:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 142.115.158.234:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 194.132.138.100:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 116.153.174.23:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 1.27.65.70:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 159.92.130.125:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 120.149.228.45:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 147.79.230.22:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 83.144.81.234:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 146.227.43.29:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 161.156.188.111:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 40.116.252.172:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 8.96.183.57:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 208.190.2.89:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 38.61.19.236:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 184.47.233.191:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 164.8.137.57:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 1.174.119.62:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 102.142.45.107:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 160.46.48.210:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 75.224.147.72:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 104.113.237.15:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 166.197.234.31:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 104.150.166.108:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 47.39.206.225:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 106.204.216.233:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 12.221.15.57:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 42.187.139.95:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 115.167.231.51:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 149.39.255.14:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 104.227.15.136:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 187.185.141.130:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 130.25.146.26:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 186.18.104.245:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 19.10.220.63:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 185.190.181.5:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 173.99.223.241:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 79.198.188.110:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 75.89.206.247:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 82.220.134.51:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 118.10.117.60:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 210.63.59.17:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 202.212.134.218:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 195.8.168.207:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 96.172.198.21:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 106.185.88.201:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 67.61.229.14:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 99.177.195.78:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 213.163.68.78:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 155.13.53.238:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 143.21.201.242:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 64.198.152.50:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 193.224.26.2:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 114.95.48.33:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 133.128.94.115:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 9.187.63.141:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 96.141.172.142:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 166.154.187.83:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 195.238.193.19:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 197.105.121.244:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 161.226.57.32:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 168.143.45.243:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 98.67.242.18:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 194.48.107.80:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 100.153.224.252:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 145.238.125.101:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 60.237.191.193:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 66.56.122.123:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 213.182.23.121:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 44.234.142.74:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 219.241.83.139:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 83.254.205.132:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 182.127.238.63:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 169.99.212.120:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 163.32.197.72:2323
        Source: global trafficTCP traffic: 192.168.2.23:49645 -> 144.17.224.243:2323
        Source: /tmp/SZAYTvvY9Y (PID: 5243)Socket: 127.0.0.1::34561
        Source: /tmp/SZAYTvvY9Y (PID: 5243)Socket: 0.0.0.0::23
        Source: /lib/systemd/systemd-journald (PID: 5275)Socket: <unknown socket type>:unknown
        Source: /usr/bin/dbus-daemon (PID: 5426)Socket: <unknown socket type>:unknown
        Source: /usr/libexec/gnome-session-binary (PID: 5427)Socket: <unknown socket type>:unknown
        Source: /usr/lib/xorg/Xorg (PID: 5494)Socket: <unknown socket type>:unknown
        Source: /usr/bin/dbus-daemon (PID: 5514)Socket: <unknown socket type>:unknown
        Source: /usr/bin/dbus-daemon (PID: 5535)Socket: <unknown socket type>:unknown
        Source: /usr/libexec/gnome-session-binary (PID: 5515)Socket: <unknown socket type>:unknown
        Source: /usr/bin/ibus-daemon (PID: 5623)Socket: <unknown socket type>:unknown
        Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
        Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
        Source: unknownTCP traffic detected without corresponding DNS query: 31.133.0.49
        Source: unknownTCP traffic detected without corresponding DNS query: 171.156.140.92
        Source: unknownTCP traffic detected without corresponding DNS query: 92.230.46.98
        Source: unknownTCP traffic detected without corresponding DNS query: 128.146.30.93
        Source: unknownTCP traffic detected without corresponding DNS query: 4.2.238.247
        Source: unknownTCP traffic detected without corresponding DNS query: 43.21.94.232
        Source: unknownTCP traffic detected without corresponding DNS query: 61.75.144.181
        Source: unknownTCP traffic detected without corresponding DNS query: 13.69.119.219
        Source: unknownTCP traffic detected without corresponding DNS query: 27.193.248.53
        Source: unknownTCP traffic detected without corresponding DNS query: 27.40.58.27
        Source: unknownTCP traffic detected without corresponding DNS query: 63.160.245.31
        Source: unknownTCP traffic detected without corresponding DNS query: 125.163.96.77
        Source: unknownTCP traffic detected without corresponding DNS query: 47.219.185.254
        Source: unknownTCP traffic detected without corresponding DNS query: 129.48.221.40
        Source: unknownTCP traffic detected without corresponding DNS query: 175.67.20.221
        Source: unknownTCP traffic detected without corresponding DNS query: 20.119.46.252
        Source: unknownTCP traffic detected without corresponding DNS query: 175.27.187.21
        Source: unknownTCP traffic detected without corresponding DNS query: 197.252.201.236
        Source: unknownTCP traffic detected without corresponding DNS query: 161.41.203.90
        Source: unknownTCP traffic detected without corresponding DNS query: 32.144.142.174
        Source: unknownTCP traffic detected without corresponding DNS query: 172.192.7.255
        Source: unknownTCP traffic detected without corresponding DNS query: 188.152.133.49
        Source: unknownTCP traffic detected without corresponding DNS query: 133.227.152.217
        Source: unknownTCP traffic detected without corresponding DNS query: 67.194.253.162
        Source: unknownTCP traffic detected without corresponding DNS query: 14.133.211.236
        Source: unknownTCP traffic detected without corresponding DNS query: 101.246.218.146
        Source: unknownTCP traffic detected without corresponding DNS query: 53.12.207.28
        Source: unknownTCP traffic detected without corresponding DNS query: 135.96.102.84
        Source: unknownTCP traffic detected without corresponding DNS query: 99.69.238.116
        Source: unknownTCP traffic detected without corresponding DNS query: 184.205.116.64
        Source: unknownTCP traffic detected without corresponding DNS query: 145.55.111.250
        Source: unknownTCP traffic detected without corresponding DNS query: 222.59.97.45
        Source: unknownTCP traffic detected without corresponding DNS query: 122.148.237.175
        Source: unknownTCP traffic detected without corresponding DNS query: 24.166.188.148
        Source: unknownTCP traffic detected without corresponding DNS query: 88.185.182.115
        Source: unknownTCP traffic detected without corresponding DNS query: 114.201.194.140
        Source: unknownTCP traffic detected without corresponding DNS query: 79.18.200.185
        Source: unknownTCP traffic detected without corresponding DNS query: 143.191.232.46
        Source: unknownTCP traffic detected without corresponding DNS query: 48.124.5.39
        Source: unknownTCP traffic detected without corresponding DNS query: 161.202.172.175
        Source: unknownTCP traffic detected without corresponding DNS query: 164.75.72.7
        Source: unknownTCP traffic detected without corresponding DNS query: 40.17.109.241
        Source: unknownTCP traffic detected without corresponding DNS query: 183.113.135.68
        Source: unknownTCP traffic detected without corresponding DNS query: 187.77.197.79
        Source: unknownTCP traffic detected without corresponding DNS query: 34.64.83.130
        Source: unknownTCP traffic detected without corresponding DNS query: 75.74.90.142
        Source: unknownTCP traffic detected without corresponding DNS query: 159.220.227.250
        Source: unknownTCP traffic detected without corresponding DNS query: 98.87.173.43
        Source: Xorg.0.log.106.drString found in binary or memory: http://wiki.x.org
        Source: Xorg.0.log.106.drString found in binary or memory: http://www.ubuntu.com/support)

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: SZAYTvvY9Y, type: SAMPLEMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 5247.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 5250.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 5243.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 5248.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: SZAYTvvY9Y, type: SAMPLEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
        Source: SZAYTvvY9Y, type: SAMPLEMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 5243.1.0000000060ca3480.0000000056a06d25.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
        Source: 5247.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
        Source: 5247.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 5250.1.0000000060ca3480.0000000056a06d25.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
        Source: 5248.1.0000000060ca3480.0000000056a06d25.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
        Source: 5250.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
        Source: 5250.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 5243.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
        Source: 5243.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 5248.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
        Source: 5248.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 5247.1.0000000060ca3480.0000000056a06d25.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
        Source: /tmp/SZAYTvvY9Y (PID: 5247)SIGKILL sent: pid: 491, result: successful
        Source: /tmp/SZAYTvvY9Y (PID: 5247)SIGKILL sent: pid: 1477, result: successful
        Source: /tmp/SZAYTvvY9Y (PID: 5247)SIGKILL sent: pid: 1877, result: successful
        Source: /tmp/SZAYTvvY9Y (PID: 5247)SIGKILL sent: pid: 1900, result: successful
        Source: /tmp/SZAYTvvY9Y (PID: 5247)SIGKILL sent: pid: 2009, result: successful
        Source: /usr/bin/dbus-daemon (PID: 5514)SIGKILL sent: pid: 5529, result: successful
        Source: /usr/bin/dbus-daemon (PID: 5514)SIGKILL sent: pid: 5750, result: successful
        Source: /usr/bin/dbus-daemon (PID: 5514)SIGKILL sent: pid: 5874, result: successful
        Source: /usr/bin/dbus-daemon (PID: 5535)SIGKILL sent: pid: 5867, result: successful
        Source: ELF static info symbol of initial sample.symtab present: no
        Source: SZAYTvvY9YJoe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
        Source: classification engineClassification label: mal100.troj.evad.lin@0/112@0/0

        Persistence and Installation Behavior:

        barindex
        Sample tries to persist itself using .desktop filesShow sources
        Source: /usr/bin/srm (PID: 5344)File: /home/saturnino/.config/autostart/jbxkick.desktopJump to behavior
        Sample reads /proc/mounts (often used for finding a writable filesystem)Show sources
        Source: /usr/bin/dbus-daemon (PID: 5426)File: /proc/5426/mountsJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 5514)File: /proc/5514/mountsJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 5535)File: /proc/5535/mountsJump to behavior
        Source: /usr/bin/gjs (PID: 5875)File: /proc/5875/mountsJump to behavior
        Source: /usr/bin/gnome-shell (PID: 5576)File: /proc/5576/mountsJump to behavior
        Source: /bin/fusermount (PID: 5479)File: /proc/5479/mounts
        Source: /usr/bin/srm (PID: 5344)Python file created: /var/jbxinit.linux.pyJump to dropped file
        Source: /bin/sh (PID: 5404)Grep executable: /usr/bin/grep -> grep -F .utf8
        Source: /lib/systemd/systemd-journald (PID: 5275)Reads from proc file: /proc/meminfoJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/5385/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/5385/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/5385/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/5385/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/5385/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/5385/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/5385/cgroup
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2078/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2078/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2078/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2078/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2078/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2078/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2078/cgroup
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2077/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2077/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2077/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2077/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2077/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2077/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2077/cgroup
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2033/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2033/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2033/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2033/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2033/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2033/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2033/cgroup
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2074/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2074/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2074/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2074/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2074/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2074/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2074/cgroup
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2074/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/cgroup
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/cgroup
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/cgroup
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2028/cgroup
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1334/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1334/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1334/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1334/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1334/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1334/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1334/cgroup
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1334/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1334/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1334/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1334/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1334/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1334/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1334/cgroup
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1532/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1532/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1532/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1532/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1532/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1532/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/1532/cgroup
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2302/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2302/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2302/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2302/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2302/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2302/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/2302/cgroup
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/cgroup
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/cgroup
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/comm
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/cmdline
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/status
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/attr/current
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/sessionid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/loginuid
        Source: /lib/systemd/systemd-journald (PID: 5275)File opened: /proc/797/cgroup
        Source: /usr/lib/accountsservice/accounts-daemon (PID: 5385)Directory: /root/.cacheJump to behavior
        Source: /usr/lib/accountsservice/accounts-daemon (PID: 5385)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)Jump to behavior
        Source: /usr/lib/accountsservice/accounts-daemon (PID: 5385)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)Jump to behavior
        Source: /usr/share/language-tools/language-options (PID: 5402)Shell command executed: sh -c "locale -a | grep -F .utf8 "
        Source: /usr/lib/xorg/Xorg (PID: 5506)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
        Source: /usr/lib/xorg/Xorg (PID: 5752)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
        Source: /usr/bin/python2.7 (PID: 5347)Rm executable: /usr/bin/rm -> rm -fr /var/jbxkick /var/jbxinit.linux.py /home/saturnino/.config/autostart/jbxkick.desktop
        Source: /usr/bin/xdotool (PID: 5343)Log file created: /var/jbx/logs/jbxinit.linux.out.log
        Source: /usr/bin/umount (PID: 5348)Log file created: /var/jbx/logs/jbxinit.linux.out.logJump to dropped file
        Source: /usr/lib/xorg/Xorg (PID: 5494)Log file created: /var/log/Xorg.0.logJump to dropped file

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Sample deletes itselfShow sources
        Source: /tmp/SZAYTvvY9Y (PID: 5243)File: /tmp/SZAYTvvY9YJump to behavior
        Uses known network protocols on non-standard portsShow sources
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52914
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52924
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52932
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52940
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52948
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52954
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52960
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52968
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52972
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52974
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52978
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52980
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52984
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52986
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52988
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52990
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52994
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52996
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53002
        Source: /usr/bin/pulseaudio (PID: 5378)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/lib/xorg/Xorg (PID: 5494)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/libexec/gnome-session-check-accelerated (PID: 5516)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5536)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5548)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/gnome-shell (PID: 5576)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pulseaudio (PID: 5761)Reads CPU info from /sys: /sys/devices/system/cpu/online
        Source: /tmp/SZAYTvvY9Y (PID: 5243)Queries kernel information via 'uname':
        Source: /lib/systemd/systemd-journald (PID: 5275)Queries kernel information via 'uname':
        Source: /usr/bin/xdotool (PID: 5343)Queries kernel information via 'uname':
        Source: /usr/bin/pulseaudio (PID: 5378)Queries kernel information via 'uname':
        Source: /usr/lib/gdm3/gdm-session-worker (PID: 5405)Queries kernel information via 'uname':
        Source: /usr/libexec/gnome-session-binary (PID: 5427)Queries kernel information via 'uname':
        Source: /usr/lib/gdm3/gdm-session-worker (PID: 5473)Queries kernel information via 'uname':
        Source: /usr/lib/gdm3/gdm-x-session (PID: 5490)Queries kernel information via 'uname':
        Source: /usr/lib/xorg/Xorg (PID: 5494)Queries kernel information via 'uname':
        Source: /usr/libexec/at-spi-bus-launcher (PID: 5530)Queries kernel information via 'uname':
        Source: /usr/libexec/at-spi2-registryd (PID: 5868)Queries kernel information via 'uname':
        Source: /usr/libexec/gnome-session-binary (PID: 5515)Queries kernel information via 'uname':
        Source: /usr/libexec/gnome-session-check-accelerated (PID: 5516)Queries kernel information via 'uname':
        Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5536)Queries kernel information via 'uname':
        Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5548)Queries kernel information via 'uname':
        Source: /usr/bin/gnome-shell (PID: 5576)Queries kernel information via 'uname':
        Source: /usr/libexec/ibus-x11 (PID: 5749)Queries kernel information via 'uname':
        Source: /usr/libexec/gsd-wacom (PID: 5892)Queries kernel information via 'uname':
        Source: /usr/libexec/gsd-color (PID: 5894)Queries kernel information via 'uname':
        Source: /usr/libexec/gsd-keyboard (PID: 5895)Queries kernel information via 'uname':
        Source: /usr/libexec/gsd-smartcard (PID: 5898)Queries kernel information via 'uname':
        Source: /usr/libexec/gsd-media-keys (PID: 5903)Queries kernel information via 'uname':
        Source: /usr/libexec/gsd-power (PID: 5914)Queries kernel information via 'uname':
        Source: /usr/bin/pulseaudio (PID: 5761)Queries kernel information via 'uname':
        Source: /lib/systemd/systemd-hostnamed (PID: 5940)Queries kernel information via 'uname':
        Source: /usr/libexec/fprintd (PID: 6302)Queries kernel information via 'uname':
        Source: /usr/lib/xorg/Xorg (PID: 5494)Truncated file: /var/log/Xorg.pid-5494.log
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.840] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.604] (**) vmware(0): Default mode "800x600": 50.0 MHz, 48.1 kHz, 72.2 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.972] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.766] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.720] (==) vmware(0): DPI set to (96, 96)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.507] (II) vmware(0): Modeline "1152x864"x70.0 96.77 1152 1224 1344 1536 864 865 868 900 -hsync +vsync (63.0 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 503.718] (==) Matched vmware as autoconfigured driver 0
        Source: Xorg.0.log.106.drBinary or memory string: [ 513.829] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
        Source: Xorg.0.log.106.drBinary or memory string: [ 514.970] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.024] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.836] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.003] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.620] (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.902] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.268] (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.689] (II) vmware(0): Modeline "720x400"x85.0 35.50 720 756 828 936 400 401 404 446 -hsync +vsync (37.9 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 513.838] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.212] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 515.112] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.052] (II) vmware(0): Not using default mode "1024x576" (monitor doesn't support reduced blanking)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.706] (**) vmware(0): Default mode "640x360": 17.8 MHz, 22.2 kHz, 59.3 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 515.118] (II) event2 - VirtualPS/2 VMware VMMouse: device removed
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.262] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.763] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.303] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.238] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.610] (==) vmware(0): Using HW cursor
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.885] (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.619] (II) vmware(0): Clock range: 0.00 to 400000.00 MHz
        Source: Xorg.0.log.106.drBinary or memory string: [ 509.185] (==) vmware(0): Silken mouse enabled
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.783] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.600] (II) vmware(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.848] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.029] (II) vmware(0): Not using default mode "864x486" (monitor doesn't support reduced blanking)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.372] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 514.897] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.133] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.908] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.809] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.487] (**) vmware(0): Default mode "1152x864": 108.0 MHz, 67.5 kHz, 75.0 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.579] (--) vmware(0): mheig: 885
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.663] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.678] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.706] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.628] (II) vmware(0): Not using default mode "360x200" (bad mode clock/interlace/doublescan)
        Source: SZAYTvvY9Y, 5243.1.00000000d71a4cb7.000000000598c956.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.065] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
        Source: Xorg.0.log.106.drBinary or memory string: [ 515.052] (**) VirtualPS/2 VMware VMMouse: always reports core events
        Source: Xorg.0.log.106.drBinary or memory string: [ 504.967] (II) vmware: driver for VMware SVGA: vmware0405, vmware0710
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.936] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.061] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.277] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 503.761] (II) Loading /usr/lib/xorg/modules/drivers/vmware_drv.so
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.696] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.898] (II) vmware(0): Not using default mode "800x512" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.576] (II) vmware(0): Modeline "832x624"x74.6 57.28 832 864 928 1152 624 625 628 667 -hsync -vsync (49.7 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.160] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.378] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.460] (II) vmware(0): Modeline "vmwlegacy-default-800x600"x60.0 36.25 800 801 802 1002 600 601 602 603 (36.2 kHz ez)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.582] (--) vmware(0): depth: 24
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.181] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.229] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 515.184] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.952] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.544] (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.208] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.616] (II) vmware(0): Modeline "800x600"x60.3 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 515.020] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event2)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.013] (II) vmware(0): Not using default mode "720x405" (monitor doesn't support reduced blanking)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.580] (**) vmware(0): Default mode "960x540": 40.8 MHz, 33.5 kHz, 59.6 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.529] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 515.163] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.829] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.516] (II) vmware(0): Modeline "1152x864"x60.0 81.62 1152 1216 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.563] (**) vmware(0): Default mode "1024x576": 46.5 MHz, 35.9 kHz, 59.9 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.749] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.483] (II) vmware(0): Modeline "1152x864"x85.0 119.65 1152 1224 1352 1552 864 865 868 907 -hsync +vsync (77.1 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.667] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.041] (II) vmware(0): Not using default mode "960x540" (monitor doesn't support reduced blanking)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.616] (==) vmware(0): Using gamma correction (1.0, 1.0, 1.0)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.634] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.669] (II) vmware(0): Modeline "640x480"x72.8 31.50 640 664 704 832 480 489 492 520 -hsync -vsync (37.9 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.440] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.806] (II) vmware(0): Not using default mode "416x312" (bad mode clock/interlace/doublescan)
        Source: SZAYTvvY9Y, 5243.1.000000005f9a004a.00000000839dc569.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel
        Source: Xorg.0.log.106.drBinary or memory string: [ 503.743] (II) LoadModule: "vmware"
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.656] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.354] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.572] (--) vmware(0): pbase: 0xe8000000
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.611] (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.773] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.803] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.107] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.637] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.414] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.175] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.258] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.613] (==) vmware(0): Will set up a driver mode with dimensions 800x600.
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.457] (**) vmware(0): *Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.255] (WW) vmware(0): Disabling 3D support.
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.044] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.286] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.597] (--) vmware(0): vis: 4
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.233] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.360] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 515.167] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.964] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.451] (II) vmware(0): Virtual size is 800x600 (pitch 1176)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.712] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.588] (**) vmware(0): Default mode "800x600": 56.3 MHz, 53.7 kHz, 85.1 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.585] (--) vmware(0): bpp: 32
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.112] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.472] (**) vmware(0): Default mode "1152x864": 121.5 MHz, 77.5 kHz, 85.1 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.729] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.571] (**) vmware(0): Default mode "832x624": 57.3 MHz, 49.7 kHz, 74.6 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.968] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 515.154] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.986] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.307] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 515.107] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.607] (==) vmware(0): Default visual is TrueColor
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.992] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.074] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.871] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.431] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.650] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 515.024] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.048] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.191] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.816] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 513.860] (**) VirtualPS/2 VMware VMMouse: always reports core events
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.170] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.716] (II) vmware(0): Modeline "640x350"x85.1 31.50 640 672 736 832 350 382 385 445 +hsync -vsync (37.9 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.716] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.088] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.745] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.343] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.956] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.625] (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.155] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.093] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.651] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.5 kHz, 75.0 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.813] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.246] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.940] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.722] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.326] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.982] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.867] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.960] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 514.975] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.787] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.503] (**) vmware(0): Default mode "1152x864": 96.8 MHz, 63.0 kHz, 70.0 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.124] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.742] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 514.933] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
        Source: Xorg.0.log.106.drBinary or memory string: [ 513.916] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.759] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.164] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 503.816] (II) Module vmware: vendor="X.Org Foundation"
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.844] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.079] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.553] (**) vmware(0): Default mode "1024x768": 65.0 MHz, 48.4 kHz, 60.0 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.685] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.979] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.083] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.646] (II) vmware(0): Modeline "640x480"x85.0 36.00 640 696 752 832 480 481 484 509 -hsync -vsync (43.3 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 515.136] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 9)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.269] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.710] (II) vmware(0): Modeline "640x360"x59.3 17.75 640 688 720 800 360 363 368 374 +hsync -vsync (22.2 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.625] (II) vmware(0): Modeline "800x600"x56.2 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.678] (**) vmware(0): Default mode "720x405": 22.5 MHz, 25.1 kHz, 59.5 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.713] (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 515.188] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.221] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.317] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.793] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.408] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.700] (**) vmware(0): Default mode "640x360": 18.0 MHz, 22.5 kHz, 59.8 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.752] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.204] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.944] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.144] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.569] (--) vmware(0): vram: 4194304
        Source: Xorg.0.log.106.drBinary or memory string: [ 513.820] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.989] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.282] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.682] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.880] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.777] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.607] (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.889] (II) vmware(0): Not using default mode "720x450" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 514.939] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.195] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.641] (**) vmware(0): Default mode "640x480": 36.0 MHz, 43.3 kHz, 85.0 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.526] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.735] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.664] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.9 kHz, 72.8 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 513.978] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.018] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.446] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.511] (**) vmware(0): Default mode "1152x864": 81.6 MHz, 53.7 kHz, 60.0 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.584] (II) vmware(0): Modeline "960x540"x59.6 40.75 960 992 1088 1216 540 543 548 562 -hsync +vsync (33.5 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.596] (**) vmware(0): Default mode "800x600": 49.5 MHz, 46.9 kHz, 75.0 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.833] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.819] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.311] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.070] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.800] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 509.173] (==) vmware(0): Backing store enabled
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.703] (II) vmware(0): Modeline "640x360"x59.8 18.00 640 664 720 800 360 363 368 376 -hsync +vsync (22.5 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.893] (II) vmware(0): Not using default mode "1600x1024" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.633] (**) vmware(0): Default mode "864x486": 32.5 MHz, 30.3 kHz, 59.9 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.790] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.566] (--) vmware(0): bpp: 32
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.260] (WW) vmware(0): Disabling Render Acceleration.
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.554] (--) vmware(0): caps: 0xFDFF83E2
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.709] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.640] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.685] (**) vmware(0): Default mode "720x400": 35.5 MHz, 37.9 kHz, 85.0 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.464] (**) vmware(0): Default mode "1152x864": 143.5 MHz, 91.5 kHz, 100.0 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 508.927] (II) vmware(0): Initialized VMware Xinerama extension.
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.770] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.056] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 515.199] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.689] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.561] (--) vmware(0): depth: 24
        Source: Xorg.0.log.106.drBinary or memory string: [ 514.992] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse1)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.419] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.475] (II) vmware(0): Modeline "1152x864"x85.1 121.50 1152 1216 1344 1568 864 865 868 911 +hsync -vsync (77.5 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.396] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.521] (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 515.028] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
        Source: Xorg.0.log.106.drBinary or memory string: [ 509.193] (II) vmware(0): Initialized VMware Xv extension successfully.
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.549] (II) vmware(0): Modeline "1024x768"x70.1 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.672] (**) vmware(0): Default mode "640x480": 25.2 MHz, 31.5 kHz, 59.9 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.337] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.535] (**) vmware(0): Default mode "1024x768": 78.8 MHz, 60.0 kHz, 75.0 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 508.934] (II) vmware(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.725] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.604] (==) vmware(0): RGB weight 888
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.186] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.823] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.246] (EE) vmware(0): Failed to open drm.
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.675] (II) vmware(0): Not using default mode "512x384i" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.384] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.796] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.539] (II) vmware(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.495] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.719] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.149] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.479] (**) vmware(0): Default mode "1152x864": 119.7 MHz, 77.1 kHz, 85.0 Hz
        Source: SZAYTvvY9Y, 5243.1.00000000d71a4cb7.000000000598c956.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mipsel
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.250] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.592] (II) vmware(0): Modeline "800x600"x85.1 56.30 800 832 896 1048 600 601 604 631 +hsync +vsync (53.7 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.693] (**) vmware(0): Default mode "640x400": 31.5 MHz, 37.9 kHz, 85.1 Hz
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.499] (II) vmware(0): Modeline "1152x864"x75.0 104.99 1152 1224 1352 1552 864 865 868 902 -hsync +vsync (67.6 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.622] (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.780] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.697] (II) vmware(0): Modeline "640x400"x85.1 31.50 640 672 736 832 400 401 404 445 -hsync +vsync (37.9 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.390] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.631] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.291] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.675] (II) vmware(0): Modeline "640x480"x59.9 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.644] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.264] (WW) vmware(0): Disabling RandR12+ support.
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.637] (II) vmware(0): Modeline "864x486"x59.9 32.50 864 888 968 1072 486 489 494 506 -hsync +vsync (30.3 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.861] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.702] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.199] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.402] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.852] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.739] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.468] (II) vmware(0): Modeline "1152x864"x100.0 143.47 1152 1232 1360 1568 864 865 868 915 -hsync +vsync (91.5 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.826] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 514.050] (II) event3 - VirtualPS/2 VMware VMMouse: device removed
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.692] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.656] (II) vmware(0): Modeline "640x480"x75.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.591] (--) vmware(0): w.grn: 8
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.242] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.599] (==) vmware(0): Depth 24, (==) framebuffer bpp 32
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.594] (--) vmware(0): w.blu: 8
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.266] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.103] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.295] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.299] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.682] (II) vmware(0): Modeline "720x405"x59.5 22.50 720 744 808 896 405 408 413 422 -hsync +vsync (25.1 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.348] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
        Source: SZAYTvvY9Y, 5243.1.000000005f9a004a.00000000839dc569.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/SZAYTvvY9YSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/SZAYTvvY9Y
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.254] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.699] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.273] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.558] (II) vmware(0): Modeline "1024x768"x60.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.996] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.588] (--) vmware(0): w.red: 8
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.115] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.036] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.567] (II) vmware(0): Modeline "1024x576"x59.9 46.50 1024 1064 1160 1296 576 579 584 599 -hsync +vsync (35.9 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.948] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 508.609] (II) vmware(0): Initialized VMWARE_CTRL extension version 0.2
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.732] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.876] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.094] (II) vmware(0): Creating default Display subsection in Screen section
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.491] (II) vmware(0): Modeline "1152x864"x75.0 108.00 1152 1216 1344 1600 864 865 868 900 +hsync +vsync (67.5 kHz d)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.671] (II) vmware(0): Not using default mode "1024x768i" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.925] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.366] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 506.975] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.138] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.098] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.000] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.117] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
        Source: Xorg.0.log.106.drBinary or memory string: [ 505.576] (--) vmware(0): mwidt: 1176
        Source: Xorg.0.log.106.drBinary or memory string: [ 514.430] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 8)
        Source: Xorg.0.log.106.drBinary or memory string: [ 507.033] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)

        Language, Device and Operating System Detection:

        barindex
        Reads system files that contain records of logged in usersShow sources
        Source: /usr/lib/accountsservice/accounts-daemon (PID: 5385)Logged in records file read: /var/log/wtmpJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected MiraiShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: SZAYTvvY9Y, type: SAMPLE
        Source: Yara matchFile source: 5247.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5250.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5243.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5248.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY

        Remote Access Functionality:

        barindex
        Yara detected MiraiShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: SZAYTvvY9Y, type: SAMPLE
        Source: Yara matchFile source: 5247.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5250.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5243.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5248.1.000000003025a7fd.00000000e5ff32fb.r-x.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsScheduled Task/Job1Scheduled Task/Job1Scheduled Task/Job1File and Directory Permissions Modification1OS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScripting2Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsScripting2LSASS MemorySystem Owner/User Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Hidden Files and Directories1Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Indicator Removal on Host1NTDSSystem Information Discovery2Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptFile Deletion11LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 513239 Sample: SZAYTvvY9Y Startdate: 01/11/2021 Architecture: LINUX Score: 100 118 217.155.41.147, 23 ZEN-ASZenInternet-UKGB United Kingdom 2->118 120 173.188.30.6 WINDSTREAMUS United States 2->120 122 98 other IPs or domains 2->122 128 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->128 130 Malicious sample detected (through community Yara rule) 2->130 132 Multi AV Scanner detection for submitted file 2->132 134 2 other signatures 2->134 14 gdm3 gdm-session-worker 2->14         started        16 gdm3 gdm-session-worker 2->16         started        18 python2.7 srm 2->18         started        22 25 other processes 2->22 signatures3 process4 file5 24 gdm-session-worker gdm-x-session 14->24         started        26 gdm-session-worker gdm-wayland-session 16->26         started        116 /home/saturnino/.c...art/jbxkick.desktop, data 18->116 dropped 136 Sample tries to persist itself using .desktop files 18->136 138 Sample deletes itself 22->138 140 Sample reads /proc/mounts (often used for finding a writable filesystem) 22->140 142 Reads system files that contain records of logged in users 22->142 28 accounts-daemon language-validate 22->28         started        30 SZAYTvvY9Y 22->30         started        32 SZAYTvvY9Y 22->32         started        34 SZAYTvvY9Y 22->34         started        signatures6 process7 process8 36 gdm-x-session dbus-run-session 24->36         started        38 gdm-x-session Xorg Xorg.wrap Xorg 24->38         started        40 gdm-x-session Default 24->40         started        42 gdm-wayland-session dbus-run-session 26->42         started        44 language-validate language-options 28->44         started        process9 46 dbus-run-session gnome-session gnome-session-binary 1 36->46         started        48 dbus-run-session dbus-daemon 36->48         started        51 Xorg sh 38->51         started        53 Xorg sh 38->53         started        55 dbus-run-session dbus-daemon 42->55         started        57 dbus-run-session gnome-session gnome-session-binary 1 42->57         started        59 language-options sh 44->59         started        signatures10 69 19 other processes 46->69 124 Sample reads /proc/mounts (often used for finding a writable filesystem) 48->124 61 dbus-daemon 48->61         started        63 dbus-daemon 48->63         started        72 9 other processes 48->72 65 sh xkbcomp 51->65         started        67 sh xkbcomp 53->67         started        74 7 other processes 55->74 76 2 other processes 57->76 78 2 other processes 59->78 process11 signatures12 80 dbus-daemon at-spi-bus-launcher 61->80         started        82 dbus-daemon gjs 63->82         started        146 Sample reads /proc/mounts (often used for finding a writable filesystem) 69->146 85 gnome-shell ibus-daemon 69->85         started        87 gsd-print-notifications 69->87         started        89 gnome-session-check-accelerated gnome-session-check-accelerated-gl-helper 69->89         started        91 gnome-session-check-accelerated gnome-session-check-accelerated-gles-helper 69->91         started        95 9 other processes 72->95 93 dbus-daemon false 74->93         started        97 6 other processes 74->97 process13 signatures14 99 at-spi-bus-launcher dbus-daemon 80->99         started        126 Sample reads /proc/mounts (often used for finding a writable filesystem) 82->126 102 ibus-daemon 85->102         started        104 ibus-daemon ibus-memconf 85->104         started        106 ibus-daemon ibus-engine-simple 85->106         started        108 gsd-print-notifications gsd-printer 87->108         started        process15 signatures16 144 Sample reads /proc/mounts (often used for finding a writable filesystem) 99->144 110 dbus-daemon 99->110         started        112 ibus-daemon ibus-x11 102->112         started        process17 process18 114 dbus-daemon at-spi2-registryd 110->114         started       

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        SZAYTvvY9Y38%VirustotalBrowse
        SZAYTvvY9Y55%ReversingLabsLinux.Trojan.Mirai

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        No contacted domains info

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://wiki.x.orgXorg.0.log.106.drfalse
          		high
          http://www.ubuntu.com/support)Xorg.0.log.106.drfalse
            		high

            Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public

            IPDomainCountryFlagASNASN NameMalicious
            47.114.175.86
            		unknownChina
            		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
            9.207.27.19
            		unknownUnited States
            		3356LEVEL3USfalse
            69.142.48.73
            		unknownUnited States
            		7922COMCAST-7922USfalse
            146.26.119.14
            		unknownUnited States
            		197938TRAVIANGAMESDEfalse
            104.15.73.51
            		unknownUnited States
            		7018ATT-INTERNET4USfalse
            195.10.52.220
            		unknownUnited Kingdom
            		1273CWVodafoneGroupPLCEUfalse
            186.56.181.240
            		unknownArgentina
            		22927TelefonicadeArgentinaARfalse
            218.215.222.106
            		unknownAustralia
            		9443VOCUS-RETAIL-AUVocusRetailAUfalse
            209.123.159.201
            		unknownUnited States
            		8001NET-ACCESS-CORPUSfalse
            169.192.248.17
            		unknownUnited States
            		37611AfrihostZAfalse
            53.139.99.46
            		unknownGermany
            		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
            25.140.116.154
            		unknownUnited Kingdom
            		7922COMCAST-7922USfalse
            197.3.63.189
            		unknownTunisia
            		37705TOPNETTNfalse
            80.250.244.54
            		unknownSlovakia (SLOVAK Republic)
            		5578AS-BENESTRABratislavaSlovakRepublicSKfalse
            5.236.134.237
            		unknownIran (ISLAMIC Republic Of)
            		58224TCIIRfalse
            170.155.48.13
            		unknownArgentina
            		27967GobernaciondelaProvinciadeBuenosAiresARfalse
            34.173.106.181
            		unknownUnited States
            		2686ATGS-MMD-ASUSfalse
            150.240.17.42
            		unknownUnited States
            		1479DNIC-ASBLK-01478-01479USfalse
            88.52.104.178
            		unknownItaly
            		3269ASN-IBSNAZITfalse
            95.76.26.248
            		unknownRomania
            		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
            75.177.252.219
            		unknownUnited States
            		11426TWC-11426-CAROLINASUSfalse
            220.246.216.123
            		unknownHong Kong
            		4760HKTIMS-APHKTLimitedHKfalse
            14.171.11.141
            		unknownViet Nam
            		45899VNPT-AS-VNVNPTCorpVNfalse
            135.93.130.159
            		unknownUnited States
            		10455LUCENT-CIOUSfalse
            34.11.101.203
            		unknownUnited States
            		2686ATGS-MMD-ASUSfalse
            118.48.111.61
            		unknownKorea Republic of
            		4766KIXS-AS-KRKoreaTelecomKRfalse
            95.6.137.33
            		unknownTurkey
            		9121TTNETTRfalse
            217.155.41.147
            		unknownUnited Kingdom
            		13037ZEN-ASZenInternet-UKGBfalse
            83.106.12.197
            		unknownUnited Kingdom
            		2529DEMON-INTERNETNowmaintainedbyCableWirelessWorldwidefalse
            80.108.189.170
            		unknownAustria
            		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
            108.13.86.230
            		unknownUnited States
            		5650FRONTIER-FRTRUSfalse
            161.247.27.64
            		unknownUnited States
            		26539GIANT-FOOD-INCUSfalse
            217.162.249.202
            		unknownSwitzerland
            		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
            132.214.230.219
            		unknownCanada
            		33602TELUQCAfalse
            34.81.11.77
            		unknownUnited States
            		15169GOOGLEUSfalse
            206.33.185.11
            		unknownUnited States
            		3356LEVEL3USfalse
            72.67.239.16
            		unknownUnited States
            		5650FRONTIER-FRTRUSfalse
            120.150.226.5
            		unknownAustralia
            		1221ASN-TELSTRATelstraCorporationLtdAUfalse
            137.250.128.90
            		unknownGermany
            		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
            139.8.196.153
            		unknownGermany
            		9905LINKNET-ID-APLinknetASNIDfalse
            142.219.199.121
            		unknownCanada
            		53442CITY-OF-COQUITLAMCAfalse
            48.88.173.154
            		unknownUnited States
            		2686ATGS-MMD-ASUSfalse
            128.18.204.181
            		unknownUnited States
            		264SRINET-ASUSfalse
            77.60.19.67
            		unknownNetherlands
            		1136KPNKPNNationalEUfalse
            119.48.25.145
            		unknownChina
            		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
            32.71.25.105
            		unknownUnited States
            		2686ATGS-MMD-ASUSfalse
            188.160.154.140
            		unknownSyrian Arab Republic
            		29256INT-PDN-STE-ASSTEPDNInternalASSYfalse
            88.73.217.63
            		unknownGermany
            		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
            182.0.0.137
            		unknownIndonesia
            		23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse
            2.222.184.187
            		unknownUnited Kingdom
            		5607BSKYB-BROADBAND-ASGBfalse
            220.161.193.24
            		unknownChina
            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            34.45.16.132
            		unknownUnited States
            		2686ATGS-MMD-ASUSfalse
            80.122.167.237
            		unknownAustria
            		8447TELEKOM-ATA1TelekomAustriaAGATfalse
            108.194.245.80
            		unknownUnited States
            		7018ATT-INTERNET4USfalse
            117.11.224.254
            		unknownChina
            		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
            111.63.96.99
            		unknownChina
            		24547CMNET-V4HEBEI-AS-APHebeiMobileCommunicationCompanyLimitfalse
            173.124.66.194
            		unknownUnited States
            		10507SPCSUSfalse
            220.161.2.122
            		unknownChina
            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            20.74.1.43
            		unknownUnited States
            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            183.62.106.32
            		unknownChina
            		4816CHINANET-IDC-GDChinaTelecomGroupCNfalse
            9.55.228.101
            		unknownUnited States
            		3356LEVEL3USfalse
            157.213.201.203
            		unknownUnited States
            		4704SANNETRakutenMobileIncJPfalse
            173.188.30.6
            		unknownUnited States
            		7029WINDSTREAMUSfalse
            88.41.34.69
            		unknownItaly
            		3269ASN-IBSNAZITfalse
            118.140.192.85
            		unknownHong Kong
            		9304HUTCHISON-AS-APHGCGlobalCommunicationsLimitedHKfalse
            145.233.36.105
            		unknownUnited Kingdom
            		3549LVLT-3549USfalse
            145.4.3.12
            		unknownNetherlands
            		702UUNETUSfalse
            218.124.61.47
            		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
            146.74.25.222
            		unknownUnited States
            		30051SCCGOVUSfalse
            4.93.103.173
            		unknownUnited States
            		3356LEVEL3USfalse
            141.200.191.152
            		unknownGermany
            		41587ATLAS-ELEKTRONIKSebaldsbrueckerHeerstrasse235DEfalse
            121.226.187.124
            		unknownChina
            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            123.211.111.178
            		unknownAustralia
            		1221ASN-TELSTRATelstraCorporationLtdAUfalse
            182.8.245.166
            		unknownIndonesia
            		23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse
            188.242.132.208
            		unknownRussian Federation
            		35807SKYNET-SPB-ASRUfalse
            77.145.164.187
            		unknownFrance
            		15557LDCOMNETFRfalse
            52.187.247.165
            		unknownUnited States
            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            41.216.51.182
            		unknownBenin
            		28683BENINTELECOMBJfalse
            126.28.125.143
            		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
            121.170.84.79
            		unknownKorea Republic of
            		4766KIXS-AS-KRKoreaTelecomKRfalse
            37.223.25.192
            		unknownSpain
            		12430VODAFONE_ESESfalse
            154.134.179.153
            		unknownEgypt
            		37069MOBINILEGfalse
            53.20.182.103
            		unknownGermany
            		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
            14.36.212.117
            		unknownKorea Republic of
            		18032SHINHANSYS-AS-KRSHINHANDSKRfalse
            152.131.33.86
            		unknownUnited States
            		29992VA-TMP-COREUSfalse
            5.214.242.236
            		unknownIran (ISLAMIC Republic Of)
            		197207MCCI-ASIRfalse
            18.251.67.211
            		unknownUnited States
            		16509AMAZON-02USfalse
            27.6.83.212
            		unknownIndia
            		17488HATHWAY-NET-APHathwayIPOverCableInternetINfalse
            25.138.160.44
            		unknownUnited Kingdom
            		7922COMCAST-7922USfalse
            53.92.73.63
            		unknownGermany
            		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
            79.188.24.154
            		unknownPoland
            		5617TPNETPLfalse
            123.36.202.109
            		unknownKorea Republic of
            		6619SAMSUNGSDS-AS-KRSamsungSDSIncKRfalse
            132.170.28.40
            		unknownUnited States
            		7939UNIVCENTFLAUSfalse
            175.94.80.106
            		unknownChina
            		9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
            171.6.101.90
            		unknownThailand
            		45758TRIPLETNET-AS-APTripleTInternetTripleTBroadbandTHfalse
            38.16.79.218
            		unknownUnited States
            		174COGENT-174USfalse
            54.254.156.131
            		unknownUnited States
            		16509AMAZON-02USfalse
            133.74.96.232
            		unknownJapan3488JAXANETInformationSystemsDepartmentJapanAerospaceExplfalse
            65.3.68.26
            		unknownUnited States
            		16509AMAZON-02USfalse
            101.166.215.220
            		unknownAustralia
            		1221ASN-TELSTRATelstraCorporationLtdAUfalse

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            34.11.101.203u9afRawaNVGet hashmaliciousBrowse
              47.114.175.86DEMONS.x86Get hashmaliciousBrowse
                217.155.41.147DEMONS.arm7Get hashmaliciousBrowse

                  Domains

                  No context

                  ASN

                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                  CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdENYxttDmO1Get hashmaliciousBrowse
                  • 8.158.74.46
                  1Y2rsDBP9sGet hashmaliciousBrowse
                  • 47.107.186.73
                  Ko84iLip1uGet hashmaliciousBrowse
                  • 120.26.45.127
                  t7WU0JjLARGet hashmaliciousBrowse
                  • 8.173.77.186
                  izTs48VpFZGet hashmaliciousBrowse
                  • 47.113.156.12
                  I5A5LzSAqlGet hashmaliciousBrowse
                  • 47.119.119.166
                  mipselGet hashmaliciousBrowse
                  • 8.151.21.111
                  arm7-20211101-1513Get hashmaliciousBrowse
                  • 101.37.208.244
                  mxHkqAIYT0Get hashmaliciousBrowse
                  • 8.168.141.85
                  swOGb2sZYtGet hashmaliciousBrowse
                  • 8.139.185.129
                  sStP2Druko.exeGet hashmaliciousBrowse
                  • 121.199.35.188
                  9o6Z1wEokTGet hashmaliciousBrowse
                  • 47.105.148.45
                  yxD7DmfG2jGet hashmaliciousBrowse
                  • 8.169.211.147
                  pTF1iICUEmGet hashmaliciousBrowse
                  • 39.96.157.236
                  032k4JmR0UGet hashmaliciousBrowse
                  • 42.120.76.137
                  x86Get hashmaliciousBrowse
                  • 115.28.63.138
                  z0x3n.x86Get hashmaliciousBrowse
                  • 8.166.90.215
                  z0x3n.armGet hashmaliciousBrowse
                  • 121.40.4.13
                  armGet hashmaliciousBrowse
                  • 47.120.104.131
                  T0uznhDXKwGet hashmaliciousBrowse
                  • 121.41.250.157
                  LEVEL3USENYxttDmO1Get hashmaliciousBrowse
                  • 9.211.168.143
                  7DoAjWX5uZGet hashmaliciousBrowse
                  • 8.90.169.244
                  1Y2rsDBP9sGet hashmaliciousBrowse
                  • 9.152.224.236
                  Ko84iLip1uGet hashmaliciousBrowse
                  • 9.241.163.111
                  arH2Af5qocGet hashmaliciousBrowse
                  • 205.131.54.153
                  t7WU0JjLARGet hashmaliciousBrowse
                  • 216.202.137.30
                  FGVOkw9didGet hashmaliciousBrowse
                  • 9.152.184.121
                  u4M7XeqKtDGet hashmaliciousBrowse
                  • 9.33.31.156
                  Yoshi.arm7Get hashmaliciousBrowse
                  • 209.4.249.91
                  Yoshi.x86Get hashmaliciousBrowse
                  • 4.255.186.89
                  Yoshi.armGet hashmaliciousBrowse
                  • 4.230.207.8
                  mipselGet hashmaliciousBrowse
                  • 4.156.52.193
                  armGet hashmaliciousBrowse
                  • 9.23.178.145
                  arm7-20211101-1513Get hashmaliciousBrowse
                  • 4.219.252.134
                  JjHQ8Q1weTGet hashmaliciousBrowse
                  • 9.50.50.245
                  anWxzNav9NGet hashmaliciousBrowse
                  • 4.41.252.215
                  mxHkqAIYT0Get hashmaliciousBrowse
                  • 212.187.176.253
                  Antisocial.x86Get hashmaliciousBrowse
                  • 192.91.253.232
                  Antisocial.armGet hashmaliciousBrowse
                  • 9.73.7.178
                  swOGb2sZYtGet hashmaliciousBrowse
                  • 8.113.103.123
                  COMCAST-7922US7DoAjWX5uZGet hashmaliciousBrowse
                  • 96.201.85.34
                  1Y2rsDBP9sGet hashmaliciousBrowse
                  • 73.105.107.74
                  Ko84iLip1uGet hashmaliciousBrowse
                  • 73.105.10.74
                  arH2Af5qocGet hashmaliciousBrowse
                  • 174.176.37.163
                  FGVOkw9didGet hashmaliciousBrowse
                  • 73.61.239.80
                  izTs48VpFZGet hashmaliciousBrowse
                  • 184.125.31.24
                  I5A5LzSAqlGet hashmaliciousBrowse
                  • 67.160.101.236
                  P8AVd483d7Get hashmaliciousBrowse
                  • 96.193.105.162
                  mRQwOz6OitGet hashmaliciousBrowse
                  • 71.192.206.245
                  u4M7XeqKtDGet hashmaliciousBrowse
                  • 68.63.192.0
                  Yoshi.arm7Get hashmaliciousBrowse
                  • 96.110.194.148
                  Yoshi.x86Get hashmaliciousBrowse
                  • 96.68.76.219
                  Yoshi.armGet hashmaliciousBrowse
                  • 76.105.89.111
                  OdIBX0NYRS.dllGet hashmaliciousBrowse
                  • 50.243.30.51
                  mipselGet hashmaliciousBrowse
                  • 76.117.226.131
                  arm7-20211101-1513Get hashmaliciousBrowse
                  • 73.134.196.246
                  mipsGet hashmaliciousBrowse
                  • 73.238.165.37
                  anWxzNav9NGet hashmaliciousBrowse
                  • 96.124.240.74
                  mxHkqAIYT0Get hashmaliciousBrowse
                  • 96.220.145.198
                  Antisocial.armGet hashmaliciousBrowse
                  • 185.102.172.132

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  /home/saturnino/.config/autostart/jbxkick.desktop
                  Process:/usr/bin/srm
                  File Type:data
                  Category:dropped
                  Size (bytes):1245222
                  Entropy (8bit):6.0173905238453
                  Encrypted:false
                  SSDEEP:6144:835kqYtk/xASzVaO3UFaXDrzxVBC38tG5tbSk2t+FskmuVAG:NqYyZDoFaTxvCf5Mk2t+FTfL
                  MD5:EDCEE8DB6B5E75FEAFD2C96C227235B3
                  SHA1:0BD7F024C82EB15DD8CB267BFE33E8FF8EA412EF
                  SHA-256:870E6B973C228D76CF8F498B57DFD3F9F7529F3AFA822709C1D7281E25FC536D
                  SHA-512:D0D2C5BDA44A7BD6609BDA74D118F3C16F8BC6B1F5BF8589FE093196335F034C5B4C2A46D611ABE25651A28CF084D6149C1A34645293E75C189A3B2146719D0B
                  Malicious:true
                  Reputation:low
                  Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
                  Process:/usr/bin/pulseaudio
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):10
                  Entropy (8bit):2.9219280948873623
                  Encrypted:false
                  SSDEEP:3:5bkPn:pkP
                  MD5:FF001A15CE15CF062A3704CEA2991B5F
                  SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
                  SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
                  SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
                  Malicious:false
                  Reputation:moderate, very likely benign file
                  Preview: auto_null.
                  /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
                  Process:/usr/bin/pulseaudio
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):18
                  Entropy (8bit):3.4613201402110088
                  Encrypted:false
                  SSDEEP:3:5bkrIZsXvn:pkckv
                  MD5:28FE6435F34B3367707BB1C5D5F6B430
                  SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
                  SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
                  SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
                  Malicious:false
                  Reputation:moderate, very likely benign file
                  Preview: auto_null.monitor.
                  /proc/5431/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Reputation:moderate, very likely benign file
                  Preview: 0
                  /proc/5434/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Reputation:moderate, very likely benign file
                  Preview: 0
                  /proc/5436/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Reputation:moderate, very likely benign file
                  Preview: 0
                  /proc/5438/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Reputation:moderate, very likely benign file
                  Preview: 0
                  /proc/5440/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Preview: 0
                  /proc/5442/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Preview: 0
                  /proc/5445/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Preview: 0
                  /proc/5530/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Preview: 0
                  /proc/5560/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Preview: 0
                  /proc/5563/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Preview: 0
                  /proc/5565/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Preview: 0
                  /proc/5567/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Preview: 0
                  /proc/5569/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Preview: 0
                  /proc/5571/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Preview: 0
                  /proc/5574/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Preview: 0
                  /proc/5751/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Preview: 0
                  /proc/5868/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Preview: 0
                  /proc/5875/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Preview: 0
                  /proc/5937/oom_score_adj
                  Process:/usr/bin/dbus-daemon
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:V:V
                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                  Malicious:false
                  Preview: 0
                  /run/mount/utab.KpH2dA
                  Process:/usr/bin/umount
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):518
                  Entropy (8bit):5.061412716358383
                  Encrypted:false
                  SSDEEP:12:zBoMcjFyq+tMNjFydUtMbfjFys2MfjFyR4MljFyf0MXgjFyZMbUjF3AbXOTQXgIh:+FyqrFydUALFyspFyjFyjAFys0FQbXOK
                  MD5:4B58EC063938B7815DF01A90F41378FD
                  SHA1:E27B39B7B7DF22F1547CAD0E1940DEC7B88BCC14
                  SHA-256:0FBA06A3E816BF5EE615EDC9BAAF72FD36C2ACB14C1D8C14CEF04815C4FC82E3
                  SHA-512:1FE25D45EF301F6221C2E3317E09B250D16CFBBC398417D149B107284DCC00418C8AC7623AED60D7087A11AB5D90F690D9CACC7B0EDA7943CA4E03FB18325FE5
                  Malicious:false
                  Preview: SRC=/dev/loop0 TARGET=/snap/core18/2128 ROOT=/ OPTS=x-gdu.hide.SRC=/dev/loop3 TARGET=/snap/snapd/12704 ROOT=/ OPTS=x-gdu.hide.SRC=/dev/loop2 TARGET=/snap/lxd/21029 ROOT=/ OPTS=x-gdu.hide.SRC=/dev/loop1 TARGET=/snap/core18/1944 ROOT=/ OPTS=x-gdu.hide.SRC=/dev/loop6 TARGET=/snap/snapd/12883 ROOT=/ OPTS=x-gdu.hide.SRC=/dev/loop4 TARGET=/snap/core20/1081 ROOT=/ OPTS=x-gdu.hide.SRC=/dev/loop7 TARGET=/snap/lxd/21545 ROOT=/ OPTS=x-gdu.hide.SRC=//192.168.2.1/esxi07-Ubuntu20 TARGET=/var/jbxanalysis ROOT=/ OPTS=user=guest.
                  /run/systemd/journal/streams/.#9:74061FwvVq3
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):223
                  Entropy (8bit):5.511506653322648
                  Encrypted:false
                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm8FaO9EWWsjs7Lbgw3:SbFuFyLVIg1BG+f+M8Fa8jji4s
                  MD5:35B77FDA7EFE5F08F923492C87CB402D
                  SHA1:086862CBC39F7A6E553268A219284CE13694FA46
                  SHA-256:F74CDBEE31A54092DBD11E30DD2AB1FF502129187E9289693E029B45919B9D61
                  SHA-512:89BEDD5626BFB7549CB540A641C2137D8C692D9886B1308FAA7EC0C935FF55BC83E973C89DB18188ED5F4A5D20BE17107316B6B9929D7DD8001E074365CD6A06
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=608cd20eb7bf40dead50494f702a33f2.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.
                  /run/systemd/journal/streams/.#9:74062zCOWc6
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):223
                  Entropy (8bit):5.521849731737253
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVIg1BG+f+M8UU3KZDEuvcTqji4s:qgFq6g10+f+M8AD4es
                  MD5:4FABC8B80F7650DC937ABBB77102460F
                  SHA1:7D7F593D37CE8B64D0FCD91B060822341318EA99
                  SHA-256:0D1D9961BCBA6910F934256C7C11097EDD20F9FF7407C7D014B96DFAC50DCBED
                  SHA-512:F6F8E6FB9D120CA34DA3D4CE3D85EA5EED63E7E4ADD7C542EE301AE490E2FB3A948E410ECC37F0FAFA725959ABE6BBF2925147C2838E577FE9607033B6C21025
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=6cf130a76dc741d69fbc2d0abf698bc9.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.
                  /run/systemd/journal/streams/.#9:74374Zmrke6
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):188
                  Entropy (8bit):5.3507876845105535
                  Encrypted:false
                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm9bRyEGBALGAFoRxsh:SbFuFyLVIg1BG+f+MFRXGBgGaoRqjtWQ
                  MD5:643E654E165E4C46AF8597AFED2EA93B
                  SHA1:B82749EC0C174DC7F13E9704AF421E3F64FF7B3A
                  SHA-256:8E72FEB0B35EBEB6098FC119C7691F548AE7C1B394B6AFD918EE2FD7DB711A70
                  SHA-512:FE2044593698BF29069FDE5E48F0878F93D5C4C445C9C161A0C1FCD7EC3874F718E715A3CE3801CBAEEE6CB6DB0FF1384BCCC17DEADF10BCB9E5A8AC664B1121
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=75d6e6c423314f4c96eacdef2ce55933.IDENTIFIER=pulseaudio.
                  /run/systemd/journal/streams/.#9:744602mcqA5
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):222
                  Entropy (8bit):5.432096818957463
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVIg1BG+f+MNBFQTuqjLTTIWTIL:qgFq6g10+f+MNTuu+EWEL
                  MD5:E962A8AB305ED15C18ED110EDAC508B6
                  SHA1:DD455D5E25344996CDA3BDD52DFCBE249C2CC269
                  SHA-256:B1EF1DBC55FC6732E68BF9611777D746F849760DE3020C9D7E65074F4CA94E2A
                  SHA-512:11D92B37725902FC848EFEE9BEFA154D4AE49138290778A2C9903E8BE5C654D27EDD6B3DC0992133475AF66D08AD826F7AAC1650F05F8369D70F4A7E88F2385F
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=cf0f407ce6504d55a0177f2549984191.IDENTIFIER=accounts-daemon.UNIT=accounts-daemon.service.
                  /run/systemd/journal/streams/.#9:74665pyuJq3
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):195
                  Entropy (8bit):5.393823822229638
                  Encrypted:false
                  SSDEEP:3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmo8dsHqaB7sjs2BI:SbFuFyLVK6g7/+BG+f+Mo8dJaBojNq
                  MD5:75F669DE33930424964688F8061F2DBB
                  SHA1:E37314E12F7D328E81790485ADFCFA90ED35744D
                  SHA-256:C4DC063D013FBF652158B19F3746CD59508020C27C1BD6C698431A68EE01A5B4
                  SHA-512:2373745E9BDA4B6C1F64F0F264510E98FAF476B3F2CFB4F3F3D650E62282120A4816667C53FCE9E7A784E7835D93C511DC06B9835D0DC785BC72D505C2BD3DAC
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b0382dce3baf4b85b5ac37d5d3a2db73.IDENTIFIER=gdm-session-worker.
                  /run/systemd/journal/streams/.#9:74666fOFZU3
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):195
                  Entropy (8bit):5.374202793466853
                  Encrypted:false
                  SSDEEP:3:SbFVVmFyinKMsPOfvP69ms947z+h6SnLAqC+h6KV+h6CQzuxm+tRRzgt4ly2Auxb:SbFuFyLVI6g7/+BG+f+M+tXkSY2RqjNq
                  MD5:F7C2E50A846A31644F23E091389D091A
                  SHA1:A53AFF2214CB31ABC7AE464A015BEE4403AA29F1
                  SHA-256:1FA71EFF1370EB1D29358A1C295E3D7033D11077FF1C066235A065B92682FE9A
                  SHA-512:C3D566406C88B4711990A8195638ACFFEB6F4B52B385A59C0F116882D6C7A5B86AD2C3CE6D722C44C7A612933518DC64B0745A90E6A5ABF35751BA5440FFCCB7
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=4acb7c4422b64cb7a7ba58d48ee85441.IDENTIFIER=gdm-session-worker.
                  /run/systemd/journal/streams/.#9:74732L9yIy5
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):204
                  Entropy (8bit):5.459924450466257
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+M4E/wV2QwjFQMzKYA9:qgFqo6g7/+0+f+M4QTTmt9
                  MD5:6B1316ABB13A4619FFF63F8F208F44E7
                  SHA1:86349E0BF248FB62D449E88488B2D4A0C66439D5
                  SHA-256:32B0290C27D45A81E381C4C4D25838FA7B72122E8A4794B1D115C66212A1E7B4
                  SHA-512:8F213DA84FAC501EC95FF9119A4009EB15327AC14378FF0E83971BE8568E6B939D71EC052C6600298921CD2A786AB0391A80A7B1310B43A6CB72640B03945C1C
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=234ffa0c31174309bdd0c9a3a6aa372b.IDENTIFIER=/usr/lib/gdm3/gdm-x-session.
                  /run/systemd/journal/streams/.#9:74733Cdldh6
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):204
                  Entropy (8bit):5.490428462851178
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+Mxdq70jFQMzKYA9:qgFqdg7/+0+f+Mx0KTmt9
                  MD5:1D913BA33AF28864B10C954DF71C7CF7
                  SHA1:FCF087B8713E30529FEFA7237735C38153DFC872
                  SHA-256:BE2E4EDE9B07D4DE54DD01494C17403DE3E4BE71954A351938E52477CD2A3046
                  SHA-512:48823592E5E33A2FED0EDFFD7BCC15A8B09E9F186B1030FE440C43E4BF149CC1CF65745FEC710135EE8A5E02A68DB33F526633B7ED349FE3013CB7E0DED30844
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=9880c6a0dd694ad1bb732e756d4a8cc2.IDENTIFIER=/usr/lib/gdm3/gdm-x-session.
                  /run/systemd/journal/streams/.#9:747347bGeo4
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):237
                  Entropy (8bit):5.450267417773655
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVIg1BG+f+MoBdtjZcHuWasI6m5esI61Udr+:qgFq6g10+f+MoBJmuWap6eep6eE
                  MD5:0D68136658C3F40536A360F70E7F941F
                  SHA1:FCC4AF94E93F1CE097870E0EA327F46F499DED72
                  SHA-256:44E0BE158085838465902F560DCCB58CF737A4F7D0D4DE4B0240F792408B8E04
                  SHA-512:D6F3D140409DED87EA96A8C6E3CD13E1EDECFA01BB9A88EA8752BD055DD08274CD01E877CD7032CF1CC533D8E16AE9BCDBA8F97A4CE0E43D9CA1A5E2ACC1D0A7
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=bd3e2f3a45d14f6083ad90b44c54b8a1.IDENTIFIER=systemd-user-runtime-dir.UNIT=user-runtime-dir@1000.service.
                  /run/systemd/journal/streams/.#9:75370JwuCO4
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):195
                  Entropy (8bit):5.439744942446988
                  Encrypted:false
                  SSDEEP:3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxm5yTEQXwvQ3V0hgF:SbFuFyLVK6g7/+BG+f+Me56SVN2jNq
                  MD5:32B590A9694DBAAA28CD70AA34F7029A
                  SHA1:81EFAB1546207FFB4B4322C910D8D15817835136
                  SHA-256:D31345903C5ABB66505DEBD5713DB002707076B0A82B3DD5EB8AD6B8E6511293
                  SHA-512:448BABB293E03FFFD8AA9C1AE71AA72CFB8681D627F49FFDF6CFF4BAED00BE91F631A813D7C2BD696A55B052489B5FDA9F2EB56E353284D52BF1CE9826563F3E
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3508d41a6a524398a77538e312fb9162.IDENTIFIER=gdm-session-worker.
                  /run/systemd/journal/streams/.#9:75371M5uFC2
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):195
                  Entropy (8bit):5.420374781044546
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+Md6QR86RHQ0jNq:qgFqdg7/+0+f+M4oq
                  MD5:FC88EDBD65AD1E0D92C8510B3CCB7DC7
                  SHA1:B7609D7338BAB1557456E8870CF339C5B8FA57C2
                  SHA-256:4664D924165258B15410B9E6E4FF354BED5064D44917DA1B0375C39BF2AB80F3
                  SHA-512:AE098A76984F31A7F510EA9273E23E8DA8984C86DDD6DFF12DC2B32F0A648046A8C56C580657450EF8FA117F5E9E6AC3C835F7DD6688146315B2055435B9A3CE
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=9139b4c70a35413a91bc6a4ee7bbf6e8.IDENTIFIER=gdm-session-worker.
                  /run/systemd/journal/streams/.#9:75434knm825
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):210
                  Entropy (8bit):5.52832325394892
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+MJ08LzA+jjFQMzKaBu:qgFqo6g7/+0+f+MtzA+dTmh
                  MD5:8625C5E13F73111D4704EAE7010710CD
                  SHA1:38DDFB6059570245AFD931F79BF483DA140F587F
                  SHA-256:0A89F0313D98A76E783AE61C660C803A27794A646E9443C7790B21936774786C
                  SHA-512:E5C3374E12EDF5A32A93EF025B6D1970FE957C99FA46A6131CEFA2AB4BF9E906AA82E4CCE3BDB5AAEA77E407532D2566F1F98AEDC2F791D8333668FC584D81E5
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=a062c5cfbb13408da47787ee551c36bc.IDENTIFIER=/usr/lib/gdm3/gdm-wayland-session.
                  /run/systemd/journal/streams/.#9:75435FiXYV5
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):210
                  Entropy (8bit):5.5187994444251105
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+M8+5jGV5jFQMzKaBu:qgFqdg7/+0+f+M8ujGpTmh
                  MD5:7A714D9FB8451CA65B22357D5AF27139
                  SHA1:663CB21F3F3793F237A5D3778A5D19D6DDA4F3A8
                  SHA-256:280456937F01AA07640490B6582CB74B7D14EBD15B40237282F307D9DD3555F5
                  SHA-512:0BA823AB4A298E0A21BD09C7F1FA930DCBA6F4FD92A5764CC13F062264A3BC3161F1992CB76E92C466BF6F7C6431E17C923C9C7991A752FCF0E48CFFE5DCC5B2
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=6875a2ea02e5433f88bc44882c776ef5.IDENTIFIER=/usr/lib/gdm3/gdm-wayland-session.
                  /run/systemd/journal/streams/.#9:75467GHZZk3
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):190
                  Entropy (8bit):5.347503272023148
                  Encrypted:false
                  SSDEEP:3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxm48Aq6DWET8Bv8jV:SbFuFyLVK6g7/+BG+f+M4Yv8jN3r
                  MD5:1DB16F68B5177EE14BCD9CA59B67A387
                  SHA1:C766AB7769B9BBB8A9411850EA5DB09BE251EA98
                  SHA-256:FD3F411C50C40AB5BE6A558A0BB39954EB7606814B9C18A3BF5A70AFA9E67F3B
                  SHA-512:176BDFAF5D09707953EF06E5DFF27BE77D99B20B381F3C868551BB89FC5AEDBA4158790B764B254DA6C7173A134CABCA1692DA03C24A560A01831D486C26DAB4
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=256f26e8395546f69500a45ffca748fd.IDENTIFIER=gnome-session.
                  /run/systemd/journal/streams/.#9:755537yx0J2
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):200
                  Entropy (8bit):5.41858871728187
                  Encrypted:false
                  SSDEEP:3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmr/0BcDuD3js+XW7:SbFuFyLVK6g7/+BG+f+Mz14jFmzXvn
                  MD5:00E604B490CC812F110430BCEA2BC2CC
                  SHA1:E73F19610AA5E04750411BE97AF33FA9D7F71B06
                  SHA-256:E2AE7A52BCB33D1A6BB0459B02B466299D58F204243E1B908CB29AD1EAE85AAB
                  SHA-512:4F07D7263A94F21AF3C6A38DDDFFD5FA08F8CD7987E83675F87423DA6DA4F89BB9A7D9258D4718174BC0C6F50A7D97A53E9F99B7820302B8479A62BC0B37A022
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=ac919a4c4fee4fad919e78643ab1f6d5.IDENTIFIER=org.gnome.Shell.desktop.
                  /run/systemd/journal/streams/.#9:75555inBwv2
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):200
                  Entropy (8bit):5.392296812450964
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+M8zMjvMqjFmzXvn:qgFqdg7/+0+f+M8w3QXvn
                  MD5:81F51732B29DF71765A6863E49405021
                  SHA1:EF67CCE5886654A19F319AB64F33DC0D4FF4CE84
                  SHA-256:F7D63AFC05E73643F036888963516AED4002FD3A4947E67163B6C6318F08A561
                  SHA-512:D56CF02493A66846D92D6EA9ECC2BC5EC30681DC48C07070F022923AF7841A6DB056608DC9BB08184A47C6444333AA98E3E659E45FE9B94EF23FA6B5DE7F3D40
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=67aa999bbf9a4eba9b4ac0b048618361.IDENTIFIER=org.gnome.Shell.desktop.
                  /run/systemd/journal/streams/.#9:76160XB3lL6
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):222
                  Entropy (8bit):5.48947839549794
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVIg1BG+f+MyM1cc9hg2jZcH5CHq:qgFq6g10+f+MPc2zmmq
                  MD5:67EF95E6A17F998ED2D840975A15F841
                  SHA1:9E877840BF17BCF4AA34BA8C8B4C59ACD0AA4A58
                  SHA-256:87E74FA06A74D029C0267ED4C89D9AD6F6CB5E83584B6D9A48C3C8C27801A812
                  SHA-512:12373BE1038356B5AC38399E03E1FE36FF66B618E05B83B50409E15AEED597C8FF4D67959B7420E57591ED71386240A2A2649458BE8F3EB83D65AA1C98FAFDD8
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=8298fff58c6544849604f5366e2489b7.IDENTIFIER=systemd-localed.UNIT=systemd-localed.service.
                  /run/systemd/journal/streams/.#9:762248LBt84
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):188
                  Entropy (8bit):5.288242870256225
                  Encrypted:false
                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm5+UAZhcVDE7sjshQJ:SbFuFyLVIg1BG+f+MyKHjtWL0
                  MD5:282B5FB0853486761A20F3E614EF897A
                  SHA1:813B63549BD6B1D26683CB6A604F802D74919E00
                  SHA-256:69FDCA357001BD8A0AD1909ADAA81998141C169915300955D446A4E2DD4AE6BA
                  SHA-512:FE5873638707E03A63BA161CAA2A8CD42281B19BB5E9DF8EED319656D469779736314702F00D26B0C67F90BDD91E4015BBDA64DDB30EF1285D8992EAB7278449
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3cec711eea0f4e55a0ce929194ca9a42.IDENTIFIER=pulseaudio.
                  /run/systemd/journal/streams/.#9:76230E1wIP4
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):206
                  Entropy (8bit):5.370641653173075
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVIg1BG+f+MPddRNllmjNALQru+u:qgFq6g10+f+MPdTjl8Wr
                  MD5:49C07E38180BA9761F90DAA6DDD0FF7C
                  SHA1:43942B2DB8C0568977957F21E63BDE5AC766A502
                  SHA-256:0CA0A300E2FA4584F25D0F7120EDBC271F050ECD719DDA29B8C6353FC1F21AC4
                  SHA-512:2548ABA5A4ECA515982C893395A66AEEF164D50909287D32D63A9411C1785F85EB05D94792A1E114291093E491D292D439A84C76042E05C509F7257D2844E06F
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=cfdef4566ad14c87ac7c446e3d57dc50.IDENTIFIER=geoclue.UNIT=geoclue.service.
                  /run/systemd/journal/streams/.#9:763065XzBv6
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):217
                  Entropy (8bit):5.411641309795204
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+MuHq6DjFmShmWc0vn:qgFqo6g7/+0+f+MOqe9kWc0vn
                  MD5:85973D9E278D99820AAEF56D24B23B6F
                  SHA1:C05490975089A9382AC663524B5F7C42C36FFEED
                  SHA-256:9606925F5808CD5953A6D21325E9BE90332AD05BFC9537916BA04DFCD6D86D91
                  SHA-512:9DF45F4A167ADED928C9B420194CE3F1771777A1E1259934B674998DAAD741645698A5317BC10D6F2A5CADFB1665EEC4EA0E5DBF67ACB5443B32FC7EEE13225C
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=d884348a2637442a88b0db2a9efbd957.IDENTIFIER=org.gnome.SettingsDaemon.Sharing.desktop.
                  /run/systemd/journal/streams/.#9:76308BpVHP3
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):217
                  Entropy (8bit):5.396567834925159
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+Mp73SJEBjFmShmWc0vn:qgFqdg7/+0+f+Mp7SJEH9kWc0vn
                  MD5:0E7C4A175ABB4B31C02BCA8C655E0835
                  SHA1:C21FDFE4A20F93D0A91BA6382B18DF56E03A1831
                  SHA-256:1025292E1BBBBB24D2E05D6CD34421259115D072A668EC599FFFA33D6DFE3FD5
                  SHA-512:AF9FB3F582695966F505BC72487C12E4B65D6C1BC57FB560440DFBD6A50CB55CC2AA47DBF216D2BF4F40A5CD292847543710A7F984500184566A852658AFE00A
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3ddbaf5414b3445bb3e60dd8c35141e2.IDENTIFIER=org.gnome.SettingsDaemon.Sharing.desktop.
                  /run/systemd/journal/streams/.#9:76330g4YJf4
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):215
                  Entropy (8bit):5.442422889623728
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+MXHwI2jFmShmVxfvn:qgFqo6g7/+0+f+MXwIE9kVxfvn
                  MD5:A8597C646A4A71031278730C265B2B9F
                  SHA1:23A55C210DC74C1FBA0097627DEB253B848F0175
                  SHA-256:A94C7BD72E2559790D6C21CDCE2417181848B150AC3CA08DE1B1EB5EAF914BF7
                  SHA-512:512FDCBCA265E5C2AB34DACAF16913B19E2889E31E3646A1FCEEB6DE3347049C8170655D3622B7595AE2FAD0D15E772973B7C70F56BEFE2DE81F4CA15E37519B
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=c9e547c0f1e546698b149253daafd180.IDENTIFIER=org.gnome.SettingsDaemon.Wacom.desktop.
                  /run/systemd/journal/streams/.#9:76332LoY1W4
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):215
                  Entropy (8bit):5.4145159128795415
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+MoLSpwjFmShmVxfvn:qgFqdg7/+0+f+MoLSp69kVxfvn
                  MD5:685E954D8C31A3789AFCAA1D1A3E8F74
                  SHA1:802485AB4FB14C847810FEA2C7E40722BB1544BD
                  SHA-256:43DC37BAFF3D784EEC34115CA162383846BDE652B92EAFD44EDC5E23722051C8
                  SHA-512:727DFA53CD89272C5DC755E7EB524F6A62FDBD50AFF690B0793DEA246C51904DA2D7E5BCDBBBB3E354C403572C5CA7A3A4E174EA8310976D3B2EEBADA089CADF
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b74b3663a68d4ba394f4d64f3c092029.IDENTIFIER=org.gnome.SettingsDaemon.Wacom.desktop.
                  /run/systemd/journal/streams/.#9:76334mkGDO2
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):215
                  Entropy (8bit):5.470059998971897
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+MrmjEJZcBj5jFmShmDxfvn:qgFqo6g7/+0+f+MrA99kDBvn
                  MD5:9F3CB5C881E5AB6F32411F99A724F755
                  SHA1:AE208F974F63B084220F4E965095CD2D1E292C81
                  SHA-256:1E68BA2CDA0D60A6BF451365FC93B35C7BF8D0AD6D653A68C48B1366E221D3F3
                  SHA-512:1430EB608AEF45D937E354DB59407C5129B322A1F2C3D1710F1BD7FE0321480B4840478DD42D53EDE2B3414094A86192F6DAC50869931F2A9966DE7369C41DA6
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=55c39fbc43354d4abcb782279ddc5f85.IDENTIFIER=org.gnome.SettingsDaemon.Color.desktop.
                  /run/systemd/journal/streams/.#9:76335eosKT3
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):215
                  Entropy (8bit):5.353871859477264
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+M6mtYDAYTjFmShmDxfvn:qgFqdg7/+0+f+MPt7YN9kDBvn
                  MD5:F398274A516A6CEC5E5A0A963643B649
                  SHA1:0A75EFFF51AF85972C7F31378DB115A73183AC4B
                  SHA-256:EF88CBE0E8B233B96FDE91A6B77CA8A03C1EEB7CACA38050CCCE32ADE78CA6A8
                  SHA-512:C9A939D1B8D593878D92797C6A7D47733D0A5BBB0DAEE40162BE99BF222A0723BD2E5CCD1DD0B773CAD84F94F124BBC411FBC7ACE6A005B0F7FD94648EEC314F
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=022682e88b3a4238a5893ddea2008d50.IDENTIFIER=org.gnome.SettingsDaemon.Color.desktop.
                  /run/systemd/journal/streams/.#9:76357xoZyO3
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):218
                  Entropy (8bit):5.389797381017773
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+MoIxRhuqjFmShmxBrvn:qgFqo6g7/+0+f+MLxt9kxBvn
                  MD5:46037383E02046B0ECF6E3DA22E7571A
                  SHA1:207E1109DB83BD16EDF6B3907B13F98A3A76BD29
                  SHA-256:33418AE358F31812BF833C5E82DCC6CEDBCEC8B504283352BBD81666DE6EAAF6
                  SHA-512:9B40C02481214A65C075DEC4DA265CBC8EB6834259A7B4F174774CD82B7CE660ADBC76036CEF72C713E55AD26EF0C65A5646CF9A0240E909F221C9289523A34D
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=74a5ea62aa4044229778441868104705.IDENTIFIER=org.gnome.SettingsDaemon.Keyboard.desktop.
                  /run/systemd/journal/streams/.#9:76359NuVYs5
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):218
                  Entropy (8bit):5.4822639951511665
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+M/MR5WRT7jFmShmxBrvn:qgFqdg7/+0+f+MELk9kxBvn
                  MD5:85414AEABC9DF0B7FD21F9E17EA8BC51
                  SHA1:E2FD81A713FF84E291FBB2D1E886B98B99CD1935
                  SHA-256:130876F7B18B69C93A290FF5BD8C89B597081CCF49E1E8D04F7A7F680F41FF1A
                  SHA-512:1F2C0310A3936E9D60B64576FDC16E08E25FECF88EDD9C898FCCA7F3CC152D3AD1D4EBDB5D1C395CD6473D4616DF172B046FFA47290A210E2300B66B94BC1D8B
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=1c6a917e7ab54bd39f47f5342d63f8cc.IDENTIFIER=org.gnome.SettingsDaemon.Keyboard.desktop.
                  /run/systemd/journal/streams/.#9:76381auE5A5
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):228
                  Entropy (8bit):5.430347727279041
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+MuZclrqjFmShm5PKJ0vn:qgFqo6g7/+0+f+MyQ49kYJ0vn
                  MD5:943E3255749E3883ED43DD2863BC248B
                  SHA1:A9CEB7B70C1D25B52BE788D367C8B9AF5D68025E
                  SHA-256:915B571F618378E8A7AFF29D9527A3B8F7913B98315EF1725FBE52E0B56071C8
                  SHA-512:EF7AD218A27817A0C48E7B77CF68CCCB185E475899D54C3F34EEE193756018964B60B7409786DC9BD71ECF63D011D186CD7389D5EC2C085B624416424E0BCA1D
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=d8a5936d8d194ff0ba0312d98fd473f7.IDENTIFIER=org.gnome.SettingsDaemon.PrintNotifications.desktop.
                  /run/systemd/journal/streams/.#9:763830pQvs6
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):228
                  Entropy (8bit):5.397480347571483
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+MiY32jFmShm5PKJ0vn:qgFqdg7/+0+f+MTU9kYJ0vn
                  MD5:4174A4AAD80DC0B563DB2B207D2945F9
                  SHA1:6BF5AFA1D6E612F941D3D861428298F5639AA42C
                  SHA-256:2B80D447FEEB6A2CDD1641B84666D5F0F17E31081182D0C6CC90B148BF8FEFB2
                  SHA-512:33DB788D746B4FA5543C6455958F59C5E1B6D962CD66F317A525B4D3B5D8A5981D3B05867E47EC6F45BDE3777AADD724C9B9A80DC6DD0D28A19C40E3A0422A8C
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=189b16b4b02e4b3d83e48fadaf03b1b6.IDENTIFIER=org.gnome.SettingsDaemon.PrintNotifications.desktop.
                  /run/systemd/journal/streams/.#9:76385VOTxQ4
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):216
                  Entropy (8bit):5.4698082938322035
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+MobwGQTCjFmShmatvn:qgFqo6g7/+0+f+MobvQc9katvn
                  MD5:70FB8B1A8A97776D598A6E36394B564A
                  SHA1:1BDB48C69D2640428870C57DA276C7A2ECCCEA6E
                  SHA-256:9E64E1943E7049AD04A6F4ACF202E04C46B38EE12862331049EE1CD674FFE5F7
                  SHA-512:B1C16CE4352CDBF446DDF8E356D455F7250ED3D148DF7A57B29523D2E17D011C9720BD6BCBA75F23D06F078FED3207CC7D278A91E7DA10FD7E4C20B456B5504A
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b40b009587254e8cb51a169b9256b134.IDENTIFIER=org.gnome.SettingsDaemon.Rfkill.desktop.
                  /run/systemd/journal/streams/.#9:76386EziQW3
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):216
                  Entropy (8bit):5.4698082938322035
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+MJ2VdCGGjFmShmatvn:qgFqdg7/+0+f+MY09katvn
                  MD5:9B96B52D3739BC3D2E3AC4F4537D2374
                  SHA1:8AB64080049F2B5677C72CEA1CCE5696ED517EA6
                  SHA-256:6B0BB118B7BB4C848F15F577DFFCED6953104CCD4392C2B8314049F2EB628703
                  SHA-512:22E284C64F1C757C05051D7A944F49B075A25DD781273AAEA4794E64188EF422D5897111041BE91BE74ADFFCAE87FE27FE39C86C4D5364A7A057AA8378594D51
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=7523d45091844aa3b6c20bc3e45db77f.IDENTIFIER=org.gnome.SettingsDaemon.Rfkill.desktop.
                  /run/systemd/journal/streams/.#9:76408aTPvm4
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):219
                  Entropy (8bit):5.411281264084006
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+MaSGYVBP8jFmShmzxvvn:qgFqo6g7/+0+f+MaZYVh29kztvn
                  MD5:62538CC997DC143172FCE149DCE72B6A
                  SHA1:B5895054886EA8A0520C345BE1CE5A6645BB310D
                  SHA-256:DCDAFD8E0D6106B579D761D8ABBAF40878C409B5EA47C10F9CDCC941FE3F6E32
                  SHA-512:3D7C6B2A4759474740D5754F1FD472841D1F0FB3DAE386311C518CFE8C644BC00459B50B01C4FEBB5CAA1151AD0E097C510696713ACF5D62BB6FE30D2A03BB1B
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=7877d94d1c4940c8aacf0242be3100cf.IDENTIFIER=org.gnome.SettingsDaemon.Smartcard.desktop.
                  /run/systemd/journal/streams/.#9:76410fdAvl4
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):219
                  Entropy (8bit):5.413710802785556
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+M8407+sZjFmShmzxvvn:qgFqdg7/+0+f+M8Ba29kztvn
                  MD5:83EF2196B585C20ED37435C0A19C3DCB
                  SHA1:BD62D82EC19F05B55B7B8F7A8C4AF0810E5E2B10
                  SHA-256:8743A1E2D5DC9A7C95E0171C4696E3D0DE797914C68BE6530C7BD743838B4648
                  SHA-512:688E3938D3AB3E3CBABDE49CFCF998C04B40064F22DF7E56BEBC7568095D668349BD1681E56D4B2D9EBF3157A8E084A0E09D97A9C57F42AC2C5A154065F1D591
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=69a1a5d3371b41a193fbb4df5ca0221a.IDENTIFIER=org.gnome.SettingsDaemon.Smartcard.desktop.
                  /run/systemd/journal/streams/.#9:76432ajFyn3
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):218
                  Entropy (8bit):5.440059754072214
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+M8D24xAVjFmShmZBvn:qgFqo6g7/+0+f+M8HAL9kZBvn
                  MD5:61B58A95577DEC99C5F54A35BEB67498
                  SHA1:71C24E8C9FA93F7ED6F9EC397036534126796C32
                  SHA-256:F526D929F9E4FCBC46C373960D7FC2A7F512818C3C319D4564B0B7ECE563BB21
                  SHA-512:B06ED27CFD7D2B1482914C53D3714DC1B78B892442037B2418A6ED55538EAA9CEC39DCD86B51E8E73D87B7CBB74E9D999BC6822B17757EE75CF0CABB6ECCE85F
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=6f2285116d9c47bb8d130de7b4c42b21.IDENTIFIER=org.gnome.SettingsDaemon.Datetime.desktop.
                  /run/systemd/journal/streams/.#9:76434aeX244
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):218
                  Entropy (8bit):5.3577153464358265
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+MXIFTSjFmShmZBvn:qgFqdg7/+0+f+MY29kZBvn
                  MD5:9619C8BB9AAAE83676A11E848F4B93FD
                  SHA1:CA36BFB3BCEAD83EF2E1417D5513FF7BF6F01C16
                  SHA-256:86AF2FADECEEDC65FD5FE3917290776ADFD8CB02DFB9D48E319C6997C627663F
                  SHA-512:0EAAD13BFFD840AA0EE45356C03E4034346BBEAF7BDEDC0916C4D43C0EB42E024114FFE774021C02243C1AECE7F886305F34E5906E2C2A1AF7AF82DAFECD4F15
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=e67697acce7b42d6b4440292347667dc.IDENTIFIER=org.gnome.SettingsDaemon.Datetime.desktop.
                  /run/systemd/journal/streams/.#9:76456UCfvN6
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):219
                  Entropy (8bit):5.463349000974038
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+MN2K0QSM0ZjFmShmwtvn:qgFqo6g7/+0+f+MNl0Qmv9kwtvn
                  MD5:3454265DD1A8AA8E9426010CD5CC6289
                  SHA1:D7DBE4C7521C93889F22C16CECF1DC50A8E28A38
                  SHA-256:83B1563D462763B5CCA48C05CFB27CA704546B7470A7FE52564E46759BF2CC87
                  SHA-512:C8AA81F62E7339EC087CEEDA1B5313600BACF4D95D5D21723A1129DCF7505E2C49A8A620255CE041640AADF89C55E4C4E72AEA7D6A8841E9360402CB6BB51495
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=acc7165396c84337b57d66553f4cbbf5.IDENTIFIER=org.gnome.SettingsDaemon.MediaKeys.desktop.
                  /run/systemd/journal/streams/.#9:76458wvCqi3
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):219
                  Entropy (8bit):5.470711486988174
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+MA9JXeF2jFmShmwtvn:qgFqdg7/+0+f+MAzyE9kwtvn
                  MD5:C58574BC08321705EDAE90EE33123507
                  SHA1:52A95F33893C6BCDDA4929692F14F2E06ABBB97B
                  SHA-256:2F01E835A649163B814C4C06B3C7DBE25094B5EDC12432D0B512CDC8D2F39CFD
                  SHA-512:EABF025749B1275D42E4D42CC88379649C42AD2D8A15AC41C348EB896A86D2E16D2F37A1A35E7E0D1D1847AF6A2229B687552CE3A8F9E478CD9FABB6FB3645B0
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3c539285f9a6487f9f5192cbae60d829.IDENTIFIER=org.gnome.SettingsDaemon.MediaKeys.desktop.
                  /run/systemd/journal/streams/.#9:76460RqRkg2
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):226
                  Entropy (8bit):5.443737810899174
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+M6HdnmWQuzy0jFmShmkiEovn:qgFqo6g7/+0+f+M6HdnmW/9kVEovn
                  MD5:3359B170C3C459430847371D710FB2FB
                  SHA1:AA6E1C081AE7D74DC6A32A832BBEAA0F0A228F06
                  SHA-256:73D5E04538F04311DA4E885F7CFD468C89AA0A7D4E8CEA900CF931DBF91AB639
                  SHA-512:C2FFBB84F39CAD1E97541368AA15E7E37289232F5F306B1957AB9E58A37979F024A6839CE8B363326017C6C1DB61E778A8328A8228DA9437738B305C1DB985C6
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=933dcb886dd54387ab0f8deaf354b584.IDENTIFIER=org.gnome.SettingsDaemon.ScreensaverProxy.desktop.
                  /run/systemd/journal/streams/.#9:76461oocl62
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):226
                  Entropy (8bit):5.457355383902703
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+MuMQYLlRqjFmShmkiEovn:qgFqdg7/+0+f+MoYLb49kVEovn
                  MD5:DD0AD72DD4FB815A21FA0A67F06D9F58
                  SHA1:8C3CD55772F276EAE03D4449B4B650FD9326091D
                  SHA-256:886A50B2A4726111B1EF6A718C0E5F74092086AC9EF6D6AD6627F93AF5926EA1
                  SHA-512:D49B2E287D82936FF3E1D2B1FFF9CC78E6F85A8B467CE8A56002FBA34AF33B995A5671DD120F3D09F7E03E033FDAB3C8C4DC050F1B8BD77B62B61D7A81BB3D11
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=db192e8f879a4bd6bdd7d3ffc6f86b9a.IDENTIFIER=org.gnome.SettingsDaemon.ScreensaverProxy.desktop.
                  /run/systemd/journal/streams/.#9:76483ZGiAv2
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):215
                  Entropy (8bit):5.364538850627429
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+Mum9mGxsv0jFmShmpvn:qgFqo6g7/+0+f+MPgAV9kpvn
                  MD5:24D4A519851043AEAFC507336D687EE7
                  SHA1:1C5BC4B20239F633C6358EE12CBE85EE0902CD4B
                  SHA-256:D08268884997DA6D5EB33F9D87452488D5B6A9683356380B0933DA4EA3B033ED
                  SHA-512:EA22BCE9414EAD67C7982898D22398115178B4F726CD01891D14FFD3FD227302BEB7098E7A6FD8F68A2590F443FBFFF2A500AED432BCA32CB174550985F5DED7
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=d60d206106804ee5b2c4299d9d097dd6.IDENTIFIER=org.gnome.SettingsDaemon.Sound.desktop.
                  /run/systemd/journal/streams/.#9:76485eABpA6
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):215
                  Entropy (8bit):5.475582120306161
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+MoqRmNSq0jFmShmpvn:qgFqdg7/+0+f+MVEND+9kpvn
                  MD5:7F7579D4A3AA842D781AA9EDA80FC928
                  SHA1:BD68ECA2DC89A571FBCC4E1EB17FEB09091D3C67
                  SHA-256:E4CE5BBCC3E0256347FF617BB86FAB6A9A8B078F1608EA31BF82292CD62F4024
                  SHA-512:6EF17B2A9FA748C3464BADD1E387071B840B55DF7673DB56210918BB8C49FFB602E59A6E631C31B589F86A4910EF716978D538C6461FF029B10AE3D19FC1BBE7
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=af06dddb518c4214938f58819757c923.IDENTIFIER=org.gnome.SettingsDaemon.Sound.desktop.
                  /run/systemd/journal/streams/.#9:76507TAcBq3
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):222
                  Entropy (8bit):5.472118961812767
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+MJu9zVljFmShmQmc0vn:qgFqo6g7/+0+f+Ms7b9kQmtvn
                  MD5:9270F5091A7F9D25E2529ED311EA5BC2
                  SHA1:04EB611B926489289F670E3FE61E27AA7FE50FC5
                  SHA-256:226FA66B296092E1A109F9154345C37BCEFB3ECF047352143380D32CCD7C2E25
                  SHA-512:E1B32CD5292B6B69521FBFECD15E8BFE784A156B3E0CC6EBBE527CB8BFAB69F699AA1B537E2EB44229580DE6B9FE28883F5D49CE74AE7DAA1B2829EECD0B5503
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=1758df3fcbbb42eb97866a908f9fcd12.IDENTIFIER=org.gnome.SettingsDaemon.A11ySettings.desktop.
                  /run/systemd/journal/streams/.#9:76510yF3hG6
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):222
                  Entropy (8bit):5.460275761438485
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+MSRsBMpF2jFmShmQmc0vn:qgFqdg7/+0+f+MjBQE9kQmtvn
                  MD5:5032CF68C6EF949637BCEC354A2522EC
                  SHA1:B0DAFDD08FED723B36DB8039F08E30B4358A6573
                  SHA-256:58132CF0EB3B31FF913E02634985F70B4308020D3439C8238ACCF2A4653B80EF
                  SHA-512:9C452D312F0139DA810AC292DBF44AC921BAAFF85C66C3A9925789D2134DFE10D588C684461829BBD4D6062342F0A210642730AFA148584A2FE7C16679D1007B
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3ff7ee0d69324fd19562c3c46bf73bb4.IDENTIFIER=org.gnome.SettingsDaemon.A11ySettings.desktop.
                  /run/systemd/journal/streams/.#9:76531EWnHJ4
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):222
                  Entropy (8bit):5.442141385091807
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+MoWMhf4kjFmShmx+0vn:qgFqo6g7/+0+f+MoV9k40vn
                  MD5:89E4199A19B3172809F3BA833C5D53E1
                  SHA1:B3B50E86AFBB179357DEA7E16AEC9B591661CE6D
                  SHA-256:CCC36E07DFE0B3C6E09C2F33057A7DAA4114FF2D5D4B1E86723FDA80FFB13FE1
                  SHA-512:70F2473A74D8FE5A44577B938AF9F172C422E053E728AB0898387DD63B13C8929D6207F78FCD8CBB86305DB4CCF63BD322555BBB44FB669409E8A008C9772E48
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b9aba3f570ce4eba9156e72cbc67dc42.IDENTIFIER=org.gnome.SettingsDaemon.Housekeeping.desktop.
                  /run/systemd/journal/streams/.#9:76534i5VJV3
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):222
                  Entropy (8bit):5.449149910629764
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+MWIkAjFmShmx+0vn:qgFqdg7/+0+f+MWIkK9k40vn
                  MD5:F1992EB84D7240BB9E62F747F668EA30
                  SHA1:86AEAA736281FC7BC41B8CA510C6DF5D170B903B
                  SHA-256:4003D52893632D5DC22CDC59D4E516014A8EA2659C0627240FE3E07B029219E9
                  SHA-512:C2325FDA5E6A37249933877DE1F901F24DCC54436DE53E39E3DD347998E7109F81EB560065B6BC62D2B923B384A12094802A0B1A006ADDFB1AFC4039E9E174CF
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=396f56152e304f298779a02638f5fe32.IDENTIFIER=org.gnome.SettingsDaemon.Housekeeping.desktop.
                  /run/systemd/journal/streams/.#9:76557ws54k2
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):215
                  Entropy (8bit):5.41314231880886
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+MbnwjRqjFmShm3vn:qgFqo6g7/+0+f+Mbwj29k3vn
                  MD5:0F2068026D627C20AED842ED4BF6FEB6
                  SHA1:14982081A314C744CB17D7315E6681B0D896131E
                  SHA-256:42253AB3AAEB33E4DE224CE31B49B0FABD71BAFFA2859EB843AD4448474A44FE
                  SHA-512:F8C5B711B9D6119D76F3CD7D7857201FCE4E7550902334DD8248D512B9FD848B4B60ECAF378D01A56070AFBE48ACA1FA44308F4DCEE595C7F4CBE1987DD7FD14
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=11b8eb6eb81c49f6bf492a8e45e4942a.IDENTIFIER=org.gnome.SettingsDaemon.Power.desktop.
                  /run/systemd/journal/streams/.#9:76560x28BZ5
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):215
                  Entropy (8bit):5.4084747021686255
                  Encrypted:false
                  SSDEEP:3:SbFVVmFyinKMsPOfvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmrmSWHSTNBqjs+XE:SbFuFyLVI6g7/+BG+f+M5UzjFmShm3vn
                  MD5:0F8708A224F5B7CB2D9576FF743CF218
                  SHA1:E59A766380C23EE710BD4D86723C51C0302DDBA5
                  SHA-256:395AB885B8A907D88EEF1D4A56D5D603E2A47C93D4F4440FC837E52B85E6D479
                  SHA-512:B7727FB5C07FAF042AE4C5FEF875592E82F27A61E33DFC3A7D57E3478E756DB595EFB64E06A05EB1DC675285FBA12E26012340C35B1CA88AE46FC76CECE18A3C
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=ae8a35a73dbf4672bac7e2eb97d4e46f.IDENTIFIER=org.gnome.SettingsDaemon.Power.desktop.
                  /run/systemd/journal/streams/.#9:76748i9hEp5
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):226
                  Entropy (8bit):5.446604102038905
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVIg1BG+f+MrRsuUJ0jZcHdzqDq:qgFq6g10+f+MFsomQDq
                  MD5:A5AB2760278D7D8B807D54CAC042C225
                  SHA1:F7F7D185CE06C965AEC0E8F827F85D4922A53777
                  SHA-256:4ACC3CA7B50969EFDD04B1D3DB52B14ADFD50DD14DABE14CB4CED050086E8C47
                  SHA-512:1F4E62ACFE4DB93BB48DFF7B1898BC8CD709479BC2AFA0A7DFDF146856296E2E4FBBCE6E955408A832602170A4B7294E10DED093CE5CDF21D9B29D4A6A4A69DE
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=e7f5cc649e74473a9fc816ffb3573a10.IDENTIFIER=systemd-hostnamed.UNIT=systemd-hostnamed.service.
                  /run/systemd/journal/streams/.#9:76853YjB3v5
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):190
                  Entropy (8bit):5.4015278115309915
                  Encrypted:false
                  SSDEEP:3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmrQlGkBBSAVW/0T8:SbFuFyLVK6g7/+BG+f+M8BBSd88jN3r
                  MD5:0C4063AA79842EA0970F7AEE33B6E427
                  SHA1:C466D4FE103D0DBBB3F1D0A2E324EA22BA236F57
                  SHA-256:941A7E609C3D0687C6C988F7CF39A02B37CA1A3C8714EB27B9E50AC9C2E77A29
                  SHA-512:AA7615DC067DD1519452D493DEC47362935D13FAC24A67083B612A5A4C8EC08E10C6B527C7D576CBD24F56FA2F0C77D73D9D1E307DEB9309C6AAC276C09D055A
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=a69fe1cd7d3547f982313b43d93d596f.IDENTIFIER=gnome-session.
                  /run/systemd/journal/streams/.#9:769693YyTV2
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):200
                  Entropy (8bit):5.4441194523339655
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+M+ARbaTjFmzXvn:qgFqo6g7/+0+f+MJkQXvn
                  MD5:919E996E0F3B169FFF88E5F8AF084CEF
                  SHA1:28399A129DE96C9284069C271140BC802B55293A
                  SHA-256:E8C0B54DCB4661882EC8800EC73EE0224755BD5DE4458168E40AD5BB82FC78E3
                  SHA-512:EEF5BAB0AD40F593A87CA8BCAC7DEAB147125EF2D1E5C66B0ED12228690D724E9639029DA743DFA7BF7A7E0D153BA18F088A26F03FADC5A4DBEFB5EEC47108BB
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=e8126ef75d3748e4ac9bae49326bd8d6.IDENTIFIER=org.gnome.Shell.desktop.
                  /run/systemd/journal/streams/.#9:76970d4BhP4
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):200
                  Entropy (8bit):5.434734217616036
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+MeoIFeAjFmzXvn:qgFqdg7/+0+f+MeouQXvn
                  MD5:7D811C939BAEBBADA0F0D8AD48CE6B71
                  SHA1:F98767CC41E6A127871DFA05D7CBADD745CB9FB1
                  SHA-256:AE7E1DBD4D0A5D873FAA1FFE25A338C752140EC06F17DC3EEE30A52220658890
                  SHA-512:7E230A8ED489E28167122B618C1348C1280FC824EBCF43E01E4A1A84ACD4EED9130077E384E360E705B826291D00E2688DB7DD300D9BF948DBFFF407AF8E73BC
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=7ba42b1495344a16b19ee7913769f265.IDENTIFIER=org.gnome.Shell.desktop.
                  /run/systemd/journal/streams/.#9:78098P3rsq2
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):228
                  Entropy (8bit):5.459832518865926
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVIg1BG+f+M45lEpTkeF2jdCt/rRMtq:qgFq6g10+f+M45kTTcCDL
                  MD5:A3D089664A7E51275F148CF18BA92EE6
                  SHA1:62926BC86EFB17A59F263EC4DECE8A0C7218273F
                  SHA-256:BB46F1FC2B5E60AF33779A698EF8855489EA67778A12A9B113A44A598673D757
                  SHA-512:37359AE749530252045061A8C38758083908A45E2D77FEC3957611AB0A6843D2A9403B3F3550AE960F1784E7BBCCF0253916F482E4373F0470861A249320D715
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=2e7a218e58384fd9bae37368c198b26e.IDENTIFIER=whoopsie-upload-all.UNIT=apport-autoreport.service.
                  /run/systemd/journal/streams/.#9:78341pQFg34
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):222
                  Entropy (8bit):5.431099278942942
                  Encrypted:false
                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmukdAOt6klMqjsicWC:SbFuFyLVIg1BG+f+Mukd9fjZcH5CHq
                  MD5:9BBC96E7EAC499AF94676042FD18CE1F
                  SHA1:0AF6AF1C437658418A014A72B9BB2A80A55A6AFA
                  SHA-256:EFB1E5CE9DD38B78E24EC29797A7DED2786329CDC0BF0B076695405693706D60
                  SHA-512:DBF3E0BCEDA24FE679447DC25AB615324DB410FE76D0B9D78F50CAF5379CE0B05265D85014813B27AF9F80F1F692348D4581ACE455A5999BB80096F283BA7BF9
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=dba82565e84a4d0bb4556af3aba1d994.IDENTIFIER=systemd-localed.UNIT=systemd-localed.service.
                  /run/systemd/journal/streams/.#9:78493qF5285
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):206
                  Entropy (8bit):5.325763267645582
                  Encrypted:false
                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmsydpSm0GPGA90js3h:SbFuFyLVIg1BG+f+Msyd2GPX90jXjK
                  MD5:C83F4FC50D6CF09AB67C8E076CC4DE2C
                  SHA1:8223C5412AFE1162F362ACC18ED9865DBE29CC49
                  SHA-256:1311794C1C88B45894C0BACD15E4654FD416E394EBA9C590559EF26167CC6FBE
                  SHA-512:A0F065C04A8C604FBF9BD4FFA12876F24EF9EBBD339577ED5F5ADF2FE3215149F9A0875548316621B4B8A40219A1CDAE2CF846754FBB4D12E685CDFC96E08C75
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=f43bfdd970dc4e8bb3ca500faece1f7f.IDENTIFIER=fprintd.UNIT=fprintd.service.
                  /run/systemd/journal/streams/.#9:78547ifZ413
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):198
                  Entropy (8bit):5.398555117995437
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+Mu0cmjJsjZarvn:qgFqo6g7/+0+f+M9cmjJ6arvn
                  MD5:E72F62BA3365857195709C69F1305815
                  SHA1:0B3442937971755370AC6242781CEBF253FB2A53
                  SHA-256:A064EA33C632EEA2D177C2A6AE0E1D35F083FB0BE1F1A1BAA377AE23B84B7FAB
                  SHA-512:95AF8CDDE6371C51FD5A9C06D870946DF40ED5588E7508FFDF8FE84FAAB5B64B15CCD19FBD0E0EBECD588E341E612D5608111AF29F31F72BE61B947E6C75DA0E
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=5e65cbe9d51f4f7083e60ea879ca9cf2.IDENTIFIER=spice-vdagent.desktop.
                  /run/systemd/journal/streams/.#9:78549lp0QP3
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):198
                  Entropy (8bit):5.391257928914345
                  Encrypted:false
                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+M+oqTA22jZarvn:qgFqdg7/+0+f+MuTuarvn
                  MD5:2E8A4D7750DE6DF180E08149A91E33D5
                  SHA1:55F54838C2C6EE0047870447DD6D3BAB4D336E29
                  SHA-256:432467FDE29E8FD7FE5EBF6C898CBA9F21671A17DED13CAD8A35D04BD2C34B5F
                  SHA-512:0BA5CD425FD618AB7F708D23E3D6A66C4FA79C5AEBEC3BF8556ECC5672D62A8D7371D595927E83C9A7201E3A99F1349284C6346E93793B112D737C9172158043
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=53b6cf34cfdd4b608a98c5c9280b4d03.IDENTIFIER=spice-vdagent.desktop.
                  /run/systemd/journal/streams/.#9:785806rkdQ2
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):192
                  Entropy (8bit):5.334196467240052
                  Encrypted:false
                  SSDEEP:3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmu8cTzAHwumTATjq:SbFuFyLVK6g7/+BG+f+MuLumkTj022vn
                  MD5:54657099FD9B54DB7A7F1EEFADDFAB6F
                  SHA1:4294E44E237E4F6DA2059F3A8500834FA5FFF296
                  SHA-256:C1DD3F9E7C27688513EEF8304E195F361858B41A5B98BC5782F814576F7B64C5
                  SHA-512:FCD96C3035B9F5FABA5AA0CE0466585010BB08A42F943638EF756B86A8FCD4ECD8F0AE82B80CAD73D16832EC0FE5EAEB24C386FCC12B3A4ED740C9511A5743B8
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=dece5975cb1e4d15bebe078e95a49b8d.IDENTIFIER=xbrlapi.desktop.
                  /run/systemd/journal/streams/.#9:78581rM4oc2
                  Process:/lib/systemd/systemd-journald
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):192
                  Entropy (8bit):5.366690378477175
                  Encrypted:false
                  SSDEEP:3:SbFVVmFyinKMsPOfvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmp6ITcSMVFGXzFlL:SbFuFyLVI6g7/+BG+f+M1Mu2j022vn
                  MD5:F267268694FBA34E43AD18A1B131ECED
                  SHA1:1BB31D015B9B5EA973B437BB7A084FD09BB817EA
                  SHA-256:CC0FE381A20BB059A9CEEFC47B59473B0F79FD171AF298E642E345631375CD34
                  SHA-512:E374AE31F8C21D4EDFE9452CE945DD618A417D73C858B04D1DC2DC33E44EE2A7CF7B16D4A0625F98F72D837FF8C688D56B631FC329B269707C776548E98B1D04
                  Malicious:false
                  Preview: # This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=cd965cd2c00646e797b0c0574fc2b3bc.IDENTIFIER=xbrlapi.desktop.
                  /run/user/1000/pulse/pid
                  Process:/usr/bin/pulseaudio
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):5
                  Entropy (8bit):2.321928094887362
                  Encrypted:false
                  SSDEEP:3:DSt:8
                  MD5:B7A1FF7A2872E02F2C4A3A950A658E6F
                  SHA1:0E3105C99B10616AF96E0F50F7714C00897BBEFA
                  SHA-256:8BCCB7E04C810A6D9AABBC81B5662FC52FC1BD1EC089807E560FA4FA0E3B50E4
                  SHA-512:A8F572B14F32BDEB1AF4A3A5E17348B9D5DC3B5285817FDFC983B0583A0175480210C43D2A19D060805353A645C1205D89B9583F57CC5D738D98E8DE9D59B5EA
                  Malicious:false
                  Preview: 5378.
                  /run/user/127/ICEauthority
                  Process:/usr/libexec/gnome-session-binary
                  File Type:data
                  Category:dropped
                  Size (bytes):1304
                  Entropy (8bit):6.028621580012958
                  Encrypted:false
                  SSDEEP:12:OxPBep+9ZOveY+BeRNrxPSBCoEiveY+SjxP5mhijveY+5tWmxPwWoveY+wcZVveI:A9ZbCoEUwqra1XOu
                  MD5:140602876E8D29AA3BC885BB131AE266
                  SHA1:2A7B0D8A8C3DEB38D72A14894CF741BF9B2C15D4
                  SHA-256:DAD4D076EC3FC63284B4DF943BD4EA12B2C92C91F059E65805E2CCD6C3A52508
                  SHA-512:D6FD23AC4FE2D741207E2603A54BD98ACB0CD60D8E78A5A1F675787CA1BD4558CAF3A9CA023BFEED9C4AC6DF0E47C3D8EC4DBDB20C60DBABE2A182F4B3CB9A01
                  Malicious:false
                  Preview: ..XSMP...!unix/galassia:/tmp/.ICE-unix/5515..MIT-MAGIC-COOKIE-1....N.W..;v.}o....XSMP...#local/galassia:@/tmp/.ICE-unix/5515..MIT-MAGIC-COOKIE-1......fD.z.j^..W^..ICE...!unix/galassia:/tmp/.ICE-unix/5427..MIT-MAGIC-COOKIE-1....R. .o........~..ICE...#local/galassia:@/tmp/.ICE-unix/5427..MIT-MAGIC-COOKIE-1..%r.au..:...m...XSMP...!unix/galassia:/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1...p.......A.9%..XSMP...#local/galassia:@/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1.....o.(R...}.9...ICE...!unix/galassia:/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1...w$....^.'fI..1..ICE...#local/galassia:@/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1...^f........E..c..XSMP...#local/galassia:@/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1... ......Y...@.t...XSMP...!unix/galassia:/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1...#...,.:B.o......ICE...#local/galassia:@/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1..N..yte|4yXJ...Mf..ICE...!unix/galassia:/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1.....cN.....N+..$..XSMP...#local/galass
                  /run/user/127/dconf/user
                  Process:/usr/libexec/gsd-power
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3::
                  MD5:93B885ADFE0DA089CDF634904FD59F71
                  SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                  SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                  SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                  Malicious:false
                  Preview: .
                  /run/user/127/gdm/Xauthority
                  Process:/usr/lib/gdm3/gdm-x-session
                  File Type:X11 Xauthority data
                  Category:dropped
                  Size (bytes):104
                  Entropy (8bit):4.942288416944157
                  Encrypted:false
                  SSDEEP:3:rg/WFllasO93r7hAcJtWFllasO93r7hAcv:rg/WFl277h5LWFl277h5v
                  MD5:7227465F20352542388694FFCB3DE618
                  SHA1:ABA5AD0644AC0133DDE401FE35BD9CE0B7E76949
                  SHA-256:ADF27BBFEF607013F8D33B56BFB926DC188F2D6E8BD098B823B8E09A6471F1BC
                  SHA-512:49BF9887B49518F7F97370ECB8B767BCDBDB174211B11B87FEA0D6506ED3CE9485C9699FBE67F7FBF4CF394B91E4D6D77920BECA81EF440902DB6B7FF4B2C4F2
                  Malicious:false
                  Preview: ....galassia....MIT-MAGIC-COOKIE-1......x.M......9[.....galassia....MIT-MAGIC-COOKIE-1......x.M......9[.
                  /run/user/127/pulse/pid
                  Process:/usr/bin/pulseaudio
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):5
                  Entropy (8bit):2.321928094887362
                  Encrypted:false
                  SSDEEP:3:HT2n:z2
                  MD5:A153D32C59252FD4D55E3D757A7BBF39
                  SHA1:6C3807886D9A36F46925E3739E323A3CBB8B619C
                  SHA-256:01A7F5CE7902631B3E6F48EDD80A338B48168FE561EA2CB6FC41846D419C0E00
                  SHA-512:1B476406824C34E30484340DD35B60A4C041F417E6D753727A1DE53B74B6CDAD5D95A37601C8845551519B3B40CA32E8C34D4B63B338F6EC98369F78658B1121
                  Malicious:false
                  Preview: 5761.
                  /tmp/server-0.xkm
                  Process:/usr/bin/xkbcomp
                  File Type:Compiled XKB Keymap: lsb, version 15
                  Category:dropped
                  Size (bytes):12060
                  Entropy (8bit):4.8492493153178975
                  Encrypted:false
                  SSDEEP:192:tDyb2zOmnECQmwTVFfLaSLus4UVcqLkjoqdD//HJeCQ1+JdDx0s2T:tDyAxvYhFf+S6tUzmp7/1MJ
                  MD5:B4E3EB0B8B6B0FC1F46740C573E18D86
                  SHA1:7D35426357695EBA77850757E8939A62DCEFF2D1
                  SHA-256:7951135CC89A6E89493E3A9997C3D9054439459F8BFCE3DDEC76B943DA79FA91
                  SHA-512:8196A23E2B5E525A5581562A2D7F2EE4FF5B694FEF3E218206D52EA9BFE80600BB0C6AA8968CA58E93E1AAD478FA05E157D08DB6D4D1224DDEA6754E377BE001
                  Malicious:false
                  Preview: .mkx..............D.......................h.......<.....P.@%.......&......D.......NumLock.....Alt.....LevelThree..LAlt....RAlt....RControl....LControl....ScrollLock..LevelFive...AltGr...Meta....Super...Hyper...........evdev+aliases(qwerty)...!.....ESC.AE01AE02AE03AE04AE05AE06AE07AE08AE09AE10AE11AE12BKSPTAB.AD01AD02AD03AD04AD05AD06AD07AD08AD09AD10AD11AD12RTRNLCTLAC01AC02AC03AC04AC05AC06AC07AC08AC09AC10AC11TLDELFSHBKSLAB01AB02AB03AB04AB05AB06AB07AB08AB09AB10RTSHKPMULALTSPCECAPSFK01FK02FK03FK04FK05FK06FK07FK08FK09FK10NMLKSCLKKP7.KP8.KP9.KPSUKP4.KP5.KP6.KPADKP1.KP2.KP3.KP0.KPDLLVL3....LSGTFK11FK12AB11KATAHIRAHENKHKTGMUHEJPCMKPENRCTLKPDVPRSCRALTLNFDHOMEUP..PGUPLEFTRGHTEND.DOWNPGDNINS.DELEI120MUTEVOL-VOL+POWRKPEQI126PAUSI128I129HNGLHJCVAE13LWINRWINCOMPSTOPAGAIPROPUNDOFRNTCOPYOPENPASTFINDCUT.HELPI147I148I149I150I151I152I153I154I155I156I157I158I159I160I161I162I163I164I165I166I167I168I169I170I171I172I173I174I175I176I177I178I179I180I181I182I183I184I185I186I187I188I189I190FK13FK14FK15FK16FK17FK18
                  /var/jbx/logs/jbxinit.linux.out.log
                  Process:/usr/bin/umount
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):50
                  Entropy (8bit):4.456174630069642
                  Encrypted:false
                  SSDEEP:3:dGT+HlNTcbUhHyI:mMlObUcI
                  MD5:DD6E25C1ECDB6D7867C56B78EE738DFB
                  SHA1:4C945281D8B7527AF05CC96B98F1DF62768805E2
                  SHA-256:5FC419CFE7B06D07BCED5CD01F5D648C852171EA46AA3F7DA28D6EBF8C571E6D
                  SHA-512:FFB8BE08FE6FD1958904B02D61FAD978FFD147439E028F29CE872C959EFDB2F060F7F34E75C1DA7C54779D934FF3A9B602391DEDCD1233FFE960BF47A5A4361F
                  Malicious:false
                  Preview: umount: /var/jbxall (//192.168.2.1/all) unmounted.
                  /var/jbxinit.linux.py
                  Process:/usr/bin/srm
                  File Type:data
                  Category:dropped
                  Size (bytes):1245222
                  Entropy (8bit):6.017979416652393
                  Encrypted:false
                  SSDEEP:6144:YiH1wLU2rjYuAt0WiN4GjfvVRz/FPFjbNBiWdKFv3d9PJdMr0cxee95:Y8+rjvWIxLvVRz9RBBi+KFvvJdg75
                  MD5:20A785E7D61F0CE67DF6C985A2F1634A
                  SHA1:B60E5CB9ECF2913EE61FC6CA7E0723992E2A5C31
                  SHA-256:3C7EFEA23C0F34C2803E18B3EFDC1783542F886AD750E5DA5FDDA71C7085539F
                  SHA-512:9D3B91590C86B797DB43C9956F0A7A0275DA02CA345A143074C849BE0A3A8011DF10183829AEC859C100106B472EEAAF425147BF223EBEC3F6A18CA454EA4DAD
                  Malicious:false
                  Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  /var/jbxkick
                  Process:/usr/bin/srm
                  File Type:data
                  Category:dropped
                  Size (bytes):1245222
                  Entropy (8bit):6.017714475480917
                  Encrypted:false
                  SSDEEP:6144:7kpiQuv6JhmBCXgReBFKCP0ualxDGfBx7kRSxhk6gJ/q8oUGVVNdG7thaZAb:7kpiOJhCLRM0BDGZx7k6k6I6dGmZ8
                  MD5:4E0771127BE63FB9C141EAB7454F981B
                  SHA1:FFC612C9CC40913A76B33ECDC9943F9898E8BB25
                  SHA-256:814DF5D9E40FD8B8CAEE172777C58221E54F4F7126380E3434973821159416DA
                  SHA-512:B8D28AF2BA485D31E1153B7DE0538DCD2A2B333D4C74E75FFEB681BB1E67889A2D6FA3B42F7069C309E49178FE49DE36167C80619794EB9E76500C5467C1E6B2
                  Malicious:false
                  Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  /var/lib/gdm3/.config/ibus/bus/ee49dfd4fa47433baee88884e2d7de7c-unix-0
                  Process:/usr/bin/ibus-daemon
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):381
                  Entropy (8bit):5.109102016666785
                  Encrypted:false
                  SSDEEP:6:SbF4b2sONeZVkSoQ65EfqFFAU+qmnQT23msRvkTFacecf8h/zKLGWWpB7hX19D:q5sU3LWfLUDmQymqSFbfomSt7hXfD
                  MD5:11ACA7193B40F94BF32F26306F66550E
                  SHA1:5747BC1B3CF2E06AF256A5C9783788292AEF2028
                  SHA-256:6A78D34F6E91F7E2F306718D8A42350B5469251A4F0B8E3F9039283BE0A37109
                  SHA-512:7CFF4DF86D4A748D019F1B58B34A0EDB831BB5EA3336402743CAE4B38633A9A9139FC9E3461A24B1D87904CBE0FA8AA63ED0A4BB2832B242064498AE3FD8EC57
                  Malicious:false
                  Preview: # This file is created by ibus-daemon, please do not modify it..# This file allows processes on the machine to find the.# ibus session bus with the below address..# If the IBUS_ADDRESS environment variable is set, it will.# be used rather than this file..IBUS_ADDRESS=unix:abstract=/var/lib/gdm3/.cache/ibus/dbus-84UEtShU,guid=f9c52ac62c2ee3a279f5ac3c61807a1a.IBUS_DAEMON_PID=5623.
                  /var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
                  Process:/usr/bin/pulseaudio
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:v:v
                  MD5:68B329DA9893E34099C7D8AD5CB9C940
                  SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                  SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                  SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                  Malicious:false
                  Preview: .
                  /var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
                  Process:/usr/bin/pulseaudio
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:v:v
                  MD5:68B329DA9893E34099C7D8AD5CB9C940
                  SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                  SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                  SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                  Malicious:false
                  Preview: .
                  /var/log/Xorg.0.log
                  Process:/usr/lib/xorg/Xorg
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):41347
                  Entropy (8bit):5.277717882033828
                  Encrypted:false
                  SSDEEP:384:qtG8/XbzlMqZdUd/dFd+dzd9dZdcdmdKdedHd+dOdbdKd2dwdVdQdWrdSudVtdEt:4G8PbyqHgVP8V6pJpQG4
                  MD5:8D756A104E1A50A90AC6F3183AD13E22
                  SHA1:3C32A6071A51BD2129772010B4519802A67D3E85
                  SHA-256:629F440F3E03DCC2FE16CF6313D7A90127AA765E89A97CFA3B2432B0E6DF876D
                  SHA-512:D64F3DBC8DEAEBDF198D634361AE85B300C966A30198658A1EEB5152B67102767B8A8775A4667156A057BF669AA8A837AFCC182AFAD4385B2779A30F4548D78D
                  Malicious:false
                  Preview: [ 501.445] (--) Log file renamed from "/var/log/Xorg.pid-5494.log" to "/var/log/Xorg.0.log".[ 501.469] .X.Org X Server 1.20.11.X Protocol Version 11, Revision 0.[ 501.482] Build Operating System: linux Ubuntu.[ 501.491] Current Operating System: Linux galassia 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64.[ 501.500] Kernel command line: Patched by Joe: BOOT_IMAGE=/vmlinuz-5.4.0-72-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro maybe-ubiquity.[ 501.514] Build Date: 06 July 2021 10:17:51AM.[ 501.519] xorg-server 2:1.20.11-1ubuntu1~20.04.2 (For technical support please see http://www.ubuntu.com/support) .[ 501.527] Current version of pixman: 0.38.4.[ 501.536] .Before reporting problems, check http://wiki.x.org..to make sure that you have the latest version..[ 501.546] Markers: (--) probed, (**) from config file, (==) default setting,..(++) from command line, (!!) notice, (II) informational,..(WW) warning, (EE) error, (NI) not implemented, (??)
                  /var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal
                  Process:/lib/systemd/systemd-journald
                  File Type:data
                  Category:dropped
                  Size (bytes):240
                  Entropy (8bit):1.4084232590067822
                  Encrypted:false
                  SSDEEP:3:F31HlxNebZNe5:F3
                  MD5:E11866F0B4B24883E359C306B6B4DA09
                  SHA1:ED6595EF0FF664C1825100508698650DC6A8B840
                  SHA-256:39FA6E4A6AD76CCAA0C7B20434E35C402DDFF76D51F2CD037BDAD5F36491B6A2
                  SHA-512:8A85F9308B678771F2A79E1891DECFFBEE1A3AE5756392069C5E8A1CA95EC71EF2577CED0E95365E04020565D5912DCA614BBD86525E57A1E8243F7DB683006F
                  Malicious:false
                  Preview: LPKSHHRH......................O...R.;.YD......................................O...R.;.YD........................................................................................................................................................
                  /var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal
                  Process:/lib/systemd/systemd-journald
                  File Type:data
                  Category:dropped
                  Size (bytes):240
                  Entropy (8bit):1.448047321524811
                  Encrypted:false
                  SSDEEP:3:F31Hl6aVdwX/SaVdwll:F3BPAPg
                  MD5:98FAAACC4C0AFFE9DA3DE5FE20A90BF4
                  SHA1:DF5C6A77BA4A3D4994ABAF97934D55B310B24627
                  SHA-256:6551F25B6C2D53691A4B28392C244EE4ECE81AB8051025D53734BA9654507C9D
                  SHA-512:DBBC79C0520C3C335183E76C78F6D65013F7AA0DC6BA340583B0BA1B8F949542FB66374A7EF1E29CD5530264FE1CDC410EAA3C49B5D0C90FCA57F3F6E623117B
                  Malicious:false
                  Preview: LPKSHHRH.................y.S?.B...Zu+.@).................................y.S?.B...Zu+.@)........................................................................................................................................................

                  Static File Info

                  General

                  File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
                  Entropy (8bit):5.524983795123989
                  TrID:
                  • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                  File name:SZAYTvvY9Y
                  File size:100836
                  MD5:f274fb7e2b929c40da1fcc2c0ed1db8b
                  SHA1:a0285f5e70c6dc90815d065f527b26b7e54cad06
                  SHA256:6708e5ebbe503d06a63775601a9bd50a592d7e8bcbe142975635a51128bfb895
                  SHA512:c1f4277313965bbc2b7fa4c928979a8656e3a3beb2fc8ab0fdec4c90806d2e399c6488ef14d5c6ef18000850b323a2f49df6ca657af6c9ba58b7ad054a64fc13
                  SSDEEP:1536:om9+W1PX4QgNm/j1CuFSQpFufc93/nOL01hLqM/:79+W1PX4Qgw9f3/nk0Gc
                  File Content Preview:.ELF....................`.@.4...........4. ...(...............@...@..|...|....................E...E.P....+..........Q.td...............................<|..'!......'.......................<X..'!... .........9'.. ........................<(..'!............c9

                  Static ELF Info

                  ELF header

                  Class:ELF32
                  Data:2's complement, little endian
                  Version:1 (current)
                  Machine:MIPS R3000
                  Version Number:0x1
                  Type:EXEC (Executable file)
                  OS/ABI:UNIX - System V
                  ABI Version:0
                  Entry Point Address:0x400260
                  Flags:0x1007
                  ELF Header Size:52
                  Program Header Offset:52
                  Program Header Size:32
                  Number of Program Headers:3
                  Section Header Offset:100276
                  Section Header Size:40
                  Number of Section Headers:14
                  Header String Table Index:13

                  Sections

                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                  NULL0x00x00x00x00x0000
                  .initPROGBITS0x4000940x940x8c0x00x6AX004
                  .textPROGBITS0x4001200x1200x163000x00x6AX0016
                  .finiPROGBITS0x4164200x164200x5c0x00x6AX004
                  .rodataPROGBITS0x4164800x164800x18500x00x2A0016
                  .ctorsPROGBITS0x4580000x180000x80x00x3WA004
                  .dtorsPROGBITS0x4580080x180080x80x00x3WA004
                  .data.rel.roPROGBITS0x4580140x180140x40x00x3WA004
                  .dataPROGBITS0x4580200x180200x3000x00x3WA0016
                  .gotPROGBITS0x4583200x183200x4300x40x10000003WA0016
                  .sbssNOBITS0x4587500x187500x240x00x10000003WA004
                  .bssNOBITS0x4587800x187500x23880x00x3WA0016
                  .mdebug.abi32PROGBITS0x8ca0x187500x00x00x0001
                  .shstrtabSTRTAB0x00x187500x640x00x0001

                  Program Segments

                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                  LOAD0x00x4000000x4000000x17cd00x17cd03.58420x5R E0x10000.init .text .fini .rodata
                  LOAD0x180000x4580000x4580000x7500x2b082.33860x6RW 0x10000.ctors .dtors .data.rel.ro .data .got .sbss .bss
                  GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Nov 1, 2021 23:34:52.091242075 CET42836443192.168.2.2391.189.91.43
                  Nov 1, 2021 23:34:52.859210014 CET4251680192.168.2.23109.202.202.202
                  Nov 1, 2021 23:34:52.956864119 CET427983456192.168.2.2331.133.0.49
                  Nov 1, 2021 23:34:52.963315010 CET496452323192.168.2.23171.156.140.92
                  Nov 1, 2021 23:34:52.963413954 CET4964523192.168.2.2392.230.46.98
                  Nov 1, 2021 23:34:52.963424921 CET4964523192.168.2.23128.146.30.93
                  Nov 1, 2021 23:34:52.963424921 CET4964523192.168.2.234.2.238.247
                  Nov 1, 2021 23:34:52.963438034 CET4964523192.168.2.2343.21.94.232
                  Nov 1, 2021 23:34:52.963469028 CET4964523192.168.2.2361.75.144.181
                  Nov 1, 2021 23:34:52.963478088 CET496452323192.168.2.2313.69.119.219
                  Nov 1, 2021 23:34:52.963480949 CET4964523192.168.2.2327.193.248.53
                  Nov 1, 2021 23:34:52.963483095 CET4964523192.168.2.2327.40.58.27
                  Nov 1, 2021 23:34:52.963488102 CET4964523192.168.2.2363.160.245.31
                  Nov 1, 2021 23:34:52.963496923 CET4964523192.168.2.23125.163.96.77
                  Nov 1, 2021 23:34:52.963498116 CET4964523192.168.2.23210.248.232.207
                  Nov 1, 2021 23:34:52.963500023 CET4964523192.168.2.2347.219.185.254
                  Nov 1, 2021 23:34:52.963500023 CET4964523192.168.2.23129.48.221.40
                  Nov 1, 2021 23:34:52.963510036 CET4964523192.168.2.23175.67.20.221
                  Nov 1, 2021 23:34:52.963512897 CET4964523192.168.2.2320.119.46.252
                  Nov 1, 2021 23:34:52.963525057 CET4964523192.168.2.23175.27.187.21
                  Nov 1, 2021 23:34:52.963529110 CET4964523192.168.2.23197.252.201.236
                  Nov 1, 2021 23:34:52.963535070 CET4964523192.168.2.23161.41.203.90
                  Nov 1, 2021 23:34:52.963540077 CET4964523192.168.2.2332.144.142.174
                  Nov 1, 2021 23:34:52.963588953 CET496452323192.168.2.23172.192.7.255
                  Nov 1, 2021 23:34:52.963599920 CET4964523192.168.2.23188.152.133.49
                  Nov 1, 2021 23:34:52.963604927 CET4964523192.168.2.23133.227.152.217
                  Nov 1, 2021 23:34:52.963613987 CET4964523192.168.2.2367.194.253.162
                  Nov 1, 2021 23:34:52.963619947 CET4964523192.168.2.2314.133.211.236
                  Nov 1, 2021 23:34:52.963619947 CET4964523192.168.2.23101.246.218.146
                  Nov 1, 2021 23:34:52.963794947 CET4964523192.168.2.2353.12.207.28
                  Nov 1, 2021 23:34:52.963809013 CET4964523192.168.2.23135.96.102.84
                  Nov 1, 2021 23:34:52.963818073 CET4964523192.168.2.2399.69.238.116
                  Nov 1, 2021 23:34:52.963824034 CET4964523192.168.2.23184.205.116.64
                  Nov 1, 2021 23:34:52.963830948 CET496452323192.168.2.23145.55.111.250
                  Nov 1, 2021 23:34:52.963870049 CET4964523192.168.2.23222.59.97.45
                  Nov 1, 2021 23:34:52.963885069 CET4964523192.168.2.23122.148.237.175
                  Nov 1, 2021 23:34:52.963901997 CET4964523192.168.2.2324.166.188.148
                  Nov 1, 2021 23:34:52.963928938 CET4964523192.168.2.2388.185.182.115
                  Nov 1, 2021 23:34:52.963936090 CET4964523192.168.2.23114.201.194.140
                  Nov 1, 2021 23:34:52.963943958 CET4964523192.168.2.2379.18.200.185
                  Nov 1, 2021 23:34:52.963958979 CET4964523192.168.2.23143.191.232.46
                  Nov 1, 2021 23:34:52.963958979 CET4964523192.168.2.2348.124.5.39
                  Nov 1, 2021 23:34:52.963967085 CET4964523192.168.2.23161.202.172.175
                  Nov 1, 2021 23:34:52.964654922 CET496452323192.168.2.23164.75.72.7
                  Nov 1, 2021 23:34:52.964659929 CET4964523192.168.2.2340.17.109.241
                  Nov 1, 2021 23:34:52.964673996 CET4964523192.168.2.23183.113.135.68
                  Nov 1, 2021 23:34:52.964677095 CET4964523192.168.2.23187.77.197.79
                  Nov 1, 2021 23:34:52.964731932 CET4964523192.168.2.2334.64.83.130
                  Nov 1, 2021 23:34:52.964737892 CET4964523192.168.2.2375.74.90.142
                  Nov 1, 2021 23:34:52.964790106 CET4964523192.168.2.23159.220.227.250
                  Nov 1, 2021 23:34:52.964806080 CET4964523192.168.2.2398.87.173.43
                  Nov 1, 2021 23:34:52.964839935 CET4964523192.168.2.2345.87.4.222
                  Nov 1, 2021 23:34:52.964855909 CET496452323192.168.2.23206.71.44.153
                  Nov 1, 2021 23:34:52.964857101 CET4964523192.168.2.23193.58.215.98
                  Nov 1, 2021 23:34:52.964869976 CET4964523192.168.2.23143.16.104.175
                  Nov 1, 2021 23:34:52.964874983 CET4964523192.168.2.23183.198.163.117
                  Nov 1, 2021 23:34:52.964884996 CET4964523192.168.2.239.8.83.199
                  Nov 1, 2021 23:34:52.964895964 CET4964523192.168.2.2396.254.152.127
                  Nov 1, 2021 23:34:52.964900970 CET4964523192.168.2.2374.79.58.16
                  Nov 1, 2021 23:34:52.964904070 CET4964523192.168.2.23163.170.30.52
                  Nov 1, 2021 23:34:52.964910984 CET4964523192.168.2.23137.232.90.148
                  Nov 1, 2021 23:34:52.964919090 CET4964523192.168.2.2319.170.127.63
                  Nov 1, 2021 23:34:52.964925051 CET4964523192.168.2.23168.12.254.169
                  Nov 1, 2021 23:34:52.964930058 CET496452323192.168.2.23139.42.188.239
                  Nov 1, 2021 23:34:52.964934111 CET4964523192.168.2.23109.46.194.65
                  Nov 1, 2021 23:34:52.964939117 CET4964523192.168.2.23121.40.138.244
                  Nov 1, 2021 23:34:52.964945078 CET4964523192.168.2.2378.27.188.163
                  Nov 1, 2021 23:34:52.964951992 CET4964523192.168.2.23115.56.12.59
                  Nov 1, 2021 23:34:52.964961052 CET4964523192.168.2.235.169.204.70
                  Nov 1, 2021 23:34:52.964972973 CET4964523192.168.2.2331.150.182.130
                  Nov 1, 2021 23:34:52.964975119 CET4964523192.168.2.235.130.42.45
                  Nov 1, 2021 23:34:52.964982986 CET4964523192.168.2.23223.73.241.105
                  Nov 1, 2021 23:34:52.964983940 CET4964523192.168.2.23165.195.44.220
                  Nov 1, 2021 23:34:52.964984894 CET496452323192.168.2.2336.155.158.114
                  Nov 1, 2021 23:34:52.964994907 CET4964523192.168.2.23143.203.153.117
                  Nov 1, 2021 23:34:52.965006113 CET4964523192.168.2.23197.253.128.240
                  Nov 1, 2021 23:34:52.965012074 CET4964523192.168.2.23191.147.131.80
                  Nov 1, 2021 23:34:52.965013981 CET4964523192.168.2.2320.40.89.121
                  Nov 1, 2021 23:34:52.965017080 CET4964523192.168.2.2398.152.46.153
                  Nov 1, 2021 23:34:52.965028048 CET4964523192.168.2.2323.218.36.70
                  Nov 1, 2021 23:34:52.965070009 CET4964523192.168.2.23169.138.206.56
                  Nov 1, 2021 23:34:52.965075970 CET4964523192.168.2.232.54.74.41
                  Nov 1, 2021 23:34:52.965075970 CET4964523192.168.2.23211.206.213.219
                  Nov 1, 2021 23:34:52.965086937 CET496452323192.168.2.2364.90.26.250
                  Nov 1, 2021 23:34:52.965095997 CET4964523192.168.2.2350.9.192.7
                  Nov 1, 2021 23:34:52.965107918 CET4964523192.168.2.23136.103.156.241
                  Nov 1, 2021 23:34:52.965116024 CET4964523192.168.2.2336.180.86.51
                  Nov 1, 2021 23:34:52.965123892 CET4964523192.168.2.23119.140.155.104
                  Nov 1, 2021 23:34:52.965141058 CET4964523192.168.2.23184.19.16.227
                  Nov 1, 2021 23:34:52.965152025 CET4964523192.168.2.23181.160.27.49
                  Nov 1, 2021 23:34:52.965157986 CET4964523192.168.2.23179.73.176.227
                  Nov 1, 2021 23:34:52.965163946 CET4964523192.168.2.2361.44.92.163
                  Nov 1, 2021 23:34:52.965168953 CET496452323192.168.2.23199.161.164.206
                  Nov 1, 2021 23:34:52.965171099 CET4964523192.168.2.2317.241.208.178
                  Nov 1, 2021 23:34:52.965179920 CET4964523192.168.2.23185.226.233.77
                  Nov 1, 2021 23:34:52.965188980 CET4964523192.168.2.2341.216.138.8
                  Nov 1, 2021 23:34:52.965203047 CET4964523192.168.2.2331.11.200.24
                  Nov 1, 2021 23:34:52.965203047 CET4964523192.168.2.23110.51.38.255
                  Nov 1, 2021 23:34:52.965226889 CET4964523192.168.2.2320.71.190.157
                  Nov 1, 2021 23:34:52.965547085 CET4964523192.168.2.23157.21.250.74

                  System Behavior

                  Analysis Process: SZAYTvvY9Y PID: 5243 Parent PID: 5112

                  General

                  Start time:23:34:49
                  Start date:01/11/2021
                  Path:/tmp/SZAYTvvY9Y
                  Arguments:/tmp/SZAYTvvY9Y
                  File size:5773336 bytes
                  MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                  Analysis Process: SZAYTvvY9Y PID: 5247 Parent PID: 5243

                  General

                  Start time:23:34:51
                  Start date:01/11/2021
                  Path:/tmp/SZAYTvvY9Y
                  Arguments:n/a
                  File size:5773336 bytes
                  MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                  Analysis Process: SZAYTvvY9Y PID: 5248 Parent PID: 5243

                  General

                  Start time:23:34:51
                  Start date:01/11/2021
                  Path:/tmp/SZAYTvvY9Y
                  Arguments:n/a
                  File size:5773336 bytes
                  MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                  Analysis Process: SZAYTvvY9Y PID: 5250 Parent PID: 5243

                  General

                  Start time:23:34:51
                  Start date:01/11/2021
                  Path:/tmp/SZAYTvvY9Y
                  Arguments:n/a
                  File size:5773336 bytes
                  MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                  Analysis Process: systemd PID: 5255 Parent PID: 1

                  General

                  Start time:23:34:53
                  Start date:01/11/2021
                  Path:/usr/lib/systemd/systemd
                  Arguments:n/a
                  File size:1620224 bytes
                  MD5 hash:9b2bec7092a40488108543f9334aab75

                  Analysis Process: journalctl PID: 5255 Parent PID: 1

                  General

                  Start time:23:34:53
                  Start date:01/11/2021
                  Path:/usr/bin/journalctl
                  Arguments:/usr/bin/journalctl --smart-relinquish-var
                  File size:80120 bytes
                  MD5 hash:bf3a987344f3bacafc44efd882abda8b

                  Analysis Process: systemd PID: 5275 Parent PID: 1

                  General

                  Start time:23:34:53
                  Start date:01/11/2021
                  Path:/usr/lib/systemd/systemd
                  Arguments:n/a
                  File size:1620224 bytes
                  MD5 hash:9b2bec7092a40488108543f9334aab75

                  Analysis Process: systemd-journald PID: 5275 Parent PID: 1

                  General

                  Start time:23:34:53
                  Start date:01/11/2021
                  Path:/lib/systemd/systemd-journald
                  Arguments:/lib/systemd/systemd-journald
                  File size:162032 bytes
                  MD5 hash:474667ece6cecb5e04c6eb897a1d0d9e

                  Analysis Process: systemd PID: 5280 Parent PID: 1

                  General

                  Start time:23:34:57
                  Start date:01/11/2021
                  Path:/usr/lib/systemd/systemd
                  Arguments:n/a
                  File size:1620224 bytes
                  MD5 hash:9b2bec7092a40488108543f9334aab75

                  Analysis Process: journalctl PID: 5280 Parent PID: 1

                  General

                  Start time:23:34:57
                  Start date:01/11/2021
                  Path:/usr/bin/journalctl
                  Arguments:/usr/bin/journalctl --flush
                  File size:80120 bytes
                  MD5 hash:bf3a987344f3bacafc44efd882abda8b

                  Analysis Process: gdm3 PID: 5324 Parent PID: 1320

                  General

                  Start time:23:35:43
                  Start date:01/11/2021
                  Path:/usr/sbin/gdm3
                  Arguments:n/a
                  File size:453296 bytes
                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                  Analysis Process: Default PID: 5324 Parent PID: 1320

                  General

                  Start time:23:35:43
                  Start date:01/11/2021
                  Path:/etc/gdm3/PrimeOff/Default
                  Arguments:/etc/gdm3/PrimeOff/Default
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gdm3 PID: 5342 Parent PID: 1320

                  General

                  Start time:23:35:43
                  Start date:01/11/2021
                  Path:/usr/sbin/gdm3
                  Arguments:n/a
                  File size:453296 bytes
                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                  Analysis Process: Default PID: 5342 Parent PID: 1320

                  General

                  Start time:23:35:43
                  Start date:01/11/2021
                  Path:/etc/gdm3/PrimeOff/Default
                  Arguments:/etc/gdm3/PrimeOff/Default
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: dash PID: 5343 Parent PID: 5113

                  General

                  Start time:23:35:45
                  Start date:01/11/2021
                  Path:/usr/bin/dash
                  Arguments:n/a
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: xdotool PID: 5343 Parent PID: 5113

                  General

                  Start time:23:35:45
                  Start date:01/11/2021
                  Path:/usr/bin/xdotool
                  Arguments:xdotool windowminimize
                  File size:81192 bytes
                  MD5 hash:38ea1b4bfcc631da4576723b24e1510e

                  Analysis Process: python2.7 PID: 5344 Parent PID: 4485

                  General

                  Start time:23:35:45
                  Start date:01/11/2021
                  Path:/usr/bin/python2.7
                  Arguments:n/a
                  File size:3674216 bytes
                  MD5 hash:5b48b7b247d786dc3f7be8e53992ea63

                  Analysis Process: srm PID: 5344 Parent PID: 4485

                  General

                  Start time:23:35:46
                  Start date:01/11/2021
                  Path:/usr/bin/srm
                  Arguments:srm -fr /var/jbxkick /var/jbxinit.linux.py /home/saturnino/.config/autostart/jbxkick.desktop
                  File size:22656 bytes
                  MD5 hash:5d0db044b173f989a73a0790b19e79fa

                  Analysis Process: python2.7 PID: 5347 Parent PID: 4485

                  General

                  Start time:23:35:48
                  Start date:01/11/2021
                  Path:/usr/bin/python2.7
                  Arguments:n/a
                  File size:3674216 bytes
                  MD5 hash:5b48b7b247d786dc3f7be8e53992ea63

                  Analysis Process: rm PID: 5347 Parent PID: 4485

                  General

                  Start time:23:35:48
                  Start date:01/11/2021
                  Path:/usr/bin/rm
                  Arguments:rm -fr /var/jbxkick /var/jbxinit.linux.py /home/saturnino/.config/autostart/jbxkick.desktop
                  File size:72056 bytes
                  MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                  Analysis Process: python2.7 PID: 5348 Parent PID: 2258

                  General

                  Start time:23:35:48
                  Start date:01/11/2021
                  Path:/usr/bin/python2.7
                  Arguments:n/a
                  File size:3674216 bytes
                  MD5 hash:5b48b7b247d786dc3f7be8e53992ea63

                  Analysis Process: umount PID: 5348 Parent PID: 2258

                  General

                  Start time:23:35:48
                  Start date:01/11/2021
                  Path:/usr/bin/umount
                  Arguments:umount -v /var/jbxall
                  File size:39144 bytes
                  MD5 hash:2a1758ef6cf863f285bc8a918edbc0be

                  Analysis Process: udisksd PID: 5371 Parent PID: 799

                  General

                  Start time:23:35:48
                  Start date:01/11/2021
                  Path:/usr/lib/udisks2/udisksd
                  Arguments:n/a
                  File size:483056 bytes
                  MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                  Analysis Process: dumpe2fs PID: 5371 Parent PID: 799

                  General

                  Start time:23:35:48
                  Start date:01/11/2021
                  Path:/usr/sbin/dumpe2fs
                  Arguments:dumpe2fs -h /dev/sda2
                  File size:31112 bytes
                  MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                  Analysis Process: udisksd PID: 5373 Parent PID: 799

                  General

                  Start time:23:35:49
                  Start date:01/11/2021
                  Path:/usr/lib/udisks2/udisksd
                  Arguments:n/a
                  File size:483056 bytes
                  MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                  Analysis Process: dumpe2fs PID: 5373 Parent PID: 799

                  General

                  Start time:23:35:49
                  Start date:01/11/2021
                  Path:/usr/sbin/dumpe2fs
                  Arguments:dumpe2fs -h /dev/dm-0
                  File size:31112 bytes
                  MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                  Analysis Process: systemd PID: 5378 Parent PID: 1860

                  General

                  Start time:23:35:59
                  Start date:01/11/2021
                  Path:/usr/lib/systemd/systemd
                  Arguments:n/a
                  File size:1620224 bytes
                  MD5 hash:9b2bec7092a40488108543f9334aab75

                  Analysis Process: pulseaudio PID: 5378 Parent PID: 1860

                  General

                  Start time:23:35:59
                  Start date:01/11/2021
                  Path:/usr/bin/pulseaudio
                  Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                  File size:100832 bytes
                  MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                  Analysis Process: systemd PID: 5385 Parent PID: 1

                  General

                  Start time:23:36:03
                  Start date:01/11/2021
                  Path:/usr/lib/systemd/systemd
                  Arguments:n/a
                  File size:1620224 bytes
                  MD5 hash:9b2bec7092a40488108543f9334aab75

                  Analysis Process: accounts-daemon PID: 5385 Parent PID: 1

                  General

                  Start time:23:36:03
                  Start date:01/11/2021
                  Path:/usr/lib/accountsservice/accounts-daemon
                  Arguments:/usr/lib/accountsservice/accounts-daemon
                  File size:203192 bytes
                  MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                  Analysis Process: accounts-daemon PID: 5400 Parent PID: 5385

                  General

                  Start time:23:36:03
                  Start date:01/11/2021
                  Path:/usr/lib/accountsservice/accounts-daemon
                  Arguments:n/a
                  File size:203192 bytes
                  MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                  Analysis Process: language-validate PID: 5400 Parent PID: 5385

                  General

                  Start time:23:36:04
                  Start date:01/11/2021
                  Path:/usr/share/language-tools/language-validate
                  Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: language-validate PID: 5401 Parent PID: 5400

                  General

                  Start time:23:36:04
                  Start date:01/11/2021
                  Path:/usr/share/language-tools/language-validate
                  Arguments:n/a
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: language-options PID: 5401 Parent PID: 5400

                  General

                  Start time:23:36:04
                  Start date:01/11/2021
                  Path:/usr/share/language-tools/language-options
                  Arguments:/usr/share/language-tools/language-options
                  File size:3478464 bytes
                  MD5 hash:16a21f464119ea7fad1d3660de963637

                  Analysis Process: language-options PID: 5402 Parent PID: 5401

                  General

                  Start time:23:36:04
                  Start date:01/11/2021
                  Path:/usr/share/language-tools/language-options
                  Arguments:n/a
                  File size:3478464 bytes
                  MD5 hash:16a21f464119ea7fad1d3660de963637

                  Analysis Process: sh PID: 5402 Parent PID: 5401

                  General

                  Start time:23:36:04
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:sh -c "locale -a | grep -F .utf8 "
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: sh PID: 5403 Parent PID: 5402

                  General

                  Start time:23:36:04
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:n/a
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: locale PID: 5403 Parent PID: 5402

                  General

                  Start time:23:36:04
                  Start date:01/11/2021
                  Path:/usr/bin/locale
                  Arguments:locale -a
                  File size:58944 bytes
                  MD5 hash:c72a78792469db86d91369c9057f20d2

                  Analysis Process: sh PID: 5404 Parent PID: 5402

                  General

                  Start time:23:36:04
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:n/a
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: grep PID: 5404 Parent PID: 5402

                  General

                  Start time:23:36:04
                  Start date:01/11/2021
                  Path:/usr/bin/grep
                  Arguments:grep -F .utf8
                  File size:199136 bytes
                  MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                  Analysis Process: gdm-session-worker PID: 5386 Parent PID: 1809

                  General

                  Start time:23:36:03
                  Start date:01/11/2021
                  Path:/usr/lib/gdm3/gdm-session-worker
                  Arguments:n/a
                  File size:293360 bytes
                  MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                  Analysis Process: Default PID: 5386 Parent PID: 1809

                  General

                  Start time:23:36:03
                  Start date:01/11/2021
                  Path:/etc/gdm3/PostSession/Default
                  Arguments:/etc/gdm3/PostSession/Default
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gdm3 PID: 5405 Parent PID: 1320

                  General

                  Start time:23:36:05
                  Start date:01/11/2021
                  Path:/usr/sbin/gdm3
                  Arguments:n/a
                  File size:453296 bytes
                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                  Analysis Process: gdm-session-worker PID: 5405 Parent PID: 1320

                  General

                  Start time:23:36:05
                  Start date:01/11/2021
                  Path:/usr/lib/gdm3/gdm-session-worker
                  Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
                  File size:293360 bytes
                  MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                  Analysis Process: gdm-session-worker PID: 5422 Parent PID: 5405

                  General

                  Start time:23:36:07
                  Start date:01/11/2021
                  Path:/usr/lib/gdm3/gdm-session-worker
                  Arguments:n/a
                  File size:293360 bytes
                  MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                  Analysis Process: gdm-wayland-session PID: 5422 Parent PID: 5405

                  General

                  Start time:23:36:07
                  Start date:01/11/2021
                  Path:/usr/lib/gdm3/gdm-wayland-session
                  Arguments:/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
                  File size:76368 bytes
                  MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

                  Analysis Process: gdm-wayland-session PID: 5425 Parent PID: 5422

                  General

                  Start time:23:36:07
                  Start date:01/11/2021
                  Path:/usr/lib/gdm3/gdm-wayland-session
                  Arguments:n/a
                  File size:76368 bytes
                  MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

                  Analysis Process: dbus-run-session PID: 5425 Parent PID: 5422

                  General

                  Start time:23:36:07
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-run-session
                  Arguments:dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
                  File size:14480 bytes
                  MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                  Analysis Process: dbus-run-session PID: 5426 Parent PID: 5425

                  General

                  Start time:23:36:08
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-run-session
                  Arguments:n/a
                  File size:14480 bytes
                  MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                  Analysis Process: dbus-daemon PID: 5426 Parent PID: 5425

                  General

                  Start time:23:36:08
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:dbus-daemon --nofork --print-address 4 --session
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5430 Parent PID: 5426

                  General

                  Start time:23:36:08
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5431 Parent PID: 5430

                  General

                  Start time:23:36:08
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: false PID: 5431 Parent PID: 5430

                  General

                  Start time:23:36:08
                  Start date:01/11/2021
                  Path:/bin/false
                  Arguments:/bin/false
                  File size:39256 bytes
                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                  Analysis Process: dbus-daemon PID: 5433 Parent PID: 5426

                  General

                  Start time:23:36:09
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5434 Parent PID: 5433

                  General

                  Start time:23:36:09
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: false PID: 5434 Parent PID: 5433

                  General

                  Start time:23:36:09
                  Start date:01/11/2021
                  Path:/bin/false
                  Arguments:/bin/false
                  File size:39256 bytes
                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                  Analysis Process: dbus-daemon PID: 5435 Parent PID: 5426

                  General

                  Start time:23:36:09
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5436 Parent PID: 5435

                  General

                  Start time:23:36:09
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: false PID: 5436 Parent PID: 5435

                  General

                  Start time:23:36:09
                  Start date:01/11/2021
                  Path:/bin/false
                  Arguments:/bin/false
                  File size:39256 bytes
                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                  Analysis Process: dbus-daemon PID: 5437 Parent PID: 5426

                  General

                  Start time:23:36:09
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5438 Parent PID: 5437

                  General

                  Start time:23:36:09
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: false PID: 5438 Parent PID: 5437

                  General

                  Start time:23:36:09
                  Start date:01/11/2021
                  Path:/bin/false
                  Arguments:/bin/false
                  File size:39256 bytes
                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                  Analysis Process: dbus-daemon PID: 5439 Parent PID: 5426

                  General

                  Start time:23:36:09
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5440 Parent PID: 5439

                  General

                  Start time:23:36:09
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: false PID: 5440 Parent PID: 5439

                  General

                  Start time:23:36:09
                  Start date:01/11/2021
                  Path:/bin/false
                  Arguments:/bin/false
                  File size:39256 bytes
                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                  Analysis Process: dbus-daemon PID: 5441 Parent PID: 5426

                  General

                  Start time:23:36:10
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5442 Parent PID: 5441

                  General

                  Start time:23:36:10
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: false PID: 5442 Parent PID: 5441

                  General

                  Start time:23:36:10
                  Start date:01/11/2021
                  Path:/bin/false
                  Arguments:/bin/false
                  File size:39256 bytes
                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                  Analysis Process: dbus-daemon PID: 5444 Parent PID: 5426

                  General

                  Start time:23:36:10
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5445 Parent PID: 5444

                  General

                  Start time:23:36:10
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: false PID: 5445 Parent PID: 5444

                  General

                  Start time:23:36:10
                  Start date:01/11/2021
                  Path:/bin/false
                  Arguments:/bin/false
                  File size:39256 bytes
                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                  Analysis Process: dbus-run-session PID: 5427 Parent PID: 5425

                  General

                  Start time:23:36:08
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-run-session
                  Arguments:n/a
                  File size:14480 bytes
                  MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                  Analysis Process: gnome-session PID: 5427 Parent PID: 5425

                  General

                  Start time:23:36:08
                  Start date:01/11/2021
                  Path:/usr/bin/gnome-session
                  Arguments:gnome-session --autostart /usr/share/gdm/greeter/autostart
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gnome-session-binary PID: 5427 Parent PID: 5425

                  General

                  Start time:23:36:08
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: gnome-session-binary PID: 5446 Parent PID: 5427

                  General

                  Start time:23:36:10
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: session-migration PID: 5446 Parent PID: 5427

                  General

                  Start time:23:36:10
                  Start date:01/11/2021
                  Path:/usr/bin/session-migration
                  Arguments:session-migration
                  File size:22680 bytes
                  MD5 hash:5227af42ebf14ac2fe2acddb002f68dc

                  Analysis Process: gnome-session-binary PID: 5447 Parent PID: 5427

                  General

                  Start time:23:36:10
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5447 Parent PID: 5427

                  General

                  Start time:23:36:10
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gnome-shell PID: 5447 Parent PID: 5427

                  General

                  Start time:23:36:10
                  Start date:01/11/2021
                  Path:/usr/bin/gnome-shell
                  Arguments:/usr/bin/gnome-shell
                  File size:23168 bytes
                  MD5 hash:da7a257239677622fe4b3a65972c9e87

                  Analysis Process: gdm3 PID: 5416 Parent PID: 1320

                  General

                  Start time:23:36:05
                  Start date:01/11/2021
                  Path:/usr/sbin/gdm3
                  Arguments:n/a
                  File size:453296 bytes
                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                  Analysis Process: Default PID: 5416 Parent PID: 1320

                  General

                  Start time:23:36:05
                  Start date:01/11/2021
                  Path:/etc/gdm3/PrimeOff/Default
                  Arguments:/etc/gdm3/PrimeOff/Default
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gdm3 PID: 5473 Parent PID: 1320

                  General

                  Start time:23:36:14
                  Start date:01/11/2021
                  Path:/usr/sbin/gdm3
                  Arguments:n/a
                  File size:453296 bytes
                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                  Analysis Process: gdm-session-worker PID: 5473 Parent PID: 1320

                  General

                  Start time:23:36:14
                  Start date:01/11/2021
                  Path:/usr/lib/gdm3/gdm-session-worker
                  Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
                  File size:293360 bytes
                  MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                  Analysis Process: gdm-session-worker PID: 5490 Parent PID: 5473

                  General

                  Start time:23:36:16
                  Start date:01/11/2021
                  Path:/usr/lib/gdm3/gdm-session-worker
                  Arguments:n/a
                  File size:293360 bytes
                  MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                  Analysis Process: gdm-x-session PID: 5490 Parent PID: 5473

                  General

                  Start time:23:36:16
                  Start date:01/11/2021
                  Path:/usr/lib/gdm3/gdm-x-session
                  Arguments:/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
                  File size:96944 bytes
                  MD5 hash:498a824333f1c1ec7767f4612d1887cc

                  Analysis Process: gdm-x-session PID: 5494 Parent PID: 5490

                  General

                  Start time:23:36:17
                  Start date:01/11/2021
                  Path:/usr/lib/gdm3/gdm-x-session
                  Arguments:n/a
                  File size:96944 bytes
                  MD5 hash:498a824333f1c1ec7767f4612d1887cc

                  Analysis Process: Xorg PID: 5494 Parent PID: 5490

                  General

                  Start time:23:36:17
                  Start date:01/11/2021
                  Path:/usr/bin/Xorg
                  Arguments:/usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: Xorg.wrap PID: 5494 Parent PID: 5490

                  General

                  Start time:23:36:17
                  Start date:01/11/2021
                  Path:/usr/lib/xorg/Xorg.wrap
                  Arguments:/usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                  File size:14488 bytes
                  MD5 hash:48993830888200ecf19dd7def0884dfd

                  Analysis Process: Xorg PID: 5494 Parent PID: 5490

                  General

                  Start time:23:36:18
                  Start date:01/11/2021
                  Path:/usr/lib/xorg/Xorg
                  Arguments:/usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                  File size:2448840 bytes
                  MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                  Analysis Process: Xorg PID: 5506 Parent PID: 5494

                  General

                  Start time:23:36:26
                  Start date:01/11/2021
                  Path:/usr/lib/xorg/Xorg
                  Arguments:n/a
                  File size:2448840 bytes
                  MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                  Analysis Process: sh PID: 5506 Parent PID: 5494

                  General

                  Start time:23:36:26
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: sh PID: 5507 Parent PID: 5506

                  General

                  Start time:23:36:26
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:n/a
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: xkbcomp PID: 5507 Parent PID: 5506

                  General

                  Start time:23:36:26
                  Start date:01/11/2021
                  Path:/usr/bin/xkbcomp
                  Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
                  File size:217184 bytes
                  MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b

                  Analysis Process: Xorg PID: 5752 Parent PID: 5494

                  General

                  Start time:23:37:00
                  Start date:01/11/2021
                  Path:/usr/lib/xorg/Xorg
                  Arguments:n/a
                  File size:2448840 bytes
                  MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                  Analysis Process: sh PID: 5752 Parent PID: 5494

                  General

                  Start time:23:37:00
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: sh PID: 5753 Parent PID: 5752

                  General

                  Start time:23:37:00
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:n/a
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: xkbcomp PID: 5753 Parent PID: 5752

                  General

                  Start time:23:37:00
                  Start date:01/11/2021
                  Path:/usr/bin/xkbcomp
                  Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
                  File size:217184 bytes
                  MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b

                  Analysis Process: gdm-x-session PID: 5512 Parent PID: 5490

                  General

                  Start time:23:36:32
                  Start date:01/11/2021
                  Path:/usr/lib/gdm3/gdm-x-session
                  Arguments:n/a
                  File size:96944 bytes
                  MD5 hash:498a824333f1c1ec7767f4612d1887cc

                  Analysis Process: Default PID: 5512 Parent PID: 5490

                  General

                  Start time:23:36:32
                  Start date:01/11/2021
                  Path:/etc/gdm3/Prime/Default
                  Arguments:/etc/gdm3/Prime/Default
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gdm-x-session PID: 5513 Parent PID: 5490

                  General

                  Start time:23:36:32
                  Start date:01/11/2021
                  Path:/usr/lib/gdm3/gdm-x-session
                  Arguments:n/a
                  File size:96944 bytes
                  MD5 hash:498a824333f1c1ec7767f4612d1887cc

                  Analysis Process: dbus-run-session PID: 5513 Parent PID: 5490

                  General

                  Start time:23:36:32
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-run-session
                  Arguments:dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
                  File size:14480 bytes
                  MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                  Analysis Process: dbus-run-session PID: 5514 Parent PID: 5513

                  General

                  Start time:23:36:32
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-run-session
                  Arguments:n/a
                  File size:14480 bytes
                  MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                  Analysis Process: dbus-daemon PID: 5514 Parent PID: 5513

                  General

                  Start time:23:36:32
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:dbus-daemon --nofork --print-address 4 --session
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5529 Parent PID: 5514

                  General

                  Start time:23:36:40
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5530 Parent PID: 5529

                  General

                  Start time:23:36:40
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: at-spi-bus-launcher PID: 5530 Parent PID: 5529

                  General

                  Start time:23:36:40
                  Start date:01/11/2021
                  Path:/usr/libexec/at-spi-bus-launcher
                  Arguments:/usr/libexec/at-spi-bus-launcher
                  File size:27008 bytes
                  MD5 hash:1563f274acd4e7ba530a55bdc4c95682

                  Analysis Process: at-spi-bus-launcher PID: 5535 Parent PID: 5530

                  General

                  Start time:23:36:40
                  Start date:01/11/2021
                  Path:/usr/libexec/at-spi-bus-launcher
                  Arguments:n/a
                  File size:27008 bytes
                  MD5 hash:1563f274acd4e7ba530a55bdc4c95682

                  Analysis Process: dbus-daemon PID: 5535 Parent PID: 5530

                  General

                  Start time:23:36:40
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:/usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5867 Parent PID: 5535

                  General

                  Start time:23:37:03
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5868 Parent PID: 5867

                  General

                  Start time:23:37:03
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: at-spi2-registryd PID: 5868 Parent PID: 5867

                  General

                  Start time:23:37:03
                  Start date:01/11/2021
                  Path:/usr/libexec/at-spi2-registryd
                  Arguments:/usr/libexec/at-spi2-registryd --use-gnome-session
                  File size:100224 bytes
                  MD5 hash:1d904c2693452edebc7ede3a9e24d440

                  Analysis Process: dbus-daemon PID: 5559 Parent PID: 5514

                  General

                  Start time:23:36:43
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5560 Parent PID: 5559

                  General

                  Start time:23:36:43
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: false PID: 5560 Parent PID: 5559

                  General

                  Start time:23:36:43
                  Start date:01/11/2021
                  Path:/bin/false
                  Arguments:/bin/false
                  File size:39256 bytes
                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                  Analysis Process: dbus-daemon PID: 5562 Parent PID: 5514

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5563 Parent PID: 5562

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: false PID: 5563 Parent PID: 5562

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/bin/false
                  Arguments:/bin/false
                  File size:39256 bytes
                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                  Analysis Process: dbus-daemon PID: 5564 Parent PID: 5514

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5565 Parent PID: 5564

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: false PID: 5565 Parent PID: 5564

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/bin/false
                  Arguments:/bin/false
                  File size:39256 bytes
                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                  Analysis Process: dbus-daemon PID: 5566 Parent PID: 5514

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5567 Parent PID: 5566

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: false PID: 5567 Parent PID: 5566

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/bin/false
                  Arguments:/bin/false
                  File size:39256 bytes
                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                  Analysis Process: dbus-daemon PID: 5568 Parent PID: 5514

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5569 Parent PID: 5568

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: false PID: 5569 Parent PID: 5568

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/bin/false
                  Arguments:/bin/false
                  File size:39256 bytes
                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                  Analysis Process: dbus-daemon PID: 5570 Parent PID: 5514

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5571 Parent PID: 5570

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: false PID: 5571 Parent PID: 5570

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/bin/false
                  Arguments:/bin/false
                  File size:39256 bytes
                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                  Analysis Process: dbus-daemon PID: 5573 Parent PID: 5514

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5574 Parent PID: 5573

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: false PID: 5574 Parent PID: 5573

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/bin/false
                  Arguments:/bin/false
                  File size:39256 bytes
                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                  Analysis Process: dbus-daemon PID: 5750 Parent PID: 5514

                  General

                  Start time:23:36:58
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5751 Parent PID: 5750

                  General

                  Start time:23:36:58
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: ibus-portal PID: 5751 Parent PID: 5750

                  General

                  Start time:23:36:58
                  Start date:01/11/2021
                  Path:/usr/libexec/ibus-portal
                  Arguments:/usr/libexec/ibus-portal
                  File size:92536 bytes
                  MD5 hash:562ad55bd9a4d54bd7b76746b01e37d3

                  Analysis Process: dbus-daemon PID: 5874 Parent PID: 5514

                  General

                  Start time:23:37:04
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5875 Parent PID: 5874

                  General

                  Start time:23:37:04
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: gjs PID: 5875 Parent PID: 5874

                  General

                  Start time:23:37:04
                  Start date:01/11/2021
                  Path:/usr/bin/gjs
                  Arguments:/usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
                  File size:23128 bytes
                  MD5 hash:5f3eceb792bb65c22f23d1efb4fde3ad

                  Analysis Process: dbus-daemon PID: 5936 Parent PID: 5514

                  General

                  Start time:23:37:20
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: dbus-daemon PID: 5937 Parent PID: 5936

                  General

                  Start time:23:37:20
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-daemon
                  Arguments:n/a
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Analysis Process: false PID: 5937 Parent PID: 5936

                  General

                  Start time:23:37:20
                  Start date:01/11/2021
                  Path:/bin/false
                  Arguments:/bin/false
                  File size:39256 bytes
                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                  Analysis Process: dbus-run-session PID: 5515 Parent PID: 5513

                  General

                  Start time:23:36:32
                  Start date:01/11/2021
                  Path:/usr/bin/dbus-run-session
                  Arguments:n/a
                  File size:14480 bytes
                  MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                  Analysis Process: gnome-session PID: 5515 Parent PID: 5513

                  General

                  Start time:23:36:33
                  Start date:01/11/2021
                  Path:/usr/bin/gnome-session
                  Arguments:gnome-session --autostart /usr/share/gdm/greeter/autostart
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gnome-session-binary PID: 5515 Parent PID: 5513

                  General

                  Start time:23:36:33
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: gnome-session-binary PID: 5516 Parent PID: 5515

                  General

                  Start time:23:36:33
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: gnome-session-check-accelerated PID: 5516 Parent PID: 5515

                  General

                  Start time:23:36:33
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-check-accelerated
                  Arguments:/usr/libexec/gnome-session-check-accelerated
                  File size:18752 bytes
                  MD5 hash:a64839518af85b2b9de31aca27646396

                  Analysis Process: gnome-session-check-accelerated PID: 5536 Parent PID: 5516

                  General

                  Start time:23:36:40
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-check-accelerated
                  Arguments:n/a
                  File size:18752 bytes
                  MD5 hash:a64839518af85b2b9de31aca27646396

                  Analysis Process: gnome-session-check-accelerated-gl-helper PID: 5536 Parent PID: 5516

                  General

                  Start time:23:36:40
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-check-accelerated-gl-helper
                  Arguments:/usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer
                  File size:22920 bytes
                  MD5 hash:b1ab9a384f9e98a39ae5c36037dd5e78

                  Analysis Process: gnome-session-check-accelerated PID: 5548 Parent PID: 5516

                  General

                  Start time:23:36:42
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-check-accelerated
                  Arguments:n/a
                  File size:18752 bytes
                  MD5 hash:a64839518af85b2b9de31aca27646396

                  Analysis Process: gnome-session-check-accelerated-gles-helper PID: 5548 Parent PID: 5516

                  General

                  Start time:23:36:42
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-check-accelerated-gles-helper
                  Arguments:/usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer
                  File size:14728 bytes
                  MD5 hash:1bd78885765a18e60c05ed1fb5fa3bf8

                  Analysis Process: gnome-session-binary PID: 5575 Parent PID: 5515

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: session-migration PID: 5575 Parent PID: 5515

                  General

                  Start time:23:36:44
                  Start date:01/11/2021
                  Path:/usr/bin/session-migration
                  Arguments:session-migration
                  File size:22680 bytes
                  MD5 hash:5227af42ebf14ac2fe2acddb002f68dc

                  Analysis Process: gnome-session-binary PID: 5576 Parent PID: 5515

                  General

                  Start time:23:36:45
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5576 Parent PID: 5515

                  General

                  Start time:23:36:45
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gnome-shell PID: 5576 Parent PID: 5515

                  General

                  Start time:23:36:46
                  Start date:01/11/2021
                  Path:/usr/bin/gnome-shell
                  Arguments:/usr/bin/gnome-shell
                  File size:23168 bytes
                  MD5 hash:da7a257239677622fe4b3a65972c9e87

                  Analysis Process: gnome-shell PID: 5623 Parent PID: 5576

                  General

                  Start time:23:36:58
                  Start date:01/11/2021
                  Path:/usr/bin/gnome-shell
                  Arguments:n/a
                  File size:23168 bytes
                  MD5 hash:da7a257239677622fe4b3a65972c9e87

                  Analysis Process: ibus-daemon PID: 5623 Parent PID: 5576

                  General

                  Start time:23:36:58
                  Start date:01/11/2021
                  Path:/usr/bin/ibus-daemon
                  Arguments:ibus-daemon --panel disable --xim
                  File size:199088 bytes
                  MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

                  Analysis Process: ibus-daemon PID: 5746 Parent PID: 5623

                  General

                  Start time:23:36:58
                  Start date:01/11/2021
                  Path:/usr/bin/ibus-daemon
                  Arguments:n/a
                  File size:199088 bytes
                  MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

                  Analysis Process: ibus-memconf PID: 5746 Parent PID: 5623

                  General

                  Start time:23:36:58
                  Start date:01/11/2021
                  Path:/usr/libexec/ibus-memconf
                  Arguments:/usr/libexec/ibus-memconf
                  File size:22904 bytes
                  MD5 hash:523e939905910d06598e66385761a822

                  Analysis Process: ibus-daemon PID: 5748 Parent PID: 5623

                  General

                  Start time:23:36:58
                  Start date:01/11/2021
                  Path:/usr/bin/ibus-daemon
                  Arguments:n/a
                  File size:199088 bytes
                  MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

                  Analysis Process: ibus-daemon PID: 5749 Parent PID: 5748

                  General

                  Start time:23:36:58
                  Start date:01/11/2021
                  Path:/usr/bin/ibus-daemon
                  Arguments:n/a
                  File size:199088 bytes
                  MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

                  Analysis Process: ibus-x11 PID: 5749 Parent PID: 1

                  General

                  Start time:23:36:58
                  Start date:01/11/2021
                  Path:/usr/libexec/ibus-x11
                  Arguments:/usr/libexec/ibus-x11 --kill-daemon
                  File size:100352 bytes
                  MD5 hash:2aa1e54666191243814c2733d6992dbd

                  Analysis Process: ibus-daemon PID: 5915 Parent PID: 5623

                  General

                  Start time:23:37:14
                  Start date:01/11/2021
                  Path:/usr/bin/ibus-daemon
                  Arguments:n/a
                  File size:199088 bytes
                  MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

                  Analysis Process: ibus-engine-simple PID: 5915 Parent PID: 5623

                  General

                  Start time:23:37:15
                  Start date:01/11/2021
                  Path:/usr/libexec/ibus-engine-simple
                  Arguments:/usr/libexec/ibus-engine-simple
                  File size:14712 bytes
                  MD5 hash:0238866d5e8802a0ce1b1b9af8cb1376

                  Analysis Process: gnome-session-binary PID: 5890 Parent PID: 5515

                  General

                  Start time:23:37:08
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5890 Parent PID: 5515

                  General

                  Start time:23:37:08
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gsd-sharing PID: 5890 Parent PID: 5515

                  General

                  Start time:23:37:09
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-sharing
                  Arguments:/usr/libexec/gsd-sharing
                  File size:35424 bytes
                  MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

                  Analysis Process: gnome-session-binary PID: 5892 Parent PID: 5515

                  General

                  Start time:23:37:09
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5892 Parent PID: 5515

                  General

                  Start time:23:37:09
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gsd-wacom PID: 5892 Parent PID: 5515

                  General

                  Start time:23:37:09
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-wacom
                  Arguments:/usr/libexec/gsd-wacom
                  File size:39520 bytes
                  MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1

                  Analysis Process: gnome-session-binary PID: 5894 Parent PID: 5515

                  General

                  Start time:23:37:09
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5894 Parent PID: 5515

                  General

                  Start time:23:37:09
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gsd-color PID: 5894 Parent PID: 5515

                  General

                  Start time:23:37:10
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-color
                  Arguments:/usr/libexec/gsd-color
                  File size:92832 bytes
                  MD5 hash:ac2861ad93ce047283e8e87cefef9a19

                  Analysis Process: gnome-session-binary PID: 5895 Parent PID: 5515

                  General

                  Start time:23:37:09
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5895 Parent PID: 5515

                  General

                  Start time:23:37:10
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gsd-keyboard PID: 5895 Parent PID: 5515

                  General

                  Start time:23:37:10
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-keyboard
                  Arguments:/usr/libexec/gsd-keyboard
                  File size:39760 bytes
                  MD5 hash:8e288fd17c80bb0a1148b964b2ac2279

                  Analysis Process: gnome-session-binary PID: 5896 Parent PID: 5515

                  General

                  Start time:23:37:10
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5896 Parent PID: 5515

                  General

                  Start time:23:37:10
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gsd-print-notifications PID: 5896 Parent PID: 5515

                  General

                  Start time:23:37:10
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-print-notifications
                  Arguments:/usr/libexec/gsd-print-notifications
                  File size:51840 bytes
                  MD5 hash:71539698aa691718cee775d6b9450ae2

                  Analysis Process: gsd-print-notifications PID: 6090 Parent PID: 5896

                  General

                  Start time:23:37:24
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-print-notifications
                  Arguments:n/a
                  File size:51840 bytes
                  MD5 hash:71539698aa691718cee775d6b9450ae2

                  Analysis Process: gsd-print-notifications PID: 6091 Parent PID: 6090

                  General

                  Start time:23:37:24
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-print-notifications
                  Arguments:n/a
                  File size:51840 bytes
                  MD5 hash:71539698aa691718cee775d6b9450ae2

                  Analysis Process: gsd-printer PID: 6091 Parent PID: 1

                  General

                  Start time:23:37:24
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-printer
                  Arguments:/usr/libexec/gsd-printer
                  File size:31120 bytes
                  MD5 hash:7995828cf98c315fd55f2ffb3b22384d

                  Analysis Process: gnome-session-binary PID: 5897 Parent PID: 5515

                  General

                  Start time:23:37:10
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5897 Parent PID: 5515

                  General

                  Start time:23:37:10
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gsd-rfkill PID: 5897 Parent PID: 5515

                  General

                  Start time:23:37:10
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-rfkill
                  Arguments:/usr/libexec/gsd-rfkill
                  File size:51808 bytes
                  MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

                  Analysis Process: gnome-session-binary PID: 5898 Parent PID: 5515

                  General

                  Start time:23:37:10
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5898 Parent PID: 5515

                  General

                  Start time:23:37:10
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gsd-smartcard PID: 5898 Parent PID: 5515

                  General

                  Start time:23:37:11
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-smartcard
                  Arguments:/usr/libexec/gsd-smartcard
                  File size:109152 bytes
                  MD5 hash:ea1fbd7f62e4cd0331eae2ef754ee605

                  Analysis Process: gnome-session-binary PID: 5899 Parent PID: 5515

                  General

                  Start time:23:37:10
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5899 Parent PID: 5515

                  General

                  Start time:23:37:11
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gsd-datetime PID: 5899 Parent PID: 5515

                  General

                  Start time:23:37:12
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-datetime
                  Arguments:/usr/libexec/gsd-datetime
                  File size:76736 bytes
                  MD5 hash:d80d39745740de37d6634d36e344d4bc

                  Analysis Process: gnome-session-binary PID: 5903 Parent PID: 5515

                  General

                  Start time:23:37:11
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5903 Parent PID: 5515

                  General

                  Start time:23:37:12
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gsd-media-keys PID: 5903 Parent PID: 5515

                  General

                  Start time:23:37:12
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-media-keys
                  Arguments:/usr/libexec/gsd-media-keys
                  File size:232936 bytes
                  MD5 hash:a425448c135afb4b8bfd79cc0b6b74da

                  Analysis Process: gnome-session-binary PID: 5904 Parent PID: 5515

                  General

                  Start time:23:37:12
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5904 Parent PID: 5515

                  General

                  Start time:23:37:12
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gsd-screensaver-proxy PID: 5904 Parent PID: 5515

                  General

                  Start time:23:37:12
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-screensaver-proxy
                  Arguments:/usr/libexec/gsd-screensaver-proxy
                  File size:27232 bytes
                  MD5 hash:77e309450c87dceee43f1a9e50cc0d02

                  Analysis Process: gnome-session-binary PID: 5905 Parent PID: 5515

                  General

                  Start time:23:37:12
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5905 Parent PID: 5515

                  General

                  Start time:23:37:12
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gsd-sound PID: 5905 Parent PID: 5515

                  General

                  Start time:23:37:13
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-sound
                  Arguments:/usr/libexec/gsd-sound
                  File size:31248 bytes
                  MD5 hash:4c7d3fb993463337b4a0eb5c80c760ee

                  Analysis Process: gnome-session-binary PID: 5909 Parent PID: 5515

                  General

                  Start time:23:37:13
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5909 Parent PID: 5515

                  General

                  Start time:23:37:13
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gsd-a11y-settings PID: 5909 Parent PID: 5515

                  General

                  Start time:23:37:14
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-a11y-settings
                  Arguments:/usr/libexec/gsd-a11y-settings
                  File size:23056 bytes
                  MD5 hash:18e243d2cf30ecee7ea89d1462725c5c

                  Analysis Process: gnome-session-binary PID: 5911 Parent PID: 5515

                  General

                  Start time:23:37:14
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5911 Parent PID: 5515

                  General

                  Start time:23:37:14
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gsd-housekeeping PID: 5911 Parent PID: 5515

                  General

                  Start time:23:37:14
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-housekeeping
                  Arguments:/usr/libexec/gsd-housekeeping
                  File size:51840 bytes
                  MD5 hash:b55f3394a84976ddb92a2915e5d76914

                  Analysis Process: gnome-session-binary PID: 5914 Parent PID: 5515

                  General

                  Start time:23:37:14
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 5914 Parent PID: 5515

                  General

                  Start time:23:37:15
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gsd-power PID: 5914 Parent PID: 5515

                  General

                  Start time:23:37:16
                  Start date:01/11/2021
                  Path:/usr/libexec/gsd-power
                  Arguments:/usr/libexec/gsd-power
                  File size:88672 bytes
                  MD5 hash:28b8e1b43c3e7f1db6741ea1ecd978b7

                  Analysis Process: gnome-session-binary PID: 6417 Parent PID: 5515

                  General

                  Start time:23:37:46
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 6417 Parent PID: 5515

                  General

                  Start time:23:37:47
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: spice-vdagent PID: 6417 Parent PID: 5515

                  General

                  Start time:23:37:47
                  Start date:01/11/2021
                  Path:/usr/bin/spice-vdagent
                  Arguments:/usr/bin/spice-vdagent
                  File size:80664 bytes
                  MD5 hash:80fb7f613aa78d1b8a229dbcf4577a9d

                  Analysis Process: gnome-session-binary PID: 6419 Parent PID: 5515

                  General

                  Start time:23:37:49
                  Start date:01/11/2021
                  Path:/usr/libexec/gnome-session-binary
                  Arguments:n/a
                  File size:334664 bytes
                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                  Analysis Process: sh PID: 6419 Parent PID: 5515

                  General

                  Start time:23:37:49
                  Start date:01/11/2021
                  Path:/bin/sh
                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: xbrlapi PID: 6419 Parent PID: 5515

                  General

                  Start time:23:37:50
                  Start date:01/11/2021
                  Path:/usr/bin/xbrlapi
                  Arguments:xbrlapi -q
                  File size:166384 bytes
                  MD5 hash:0cfe25df39d38af32d6265ed947ca5b9

                  Analysis Process: gdm3 PID: 5474 Parent PID: 1320

                  General

                  Start time:23:36:14
                  Start date:01/11/2021
                  Path:/usr/sbin/gdm3
                  Arguments:n/a
                  File size:453296 bytes
                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                  Analysis Process: Default PID: 5474 Parent PID: 1320

                  General

                  Start time:23:36:14
                  Start date:01/11/2021
                  Path:/etc/gdm3/PrimeOff/Default
                  Arguments:/etc/gdm3/PrimeOff/Default
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gdm3 PID: 5475 Parent PID: 1320

                  General

                  Start time:23:36:14
                  Start date:01/11/2021
                  Path:/usr/sbin/gdm3
                  Arguments:n/a
                  File size:453296 bytes
                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                  Analysis Process: Default PID: 5475 Parent PID: 1320

                  General

                  Start time:23:36:14
                  Start date:01/11/2021
                  Path:/etc/gdm3/PrimeOff/Default
                  Arguments:/etc/gdm3/PrimeOff/Default
                  File size:129816 bytes
                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                  Analysis Process: gvfsd-fuse PID: 5479 Parent PID: 2038

                  General

                  Start time:23:36:15
                  Start date:01/11/2021
                  Path:/usr/libexec/gvfsd-fuse
                  Arguments:n/a
                  File size:47632 bytes
                  MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                  Analysis Process: fusermount PID: 5479 Parent PID: 2038

                  General

                  Start time:23:36:15
                  Start date:01/11/2021
                  Path:/bin/fusermount
                  Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                  File size:39144 bytes
                  MD5 hash:576a1b135c82bdcbc97a91acea900566

                  Analysis Process: systemd PID: 5491 Parent PID: 1

                  General

                  Start time:23:36:16
                  Start date:01/11/2021
                  Path:/usr/lib/systemd/systemd
                  Arguments:n/a
                  File size:1620224 bytes
                  MD5 hash:9b2bec7092a40488108543f9334aab75

                  Analysis Process: systemd-user-runtime-dir PID: 5491 Parent PID: 1

                  General

                  Start time:23:36:16
                  Start date:01/11/2021
                  Path:/lib/systemd/systemd-user-runtime-dir
                  Arguments:/lib/systemd/systemd-user-runtime-dir stop 1000
                  File size:22672 bytes
                  MD5 hash:d55f4b0847f88131dbcfb07435178e54

                  Analysis Process: systemd PID: 5600 Parent PID: 1

                  General

                  Start time:23:36:58
                  Start date:01/11/2021
                  Path:/usr/lib/systemd/systemd
                  Arguments:n/a
                  File size:1620224 bytes
                  MD5 hash:9b2bec7092a40488108543f9334aab75

                  Analysis Process: systemd-localed PID: 5600 Parent PID: 1

                  General

                  Start time:23:36:58
                  Start date:01/11/2021
                  Path:/lib/systemd/systemd-localed
                  Arguments:/lib/systemd/systemd-localed
                  File size:43232 bytes
                  MD5 hash:1244af9646256d49594f2a8203329aa9

                  Analysis Process: systemd PID: 5761 Parent PID: 1334

                  General

                  Start time:23:37:02
                  Start date:01/11/2021
                  Path:/usr/lib/systemd/systemd
                  Arguments:n/a
                  File size:1620224 bytes
                  MD5 hash:9b2bec7092a40488108543f9334aab75

                  Analysis Process: pulseaudio PID: 5761 Parent PID: 1334

                  General

                  Start time:23:37:02
                  Start date:01/11/2021
                  Path:/usr/bin/pulseaudio
                  Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                  File size:100832 bytes
                  MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                  Analysis Process: systemd PID: 5764 Parent PID: 1

                  General

                  Start time:23:37:02
                  Start date:01/11/2021
                  Path:/usr/lib/systemd/systemd
                  Arguments:n/a
                  File size:1620224 bytes
                  MD5 hash:9b2bec7092a40488108543f9334aab75

                  Analysis Process: geoclue PID: 5764 Parent PID: 1

                  General

                  Start time:23:37:02
                  Start date:01/11/2021
                  Path:/usr/libexec/geoclue
                  Arguments:/usr/libexec/geoclue
                  File size:301544 bytes
                  MD5 hash:30ac5455f3c598dde91dc87477fb19f7

                  Analysis Process: systemd PID: 5940 Parent PID: 1

                  General

                  Start time:23:37:21
                  Start date:01/11/2021
                  Path:/usr/lib/systemd/systemd
                  Arguments:n/a
                  File size:1620224 bytes
                  MD5 hash:9b2bec7092a40488108543f9334aab75

                  Analysis Process: systemd-hostnamed PID: 5940 Parent PID: 1

                  General

                  Start time:23:37:21
                  Start date:01/11/2021
                  Path:/lib/systemd/systemd-hostnamed
                  Arguments:/lib/systemd/systemd-hostnamed
                  File size:35040 bytes
                  MD5 hash:2cc8a5576629a2d5bd98e49a4b8bef65

                  Analysis Process: systemd PID: 6175 Parent PID: 1

                  General

                  Start time:23:37:41
                  Start date:01/11/2021
                  Path:/usr/lib/systemd/systemd
                  Arguments:n/a
                  File size:1620224 bytes
                  MD5 hash:9b2bec7092a40488108543f9334aab75

                  Analysis Process: systemd-localed PID: 6175 Parent PID: 1

                  General

                  Start time:23:37:41
                  Start date:01/11/2021
                  Path:/lib/systemd/systemd-localed
                  Arguments:/lib/systemd/systemd-localed
                  File size:43232 bytes
                  MD5 hash:1244af9646256d49594f2a8203329aa9

                  Analysis Process: systemd PID: 6302 Parent PID: 1

                  General

                  Start time:23:37:42
                  Start date:01/11/2021
                  Path:/usr/lib/systemd/systemd
                  Arguments:n/a
                  File size:1620224 bytes
                  MD5 hash:9b2bec7092a40488108543f9334aab75

                  Analysis Process: fprintd PID: 6302 Parent PID: 1

                  General

                  Start time:23:37:42
                  Start date:01/11/2021
                  Path:/usr/libexec/fprintd
                  Arguments:/usr/libexec/fprintd
                  File size:125312 bytes
                  MD5 hash:b0d8829f05cd028529b84b061b660e84