Edit tour

Linux Analysis Report
dlr.mips.elf

Overview

General Information

Sample name:dlr.mips.elf
Analysis ID:1612185
MD5:98a2ea74157f23c30a358269df2657a5
SHA1:0785ab9962f239550467d5a45a4a2d48aac429c1
SHA256:c4fee388bd2a8f173f579984422824f47de3e11825ce65d95a9cb25dff408898
Tags:elfuser-abuse_ch
Infos:

Detection

Score:48
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
ELF contains segments with high entropy indicating compressed/encrypted content
HTTP GET or POST without a user agent
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1612185
Start date and time:2025-02-11 16:05:56 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 59s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:dlr.mips.elf
Detection:MAL
Classification:mal48.linELF@0/1@0/0
  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Command:/tmp/dlr.mips.elf
PID:6248
Exit Code:5
Exit Code Info:
Killed:False
Standard Output:
LIZRD
lzrd
Standard Error:
  • system is lnxubuntu20
  • dlr.mips.elf (PID: 6248, Parent: 6171, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/dlr.mips.elf
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: dlr.mips.elfReversingLabs: Detection: 34%
Source: global trafficHTTP traffic detected: GET /mips HTTP/1.0Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: global trafficHTTP traffic detected: GET /mips HTTP/1.0Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal48.linELF@0/1@0/0
Source: /tmp/dlr.mips.elf (PID: 6248)File written: /tmp/lzrdJump to dropped file
Source: lzrd.12.drDropped file: segment LOAD with 7.9024 entropy (max. 8.0)
Source: lzrd.12.drDropped file: segment LOAD with 7.9385 entropy (max. 8.0)
Source: /tmp/dlr.mips.elf (PID: 6248)Queries kernel information via 'uname': Jump to behavior
Source: dlr.mips.elf, 6248.1.0000564c2c454000.0000564c2c4db000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
Source: dlr.mips.elf, 6248.1.0000564c2c454000.0000564c2c4db000.rw-.sdmpBinary or memory string: F,LV!/etc/qemu-binfmt/mips
Source: dlr.mips.elf, 6248.1.00007ffd41f4a000.00007ffd41f6b000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips
Source: dlr.mips.elf, 6248.1.00007ffd41f4a000.00007ffd41f6b000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mips/tmp/dlr.mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/dlr.mips.elf
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Obfuscated Files or Information
OS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1612185 Sample: dlr.mips.elf Startdate: 11/02/2025 Architecture: LINUX Score: 48 11 185.93.89.101, 44148, 80 TS-EMEA-ASNGB United Kingdom 2->11 13 109.202.202.202, 80 INIT7CH Switzerland 2->13 15 2 other IPs or domains 2->15 17 Multi AV Scanner detection for submitted file 2->17 6 dlr.mips.elf 2->6         started        signatures3 process4 file5 9 /tmp/lzrd, ELF 6->9 dropped
SourceDetectionScannerLabelLink
dlr.mips.elf34%ReversingLabsLinux.Downloader.Mirai
SourceDetectionScannerLabelLink
/tmp/lzrd8%ReversingLabsLinux.PUA.Generic
/tmp/lzrd14%VirustotalBrowse
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

No contacted domains info
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPDomainCountryFlagASNASN NameMalicious
185.93.89.101
unknownUnited Kingdom
200861TS-EMEA-ASNGBfalse
109.202.202.202
unknownSwitzerland
13030INIT7CHfalse
91.189.91.43
unknownUnited Kingdom
41231CANONICAL-ASGBfalse
91.189.91.42
unknownUnited Kingdom
41231CANONICAL-ASGBfalse
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
185.93.89.101dlr.arm7.elfGet hashmaliciousUnknownBrowse
  • /arm7
109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
  • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43na.elfGet hashmaliciousPrometeiBrowse
    na.elfGet hashmaliciousPrometeiBrowse
      na.elfGet hashmaliciousPrometeiBrowse
        SecuriteInfo.com.Linux.Mirai.8843.1994.6083.elfGet hashmaliciousUnknownBrowse
          na.elfGet hashmaliciousPrometeiBrowse
            .i.elfGet hashmaliciousUnknownBrowse
              na.elfGet hashmaliciousPrometeiBrowse
                185.93.89.101-mips-2025-02-11T10_20_14.elfGet hashmaliciousMiraiBrowse
                  na.elfGet hashmaliciousPrometeiBrowse
                    .i.elfGet hashmaliciousUnknownBrowse
                      91.189.91.42na.elfGet hashmaliciousPrometeiBrowse
                        na.elfGet hashmaliciousPrometeiBrowse
                          na.elfGet hashmaliciousPrometeiBrowse
                            SecuriteInfo.com.Linux.Mirai.8843.1994.6083.elfGet hashmaliciousUnknownBrowse
                              na.elfGet hashmaliciousPrometeiBrowse
                                .i.elfGet hashmaliciousUnknownBrowse
                                  na.elfGet hashmaliciousPrometeiBrowse
                                    185.93.89.101-mips-2025-02-11T10_20_14.elfGet hashmaliciousMiraiBrowse
                                      na.elfGet hashmaliciousPrometeiBrowse
                                        .i.elfGet hashmaliciousUnknownBrowse
                                          No context
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          CANONICAL-ASGBdlr.spc.elfGet hashmaliciousUnknownBrowse
                                          • 185.125.190.26
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 185.125.190.26
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 91.189.91.42
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 91.189.91.42
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 91.189.91.42
                                          SecuriteInfo.com.Linux.Mirai.8843.1994.6083.elfGet hashmaliciousUnknownBrowse
                                          • 91.189.91.42
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 91.189.91.42
                                          .i.elfGet hashmaliciousUnknownBrowse
                                          • 91.189.91.42
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 91.189.91.42
                                          185.93.89.101-mips-2025-02-11T10_20_14.elfGet hashmaliciousMiraiBrowse
                                          • 91.189.91.42
                                          TS-EMEA-ASNGBdlr.arm7.elfGet hashmaliciousUnknownBrowse
                                          • 185.93.89.101
                                          mpsl.elfGet hashmaliciousMiraiBrowse
                                          • 185.93.89.106
                                          arm7.elfGet hashmaliciousMiraiBrowse
                                          • 185.93.89.106
                                          185.93.89.101-mips-2025-02-11T10_20_14.elfGet hashmaliciousMiraiBrowse
                                          • 185.93.89.106
                                          mpsl.elfGet hashmaliciousMiraiBrowse
                                          • 185.93.89.106
                                          arm4.elfGet hashmaliciousMiraiBrowse
                                          • 185.93.89.106
                                          dlr.mips.elfGet hashmaliciousMiraiBrowse
                                          • 185.93.89.106
                                          rep.m68k.elfGet hashmaliciousMiraiBrowse
                                          • 185.93.89.106
                                          dlr.arm6.elfGet hashmaliciousMiraiBrowse
                                          • 185.93.89.106
                                          mips.elfGet hashmaliciousMiraiBrowse
                                          • 185.93.89.106
                                          CANONICAL-ASGBdlr.spc.elfGet hashmaliciousUnknownBrowse
                                          • 185.125.190.26
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 185.125.190.26
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 91.189.91.42
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 91.189.91.42
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 91.189.91.42
                                          SecuriteInfo.com.Linux.Mirai.8843.1994.6083.elfGet hashmaliciousUnknownBrowse
                                          • 91.189.91.42
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 91.189.91.42
                                          .i.elfGet hashmaliciousUnknownBrowse
                                          • 91.189.91.42
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 91.189.91.42
                                          185.93.89.101-mips-2025-02-11T10_20_14.elfGet hashmaliciousMiraiBrowse
                                          • 91.189.91.42
                                          INIT7CHna.elfGet hashmaliciousPrometeiBrowse
                                          • 109.202.202.202
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 109.202.202.202
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 109.202.202.202
                                          SecuriteInfo.com.Linux.Mirai.8843.1994.6083.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 109.202.202.202
                                          .i.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 109.202.202.202
                                          185.93.89.101-mips-2025-02-11T10_20_14.elfGet hashmaliciousMiraiBrowse
                                          • 109.202.202.202
                                          na.elfGet hashmaliciousPrometeiBrowse
                                          • 109.202.202.202
                                          .i.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202
                                          No context
                                          No context
                                          Process:/tmp/dlr.mips.elf
                                          File Type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
                                          Category:dropped
                                          Size (bytes):41864
                                          Entropy (8bit):7.936195555924508
                                          Encrypted:false
                                          SSDEEP:768:74BsHr1CyEeGEfzkynWGvmIGAiRTzl8ZDp6NKuKYcNywrVzLSNhtD1CMfJgGlzDf:0BsHr4B/sIEWsmIhqHlsDsFkxrBwht0I
                                          MD5:A09CC5294FD411C6437D8C4500194386
                                          SHA1:F110BB88384F8228C388AAF2E3EE21895B9A2E34
                                          SHA-256:21536ACB0D93A9A7BE73965B5ADF87F7D9AE36E5AD4D8D1094206B3ED6960A84
                                          SHA-512:D02EDEBF49ACAFE320FD2C56F1F11648AFA67AAB87F43E2901EE69EAEF9429E1F2921A9964DB221E94F4096083C77CC9DF5759D455462311C33AE852000A3978
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 8%
                                          • Antivirus: Virustotal, Detection: 14%, Browse
                                          Reputation:low
                                          Preview:.ELF.....................G.....4.........4. ...(.............@...@...........................G...G.....H...H............sfga...........\...\.......U.......?.E.h4...@b..) ..]...E..A...;.\.Z=.k`N.,........~..J....U.)d.t.>.N`.>....E./..x.@.......F...........y...5|......s.\.r..U'......$}.1....{...2.;`...Z.....VjP............DiQ.".}....;+7+n..N\5.!.;.....]y..7..........1G... .)E..C..~P....Qm2...t...ov........@..|...H..J.~..E........../.=|..J.1...."@.s..iC...E..........j+M..oZ8@.}....L@.@..v...5.la..4p5Bq.DL.*....$)L.0....%...........b,_.]u..U..i.. ....t.T.o.\...H..'....h#..]..~..5...++i8.d.J.K^N....}.S...^ ..HF..8<z.L......v..H.i.)...W...-...>...."R........J...0.&.{`.\.h....A.V..(.!.j..0..f..0-..+M..+~x...[ ...g..v..!lz;..:...5.......O...03.*8..D\..1M...?Q..|..h$.zl...|#...2P..X..=. ....(XB.......?.\..x54..+%i>N...`t...1.03..'....W!*..6.|........Q.;Se....d..D......X*....(<mj~....I.!...zY..LC.!..!PW..Z.k.......9.j...|P\..cP.R.e..l.~9.H.kv...S_y.*...^
                                          File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
                                          Entropy (8bit):4.647028440735336
                                          TrID:
                                          • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                          • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                          File name:dlr.mips.elf
                                          File size:1'984 bytes
                                          MD5:98a2ea74157f23c30a358269df2657a5
                                          SHA1:0785ab9962f239550467d5a45a4a2d48aac429c1
                                          SHA256:c4fee388bd2a8f173f579984422824f47de3e11825ce65d95a9cb25dff408898
                                          SHA512:4d01d4b034bcc2a7bb8cd16e6028394a35f8a235520f796fe165813fbfb1621bcbe8cf5b93f4950d49d114a28587d8a4fa6e8e5ccb8f4d583bef5ee0a7831a0b
                                          SSDEEP:48:eRgpEuQ2H7QWrE1zXD/9LuEpUnn2kixMM:SgpTHmNMEpgn8MM
                                          TLSH:0141ED8A1F714EF8F156D93887374B35279A924847C04249E2ACD6002FD430E8DEE7E9
                                          File Content Preview:.ELF.....................@.....4.........4. ...(.............@...@......................... .D. .D. ...T...p........dt.Q........................................0.....,...&... %0...0..... %.........D.%<...'..H...!...\..(!. ..$...<...'..,...!...\..(!. ..$..

                                          ELF header

                                          Class:ELF32
                                          Data:2's complement, big endian
                                          Version:1 (current)
                                          Machine:MIPS R3000
                                          Version Number:0x1
                                          Type:EXEC (Executable file)
                                          OS/ABI:UNIX - System V
                                          ABI Version:0
                                          Entry Point Address:0x4004c0
                                          Flags:0x1007
                                          ELF Header Size:52
                                          Program Header Offset:52
                                          Program Header Size:32
                                          Number of Program Headers:3
                                          Section Header Offset:1704
                                          Section Header Size:40
                                          Number of Section Headers:7
                                          Header String Table Index:6
                                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                          NULL0x00x00x00x00x0000
                                          .textPROGBITS0x4000a00xa00x5400x00x6AX0016
                                          .rodataPROGBITS0x4005e00x5e00x380x10x32AMS004
                                          .gotPROGBITS0x4406200x6200x540x40x10000003WAp0016
                                          .bssNOBITS0x4406800x6740x100x00x3WA0016
                                          .mdebug.abi32PROGBITS0x480x6740x00x00x0001
                                          .shstrtabSTRTAB0x00x6740x310x00x0001
                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                          LOAD0x00x4000000x4000000x6180x6184.96230x5R E0x10000.text .rodata
                                          LOAD0x6200x4406200x4406200x540x702.40960x6RW 0x10000.got .bss
                                          GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                          Download Network PCAP: filteredfull

                                          • Total Packets: 34
                                          • 443 (HTTPS)
                                          • 80 (HTTP)
                                          TimestampSource PortDest PortSource IPDest IP
                                          Feb 11, 2025 16:06:56.559978008 CET43928443192.168.2.2391.189.91.42
                                          Feb 11, 2025 16:06:57.624077082 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:57.630314112 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:57.630381107 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:57.631525993 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:57.638036013 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.095765114 CET4251680192.168.2.23109.202.202.202
                                          Feb 11, 2025 16:06:58.238790035 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.238820076 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.238832951 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.238842964 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.238853931 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.238864899 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.238876104 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.238887072 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.238898039 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.238909960 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.238926888 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.238926888 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.238926888 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.238926888 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.238926888 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.238926888 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.238926888 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.238926888 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.238981962 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.238981962 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.244050980 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.244065046 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.244092941 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.244092941 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.244155884 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.244168043 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.244189978 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.244189978 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.326281071 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.326293945 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.326307058 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.326328993 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.326359034 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.326416016 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.326426983 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.326437950 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.326448917 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.326461077 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.327003002 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.327199936 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.327210903 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.327222109 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.327354908 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.327366114 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.327657938 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.328141928 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.328154087 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.328164101 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.328301907 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.328633070 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.328644991 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.328655958 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.328665972 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.328676939 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.328952074 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.329582930 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.368936062 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.368952990 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.368964911 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.368980885 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:58.369069099 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:06:58.369355917 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:59.231395960 CET4414880192.168.2.23185.93.89.101
                                          Feb 11, 2025 16:06:59.236248016 CET8044148185.93.89.101192.168.2.23
                                          Feb 11, 2025 16:07:01.935179949 CET42836443192.168.2.2391.189.91.43
                                          Feb 11, 2025 16:07:17.804975986 CET43928443192.168.2.2391.189.91.42
                                          Feb 11, 2025 16:07:28.043571949 CET4251680192.168.2.23109.202.202.202
                                          Feb 11, 2025 16:07:28.043574095 CET42836443192.168.2.2391.189.91.43
                                          Feb 11, 2025 16:07:58.759299994 CET43928443192.168.2.2391.189.91.42
                                          Feb 11, 2025 16:08:19.236434937 CET42836443192.168.2.2391.189.91.43
                                          Session IDSource IPSource PortDestination IPDestination Port
                                          0192.168.2.2344148185.93.89.10180
                                          TimestampBytes transferredDirectionData
                                          Feb 11, 2025 16:06:57.631525993 CET46OUTGET /mips HTTP/1.0
                                          Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii:
                                          Feb 11, 2025 16:06:58.238790035 CET711INHTTP/1.0 200 OK
                                          Accept-Ranges: bytes
                                          Content-Length: 41864
                                          Content-Type: application/octet-stream
                                          Last-Modified: Tue, 11 Feb 2025 05:20:24 GMT
                                          Date: Tue, 11 Feb 2025 15:06:58 GMT
                                          Data Raw: 7f 45 4c 46 01 02 01 00 00 00 00 00 00 00 00 00 00 02 00 08 00 00 00 01 00 47 8e a8 00 00 00 34 00 00 00 00 00 00 10 07 00 34 00 20 00 02 00 28 00 00 00 00 00 00 00 01 00 00 00 00 00 40 00 00 00 40 00 00 00 00 10 00 00 06 0a b8 00 00 00 06 00 01 00 00 00 00 00 01 00 00 00 00 00 47 00 00 00 47 00 00 00 00 a2 48 00 00 a2 48 00 00 00 05 00 01 00 00 b7 fc f4 92 73 66 67 61 13 a8 0d 89 00 00 00 00 00 01 db 5c 00 01 db 5c 00 00 00 94 00 00 00 55 0e 00 00 00 1a 03 00 3f 91 45 84 68 34 8a 09 0a 40 62 ae 9e 29 20 b2 fa 5d c7 9c a4 0c 45 02 e5 41 ba 0e e4 3b 9e 5c 11 5a 3d e6 6b 60 4e 8b 2c 84 01 c5 02 af 06 0e ea 7e ab d6 4a 1c 8b a6 ea 55 fa 29 64 e0 74 b7 3e 8c 4e 60 97 3e f5 e6 17 91 45 bd 2f b7 19 78 97 40 00 01 c6 ec 00 00 8a 46 0e 00 00 00 1a 03 00 1e 06 fc 00 79 ad e9 9a c3 35 7c a5 f3 0d 80 b9 c7 73 ca 5c f8 72 d3 c1 55 27 1e 13 b0 9f b3 9e 24 7d 07 31 d3 1c eb b1 d8 89 7b a7 85 0a 32 b1 3b 60 aa 9d ff 5a e2 ed b8 ae a0 bf cf 56 6a 50 cf db c1 9c 07 10 0b af cd 17 1c ba 44 69 51 81 22 13 7d bf cc f5 [TRUNCATED]
                                          Data Ascii: ELFG44 (@@GGHHsfga\\U?Eh4@b) ]EA;\Z=k`N,~JU)dt>N`>E/x@Fy5|s\rU'$}1{2;`ZVjPDiQ"};+7+nN\5!;]y71G )EC~PQm2tov@|HJ~E/=|J1"@siCEj+MoZ8@}L@@v5la
                                          Feb 11, 2025 16:06:58.238820076 CET1236INData Raw: 85 cd 34 70 35 42 71 14 44 4c cd 2a f9 da e0 dc 24 29 4c 96 30 f9 05 bb cd 25 9c 8f c2 dc e7 f3 a2 dc 15 fc d5 a7 b5 62 2c 5f 84 5d 75 f3 db 55 92 a7 69 a0 a0 20 f4 d8 c7 d7 74 9c 54 bf 6f 82 5c ce d6 fe 48 f8 be 27 b5 ba f8 ca 86 68 23 f4 fb 5d
                                          Data Ascii: 4p5BqDL*$)L0%b,_]uUi tTo\H'h#]~5++i8dJK^N}S^ HF8<zLvHi)W->."RJ0&{`\hAV(!j0f0-+M+~x[ gv!lz;
                                          Feb 11, 2025 16:06:58.238832951 CET248INData Raw: aa e6 46 20 67 d4 08 f2 f1 17 f8 c3 36 f2 5a fb 05 a0 b1 c5 91 e0 1c fa a3 48 6a 5f ce d5 62 8c d1 69 49 f4 b8 92 0d e5 a3 66 6f 72 3d b7 22 a5 ad fc d4 2e 86 c7 49 7b c0 31 74 53 05 51 e5 58 35 46 09 73 79 91 08 e3 fd 23 41 d7 12 33 02 dc 28 9c
                                          Data Ascii: F g6ZHj_biIfor=".I{1tSQX5Fsy#A3(iZL^'q@%Ln!&[;Uwu%S<ic3xYt)tSqm[@.$12@)V`(fO)7z"o1W!M]`
                                          Feb 11, 2025 16:06:58.238842964 CET1236INData Raw: 0a 64 39 fb 04 3f 29 a4 0d 34 a9 fa f1 e1 e7 ab 01 b0 a0 22 f4 45 b4 52 54 a6 d3 6c 1a fe cd 10 f9 8c 87 8d bb b3 f5 32 85 f9 8b f0 04 39 cb d8 08 48 e4 35 56 6b 61 0b 58 f0 40 d4 29 5d 87 a4 46 63 9c b3 20 a5 e8 8d a5 c9 42 77 c2 21 61 49 1a e0
                                          Data Ascii: d9?)4"ERTl29H5VkaX@)]Fc Bw!aI|i,1|NZ"DKWC/fYRL95Xgj\#e0%G\AD}WihzS'kfy3!s:>;Evf~8-I2Qfaj/
                                          Feb 11, 2025 16:06:58.238853931 CET248INData Raw: 84 67 08 b4 42 fe 56 50 e9 ed 73 b7 ce d7 78 09 18 12 71 90 f7 5b 2a 4d 13 dd 90 86 d8 2d 4a 99 53 99 46 5a c2 54 52 46 29 99 a6 f1 69 1d 10 41 15 93 97 88 19 19 57 d5 56 05 2f 95 b3 64 2d 8d 24 a4 6e 62 f3 45 e2 ff 0d 64 1b f5 75 1c 6f 0a 21 64
                                          Data Ascii: gBVPsxq[*M-JSFZTRF)iAWV/d-$nbEduo!d(rT0+7djFv[A.g(FV{WH_"FmBLL6zcbt2V5}H:T"lSN#VsxBWh8l*tXu
                                          Feb 11, 2025 16:06:58.238864899 CET1236INData Raw: 18 6e 64 15 f7 ad 31 03 1c f9 71 ba fc 52 00 83 98 c2 65 8d 54 af 7e e8 3d ef 09 c5 5c bc de 5a d1 8f c3 2e 90 38 22 fb 47 f3 32 b4 60 37 ff 13 c7 c1 62 b2 bd 33 62 16 4c a4 c7 c2 fe a2 7a eb 55 65 58 d6 57 ca 9b f3 a6 ae e6 8d 63 9d 3d 22 6f d9
                                          Data Ascii: nd1qReT~=\Z.8"G2`7b3bLzUeXWc="o1n'K2^'V0uCU+1$Gje|[-k4J+]i}U.QmP~D7swt@sy[iP.(,Je:N~/1@b0&Nev,DCs}
                                          Feb 11, 2025 16:06:58.238876104 CET1236INData Raw: 52 53 bc bd fc 74 7c 16 cd 0c d3 38 7e ed 58 f0 ce f8 0a 84 c3 c3 ae 7e 45 2d 53 63 dc 85 84 08 99 e4 42 99 8c 65 a0 ee 74 19 66 2b 67 74 e8 ef a6 73 be 7e b3 18 30 e5 91 50 3f bc 28 08 27 e8 e2 b8 69 06 aa e9 f9 39 47 60 80 bc f8 75 19 7f 9b b5
                                          Data Ascii: RSt|8~X~E-ScBetf+gts~0P?('i9G`u*ViqK5l^9,/}C3`3 V55V&(g;;I,@J7E%XiPMjcSli~;B78>0#]1%j|w}*vJvDG
                                          Feb 11, 2025 16:06:58.238887072 CET484INData Raw: 40 ff a3 17 08 e7 5f 28 fa df f7 4f ff 88 71 95 db 6f 34 b3 7e 3a 08 3d 12 f6 dd 6f 29 eb 7e 2f e2 98 aa 54 0d b5 ce 7e a0 e1 c7 db 06 23 d0 7a 9b 9a 2b 49 f5 8b 98 3f 94 5d e2 42 3a 6d 5e ce 0e a2 d9 a5 d3 3e 49 75 2a cb 8d 16 94 55 97 56 f0 a5
                                          Data Ascii: @_(Oqo4~:=o)~/T~#z+I?]B:m^>Iu*UV~[jOJw'Qlh5L/hJ8kH=\&\t-jJ.{a Tp1k+`TFfsbNf/t'Yi%IFI!{
                                          Feb 11, 2025 16:06:58.238898039 CET1236INData Raw: 88 b0 32 48 bf d5 cc 70 4f f4 97 ea e2 2b 1c 83 b9 81 f6 e9 9d a5 8e 4c 71 9e 32 c0 16 a4 28 c1 08 ce ee 22 9e 2f 09 03 33 69 7e ef 5e bc 1f 19 39 c5 e2 09 4f 73 3b ce 88 53 58 52 87 47 88 34 7e 96 de 1b 52 67 01 a6 63 f5 aa 66 25 eb a3 c5 11 fe
                                          Data Ascii: 2HpO+Lq2("/3i~^9Os;SXRG4~Rgcf%M6C9@w;Op|W@#A\\$i$u/{,~H](0NeGa/q0_'pw5Gh -/Glj:K*A!2;"h$N?2"
                                          Feb 11, 2025 16:06:58.238909960 CET1236INData Raw: fd 93 47 44 b6 0b 65 de 20 24 a5 54 ff 78 83 2c 3c a7 b5 ce 8b 65 21 29 29 eb cc a9 b6 0d 5b ff ed 2b aa 8e 6a 1e 5c 03 c7 b9 32 bb e7 89 d9 90 aa 5b 0c 50 30 e7 8d bb 3a a9 7d b7 46 48 48 14 24 a0 66 dd e1 14 26 86 9d aa 1a 9c 35 d1 56 c5 b5 33
                                          Data Ascii: GDe $Tx,<e!))[+j\2[P0:}FHH$f&5V3BThMIDixq 655Nef185m)C\>CbcckuMgFWjQ<b5Y#N&V%D`F~jHi7K3C`9
                                          Feb 11, 2025 16:06:58.244050980 CET1236INData Raw: 72 ee 13 7c a0 a5 f4 55 90 fc b2 f6 b2 0e 1e be 4e 6e 0c ec 3f 6e b4 13 75 17 c1 e7 c7 ae 1e a6 cb 39 b1 19 79 ca 61 06 38 d1 05 cd a1 23 bb da 6a 7d ab 6d 0a 4d a4 7b b7 d3 f8 ca 8b e7 09 ab 4c 52 3a 94 e5 9d ef 49 94 c0 9a 32 0a a7 02 a5 62 99
                                          Data Ascii: r|UNn?nu9ya8#j}mM{LR:I2b>NU\Qj?-]|OJYPm0B&Nox=+Kr|PhS7Lh:e#`?m|2~9ON#;CZ(XA.f


                                          System Behavior

                                          Start time (UTC):15:06:56
                                          Start date (UTC):11/02/2025
                                          Path:/tmp/dlr.mips.elf
                                          Arguments:/tmp/dlr.mips.elf
                                          File size:5777432 bytes
                                          MD5 hash:0083f1f0e77be34ad27f849842bbb00c