Edit tour

Linux Analysis Report
dlr.mpsl.elf

Overview

General Information

Sample name:dlr.mpsl.elf
Analysis ID:1612194
MD5:f9277d216dd978b9802115795e823e16
SHA1:d928a961d400cbb0f51c6682592c5bc65d6151a0
SHA256:35015fb875ac600a10a334312194687b18ce3fe741d0fd275af672d9526fe6b9
Tags:elfuser-abuse_ch
Infos:

Detection

Score:48
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
ELF contains segments with high entropy indicating compressed/encrypted content
HTTP GET or POST without a user agent
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1612194
Start date and time:2025-02-11 16:17:44 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 34s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:dlr.mpsl.elf
Detection:MAL
Classification:mal48.linELF@0/1@0/0
  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Command:/tmp/dlr.mpsl.elf
PID:6220
Exit Code:5
Exit Code Info:
Killed:False
Standard Output:
LIZRD
lzrd
Standard Error:
  • system is lnxubuntu20
  • dlr.mpsl.elf (PID: 6220, Parent: 6139, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/dlr.mpsl.elf
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: dlr.mpsl.elfVirustotal: Detection: 26%Perma Link
Source: dlr.mpsl.elfReversingLabs: Detection: 34%
Source: global trafficHTTP traffic detected: GET /mpsl HTTP/1.0Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: global trafficHTTP traffic detected: GET /mpsl HTTP/1.0Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal48.linELF@0/1@0/0
Source: /tmp/dlr.mpsl.elf (PID: 6220)File written: /tmp/lzrdJump to dropped file
Source: lzrd.12.drDropped file: segment LOAD with 7.9063 entropy (max. 8.0)
Source: lzrd.12.drDropped file: segment LOAD with 7.9436 entropy (max. 8.0)
Source: /tmp/dlr.mpsl.elf (PID: 6220)Queries kernel information via 'uname': Jump to behavior
Source: dlr.mpsl.elf, 6220.1.000055f95185a000.000055f9518e1000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
Source: dlr.mpsl.elf, 6220.1.000055f95185a000.000055f9518e1000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mipsel
Source: dlr.mpsl.elf, 6220.1.00007fff9a141000.00007fff9a162000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/dlr.mpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/dlr.mpsl.elf
Source: dlr.mpsl.elf, 6220.1.00007fff9a141000.00007fff9a162000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Obfuscated Files or Information
OS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1612194 Sample: dlr.mpsl.elf Startdate: 11/02/2025 Architecture: LINUX Score: 48 11 185.93.89.101, 44136, 80 TS-EMEA-ASNGB United Kingdom 2->11 13 109.202.202.202, 80 INIT7CH Switzerland 2->13 15 2 other IPs or domains 2->15 17 Multi AV Scanner detection for submitted file 2->17 6 dlr.mpsl.elf 2->6         started        signatures3 process4 file5 9 /tmp/lzrd, ELF 6->9 dropped

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
dlr.mpsl.elf27%VirustotalBrowse
dlr.mpsl.elf34%ReversingLabsLinux.Backdoor.Mirai
SourceDetectionScannerLabelLink
/tmp/lzrd19%VirustotalBrowse
/tmp/lzrd13%ReversingLabsLinux.Trojan.Generic
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

No contacted domains info
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPDomainCountryFlagASNASN NameMalicious
185.93.89.101
unknownUnited Kingdom
200861TS-EMEA-ASNGBfalse
109.202.202.202
unknownSwitzerland
13030INIT7CHfalse
91.189.91.43
unknownUnited Kingdom
41231CANONICAL-ASGBfalse
91.189.91.42
unknownUnited Kingdom
41231CANONICAL-ASGBfalse
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
185.93.89.101dlr.arm6.elfGet hashmaliciousUnknownBrowse
  • /arm6
dlr.x86.elfGet hashmaliciousUnknownBrowse
  • /x86
dlr.mips.elfGet hashmaliciousUnknownBrowse
  • /mips
dlr.arm7.elfGet hashmaliciousUnknownBrowse
  • /arm7
109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
  • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43dlr.m68k.elfGet hashmaliciousUnknownBrowse
    dlr.mips.elfGet hashmaliciousUnknownBrowse
      na.elfGet hashmaliciousPrometeiBrowse
        na.elfGet hashmaliciousPrometeiBrowse
          na.elfGet hashmaliciousPrometeiBrowse
            SecuriteInfo.com.Linux.Mirai.8843.1994.6083.elfGet hashmaliciousUnknownBrowse
              na.elfGet hashmaliciousPrometeiBrowse
                .i.elfGet hashmaliciousUnknownBrowse
                  na.elfGet hashmaliciousPrometeiBrowse
                    185.93.89.101-mips-2025-02-11T10_20_14.elfGet hashmaliciousMiraiBrowse
                      No context
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      CANONICAL-ASGBarm5.elfGet hashmaliciousMiraiBrowse
                      • 91.189.91.42
                      dlr.m68k.elfGet hashmaliciousUnknownBrowse
                      • 91.189.91.42
                      dlr.mips.elfGet hashmaliciousUnknownBrowse
                      • 91.189.91.42
                      dlr.spc.elfGet hashmaliciousUnknownBrowse
                      • 185.125.190.26
                      na.elfGet hashmaliciousPrometeiBrowse
                      • 185.125.190.26
                      na.elfGet hashmaliciousPrometeiBrowse
                      • 91.189.91.42
                      na.elfGet hashmaliciousPrometeiBrowse
                      • 91.189.91.42
                      na.elfGet hashmaliciousPrometeiBrowse
                      • 91.189.91.42
                      SecuriteInfo.com.Linux.Mirai.8843.1994.6083.elfGet hashmaliciousUnknownBrowse
                      • 91.189.91.42
                      na.elfGet hashmaliciousPrometeiBrowse
                      • 91.189.91.42
                      TS-EMEA-ASNGBdlr.arm6.elfGet hashmaliciousUnknownBrowse
                      • 185.93.89.101
                      arm5.elfGet hashmaliciousMiraiBrowse
                      • 185.93.89.106
                      arm.elfGet hashmaliciousMiraiBrowse
                      • 185.93.89.106
                      dlr.x86.elfGet hashmaliciousUnknownBrowse
                      • 185.93.89.101
                      dlr.mips.elfGet hashmaliciousUnknownBrowse
                      • 185.93.89.101
                      dlr.arm7.elfGet hashmaliciousUnknownBrowse
                      • 185.93.89.101
                      mpsl.elfGet hashmaliciousMiraiBrowse
                      • 185.93.89.106
                      arm7.elfGet hashmaliciousMiraiBrowse
                      • 185.93.89.106
                      185.93.89.101-mips-2025-02-11T10_20_14.elfGet hashmaliciousMiraiBrowse
                      • 185.93.89.106
                      mpsl.elfGet hashmaliciousMiraiBrowse
                      • 185.93.89.106
                      CANONICAL-ASGBarm5.elfGet hashmaliciousMiraiBrowse
                      • 91.189.91.42
                      dlr.m68k.elfGet hashmaliciousUnknownBrowse
                      • 91.189.91.42
                      dlr.mips.elfGet hashmaliciousUnknownBrowse
                      • 91.189.91.42
                      dlr.spc.elfGet hashmaliciousUnknownBrowse
                      • 185.125.190.26
                      na.elfGet hashmaliciousPrometeiBrowse
                      • 185.125.190.26
                      na.elfGet hashmaliciousPrometeiBrowse
                      • 91.189.91.42
                      na.elfGet hashmaliciousPrometeiBrowse
                      • 91.189.91.42
                      na.elfGet hashmaliciousPrometeiBrowse
                      • 91.189.91.42
                      SecuriteInfo.com.Linux.Mirai.8843.1994.6083.elfGet hashmaliciousUnknownBrowse
                      • 91.189.91.42
                      na.elfGet hashmaliciousPrometeiBrowse
                      • 91.189.91.42
                      INIT7CHarm5.elfGet hashmaliciousMiraiBrowse
                      • 109.202.202.202
                      dlr.m68k.elfGet hashmaliciousUnknownBrowse
                      • 109.202.202.202
                      dlr.mips.elfGet hashmaliciousUnknownBrowse
                      • 109.202.202.202
                      na.elfGet hashmaliciousPrometeiBrowse
                      • 109.202.202.202
                      na.elfGet hashmaliciousPrometeiBrowse
                      • 109.202.202.202
                      na.elfGet hashmaliciousPrometeiBrowse
                      • 109.202.202.202
                      SecuriteInfo.com.Linux.Mirai.8843.1994.6083.elfGet hashmaliciousUnknownBrowse
                      • 109.202.202.202
                      na.elfGet hashmaliciousPrometeiBrowse
                      • 109.202.202.202
                      .i.elfGet hashmaliciousUnknownBrowse
                      • 109.202.202.202
                      na.elfGet hashmaliciousPrometeiBrowse
                      • 109.202.202.202
                      No context
                      No context
                      Process:/tmp/dlr.mpsl.elf
                      File Type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
                      Category:dropped
                      Size (bytes):43168
                      Entropy (8bit):7.940977069808091
                      Encrypted:false
                      SSDEEP:768:jcfoq3J/78ZzKe73nyt7iy+3jjVrxKrBbV9WhO7:wB72/nywyCKrBpuM
                      MD5:7D465D41568B68D1BCF283E1E2723A32
                      SHA1:09B613D20E95A038FD96EA39D9EDB39FA557A0DF
                      SHA-256:95F74CCD5B4BDFBE836E0A5D43F0EF45AFDCD526AD24BAA54D9521A3767B3DA6
                      SHA-512:FE73B3370D64174BAF012B5190B7D978D9264D4821EE896990947B69E87A2650FB697CE7479FF45D5C0D3031AF7346BDFFF774322C36935F62032553DE4B75BD
                      Malicious:true
                      Antivirus:
                      • Antivirus: Virustotal, Detection: 19%, Browse
                      • Antivirus: ReversingLabs, Detection: 13%
                      Reputation:low
                      Preview:.ELF......................G.4...........4. ...(...............@...@...........................G...G.e...e.............!.sfga........\...\.......U..........?.E.h;...#.....b.L#2..:....(..+.......w";jF.....}.._......5.%..?..<.\.......{.....X..............).gL|.Ei.:..@(..w..5{Te..\.....9..@.>...."N....+N....F?^Gdd.......W/...T........"..P_.F'....5.)C!.K.#o>.-..Z\..G+..`.cy..^z.s....$...0.%.C...d.p\.9........(..N....r...N.w...1f{.*....5&.Y..h7.j.+l...Sy..sE.J..4.)..}[..\.......".=....k{...#...E.....,.8...d1.f....E.[].m....)...1@...P.&........S..BG.=.MY..}k.2.....u9.v...{.v...^..jj......."...G9...W..YM>h.s...q....S@.#...H.da.3.:N..h!..x...|.(...X'..-.oy).=.(.).....O.A...q..k.z.{V.>.\...,0C..`~....z.OG.{..2.K5.!h.C.8....V.2@...6..D...*N92....&.Hrk.v.M.=.4..........x^>..mO....p..!....#....SA.P#..O...b..Y...P_.!hC...&l.T..[Gb.+C........a>.1j*hH.uC...v[.........d.k.n..h......y ..XK.."..i...q.... ..2.k.?{..U5...L.0m.i..9J...>.g.J..v....b.{...ey^.P..7\#...
                      File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
                      Entropy (8bit):4.700263946105574
                      TrID:
                      • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                      File name:dlr.mpsl.elf
                      File size:2'016 bytes
                      MD5:f9277d216dd978b9802115795e823e16
                      SHA1:d928a961d400cbb0f51c6682592c5bc65d6151a0
                      SHA256:35015fb875ac600a10a334312194687b18ce3fe741d0fd275af672d9526fe6b9
                      SHA512:0c0460aa820bfd0febb0043ce7a6fbb4a725fa328afefd586557828a057563222c4bea0c71ce6b8933861aa87588638c320314b7b16a43aecdf31daa007b731c
                      SSDEEP:24:OY23H/ki9mpHR/ixZuDa9mC05BJL4mmlZ9npeIgO/qM+UTK8mKUlu/OTlTwFLCFK:Eff2MnuDW2B6df96OScTLmPkOTyFqXZ
                      TLSH:4341121A2F801F33DDA6CC32154B27112ACCD41BA06A63916334E960BD3F645A7D38A8
                      File Content Preview:.ELF......................@.4...........4. ...(...............@...@.8...8...............@...@.D.@.D.T...p...........Q.td...........................................0.,...&..% .....0...0% ...2..%0...".....0.......0.....6..%.C.%0......%.F....<D..'!...\...!(.

                      ELF header

                      Class:ELF32
                      Data:2's complement, little endian
                      Version:1 (current)
                      Machine:MIPS R3000
                      Version Number:0x1
                      Type:EXEC (Executable file)
                      OS/ABI:UNIX - System V
                      ABI Version:0
                      Entry Point Address:0x4004e4
                      Flags:0x1007
                      ELF Header Size:52
                      Program Header Offset:52
                      Program Header Size:32
                      Number of Program Headers:3
                      Section Header Offset:1736
                      Section Header Size:40
                      Number of Section Headers:7
                      Header String Table Index:6
                      NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                      NULL0x00x00x00x00x0000
                      .textPROGBITS0x4000a00xa00x5600x00x6AX0016
                      .rodataPROGBITS0x4006000x6000x380x10x32AMS004
                      .gotPROGBITS0x4406400x6400x540x40x10000003WAp0016
                      .bssNOBITS0x4406a00x6940x100x00x3WA0016
                      .mdebug.abi32PROGBITS0x480x6940x00x00x0001
                      .shstrtabSTRTAB0x00x6940x310x00x0001
                      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                      LOAD0x00x4000000x4000000x6380x6385.00520x5R E0x10000.text .rodata
                      LOAD0x6400x4406400x4406400x540x702.61250x6RW 0x10000.got .bss
                      GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                      Download Network PCAP: filteredfull

                      • Total Packets: 32
                      • 443 (HTTPS)
                      • 80 (HTTP)
                      TimestampSource PortDest PortSource IPDest IP
                      Feb 11, 2025 16:18:22.983006001 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:22.987924099 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:22.987988949 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:22.989237070 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:22.994081974 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.589286089 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.589329958 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.589396000 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.589407921 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.589458942 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.589471102 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.589545012 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.589555979 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.589570999 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.589596033 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.589596987 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.589596987 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.589596987 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.589596987 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.589596987 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.589648008 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.589653969 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.589653969 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.589653969 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.589703083 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.594472885 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.594494104 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.594516039 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.594542980 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.594561100 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.594602108 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.676045895 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.676063061 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.676074982 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.676095009 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.676105976 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.676105022 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.676105022 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.676105022 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.676186085 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.676198959 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.676212072 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.676336050 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.677037001 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.677076101 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.677088022 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.677144051 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.677726984 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.677738905 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.677757025 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.677767038 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.677778006 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.677792072 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.677825928 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.678621054 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.678646088 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.678658009 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.678733110 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.678747892 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.679302931 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.681086063 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.724210978 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:23.762691021 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.762706041 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.762718916 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:23.762890100 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:24.284152985 CET43928443192.168.2.2391.189.91.42
                      Feb 11, 2025 16:18:24.475708008 CET4413680192.168.2.23185.93.89.101
                      Feb 11, 2025 16:18:24.480640888 CET8044136185.93.89.101192.168.2.23
                      Feb 11, 2025 16:18:29.915501118 CET42836443192.168.2.2391.189.91.43
                      Feb 11, 2025 16:18:31.451204062 CET4251680192.168.2.23109.202.202.202
                      Feb 11, 2025 16:18:46.041198969 CET43928443192.168.2.2391.189.91.42
                      Feb 11, 2025 16:18:56.279799938 CET42836443192.168.2.2391.189.91.43
                      Feb 11, 2025 16:19:02.422995090 CET4251680192.168.2.23109.202.202.202
                      Feb 11, 2025 16:19:26.995691061 CET43928443192.168.2.2391.189.91.42
                      Session IDSource IPSource PortDestination IPDestination Port
                      0192.168.2.2344136185.93.89.10180
                      TimestampBytes transferredDirectionData
                      Feb 11, 2025 16:18:22.989237070 CET46OUTGET /mpsl HTTP/1.0
                      Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00
                      Data Ascii:
                      Feb 11, 2025 16:18:23.589286089 CET711INHTTP/1.0 200 OK
                      Accept-Ranges: bytes
                      Content-Length: 43168
                      Content-Type: application/octet-stream
                      Last-Modified: Tue, 11 Feb 2025 05:20:24 GMT
                      Date: Tue, 11 Feb 2025 15:18:23 GMT
                      Data Raw: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 02 00 08 00 01 00 00 00 c0 93 47 00 34 00 00 00 00 00 00 00 07 10 00 00 34 00 20 00 02 00 28 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 40 00 00 00 40 00 00 10 00 00 b8 0a 06 00 06 00 00 00 00 00 01 00 01 00 00 00 00 00 00 00 00 00 47 00 00 00 47 00 65 a7 00 00 65 a7 00 00 05 00 00 00 00 00 01 00 98 f0 21 fa 73 66 67 61 b0 13 0d 1e 00 00 00 00 5c db 01 00 5c db 01 00 94 00 00 00 55 00 00 00 0e 00 00 00 1a 03 00 3f 91 45 84 68 3b de de a6 0f 23 da 99 a6 00 f8 fc 62 87 4c 23 32 0f c5 3a e3 2e f3 a3 e3 8b 28 ad a6 2b 09 d5 d9 0f 95 10 ba 77 22 3b 6a 46 a7 be f0 83 14 7d 81 84 5f 87 1a c1 84 80 87 35 19 25 82 a5 3f ec 18 3c bb 5c 11 19 19 f1 c8 f4 15 7b 00 9c ce 01 00 58 8f 00 00 0e 00 00 00 1a 03 00 03 00 00 cb 29 16 67 4c 7c d0 45 69 f2 3a f5 c0 40 28 a7 97 77 cf f7 35 7b 54 65 8a 08 5c ac a2 00 83 01 39 83 cc 40 f6 3e ec ac c4 81 84 12 22 4e 12 af fd 16 2b 4e 13 d8 a5 86 18 46 3f 5e 47 64 64 98 af f1 f5 d7 e4 98 d1 57 2f 9a 12 cf 54 b0 0b 84 d8 fa 96 [TRUNCATED]
                      Data Ascii: ELFG44 (@@GGee!sfga\\U?Eh;#bL#2:.(+w";jF}_5%?<\{X)gL|Ei:@(w5{Te\9@>"N+NF?^GddW/T"P_F'5)C!K#o>-Z\G+`cy^zs$0%Cdp\9(NrNw1f{*5&Yh7j+lSysEJ4)}[\"=k{#
                      Feb 11, 2025 16:18:23.589329958 CET1236INData Raw: 45 00 ab f5 18 c0 2c e5 38 05 99 af 64 31 a0 66 fe 8e f9 b9 45 cc a6 5b 5d ad 6d ba d0 1e d6 29 87 cf d0 31 40 83 b2 1f 50 c9 26 91 8e e6 0b ae e3 96 d7 e0 a1 53 a5 87 42 47 f2 3d ff 4d 59 f6 f4 7d 6b a4 32 08 fc ae 80 97 75 39 0d 76 b2 d5 df 8c
                      Data Ascii: E,8d1fE[]m)1@P&SBG=MY}k2u9v{v^jj"G9WYM>hsqS@#Hda3:Nh!x|(X'-oy)=()OA.qkz{V>\,0C`~zOG{2K5!hC8
                      Feb 11, 2025 16:18:23.589396000 CET1236INData Raw: ef ea 89 91 c8 2b c6 3e 2e af 14 36 7f 3e f2 0c e7 e8 f6 16 8c e5 ab f0 bd 69 83 bb 77 10 43 df 87 f2 5f 2c 0b 00 39 26 d4 c5 01 a0 eb 50 46 6d 6d 95 90 81 b1 ff f7 61 60 54 87 87 02 ac 3f 4b 10 16 57 a8 d7 b2 1c 19 83 64 48 83 c7 cb 3e 8e 91 bc
                      Data Ascii: +>.6>iwC_,9&PFmma`T?KWdH>xB [<{W7Y-yB&T#2OD^o$tyPW2.G*IrV!!f0k?0?x!b<T_X}T7p+q(uCjJBfM
                      Feb 11, 2025 16:18:23.589407921 CET1236INData Raw: db 06 2f cf 13 1a b3 fd 39 a1 c8 77 2c 7f 7f 77 fc f3 d0 17 34 b2 28 79 48 78 61 d4 c2 46 ae 73 66 4f 1a ec da f0 ee 6f 2e 16 3b 7b 62 36 cb e8 30 d0 3f 7e c7 b1 15 5f ab 76 78 91 de 33 3e 75 58 8c e7 f4 3a bb a3 dc 32 7f 63 2e aa 3e 07 91 44 ae
                      Data Ascii: /9w,w4(yHxaFsfOo.;{b60?~_vx3>uX:2c.>DW9i4jU+ =CiG+wLE,^[y;OVi9e{UD]TC~##}U}hNE{78hC)J'!?Oo5r$\IzUs'A
                      Feb 11, 2025 16:18:23.589458942 CET1236INData Raw: c6 81 5e 0b dd 62 e4 56 2d 43 43 10 15 ff a6 5c 63 fb ba b0 6e 99 24 fe 38 ab 3b d0 62 6b 8f 2b bf 8e ac 18 70 26 c5 dc ab 99 5f 55 0f 67 90 77 6b a6 3e c8 8a 3c ac 39 e8 eb d3 9a 3e fe c8 c2 29 16 28 82 de b3 6e d6 56 f9 4b 71 d4 f7 3e c4 7d 99
                      Data Ascii: ^bV-CC\cn$8;bk+p&_Ugwk><9>)(nVKq>}vDyFNF di-7k~u9,2#N-C$*.1xe%Ry\a~fq^o$&HFq_>5hu#K:Au+5dt9cJ8
                      Feb 11, 2025 16:18:23.589471102 CET956INData Raw: 8b 0c 34 2e 33 d6 7d c1 d4 d2 6f 43 29 83 2f a6 92 35 56 d9 27 58 19 50 26 d3 c1 16 df 91 5c 49 a7 1d 38 6e 3b 31 77 f7 c5 91 62 6e 95 70 58 f0 99 3c bd e0 ea 5f 9a 95 9d 25 d5 9e fb 52 1b 00 f9 61 0c 3d 96 e2 2c 8f f9 02 c9 e5 3c 4f af 63 2a ec
                      Data Ascii: 4.3}oC)/5V'XP&\I8n;1wbnpX<_%Ra=,<Oc*nn-Z"dN@>#vs|uG&6-&c[>kvkC|tp jxiYlt4.*wgvSpGJ8_xWe$~D"
                      Feb 11, 2025 16:18:23.589545012 CET1236INData Raw: 6b 6f 5b 50 96 4d 43 cc 6a b9 bf 66 4d 2d 0b e9 47 e0 fe 2e b5 cf ff 53 ad 08 a7 9f e4 da 28 15 b1 34 1d 22 9c b9 84 64 72 f3 01 2a 3a d3 b8 14 b1 d5 1f 42 7e bb 6d 1e aa 03 fd 3c f4 ee fc ec d0 fa f6 7a cf 4b 86 47 9b fb 88 77 05 9a af 30 df 07
                      Data Ascii: ko[PMCjfM-G.S(4"dr*:B~m<zKGw0E6#>J?c07kM,sKS"GLo&BJ-uQujnn0=DOiMTPu`lM*EABc=F[2l/C#f!|19PSB
                      Feb 11, 2025 16:18:23.589555979 CET248INData Raw: b5 fd 14 ca 0e 34 2f 6d cc 75 66 73 9b 83 c8 f8 24 68 04 e8 0e cc 4d 4b 3d 3d 21 b1 99 5d ec 1d 55 ab cb 4e 30 9b eb 29 b4 a4 2d 35 53 30 98 a6 3c 49 2f f0 3e 39 55 54 ba 16 55 91 9a 10 03 27 a2 de 0f 12 47 31 7b 74 78 a6 d3 08 06 dc 9e 70 89 27
                      Data Ascii: 4/mufs$hMK==!]UN0)-5S0<I/>9UTU'G1{txp'eJ+n"',}LNE50&UC4&GKyES'Xs@y0_Ig9gu]ugiU/%@>cQEqK3]o],
                      Feb 11, 2025 16:18:23.589570999 CET1236INData Raw: 0c 5d 24 67 5b e3 78 c0 71 f7 34 77 69 ed 29 5e 12 c4 d9 40 11 92 1c b0 0e e3 64 cf 21 25 56 6f 02 a6 78 19 bb 77 41 cd 92 33 c5 4c 2a 78 07 7d a7 af 5a fc 44 3f be 78 7a d5 c2 6f 50 fb 89 92 8d 26 9d c2 b7 3d 48 0b e8 df 6e 59 cb 2b ee 20 8a 0a
                      Data Ascii: ]$g[xq4wi)^@d!%VoxwA3L*x}ZD?xzoP&=HnY+ +^vqe;EpiZQhXD4wF4] 9<3KR7> |h)2z-imBL'2rD,%"6<vf-NlhsjAViS
                      Feb 11, 2025 16:18:23.589648008 CET1236INData Raw: b3 00 8f 7e be 91 04 3e 82 ee c4 50 69 75 35 67 57 2a 44 0f 2c f1 f1 b4 25 94 76 81 dc 27 03 b3 45 21 29 42 f9 2a 2b 62 0a 39 cf e3 28 ae 28 a0 44 98 7c e5 1f 5b 4f 5a 69 70 f1 98 c2 4b 18 b4 c1 80 ab 01 d5 92 e3 b3 d6 76 51 dc 94 1d 25 dd 28 1c
                      Data Ascii: ~>Piu5gW*D,%v'E!)B*+b9((D|[OZipKvQ%(/+I.Pk/,LQ=<)rwyx)u)bM3)1N25R4"#a:@m@W~LgLbd`@Cw5;w%
                      Feb 11, 2025 16:18:23.594472885 CET1236INData Raw: e6 e2 9a 50 ff da 99 37 e9 6c 09 85 2e 21 0e 41 cd 1e 12 4d c7 e4 a8 fa 6d 20 83 9e 8a 74 c9 4c 5f 55 93 f6 5a cc 11 bb fd 6b 9c d0 5d 31 70 60 43 a7 09 f8 c4 c6 8c 50 87 21 fc 42 cf f3 5f c3 3d 7f 0d c1 88 58 34 9b 7c 49 62 26 3a 03 f3 a0 b8 30
                      Data Ascii: P7l.!AMm tL_UZk]1p`CP!B_=X4|Ib&:0:S@(LSKn^:,wu_c^CCWn ;X%xH[M'R.U#@ES\j %OV@sU|y|9]PRv`(MlZ|v_%


                      System Behavior

                      Start time (UTC):15:18:22
                      Start date (UTC):11/02/2025
                      Path:/tmp/dlr.mpsl.elf
                      Arguments:/tmp/dlr.mpsl.elf
                      File size:5773336 bytes
                      MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9