Edit tour

Linux Analysis Report
xd.mpsl.elf

Overview

General Information

Sample name:xd.mpsl.elf
Analysis ID:1669038
MD5:25dda32e0a78a95af4566c3a9fed5cf7
SHA1:1eb4a3bc24651842ee1ed46d6dda905fed652b28
SHA256:ed925012055bd9650dcf8a2b5bf9ab27b2e4e2f1cc11eebdce97f3a65451b4b5
Tags:elfuser-abuse_ch
Infos:

Detection

Score:68
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1669038
Start date and time:2025-04-19 05:44:27 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 34s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:xd.mpsl.elf
Detection:MAL
Classification:mal68.evad.linELF@0/0@0/0
Command:/tmp/xd.mpsl.elf
PID:5432
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
connecterror
Standard Error:
  • system is lnxubuntu20
  • xd.mpsl.elf (PID: 5432, Parent: 5354, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/xd.mpsl.elf
  • cleanup
SourceRuleDescriptionAuthorStrings
5432.1.00007ff6f4400000.00007ff6f440f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0xda10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xda24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xda38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xda4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xda60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xda74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xda88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xda9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xdab0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xdac4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xdad8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xdaec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xdb00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xdb14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xdb28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xdb3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xdb50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xdb64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xdb78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xdb8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xdba0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: xd.mpsl.elf PID: 5432Linux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x1211:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1225:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1239:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x124d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1261:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1275:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1289:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x129d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x12b1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x12c5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x12d9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x12ed:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1301:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1315:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1329:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x133d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1351:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1365:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1379:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x138d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x13a1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: xd.mpsl.elfAvira: detected
Source: xd.mpsl.elfVirustotal: Detection: 42%Perma Link
Source: xd.mpsl.elfReversingLabs: Detection: 44%
Source: global trafficTCP traffic: 192.168.2.13:37806 -> 209.141.33.93:5538
Source: /tmp/xd.mpsl.elf (PID: 5432)Socket: 192.168.2.13:9473Jump to behavior
Source: unknownTCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknownTCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknownTCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknownTCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknownTCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknownTCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknownTCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknownTCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknownTCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknownTCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknownTCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknownTCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknownTCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknownTCP traffic detected without corresponding DNS query: 209.141.33.93
Source: xd.mpsl.elfString found in binary or memory: http://upx.sf.net

System Summary

barindex
Source: 5432.1.00007ff6f4400000.00007ff6f440f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: xd.mpsl.elf PID: 5432, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: LOAD without section mappingsProgram segment: 0x100000
Source: 5432.1.00007ff6f4400000.00007ff6f440f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: xd.mpsl.elf PID: 5432, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engineClassification label: mal68.evad.linELF@0/0@0/0

Data Obfuscation

barindex
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: xd.mpsl.elfSubmission file: segment LOAD with 7.8532 entropy (max. 8.0)
Source: /tmp/xd.mpsl.elf (PID: 5432)Queries kernel information via 'uname': Jump to behavior
Source: xd.mpsl.elf, 5432.1.000055b82d760000.000055b82d7e7000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
Source: xd.mpsl.elf, 5432.1.00007ffdc2234000.00007ffdc2255000.rw-.sdmpBinary or memory string: Wkx86_64/usr/bin/qemu-mipsel/tmp/xd.mpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/xd.mpsl.elf
Source: xd.mpsl.elf, 5432.1.000055b82d760000.000055b82d7e7000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mipsel
Source: xd.mpsl.elf, 5432.1.00007ffdc2234000.00007ffdc2255000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
Obfuscated Files or Information
OS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1669038 Sample: xd.mpsl.elf Startdate: 19/04/2025 Architecture: LINUX Score: 68 11 209.141.33.93, 37806, 5538 PONYNETUS United States 2->11 13 Malicious sample detected (through community Yara rule) 2->13 15 Antivirus / Scanner detection for submitted sample 2->15 17 Multi AV Scanner detection for submitted file 2->17 19 Sample is packed with UPX 2->19 7 xd.mpsl.elf 2->7         started        signatures3 process4 process5 9 xd.mpsl.elf 7->9         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
xd.mpsl.elf43%VirustotalBrowse
xd.mpsl.elf44%ReversingLabsLinux.Worm.Mirai
xd.mpsl.elf100%AviraEXP/ELF.Agent.M.28
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://upx.sf.netxd.mpsl.elffalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    209.141.33.93
    unknownUnited States
    53667PONYNETUSfalse
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    209.141.33.93xd.x86.elfGet hashmaliciousUnknownBrowse
      xd.arm7.elfGet hashmaliciousMiraiBrowse
        xd.x86_64.elfGet hashmaliciousUnknownBrowse
          xd.arm5.elfGet hashmaliciousUnknownBrowse
            xd.arm.elfGet hashmaliciousUnknownBrowse
              xd.sh4.elfGet hashmaliciousUnknownBrowse
                xd.m68k.elfGet hashmaliciousUnknownBrowse
                  xd.ppc.elfGet hashmaliciousUnknownBrowse
                    xd.arm.elfGet hashmaliciousUnknownBrowse
                      xd.spc.elfGet hashmaliciousUnknownBrowse
                        No context
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        PONYNETUSxd.x86.elfGet hashmaliciousUnknownBrowse
                        • 209.141.33.93
                        xd.arm7.elfGet hashmaliciousMiraiBrowse
                        • 209.141.33.93
                        xd.x86_64.elfGet hashmaliciousUnknownBrowse
                        • 209.141.33.93
                        xd.arm5.elfGet hashmaliciousUnknownBrowse
                        • 209.141.33.93
                        xd.arm.elfGet hashmaliciousUnknownBrowse
                        • 209.141.33.93
                        t.elfGet hashmaliciousUnknownBrowse
                        • 205.185.124.66
                        xd.sh4.elfGet hashmaliciousUnknownBrowse
                        • 209.141.33.93
                        xd.m68k.elfGet hashmaliciousUnknownBrowse
                        • 209.141.33.93
                        xd.ppc.elfGet hashmaliciousUnknownBrowse
                        • 209.141.33.93
                        xd.arm.elfGet hashmaliciousUnknownBrowse
                        • 209.141.33.93
                        No context
                        No context
                        No created / dropped files found
                        File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
                        Entropy (8bit):7.848103940347971
                        TrID:
                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                        File name:xd.mpsl.elf
                        File size:23'296 bytes
                        MD5:25dda32e0a78a95af4566c3a9fed5cf7
                        SHA1:1eb4a3bc24651842ee1ed46d6dda905fed652b28
                        SHA256:ed925012055bd9650dcf8a2b5bf9ab27b2e4e2f1cc11eebdce97f3a65451b4b5
                        SHA512:0d0d53216126181f183682c7da33c63a976aefd3e38cb672b0a8eed243963b37af38256bb21cbf07118c788ce42ccab64c0f2773d81e3bd914f5b4d2e7b1492d
                        SSDEEP:384:V35A604Ka2bNH3EqViCiohqMhYOH3nOGFAVnwNbkhC7kLsRsCU+0efRWGVCz0Nvh:s02b5xViCioZGOXjAxSG0kLCRUMWo
                        TLSH:03A2C06DB58472CBEFF928BA60DA07B54CA074C02A7A9FDD5315088DEB92C1BE04D174
                        File Content Preview:.ELF.....................F..4...........4. ...(......................Y...Y..............p9..p9E.p9E....................DUPX!d....... ... .......S..........?.E.h;....#......b.L#=.c.`....n.z....f*l.|g....b...M.v....a.n.j....k.I8.L!...n..,....B.............,

                        ELF header

                        Class:ELF32
                        Data:2's complement, little endian
                        Version:1 (current)
                        Machine:MIPS R3000
                        Version Number:0x1
                        Type:EXEC (Executable file)
                        OS/ABI:UNIX - System V
                        ABI Version:0
                        Entry Point Address:0x104680
                        Flags:0x1007
                        ELF Header Size:52
                        Program Header Offset:52
                        Program Header Size:32
                        Number of Program Headers:2
                        Section Header Offset:0
                        Section Header Size:40
                        Number of Section Headers:0
                        Header String Table Index:0
                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                        LOAD0x00x1000000x1000000x59bd0x59bd7.85320x5R E0x10000
                        LOAD0x39700x4539700x4539700x00x00.00000x6RW 0x10000

                        Download Network PCAP: filteredfull

                        TimestampSource PortDest PortSource IPDest IP
                        Apr 19, 2025 05:45:22.131390095 CEST378065538192.168.2.13209.141.33.93
                        Apr 19, 2025 05:45:22.274549961 CEST553837806209.141.33.93192.168.2.13
                        Apr 19, 2025 05:45:22.274626017 CEST378065538192.168.2.13209.141.33.93
                        Apr 19, 2025 05:45:22.275485992 CEST378065538192.168.2.13209.141.33.93
                        Apr 19, 2025 05:45:22.420701981 CEST553837806209.141.33.93192.168.2.13
                        Apr 19, 2025 05:45:22.420867920 CEST378065538192.168.2.13209.141.33.93
                        Apr 19, 2025 05:45:22.563898087 CEST553837806209.141.33.93192.168.2.13
                        Apr 19, 2025 05:45:32.285007000 CEST378065538192.168.2.13209.141.33.93
                        Apr 19, 2025 05:45:32.428090096 CEST553837806209.141.33.93192.168.2.13
                        Apr 19, 2025 05:45:32.428109884 CEST553837806209.141.33.93192.168.2.13
                        Apr 19, 2025 05:45:32.428198099 CEST378065538192.168.2.13209.141.33.93
                        Apr 19, 2025 05:45:47.756566048 CEST553837806209.141.33.93192.168.2.13
                        Apr 19, 2025 05:45:47.756715059 CEST378065538192.168.2.13209.141.33.93
                        Apr 19, 2025 05:46:02.900324106 CEST553837806209.141.33.93192.168.2.13
                        Apr 19, 2025 05:46:02.900684118 CEST378065538192.168.2.13209.141.33.93
                        Apr 19, 2025 05:46:18.044224977 CEST553837806209.141.33.93192.168.2.13
                        Apr 19, 2025 05:46:18.044409037 CEST378065538192.168.2.13209.141.33.93
                        Apr 19, 2025 05:46:32.479048967 CEST378065538192.168.2.13209.141.33.93
                        Apr 19, 2025 05:46:32.622395039 CEST553837806209.141.33.93192.168.2.13
                        Apr 19, 2025 05:46:32.622589111 CEST378065538192.168.2.13209.141.33.93
                        Apr 19, 2025 05:46:47.916316986 CEST553837806209.141.33.93192.168.2.13
                        Apr 19, 2025 05:46:47.916591883 CEST378065538192.168.2.13209.141.33.93
                        Apr 19, 2025 05:47:03.060184956 CEST553837806209.141.33.93192.168.2.13
                        Apr 19, 2025 05:47:03.060395002 CEST378065538192.168.2.13209.141.33.93
                        Apr 19, 2025 05:47:18.204072952 CEST553837806209.141.33.93192.168.2.13
                        Apr 19, 2025 05:47:18.204226971 CEST378065538192.168.2.13209.141.33.93

                        System Behavior

                        Start time (UTC):03:45:15
                        Start date (UTC):19/04/2025
                        Path:/tmp/xd.mpsl.elf
                        Arguments:/tmp/xd.mpsl.elf
                        File size:5773336 bytes
                        MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                        Start time (UTC):03:45:20
                        Start date (UTC):19/04/2025
                        Path:/tmp/xd.mpsl.elf
                        Arguments:-
                        File size:5773336 bytes
                        MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9