Edit tour

Linux Analysis Report
sync.arm5.elf

Overview

General Information

Sample name:sync.arm5.elf
Analysis ID:1637901
MD5:10183c847e97cb10995f66c7540e0fda
SHA1:c235ca63b64f07cac6bfc54482345b0294fad787
SHA256:80a04a9f1024a78569593e9445a05c549cd3528d7b91ca25c2993c55fd045ea8
Tags:elfuser-abuse_ch
Infos:

Detection

Score:68
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Performs DNS TXT record lookups
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sleeps for long times indicative of sandbox evasion
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1637901
Start date and time:2025-03-14 01:46:54 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 50s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:sync.arm5.elf
Detection:MAL
Classification:mal68.evad.linELF@0/0@24/0
  • VT rate limit hit for: dnsresolve.socialgains.cf
Command:/tmp/sync.arm5.elf
PID:5571
Exit Code:
Exit Code Info:
Killed:True
Standard Output:

Standard Error:
  • system is lnxubuntu20
  • sync.arm5.elf (PID: 5571, Parent: 5490, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/sync.arm5.elf
  • cleanup
No yara matches
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-14T01:48:06.393256+010020135141A Network Trojan was detected192.168.2.14475638.8.8.853UDP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: sync.arm5.elfAvira: detected
Source: sync.arm5.elfVirustotal: Detection: 46%Perma Link
Source: sync.arm5.elfReversingLabs: Detection: 57%

Networking

barindex
Source: Network trafficSuricata IDS: 2013514 - Severity 1 - ET MALWARE Potential DNS Command and Control via TXT queries : 192.168.2.14:47563 -> 8.8.8.8:53
Source: global trafficTCP traffic: 192.168.2.14:33832 -> 142.44.232.40:61003
Source: unknownTCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: dnsresolve.socialgains.cf
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal68.evad.linELF@0/0@24/0
Source: /tmp/sync.arm5.elf (PID: 5573)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/sync.arm5.elf (PID: 5573)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/sync.arm5.elf (PID: 5571)Queries kernel information via 'uname': Jump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Virtualization/Sandbox Evasion
OS Credential Dumping1
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1637901 Sample: sync.arm5.elf Startdate: 14/03/2025 Architecture: LINUX Score: 68 11 dnsresolve.socialgains.cf 2->11 13 142.44.232.40, 33832, 61003 OVHFR Canada 2->13 15 daisy.ubuntu.com 2->15 17 Suricata IDS alerts for network traffic 2->17 19 Antivirus / Scanner detection for submitted sample 2->19 21 Multi AV Scanner detection for submitted file 2->21 7 sync.arm5.elf 2->7         started        signatures3 23 Performs DNS TXT record lookups 11->23 process4 process5 9 sync.arm5.elf 7->9         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
sync.arm5.elf47%VirustotalBrowse
sync.arm5.elf58%ReversingLabsLinux.Backdoor.Mirai
sync.arm5.elf100%AviraANDROID/AVE.Agent.cgymz
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.24
truefalse
    high
    dnsresolve.socialgains.cf
    unknown
    unknowntrue
      unknown
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      142.44.232.40
      unknownCanada
      16276OVHFRfalse
      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      142.44.232.40sync.arm7.elfGet hashmaliciousUnknownBrowse
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        daisy.ubuntu.comre.bot.mpsl.elfGet hashmaliciousUnknownBrowse
        • 162.213.35.24
        miner.elfGet hashmaliciousUnknownBrowse
        • 162.213.35.25
        sshd.elfGet hashmaliciousUnknownBrowse
        • 162.213.35.24
        re.bot.mips.elfGet hashmaliciousUnknownBrowse
        • 162.213.35.25
        miner.elfGet hashmaliciousUnknownBrowse
        • 162.213.35.25
        arm7-20250314-0007.elfGet hashmaliciousMiraiBrowse
        • 162.213.35.25
        arm5-20250314-0007.elfGet hashmaliciousUnknownBrowse
        • 162.213.35.25
        bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
        • 162.213.35.25
        f5.kkGet hashmaliciousUnknownBrowse
        • 162.213.35.25
        Mozi.m.elfGet hashmaliciousUnknownBrowse
        • 162.213.35.24
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        OVHFRsync.arm7.elfGet hashmaliciousUnknownBrowse
        • 142.44.232.40
        general2.exeGet hashmaliciousXWormBrowse
        • 91.134.10.182
        https://hospitalnews.com/paramedics-in-six-provinces-to-provide-palliative-care-in-the-home/Get hashmaliciousUnknownBrowse
        • 198.100.159.124
        faktura_FV2025020660849.htmlGet hashmaliciousUnknownBrowse
        • 54.39.128.117
        AAHiVVNIKQESryT.exeGet hashmaliciousFormBookBrowse
        • 51.222.255.207
        http://observalgerie.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
        • 37.59.22.41
        https://saleemitraders.com/wp/confirm.htmlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
        • 158.69.25.207
        faktura_FV2025020637756.htmlGet hashmaliciousUnknownBrowse
        • 149.56.240.129
        https://sceanmcommnunmnlty.com/xroea/spwoe/zxiweGet hashmaliciousUnknownBrowse
        • 91.134.10.168
        http://feirao2025.com.br/consulta/Get hashmaliciousUnknownBrowse
        • 91.134.60.128
        No context
        No context
        No created / dropped files found
        File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
        Entropy (8bit):6.164188389252891
        TrID:
        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
        File name:sync.arm5.elf
        File size:67'008 bytes
        MD5:10183c847e97cb10995f66c7540e0fda
        SHA1:c235ca63b64f07cac6bfc54482345b0294fad787
        SHA256:80a04a9f1024a78569593e9445a05c549cd3528d7b91ca25c2993c55fd045ea8
        SHA512:4074698b7e733af35ea3848d36e0c264e5fe193cd25ca126672de85c3000df30a52e19efe3fe9f48f1dfa897ce323e3a0c09da9981ccb9decbea7ba19ce415e1
        SSDEEP:1536:ztRSDhdo+iyHAX5K9hmHsx+6rSyRs7eG:zbSHHJC5K98steyCeG
        TLSH:D0634B52F9C19602C0E0167AFA4F4289732557A9E2DF3603DD298F3137EB56B0F97612
        File Content Preview:.ELF...a..........(.........4...0.......4. ...(.....................................................................Q.td..................................-...L."....5..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

        ELF header

        Class:ELF32
        Data:2's complement, little endian
        Version:1 (current)
        Machine:ARM
        Version Number:0x1
        Type:EXEC (Executable file)
        OS/ABI:ARM - ABI
        ABI Version:0
        Entry Point Address:0x8190
        Flags:0x2
        ELF Header Size:52
        Program Header Offset:52
        Program Header Size:32
        Number of Program Headers:3
        Section Header Offset:66608
        Section Header Size:40
        Number of Section Headers:10
        Header String Table Index:9
        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
        NULL0x00x00x00x00x0000
        .initPROGBITS0x80940x940x180x00x6AX004
        .textPROGBITS0x80b00xb00xd4540x00x6AX0016
        .finiPROGBITS0x155040xd5040x140x00x6AX004
        .rodataPROGBITS0x155180xd5180x28e40x00x2A004
        .ctorsPROGBITS0x180000x100000x80x00x3WA004
        .dtorsPROGBITS0x180080x100080x80x00x3WA004
        .dataPROGBITS0x180140x100140x3dc0x00x3WA004
        .bssNOBITS0x183f00x103f00xa2ac0x00x3WA004
        .shstrtabSTRTAB0x00x103f00x3e0x00x0001
        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
        LOAD0x00x80000x80000xfdfc0xfdfc6.22570x5R E0x8000.init .text .fini .rodata
        LOAD0x100000x180000x180000x3f00xa69c3.49770x6RW 0x8000.ctors .dtors .data .bss
        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

        Download Network PCAP: filteredfull

        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
        2025-03-14T01:48:06.393256+01002013514ET MALWARE Potential DNS Command and Control via TXT queries1192.168.2.14475638.8.8.853UDP
        • Total Packets: 32
        • 61003 undefined
        • 53 (DNS)
        TimestampSource PortDest PortSource IPDest IP
        Mar 14, 2025 01:48:10.686621904 CET3383261003192.168.2.14142.44.232.40
        Mar 14, 2025 01:48:10.691369057 CET6100333832142.44.232.40192.168.2.14
        Mar 14, 2025 01:48:10.691484928 CET3383261003192.168.2.14142.44.232.40
        Mar 14, 2025 01:48:10.691736937 CET3383261003192.168.2.14142.44.232.40
        Mar 14, 2025 01:48:10.696381092 CET6100333832142.44.232.40192.168.2.14
        Mar 14, 2025 01:48:32.084139109 CET6100333832142.44.232.40192.168.2.14
        Mar 14, 2025 01:48:32.084462881 CET3383261003192.168.2.14142.44.232.40
        Mar 14, 2025 01:48:32.089241982 CET6100333832142.44.232.40192.168.2.14
        Mar 14, 2025 01:50:40.205466032 CET4516653192.168.2.148.8.8.8
        Mar 14, 2025 01:50:40.210272074 CET53451668.8.8.8192.168.2.14
        Mar 14, 2025 01:50:40.210340023 CET4516653192.168.2.148.8.8.8
        Mar 14, 2025 01:50:40.210354090 CET4516653192.168.2.148.8.8.8
        Mar 14, 2025 01:50:40.210369110 CET4516653192.168.2.148.8.8.8
        Mar 14, 2025 01:50:40.215051889 CET53451668.8.8.8192.168.2.14
        Mar 14, 2025 01:50:40.215063095 CET53451668.8.8.8192.168.2.14
        Mar 14, 2025 01:50:40.679848909 CET53451668.8.8.8192.168.2.14
        Mar 14, 2025 01:50:40.680263042 CET4516653192.168.2.148.8.8.8
        Mar 14, 2025 01:50:42.679770947 CET53451668.8.8.8192.168.2.14
        Mar 14, 2025 01:50:42.680061102 CET4516653192.168.2.148.8.8.8
        Mar 14, 2025 01:50:42.684711933 CET53451668.8.8.8192.168.2.14
        TimestampSource PortDest PortSource IPDest IP
        Mar 14, 2025 01:47:54.843570948 CET5628553192.168.2.148.8.4.4
        Mar 14, 2025 01:47:54.871912003 CET53562858.8.4.4192.168.2.14
        Mar 14, 2025 01:47:55.874511003 CET3546653192.168.2.141.1.1.1
        Mar 14, 2025 01:47:56.011567116 CET53354661.1.1.1192.168.2.14
        Mar 14, 2025 01:47:57.013609886 CET4149853192.168.2.148.8.8.8
        Mar 14, 2025 01:47:57.042071104 CET53414988.8.8.8192.168.2.14
        Mar 14, 2025 01:47:58.043896914 CET4700853192.168.2.148.8.4.4
        Mar 14, 2025 01:47:58.069777966 CET53470088.8.4.4192.168.2.14
        Mar 14, 2025 01:47:59.071629047 CET3594053192.168.2.141.0.0.1
        Mar 14, 2025 01:47:59.175014973 CET53359401.0.0.1192.168.2.14
        Mar 14, 2025 01:48:00.176959038 CET5286453192.168.2.141.1.1.1
        Mar 14, 2025 01:48:00.295255899 CET53528641.1.1.1192.168.2.14
        Mar 14, 2025 01:48:01.297346115 CET3312753192.168.2.148.8.8.8
        Mar 14, 2025 01:48:01.312239885 CET53331278.8.8.8192.168.2.14
        Mar 14, 2025 01:48:02.314205885 CET4103253192.168.2.148.8.4.4
        Mar 14, 2025 01:48:02.329966068 CET53410328.8.4.4192.168.2.14
        Mar 14, 2025 01:48:03.331650019 CET5229953192.168.2.148.8.4.4
        Mar 14, 2025 01:48:03.347173929 CET53522998.8.4.4192.168.2.14
        Mar 14, 2025 01:48:04.348980904 CET4226053192.168.2.148.8.4.4
        Mar 14, 2025 01:48:04.364686012 CET53422608.8.4.4192.168.2.14
        Mar 14, 2025 01:48:05.367012024 CET3308553192.168.2.141.0.0.1
        Mar 14, 2025 01:48:05.391277075 CET53330851.0.0.1192.168.2.14
        Mar 14, 2025 01:48:06.393255949 CET4756353192.168.2.148.8.8.8
        Mar 14, 2025 01:48:06.409255981 CET53475638.8.8.8192.168.2.14
        Mar 14, 2025 01:48:07.411216974 CET4815353192.168.2.141.0.0.1
        Mar 14, 2025 01:48:07.436268091 CET53481531.0.0.1192.168.2.14
        Mar 14, 2025 01:48:08.439409018 CET5039853192.168.2.141.1.1.1
        Mar 14, 2025 01:48:08.541851044 CET53503981.1.1.1192.168.2.14
        Mar 14, 2025 01:48:09.544286013 CET4360553192.168.2.141.0.0.1
        Mar 14, 2025 01:48:09.683790922 CET53436051.0.0.1192.168.2.14
        Mar 14, 2025 01:48:33.086175919 CET3616153192.168.2.141.1.1.1
        Mar 14, 2025 01:48:33.110352993 CET53361611.1.1.1192.168.2.14
        Mar 14, 2025 01:48:34.112323999 CET5586053192.168.2.141.1.1.1
        Mar 14, 2025 01:48:34.253700972 CET53558601.1.1.1192.168.2.14
        Mar 14, 2025 01:48:35.256400108 CET5168353192.168.2.148.8.8.8
        Mar 14, 2025 01:48:35.273411989 CET53516838.8.8.8192.168.2.14
        Mar 14, 2025 01:48:36.276216984 CET5125753192.168.2.148.8.4.4
        Mar 14, 2025 01:48:36.283194065 CET53512578.8.4.4192.168.2.14
        Mar 14, 2025 01:48:37.285691977 CET3609253192.168.2.148.8.4.4
        Mar 14, 2025 01:48:37.301740885 CET53360928.8.4.4192.168.2.14
        Mar 14, 2025 01:48:38.303644896 CET5801053192.168.2.148.8.8.8
        Mar 14, 2025 01:48:38.318464041 CET53580108.8.8.8192.168.2.14
        Mar 14, 2025 01:48:39.320813894 CET5034353192.168.2.141.1.1.1
        Mar 14, 2025 01:48:39.457360029 CET53503431.1.1.1192.168.2.14
        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Mar 14, 2025 01:47:54.843570948 CET192.168.2.148.8.4.40x17f5Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:47:55.874511003 CET192.168.2.141.1.1.10x17f5Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:47:57.013609886 CET192.168.2.148.8.8.80x17f5Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:47:58.043896914 CET192.168.2.148.8.4.40x17f5Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:47:59.071629047 CET192.168.2.141.0.0.10x17f5Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:00.176959038 CET192.168.2.141.1.1.10x17f5Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:01.297346115 CET192.168.2.148.8.8.80x17f5Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:02.314205885 CET192.168.2.148.8.4.40x17f5Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:03.331650019 CET192.168.2.148.8.4.40x17f5Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:04.348980904 CET192.168.2.148.8.4.40x17f5Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:05.367012024 CET192.168.2.141.0.0.10x17f5Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:06.393255949 CET192.168.2.148.8.8.80x17f5Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:07.411216974 CET192.168.2.141.0.0.10x17f5Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:08.439409018 CET192.168.2.141.1.1.10x17f5Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:09.544286013 CET192.168.2.141.0.0.10x17f5Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:33.086175919 CET192.168.2.141.1.1.10x7db0Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:34.112323999 CET192.168.2.141.1.1.10x7db0Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:35.256400108 CET192.168.2.148.8.8.80x7db0Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:36.276216984 CET192.168.2.148.8.4.40x7db0Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:37.285691977 CET192.168.2.148.8.4.40x7db0Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:38.303644896 CET192.168.2.148.8.8.80x7db0Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:48:39.320813894 CET192.168.2.141.1.1.10x7db0Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
        Mar 14, 2025 01:50:40.210354090 CET192.168.2.148.8.8.80xeb75Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
        Mar 14, 2025 01:50:40.210369110 CET192.168.2.148.8.8.80x6602Standard query (0)daisy.ubuntu.com28IN (0x0001)false
        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Mar 14, 2025 01:47:54.871912003 CET8.8.4.4192.168.2.140x17f5Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:47:56.011567116 CET1.1.1.1192.168.2.140x17f5Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:47:57.042071104 CET8.8.8.8192.168.2.140x17f5Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:47:58.069777966 CET8.8.4.4192.168.2.140x17f5Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:47:59.175014973 CET1.0.0.1192.168.2.140x17f5Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:00.295255899 CET1.1.1.1192.168.2.140x17f5Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:01.312239885 CET8.8.8.8192.168.2.140x17f5Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:02.329966068 CET8.8.4.4192.168.2.140x17f5Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:03.347173929 CET8.8.4.4192.168.2.140x17f5Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:04.364686012 CET8.8.4.4192.168.2.140x17f5Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:05.391277075 CET1.0.0.1192.168.2.140x17f5Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:06.409255981 CET8.8.8.8192.168.2.140x17f5Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:07.436268091 CET1.0.0.1192.168.2.140x17f5Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:08.541851044 CET1.1.1.1192.168.2.140x17f5Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:09.683790922 CET1.0.0.1192.168.2.140x17f5Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:33.110352993 CET1.1.1.1192.168.2.140x7db0Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:34.253700972 CET1.1.1.1192.168.2.140x7db0Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:35.273411989 CET8.8.8.8192.168.2.140x7db0Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:36.283194065 CET8.8.4.4192.168.2.140x7db0Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:37.301740885 CET8.8.4.4192.168.2.140x7db0Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:38.318464041 CET8.8.8.8192.168.2.140x7db0Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:48:39.457360029 CET1.1.1.1192.168.2.140x7db0Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
        Mar 14, 2025 01:50:40.679848909 CET8.8.8.8192.168.2.140xeb75No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
        Mar 14, 2025 01:50:40.679848909 CET8.8.8.8192.168.2.140xeb75No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

        System Behavior

        Start time (UTC):00:47:54
        Start date (UTC):14/03/2025
        Path:/tmp/sync.arm5.elf
        Arguments:/tmp/sync.arm5.elf
        File size:4956856 bytes
        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

        Start time (UTC):00:47:54
        Start date (UTC):14/03/2025
        Path:/tmp/sync.arm5.elf
        Arguments:-
        File size:4956856 bytes
        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1