Edit tour

Linux Analysis Report
sync.arm5.elf

Overview

General Information

Sample name:sync.arm5.elf
Analysis ID:1637930
MD5:a12a57f35c5de6115d4a956a10d004e3
SHA1:721ffef45980150bab04ebf1b970a694d3bf1207
SHA256:c56e1285a8552d5974767c02be375a51930ce95c7ab71764b2013029bcf947ad
Tags:elfMiraiuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Performs DNS TXT record lookups
Detected TCP or UDP traffic on non-standard ports
Executes the "rm" command used to delete files or directories
Sample has stripped symbol table
Sleeps for long times indicative of sandbox evasion
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1637930
Start date and time:2025-03-14 02:16:13 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 15s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:sync.arm5.elf
Detection:MAL
Classification:mal60.evad.linELF@0/0@15/0
Command:/tmp/sync.arm5.elf
PID:6258
Exit Code:
Exit Code Info:
Killed:True
Standard Output:

Standard Error:
  • system is lnxubuntu20
  • sync.arm5.elf (PID: 6258, Parent: 6184, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/sync.arm5.elf
  • dash New Fork (PID: 6269, Parent: 4338)
  • rm (PID: 6269, Parent: 4338, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.k2LQD01Tby /tmp/tmp.VC3CtQFCwn /tmp/tmp.pFDWMjjwDH
  • dash New Fork (PID: 6270, Parent: 4338)
  • rm (PID: 6270, Parent: 4338, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.k2LQD01Tby /tmp/tmp.VC3CtQFCwn /tmp/tmp.pFDWMjjwDH
  • cleanup
No yara matches
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-14T02:17:29.148272+010020135141A Network Trojan was detected192.168.2.23471788.8.4.453UDP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: sync.arm5.elfVirustotal: Detection: 48%Perma Link
Source: sync.arm5.elfReversingLabs: Detection: 44%

Networking

barindex
Source: Network trafficSuricata IDS: 2013514 - Severity 1 - ET MALWARE Potential DNS Command and Control via TXT queries : 192.168.2.23:47178 -> 8.8.4.4:53
Source: global trafficTCP traffic: 192.168.2.23:39488 -> 185.194.205.79:61003
Source: unknownDNS traffic detected: query: dnsresolve.socialgains.cf replaycode: Name error (3)
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: global trafficDNS traffic detected: DNS query: dnsresolve.socialgains.cf
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39256
Source: unknownNetwork traffic detected: HTTP traffic on port 39256 -> 443
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal60.evad.linELF@0/0@15/0
Source: /usr/bin/dash (PID: 6269)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.k2LQD01Tby /tmp/tmp.VC3CtQFCwn /tmp/tmp.pFDWMjjwDHJump to behavior
Source: /usr/bin/dash (PID: 6270)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.k2LQD01Tby /tmp/tmp.VC3CtQFCwn /tmp/tmp.pFDWMjjwDHJump to behavior
Source: /tmp/sync.arm5.elf (PID: 6260)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/sync.arm5.elf (PID: 6260)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/sync.arm5.elf (PID: 6258)Queries kernel information via 'uname': Jump to behavior
Source: sync.arm5.elf, 6258.1.0000559a75d3e000.0000559a75e8d000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
Source: sync.arm5.elf, 6258.1.00007fff4ac69000.00007fff4ac8a000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/sync.arm5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/sync.arm5.elf
Source: sync.arm5.elf, 6258.1.0000559a75d3e000.0000559a75e8d000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: sync.arm5.elf, 6258.1.00007fff4ac69000.00007fff4ac8a000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

HIPS / PFW / Operating System Protection Evasion

barindex
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Virtualization/Sandbox Evasion
OS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
File Deletion
LSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media1
Non-Standard Port
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Application Layer Protocol
Traffic DuplicationData Destruction
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1637930 Sample: sync.arm5.elf Startdate: 14/03/2025 Architecture: LINUX Score: 60 15 dnsresolve.socialgains.cf 2->15 17 109.202.202.202, 80 INIT7CH Switzerland 2->17 19 3 other IPs or domains 2->19 21 Suricata IDS alerts for network traffic 2->21 23 Multi AV Scanner detection for submitted file 2->23 7 sync.arm5.elf 2->7         started        9 dash rm 2->9         started        11 dash rm 2->11         started        signatures3 25 Performs DNS TXT record lookups 15->25 process4 process5 13 sync.arm5.elf 7->13         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
sync.arm5.elf48%VirustotalBrowse
sync.arm5.elf45%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
dnsresolve.socialgains.cf
unknown
unknownfalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    34.249.145.219
    unknownUnited States
    16509AMAZON-02USfalse
    185.194.205.79
    unknownFrance
    204145HTSENSEFRfalse
    109.202.202.202
    unknownSwitzerland
    13030INIT7CHfalse
    91.189.91.42
    unknownUnited Kingdom
    41231CANONICAL-ASGBfalse
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    34.249.145.219sync.mips.elfGet hashmaliciousUnknownBrowse
      sync.arm7.elfGet hashmaliciousUnknownBrowse
        na.elfGet hashmaliciousPrometeiBrowse
          boatnet.arm6.elfGet hashmaliciousMiraiBrowse
            NewAge3ATOmpsl.elfGet hashmaliciousUnknownBrowse
              NewAge3ATOx86.elfGet hashmaliciousUnknownBrowse
                na.elfGet hashmaliciousPrometeiBrowse
                  na.elfGet hashmaliciousPrometeiBrowse
                    na.elfGet hashmaliciousPrometeiBrowse
                      na.elfGet hashmaliciousPrometeiBrowse
                        185.194.205.79sync.x86_64.elfGet hashmaliciousUnknownBrowse
                          sync.mipsel.elfGet hashmaliciousUnknownBrowse
                            sync.superh.elfGet hashmaliciousUnknownBrowse
                              sync.arm7.elfGet hashmaliciousUnknownBrowse
                                sync.arm6.elfGet hashmaliciousUnknownBrowse
                                  sync.arm4.elfGet hashmaliciousUnknownBrowse
                                    109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                                    • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                                    91.189.91.42sync.mips.elfGet hashmaliciousUnknownBrowse
                                      na.elfGet hashmaliciousPrometeiBrowse
                                        na.elfGet hashmaliciousPrometeiBrowse
                                          na.elfGet hashmaliciousPrometeiBrowse
                                            sync.powerpc.elfGet hashmaliciousUnknownBrowse
                                              sync.mips.elfGet hashmaliciousUnknownBrowse
                                                sync.arm7.elfGet hashmaliciousUnknownBrowse
                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                      re.bot.mpsl.elfGet hashmaliciousUnknownBrowse
                                                        No context
                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        CANONICAL-ASGBsync.mips.elfGet hashmaliciousUnknownBrowse
                                                        • 91.189.91.42
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 185.125.190.26
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 91.189.91.42
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 185.125.190.26
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 91.189.91.42
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 91.189.91.42
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 185.125.190.26
                                                        sync.powerpc.elfGet hashmaliciousUnknownBrowse
                                                        • 91.189.91.42
                                                        sync.mips.elfGet hashmaliciousUnknownBrowse
                                                        • 91.189.91.42
                                                        sync.arm7.elfGet hashmaliciousUnknownBrowse
                                                        • 91.189.91.42
                                                        HTSENSEFRsync.x86_64.elfGet hashmaliciousUnknownBrowse
                                                        • 185.194.205.79
                                                        sync.mipsel.elfGet hashmaliciousUnknownBrowse
                                                        • 185.194.205.79
                                                        sync.superh.elfGet hashmaliciousUnknownBrowse
                                                        • 185.194.205.79
                                                        sync.arm7.elfGet hashmaliciousUnknownBrowse
                                                        • 185.194.205.79
                                                        sync.arm6.elfGet hashmaliciousUnknownBrowse
                                                        • 185.194.205.79
                                                        sync.arm4.elfGet hashmaliciousUnknownBrowse
                                                        • 185.194.205.79
                                                        INIT7CHsync.mips.elfGet hashmaliciousUnknownBrowse
                                                        • 109.202.202.202
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 109.202.202.202
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 109.202.202.202
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 109.202.202.202
                                                        sync.powerpc.elfGet hashmaliciousUnknownBrowse
                                                        • 109.202.202.202
                                                        sync.mips.elfGet hashmaliciousUnknownBrowse
                                                        • 109.202.202.202
                                                        sync.arm7.elfGet hashmaliciousUnknownBrowse
                                                        • 109.202.202.202
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 109.202.202.202
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 109.202.202.202
                                                        re.bot.mpsl.elfGet hashmaliciousUnknownBrowse
                                                        • 109.202.202.202
                                                        AMAZON-02USna.elfGet hashmaliciousPrometeiBrowse
                                                        • 54.255.164.76
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 54.255.164.76
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 54.255.164.76
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 54.255.164.76
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 54.255.164.76
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 54.255.164.76
                                                        sync.powerpc.elfGet hashmaliciousUnknownBrowse
                                                        • 54.171.230.55
                                                        sync.mips.elfGet hashmaliciousUnknownBrowse
                                                        • 34.249.145.219
                                                        sync.arm7.elfGet hashmaliciousUnknownBrowse
                                                        • 34.249.145.219
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 54.255.164.76
                                                        No context
                                                        No context
                                                        No created / dropped files found
                                                        File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                                                        Entropy (8bit):6.16429066807101
                                                        TrID:
                                                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                        File name:sync.arm5.elf
                                                        File size:67'008 bytes
                                                        MD5:a12a57f35c5de6115d4a956a10d004e3
                                                        SHA1:721ffef45980150bab04ebf1b970a694d3bf1207
                                                        SHA256:c56e1285a8552d5974767c02be375a51930ce95c7ab71764b2013029bcf947ad
                                                        SHA512:467fd9c2f00797019f2015a98176d8f739a405ac965b46893bbd1f4bc06ad0bec3fe57bc17bce1a1563d246b9c9af122215d1ceb77dca39da7355aa8c922a648
                                                        SSDEEP:1536:ztRSDhdo+iyHAX5H9hmHsx+6rSyRs7eG:zbSHHJC5H98steyCeG
                                                        TLSH:C7634B52F9C19602C0E0167AFA4F4289732557A9E2DF3603DD298F3137EB56B0F97612
                                                        File Content Preview:.ELF...a..........(.........4...0.......4. ...(.....................................................................Q.td..................................-...L."....5..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

                                                        ELF header

                                                        Class:ELF32
                                                        Data:2's complement, little endian
                                                        Version:1 (current)
                                                        Machine:ARM
                                                        Version Number:0x1
                                                        Type:EXEC (Executable file)
                                                        OS/ABI:ARM - ABI
                                                        ABI Version:0
                                                        Entry Point Address:0x8190
                                                        Flags:0x2
                                                        ELF Header Size:52
                                                        Program Header Offset:52
                                                        Program Header Size:32
                                                        Number of Program Headers:3
                                                        Section Header Offset:66608
                                                        Section Header Size:40
                                                        Number of Section Headers:10
                                                        Header String Table Index:9
                                                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                        NULL0x00x00x00x00x0000
                                                        .initPROGBITS0x80940x940x180x00x6AX004
                                                        .textPROGBITS0x80b00xb00xd4540x00x6AX0016
                                                        .finiPROGBITS0x155040xd5040x140x00x6AX004
                                                        .rodataPROGBITS0x155180xd5180x28e40x00x2A004
                                                        .ctorsPROGBITS0x180000x100000x80x00x3WA004
                                                        .dtorsPROGBITS0x180080x100080x80x00x3WA004
                                                        .dataPROGBITS0x180140x100140x3dc0x00x3WA004
                                                        .bssNOBITS0x183f00x103f00xa2ac0x00x3WA004
                                                        .shstrtabSTRTAB0x00x103f00x3e0x00x0001
                                                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                        LOAD0x00x80000x80000xfdfc0xfdfc6.22580x5R E0x8000.init .text .fini .rodata
                                                        LOAD0x100000x180000x180000x3f00xa69c3.49770x6RW 0x8000.ctors .dtors .data .bss
                                                        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                                        Download Network PCAP: filteredfull

                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2025-03-14T02:17:29.148272+01002013514ET MALWARE Potential DNS Command and Control via TXT queries1192.168.2.23471788.8.4.453UDP
                                                        • Total Packets: 25
                                                        • 61003 undefined
                                                        • 443 (HTTPS)
                                                        • 80 (HTTP)
                                                        • 53 (DNS)
                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Mar 14, 2025 02:17:28.317003012 CET43928443192.168.2.2391.189.91.42
                                                        Mar 14, 2025 02:17:40.744874001 CET4433925634.249.145.219192.168.2.23
                                                        Mar 14, 2025 02:17:40.745043039 CET39256443192.168.2.2334.249.145.219
                                                        Mar 14, 2025 02:17:40.750252962 CET4433925634.249.145.219192.168.2.23
                                                        Mar 14, 2025 02:17:41.744021893 CET3948861003192.168.2.23185.194.205.79
                                                        Mar 14, 2025 02:17:41.748681068 CET6100339488185.194.205.79192.168.2.23
                                                        Mar 14, 2025 02:17:41.748775005 CET3948861003192.168.2.23185.194.205.79
                                                        Mar 14, 2025 02:17:41.749031067 CET3948861003192.168.2.23185.194.205.79
                                                        Mar 14, 2025 02:17:41.753772020 CET6100339488185.194.205.79192.168.2.23
                                                        Mar 14, 2025 02:17:44.698796988 CET4251680192.168.2.23109.202.202.202
                                                        Mar 14, 2025 02:17:48.794208050 CET43928443192.168.2.2391.189.91.42
                                                        Mar 14, 2025 02:18:10.848186016 CET3948861003192.168.2.23185.194.205.79
                                                        Mar 14, 2025 02:18:10.859985113 CET6100339488185.194.205.79192.168.2.23
                                                        Mar 14, 2025 02:18:10.860040903 CET3948861003192.168.2.23185.194.205.79
                                                        Mar 14, 2025 02:18:29.748486042 CET43928443192.168.2.2391.189.91.42
                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Mar 14, 2025 02:17:26.095361948 CET4080253192.168.2.238.8.8.8
                                                        Mar 14, 2025 02:17:26.111846924 CET53408028.8.8.8192.168.2.23
                                                        Mar 14, 2025 02:17:27.114053965 CET4191353192.168.2.238.8.8.8
                                                        Mar 14, 2025 02:17:27.129111052 CET53419138.8.8.8192.168.2.23
                                                        Mar 14, 2025 02:17:28.130919933 CET4882153192.168.2.238.8.4.4
                                                        Mar 14, 2025 02:17:28.146111012 CET53488218.8.4.4192.168.2.23
                                                        Mar 14, 2025 02:17:29.148272038 CET4717853192.168.2.238.8.4.4
                                                        Mar 14, 2025 02:17:29.163491964 CET53471788.8.4.4192.168.2.23
                                                        Mar 14, 2025 02:17:30.165519953 CET3352953192.168.2.231.0.0.1
                                                        Mar 14, 2025 02:17:30.283452988 CET53335291.0.0.1192.168.2.23
                                                        Mar 14, 2025 02:17:31.285316944 CET6067153192.168.2.231.1.1.1
                                                        Mar 14, 2025 02:17:31.423590899 CET53606711.1.1.1192.168.2.23
                                                        Mar 14, 2025 02:17:32.425484896 CET3439953192.168.2.231.1.1.1
                                                        Mar 14, 2025 02:17:32.450057030 CET53343991.1.1.1192.168.2.23
                                                        Mar 14, 2025 02:17:33.451703072 CET5824753192.168.2.238.8.8.8
                                                        Mar 14, 2025 02:17:33.467250109 CET53582478.8.8.8192.168.2.23
                                                        Mar 14, 2025 02:17:34.468915939 CET4512953192.168.2.238.8.4.4
                                                        Mar 14, 2025 02:17:34.484174967 CET53451298.8.4.4192.168.2.23
                                                        Mar 14, 2025 02:17:35.486876011 CET4720253192.168.2.238.8.4.4
                                                        Mar 14, 2025 02:17:35.515566111 CET53472028.8.4.4192.168.2.23
                                                        Mar 14, 2025 02:17:36.517724991 CET6045353192.168.2.238.8.4.4
                                                        Mar 14, 2025 02:17:36.546919107 CET53604538.8.4.4192.168.2.23
                                                        Mar 14, 2025 02:17:37.548858881 CET5015053192.168.2.238.8.4.4
                                                        Mar 14, 2025 02:17:37.564294100 CET53501508.8.4.4192.168.2.23
                                                        Mar 14, 2025 02:17:38.567080975 CET3327853192.168.2.238.8.4.4
                                                        Mar 14, 2025 02:17:38.595541000 CET53332788.8.4.4192.168.2.23
                                                        Mar 14, 2025 02:17:39.598165989 CET4166053192.168.2.238.8.8.8
                                                        Mar 14, 2025 02:17:39.613014936 CET53416608.8.8.8192.168.2.23
                                                        Mar 14, 2025 02:17:40.615583897 CET3685753192.168.2.231.0.0.1
                                                        Mar 14, 2025 02:17:40.740997076 CET53368571.0.0.1192.168.2.23
                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Mar 14, 2025 02:17:26.095361948 CET192.168.2.238.8.8.80x5c4dStandard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                                                        Mar 14, 2025 02:17:27.114053965 CET192.168.2.238.8.8.80x5c4dStandard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                                                        Mar 14, 2025 02:17:28.130919933 CET192.168.2.238.8.4.40x5c4dStandard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                                                        Mar 14, 2025 02:17:29.148272038 CET192.168.2.238.8.4.40x5c4dStandard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                                                        Mar 14, 2025 02:17:30.165519953 CET192.168.2.231.0.0.10x5c4dStandard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                                                        Mar 14, 2025 02:17:31.285316944 CET192.168.2.231.1.1.10x5c4dStandard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                                                        Mar 14, 2025 02:17:32.425484896 CET192.168.2.231.1.1.10x5c4dStandard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                                                        Mar 14, 2025 02:17:33.451703072 CET192.168.2.238.8.8.80x5c4dStandard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                                                        Mar 14, 2025 02:17:34.468915939 CET192.168.2.238.8.4.40x5c4dStandard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                                                        Mar 14, 2025 02:17:35.486876011 CET192.168.2.238.8.4.40x5c4dStandard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                                                        Mar 14, 2025 02:17:36.517724991 CET192.168.2.238.8.4.40x5c4dStandard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                                                        Mar 14, 2025 02:17:37.548858881 CET192.168.2.238.8.4.40x5c4dStandard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                                                        Mar 14, 2025 02:17:38.567080975 CET192.168.2.238.8.4.40x5c4dStandard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                                                        Mar 14, 2025 02:17:39.598165989 CET192.168.2.238.8.8.80x5c4dStandard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                                                        Mar 14, 2025 02:17:40.615583897 CET192.168.2.231.0.0.10x5c4dStandard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Mar 14, 2025 02:17:26.111846924 CET8.8.8.8192.168.2.230x5c4dName error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                                                        Mar 14, 2025 02:17:27.129111052 CET8.8.8.8192.168.2.230x5c4dName error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                                                        Mar 14, 2025 02:17:28.146111012 CET8.8.4.4192.168.2.230x5c4dName error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                                                        Mar 14, 2025 02:17:29.163491964 CET8.8.4.4192.168.2.230x5c4dName error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                                                        Mar 14, 2025 02:17:30.283452988 CET1.0.0.1192.168.2.230x5c4dName error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                                                        Mar 14, 2025 02:17:31.423590899 CET1.1.1.1192.168.2.230x5c4dName error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                                                        Mar 14, 2025 02:17:32.450057030 CET1.1.1.1192.168.2.230x5c4dName error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                                                        Mar 14, 2025 02:17:33.467250109 CET8.8.8.8192.168.2.230x5c4dName error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                                                        Mar 14, 2025 02:17:34.484174967 CET8.8.4.4192.168.2.230x5c4dName error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                                                        Mar 14, 2025 02:17:35.515566111 CET8.8.4.4192.168.2.230x5c4dName error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                                                        Mar 14, 2025 02:17:36.546919107 CET8.8.4.4192.168.2.230x5c4dName error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                                                        Mar 14, 2025 02:17:37.564294100 CET8.8.4.4192.168.2.230x5c4dName error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                                                        Mar 14, 2025 02:17:38.595541000 CET8.8.4.4192.168.2.230x5c4dName error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                                                        Mar 14, 2025 02:17:39.613014936 CET8.8.8.8192.168.2.230x5c4dName error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                                                        Mar 14, 2025 02:17:40.740997076 CET1.0.0.1192.168.2.230x5c4dName error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false

                                                        System Behavior

                                                        Start time (UTC):01:17:25
                                                        Start date (UTC):14/03/2025
                                                        Path:/tmp/sync.arm5.elf
                                                        Arguments:/tmp/sync.arm5.elf
                                                        File size:4956856 bytes
                                                        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                        Start time (UTC):01:17:25
                                                        Start date (UTC):14/03/2025
                                                        Path:/tmp/sync.arm5.elf
                                                        Arguments:-
                                                        File size:4956856 bytes
                                                        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                        Start time (UTC):01:17:40
                                                        Start date (UTC):14/03/2025
                                                        Path:/usr/bin/dash
                                                        Arguments:-
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        Start time (UTC):01:17:40
                                                        Start date (UTC):14/03/2025
                                                        Path:/usr/bin/rm
                                                        Arguments:rm -f /tmp/tmp.k2LQD01Tby /tmp/tmp.VC3CtQFCwn /tmp/tmp.pFDWMjjwDH
                                                        File size:72056 bytes
                                                        MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                        Start time (UTC):01:17:40
                                                        Start date (UTC):14/03/2025
                                                        Path:/usr/bin/dash
                                                        Arguments:-
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        Start time (UTC):01:17:40
                                                        Start date (UTC):14/03/2025
                                                        Path:/usr/bin/rm
                                                        Arguments:rm -f /tmp/tmp.k2LQD01Tby /tmp/tmp.VC3CtQFCwn /tmp/tmp.pFDWMjjwDH
                                                        File size:72056 bytes
                                                        MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b