Edit tour

Linux Analysis Report
sync.x86.elf

Overview

General Information

Sample name:sync.x86.elf
Analysis ID:1639340
MD5:7fbc59a5a08e9c025fa0a7f755ced23b
SHA1:d371d394b1b23fe9aaae5338cab728846ca9811e
SHA256:9c5ccfe9376d915a9ca05c533be888710c801508c1d8d6f144a11fa23bcba283
Tags:elfuser-abuse_ch
Infos:

Detection

Score:72
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Performs DNS TXT record lookups
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sleeps for long times indicative of sandbox evasion
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1639340
Start date and time:2025-03-15 09:56:27 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 22s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:sync.x86.elf
Detection:MAL
Classification:mal72.evad.linELF@0/0@17/0
Command:/tmp/sync.x86.elf
PID:5489
Exit Code:1
Exit Code Info:
Killed:False
Standard Output:
syncne
Standard Error:
  • system is lnxubuntu20
  • sync.x86.elf (PID: 5489, Parent: 5415, MD5: 7fbc59a5a08e9c025fa0a7f755ced23b) Arguments: /tmp/sync.x86.elf
  • cleanup
SourceRuleDescriptionAuthorStrings
sync.x86.elfLinux_Trojan_Mirai_389ee3e9unknownunknown
  • 0x8723:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
sync.x86.elfLinux_Trojan_Mirai_cc93863bunknownunknown
  • 0x73a6:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
SourceRuleDescriptionAuthorStrings
5489.1.0000000008048000.0000000008055000.r-x.sdmpLinux_Trojan_Mirai_389ee3e9unknownunknown
  • 0x8723:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5489.1.0000000008048000.0000000008055000.r-x.sdmpLinux_Trojan_Mirai_cc93863bunknownunknown
  • 0x73a6:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5490.1.0000000008048000.0000000008055000.r-x.sdmpLinux_Trojan_Mirai_389ee3e9unknownunknown
  • 0x8723:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5490.1.0000000008048000.0000000008055000.r-x.sdmpLinux_Trojan_Mirai_cc93863bunknownunknown
  • 0x73a6:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-15T09:57:19.145719+010020135141A Network Trojan was detected192.168.2.14488031.0.0.153UDP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: sync.x86.elfVirustotal: Detection: 50%Perma Link
Source: sync.x86.elfReversingLabs: Detection: 47%

Networking

barindex
Source: Network trafficSuricata IDS: 2013514 - Severity 1 - ET MALWARE Potential DNS Command and Control via TXT queries : 192.168.2.14:48803 -> 1.0.0.1:53
Source: global trafficTCP traffic: 192.168.2.14:60936 -> 185.194.205.79:61003
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: dnsresolve.socialgains.cf
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

barindex
Source: sync.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: sync.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5489.1.0000000008048000.0000000008055000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5489.1.0000000008048000.0000000008055000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5490.1.0000000008048000.0000000008055000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5490.1.0000000008048000.0000000008055000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: ELF static info symbol of initial sample.symtab present: no
Source: sync.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: sync.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5489.1.0000000008048000.0000000008055000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5489.1.0000000008048000.0000000008055000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5490.1.0000000008048000.0000000008055000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5490.1.0000000008048000.0000000008055000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: classification engineClassification label: mal72.evad.linELF@0/0@17/0

Hooking and other Techniques for Hiding and Protection

barindex
Source: /tmp/sync.x86.elf (PID: 5489)File: /tmp/sync.x86.elfJump to behavior
Source: /tmp/sync.x86.elf (PID: 5491)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/sync.x86.elf (PID: 5491)Sleeps longer then 60s: 60.0sJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Virtualization/Sandbox Evasion
OS Credential Dumping1
Virtualization/Sandbox Evasion
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
File Deletion
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1639340 Sample: sync.x86.elf Startdate: 15/03/2025 Architecture: LINUX Score: 72 15 dnsresolve.socialgains.cf 2->15 17 185.194.205.79, 60936, 61003 HTSENSEFR France 2->17 19 daisy.ubuntu.com 2->19 21 Suricata IDS alerts for network traffic 2->21 23 Malicious sample detected (through community Yara rule) 2->23 25 Multi AV Scanner detection for submitted file 2->25 8 sync.x86.elf 2->8         started        signatures3 27 Performs DNS TXT record lookups 15->27 process4 signatures5 29 Sample deletes itself 8->29 11 sync.x86.elf 8->11         started        process6 process7 13 sync.x86.elf 11->13         started       
SourceDetectionScannerLabelLink
sync.x86.elf50%VirustotalBrowse
sync.x86.elf47%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.25
truefalse
    high
    dnsresolve.socialgains.cf
    unknown
    unknownfalse
      high
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      185.194.205.79
      unknownFrance
      204145HTSENSEFRfalse
      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      185.194.205.79sync.sh4.elfGet hashmaliciousUnknownBrowse
        sync.arm5.elfGet hashmaliciousUnknownBrowse
          sync.x86_64.elfGet hashmaliciousUnknownBrowse
            sync.mipsel.elfGet hashmaliciousUnknownBrowse
              sync.superh.elfGet hashmaliciousUnknownBrowse
                sync.arm7.elfGet hashmaliciousUnknownBrowse
                  sync.arm6.elfGet hashmaliciousUnknownBrowse
                    sync.arm4.elfGet hashmaliciousUnknownBrowse
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      daisy.ubuntu.comboatnet.arm.elfGet hashmaliciousMiraiBrowse
                      • 162.213.35.25
                      boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                      • 162.213.35.25
                      boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                      • 162.213.35.25
                      boatnet.x86.elfGet hashmaliciousMiraiBrowse
                      • 162.213.35.24
                      boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                      • 162.213.35.25
                      boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                      • 162.213.35.25
                      boatnet.mips.elfGet hashmaliciousMiraiBrowse
                      • 162.213.35.24
                      sync.arm6.elfGet hashmaliciousUnknownBrowse
                      • 162.213.35.24
                      sync.arm5.elfGet hashmaliciousUnknownBrowse
                      • 162.213.35.25
                      .i.elfGet hashmaliciousUnknownBrowse
                      • 162.213.35.24
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      HTSENSEFRsync.sh4.elfGet hashmaliciousUnknownBrowse
                      • 185.194.205.79
                      sync.arm5.elfGet hashmaliciousUnknownBrowse
                      • 185.194.205.79
                      sync.x86_64.elfGet hashmaliciousUnknownBrowse
                      • 185.194.205.79
                      sync.mipsel.elfGet hashmaliciousUnknownBrowse
                      • 185.194.205.79
                      sync.superh.elfGet hashmaliciousUnknownBrowse
                      • 185.194.205.79
                      sync.arm7.elfGet hashmaliciousUnknownBrowse
                      • 185.194.205.79
                      sync.arm6.elfGet hashmaliciousUnknownBrowse
                      • 185.194.205.79
                      sync.arm4.elfGet hashmaliciousUnknownBrowse
                      • 185.194.205.79
                      No context
                      No context
                      No created / dropped files found
                      File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
                      Entropy (8bit):6.59317350129973
                      TrID:
                      • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                      • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                      File name:sync.x86.elf
                      File size:50'580 bytes
                      MD5:7fbc59a5a08e9c025fa0a7f755ced23b
                      SHA1:d371d394b1b23fe9aaae5338cab728846ca9811e
                      SHA256:9c5ccfe9376d915a9ca05c533be888710c801508c1d8d6f144a11fa23bcba283
                      SHA512:6989af97622ecb2995b9b4d65a0597800ab441a2f3e2632c3fff927caef046daaee694a7b3df2359615f504d1b92db2762ab573144e10876c87a7fce03685a7c
                      SSDEEP:1536:cYcTr8YZwah5QOIScXXR8mbgg6HaZdbiS8HC9+hSbM:exRcXXRSSViS66+WM
                      TLSH:78334BC6A582C8B6F99B40F0462BE725BB72F0372015D653F3521D2AD872AC0D6D739E
                      File Content Preview:.ELF....................d...4...........4. ...(..............................................P...P..$...............Q.td............................U..S............h........[]...$.............U......=.S...t..5.....P......P......u........t....h.@..........

                      ELF header

                      Class:ELF32
                      Data:2's complement, little endian
                      Version:1 (current)
                      Machine:Intel 80386
                      Version Number:0x1
                      Type:EXEC (Executable file)
                      OS/ABI:UNIX - System V
                      ABI Version:0
                      Entry Point Address:0x8048164
                      Flags:0x0
                      ELF Header Size:52
                      Program Header Offset:52
                      Program Header Size:32
                      Number of Program Headers:3
                      Section Header Offset:50180
                      Section Header Size:40
                      Number of Section Headers:10
                      Header String Table Index:9
                      NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                      NULL0x00x00x00x00x0000
                      .initPROGBITS0x80480940x940x1c0x00x6AX001
                      .textPROGBITS0x80480b00xb00xa2c60x00x6AX0016
                      .finiPROGBITS0x80523760xa3760x170x00x6AX001
                      .rodataPROGBITS0x80523a00xa3a00x1cfc0x00x2A0032
                      .ctorsPROGBITS0x80550a00xc0a00x80x00x3WA004
                      .dtorsPROGBITS0x80550a80xc0a80x80x00x3WA004
                      .dataPROGBITS0x80550c00xc0c00x3040x00x3WA0032
                      .bssNOBITS0x80553e00xc3c40xa6400x00x3WA0032
                      .shstrtabSTRTAB0x00xc3c40x3e0x00x0001
                      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                      LOAD0x00x80480000x80480000xc09c0xc09c6.63230x5R E0x1000.init .text .fini .rodata
                      LOAD0xc0a00x80550a00x80550a00x3240xa9804.19710x6RW 0x1000.ctors .dtors .data .bss
                      GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                      Download Network PCAP: filteredfull

                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                      2025-03-15T09:57:19.145719+01002013514ET MALWARE Potential DNS Command and Control via TXT queries1192.168.2.14488031.0.0.153UDP
                      • Total Packets: 21
                      • 61003 undefined
                      • 53 (DNS)
                      TimestampSource PortDest PortSource IPDest IP
                      Mar 15, 2025 09:57:31.767437935 CET6093661003192.168.2.14185.194.205.79
                      Mar 15, 2025 09:57:31.772197962 CET6100360936185.194.205.79192.168.2.14
                      Mar 15, 2025 09:57:31.772281885 CET6093661003192.168.2.14185.194.205.79
                      Mar 15, 2025 09:57:31.933556080 CET6093661003192.168.2.14185.194.205.79
                      Mar 15, 2025 09:57:31.938615084 CET6100360936185.194.205.79192.168.2.14
                      Mar 15, 2025 09:57:31.938668013 CET6093661003192.168.2.14185.194.205.79
                      TimestampSource PortDest PortSource IPDest IP
                      Mar 15, 2025 09:57:16.072112083 CET4942553192.168.2.148.8.4.4
                      Mar 15, 2025 09:57:16.087176085 CET53494258.8.4.4192.168.2.14
                      Mar 15, 2025 09:57:17.088277102 CET5362153192.168.2.141.1.1.1
                      Mar 15, 2025 09:57:17.113708973 CET53536211.1.1.1192.168.2.14
                      Mar 15, 2025 09:57:18.115376949 CET5533653192.168.2.148.8.8.8
                      Mar 15, 2025 09:57:18.144499063 CET53553368.8.8.8192.168.2.14
                      Mar 15, 2025 09:57:19.145719051 CET4880353192.168.2.141.0.0.1
                      Mar 15, 2025 09:57:19.173408031 CET53488031.0.0.1192.168.2.14
                      Mar 15, 2025 09:57:20.174491882 CET3899753192.168.2.148.8.8.8
                      Mar 15, 2025 09:57:20.190814972 CET53389978.8.8.8192.168.2.14
                      Mar 15, 2025 09:57:21.191967010 CET4446553192.168.2.148.8.4.4
                      Mar 15, 2025 09:57:21.220438957 CET53444658.8.4.4192.168.2.14
                      Mar 15, 2025 09:57:22.221637011 CET6070453192.168.2.141.1.1.1
                      Mar 15, 2025 09:57:22.360769987 CET53607041.1.1.1192.168.2.14
                      Mar 15, 2025 09:57:23.362248898 CET5136053192.168.2.148.8.8.8
                      Mar 15, 2025 09:57:23.377374887 CET53513608.8.8.8192.168.2.14
                      Mar 15, 2025 09:57:24.378371000 CET5761953192.168.2.141.0.0.1
                      Mar 15, 2025 09:57:24.510049105 CET53576191.0.0.1192.168.2.14
                      Mar 15, 2025 09:57:25.511120081 CET5498053192.168.2.148.8.4.4
                      Mar 15, 2025 09:57:25.526752949 CET53549808.8.4.4192.168.2.14
                      Mar 15, 2025 09:57:26.527642012 CET4846553192.168.2.141.1.1.1
                      Mar 15, 2025 09:57:26.552057028 CET53484651.1.1.1192.168.2.14
                      Mar 15, 2025 09:57:27.553080082 CET4550953192.168.2.148.8.8.8
                      Mar 15, 2025 09:57:27.568468094 CET53455098.8.8.8192.168.2.14
                      Mar 15, 2025 09:57:28.569669962 CET4041953192.168.2.141.1.1.1
                      Mar 15, 2025 09:57:28.720647097 CET53404191.1.1.1192.168.2.14
                      Mar 15, 2025 09:57:29.722104073 CET3497953192.168.2.148.8.4.4
                      Mar 15, 2025 09:57:29.736926079 CET53349798.8.4.4192.168.2.14
                      Mar 15, 2025 09:57:30.738380909 CET5797853192.168.2.148.8.8.8
                      Mar 15, 2025 09:57:30.766427040 CET53579788.8.8.8192.168.2.14
                      Mar 15, 2025 09:57:32.347098112 CET3388753192.168.2.148.8.8.8
                      Mar 15, 2025 09:57:32.347162962 CET4040553192.168.2.148.8.8.8
                      Mar 15, 2025 09:57:32.353266001 CET53404058.8.8.8192.168.2.14
                      Mar 15, 2025 09:57:32.353604078 CET53338878.8.8.8192.168.2.14
                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Mar 15, 2025 09:57:16.072112083 CET192.168.2.148.8.4.40xa903Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                      Mar 15, 2025 09:57:17.088277102 CET192.168.2.141.1.1.10xa903Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                      Mar 15, 2025 09:57:18.115376949 CET192.168.2.148.8.8.80xa903Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                      Mar 15, 2025 09:57:19.145719051 CET192.168.2.141.0.0.10xa903Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                      Mar 15, 2025 09:57:20.174491882 CET192.168.2.148.8.8.80xa903Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                      Mar 15, 2025 09:57:21.191967010 CET192.168.2.148.8.4.40xa903Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                      Mar 15, 2025 09:57:22.221637011 CET192.168.2.141.1.1.10xa903Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                      Mar 15, 2025 09:57:23.362248898 CET192.168.2.148.8.8.80xa903Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                      Mar 15, 2025 09:57:24.378371000 CET192.168.2.141.0.0.10xa903Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                      Mar 15, 2025 09:57:25.511120081 CET192.168.2.148.8.4.40xa903Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                      Mar 15, 2025 09:57:26.527642012 CET192.168.2.141.1.1.10xa903Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                      Mar 15, 2025 09:57:27.553080082 CET192.168.2.148.8.8.80xa903Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                      Mar 15, 2025 09:57:28.569669962 CET192.168.2.141.1.1.10xa903Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                      Mar 15, 2025 09:57:29.722104073 CET192.168.2.148.8.4.40xa903Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                      Mar 15, 2025 09:57:30.738380909 CET192.168.2.148.8.8.80xa903Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                      Mar 15, 2025 09:57:32.347098112 CET192.168.2.148.8.8.80xad1Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                      Mar 15, 2025 09:57:32.347162962 CET192.168.2.148.8.8.80x6936Standard query (0)daisy.ubuntu.com28IN (0x0001)false
                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Mar 15, 2025 09:57:16.087176085 CET8.8.4.4192.168.2.140xa903Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                      Mar 15, 2025 09:57:17.113708973 CET1.1.1.1192.168.2.140xa903Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                      Mar 15, 2025 09:57:18.144499063 CET8.8.8.8192.168.2.140xa903Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                      Mar 15, 2025 09:57:19.173408031 CET1.0.0.1192.168.2.140xa903Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                      Mar 15, 2025 09:57:20.190814972 CET8.8.8.8192.168.2.140xa903Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                      Mar 15, 2025 09:57:21.220438957 CET8.8.4.4192.168.2.140xa903Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                      Mar 15, 2025 09:57:22.360769987 CET1.1.1.1192.168.2.140xa903Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                      Mar 15, 2025 09:57:23.377374887 CET8.8.8.8192.168.2.140xa903Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                      Mar 15, 2025 09:57:24.510049105 CET1.0.0.1192.168.2.140xa903Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                      Mar 15, 2025 09:57:25.526752949 CET8.8.4.4192.168.2.140xa903Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                      Mar 15, 2025 09:57:26.552057028 CET1.1.1.1192.168.2.140xa903Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                      Mar 15, 2025 09:57:27.568468094 CET8.8.8.8192.168.2.140xa903Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                      Mar 15, 2025 09:57:28.720647097 CET1.1.1.1192.168.2.140xa903Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                      Mar 15, 2025 09:57:29.736926079 CET8.8.4.4192.168.2.140xa903Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                      Mar 15, 2025 09:57:30.766427040 CET8.8.8.8192.168.2.140xa903Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                      Mar 15, 2025 09:57:32.353604078 CET8.8.8.8192.168.2.140xad1No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                      Mar 15, 2025 09:57:32.353604078 CET8.8.8.8192.168.2.140xad1No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

                      System Behavior

                      Start time (UTC):08:57:14
                      Start date (UTC):15/03/2025
                      Path:/tmp/sync.x86.elf
                      Arguments:/tmp/sync.x86.elf
                      File size:50580 bytes
                      MD5 hash:7fbc59a5a08e9c025fa0a7f755ced23b

                      Start time (UTC):08:57:14
                      Start date (UTC):15/03/2025
                      Path:/tmp/sync.x86.elf
                      Arguments:-
                      File size:50580 bytes
                      MD5 hash:7fbc59a5a08e9c025fa0a7f755ced23b

                      Start time (UTC):08:57:14
                      Start date (UTC):15/03/2025
                      Path:/tmp/sync.x86.elf
                      Arguments:-
                      File size:50580 bytes
                      MD5 hash:7fbc59a5a08e9c025fa0a7f755ced23b