Edit tour

Linux Analysis Report
sync.sh4.elf

Overview

General Information

Sample name:sync.sh4.elf
Analysis ID:1641078
MD5:a2f002cd1f103b10539fd1662ba22d91
SHA1:1fe07ba6950e07bf86f218cd53baa66d71ea6ec1
SHA256:c1a1881cb3a72a7ffb9d2d60e4c233e82cc65debf6bc23a94186f03afa45c1a2
Tags:elfGafgytuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Performs DNS TXT record lookups
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Sample has stripped symbol table
Sleeps for long times indicative of sandbox evasion
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1641078
Start date and time:2025-03-18 02:35:59 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 25s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:sync.sh4.elf
Detection:MAL
Classification:mal64.evad.linELF@0/0@15/0
Command:/tmp/sync.sh4.elf
PID:5436
Exit Code:1
Exit Code Info:
Killed:False
Standard Output:
syncne
Standard Error:
  • system is lnxubuntu20
  • sync.sh4.elf (PID: 5436, Parent: 5363, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/sync.sh4.elf
  • cleanup
No yara matches
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-18T02:36:59.390187+010020135141A Network Trojan was detected192.168.2.13419891.0.0.153UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-18T02:38:02.862401+010028486071Malware Command and Control Activity Detected185.194.205.7961003192.168.2.1338598TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-18T02:38:02.653902+010028486061Malware Command and Control Activity Detected192.168.2.1338598185.194.205.7961003TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: sync.sh4.elfVirustotal: Detection: 46%Perma Link
Source: sync.sh4.elfReversingLabs: Detection: 41%

Networking

barindex
Source: Network trafficSuricata IDS: 2013514 - Severity 1 - ET MALWARE Potential DNS Command and Control via TXT queries : 192.168.2.13:41989 -> 1.0.0.1:53
Source: Network trafficSuricata IDS: 2848606 - Severity 1 - ETPRO MALWARE ELF/DarkNexus CnC Beacon Keep-Alive (Outbound) : 192.168.2.13:38598 -> 185.194.205.79:61003
Source: Network trafficSuricata IDS: 2848607 - Severity 1 - ETPRO MALWARE ELF/DarkNexus CnC Beacon Keep-Alive (Inbound) : 185.194.205.79:61003 -> 192.168.2.13:38598
Source: global trafficTCP traffic: 192.168.2.13:38598 -> 185.194.205.79:61003
Source: unknownDNS traffic detected: query: dnsresolve.socialgains.cf replaycode: Name error (3)
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: dnsresolve.socialgains.cf
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal64.evad.linELF@0/0@15/0

Hooking and other Techniques for Hiding and Protection

barindex
Source: /tmp/sync.sh4.elf (PID: 5436)File: /tmp/sync.sh4.elfJump to behavior
Source: sync.sh4.elfSubmission file: segment LOAD with 7.0065 entropy (max. 8.0)
Source: /tmp/sync.sh4.elf (PID: 5440)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/sync.sh4.elf (PID: 5440)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/sync.sh4.elf (PID: 5436)Queries kernel information via 'uname': Jump to behavior
Source: sync.sh4.elf, 5436.1.00007ffe02ebb000.00007ffe02edc000.rw-.sdmpBinary or memory string: 22x86_64/usr/bin/qemu-sh4/tmp/sync.sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/sync.sh4.elf
Source: sync.sh4.elf, 5436.1.00007ffe02ebb000.00007ffe02edc000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sh4
Source: sync.sh4.elf, 5436.1.00005618a4d75000.00005618a4dd8000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sh4
Source: sync.sh4.elf, 5436.1.00005618a4d75000.00005618a4dd8000.rw-.sdmpBinary or memory string: V5!/etc/qemu-binfmt/sh4

HIPS / PFW / Operating System Protection Evasion

barindex
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Virtualization/Sandbox Evasion
OS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Obfuscated Files or Information
LSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1641078 Sample: sync.sh4.elf Startdate: 18/03/2025 Architecture: LINUX Score: 64 15 dnsresolve.socialgains.cf 2->15 17 185.194.205.79, 38598, 61003 HTSENSEFR France 2->17 19 Suricata IDS alerts for network traffic 2->19 21 Multi AV Scanner detection for submitted file 2->21 8 sync.sh4.elf 2->8         started        signatures3 23 Performs DNS TXT record lookups 15->23 process4 signatures5 25 Sample deletes itself 8->25 11 sync.sh4.elf 8->11         started        process6 process7 13 sync.sh4.elf 11->13         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
sync.sh4.elf46%VirustotalBrowse
sync.sh4.elf42%ReversingLabsLinux.Backdoor.Gafgyt
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
dnsresolve.socialgains.cf
unknown
unknownfalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    185.194.205.79
    unknownFrance
    204145HTSENSEFRtrue
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    185.194.205.79sync.x86.elfGet hashmaliciousUnknownBrowse
      sync.x86.elfGet hashmaliciousUnknownBrowse
        sync.sh4.elfGet hashmaliciousUnknownBrowse
          sync.arm5.elfGet hashmaliciousUnknownBrowse
            sync.x86_64.elfGet hashmaliciousUnknownBrowse
              sync.mipsel.elfGet hashmaliciousUnknownBrowse
                sync.superh.elfGet hashmaliciousUnknownBrowse
                  sync.arm7.elfGet hashmaliciousUnknownBrowse
                    sync.arm6.elfGet hashmaliciousUnknownBrowse
                      sync.arm4.elfGet hashmaliciousUnknownBrowse
                        No context
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        HTSENSEFRsync.x86.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.x86.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.sh4.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm5.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.x86_64.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.mipsel.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.superh.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm7.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm6.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm4.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        No context
                        No context
                        No created / dropped files found
                        File type:ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
                        Entropy (8bit):6.949938105295442
                        TrID:
                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                        File name:sync.sh4.elf
                        File size:51'836 bytes
                        MD5:a2f002cd1f103b10539fd1662ba22d91
                        SHA1:1fe07ba6950e07bf86f218cd53baa66d71ea6ec1
                        SHA256:c1a1881cb3a72a7ffb9d2d60e4c233e82cc65debf6bc23a94186f03afa45c1a2
                        SHA512:1a7ec67c2fa39a1e40886b9bd953f7aad54d0047d685e44734cd4fb85d0ff7baf95c18cbd57c551887310e3b9f678d5f6736e5e48f81cd79e79577102bda1ff3
                        SSDEEP:1536:YC388H4HRn+vb5QR7+sHcdByStKgxBvseXQCR+kwf:JtH4HRn+vtQR7+sHcqhgUeXQ2wf
                        TLSH:80338D939C25AE48C0B5E5F271706FBAF763E8049A875FDA2992C22A9453DCDF0453F0
                        File Content Preview:.ELF..............*.......@.4...........4. ...(...............@...@...........................A...A.................Q.td............................././"O.n........#.*@........#.*@.....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

                        ELF header

                        Class:ELF32
                        Data:2's complement, little endian
                        Version:1 (current)
                        Machine:<unknown>
                        Version Number:0x1
                        Type:EXEC (Executable file)
                        OS/ABI:UNIX - System V
                        ABI Version:0
                        Entry Point Address:0x4001a0
                        Flags:0x9
                        ELF Header Size:52
                        Program Header Offset:52
                        Program Header Size:32
                        Number of Program Headers:3
                        Section Header Offset:51436
                        Section Header Size:40
                        Number of Section Headers:10
                        Header String Table Index:9
                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                        NULL0x00x00x00x00x0000
                        .initPROGBITS0x4000940x940x300x00x6AX004
                        .textPROGBITS0x4000e00xe00xa9000x00x6AX0032
                        .finiPROGBITS0x40a9e00xa9e00x240x00x6AX004
                        .rodataPROGBITS0x40aa040xaa040x1ab40x00x2A004
                        .ctorsPROGBITS0x41c4bc0xc4bc0x80x00x3WA004
                        .dtorsPROGBITS0x41c4c40xc4c40x80x00x3WA004
                        .dataPROGBITS0x41c4d00xc4d00x3dc0x00x3WA004
                        .bssNOBITS0x41c8ac0xc8ac0xa2ac0x00x3WA004
                        .shstrtabSTRTAB0x00xc8ac0x3e0x00x0001
                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                        LOAD0x00x4000000x4000000xc4b80xc4b87.00650x5R E0x10000.init .text .fini .rodata
                        LOAD0xc4bc0x41c4bc0x41c4bc0x3f00xa69c3.58920x6RW 0x10000.ctors .dtors .data .bss
                        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                        Download Network PCAP: filteredfull

                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                        2025-03-18T02:36:59.390187+01002013514ET MALWARE Potential DNS Command and Control via TXT queries1192.168.2.13419891.0.0.153UDP
                        2025-03-18T02:38:02.653902+01002848606ETPRO MALWARE ELF/DarkNexus CnC Beacon Keep-Alive (Outbound)1192.168.2.1338598185.194.205.7961003TCP
                        2025-03-18T02:38:02.862401+01002848607ETPRO MALWARE ELF/DarkNexus CnC Beacon Keep-Alive (Inbound)1185.194.205.7961003192.168.2.1338598TCP
                        • Total Packets: 20
                        • 61003 undefined
                        • 53 (DNS)
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 18, 2025 02:37:02.588203907 CET3859861003192.168.2.13185.194.205.79
                        Mar 18, 2025 02:37:02.592814922 CET6100338598185.194.205.79192.168.2.13
                        Mar 18, 2025 02:37:02.592869043 CET3859861003192.168.2.13185.194.205.79
                        Mar 18, 2025 02:37:02.592962980 CET3859861003192.168.2.13185.194.205.79
                        Mar 18, 2025 02:37:02.597603083 CET6100338598185.194.205.79192.168.2.13
                        Mar 18, 2025 02:38:02.653902054 CET3859861003192.168.2.13185.194.205.79
                        Mar 18, 2025 02:38:02.658716917 CET6100338598185.194.205.79192.168.2.13
                        Mar 18, 2025 02:38:02.862401009 CET6100338598185.194.205.79192.168.2.13
                        Mar 18, 2025 02:38:02.862564087 CET3859861003192.168.2.13185.194.205.79
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 18, 2025 02:36:46.510251999 CET3837253192.168.2.131.0.0.1
                        Mar 18, 2025 02:36:46.691287041 CET53383721.0.0.1192.168.2.13
                        Mar 18, 2025 02:36:47.694413900 CET5667653192.168.2.138.8.4.4
                        Mar 18, 2025 02:36:47.722734928 CET53566768.8.4.4192.168.2.13
                        Mar 18, 2025 02:36:48.725115061 CET4472453192.168.2.138.8.8.8
                        Mar 18, 2025 02:36:48.754106998 CET53447248.8.8.8192.168.2.13
                        Mar 18, 2025 02:36:49.756724119 CET5936453192.168.2.138.8.4.4
                        Mar 18, 2025 02:36:49.771475077 CET53593648.8.4.4192.168.2.13
                        Mar 18, 2025 02:36:50.774213076 CET5692053192.168.2.131.1.1.1
                        Mar 18, 2025 02:36:50.942290068 CET53569201.1.1.1192.168.2.13
                        Mar 18, 2025 02:36:51.944781065 CET3738053192.168.2.131.0.0.1
                        Mar 18, 2025 02:36:52.125825882 CET53373801.0.0.1192.168.2.13
                        Mar 18, 2025 02:36:53.128854990 CET3472253192.168.2.131.0.0.1
                        Mar 18, 2025 02:36:53.169512987 CET53347221.0.0.1192.168.2.13
                        Mar 18, 2025 02:36:54.171549082 CET4340053192.168.2.138.8.4.4
                        Mar 18, 2025 02:36:54.186568975 CET53434008.8.4.4192.168.2.13
                        Mar 18, 2025 02:36:55.188374043 CET4094953192.168.2.138.8.4.4
                        Mar 18, 2025 02:36:55.202898026 CET53409498.8.4.4192.168.2.13
                        Mar 18, 2025 02:36:56.205117941 CET5069853192.168.2.138.8.4.4
                        Mar 18, 2025 02:36:56.219652891 CET53506988.8.4.4192.168.2.13
                        Mar 18, 2025 02:36:57.221879959 CET3309753192.168.2.131.1.1.1
                        Mar 18, 2025 02:36:57.358555079 CET53330971.1.1.1192.168.2.13
                        Mar 18, 2025 02:36:58.360497952 CET5001553192.168.2.138.8.4.4
                        Mar 18, 2025 02:36:58.388334990 CET53500158.8.4.4192.168.2.13
                        Mar 18, 2025 02:36:59.390187025 CET4198953192.168.2.131.0.0.1
                        Mar 18, 2025 02:36:59.414829969 CET53419891.0.0.1192.168.2.13
                        Mar 18, 2025 02:37:00.416882038 CET4781153192.168.2.131.1.1.1
                        Mar 18, 2025 02:37:00.543433905 CET53478111.1.1.1192.168.2.13
                        Mar 18, 2025 02:37:01.545370102 CET4659253192.168.2.131.1.1.1
                        Mar 18, 2025 02:37:01.584938049 CET53465921.1.1.1192.168.2.13
                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Mar 18, 2025 02:36:46.510251999 CET192.168.2.131.0.0.10xba49Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:36:47.694413900 CET192.168.2.138.8.4.40xba49Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:36:48.725115061 CET192.168.2.138.8.8.80xba49Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:36:49.756724119 CET192.168.2.138.8.4.40xba49Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:36:50.774213076 CET192.168.2.131.1.1.10xba49Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:36:51.944781065 CET192.168.2.131.0.0.10xba49Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:36:53.128854990 CET192.168.2.131.0.0.10xba49Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:36:54.171549082 CET192.168.2.138.8.4.40xba49Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:36:55.188374043 CET192.168.2.138.8.4.40xba49Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:36:56.205117941 CET192.168.2.138.8.4.40xba49Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:36:57.221879959 CET192.168.2.131.1.1.10xba49Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:36:58.360497952 CET192.168.2.138.8.4.40xba49Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:36:59.390187025 CET192.168.2.131.0.0.10xba49Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:37:00.416882038 CET192.168.2.131.1.1.10xba49Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:37:01.545370102 CET192.168.2.131.1.1.10xba49Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Mar 18, 2025 02:36:46.691287041 CET1.0.0.1192.168.2.130xba49Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:36:47.722734928 CET8.8.4.4192.168.2.130xba49Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:36:48.754106998 CET8.8.8.8192.168.2.130xba49Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:36:49.771475077 CET8.8.4.4192.168.2.130xba49Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:36:50.942290068 CET1.1.1.1192.168.2.130xba49Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:36:52.125825882 CET1.0.0.1192.168.2.130xba49Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:36:53.169512987 CET1.0.0.1192.168.2.130xba49Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:36:54.186568975 CET8.8.4.4192.168.2.130xba49Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:36:55.202898026 CET8.8.4.4192.168.2.130xba49Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:36:56.219652891 CET8.8.4.4192.168.2.130xba49Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:36:57.358555079 CET1.1.1.1192.168.2.130xba49Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:36:58.388334990 CET8.8.4.4192.168.2.130xba49Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:36:59.414829969 CET1.0.0.1192.168.2.130xba49Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:37:00.543433905 CET1.1.1.1192.168.2.130xba49Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:37:01.584938049 CET1.1.1.1192.168.2.130xba49Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false

                        System Behavior

                        Start time (UTC):01:36:45
                        Start date (UTC):18/03/2025
                        Path:/tmp/sync.sh4.elf
                        Arguments:/tmp/sync.sh4.elf
                        File size:4139976 bytes
                        MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                        Start time (UTC):01:36:45
                        Start date (UTC):18/03/2025
                        Path:/tmp/sync.sh4.elf
                        Arguments:-
                        File size:4139976 bytes
                        MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                        Start time (UTC):01:36:45
                        Start date (UTC):18/03/2025
                        Path:/tmp/sync.sh4.elf
                        Arguments:-
                        File size:4139976 bytes
                        MD5 hash:8943e5f8f8c280467b4472c15ae93ba9