Edit tour

Linux Analysis Report
sync.arm4.elf

Overview

General Information

Sample name:sync.arm4.elf
Analysis ID:1641096
MD5:0141bb50823a87041dfe1f975c59d806
SHA1:adcf04b7d8d047ef4b8dcf13e48f21408dcc4449
SHA256:ad094a71b4f238f53cc99d93410d10466aa0c4b7aca1d4cdaf653d40d382cc97
Tags:elfMiraiuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Performs DNS TXT record lookups
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sleeps for long times indicative of sandbox evasion
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1641096
Start date and time:2025-03-18 02:55:51 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 18s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:sync.arm4.elf
Detection:MAL
Classification:mal64.evad.linELF@0/0@15/0
Command:/tmp/sync.arm4.elf
PID:5488
Exit Code:1
Exit Code Info:
Killed:False
Standard Output:
syncne
Standard Error:
  • system is lnxubuntu20
  • sync.arm4.elf (PID: 5488, Parent: 5413, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/sync.arm4.elf
  • cleanup
No yara matches
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-18T02:56:35.545512+010020135141A Network Trojan was detected192.168.2.14357098.8.4.453UDP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: sync.arm4.elfVirustotal: Detection: 46%Perma Link
Source: sync.arm4.elfReversingLabs: Detection: 44%

Networking

barindex
Source: Network trafficSuricata IDS: 2013514 - Severity 1 - ET MALWARE Potential DNS Command and Control via TXT queries : 192.168.2.14:35709 -> 8.8.4.4:53
Source: global trafficTCP traffic: 192.168.2.14:60936 -> 185.194.205.79:61003
Source: unknownDNS traffic detected: query: dnsresolve.socialgains.cf replaycode: Name error (3)
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: global trafficDNS traffic detected: DNS query: dnsresolve.socialgains.cf
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal64.evad.linELF@0/0@15/0

Hooking and other Techniques for Hiding and Protection

barindex
Source: /tmp/sync.arm4.elf (PID: 5488)File: /tmp/sync.arm4.elfJump to behavior
Source: /tmp/sync.arm4.elf (PID: 5492)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/sync.arm4.elf (PID: 5492)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/sync.arm4.elf (PID: 5488)Queries kernel information via 'uname': Jump to behavior
Source: sync.arm4.elf, 5488.1.00007fff40ec6000.00007fff40ee7000.rw-.sdmpBinary or memory string: 4x86_64/usr/bin/qemu-arm/tmp/sync.arm4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/sync.arm4.elf
Source: sync.arm4.elf, 5488.1.000055e856d2e000.000055e856e5c000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
Source: sync.arm4.elf, 5488.1.000055e856d2e000.000055e856e5c000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: sync.arm4.elf, 5488.1.00007fff40ec6000.00007fff40ee7000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

HIPS / PFW / Operating System Protection Evasion

barindex
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Virtualization/Sandbox Evasion
OS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
File Deletion
LSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1641096 Sample: sync.arm4.elf Startdate: 18/03/2025 Architecture: LINUX Score: 64 15 dnsresolve.socialgains.cf 2->15 17 185.194.205.79, 60936, 61003 HTSENSEFR France 2->17 19 Suricata IDS alerts for network traffic 2->19 21 Multi AV Scanner detection for submitted file 2->21 8 sync.arm4.elf 2->8         started        signatures3 23 Performs DNS TXT record lookups 15->23 process4 signatures5 25 Sample deletes itself 8->25 11 sync.arm4.elf 8->11         started        process6 process7 13 sync.arm4.elf 11->13         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
sync.arm4.elf46%VirustotalBrowse
sync.arm4.elf44%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
dnsresolve.socialgains.cf
unknown
unknownfalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    185.194.205.79
    unknownFrance
    204145HTSENSEFRfalse
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    185.194.205.79sync.sh4.elfGet hashmaliciousUnknownBrowse
      sync.x86.elfGet hashmaliciousUnknownBrowse
        sync.x86.elfGet hashmaliciousUnknownBrowse
          sync.sh4.elfGet hashmaliciousUnknownBrowse
            sync.arm5.elfGet hashmaliciousUnknownBrowse
              sync.x86_64.elfGet hashmaliciousUnknownBrowse
                sync.mipsel.elfGet hashmaliciousUnknownBrowse
                  sync.superh.elfGet hashmaliciousUnknownBrowse
                    sync.arm7.elfGet hashmaliciousUnknownBrowse
                      sync.arm6.elfGet hashmaliciousUnknownBrowse
                        No context
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        HTSENSEFRsync.sh4.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.x86.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.x86.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.sh4.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm5.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.x86_64.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.mipsel.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.superh.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm7.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm6.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        No context
                        No context
                        No created / dropped files found
                        File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                        Entropy (8bit):6.1075120015402
                        TrID:
                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                        File name:sync.arm4.elf
                        File size:63'808 bytes
                        MD5:0141bb50823a87041dfe1f975c59d806
                        SHA1:adcf04b7d8d047ef4b8dcf13e48f21408dcc4449
                        SHA256:ad094a71b4f238f53cc99d93410d10466aa0c4b7aca1d4cdaf653d40d382cc97
                        SHA512:92df036a0b3553e19c4b8366825e0fb4006eb7f1acd4f402d804da27e4eb79847788490ab18bbc1c48e908f7565539c26b7e2d5814cbba5781036af97a7f518f
                        SSDEEP:1536:SiQM4BSRmt0TvNsp9ADVjiVJxW/viK9T/i/ovAC:hJBNK9ADVmVJxW3HZbAC
                        TLSH:89535B42F8C2A213C5D45A7AFA4E43CC371257E8E2DE3203CE2A5F61379B56B0EA7511
                        File Content Preview:.ELF...a..........(.........4...........4. ...(.....................|...|...........................................Q.td..................................-...L."....5..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

                        ELF header

                        Class:ELF32
                        Data:2's complement, little endian
                        Version:1 (current)
                        Machine:ARM
                        Version Number:0x1
                        Type:EXEC (Executable file)
                        OS/ABI:ARM - ABI
                        ABI Version:0
                        Entry Point Address:0x8190
                        Flags:0x202
                        ELF Header Size:52
                        Program Header Offset:52
                        Program Header Size:32
                        Number of Program Headers:3
                        Section Header Offset:63408
                        Section Header Size:40
                        Number of Section Headers:10
                        Header String Table Index:9
                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                        NULL0x00x00x00x00x0000
                        .initPROGBITS0x80940x940x180x00x6AX004
                        .textPROGBITS0x80b00xb00xd8000x00x6AX0016
                        .finiPROGBITS0x158b00xd8b00x140x00x6AX004
                        .rodataPROGBITS0x158c40xd8c40x1ab80x00x2A004
                        .ctorsPROGBITS0x1f3800xf3800x80x00x3WA004
                        .dtorsPROGBITS0x1f3880xf3880x80x00x3WA004
                        .dataPROGBITS0x1f3940xf3940x3dc0x00x3WA004
                        .bssNOBITS0x1f7700xf7700xa2ac0x00x3WA004
                        .shstrtabSTRTAB0x00xf7700x3e0x00x0001
                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                        LOAD0x00x80000x80000xf37c0xf37c6.13850x5R E0x8000.init .text .fini .rodata
                        LOAD0xf3800x1f3800x1f3800x3f00xa69c3.52470x6RW 0x8000.ctors .dtors .data .bss
                        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                        Download Network PCAP: filteredfull

                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                        2025-03-18T02:56:35.545512+01002013514ET MALWARE Potential DNS Command and Control via TXT queries1192.168.2.14357098.8.4.453UDP
                        • Total Packets: 19
                        • 61003 undefined
                        • 53 (DNS)
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 18, 2025 02:56:45.065762043 CET6093661003192.168.2.14185.194.205.79
                        Mar 18, 2025 02:56:45.071933985 CET6100360936185.194.205.79192.168.2.14
                        Mar 18, 2025 02:56:45.072060108 CET6093661003192.168.2.14185.194.205.79
                        Mar 18, 2025 02:56:45.072175026 CET6093661003192.168.2.14185.194.205.79
                        Mar 18, 2025 02:56:45.078023911 CET6100360936185.194.205.79192.168.2.14
                        Mar 18, 2025 02:57:45.109854937 CET6093661003192.168.2.14185.194.205.79
                        Mar 18, 2025 02:57:45.114684105 CET6100360936185.194.205.79192.168.2.14
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 18, 2025 02:56:29.303044081 CET4706653192.168.2.148.8.4.4
                        Mar 18, 2025 02:56:29.318551064 CET53470668.8.4.4192.168.2.14
                        Mar 18, 2025 02:56:30.339195013 CET3872453192.168.2.148.8.8.8
                        Mar 18, 2025 02:56:30.354130983 CET53387248.8.8.8192.168.2.14
                        Mar 18, 2025 02:56:31.355839968 CET5473253192.168.2.141.1.1.1
                        Mar 18, 2025 02:56:31.380656958 CET53547321.1.1.1192.168.2.14
                        Mar 18, 2025 02:56:32.382570982 CET5682653192.168.2.141.1.1.1
                        Mar 18, 2025 02:56:32.407053947 CET53568261.1.1.1192.168.2.14
                        Mar 18, 2025 02:56:33.409014940 CET5245453192.168.2.141.1.1.1
                        Mar 18, 2025 02:56:33.526523113 CET53524541.1.1.1192.168.2.14
                        Mar 18, 2025 02:56:34.528686047 CET5046153192.168.2.148.8.8.8
                        Mar 18, 2025 02:56:34.543294907 CET53504618.8.8.8192.168.2.14
                        Mar 18, 2025 02:56:35.545511961 CET3570953192.168.2.148.8.4.4
                        Mar 18, 2025 02:56:35.561005116 CET53357098.8.4.4192.168.2.14
                        Mar 18, 2025 02:56:36.563429117 CET4120653192.168.2.148.8.8.8
                        Mar 18, 2025 02:56:36.589200020 CET53412068.8.8.8192.168.2.14
                        Mar 18, 2025 02:56:37.591505051 CET5770553192.168.2.148.8.4.4
                        Mar 18, 2025 02:56:37.606509924 CET53577058.8.4.4192.168.2.14
                        Mar 18, 2025 02:56:38.609095097 CET4537553192.168.2.141.1.1.1
                        Mar 18, 2025 02:56:38.745601892 CET53453751.1.1.1192.168.2.14
                        Mar 18, 2025 02:56:39.748085022 CET5151953192.168.2.148.8.4.4
                        Mar 18, 2025 02:56:39.763427019 CET53515198.8.4.4192.168.2.14
                        Mar 18, 2025 02:56:40.765108109 CET3608353192.168.2.141.0.0.1
                        Mar 18, 2025 02:56:40.883146048 CET53360831.0.0.1192.168.2.14
                        Mar 18, 2025 02:56:41.885230064 CET3805753192.168.2.148.8.8.8
                        Mar 18, 2025 02:56:41.913467884 CET53380578.8.8.8192.168.2.14
                        Mar 18, 2025 02:56:42.915139914 CET4744153192.168.2.148.8.8.8
                        Mar 18, 2025 02:56:42.930180073 CET53474418.8.8.8192.168.2.14
                        Mar 18, 2025 02:56:43.931937933 CET4385153192.168.2.141.0.0.1
                        Mar 18, 2025 02:56:44.063656092 CET53438511.0.0.1192.168.2.14
                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Mar 18, 2025 02:56:29.303044081 CET192.168.2.148.8.4.40xd1e7Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:56:30.339195013 CET192.168.2.148.8.8.80xd1e7Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:56:31.355839968 CET192.168.2.141.1.1.10xd1e7Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:56:32.382570982 CET192.168.2.141.1.1.10xd1e7Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:56:33.409014940 CET192.168.2.141.1.1.10xd1e7Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:56:34.528686047 CET192.168.2.148.8.8.80xd1e7Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:56:35.545511961 CET192.168.2.148.8.4.40xd1e7Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:56:36.563429117 CET192.168.2.148.8.8.80xd1e7Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:56:37.591505051 CET192.168.2.148.8.4.40xd1e7Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:56:38.609095097 CET192.168.2.141.1.1.10xd1e7Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:56:39.748085022 CET192.168.2.148.8.4.40xd1e7Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:56:40.765108109 CET192.168.2.141.0.0.10xd1e7Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:56:41.885230064 CET192.168.2.148.8.8.80xd1e7Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:56:42.915139914 CET192.168.2.148.8.8.80xd1e7Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 02:56:43.931937933 CET192.168.2.141.0.0.10xd1e7Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Mar 18, 2025 02:56:29.318551064 CET8.8.4.4192.168.2.140xd1e7Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:56:30.354130983 CET8.8.8.8192.168.2.140xd1e7Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:56:31.380656958 CET1.1.1.1192.168.2.140xd1e7Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:56:32.407053947 CET1.1.1.1192.168.2.140xd1e7Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:56:33.526523113 CET1.1.1.1192.168.2.140xd1e7Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:56:34.543294907 CET8.8.8.8192.168.2.140xd1e7Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:56:35.561005116 CET8.8.4.4192.168.2.140xd1e7Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:56:36.589200020 CET8.8.8.8192.168.2.140xd1e7Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:56:37.606509924 CET8.8.4.4192.168.2.140xd1e7Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:56:38.745601892 CET1.1.1.1192.168.2.140xd1e7Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:56:39.763427019 CET8.8.4.4192.168.2.140xd1e7Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:56:40.883146048 CET1.0.0.1192.168.2.140xd1e7Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:56:41.913467884 CET8.8.8.8192.168.2.140xd1e7Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:56:42.930180073 CET8.8.8.8192.168.2.140xd1e7Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 02:56:44.063656092 CET1.0.0.1192.168.2.140xd1e7Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false

                        System Behavior

                        Start time (UTC):01:56:28
                        Start date (UTC):18/03/2025
                        Path:/tmp/sync.arm4.elf
                        Arguments:/tmp/sync.arm4.elf
                        File size:4956856 bytes
                        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                        Start time (UTC):01:56:28
                        Start date (UTC):18/03/2025
                        Path:/tmp/sync.arm4.elf
                        Arguments:-
                        File size:4956856 bytes
                        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                        Start time (UTC):01:56:28
                        Start date (UTC):18/03/2025
                        Path:/tmp/sync.arm4.elf
                        Arguments:-
                        File size:4956856 bytes
                        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1