Edit tour

Linux Analysis Report
sync.sh4.elf

Overview

General Information

Sample name:sync.sh4.elf
Analysis ID:1641109
MD5:2bc7cfbfda24d743bcdb4e7e30ec75d1
SHA1:9b0fecf97d3409200d6b94ae8f2e010e154a3bab
SHA256:412b4722750d91499032fa39fbe84a3bae9120b5bc52d5affe812fea95f23faa
Tags:elfMiraiuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Performs DNS TXT record lookups
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Sample has stripped symbol table
Sleeps for long times indicative of sandbox evasion
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1641109
Start date and time:2025-03-18 03:09:34 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 25s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:sync.sh4.elf
Detection:MAL
Classification:mal64.evad.linELF@0/0@15/0
Command:/tmp/sync.sh4.elf
PID:5457
Exit Code:1
Exit Code Info:
Killed:False
Standard Output:
syncne
Standard Error:
  • system is lnxubuntu20
  • sync.sh4.elf (PID: 5457, Parent: 5380, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/sync.sh4.elf
  • cleanup
No yara matches
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-18T03:10:36.668283+010020135141A Network Trojan was detected192.168.2.13527668.8.8.853UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-18T03:11:37.957342+010028486071Malware Command and Control Activity Detected185.194.205.7961003192.168.2.1338598TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-18T03:11:37.754159+010028486061Malware Command and Control Activity Detected192.168.2.1338598185.194.205.7961003TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: sync.sh4.elfVirustotal: Detection: 45%Perma Link
Source: sync.sh4.elfReversingLabs: Detection: 41%

Networking

barindex
Source: Network trafficSuricata IDS: 2013514 - Severity 1 - ET MALWARE Potential DNS Command and Control via TXT queries : 192.168.2.13:52766 -> 8.8.8.8:53
Source: Network trafficSuricata IDS: 2848606 - Severity 1 - ETPRO MALWARE ELF/DarkNexus CnC Beacon Keep-Alive (Outbound) : 192.168.2.13:38598 -> 185.194.205.79:61003
Source: Network trafficSuricata IDS: 2848607 - Severity 1 - ETPRO MALWARE ELF/DarkNexus CnC Beacon Keep-Alive (Inbound) : 185.194.205.79:61003 -> 192.168.2.13:38598
Source: global trafficTCP traffic: 192.168.2.13:38598 -> 185.194.205.79:61003
Source: unknownDNS traffic detected: query: dnsresolve.socialgains.cf replaycode: Name error (3)
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: dnsresolve.socialgains.cf
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal64.evad.linELF@0/0@15/0

Hooking and other Techniques for Hiding and Protection

barindex
Source: /tmp/sync.sh4.elf (PID: 5457)File: /tmp/sync.sh4.elfJump to behavior
Source: sync.sh4.elfSubmission file: segment LOAD with 7.0063 entropy (max. 8.0)
Source: /tmp/sync.sh4.elf (PID: 5461)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/sync.sh4.elf (PID: 5461)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/sync.sh4.elf (PID: 5457)Queries kernel information via 'uname': Jump to behavior
Source: sync.sh4.elf, 5457.1.00007fffc40ff000.00007fffc4120000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sh4/tmp/sync.sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/sync.sh4.elf
Source: sync.sh4.elf, 5457.1.00007fffc40ff000.00007fffc4120000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sh4
Source: sync.sh4.elf, 5457.1.000055d3c7c71000.000055d3c7cd4000.rw-.sdmpBinary or memory string: U5!/etc/qemu-binfmt/sh4
Source: sync.sh4.elf, 5457.1.000055d3c7c71000.000055d3c7cd4000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sh4

HIPS / PFW / Operating System Protection Evasion

barindex
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Virtualization/Sandbox Evasion
OS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Obfuscated Files or Information
LSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1641109 Sample: sync.sh4.elf Startdate: 18/03/2025 Architecture: LINUX Score: 64 15 dnsresolve.socialgains.cf 2->15 17 185.194.205.79, 38598, 61003 HTSENSEFR France 2->17 19 Suricata IDS alerts for network traffic 2->19 21 Multi AV Scanner detection for submitted file 2->21 8 sync.sh4.elf 2->8         started        signatures3 23 Performs DNS TXT record lookups 15->23 process4 signatures5 25 Sample deletes itself 8->25 11 sync.sh4.elf 8->11         started        process6 process7 13 sync.sh4.elf 11->13         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
sync.sh4.elf45%VirustotalBrowse
sync.sh4.elf42%ReversingLabsLinux.Backdoor.Gafgyt
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
dnsresolve.socialgains.cf
unknown
unknownfalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    185.194.205.79
    unknownFrance
    204145HTSENSEFRtrue
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    185.194.205.79sync.superh.elfGet hashmaliciousUnknownBrowse
      sync.x86.elfGet hashmaliciousUnknownBrowse
        sync.superh.elfGet hashmaliciousUnknownBrowse
          sync.mipsel.elfGet hashmaliciousUnknownBrowse
            sync.arm5.elfGet hashmaliciousUnknownBrowse
              sync.arm4.elfGet hashmaliciousUnknownBrowse
                sync.x86_64.elfGet hashmaliciousUnknownBrowse
                  sync.arm4.elfGet hashmaliciousUnknownBrowse
                    sync.sh4.elfGet hashmaliciousUnknownBrowse
                      sync.x86.elfGet hashmaliciousUnknownBrowse
                        No context
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        HTSENSEFRsync.superh.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.x86.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.superh.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.mipsel.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm5.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm4.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.x86_64.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm4.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.sh4.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.x86.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        No context
                        No context
                        No created / dropped files found
                        File type:ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
                        Entropy (8bit):6.9497623626817475
                        TrID:
                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                        File name:sync.sh4.elf
                        File size:51'836 bytes
                        MD5:2bc7cfbfda24d743bcdb4e7e30ec75d1
                        SHA1:9b0fecf97d3409200d6b94ae8f2e010e154a3bab
                        SHA256:412b4722750d91499032fa39fbe84a3bae9120b5bc52d5affe812fea95f23faa
                        SHA512:9d0f72be995eab1fe1ef957d900c736ca8b8a4d9de6ff35a6fd5aeeede2313a1b3fdae231dc663e72737923bdb34dc12b49793ca7522ec1bf5b3820d434f9a32
                        SSDEEP:1536:YC388H4HRn+vb5QR7+sHcdBT7StKgxBvseXQCR+kwf:JtH4HRn+vtQR7+sHc77hgUeXQ2wf
                        TLSH:EA338C939C25AE48C0B5E5F27170AFBAF763E8045A875FDA2992C22A9453DCDF0453F0
                        File Content Preview:.ELF..............*.......@.4...........4. ...(...............@...@...........................A...A.................Q.td............................././"O.n........#.*@........#.*@.....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

                        ELF header

                        Class:ELF32
                        Data:2's complement, little endian
                        Version:1 (current)
                        Machine:<unknown>
                        Version Number:0x1
                        Type:EXEC (Executable file)
                        OS/ABI:UNIX - System V
                        ABI Version:0
                        Entry Point Address:0x4001a0
                        Flags:0x9
                        ELF Header Size:52
                        Program Header Offset:52
                        Program Header Size:32
                        Number of Program Headers:3
                        Section Header Offset:51436
                        Section Header Size:40
                        Number of Section Headers:10
                        Header String Table Index:9
                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                        NULL0x00x00x00x00x0000
                        .initPROGBITS0x4000940x940x300x00x6AX004
                        .textPROGBITS0x4000e00xe00xa9000x00x6AX0032
                        .finiPROGBITS0x40a9e00xa9e00x240x00x6AX004
                        .rodataPROGBITS0x40aa040xaa040x1ab40x00x2A004
                        .ctorsPROGBITS0x41c4bc0xc4bc0x80x00x3WA004
                        .dtorsPROGBITS0x41c4c40xc4c40x80x00x3WA004
                        .dataPROGBITS0x41c4d00xc4d00x3dc0x00x3WA004
                        .bssNOBITS0x41c8ac0xc8ac0xa2ac0x00x3WA004
                        .shstrtabSTRTAB0x00xc8ac0x3e0x00x0001
                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                        LOAD0x00x4000000x4000000xc4b80xc4b87.00630x5R E0x10000.init .text .fini .rodata
                        LOAD0xc4bc0x41c4bc0x41c4bc0x3f00xa69c3.58920x6RW 0x10000.ctors .dtors .data .bss
                        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                        Download Network PCAP: filteredfull

                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                        2025-03-18T03:10:36.668283+01002013514ET MALWARE Potential DNS Command and Control via TXT queries1192.168.2.13527668.8.8.853UDP
                        2025-03-18T03:11:37.754159+01002848606ETPRO MALWARE ELF/DarkNexus CnC Beacon Keep-Alive (Outbound)1192.168.2.1338598185.194.205.7961003TCP
                        2025-03-18T03:11:37.957342+01002848607ETPRO MALWARE ELF/DarkNexus CnC Beacon Keep-Alive (Inbound)1185.194.205.7961003192.168.2.1338598TCP
                        • Total Packets: 20
                        • 61003 undefined
                        • 53 (DNS)
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 18, 2025 03:10:37.698432922 CET3859861003192.168.2.13185.194.205.79
                        Mar 18, 2025 03:10:37.703253031 CET6100338598185.194.205.79192.168.2.13
                        Mar 18, 2025 03:10:37.703321934 CET3859861003192.168.2.13185.194.205.79
                        Mar 18, 2025 03:10:37.703408957 CET3859861003192.168.2.13185.194.205.79
                        Mar 18, 2025 03:10:37.708040953 CET6100338598185.194.205.79192.168.2.13
                        Mar 18, 2025 03:11:37.754158974 CET3859861003192.168.2.13185.194.205.79
                        Mar 18, 2025 03:11:37.759007931 CET6100338598185.194.205.79192.168.2.13
                        Mar 18, 2025 03:11:37.957341909 CET6100338598185.194.205.79192.168.2.13
                        Mar 18, 2025 03:11:37.957472086 CET3859861003192.168.2.13185.194.205.79
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 18, 2025 03:10:21.750034094 CET4548253192.168.2.131.0.0.1
                        Mar 18, 2025 03:10:21.931844950 CET53454821.0.0.1192.168.2.13
                        Mar 18, 2025 03:10:22.934472084 CET4208653192.168.2.131.1.1.1
                        Mar 18, 2025 03:10:23.113560915 CET53420861.1.1.1192.168.2.13
                        Mar 18, 2025 03:10:24.115978003 CET5778953192.168.2.131.1.1.1
                        Mar 18, 2025 03:10:24.140588999 CET53577891.1.1.1192.168.2.13
                        Mar 18, 2025 03:10:25.142839909 CET3367353192.168.2.131.1.1.1
                        Mar 18, 2025 03:10:25.279951096 CET53336731.1.1.1192.168.2.13
                        Mar 18, 2025 03:10:26.282111883 CET3573053192.168.2.138.8.4.4
                        Mar 18, 2025 03:10:26.297997952 CET53357308.8.4.4192.168.2.13
                        Mar 18, 2025 03:10:27.300163031 CET4961053192.168.2.138.8.8.8
                        Mar 18, 2025 03:10:27.314901114 CET53496108.8.8.8192.168.2.13
                        Mar 18, 2025 03:10:28.317075968 CET4294553192.168.2.138.8.4.4
                        Mar 18, 2025 03:10:28.332915068 CET53429458.8.4.4192.168.2.13
                        Mar 18, 2025 03:10:29.335973024 CET5539553192.168.2.138.8.4.4
                        Mar 18, 2025 03:10:29.350357056 CET53553958.8.4.4192.168.2.13
                        Mar 18, 2025 03:10:30.352521896 CET3768353192.168.2.131.1.1.1
                        Mar 18, 2025 03:10:30.542776108 CET53376831.1.1.1192.168.2.13
                        Mar 18, 2025 03:10:31.546288013 CET3696853192.168.2.138.8.4.4
                        Mar 18, 2025 03:10:31.571717978 CET53369688.8.4.4192.168.2.13
                        Mar 18, 2025 03:10:32.574368954 CET5205153192.168.2.138.8.8.8
                        Mar 18, 2025 03:10:32.600189924 CET53520518.8.8.8192.168.2.13
                        Mar 18, 2025 03:10:33.602744102 CET5979253192.168.2.138.8.4.4
                        Mar 18, 2025 03:10:33.617403984 CET53597928.8.4.4192.168.2.13
                        Mar 18, 2025 03:10:34.619703054 CET4395453192.168.2.138.8.4.4
                        Mar 18, 2025 03:10:34.648319006 CET53439548.8.4.4192.168.2.13
                        Mar 18, 2025 03:10:35.651496887 CET5201753192.168.2.138.8.4.4
                        Mar 18, 2025 03:10:35.666575909 CET53520178.8.4.4192.168.2.13
                        Mar 18, 2025 03:10:36.668282986 CET5276653192.168.2.138.8.8.8
                        Mar 18, 2025 03:10:36.696602106 CET53527668.8.8.8192.168.2.13
                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Mar 18, 2025 03:10:21.750034094 CET192.168.2.131.0.0.10x6932Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:10:22.934472084 CET192.168.2.131.1.1.10x6932Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:10:24.115978003 CET192.168.2.131.1.1.10x6932Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:10:25.142839909 CET192.168.2.131.1.1.10x6932Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:10:26.282111883 CET192.168.2.138.8.4.40x6932Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:10:27.300163031 CET192.168.2.138.8.8.80x6932Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:10:28.317075968 CET192.168.2.138.8.4.40x6932Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:10:29.335973024 CET192.168.2.138.8.4.40x6932Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:10:30.352521896 CET192.168.2.131.1.1.10x6932Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:10:31.546288013 CET192.168.2.138.8.4.40x6932Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:10:32.574368954 CET192.168.2.138.8.8.80x6932Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:10:33.602744102 CET192.168.2.138.8.4.40x6932Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:10:34.619703054 CET192.168.2.138.8.4.40x6932Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:10:35.651496887 CET192.168.2.138.8.4.40x6932Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:10:36.668282986 CET192.168.2.138.8.8.80x6932Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Mar 18, 2025 03:10:21.931844950 CET1.0.0.1192.168.2.130x6932Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:10:23.113560915 CET1.1.1.1192.168.2.130x6932Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:10:24.140588999 CET1.1.1.1192.168.2.130x6932Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:10:25.279951096 CET1.1.1.1192.168.2.130x6932Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:10:26.297997952 CET8.8.4.4192.168.2.130x6932Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:10:27.314901114 CET8.8.8.8192.168.2.130x6932Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:10:28.332915068 CET8.8.4.4192.168.2.130x6932Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:10:29.350357056 CET8.8.4.4192.168.2.130x6932Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:10:30.542776108 CET1.1.1.1192.168.2.130x6932Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:10:31.571717978 CET8.8.4.4192.168.2.130x6932Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:10:32.600189924 CET8.8.8.8192.168.2.130x6932Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:10:33.617403984 CET8.8.4.4192.168.2.130x6932Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:10:34.648319006 CET8.8.4.4192.168.2.130x6932Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:10:35.666575909 CET8.8.4.4192.168.2.130x6932Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:10:36.696602106 CET8.8.8.8192.168.2.130x6932Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false

                        System Behavior

                        Start time (UTC):02:10:21
                        Start date (UTC):18/03/2025
                        Path:/tmp/sync.sh4.elf
                        Arguments:/tmp/sync.sh4.elf
                        File size:4139976 bytes
                        MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                        Start time (UTC):02:10:21
                        Start date (UTC):18/03/2025
                        Path:/tmp/sync.sh4.elf
                        Arguments:-
                        File size:4139976 bytes
                        MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                        Start time (UTC):02:10:21
                        Start date (UTC):18/03/2025
                        Path:/tmp/sync.sh4.elf
                        Arguments:-
                        File size:4139976 bytes
                        MD5 hash:8943e5f8f8c280467b4472c15ae93ba9