Edit tour

Linux Analysis Report
sync.arm4.elf

Overview

General Information

Sample name:sync.arm4.elf
Analysis ID:1641111
MD5:3b914160cf9b4c1592aa35f67b367a9a
SHA1:e0a72fed217df5bb0d67beabf36ccb2122b1fe55
SHA256:1c6033a95cf6929caafb5acf0c93397e31d54b1e2091870085a9c73072a7c638
Tags:elfuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Performs DNS TXT record lookups
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sleeps for long times indicative of sandbox evasion
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1641111
Start date and time:2025-03-18 03:10:24 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 29s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:sync.arm4.elf
Detection:MAL
Classification:mal64.evad.linELF@0/0@15/0
Command:/tmp/sync.arm4.elf
PID:5545
Exit Code:1
Exit Code Info:
Killed:False
Standard Output:
syncne
Standard Error:
  • system is lnxubuntu20
  • sync.arm4.elf (PID: 5545, Parent: 5465, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/sync.arm4.elf
  • cleanup
No yara matches
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-18T03:11:17.958121+010020135141A Network Trojan was detected192.168.2.15485288.8.8.853UDP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: sync.arm4.elfVirustotal: Detection: 44%Perma Link
Source: sync.arm4.elfReversingLabs: Detection: 44%

Networking

barindex
Source: Network trafficSuricata IDS: 2013514 - Severity 1 - ET MALWARE Potential DNS Command and Control via TXT queries : 192.168.2.15:48528 -> 8.8.8.8:53
Source: global trafficTCP traffic: 192.168.2.15:36864 -> 185.194.205.79:61003
Source: unknownDNS traffic detected: query: dnsresolve.socialgains.cf replaycode: Name error (3)
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: dnsresolve.socialgains.cf
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal64.evad.linELF@0/0@15/0

Hooking and other Techniques for Hiding and Protection

barindex
Source: /tmp/sync.arm4.elf (PID: 5545)File: /tmp/sync.arm4.elfJump to behavior
Source: /tmp/sync.arm4.elf (PID: 5549)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/sync.arm4.elf (PID: 5549)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/sync.arm4.elf (PID: 5545)Queries kernel information via 'uname': Jump to behavior
Source: sync.arm4.elf, 5545.1.000055dd23b35000.000055dd23c63000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
Source: sync.arm4.elf, 5545.1.00007ffcb287b000.00007ffcb289c000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/sync.arm4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/sync.arm4.elf
Source: sync.arm4.elf, 5545.1.000055dd23b35000.000055dd23c63000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: sync.arm4.elf, 5545.1.00007ffcb287b000.00007ffcb289c000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

HIPS / PFW / Operating System Protection Evasion

barindex
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Virtualization/Sandbox Evasion
OS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
File Deletion
LSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1641111 Sample: sync.arm4.elf Startdate: 18/03/2025 Architecture: LINUX Score: 64 15 dnsresolve.socialgains.cf 2->15 17 185.194.205.79, 36864, 61003 HTSENSEFR France 2->17 19 Suricata IDS alerts for network traffic 2->19 21 Multi AV Scanner detection for submitted file 2->21 8 sync.arm4.elf 2->8         started        signatures3 23 Performs DNS TXT record lookups 15->23 process4 signatures5 25 Sample deletes itself 8->25 11 sync.arm4.elf 8->11         started        process6 process7 13 sync.arm4.elf 11->13         started       
SourceDetectionScannerLabelLink
sync.arm4.elf44%VirustotalBrowse
sync.arm4.elf44%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
dnsresolve.socialgains.cf
unknown
unknownfalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    185.194.205.79
    unknownFrance
    204145HTSENSEFRfalse
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    185.194.205.79sync.x86_64.elfGet hashmaliciousUnknownBrowse
      sync.sh4.elfGet hashmaliciousUnknownBrowse
        sync.superh.elfGet hashmaliciousUnknownBrowse
          sync.x86.elfGet hashmaliciousUnknownBrowse
            sync.superh.elfGet hashmaliciousUnknownBrowse
              sync.mipsel.elfGet hashmaliciousUnknownBrowse
                sync.arm5.elfGet hashmaliciousUnknownBrowse
                  sync.arm4.elfGet hashmaliciousUnknownBrowse
                    sync.x86_64.elfGet hashmaliciousUnknownBrowse
                      sync.arm4.elfGet hashmaliciousUnknownBrowse
                        No context
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        HTSENSEFRsync.x86_64.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.sh4.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.superh.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.x86.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.superh.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.mipsel.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm5.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm4.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.x86_64.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm4.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        No context
                        No context
                        No created / dropped files found
                        File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                        Entropy (8bit):6.106465230697047
                        TrID:
                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                        File name:sync.arm4.elf
                        File size:63'776 bytes
                        MD5:3b914160cf9b4c1592aa35f67b367a9a
                        SHA1:e0a72fed217df5bb0d67beabf36ccb2122b1fe55
                        SHA256:1c6033a95cf6929caafb5acf0c93397e31d54b1e2091870085a9c73072a7c638
                        SHA512:665e28e6d60f0289fdca1eb2830bb9f2b45fad5c9eb6e6de611cb96e03c3db82263fc238a96281406a3dbfff871300674f5127a80d23a3b94cdd0a647d045e5b
                        SSDEEP:1536:ySm2sDFHApMwl8n8Nlj1C/VDWyqZ9T/ibovjCh:G3Kl88Nlj1aVDW7Z/jCh
                        TLSH:63534B52F8C2A613C5D0567AFA4F42CC371257E9E2DE3603CE2A4F6137AB16B0EA7511
                        File Content Preview:.ELF...a..........(.........4...........4. ...(.....................\...\...............`...`...`...................Q.td..................................-...L."....5..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

                        ELF header

                        Class:ELF32
                        Data:2's complement, little endian
                        Version:1 (current)
                        Machine:ARM
                        Version Number:0x1
                        Type:EXEC (Executable file)
                        OS/ABI:ARM - ABI
                        ABI Version:0
                        Entry Point Address:0x8190
                        Flags:0x202
                        ELF Header Size:52
                        Program Header Offset:52
                        Program Header Size:32
                        Number of Program Headers:3
                        Section Header Offset:63376
                        Section Header Size:40
                        Number of Section Headers:10
                        Header String Table Index:9
                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                        NULL0x00x00x00x00x0000
                        .initPROGBITS0x80940x940x180x00x6AX004
                        .textPROGBITS0x80b00xb00xd7e00x00x6AX0016
                        .finiPROGBITS0x158900xd8900x140x00x6AX004
                        .rodataPROGBITS0x158a40xd8a40x1ab80x00x2A004
                        .ctorsPROGBITS0x1f3600xf3600x80x00x3WA004
                        .dtorsPROGBITS0x1f3680xf3680x80x00x3WA004
                        .dataPROGBITS0x1f3740xf3740x3dc0x00x3WA004
                        .bssNOBITS0x1f7500xf7500xa2ac0x00x3WA004
                        .shstrtabSTRTAB0x00xf7500x3e0x00x0001
                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                        LOAD0x00x80000x80000xf35c0xf35c6.13750x5R E0x8000.init .text .fini .rodata
                        LOAD0xf3600x1f3600x1f3600x3f00xa69c3.48690x6RW 0x8000.ctors .dtors .data .bss
                        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                        Download Network PCAP: filteredfull

                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                        2025-03-18T03:11:17.958121+01002013514ET MALWARE Potential DNS Command and Control via TXT queries1192.168.2.15485288.8.8.853UDP
                        • Total Packets: 21
                        • 61003 undefined
                        • 53 (DNS)
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 18, 2025 03:11:31.603091002 CET3686461003192.168.2.15185.194.205.79
                        Mar 18, 2025 03:11:31.608042002 CET6100336864185.194.205.79192.168.2.15
                        Mar 18, 2025 03:11:31.608112097 CET3686461003192.168.2.15185.194.205.79
                        Mar 18, 2025 03:11:32.627954006 CET3686461003192.168.2.15185.194.205.79
                        Mar 18, 2025 03:11:32.632775068 CET6100336864185.194.205.79192.168.2.15
                        Mar 18, 2025 03:11:32.632930040 CET3686461003192.168.2.15185.194.205.79
                        Mar 18, 2025 03:11:32.633438110 CET3686461003192.168.2.15185.194.205.79
                        Mar 18, 2025 03:11:32.638097048 CET6100336864185.194.205.79192.168.2.15
                        Mar 18, 2025 03:12:32.684199095 CET3686461003192.168.2.15185.194.205.79
                        Mar 18, 2025 03:12:32.689527988 CET6100336864185.194.205.79192.168.2.15
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 18, 2025 03:11:15.759644985 CET5672653192.168.2.158.8.4.4
                        Mar 18, 2025 03:11:15.774427891 CET53567268.8.4.4192.168.2.15
                        Mar 18, 2025 03:11:16.778271914 CET3855953192.168.2.151.1.1.1
                        Mar 18, 2025 03:11:16.956470966 CET53385591.1.1.1192.168.2.15
                        Mar 18, 2025 03:11:17.958121061 CET4852853192.168.2.158.8.8.8
                        Mar 18, 2025 03:11:17.974643946 CET53485288.8.8.8192.168.2.15
                        Mar 18, 2025 03:11:18.976228952 CET4993053192.168.2.158.8.4.4
                        Mar 18, 2025 03:11:18.991372108 CET53499308.8.4.4192.168.2.15
                        Mar 18, 2025 03:11:19.993025064 CET3432353192.168.2.151.1.1.1
                        Mar 18, 2025 03:11:20.129715919 CET53343231.1.1.1192.168.2.15
                        Mar 18, 2025 03:11:21.131453991 CET3509753192.168.2.158.8.8.8
                        Mar 18, 2025 03:11:21.146856070 CET53350978.8.8.8192.168.2.15
                        Mar 18, 2025 03:11:22.148574114 CET5440953192.168.2.151.0.0.1
                        Mar 18, 2025 03:11:22.173079014 CET53544091.0.0.1192.168.2.15
                        Mar 18, 2025 03:11:23.174779892 CET5700653192.168.2.151.1.1.1
                        Mar 18, 2025 03:11:23.200831890 CET53570061.1.1.1192.168.2.15
                        Mar 18, 2025 03:11:24.202919006 CET5336453192.168.2.151.0.0.1
                        Mar 18, 2025 03:11:24.227266073 CET53533641.0.0.1192.168.2.15
                        Mar 18, 2025 03:11:25.229089022 CET3757753192.168.2.158.8.4.4
                        Mar 18, 2025 03:11:25.380315065 CET53375778.8.4.4192.168.2.15
                        Mar 18, 2025 03:11:26.382703066 CET3696453192.168.2.151.0.0.1
                        Mar 18, 2025 03:11:26.501375914 CET53369641.0.0.1192.168.2.15
                        Mar 18, 2025 03:11:27.504132986 CET3834153192.168.2.151.1.1.1
                        Mar 18, 2025 03:11:27.528547049 CET53383411.1.1.1192.168.2.15
                        Mar 18, 2025 03:11:28.530457973 CET4195453192.168.2.158.8.4.4
                        Mar 18, 2025 03:11:28.546781063 CET53419548.8.4.4192.168.2.15
                        Mar 18, 2025 03:11:29.549112082 CET4768853192.168.2.151.1.1.1
                        Mar 18, 2025 03:11:29.574640989 CET53476881.1.1.1192.168.2.15
                        Mar 18, 2025 03:11:30.577236891 CET4344953192.168.2.151.1.1.1
                        Mar 18, 2025 03:11:30.601317883 CET53434491.1.1.1192.168.2.15
                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Mar 18, 2025 03:11:15.759644985 CET192.168.2.158.8.4.40xe208Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:11:16.778271914 CET192.168.2.151.1.1.10xe208Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:11:17.958121061 CET192.168.2.158.8.8.80xe208Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:11:18.976228952 CET192.168.2.158.8.4.40xe208Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:11:19.993025064 CET192.168.2.151.1.1.10xe208Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:11:21.131453991 CET192.168.2.158.8.8.80xe208Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:11:22.148574114 CET192.168.2.151.0.0.10xe208Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:11:23.174779892 CET192.168.2.151.1.1.10xe208Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:11:24.202919006 CET192.168.2.151.0.0.10xe208Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:11:25.229089022 CET192.168.2.158.8.4.40xe208Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:11:26.382703066 CET192.168.2.151.0.0.10xe208Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:11:27.504132986 CET192.168.2.151.1.1.10xe208Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:11:28.530457973 CET192.168.2.158.8.4.40xe208Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:11:29.549112082 CET192.168.2.151.1.1.10xe208Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:11:30.577236891 CET192.168.2.151.1.1.10xe208Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Mar 18, 2025 03:11:15.774427891 CET8.8.4.4192.168.2.150xe208Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:11:16.956470966 CET1.1.1.1192.168.2.150xe208Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:11:17.974643946 CET8.8.8.8192.168.2.150xe208Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:11:18.991372108 CET8.8.4.4192.168.2.150xe208Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:11:20.129715919 CET1.1.1.1192.168.2.150xe208Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:11:21.146856070 CET8.8.8.8192.168.2.150xe208Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:11:22.173079014 CET1.0.0.1192.168.2.150xe208Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:11:23.200831890 CET1.1.1.1192.168.2.150xe208Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:11:24.227266073 CET1.0.0.1192.168.2.150xe208Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:11:25.380315065 CET8.8.4.4192.168.2.150xe208Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:11:26.501375914 CET1.0.0.1192.168.2.150xe208Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:11:27.528547049 CET1.1.1.1192.168.2.150xe208Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:11:28.546781063 CET8.8.4.4192.168.2.150xe208Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:11:29.574640989 CET1.1.1.1192.168.2.150xe208Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:11:30.601317883 CET1.1.1.1192.168.2.150xe208Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false

                        System Behavior

                        Start time (UTC):02:11:15
                        Start date (UTC):18/03/2025
                        Path:/tmp/sync.arm4.elf
                        Arguments:/tmp/sync.arm4.elf
                        File size:4956856 bytes
                        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                        Start time (UTC):02:11:15
                        Start date (UTC):18/03/2025
                        Path:/tmp/sync.arm4.elf
                        Arguments:-
                        File size:4956856 bytes
                        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                        Start time (UTC):02:11:15
                        Start date (UTC):18/03/2025
                        Path:/tmp/sync.arm4.elf
                        Arguments:-
                        File size:4956856 bytes
                        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1