Malware Analysis Report

2024-09-09 17:53

Sample ID 240613-cftxzstgmp
Target 9fa43fd208db904f12d5026d4b748c0c.bin
SHA256 7b6be6b7aa437aab2814a34f8a680b83f316f93d533d6ba504d03f3aa43d01cc
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

7b6be6b7aa437aab2814a34f8a680b83f316f93d533d6ba504d03f3aa43d01cc

Threat Level: Likely malicious

The file 9fa43fd208db904f12d5026d4b748c0c.bin was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 02:01

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 02:01

Reported

2024-06-13 02:04

Platform

android-x86-arm-20240611.1-en

Max time kernel

177s

Max time network

188s

Command Line

com.wps.excellentclass

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.wps.excellentclass

/system/bin/cat /proc/cpuinfo

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 abroad-dw-online.ksord.com udp
US 1.1.1.1:53 c-gtc.getui.com udp
US 1.1.1.1:53 api-gi.getui.com udp
CN 183.134.98.68:80 api-gi.getui.com tcp
US 1.1.1.1:53 sdk.open.phone.igexin.com udp
CN 115.227.15.6:80 sdk.open.phone.igexin.com tcp
US 1.1.1.1:53 geyan.getui.com udp
CN 183.136.220.39:443 geyan.getui.com tcp
US 1.1.1.1:53 b-gtc.getui.com udp
US 1.1.1.1:53 data.mistat.xiaomi.com udp
US 1.1.1.1:53 abroad-dw-online.ksord.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 c-gtc.getui.com udp
US 1.1.1.1:53 c-gtc.getui.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 b-gtc.getui.com udp
US 1.1.1.1:53 data.mistat.xiaomi.com udp
CN 115.227.15.13:80 c-gtc.getui.com tcp
SG 119.29.29.29:80 119.29.29.29 tcp
US 1.1.1.1:53 0 udp
SG 119.29.29.29:80 119.29.29.29 tcp
US 1.1.1.1:53 abroad-dw-online.ksord.com udp
SG 119.29.29.29:80 119.29.29.29 tcp
NL 20.33.39.105:80 data.mistat.xiaomi.com tcp
CN 115.227.15.225:80 sdk.open.phone.igexin.com tcp
US 18.233.22.108:80 18.233.22.108 tcp
NL 20.33.39.104:80 data.mistat.xiaomi.com tcp
CN 115.236.96.109:80 api-gi.getui.com tcp
CN 115.227.15.14:80 c-gtc.getui.com tcp
CN 115.227.15.227:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.15:80 c-gtc.getui.com tcp
CN 115.227.15.229:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.16:80 c-gtc.getui.com tcp
CN 115.227.15.231:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.233:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.235:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.7:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.237:80 sdk.open.phone.igexin.com tcp

Files

/data/data/com.wps.excellentclass/app_tbs/core_private/download_upload

MD5 c3849cf2c0f5beba615294a0b52244e0
SHA1 1e8dee590a8ad56a248a7fbc5e22f8124eaf62ca
SHA256 b3e5f2e97e0375ad043df5e7d703b583a73f805c70f230408d3fd9e37a56bb7f
SHA512 1d8560f8c92ce0cf7487fef172aaaad844b10f26b41da26c9ec5214336fceb7f1597d2c431928db403e5b8a4b675f303b5a53e0bf07c51f30ea574ddd2329db7

/storage/emulated/0/Android/data/com.wps.excellentclass/files/tbslog/tbslog.txt

MD5 5ba66f89e1fd5802d181b574b89acd15
SHA1 76010fae9f997a1f2de5cf4bffcb75c0a050cf91
SHA256 685790ad786d05b56007a1d3adac9df290234b2615e2b4f70c0be19ddfc41203
SHA512 c70b36e28afce2d48c8ff3337c1fb098b6118fd53b8cfd9763a0a63cf8e2762ee2f765cfad43facc82f2af26f5e3f130904cfdbad69f2ad33968b13fe52c7e11

/data/data/com.wps.excellentclass/app_tbs/core_private/download_upload

MD5 90a7964f4898299aa159985daff8e6e1
SHA1 a189e4e42f0c2f7c8b0e506617ddd440eda58390
SHA256 587edfbdfdb3304661a669473ebbac6a387b8da525ddeeaa12c4af9050669339
SHA512 0a868c37a6056e58e539a58aa57c8d6113bdb5a7c31e74d73dfea2bab74de0f0f89dccf0eda13e8cf3fc78280435306a733d25558780efd60fdd701ea15be80a

/data/data/com.wps.excellentclass/app_tbs/core_private/download_upload

MD5 65d213d26e38314cf2268d123f69d2b6
SHA1 e7687584e9ceec005b772eaa5a45270919722c8c
SHA256 593394433f18fa73e38ea26296a006f10ae1e32baa8286677e11f15a71e1cfa2
SHA512 2987de4b1662ffc762d25d8cceed33a35f8fc5aeaab100e399086d45530c69a4141b142aca3f2b4739eabe0f20a51a03c9b60db89b5fe39e29d48e9db3c8d4de

/data/data/com.wps.excellentclass/databases/gis.db-journal

MD5 81341d83401bfa40e2dd6ece2494f76f
SHA1 9de7b42a6c6b7aabf29811db28202fe174523b05
SHA256 e562fb04fdd188c18e54a4db1ec260ce4201f78f5d49151be679ee9fb88fe799
SHA512 5cd68c5810da232d916e3756438964a3f60660ac710a45bc8db8493ce5a3b38ea6bafbbf20651c46a2211b3720e348dd3fbf792886f114299f4c5b17cfb79b45

/data/data/com.wps.excellentclass/databases/gis.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.wps.excellentclass/databases/gis.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.wps.excellentclass/databases/gis.db-wal

MD5 e0b5557be8d9fa7f269faca08772c893
SHA1 35cdbdff0eba08ce7b798edf5029602cb4c32d6a
SHA256 4cfd8ce4e880fe286d8173b47424399bffdfb33d9ab91e401b56ed406c1ab6fc
SHA512 2005dd41a0ca6d2777e1be0cfc5a68000e56517ab1c64751509e06e6f0924265f4236a0f3d4c75309122b0bc9458e64aee79c32264963375ff7af91e2362bdff

/data/data/com.wps.excellentclass/databases/gy.db-journal

MD5 8279cc851041eaf85f4fa644b9f22b50
SHA1 25dc6d4b860226330bcbaa2f291d2e65375d13e0
SHA256 4568437e447260bfc7e0182d408d57b75eafca090331b68430522562401b3b1f
SHA512 625b251f9a9c08c6b12185ddef71d2d2b744e2a82270c525831d02b12562efaf328d68cc27c8b7c00af97ac0858d2cfb6c7e3fbd25778e1883a0c24fe9ab6ec8

/data/data/com.wps.excellentclass/databases/gy.db-wal

MD5 665205e3f1c232afe1923ad053ec0e46
SHA1 782642aad54119eeb06d8739750e6de66a6862be
SHA256 77eed2e2343a01529ea9fdf93cc3d15f1fd1af60d3e27101fdfd49d2b2550da0
SHA512 5ea6d8bf6a2d19c23160a4d3047bcaec64aee03d394bc706f69b8f36bbc140e9a6bfb61d0fb225adbafebfd0694660dd07cfa6aa3ff190fddb34c3d97fffa847

/data/data/com.wps.excellentclass/databases/wpsexcellentclass.db-journal

MD5 c58974732ae9453794531ba9f0136357
SHA1 6161d63fcdf82e504cdf98f2bd83ab54be1c8c6f
SHA256 ef43d59956b32a0d136d3b181d53d7a41f51961e1f36686755c71eef427e5912
SHA512 4ebc6e265de287a98705d0ad47ce5a320d1d9188538d784e6d5064b47fb6a1e0a7fdbb905228e69559a44024a9e789bd78e2a0230bc89c7983005440226ca74c

/data/data/com.wps.excellentclass/databases/wpsexcellentclass.db

MD5 ca6d25305d248b23c221033c9ff82a71
SHA1 56bf08d1b57097686e52764fc9ce2b49ea4d5cc8
SHA256 363032039f499836dfcd8fd60df645764dee0086a8e2dabaf8df700bb45dd96e
SHA512 509bbf28be291472e4e4f84f79c5de10d3d26f8a7cf101a4bce1bb960967fa163f25474ca5f02f5c489b078e84a208a55338099b7a4e8b7ead6d4018fedc699f

/data/data/com.wps.excellentclass/databases/wpsexcellentclass.db-wal

MD5 e4e011fd9fca41018a49d7c70c804767
SHA1 37e62275df206fd979d3429a39dd059ef2ef2358
SHA256 d054d8241067164a0a8af5837024d33ccde844adabd5247c2e922f1b7ce8b9da
SHA512 e168af4c7d28d07879524d38d394a2d0b2332a5bb9e5047b1b406e36a9e9639ea472ea9d77daa5e9b36d9cf96d54ca7d462a72f41680352b57c5b72bd43dd12d

/data/data/com.wps.excellentclass/databases/gtc.db-journal

MD5 b5ff06a40c4b00b7136a74503e932fb8
SHA1 eea4c00c937a67f1fd89e7cbb02f432be6b71e82
SHA256 0aad1030937a067903932f4e465b88e9fbab20554b6b3b29c4de962ea776c056
SHA512 5afcefae2dcfafb5c4df73aa359425924fc3a6a1b3805907697d4065787e49f768c8bab7cfe38640010f6bec54842374fc651f1f0dc74309deb59414acb08f3c

/data/data/com.wps.excellentclass/databases/gtc.db-wal

MD5 23f913b0b6fcb83befd9515787a20758
SHA1 fdaaeee4650c75cee3986972f523155cf962106e
SHA256 2eb7e8197a67a1ca9e8b86f40e3ad047d181dcaec43554b441eda448b735ac6c
SHA512 a95fcb303a692c4df97b42a04c7a7e4e86c10250815325feaa198940cc83cc079319042189f5a9c0c91406867e47137dea680cbe22b0f69d9b5cb7f07c1808f6

/data/data/com.wps.excellentclass/databases/StatSupport.db-journal

MD5 56237f72d3d155d50f9058e00a8c005b
SHA1 9b33eddadc87c44156eaa800b8d8a117dde9656c
SHA256 12b7e59b06244c23d9ad4860c6312c9f4cf00ac75d74c032c55a94b8af429369
SHA512 dfb89828e749a24f6c22d2de2d2b18d9300513a53e459e947ef00413f7ac7e438f56e862a3f5e22891e107c3d1423c10ad049d8c5957acbd46b20179e1a43d25

/data/data/com.wps.excellentclass/databases/StatSupport.db-wal

MD5 3012328a65477466d15f7ac91d9ffbec
SHA1 3d10ef99cd9454756c0ddd25d9462db2498c4d66
SHA256 ec60497a80913de2892ed52509b0cdc97297b8465bfc61edce85ca285b527816
SHA512 5542b834d714493024d751c58bc823655e0b128e2073eaf0e741d93f5e98b382af629703a0ec49dd65ffde68fc7202c175bb55f7c628fabf6bbb3f5a344d7ea9

/storage/emulated/0/libs/com.wps.excellentclass_.db

MD5 5eeb0bf588b5465ce0f66952d056a5a4
SHA1 346f78a8aa308bdddf037acaeaafe159f625bad8
SHA256 aa6edc8a51a00e7ce84d6dfb15d87eb746ce9677aef37edb56d904db2040486f
SHA512 0abee2e59ef80403240c1d9ba0ad56aa088ef8d11a7e16b5a40e5c72baac16c1a3cdd485088cffffee87578538cef6c39bf75c9f91187ab431f3f555fe936601

/data/data/com.wps.excellentclass/databases/mistat.db-journal

MD5 61f68090d51e78b0c51d9f3d892e6551
SHA1 35544fa55bb7f068101ff704c7249698982cecca
SHA256 8653263978eba125389a0c9ed4e9c032648246e0e7da83145a3eac52d8aa1802
SHA512 84cd11c2f114055fc1abc8a5168703679114270be7943fa6928bf3b58e7eea6a613d649cd94d7c53f9fd81a797944716104c2823913bdd493f1ddfd500d2f276

/data/data/com.wps.excellentclass/databases/mistat.db

MD5 4087502305dd866a58b4aa84a43ff511
SHA1 f43bb5e317279b34b06a156ece89ea4594326026
SHA256 c1cd626a3cdd0bbe6897f994df936acd0b7089dacb47c4c60fdd434642bfad09
SHA512 adcdf26c1e26e90d4cf382a1109ba08ba6089d8ccad77175f83e2fb63fd11e5f896b9157f936a3fd59f09d00f3c7030b776d54d19f5fc122ca640eec77828a2b

/data/data/com.wps.excellentclass/databases/mistat.db-wal

MD5 f85a9b5b785529212767b22c35127f0f
SHA1 4453294871a0a1f5c7e44f15dd532c0c35d28f6c
SHA256 82ec74fcd2d410ed13e313b8a55a1ba2a878122290abbc46cd72423ea69f6dc5
SHA512 1378eb4bb9148f23c9da69365d2f6ce9752dbcc233c078d1b8f00e891d72b4cb98c307a957cd77afc418ab85d7f84218ddc44a2a410171e3fa0af70c717dd09a

/data/data/com.wps.excellentclass/databases/mistat.db-wal

MD5 f1fde240ae9df5e0b3ef71925b7b1fb4
SHA1 26aecf3eb1978799664cb57531f8cbe2b552fd78
SHA256 73145c678425cc84ada858f0d0ba9eb30c01f1c1ca140d2591a46f9b96b55016
SHA512 52b4748443b396e9950d404b340008588f666e88d04760eb98153ec27d8cd5e7e3cfeb2089f469298bbe3e9938ab56cf983e38ea4a351e619bdcd59cc16e2954

/data/data/com.wps.excellentclass/databases/mistat.db

MD5 498b6749504f30b24f0b38aab36eb085
SHA1 469323dc87fcc08a7b11aecd714089519d5debba
SHA256 87c5dac626cb2b536c47d0352fa080b46813a487d7904dd7fc00630327a1e4c9
SHA512 b98975ca078a7a6b3242f745df99b81e8110d49911d6a419eb4f8d0dd6b2d4c14d51bc54a64b5d0f36ce1c2876f29d4917a3a547369764d09e879959e0236b8c

/data/data/com.wps.excellentclass/databases/mistat.db-wal

MD5 d8984d15f47d74c4d239b2e8bac3860e
SHA1 5a47f223dfb70d1e8b1e2e2a31b49faefcd78033
SHA256 49dac186e8ee6e528850564d863746b05f13b89d30758a3f9ed78c15177c19f2
SHA512 c168a8dd523ad9c54bc52d35d1ee31cc02d479e5f25cdca2e79af20b606d851f94dc9c5e7540a870f07333cbf63d7a11265bce037a8da11753e84b2eb6989def

/data/data/com.wps.excellentclass/databases/mistat.db

MD5 acd2ac888f30f6562b94d2f3d6feec2e
SHA1 86803dc6291b00334ef8169d290f039405f0126d
SHA256 c943cfc34500c28fa4741bd24e0e71c1c203607e629abbff1c8063c62b7408f6
SHA512 bbc1a0e7a19b6400a297ffb9f4737795f1bd7710f2ddf93da6c691efbf84a871643172a72ed4792a0839703dbc66c37f0e63c9cb50710fab774af6d61caa0514

/data/data/com.wps.excellentclass/databases/mistat.db-wal

MD5 05efe3c97b9597479954c5eca4a23ead
SHA1 85bcc7ecc8d863e71e759d5a35067cdd8fe0f267
SHA256 a0d64fe54917cd755db50712b5572f1bdfeac115410855bc986aad3dde8fa75f
SHA512 72fc96282a419a48bc6abdcc099a4372f203f1f1e801505e010bce4557dfcf9c1e4ba66e939b882de458baec5a0f64f47f316c5cc5bee9dd77051d729ead7aa6

/data/data/com.wps.excellentclass/databases/mistat.db

MD5 43a1c50fea573e4a653f56b5177666d8
SHA1 3559c5702e1f8a67d7b96d2c9386180317b315ec
SHA256 027b30d3a3392cc34beb89ad37810eaa38aab2d21123b705e3af39f5edb8f4da
SHA512 7e87376f0088a67bffed741f86c02e0d2a08d0e6dd8a279f1467bc9879befaf94d82e6b5dad6676f8d2ff68aeaccb6e32c4ab2da0aaee38b98dd55e9ee5956c1

/data/data/com.wps.excellentclass/databases/mistat.db-wal

MD5 0250303ec1ad78ac459d9e2be7ff45e3
SHA1 a60872f8a61f7aef879e7dbe689032c377e00894
SHA256 925db9684b2a6304ab623a5abf3b334a133d3ab1e124bd740179b379c051b3e5
SHA512 f6c9c7b8adc896802096c3e2280fd13f87d137037f0a88ec6e367ccdf544987f8ebb2a3a3c2bf52cf954a2be1ad1f7b43353f65c34207e47c4106c7722f4134a

/data/data/com.wps.excellentclass/databases/mistat.db

MD5 259de726ac50f1dd83ca641eb50e784d
SHA1 7cd1e863dd7fac3cb1b3ed86f3c7dbe04fa4d639
SHA256 59624d313fb65b909c1bf300971f34146088126d37b0e435596a3897c802ace4
SHA512 7dc689066b5f99f2732620d4fbfcbe1902862dc86d7eea4ed3231c17e86187acc8487af86b34475f3f60e5bf9b9ed039fcdc0396b9585f80069d820ed744d033

/data/data/com.wps.excellentclass/databases/mistat.db-wal

MD5 753ba5b85e7024e834855d8d7046e57e
SHA1 38a9071fc67886c18dc75e00757c5ffafad6c911
SHA256 1102bdba7f1cb70ae1c5698247a8c9bda858cfe626168f7b240965e2deff449b
SHA512 54ea47217b5e2711de22d9b37011db7192c0b115850ecf2c2007b1464bf088d1270881948df2f4c66e78915c69ca1e0ca95d3ede5a107d28dcbb6cc2e7791c26

/data/data/com.wps.excellentclass/databases/mistat.db

MD5 7d92808936141f564166685f036323b5
SHA1 cfdc9baa8dd7c514e0f437e3ee6dedc8f4294b46
SHA256 7535b15795f677faf55346f1bee00e3bd6c3c66b3778dd35db30bdd1c7b9b340
SHA512 eb2108510f0d835f8df52e38c4b20c06c744008d1cb4943735112d2606a48076d0bec6f2c39a924631f9232cd678af14956a77e92202e9b5ce346cda9262f732

/storage/emulated/0/.GidConfig/gtdid.db

MD5 80f006d87f424c116bda92821329932f
SHA1 c39bb79596a68901aec28ca085c31c981d62e408
SHA256 f19eb05217b692c7bca608f2033f82c5bce843c732d258277b6b23994e295e82
SHA512 2ac85cacb6b444b66a92e64cc1ce54941d3a3cd02740562d4097c9de91b7ffcfe642d7ca0d581c4e5dd05daf82f02a0975c782b9a43221395ae872fd93aaf402

/storage/emulated/0/.GidConfig/gtdid.db

MD5 399fd699b80aece8a2c1a8449e43a8aa
SHA1 4ba40c3962fca3f3bbb1216c3fc4f98baf017206
SHA256 529407dfaa4846c3861b960a885bbc6e57826f3e16e0da62378add0c2f6a0b4a
SHA512 ad1b62ebaed48ceb2778d5237d4282cd75af9387fbbcd504eb31eb5424047e81c57b80f138901d31406535745cd65764520ffd967759317cf69644615ea28e0e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 02:01

Reported

2024-06-13 02:01

Platform

android-33-x64-arm64-20240611.1-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
BE 142.250.110.188:5228 tcp
GB 172.217.16.228:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 216.58.212.234:443 udp

Files

N/A