Malware Analysis Report

2025-05-28 18:46

Sample ID 241103-ftqz2aymfm
Target 89c6e193d596ba6cae7fb32dabdebb99_JaffaCakes118
SHA256 6d5a8e3508ae018363cbdd537d76586613090915d6850fe7a9ac09d3b9fbabf7
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

6d5a8e3508ae018363cbdd537d76586613090915d6850fe7a9ac09d3b9fbabf7

Threat Level: Likely malicious

The file 89c6e193d596ba6cae7fb32dabdebb99_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Reads the content of the SMS messages.

Loads dropped Dex/Jar

Queries the phone number (MSISDN for GSM devices)

Requests cell location

Queries information about running processes on the device

Reads the content of SMS inbox messages.

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries information about active data network

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-03 05:10

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to receive WAP push messages. android.permission.RECEIVE_WAP_PUSH N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-03 05:10

Reported

2024-11-03 05:12

Platform

android-x86-arm-20240624-en

Max time network

138s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-03 05:10

Reported

2024-11-03 05:12

Platform

android-x64-20240910-en

Max time network

154s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 172.217.16.226:443 tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-03 05:10

Reported

2024-11-03 05:12

Platform

android-x64-arm64-20240910-en

Max time network

154s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
US 216.239.36.223:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.179.225:443 tcp
GB 216.58.201.97:443 tcp
US 216.239.36.223:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-03 05:10

Reported

2024-11-03 05:12

Platform

android-x86-arm-20240624-en

Max time kernel

8s

Max time network

133s

Command Line

com.jqpa.loan.qyk

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.jqpa.loan.qyk/app_workbench32274/apk.zip N/A N/A
N/A /data/user/0/com.jqpa.loan.qyk/app_workbench32274/apk.zip N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Reads the content of SMS inbox messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/inbox N/A N/A

Reads the content of the SMS messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/ N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.jqpa.loan.qyk

chmod 666 /storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.main.apk

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jqpa.loan.qyk/app_workbench32274/apk.zip --output-vdex-fd=68 --oat-fd=70 --oat-location=/data/user/0/com.jqpa.loan.qyk/app_workbench32274/oat/x86/apk.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 mms.ywmm9.com udp
US 1.1.1.1:53 traffic.sooying.cn udp
US 1.1.1.1:53 static.oz7cq.com udp
US 1.1.1.1:53 prchas.ywjhdd.com udp
US 1.1.1.1:53 dynamic.ywlto.com udp
US 1.1.1.1:53 dynamicpay.ywjhdd.com udp
US 1.1.1.1:53 pv.sohu.com udp
NL 43.152.42.109:80 pv.sohu.com tcp
US 1.1.1.1:53 static.vch7su.com udp
US 1.1.1.1:53 prchas.ywlto.com udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.main.apk

MD5 b0a39aaa44ac82ec0fd321914f6aa668
SHA1 10a20428675480d68cbc64a5a4be12bde81aaca2
SHA256 e44f6d6dc173a53f4d7e4bbcbc92bf991ffea14af1612ee29b81f56c33b6d5ef
SHA512 fde8a61b36e3a27acd98ce24b594b71690456c40f76785dac0a4809f66570d4196b60e1e47616cf9855faac18822fe6d953b59534a39506daa15c7a285d70999

/data/data/com.jqpa.loan.qyk/app_workbench32274/apk.zip

MD5 7aeb1d2fa82938b504b8dfe4f0f88e15
SHA1 594b71ccfe14b401d0f714decff5fd233efa417a
SHA256 cc14dbf934faa2ec007caf8cfa82fd746269f5239aff2d74ab79a015ea27d206
SHA512 c4b58efbcdc02abca3eb579e529889bd4d8ea207bc0b85a1fa02bdf71598567b1576ac8d4e59ad848d8f514e93ad7cd351f4bcde3f3f9a2bbb041a5a61536057

/data/data/com.jqpa.loan.qyk/databases/video_record-journal

MD5 87110fed4cfe41dd31c68cf9096601b7
SHA1 d69a1eb7a7ab610c3a9493660150c694f0841d13
SHA256 a953368e9c4a3991b6cc37ee0d638f9ba7323f1f899f2e91f12b7d28ba1b76f2
SHA512 51e96cc6af000d51535707ecc6da599d3679f3868c3e654b8c904b1fbae5964cbf76e3cdb3a6dc9bdadd78d991163eb3a40c5dcfc6072379ec50a08da8bbe8e9

/data/data/com.jqpa.loan.qyk/databases/video_record

MD5 eb6a07c02a4503a237a35d449de23e45
SHA1 c8dfa2dea667659ec567dd111cb1ee47903f6e49
SHA256 d76989d5c52ee0bdb508b1a6217fdabba45873e2d832538c9a407850c845da77
SHA512 ff3f8acebe881b8dac8c41f3a0d2ea5ffb6a936e9fa88e279aecef25470ed95693921ec1bc2ea618e06189893bdbd62f73a49e4bc847819dc4a216727db7be86

/data/data/com.jqpa.loan.qyk/databases/video_record-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jqpa.loan.qyk/databases/video_record-wal

MD5 9159ede056de28dc8aaa801dddacb46d
SHA1 ba77c728d8496252d9a6657d681651a0a1b618c5
SHA256 908aa3334ecccbe2d30e03d9c29a152eaba972920dd445c467ff24a85ae7d71d
SHA512 caaaef6174e218a7e6f6cbd5446db5dc55fda5610d743e71608fdddc1f0bf6a9cb0925a3be1e1e90b008db6d3e279fbeded932bfe5df5bafe9841b045e67b598

/data/user/0/com.jqpa.loan.qyk/app_workbench32274/apk.zip

MD5 4664de668b3277f9bec7ff8c620df68b
SHA1 fb7a22c912a43c1ac08cfcee610914846735879c
SHA256 a4dd5ecf1378c5f6ba31fac733821a9d3ae6f0d5a1349a9776430ac687ccf393
SHA512 574c6ea868d7f475b9d8f199406dca9d9c16a649f49d9fc2823635bf043cea67b37de37f4f4c706f0167c5ecd526b9a7e68364e90a730e0c172e1a6db40041d5

/data/user/0/com.jqpa.loan.qyk/app_workbench32274/apk.zip

MD5 b756c9d5df53eb070e37165a8e71425c
SHA1 fcb2d12dae7f1f857afb83eb389efaad2f3fdaba
SHA256 b0e5cbcff5c39f8185c43b7fbf8891b6a94d3cba02052c3e566978949371e808
SHA512 3562fc3ee96742d9ddb4b3fb77b6a14c5ed8a2fa628448283c3e81273427467efbff8945ff1b0863ddd7d08763216c5205dd5778e49afabdae2e10e4b7719356

/data/data/com.jqpa.loan.qyk/files/zbHello

MD5 ab3aec529c0a0d751f43cf6de904809a
SHA1 a7ad041ad68cb887d74a4454475693d06dbc3d10
SHA256 3604015d5d2a3d8a7c3b06fa5c9d2302bbcd0e7ea5ccaf24dd98f99f89b0e8ba
SHA512 7950c3df10a8941a690e83a7e7829bf744f9a64ca7b0863af625c10a15975cfb9d8876dd9918a0cb9d852c631f811db742f0b69ef031dc7a2d093a98f4b4439c

/data/data/com.jqpa.loan.qyk/databases/app_download_record-journal

MD5 25aaaed683c8819eba09b79cb096261b
SHA1 ca9165a99275331399854c0823e211bf487301cb
SHA256 3215e810b86ffe01d047ae1d288279a4273a6ce6ca422174d83283f04601ef4f
SHA512 9fd328accd1fe620972a5e2882dc3488d3649184dbc5624ade3e4a2e38a47b6a5f4b3dac95818f8d80b44f959f22fb1c2ac6f4b0e8814d73a6d98eaa989426dd

/data/data/com.jqpa.loan.qyk/databases/app_download_record

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.jqpa.loan.qyk/databases/app_download_record-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.jqpa.loan.qyk/databases/app_download_record-wal

MD5 850e736878ad676a950e9fdb65f8ceb0
SHA1 fa262d311dddbe0267475201244def028c047793
SHA256 e66f8b0424336bc28d684bb72bb5f2f476ba98c3ff2e66395c56f5dc7d9b6fe7
SHA512 ee37672a2f57d55377bd6535916386533a97cd3d5692f3928f07e7575287687e988769f83f0cc9da62726e7328b89cdda6abd24122703cd19bd4cef02e3616bd

/storage/emulated/0/Android/data/com.jqpa.loan.qyk/cache/crash-2024-11-03.txt

MD5 f4eb13ea807f00b4622d896aa12c7f33
SHA1 4496df1d7f93acd4b3aacc523a2122ddb2dff970
SHA256 4d4f10b0f8ba253690d3d733b48843e4c7f2ef723895f33380e28e0c33524c67
SHA512 1e0f94bbfd05e43ccd2b75d3d798850a31f3f02d19ea7067022ad99e69c3c44bc37110e978617e5bd3903710a4399b766d351265cf75d64a70d864b5cfc9ad51

/data/data/com.jqpa.loan.qyk/databases/sy_pay_record-journal

MD5 9027bede69815c936d2636243f76980e
SHA1 abbc605600d1db191f2bd6508be1407315ee6a0b
SHA256 0ae5f7b3dedbf7c2a09db962316bb93bb7a7962bbdad2de31fd1e351cd3c8b6e
SHA512 8b69940f5b6afb4f14b2bf4bf4141d25eab3435351fa65d7056508032f9ce0d5c5f5f7af47174d34aa6c5cf8427897f117d0b9ff618191df403fb0c1caef8787

/data/data/com.jqpa.loan.qyk/databases/sy_pay_record-wal

MD5 c7b9bff684e055c34339de290a445e88
SHA1 9dffa0ac388606c5ad268931527c1336479b0eb0
SHA256 7a63d1bdd6ecf261dc32d008d6ca4ef9e1ed941eae8e4b5ae97a33b9f83847a8
SHA512 9fea8f24d11d7b914d7c4562b3646b764f01de89767ff7064f1d952c39e4cae5eaf50a1103eaf2c053078bf1ff2ba798d2c74ae191c3adeb0961bd0d374c47dd

/storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.recordupload.apk

MD5 55c24dc00f667f62ee0cc0dfca41fc28
SHA1 1811dd0ba5f5bdfeef743332b7ef1b8e4097a23c
SHA256 8199c84eb1412ac9f13edc3bff4cd66e788847143bd0c8497ce7f699a0d68e77
SHA512 b5a5269065f4bcf05c560315255c49dc7eafc015458eca425f6b44eec0ee74c3e1d481e06df70deca25056a8fd070efb5adcf364061a8e5c1e26fb8e102caf69

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-03 05:10

Reported

2024-11-03 05:12

Platform

android-x86-arm-20240624-en

Max time network

133s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-03 05:10

Reported

2024-11-03 05:12

Platform

android-x64-20240624-en

Max time network

134s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-03 05:10

Reported

2024-11-03 05:12

Platform

android-x64-arm64-20240624-en

Max time network

134s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

N/A