Malware Analysis Report

2024-12-07 17:10

Sample ID 241112-zbmz7s1are
Target BsquedaDNIPER_22_APKPure.xapk
SHA256 273fe4e03235c330236b0f77347c147affba03e7b4bd7e10b19694fe8a49d46b
Tags
discovery impact persistence collection credential_access evasion
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

273fe4e03235c330236b0f77347c147affba03e7b4bd7e10b19694fe8a49d46b

Threat Level: Likely malicious

The file BsquedaDNIPER_22_APKPure.xapk was found to be: Likely malicious.

Malicious Activity Summary

discovery impact persistence collection credential_access evasion

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Queries the mobile country code (MCC)

Reads information about phone network operator.

Queries information about active data network

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 20:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 20:32

Reported

2024-11-12 20:35

Platform

android-x86-arm-20240624-en

Max time kernel

29s

Max time network

131s

Command Line

com.azetasoft.personas

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.azetasoft.personas

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp

Files

/data/data/com.azetasoft.personas/no_backup/androidx.work.workdb-journal

MD5 dfca9fa3786426e012c6082e80665852
SHA1 7ffec642746c0c71b7b33573b8f61074be21334d
SHA256 6005f421e95d762b83c2c1461825683e7372d40a6cacec7fe28fa6cc56949f44
SHA512 6dbbb18f094f5f02d3e01b95d698ff97f52bb652dabecf3722c50c846ab0ea2283f0ebb75fa522fa85c17ede352ab8842aa75947286ea496db3ee2914d2a95ad

/data/data/com.azetasoft.personas/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.azetasoft.personas/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.azetasoft.personas/no_backup/androidx.work.workdb-wal

MD5 e262e822e3b718ab8cea5b013b2a2111
SHA1 65d8b5b3e3380d916d25c8ef19a3f0c3982e2832
SHA256 7e0b75252957d813325c93f83cca4c2a635e43abc778a5fc058fe15527e49958
SHA512 fd505316c1b45e7d84b3645724a75ab41ac2e71fa36134ab6fc1b618300c0e2187f6dca25ca49a21ed94898715f0f4f98773713a4570e74553b6bfe0bc416aab

/data/data/com.azetasoft.personas/no_backup/androidx.work.workdb-wal

MD5 a971e520ccabea9869b8b1cf68efb564
SHA1 424a5350fbd23dfcdd09176c8033f164a9f2e894
SHA256 ef7ccb3b31a6f533df5eedf32d54a574a9004aeeb9314d72696ce5bd333cbc7b
SHA512 88d174f874a465e96d78aee0fbbfe22262ce338468493c23dd0aeffc383059976e779af72d64d449e09af76187d80aad6756f60f6eb930842419559eb421fa74

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-journal

MD5 8f2fa50bd2de76a71c351ad4bd50cc3a
SHA1 08bc54ae7bae66cc3cf63db7af3ee043a796e7c3
SHA256 cd4a87fc27c1a42f4d2a515176150cced816fd0f9f8e9a641c753e13d1188bc7
SHA512 2318342b836777749600d1ef0c55eb6533ced177416bd842b1c3d941a426546045fcd55818f1e837862a1eb9219c712fa91d54d04b7b180de4e55f243d7cadd7

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-wal

MD5 abeb2d0c4954f2bcca4ae950971c9dec
SHA1 b013930ea3f65c54de2b007b6052956b14523bf2
SHA256 ed2abfb4f60689ad366571464b554a1950b7bb860dcb5b607f343dd2479bb3bb
SHA512 34f2432efbd390c8fd4fb00f61e99393cbd60e917b7cb992fa536d551d51ba927fcc956b4798498fb8d2f0d652e5d5c959cc7b6c471a73cc1d64c17d31d6a6a3

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-wal

MD5 ea292178799e0a8673c7b4b6d92cfadc
SHA1 e6b5760c30fb58ad92f289b3b138950a8f3726b0
SHA256 213223b71e97ecccc0fde123906881625978ab86af54e8b074449ed11a613d42
SHA512 81bfdc988fad0f0e483be70e4082cb59754f38e1b2b14b970dcd92bd9030d3af2f7b6246f9b86b764f69262bbdcdb44a903d27e78b8d11107e24adb33ae1ae32

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 970161ab9dbbb979bfb6e37c85b60add
SHA1 a4181627cce918fae9aca5ba21c3d089a38b338a
SHA256 be12d97b19f9859c063ccc85cf2a4067e0dc44971557a44d5410e7ec6d4a7a75
SHA512 7f735fea91098e7fa1335a53d36b274dfeed6ca50cc5a52873705578e1a86d6fc58e6baff486cd278fcbb9d55b8d6d4ece2643c79163e1ebab0e7d76a3706242

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-wal

MD5 1d5f802efe7c742383177f61a2703064
SHA1 3610ad354f82d1da2e387ae5e21005008ac0206c
SHA256 221924713c79ba95e0238a8bb693d8bcc0cf755c4da18cbc6b77ea99de4377c1
SHA512 62a59677b6412a226d7b315607aa2f42a1c190cd222f3e11ad412a91f5fb831519bc3140a81814aa73d421b8274f31a01caa1613a1f9f83897cd4342eddb0206

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 6ab708c32d2652de9f7e797c71fc17c0
SHA1 e809c95bdcbceb703fe42a8e82049ef469021933
SHA256 76e780ced8bd81168457e3465e5df082ec111a2f2c279c21469224a34d1ff630
SHA512 2083aa75e773f39f856f3b7021adf62205eba7df40c6c7322f0432785f4ac35e00158a58362772e86bd2f9d51698694c3eab0c2dd013db9f58ffaa56bebc286b

/data/data/com.azetasoft.personas/cache/1725907690450.jar

MD5 8327423cb98850d1ea776adf97687a77
SHA1 c238d090c275dfac9a697dd30342bee0b839ca94
SHA256 e285e8fd9a7c1128b8182a9135292eee0c69c0d4c73ddfd9d87470b8f7cf7861
SHA512 fb7dff7f61f3497a5cb7e599eeaec0f24a0e363061b727fc2e15d309e8de51f9ae882e4a956855e0da647fea75914d2e06189da230721e126368b356193992ec

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-wal

MD5 8a4e69a5287287d52a1407b979926122
SHA1 301d9eedfbd3ef0da1878c6ce6bd4b0911757cdb
SHA256 43ffa41197425f630c55d089eb22cd453e76648e77068bb3cbc70316ad92c5ee
SHA512 a81f467b839d850e88aace0c0c3eff87e22da4ec62c2aceb40166bea60903b5daa9e5a39c36cedced05d8306d745205ed207b9219ca4744157399f5366d9aea9

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 49d4073724a417f4988aaca2ac2f5023
SHA1 66ef768c6d419acafc184152511b97c81eae33d2
SHA256 e05b6fc5c0e7052baf6150dc843f81475653b999e695393f1582ddccfe6316c2
SHA512 17021d9ec1b7d514640c1fbdf3dc7aaef6bf31b6a2516a89e50bde556edaa34a09708066dc40075104f595719d2615fd8d0c43c1383194b6e8d76adcdb246d99

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-wal

MD5 77a980f074fdbdd3c40023f5abea8802
SHA1 c416a5295fe4e725f00c771c2f9c582074253064
SHA256 05cedc8e17869806438bb5d379511165b1b85d58a4b909163d0d7fe58be7959f
SHA512 cfa187e7fa3c2301d89df5b61e584c3f7a941de22565aaa8ddc2753e18f4e554608c3a2a1f64db16ebc85dabe5793613ba0b891e0a4fa4caf3717c79c727111a

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 2cd8366cdfd7d7b7e7a616f115b18819
SHA1 a038410387ce58d7e9c9ddcb8ac6028abf69c7dd
SHA256 971fdfce5932abdf40ea9b3cf32d1d62df8163e72560231bcfdac86b46e1ba26
SHA512 af55c14f2b6727ed2d7e4e2cd1746b122e915f8f67920b789c069ce904390c64376806547095a062f772a1e2fb2ba89ffc652801bbd9fdc01f11e2775b13e80e

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-wal

MD5 0d34f6eba7c538ed61389d1139d0098e
SHA1 8e9f43c185cbfb3c4234315a408a46b415779842
SHA256 0be0d1eeb85b015b42dbac71de2c8d45c3e62232a1001a5a8d1c70edd65d28d5
SHA512 67964f4d5d10e8b4a9c28c04272799c50117435758d40266c4d092d70be1947ef4696fbfe5b04b6d995980dba442e5d1db8523f4a5f5fabad2c43a9430c28b90

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

/data/misc/profiles/cur/0/com.azetasoft.personas/primary.prof

MD5 dd8a0c18a391203c66c29528a1526cb3
SHA1 dc8acac3b7239e82f903a9a18108d1c7bf1ef686
SHA256 a6ec639a4bf0502e96a9baf98db8590f087c0b0c9dcbbccde61505b4169e8323
SHA512 689c550c2cab803cb72ecf5a80797fe9895bf373b011b0dce7c7c561999014b6a28f527c68801796c188bcd0a27950e3cbe94f7fe1cf2ee5eb25070ba7a6d0a8

/data/data/com.azetasoft.personas/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 7aa98bcf977572e640e224108d73a6ab
SHA1 0f75ac26571957c503c1698cb063793be636a123
SHA256 8a9aa9d49f2503b25323cdad1122072cce3e6aa1ebfa8bd904c6790653a17e10
SHA512 801285528ed4cac6968ec544b81119f8fba04b238b03404f267ce1890c39f5c1145f3c5b99c76f4d720a5c9b1471c9e6cf1a59eabb755f8e02b04d360f0ae829

/data/data/com.azetasoft.personas/files/profileInstalled

MD5 0bfff7c936e9d7a53b38acb4e8f8f1fb
SHA1 db2854de7d58a7c5af03c49fdbb0dad1890eb590
SHA256 9e8100364db9371fe96691393bbfd7c4c336dfefa5fe66b4a3612920769c7552
SHA512 5ac42f9c4b91ccd70d0ccae28147b6aa3c5df02c5b201401e50c289d4800748f18e019a40ead2403102c151bdc29cfa403aca9b82f0fd0e351c63d41ec13e6f0

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 20:32

Reported

2024-11-12 20:35

Platform

android-x64-20240624-en

Max time kernel

28s

Max time network

159s

Command Line

com.azetasoft.personas

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.azetasoft.personas/cache/1725907690450.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.azetasoft.personas

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 172.217.169.46:443 tcp

Files

/data/data/com.azetasoft.personas/no_backup/androidx.work.workdb-journal

MD5 405b07fc19eb41c7fd9ba6f23d9aae81
SHA1 09491b6219f7ac80769d7bf2714c6c05694bbda1
SHA256 dc4f413610da58adf89d45d7de002b70a2601199d6ff7e672e75fff64318ef16
SHA512 bd535ff635b5dd339c3c5ca4845b6d82630c60d8cd349b9f9b8f2dc42a7436f5a97d4db902fa88732eb8bb4efcbc29d1f6eb1c7d661e6f51f3e3bbfb58c59530

/data/data/com.azetasoft.personas/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.azetasoft.personas/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.azetasoft.personas/no_backup/androidx.work.workdb-wal

MD5 4834748e488a3fbda2e91a0492912777
SHA1 1d2db5a9f0c8cd375728897e12a2c04cf879ca90
SHA256 fdf411b05492859d11bd5ed516aec97d637f6d6a04f84800f747eb1f4468d57a
SHA512 e5e4b37fb726193887c889be8021326b93b63ad79448b5077e0189dc4a4787a67fde54c86f5105dbc3fd83071f186cc5f27bd64d7ac77f5217942a28b72117ba

/data/data/com.azetasoft.personas/no_backup/androidx.work.workdb-wal

MD5 4f65ab75c08878527e13370e88b314a8
SHA1 633df7809a2803044a44e0c4bf31f2b272868ee9
SHA256 472aae544174d256aac2db3785e2b3f07cbb75a619b81b8da272f3564b32b12a
SHA512 39a1b26b83ef97cd4db5f0bf5973cd18d876fbeb811fcdcd672a352ee1fc46ab3c2bb4b156bdae7ff42c4866735bdaebc53d6d7136a3ab9e9dc488b3565b860e

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-journal

MD5 335db86961605f3856ee6b5e8daf19ac
SHA1 30549bdb1398be48c275fc7dbdd8164938247bfb
SHA256 6b90f181b997b1a4cff043abc592c107068b2136d3d695864e5e1dd9453b802b
SHA512 69b42311496e02eab41a88978857c433dddf26ea6142cb97782e3edb9cb1df0a3f08e2e435d3b3196884a56c7c30f8b072764883dca9c1713906915c647254ce

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-journal

MD5 b65c3f84c20593d4361fc9f09cb57f1a
SHA1 9b588ea7b1c0ac674a286cb2097235e0ed9efdfa
SHA256 69791189dab6c5d113c2682b64d1eb264d6fc14a66f43d9e98708624ee941b35
SHA512 82addd4ec5c01d52a79929c19c128350b1596aa1889c874b4e97ceb3f9613b442f22349629ae9c67126ccbf26f21ee85fd23a931b05345037a3ad913c6bc747f

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-journal

MD5 321130274309767c19a867af65d4f8af
SHA1 648c930b8aa0da5cee875b063e1e51b9dc6f8e9a
SHA256 f1283e1f5b9a2e102a20f5d5ee38c3b051649ee252ff7de5c56d7ecbd61ee830
SHA512 3ad25e036d2eff99affbaaffdbbb7bb686995bf59f90e47dba1a51a1682982b1f1c8a89379ab96223582160f332737a85d0ab0f0cb9f9c923e1a062f245afa40

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-journal

MD5 fccfd4c7ff525b1131ea80ef61e33054
SHA1 5358c6d74ff373cb96aec42d97f41fdf6324f5f6
SHA256 afe7a0bb961b30f8c6a8e3f2f93fce81c84752134b3998577a8449e686be8adf
SHA512 c0c8a082c28e9a0a2f83f982c0570ec60c32a98d1bdf7c88e6e7f5d786935da1e75884cb98b301347a388ea1c6707b18d3fc437c453c017ce763d2ae89d73562

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-journal

MD5 288f424f5f579fab07aad7e0bc43776a
SHA1 546d15f2aa236fac805925830b4695e208f3be1f
SHA256 04d0107800ad54226abd85c8d9c87a3e6b574359642627e53b057adc02746ce4
SHA512 7a6005687e80fd20ae7c75de90d0800dec6507e0b023652c5fd85b76ae50be1cc0e7827c62e8437d9e287063f271af13c84f14857134a442db1a71aaf2bdca24

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-journal

MD5 83091fe202d841009a49d9134ba23b29
SHA1 920fdcf72d174b14b7919fecf69fba822682f32d
SHA256 793f8b84436c41dcf386c32c68a22d23dce8e98be4e9eac810a2f4bc06004050
SHA512 e558769ff8b83b0a721ec6a4debacc9276775f0e400b799f20d39c329b492ec88d8254e6217205d63423b2d9d831d5b21a1951baea9ddfdf6a35f093c15349f1

/data/data/com.azetasoft.personas/cache/1725907690450.jar

MD5 8327423cb98850d1ea776adf97687a77
SHA1 c238d090c275dfac9a697dd30342bee0b839ca94
SHA256 e285e8fd9a7c1128b8182a9135292eee0c69c0d4c73ddfd9d87470b8f7cf7861
SHA512 fb7dff7f61f3497a5cb7e599eeaec0f24a0e363061b727fc2e15d309e8de51f9ae882e4a956855e0da647fea75914d2e06189da230721e126368b356193992ec

/data/user/0/com.azetasoft.personas/cache/1725907690450.jar

MD5 48422cbee2deb43121bbacee64d236d2
SHA1 ddc1fead47246c79a9c39be3ac1c5b11ddef5018
SHA256 1ecb72da3522c21f2a30528fa92d221cd71273f9bbe47f29cb70c08b7e1d8fd2
SHA512 6388654bb845c86968b0fb4d6b2ead7b77aa8380678812e636c5ff17ebf6aed13ff308dcdf159aa3fc5c9c897ace2197ce30b5477c1a2038c20cada9d6240b5b

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 724d92114722bb349ad2424cf8b1d3d3
SHA1 a2a51ed53b07afc8dfcb211a374b8f17459e48aa
SHA256 b3e7fffd44714d5d6d862b845b586640f589294b5b2d28669e5f2dc45bc7f194
SHA512 2b48d2c5abd332aa00a0c324e724fa91ec2533151a720a0d261299f83827c9eaa050054f277ba8617dd698e9fa1be5fd6958c8f585ca882359e6062b38185773

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 9ec4fbc960632ecea6354dc72c144d6a
SHA1 8fb9fcd82c091aa0555979ce98a915efa49894ef
SHA256 ead20b035ee9bb9718ff04392197ebe80cbdfb00015bc5a7abe8246075721d22
SHA512 816d187d464de4167ba5dc77094f70608697863936cdd94fe6f60de3b5d1dca9f755d857ffc2b3fb528d293730ff44d1c090e4d77d0b61ca3f9c2fd68e61d053

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 394314253777b067286297f3be4cfa56
SHA1 56034103ff368029ae4a8ab280987c07b61e1b32
SHA256 5ee4d35a5f2a4f627be1fdc74e05c72c8590985db6b2dfe96570db5d984caacc
SHA512 2dd89406a20e3011781fdbea1cc81f17b792fbc0f18f9da4962ba8b071b08e7ff6359761dd56d3b725483e16ee2a13eb8b4f5aa6b6c96682400cf3a464fc630f

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 08fe1e9678f2b433b884bf635504c18a
SHA1 bdfd96540b32d627b5bee876974dd4f3889889de
SHA256 7519707b50f642c541eb350b8bb706e961e4ff3602c869140bd59a5d2dbb11ca
SHA512 ba2dd5245f5898dba414a91b9e05a18de6b1ffdc3f6b146f451e1214a936ec9ac47e693c39e70a613c3922c8428c87732887fe3a099b4da7392d1fd6cf6c2431

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

/data/misc/profiles/cur/0/com.azetasoft.personas/primary.prof

MD5 dd8a0c18a391203c66c29528a1526cb3
SHA1 dc8acac3b7239e82f903a9a18108d1c7bf1ef686
SHA256 a6ec639a4bf0502e96a9baf98db8590f087c0b0c9dcbbccde61505b4169e8323
SHA512 689c550c2cab803cb72ecf5a80797fe9895bf373b011b0dce7c7c561999014b6a28f527c68801796c188bcd0a27950e3cbe94f7fe1cf2ee5eb25070ba7a6d0a8

/data/data/com.azetasoft.personas/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 2eb744daf5f41267161796ff1da6ecdf
SHA1 4410183c21cfaaea4c74ba90fe33181e712d5d03
SHA256 a25da01399e07bb62c3fee50e3d40738037a2d5ae2207eda5ff912b9f3dfccb2
SHA512 6900ee725e44c918c2f5f1d13675bd00237c33952071cfae5092de296aa34c89e99ce67b4694b6cdc07f0f54d30256639c25226544fd2d6a43664a8a898b25b1

/data/data/com.azetasoft.personas/files/profileInstalled

MD5 c70b288dd9cbeef8adee5c908e72ffe6
SHA1 8d05afcc2d7fbdfacf1bd338ac30a28d7ce35b46
SHA256 f7b3cf7228e357b1d25552b50e74e766f9f7db1fb4a2cd0dc0f88b38b0248162
SHA512 df18fe6f003d23e78458c23427964e002b92beead7520e4982d39f3034fe41cf2fbf916a64e5e5809ce621c12dcd059bdcb2c9c79127cab1e3328c4d3d02c718

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-12 20:32

Reported

2024-11-12 20:35

Platform

android-x64-arm64-20240910-en

Max time kernel

23s

Max time network

151s

Command Line

com.azetasoft.personas

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /data/user/0/com.azetasoft.personas/cache/1725907690450.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.azetasoft.personas

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 216.239.38.223:443 tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 172.217.169.2:443 tcp
GB 216.58.201.102:443 tcp
GB 216.58.212.193:443 tcp
GB 142.250.187.225:443 tcp
US 216.239.38.223:443 tcp

Files

/system_ext/framework/androidx.window.sidecar.jar

MD5 bdf3529e80318eb14e53a5bf3720c10d
SHA1 25c9ace4b1af6e80ebb2572345972c56505969ba
SHA256 bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b
SHA512 48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

/data/data/com.azetasoft.personas/no_backup/androidx.work.workdb-journal

MD5 1460c804fd2738c9fdbbb08e2ca2fbba
SHA1 f7623274ee3920f8856848ab039f73c8bf6108c7
SHA256 69710a855c7060271532b835f1bbff6d9e7d800971d2af2ddcdbbe2580a2432b
SHA512 ae3420187bc48269749513a29cb8ba0677e0d583624f6ff2bf98ca3726f004eba71efe1b6e4018bf0d18043e8a66d8680baddb3465414d3de543bbc5f744076c

/data/data/com.azetasoft.personas/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.azetasoft.personas/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.azetasoft.personas/no_backup/androidx.work.workdb-wal

MD5 fb5ca9ac06a68d5a2b58dabe6a19f686
SHA1 2308262d27e51de01a569c3da1186c84b2675524
SHA256 0ba2372a8eedab76df13cb022902a1b25b5238182e3b8a650f42d3b3170cb393
SHA512 8e8fd568bf12dc684c8c5a03e792de0a79ac158dfbb9ce321f2d9097f5bb0aa13e95830c3c905fe5ffbe2636836a432aab74dfb14109f873132908019c47ce74

/data/data/com.azetasoft.personas/no_backup/androidx.work.workdb-wal

MD5 ecc525a4a54e6c59617799195e3bd2c0
SHA1 305f8c66b209b805cc564f4fc81fab7a0f87cf8f
SHA256 853ecc0cddb64991b5d990577d99304a66201feecc34e26a627ab552c0ca462e
SHA512 f0c3b14ef4db30534f007aa52201e7d1d18759a8c7486da957163fe041061dbdc934bb4d502d964f8b2958e558881bdb561904ede7d1a23cd368e0aa9e01fe1c

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-journal

MD5 4254df9bbf53bfacb6b9fa2259601162
SHA1 58aead5134e68b049d3ab0b4d85d7fa3f4f15e30
SHA256 81caca170e6440127bd6edba10f49b1884fe6758c2744fe984abe0f4304ca539
SHA512 5018255f1a6ae0194fcea98ffdf52ecaf5936753b79d7ee6056ab95bb504ca86c5b97e90d8aacb9c6e0eca58c62e297bffbe1570a60de3b65482997035d895af

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-journal

MD5 2e3ec1587f11c6b0573d70807be627e9
SHA1 0585e2e3ab526972779d501cad07daace844d464
SHA256 54600976d26178e58ac8bf21b44855ccce001ec43a1c9a72d1db5d688bbae04a
SHA512 9185a4f30d436345163bc623fa498fc43a88042f00a2d897120a4a74aadfcf302f2843193f9cab78195835293831be23f17dadd571e052c2e614d13675a784f5

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-journal

MD5 115a3ff961e3ccded616cf8bf639b21b
SHA1 ae36b65c64a44ea0addde53a4c7d43f5466b18d6
SHA256 d601bf485f2f8d12615cd087fde43ec70fdb1423c2ecc4453ecefcf2c1e7e090
SHA512 e07c41010d1baa2aae8d548cf53ea8c3299801927c409148e561cf78b65671303a9d8b00a1c1cbd68f6ebdf56f393d82898cee0254b97fe0517a69f9010b5556

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-journal

MD5 12ef328bd1c6f2317f627697a1b57005
SHA1 05dcfa7074cc8154a31b17ae4615c60ec71cc5d0
SHA256 80b371d79bbbf9add038ae0cdfa8feb7f402f395dbd5e5b7cf2ce721df96dad8
SHA512 8d6249e9b8e22519ac01a5f0ec577f02b8072818a0d608ab7dc581c3138931c21ffeaf620a9e298f0288755e16fbe351a37d7f4e6a09292c569ade706ba003d1

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-journal

MD5 ea6eea27b2351d39c741ee35e969da67
SHA1 aff332122116e944f62c255400ce5113cbc46c92
SHA256 4f7f8bdc09a14ed3eb01f4a87a02c5fa0a313ce9b8c6c09ac335f027dee72ee8
SHA512 83905139297fdf5a54aa1a6c46a4196b2d29fe4bf43438ecde03b2e7be7d4b9f64f47029054b49fb2812c8efc4b8b9bdb956465e4070556336096725f9210f30

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db-journal

MD5 769c3bb0aa4d10df5fe68e14f847d0fc
SHA1 252f1e2148fd4682c5a087e643281021bf857e41
SHA256 55c9d09ff50a37d1df2301121ea4e98ff7ffc1a4632f25bee94491b90122321c
SHA512 dab423b30cbdb4f14e66801d3ad2dc142d3cc1a8484e3784c4889c8e13e2e574abed3407a30ffbf835817fda3c172d2f09a7eeb5e653730752967522bdff42e7

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 b95ed844dad4c7ee6b8fa19632934d2b
SHA1 6ef69a5732fc7c2daedeb23d1b73be3229ad213d
SHA256 b441384073f1e834c7c472e145ec0be0579e0ede09b777cfe8ff6128f19fdb84
SHA512 47dbb0f5ae986addb7688a307c4f3af89140c9506be90ac566ec382e0fa0f55ec145838638eec4d5d5e16084601776c81f8acbaf2731187c0de5df825ebee786

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 cfd3f0b1a0caf5f071d4d32ccd8df0e7
SHA1 3033a4fe94ee679d1beb8fe7c65a3039cd8e2c83
SHA256 a6874fcc2140e41225453b73a400e774e6f35296e33f63158d20495b57ff8b6b
SHA512 f75ad7fd0e3ace87376fbd6262b1aa3f41581f482213d95cb63242b56e2770205a3571f8dd26a8e2492429927439eeb615378b606a155bb0a5003629e8c56682

/data/data/com.azetasoft.personas/cache/1725907690450.jar

MD5 8327423cb98850d1ea776adf97687a77
SHA1 c238d090c275dfac9a697dd30342bee0b839ca94
SHA256 e285e8fd9a7c1128b8182a9135292eee0c69c0d4c73ddfd9d87470b8f7cf7861
SHA512 fb7dff7f61f3497a5cb7e599eeaec0f24a0e363061b727fc2e15d309e8de51f9ae882e4a956855e0da647fea75914d2e06189da230721e126368b356193992ec

/data/user/0/com.azetasoft.personas/cache/1725907690450.jar

MD5 48422cbee2deb43121bbacee64d236d2
SHA1 ddc1fead47246c79a9c39be3ac1c5b11ddef5018
SHA256 1ecb72da3522c21f2a30528fa92d221cd71273f9bbe47f29cb70c08b7e1d8fd2
SHA512 6388654bb845c86968b0fb4d6b2ead7b77aa8380678812e636c5ff17ebf6aed13ff308dcdf159aa3fc5c9c897ace2197ce30b5477c1a2038c20cada9d6240b5b

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 5ea719aeb6707dbaf46de1026c4cdfce
SHA1 8f10248f6c22e25ba5840cc98bc8a8d2340e5339
SHA256 6b60bd29eee5bfd0055e5eaf5ae8530cb69f5b29569629b1e51338c03107a52a
SHA512 38d04b7e4304db0e38d1bbc1d57840a2eee63c0ed6fc8ebe186e6ca92f409e6da29a8f103503cce9195335dd919a4130c726704b74607dc8b4a3ddf34a292e05

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 15d0485098f88e3acc6a15fae68a5fef
SHA1 abe2e252cc7bb75aa6e93078d2090eddd3606350
SHA256 903c9f08b3522b8e13b32edb3446e63bfb7dbb94395271b27dcbaf98cfc2d4e4
SHA512 f9cef4dd8b7851cc2603b6714c63da84824da82499b4031b2e91cf4451c09faa4340eab9c78c854a5c29a39aeaf7437c5d1e8253536f2842debaefde6118684d

/data/data/com.azetasoft.personas/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

/data/misc/profiles/cur/0/com.azetasoft.personas/primary.prof

MD5 dd8a0c18a391203c66c29528a1526cb3
SHA1 dc8acac3b7239e82f903a9a18108d1c7bf1ef686
SHA256 a6ec639a4bf0502e96a9baf98db8590f087c0b0c9dcbbccde61505b4169e8323
SHA512 689c550c2cab803cb72ecf5a80797fe9895bf373b011b0dce7c7c561999014b6a28f527c68801796c188bcd0a27950e3cbe94f7fe1cf2ee5eb25070ba7a6d0a8

/data/data/com.azetasoft.personas/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 69071aa55b59f090faa9fec44f9d049b
SHA1 d1ab13665703d18a066a28b31d660c02dc7fead7
SHA256 13afc8ab6b693a2d5039f84494fbd8fadaa3233c89ed5c8ecf48eabd5c3f898f
SHA512 af20e634f162414519dce21190c7e2335f852befc9a8fb9bc3f9156068a8702203c1fb22670f1532a647e2dca095e1314486f5767adfeff8cfff6f9bd6c05d08

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-12 20:32

Reported

2024-11-12 20:35

Platform

win7-20240903-en

Max time kernel

119s

Max time network

120s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\config.en.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\config.en.jar

Network

N/A

Files

memory/2384-2-0x0000000002580000-0x00000000027F0000-memory.dmp

memory/2384-10-0x0000000000340000-0x0000000000341000-memory.dmp

memory/2384-11-0x0000000002580000-0x00000000027F0000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-12 20:32

Reported

2024-11-12 20:35

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\config.en.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\config.en.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

memory/3000-2-0x000001DDAD7B0000-0x000001DDADA20000-memory.dmp

memory/3000-11-0x000001DDAD790000-0x000001DDAD791000-memory.dmp

memory/3000-12-0x000001DDAD7B0000-0x000001DDADA20000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-12 20:32

Reported

2024-11-12 20:35

Platform

win7-20240903-en

Max time kernel

118s

Max time network

119s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\config.mdpi.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\config.mdpi.jar

Network

N/A

Files

memory/1596-2-0x00000000026D0000-0x0000000002940000-memory.dmp

memory/1596-10-0x0000000000250000-0x0000000000251000-memory.dmp

memory/1596-11-0x00000000026D0000-0x0000000002940000-memory.dmp

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-12 20:32

Reported

2024-11-12 20:35

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

137s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\config.mdpi.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\config.mdpi.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp

Files

memory/1256-2-0x0000016C21AF0000-0x0000016C21D60000-memory.dmp

memory/1256-11-0x0000016C20200000-0x0000016C20201000-memory.dmp

memory/1256-12-0x0000016C21AF0000-0x0000016C21D60000-memory.dmp