Malware Analysis Report

2024-09-09 14:10

Sample ID 240506-pl6vysbe8w
Target 3f9a142aeabaaff9857056dc4a35d495.zip
SHA256 8df476be832a1204480d301c7579597bcdafc690b77d1f5c64dc6fb80c0d90d2
Tags
ermac hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8df476be832a1204480d301c7579597bcdafc690b77d1f5c64dc6fb80c0d90d2

Threat Level: Known bad

The file 3f9a142aeabaaff9857056dc4a35d495.zip was found to be: Known bad.

Malicious Activity Summary

ermac hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan

Ermac2 payload

Hook

Ermac family

Makes use of the framework's Accessibility service

Prevents application removal

Requests enabling of the accessibility settings.

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the phone number (MSISDN for GSM devices)

Makes use of the framework's foreground persistence service

Queries information about running processes on the device

Requests dangerous framework permissions

Acquires the wake lock

Schedules tasks to execute at a specified time

Reads information about phone network operator.

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-06 12:26

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-06 12:26

Reported

2024-05-06 12:28

Platform

android-x86-arm-20240506-en

Max time kernel

106s

Max time network

147s

Command Line

com.getecezegumetaco.gucepu

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.getecezegumetaco.gucepu

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 null udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp

Files

/data/data/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb-journal

MD5 f22b488778e836e9829495297796f581
SHA1 ba5ebe90e71fa051b6afb6ec5511adc0047390d0
SHA256 53f0aa29ba2346a7d73cb59e3f58c5e1ad111f78e65145610f46c0dde1504450
SHA512 773c27ee85cde5f6417dd92c08d03302f95c4a4d7215b95eebf4591e935cbf15dac841e9dc766b8de53487ae1c0f3c72f6e866f87056388a59b6b2e6357eea04

/data/data/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb-wal

MD5 643c38f81c819815ea6c2bed6177feb7
SHA1 a75db4da57a74d5755c63d23d7202ccc2028d62d
SHA256 129a7ea863e7fc3d6cca779016fb5d0ecbbe405bf9b8e895ff235dc817b842f0
SHA512 4b855bcd9a945700b79e38d0f783df69e7219a59679533e968a2c8303b767adf74ccc1ea938421ea79267050dda48ed2c71d0631d90b75557891461157ca5075

/data/data/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb-wal

MD5 71e92da0c802bf65630bc6d0e2cc94c3
SHA1 79d8ef11a7ebc3f62d218710a08bbb1b0fbd4599
SHA256 bcc67ed7ec9bb5029a2421d1219dbcfe1f640984ae279070e5acf8f3ebc1b02f
SHA512 9f43e0c4b30331e2081356a7d3485a6832596ef72cd4038e3fc9721e93a9b1a348f9a8731b869cc5d49579ce9f6289c03120174c29c2108ed77a99b359ab0df3

/data/data/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb-wal

MD5 6412c7e568ec225eaa46f0bee3deade3
SHA1 7b6200173d44b0865dbe9888f20f415fdd2c26be
SHA256 dc93ab691d707513498cbb5747950de4d862a7fe337fe96cf1544b8cce4095dc
SHA512 1e4f56b6c671bf2c7b2f006839c65c37881e00f4a26ba903392842125d72c610df41ae934b315d57fc2f3e4a8523c8a29ac45eb796bfa7fcffeb6f92d0c9cb7c

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-06 12:26

Reported

2024-05-06 12:28

Platform

android-x64-20240506-en

Max time kernel

152s

Max time network

150s

Command Line

com.getecezegumetaco.gucepu

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.getecezegumetaco.gucepu

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.212.194:443 tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb-journal

MD5 8d63af9d6ea2412924adbff334e3edc8
SHA1 8b8c29fb98a985e8db48efb2f208432bdb97e6b0
SHA256 747a83d66bf6dee420281a5459bb363f573ea409ad24a0449202f0630ef5a206
SHA512 018f1b28a8167590eff0dc9cf8781a5ed8abea6767c3654b4f05718bf7aa01ddc03386007942972af1dc00f9381a50d56460252b74304f63562f2a41655bcb03

/data/data/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb-wal

MD5 c0d14bc57766ce290b8a771f6aa2ca5d
SHA1 d49fcf4bdce1196e428c2403ffcadaa8b600f9e8
SHA256 0402412481ca7c52332c59d6d1b7fea65a1d61d8465de899990657852c6dd254
SHA512 fbc80fe0390401195a67e681101397891165dcb77a4c8b850d950756abc8e09a13f8190b65c9aad1339fdbe3416fad13f580cd25ab10927677c28216f3b5778f

/data/data/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb-wal

MD5 6dce2d5e04713c32d221568ea09520a7
SHA1 8691de02f031c50c19b756340419b3d7776f34c4
SHA256 9a95c4f5e458347c6713c77c4f4c94fe0bb208db761cc795c781992a7e6a3ae3
SHA512 8b43d9943799e0f1a771f3a24964cd50eda22b51d209c298efc3454dc2edc150ffcdd67e044c905488d8dd1e9e120ebdab48f4b8d92f4dbd43c621aa36f9dee4

/data/data/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb-wal

MD5 2e460a3e0336d7328c4a3650a959aec9
SHA1 6127dd0be42e3a48cbdf24b9fe633abf8a8fa5e7
SHA256 73d479383362e4e4072b35a999353274c0491e4900dcb2b8eee88c0f73b2ebf1
SHA512 f761aa12eebe0a3414786437d740f1e318c82f4c7c77f1cf36853e7718cfc0e831894d3c748865e04e599f9e87fcb20aa5e11f40a5c387d79bf78eaf07278459

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-06 12:26

Reported

2024-05-06 12:28

Platform

android-x64-arm64-20240506-en

Max time kernel

40s

Max time network

158s

Command Line

com.getecezegumetaco.gucepu

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.getecezegumetaco.gucepu

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.226:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 null udp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
GB 172.217.169.46:443 tcp
GB 216.58.204.66:443 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp
HK 23.224.233.76:3434 23.224.233.76 tcp

Files

/data/user/0/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb-journal

MD5 2f2f4289c45f592cc18a1793a3990c05
SHA1 94037468a24c89578214f7f89a2a4daaecf2d21f
SHA256 7a9c5a1f9e2e797b41bc51186db83d023d517a692fa9ae8eb019525649ffb280
SHA512 efd3061565093bba739736d6f6b69e031984923b4467e395e252c8a001645fa385953008256d72b1a1eaf220c91087c3638aa769178f3c5aee9c59525111dcee

/data/user/0/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb-wal

MD5 7a981022ae12c0e16f071d9888abd744
SHA1 fc567745319e113614a0a82d0adb51510a8150eb
SHA256 d90df2fd672cb3e8dfb27c94f2982dc5fcf81dc6d47a409ef84b37d3c9076530
SHA512 fabea4181c6a87050dcc6bbf2b613e56c08a8a10b551c7be06d29fe6b0c607eaae3a7268aae827833c3acaaa3ef9e87386bb2861f67fc2749dd8212014b51c40

/data/user/0/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb-wal

MD5 c53541b9856b8815caa8a0c57b1ee6e1
SHA1 69580c4a6bc0c511586ef4d12cfe3269ad7a842a
SHA256 433261ff6b2d68736373a5b44d4c6adcbc350e93559ca5a8b5742c5fdf8d9c6a
SHA512 5575ad7119c55475072cb9937a165f9f1b94fdcdded484d2188335c338e48d9c476808678b623ea5dca95d73dc74b853473af0d5681bbc91dc03213ef3a8763d

/data/user/0/com.getecezegumetaco.gucepu/no_backup/androidx.work.workdb-wal

MD5 beddde34bd2d95f1ce84521f0245cc73
SHA1 dd8f255f3126069fe4d697c76fbdff99227b66fe
SHA256 e161502ffd5e7f1c22121fb7a64b3eb2e81641d61e520fa1d14a9c5c191182c8
SHA512 bdaf7823e38724a1da4c9397e588a3ce0b3613d2e2f0b3e838e03cace0c52ce264a19ab17a9e99384537b8e1858e1551c34db3a94dd0e1fab9fa5c6c7faff930