Malware Analysis Report

2024-09-09 13:58

Sample ID 240702-1w72js1hqa
Target 4149e4a3434c44a87f55b5643d5bbbd55e093dc592a600be679aae9dd3706897.bin
SHA256 4149e4a3434c44a87f55b5643d5bbbd55e093dc592a600be679aae9dd3706897
Tags
hook collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan ermac
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4149e4a3434c44a87f55b5643d5bbbd55e093dc592a600be679aae9dd3706897

Threat Level: Known bad

The file 4149e4a3434c44a87f55b5643d5bbbd55e093dc592a600be679aae9dd3706897.bin was found to be: Known bad.

Malicious Activity Summary

hook collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan ermac

Ermac2 payload

Hook

Ermac family

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Acquires the wake lock

Makes use of the framework's foreground persistence service

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Requests enabling of the accessibility settings.

Performs UI accessibility actions on behalf of the user

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-07-02 22:01

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-02 22:01

Reported

2024-07-02 22:06

Platform

android-x64-20240624-en

Max time kernel

178s

Max time network

180s

Command Line

com.fogipexosisa.wesoku

Signatures

Hook

rat trojan infostealer hook

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.fogipexosisa.wesoku

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.213.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 accounts.google.com udp
GB 64.233.166.84:443 accounts.google.com tcp
N/A 192.168.10.24:3434 tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
GB 157.240.221.16:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
N/A 192.168.10.24:3434 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
N/A 192.168.10.24:3434 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp

Files

/data/data/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-journal

MD5 56bd0daeb8370693f2f8534c67ae4eac
SHA1 e481b108eedfe577ef264c0983b6ebb57df62bde
SHA256 f33fe51271541ea5cea3b8783a49a28310fe2ca7ac3436a13b00d5774ca4a05d
SHA512 7295e9d61d04d892d287ef0a4fe9f230abf3426f4ffc1852d7642503a759752025d88aacf5c0b5ffae56ebdf185357268617c8468903ae13e76b03e342d7cc84

/data/data/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-wal

MD5 078486ec3463e456b91f88eac6b20514
SHA1 633c6dbb7764146674bddf34ec2b55907fb10f5e
SHA256 d168ffd490655b865066cb15f253408e9521f4cd5c4b150241ccf3fbedfda56f
SHA512 0297a12765688a7ae2a9e6b788a25cdbce32586039cae2147a8777a3cb7797847088f7b51d1f2bd3b9e8406db1d36e78ba9e7eb054161b8fa563537bb457a745

/data/data/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-wal

MD5 859642b272c833119ec695d84d4e6739
SHA1 f53c456341c8ac2b5bf28da8e01b55a346edef93
SHA256 fb9e391e14241acc708f4bafe47b478a567fdf4b6485b0a635fb7c46ce382225
SHA512 1e98030950b996c30bf4cc94898196f9199db63af57f88ac0162bc79914b262f6ffcb6b26efd96aced69d4cac7aaf1e64bffa13745f7a7c8b652aa02c601fa26

/data/data/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-wal

MD5 d236781c36a6789995ba3d5a1b1f8729
SHA1 31e192836ae178a39356935a86f63ae1c129d393
SHA256 2d98ab1ad83241c1b6df797ebf8135efd386039d3f19e52e93f8aec632f35f4d
SHA512 8ddeb3582c098a38fa65f9b498b6af249c959377be37d741bae9b156f20573fb89fefc06e07854f6c637d18a85123e0c7f1f8b6cb4861dde56ad58c66dcac63f

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-02 22:01

Reported

2024-07-02 22:06

Platform

android-x64-arm64-20240624-en

Max time kernel

178s

Max time network

185s

Command Line

com.fogipexosisa.wesoku

Signatures

Hook

rat trojan infostealer hook

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.fogipexosisa.wesoku

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 157.240.221.16:443 static.xx.fbcdn.net tcp
BE 142.251.168.84:443 accounts.google.com tcp
GB 172.217.169.68:443 www.google.com tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.213.3:443 update.googleapis.com tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp

Files

/data/user/0/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-journal

MD5 925175e78dabecf1c90e515ba4267f09
SHA1 7832e19cc5616181399965caaca88008a88f7f80
SHA256 71907e6e6d716e1bc234162a1c1e1a84278c4a50352a42516d777672f3e9e41b
SHA512 e461789034d8646450802f02417a24481153c161d80814b861ec54208b6e08bb424c247d64dd1db6364af7b27df0c39ed347b9cf49e90f5e88085787a19ddcfd

/data/user/0/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-wal

MD5 ed14f437effae1daf1c7eaf7e6246179
SHA1 fe171fdb5c5c240d0b97d565572cac5f3de36dc6
SHA256 5dac8df5a88b0bf9c086bf0cf21b60a617bc1fe6040f473c2256522e47708fbd
SHA512 9ba1961a2d131535518d67ebb11a2eeba0a717d2ace349ef52cd5f7119adc985bc9460315edaf0d497fa1a50a2a820316c0a839c851498231ac39dfc59456e6e

/data/user/0/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-wal

MD5 50a7d3ec39c61d1b7f373cf0a15e8da8
SHA1 c79f2b67d1b94d5fee0d69f3be10c428c8e0ae2a
SHA256 5494a82ed3ba94bd5d185ddfa74f093407ef3ca37a6dd7864cdc64ba9ca9298a
SHA512 1c527e9b922a73ab6967d98e2a1f17dc25ec2c2090ed3844b3b5893c4d364b1ebd94c39863e6528ef4f1249437981308a3e4488649d34fa7af6d056fbebd1690

/data/user/0/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-wal

MD5 0460c244ea2d1e5a8267090e186538b2
SHA1 0f8ef7cc8bb1decbfd6fc2e87adc620ffc8d0e5e
SHA256 7e0ac012b3d24bfad6484f030ecc2fa386582b8ba456a99ebf5c0b90c1187df1
SHA512 6d46b957ba86be37c250c8b161c8c24ac839addccca867fbdf451e4a5e143cef92c0234eb2bf210deea0d873669412ace701b8fac12894275566b122b4f4e250

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-02 22:01

Reported

2024-07-02 22:06

Platform

android-x86-arm-20240624-en

Max time kernel

179s

Max time network

184s

Command Line

com.fogipexosisa.wesoku

Signatures

Hook

rat trojan infostealer hook

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.fogipexosisa.wesoku

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
N/A 192.168.10.24:3434 tcp
US 1.1.1.1:53 update.googleapis.com udp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp
N/A 192.168.10.24:3434 tcp

Files

/data/data/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-journal

MD5 ad20201191c95145e8f867a7680ad59c
SHA1 47ba272d9de5eb7aa2391d52d813bac1a0760094
SHA256 89747aafccf7e5b45d60b37135ac591f7c1a018e5f7dd13f2046851ab8a1d799
SHA512 78854cb5b13f70c1659307e3bbc11fb4c4d38d01490b497c137a472255305fb0c6a1837286c74fcbe4c7f19cc249e2a2305dc4262bf15ed208e250b8b122a482

/data/data/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-wal

MD5 f5186a5c5ffc360bdb637be1106866f4
SHA1 d1f3f337e0276598d1fa08e62d360de3a99424f3
SHA256 d4a0ac52c24ff7cd783415079c2215d43550f549e636b21d0ee11bf0ff82620d
SHA512 bc1240c07990f3637d8b5875039f71a5bc403d6b0de76a9607b2ef5e6347458725068cc6c002f3cc7ccc66cba595ce78201c8809ecc0209df5d438786e859040

/data/data/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-wal

MD5 141d8f831b1aef5b1ea3694d615976ca
SHA1 64a63d0cb4c97cb8ff310a3e5af190ef1787be66
SHA256 7340494b7b88287f3b63b3c2e512aedd473e7021c9b01986c0e9f1c8ae75e59d
SHA512 f9fa959915177b9cec55b858595818501d23707508daa16b52a01194f7607b21b7c8c24caf2392d43068e5eda5cb629b3290d3e8017f2d40d87900a99f63e982

/data/data/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-wal

MD5 3b069a88aca9a9604ec03eafad2e965e
SHA1 eb0beb20ba60ed7caca2383243ef9dcf5f914abd
SHA256 63b4ae0572f645da32838c1416a45e1e4fc2fedeb2080a03b85a5e53a32e3a25
SHA512 7b8338300fef1f6277a5673ce559a798405464832a347362558d76a1b847a797e7533bfc13453aa3edf368c73fce5eca11bfd307e76f2fe6a9d511e56594865f