Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
152s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
06/09/2024, 18:29 UTC
Static task
static1
Behavioral task
behavioral1
Sample
d03206189788f7f2780b7c1668d6e19e_JaffaCakes118.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
d03206189788f7f2780b7c1668d6e19e_JaffaCakes118.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
d03206189788f7f2780b7c1668d6e19e_JaffaCakes118.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
d03206189788f7f2780b7c1668d6e19e_JaffaCakes118.apk
-
Size
3.4MB
-
MD5
d03206189788f7f2780b7c1668d6e19e
-
SHA1
3146ccf56d12b313723b878e374926f4a4ec31bf
-
SHA256
1f97af5141574e01bef06ffd23fd374530b5aeddd63d3c69ab0e875eb659760c
-
SHA512
7b29dab7f5c3c39e0a9f320c693b83e67bcf6d4cd1363385b1aa5fb949a889b667341be5973e7d5bdbd9efe31892dfc979fcbfbf54fbe877c9543a707a151fc5
-
SSDEEP
98304:pdGrAdMGjbRROjBFcnBa9vRQGogBB1xFQZtw:pkoWOn6RuW1xOtw
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /system/app/Superuser.apk com.ninefold.bondisushi:Metrica /sbin/su com.ninefold.bondisushi:Metrica /system/bin/su com.ninefold.bondisushi:Metrica -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ninefold.bondisushi Framework service call android.app.IActivityManager.getRunningAppProcesses com.ninefold.bondisushi:Metrica -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ninefold.bondisushi -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ninefold.bondisushi -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.ninefold.bondisushi Framework service call android.app.job.IJobScheduler.schedule com.ninefold.bondisushi:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.ninefold.bondisushi:Metrica Framework API call javax.crypto.Cipher.doFinal com.ninefold.bondisushi
Processes
-
com.ninefold.bondisushi1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4784
-
com.ninefold.bondisushi:Metrica1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4838
Network
-
Remote address:1.1.1.1:53Requestwww.youtube.comIN AResponsewww.youtube.comIN CNAMEyoutube-ui.l.google.comyoutube-ui.l.google.comIN A142.250.179.238youtube-ui.l.google.comIN A142.250.187.238youtube-ui.l.google.comIN A216.58.201.110youtube-ui.l.google.comIN A172.217.16.238youtube-ui.l.google.comIN A216.58.204.78youtube-ui.l.google.comIN A142.250.200.46youtube-ui.l.google.comIN A172.217.169.46youtube-ui.l.google.comIN A172.217.169.78youtube-ui.l.google.comIN A142.250.180.14youtube-ui.l.google.comIN A142.250.178.14youtube-ui.l.google.comIN A172.217.169.14youtube-ui.l.google.comIN A142.250.187.206youtube-ui.l.google.comIN A142.250.200.14youtube-ui.l.google.comIN A216.58.213.14youtube-ui.l.google.comIN A216.58.212.206youtube-ui.l.google.comIN A216.58.212.238
-
Remote address:1.1.1.1:53Requestapi.birbira.xyzIN AResponseapi.birbira.xyzIN A172.67.177.167api.birbira.xyzIN A104.21.17.160
-
Remote address:172.67.177.167:443RequestPOST /v2/client HTTP/2.0
host: api.birbira.xyz
content-type: application/x-www-form-urlencoded
content-length: 198
accept-encoding: gzip
user-agent: okhttp/3
ResponseHTTP/2.0 200
content-type: application/json
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ApFiERNVhRP9BGpKLPEa2AS6cAA7SEEdTR0CfS9RMN%2FZULB6KVAndi2YciNszJnrJyP7rMg4XoRyjEJYJfWZUe8TD%2FoRlAyFy9As%2BlCymYjX%2BMUC%2BZtYmubkrqcYCi4rXbg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c0e9845af1d63ab-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
-
GEThttps://api.birbira.xyz/v2/settings?client_id=ab2f3d7f-f3f6-836d-dcdf-96a57f147dee&sdk_ver=85&a_ver=30&ts=0Remote address:172.67.177.167:443RequestGET /v2/settings?client_id=ab2f3d7f-f3f6-836d-dcdf-96a57f147dee&sdk_ver=85&a_ver=30&ts=0 HTTP/2.0
host: api.birbira.xyz
accept-encoding: gzip
user-agent: okhttp/3
ResponseHTTP/2.0 200
content-type: text/html; charset=UTF-8
iv: NWVjYzBmMDEyZjhhOTM0MQ==
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=laQ%2FiSi2SLmPzXu11ViEbmyYks2hfpQIHxOR3c2M6b3ClNguouLgcb5i7e7ok6qcQepq6vriqvKvuZHYoeTAwLRvHvN0rS9dMe8YZ9v5PLbyUD9rhQ9a%2F%2F0pL0wrQV7Q9aI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c0e985f9fd363ab-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
-
Remote address:1.1.1.1:53Requeststartup.mobile.yandex.netIN AResponsestartup.mobile.yandex.netIN A213.180.204.244
-
GEThttps://startup.mobile.yandex.net/analytics/startup?deviceid=765d4347fc0e865a06930a637f18b45f&deviceid2=765d4347fc0e865a06930a637f18b45f&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&app_platform=android&protocol_version=2&analytics_sdk_version_name=3.6.4&model=Pixel%202&manufacturer=Google&os_version=11&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&locale=en_US&device_type=phone&queries=1&query_hosts=2&features=ec%2Cpi%2Cs%2Cpc%2Cfc%2Cflc%2Cblc%2Cflbc%2Cblbc%2Ctrtlt%2Ca%2Cg%2Cwa%2Cwc%2Com%2Cca%2Csi%2Csm%2Cap%2Csl&s=1&app_id=com.ninefold.bondisushi&flc=1&app_debuggable=0&sl=1&blc=1&detect_locale=1&uuid=fa07db4de93143adbd71705976dcf96a&time=1&requests=1&stat_sending=1&permissions=1Remote address:213.180.204.244:443RequestGET /analytics/startup?deviceid=765d4347fc0e865a06930a637f18b45f&deviceid2=765d4347fc0e865a06930a637f18b45f&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&app_platform=android&protocol_version=2&analytics_sdk_version_name=3.6.4&model=Pixel%202&manufacturer=Google&os_version=11&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&locale=en_US&device_type=phone&queries=1&query_hosts=2&features=ec%2Cpi%2Cs%2Cpc%2Cfc%2Cflc%2Cblc%2Cflbc%2Cblbc%2Ctrtlt%2Ca%2Cg%2Cwa%2Cwc%2Com%2Cca%2Csi%2Csm%2Cap%2Csl&s=1&app_id=com.ninefold.bondisushi&flc=1&app_debuggable=0&sl=1&blc=1&detect_locale=1&uuid=fa07db4de93143adbd71705976dcf96a&time=1&requests=1&stat_sending=1&permissions=1 HTTP/1.1
Accept: application/json
User-Agent: com.yandex.mobile.metrica.sdk/3.6.4.45179 (Google Pixel 2; Android 11)
Accept-Encoding: encrypted
Host: startup.mobile.yandex.net
Connection: Keep-Alive
ResponseHTTP/1.1 200 Ok
Content-Length: 1344
Content-Type: application/octet-stream
Date: Tue, 10 Sep 2024 10:04:37 GMT
-
Remote address:1.1.1.1:53Requestreport.appmetrica.yandex.netIN AResponsereport.appmetrica.yandex.netIN A213.180.193.226
-
POSThttps://report.appmetrica.yandex.net/report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=7c352535-6c59-4310-a0dc-96ecbe866e49&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0Remote address:213.180.193.226:443RequestPOST /report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=7c352535-6c59-4310-a0dc-96ecbe866e49&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0 HTTP/1.1
Accept: application/json
User-Agent: com.yandex.mobile.metrica.sdk/3.6.4.45179 (Google Pixel 2; Android 11)
Send-Timestamp: 1725962676
Send-Timezone: 0
Content-Type: application/x-www-form-urlencoded
Host: report.appmetrica.yandex.net
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 384
ResponseHTTP/1.1 200 Ok
Content-Type: application/json; encoding=utf-8
Date: Tue, 10 Sep 2024 10:04:38 GMT
-
POSThttps://report.appmetrica.yandex.net/report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=20799a27-fa80-4b36-b2db-0f8141f24180&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0Remote address:213.180.193.226:443RequestPOST /report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=20799a27-fa80-4b36-b2db-0f8141f24180&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0 HTTP/1.1
Accept: application/json
User-Agent: com.yandex.mobile.metrica.sdk/3.6.4.45179 (Google Pixel 2; Android 11)
Send-Timestamp: 1725962676
Send-Timezone: 0
Content-Type: application/x-www-form-urlencoded
Host: report.appmetrica.yandex.net
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 480
ResponseHTTP/1.1 200 Ok
Content-Type: application/json; encoding=utf-8
Date: Tue, 10 Sep 2024 10:04:38 GMT
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A172.217.169.8
-
Remote address:1.1.1.1:53Requestapi.tridrongo.infoIN AResponseapi.tridrongo.infoIN A172.67.161.129api.tridrongo.infoIN A104.21.66.157
-
Remote address:172.67.161.129:443RequestPOST /v2/event HTTP/2.0
host: api.tridrongo.info
content-type: application/x-www-form-urlencoded
content-length: 68
accept-encoding: gzip
user-agent: okhttp/3
ResponseHTTP/2.0 200
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LpVROpVwaeP8My5AsHhZo6W%2FUFjmPMod58H6zmN0kQSUBgmdxexlc39BixiHqVaTtL1wbwH1YDm%2FRKThyRPwfqhQa%2FwKiC0qy27E5pJOK7XkgxySm6wUuE3MP5Jy83Ssvw4kMQI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c0e986198533dca-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
-
Remote address:1.1.1.1:53Requestapi.oradaph.pwIN AResponseapi.oradaph.pwIN A172.67.140.65api.oradaph.pwIN A104.21.8.212
-
Remote address:172.67.140.65:443RequestPOST /v2/event HTTP/2.0
host: api.oradaph.pw
content-type: application/x-www-form-urlencoded
content-length: 145
accept-encoding: gzip
user-agent: okhttp/3
ResponseHTTP/2.0 200
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0mMyM4VGEiy12czHmmXi1guddxNJ0jrNEmWzdOxH2%2BsCC0nZeJ5BVBOy%2BuuJcheA0aLilNbMMopCkIlfIO7pqKI6QePLvuH5XfksyjMCSl%2FyeVgyWHwhFSyhfN%2Fnp94%2BWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c0e986498f294ae-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
-
Remote address:1.1.1.1:53Requestarb.grattomania.spaceIN AResponse
-
336 B 40 B 1 1
-
2.1kB 8.3kB 18 15
-
172.67.177.167:443https://api.birbira.xyz/v2/settings?client_id=ab2f3d7f-f3f6-836d-dcdf-96a57f147dee&sdk_ver=85&a_ver=30&ts=0tls, http22.3kB 15.5kB 25 25
HTTP Request
POST https://api.birbira.xyz/v2/clientHTTP Response
200HTTP Request
GET https://api.birbira.xyz/v2/settings?client_id=ab2f3d7f-f3f6-836d-dcdf-96a57f147dee&sdk_ver=85&a_ver=30&ts=0HTTP Response
200 -
213.180.204.244:443https://startup.mobile.yandex.net/analytics/startup?deviceid=765d4347fc0e865a06930a637f18b45f&deviceid2=765d4347fc0e865a06930a637f18b45f&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&app_platform=android&protocol_version=2&analytics_sdk_version_name=3.6.4&model=Pixel%202&manufacturer=Google&os_version=11&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&locale=en_US&device_type=phone&queries=1&query_hosts=2&features=ec%2Cpi%2Cs%2Cpc%2Cfc%2Cflc%2Cblc%2Cflbc%2Cblbc%2Ctrtlt%2Ca%2Cg%2Cwa%2Cwc%2Com%2Cca%2Csi%2Csm%2Cap%2Csl&s=1&app_id=com.ninefold.bondisushi&flc=1&app_debuggable=0&sl=1&blc=1&detect_locale=1&uuid=fa07db4de93143adbd71705976dcf96a&time=1&requests=1&stat_sending=1&permissions=1tls, http2.1kB 7.1kB 11 10
HTTP Request
GET https://startup.mobile.yandex.net/analytics/startup?deviceid=765d4347fc0e865a06930a637f18b45f&deviceid2=765d4347fc0e865a06930a637f18b45f&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&app_platform=android&protocol_version=2&analytics_sdk_version_name=3.6.4&model=Pixel%202&manufacturer=Google&os_version=11&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&locale=en_US&device_type=phone&queries=1&query_hosts=2&features=ec%2Cpi%2Cs%2Cpc%2Cfc%2Cflc%2Cblc%2Cflbc%2Cblbc%2Ctrtlt%2Ca%2Cg%2Cwa%2Cwc%2Com%2Cca%2Csi%2Csm%2Cap%2Csl&s=1&app_id=com.ninefold.bondisushi&flc=1&app_debuggable=0&sl=1&blc=1&detect_locale=1&uuid=fa07db4de93143adbd71705976dcf96a&time=1&requests=1&stat_sending=1&permissions=1HTTP Response
200 -
213.180.193.226:443https://report.appmetrica.yandex.net/report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=7c352535-6c59-4310-a0dc-96ecbe866e49&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0tls, http2.6kB 4.6kB 11 9
HTTP Request
POST https://report.appmetrica.yandex.net/report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=7c352535-6c59-4310-a0dc-96ecbe866e49&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0HTTP Response
200 -
213.180.193.226:443https://report.appmetrica.yandex.net/report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=20799a27-fa80-4b36-b2db-0f8141f24180&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0tls, http2.7kB 4.7kB 11 10
HTTP Request
POST https://report.appmetrica.yandex.net/report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=20799a27-fa80-4b36-b2db-0f8141f24180&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0HTTP Response
200 -
1.4kB 5.9kB 10 9
-
1.5kB 4.6kB 15 13
HTTP Request
POST https://api.tridrongo.info/v2/eventHTTP Response
200 -
1.5kB 4.6kB 15 13
HTTP Request
POST https://api.oradaph.pw/v2/eventHTTP Response
200 -
135 B 40 B 2 1
-
270 B 40 B 4 1
-
256 B 40 B 4 1
-
270 B 40 B 4 1
-
408 B 6
-
3.9kB 13
-
61 B 351 B 1 1
DNS Request
www.youtube.com
DNS Response
142.250.179.238142.250.187.238216.58.201.110172.217.16.238216.58.204.78142.250.200.46172.217.169.46172.217.169.78142.250.180.14142.250.178.14172.217.169.14142.250.187.206142.250.200.14216.58.213.14216.58.212.206216.58.212.238
-
1.4kB 54 B 1 1
-
61 B 93 B 1 1
DNS Request
api.birbira.xyz
DNS Response
172.67.177.167104.21.17.160
-
71 B 87 B 1 1
DNS Request
startup.mobile.yandex.net
DNS Response
213.180.204.244
-
74 B 90 B 1 1
DNS Request
report.appmetrica.yandex.net
DNS Response
213.180.193.226
-
70 B 86 B 1 1
DNS Request
ssl.google-analytics.com
DNS Response
172.217.169.8
-
64 B 96 B 1 1
DNS Request
api.tridrongo.info
DNS Response
172.67.161.129104.21.66.157
-
60 B 92 B 1 1
DNS Request
api.oradaph.pw
DNS Response
172.67.140.65104.21.8.212
-
67 B 132 B 1 1
DNS Request
arb.grattomania.space
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
90B
MD558c81acdb6fece00b36c4dc8512b6e47
SHA162ba8e89bd96f34f1c88c81368fb27549b7cd790
SHA2569d1255f5df695ab48a31622bd8da1ecaa502f9ff672b345f801dc7fbcdc309cb
SHA5123719a0843f236494ad55abb0f36bc7123dd97253a539d547e8da67e575bd3aa5924f9abbb54bd286e50764cd673f48ba44dcc61f971e7ac96c8f7576af6268dc
-
Filesize
234B
MD527fc7db61027f9a5cb4a5c916d53dda5
SHA11f7847decbc7df3abca42ba9aad7038000d3fa80
SHA256319d58c66def1b9c99ecd55d672b0b4e5bfdf79190adcf7957c91c3455d0d367
SHA512e9d28277192df26629c01d30927d305b1a0a5c6f838df23f84ef119ad50e9adbc8b9e1b1cc81c2ca3009710ff15f3f22fb53d92cd50b8429418d8f71b9964db3
-
Filesize
36KB
MD5ca52a8b491c9fc4b49e504625045ce6c
SHA1fb68c117f349968751bab9fd59918af6c34b62aa
SHA25613229af5185e7cbb4e989d1161a5ef430ae51e06a108a3be9454763d228820c0
SHA512f747277e2a6f44fa159bd7f0fca4c81904088622fe3a517c8bbfb7199eaf293ebe10d8fc44132129ba6b3bea1a81d66100ab59a30cc559b14cab6df2a88ea3ef
-
Filesize
20KB
MD5cd3910aea859f3e883ce44494b8f8bdf
SHA1b7321ae9fc9bf5e509bc557379a7c4149ff05b50
SHA256ddd1ce5c2ab9bdd139289395819e8652ca9fe47387975237730bebf1031c7b39
SHA5123bdda056da2fe68211d5a70f512621b7cd1c4b65017f057e9dc944f17dea80cf11b59b35a1e841fbc8c178a280ddfe72481a684a7a8237a2cdb0d5d5fac6de70
-
Filesize
8KB
MD579755793d4239135d9150307b82b878f
SHA1786a3eea14c4c06db40c8288da285d9bcc69459c
SHA256ef1ebe3297670e4de70b95f23fb3f967a2c90836aee31fd261fb4d12ce9b7c2d
SHA51219ff94f0653ef1ec090fd5d42f2f17c901945f921c0a763e5e5812cdf8dea40532dac8a878fe698a24db38a9ecd42de5e07d7e860c03cf264eee04c74ff00879
-
Filesize
8KB
MD56654b68cdb1175cbb540e9559930dba7
SHA1aee3499cd9469d0abb16bfe75b15505d8fb9dfc7
SHA25676c538d6ee602e19c6fa8a8b2f11f735682e364e913b15efd71d9bf83a6ca251
SHA51291345f578f4a7e079e8b9d9735d72e331bf16de79ff57c00b855a79dd7fcdbee71c3a8bf6da5079bb939e69643653c9c873dbef60c69b65af9a67ad16b70a0f7
-
Filesize
12KB
MD5d099ec65ac973661db8591c7f174ce5c
SHA16c1fab82536c08823ee17e01c427b36feb1c9557
SHA256131b05f451c1db7a2de262ff0ded6b4f5c98d0d8da879a8a7194932524d186d7
SHA512bb7f0503c3446a0c2b49bbe4b32064c94a048b07e6c432800552eb5871a796cf19068e2eb78e9c7530926c3e04ee9231c0de3f0c0db6b2d494f83a3ce750de83
-
Filesize
12KB
MD5167054de0d2923bb812d6196fa149849
SHA1312d9c134e738265a20132590d6c31436dd06eea
SHA256b0315f7109b679e11250a0330dff2735e8265c531bcca9b5efdb36ceab383ed2
SHA512ca78bf3b1d8e1a4e52a61bf683d44db18ec2550dbb66b263606848c3041ad31db2af3bf6c16e3d34daec613cecaeb9cfc054ba9f30ceffaf72162dc95de5a86a
-
Filesize
12KB
MD542301ee47c9cfb32a40536914e9b2b34
SHA1f77361f6d3f199650a93d7553e5371b3cd8a5f53
SHA256d9946c91078497d40250770207bfeb6b1c77eb4b43397893a6d3c28cf3ece1f5
SHA512928af0468a4965a87bd2ce0d1e6cffabff9f7b5b89a4dfe518c8f2ba2f9bba6854895694d9019abf5745a912ad1d4ebc178f45a6651edeb2117a29eeb66ba10b
-
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize36KB
MD590f07299bdb749dc2292ac0a07d50927
SHA15c8e2548b6da12def9bc9a299f59516a4d2084a2
SHA256e500153f695543398415c70249bfb06c06223393a72b987f012363ad9f07244f
SHA51252ef6ed9fd774c7aa79d6926c4796d623305fc59ee104e485d395f36f7484d25b4c4ba736059e494a0f2fb523db74d86c12c40d0b4c5f2ae2458dc424ad728c3
-
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize512B
MD5f7e133d042a58802580d73393e9a7b23
SHA10352b2ed8993bb99eb1697ecda26f2aa23049c4c
SHA2560fe524d32d04d75271c46bb42c54d72e8b79c92a346d7f52fc624346f22aaf98
SHA512f481a50a903d3a2fc0de123f282d44b85abbcab943ecc47067d314ee4d4818693a8f736f0a8706012f2646ca28ddc15adcc0cb2f1f3351bf3cfa0d961c8d1b1a
-
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD5eb8e139357c37cae2b3c2143e3790211
SHA1333bc78a4a0f2a342fd7d197c6c2c6a46ca6bb6c
SHA25654e11be8a80c8376be5fd64b125c23dd1d422d5851ac1f01e150320579237b63
SHA512ce0403a0364dc13429507b9067003f02545af6a03767a5e6d7918c201b799438760d2525108b346b50724b932c65e835d2376bf57b22e35a8fbfe0c555c5d958
-
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD59a6a22828b75b06ce6d917fcdd4c4331
SHA12c99a4529bd8e9d3f090b392eaf6dae406d66f47
SHA2562d0bd6becae0abae5153894e85d05412a63917307ab1490dc3a90c47208d9bb0
SHA5121ecb84d954ab44f29eed6be2ac4faf343519a42e3543b0b812e292ee13cf9eac4b05bf00cc648bf35f3b4de43fcd94c2d4f3f45c8c3d98dae31d2e25a2a75702
-
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD58da553582f7c1513c2653218af6f3e94
SHA16dea9b647f4ea11a97a344d22542dec5d5392652
SHA256195e8f21e924fba374c5320a69a483b9c85127ef177b99ee35eecfda27dcec71
SHA512a6fbc851fac7a751fca6fd231ce394975037eae3afc066076e80ef4e9ca8020590d09c90c05c1eef68c04fb47714b00da2d9647b8cfe45ea0d414709f012eb7a
-
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD59390a8df2c326672c5b29e7c10b1f320
SHA19a9a2c5ea19a509bab84f25b14b6bf303d437b44
SHA2569acd4442356c1cbbe785e95a02922bd50626331424769326b35d2e34c70b89f0
SHA5127d8c277e554fa599515086666e3fc3dcafddf3bc70dd8710bc8db2e00a58a016bebf9f20461a8adb0db72685338d44fd3176c09fdbc6bb907b594d3b29310024
-
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD51a915dca9f3da1c2beaf40a216b8e9f9
SHA16dab9664531a788f0828d906b3a3e9cad5e13705
SHA25693da85548b8c129cefbd929c37544054f9ae5bf8b7deb1eb227419460cfea157
SHA512880620003890aa9063d1919b3b43707309284a9201932e04cec84346f51f118138296bac47939d8cd146a68ebbe9420c0d8050d28675e839aa2636a4054cd57d
-
Filesize
20KB
MD54c3e2de974e46b10405ed949287b48a4
SHA1f587100807f635ebcac90b18418a620c1c9414a3
SHA2567badbe7b8dc71e54fddb35822ac730b2b8a3897f059f276e09f2087db44dd9c1
SHA5128c4f7e589204a28adeed7ef122942ea499e27668651838be814c599e82c769c8b9129e29501e2e4bcb4ba936d2cb8644e780b576ef4fa847ec674287fed40853
-
Filesize
20KB
MD508a4a06893f6a2798f964184f4dd4fad
SHA18659afd29b9f19f7d5342f6753a963f81ee95468
SHA256d8844124c009682347e15b7300a49708982bb248a187bf059d01210b8a49f75f
SHA512147234fecc4a1152d6cf96492dd0c14d18d0239e7d517ef6aa947d3cca00a9f79add57db9b21450b9dffa20cee0e606561d9e5cfd36d8e3b166c9f7f55efed20
-
Filesize
20KB
MD5f047a97c151d5d2d52a5a8f274433984
SHA11d8f50e5d2bd463a4947bb13fdf9e5dd6fd5e337
SHA256572de7b1abf4b893533c46337cc7aef63621df8085c2925aeacf9a1626461461
SHA512db5c062edd52edfa1d2e81df17ecb6508ff30db8bb5220d6a8b5a00236795b1bbf938928fe314e6f3f074afe4d5a7b220beed004d70f15dbc909702c520c01b7
-
Filesize
8KB
MD571d15b5e4cf6b7ffd58e1fc0731b9e84
SHA1c8d1a1a93e99c479920f7c64d13b550b1fb959f2
SHA256839b84e70623874222ec96a90d3a10b0c21202797f07fc43e9ea8cbb4fb31a8e
SHA5124ee4c5ce57b60a8820d8b1aaecae2be32e5fa8cf8fbf9033e239d08d9731246c370066532fee27249ebc01ebc2b8b7507fc2526003b09e6334b40f990a103dcd
-
Filesize
8KB
MD50fb849d5e3d022f002dcda2a9a43a5fd
SHA14d8d607a28306d72e265daeb88a4ff5f49338868
SHA25695ab6da8b8849de678d670596e0061b69bcfaed4ab275658263111ccaaa8bfd7
SHA51258286e1a4f1cec8afb1a967adaff5ae81baad001b6a472bfcff431f0bc6639783f20c9169b9070d54b6d8f3b2adbe0952501c732502e12da523d3a6575fdaf03
-
Filesize
12KB
MD5f34028f095f9c0043d6b908c05ca9e65
SHA14e90d23cf5d1a40825b3ce97597b81e945594e08
SHA256c2fe492a59dd4f5b042abc6fe6e8b58ed522deaadcb429a35ff5a4dcf352fc9e
SHA5121dec568f6d6c99792cfbd98a2e66b2f3f44a34ea88a0b9084177b8fa8d1879a6430861c35239bb42fedfd160aa7fd9117f30d607ee6def4d4039f4bf7bf805c7
-
Filesize
12KB
MD5060af74a6efd4974820f1f0439efef63
SHA1b874c0a7678245e99c19d6c672b6dc80be22e54d
SHA256fa5716200c9879e90caa79264bde477822f6fd62ea5d407870ed8656e91d1b02
SHA512db6171d00202540473fd91a83335b97616ada07b1068f8c8111d9833db18da0edf2175c47602b026ecf81532902741bee02be07a0810dd66ace7c700fb5a6067
-
Filesize
20KB
MD5b261d472738f262ccba76f5700ba8127
SHA1f7da39a3a235256f669c80835525902615dac8b0
SHA2562ad08b3ff01a60876cf46fdb483c8c4cd6ccef021921f7680906269e5ccd0456
SHA512768e5e5d71e9deeadb40cb36b61bf4b7f3e661cf563219443327fc18a03efdb8739c9b4a2d82460984a26ced7f5deb92cf397d4d28e77d4acda1fa77639bbc72
-
Filesize
44KB
MD5f82f4266415f8db7bc483a26fd91c404
SHA183f2bdd273810431d35e9dbdebea2c1c997ff8cf
SHA2565639bfc36a057fc0331bc88374c9cc531e10ba00314c46c137547d9373d6a26e
SHA512e799295acf3619572463d16b0ae51448714503f6b7f7a365249ee55963c9b669bd6fc4087c4362aa5ab5378a28154a6a3ec1b6dc4bbd3ec890cc045e81b9623b
-
Filesize
12KB
MD5815704eefc705c841c016db7bacf6084
SHA1b76ab06cf17c6c319cb0ca9a842d53b4aba91f82
SHA25644ee637318488301f2f2aacba2e0aae031e43c8e9f469a6e2b0840b74cfea315
SHA512cc01ac81f5b366354e69b837e3e87e0886f0786f4e631760f35de94c8aa39d938ac2dbb5e1ba75526761096ce1fa6ab7fdc4ac7dcac5f91d6f3ee5e41f24543f