Malware Analysis Report

2025-01-19 05:38

Sample ID 241125-1yxctsvrek
Target 0e4a594eff2959083c749e4ac259740e9910085bbf1fe985cebfd46e1fa50446.bin
SHA256 0e4a594eff2959083c749e4ac259740e9910085bbf1fe985cebfd46e1fa50446
Tags
ermac hook collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0e4a594eff2959083c749e4ac259740e9910085bbf1fe985cebfd46e1fa50446

Threat Level: Known bad

The file 0e4a594eff2959083c749e4ac259740e9910085bbf1fe985cebfd46e1fa50446.bin was found to be: Known bad.

Malicious Activity Summary

ermac hook collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan

Ermac2 payload

Ermac family

Hook family

Hook

Removes its main activity from the application launcher

Queries the phone number (MSISDN for GSM devices)

Queries information about running processes on the device

Makes use of the framework's Accessibility service

Declares broadcast receivers with permission to handle system events

Makes use of the framework's foreground persistence service

Performs UI accessibility actions on behalf of the user

Queries the mobile country code (MCC)

Acquires the wake lock

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Requests enabling of the accessibility settings.

Reads information about phone network operator.

Declares services with permission to bind to the system

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-25 22:04

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook family

hook

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-25 22:04

Reported

2024-11-25 22:06

Platform

android-x86-arm-20240624-en

Max time kernel

149s

Max time network

153s

Command Line

com.lolejikafute.gozini

Signatures

Hook

rat trojan infostealer hook

Hook family

hook

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.lolejikafute.gozini

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 216.58.212.234:443 semanticlocation-pa.googleapis.com tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
GB 142.250.178.10:443 semanticlocation-pa.googleapis.com tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp

Files

/data/data/com.lolejikafute.gozini/no_backup/androidx.work.workdb-journal

MD5 bc89be0d592c076d27ceb7489267bcfd
SHA1 507df6fb9635a8370147382b0c7e37993d941c76
SHA256 cac4c28239903a959de5b7c942b63631589be44ace3a9409bead078230168db3
SHA512 cd9ccef91c5c96167d486632e1eb432d2833c492f9a917056ecddc95348ac4ccdd74f9c276655a48d4b8fc6c70cea34e250b5110f1c990786ecc99a49919dbfc

/data/data/com.lolejikafute.gozini/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.lolejikafute.gozini/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.lolejikafute.gozini/no_backup/androidx.work.workdb-wal

MD5 eecd4db0745df49262b5efda94a10bb1
SHA1 d4df5f6b9c4ee8c8559e0f5b1aa36ebd35280b48
SHA256 37fc483245cb43c6a2293b597580ae08bfe780d614dd28887d57674dbd2cce3c
SHA512 a1dfd84b865481914fc222523d40a0432dbfbb45c46152da08e0d298f090833052105079536a34bef7afdf815ee2d1246b42017436465677f1fa4da579f36170

/data/data/com.lolejikafute.gozini/no_backup/androidx.work.workdb-wal

MD5 fbb88fe40253c4341ed2bce3b14630c1
SHA1 99e0d46ddd50c3bf065593bbfca8921410049cf8
SHA256 aa7ee5634e0ce037277854eb1c671e5dc0880408d393135fb59c69950dcfddd3
SHA512 63c5c01aba4503ad4354e206b7bbe02728df5ad16249240d920e56db43c6979f39d551758bdeefc1049ba4e10b1d07e2508b15233c8f5d4079ed761619af4df9

/data/data/com.lolejikafute.gozini/no_backup/androidx.work.workdb-wal

MD5 852e00598cd44229ad37d560b26f04ca
SHA1 66c58e3875887754c9c02c1dab90f2973f63b17a
SHA256 d8cf52a9b5b33af98b36d62b65a6d21df97b27cb80fb31d3859d6ab89a45cdad
SHA512 5cb459680bd49caf4f96736a8a3dc88b936c8762e892735fa1c440c69b4f388d5937890eee8b2d0b1f541ee49ae84d96e731a98eb5c83e5f6b646abe7dd99163

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-25 22:04

Reported

2024-11-25 22:06

Platform

android-x64-20240624-en

Max time kernel

52s

Max time network

157s

Command Line

com.lolejikafute.gozini

Signatures

Hook

rat trojan infostealer hook

Hook family

hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.lolejikafute.gozini

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 null udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp

Files

/data/data/com.lolejikafute.gozini/no_backup/androidx.work.workdb-journal

MD5 3266f8a21b4ef8d4d768bffafc6e26af
SHA1 a3f19dc37ffcbfff1cca8d56b911a7f73dcafc44
SHA256 9ff4c699daa758ac5c5e82e0bced680a622bcc10fb9e297f495018ac9d909899
SHA512 53d3a56bd5899283543cf45c76f1ab239ffb8dbacaa675c8b98b811495387b9e7d5c5eba12449c2646134f383c946c4822b36bbf012f497d669cb7f698e8868d

/data/data/com.lolejikafute.gozini/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.lolejikafute.gozini/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.lolejikafute.gozini/no_backup/androidx.work.workdb-wal

MD5 1e551f8b8e2d45fc1f64eb92bb99a857
SHA1 2c1b243cbca893f7df3e6e44648934d91cff1213
SHA256 33f57ea27d81ac7c044c0db44795a39874a5228934b97c14113b16b712faf594
SHA512 677bed7cb71800dd8104f39010045a0212a815098d952bc672eff74d679b874524d2ccfb2bcb4b7dd92dfe32b13b79887ac539fcbb461fc123db0014f856863d

/data/data/com.lolejikafute.gozini/no_backup/androidx.work.workdb-wal

MD5 faca13e444d1e735ee0eb5284252cf74
SHA1 2cdc4c57c82fb928a3ab69cd75a05036377ff2d8
SHA256 a892fb02930da05367cb8801156bf20e307f7e5bdbe37f0e144888dac7509b37
SHA512 edafc4806c0dbcd4b8494b8017bedf34171c3d40f7c8d1eb31c9cf2e9a46e6a4401aea640fc5e6b9adaf9d8ef5a95ea7488ae4ace8fefeabc08d4d68b5bf35fc

/data/data/com.lolejikafute.gozini/no_backup/androidx.work.workdb-wal

MD5 aa9f3fdd60016fd093449450b7ec214c
SHA1 bc4198dfaab70218dc4511c82ee473f42dcd0a44
SHA256 5e4ddf77ac505a26c0b28d8b271d3520957d43a2202ca5673560545c3ada87be
SHA512 efcfbaa978b48f518a19d48e5851af16eec5700a8b183271a36d1bdf9384ea8b3264f9aacb5a463394dd2415ec234f5528deaeaec57e002b080b0518cf65923d

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-25 22:04

Reported

2024-11-25 22:06

Platform

android-x64-arm64-20240624-en

Max time kernel

49s

Max time network

155s

Command Line

com.lolejikafute.gozini

Signatures

Hook

rat trojan infostealer hook

Hook family

hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.lolejikafute.gozini

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 172.217.169.74:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 null udp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp
BG 87.120.117.193:3434 tcp

Files

/data/user/0/com.lolejikafute.gozini/no_backup/androidx.work.workdb-journal

MD5 70e1ca4ffb6830d6a4543d0502e6196f
SHA1 da95e3a46ed75f67b84f15842a8d05e28ee72399
SHA256 cc4ad6c6141009247fc4b56a03580fbc623112d1929646ad4a5d7a998d691df3
SHA512 1aa4bd98b3be652b5178c64f3fea0902c549a2c4b4ccc13c4bc0bb1ca59437430a9a4acf28096a702ee412c27bc26494b7a54ef2a58b1628e7893ca859a6d333

/data/user/0/com.lolejikafute.gozini/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.lolejikafute.gozini/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.lolejikafute.gozini/no_backup/androidx.work.workdb-wal

MD5 861c12e851d677403cd714413775bf58
SHA1 a902563bcf74043c0a3b653557a31e60b3a406ef
SHA256 29e6a7d328addd35a387a6a689e826bbcd37cec25ad0c821c26776f5bd0148cb
SHA512 628ea86f40cbf3e5c404804fcea92e3f93dc9c56bedf1e1c28c5dea4af572c44e1b26fe731d11da06df8cc9cd36396f4da539cca51ed13478f2277061cd93e99

/data/user/0/com.lolejikafute.gozini/no_backup/androidx.work.workdb-wal

MD5 687156b829401b0001feea7835421fae
SHA1 f94d9282867550d0b3812a080f27e4823fe33d64
SHA256 c70928970881375b6b0415516d36582101ee1a61a27c4181029679f06c171653
SHA512 6caf33cb3322b6b90d9237eb88a42398a168fc49ca991ef1ce91f312e0ae83f517a6be430ba16c267a04e09ff5d703890e0d4dd9d93eb00f874c641d77e016ac

/data/user/0/com.lolejikafute.gozini/no_backup/androidx.work.workdb-wal

MD5 98175a0d6d0066bd8da0d087e03f0927
SHA1 b97d7be0381632892693ab7178b417fcc5598945
SHA256 f742c493084c315d788599f7d4c61f7a544b471e7c4a89c35dfb445a4d1b7655
SHA512 af5c88ba8083a7e1c9028fa0654bcd2a9e23517eaf06c4c938db8486123de3055c77fe0116a5dfa5d499a597a7ae24b0ea483ee45ae89bd355143bd853415b17