Malware Analysis Report

2025-01-19 05:39

Sample ID 241204-1x98asyreq
Target 1be8d3725146675fc339b3824119274ab4ebfad67b8bd44c1fad02998ecd1bef.bin
SHA256 1be8d3725146675fc339b3824119274ab4ebfad67b8bd44c1fad02998ecd1bef
Tags
ermac hook banker collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1be8d3725146675fc339b3824119274ab4ebfad67b8bd44c1fad02998ecd1bef

Threat Level: Known bad

The file 1be8d3725146675fc339b3824119274ab4ebfad67b8bd44c1fad02998ecd1bef.bin was found to be: Known bad.

Malicious Activity Summary

ermac hook banker collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan

Hook family

Hook

Ermac2 payload

Ermac family

Removes its main activity from the application launcher

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Makes use of the framework's Accessibility service

Declares broadcast receivers with permission to handle system events

Makes use of the framework's foreground persistence service

Requests disabling of battery optimizations (often used to enable hiding in the background).

Acquires the wake lock

Requests dangerous framework permissions

Reads information about phone network operator.

Queries information about the current Wi-Fi connection

Requests enabling of the accessibility settings.

Queries the mobile country code (MCC)

Performs UI accessibility actions on behalf of the user

Declares services with permission to bind to the system

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-04 22:02

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-04 22:02

Reported

2024-12-04 22:05

Platform

android-x86-arm-20240910-en

Max time kernel

148s

Max time network

152s

Command Line

com.SJZaKuuKdTuM.YJDgMCQLOYpl

Signatures

Hook

rat trojan infostealer hook

Hook family

hook

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.SJZaKuuKdTuM.YJDgMCQLOYpl

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
DE 147.45.47.204:80 147.45.47.204 tcp
DE 147.45.47.204:80 147.45.47.204 tcp
DE 147.45.47.204:80 147.45.47.204 tcp
DE 147.45.47.204:80 147.45.47.204 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
DE 147.45.47.204:80 147.45.47.204 tcp
GB 142.250.179.228:80 tcp

Files

/data/data/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb-journal

MD5 95447045878f76fea16c67b8f0f1b472
SHA1 ce9ae585e2bfac0a428ecfb69ccbd58788ae026f
SHA256 b669d4c26b9a8b70f6998ac3b1aaf75c84c07b54f2bd98b6f98d5fcfde62d160
SHA512 f8ac3402efa43cefd68f2378e7bcace006f27c381f6f77db0db48eeda77c93047dd62af4da7ed01c0060cb88039c8f6649e3d9180ae78e6e6e583b71017a6ebe

/data/data/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb-wal

MD5 8c7ef175e3bfbd399f4cf912f7dbe80d
SHA1 c2b94e3f3f57ea40fa92656b934c299bc2dfd696
SHA256 b91080a1e069fec2e293599f8e0df249aa745ff222e5dad69f041381e648edfd
SHA512 fd8dab60ee5ed5a2a7381403a6374ef09ef8511047e1c41f9079530290189e51da5f41588edc3f482692f5067ab005a1daf09cbc076aa875ebc0aab40f422fab

/data/data/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb-wal

MD5 4f7f42e14506ac3c8c0a3c5ed940e1fa
SHA1 85daa598648940ea332c5636c7d00e3d7d225b80
SHA256 01e01f4c6564512042e616cd94525df39d36c516b6b8f4c2de9df798d6237679
SHA512 acd164086068292f5a906712bfe9991ac6949796419bbc898f51c0a8f8fbe1c304988eecd98b8e2add619ceda3426aa6b377fc134fa412254247ac205be4a7e3

/data/data/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb-wal

MD5 8babf6ea219be507f34d7074b3a1516d
SHA1 546a673fa97245e141e4d320ac53db258cecda3f
SHA256 20e4b59d7ce76fbb8d0940fa68eddca7b8ce1fccdb841d94ca2a700cfdde2ca1
SHA512 a02def0494f6d0ed84973fee6fc5ee570c007153b0e9a3d87de8cdf1fca67c75b0bd432717c603ebbd8960cb86d607f809abbea82fac51d4c019f8633310345e

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-04 22:02

Reported

2024-12-04 22:05

Platform

android-x64-20240910-en

Max time kernel

145s

Max time network

155s

Command Line

com.SJZaKuuKdTuM.YJDgMCQLOYpl

Signatures

Hook

rat trojan infostealer hook

Hook family

hook

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.SJZaKuuKdTuM.YJDgMCQLOYpl

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
DE 147.45.47.204:80 147.45.47.204 tcp
DE 147.45.47.204:80 147.45.47.204 tcp
DE 147.45.47.204:80 147.45.47.204 tcp
DE 147.45.47.204:80 147.45.47.204 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
DE 147.45.47.204:80 147.45.47.204 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb-journal

MD5 acd75d525b3fe753f549286d32a9febf
SHA1 15e5c222487578a9237f2931f2f9d0d100fe8270
SHA256 3b1481b732b10403d3b3b5bbd8bc8a7561a89b1bcb622969b7f69131d8546844
SHA512 94710166d2ce2690d56553e628dd4b35f5562fa6576e26afdb8bf14b76b5ede47cfec97edd7a0088c099f9a564def3ddca94162a94c25b6a672c02a63bb0903a

/data/data/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb-wal

MD5 20b7539adfd2d174e0b74c4a3419f6f5
SHA1 f48a8f80b708e6333356a021d001da4437171de4
SHA256 d3f9615a5d30c85edb4a8b352e23c3563b88ebeadf5d0b0f5c42c34f1dac7790
SHA512 369c5f14fad354000afa008666702acbe0a7da4b995e5aead17301438ff3c62a30701091833dd61dc661ae910f2c229319c022091da51a46552ce9c511a0c7b1

/data/data/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb-wal

MD5 f1d3c94ff7dd0afa634cfd79a0f4f733
SHA1 b3c9c79489f7171fbd8a261d21ebb90468c00465
SHA256 950a2478fee8cb74830b6a5621eebf7dbe95006c1a6808277a8f17505ead2366
SHA512 401949c7c89a15d85c168c48a30ffc7f47ddb53e2255bab4ae1a355338006a2e0c3484e27294eb645d62796bcc292f0b8e82abcf8f6290b82f80958939bee627

/data/data/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb-wal

MD5 e55d0086bd6970c21940a771697637cb
SHA1 00031a42cde3f81a68904608901d170a9130a111
SHA256 3d5c6402e76c297c86ced7d0a3dd5c8a46d4ce8a1e14581fcda377c046e07ad3
SHA512 046381b09b8b95f9ff14ccae40e91c1cac587250ebcb7323a531e04da05f34967e4d8e856ed4e845e610f9ea7b95cc8b88e87a5f5eba2ae90eab3dc44fcf48ab

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-04 22:02

Reported

2024-12-04 22:05

Platform

android-x64-arm64-20240910-en

Max time kernel

149s

Max time network

156s

Command Line

com.SJZaKuuKdTuM.YJDgMCQLOYpl

Signatures

Hook

rat trojan infostealer hook

Hook family

hook

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.SJZaKuuKdTuM.YJDgMCQLOYpl

Network

Country Destination Domain Proto
US 216.239.38.223:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
DE 147.45.47.204:80 147.45.47.204 tcp
DE 147.45.47.204:80 147.45.47.204 tcp
DE 147.45.47.204:80 147.45.47.204 tcp
DE 147.45.47.204:80 147.45.47.204 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
DE 147.45.47.204:80 147.45.47.204 tcp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.33:443 tcp
US 216.239.38.223:443 tcp
GB 216.58.204.65:443 tcp
US 216.239.38.223:443 tcp

Files

/data/user/0/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb-journal

MD5 4a29cff05679a1dd8b5b64e5757ed877
SHA1 973e395b0515ac0e63cb1e6265e50742d4f6a561
SHA256 ffaa5e9349b032cc43a7f0f1cddfedd3106712b2163dcc36073ba3e514f4bbe6
SHA512 bbc0acec29e68fdde9055cc156d7d91ad412fe38a7702794ef83628b3985c34117812df5b99a4600be9d26ad3e15beb6119176b556f917eeb23eaa07e7945813

/data/user/0/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb-wal

MD5 b89f97b7d31c66565caf4086e37b7dd3
SHA1 fc33c6ca4d7c53339b753b16edec2c78386cc5ae
SHA256 7c953336f3138902125f07b35eab7706c66be36bb17e4226914428a34efce646
SHA512 b8dff50edda5e9c6050d786f689a84d5e08ae4af4f7ba0ae0cb579b57d7cd729c77dc1430f66ac93b052aa2f4f5b26b65d6bf74d4fe5382fb3c296cc4c51af70

/data/user/0/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb-wal

MD5 2a49a778dcfaf3faa98511ebd57b8214
SHA1 d59fb54f3fbbd5943e86501d825e973280d113b0
SHA256 9a55fb330da95cc6060ff6f5727795d352f3dcefd941b6e2777603d17885df67
SHA512 809568aa9f761338b999902dc55e3045d73ba49143c6705cda60428397fb1ad119bfed4f6ba3cc27f0c2c726db5b134f1b24da56363a0cea28425e2bee141ee9

/data/user/0/com.SJZaKuuKdTuM.YJDgMCQLOYpl/no_backup/androidx.work.workdb-wal

MD5 8a529674e53bbfce1bfdd2b360fab5b3
SHA1 467c4197cb09b427506c6d3d7ed346ca88564ebe
SHA256 e5cb352b71a21f9dacf530375b48e9cea4ab0dca1e77afd78c037ed5950e9202
SHA512 a013eb4c0281f3211a5d45cd01fad8b55a6f219d6f469dd4e31a7ff1e3c663d39c4ee130d3b8abd786ae8a7ff4ca9377147e53b82380c2c28ff258be9c039bd6