ermac | 87537c080fc83533dd1251018f3c9398e23d553d12ad173360d5c90e23ca52a4

Analysis

max time kernel
14s
max time network
158s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
12/12/2024, 22:02 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87537c080fc83533dd1251018f3c9398e23d553d12ad173360d5c90e23ca52a4.apk
Size

3.0MB
MD5

b902e6eb2050769aa1de411f4395e008
SHA1

03f43237468e7324b18e0f3cd78e3f7d6117d6f1
SHA256

87537c080fc83533dd1251018f3c9398e23d553d12ad173360d5c90e23ca52a4
SHA512

5bd9fc658428cf697d1f95976c8ac314e4c9f5c3b5a1394a57ebb40f0b071012b2ab946473614f34b35688ad1cdf1dda5239f7bb1b9d7afea32a2e1f4da6a698
SSDEEP

49152:cuc17q9AXlFCorNoi7rgIIl1E38hchqWrqcvWb+BTgHNRg8jIB7aihmm1HhMt:GxXqoB9608yhjecuO0HNlhcr1BMt

Score

10^/10

ermac hook banker collection credential_access discovery evasion execution impact infostealer persistence rat trojan

Malware Config

Extracted

Family

ermac

http://154.216.19.93

AES_key

1
374b396842365a4777623946726e3152487379577256426b783361594c704543

Extracted

Family

hook

http://154.216.19.93

AES_key

1
374b396842365a4777623946726e3152487379577256426b783361594c704543

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac
Ermac family
ermac

Ermac2 payload 1 IoCs

resource	yara_rule
behavioral2/memory/4936-0.dex	family_ermac2

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook
Hook family
hook

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.xskjlrfapapkaraglzakasd.staretxjk/app_claim/WsYunp.json	4936	com.xskjlrfapapkaraglzakasd.staretxjk

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.xskjlrfapapkaraglzakasd.staretxjk

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xskjlrfapapkaraglzakasd.staretxjk

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.xskjlrfapapkaraglzakasd.staretxjk

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.xskjlrfapapkaraglzakasd.staretxjk

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.xskjlrfapapkaraglzakasd.staretxjk

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.xskjlrfapapkaraglzakasd.staretxjk

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.xskjlrfapapkaraglzakasd.staretxjk

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.xskjlrfapapkaraglzakasd.staretxjk

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.xskjlrfapapkaraglzakasd.staretxjk

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.xskjlrfapapkaraglzakasd.staretxjk

com.xskjlrfapapkaraglzakasd.staretxjk
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4936

Network

DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

172.217.169.8
GET

http://154.216.19.93/socket.io/?EIO=3&transport=polling

Remote address:

154.216.19.93:80

Request

GET /socket.io/?EIO=3&transport=polling HTTP/1.1
Accept: */*
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: application/octet-stream
Date: Thu, 12 Dec 2024 22:03:07 GMT
Content-Length: 86
GET

http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tc2e

Remote address:

154.216.19.93:80

Request

GET /socket.io/?EIO=3&transport=polling&sid=tc2e HTTP/1.1
Accept: */*
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: application/octet-stream
Date: Thu, 12 Dec 2024 22:03:07 GMT
Content-Length: 5
POST

http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tc2e

Remote address:

154.216.19.93:80

Request

POST /socket.io/?EIO=3&transport=polling&sid=tc2e HTTP/1.1
Accept: */*
Content-Type: text/plain;charset=UTF-8
Content-Length: 64
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Date: Thu, 12 Dec 2024 22:03:07 GMT
Content-Length: 2
Content-Type: text/plain; charset=utf-8
GET

http://154.216.19.93/socket.io/?EIO=3&transport=websocket&sid=tc2e

Remote address:

154.216.19.93:80

Request

GET /socket.io/?EIO=3&transport=websocket&sid=tc2e HTTP/1.1
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: iQy0RyomzXPbwPDQGo8t2A==
Sec-WebSocket-Version: 13
Host: 154.216.19.93
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 101 Switching Protocols

Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: bsSsq+ufAhBL+9v+AI0i1Ocooa8=
Access-Control-Allow-Origin: https://localhost:45051//
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
GET

http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tc2e

Remote address:

154.216.19.93:80

Request

GET /socket.io/?EIO=3&transport=polling&sid=tc2e HTTP/1.1
Accept: */*
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: application/octet-stream
Date: Thu, 12 Dec 2024 22:03:07 GMT
Content-Length: 4
DNS

accounts.google.com

Remote address:

1.1.1.1:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

74.125.206.84
DNS

accounts.google.com

Remote address:

1.1.1.1:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.251.173.84
DNS

semanticlocation-pa.googleapis.com

Remote address:

1.1.1.1:53

Request

semanticlocation-pa.googleapis.com

IN A

Response

semanticlocation-pa.googleapis.com

IN A

142.250.180.10

semanticlocation-pa.googleapis.com

IN A

172.217.169.42

semanticlocation-pa.googleapis.com

IN A

142.250.200.10

semanticlocation-pa.googleapis.com

IN A

142.250.187.234

semanticlocation-pa.googleapis.com

IN A

142.250.187.202

semanticlocation-pa.googleapis.com

IN A

142.250.179.234

semanticlocation-pa.googleapis.com

IN A

172.217.169.74

semanticlocation-pa.googleapis.com

IN A

142.250.178.10

semanticlocation-pa.googleapis.com

IN A

142.250.200.42

semanticlocation-pa.googleapis.com

IN A

216.58.204.74

semanticlocation-pa.googleapis.com

IN A

172.217.16.234

semanticlocation-pa.googleapis.com

IN A

216.58.201.106

semanticlocation-pa.googleapis.com

IN A

172.217.169.10

semanticlocation-pa.googleapis.com

IN A

216.58.213.10
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.169.46
DNS

g.tenor.com

Remote address:

1.1.1.1:53

Request

g.tenor.com

IN A

Response

g.tenor.com

IN CNAME

tenor.googleapis.com

tenor.googleapis.com

IN A

142.250.200.10

tenor.googleapis.com

IN A

142.250.179.234

tenor.googleapis.com

IN A

142.250.200.42

tenor.googleapis.com

IN A

142.250.187.202

tenor.googleapis.com

IN A

142.250.178.10

tenor.googleapis.com

IN A

172.217.16.234

tenor.googleapis.com

IN A

216.58.204.74

tenor.googleapis.com

IN A

216.58.213.10

tenor.googleapis.com

IN A

216.58.201.106

tenor.googleapis.com

IN A

172.217.169.74

tenor.googleapis.com

IN A

142.250.180.10

tenor.googleapis.com

IN A

216.58.212.202

tenor.googleapis.com

IN A

142.250.187.234
DNS

www.google.com

Remote address:

1.1.1.1:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.169.4
DNS

mdh-pa.googleapis.com

Remote address:

1.1.1.1:53

Request

mdh-pa.googleapis.com

IN A

Response

mdh-pa.googleapis.com

IN A

172.217.169.10

mdh-pa.googleapis.com

IN A

142.250.187.234

mdh-pa.googleapis.com

IN A

216.58.213.10

mdh-pa.googleapis.com

IN A

142.250.180.10

mdh-pa.googleapis.com

IN A

142.250.178.10

mdh-pa.googleapis.com

IN A

142.250.179.234

mdh-pa.googleapis.com

IN A

172.217.169.74

mdh-pa.googleapis.com

IN A

142.250.200.10

mdh-pa.googleapis.com

IN A

142.250.187.202

mdh-pa.googleapis.com

IN A

216.58.204.74

mdh-pa.googleapis.com

IN A

216.58.201.106

mdh-pa.googleapis.com

IN A

172.217.16.234

mdh-pa.googleapis.com

IN A

142.250.200.42
DNS

safebrowsing.googleapis.com

Remote address:

1.1.1.1:53

Request

safebrowsing.googleapis.com

IN A

Response

safebrowsing.googleapis.com

IN A

142.250.187.234
GET

http://154.216.19.93/socket.io/?EIO=3&transport=polling

Remote address:

154.216.19.93:80

Request

GET /socket.io/?EIO=3&transport=polling HTTP/1.1
Accept: */*
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: application/octet-stream
Date: Thu, 12 Dec 2024 22:04:22 GMT
Content-Length: 86
GET

http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tf7j

Remote address:

154.216.19.93:80

Request

GET /socket.io/?EIO=3&transport=polling&sid=tf7j HTTP/1.1
Accept: */*
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: application/octet-stream
Date: Thu, 12 Dec 2024 22:04:22 GMT
Content-Length: 5
POST

http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tf7j

Remote address:

154.216.19.93:80

Request

POST /socket.io/?EIO=3&transport=polling&sid=tf7j HTTP/1.1
Accept: */*
Content-Type: text/plain;charset=UTF-8
Content-Length: 64
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Date: Thu, 12 Dec 2024 22:04:22 GMT
Content-Length: 2
Content-Type: text/plain; charset=utf-8
GET

http://154.216.19.93/socket.io/?EIO=3&transport=websocket&sid=tf7j

Remote address:

154.216.19.93:80

Request

GET /socket.io/?EIO=3&transport=websocket&sid=tf7j HTTP/1.1
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: 4J6WvFPbwQTckq7toNyGGw==
Sec-WebSocket-Version: 13
Host: 154.216.19.93
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 101 Switching Protocols

Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: sKqQlYjCvI1kVKLiaJoGLX5bzDw=
Access-Control-Allow-Origin: https://localhost:45051//
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
POST

http://154.216.19.93/php/yv.php/

Remote address:

154.216.19.93:80

Request

POST /php/yv.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 758
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:22 GMT
Content-Length: 24
POST

http://154.216.19.93/php/u7f47edt656koj.php/

Remote address:

154.216.19.93:80

Request

POST /php/u7f47edt656koj.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 758
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:23 GMT
Content-Length: 24
GET

http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tf7j

Remote address:

154.216.19.93:80

Request

GET /socket.io/?EIO=3&transport=polling&sid=tf7j HTTP/1.1
Accept: */*
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: application/octet-stream
Date: Thu, 12 Dec 2024 22:04:22 GMT
Content-Length: 4
DNS

www.google.com

Remote address:

1.1.1.1:53

Request

www.google.com

IN A

Response

www.google.com

IN A

216.58.212.196
POST

http://154.216.19.93/php/lvg62qi2lx2stw1g14.php/

Remote address:

154.216.19.93:80

Request

POST /php/lvg62qi2lx2stw1g14.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 758
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:40 GMT
Content-Length: 24
POST

http://154.216.19.93/php/ivwb14j.php/

Remote address:

154.216.19.93:80

Request

POST /php/ivwb14j.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 175
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:41 GMT
Content-Length: 24
POST

http://154.216.19.93/php/i7a7gnbodfa.php/

Remote address:

154.216.19.93:80

Request

POST /php/i7a7gnbodfa.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 349
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:42 GMT
Content-Length: 24
POST

http://154.216.19.93/php/jyuxv1zk2s4cznf97m.php/

Remote address:

154.216.19.93:80

Request

POST /php/jyuxv1zk2s4cznf97m.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:42 GMT
Content-Length: 24
POST

http://154.216.19.93/php/suaorbexu38hov0wz.php/

Remote address:

154.216.19.93:80

Request

POST /php/suaorbexu38hov0wz.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:50 GMT
Content-Length: 236
POST

http://154.216.19.93/php/m.php/

Remote address:

154.216.19.93:80

Request

POST /php/m.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 175
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:53 GMT
Content-Length: 24
POST

http://154.216.19.93/php/pa378iks3htb.php/

Remote address:

154.216.19.93:80

Request

POST /php/pa378iks3htb.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:56 GMT
Content-Length: 88
POST

http://154.216.19.93/php/8km857ifyi.php/

Remote address:

154.216.19.93:80

Request

POST /php/8km857ifyi.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:56 GMT
Content-Length: 24
POST

http://154.216.19.93/php/o0g53nipiw2ir.php/

Remote address:

154.216.19.93:80

Request

POST /php/o0g53nipiw2ir.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 195
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:56 GMT
Content-Length: 24
POST

http://154.216.19.93/php/7zfge.php/

Remote address:

154.216.19.93:80

Request

POST /php/7zfge.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 195
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:56 GMT
Content-Length: 24
POST

http://154.216.19.93/php/tksi4ucg2g.php/

Remote address:

154.216.19.93:80

Request

POST /php/tksi4ucg2g.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 195
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:57 GMT
Content-Length: 24
POST

http://154.216.19.93/php/192esx8oebymqa.php/

Remote address:

154.216.19.93:80

Request

POST /php/192esx8oebymqa.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 195
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:58 GMT
Content-Length: 24
POST

http://154.216.19.93/php/1y0r.php/

Remote address:

154.216.19.93:80

Request

POST /php/1y0r.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:05:02 GMT
Content-Length: 88
POST

http://154.216.19.93/php/a5fw0qf028s.php/

Remote address:

154.216.19.93:80

Request

POST /php/a5fw0qf028s.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:05:08 GMT
Content-Length: 88
POST

http://154.216.19.93/php/bqjxto2f110rh.php/

Remote address:

154.216.19.93:80

Request

POST /php/bqjxto2f110rh.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 908
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:05:08 GMT
Content-Length: 108
POST

http://154.216.19.93/php/22vy19g3wdo.php/

Remote address:

154.216.19.93:80

Request

POST /php/22vy19g3wdo.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 154
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:05:08 GMT
Transfer-Encoding: chunked
POST

http://154.216.19.93/php/n70ghguq.php/

Remote address:

154.216.19.93:80

Request

POST /php/n70ghguq.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:05:14 GMT
Content-Length: 88
POST

http://154.216.19.93/php/rj07.php/

Remote address:

154.216.19.93:80

Request

POST /php/rj07.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:05:20 GMT
Content-Length: 88
POST

http://154.216.19.93/php/tasc7lvxngphww6.php/

Remote address:

154.216.19.93:80

Request

POST /php/tasc7lvxngphww6.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:05:26 GMT
Content-Length: 88
GET

http://154.216.19.93/socket.io/?EIO=3&transport=polling

Remote address:

154.216.19.93:80

Request

GET /socket.io/?EIO=3&transport=polling HTTP/1.1
Accept: */*
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: application/octet-stream
Date: Thu, 12 Dec 2024 22:04:42 GMT
Content-Length: 86
GET

http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tg22

Remote address:

154.216.19.93:80

Request

GET /socket.io/?EIO=3&transport=polling&sid=tg22 HTTP/1.1
Accept: */*
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: application/octet-stream
Date: Thu, 12 Dec 2024 22:04:42 GMT
Content-Length: 5
POST

http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tg22

Remote address:

154.216.19.93:80

Request

POST /socket.io/?EIO=3&transport=polling&sid=tg22 HTTP/1.1
Accept: */*
Content-Type: text/plain;charset=UTF-8
Content-Length: 64
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Date: Thu, 12 Dec 2024 22:04:42 GMT
Content-Length: 2
Content-Type: text/plain; charset=utf-8
GET

http://154.216.19.93/socket.io/?EIO=3&transport=websocket&sid=tg22

Remote address:

154.216.19.93:80

Request

GET /socket.io/?EIO=3&transport=websocket&sid=tg22 HTTP/1.1
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: yqeaEJQnEMh3tafbpCZskQ==
Sec-WebSocket-Version: 13
Host: 154.216.19.93
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 101 Switching Protocols

Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: UBwdUTZFf+qveBU+1YRwi4MDLpM=
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Origin: https://localhost:45051//
GET

http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tg22

Remote address:

154.216.19.93:80

Request

GET /socket.io/?EIO=3&transport=polling&sid=tg22 HTTP/1.1
Accept: */*
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: application/octet-stream
Date: Thu, 12 Dec 2024 22:04:42 GMT
Content-Length: 4
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.200.14
DNS

semanticlocation-pa.googleapis.com

Remote address:

1.1.1.1:53

Request

semanticlocation-pa.googleapis.com

IN A

Response

semanticlocation-pa.googleapis.com

IN A

142.250.179.234

semanticlocation-pa.googleapis.com

IN A

172.217.169.74

semanticlocation-pa.googleapis.com

IN A

216.58.201.106

semanticlocation-pa.googleapis.com

IN A

142.250.178.10

semanticlocation-pa.googleapis.com

IN A

142.250.187.202

semanticlocation-pa.googleapis.com

IN A

172.217.169.10

semanticlocation-pa.googleapis.com

IN A

172.217.16.234

semanticlocation-pa.googleapis.com

IN A

142.250.200.42

semanticlocation-pa.googleapis.com

IN A

142.250.200.10

semanticlocation-pa.googleapis.com

IN A

216.58.204.74

semanticlocation-pa.googleapis.com

IN A

216.58.212.202

semanticlocation-pa.googleapis.com

IN A

142.250.187.234

semanticlocation-pa.googleapis.com

IN A

172.217.169.42

semanticlocation-pa.googleapis.com

IN A

142.250.180.10
DNS

www.youtube.com

Remote address:

1.1.1.1:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

142.250.179.238
POST

http://154.216.19.93/php/j16.php/

Remote address:

154.216.19.93:80

Request

POST /php/j16.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:50 GMT
Content-Length: 24
POST

http://154.216.19.93/php/u.php/

Remote address:

154.216.19.93:80

Request

POST /php/u.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 175
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:56 GMT
Content-Length: 24
POST

http://154.216.19.93/php/4jtb4.php/

Remote address:

154.216.19.93:80

Request

POST /php/4jtb4.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:05:02 GMT
Content-Length: 24
POST

http://154.216.19.93/php/i2ilnygi7c2.php/

Remote address:

154.216.19.93:80

Request

POST /php/i2ilnygi7c2.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:05:08 GMT
Content-Length: 24
POST

http://154.216.19.93/php/bag.php/

Remote address:

154.216.19.93:80

Request

POST /php/bag.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:05:14 GMT
Content-Length: 24
POST

http://154.216.19.93/php/i9hsw7ub7u.php/

Remote address:

154.216.19.93:80

Request

POST /php/i9hsw7ub7u.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:05:20 GMT
Content-Length: 24
POST

http://154.216.19.93/php/v6jensebugo7lqgpy.php/

Remote address:

154.216.19.93:80

Request

POST /php/v6jensebugo7lqgpy.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:05:26 GMT
Content-Length: 24
DNS

www.google.com

Remote address:

1.1.1.1:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.228
DNS

accounts.google.com

Remote address:

1.1.1.1:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.250.110.84
DNS

accounts.google.com

Remote address:

1.1.1.1:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

108.177.15.84
POST

http://154.216.19.93/php/1ia25j.php/

Remote address:

154.216.19.93:80

Request

POST /php/1ia25j.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 195
Content-Type: application/x-www-form-urlencoded
Host: 154.216.19.93
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Dec 2024 22:04:56 GMT
Content-Length: 24

172.217.169.8:443

ssl.google-analytics.com

tls

1.4kB
6.3kB
10
9
154.216.19.93:80

http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tc2e

http

1.1kB
1.8kB
10
6

HTTP Request

GET http://154.216.19.93/socket.io/?EIO=3&transport=polling

HTTP Response

200

HTTP Request

GET http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tc2e

HTTP Response

200

HTTP Request

POST http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tc2e

HTTP Response

200
154.216.19.93:80

http://154.216.19.93/socket.io/?EIO=3&transport=websocket&sid=tc2e

http

793 B
824 B
10
6

HTTP Request

GET http://154.216.19.93/socket.io/?EIO=3&transport=websocket&sid=tc2e

HTTP Response

101
154.216.19.93:80

http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tc2e

http

488 B
685 B
6
4

HTTP Request

GET http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tc2e

HTTP Response

200
216.58.213.10:443

520 B
10
142.250.179.238:443

520 B
10
142.250.200.34:443

520 B
10
216.58.201.99:443

520 B
10
216.58.201.99:443

520 B
10
216.58.201.99:443

520 B
10
216.239.38.223:443

520 B
10
142.251.173.188:5228

468 B
9
216.239.38.223:443

520 B
10
142.250.180.14:443

520 B
10
216.58.213.10:443

520 B
10
216.58.213.10:443

520 B
10
172.217.16.228:443

520 B
10
142.251.173.84:443

accounts.google.com

tls

2.0kB
7.4kB
18
16
142.250.180.10:443

semanticlocation-pa.googleapis.com

tls

1.9kB
5.9kB
15
11
172.217.169.46:443

android.apis.google.com

tls

4.8kB
7.8kB
15
20
172.217.169.4:443

www.google.com

tls

16.6kB
14.8kB
54
68
172.217.169.4:443

www.google.com

tls

1.0kB
5.1kB
9
8
172.217.169.10:443

mdh-pa.googleapis.com

tls

1.7kB
10.9kB
17
18
142.250.187.234:443

safebrowsing.googleapis.com

tls

6.4kB
404.3kB
106
285
154.216.19.93:80

http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tf7j

http

1.1kB
1.8kB
9
6

HTTP Request

GET http://154.216.19.93/socket.io/?EIO=3&transport=polling

HTTP Response

200

HTTP Request

GET http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tf7j

HTTP Response

200

HTTP Request

POST http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tf7j

HTTP Response

200
154.216.19.93:80

http://154.216.19.93/socket.io/?EIO=3&transport=websocket&sid=tf7j

http

741 B
824 B
9
6

HTTP Request

GET http://154.216.19.93/socket.io/?EIO=3&transport=websocket&sid=tf7j

HTTP Response

101
154.216.19.93:80

http://154.216.19.93/php/u7f47edt656koj.php/

http

2.5kB
1.3kB
8
5

HTTP Request

POST http://154.216.19.93/php/yv.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/u7f47edt656koj.php/

HTTP Response

200
154.216.19.93:80

http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tf7j

http

488 B
685 B
6
4

HTTP Request

GET http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tf7j

HTTP Response

200
216.58.212.196:443

www.google.com

tls

1.4kB
5.5kB
11
12
154.216.19.93:80

http://154.216.19.93/php/tasc7lvxngphww6.php/

http

27.7kB
691.7kB
274
482

HTTP Request

POST http://154.216.19.93/php/lvg62qi2lx2stw1g14.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/ivwb14j.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/i7a7gnbodfa.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/jyuxv1zk2s4cznf97m.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/suaorbexu38hov0wz.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/m.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/pa378iks3htb.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/8km857ifyi.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/o0g53nipiw2ir.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/7zfge.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/tksi4ucg2g.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/192esx8oebymqa.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/1y0r.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/a5fw0qf028s.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/bqjxto2f110rh.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/22vy19g3wdo.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/n70ghguq.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/rj07.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/tasc7lvxngphww6.php/

HTTP Response

200
154.216.19.93:80

http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tg22

http

1.2kB
1.9kB
11
8

HTTP Request

GET http://154.216.19.93/socket.io/?EIO=3&transport=polling

HTTP Response

200

HTTP Request

GET http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tg22

HTTP Response

200

HTTP Request

POST http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tg22

HTTP Response

200
154.216.19.93:80

http://154.216.19.93/socket.io/?EIO=3&transport=websocket&sid=tg22

http

963 B
986 B
13
9

HTTP Request

GET http://154.216.19.93/socket.io/?EIO=3&transport=websocket&sid=tg22

HTTP Response

101
154.216.19.93:80

http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tg22

http

540 B
789 B
7
6

HTTP Request

GET http://154.216.19.93/socket.io/?EIO=3&transport=polling&sid=tg22

HTTP Response

200
142.250.200.14:443

android.apis.google.com

tls

5.9kB
9.6kB
26
25
172.217.169.14:443

www.youtube.com

tls

1.8kB
8.3kB
13
15
154.216.19.93:80

http://154.216.19.93/php/v6jensebugo7lqgpy.php/

http

7.5kB
3.9kB
16
9

HTTP Request

POST http://154.216.19.93/php/j16.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/u.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/4jtb4.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/i2ilnygi7c2.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/bag.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/i9hsw7ub7u.php/

HTTP Response

200

HTTP Request

POST http://154.216.19.93/php/v6jensebugo7lqgpy.php/

HTTP Response

200
142.250.187.228:443

www.google.com

tls

7.7kB
6.8kB
22
24
142.250.187.228:443

www.google.com

tls

1.0kB
5.1kB
9
8
108.177.15.84:443

accounts.google.com

tls

1.9kB
7.4kB
16
14
154.216.19.93:80

http://154.216.19.93/php/1ia25j.php/

http

811 B
759 B
6
5

HTTP Request

POST http://154.216.19.93/php/1ia25j.php/

HTTP Response

200

224.0.0.251:5353

7.3kB
24
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

172.217.169.8
1.1.1.1:53

accounts.google.com

dns

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

74.125.206.84
1.1.1.1:53

accounts.google.com

dns

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.251.173.84
1.1.1.1:53

semanticlocation-pa.googleapis.com

dns

80 B
304 B
1
1

DNS Request

semanticlocation-pa.googleapis.com

DNS Response

142.250.180.10

172.217.169.42

142.250.200.10

142.250.187.234

142.250.187.202

142.250.179.234

172.217.169.74

142.250.178.10

142.250.200.42

216.58.204.74

172.217.16.234

216.58.201.106

172.217.169.10

216.58.213.10
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

172.217.169.46
1.1.1.1:53

g.tenor.com

dns

57 B
296 B
1
1

DNS Request

g.tenor.com

DNS Response

142.250.200.10

142.250.179.234

142.250.200.42

142.250.187.202

142.250.178.10

172.217.16.234

216.58.204.74

216.58.213.10

216.58.201.106

172.217.169.74

142.250.180.10

216.58.212.202

142.250.187.234
1.1.1.1:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

172.217.169.4
172.217.169.4:443

www.google.com

https

1.5kB
49 B
2
1
1.1.1.1:53

mdh-pa.googleapis.com

dns

67 B
275 B
1
1

DNS Request

mdh-pa.googleapis.com

DNS Response

172.217.169.10

142.250.187.234

216.58.213.10

142.250.180.10

142.250.178.10

142.250.179.234

172.217.169.74

142.250.200.10

142.250.187.202

216.58.204.74

216.58.201.106

172.217.16.234

142.250.200.42
1.1.1.1:53

safebrowsing.googleapis.com

dns

73 B
89 B
1
1

DNS Request

safebrowsing.googleapis.com

DNS Response

142.250.187.234
1.1.1.1:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

216.58.212.196
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.200.14
1.1.1.1:53

semanticlocation-pa.googleapis.com

dns

80 B
304 B
1
1

DNS Request

semanticlocation-pa.googleapis.com

DNS Response

142.250.179.234

172.217.169.74

216.58.201.106

142.250.178.10

142.250.187.202

172.217.169.10

172.217.16.234

142.250.200.42

142.250.200.10

216.58.204.74

216.58.212.202

142.250.187.234

172.217.169.42

142.250.180.10
1.1.1.1:53

www.youtube.com

dns

61 B
351 B
1
1

DNS Request

www.youtube.com

DNS Response

172.217.169.14

142.250.187.238

216.58.204.78

216.58.213.14

172.217.16.238

216.58.212.206

172.217.169.46

216.58.212.238

142.250.180.14

172.217.169.78

142.250.200.46

142.250.178.14

142.250.187.206

142.250.200.14

216.58.201.110

142.250.179.238
172.217.169.14:443

www.youtube.com

https

1.5kB
49 B
2
1
1.1.1.1:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.228
142.250.187.228:443

www.google.com

https

1.5kB
49 B
2
1
1.1.1.1:53

accounts.google.com

dns

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.250.110.84
1.1.1.1:53

accounts.google.com

dns

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

108.177.15.84

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xskjlrfapapkaraglzakasd.staretxjk/app_claim/WsYunp.json

Filesize
736KB

MD5
795397719d1e1bd545fda82b5b9fbfec

SHA1
b5252d2899c8e93f33b0ff4b9e510a4a940ad784

SHA256
fed69a958cf0bf3b5896c6f92c7cfa4596f0a54085e18b6faf5f40b4a6237395

SHA512
e814be54d1b79aaec6c8d083a94c2e22b5baf8ee3bded1cc58c7c4e67232dd43f21cd13a98f89d19cd3f9e7615acb1a2d9327a466025788555a393869e8a1f97

Download Submit
/data/data/com.xskjlrfapapkaraglzakasd.staretxjk/app_claim/WsYunp.json

Filesize
736KB

MD5
dfd48f4a84a0dad508ea5ccfd704ca7f

SHA1
90b6a027bbe702ce0e26adbe507889165bb96041

SHA256
afd9a023668cd29adea5c60646f5fea0d3b31afca301f5ded8cc9aea1d1d1c1e

SHA512
9250bdd92c8917620ae0601ca3a1d12b0a9893dfb00f096e4e1775af76593f9327da35e30976715482cdb897d7d543d6dfd275c3001f61a648108db0bb356d48

Download Submit
/data/data/com.xskjlrfapapkaraglzakasd.staretxjk/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.xskjlrfapapkaraglzakasd.staretxjk/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
27c854093ba1f629f24c454b304a3a95

SHA1
baddbfd3e54d3fd6a528198079ad638163add4c3

SHA256
93e5315ba4141053e19bd0d6a498e69ba1921a121ea11c49baf3d70a3d9bf289

SHA512
75936bf679606b1415c26d6580cfb82057de821825923f928a7da634f1d257b1523d6ed6a0976eef8d8c989d336423a9ccb7237775c4a5e09311c3225c124e4a

Download Submit
/data/data/com.xskjlrfapapkaraglzakasd.staretxjk/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.xskjlrfapapkaraglzakasd.staretxjk/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
d7b0c73d39fef4a06739f23fae8a604c

SHA1
7ec301446143655135bf8293e0691bd6ec389b62

SHA256
a8088e112bc4aa9b35e890e282d6062be610c42a29ea5ff26346171678b65e36

SHA512
39b8660d7469eefddf015d329a9e7c30e27c6deb4ebaeb18cf40406d52cad34814310764d5aa7384749cf5de2729978d047a958c3a60268306c5807e1e0c1b25

Download Submit
/data/data/com.xskjlrfapapkaraglzakasd.staretxjk/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
ec984f1c07ff9da7b60aad1b8c92d437

SHA1
ed671886443fb47c6d572521b98fbb1f0fb8e7a3

SHA256
11620a4a2ee00cbdeded34d84d1bef8c861c12431c6b63d837fcc467e37de129

SHA512
1cb6c8c7f2b83403287f36fd214cd9438153f3100146e1181156628564924fd83e1c3a4f1477d504c5d9511031a6865deb23c951ad4d34803fbab4a35e119044

Download Submit
/data/data/com.xskjlrfapapkaraglzakasd.staretxjk/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
deaed6ac4bc1cc527e51a2695ffeb724

SHA1
242c7a3a7e5ef4f7743eacf34f5762a6d92f7d00

SHA256
5b4240b3cff8eb8e6e39bf4c5c7f908d967cdf0ff8e07da502b83c73d6432811

SHA512
6b0dfd0d5aa06c9cd3495cd5bc8664034bf70981f4f0681588f7479c40b0442503486e636429e1bb639938d9bfe570423b5b419c98b5405c05709653b528b129

Download Submit
/data/user/0/com.xskjlrfapapkaraglzakasd.staretxjk/app_claim/WsYunp.json

Filesize
1.7MB

MD5
ffcaa9e688b50ccf1b005883919c9c74

SHA1
185fad91d59541ab6f803f597a6211e175bdf954

SHA256
d60b15bd863a547743f5862075f3bfc4faab3588775ccf345b40ac8f0f6ce767

SHA512
9666de529f3fe843c252c489662bac2f54270dcbc10705abcfd68f808e124f7fa58fcd7509f574df56420f5227c2d132dacf41ba1b4e8efe05373c4f21ff2299

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request