Loading Joe Sandbox Report ...

Edit tour

Android Analysis Report
Vezmhoup7U

Overview

General Information

Sample Name:Vezmhoup7U
Analysis ID:1315840
MD5:e4e0ad27227e83a4e0536a6b5c05cf30
SHA1:7901d85f316d293da81b8114b0523033d65d6b85
SHA256:259e88f593a3df5cf14924eec084d904877953c4a78ed4a2bc9660a2eaabb20b
Infos:

Detection

Xenomorph
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Detected Xenomorph
Antivirus / Scanner detection for submitted sample
Loads a dropped dex file via MultiDexApplication
Removes its application launcher (likely to stay hidden)
Tries to disable the administrator user
Drops a new dex file
Found potential keylogger
Kills background processes
Checks if app is currently debugged
Checks if taint analysis is available
Uses accessibility services (likely to control other applications)
Checks if a SIM card is installed
Queries list of running processes/tasks
Queries media storage location field
Tries to detect QEMU emulator
Queries the SIM provider name (SPN - Service Provider Name)
Obfuscates method names
Has permission to read the SMS storage
Installs a new wake lock (to get activate on phone screen on)
Found suspicious command strings (may be related to BOT commands)
Monitors incoming SMS
Sends SMS using SmsManager
Checks an internet connection is available
Queries list of installed packages
Found very long method strings
Checks if phone is rooted (checks for su binary)
Creates SMS data (e.g. PDU)
Requests potentially dangerous permissions
Requests root access
Potential date aware sample found
Has permission to perform phone calls in the background
May take a camera picture
Queries the phones location (GPS)
Opens an internet connection
Queries the network operator name
May access the Android keyguard (lock screen)
Aborts a broadcast event (this is often done to hide phone events such as incoming SMS)
Has permission to receive SMS in the background
Lists and deletes files in the same context
Queries a list of installed applications
Uses DownloadManager to fetch additional components
Queries the network operator ISO country code
Detected TCP or UDP traffic on non-standard ports
Has functionality to send UDP packets
Has permission to draw over other applications or user interfaces
Queries the unqiue device ID (IMEI, MEID or ESN)
Accesses /proc
Has permission to read the phones state (phone number, device IDs, active call ect.)
Queries the SIM provider ISO country code
Might use exploit to break dedexer tools
Accesses android OS build fields
Executes native commands
Reads boot loader settings of the device
Checks if the device administrator is active
Performs DNS lookups (Java API)
Queries the network operator numeric MCC+MNC (mobile country code + mobile network code)
Queries several sensitive phone informations
Has permission to send SMS in the background
Checks CPU details
Queries the unique operating system id (ANDROID_ID)
Has permission to terminate background processes of other applications
Sets an intent to the APK data type (used to install other APKs)
Has permission to execute code after phone reboot
Uses reflection

Classification

No yara matches
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Vezmhoup7UReversingLabs: Detection: 34%
Source: Vezmhoup7UVirustotal: Detection: 38%Perma Link
Source: Vezmhoup7UAvira: detected
Source: com.unionpay.UPPayAssistEx;->a:213API Call: android.location.Location.getLatitude
Source: com.unionpay.UPPayAssistEx;->a:221API Call: android.location.Location.getLongitude
Source: com.unionpay.mobile.android.nocard.views.bh;->a:96API Call: android.location.Location.getLatitude
Source: com.unionpay.mobile.android.nocard.views.bh;->a:104API Call: android.location.Location.getLongitude
Source: fixed-Vezmhoup7UCode Location: Lhhb/lsivkws/qtrcisvkq/etghw/djllmwdqjps;.a(I)[C
Source: Lcom/unionpay/UPPayAssistEx;->a(Landroid/content/Context;Z)Ljava/lang/String;Method string: "/system/bin/su"
Source: Lcom/alipay/sdk/sys/b;->b()ZMethod string: "/system/bin/su"
Source: Lcom/alipay/sdk/sys/b;->b()ZMethod string: "/system/xbin/su"
Source: Lcom/unionpay/mobile/android/utils/f;->d(Landroid/content/Context;)Ljava/lang/String;Method string: "/system/bin/su"
Source: Lcom/unionpay/mobile/android/utils/f;->b()Ljava/lang/String;Method string: "/system/bin/su"
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->isAdminActive:585API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: unknownHTTPS traffic detected: 142.250.65.195:443 -> 192.168.2.30:46744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.30:52096 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.65.170:443 -> 192.168.2.30:32896 version: TLS 1.2
Source: com.alipay.apmobilesecuritysdk.a.a;->b:98API Call: android.os.Environment.getExternalStorageDirectory
Source: com.kwai.video.player.a.h;->a:4API Call: android.os.Environment.getExternalStorageState
Source: com.kwai.video.player.a.h;->a:7API Call: android.os.Environment.getExternalStorageDirectory
Source: com.huawei.hms.availableupdate.d;->a:24API Call: android.os.Environment.getExternalStorageState
Source: com.alipay.security.mobile.module.b.b;->c:28API Call: android.os.Environment.getExternalStorageState
Source: com.kwai.video.b.a;-><clinit>:2API Call: android.os.Environment.getExternalStorageDirectory
Source: com.alipay.security.mobile.module.b.b;->l:247API Call: android.os.Environment.getExternalStorageState
Source: com.alipay.security.mobile.module.b.b;->l:250API Call: android.os.Environment.getExternalStorageDirectory
Source: com.alipay.security.mobile.module.c.c;->a:2API Call: android.os.Environment.getExternalStorageDirectory
Source: com.alipay.security.mobile.module.c.c;->a:8API Call: android.os.Environment.getExternalStorageState
Source: com.alipay.security.mobile.module.c.c;->a:14API Call: android.os.Environment.getExternalStorageDirectory
Source: com.alipay.apmobilesecuritysdk.f.a;->a:44API Call: android.os.Environment.getExternalStorageDirectory
Source: com.xiaomi.push.b;->a:1API Call: android.os.Environment.getExternalStorageState
Source: com.xiaomi.push.b;->b:5API Call: android.os.Environment.getExternalStorageState
Source: com.xiaomi.push.b;->e:13API Call: android.os.Environment.getExternalStorageDirectory
Source: com.kwai.video.hodor.util.b;->a:33API Call: android.os.Environment.getExternalStorageDirectory
Source: com.unionpay.mobile.android.utils.k;->a:13API Call: android.os.Environment.getExternalStorageDirectory
Source: com.unionpay.mobile.android.utils.p;->a:1API Call: android.os.Environment.getExternalStorageDirectory
Source: com.unionpay.utils.j;->a:13API Call: android.os.Environment.getExternalStorageDirectory
Source: com.hhmedic.android.sdk.base.utils.HHDirUtils;->getCacheDirectory:14API Call: android.os.Environment.getExternalStorageState
Source: com.hhmedic.android.sdk.base.utils.HHDirUtils;->getExternalCacheDir:30API Call: android.os.Environment.getExternalStorageDirectory
Source: com.hhmedic.android.sdk.base.utils.HHImageUtils;->convertUri:12API Call: android.os.Environment.getExternalStorageDirectory
Source: com.unionpay.mobile.android.nocard.views.l;->a:214API Call: android.os.Environment.getExternalStorageState
Source: com.unionpay.mobile.android.nocard.views.l;->a:223API Call: android.os.Environment.getExternalStorageDirectory
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->isInternetConnected:592API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->isInternetConnected:593API Call: android.net.NetworkInfo.isConnected
Source: com.alipay.apmobilesecuritysdk.a.a;->a:252API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.alipay.apmobilesecuritysdk.a.a;->a:253API Call: android.net.NetworkInfo.isConnected
Source: com.huawei.hms.android.SystemUtils;->getNetType:14API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.hms.android.SystemUtils;->getNetType:15API Call: android.net.NetworkInfo.isAvailable
Source: com.alipay.security.mobile.module.b.b;->o:299API Call: android.net.wifi.WifiManager.isWifiEnabled
Source: com.alipay.security.mobile.module.b.b;->r:347API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.hms.framework.common.NetworkUtil;->getDnsServerIpsFromConnectionManager:7API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.hms.framework.common.NetworkUtil;->getDnsServerIpsFromConnectionManager:9API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.huawei.hms.framework.common.NetworkUtil;->getNetworkInfo:139API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.hms.framework.common.NetworkUtil;->getNetworkStatus:153API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.hms.framework.common.NetworkUtil;->getNetworkStatus:154API Call: android.net.NetworkInfo.getDetailedState
Source: com.huawei.hms.framework.common.NetworkUtil;->getNetworkType:174API Call: android.net.NetworkInfo.isConnected
Source: com.huawei.hms.framework.common.NetworkUtil;->isNetworkAvailable:228API Call: android.net.NetworkInfo.isConnected
Source: com.alipay.android.phone.mrpc.core.q;->d:124API Call: android.net.ConnectivityManager.getAllNetworkInfo
Source: com.alipay.android.phone.mrpc.core.q;->d:125API Call: android.net.NetworkInfo.isAvailable
Source: com.alipay.android.phone.mrpc.core.q;->d:126API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: com.alipay.android.phone.mrpc.core.q;->d:165API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.alipay.android.phone.mrpc.core.q;->d:166API Call: android.net.NetworkInfo.isAvailable
Source: com.kwai.video.wayne.player.f.f;->b:27API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kwai.video.wayne.player.f.f;->c:30API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kwai.video.wayne.player.f.f;->c:31API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.video.wayne.player.f.f;->d:34API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.kwai.video.wayne.player.f.f;->d:35API Call: android.net.NetworkInfo.isConnected
Source: com.huawei.hms.hatool.h;->a:17API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.hms.hatool.h;->a:18API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.video.hodor.NetworkMonitor;->onNetworkChange:85API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kwai.video.hodor.NetworkMonitor;->onNetworkChange:95API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.video.hodor.NetworkMonitor;->onNetworkChange:99API Call: android.net.NetworkInfo.getState
Source: com.kwai.video.hodor.NetworkMonitor;->onNetworkChange:105API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.video.hodor.NetworkMonitor;->onNetworkChange:108API Call: android.net.NetworkInfo.getState
Source: com.huawei.updatesdk.a.a.d.i.a;->a:1API Call: android.net.NetworkInfo.isConnected
Source: com.huawei.updatesdk.a.a.d.i.a;->a:5API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.updatesdk.a.a.d.i.a;->d:14API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.updatesdk.a.a.d.i.a;->d:15API Call: android.net.NetworkInfo.isConnected
Source: com.bumptech.glide.manager.e;->a:17API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.bumptech.glide.manager.e;->a:18API Call: android.net.NetworkInfo.isConnected
Source: com.alipay.sdk.net.a;->b:133API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.alipay.sdk.net.a;->c:135API Call: android.net.NetworkInfo.isAvailable
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->a:5API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->a:25API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->a:29API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->a:35API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->a:45API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->a:47API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->a:51API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->d:77API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->d:81API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.xiaomi.push.ak;->a:9API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.ak;->b:252API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.ak;->e:268API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.ak;->e:269API Call: android.net.NetworkInfo.isConnected
Source: com.xiaomi.push.ak;->f:272API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.ak;->k:295API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.ak;->l:301API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.bx;->b:165API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.gf;->c:76API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.service.XMPushService;->d:381API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.service.XMPushService;->d:398API Call: android.net.NetworkInfo.getState
Source: com.xiaomi.push.service.XMPushService;->d:402API Call: android.net.NetworkInfo.getDetailedState
Source: com.xiaomi.push.service.XMPushService;->d:410API Call: android.net.NetworkInfo.getState
Source: com.unionpay.UPPayAssistEx;->a:156API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.unionpay.UPPayAssistEx;->a:157API Call: android.net.NetworkInfo.isAvailable
Source: com.unionpay.UPPayAssistEx;->a:159API Call: android.net.NetworkInfo.getState
Source: com.alipay.sdk.util.b;->b:21API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kwai.video.hodor.util.f;->a:3API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.kwai.video.hodor.util.f;->c:97API Call: android.net.NetworkInfo.isConnected
Source: com.unionpay.mobile.android.utils.f;->f:95API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.unionpay.mobile.android.utils.f;->f:97API Call: android.net.NetworkInfo.isAvailable
Source: com.unionpay.mobile.android.utils.f;->f:99API Call: android.net.NetworkInfo.getState
Source: com.huawei.hms.utils.NetWorkUtil;->a:2API Call: android.net.NetworkInfo.isConnected
Source: com.huawei.hms.utils.NetWorkUtil;->a:8API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.mtnyrvojt.qtbxtwjnq.models.DownloadTask;->doInBackground:7API Call: java.net.URL.openConnection (not executed)
Source: com.mtnyrvojt.qtbxtwjnq.models.EncodedResourceDownloadTask;->doInBackground:8API Call: java.net.URL.openConnection (not executed)
Source: com.unionpay.a.c;->a:15API Call: java.net.URL.openConnection (not executed)
Source: com.unionpay.a.c;->a:22API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.hms.framework.network.grs.d.a.a;->a:3API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.hms.availableupdate.j;->a:33API Call: java.net.URL.openConnection (not executed)
Source: com.kwai.video.b.a;->a:9API Call: java.net.URL.openConnection (not executed)
Source: com.kwai.video.ksmediaplayeradapter.b.c;->b:111API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.updatesdk.a.a.b.b;->a:3API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.updatesdk.a.a.b.b;->a:5API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.updatesdk.a.a.b.b;->a:11API Call: java.net.URL.openConnection (not executed)
Source: com.facebook.react.modules.camera.ImageEditingManager$b;->a:51API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.updatesdk.b.d.d;->a:19API Call: java.net.URL.openConnection (not executed)
Source: com.bumptech.glide.load.data.g$a;->a:3API Call: java.net.URL.openConnection (not executed)
Source: com.kwai.video.wayne.extend.decision.b$1;->run:20API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.hms.hatool.a0;->a:86API Call: java.net.URL.openConnection (not executed)
Source: com.kwai.video.ksmediaplayerkit.manifest.f;->run:61API Call: java.net.URL.openConnection (not executed)
Source: com.unionpay.mobile.android.net.c;->a:15API Call: java.net.URL.openConnection (not executed)
Source: com.unionpay.mobile.android.net.c;->a:22API Call: java.net.URL.openConnection (not executed)
Source: com.alipay.sdk.net.a;->a:18API Call: java.net.URL.openConnection (not executed)
Source: com.alipay.sdk.net.a;->a:20API Call: java.net.URL.openConnection (not executed)
Source: com.airbnb.lottie.network.c;->e:25API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.hms.opendevice.d;->a:74API Call: java.net.URL.openConnection (not executed)
Source: okhttp3.internal.platform.AndroidPlatform;->connectSocket:80API Call: java.net.Socket.connect (not executed)
Source: okhttp3.internal.platform.Platform;->connectSocket:52API Call: java.net.Socket.connect (not executed)
Source: com.xiaomi.push.ak;->a:119API Call: java.net.URL.openConnection (not executed)
Source: com.xiaomi.push.ak;->b:236API Call: java.net.URL.openConnection (not executed)
Source: com.xiaomi.push.ak;->b:243API Call: java.net.URL.openConnection (not executed)
Source: com.xiaomi.push.fg;->a:42API Call: java.net.Socket.connect (not executed)
Source: com.facebook.react.a$1;->run:4API Call: java.net.URL.openConnection (not executed)
Source: com.xiaomi.push.service.r;->b:47API Call: java.net.Socket.connect (not executed)
Source: com.xiaomi.push.service.y;->a:25API Call: java.net.URL.openConnection (not executed)
Source: global trafficTCP traffic: 192.168.2.30:47584 -> 8.8.4.4:853
Source: com.mtnyrvojt.qtbxtwjnq.socks.Socks4Impl;->resolveExternalLocalIP:130API Call: java.net.InetAddress.getByName (not executed)
Source: com.mtnyrvojt.qtbxtwjnq.socks.Utils;->calcInetAddress:10API Call: java.net.InetAddress.getByName (not executed)
Source: com.mtnyrvojt.qtbxtwjnq.socks.Socks5Impl;->calcInetAddress:73API Call: java.net.InetAddress.getByName (not executed)
Source: com.google.gson.internal.bind.TypeAdapters$23;->read:7API Call: java.net.InetAddress.getByName (not executed)
Source: okhttp3.Dns$Companion$SYSTEM$1;->lookup:6API Call: java.net.InetAddress.getAllByName (not executed)
Source: unknownNetwork traffic detected: HTTP traffic on port 33184 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 32896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 46744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56914
Source: unknownNetwork traffic detected: HTTP traffic on port 40806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56914 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 32904
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39584
Source: unknownNetwork traffic detected: HTTP traffic on port 56190 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60630 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33166
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60630
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40806
Source: unknownNetwork traffic detected: HTTP traffic on port 52096 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46744
Source: unknownNetwork traffic detected: HTTP traffic on port 56890 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42578 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 32904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47970
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47454
Source: unknownNetwork traffic detected: HTTP traffic on port 51710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 33168 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 33166 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 32898
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 32896
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33168
Source: unknownNetwork traffic detected: HTTP traffic on port 47454 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56888 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 47970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 44896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 40818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 39584 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 46786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 40820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52096
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42578
Source: unknownNetwork traffic detected: HTTP traffic on port 40774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 32898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44896
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Sep 2023 12:34:04 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingLast-Modified: Fri, 03 Mar 2023 18:07:28 GMTETag: W/"592-5f602d176fbd2"Content-Encoding: gzipData Raw: 32 64 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 54 6d 6f d3 30 10 fe be 5f 71 04 81 40 22 71 d3 8e 8d a6 69 a4 d1 6e 62 12 8c 89 15 01 1f bd e4 9a 78 4b ec 60 5f 5f c2 c4 7f c7 4e ba b6 d3 00 f1 01 57 aa 92 7b 79 9e e7 ce 77 89 9f 4c 3f 4e 66 df 2e 4f a1 a0 aa 84 cb cf 6f df 9f 4f c0 f3 19 fb 32 98 30 36 9d 4d e1 eb bb d9 87 f7 10 06 3d b8 22 2d 52 62 ec f4 c2 03 af 20 aa 23 c6 56 ab 55 b0 1a 04 4a e7 6c f6 89 ad 1d 4a e8 d2 36 8f be 69 73 82 8c 32 2f 39 88 5b 92 75 55 4a 33 fe 0d 40 38 1c 0e bb 3c cf 05 45 25 97 f9 d8 43 e9 c1 f6 29 89 0b e4 59 72 00 f6 c4 24 a8 c4 e4 b0 77 08 cf ab 8c 9b 62 04 17 8a e0 4c 2d 64 16 b3 ce d9 05 56 48 1c 1c 9f 8f df 17 62 39 f6 26 4a 12 4a f2 67 4d 8d 1e a4 dd db d8 23 5c 13 73 fc 23 48 0b ae 0d d2 f8 f3 ec cc 7f e3 b1 7d 20 c9 2b 1c 7b 19 9a 54 8b 9a 84 92 7b 08 57 4a eb e6 15 d4 3c 47 90 56 cc dc 89 d9 a6 1b 6a 4a 04 b2 a4 1b ae d4 18 af f3 b9 73 ad b2 06 ee e6 16 cb 37 e2 07 46 e1 61 bd b6 4a 54 a9 74 f4 f4 b8 3d 23 68 dd 73 5e 89 b2 89 b8 16 dc 6a 75 50 3e 2f 45 2e a3 d4 aa 40 3d fa b9 c5 2c c2 07 88 6f 7a 7b 90 c3 e1 c9 f1 c9 d9 08 2a ae 73 21 23 38 b6 4e e8 b9 df 3e 40 1f ee ba 78 78 3a 3d 3d 9a bc 9e 3e d4 00 1b 11 3b 12 e8 b7 24 ad 61 85 22 2f 28 b2 a5 95 d9 08 4a 24 ab ce 37 35 4f 85 cc 23 f0 43 17 78 4f ef 0f 5a fa c1 d0 1a 77 fc 35 dc ad 44 46 45 34 e8 60 1f 17 bb 01 f0 4b 9c 53 c4 17 a4 46 1b 83 6e b9 5b cb 7d 0c a9 3a 82 81 ab 73 c7 90 89 e5 7f e1 d8 21 f2 a8 14 f2 76 d7 b7 c1 e1 eb c1 d1 c9 83 80 a5 30 82 30 fb 6b 0c 4f 49 2c f1 af 21 85 5a a2 fe 43 44 cc da 79 b3 6b c7 ba a5 39 88 dd 84 6d 66 b1 4e 62 bb 13 1a e7 db 4d e4 59 25 64 80 6b 5e d5 25 06 a9 aa 98 97 3c b2 c5 8c 27 31 ab 37 20 45 e8 d6 cf e2 87 f7 86 7e 72 e9 66 7f 6f 11 ad a9 f3 d9 3e ef 66 fd 9c c0 20 56 06 a8 e0 64 ff b0 db 99 46 2d 60 85 da 2e 89 6e ec 88 00 29 d0 c8 d3 02 32 85 a6 dd 28 5c 0b 43 c0 65 53 29 8d af 40 69 7b 35 cd 35 82 20 28 b8 81 9b 85 f5 56 b6 2b 59 b0 e5 fa 66 41 53 2e c1 10 d7 36 35 e7 42 c2 5c ab aa a5 fd 97 2e 14 aa 42 57 b8 63 cb 15 5c f3 f4 d6 29 db a6 de f0 25 ef be 06 d1 b3 7e af b0 02 95 6e 82 5c bd f0 c3 97 5e 52 6b 5c 0a b5 30 6d 85 0e 26 d8 5c 4f db 90 98 75 97 12 b7 1f 9e e4 e0 17 63 2a 81 73 92 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 2d3Tmo0_q@"qinbxK`__NW{ywL?Nf.OoO206M="-Rb #VUJlJ6is2/9[uUJ3@8<E%C)Yr$wbL-dVHb9&JJgM#\s#H} +{T{WJ<GVjJs7FaJTt=#hs^juP>/E.@=,oz{*s!#8N>@xx:==>;$a"/(J$75O#CxOZw5DFE4`KSFn[}:s!v00k
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Sep 2023 12:34:19 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingLast-Modified: Fri, 03 Mar 2023 18:07:28 GMTETag: W/"592-5f602d176fbd2"Content-Encoding: gzipData Raw: 32 64 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 54 6d 6f d3 30 10 fe be 5f 71 04 81 40 22 71 d3 8e 8d a6 69 a4 d1 6e 62 12 8c 89 15 01 1f bd e4 9a 78 4b ec 60 5f 5f c2 c4 7f c7 4e ba b6 d3 00 f1 01 57 aa 92 7b 79 9e e7 ce 77 89 9f 4c 3f 4e 66 df 2e 4f a1 a0 aa 84 cb cf 6f df 9f 4f c0 f3 19 fb 32 98 30 36 9d 4d e1 eb bb d9 87 f7 10 06 3d b8 22 2d 52 62 ec f4 c2 03 af 20 aa 23 c6 56 ab 55 b0 1a 04 4a e7 6c f6 89 ad 1d 4a e8 d2 36 8f be 69 73 82 8c 32 2f 39 88 5b 92 75 55 4a 33 fe 0d 40 38 1c 0e bb 3c cf 05 45 25 97 f9 d8 43 e9 c1 f6 29 89 0b e4 59 72 00 f6 c4 24 a8 c4 e4 b0 77 08 cf ab 8c 9b 62 04 17 8a e0 4c 2d 64 16 b3 ce d9 05 56 48 1c 1c 9f 8f df 17 62 39 f6 26 4a 12 4a f2 67 4d 8d 1e a4 dd db d8 23 5c 13 73 fc 23 48 0b ae 0d d2 f8 f3 ec cc 7f e3 b1 7d 20 c9 2b 1c 7b 19 9a 54 8b 9a 84 92 7b 08 57 4a eb e6 15 d4 3c 47 90 56 cc dc 89 d9 a6 1b 6a 4a 04 b2 a4 1b ae d4 18 af f3 b9 73 ad b2 06 ee e6 16 cb 37 e2 07 46 e1 61 bd b6 4a 54 a9 74 f4 f4 b8 3d 23 68 dd 73 5e 89 b2 89 b8 16 dc 6a 75 50 3e 2f 45 2e a3 d4 aa 40 3d fa b9 c5 2c c2 07 88 6f 7a 7b 90 c3 e1 c9 f1 c9 d9 08 2a ae 73 21 23 38 b6 4e e8 b9 df 3e 40 1f ee ba 78 78 3a 3d 3d 9a bc 9e 3e d4 00 1b 11 3b 12 e8 b7 24 ad 61 85 22 2f 28 b2 a5 95 d9 08 4a 24 ab ce 37 35 4f 85 cc 23 f0 43 17 78 4f ef 0f 5a fa c1 d0 1a 77 fc 35 dc ad 44 46 45 34 e8 60 1f 17 bb 01 f0 4b 9c 53 c4 17 a4 46 1b 83 6e b9 5b cb 7d 0c a9 3a 82 81 ab 73 c7 90 89 e5 7f e1 d8 21 f2 a8 14 f2 76 d7 b7 c1 e1 eb c1 d1 c9 83 80 a5 30 82 30 fb 6b 0c 4f 49 2c f1 af 21 85 5a a2 fe 43 44 cc da 79 b3 6b c7 ba a5 39 88 dd 84 6d 66 b1 4e 62 bb 13 1a e7 db 4d e4 59 25 64 80 6b 5e d5 25 06 a9 aa 98 97 3c b2 c5 8c 27 31 ab 37 20 45 e8 d6 cf e2 87 f7 86 7e 72 e9 66 7f 6f 11 ad a9 f3 d9 3e ef 66 fd 9c c0 20 56 06 a8 e0 64 ff b0 db 99 46 2d 60 85 da 2e 89 6e ec 88 00 29 d0 c8 d3 02 32 85 a6 dd 28 5c 0b 43 c0 65 53 29 8d af 40 69 7b 35 cd 35 82 20 28 b8 81 9b 85 f5 56 b6 2b 59 b0 e5 fa 66 41 53 2e c1 10 d7 36 35 e7 42 c2 5c ab aa a5 fd 97 2e 14 aa 42 57 b8 63 cb 15 5c f3 f4 d6 29 db a6 de f0 25 ef be 06 d1 b3 7e af b0 02 95 6e 82 5c bd f0 c3 97 5e 52 6b 5c 0a b5 30 6d 85 0e 26 d8 5c 4f db 90 98 75 97 12 b7 1f 9e e4 e0 17 63 2a 81 73 92 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 2d3Tmo0_q@"qinbxK`__NW{ywL?Nf.OoO206M="-Rb #VUJlJ6is2/9[uUJ3@8<E%C)Yr$wbL-dVHb9&JJgM#\s#H} +{T{WJ<GVjJs7FaJTt=#hs^juP>/E.@=,oz{*s!#8N>@xx:==>;$a"/(J$75O#CxOZw5DFE4`KSFn[}:s!v00k
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Sep 2023 12:35:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingLast-Modified: Fri, 03 Mar 2023 18:07:28 GMTETag: W/"592-5f602d176fbd2"Content-Encoding: gzipData Raw: 32 64 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 54 6d 6f d3 30 10 fe be 5f 71 04 81 40 22 71 d3 8e 8d a6 69 a4 d1 6e 62 12 8c 89 15 01 1f bd e4 9a 78 4b ec 60 5f 5f c2 c4 7f c7 4e ba b6 d3 00 f1 01 57 aa 92 7b 79 9e e7 ce 77 89 9f 4c 3f 4e 66 df 2e 4f a1 a0 aa 84 cb cf 6f df 9f 4f c0 f3 19 fb 32 98 30 36 9d 4d e1 eb bb d9 87 f7 10 06 3d b8 22 2d 52 62 ec f4 c2 03 af 20 aa 23 c6 56 ab 55 b0 1a 04 4a e7 6c f6 89 ad 1d 4a e8 d2 36 8f be 69 73 82 8c 32 2f 39 88 5b 92 75 55 4a 33 fe 0d 40 38 1c 0e bb 3c cf 05 45 25 97 f9 d8 43 e9 c1 f6 29 89 0b e4 59 72 00 f6 c4 24 a8 c4 e4 b0 77 08 cf ab 8c 9b 62 04 17 8a e0 4c 2d 64 16 b3 ce d9 05 56 48 1c 1c 9f 8f df 17 62 39 f6 26 4a 12 4a f2 67 4d 8d 1e a4 dd db d8 23 5c 13 73 fc 23 48 0b ae 0d d2 f8 f3 ec cc 7f e3 b1 7d 20 c9 2b 1c 7b 19 9a 54 8b 9a 84 92 7b 08 57 4a eb e6 15 d4 3c 47 90 56 cc dc 89 d9 a6 1b 6a 4a 04 b2 a4 1b ae d4 18 af f3 b9 73 ad b2 06 ee e6 16 cb 37 e2 07 46 e1 61 bd b6 4a 54 a9 74 f4 f4 b8 3d 23 68 dd 73 5e 89 b2 89 b8 16 dc 6a 75 50 3e 2f 45 2e a3 d4 aa 40 3d fa b9 c5 2c c2 07 88 6f 7a 7b 90 c3 e1 c9 f1 c9 d9 08 2a ae 73 21 23 38 b6 4e e8 b9 df 3e 40 1f ee ba 78 78 3a 3d 3d 9a bc 9e 3e d4 00 1b 11 3b 12 e8 b7 24 ad 61 85 22 2f 28 b2 a5 95 d9 08 4a 24 ab ce 37 35 4f 85 cc 23 f0 43 17 78 4f ef 0f 5a fa c1 d0 1a 77 fc 35 dc ad 44 46 45 34 e8 60 1f 17 bb 01 f0 4b 9c 53 c4 17 a4 46 1b 83 6e b9 5b cb 7d 0c a9 3a 82 81 ab 73 c7 90 89 e5 7f e1 d8 21 f2 a8 14 f2 76 d7 b7 c1 e1 eb c1 d1 c9 83 80 a5 30 82 30 fb 6b 0c 4f 49 2c f1 af 21 85 5a a2 fe 43 44 cc da 79 b3 6b c7 ba a5 39 88 dd 84 6d 66 b1 4e 62 bb 13 1a e7 db 4d e4 59 25 64 80 6b 5e d5 25 06 a9 aa 98 97 3c b2 c5 8c 27 31 ab 37 20 45 e8 d6 cf e2 87 f7 86 7e 72 e9 66 7f 6f 11 ad a9 f3 d9 3e ef 66 fd 9c c0 20 56 06 a8 e0 64 ff b0 db 99 46 2d 60 85 da 2e 89 6e ec 88 00 29 d0 c8 d3 02 32 85 a6 dd 28 5c 0b 43 c0 65 53 29 8d af 40 69 7b 35 cd 35 82 20 28 b8 81 9b 85 f5 56 b6 2b 59 b0 e5 fa 66 41 53 2e c1 10 d7 36 35 e7 42 c2 5c ab aa a5 fd 97 2e 14 aa 42 57 b8 63 cb 15 5c f3 f4 d6 29 db a6 de f0 25 ef be 06 d1 b3 7e af b0 02 95 6e 82 5c bd f0 c3 97 5e 52 6b 5c 0a b5 30 6d 85 0e 26 d8 5c 4f db 90 98 75 97 12 b7 1f 9e e4 e0 17 63 2a 81 73 92 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 2d3Tmo0_q@"qinbxK`__NW{ywL?Nf.OoO206M="-Rb #VUJlJ6is2/9[uUJ3@8<E%C)Yr$wbL-dVHb9&JJgM#\s#H} +{T{WJ<GVjJs7FaJTt=#hs^juP>/E.@=,oz{*s!#8N>@xx:==>;$a"/(J$75O#CxOZw5DFE4`KSFn[}:s!v00k
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Sep 2023 12:35:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingLast-Modified: Fri, 03 Mar 2023 18:07:28 GMTETag: W/"592-5f602d176fbd2"Content-Encoding: gzipData Raw: 32 64 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 54 6d 6f d3 30 10 fe be 5f 71 04 81 40 22 71 d3 8e 8d a6 69 a4 d1 6e 62 12 8c 89 15 01 1f bd e4 9a 78 4b ec 60 5f 5f c2 c4 7f c7 4e ba b6 d3 00 f1 01 57 aa 92 7b 79 9e e7 ce 77 89 9f 4c 3f 4e 66 df 2e 4f a1 a0 aa 84 cb cf 6f df 9f 4f c0 f3 19 fb 32 98 30 36 9d 4d e1 eb bb d9 87 f7 10 06 3d b8 22 2d 52 62 ec f4 c2 03 af 20 aa 23 c6 56 ab 55 b0 1a 04 4a e7 6c f6 89 ad 1d 4a e8 d2 36 8f be 69 73 82 8c 32 2f 39 88 5b 92 75 55 4a 33 fe 0d 40 38 1c 0e bb 3c cf 05 45 25 97 f9 d8 43 e9 c1 f6 29 89 0b e4 59 72 00 f6 c4 24 a8 c4 e4 b0 77 08 cf ab 8c 9b 62 04 17 8a e0 4c 2d 64 16 b3 ce d9 05 56 48 1c 1c 9f 8f df 17 62 39 f6 26 4a 12 4a f2 67 4d 8d 1e a4 dd db d8 23 5c 13 73 fc 23 48 0b ae 0d d2 f8 f3 ec cc 7f e3 b1 7d 20 c9 2b 1c 7b 19 9a 54 8b 9a 84 92 7b 08 57 4a eb e6 15 d4 3c 47 90 56 cc dc 89 d9 a6 1b 6a 4a 04 b2 a4 1b ae d4 18 af f3 b9 73 ad b2 06 ee e6 16 cb 37 e2 07 46 e1 61 bd b6 4a 54 a9 74 f4 f4 b8 3d 23 68 dd 73 5e 89 b2 89 b8 16 dc 6a 75 50 3e 2f 45 2e a3 d4 aa 40 3d fa b9 c5 2c c2 07 88 6f 7a 7b 90 c3 e1 c9 f1 c9 d9 08 2a ae 73 21 23 38 b6 4e e8 b9 df 3e 40 1f ee ba 78 78 3a 3d 3d 9a bc 9e 3e d4 00 1b 11 3b 12 e8 b7 24 ad 61 85 22 2f 28 b2 a5 95 d9 08 4a 24 ab ce 37 35 4f 85 cc 23 f0 43 17 78 4f ef 0f 5a fa c1 d0 1a 77 fc 35 dc ad 44 46 45 34 e8 60 1f 17 bb 01 f0 4b 9c 53 c4 17 a4 46 1b 83 6e b9 5b cb 7d 0c a9 3a 82 81 ab 73 c7 90 89 e5 7f e1 d8 21 f2 a8 14 f2 76 d7 b7 c1 e1 eb c1 d1 c9 83 80 a5 30 82 30 fb 6b 0c 4f 49 2c f1 af 21 85 5a a2 fe 43 44 cc da 79 b3 6b c7 ba a5 39 88 dd 84 6d 66 b1 4e 62 bb 13 1a e7 db 4d e4 59 25 64 80 6b 5e d5 25 06 a9 aa 98 97 3c b2 c5 8c 27 31 ab 37 20 45 e8 d6 cf e2 87 f7 86 7e 72 e9 66 7f 6f 11 ad a9 f3 d9 3e ef 66 fd 9c c0 20 56 06 a8 e0 64 ff b0 db 99 46 2d 60 85 da 2e 89 6e ec 88 00 29 d0 c8 d3 02 32 85 a6 dd 28 5c 0b 43 c0 65 53 29 8d af 40 69 7b 35 cd 35 82 20 28 b8 81 9b 85 f5 56 b6 2b 59 b0 e5 fa 66 41 53 2e c1 10 d7 36 35 e7 42 c2 5c ab aa a5 fd 97 2e 14 aa 42 57 b8 63 cb 15 5c f3 f4 d6 29 db a6 de f0 25 ef be 06 d1 b3 7e af b0 02 95 6e 82 5c bd f0 c3 97 5e 52 6b 5c 0a b5 30 6d 85 0e 26 d8 5c 4f db 90 98 75 97 12 b7 1f 9e e4 e0 17 63 2a 81 73 92 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 2d3Tmo0_q@"qinbxK`__NW{ywL?Nf.OoO206M="-Rb #VUJlJ6is2/9[uUJ3@8<E%C)Yr$wbL-dVHb9&JJgM#\s#H} +{T{WJ<GVjJs7FaJTt=#hs^juP>/E.@=,oz{*s!#8N>@xx:==>;$a"/(J$75O#CxOZw5DFE4`KSFn[}:s!v00k
Source: com.mtnyrvojt.qtbxtwjnq.models.DownloadTask;->doInBackground:8API Call: java.net.HttpURLConnection.connect
Source: com.mtnyrvojt.qtbxtwjnq.models.EncodedResourceDownloadTask;->doInBackground:9API Call: java.net.HttpURLConnection.connect
Source: com.unionpay.a.c;->a:55API Call: java.net.HttpURLConnection.connect
Source: com.kwai.video.ksmediaplayeradapter.b.c;->b:115API Call: java.net.HttpURLConnection.connect
Source: com.huawei.hms.framework.network.grs.c.i;->call:16API Call: javax.net.ssl.HttpsURLConnection.connect
Source: com.huawei.hms.framework.network.grs.c.j;->call:21API Call: javax.net.ssl.HttpsURLConnection.connect
Source: com.alipay.android.phone.mrpc.core.b;->execute:126API Call: org.apache.http.client.HttpClient.execute
Source: com.alipay.android.phone.mrpc.core.b;->execute:128API Call: org.apache.http.client.HttpClient.execute
Source: com.alipay.android.phone.mrpc.core.b;->execute:130API Call: org.apache.http.client.HttpClient.execute
Source: com.alipay.android.phone.mrpc.core.b;->execute:132API Call: org.apache.http.client.HttpClient.execute
Source: com.alipay.android.phone.mrpc.core.b;->execute:134API Call: org.apache.http.client.HttpClient.execute
Source: com.alipay.android.phone.mrpc.core.b;->execute:136API Call: org.apache.http.client.HttpClient.execute
Source: com.alipay.android.phone.mrpc.core.b;->execute:138API Call: org.apache.http.client.HttpClient.execute
Source: com.alipay.android.phone.mrpc.core.b;->execute:140API Call: org.apache.http.client.HttpClient.execute
Source: com.huawei.updatesdk.b.d.c;->a:79API Call: java.net.HttpURLConnection.connect
Source: com.bumptech.glide.load.data.g;->a:37API Call: java.net.HttpURLConnection.connect
Source: