Malware Analysis Report

2024-10-18 22:58

Sample ID 221212-p7rcdsbd39
Target Paint Art_1.3.apk
SHA256 0f41adb9d470c2450c2987c1c6b3a2ddcf8bcc47fad7a54ee4ec064afd0b8a3e
Tags
ransomware joker evasion infostealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0f41adb9d470c2450c2987c1c6b3a2ddcf8bcc47fad7a54ee4ec064afd0b8a3e

Threat Level: Known bad

The file Paint Art_1.3.apk was found to be: Known bad.

Malicious Activity Summary

ransomware joker evasion infostealer trojan

joker

Loads dropped Dex/Jar

Requests dangerous framework permissions

Legitimate hosting services abused for malware hosting/C2

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

Removes a system notification.

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-12-12 12:58

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-12-12 12:58

Reported

2022-12-12 13:01

Platform

android-x64-20220823-en

Max time kernel

107785s

Max time network

127s

Command Line

com.nuklis.artpainting

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.nuklis.artpainting/cache/1633031840514.jar N/A N/A

Legitimate hosting services abused for malware hosting/C2

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nuklis.artpainting

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
N/A 1.1.1.1:53 g.tenor.com udp
N/A 1.1.1.1:53 sites.google.com udp
N/A 1.1.1.1:53 googleads.g.doubleclick.net udp
N/A 172.217.168.226:443 googleads.g.doubleclick.net tcp
N/A 172.217.168.226:443 googleads.g.doubleclick.net tcp
N/A 1.1.1.1:53 ssl.google-analytics.com udp
N/A 1.1.1.1:53 android.apis.google.com udp
N/A 142.250.179.206:443 android.apis.google.com tcp
N/A 1.1.1.1:53 sites.google.com udp
N/A 1.1.1.1:53 thoroughly.oss-ap-southeast-5.aliyuncs.com udp
N/A 1.1.1.1:53 ssl.google-analytics.com udp
N/A 142.251.36.40:443 ssl.google-analytics.com tcp
N/A 142.250.179.206:443 android.apis.google.com tcp
N/A 1.1.1.1:53 thoroughly.oss-ap-southeast-5.aliyuncs.com udp

Files

/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb

MD5 b6ca8b30661a7844ed292db75a29a953
SHA1 8e0d397ab1f2ced1f143829084c3f53333743bdd
SHA256 63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb
SHA512 d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb

/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-journal

MD5 1970671ef08c41cc8dea1b4372dadaa3
SHA1 c3ea81bae23fe8a79e4598e9945751b0ee720bd0
SHA256 3ed2625d3380d41f91ec27f76e8008e2a64553d2d66f4de36f158ec10766a50f
SHA512 00afa5c1c2e9a1253f0ccb10de94967b52c8106c4a11d96fa5ba20b05ce7f85a1adcd2445a012747586c49a0effad0e4117060cdbfeff0a8e8d8e79e1e1b079e

/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-wal

MD5 ec04690c8753f9f931eaf231e31caa83
SHA1 c87be223459a9449b76dddaeb8d034c28fa5084a
SHA256 2ea421579f52477c8020480350b3293565396d0b75a0d922ad55e72c57354785
SHA512 d7b52ce93ec584a771ceb92b5f52d59cf094a516d0d77bca6024418ed1a0b9dee5a16a6086ed49f38e0b9ba09123d5f869ff84546e5fe0ac8d5f067e7ea1502f

/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.nuklis.artpainting/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/com.nuklis.artpainting/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/app_webview/metrics_guid

MD5 dd54e40a23ec0bd7527ee1a69f525824
SHA1 a53844519242ed65a45a573bf3fcdea935ddb5e3
SHA256 9f22cccb38df0110120eb61ff20c8ae3deda84c3a2142c5431590a432559d5f5
SHA512 650feec43147fad78a21cc334b04876322216c3f98d38afcd1627b72b23502d9e9c66c6039e509b8cc0c82860497ba3ccb05d4ed58993f90612e79e62c26c9bb

/data/user/0/com.nuklis.artpainting/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.nuklis.artpainting/app_webview/Web Data-journal

MD5 19a3fbf8c87364a2945954b66b1a55d5
SHA1 f094b304dbf21dde05874814d08871f21587dfaa
SHA256 384b17bd977bb1a8d9290c17e4703b3fc631a175c1618a808dd5fba844bd6057
SHA512 6cefca87c98ec08a7453bc4fe5d29071c249377004deaa3a986150471947cd44bdc001e779816a6a9c470ce74b6adb7c1c4198a10be70f1e95127c43a48c45d5

/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 2fbe77ccfaaed8e6a39e7983121d4dae
SHA1 31144edb2f2ce7dd5f113993351974b0a36d9f2f
SHA256 49f90bfacb89705c16ec6542add751d885402b6965b746ef206bd2689da43d91
SHA512 dee014bb26542606a7965a9368b180e4a7e16a1afd8d52aeb1b7ec6e78ec74b288f81281737b6136b105292c87915f8df3c2eda154b02a9a3726f8b663cd1b2a

/data/user/0/com.nuklis.artpainting/cache/1633031840514.jar

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/cache/1633031840514.jar

MD5 38c960945cceba468ee4f1772abb99cb
SHA1 c7c2d5bdc5d06a5f43c24809602d0f2d2ba8e62b
SHA256 b8d90074a4efd78bcdecc27a24d4249d53b0b76134590750733d1136d9ad964e
SHA512 efa6c5518308ded2af559bdf6276176be8f7067dd1a486dc7f23395435a2cfca4f40106275e38ae126b52d943fced8383f92469c734f3b721cfcc78db400e1f9

/data/user/0/com.nuklis.artpainting/cache/oat/1633031840514.jar.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/app_webview/Cookies

MD5 9b23e6a88d5a95f155f205cb04b93cd0
SHA1 b62dccbbef087a0731f226b96d15d35d8aa5e5fc
SHA256 f2f3c3c0c7f085399a6f9a464c1ac30a59ceeb5a4b7026286fa5609e6e8ef857
SHA512 bce5f25d98e2e8296c4101b62082dcb6a43902f3431ff6f725e41be6b9aece76e887ef94c4818baf4da845708fd76fd51c37fb6915710c870647593868f27482

/data/user/0/com.nuklis.artpainting/app_webview/Cookies-journal

MD5 7778216bc72fac18a55fd0f02bf38fda
SHA1 30a1647e54c0f241d7476904ee34bfd2e91ffd5e
SHA256 a1af694f73a0d1500d2fd54c43443818cede27effb77ed78814b0479b4e3c032
SHA512 2b9baafadad5076e01ea9d5485daae9bad29e260be7f8971eb3f8ec1eb79dfc301e2a890ceee41fa09c84e0bb727a6a9a8a790a440ad277d3bbc19f4fdb9f89f

/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB

MD5 88071e85bcd69a166751848a665e3c44
SHA1 c2e6aaa4c826580174626ddfad8cdfec8a160c6c
SHA256 ecf3d48ded7978e8de46066dae0c07a2f04db68c6d41fd1063749eb9efa1fa24
SHA512 d04e228386774f3858ee1f49165e918fed346f9539a487fc19cdb50871866b78ac9aa94f2e5b30d0b157d8ea96bc1f0ef51344a2d2013a725f13897ed02e521f

/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB-journal

MD5 21d29ac429762546e0185bf64a973862
SHA1 b438fccfc7d0baca5af2b5841c33ac16ac8b7f6c
SHA256 2eb73f689cb9d6455709b3e5486ce1125c3e89feaac9fb4e7ab1cd4b8988dc0b
SHA512 3f7ebda3781d4eae005d8c63d43370ed3e2332b57a4731487cbd8dc462c90378b069b4f699fe0ede5f6e177960179a2b7898581ed23f7b332fc562133a917885

/data/user/0/com.nuklis.artpainting/cache/WebView/Crashpad/settings.dat

MD5 f3dee094a14368183c8452007f48d05c
SHA1 7ca6a8d7a0fab1a841401f0cc5084747f743f855
SHA256 338199eaef7154a8bbe6ceeadd48ab35d715126d27b6ccef389642f6bbb58e09
SHA512 202f7cff230aedf7f9d06b805489e2aeecad5e54861737275052fbe16d42118c4a361d47d6f6b060852fca79c7b6810bc49f3406e6bfe579d9ed1055f265eadc

/data/user/0/com.nuklis.artpainting/files/temp/layer_1_1670849940558.png

MD5 f31e821104e08ddc2e2afaf558fac542
SHA1 d40668f4c691220258e9ce2d5afac5a039aa308b
SHA256 289e9ebd3e31faf2cf2293aa0eb5f5293fdfc04de8c9bd6bd00b7ef587e975a6
SHA512 5e730b90a0452a7e195ec1fb5cb79067c1dd383e51c12970b4714a2a41b08ec0969a9a234b5aeabf5165f84bec63ed7acda2a3e836e77d76645089679843ba07

/data/user/0/com.nuklis.artpainting/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.nuklis.artpainting/app_webview/GPUCache/index-dir/temp-index

MD5 9faede7c4bc519937366a42be1e81819
SHA1 d3d64417ee55c1814b6bd6d71f6b156d90fb23b5
SHA256 00d3eb87f05278a338ee0f6b73b512e8641b7917c08c0109ed4032e6609943ca
SHA512 194b603c78443a03de075566d1e8a6078f0ec1cdd6cc9cee8a6bc6ea8421223b4d5e03bf50a967b78ed3eb1ade6c6cb8b6fb2665c6a7765b9a2bb066b656fbc6

/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/f038e94cb33282ab_0

MD5 88299f69d9fc37c3f0384e9b3cbc259a
SHA1 00657e96e3a0b5f54567112c3cd7c9f1e926d173
SHA256 0aa93c6210bfe960390c25c75f9ffca31806d1a2ba95bf71180e9f3671a5b620
SHA512 77ab9fde83c245a9ed2e5b97d175b51e196120e399f176c6598270700590fe581e4c9ca5d13d4580b80690346aebb797f4afbb11b3f29ead115a918e4b63b589

/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/index-dir/temp-index

MD5 958d55538c0a58155214fad8a63137d5
SHA1 4f9a474c71c0b1c3f7521626738e2a1b317740bb
SHA256 3d2d08c4efd233d75b492e2376c9633cbdb027bc953eb000e9ded3c0ce90a20c
SHA512 e0839e14b9f34d762f68f31a0b26bcdcee4765c63c0201e6bb34abd01a803bf09d151426b2d54ccf69042ac90ee33e3bed75fa4b0ede32e4424e7d40d774f7bc

/data/user/0/com.nuklis.artpainting/app_webview/Local Storage/leveldb/LOG

MD5 c3990010af4eabbc78e9d9c9343b84d3
SHA1 6f6c99c16ce6812031e7f494b6ca36138bc5a884
SHA256 c3e3207572b92364a3480b8e25f619bd784218d1240923160f2c17ea375c7458
SHA512 51d2e1e6bd03125d6414f7b0b94d3544dcf5943da36b4b515b3d82f52152d3dfe1a46b363645ec07b16378aa35d95d041d30194cfa02953f115099ef17664664

/data/user/0/com.nuklis.artpainting/app_webview/Local Storage/leveldb/LOCK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/app_webview/Local Storage/leveldb/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/data/user/0/com.nuklis.artpainting/app_webview/Local Storage/leveldb/000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/data/user/0/com.nuklis.artpainting/app_webview/Local Storage/leveldb/000003.log

MD5 b45f56696750342545b6272a796e006d
SHA1 d658475543351cc4d47e4b10a89cf3cd72e4ce7d
SHA256 bf251f3a19033b94b54270eb6a9575e3e5457d467e3503ea181d3fb200c260c2
SHA512 bd421c610916714f905a7632f7ff65baffebada726bf1c47d5816c5ea0b180dd1be4162d903cfc64e83987f87346c42904296754a77948eb8b8323e40fbde1c8

/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/Code Cache/js/e06cc44686ac5311_0

MD5 780a6eb7a50374e5ff4ca72fcd549a2c
SHA1 d7054a02cffaee5f97e251cf853945017dff828f
SHA256 8096a59e17151ca38ead58f091e06f71e01614d83ea1d615b886446b883e09cf
SHA512 47051c11a48dcd425bb5e9c51c30a31b1235697bc18ba6ac006078bf81a18deece288b5f39b8a47ab60154b331ca7b7092f6f84e21ac37d8c6dd1abb48250d9e

/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/dfe6b2497a7513ba_0

MD5 11317b0c10eeec60fa5f21deccf5f384
SHA1 a4922d63a60734106575c7115911be4873954830
SHA256 d03c6b5ea92ae399216913c616a32e7b7ca68fc1938abbbdc69254494cfba90d
SHA512 58b3085f779700bde88b6b057ea426a752699825f5ab2e5b70484f610af503d9a3b9e04a505ebd513d599ce3a2c8c923a2a202564f5d42bacbcc619d7ff06669

/storage/emulated/0/Android/data/com.nuklis.artpainting/files/-1451633082

MD5 e9c5b3102b58738822fe10d4ea7981ed
SHA1 43321b69657127a9e2937710f16b6c618daf8a51
SHA256 eb1a183c7a377a39e41a121edbb294180f54a4a92f1b363dc38431182a2e0dfe
SHA512 27e7e8b7dfb2fd14546f341745486a41f5b6f4ed852a3548a64cb2db14efc2fc077a743a5b56f6c15027160065778c305394f2190ab0a2ec705ff36fdbdcb3dc

/data/user/0/com.nuklis.artpainting/app_webview/.com.google.Chrome.KnLHZ2

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 44d2129cc744bb9c004cc641ffe883c4
SHA1 072bccc69071cda42b8296e672b49415a50c48ab
SHA256 662e9a1f0eb5bd0a5f70ad3edaa6a00b3506484f6027f651ec4d81885fce7c0d
SHA512 167eb29cbbbba766c31ce7aae140768907e707d958e6dd16f9f0b8efd5d89f900294001dd7a378fe1661f87c409de7bb347b4b3c78a139feb25b531224672349

/data/user/0/com.nuklis.artpainting/cache/org.chromium.android_webview/index-dir/temp-index

MD5 9b21879d36e06b0b182228ea976f3f84
SHA1 4905bfb6e36639fd0570dd22f8f8ddbd5b4b2371
SHA256 8a1efa2f5e934ea23b4e82d019fea01b9452056cf747e7e568a8abbd2831f026
SHA512 96c17227a45dcd5b9f3a57da110554a24eecadbdeb3166cdc874b31f654ee779fd5bbc77135e5dfb8b6de4fe244d2652ac3d107c42fd245e9eab3f39401c8ac9

Analysis: behavioral2

Detonation Overview

Submitted

2022-12-12 12:58

Reported

2022-12-12 13:01

Platform

android-x64-arm64-20220823-en

Max time kernel

107791s

Max time network

163s

Command Line

com.nuklis.artpainting

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.nuklis.artpainting/cache/1633031840514.jar N/A N/A

Legitimate hosting services abused for malware hosting/C2

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nuklis.artpainting

Network

Country Destination Domain Proto
N/A 1.1.1.1:53 growth-pa.googleapis.com udp
N/A 216.58.208.110:443 tcp
N/A 216.58.208.110:443 tcp
N/A 216.58.208.110:443 tcp
N/A 224.0.0.251:5353 udp
N/A 216.58.208.110:443 tcp
N/A 1.1.1.1:53 infinitedata-pa.googleapis.com udp
N/A 1.1.1.1:53 ssl.google-analytics.com udp
N/A 142.251.36.40:443 ssl.google-analytics.com tcp
N/A 1.1.1.1:53 sites.google.com udp
N/A 1.1.1.1:53 googleads.g.doubleclick.net udp
N/A 142.251.36.34:443 googleads.g.doubleclick.net tcp
N/A 1.1.1.1:53 android.apis.google.com udp
N/A 142.251.36.34:443 googleads.g.doubleclick.net tcp
N/A 1.1.1.1:53 infinitedata-pa.googleapis.com udp
N/A 1.1.1.1:53 android.apis.google.com udp
N/A 1.1.1.1:53 android.apis.google.com udp

Files

/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb

MD5 e579a6b00eef1318f9166352228eba18
SHA1 76988896854f0139083e77862eea1a4846cf039f
SHA256 4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935
SHA512 c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699

/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-journal

MD5 c82b527ca72d7b595eda618572cc0528
SHA1 b9f06ad3fcadd595965301d3c827932d15b5378a
SHA256 87238603fcde0162e66ab059d5601b11051a594d34678577cd610b09a26bf9d7
SHA512 34dd94da22c514f056d3ee489aae0bbc20ec0d97a22c24bc679550f164593b8463854621776cf4e694700e0f9c89f2ac0ede87a1aebd5bebf95924dc9101dcc5

/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-wal

MD5 1445bcdab3d45c95ac9ab52bb905cb0b
SHA1 f0a6cf44ef2f21c88c98ed1ab4c654ecb648435b
SHA256 cb55d8ecbe3a004145bbf8e5b8be0d18c7a2ef2838c8f6b7b529e6a560b55653
SHA512 e7d6deaab3dc650781e0617165ab690f9ea478bc1027d7a225e5e8a597ae90a10e6a58bc635052351225576d36e11a51d3c8dfe6372830680503aef156958834

/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.nuklis.artpainting/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/app_webview/webview_data.lock

MD5 0e76197dca37f2346c0112c7f511ce8d
SHA1 1d21e71746527a4808a149bcc9bbae08ca2acc62
SHA256 8460d968b62705b7644c1dde1f64aadda02fdd1776d32c2394ade0d27d825590
SHA512 c246e82d70701da68cc315eb97155fc1594f75da3a70dd6b06f795f36d084c08d68ddc7d09d9e93b319dfede2206b3e7deb487437e49dd4c6bfcd728432f6b71

/data/user/0/com.nuklis.artpainting/shared_prefs/WebViewChromiumPrefs.xml

MD5 97ccd9a2b2063143df56b6937f961ca4
SHA1 5e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA512 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

/data/user/0/com.nuklis.artpainting/app_webview/Default/Web Data

MD5 a48cd9324b1f8754b07f00d863b840f3
SHA1 11c6614775b35a58f440971dfc87c8aaac6d6173
SHA256 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA512 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

/data/user/0/com.nuklis.artpainting/app_webview/Default/Web Data-journal

MD5 cea2b01bf500bec7d918b3325019363d
SHA1 d2ad8f59fe6684dc64176d2d2602ce3c135f4819
SHA256 7fea2f32b4203c1ad3d903e0e76410028c59dfdd7c13f5d6ca7f45fadd67b5ed
SHA512 e62d9bac73f6eec35c69d07030ef0e3fae59d2fe23c62adbdc33eb7909606ba56f992993511ce06a0dd2250f2197883e92a1e4345dce3ea5137a2e271fb179a7

/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.nuklis.artpainting/cache/1633031840514.jar

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/cache/1633031840514.jar

MD5 38c960945cceba468ee4f1772abb99cb
SHA1 c7c2d5bdc5d06a5f43c24809602d0f2d2ba8e62b
SHA256 b8d90074a4efd78bcdecc27a24d4249d53b0b76134590750733d1136d9ad964e
SHA512 efa6c5518308ded2af559bdf6276176be8f7067dd1a486dc7f23395435a2cfca4f40106275e38ae126b52d943fced8383f92469c734f3b721cfcc78db400e1f9

/data/user/0/com.nuklis.artpainting/cache/oat/1633031840514.jar.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/app_webview/Default/Cookies

MD5 dfb2098ca7b3bf16d6f5f1e7d3839af5
SHA1 ebb7a8bc886062d77a4092bd306b77a0ce7a3e9d
SHA256 e4119d32577d7fc63b267cc23eb7a9bbfb12d238f23e08918c38838fe0181224
SHA512 fccec45399258eb98220b7f01b492a72b8b3d1254dec6e196e344d89a0376c6ee24534a31a6675c866d4a17256d3ac6823657eaf04e1d386757d0cbfc6597e50

/data/user/0/com.nuklis.artpainting/app_webview/Default/Cookies-journal

MD5 a5fc5b9a2a8c018f31672bc80493c420
SHA1 e654b905f28d24b048a567fa64ac9c6e9f395a48
SHA256 d468dd55e454d59da901619f6fe7f40604a9fb86d746406f323c55e9e5ca0ce0
SHA512 28a9b9f2dd37f765dfeaf53073c144df0aa5ff7c74655a03f348adef9a6673866f83c2ea2329c111c56b8f6195e7a121ee497bf9f69aef935e71cde8ec8312a5

/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB

MD5 570f0c64ad1c14b608e55621c90d3d12
SHA1 c7dec36f6acbf6604372db015caeea191c16d8d5
SHA256 1a781cd15e8ceb685a08cd43cf2b722e87124e4fb4cdf4072ebd1b51d3ec936a
SHA512 bb474cf83ad570f4243ce8ea061fddf62f5ffce7abb3f909bc6c640ef27834f769ea03d44a49b52b85d3e83ffd3a9a7f9397cf9ae53af6f7c5db282c100327f9

/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB-journal

MD5 d86bec952c8ca6797969f86e086c0e9d
SHA1 8fbb3b4392519abb05a15c9b32100c63d9c8f27b
SHA256 ce607ac32ff610a64e3963e3b377dc989edb741523b5436c2c17d766a48d87e1
SHA512 1d336e3f0cdb7a14534abc709c3a03973aee385a91702e5afee1dd43818e61a64a92c2b03906eafb9bae5f3fba745bd712e7ecfe0c4ff1f5b55d28c45251ca6f

/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 6a012d506cd24a716d5ec8fa7c86e20b
SHA1 a2803f00f0e0a359c8c2b5793b6d05d1200d8d0e
SHA256 73bd1ae3a40c84057a782040d75da84d50fedb503a8507e6a17e2c473e4ec57b
SHA512 02feef740c134fa4b54238875ad4a4a36f1a00d0107e883525223f668b61c72895b11beded8550cbd1c9fbd971c1434c96f3748baf8c1caa41d7817910c0d44c

/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 41fbbc6e26743239822dd8b0cf6286a9
SHA1 8127e30a8716db30efb7e3666d14022b1e4d0494
SHA256 e2a85d6b9e5b66b245cc59987df789d09d031e2d27e492effee9ffdeb7ef6a44
SHA512 b0941f5a0c11aba1826da39900445b134d4ef7ed38e97353f5c1a95275ae74390ffa4ddd061abee6e192e968fe0072abe1f8b497e7a0ce0f449424d8e894c458

/data/user/0/com.nuklis.artpainting/cache/WebView/Crashpad/settings.dat

MD5 050a10b251cb0819054c2387a0000082
SHA1 0cac3eedd2bb9d14559b48ed715da3e62525bb7b
SHA256 969b7a692d2566794e2dd046db414fee1bd336924dfe0dde6fe8812ea27945b0
SHA512 f490bf30574a04d3b008098bd715483542ec7422938fc37839f0444b0b3e0a62d2cc3c950cd27dd75b5f61b5d8d42927d59d301c6e03ac21473d14f38bb36a3f

/data/user/0/com.nuklis.artpainting/cache/WebView/font_unique_name_table.pb

MD5 f080fa2a56ab5479d58063e5ea871447
SHA1 4b3fd57a98916fa5784305b76ba30af26b5253d9
SHA256 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA512 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

/data/user/0/com.nuklis.artpainting/files/temp/layer_1_1670849941622.png

MD5 f31e821104e08ddc2e2afaf558fac542
SHA1 d40668f4c691220258e9ce2d5afac5a039aa308b
SHA256 289e9ebd3e31faf2cf2293aa0eb5f5293fdfc04de8c9bd6bd00b7ef587e975a6
SHA512 5e730b90a0452a7e195ec1fb5cb79067c1dd383e51c12970b4714a2a41b08ec0969a9a234b5aeabf5165f84bec63ed7acda2a3e836e77d76645089679843ba07

/data/user/0/com.nuklis.artpainting/app_webview/Default/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.nuklis.artpainting/app_webview/Default/GPUCache/index-dir/temp-index

MD5 920ffb00547509438d38e29404df6726
SHA1 2838cc32a1d4a4658b73e1d0737df9b73587ac65
SHA256 24b309b78b1b6c59413181d3e72df580defe158e36abdbb1243c63a44c62795c
SHA512 e3581041c4172e0048f62580eafce98707a2ec20fdb53b516a5988f2e051965fa8f407320fc464b2d437c781fed7186239fda8acbf230d8eed82e24acde9e75f

/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/f038e94cb33282ab_0

MD5 b55cf990903d74615e1241ef184c2adb
SHA1 0fbecc026ae80e431da4d566aebe36af84041b83
SHA256 e7d1718295868fcc2744ebbef3e16279a6f74332b65902f5a4e0094cbb08f601
SHA512 df6e76f2401a06bef3fd1ab82f66d46492351ab490def6ea444440d669ca411465c780b9cc9593abf2226b0754acc9614f9ad24ca468acdaa99abfc4dcdcd786

/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/index-dir/temp-index

MD5 d3ed876195698b83e5cc45e01b2ac1fc
SHA1 fe50c3ae702462ed50b6b3e020a86ad6549ae757
SHA256 c20d1271b79f18d3bcd67167e6cfe60a59ab436af0bcaf9b591b27195a7112eb
SHA512 3dc60acc4e9d4fbd4d1de65205844dbb271f565175b26393d3ccc5ed671f002147b3be1b5e637754104816587f3b06dbe0bd2e2c7eeeffe9720fcea00907aaad

/data/user/0/com.nuklis.artpainting/app_webview/Default/Local Storage/leveldb/LOG

MD5 eb47216d475f469901096a0206302cbf
SHA1 681d2cd52d4c32417330ae96e2c55c85bdf37a93
SHA256 f83cdec993aadca453d6d0147758aafcb12f18814dd0d8a49a81ac2ac6119a63
SHA512 dc556047cbc9a4e83bdcc8ecc26f868a8432cd6645ef2a38355393116792f2e13985c144d15678363da5bebb9518ab93c39f4a9628e7c02d05053ffabdbcaa5e

/data/user/0/com.nuklis.artpainting/app_webview/Default/Local Storage/leveldb/LOCK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/app_webview/Default/Local Storage/leveldb/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/data/user/0/com.nuklis.artpainting/app_webview/Default/Local Storage/leveldb/000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/data/user/0/com.nuklis.artpainting/app_webview/Default/Local Storage/leveldb/000003.log

MD5 8e0ad27851801463a9fff6a11f5f20d2
SHA1 c445ddb2200a6e0a39a6322c9cb4383713bbebbe
SHA256 a39c8fce8cc3eeaba829b5b32288d01c47ece8f52e5cfd3b30aa584c23474653
SHA512 db21c5db40aac0ec9be41b8974f903a5a99b2ccb12a5232d3e21cc1bd215a2a69503dad28e3766e00881cadd50a480e213beab22d25e269558579cf86bc18572

/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/dfe6b2497a7513ba_0

MD5 85a937ee8cc71966a85a88417b7ea89b
SHA1 e0efaff80fff373aa8dbb8a11124e0210986fec3
SHA256 60fd529c06d80787b9ae8cbffeb6acdbbae957c0b4ec124269c089848dabc75c
SHA512 1a7e965dc155389bff07ed27ddacef67a1b822f952062724b0f9dc2717bd24208c8ac85f2ab109e6143a77c6dd2893f0fc07ec022ddc97144798325bcd28d5a7

/data/user/0/com.nuklis.artpainting/app_webview/.com.google.Chrome.Wp6bqM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/cache/WebView/Default/HTTP Cache/index-dir/temp-index

MD5 0e1540feeaaff9b32c090c32ff4455a4
SHA1 89f0455af19fd23cef9c6d9664ea1d0056567f01
SHA256 58c9a5e307918956ee3573eeecd66555315425e2f0002bee4da6e5542ef56c66
SHA512 b1d4c242d9f3d3b6b4260bdb7c848acb771e5acbd8af5ad5ab9a90aeaeb541c4a4e36cc60402873b9fe13351edc7777c607508ca470d168aaa901e1551136769

Analysis: behavioral3

Detonation Overview

Submitted

2022-12-12 12:58

Reported

2022-12-12 13:01

Platform

android-x86-arm-20220823-en

Max time kernel

104101s

Max time network

131s

Command Line

com.nuklis.artpainting

Signatures

joker

infostealer trojan joker

Loads dropped Dex/Jar

Description Indicator Process Target
N/A Anonymous-DexFile@0xdf602000-0xdf60364c N/A N/A
N/A /data/user/0/com.nuklis.artpainting/files/vitality N/A N/A
N/A /data/user/0/com.nuklis.artpainting/files/ionsxg N/A N/A

Legitimate hosting services abused for malware hosting/C2

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nuklis.artpainting

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
N/A 1.1.1.1:53 android.apis.google.com udp
N/A 216.58.208.110:443 android.apis.google.com tcp
N/A 216.58.208.110:443 android.apis.google.com tcp
N/A 1.1.1.1:53 infinitedata-pa.googleapis.com udp
N/A 1.1.1.1:53 android.apis.google.com udp
N/A 142.250.179.206:443 android.apis.google.com tcp
N/A 1.1.1.1:53 sites.google.com udp
N/A 142.250.179.174:443 sites.google.com tcp
N/A 1.1.1.1:53 thoroughly.oss-ap-southeast-5.aliyuncs.com udp
N/A 149.129.200.69:80 thoroughly.oss-ap-southeast-5.aliyuncs.com tcp
N/A 1.1.1.1:53 cxjus.oss-ap-southeast-1.aliyuncs.com udp
N/A 161.117.155.70:80 cxjus.oss-ap-southeast-1.aliyuncs.com tcp
N/A 1.1.1.1:853 tcp
N/A 1.1.1.1:853 tcp

Files

/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-journal

MD5 7018e3ffe7bfb6734b5a39dc68850d9f
SHA1 ed22dbd718a267d4ebc26a46ad6936a83bd33afc
SHA256 9860d31b016474f8634d2ca24086d228ba762f7e44693ece17e0c3a848cae1b6
SHA512 ae77f8a480bfcc4fd67397d8b92ab6b5dddea9021acaec564dcd705f77d1bef8f7064ca0ce7170094e1c53b067caee6efb87a8d6751d37cb98d95d259be2d540

/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-wal

MD5 d7e969c0ff1ec136c197ad1de6f5a770
SHA1 a974dd2ed4a98e5e1d1e586307d9643517894caa
SHA256 579b431a4b35f20a02a82c80e16afb17b4d00c1522e7c19b817cf0643205409c
SHA512 5117a34e76b5259574bf6b41af61dc79d341cbbb4f77945e819ddef1c56a8972ae6f4e5f0b841388a9f096bc97c01ad7aa40fd2459a11273cde5b81d2f8d42f2

/data/user/0/com.nuklis.artpainting/no_backup/androidx.work.workdb-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/storage/emulated/0/Android/data/com.nuklis.artpainting/files/-1451633082

MD5 1c7add55eb9b99a20d4d31dd5fb305a8
SHA1 8fcaf12dce716eeaa50d150735b810ea1ee627b8
SHA256 6a3f734a3ba7a07647793f48d8e8d6981e2caddab5aa2994f6f3dd3d091ae529
SHA512 dae293e87d3fe74384af8384bab57aff80e76e9cbdeeda0ee2d1dab3a2d3802da657f5d7b7548ec1b61818f3ff2adfcdb27a0626b7082c61cef5bf4a3e6bb9ae

/data/user/0/com.nuklis.artpainting/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/com.nuklis.artpainting/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/com.nuklis.artpainting/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/app_webview/metrics_guid

MD5 ed4a804b1970edf8c59054173f25922f
SHA1 102fd0ee871ee3f0b2f9673f3245e712c18de383
SHA256 0c6097bf055c74c75b36d680c3c74992ed7ec80c2687a2d48d87c04bf0a6743b
SHA512 e5a00d137eb2ea9c9521939c82b977c2f221c053fba777604a9cbdfa80b5e24f978c3c004e9df7df05c5e81a43cefb81cb0c732eb7945c2f933923147b89ea6c

/data/user/0/com.nuklis.artpainting/app_webview/Web Data-journal

MD5 29b758a6db92762ef4f992414750dfb5
SHA1 d27f9937a5b648299a9ac515fa82e8b41f5e5e31
SHA256 ceb1d9665e3cd89cfd17297f02e16de5f1a08fd6be5b704339c1f2ac0bc7591f
SHA512 7b4f90bb19631c4b96a1f181ff07ef2bbdbc2de99eeecdf08e8b581e5c586696449b8149332813774b1621fa5eb40f474aa88882edac14836035952c0a14f4ef

/data/user/0/com.nuklis.artpainting/cache/1633031840514.jar

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/cache/1633031840514.jar.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/cache/oat/x86/1633031840514.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/cache/oat/x86/1633031840514.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB

MD5 c2dbe60d92a4c841ffc4c9f9b6131aec
SHA1 50483e82d68e37d054d3c7ccdf812afeb6626f25
SHA256 23f8db729e1b9a205e42e197a37b7255d62492e3642e00476ef77c135d57b3b8
SHA512 4f1a9efae44fb658075e5d4ad41642e118562405248c2f5416bdcbf0f9e5f497d08263402b67186dff6e43550e9e9ab61ccaadbbce28c242197f6e2f5d7544fa

/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB-journal

MD5 604708b28af13327ed4656c70c399979
SHA1 9c017d69f3159d2cd142bf0a4a1a7928ebbb44ea
SHA256 3dd1e68eff53febd28107b991a55665e996a8ff88f40f8c767754b20f2faa8ad
SHA512 9ae3b801d1134e46e890d62cda5ef49173152f3eba60cdaab88746397f8151489b4623e1fd23f9ee9b09d2cdaa3879affc7bb02891673ab24379317a42fd1f3f

/data/user/0/com.nuklis.artpainting/app_webview/Cookies

MD5 cb7543c4df600f2af58097cce0e334ba
SHA1 83cc92f38c27fdb4fa519b1ce2f37912f24af1f0
SHA256 64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233
SHA512 ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB-wal

MD5 8232af2cfb4e2a8d8471be3a5283c347
SHA1 765381b0ed7f120ca8f408602fef14ca6ac8464b
SHA256 9d9a62ea20b357f9bb85d3c56c034974149090dd8d2071570921dd3ce95e3e15
SHA512 e718f2d45b5747425c078ed6be37fbc88fce22b92cd7e8a6f609ae3a7e9100d1fc9f54c00bc7872b89f4ddb7ab30c8ba2efdae3b0a35458cd5f9840ef915ba20

/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.nuklis.artpainting/app_webview/Cookies-journal

MD5 2e9383a304aebe7e4ff32b4a3dc82640
SHA1 cd15a4dc867a45c3675c6b1e615aabe748f71fb5
SHA256 5b98a53d8fe0d441508a94b0520abde5977d54c964e1841c06c48e6ad3c74617
SHA512 9a0d1f6be07d22abb457bd6bb56f68bd21920f1b44bc9149adb325402a2675ca78b9bf8fbc25c5ac0f06f3eeafe2e730530d61d3813944463cd4a8833cb86cdb

/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB-wal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB-wal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/databases/PAINT_ART.DB-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.nuklis.artpainting/files/temp/layer_1_1670846340151.png

MD5 aae4d28956b6b420bb7b24002b22b494
SHA1 b276ae47f151a3724340f0508176c35308812aec
SHA256 ee2355504e7096f63c4607e59a9081be9ab6ee55dbe4cda997e6ad128160df11
SHA512 ad222e81e4ecc53b1ba432237367316be04ec032902161fdf2f1c4659b16efdfccfb836a306006f124af2cd4d7de0eefa49c2f65534cda04e23e83f527957a65

/storage/emulated/0/Android/data/com.nuklis.artpainting/files/1463903199

MD5 cf11925fbd5e7de3cc30bff793d2d362
SHA1 2f10f00a4914ecb9ef31842f4a22041948570aab
SHA256 13afafb20e8cdc06b1b747665e024bce9fd3efdf9a5debb7a853b61ef4bf540a
SHA512 6737dbe5a2f5c72f7d4fab9c04dc52756b917303cd909aa20be9cdd268c8d08187f5a2b7eaebf8f6af1024617c15821d90fbef927bf980eb6acf7e62713a2f60

Anonymous-DexFile@0xdf602000-0xdf60364c

MD5 cf11925fbd5e7de3cc30bff793d2d362
SHA1 2f10f00a4914ecb9ef31842f4a22041948570aab
SHA256 13afafb20e8cdc06b1b747665e024bce9fd3efdf9a5debb7a853b61ef4bf540a
SHA512 6737dbe5a2f5c72f7d4fab9c04dc52756b917303cd909aa20be9cdd268c8d08187f5a2b7eaebf8f6af1024617c15821d90fbef927bf980eb6acf7e62713a2f60

/data/user/0/com.nuklis.artpainting/files/vitality

MD5 3c30eb296bb5eadfda95ebaa84ad9b5a
SHA1 210affe08e642caad98f5b53c3e14ee52c34dcdc
SHA256 7046320162f6db8670145a648c08e3c94ddb7064cf4204f7531eaca627404e27
SHA512 120672861673362f1474af120001d1e2fb46c7db872e27706e1835fa584f49513d5c970b0618b0eaecd27869fd937267b030881c5e5a0e866db327e9d27f42cd

/data/user/0/com.nuklis.artpainting/files/vitality.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/files/vitality

MD5 f2e4732bba985887330fac436cb3496c
SHA1 731562c0252a55ab141ec86335f502decf6a7d88
SHA256 d89523eb3b0c6e611b1e041792265e8f67b921d58032ee81afe262d8b99a07ca
SHA512 024ac60af79d633bac8d10ef2797e9cfa510602f58f9482920b9dc58c8a5f464d9509b4e5e587f39784fc440c903eaae05aaefe214832055cad889754d043b79

/data/user/0/com.nuklis.artpainting/files/oat/vitality.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/files/ionsxg

MD5 0d4e0388ddad6dfab2e1d43c0c339ad0
SHA1 a097d295281c4796030ad3a8d6a24cefc8ac53b3
SHA256 409633ccb7463620e5f774ed0b466839f5aaa8f8005082af67bb7bbfbbf1a8b0
SHA512 381e7b5b19ff133c96550e860e66e5d61ee75bf73be268d7eeffdd5200b59e293ac979a07a303eb3d2e9b4f6b20acdb0335398f0b13c4c64a48b184c8e273d3a

/data/user/0/com.nuklis.artpainting/files/ionsxg.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.nuklis.artpainting/files/ionsxg

MD5 25b621b14e9bdb8d3009a25ac15b2997
SHA1 fab787ef17d4b1fd8ba506ac433c90933685972b
SHA256 d1491805efe37e08dd402d82d7e03b74c27dd21b00963aaebf1eba373d803b56
SHA512 be560e695ca2b63672381b47738c5ce9963ca1b2ad3ad42c723e464d0f48ed6d67fb1b98197f597219e8272ba0c67a7d375ee05ef7d34f665dc4d3da58b69355

/data/user/0/com.nuklis.artpainting/files/oat/ionsxg.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e