Malware Analysis Report

2024-12-08 03:01

Sample ID 240510-2p3zpaeb5t
Target 316b74a3e6ebdbb58e88808e09c01913_JaffaCakes118
SHA256 0633042362df21e55f26f8f593383c2a5885cd39918d86eb157ad8f6ef70c389
Tags
privateloader discovery evasion impact persistence collection credential_access
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0633042362df21e55f26f8f593383c2a5885cd39918d86eb157ad8f6ef70c389

Threat Level: Known bad

The file 316b74a3e6ebdbb58e88808e09c01913_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

privateloader discovery evasion impact persistence collection credential_access

Privateloader family

Checks CPU information

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Checks Android system properties for emulator presence.

Loads dropped Dex/Jar

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 22:46

Signatures

Privateloader family

privateloader

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-10 22:46

Reported

2024-05-10 22:49

Platform

android-x86-arm-20240506-en

Max time kernel

8s

Max time network

151s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-10 22:46

Reported

2024-05-10 22:49

Platform

android-x64-20240506-en

Max time kernel

8s

Max time network

144s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 216.58.204.78:443 tcp
GB 216.58.201.98:443 tcp
GB 142.250.187.206:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-10 22:46

Reported

2024-05-10 22:49

Platform

android-x64-arm64-20240506-en

Max time kernel

8s

Max time network

132s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 22:46

Reported

2024-05-10 22:49

Platform

android-x86-arm-20240506-en

Max time kernel

148s

Max time network

138s

Command Line

com.malvo.carousel.gtx

Signatures

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.malvo.carousel.gtx/.jiagu/classes.dex N/A N/A
N/A /data/data/com.malvo.carousel.gtx/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.malvo.carousel.gtx/files/ebody/res/36559/vva.jar N/A N/A
N/A /data/user/0/com.malvo.carousel.gtx/files/ebody/res/36559/vva.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.malvo.carousel.gtx

cat /sys/class/net/wlan0/address

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.malvo.carousel.gtx/files/ebody/res/36559/vva.jar --output-vdex-fd=70 --oat-fd=75 --oat-location=/data/user/0/com.malvo.carousel.gtx/files/ebody/res/36559/oat/x86/vva.odex --compiler-filter=quicken --class-loader-context=&

cat /sys/class/net/wlan0/address

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 config.unityads.unity3d.com udp
GB 143.204.176.72:443 config.unityads.unity3d.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
GB 143.204.176.71:443 webview.unityads.unity3d.com tcp
US 1.1.1.1:53 ecommerce.iap.unity3d.com udp
US 35.241.22.100:443 ecommerce.iap.unity3d.com tcp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 cdp.cloud.unity3d.com udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
US 1.1.1.1:53 api.gameanalytics.com udp
US 3.212.177.24:443 api.gameanalytics.com tcp
US 1.1.1.1:53 publisher-config.unityads.unity3d.com udp
US 34.110.229.214:443 publisher-config.unityads.unity3d.com tcp
US 1.1.1.1:53 auction.unityads.unity3d.com udp
US 34.49.168.197:443 auction.unityads.unity3d.com tcp
US 1.1.1.1:53 cdn-creatives-cf-prd.acquire.unity3dusercontent.com udp
GB 18.154.84.123:443 cdn-creatives-cf-prd.acquire.unity3dusercontent.com tcp
US 1.1.1.1:53 cdn-store-icons-akamai-prd.unityads.unity3d.com udp
GB 13.224.245.30:443 cdn-store-icons-akamai-prd.unityads.unity3d.com tcp

Files

/data/data/com.malvo.carousel.gtx/.jiagu/libjiagu.so

MD5 2c1a490890ff15348d2fc3815b2cfb3d
SHA1 922e1e5539c40ad5bed578a9cea9f076df02eaee
SHA256 4a272d3707e61d656a95d20b944a402a4ae39b79013e3a47a93c0faa3eefc6da
SHA512 3a910269e855c3c9a31e40d2d18d166d3c3dc08bb9b063e363be8e737181389e9cc67be8d9ef8d1a63ca0500d0d028aa2562e6fb979beb1a1cccf0fe4d1d1853

/data/data/com.malvo.carousel.gtx/.jiagu/classes.dex

MD5 267c2c74ab310ed55663d628773733af
SHA1 f6471a61ab071c1ddc55837edeb88e74c8f258db
SHA256 ca8c06df617ca644e7d1daddf84fbe8f4fba4cf4514f4e447f92ad7b94416198
SHA512 1bc8836d309fbb16e274e12c11ade7234053eec15abb9661c51aa5f7fcc8b4f23c82ff1c2d6f93a02b0b225abbe3b885b22c0dbccf34d70b55e0a6db6991abd0

/data/data/com.malvo.carousel.gtx/.jiagu/classes.dex!classes2.dex

MD5 8c23f3756581c6d9fb38922e96561a68
SHA1 3da563543ee69446756cbe0eef8b9c4b4aa4ca11
SHA256 acae64edf3e09a23acac1710ec6c279b72e3e38ac981d04ac1675257bae301ba
SHA512 264bb8227389b087ef2713c46b3e5801336f6283578d0be87dbb9ca0f3fadb6a40ebfc523ada5d065ce924a10f76c130cc6ef9947d98ed73e3e78c6d1c473a31

/data/data/com.malvo.carousel.gtx/files/.jglogs/.jg.ri

MD5 8e990147d54cfc3cd4453bfdf9fc454d
SHA1 1b66fe69f1bc8e9448dbbc0fe56c81bc51f21aad
SHA256 cfb415ef56c1a46041eb91665b8f71cd960120713cc7ae1f0ef47f992a7cf938
SHA512 a0d6aafe5271019da351703bd7d75a958bf91bf1dec963f1009585d19d7ac07f768a13c17a6995db7a7280f9a10aa5f6f14cdec30a49023a0cee2295d62c5dfb

/data/data/com.malvo.carousel.gtx/files/.jiagu.lock

MD5 910bb828944a8209bf9cb714a3e2eb9d
SHA1 edf19eef1090a18daa5134a47cddfdbe4c4a040c
SHA256 b85a55dca0680e0966897300a8433f2b8e81347d16c5cc9aeaa4c88a948ae905
SHA512 e1bfc7b6100ad50ccd9ecd82d947a22e973bef0cb1b036d1a7e262524f542fb65505130afc118ac93257a14fa40c1e9114fe6e59983d31f15bcd1c935e8949f4

/data/data/com.malvo.carousel.gtx/files/.jglogs/.jg.rd

MD5 014a42b2f4db5b99093f18efe9735dee
SHA1 db2cc460d5b9ee1db2a4909967eec01c0eb779e2
SHA256 378597c21dcdfe7013aee77694d7d0162faf969203298136185fd487d40d29d3
SHA512 406dc287118ffe7e34f7852fa56b5ca2e665e5cdf81c65ba5da340dd9f002cbed35c79dc8c33e633b6968b74f33b17521a6409fa6b9db03ed1231ff27626b852

/data/data/com.malvo.carousel.gtx/files/.jglogs/.jg.store

MD5 448e391c59eef34ee1defbe4dee4c41f
SHA1 df1f890987371d7d8e6963c68b787856e42bc146
SHA256 55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549
SHA512 ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

/data/data/com.malvo.carousel.gtx/files/.jglogs/.jg.ac

MD5 61ee9d6b1ccb04d28348b09b35c3d942
SHA1 8072f6c15a16da07031c853afcf3502322583966
SHA256 f511b0b529eda2c6d1b6fa965729da143e99326c2653df8f3367ea4129fce86c
SHA512 25a57168b55a1f80f6c06330b7adfcd883dbd96b4df9281f8ee73628c2410b585f4491f20b1ed02b60b05b3b3253a561916e1c217205ea4371a7de0406494444

/data/data/com.malvo.carousel.gtx/files/.jglogs/.jg.ic

MD5 855e872d6ecf5fa73578745f679c56e2
SHA1 d41602944755c902a4a400b12b8e618a51780ea9
SHA256 b69d82f44a756736df58a55039e68a9dae77e80e8820278732bcc3cb3851ef2f
SHA512 e6cd3b22326bd0feb6ca1c22e2cd84928beeba8e59d546942c364e82d8b2be896c134dc5e5e7f797746287cc10714c61f2ac4bc0ff9104676999fa68ac67db8c

/data/data/com.malvo.carousel.gtx/files/.jglogs/.jg.di

MD5 e7dd9833b49cdfaa88a3f0a635ac1513
SHA1 a9f04184fa5d95a53b09bdf9568de3ac6b109470
SHA256 4797da24d9db090f33433be010bc72cc0f57dc4d21b1c9ee86fb9a80eaae863a
SHA512 58737a5bf1497ce06fb76c58300703851a04d96d446651a0d8dde781e5a4770630d3d898452608fb13240115d683ba1a062dbbb3a1afac66470125ef7a522ac8

/storage/emulated/0/360/.iddata

MD5 b27fce2dfc66d716623e64782faed335
SHA1 e4f2262d8002f7c0e618879960ef55200a6f87e6
SHA256 c4168e3987049982712d293cbb414087426432d3d0120e16b1e89176e0acdada
SHA512 b850e88e90d96ff20337144945f8277b05cf3d18705aaa03e0724213785765bd2a7b78e9cc081c1785cca19bd403798793f2deeced47ab80e7bbbface666da42

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/data/data/com.malvo.carousel.gtx/files/ebody/seey/tv

MD5 7a7293ff32b2ad98bd4dd01fcf5cd22e
SHA1 d90d57ebe86ad073109915543e28154f64ee1301
SHA256 72383f17949fe770ddaaab9481ea3578763578ca589f7ef82147c6a97ff6a04a
SHA512 f88a158fdfdc64bbab404607524b7aa0e44ec7fb21732864a15999180d8ee0af885fe885e4261e5f9fc9134588a4528b20d6d56a2f25328e532bdd6f2b76109e

/data/data/com.malvo.carousel.gtx/files/ebody/as/cheuu

MD5 3bed7431af5ddad26078d7da0047fa06
SHA1 ac3b403dbcb541ebf54ec466ff25f0bc1d426239
SHA256 f8cba60f8add4242ce0089f40d8aaeb40a48845411a54e6cb324a451e344e76f
SHA512 1e2c26ccb087a3f2f6e9d04df54a9875dc1dcadee4b605dd3e1b7b2a4cd20ab8100cd514f8ae9d7225187de9add39e0bbdce3aaf6d0e944962e7695921209ea2

/data/data/com.malvo.carousel.gtx/files/ebody/seey/tmd

MD5 79d8636c7ca0128867d6410bba61c040
SHA1 e769bb915b68af9c0d1d62f59b56b5dbd716a14f
SHA256 27084e5cffdda139aa63a16207f8d96efe2343ec38d07b0f780d107d21680371
SHA512 a214968127e8627a843c528f767ffb691ba0351bf6f3052953715e66786ccd6a57c904305dbb63fdf58af526f3789dd639a703fa1003535026a92098f5906c8f

/data/data/com.malvo.carousel.gtx/app_ebody/res/xmtok/36559/uuloi

MD5 57c1bbf0f1c748f85fbeb239dc19e1c8
SHA1 a1a224b4d8d3771e8b239a614c97c0c372f07912
SHA256 ae704b8bf360c21e217e7510c598abb89d67796d7feaf3b60394d308e4a9628b
SHA512 0e9797532e7796f225e3fcc427f676fa775965be0c4f90f00440b19d8cf6c96968140b40ca81f44439192fdc7be58c7b9e42fa6e3897e4be5eb455fc1a928710

/data/data/com.malvo.carousel.gtx/files/ebody/res/36559/vva

MD5 cefa58506184cf4036d35b05619d2c41
SHA1 6926c273b797c8abc5d1bf7d790857349bbcad5a
SHA256 3c4fee4781658b917daf6e09111ea8eaf65cdd386cfb309f8183a0988c6e880e
SHA512 702fd7154dd4c5c5ccaf07f29ffd6121ca13f96bcb9ce6911cd079356e0136e29714cd694e6b355f8e0704675e2d77aa02d2ff74129d8d48fd9755c335c0f8be

/data/data/com.malvo.carousel.gtx/files/ebody/res/36559/vva.jar

MD5 15671cef2fbee47bbd3abe990bc38f71
SHA1 e1dde1b2e33b2b28398ed2deb0ab719e596071eb
SHA256 a5b2aa29f1b1ae853f505bf4aac2a9cdc43d8cd800304474d22212b827aaee91
SHA512 99233be8c633ac8cded598bdb353fe70336625e639db50343680d204637a28976b5511bf18b9bdca872c2f6de5ab5516f2b64dfc1df42db34cae2367e2263258

/data/user/0/com.malvo.carousel.gtx/files/ebody/res/36559/vva.jar

MD5 df6fd52d982fff04261be56baaf2e76f
SHA1 854d0ef28102d608d62fa94ce7311f868f94e83b
SHA256 a4a6ca831c892c8b5ff25cc5eb0f1f2d150a8d2bd33b9a3c36497db8b88f88e6
SHA512 f98433f05b017adcefa32ac810739605d93aa9183d1af72f2694b70043b47ac3b70ce29bad6b65710067efd17eeb1cbd6c52d9bc704f7ce5aa0c8601c2662fe5

/data/user/0/com.malvo.carousel.gtx/files/ebody/res/36559/vva.jar

MD5 acf288138b26d91ef6cf14360388aa8d
SHA1 3f23801cb76ac6f7fcbfd13fa0e4843e3f7f2954
SHA256 418d2b71224c06030b8cb567f20a84e155a9aec6ce6fc8dbb9b73475c86a11a9
SHA512 043b32683e86dafb417f5716a63ea62e9a0f43cc879fafb945e062fd39b5d5fe3c1ce936d3754766d99ac4a8bf9f73150cc3ecce29afad001aa37d55e41ad0ca

/data/data/com.malvo.carousel.gtx/files/AppEventsLogger.persistedevents

MD5 b27d48e521cb0be79466181d1a112afa
SHA1 4319f0d9aaa16c52b5138e1b3e469c088be69b1e
SHA256 1b545912242b52fed5041ead654a682b0914d2d9306eb267e1b6852c0573e085
SHA512 916a1f893d4dbbde7355010f903186d196fa4cdc2ff591a4026a445c2dd4feea379f1c35071d3b9272eebd2c4299b8ad9699b1dfa9889c725029da5e176857ad

/data/data/com.malvo.carousel.gtx/databases/cc/cc.db-journal

MD5 de8a5c8a97c7be666a44b402ee10f71f
SHA1 a52547c355e9e1a694b1c7d012660f628077aa03
SHA256 da6af36d363276b92d5a42f2c23542f19f1fd3c5987be3855d134ae892990218
SHA512 36c3657608ec424872d4787dbdf3b307947da391fed1f5f87247d4186428fde78416fd53c4e890dfa6c97fd809d3faf3dd2915bbc2829fab2f64f90c9c3db57b

/data/data/com.malvo.carousel.gtx/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.malvo.carousel.gtx/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.malvo.carousel.gtx/databases/cc/cc.db-wal

MD5 1e75923d00ce1de3796121a810b8d659
SHA1 ca1ddbc2bfd8b9be0951de6a69166a4ce8cf3b0c
SHA256 464165d9dfd922fdd87b6acdb1ea4122daaae2fbf59af3a0411409ef6a2d10b0
SHA512 2abb83819fa8f4795ec428faecf813c5512c3719b1a283faa545e91a04bf4b6cd789ba7dbf67a6c8f3dcd32dc4511a1cc1eccaf7d9b5b7c0eaf6850d91428c75

/data/data/com.malvo.carousel.gtx/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.malvo.carousel.gtx/files/UnityAdsStorage-public-data.json

MD5 72f0d7f6c7b7217d5f199eb8492a7554
SHA1 99679fb2ab68bbc11bff627baea480bbc389ffcf
SHA256 015b46a9ef86cb418f2e7177594c7bedb571989bfdf1bc7e548d6d2a682119db
SHA512 ebe48e80ab57409f64a2fafe56083ded65bf0feb1f9cbb72a00600b9b05380cd185d089818c56cd11f30bcfdc2bca336168f615b55e8d48b7aefbf7c11dad71c

/data/data/com.malvo.carousel.gtx/files/UnityAdsStorage-public-data.json

MD5 c05b90dcf6794705cd072f718c632627
SHA1 c5e032fe1d2e04cecd31944d836f9f7580f3cf97
SHA256 d649c772ce0d0fe25701092c528e2bd569a0707d63e1147fcf25efc04a7c4406
SHA512 aef3c8e1928be09609ba86558033c0f70b409adb4ed6914d96e738e960fdd1ee525ae5b65558ceb40adfb12c0765ac6918baa55b78d16929d94ff5f36b33f4b5

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/UnityAdsCache/UnityAdsTest.txt

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/UnityAdsCache/UnityAdsWebApp.html

MD5 812c63648de53262be1278aa7d603a4d
SHA1 a691da82307e062bfad90060854d212f2f653508
SHA256 6a216d0260ed241452fd385c60b38325a0e199a2f71080bcf88a5c90e21baf49
SHA512 1656781033af03e5f7128d79cab11c574beacb748711fe45dc4688ed82ae8608632983bd21851652237b49a0c5ad90a746b41ff3da1440d8b087a223115eea73

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/ga.sqlite3-journal

MD5 b34dd070ce152f4de4302c32446bcbd6
SHA1 590c5cf06bc46f9bee0850b0f6857a647cc087fc
SHA256 49e4f5a1ebe9fde67ead70e877a927d6ad5464eab2544d555c1def7787088d39
SHA512 b2719717f668945b6a431f9d5022d0cbe7d66f4324a89dd354791b7dcef74534f5e78c79d7f0048251db342f421723f63579ba951b6e222ccfd3064dd80c53ea

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/ga.sqlite3

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/ga.sqlite3-wal

MD5 eed881a480e23d486932dd5d512a239d
SHA1 5ed1ebf49a1a5a95f157221b7a0ed0ae2e4a4196
SHA256 1d930a3db0644e2a4055a07e8f3179b62fa04f405ef3f5ae0fdf73ee8dfa9f40
SHA512 c4df6a710b50b9feb2c8b08bd7d46f4f29b5991f76a3b53dcfcb6444a8d1edae5d58e3c6732ebb178b531aa87f0361f850e9a1d19065ad1710225a6bb48d388a

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/saves/SaveData.dat

MD5 43a6564c77a713ae2c964704af69136f
SHA1 f74bfbdbe85e9ee9289fcb73d03a7955569de4bb
SHA256 8aed13ea06acfc30666d32ef0fc52a6a437afaade7af2c080c2ae90a93d3e89e
SHA512 642496edf086ef147554c80aa855b3d248483919fd816f031b690d73b7864c3c4b556581594537d348d4b9574fd0c8ceb36f5756a3311e49aec1b561a543e26f

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125500000.9e588411/s

MD5 680cf0bafcbb36c33514d49dc59123fa
SHA1 8815037ca2eab2fb15b8ff92c21062cd03b1e391
SHA256 3c86e7e766a13c63a5a30b50fc4eef9e2a900947b2250bd53a8b0761bc0ea88e
SHA512 0da23bff573ab4210b434a54ae5ccadb95bf39c0d8036eb28f5467c191aa0f8ad7a1be71b977e9340a6ec4bb76254ade47791e776c20a5fca8fd042ac56029fc

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125500000.9e588411/g

MD5 c81e728d9d4c2f636f067f89cc14862c
SHA1 da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256 d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA512 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125500000.9e588411/c

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125500000.9e588411/e

MD5 fd3aafec95f3bcb540d348673a49942f
SHA1 8fc8e89180e5d96ae19cef271ecfe6fc0556df63
SHA256 09bc5ceab363a22870c745e4afdc6ccbcd7ed5ed740ff5d0de404b010a03ef26
SHA512 f4ac88dd078fa12603e5ccb7772d9921c553c6ced9b8802b6eef858b7525b8e21e9e4f5e02bbd9619c4ab1f34f22b8c66d504c9a3d3300ad6bf902040c644d35

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125600001.9e588411/e

MD5 59261a78601406b3cb22fca6ce3fbf3c
SHA1 1c2c96e8fe28be159921cdb8a10827b86c5bac32
SHA256 16f8ca8fe92d9f524c847a1f243dd2ef2b1fb491b1324953f6332df9809d5e7a
SHA512 528766dbedc7cd4f4d2c32f9c5b1e938f864340781db46e756e1bedd9bd83585dfa1b65be6e3e1797985e0fd48bf68c56433b5128a89a9690b22d2107b4cf44c

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125600002.9e588411/e

MD5 cffcc3c2e72c3ec7f2296a5b04452697
SHA1 982b4e3bc484f5bbec0d798e7df27110c07af474
SHA256 3174f04336d86942d8930d363a78eb5789aa4bab916dfd3ce536fb4110f96972
SHA512 188820c5f665c28a24d6b1d2a4a7aff3d9e4d08787d67dfb86435ca07cc25efeb74efc8c71bd9064b22af19c2bf3c702ef982ccaeed3349ecd00afa5e0afdb87

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/values

MD5 bf0219b5b53a1e42d05f8d3f7bb87471
SHA1 c9f463975c20d33fd7f7e70b7fd682dafc8356fd
SHA256 582405e7977fd0b2a5ed3e34f1e87f957bb2c3a01e00e9ac2599effceaa85bf4
SHA512 7e8b1088232a7dbff8a1c1e057196d752cdf0d533443c235d4c8a26b378ac4aa91f6fafe6cec5a7636a61817f4a6785ee5e2814ca718e4b619050be88c2529dc

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125600002.9e588411/e

MD5 bdb1ec6c70b2925d4465184e3597e76c
SHA1 d8374b8bf51c98a25bd24c410c170a633689da05
SHA256 85ca02b1914aa06a2ad79843851a31cd5e7188a6a35e4788aa0171cbd63c2d02
SHA512 d526bcc9b7e87ae922d7da4f594ac720f28ab398be0ee0d88846126921aee1abe4b3fddbed922ad39f2519bf9797ce7169ebba22b1e55b6ce374d9312c4891e4

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125600002.9e588411/c

MD5 eccbc87e4b5ce2fe28308fd9f2a7baf3
SHA1 77de68daecd823babbb58edb1c8e14d7106e83bb
SHA256 4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
SHA512 3bafbf08882a2d10133093a1b8433f50563b93c14acd05b79028eb1d12799027241450980651994501423a66c276ae26c43b739bc65c4e16b10c3af6c202aebb

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125600002.9e588411/e

MD5 386639173da08df6ead6d33445da35ff
SHA1 600fbdb7373b53a9b68a7289fbd8f4a132b8344c
SHA256 5dcc486dc62e1a656eb8a84191dfd6fe10d0f79d4bb20d18ec2910e1a452c7c0
SHA512 f64ab44140971fb4cc5042c844715a503f5cc5f4cb29967377c044ab8fbf0b78b71cb5cd45bd1a34e39f06870bbce34af3f8c68350be4e672b679f559a8afad9

/data/data/com.malvo.carousel.gtx/files/UnityAdsStorage-private-data.json

MD5 16d3e6eac0e79222a9b368edac765b34
SHA1 48d5e621fcdd84108f5750d6905180b622715b11
SHA256 3a518b70256a689906d6740062462e3124aad6e55c5aa47339a87a56e4933ee7
SHA512 d0aaacf86100135241426e2a0e9ba44414aa456cd708124e2f9c3a8037e008870cbcb506d316e4fe7cfe1d6dc3073393989a6f3c29f7cfabd6b0f65057afe747

/data/data/com.malvo.carousel.gtx/files/UnityAdsStorage-private-data.json

MD5 f19baf89191f97095cf0c245dcb256d5
SHA1 cc0db3d88dd534bd753e88dd9fa6ac5a3b3ba813
SHA256 7d3c337787704e3266396b20f7351f22d3f75712d90427ef6a2f6ac82e7d42c9
SHA512 411d185c87d4f099cbd695d010828d15db20f483ed0d691e8d60cb604bdf6449355babc2aa3603f5cdd5f70c8bb3f0500a476fde21f5eddb67a925c671f98e9c

/data/data/com.malvo.carousel.gtx/files/UnityAdsStorage-private-data.json

MD5 03f6ebf17b0f4de22301b02a1c137cd6
SHA1 d14c2f7603c45552a47c9aeea5295bf627d2e861
SHA256 ffc23202c079b6d92c31f50ad4598c10059377ecb3b93ea2abf6ebec7e0d1613
SHA512 5757699930951e9b72d567439a9e8266a2d53b08c2e08e60b804c7716fe40aebf987b04d81a9e962249ad747e9e45a7122f922391c529a9e291bba87906cf31d

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/UnityAdsCache/UnityAdsCache-4028802aae146856cd25f0cb3ede6baf23718c49c1e0624772653c0d4c1a213f.webm

MD5 c7d6446e20ea1d865ba9780a515bd265
SHA1 56b73beda250d09c63eee31b65c5f64b382f2823
SHA256 fb2f8de62ebe479b76bc89be0a57a3168e4433a4ae11a41c6a7d1058f832bc19
SHA512 6269165fd95c719ffa135bb1c3f62b3d0182c4b83a339fdce9c06f27dde3c1c9e2ad5112e8988aeb27c3efca45b2f9a463bea0aaed6a25a5adc36a7b90101af7

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/UnityAdsCache/UnityAdsCache-29f16b79d9782036fc4d58e55c68ba4815a7e3f8ce3eb2338185cfdafc2b8d54.webm

MD5 fd2ec555f5a71ade68e85797767af5bf
SHA1 dbc4cb60c9726cab044a3ce5bf1396f59a55ecf6
SHA256 d01d7887281c3b40a2ae774a2bf380c9ddc6e78fce55fc267bb3a39f1e04ea9d
SHA512 7a729f7d47654f9e780c022b03da5f91a4baf69d1d1ecb885a19970de7c49bb9ba6ea193d2d31bf40402e7b00edb2192ef5900f09508f93d887ab3a73aa87ce2

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/UnityAdsCache/UnityAdsCache-d5712b00fd3f82b97694c31008edba58f6ec6c07835552bb47f26567a9dfb876.jpg

MD5 c18fc332fbbd569a410f8d776165473c
SHA1 491ff23d9a2608ba994871f2e5f82df6d3d23d21
SHA256 fd4ed87942befcfc94077d702d8145e2cbaa93f27d7839a2adbed7b6d54fc6d6
SHA512 97e1a52e26661331c7a9c0bd8a13d37d8ccb5cfb96234909779902d62928a1e2e8c947253a05d27fdf23918dba7a783d5d65cbbcc782c2d7386443d70bed24b8

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/UnityAdsCache/UnityAdsCache-db09bcf9ae25979ebc6b8ced0934c81852fbec5acfcb008eee9f036d0a298410.png

MD5 2e83cec38775a5feebce8b2154974032
SHA1 beb82b9c5d8e46c90821de8c378f55f4156212ea
SHA256 8b772cf591afb28612d27b5eedd7410128032313d826cfeb533be6e6b4fb88e2
SHA512 a19a5dc8d712761e413b7077cb758e48fcb8986eac137cfc7518e3d18cb767b933d9db8b8ca3075312200f0ed7d888ccefc0d76a897925d628e96faf0fbbfc81

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/UnityAdsCache/UnityAdsCache-39099e021fea7061ba28a48ccd4ebc30d6301fc15c6798edf2ba47e6ce73ef00.png

MD5 833f72a13f5031ecd850eb843fef98e0
SHA1 c63e102182928e7faae982cd412e359cc1db6a3d
SHA256 f9fc78177bfc2d6686687359ec51951aa182f36906dd7a947d9c7b2ac4eaf39f
SHA512 3ba6877f3fc1198621de78c51d85e68dead6a4d223ac60b12ee7f97d64803a561712d89e99a0af1a134c709cf80b24d36f2a32d407f538194f1ba4e528a9c68e

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/UnityAdsCache/UnityAdsCache-b774b9400448fa1913b6adb7ec8558663f0ad6fd45b744f72a601b9b42122db7.jpg

MD5 6c9185548d5d9eb749c5a829c51f8378
SHA1 f48fb9b9b0fded8e901712d61dccf32db19cf96f
SHA256 f4eddb9da213174a4fcc0f58d780d3b2a0b74edac53381d09bacc3a560db011f
SHA512 6e6a7e27d2ecadbc77073864ef83be88fc5f7001ed2a7f9a73d391826d89e48704aef918ef34bec8bb5c8566980e57004d0d27deccfb1bdb6cb5d6157056953c

/data/data/com.malvo.carousel.gtx/files/ebody/res/36559/oat/vva.jar.cur.prof

MD5 d8b332725679ff6c3401c58581167ddd
SHA1 68bee0a9b4c4c283c35ac065fc376a81890e884a
SHA256 3da23f76f826755affd6c52957af39f6b9ac11fc10e275a510a1cd19d065d0e2
SHA512 3e718101871d1b4775c717c2923e3be7b9600f7a387e21ecb647fa7b66bdadfa629a5999e03000957118916ff62e0fa39a557ba89a57fd683e9963e0e84cf2c7

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 22:46

Reported

2024-05-10 22:49

Platform

android-x64-20240506-en

Max time kernel

148s

Max time network

150s

Command Line

com.malvo.carousel.gtx

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.malvo.carousel.gtx/[email protected] N/A N/A
N/A /data/user/0/com.malvo.carousel.gtx/[email protected]!classes2.dex N/A N/A
N/A /data/user/0/com.malvo.carousel.gtx/files/ebody/res/36559/vva.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.malvo.carousel.gtx

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 config.unityads.unity3d.com udp
GB 143.204.176.72:443 config.unityads.unity3d.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
GB 143.204.176.39:443 webview.unityads.unity3d.com tcp
US 1.1.1.1:53 ecommerce.iap.unity3d.com udp
US 35.241.22.100:443 ecommerce.iap.unity3d.com tcp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 cdp.cloud.unity3d.com udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 api.gameanalytics.com udp
US 3.225.30.121:443 api.gameanalytics.com tcp
US 1.1.1.1:53 publisher-config.unityads.unity3d.com udp
US 34.110.229.214:443 publisher-config.unityads.unity3d.com tcp
US 1.1.1.1:53 auction.unityads.unity3d.com udp
US 34.49.168.197:443 auction.unityads.unity3d.com tcp
US 1.1.1.1:53 cdn-creatives-cf-prd.acquire.unity3dusercontent.com udp
GB 18.154.84.108:443 cdn-creatives-cf-prd.acquire.unity3dusercontent.com tcp
US 1.1.1.1:53 cdn-store-icons-akamai-prd.unityads.unity3d.com udp
GB 13.224.245.6:443 cdn-store-icons-akamai-prd.unityads.unity3d.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
GB 142.250.180.14:443 tcp
GB 216.58.201.98:443 tcp

Files

/data/data/com.malvo.carousel.gtx/.jiagu/libjiagu.so

MD5 2c1a490890ff15348d2fc3815b2cfb3d
SHA1 922e1e5539c40ad5bed578a9cea9f076df02eaee
SHA256 4a272d3707e61d656a95d20b944a402a4ae39b79013e3a47a93c0faa3eefc6da
SHA512 3a910269e855c3c9a31e40d2d18d166d3c3dc08bb9b063e363be8e737181389e9cc67be8d9ef8d1a63ca0500d0d028aa2562e6fb979beb1a1cccf0fe4d1d1853

/data/user/0/com.malvo.carousel.gtx/[email protected]

MD5 267c2c74ab310ed55663d628773733af
SHA1 f6471a61ab071c1ddc55837edeb88e74c8f258db
SHA256 ca8c06df617ca644e7d1daddf84fbe8f4fba4cf4514f4e447f92ad7b94416198
SHA512 1bc8836d309fbb16e274e12c11ade7234053eec15abb9661c51aa5f7fcc8b4f23c82ff1c2d6f93a02b0b225abbe3b885b22c0dbccf34d70b55e0a6db6991abd0

/data/user/0/com.malvo.carousel.gtx/[email protected]!classes2.dex

MD5 8c23f3756581c6d9fb38922e96561a68
SHA1 3da563543ee69446756cbe0eef8b9c4b4aa4ca11
SHA256 acae64edf3e09a23acac1710ec6c279b72e3e38ac981d04ac1675257bae301ba
SHA512 264bb8227389b087ef2713c46b3e5801336f6283578d0be87dbb9ca0f3fadb6a40ebfc523ada5d065ce924a10f76c130cc6ef9947d98ed73e3e78c6d1c473a31

/data/data/com.malvo.carousel.gtx/files/.jglogs/.jg.ri

MD5 261352ffae1e0862ca5211244bf3ffe4
SHA1 e9a4f02473ca9714f11c1af4cc0a5c09c34a12f1
SHA256 5b745851f74d773f51eec694ee2f240b3eb90649e57a8d1a7ab0548e6b41368e
SHA512 94ba36e4854f37b84a060bb38c52b7103b1c3d56b37c2c543af3bf5ae32ada613813ebeedb754a3fdc20ea74a9560de459227968cdd515f5e89f722fdb59abe8

/data/data/com.malvo.carousel.gtx/files/.jiagu.lock

MD5 30fbe2930f028b054a4b928a4a176b65
SHA1 4282d99c16c7b4be53038a2118e882e7e21f234a
SHA256 51a94d53426aa960c35ae9adc50f9fe7713a9526d05397c0cae1f7f563a51a1f
SHA512 ef2bc48d49ee462b64b336c513a13093a1e3f8e01fec65d570c805c22df295e38ae32fb063e75a8fcd494af24e98df54a0d8c0c175fc813f3ab285a00b3dbc98

/data/data/com.malvo.carousel.gtx/files/.jglogs/.jg.rd

MD5 453fb4dab65c61e8d44a87cfae79ffd7
SHA1 239af918bdecc1172ebafe6cf1a08f4f81720a83
SHA256 d1e3df6939a12b24eaec66815c53992218e2e18dcbdaeaf08aba06109aa648bf
SHA512 3883c9da77d2cf21d45229db3743670651492b6ba6935a9f937d1e11f67855d6dd8564db12f008e344b6bb4e5d30ae45049a36f069297da1dd2423fcf8ee4599

/data/data/com.malvo.carousel.gtx/files/.jglogs/.jg.store

MD5 448e391c59eef34ee1defbe4dee4c41f
SHA1 df1f890987371d7d8e6963c68b787856e42bc146
SHA256 55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549
SHA512 ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

/data/data/com.malvo.carousel.gtx/files/.jglogs/.jg.ac

MD5 2b0df3efd7474193fdfe86bcccb86cf6
SHA1 c14cd05abfd0b7cbddea856890ee3c661959c363
SHA256 4ffa43c278a95f7a8dedbfc0c6e53fdab8b7e5539e7c48ea96b4b8c0f047afad
SHA512 88247e9e804e280aa0dc515dab4deaeba3330c6a6bbc93a2a5fadf5582ab74656a3d820f973d0729af8a23e3ce0c5bb4f3493d3a8aa6af955402c8d0fa829d96

/data/data/com.malvo.carousel.gtx/files/.jglogs/.jg.ic

MD5 3b6c62a6d63d60710a8a308051946527
SHA1 2773253f36ca442789ac58ffc2651de777418812
SHA256 99a9dc487c0b66275831f6f29e682403b0a61507e98b6347c3b38489b8581caa
SHA512 a18cf66243bb7286c24ed70a3fb59d44d8a16d73ff89a0e2800dec0525982c287683228b66654696a5027a1a2742e7cbe2b52dc02f374a3e5a68d169f12db66b

/data/data/com.malvo.carousel.gtx/files/.jglogs/.jg.di

MD5 243b016c6df9c087559e873b5220dfa4
SHA1 53205bfdeea709dd78f657d163dba8fa2619ef3e
SHA256 98f7374441792b2e2179e9ccc138aae98ce0de5faf316bac8cba166f2a2eaf38
SHA512 4c314830f249dfe6aa1e0a9c90d6eab0f7d42f34ce07bc4745ec613a5700dbcdfd78f752f4fbf8f678e04b2b29b500dd2661876a2a5dae236ff81828e4c6bf6c

/storage/emulated/0/360/.iddata

MD5 1758da6d08ea55ec6a511f8c6fbf60e1
SHA1 c0dc0fbec3debb8096bcc3667f16b577081a1888
SHA256 414482dde29ca14548e80d937bf03d829d956d95426e92652fda739dc8398ad2
SHA512 757c25ae805a52715e297983361f205939edc6d1d766461762fca3447a79d15e9ca45ed39c8bf0647ee81eeef896ce64cb858d27c2cc2499efa35b465a80924f

/storage/emulated/0/360/.deviceId

MD5 4c4c5285293d5141f582aefa4e038669
SHA1 e01852a72e5a8e6f7d63a21426b515118196047b
SHA256 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

/data/data/com.malvo.carousel.gtx/files/ebody/seey/tv

MD5 7a7293ff32b2ad98bd4dd01fcf5cd22e
SHA1 d90d57ebe86ad073109915543e28154f64ee1301
SHA256 72383f17949fe770ddaaab9481ea3578763578ca589f7ef82147c6a97ff6a04a
SHA512 f88a158fdfdc64bbab404607524b7aa0e44ec7fb21732864a15999180d8ee0af885fe885e4261e5f9fc9134588a4528b20d6d56a2f25328e532bdd6f2b76109e

/data/data/com.malvo.carousel.gtx/files/ebody/as/cheuu

MD5 06d2c523066265189267ed02357c0ec1
SHA1 6a711e1cfb0c9feb5c6257db1d91fd9653201356
SHA256 41b65d3df21cbed78393eabc53b9ad52c1b11c03eff35692182537b2a9f88217
SHA512 eafb97492adcba4b9c4fb1ab53bc2efef2f0b748fafba776c0fc32d67af9e7d8f731ae17cf0d2ff31b742a0fea8447a810b81344197f1aca79c88a57ad1dfea2

/data/data/com.malvo.carousel.gtx/files/ebody/seey/tmd

MD5 79d8636c7ca0128867d6410bba61c040
SHA1 e769bb915b68af9c0d1d62f59b56b5dbd716a14f
SHA256 27084e5cffdda139aa63a16207f8d96efe2343ec38d07b0f780d107d21680371
SHA512 a214968127e8627a843c528f767ffb691ba0351bf6f3052953715e66786ccd6a57c904305dbb63fdf58af526f3789dd639a703fa1003535026a92098f5906c8f

/data/data/com.malvo.carousel.gtx/app_ebody/res/xmtok/36559/uuloi

MD5 57c1bbf0f1c748f85fbeb239dc19e1c8
SHA1 a1a224b4d8d3771e8b239a614c97c0c372f07912
SHA256 ae704b8bf360c21e217e7510c598abb89d67796d7feaf3b60394d308e4a9628b
SHA512 0e9797532e7796f225e3fcc427f676fa775965be0c4f90f00440b19d8cf6c96968140b40ca81f44439192fdc7be58c7b9e42fa6e3897e4be5eb455fc1a928710

/data/data/com.malvo.carousel.gtx/files/ebody/res/36559/vva

MD5 cefa58506184cf4036d35b05619d2c41
SHA1 6926c273b797c8abc5d1bf7d790857349bbcad5a
SHA256 3c4fee4781658b917daf6e09111ea8eaf65cdd386cfb309f8183a0988c6e880e
SHA512 702fd7154dd4c5c5ccaf07f29ffd6121ca13f96bcb9ce6911cd079356e0136e29714cd694e6b355f8e0704675e2d77aa02d2ff74129d8d48fd9755c335c0f8be

/data/data/com.malvo.carousel.gtx/files/ebody/res/36559/vva.jar

MD5 15671cef2fbee47bbd3abe990bc38f71
SHA1 e1dde1b2e33b2b28398ed2deb0ab719e596071eb
SHA256 a5b2aa29f1b1ae853f505bf4aac2a9cdc43d8cd800304474d22212b827aaee91
SHA512 99233be8c633ac8cded598bdb353fe70336625e639db50343680d204637a28976b5511bf18b9bdca872c2f6de5ab5516f2b64dfc1df42db34cae2367e2263258

/data/user/0/com.malvo.carousel.gtx/files/ebody/res/36559/vva.jar

MD5 df6fd52d982fff04261be56baaf2e76f
SHA1 854d0ef28102d608d62fa94ce7311f868f94e83b
SHA256 a4a6ca831c892c8b5ff25cc5eb0f1f2d150a8d2bd33b9a3c36497db8b88f88e6
SHA512 f98433f05b017adcefa32ac810739605d93aa9183d1af72f2694b70043b47ac3b70ce29bad6b65710067efd17eeb1cbd6c52d9bc704f7ce5aa0c8601c2662fe5

/data/data/com.malvo.carousel.gtx/databases/cc/cc.db-journal

MD5 5887f83d8776e782c700cce75ede9cb6
SHA1 b9ec80257cb4f8f325c20446766deb58c90c3179
SHA256 47394db65cf923de30655c81cc1adf10a82861208bc5b8fd2c85813c177f6b57
SHA512 8ae1408ab7b8fe43e57e2ec3ed3dd90befa9bc0cb96000fc64bd7446a25dd09d4d9203a6824581b0c59ff3a1592bf2a7896246e69ebb7f37808c367116213d4d

/data/data/com.malvo.carousel.gtx/databases/cc/cc.db

MD5 0908e924aa236931dc7166fef6e00862
SHA1 7782648d6d8f6e835bd47058d4852932c096a467
SHA256 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA512 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

/data/data/com.malvo.carousel.gtx/databases/cc/cc.db-journal

MD5 c752f8895d5d16f42409f360ac066361
SHA1 e75bbc05e99513d29af0c8037777703e5cf83e4e
SHA256 85c67249de02c3c4ed3b82265f4c8e7ebf29d8ac96b71f853f0f26a1b8135863
SHA512 caef2d7c195be64995ec504e905cb207dc9ca3da5071009f859196a0f2677d3a054b16f502f9a82309c41ae4514611cafa3778a562ad98ae6ad41d3671d0449a

/data/data/com.malvo.carousel.gtx/databases/cc/cc.db-journal

MD5 91545b1bf4cc8f56ce58979604e483f6
SHA1 f4fed40e88ea1a052553e2c90e4aa32c0146b4b9
SHA256 2d21110fd05eddbc40a72f6b554cf2fb36279613bd5638602ba0742932112798
SHA512 be24a8d85fb7b85825628a6590cbb507166257d3919be4a15a506f15698fab8815d880a619d1b172d65f599ea4696ce70e3a183e5a89dcc36f34e6f1672afd15

/data/data/com.malvo.carousel.gtx/files/AppEventsLogger.persistedevents

MD5 b27d48e521cb0be79466181d1a112afa
SHA1 4319f0d9aaa16c52b5138e1b3e469c088be69b1e
SHA256 1b545912242b52fed5041ead654a682b0914d2d9306eb267e1b6852c0573e085
SHA512 916a1f893d4dbbde7355010f903186d196fa4cdc2ff591a4026a445c2dd4feea379f1c35071d3b9272eebd2c4299b8ad9699b1dfa9889c725029da5e176857ad

/data/data/com.malvo.carousel.gtx/files/AppEventsLogger.persistedevents

MD5 1759cb80b3540f8c827cc438840cd3b5
SHA1 3f44f0975f64f83c8a2e600cebbbd09c8f77aa50
SHA256 34956e877b10737838dd630b5dfb46ed405a785ada3459596111636a334079a5
SHA512 f3a05ce05fb88d41b4d36e23dc3b7dd1908613fbbd8e0e88dc98822a31f9bbd749cde0e17cb857fe5fa78b1d7533b2ac0fe7b3c7cf6592228164f2d9daefaf70

/data/data/com.malvo.carousel.gtx/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.malvo.carousel.gtx/files/UnityAdsStorage-public-data.json

MD5 459ecef8ddbed792223102b6791ab8df
SHA1 0500cce5dcaeaf3e41e11adc03bd4eb712ecb461
SHA256 11df98ef33521a075ef6a4d52401d29ea2a3710c9dc384adc2825ce061f08f73
SHA512 24dd6ed1efe84199eb25206a70ff97585a3fd839e391c51100a4a212afaa4ce3aad7b6abb7120a8e130be0e1ce5eeffa1eba9f9a8dbaefdb6a902878ef36d585

/data/data/com.malvo.carousel.gtx/files/UnityAdsStorage-public-data.json

MD5 4a8bc53c9f028fec57fdeaad4e82caf7
SHA1 74827cf46831adf66d87e8aef2b189548b58c566
SHA256 d0c46b76de7b152ba5eef35573ea2c0838f333ad40a376154b28eb6881991022
SHA512 777c8e6b8b2ed137de17ab8517dfacb32d678b8ad427ab8a0f9a827a52c758a01c7e7087adcaeba85e068bbc660821f6666f902d26d3eb913bf474955d36e843

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/UnityAdsCache/UnityAdsTest.txt

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/UnityAdsCache/UnityAdsWebApp.html

MD5 812c63648de53262be1278aa7d603a4d
SHA1 a691da82307e062bfad90060854d212f2f653508
SHA256 6a216d0260ed241452fd385c60b38325a0e199a2f71080bcf88a5c90e21baf49
SHA512 1656781033af03e5f7128d79cab11c574beacb748711fe45dc4688ed82ae8608632983bd21851652237b49a0c5ad90a746b41ff3da1440d8b087a223115eea73

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/ga.sqlite3-journal

MD5 ec4c0031d7f79633c3a169408fb2a984
SHA1 9c235edc2a53f5389e69fc4a0f4db24d63bd4491
SHA256 e5acd57ad05206c6246b4b77442dfafb152b2ec62583ed9e049194b422859d2b
SHA512 766263ac2dcf82a980af7501abb0aea231713f286e387d258ff97eb375f02580611a215ccc8d5a34efba3ada0ab00e8d5645b9cca4568e53fdeb4cca94c1d8d8

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/ga.sqlite3

MD5 ac95b7914e1e252fdd92f927b7519a41
SHA1 ffefb0516b0bb7e8a6e419b644c695ab46690be8
SHA256 1a4f045ccdabdb10abd855b4141a0abc84bdf4db650c5a28bbe1788db6011d63
SHA512 965f1b9dd7ce2dd6c576b5e8b57716b144f912830f5962badeaef6edf7b80de0bcd7a867eaed9b1fd1e6851da0ebf7e82fe0b6d2e467a37de6c2e1375ff88db7

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/ga.sqlite3-journal

MD5 6efbc1b50e93f12e32d33a56711e6b01
SHA1 5f413f8e79e61e59ca2500d7f5433e9d775be8e1
SHA256 94bedfaa5ef1eaaf00a92c4cd78273d0a1d4bdde835be52b612ac563238e5ecf
SHA512 dae6ad99e51d5d637b95e43397904790b28c163c6a8d920b60be49674ddcc854e2b3a2efd7a5a5b424369c1d8dcc91cbc3c61daf0052dbe7251a80dd15ce5b93

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/ga.sqlite3-journal

MD5 68360a850426852a8c15764b286ef7de
SHA1 7dfadc43b9305409b085620df60aa854077295e0
SHA256 9ae9241acb3fa8cda88f576fbecc2045152c0d34af704b29aac967dad66cba84
SHA512 05e83939c191975056f055dc89d0585bb759a13037473a86bcd2e1e5eaf3299f1832cd508437c38ee21b6d552681f915152f80ff6156416a492c0ba6b0d19427

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/saves/SaveData.dat

MD5 43a6564c77a713ae2c964704af69136f
SHA1 f74bfbdbe85e9ee9289fcb73d03a7955569de4bb
SHA256 8aed13ea06acfc30666d32ef0fc52a6a437afaade7af2c080c2ae90a93d3e89e
SHA512 642496edf086ef147554c80aa855b3d248483919fd816f031b690d73b7864c3c4b556581594537d348d4b9574fd0c8ceb36f5756a3311e49aec1b561a543e26f

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/ga.sqlite3-journal

MD5 82350908239c005dac3801dc8eabcda0
SHA1 0c93e4e481da4071d369bc008dc5a5b366cc1540
SHA256 d226974cfe932ba7ab2bf6c1231ce772abc592ba9c787f40bb9c8af3671849ea
SHA512 e7d6f1da48e80de9797e96fed0ebfec1dfdf86e40f04687bafad6bc2349ad501ceea0b9d5a9066c9174b67cd3a21dbf688fe7d7e5cb0774da03db2084cc146e7

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125000000.3cb4dfd7/s

MD5 091ab0c7d21fa848db4a41af57785f0d
SHA1 e5333d8d798cc833a58fc0583dbd08732eba3a84
SHA256 51b9c68e525c226f41de9c3fe40dbb3544fe714061db98fa0f75b3a4ed2302b0
SHA512 04623531c7eedb0159a6189f0ab022b037109edb66f5bbc228337823bd244dffd328e231589a1fe2d2fd563bb1cc5e6a4d9ac023499a08ec7361b3cdfe66cd52

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125000000.3cb4dfd7/g

MD5 c81e728d9d4c2f636f067f89cc14862c
SHA1 da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256 d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA512 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125000000.3cb4dfd7/c

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125000000.3cb4dfd7/e

MD5 d25e80112a25ce8d1b67e3d168f4c2fb
SHA1 7ded2630f2d7188df66648924953993da55f7c4d
SHA256 28c22f0b261050e6dd4206211b0c6d0b74372c8957d7209fb60cfa1a897f7640
SHA512 5472159bf98442afcf3ef7e955430924d238833717bac0c4f528b3e1507dd25010a10494c34f803aef237b0c26dbe12ac2c9d6aaba4afb42f7e41f0db7d49b07

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125000001.3cb4dfd7/e

MD5 3f041d6ae4641d1aba012012742de8d8
SHA1 0560b65473a1f7d5fb041ac40c66cef07d6eb1f7
SHA256 f0f24e183da64a1dbde4f1789d558c7b958f0e1a1db951545dfa9c4d950760dc
SHA512 ef4bd88f49b089c92091d344b2a4c8d2d1190c5c01e567b2918e7a60febdef0118c4e413d833d8e4793c03eeb2221384add6d2223c8279a2fbec8c3bdc8533a7

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/ga.sqlite3-journal

MD5 346dce974ec2cb39e814109155734aad
SHA1 2f046892ab5e537c5f495b11c10aeab63ecbbc63
SHA256 81fbd4ae5430ff70e110c92d5e9abda1e5e8ef2fab37f0dd8f51585e2962438b
SHA512 3b3dd26aa5a0a2a00e7554b7a2f288b3cf4be7a7de30b2f96fd707704ad852c5fbc149ec492446759f416c885434298a760ed746fea191979a93d9042e3752a9

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/ga.sqlite3-journal

MD5 f473af0717222a444f4ec0b3b6184d02
SHA1 4eecec3c899c4a988daadd11fa4910afb8d19725
SHA256 0f353ce080cf03908706ea7f59a1b5288685ff258e485d9cefd6fc2224732795
SHA512 cdfe3031dede712723b87447aa9be1c1715b93af9134f400c24b64f6ca93c5dded0fbac87947e33d5a20019710bfdc3dfbf2664027e940a410d29cb20c640843

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125100002.3cb4dfd7/e

MD5 d114406fcc8d7d368b627970353cc1e4
SHA1 d1844e65516c916d58289cf6c25bdbaadcf1e30d
SHA256 9f389f06eea7151540b5f0e82505bb9d889dbba59a35468c0bcaccda55cf2765
SHA512 2448eb0d25534b225152ed7aaaeb7b0b21b2b57f2f82e2a24ef661e980c0517c1b2594ed1aa751f3d00b7683e73721e72f62ffd05aee57506ba343e062904bcd

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125100002.3cb4dfd7/e

MD5 ad3db23955b8fdc435cf5416117f97a3
SHA1 2ac4d4da51d25185a7d3902ffd2dbdae3461e990
SHA256 024e018660b067830704e7a18982bb79340af9a16683b9e0151b6751c7de7b77
SHA512 c32a867e5b0a453c947dde984a3a8ac9fd5afa825356580d683e0d0047413b577b03de09f90fb52db5ada0f4c6670564f00eeea0b65b5966a9df248b6cf8f19c

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/values

MD5 4f2446e8adf97c01b9e8f427d85049d9
SHA1 614ec8b871fe621816d23f200b8c563bd2d88b9e
SHA256 af93873000aab4add0c8789c8c0710654f6be661d708217d02e56221ae1fc671
SHA512 a0c09f938aa1930fd8c78067df80366590688f7a55c95027638de09a821283c99120a85395a8e06179045a6b514740af13ee024bc121b3a03a24802cf2958afd

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125100002.3cb4dfd7/c

MD5 eccbc87e4b5ce2fe28308fd9f2a7baf3
SHA1 77de68daecd823babbb58edb1c8e14d7106e83bb
SHA256 4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
SHA512 3bafbf08882a2d10133093a1b8433f50563b93c14acd05b79028eb1d12799027241450980651994501423a66c276ae26c43b739bc65c4e16b10c3af6c202aebb

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/files/Unity/892ee9e2-7f99-4b27-8ba6-d06d9c9def3e/Analytics/ArchivedEvents/171538125100002.3cb4dfd7/e

MD5 535515e587adffd1c255fbf078866ca7
SHA1 0ab8c708129c25fc299691fcaa4862f9ae6a0899
SHA256 5d6c7d7eb541f35c36d76fdbfd22b4fb18c1926bcf349867131ada3527a85ef2
SHA512 840d117c80c91e3933c9ce7d92371a4d69feb9d1448544fa3a67270e3e7a831cd1aa6fa9bc55c32c6604e38769eba74d132e3e30a748299d58b255667aad2f6f

/data/data/com.malvo.carousel.gtx/files/UnityAdsStorage-private-data.json

MD5 16d3e6eac0e79222a9b368edac765b34
SHA1 48d5e621fcdd84108f5750d6905180b622715b11
SHA256 3a518b70256a689906d6740062462e3124aad6e55c5aa47339a87a56e4933ee7
SHA512 d0aaacf86100135241426e2a0e9ba44414aa456cd708124e2f9c3a8037e008870cbcb506d316e4fe7cfe1d6dc3073393989a6f3c29f7cfabd6b0f65057afe747

/data/data/com.malvo.carousel.gtx/files/UnityAdsStorage-private-data.json

MD5 c1b7052e41b3c2e8781f9b590eb5ca0e
SHA1 158fb5b3a9011019d7a0fe79e58027bbf7b16789
SHA256 b4d4449e825584d43be69cda0c154064a5e9da12321d5950fb998d13098c58b7
SHA512 f4483b2c4466c85a77032ac4e2b5322e46dffdb1768ec3e8609477d1a35869a62862310c87f029865c70eb456c7a96aa1fd0ef9645777c40ed5c41554dcae43c

/data/data/com.malvo.carousel.gtx/files/UnityAdsStorage-private-data.json

MD5 762299d24b7d2a719aa50dd00692e10e
SHA1 e9d632d0fb174dc6db47d95450d26d7811593a94
SHA256 1117a787924f5855b562cd807893ab3668219f40ba9051fe750cf6f701017c62
SHA512 b7afa9ba5c490a69bca68ca3c66d05c6a2737a7e0fd5b57f462655bee6e9f4b4dea7b1c11291dc0b1f28124c1b0b7f5b8c36c44d420cbb102ca241f7a38aa199

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/UnityAdsCache/UnityAdsCache-4028802aae146856cd25f0cb3ede6baf23718c49c1e0624772653c0d4c1a213f.webm

MD5 c7d6446e20ea1d865ba9780a515bd265
SHA1 56b73beda250d09c63eee31b65c5f64b382f2823
SHA256 fb2f8de62ebe479b76bc89be0a57a3168e4433a4ae11a41c6a7d1058f832bc19
SHA512 6269165fd95c719ffa135bb1c3f62b3d0182c4b83a339fdce9c06f27dde3c1c9e2ad5112e8988aeb27c3efca45b2f9a463bea0aaed6a25a5adc36a7b90101af7

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/UnityAdsCache/UnityAdsCache-d5712b00fd3f82b97694c31008edba58f6ec6c07835552bb47f26567a9dfb876.jpg

MD5 c18fc332fbbd569a410f8d776165473c
SHA1 491ff23d9a2608ba994871f2e5f82df6d3d23d21
SHA256 fd4ed87942befcfc94077d702d8145e2cbaa93f27d7839a2adbed7b6d54fc6d6
SHA512 97e1a52e26661331c7a9c0bd8a13d37d8ccb5cfb96234909779902d62928a1e2e8c947253a05d27fdf23918dba7a783d5d65cbbcc782c2d7386443d70bed24b8

/storage/emulated/0/Android/data/com.malvo.carousel.gtx/cache/UnityAdsCache/UnityAdsCache-39099e021fea7061ba28a48ccd4ebc30d6301fc15c6798edf2ba47e6ce73ef00.png

MD5 833f72a13f5031ecd850eb843fef98e0
SHA1 c63e102182928e7faae982cd412e359cc1db6a3d
SHA256 f9fc78177bfc2d6686687359ec51951aa182f36906dd7a947d9c7b2ac4eaf39f
SHA512 3ba6877f3fc1198621de78c51d85e68dead6a4d223ac60b12ee7f97d64803a561712d89e99a0af1a134c709cf80b24d36f2a32d407f538194f1ba4e528a9c68e

/data/data/com.malvo.carousel.gtx/files/.jglogs/.jg.di

MD5 44d9c731dc6b52920a5ee625dc258863
SHA1 a72e6571514134885fa456bc0db3f6fc0d13be0f
SHA256 c8cca17d326efbb88bef3140f0c703c2900b275380f178480f384196689be2eb
SHA512 2ec8b854c3a897959ee26025546bcbb3632aa6e938f1a5000e8ad5e631ffe5baf51327688b3c0bc3f4c0bf5b91b617f805538b2ce2fb29f968888f70e47fbfbc

/data/data/com.malvo.carousel.gtx/files/.jglogs/.jg.store

MD5 9bfeaf6e3561d7ab738461d7da88e15d
SHA1 e3603706f1d609da2a35b1373f9db163eb7f48ce
SHA256 e84608f4fee345af5e95eb97b40f80e0f81af2686f997fc5c533f52b59d7ffe3
SHA512 cafb6807dc9cec292b4b8a58d24c9d0500e5944c4e6f3719d296dd0bf83b8578f3a102ee539ed899116b17c36e00d64ed33af9bb01d68712f01f952423133d20

/data/data/com.malvo.carousel.gtx/files/.jglogs/.jg.ac

MD5 d69b54c7820c2410270260e227c3c772
SHA1 4af0589b77504a925ad9af326e3bcd5e61350a14
SHA256 11d66bc472fd92a954d9968fd81b382333396b17618923a913f03cc01fcc59b8
SHA512 5ebfbe3b1afc6d63c9b73c5d1be27c13e367b05198bdf4104a7bf8d3c4719d9ea59ac431ce11313233bd388b4fcb03f142830970782ab87ddc80509be88c1dc3