Malware Analysis Report

2024-10-19 13:17

Sample ID 240602-1mcjaaga6v
Target 8f8a468acb35106fafd7893f36428a8f_JaffaCakes118
SHA256 dbc82167bd33f85b5fb78303de64a56aeb8da555cbd202f6d179dc7d6822f497
Tags
discovery evasion impact persistence collection credential_access
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

dbc82167bd33f85b5fb78303de64a56aeb8da555cbd202f6d179dc7d6822f497

Threat Level: Shows suspicious behavior

The file 8f8a468acb35106fafd7893f36428a8f_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence collection credential_access

Checks CPU information

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current Wi-Fi connection

Loads dropped Dex/Jar

Checks memory information

Obtains sensitive information copied to the device clipboard

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Declares services with permission to bind to the system

Requests dangerous framework permissions

Checks if the internet connection is available

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 21:45

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 21:45

Reported

2024-06-02 21:48

Platform

android-x86-arm-20240514-en

Max time kernel

128s

Max time network

131s

Command Line

com.dm2photo24

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dm2photo24/cache/ads3126902518614822451.jar N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.dm2photo24

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.startappexchange.com udp
DE 152.70.183.52:80 www.startappexchange.com tcp
US 1.1.1.1:53 register.tapcontext.com udp
US 1.1.1.1:53 www.chartboost.com udp
US 1.1.1.1:53 www.nkeytech.com udp
GB 18.245.187.112:443 www.chartboost.com tcp
GB 18.245.187.112:443 www.chartboost.com tcp
US 1.1.1.1:53 analytics.tapcontext.com udp
US 1.1.1.1:53 media.admob.com udp
BE 64.233.184.138:80 media.admob.com tcp
US 1.1.1.1:53 eula.ad-market.mobi udp
US 34.211.97.45:80 eula.ad-market.mobi tcp
HK 202.77.56.231:80 www.nkeytech.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

/data/data/com.dm2photo24/cache/ads3126902518614822451.jar

MD5 d80f6d032778b02d10a9c9a2f1a24714
SHA1 e34d4ea9618b1b499b65032723ea029ab3998500
SHA256 ee2de01a238f9e1834f9f9934dd1f5b267bdf9747965641d2fd636d740041f9b
SHA512 34fa52d41831142f86999ac407aafeb2b69bb4cd45ada9f739be84c80deb0414d11d6784f385eec287e4f6b5bdf29ba1c9a6a77c07707d66a73c60eb389136e1

/data/user/0/com.dm2photo24/cache/ads3126902518614822451.jar

MD5 12670a32ad1380c9021a9e74aa5f2281
SHA1 7e8caf0c7a4d78452efb90958e8ce1aae5148e44
SHA256 f3c142f78cadcb57d7da3d8e4dc5f8c7b05377417c639059910696c844afc1f9
SHA512 1277dde373cab02d5df62732834adb79f8dbf1d1a9ac56b5b348e354317fadc24fe20b5ebdd1ecc28f8fc98dcdff807d2839bef75ef7d871e976e68a95851b06

/storage/emulated/0/.tapcontext

MD5 7e6c787c297b755effc1faa040edce95
SHA1 95fc631191a2034314028727ee13730dda7408da
SHA256 8cdfa9505fbe0d9617f08d27d7d99d3f5dcbae701cfcccb9549b342cd16c253e
SHA512 b1d96c1e05f38c3993e7bbf48d6ae74c7d6ab73f2af3bdc8736d72efbeca05f67624a0850b170ff2b103db25b680840b564818204e1f8b05c61360228f369059

/data/data/com.dm2photo24/databases/tapcontext-journal

MD5 9a213725e091d935838cb861e24c7106
SHA1 48a764ce4033f6ab08f82f026675cd752cc79d6f
SHA256 d37132c0f6dee9409ea9575f6d14f34ccf9e6e213f3de2cb77e789e10492e5f4
SHA512 328bc70a8a542fe4a969e17c11c31857fceec4c4bf6393f8780710c49e4f0263193b26862656fe5e9e6a42c4448302fe48feb07162ef3182d44adfbc97788a6c

/data/data/com.dm2photo24/databases/tapcontext

MD5 c3db527cd1f616aa2994f315a11ed7d8
SHA1 4b346b3ea6396301119e9441469feb1a8112323a
SHA256 cead145121adf043450199025d9c1abe5fd5a4199fc9c228ec7082d644609c4b
SHA512 d703abf4bccc60dcd3063ffadbc7f8b606084b885b3f23769469e6c9921c5e4251226a4d6acfad7f1ca67ca6289ad9da51355c219d460bbf3cd1cac932b3d1cc

/data/data/com.dm2photo24/databases/tapcontext-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.dm2photo24/databases/tapcontext-wal

MD5 e7751124d69275c7d5fc93b68625c842
SHA1 3dc4546e7527837f46b11ab1a0af10d24f666ed9
SHA256 57af71732a49f22841d5c8eb50bbe8b6cfb3b744e882626ac1cc644a639371be
SHA512 a632ca0909e6742bd5e08611ae95c66a89e2d15de403ab20e6534f17f92e6970a15eda9379f0de62c1233d9dfdf7f847b9257bf3559a0bad06dd896092132257

/data/data/com.dm2photo24/app_sslcache/www.chartboost.com.443

MD5 2f5242199bd210482d08bd9e05110205
SHA1 c1172513b15b4822ec5734e3c0ac89ef0d5e7da4
SHA256 361d9bf81bc8aa7b7ecc9e9634cc465fe944c0d9ace6dea136eaf2172ebc75a6
SHA512 65a7afa311ddf29b0c67b606a9ab6d2593398a58684c65c564c1064a4fd08601d530ab07a25175ede97031a7776d50da2859f2dbd9885aa441e90e9324352986

/data/data/com.dm2photo24/app_sslcache/www.chartboost.com.443

MD5 15727f7877271533cdbd32041d159e25
SHA1 c1ec2817b8d043a13ebc37dd59142874ca1711a3
SHA256 cbcc7bb0672ce1d943c9213870bb3b7125e9ffdb292adb8a39c0724b5ec0a0af
SHA512 755bae3998596ca58108ff7dea13b8cfbc10ab816cea3342f531123727a162402ba2df5f9ac61281207958d1d1eebbe757efc8f99c9840a0d8978b358264f973

/data/data/com.dm2photo24/databases/tapcontext-wal

MD5 47dda8a5b81645742cf10babd7dfa15e
SHA1 e1d89417c741059508b3c9539a569bea0721bc58
SHA256 3b32bb1c59545e4fd1323f294563554e55b2de7cba6ce465f3245ca5f6c81bc5
SHA512 148374863a8c8b867f469001be65a529969963352cb3eaf0539157c7fce0c985772c3c737f012f7415659dc5da514dc19a74781b545977b68bb298b2a7060c15

/data/data/com.dm2photo24/databases/tapcontext

MD5 59e04cc405ad58d5ca1a8d7c7612c5db
SHA1 a60eff01f0143e40ca2009fa4884a8450bac6a4e
SHA256 9bb3f5baf5ab73d3f50d87004871add745c398b88919bc9a98f4b64aa8816b4e
SHA512 cac542f1a9f2625243f9bc6a5352ca3026321b703ce9729ef48c5c4488876c71471b0b639564ad569c031bdca71219d89aeed75c04eb8f558e06534be8510018

/data/data/com.dm2photo24/files/eula.zip

MD5 0e82b33284e7d810dd9e350e22423125
SHA1 e8400b31498cded7988c5a7f9bba2bf351ae5189
SHA256 e72d6614473f140732c907c5df5c041cad180d5015a2b86050abc3edc5644a5d
SHA512 a295c8c10759c44e4df3d10ea372969590730e8c33d42cff7e07b2c39d1f3248916a0f2ae293c647ce7f942f531b03caab4c605590d4969f799eb8b26ef9eac4

/data/data/com.dm2photo24/files/offline_eula_footer.html

MD5 9818dabc2eb86d5f4f071e9d67334570
SHA1 117e7978c9293d86ea5492b90a4999cc24225dbb
SHA256 1f075332b57fdfbb9417718f3c0d9f27ffbb2c135b3291aca4b9f2911d7e9e3b
SHA512 79937390d4b02688abb0e24cef356024c3dbd3cd59d85ea3300556af59f0648293ed24fb5db740a4329fdddccf43af3b7679135555397a3adedd3eeccf5423a0

/data/data/com.dm2photo24/files/offline_eula_body.html

MD5 c1c75ba9fda9128ea1f79555c02f2fb6
SHA1 96f62897f0f82eb973f4cacb18f89d1cffa4e696
SHA256 a40a4a11b0a2e8ae227e6d101cbd27a3f7736292795ba223f5d086753cd3eb60
SHA512 bd46619ff6a9119499307a19eb2f23378ccde2af4da04683ebc3535c3da9b81ece4cdb5db8ed118cd58cf5aca1314d87329d659e05f5a58a9aae5a20c24303a2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 21:45

Reported

2024-06-02 21:48

Platform

android-x64-20240514-en

Max time kernel

129s

Max time network

131s

Command Line

com.dm2photo24

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dm2photo24/cache/ads5559358883020715631.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.dm2photo24

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.startappexchange.com udp
DE 152.70.183.52:80 www.startappexchange.com tcp
US 1.1.1.1:53 register.tapcontext.com udp
US 1.1.1.1:53 www.nkeytech.com udp
US 1.1.1.1:53 www.chartboost.com udp
GB 18.245.187.112:443 www.chartboost.com tcp
GB 18.245.187.112:443 www.chartboost.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 media.admob.com udp
US 1.1.1.1:53 eula.ad-market.mobi udp
US 34.211.97.45:80 eula.ad-market.mobi tcp
US 1.1.1.1:53 analytics.tapcontext.com udp
HK 202.77.56.230:80 www.nkeytech.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
BE 64.233.184.138:80 media.admob.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

/data/data/com.dm2photo24/cache/ads5559358883020715631.jar

MD5 d80f6d032778b02d10a9c9a2f1a24714
SHA1 e34d4ea9618b1b499b65032723ea029ab3998500
SHA256 ee2de01a238f9e1834f9f9934dd1f5b267bdf9747965641d2fd636d740041f9b
SHA512 34fa52d41831142f86999ac407aafeb2b69bb4cd45ada9f739be84c80deb0414d11d6784f385eec287e4f6b5bdf29ba1c9a6a77c07707d66a73c60eb389136e1

/data/user/0/com.dm2photo24/cache/ads5559358883020715631.jar

MD5 12670a32ad1380c9021a9e74aa5f2281
SHA1 7e8caf0c7a4d78452efb90958e8ce1aae5148e44
SHA256 f3c142f78cadcb57d7da3d8e4dc5f8c7b05377417c639059910696c844afc1f9
SHA512 1277dde373cab02d5df62732834adb79f8dbf1d1a9ac56b5b348e354317fadc24fe20b5ebdd1ecc28f8fc98dcdff807d2839bef75ef7d871e976e68a95851b06

/storage/emulated/0/.tapcontext

MD5 43b8178d07625ecd992fe743620d4499
SHA1 ab319433e59a4df80f630c22b1286d2cef660277
SHA256 cd842a10ce6f9f092368b978704512b5ab81a576f2bd129c7123da9f676216b6
SHA512 da8e5caf9ff74dd0742066245af09f1b8af4834bbc458873e0c8f32c24bcc3dd3705b7ffa4f53fd9116b0861c2dfef491f2c44b35e52354025370fd94e0eb386

/data/data/com.dm2photo24/databases/tapcontext-journal

MD5 a891c3fecdbee4f4419d53629194193c
SHA1 72c1068441e2c5deadd445a258d1468b11810861
SHA256 b1b675f643b9db7107c50154c501a9831f17d74e527675001fd9766d90b093fc
SHA512 81a6e9c8dc803d9878f1eb50aa654c691ee2251865f41188313984bfa50200512d8ed4bc0e2f9016a9dce40dae3064d1a002271e3f527a2df3a2e3716220d57c

/data/data/com.dm2photo24/databases/tapcontext

MD5 caf8df69768c07f3f50f95dad4e9d0d5
SHA1 2106296a9e84fdca64fc029f843b16328ef8299f
SHA256 a2392c518dcb8e1fcf487050bdf26b3011311dbd751bbb5aae25f980a75e4b92
SHA512 e902c31f14eb39421fa2f41d44c0a45a7733e5e81aaa720db0154f057f6c150c6d044c81b335fd6890e886a5bb29aa750d2d1448130bb63249952266696a4e78

/data/data/com.dm2photo24/databases/tapcontext-journal

MD5 300ee00f31c029e49792de9d7ce521ea
SHA1 22c021e966288d0ab9d235a31dd445dd6eaa25b0
SHA256 9a36ddd55b03362345e1e443940f3652c8f98aa5641fc400730d8c9d9449d660
SHA512 dcae75027421c59cd72e7c8959d8bec42d9a757a4169aa564906dbbbd718ab540438effc5ca196dd33f79fd6167eb6e024150ddf57add1f028127cd9989c69e3

/data/data/com.dm2photo24/databases/tapcontext-journal

MD5 3ec99ac6ffcdc318e4a79aa599040067
SHA1 597d60ed4ca081352f2f8d89fdb021584b7e6ab1
SHA256 b02c4bc6b1a13a8a171a66f0c71773a3363761fa01900aa3a9c6f4606a0bf9f4
SHA512 0d5130b77ddae062506a3a3b8e92bb94e0912d3a5d61f8dfb12e9fb3bee3cd24fd634cd70d6f5784ea6b9172f8e3891eb89f1e820958a2e464d2655f1f743e99

/data/data/com.dm2photo24/databases/tapcontext-journal

MD5 1634e9d1a828c3cbf0e805f29cdc92a1
SHA1 e140f2949ea6a97df701910d6ab9bd7eb568eaec
SHA256 9ce0d4ad4ed1bf5cc9e7a42603f798a61321e385db86c56457a1e8a0c893eb16
SHA512 45bb25a66bdb68164d993b487a8302e2d3d374821a35fe7b76cf92227a82ef41b4ffa1b56cf0cd66971c2e526e4956d18585505824c89402be9fc7ab065bb5f2

/data/data/com.dm2photo24/databases/tapcontext

MD5 cf901d6a4865bb51420bf1ddec54456b
SHA1 9b8b917efa8d6428d93744f4b747180f35222647
SHA256 b3ea0dd2b6831c581d22442a11898eff9f0965b2586ab7c92a20557bab693f2f
SHA512 b964cc88c3fe17d6f64925aedde386b19bda699f151989bc0b6932c46f9021defa1f90dee8e8e4064f157d5e4e4074cd27b72d9ef3631e190907db55e827bbe0

/data/data/com.dm2photo24/files/eula.zip

MD5 0e82b33284e7d810dd9e350e22423125
SHA1 e8400b31498cded7988c5a7f9bba2bf351ae5189
SHA256 e72d6614473f140732c907c5df5c041cad180d5015a2b86050abc3edc5644a5d
SHA512 a295c8c10759c44e4df3d10ea372969590730e8c33d42cff7e07b2c39d1f3248916a0f2ae293c647ce7f942f531b03caab4c605590d4969f799eb8b26ef9eac4

/data/data/com.dm2photo24/files/offline_eula_footer.html

MD5 9818dabc2eb86d5f4f071e9d67334570
SHA1 117e7978c9293d86ea5492b90a4999cc24225dbb
SHA256 1f075332b57fdfbb9417718f3c0d9f27ffbb2c135b3291aca4b9f2911d7e9e3b
SHA512 79937390d4b02688abb0e24cef356024c3dbd3cd59d85ea3300556af59f0648293ed24fb5db740a4329fdddccf43af3b7679135555397a3adedd3eeccf5423a0

/data/data/com.dm2photo24/files/offline_eula_body.html

MD5 c1c75ba9fda9128ea1f79555c02f2fb6
SHA1 96f62897f0f82eb973f4cacb18f89d1cffa4e696
SHA256 a40a4a11b0a2e8ae227e6d101cbd27a3f7736292795ba223f5d086753cd3eb60
SHA512 bd46619ff6a9119499307a19eb2f23378ccde2af4da04683ebc3535c3da9b81ece4cdb5db8ed118cd58cf5aca1314d87329d659e05f5a58a9aae5a20c24303a2

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-02 21:45

Reported

2024-06-02 21:48

Platform

android-x64-arm64-20240514-en

Max time kernel

160s

Max time network

149s

Command Line

com.dm2photo24

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dm2photo24/cache/ads4802521239066903196.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.dm2photo24

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.startappexchange.com udp
DE 152.70.183.52:80 www.startappexchange.com tcp
US 1.1.1.1:53 register.tapcontext.com udp
US 1.1.1.1:53 www.chartboost.com udp
US 1.1.1.1:53 www.nkeytech.com udp
GB 18.245.187.44:443 www.chartboost.com tcp
GB 18.245.187.44:443 www.chartboost.com tcp
US 1.1.1.1:53 analytics.tapcontext.com udp
US 1.1.1.1:53 media.admob.com udp
BE 142.251.168.138:80 media.admob.com tcp
US 1.1.1.1:53 eula.ad-market.mobi udp
US 34.211.97.45:80 eula.ad-market.mobi tcp
HK 202.77.56.230:80 www.nkeytech.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp

Files

/data/user/0/com.dm2photo24/cache/ads4802521239066903196.jar

MD5 d80f6d032778b02d10a9c9a2f1a24714
SHA1 e34d4ea9618b1b499b65032723ea029ab3998500
SHA256 ee2de01a238f9e1834f9f9934dd1f5b267bdf9747965641d2fd636d740041f9b
SHA512 34fa52d41831142f86999ac407aafeb2b69bb4cd45ada9f739be84c80deb0414d11d6784f385eec287e4f6b5bdf29ba1c9a6a77c07707d66a73c60eb389136e1

/data/user/0/com.dm2photo24/cache/ads4802521239066903196.jar

MD5 12670a32ad1380c9021a9e74aa5f2281
SHA1 7e8caf0c7a4d78452efb90958e8ce1aae5148e44
SHA256 f3c142f78cadcb57d7da3d8e4dc5f8c7b05377417c639059910696c844afc1f9
SHA512 1277dde373cab02d5df62732834adb79f8dbf1d1a9ac56b5b348e354317fadc24fe20b5ebdd1ecc28f8fc98dcdff807d2839bef75ef7d871e976e68a95851b06

/storage/emulated/0/.tapcontext

MD5 43b8178d07625ecd992fe743620d4499
SHA1 ab319433e59a4df80f630c22b1286d2cef660277
SHA256 cd842a10ce6f9f092368b978704512b5ab81a576f2bd129c7123da9f676216b6
SHA512 da8e5caf9ff74dd0742066245af09f1b8af4834bbc458873e0c8f32c24bcc3dd3705b7ffa4f53fd9116b0861c2dfef491f2c44b35e52354025370fd94e0eb386

/data/user/0/com.dm2photo24/databases/tapcontext-journal

MD5 69cc9a012aa7cb3db56211af0944cf07
SHA1 51e102f644f6ceb5b4e6d6b2342564faa998f28d
SHA256 ad8342093a51fec13bee57796d646e0b1182c2e6af47b023e4854b59c32b41f3
SHA512 1d07fb0b83b5e16a689020208b2bb6ff0a905a1beaf31b1fc4aca7ad4846c6b71ba82b20ed6b4e471b7fb56c550ac49c107dbbe9ae7112d250ca549c16ad9e03

/data/user/0/com.dm2photo24/databases/tapcontext

MD5 3ebd5426ebdcd88bb5acb9eca20fba37
SHA1 b630be0325b53bafe7a5fd0ec430fefdd929b498
SHA256 0be0d785f14286134082dd4a03fefea2ebd773720bf61f3efd4b439f81abe7c9
SHA512 14c3fe6ee4c1c097afa8e1381ebb69ebf0da2ea3c6f5288d0978399a92fc096aae5df2f609fb16696507f7055b6d7068a53f03079e7d3a8ba6a2bd667b7ee7b1

/data/user/0/com.dm2photo24/databases/tapcontext-journal

MD5 62000f54da7a6bc5e70acbd1496e782a
SHA1 e282153291ff6e9f390f0d432bd33ae3db584642
SHA256 74b82ac9ace08ba2fc7fe6913460be7e70bad637b8d9b664777b982e3a16a80f
SHA512 ef37cb6ac3fd72e203917882f2c5f72d02a18ab776aba6722d0b8d55b7367425ce5aeb442417fff990585076bb021fc86968f5feee2c9a0428bd312bac59e05d

/data/user/0/com.dm2photo24/databases/tapcontext-journal

MD5 1e7fd243e837a83c3536dd64d9308d43
SHA1 1c682af541a6fad6633190082cbae9646edd9eb4
SHA256 c1bde08e6dca774bb5e9ce1f57adecaa897a3b7036ebdaff003217141ca937a8
SHA512 9d28d8eb9e2a494af199e61a199d074d1d79779aa5dd2a3be984142dbf10b087964c44b94113c049fc35b920d79c74ead60cb9978f37d469592f9ee20e12edd4

/data/user/0/com.dm2photo24/databases/tapcontext-journal

MD5 74019c7cdd73c2507fdae03de766b6e4
SHA1 90a42ea2c3ca5d48eb7c9ae2e2d702e6392eecaf
SHA256 22c0668c231aaec5b546b881840fc48811212e60608bd09d4cbdacb800fe087f
SHA512 88bd672243c82e39e5a32101c22c3bfa104fd39a7f7d326a04bd75fe1fa5273effc616165946ceddae0bf2a2ddc70fac5116cf6fd2075fb531e5a6162e43ba48

/data/user/0/com.dm2photo24/databases/tapcontext

MD5 4cecbb3f5649eabf8edf0129ba078b3d
SHA1 e1f2be1d129eb1c2930aa4b44333487b8ab38fdf
SHA256 48110190d801d19b5df7f08698c901897ec64c6ec0f162a5402d08192c45c227
SHA512 c1703f7853349d4db28ca80c080559e72d742c43ee88ff16986de7217c3d3d216c8c0d50cb30c08f010926f6b04b9a6accf9ce82bcd2a041b85a7dfda38b0517

/data/user/0/com.dm2photo24/files/eula.zip

MD5 0e82b33284e7d810dd9e350e22423125
SHA1 e8400b31498cded7988c5a7f9bba2bf351ae5189
SHA256 e72d6614473f140732c907c5df5c041cad180d5015a2b86050abc3edc5644a5d
SHA512 a295c8c10759c44e4df3d10ea372969590730e8c33d42cff7e07b2c39d1f3248916a0f2ae293c647ce7f942f531b03caab4c605590d4969f799eb8b26ef9eac4

/data/user/0/com.dm2photo24/files/offline_eula_footer.html

MD5 9818dabc2eb86d5f4f071e9d67334570
SHA1 117e7978c9293d86ea5492b90a4999cc24225dbb
SHA256 1f075332b57fdfbb9417718f3c0d9f27ffbb2c135b3291aca4b9f2911d7e9e3b
SHA512 79937390d4b02688abb0e24cef356024c3dbd3cd59d85ea3300556af59f0648293ed24fb5db740a4329fdddccf43af3b7679135555397a3adedd3eeccf5423a0

/data/user/0/com.dm2photo24/files/offline_eula_body.html

MD5 c1c75ba9fda9128ea1f79555c02f2fb6
SHA1 96f62897f0f82eb973f4cacb18f89d1cffa4e696
SHA256 a40a4a11b0a2e8ae227e6d101cbd27a3f7736292795ba223f5d086753cd3eb60
SHA512 bd46619ff6a9119499307a19eb2f23378ccde2af4da04683ebc3535c3da9b81ece4cdb5db8ed118cd58cf5aca1314d87329d659e05f5a58a9aae5a20c24303a2