Malware Analysis Report

2024-09-09 16:01

Sample ID 240614-3z6c8svgql
Target ac1e67eb30fe4b0ad2957b22730faa0b_JaffaCakes118
SHA256 caf75ec100be841be67b05aee078132891ef509abec2b818c394dfbd79e9e65c
Tags
discovery evasion impact persistence collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

caf75ec100be841be67b05aee078132891ef509abec2b818c394dfbd79e9e65c

Threat Level: Likely malicious

The file ac1e67eb30fe4b0ad2957b22730faa0b_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence collection credential_access

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Queries the mobile country code (MCC)

Queries information about active data network

Acquires the wake lock

Checks the presence of a debugger

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 23:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 23:58

Reported

2024-06-15 00:01

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

131s

Command Line

com.ansangha.drjb

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.ansangha.drjb/cache/1582435991586.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ansangha.drjb

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 dr-driving-2-5175284.firebaseio.com udp
US 35.190.39.113:443 dr-driving-2-5175284.firebaseio.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 ms.applovin.com udp
US 34.102.162.219:443 ms.applovin.com tcp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
US 1.1.1.1:53 config.unityads.unity3d.com udp
GB 216.58.204.74:443 firebaseremoteconfig.googleapis.com tcp
US 34.110.229.214:443 config.unityads.unity3d.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 142.250.187.234:443 firebaseremoteconfig.googleapis.com tcp
GB 142.250.187.234:443 firebaseremoteconfig.googleapis.com tcp
GB 142.250.187.234:443 firebaseremoteconfig.googleapis.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
GB 18.165.227.128:443 webview.unityads.unity3d.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 rt.applovin.com udp
US 34.117.147.68:443 rt.applovin.com tcp
US 1.1.1.1:53 a4.applovin.com udp
US 1.1.1.1:53 d.applovin.com udp
US 34.117.147.68:443 a4.applovin.com tcp
US 34.110.179.88:443 d.applovin.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 assets.applovin.com udp
US 34.120.175.182:443 assets.applovin.com tcp
US 1.1.1.1:53 img.applovin.com udp
US 34.160.119.165:443 img.applovin.com tcp
US 1.1.1.1:53 res1.applovin.com udp
US 34.149.87.163:443 res1.applovin.com tcp
US 1.1.1.1:53 publisher-config.unityads.unity3d.com udp
US 34.110.229.214:443 publisher-config.unityads.unity3d.com tcp
US 1.1.1.1:53 yt3.ggpht.com udp
US 1.1.1.1:53 csi.gstatic.com udp
US 216.239.32.3:443 csi.gstatic.com tcp
US 216.239.32.3:443 csi.gstatic.com tcp
US 216.239.32.3:443 csi.gstatic.com tcp
GB 216.58.201.97:443 yt3.ggpht.com tcp
US 1.1.1.1:53 rr3---sn-aigl6nzl.googlevideo.com udp
GB 74.125.168.168:443 rr3---sn-aigl6nzl.googlevideo.com tcp
US 1.1.1.1:53 auction.unityads.unity3d.com udp
US 34.110.184.100:443 auction.unityads.unity3d.com tcp
US 1.1.1.1:53 cdn-creatives-cf-prd.acquire.unity3dusercontent.com udp
GB 18.154.84.41:443 cdn-creatives-cf-prd.acquire.unity3dusercontent.com tcp
US 1.1.1.1:53 cdn-store-icons-akamai-prd.unityads.unity3d.com udp
GB 13.224.245.30:443 cdn-store-icons-akamai-prd.unityads.unity3d.com tcp

Files

/data/data/com.ansangha.drjb/app_sslcache/dr-driving-2-5175284.firebaseio.com.443

MD5 593ed5e6a5d893ea4f6bed8ec695c73c
SHA1 248c460c5069160c78c40d5c90f66531f4161c37
SHA256 8c7a1e23118964c9493074c11bf1f3ab32ed9f014ebea2ff6c5350b89cfbd640
SHA512 83b771351f0362732981e25eb16449c3d3e2d67d9e732d221f2480c89baed9be62ca81478074978ab9370577018f48d631e7d8901df035b6aca74a6381914941

/data/data/com.ansangha.drjb/no_backup/com.google.InstanceId.properties

MD5 9b07ae1952b3895baff7d323f41838ff
SHA1 829b75771c53e70f296f78f7ece986c23f9f86e8
SHA256 a8e8d069f72d4abbaf28f1506b44c28dd58a8b9f48244774c871ee899475a7cd
SHA512 5dc44b756fc6bdcbe2e6648cf19a1cb84f850c0d564c2b8107901785f9e10df61f809fdebe6382fb63e439aebedaffcb252d06889b9e67c640e98018346e5e6d

/data/data/com.ansangha.drjb/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.ansangha.drjb/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/com.ansangha.drjb/databases/google_app_measurement_local.db-journal

MD5 0344a1eb2ec5cb177573d26596a1d2c9
SHA1 3fa80e17e61be2074562f0ebf729777d0b132454
SHA256 fe082823161dfcffce4fa5499f35237e8a63a25cb7a631a0cff3d96246def974
SHA512 c521d4a35735fd7569ba6f1703f4dcda4af2b954f76d677713ea88c904c7ad713a390a143b756722324a45bd22f13e2d1e8b6153575e7f02eb6f0678f4614a42

/data/data/com.ansangha.drjb/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.ansangha.drjb/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.ansangha.drjb/databases/google_app_measurement_local.db-wal

MD5 ce195f37d931227f0e7e8f896082c9c1
SHA1 9c5b4a478b5ca5aa904f3a3cae33bec370c9d8df
SHA256 602532ad090dfd72067f73e53e29897ddd9b522eb3530e846e7185c23b14410b
SHA512 66c96b522212fbb490f35db29bd107c54c015c2ffd59f21e74ef4f1df40b411532a30e171f57569261b7e09ed747033387dacc449e8c4fa67366d99a1776abc6

/data/data/com.ansangha.drjb/databases/google_app_measurement_local.db-wal

MD5 235db74b0697d514e737c7eff4909bb6
SHA1 eadc9afa0f54a476a918a267e01fc5b44b5d8020
SHA256 091924117759cf3ddaa7f672ea35c53ecbf30c8660ecfcdea4b2bd0dea1991a6
SHA512 445a4208fd559eef1b1fca85ae7526f5c434b028ddf7b1f55fd01380bc6eadb93a17bce1e939d1124008390308e47411a36924a9733da57e8bd4bcbac6229bde

/data/data/com.ansangha.drjb/databases/google_app_measurement_local.db

MD5 d6e7813af9e967164b3fffac819e0eeb
SHA1 7c7e846fd393803c3d0f27d5ec551aa1e73358e1
SHA256 3387a22b8bd32cf80b8c3352c63144663d7687fc9c527eb03abfcbd0545d4c93
SHA512 85cf4e8ca128c477433d536c6eced160c5f4aa192802500895d3e8c22389749a28f09510e8fe1612f7e0e4056f1da49e4de3649e34fbac39bec515155dea722c

/storage/emulated/0/Android/data/com.ansangha.drjb/cache/UnityAdsCache/UnityAdsTest.txt

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.ansangha.drjb/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.ansangha.drjb/databases/google_app_measurement_local.db-wal

MD5 c5ec93e4bf1291c1d75ed5ca17d1fbc3
SHA1 4578e3005eb0aa38fea3f90b1de5e374fa281816
SHA256 a1918eaaf734d9090156c05b21138530d43ba12006de78557fccd2f1d6cf11d1
SHA512 fb32b62d3f8b7afcc7c82c3a0d6ec235c0e25294e9e0be502dbd774c8b75a42cc8b1bd3ab50640d0be4cdf5d7c867d4908f7657042ba1a7f520c982c0d459756

/data/data/com.ansangha.drjb/databases/google_app_measurement_local.db

MD5 02779eef73ef2f6d02bcb9e6caf57712
SHA1 b91205f8098aeea94575d65bcc953dead5367f37
SHA256 ce6dc750af24bf5e74ba077d0b580e161f4cac13bbdc8ec09ae644c31e1d5265
SHA512 cb16da488389408a9547a911fda8c09acef288ed685acaf4d7d731ac1edd14daf1103a06ac2d413736212f57528de6cd79e6e0657b98331e2ec9898ab324bc87

/data/data/com.ansangha.drjb/files/frc_1:123860887288:android:4346c976f86fa480_firebase_fetch.json

MD5 75f57432a9e8e0e091c87de0c490ccaf
SHA1 379f34944ddd4c8da03b5458a374709cf40d75bc
SHA256 dcdec68399935c3b1e6caf28e536a0ce87012ba1a84ab4620f2964c90cc01781
SHA512 f2034b94eb0ba752e3c483a7d57f5451b7dcd3a2e617db719e66b0ffbe70f0604bb31f0ee4f73f900c467a6508eced3f007e15138f03619f5418e17261e7527d

/data/data/com.ansangha.drjb/databases/google_app_measurement_local.db-wal

MD5 aba05eb5d8425ecc6c5ab9e5a272343c
SHA1 a4083497277acf45546b8e30d2815bfdc8deb084
SHA256 902b70bef05a68aa427e721355c07266bafa6aa08b64f4e32bc48a48b3ce8d8a
SHA512 b9d47bc840974e8613df684bce4a0f69ce21d1dfeed7e709705ecabf780e0ce97b3ea091330239ffa7381c07a16d398ea4137add1b0000926648203523fc91bd

/data/data/com.ansangha.drjb/databases/google_app_measurement_local.db

MD5 dfed4af9515fa371323700e4b41886ee
SHA1 ae5c8dee7b67a5aabea461aa57a482c756106b15
SHA256 acbe42d789ceb7e5be7817c9868781d7906b7cfbcee7f62045f2aba333cabd1c
SHA512 e61939be7faf11d653cf8772870c7f50c2d932c4ada158c9ae9ddcf33dbbd505089259b74b13b6b2f9f2ee75ad632654ef7735f3299af85061dd60da3f11a4a2

/storage/emulated/0/Android/data/com.ansangha.drjb/cache/UnityAdsCache/UnityAdsWebApp.html

MD5 2bc5544e5f6eeba4f1835c4e216419ee
SHA1 d6cceb27c7a7077c98557f15c85fa3affd5a706e
SHA256 3e95beb09261b058759d82bc0d1bd574047cee1dfa9e5cc1b6641efef5f9be72
SHA512 0df95ed6aa7e008c126d5b34e1d9233f6d4727fc04d9ba71cb449a2e8671fbfdb18beec6a179a4a380e3649f16baadc1eefa0e2e5f8f71b329cf0bc236eb327a

/data/data/com.ansangha.drjb/databases/google_app_measurement_local.db-wal

MD5 767c12cbdee99d24dd38313bd3a8725c
SHA1 e05e9d4844d03ed00162d52892d8e61894b7642c
SHA256 0d4981172958e5c47c4e8628d9ab3caa32cae10dde7889be6293c1109ed5500f
SHA512 efbd3634d1c314b911ec8ef5141b72f535e2eac07106476e139fd85b38f5e39f21f66e83466aa68bbbafbfa2cca8cddcaca09c1dac657a5b9eb639d2ccc53e48

/data/data/com.ansangha.drjb/databases/google_app_measurement_local.db

MD5 978d2be14aa700b5274594ba52356f88
SHA1 22a34a80774e5e2e4101dc26a4fdad10843fc82a
SHA256 3301c19a0b58094e533749ac0d21fe38e80367272d29938b097579361317fc5d
SHA512 fcf9ee61cd05df82f2a0f7d938a14e13225562a346231bbd6a5c4db0285f9e5ed02fb8921f6f8bf742e7f56b7ea1ec3036dcb2d5498d4d34950696a5a1dce113

/data/data/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD9200021-0001-1063-712A12B44457BeginSession.cls_temp

MD5 df8b48761962fd838dbe9bfdfe75db1d
SHA1 0055f40bea47561c91173118c0ce72893f939d3f
SHA256 5dbb78c4418981734d682021ee37ec30fdea0355f09620955ec15934a064721b
SHA512 428826366adb08e1d7a1323b809fa102aecab9df8bfde7705f95e219272c8d8d35dd555943d31d6be60f4292087d3c3e58d73ed64048aea24e8b3ab0ead64ffd

/data/data/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD9200021-0001-1063-712A12B44457BeginSession.json

MD5 8baa2c4d26d07cea4028ba1c663fff02
SHA1 2e28e92f5cf969e5b1590b77f5b52af7cfa3c852
SHA256 86afa04914e320b03dc0bccfaf69d11913ff60313dfc65d3c12492a46b1ddcc7
SHA512 1ad3327e83f3ce825f821b8d53167067e231ac3bc94e4b099f7099bce39e7ef0932ec0e46f502d0773f68f8cf7399fe54c80256ff820caa4e7449ebd2520a75f

/data/data/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD9200021-0001-1063-712A12B44457SessionApp.cls_temp

MD5 57e58c428225776233081b64c6e64d93
SHA1 293c01d79e61edb8e57fafaa06130a60aad54b26
SHA256 365be9c0d846b1932d6a54d9eb037fef492bea22e972f2ca7ac81087473be5d3
SHA512 197d5d2803b1108a6bcd9e6ba2b8208932378332523a818c8ef6b3c55e97d4f3eabdb95653a5ce1d1a33498d1016f0201e543959cfe6ab192740d9bc3f89e6b0

/data/data/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD9200021-0001-1063-712A12B44457SessionApp.json

MD5 312f8a1ebdcc53691a30cb66a38a36f5
SHA1 e64b84ba1de25ac7b4c03fc11cf6a724393e375b
SHA256 f509ab45ac467614bd9c0b30bb2fe1f6dc9530722aded0847559779edf7a8b7d
SHA512 ee65fc4faf01c276c935e83fa9597f70a58a6bb0c082f22af59f0ed22c66b6fd048089878af8bd81911566129f5aefca5d50f2313046184bf7880ca56afdc9ea

/data/data/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD9200021-0001-1063-712A12B44457SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD9200021-0001-1063-712A12B44457SessionOS.json

MD5 93023624eb8dff5c20050da136aaae0a
SHA1 acfd1ffed752c28fb135ba83c0c6345ddf2f6995
SHA256 968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c
SHA512 bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

/data/data/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 12e77ea7b9771a7ab589f3ad027cfb94
SHA1 0e185039e90d4588e59810ae88adca7a0efe4ea3
SHA256 9579bf327f202c7509041eea707bf48fb7bd912000c26c7566a1bd654f47faee
SHA512 5a5b6c72895ef9a220102090947a9964be4eb153725c9a1723f5ee243b9edf1ee9c43b28a7102b78b69b7db51c0254d5fccc6a2ed93f6d88ecd3fb8e75dc4343

/data/data/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD9200021-0001-1063-712A12B44457SessionDevice.cls_temp

MD5 cf9cb0612d588a1f71b63084cea67316
SHA1 3d035bb92fd3f8997160cf8025c40239af74d3ca
SHA256 0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9
SHA512 70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

/data/data/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD9200021-0001-1063-712A12B44457SessionDevice.json

MD5 75db92d50c80a89e068550028c62acec
SHA1 d78ea55f5dc682e4da456d26383249f608fe894f
SHA256 1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2
SHA512 dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

/data/data/com.ansangha.drjb/databases/google_app_measurement_local.db-wal

MD5 b3b75cd05e713e5f70f827e87520e95a
SHA1 7808ab8d46ea03c9ecb51dc6fb334e70ce23e698
SHA256 a3eecc79a7e5da90d70e6f28abe3a276a1bd2bda82d069d77bbba4d19c93cc18
SHA512 fb58cbabf1343b8370ddd948e544ab5a694ea43d4c9caec8ea1c1dfdf66ea19eaba76f8a236c64f500065f571c4504d5a4dffc69aeff51277bc642b10d36bf62

/data/data/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_36ab926d-8599-4c60-bfb5-d4b2ea9328dc_1718409515149.tap

MD5 0450ecde16138de6cffca4735a983244
SHA1 c181f1212dae5d42bbd4451af266a678052fa219
SHA256 3c38a9144bc4e627860d413b9ad0a63dc18ecbc264c7dece92407ea1df88cdef
SHA512 87e7f2401a351954eb79b3760d83e09591e39290efdd58b627649bf5c630b775e8f81c880ef276eb48d75c23fff02b43411a8c8a4eb63e8f7b20d467b3477934

/data/data/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 aebb4088a47b157e83d61461ca3b4cd9
SHA1 54511a6d328942e03fcd3d74ee24f3572a3faeb3
SHA256 a93a048b2b98207d4af88967b60b27e6cc3bfa343b964e7df8c7711a1ba4440a
SHA512 b1670e5ffe92f48f88a5c449d18d45beddacda23fa8eeda5db7fadbc03180f969348ac7342a39b915b378ee6f7af92ce217ad7bcd1f13d6db347396b8a9bef27

/data/data/com.ansangha.drjb/databases/google_app_measurement_local.db

MD5 afea3935c56d0534c662eb5a3923ac6a
SHA1 a2a529c1d20e13ea38a805fbdc7c92130d370ece
SHA256 77b64968967122269d8e1d415a0f5b06ffe9684f5d9e609dc705ca15383e4531
SHA512 ee9292e85af96286165e92edc819badcc54d56cf6c37f661c3dbe9c007d558a88274e7003b5cd247a609c7d20ca0e42d1dee2b996c2eae01c9aceb87b69043f4

/storage/emulated/0/Android/data/com.ansangha.drjb/files/al/sound_off.png

MD5 d9a4fb40256f67255242c0f41a0d3de3
SHA1 1c99e725cebba2c3f5808d5e00c73af58f0790bb
SHA256 a7e16ed6d339c6a85870e5c18952f839d61dbd93d47dbbb49e7f7f9124cd0d2b
SHA512 a09d5d878cbf2f58ce256814b9d19d9122858609035b2c15e19e2da8171e36d0ffff4b33420d4d27233200b430307f1fa42459889b52f66e4282af8a84edb8fa

/storage/emulated/0/Android/data/com.ansangha.drjb/files/al/sound_on.png

MD5 74485ec832d65f19b05f5027220df53b
SHA1 49116a6b85bec84512241c9dc6e511ce10bdb7b9
SHA256 7a89be15d3a268c6820f385ac6d4585bf04b45e2fdff37948b2a73afa34c1268
SHA512 9acf56fe90a687ae653ab5014aacaeb7ad6f76982271df5f63e536a358f3f53b63f7e865fd8180bee96980cbfd4ba9b07b81977f86c9b9d0b41ca1dac0556657

/storage/emulated/0/Android/data/com.ansangha.drjb/files/al/1718051462885_300x300.png

MD5 745c5b41a748a9f3b8bfca853bf81ea0
SHA1 3a1880c974e21231915ae51e1f9a54dbbf6e984c
SHA256 a88ce0451c548ffa3174554ab7eb45991304255c6bf814b50a75aac61c0b38db
SHA512 964656234b27a90dc07b82bd48f22a72c00cc7a12e825d7f2dd9f30be904916e516245e499d46d581fd28003a63255e83f54411f430cb82b0d1b9eeb09d31c11

/storage/emulated/0/Android/data/com.ansangha.drjb/files/al/1381250003_28x28.png

MD5 759a106983ec92f34344dc5064efd29d
SHA1 2c237ecc3297a144ed9eed2c4e0ce68d5bffa07b
SHA256 1b5b3be1232ba117e19d81f6d0a2d6d1d14ee6cf726fa2a2800e19166736ec81
SHA512 516b0053563a00690e503780c883d51b84143498305e2cc7bbee4489e1a06d38a2c637eb3c125b7d5e1def35e31a66434f403c2a7d9634e87c8b87f05a94bb49

/storage/emulated/0/Android/data/com.ansangha.drjb/files/al/of041bc1_23702871f014df5291c53322f9c7eda4c008936a_v1_js_load.js

MD5 d4cd7c5c5998b76a732d78e978091749
SHA1 5d8bb7cd065163e896c102a720379ce6a2931053
SHA256 9a2ea14e44c09737978801d2a39e6c683175b051c49b1753b7e824242e8990f2
SHA512 74152ab3645401d238127d423a27c2bde77014bed549053a3fddd99772144c9eaecd9b798556039792a33d7b2cf5c876bfbf3d715761f6dd1eae74ae7209aa14

/storage/emulated/0/Android/data/com.ansangha.drjb/files/al/60ce0a23fdf01c1b396ac28d9ce28e0f3b16491b_v23_phone.mp4

MD5 69572c75a3ec08c8d053985c27b9be1b
SHA1 9e721537455e7aec329ea82ad513f6f0f86145d9
SHA256 ef287ba05df52ec48b0a46206dffc89823b2f52cc8978352d8123dc2744dbb01
SHA512 261816bd9792bff382b95a856d418e172280bbaf90ff0cf0666e6a48ed1cc36bf3c2007548260881625f1e595f07268281a708ebf1a159fecfff308a1d813a0b

/data/data/com.ansangha.drjb/files/UnityAdsStorage-private-data.json

MD5 16d3e6eac0e79222a9b368edac765b34
SHA1 48d5e621fcdd84108f5750d6905180b622715b11
SHA256 3a518b70256a689906d6740062462e3124aad6e55c5aa47339a87a56e4933ee7
SHA512 d0aaacf86100135241426e2a0e9ba44414aa456cd708124e2f9c3a8037e008870cbcb506d316e4fe7cfe1d6dc3073393989a6f3c29f7cfabd6b0f65057afe747

/data/data/com.ansangha.drjb/files/UnityAdsStorage-private-data.json

MD5 4817530663e9b29b84db9421386d2c42
SHA1 55f341a97ff74a3060aa3f7369e930da2232de04
SHA256 5a954f7f4f150511934977960638d7c21573c9203cb4747c6c532de2f68d7d8f
SHA512 168f8c31549e235d917c3537098e95153024cfdeec2c612fd19ae18b4461cd874c1c4564b5896c79a862c78f0f05c3893b16c3f6823d2998935f965e338f7ae5

/data/data/com.ansangha.drjb/files/UnityAdsStorage-private-data.json

MD5 bfb8433bd84004a24a1890991585938c
SHA1 fcad826c89492049f741ebf66b0caa7252d17444
SHA256 a5a79449d6fee2fa2d2a31434184ae1e292240b69dffca44605cb7cb3fc61410
SHA512 4b45c6ddd9b4dc57ae41d5f541c716545b7580edde8b08c203e3d06db94852e49530deb77f95f5609c567cf11d238140e4fb04bfb9121aeb94f6bb02eebe395c

/data/data/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_c8436dd0-fde1-4416-bf53-5ca4c8d553ed_1718409526710.tap

MD5 a1947c1f75f50c9f5094e950f070f811
SHA1 b8f28afdce5e277e75989d75b73cea1516e6d4f7
SHA256 5b1c600ab42faafc9eca9e8dcb8012bd9e17eec40b0ce44292495ecf43681cbd
SHA512 7f9a90c97576a77126457151df988011505382097b7073687e01f821598f894344a7f909dea8ab247596d1b18b80d82747ea61ce8d95b6be84663315d0792985

/storage/emulated/0/Android/data/com.ansangha.drjb/cache/UnityAdsCache/UnityAdsCache-dcc677d973fbe3d7d72edca2d5114f233bf3d6a21078c7e8fdddf6caa07be67c.webm

MD5 3c66199b7af0ef3191447cd6c802ec56
SHA1 87fc5339cc57897ad2bba79cc7c048a4b1851c46
SHA256 f1c7122850629d1fe0ac3bdccdee3e7afc372ab21f5271fbc1aad5e2d9ccb481
SHA512 3297f51c74fca01aa6a4e2633cb216dd8a19a220945b5dfccd28f0e6a21da17447f30d5805f533a63ad4bd6cd4689c87afc872edf9e04960100470254e7ac457

/storage/emulated/0/Android/data/com.ansangha.drjb/cache/UnityAdsCache/UnityAdsCache-38512a4abb9f62c43c2bbf156d5cc9a9c065d644ad3ca045338c69bfafc3d45b.png

MD5 4628a0a7cf8b3b2fba48c16c7a978ee8
SHA1 0f733dabbb73de1f9de8045df1aea3399a007542
SHA256 694ed718927c5f3abb794d0c7f3059be09e97f375ff4d5539d7c244deffe5587
SHA512 294b5ee992917aef4ce23d8e4b15601c7917fd61e0da809431791b3f905d93b0838562ea083795efa9ad4ef09a49360735ac83bc223b73f3ecf6dc057ac4971b

/storage/emulated/0/Android/data/com.ansangha.drjb/cache/UnityAdsCache/UnityAdsCache-91f9d92541e5f3e35470afcedc61218e201abb70a8ff4972f0f8631ec7601172.png

MD5 e10903ae64b9fdb7275f16f014443a91
SHA1 358c9f091862d6f5746e37da02a421386f89fd5c
SHA256 114ff862a2c4bca725337181d1f561da2efd4b554e14aac3c9c3af63e2a6a5fd
SHA512 85ed4b586a3b70a9fe1dce7fd467e041feb1b813a3a9f3c4d857c65eecab9ffecbd9f1a2a8e4bed521707730c910170583465f6ec41f0480a36fd13c581e2296

/data/data/com.ansangha.drjb/cache/oat/1582435991586.jar.cur.prof

MD5 61bcb15ae5bba41d776e0c6cb5c5feb7
SHA1 8fc47130ec19070f8eb2252562a150ff7f7ab304
SHA256 7c1811ab33295c1c2051ac842eba4356a87bf2f051fbad2501b3190a87001d93
SHA512 3f095de8e2bc186cd1d2f98a6f70987e897b9ffc73f1851d6492e47d391a01ddd968a3d8a0b7d0d958d9bde554ac34d02c4d79c3e05aaf9c9e7a989da3172f1d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 23:58

Reported

2024-06-15 00:01

Platform

android-x64-20240611.1-en

Max time network

191s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
BE 64.233.166.188:5228 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.178.10:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 172.217.169.74:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 142.250.180.1:443 lh3-dz.googleusercontent.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.194:443 tcp
GB 172.217.16.234:443 growth-pa.googleapis.com tcp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 g.tenor.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
US 1.1.1.1:53 i.ytimg.com udp
GB 216.58.201.118:443 i.ytimg.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 23:58

Reported

2024-06-15 00:01

Platform

android-x64-arm64-20240611.1-en

Max time kernel

103s

Max time network

133s

Command Line

com.ansangha.drjb

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.ansangha.drjb/cache/1582435991586.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ansangha.drjb

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 dr-driving-2-5175284.firebaseio.com udp
US 35.190.39.113:443 dr-driving-2-5175284.firebaseio.com tcp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
GB 172.217.169.42:443 firebaseremoteconfig.googleapis.com tcp
US 1.1.1.1:53 ms.applovin.com udp
US 34.102.162.219:443 ms.applovin.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 config.unityads.unity3d.com udp
US 34.110.229.214:443 config.unityads.unity3d.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
GB 18.165.227.39:443 webview.unityads.unity3d.com tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 d.applovin.com udp
US 1.1.1.1:53 a4.applovin.com udp
US 1.1.1.1:53 rt.applovin.com udp
US 34.110.179.88:443 d.applovin.com tcp
US 34.117.147.68:443 rt.applovin.com tcp
US 34.117.147.68:443 rt.applovin.com tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 216.58.212.202:443 firebaseremoteconfig.googleapis.com tcp
GB 216.58.212.202:443 firebaseremoteconfig.googleapis.com tcp
US 1.1.1.1:53 assets.applovin.com udp
US 34.120.175.182:443 assets.applovin.com tcp
US 1.1.1.1:53 img.applovin.com udp
US 34.160.119.165:443 img.applovin.com tcp
US 1.1.1.1:53 res1.applovin.com udp
US 34.149.87.163:443 res1.applovin.com tcp
US 1.1.1.1:53 www.googletagservices.com udp
US 1.1.1.1:53 publisher-config.unityads.unity3d.com udp
US 34.110.229.214:443 publisher-config.unityads.unity3d.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 142.250.200.1:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 yt3.ggpht.com udp
GB 172.217.169.33:443 yt3.ggpht.com tcp
US 1.1.1.1:53 csi.gstatic.com udp
US 216.239.32.3:443 csi.gstatic.com tcp
US 216.239.32.3:443 csi.gstatic.com tcp
US 1.1.1.1:53 rr2---sn-aigl6nek.googlevideo.com udp
GB 173.194.183.103:443 rr2---sn-aigl6nek.googlevideo.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 auction.unityads.unity3d.com udp
US 34.110.184.100:443 auction.unityads.unity3d.com tcp
US 1.1.1.1:53 cdn-creatives-cf-prd.acquire.unity3dusercontent.com udp
GB 18.154.84.108:443 cdn-creatives-cf-prd.acquire.unity3dusercontent.com tcp
US 1.1.1.1:53 cdn-store-icons-akamai-prd.unityads.unity3d.com udp
GB 13.224.245.72:443 cdn-store-icons-akamai-prd.unityads.unity3d.com tcp

Files

/data/user/0/com.ansangha.drjb/no_backup/com.google.InstanceId.properties

MD5 93f338e4ae553f997b27da929673d780
SHA1 3432450f7bf0a5d5b0b394da243914a9c1c05326
SHA256 b627342c05ac772821c4e5b977107f4241a8cff18c2bad81bbe5e21e3f8779ae
SHA512 cf8e6cbd5cc80f7df0a8f725c0b9ced79fb6525c8fdbff405fa2065af1f3f9ff63d4bb4c65fe9d4761c2c3d366ab10fa13e7ca3b4855e4941070d0cf55f1af5a

/data/user/0/com.ansangha.drjb/databases/google_app_measurement_local.db-journal

MD5 2ebcd665c9847a4c15a90a01ef7bbb7c
SHA1 decd8a5e0e4659cfcc01c527d144b731f46a23d1
SHA256 f7ba4a2ec848afd468d356b097c509e8d3ef5644724cab3de4194a007cbbe381
SHA512 587f9bc3b6fbf8c0677b902118183a19425706f127a4677ee713cf661b3095d8d48c48d84e4bc42da657aad3623ebe02e6681a747ba6fb8f72bd305fa5d8c331

/data/user/0/com.ansangha.drjb/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/user/0/com.ansangha.drjb/databases/google_app_measurement_local.db-journal

MD5 c4030fdd0fa08a18aee188db7a537c95
SHA1 d09bbe395d886999830d972e2d2fa26c1aae4f0d
SHA256 e1e6454738f59e4bc0f2a3ddec53853b93306790d24a34711126b616c57dfbd1
SHA512 7c649912cc2e5f67ceda0d8bf51c12910ad1b198011412c735858a8e0232bbd2a6ec3ec74274b6a4d0d78fbd5f3f9448f74ddcaec1e2674f9dc42f4e4e3c97e5

/data/user/0/com.ansangha.drjb/databases/google_app_measurement_local.db-journal

MD5 eca1a03a76a4d595664aabf138ea954a
SHA1 91f5c0a9c71b2aab74a06ce4c242530495e7ecad
SHA256 f1472d9ddbe96e47e7090cf6a4ee48dc29cb50373ba8425263ef1d31f3adf09b
SHA512 b42933b92a70114dd9deb5073af31d0d55d9089740e8b624e069898d50a3c616299fd078f077bf07466304fc804495646391444defe169b3a5e20a317d3e3298

/data/user/0/com.ansangha.drjb/databases/google_app_measurement_local.db-journal

MD5 6fe4109a7d290f728fdd2a4b7de27ea7
SHA1 cf8857bb08acd94769a058ad6a4fe3faf82bfff4
SHA256 05e011a8082f1303a6e46b7ce69014a5e1197ce6e11e76af97432f2d4d7bd1da
SHA512 a87661d3b8d6dd21edaf8f69520f8d6faa3b53b45a8ccc55b6202c5f369748d876157c65f7c81f0c1e4abac0eebe5c203f1b828f70b50937e1147c476d183c82

/data/user/0/com.ansangha.drjb/databases/google_app_measurement_local.db-journal

MD5 36aa51d0fd8ecd7e97e1a58adfb2166e
SHA1 3d46b391f21f8582a04f2f5c7a887a1478fb4f4d
SHA256 5f67f9e478319d06471bf2d082ff776bd86b99dfa61488808a7ccba160bcbe72
SHA512 0d1479fd367e40880134c80bb9d23741251a027f4070bd033ad29979b87cc34f82a5a39e8fc0be7617a31f4667b53bf75e18814c7de47b9b7a18b01386d3c95d

/data/user/0/com.ansangha.drjb/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.ansangha.drjb/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/com.ansangha.drjb/databases/google_app_measurement_local.db-journal

MD5 740f437baf995909690f4bd708df9f13
SHA1 3cedaa829ae0850142d46eaccb166a8593f1d471
SHA256 eed29f39103c25f6595eacad889eb309475d81d5133ba7c316d4d06f48f8f968
SHA512 cb09c4dae0bebd92303280e1f9c3326f497126d66dac138d945ff7518a7ccb6240fd75183760a3f6110cd9b0fa65a2e9f9a5aed2eb59b3cbe113172894fffd86

/data/user/0/com.ansangha.drjb/databases/google_app_measurement_local.db

MD5 6b245db3c25813b6d0ff923be7e80e6f
SHA1 8ed94e5db87c3dcdc6ac9c1f7cd535dd8cd6df3f
SHA256 16823f1a5aa25611340fe32b8e98e42ec46eaf10554f4a3b0382cd9b4cdba2fd
SHA512 2f13bbfccb3ec692670b350b5a80582e71c9cb55b8e0cd412c7e16d980e31772d4a44af3065fae5a079eb42eaff7ec8d9a1a13b5f5a9ed30b9bfef604f7fca25

/data/user/0/com.ansangha.drjb/databases/google_app_measurement_local.db

MD5 fa48f5e935115c0efe24c622a6f350d7
SHA1 04b280a41cb545cf356b7ac7add7769889ba19c0
SHA256 17b6dcafd84b06f73620f0b93586ed5cfb93e4cbadab5c67b55951c9dcd53ac9
SHA512 8da0362f3be23b2189f2f3367710cee1d6f4ea0a5002de72ba78422c8dff6f23cde48a13264f759703c1d5219fc6c8ecef5bef4de0a30e1a25cc0764d143ad6d

/storage/emulated/0/Android/data/com.ansangha.drjb/cache/UnityAdsCache/UnityAdsTest.txt (deleted)

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/com.ansangha.drjb/files/frc_1:123860887288:android:4346c976f86fa480_firebase_fetch.json

MD5 6f163e7e471cc6f14a9a338f238207e6
SHA1 720044fb4fd1de9c108c9d141cd1fe7de3d8ba46
SHA256 f611b5b7e19dc09ed31d3d329fc427fe0eeeed0912c922b2fbb0af47638372c1
SHA512 18068ea286d7df40feb792fdd4861fc4f892517be3f4636f124660cb8096af7a02386502de41a50934a5479f786307e4614cddfa9b774b90a4fab93e7bfc7173

/data/user/0/com.ansangha.drjb/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/user/0/com.ansangha.drjb/databases/google_app_measurement_local.db

MD5 693bd550c53735846ce04d320844abd3
SHA1 381b0dd19f1065af211336802cb88a0fc380f323
SHA256 d4b9cd4dce952ba3cfe005bde65158dfca6e9bd9c79fb823ece9ffb9d7c6e508
SHA512 4682cdf5d825e7471a076c2ec87550fb6d5261f67b18b4eb7b6527e3b736cb8e61742e9b1346e57825c344384ce9f084d750532fe10afb6325793d4e9bbb3e93

/data/user/0/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/user/0/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 126a4756a9b991a98044cadde93cc1ec
SHA1 d1cfbe7f8ff949c57dd06fcd2c081b5c98f93db2
SHA256 51fbd47076fe7012961b68090e1e9b58b39d6e6a485b4c5d730d22ebe2a8ae60
SHA512 885adc3d5feb1b55be77273da9616e3311de3da87aa39756b2d2fbea42e687b544bef3566700a4343bc6155d0685d1a45809e64f24f7a389f8ea3b9db24c43fe

/data/user/0/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_f9e3e349-2702-4a4c-93b1-bf440b592409_1718409511119.tap

MD5 9734547312c808bce6298d38ad214046
SHA1 121ad1615fc54385f80ad735dbad9949eb387509
SHA256 9d6090a27f68a1af3f6f173da7e16ca8e874e2bc67c3c5a1cb2bfcdd37da1f23
SHA512 4a026d1b035df475c1dfacc1325412cc2606517329bd82cde00998fc44bd4f4d01c702112a24e8a1068ee18ac815dcdcc4eb99df44449ef4d528986fcd733c79

/data/user/0/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 c2723ec515cd902344336314f2c9f9d9
SHA1 caf52750011e33bb4dc9216de9d7a26fe26449cf
SHA256 b20b8614094db88e0164da8f29fd105533975fb82020af29a4c0c183cbde04b9
SHA512 fe3fdc0bd00d118249756afd24cce04123920eb117826e852a492ff1099fa4d178e62d3139036a0811a890a45a302a7e601df957d51069863cc56862d4bb084b

/data/user/0/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD91E0283-0001-114F-5430B6299987BeginSession.cls_temp

MD5 00200c5af1e4f061a48f5fd5463f88c7
SHA1 505bdbd8d7618e7a45e81b447b3b461058d339dd
SHA256 c085f5542d32ff478d1ed6bad5b62561fba990d58a0693bd28d2eaa33fe0cd9f
SHA512 77df175d4541677669d6d7f31b8236ea9418b6ac7ed970780ca3559dc3326d6ca08bb030a0428e3729dcc73af18363b66d952f51a0c0981a92d0edb5626e838d

/data/user/0/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD91E0283-0001-114F-5430B6299987BeginSession.json

MD5 686bb925dd6baf4cb916263b8d6fef1f
SHA1 5abc5adccdda8337ed467a59d2bd3ccf66c70537
SHA256 161bea9cd443fc8e69578c38a225491073d8e56cff62fe253f8d650e06327042
SHA512 1ae84c68e1472e027944b6813043122066184c35b67e0c2647c5ea0cf258940e23cc9521ac10390092a1a037f85af35869e626162db9f374cb40938749424e48

/data/user/0/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD91E0283-0001-114F-5430B6299987SessionApp.cls_temp

MD5 6c66aa436e8433c5fadf22943eee820b
SHA1 648a228d1dbe84e01a69b0c352552da66798a07d
SHA256 f2ec8674e0c33c5d0efa2007206d3a6a9f3a0d30eb2fc3657e3b4f7a82852120
SHA512 fdabdfcdd4595e741b5abd0a3b1dae5ec53d20fd95483ed5a79b287e3d126345ac1c0e09a9b109d58b8a44d086ff7ae26d5a7d1fbe6f4976da3395a21a10ce11

/data/user/0/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD91E0283-0001-114F-5430B6299987SessionApp.json

MD5 4d75849141347014e4143ddcadc8e9aa
SHA1 ee7a721794a75635eb0d7abbe98b5ca9955fc518
SHA256 aac2951217541b29994c0b55e15c73f9a2916a8e6950ee0707948b6960c3e467
SHA512 1a35bb0af54df622f15da05ca15b376d0715df87be184e31dfc72d19d16fdb7887532396001f072eb74ad33e681f28e857e1d099c7d70809dd9d575fb835211e

/data/user/0/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD91E0283-0001-114F-5430B6299987SessionOS.cls_temp

MD5 b3d9541cc92a9153d14e5160f8d8c008
SHA1 2e1ac80eb381dd82a03795b682f92020348c0113
SHA256 1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA512 78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

/data/user/0/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD91E0283-0001-114F-5430B6299987SessionOS.json

MD5 fc1dcee4e422d77e7fab7c08c8a41344
SHA1 d5340127e9d5f735b9d33b9dc61c772fb0e2dc15
SHA256 b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7
SHA512 3ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61

/data/user/0/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD91E0283-0001-114F-5430B6299987SessionDevice.cls_temp

MD5 fd6372364a5c5c9cf8945ac3ea7a5d94
SHA1 3c798cab71f6ae7a81e71e58712368231230588a
SHA256 7400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641
SHA512 a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276

/data/user/0/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CD91E0283-0001-114F-5430B6299987SessionDevice.json

MD5 eeeb942571fa704cf8ae49731fbe9789
SHA1 b5989c4cb932ffc779ee25bb3f7bfb79cf720427
SHA256 78809f7ae96de01e3922b6d3a134c3f7e9a0cbdacef313f70e8d9345bf5fbd71
SHA512 71e55c16f9f8fc936f8607448916bbfa1ba233b7120b8676fe11552916ac4dd3e3a7b0f9c31e14048933c8bb9c9d6d630ab7d28389f31749640cc965b2636565

/storage/emulated/0/Android/data/com.ansangha.drjb/cache/UnityAdsCache/UnityAdsWebApp.html (deleted)

MD5 2bc5544e5f6eeba4f1835c4e216419ee
SHA1 d6cceb27c7a7077c98557f15c85fa3affd5a706e
SHA256 3e95beb09261b058759d82bc0d1bd574047cee1dfa9e5cc1b6641efef5f9be72
SHA512 0df95ed6aa7e008c126d5b34e1d9233f6d4727fc04d9ba71cb449a2e8671fbfdb18beec6a179a4a380e3649f16baadc1eefa0e2e5f8f71b329cf0bc236eb327a

/data/user/0/com.ansangha.drjb/databases/google_app_measurement_local.db

MD5 d24ae43dffbae2ff8c2f10560f43ffc4
SHA1 f1dfa457ea4b40f42b9bb12a6cde0adc451786ef
SHA256 cdf0ca06e221b6ec1f377950abae3057d45d3fb26dee0dcb2f18a5f92eeca6d8
SHA512 b4f7ea43f77debeaf88d5b6a84a12a63afe996c4a356ca23ceb667f3f2e21e8be4defc465bd5cf42b148223cbda8006171cb5ab642e6495aede9fb27ad06a1ed

/data/user/0/com.ansangha.drjb/databases/google_app_measurement_local.db

MD5 3cbde16dd82cb42b985e06b6b67a94dc
SHA1 8bfe30c474605946a6b950a22149500fa7128d4d
SHA256 d30e812a8bf7b59801b39de15176e07107f153b3e3bbd12bcc37807bd86e42fa
SHA512 d899550e80873a6c31f87f9e6f885c3c3a5d4e354aa2c8f3f435d99234a9c37739376f55fc42b5fee8023800a825c8cfab1c7254833fe55a49e6f5b526688278

/storage/emulated/0/Android/data/com.ansangha.drjb/files/al/sound_off.png (deleted)

MD5 d9a4fb40256f67255242c0f41a0d3de3
SHA1 1c99e725cebba2c3f5808d5e00c73af58f0790bb
SHA256 a7e16ed6d339c6a85870e5c18952f839d61dbd93d47dbbb49e7f7f9124cd0d2b
SHA512 a09d5d878cbf2f58ce256814b9d19d9122858609035b2c15e19e2da8171e36d0ffff4b33420d4d27233200b430307f1fa42459889b52f66e4282af8a84edb8fa

/storage/emulated/0/Android/data/com.ansangha.drjb/files/al/sound_on.png (deleted)

MD5 74485ec832d65f19b05f5027220df53b
SHA1 49116a6b85bec84512241c9dc6e511ce10bdb7b9
SHA256 7a89be15d3a268c6820f385ac6d4585bf04b45e2fdff37948b2a73afa34c1268
SHA512 9acf56fe90a687ae653ab5014aacaeb7ad6f76982271df5f63e536a358f3f53b63f7e865fd8180bee96980cbfd4ba9b07b81977f86c9b9d0b41ca1dac0556657

/storage/emulated/0/Android/data/com.ansangha.drjb/files/al/1718051462885_300x300.png (deleted)

MD5 745c5b41a748a9f3b8bfca853bf81ea0
SHA1 3a1880c974e21231915ae51e1f9a54dbbf6e984c
SHA256 a88ce0451c548ffa3174554ab7eb45991304255c6bf814b50a75aac61c0b38db
SHA512 964656234b27a90dc07b82bd48f22a72c00cc7a12e825d7f2dd9f30be904916e516245e499d46d581fd28003a63255e83f54411f430cb82b0d1b9eeb09d31c11

/storage/emulated/0/Android/data/com.ansangha.drjb/files/al/1381250003_28x28.png (deleted)

MD5 759a106983ec92f34344dc5064efd29d
SHA1 2c237ecc3297a144ed9eed2c4e0ce68d5bffa07b
SHA256 1b5b3be1232ba117e19d81f6d0a2d6d1d14ee6cf726fa2a2800e19166736ec81
SHA512 516b0053563a00690e503780c883d51b84143498305e2cc7bbee4489e1a06d38a2c637eb3c125b7d5e1def35e31a66434f403c2a7d9634e87c8b87f05a94bb49

/storage/emulated/0/Android/data/com.ansangha.drjb/files/al/of041bc1_e2342b32b73c1c65e766a53e9a58fc66bcc3480f_v1_js_load.js (deleted)

MD5 b10402771c2d3760a5c61270400a06c7
SHA1 acb822eae3a7ed66336bca5d6b5381cc7793e282
SHA256 f8b6bab74813f62c05dcefa81758ac9189d74a23e0c6b367cd65c15b21f3ae02
SHA512 521481528bedf088e00cba567f7d784ed54cf8f82a6974aeebffc38b43aeb439236f05aac1295f9b38c5781fa72dc94a5383101fff64c26b80e44d781aac6565

/storage/emulated/0/Android/data/com.ansangha.drjb/files/al/5db53855d5c36ae15d04543979d2c4d5ff336f96_v23_phone.mp4 (deleted)

MD5 4aac76eefd1c84f488b8e7ee6bf32a84
SHA1 3936d266436bbd8a322d2ed394473e071049b13d
SHA256 98df90919e457082bb0d4aa744bbf14f1332003b614c710401122b603a79b216
SHA512 f7986de54ae818e89c8e5e7772454909d540ac47ec962170db331509616028af35d2160e288f3c21ca86ac6027dc9827a9b2bb55c999384c8714ffea4ca8a3c1

/data/user/0/com.ansangha.drjb/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_6149e643-508d-4ee8-a445-e83102ce45fd_1718409523378.tap

MD5 3f7e355f33d99a63d736aa8256a76421
SHA1 64bdc1c6472f64a0de23626f64697ab25a21fc63
SHA256 414eac7191ce7678cf10263e396a5fd6a4e740c9d69c4193d13b75c151984ef1
SHA512 4ecf13726d42b688a26b03d74ed09cc7b7c06426a9c50bb7ee5edb173959045ab17b64d615f6b3c5d502f382196750c4e470759f0df8c911c875384b1e2a0490

/data/user/0/com.ansangha.drjb/files/UnityAdsStorage-private-data.json

MD5 16d3e6eac0e79222a9b368edac765b34
SHA1 48d5e621fcdd84108f5750d6905180b622715b11
SHA256 3a518b70256a689906d6740062462e3124aad6e55c5aa47339a87a56e4933ee7
SHA512 d0aaacf86100135241426e2a0e9ba44414aa456cd708124e2f9c3a8037e008870cbcb506d316e4fe7cfe1d6dc3073393989a6f3c29f7cfabd6b0f65057afe747

/data/user/0/com.ansangha.drjb/files/UnityAdsStorage-private-data.json

MD5 c22f017d8f64bd2da6ccbaf786d21a52
SHA1 e603943b257e3b7c630ae316f6b66dc6a02ef844
SHA256 e13a1d20bc1769fd2f64be432d5272ac1dcda0eef85f64a2a7111531fbd0abde
SHA512 3ee469e0771634d9594ec44f861cca6bbaf26bde044de6fc72ee5ebc685f6a2f09419e1df169f1222e72121a7b19987a9d525254ef24a11aa4abd4e6ace1d02b

/data/user/0/com.ansangha.drjb/files/UnityAdsStorage-private-data.json

MD5 f65351f709039b4d64a8e8c847871c66
SHA1 e806af4b31d714fe7cc013612011a137da60a38e
SHA256 a95409e1a6ca1662d2f473d0be88e3b1267684e0a35b1fabf984636922e84a1d
SHA512 3e19d8393211a00387c2bfb01273a2288ebec90719416eb03f338e7b811fed295b2fb8f627d5f1456965f4ac3ddfd9d83e56474d4e5c298936b555fe0514ba87

/storage/emulated/0/Android/data/com.ansangha.drjb/cache/UnityAdsCache/UnityAdsCache-09b7c50c34d3632510bf515b57a5bfa028dffe5072df3dddd57354c19cf7f2d1.webm (deleted)

MD5 74eb0495ef263af95e337b0130cb4bf6
SHA1 41351541633fa5cd821ce0e04a3d92c048e1c2fb
SHA256 540121fd1298a824ec222ad1b79147b0078916362e69fbe97eda30c2e0fbde81
SHA512 24230f91c489669645f5130358a569c3f9202800db7c9d75c4a97d9d48ae2894966829850ea66c00375c995d06c78130dfd238144aec2f08a334062c6b239fae

/storage/emulated/0/Android/data/com.ansangha.drjb/cache/UnityAdsCache/UnityAdsCache-0d95343eb04d246da5f214ed9a175b9ef38e4c4381b9807c99090ba17a1a382d.png (deleted)

MD5 7a962dcb61bfd02e4dffd215b73dafc9
SHA1 bbc0bdd8b0f8bf2736b414f61de34c34b2ae009d
SHA256 b85e412f96d23e25ea2efdcaa69eb29ddefcb5c75d8566c803d69be95c796b0f
SHA512 74ca201f5df16302ac6e638ec489676c33795fbfdee066329ac1b1d0b925751cfb967a962744c7c46eb111ae45c198e1770df5b936fda3a243a2808a5e3dec68

/storage/emulated/0/Android/data/com.ansangha.drjb/cache/UnityAdsCache/UnityAdsCache-146d3132eb99e5f2ce9f9962168e931ad0f26f2f78c2e41b18bdcacd8c759179.png (deleted)

MD5 292d779f232242840122877d6f234fe3
SHA1 80e2812db9e634fd7fd419d32eb3b156023e8106
SHA256 9b736bbbb9932c8d6f4cc2a8cc51cdc592f79cc72403d9281ed447984d2c0494
SHA512 4b410d8ed59fd566d63cf194219cd5dd88a2666b5672e1c79c1996dd5763adef6fc27ee3ccde581f2e30312c32d96d1def95e2bfbab8519b164b543b3b147f45