Malware Analysis Report

2024-09-09 16:03

Sample ID 240614-ys4hvateqa
Target ab3a63bfefc225c181656ea8ee256264_JaffaCakes118
SHA256 0cd1d6042f0ef661f9cbd9238b699ff1bde5d249db169a26555543515f3d64c9
Tags
discovery evasion persistence collection credential_access impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

0cd1d6042f0ef661f9cbd9238b699ff1bde5d249db169a26555543515f3d64c9

Threat Level: Likely malicious

The file ab3a63bfefc225c181656ea8ee256264_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence collection credential_access impact

Checks if the Android device is rooted.

Queries information about running processes on the device

Obtains sensitive information copied to the device clipboard

Queries information about active data network

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Acquires the wake lock

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 20:03

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 20:03

Reported

2024-06-14 20:07

Platform

android-x86-arm-20240611.1-en

Max time kernel

103s

Max time network

143s

Command Line

com.paprbit.dcoder

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.paprbit.dcoder

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.151.23:443 graph.facebook.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 dcoder.tech udp
US 172.67.182.4:443 dcoder.tech tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 api.amplitude.com udp
US 54.187.179.230:443 api.amplitude.com tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.paprbit.dcoder/no_backup/com.google.InstanceId.properties

MD5 ba69c6d62c7debb37f0659833ee4b3e9
SHA1 e32963b16cf485d14cc1dd4287b8b660059a1c0a
SHA256 6f71046b0cf0df0053acc2ffd1669c8cd7a6f9b7a7376fc98d7b8196a19f223d
SHA512 2f274133c50ac7871d6ec18da27a7f914ffeb904e050e96a4fc71aef7c28b480a629ebf76fefa2ff0e8c5fe3739f47c8ab1b4b8d1cabf2698ca1f9ee06b62c46

/data/data/com.paprbit.dcoder/databases/com.amplitude.api-journal

MD5 f9f2d53900df69e5ff6a6b0aff93e848
SHA1 1b3708c7fe473b98fa763c46d28712ffaac84b87
SHA256 d7f4e78d3ff103c1750fa6320fd6e0af0c268fc2f246c1381d8208b0761bd519
SHA512 c4fa9ae93900b70841c39c7c980948b843424a7728ce24eb88f573196f2ba29bc05a72fcbd002fdf9e51549f8e84f83d558932ea803e2f4d1d5e351fe86e379e

/data/data/com.paprbit.dcoder/databases/com.amplitude.api

MD5 fbe8c8ad636a2855b85323dbda0b24e2
SHA1 867e50e1fbddc54bc8682cc33e64ebf41660db79
SHA256 8e9559e0b02a13d8b508b3f59f0db6bab37e04ac663bbd2859213891073103e9
SHA512 5707ce4bb92e42845c1f8ea68734f17dbea1fe32c269e0b60376249adc4497891eb0bc2803cb139389598346b917dcc694e9b62f37ba5898bb5f1965ece4e6e7

/data/data/com.paprbit.dcoder/databases/com.amplitude.api-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.paprbit.dcoder/databases/com.amplitude.api-wal

MD5 517ad9a0a3a5c9916671a946061be430
SHA1 9b092013f2d20e8d50ecccbd5b9687526471882c
SHA256 24d313d7ee350512c1bae3e5fb7cedac448b7d2b5f495b0dd0c5428fa6ed6a79
SHA512 3337c0a0b43809688a6a5f6998a4ed335abb1f8f28d464c8703678e983100d09b20aa2d68b2a43b345abcfe18086f4dc40111da5698e4b14d7a5abcc26127d42

/data/data/com.paprbit.dcoder/databases/com.amplitude.api-wal

MD5 1ab114c066a26d65ff5099d62e635812
SHA1 7bc3c697820775cf08ab61c54255b4ace23e577b
SHA256 5739bcf9df64a85f55ac332c8798dfa1a009999d89f9f279d5c6b15d4893a5d4
SHA512 ec4bfb76f878d0e0f9848ac211c0952aed9d77d10c39c7899921bfca40f9f099db7ee3fa4a0041a2f6a212495973d120cc1b0214045161bb9e100e998e4d5900

/data/data/com.paprbit.dcoder/databases/com.amplitude.api

MD5 3de8f2d3ddab1bd9f86b2231ccdb88bb
SHA1 8e34e93c7f6638ff3754bc09163f4ecddde63725
SHA256 eb341926efae83d2960722ddc87f05d02d70e46550c72af63ecf07bf13ac773b
SHA512 2abdbc18105e11edf2320f9d7e552748c2b2278f77f0425a6ec7ec2f3c509c74b6d1ecd40dd5e1b31d330f34591e57c40bee6866ff76086fcd2d6e77ed3bb13e

/data/data/com.paprbit.dcoder/databases/com.amplitude.api-wal

MD5 40b73b5dfe2124c133307fbf7a76d635
SHA1 828887e6ec28e52876d5031876e35048746ad41e
SHA256 12bf3f139610b6b0af4ea2c010f3f1029a943fe57d98a728e9ab1fee44f432f8
SHA512 6ec65741078e7d5d74a5843cc072cf5116d955db33e38954329aa369e49c76a568b76cdc27780938ad70b0c3b4ea52fad92d139e70b3db287165769f5b6d2744

/data/data/com.paprbit.dcoder/databases/com.amplitude.api

MD5 2f77d6cc51fb01b716b11086ab018421
SHA1 6d18a19928fec9066fc1468e1f2ba51d60d42b88
SHA256 83e96a6f687fffad1f6369a5a960111de1d6a619bebc1e197cd0a51f6c767211
SHA512 f3c9a1a4a30bc56fe7a838f8a721fea66e4b150794df9c2c0d87570980da31c26394c2b1a6a434b49f89a4e8f65cab65819d5b44b4566b50cf3e475358597998

/data/data/com.paprbit.dcoder/databases/com.amplitude.api-wal

MD5 f44dea59545d0e478619936fd4e61445
SHA1 8ce1fdbd443c511844d1933579d68f4554f88059
SHA256 f41de5d32d15bef62e33db041e49524f4f9e701f561a2e1bf35528886db53c03
SHA512 fe5026fb3810a720bc3ce4cc041ab5bd06be8410a2209651a3ab8f45fc62246d8a918c20880d2b4955e7fcd3807f2419309f908a7ffb55969cb97a64df0bed04

/data/data/com.paprbit.dcoder/databases/com.amplitude.api

MD5 0a856bc7523592959bdfa20677aeea0a
SHA1 389655e34d60539519e4e0c61075e9052accc18f
SHA256 2437b79a5b9acd9547303a61fe8d174b29a80804911875c8cd16d87af7904746
SHA512 1a345d805859b01dcb172eb0a3aa6126b420b314cbbacf9a59d95671ba05289e9192f1ac6c6a12f30d0b2aeaacdab339563048763ec72b7b1859970b6ea05f64

/data/data/com.paprbit.dcoder/databases/com.amplitude.api-wal

MD5 33d127f60e8b84768e7d54c8a0665da2
SHA1 82707123ec38227ab904ff88deda129693a7ce2e
SHA256 3e6659e2834439fd0f02df012536fbba233cf9fb51618a8ac51095c0fa4bcd5f
SHA512 5b34f21992a731febef614db99d1d3c2483580e284ab19bc87e9d6a76ea36991f24a5cf7ef333457967a5424036b919d7e31d01d40978acaf8266eb8d5768bf2

/data/data/com.paprbit.dcoder/databases/com.amplitude.api

MD5 717dfde36f463c793726727fad102ade
SHA1 83afb023bbdf01e77d81e0bcf8313202ee067d8b
SHA256 f9984c1755c8e547e438679564afebca757729c6f8a72cb7bbe921f890260594
SHA512 4b7869b262ec90c6b6c50a5b0bbb76fdbb9858b594d05f244b3a5e99ab3236960cd4c6b4d2558a025dae1b7e53c9a822830f81997908081a44d06922e87c2891

/data/data/com.paprbit.dcoder/databases/com.amplitude.api-wal

MD5 a33fae0310dec3653bab65bdf41025cb
SHA1 6c297dc00ccfea8f6a7335eb17bedfc2cfdd7c32
SHA256 cd532f3afe5116c3cbd94e61317f146b97dfc362270b92320de9d675fec8d2a3
SHA512 d9e04a4899fb9b99b14803bea81946642e594e0aa8ca647148c86f10f99b62adf30b0bffe361d3d91058918d1c3c06fdc6dd4fe63b46b4df7fb7545ca45458a8

/data/data/com.paprbit.dcoder/databases/com.amplitude.api

MD5 ecbf210913fa4ffab7330c061085be32
SHA1 f064622aa4c15067992c2dfea0f0cd1546cc80e3
SHA256 a991fc04e4cfee448bcc4030fac029b7c4952cc206cd97a0b2726cc0072dceea
SHA512 5c63f19d3634f55d8f565ca123356a5eafdf3ab94e644eb432d3b1605f97abe3d12ddad13549a9856e8759a5d286a9d052d86b19f2d288001fa49a940d478e97

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db-journal

MD5 e2a154421fac490b44a7a4796bb13085
SHA1 04063394d673b93d318082681223767f90023c7b
SHA256 8040c3705d9225c6f58d72c89aee1bd9e3a79cea995958d4d26c26bf194b6739
SHA512 9b1f14176c822eaa23b6607034454f37f19d2b0895011c4a845cccdd6344c8f49fb8f649dd2ad304fb14039803a0f6ee4d27f80123ca35e9ecdde47c490f4c1a

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db

MD5 bc9f080db047401a6b7b8252377155e0
SHA1 7aab2815dc01cb3320ce5a800a9e94d47920b199
SHA256 cd3b28afea0731d9e03961189029b6547c45f3dafb929359a043fbafb614b946
SHA512 688bfde609e7759325b8e56b955bf02ed30d7e5a49e5c92ee2a484440823377e6a3806f38e05186e1f791ff29b035544312317e32407d22093e2dc2e69d64ea3

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db-wal

MD5 7aa427916642e8777dc60b3ca5d381a1
SHA1 24781233966c35304098f51837986abf2fcc12cc
SHA256 418806487be1e129b2ba98a5d14f77b6133875f27bbe522ec57d7e74b7addda7
SHA512 9747b4081a7a969523f2dd2fa6e4ef7bc936a602a06ef0b15f752e1d35d5f0cbbd2c5e0c1f0543cc4b9088b56f6e42ae893a2a66807305f9e3509110f7aefdaa

/data/data/com.paprbit.dcoder/databases/google_analytics_v4.db-journal

MD5 17c93cf6d7d80a91ca8b0a36a21bc5a3
SHA1 457746f33db8c8b1b191f45cbc2e897a828347fd
SHA256 200a716c19e212d681595bc9bbf959defb2d075585df4cfb020e47d5548c3779
SHA512 9fe1e88e6ce3a76aeb64e901dd2aff145dec1fe0991f3b3367312eb230f847be159cda50ab7c6b42dcfa683819fbadc2721e49961f7f6129eb51766ddbbeb423

/data/data/com.paprbit.dcoder/databases/google_analytics_v4.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.paprbit.dcoder/databases/google_analytics_v4.db-wal

MD5 d5c1b35286a1f377a517b0cf7953a9d1
SHA1 b32724c6369ad3c03d21e058e1ccfe825678798f
SHA256 eb1264dc9c8712deedccc05d4b5047dfab8184a05883c60f547cc16b09022d6c
SHA512 162633b046bd1b6e244c75e4a5b9525f7b43c3690123fd84ee55c907ddbdaf14be0dedcd8730b9425c141fb2b5eb793010a9ace48ef92745544e94cdadb3ccd7

/data/data/com.paprbit.dcoder/files/gaClientId

MD5 6ba9fba5f9f438cf81a52b61c34f6607
SHA1 e8389759c414203245a9a6a1de4a3ebccc0aa9d2
SHA256 16c60c6a81eb5368d7bd99408edec77ff1476bf4e0c65761a4e51df11b36f2b8
SHA512 3b11ac08c9a8a519e7b6bc61ba7a2e16071840753bee241d5c95a9b12f2368d036ec1faf11a9f43347f41cee324d7e89b8133e88b60edbbdf6ebba92d0a285d3

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2340008-0001-10AD-303F5006EFC8BeginSession.cls_temp

MD5 a921061905a7a05f670cfcd9d7286e92
SHA1 7c075fa9d7fae5ee89dd7109346d5cbba1f17acc
SHA256 970e7050674daed7124637528bbbc7f796c9fa89b43ca4ba5e4c802a92c6d092
SHA512 a421925b915ad4c317b8bcb6274a4c51d6cfb1b71fe2c4c537995e44a56a0c96e6f0ce5f79348acc5c622dda91af3b4bb5fa051e8445b2b0343afe08b0eb8cd2

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2340008-0001-10AD-303F5006EFC8BeginSession.json

MD5 39e53e2039405626466ae6383531bd09
SHA1 c85dd64c0f56e9b6439fb710d8ac5f3ae276b579
SHA256 c8b05e4bac08896f57654e842a9e6091a54f10010955c1ab5f60c78e94811d86
SHA512 118d0d176c2e4dce0b8b21f1dc3832f07a46e640746a23d55d613d9500c5e1e31844207c5ef9e253b3d50ae02c81a50665aacdd7a5ccef7257a193a37bd4ba75

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 b8573ee57d8633c4b07e5881c4ff6d28
SHA1 6b36a2707b18f5825bee38c0bb75f322ff7ffc6e
SHA256 72f5a8f25a370f08cd0d605a0611e1632949199c4726ffcb145d747007798af9
SHA512 4f6257216bebdc1fb9ceb999e5f4f7ffede8ebcbabcfc9551607b628631498c8a21a3c82a2eefd2d73964250dd2879825474e2a5a2a177bb59daccc3b49c0b26

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_9d9ee48e-0e98-4854-a5bb-9306e3e17952_1718395449163.tap

MD5 61a8e4fc87ff1a5a4dfe55eb9d405a18
SHA1 1e9ed1fa4c7ec5507eedab3aaa8fb8876cd7ef51
SHA256 59f2449f603436969a7e0385088078344fd229fdaff5d149355290434d93d0c2
SHA512 b9d9e4ebf4fba4f5e72be21052fb915370e31ae1cf080b3bfe38023b61bdca1769eaa107e545e495709818a23abce0f5aa871d31cfc71bee440fe5e40119f078

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2340008-0001-10AD-303F5006EFC8SessionApp.cls_temp

MD5 14ca75ddb7d15386eddeedcbe7c8383b
SHA1 57e465a940e72cec5615571b55dcc3709ed533e1
SHA256 c9f4665e444054c1fddef565bccd1bec66aa926b7189711a9dd8e9b6578b23e7
SHA512 698937ffe1f9d62117af458bdc65828b7a3cdf51d7571a786e74f2aaf1055bfe1fc3868add1ed74aefdc9353ee6e6e3c4e5cd0224f464cb7b3040dbaca2826a4

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2340008-0001-10AD-303F5006EFC8SessionApp.json

MD5 cb874f67fc0fadd70b71cb17993c9db5
SHA1 e27cfb2f192c71cd446bac094e685caacdf8bffc
SHA256 203a20ad3ecbb4d63ade29542ce57ecb6ed6ddd84955fc7df74472aa406305e7
SHA512 70fd85e2db496bd5181a9d62485036b90a5c8952a6e5821552786f98893bc8561008049688ab65a60e3e81e6d4c63cc0c58e3d68037381a149f042eab4d6edd0

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db-wal

MD5 0aecbebc5f6c20695fce6653554b4b80
SHA1 05cbca0490ca3b8dee46cf07e1ec17ef45ba5b18
SHA256 8f7e23621135cc0d6837f7f2044e7e3fc5c618e6391e1255948fa243e99af5c1
SHA512 3447c8696ac69528581c05db024932358c008a76402a24cd94547211867cd1d3f2bdc52cfeeb24d4798043adda9a816bb5d35eb998c607518b9da162c76a4a21

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db

MD5 0ea367b643f440a4351d69ab82b0b34d
SHA1 24f501bfaf67381621a7db5a3a16d471bda55dda
SHA256 093d67ba0a3415207294687421fdd37cbd47f32882aaf2b08816e3fde114c5d0
SHA512 99de45d6813b81d9c70c81e07ee21bd9acb593bf8047bc4eef2e367fd0ceaf28cf4444a348c5305a07ca2cd61e80b27acb1b6921d8f0ec2e44d28ed8c870e4c9

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 408bfca239f22c717c1ac0b81cb77cc2
SHA1 c1bbd1103991c3631c6cdb920ba8c492e1c68bd9
SHA256 1d7d3b5968534f8100f27309cb4fa4a7dac36c1bbf134cd642f049f843b0d710
SHA512 d08cdf39822c9633e38a7caa6374b6c4f278604ea848cd6711b7afe4b29ca3938024e848c130a81e5b5cfb6136b1e6a626a1e93ab6a81a187c93ee3a0f1910cc

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2340008-0001-10AD-303F5006EFC8SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2340008-0001-10AD-303F5006EFC8SessionOS.json

MD5 93023624eb8dff5c20050da136aaae0a
SHA1 acfd1ffed752c28fb135ba83c0c6345ddf2f6995
SHA256 968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c
SHA512 bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2340008-0001-10AD-303F5006EFC8SessionDevice.cls_temp

MD5 cf9cb0612d588a1f71b63084cea67316
SHA1 3d035bb92fd3f8997160cf8025c40239af74d3ca
SHA256 0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9
SHA512 70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2340008-0001-10AD-303F5006EFC8SessionDevice.json

MD5 75db92d50c80a89e068550028c62acec
SHA1 d78ea55f5dc682e4da456d26383249f608fe894f
SHA256 1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2
SHA512 dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db-wal

MD5 1caa7277a1271b6e61b94a0e9bf96fc3
SHA1 963e8e1d4512bfeb8b2c2e5d99f7860f56fc2932
SHA256 8010462d4ca7cb256f57df0f9ac4e4694eda4ca202b8c2435b148fc0a4e1e739
SHA512 78e5f90ac032a93f64a336c0c9297cb2ef9bd9b5890538eb5a26964436c0f351047c1144020edba0f6237596e4561158a17664dc19309d4b28caa21e3a6fdb41

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db

MD5 ea3fcc5f926d3c338778af2326d7ddea
SHA1 731c6c5e3abd0698593354495f85eccbcd7149d6
SHA256 e54121190a80432e56b9622f84c9d648afa94ccfb45b7e11e7783fc31c641b73
SHA512 919e258effc8f98511abba4a952e086ca5df7f00a96f64e9dab84b410b69776bff8c9d179254d3322541365538850efbf6522422369ef7465ef6e5fc15d226ca

/data/data/com.paprbit.dcoder/files/AppEventsLogger.persistedevents

MD5 218743d435948f076308f8d99c2d917e
SHA1 8609f7046131fd549e92bef781a512267c673bac
SHA256 211e6c4e12fc3f05c379822299ab5427d728ba83544910ece7560b5e845391d6
SHA512 e66d6a2907e778c1e6e949a17aee60f1c29a7240772c3b545765e3d24f9a3f5c2862ee76786dfa9b179eeccfef2d905829af0b89a8d5052060cb3a3a833ca0ed

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db-wal

MD5 46be4033ebb648860057b60e53a3c889
SHA1 bf8bb46f4612cd1e3b5e6cf38f94523e664f944c
SHA256 f7df97f75db6e47dc4a82929cb6a1f88d4b1c267c5bc6b405f5535b27cd938e4
SHA512 2b7d2ada96cf0959586475bd39067a5c7e366fcfbf6805055e837ee86f3bc638fa792af4bbe0a861b74960433d0315b483f1664397f531dbd5a5ea2f87741770

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db

MD5 ec48369a01b1e09021f30383e9a84da5
SHA1 26009312e237db4b0523fb5f82252d78812b7ad0
SHA256 d085b82d18a8affa11f2d123c2d9b83385bc28fb96407f9ca09a2aa8352cdafb
SHA512 f06d0ce035300dba101e17110092b2fed533c6a535cad10a45e9e6681e02de61436864ccb4376d0108fb411c8cad5b5bcff2fca4156af41ff5b7070bfbca5f04

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_0a9559dc-777c-40be-8e17-ab07f39c01f3_1718395458700.tap

MD5 5878b823a1261d3dbf07f8d7668301af
SHA1 f96b3bd9d33d7f67b51c78672383eee8ee35b51a
SHA256 128a05fb269bb902229010e3fb7e2a56b161315d684b85b4b257f86a125938ad
SHA512 8a8fbaf4d1aea4dfcbc4ce808e8b86bf4c2cc4505fc89b43c065be85567895da92062443abccb11724f0dd0c7977587f0aa02f62dd8da4e86ad9f1e0b463ca53

/data/data/com.paprbit.dcoder/files/persisted_config

MD5 97c9b57b50d32a45a396fb9371ab59b7
SHA1 8da12a48f2ef3137ef9079a44d35a6fd321c7fa5
SHA256 977cab61dae27c51baa842c17eafa1de55fc59922c7d2ae77a0435973fd7a1ea
SHA512 86ead6a0b37455ff9d6adce9df7f0c2b137cc74de1775f053b0f93fc4204297d758db649b886504d647ea654d5bfc880dbe0066420a5ad782443a17376bc7f41

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 20:03

Reported

2024-06-14 20:07

Platform

android-x64-20240611.1-en

Max time kernel

103s

Max time network

145s

Command Line

com.paprbit.dcoder

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.paprbit.dcoder

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.221.18:443 graph.facebook.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 dcoder.tech udp
US 172.67.182.4:443 dcoder.tech tcp
US 1.1.1.1:53 api.amplitude.com udp
US 54.213.132.14:443 api.amplitude.com tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.200.46:443 tcp

Files

/data/data/com.paprbit.dcoder/databases/com.amplitude.api-journal

MD5 f6c132b2c68cf055d41ef4c3f279cb20
SHA1 0eba54437a6b4717fcca06c2c4bea54d7be5cc19
SHA256 fddefe4ea403a0148f0ff47c3885c7ade0c03d67120e010759b7e459eba16311
SHA512 5a16676d4fc1de02c1646c6c31fb9fa8165a1e1af7e0d743c509771479e1947d8a98ac27f28fc1f64f13bf4ddc1b15727fff4612887582cf66df8b8b17efa9c6

/data/data/com.paprbit.dcoder/databases/com.amplitude.api

MD5 e0bc2406c5f5cc7a501722d7b8451e4f
SHA1 ae2ba3bea985cdc66b04fda425ee088bfedcb4d3
SHA256 ba8ab6772531ad9a6661ad1c92a65df25178c91b8bdea08d7032a9d1eceaca83
SHA512 4dfd3ed3f6c902a31617142c165da7d165785c5aef2c8a9b53175437fa6646818f6611c6acd183ffb2ff04b89a99c32ba8258b867d7c4e91e9f0d7a664265f53

/data/data/com.paprbit.dcoder/databases/com.amplitude.api-journal

MD5 9bf7e9267d5bec82a88c072a3ccde554
SHA1 bdac11d7c08b626014a06ca197994575f2fdfebf
SHA256 c94feae6e250551dc1f2765769b0a1840f7ddc881fa7e89f3bcf4b331dce584d
SHA512 01c4d50f4c85a37247e9c33f907e943859f8472ae2ff2f863f2dac6687d55dd630e958d5180758826db894b4adeeeae6405de53dd0f0498d0ffeea96b57008d7

/data/data/com.paprbit.dcoder/databases/com.amplitude.api-journal

MD5 158f1a28107beb433e0c4af6f15d493d
SHA1 9e84ccd236857a97604071e9ac9ed04752873837
SHA256 6bc16199de0fd4384192da82743a3144526778850592199bd10edee70b38bd12
SHA512 a8df90463b06b7cd600efd9d52a8c27bc8dc30c933b10a2ff53ddbe4acac81342328d671c7bc1cad162d30632f38aa9634d0606d089ad489da98f3b618334577

/data/data/com.paprbit.dcoder/no_backup/com.google.InstanceId.properties

MD5 1b9b02087c84049123dba6432cbb63ad
SHA1 fa0749a7c934123d4b9c6734bc8459086695816e
SHA256 0535c9cf984b764130c05c9aa3d786cb3489b30f24aa0b54b3e7a1675c145f84
SHA512 470c489f46ea1ab354bc1f9bd0a550f2e74ef32308ddc35dbab216e4d7c1bcf49e67562a111cf3203bc5937a7d710c375ef976abfebc385867475c692470c040

/data/data/com.paprbit.dcoder/databases/com.amplitude.api-journal

MD5 9d23887600a4a02acbf5eced72eec1a4
SHA1 a182a0355c62649cc6359f8e2467eb436383f598
SHA256 c580904c89775c6a4ea894064d66ebf13826a707475a7ae82e4ceb79c046fd5f
SHA512 ce1616926f3572cb7b61c28c4451c70da924db7d537874e08dd5c96a440f997c48ade4eacbcc9b10cd4bdef0aca641c89e2a719d3e95f959a0f8f1a710233afe

/data/data/com.paprbit.dcoder/databases/com.amplitude.api

MD5 ba8bb43d1aab03c37ada980333c42524
SHA1 0462465d927a9f7ddd2b4f369ef29185a52df847
SHA256 ab31f7ed6489545799e91950db3ff49cd77c6450b79415343a3d8dccc8498cfd
SHA512 79ab64045075b82d6d37970b8adf972c523ec077bbb8404fa25e48aaac5601d590e63882f13fd844d96c5d1889d2b3b078672ebaac8a44000ac77437fdf7722b

/data/data/com.paprbit.dcoder/databases/com.amplitude.api-journal

MD5 75d02b21e4650156a0580ecc5c99b1d6
SHA1 bfa079aca7467c81de00497c50d08ac7a1d55268
SHA256 8ce905b5be7b6a8de71a6d30a7ec20f39a2aadac4205d58391b47129db6cf749
SHA512 975137cbf5699ae2600f50af105f5a3221b7fe690ebb2818c34b1b54e32bd82f835c7d704a3b64fea9b836d63955980ecade400b4757cbf3b4f218d50791c590

/data/data/com.paprbit.dcoder/databases/com.amplitude.api

MD5 27964f6189b1a1ae35887ad22d4e8488
SHA1 61bdf2e1a362779fbcd5993d07062ba241cc39ad
SHA256 1ad81f3f95ba837b113aab8abe5ad0baad2ebfd637030a96a2369013da1df4c8
SHA512 99ce35172671b66bd4dcf429a89b80ba7fc6d3ab45e65ac7de9d324ff87de41e73aaae2047dea059c593e1b2ab66d8d6a936c16eef19f1efa1b18574a8942004

/data/data/com.paprbit.dcoder/databases/com.amplitude.api-journal

MD5 26ec1d931d36efe83fa59e159977a1c4
SHA1 a99e01da2f8f4cbe6f2f5c04686e8b5a053b7183
SHA256 eca90add1c299c693e72377bd27f87f56541a4e52bd5ec3038314d17c6b8a9f8
SHA512 3942b2e54697f6d3d23d21b69facf9fcac38da94cb253d1e7199ad3c612321cc003a87ea1ab31c0697e7c812bb958be71d3b62855e71b51cf7ecdc6a11d6f190

/data/data/com.paprbit.dcoder/databases/com.amplitude.api

MD5 afa1d2399e0c713e0bbc60c21e1ba467
SHA1 39f98dd871cced34253dba79d8014f2737e8d1b4
SHA256 7ee6278075ed8cbf603e50f63e721ace9d3578838a65b2961a57ef95158bb546
SHA512 9e9c24b8aaf238497da928363fe9670a71d34dfcbc1b4a74c4c32d7020994474a4fece8d08a4d85a6321d98abeadc0e694eed565d0472e64dd18963d64d5093d

/data/data/com.paprbit.dcoder/databases/com.amplitude.api

MD5 a7c5ab5c9b4a53c7c102493da7361982
SHA1 6312bdb824d06d050fc55284107b0c8ad801c3fb
SHA256 e7d320523735b945d8ab1b21cab0dbc0000bf7259691fd0f562849c2c3434173
SHA512 9b0f470383d1132faec80f0544a24ea77d439dc397dc882c37dcd051b0d1c23e5f2505271d7e02bd86bdfa55cb2183fdf0a84823b556954c73258aec855c0676

/data/data/com.paprbit.dcoder/databases/com.amplitude.api

MD5 af7fe4e609ba1d1299d0aa1a99b0076f
SHA1 59776422fc6c6f95ebdc15aff789926707a42484
SHA256 34957e2f69d79be12bbdcf46d0b8b529401d983eda1d1e14b643eef932c87cc3
SHA512 5bdf150dd4b13e3f4d8b3a012ee1a39508a42b8f8e1b9926c1fd1006fbe8bea80dfff75294f0203a46e453f63356c59418c63885de304856b72cf9db90f1b3c5

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db-journal

MD5 86862a399bf3224ba35fd2398229f283
SHA1 77514e8b2c8dfe66a19c77431ca0139400af33fe
SHA256 fddbe3534eb5f9b7a077041be44234b3b2833cd2690dd9a005c8858302e9a3ba
SHA512 a8c6e7d919b8a97c4591459dd515f0b5b3693bd899dc79c2a46c1efacba2d47482b2b5bc02badb34a0c9d71045eb6a61c9bac1386df0f14e3c8c227070c390f3

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db

MD5 d85172fa444eb7e6ff47bb02690f8ae2
SHA1 2a70236f3479ac4e5e8ece3a92687876c2e80152
SHA256 764151ad9ccdc1bbedc83b856855696148815b3cace82f56c36799005a71749c
SHA512 a43772a69aaa6254a194610f0d0a36faa263f1179a8685248c7ced7217f6462c7e3ed8aaea7d57e73d045d85924400e3cad3f92bbe5f42b570c3a13e3a9cf438

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db-journal

MD5 7aa58b01a5fad31ed8fa953663be5216
SHA1 b4cba385bf248fd0c60af9a0f05d1d02103a2d12
SHA256 29b970f8f45dc92faf281a26cf38bd6de04043119a466dfb08f539287938aa1f
SHA512 144625ef5930afebbbbf4cfbe2ad620804d18f023c025041f8fbc004cc4523d69aa4ff0e4be190427d5028f73827129e7ef7bfca822b0d7ab4a2e404343e757a

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db-journal

MD5 3ae6c2a21aa472c604c7253f8c38cfe2
SHA1 3a3a473619be188dddac4f24f87a22d60c3cd233
SHA256 ac0c2455f53f3a4671cacaa2733d3094a3bb7c7af59175a5c4496b88b0c6d307
SHA512 4e116e587f5576a6f1f06df6bc9fd3a532c6190eed0613af971f20a77e4b63c2b2154d62146295bd8e99ace42d386f8afe2c3dca90b7507ee10b3520a28c6d56

/data/data/com.paprbit.dcoder/databases/google_analytics_v4.db-journal

MD5 5b366294e795eadadb64ef1ee5003c4a
SHA1 a5fc2d014b970b6c5252645791595b8f455e4ac4
SHA256 e0d06f0e4deadaa52562061c97f765385d875eac37c7f8a14ce0f73f06b6fb4b
SHA512 066e9a83d305ff89c96c55ef0c134a5bde20c298cf419c5a4827780a8253eb71388b6778f70b061dde5aedfa4a100cefef6c3035b55e9abc044008475c227892

/data/data/com.paprbit.dcoder/databases/google_analytics_v4.db

MD5 3b14f6b86612355fc0d2e97a2d81eba6
SHA1 24ef0428f501447d0ee5cb5ba302f4f27b476f11
SHA256 56b670606e6caf4a1900a7c929ec3b1c51f3c0a76d65f4b5f40eca5bfa99484f
SHA512 0e047d9ccdd484b2eeeaf93b865a425d894d30f722d4e92d219afa8e578fdd9da95d1317c6b007b90ccec9044b3dedc89e84e7d2658f0bc25ab62bf0e75374ce

/data/data/com.paprbit.dcoder/databases/google_analytics_v4.db-journal

MD5 8b08fcecb2f63857669d3007d024e7b0
SHA1 bdced0a917e163078831b68cac45c8c02b661d04
SHA256 e956abc15a8ec924b5ed801f09306cc9d3012289db50213e5b7db9f16497d81d
SHA512 3f288825833771fe0c5e5539f7fcbc2ae8aa885e84957b06d5fac44ea8b7f6e4b6851297e89ee5a036d0a2d6eed2eff8f742c9168386d13f0f6694575f96fa65

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db-journal

MD5 18c4026b87b9ba41178b1c756c03cfe8
SHA1 14ed56961d8c708c12d4386445a8750715c258d1
SHA256 0bd2ba6259060481928360ef4137b65a1e82e88a85468c1d61b5431aac3b364e
SHA512 ba335a00bdbd1509fa3d1b2954fdef5662933c6f6477ffe8f026b9afe68c7b15585f5fd3b5c36ce2538bf144e558ac881740072db8357d46abc9b9163682fa80

/data/data/com.paprbit.dcoder/databases/google_analytics_v4.db-journal

MD5 675b98dbae171bfc5520f7fe0d6bc562
SHA1 001464fc8242437ff9df58426186f0b52ea243a9
SHA256 10ea257a2529bf096122fd0cccab3f75395852742cba771c50992386fcba2ade
SHA512 6a1ef35693a1e759ea24fa95607e137f424253418a9b8f6e24b43a8956dbaa90f8cf28c9ecaecae5302969daeb80248bb2007ab9b43e9103329ba78cc00701d1

/data/data/com.paprbit.dcoder/databases/google_analytics_v4.db-journal

MD5 0776dad291477edff5770bfe791ef90c
SHA1 a4c7ee6602dc7127db055f6153d0c998210a88b6
SHA256 4bb8250f2963d30be168c85f380dee36387c52a88fd36ad0b01b12330f92e138
SHA512 138968659ce8dcb2ee34148b7073ccf1ff2cd6abe8a16eaa8af5e5c8b989c6c8ace9121889dbb1d6e61b55cac79da192608185008cabbb985ca277a5012ee323

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db-journal

MD5 7155d18bd5e6400c3eea4b4a4afe8400
SHA1 ae84957ca964b07eb949da33a006f914db5cca9f
SHA256 cb92b7ac99554094f968ab4a5816342221caf2c927a0719ae300f9e2cf436110
SHA512 4e851c31a5f9587bb7c7f387e4d45a6c4e9808ad5bdcf7d900fdbae490cf746337d0d37931e7cceaf4050579a929073695d69aa242278411345a70a5a00f5189

/data/data/com.paprbit.dcoder/databases/google_analytics_v4.db-journal

MD5 229dab57b5721e96dea6a996ea9b9ea6
SHA1 a210860e49271f77920e6bcf60caa00c6b9271f7
SHA256 6b7761a7b8da9c87eb8bd95b0b0698833b00f5452b64e53152a93d4c7ab61e39
SHA512 5503b5cd438f53791f5a4d793879d080783a157447269cb7dc00834a7f1f6428e847ee1171e883ad11a1be48325d2e4ff3902ec80430956d98829ebe1463fd00

/data/data/com.paprbit.dcoder/files/gaClientId

MD5 db1dffab62c731bf811d76b2152bb877
SHA1 11a4032fd1f42c208f0ba358d3a663c3e6fcb96b
SHA256 924bb4f08be617a3eeaac7e9e42309008df8c412c1e5aa6dad00b01f53d1a492
SHA512 9208b42840a053ea2ad48fd13f89128f9810b6b1a66acbb460efa3055fc8d26ed8fb8d1db3b69beb0783c78d213c2bf83ad3becc6893e452f7058181f410e713

/data/data/com.paprbit.dcoder/databases/google_analytics_v4.db-journal

MD5 148cb145d2c3ae04bbe61dcaa268816d
SHA1 160badd0cf2c74b1815b6497deb00c80a1dccdd9
SHA256 df3f59d97b931fc0790f52a871bb9e45582ba74efa4e1a94dd9e26b8b18b51e6
SHA512 567d4cd06c41f596fa8afb18375c21eda242a025fef6fc945d4313ff51142d86e3c760330a9d7dea97bb1976216f9b865fb8e372ead9dcca397ccc14915c98b0

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2350185-0001-141E-34405B121D1ABeginSession.cls_temp

MD5 b0ab1f189d88ee42f2584de207a00833
SHA1 a8878837d49c11263ad1294fa04a9b80c6072a00
SHA256 273ec4f2c033b19b1cdabcc7d9819cfd0a22825fd983874687bc8e86b48ecb65
SHA512 e571a0c2f1edbc563a47047b22ce1f752bfe100d98a7e5c1518a04cba966ce0cb6ebd3fd82b018f07f46a99d7ef2bcccad172eb765fa512e9c2184a6f84db173

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2350185-0001-141E-34405B121D1ABeginSession.json

MD5 836d4d1b196f7daebd329ea1e7d0e75e
SHA1 cfe6b7b7a76206b4b133d924da0232a81386e2c4
SHA256 75958dbcc9f531ed7d164dc8d934d929c8e8a7c3d4d46810299c51c5ec3aa99e
SHA512 5f0c8212422beb3c6c31f089ff3379be58184ec1cbdd20aa7909b74c29b31bc4f80d477d070231d75dbef2865cbdb3945c62c6242ab6c66524520de9703e11af

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2350185-0001-141E-34405B121D1ASessionApp.cls_temp

MD5 1183aa75622805e7469fa4ec4ef39c83
SHA1 22fbcc94b04c709b87ca43e2f528460ddf42cee1
SHA256 16a602d02670553eca123210aabd914ad04c855baa0933682d9af74ff2732e22
SHA512 a5865d24c815d90f75c0413bd329d7cf7de131e93ad21c49301c6e474b97daef4085b6865726289abd0494f160c2ff0b4a30f00d9c04b2c8de196316a21b2dcb

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2350185-0001-141E-34405B121D1ASessionApp.json

MD5 65f603c3afa764c1ec0fad99f494e946
SHA1 22bd05b19635f65b61ed7eca47e78ee7dcb93d1d
SHA256 dd6f4f4fc5a933a55b2472f59bf6eccb87f256f4812e3252fb5044a58dcfbd11
SHA512 7958108be414f0cc427731fca5d15ce5053dc9b97ae7d757d13536afc9fb1b13b0335f53f33c63821dc0c472c1f50ceb233f38317b4e2a11667b77500ce6a848

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 be8d7498f1cade07ed8712604040da3f
SHA1 aaca94e7d59bf12293b454dc9dd96bf459df9cda
SHA256 292d2b9474aa34bb8351a6966becc17c9afe36b8bcca51a0526866cbf2c671e6
SHA512 58b308673b323f34efe635c06fef89e1887a3382d3d32527fb74bccfe55133d05e807b1958f1f593c6dc2c0572fe93da64e21feeed627ad7de055050a28666e7

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_22ebd103-8c87-4b63-83ec-21a0cb5457da_1718395451581.tap

MD5 a1506ce74fd3bcb3c9ff22cbad806d71
SHA1 1fbe3da6debb9030f276d79766b285de19cb49ed
SHA256 9234cb6ea06d7a64ad125faa0272667ee1cfe9982dfc9ebb64c27577e201b44e
SHA512 265dd9ab85f8f22385ea78fd6d6bcffcf0098f72eedac282dc6991f1872425ab3d5d7fa7848a5dcfbad58675ab851991cdcf97524337f66b3f552ce09e046874

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2350185-0001-141E-34405B121D1ASessionOS.cls_temp

MD5 2566d27ce8c28d8961f082c375d7535e
SHA1 92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf
SHA256 5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a
SHA512 1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2350185-0001-141E-34405B121D1ASessionOS.json

MD5 5caea4b68c57072f7f52a5a41720566c
SHA1 4d9712f1702c7238949da43f7d8ae6efb233a666
SHA256 3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363
SHA512 fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 113209295605d061b91284f05eb28835
SHA1 f81455a57125418fbb7e94681009a3cb44a261a3
SHA256 42ea71d7967c5fcd1b5db8e4f9cf6d850c128f3f423d5e44726b61d7d8b2d0b6
SHA512 1b06c72fe6f82422dc3d75d5988af89b7dedc78adff94bd46fb60bde4541f0fe15b8dbe45281c00334da4137afdaacaaad7b81c765a688d646c15df4e6b307f8

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db-journal

MD5 f430b69993f1584c9405ad2582de1def
SHA1 14aa1630593e58f421912a7e8a40636bf98f7abe
SHA256 170637252636005a3b4c00500fff8003b5157880a745034032ebca7b6d4683d7
SHA512 e5ec5c9eabb79cf37e6830d418daa351e87d8135591960826663404a2616f0e7a032676c5643208f90275e9301f0baa2604cdecf37af7da141805e0db24e73d0

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2350185-0001-141E-34405B121D1ASessionDevice.cls_temp

MD5 2390c1f21db00b20c07107e3ec7275fe
SHA1 e663a646460acc071aebee942cc1776c23d77655
SHA256 d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699
SHA512 43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA2350185-0001-141E-34405B121D1ASessionDevice.json

MD5 afa07370d07ed0a8ac9554ee7001bb72
SHA1 d1e9de22fda1295087525ff3a377f7d7dd410ac7
SHA256 8d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d
SHA512 a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db

MD5 b85feedda18c19dbeb68d8d9ee57b0e1
SHA1 6f13a26477cfccbc9c9ffed1b73fb7eaaa974d94
SHA256 e0e93ac13882d59f1d1a9da82dcc40384665479f020cab9464dd04621c9c2e29
SHA512 192130680b7ef7d5c5c408f12d068c793541b8e9f0ba1786cd3844ed7e4048e5126b8eca0978ec7a9a0d8bd55bd25b26555bcbbad8c5277f695a936d4d976418

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db

MD5 a3d3e2cfe34edbc3bae0c395d8605bb9
SHA1 3c7a1cacef38d2dda9521722567dc91bf1a77ae9
SHA256 7dc53c16b1ea83af914344c8e6d55eaf2db32a5dc0496311166dc802694e4e28
SHA512 b6a38f6f6424a0c54cf08cdb187a736921811ffbe3f424466047a67a621e4c76e4e5bc7f69b524e2f3264b016a0fc4aa980534954e211525542b2cd291dc7fe5

/data/data/com.paprbit.dcoder/databases/google_app_measurement_local.db

MD5 b580be5abb8d97252f1fb6d819431b9d
SHA1 bd7f81112a88c230aecba09750cf64796c119205
SHA256 77d5b29fb379621d782e159094e9aa43318be0fc007f1d6ec4cba6a43103cb46
SHA512 028cde2f5fb669ab81d155eacd296ec43bd8af4989dca3142fc7e71d5b97d0a85b276483f4ccaf96bcdede5bc7c3eaaf18b22cc7190c6bc1107b9ec6f5b8401b

/data/data/com.paprbit.dcoder/files/AppEventsLogger.persistedevents

MD5 218743d435948f076308f8d99c2d917e
SHA1 8609f7046131fd549e92bef781a512267c673bac
SHA256 211e6c4e12fc3f05c379822299ab5427d728ba83544910ece7560b5e845391d6
SHA512 e66d6a2907e778c1e6e949a17aee60f1c29a7240772c3b545765e3d24f9a3f5c2862ee76786dfa9b179eeccfef2d905829af0b89a8d5052060cb3a3a833ca0ed

/data/data/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_912bae83-545b-4b3a-9083-43a38cc69d87_1718395459763.tap

MD5 ad73c5d43f05ae8b33740f5a66e33ad6
SHA1 8b5da9331f4722e66f328baa5f5843202fb7cfd2
SHA256 6083df38efe7c75d0bbff670e2cf7d3c1eab2f3d7bf47cc1641952ea6be2a470
SHA512 7aa529f28e49caae20395aec4a46e3c2593310c9b8cfc5ec8621802be7dfea4837307977194bd9babbf7c9964fe06ab6ebd9e9371e936d70dde4b17421d1f31b

/data/data/com.paprbit.dcoder/files/persisted_config

MD5 844dd56ab7165019077dc06d547200f1
SHA1 c8f997aa13f4d867eb7b6872d9e3ecb14ce2dd05
SHA256 1cc28b7fd3b68cbacacdf4e57823d81a6a6c48099a073aadc0895ca3ef937223
SHA512 0b47d59540fd38706cd899208c6f891e7d90267e4c3b5a9336a7bf6719b5587c2d3fb6139140ac3c7d93dc77c4892784e2ccd07e80d66e330a60c547e58e34d3

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 20:03

Reported

2024-06-14 20:07

Platform

android-x64-arm64-20240611.1-en

Max time kernel

103s

Max time network

144s

Command Line

com.paprbit.dcoder

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.paprbit.dcoder

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 dcoder.tech udp
US 172.67.182.4:443 dcoder.tech tcp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 api.amplitude.com udp
US 54.191.74.208:443 api.amplitude.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/user/0/com.paprbit.dcoder/no_backup/com.google.InstanceId.properties

MD5 96b9ba5dd538c078f2a1078192015c1d
SHA1 1098ecd03b849ac877ef9c015a9987751311532e
SHA256 8a59471d3ad64f56de89e4f81c7d7468f512c496e4ec8a55bf8cf285481ea760
SHA512 10e31fc9efeb0f749768cbfcf81251384ac4bee47749adb65c063b8e79d1ae3b2d593d1a157e6900e5d605ec9163ce6216d7381133d2299e70bdb7241602848b

/data/user/0/com.paprbit.dcoder/databases/com.amplitude.api-journal

MD5 eac8f2f051ca9778b8cf6bbef1b7eca2
SHA1 1c0fad4201994e89b2eafbf34f6f42251bb7334f
SHA256 de1c8a66e45778b701090a4990a61b8d4f4cddc19de145e10c279d81783f2106
SHA512 6cfd2633168332ccecb441196eb1699989cb0289eb069dcd6137c25798f7aec6d16e23341aa414ddf1ac7a4a4789e3f9efbf35eed0c79f4db5717b6808af195d

/data/user/0/com.paprbit.dcoder/databases/com.amplitude.api

MD5 71f604af614c42117f83d7e99da922cd
SHA1 d12eb5e7cc731d30211f9978ebe7aaf812fce92a
SHA256 74671d184e8f12be8af74b14b007830878495e6ec6e175607e47966bd90f17ec
SHA512 42c49098152b47d75a9651917ca5fa9bc2c53e1ecc92d897fd2da4352cba34ca0f51e5e70d3060c7a7a4742fa1c2fa7083904b722ddce26211780be10f23a0f8

/data/user/0/com.paprbit.dcoder/databases/com.amplitude.api-journal

MD5 087e08fa9fe73f30276deeb4905e11fb
SHA1 2d6c69b37bde6080876c3df2556d2555ec7b9e17
SHA256 5ef1fcd0b970dd442e292c8029aade7d1975477f2057227d284c1d4619d73a5a
SHA512 4cb23791ef49303bdf178cef8b453ae99ee6fae567ebc0e8ec0d1481d87809d16f3e8f4dd3241f01f6f7b3301ca8da33868baaddeba4789f536a6914e3f48fa1

/data/user/0/com.paprbit.dcoder/databases/com.amplitude.api-journal

MD5 98b06ad173ee7604b49873e823b879b9
SHA1 36de2a2be6ba5a00e2f03da3fadcbd9864f2cd5f
SHA256 a65a22779e67b6c228db5a1c7a9a7d0c22a96677d0e3ba39c8dcebcc1eb7ff7e
SHA512 2211844552e2de23dafc065222a935bed8162d063ca905815bb0570fc4630f6355c3450b4a1b91df4a9ff4d842942e63c77e80ddc8b0d997335dab3b9fd0e694

/data/user/0/com.paprbit.dcoder/databases/com.amplitude.api-journal

MD5 485f0d91e6c27a4f37d768713339c7b6
SHA1 f6991a996dab84e23c161a3e56258bc080143df9
SHA256 f61609713624481fdfdbc1b49c2041803232b510b90a634e5087cce7ca25911c
SHA512 0eee83e19f104aa50c71388c59c202eb0faf5a7899cf41d95c989378d7c18e41cd2adffd0f8face9c0855a356f746ce1bff0f0d64c04743d3b557bea2e76e89f

/data/user/0/com.paprbit.dcoder/databases/com.amplitude.api

MD5 d68035e35717addec96ede652145327b
SHA1 286bbf891d4a1c24a0f3abe49695f36ad99fc41f
SHA256 cfcf8ecba197ee775c76401af4e5f07a7cbe8cf2ba774f549aa2cc1f5f6a5a89
SHA512 3b9054435b5251c3a42f4ce0d1af741dec661c820c8c105e6d57afc254e5a4943a245788161b46851cf3a8f1acb6af41eccea76e06a7789aeca4e67565558e1e

/data/user/0/com.paprbit.dcoder/databases/com.amplitude.api-journal

MD5 010209da14bd123edbfb2247a5df54bd
SHA1 adf61a89b5caaff73cf99acf8c91e403062b2564
SHA256 005e74fd8587104aa880a02d3d730fa286c078d2b404e6c6a9877430c81ef6b0
SHA512 6c62633345dcfa9e524f2631c56889a3a7316e9de1acf87e56df29ecdb1c0418d1883c104c7715e4e1b60584263b2752fe1586ad4828e6adc1ae52dd49297d10

/data/user/0/com.paprbit.dcoder/databases/com.amplitude.api

MD5 f11afd34b89231881b134a1688fc0a22
SHA1 4c1b7575083f86ac89a888f03c965d173e5b266e
SHA256 56934e668817351244a78e603407e322e611fe8d107e50c563d4bde5b9f22259
SHA512 36ef1d8000590545567d782550ca92357747fe237e54908ebb286946e88246d3b1e2304badca0c1fd5c7f71cb505404cfaaeba4d27aad792e5437f39012e71ef

/data/user/0/com.paprbit.dcoder/databases/com.amplitude.api-journal

MD5 5c24516930e16f12ce5027c3f2872cfa
SHA1 edd92997be908f4672f38dd2c54c859dc730f9bf
SHA256 8bb68b37b9dc23bb388345f1f337e21f7a3adad34de9444a152c737920d773a3
SHA512 0dc9cc9f17e77322df39539c93aae190ceb234baa77f4ce3c0642303283e675c96ba3d4bc502a77bdfdf71014595d83d48b273b8356ab15922da2aa29db2dcf7

/data/user/0/com.paprbit.dcoder/databases/com.amplitude.api

MD5 75bfd7ae10da6a6f1399dcb90c39ee3c
SHA1 a7ae889fa429b8630264ac6d52d4097ddeaa2d87
SHA256 fe77729e2da3cf7e686ecf576bdfc358e4dc8150549d4ec2e2131fc6965d6a5e
SHA512 8a9285c610cf3fb9233a70cf2581bbe1a24771507d45a19642670adca92de0d8bac8d573bbc67b2591651795103cc969ae58d525c277b36f90a86e59bcfb4465

/data/user/0/com.paprbit.dcoder/databases/com.amplitude.api

MD5 8b024f526d0a28394b24716f10085e46
SHA1 f8db07dda898db76304b403f99826901cecd98d9
SHA256 fe4f329e4a861af94de2d9bbc8009e9c4dc25ad0d106de79548a8ff5a809878b
SHA512 06a4a9516882c9645eef5d17459ef39fd12ee7d4fd5a9b78fa3d94dae9d1baf680d49e789eb29857923483f2b9a470ddcbfb2947b227beb81fff4d63c099aca5

/data/user/0/com.paprbit.dcoder/databases/com.amplitude.api

MD5 b6c4b52adaef0811f5c8ce365176c413
SHA1 449db1d0f4a239cad56e929ec658b14d4175883c
SHA256 a67ca7239a903572644a8c2ffdb6d47bec0bc1540ef79456218e8d573e1767cf
SHA512 f532eb8297abf5a97a83605f1a541046b2138bd8c226abee9c2735dcf7404b0eb2ba3287f8c58cf3cbe6c33079510ed401b371b862e80db428188db576e09093

/data/user/0/com.paprbit.dcoder/databases/google_analytics_v4.db-journal

MD5 562ffb804bed91563b2c4fcffcedf57c
SHA1 90e8f286fd638514c43dda5b2e1d24508c3eca28
SHA256 294bf48e776ccf562e330ac9ef187e369c09f7e711fb43f951d6f0b34212dcde
SHA512 53539c2db50c0c8b597ca330c3cb96f0255155d53094fdd9a458c52e5e91f76cbcceb0b9fa5f19cb50139cae291c9601c07c6c606842391f06411426ff3fc121

/data/user/0/com.paprbit.dcoder/databases/google_analytics_v4.db

MD5 8f3ebd832df14ee4835237c7fe98bbac
SHA1 2159019d57e85c57470a14e503c5cf48e7fa4d47
SHA256 d75e19afd8cad1e1710652d0c0b9f5ef9523fa764974ea3a45ff21cf5b10c180
SHA512 3d1e9fc07d9f57a78b2cd3e70cb6ef1e557e418325509d9f7d29ce5717489d55bcdaa29b8be53f63166e80eb6b6934dfb8700badb3d493c7974269601c5d4cc7

/data/user/0/com.paprbit.dcoder/databases/google_analytics_v4.db-journal

MD5 c1ccfbc4f1cdac9f9ad79d3f8a1b103a
SHA1 657678f8ba3a22fce27a6a4dce06ef7ec67b0f70
SHA256 67fb8fa55ac2d4293a24765c6f55cbadc9a0ba95f8c2018a77c0687069da3533
SHA512 02f90afd09582d67230e710e72c7f28ff70c27f74dd662eb1d8ee741353b1bc2f29dc7c7f31ce15201adea6fe8fb75fe1811eee9574fff27cd97c56b9c6a233f

/data/user/0/com.paprbit.dcoder/databases/google_analytics_v4.db-journal

MD5 e232093f342ed8eee4432103d9f825ef
SHA1 a2465fcee893f64404f3248e7377888e7b4871dd
SHA256 f3f94cd7fc1152a34d677bbb8c61b651ac9841717976fcd91a1a59de0b18701b
SHA512 4dd2907a59f4c9cd8732d9854a32a7fcc2cc3e619475a9e5b0184e516ef5254e35451c6335686f201143e1430ccfdfa1812ea0c34fdf7bec3c61f1fd7585fc3b

/data/user/0/com.paprbit.dcoder/databases/google_analytics_v4.db-journal

MD5 9e8b90393590db21091e232018cdf9b5
SHA1 a39e38fe92cbd554e16d26d6c504bb5e318b1923
SHA256 81bc5c51fd884f06f075aedc38c9460081c5a70df8499e20ee6b123502671b13
SHA512 3adc7eead092d33474f7894d01c9fa22a416583ec6a4d99ea112b8760b5b41d6f205b8da1ec5d6de6d977053295cfd43958b6be19d315e0a23173d1f5f2ae2d7

/data/user/0/com.paprbit.dcoder/databases/google_analytics_v4.db-journal

MD5 8a987a7125292cdbde1816ee563bca88
SHA1 060f617df181355ae03a45421c7ac32f80dc8d78
SHA256 17d5ae91e13ca992851fb70188e74fe67c107db97a658b0e5d3e8ceaba81b00d
SHA512 b2d132a8e7b740f318d5714941c8aa78edde6d8fcbb8ef981b7d21a6fe3ad4e45c4b6358950aa7720a6d9d6936aa6f1c7e30c2055cc95f7471510c856ade1c2e

/data/user/0/com.paprbit.dcoder/files/gaClientId

MD5 a220a756b3a784655c8b25c24e256cd2
SHA1 8f49d51fbb1b109c6f001b21202e121de3d490e8
SHA256 c6854f1d317c93d8ea389802b55bbfb2b7e529f589294593b96b07682faf053e
SHA512 427a900ac2f96ecb14eabb3c17b091d1169390dfb476fa54fad862b549fe095ab12cb83bdc2e11cbfe0f0ce2705863332400501262f7aec873b940c3b9a6e0c9

/data/user/0/com.paprbit.dcoder/databases/google_analytics_v4.db-journal

MD5 cf08e155631925205479e81561bb9d32
SHA1 39ff730f2269d77f5381f2ab9d5ebb0306737a21
SHA256 aa43362998f2b44cafafcb6f06ff98291169dae9d24de952676de8bc554fa3a1
SHA512 94a710bfdda2f8116ee8ad3bdf8425392582e06663ce11a35321ca6be1de1559f8b3eeb0c3c42e6f50c12ea665bd9773c8cc46fa615a535350fb2162687d2d4b

/data/user/0/com.paprbit.dcoder/databases/google_app_measurement_local.db-journal

MD5 316f4414cb92fbcfc9bb6da181abe0c0
SHA1 35c37d536c114f39b418406d4ff17d8ca3159c87
SHA256 ef3a1e07bceaca21bc14e82cf750b935ec09e063655bcf6ac05dde590ae8b8c8
SHA512 80d58aafc7783bc71ed5ea9499f8ffb28049f77c66ec48873e94b0bb12730d0252918a900018d0657ffb63d0517d9f1649727d3a83564be957a401533c112192

/data/user/0/com.paprbit.dcoder/databases/google_app_measurement_local.db

MD5 dc866b5a26c151744910d5edea340bab
SHA1 94edb444098497f903c3673f4f150f0af2f57521
SHA256 c8d681790acde7feb31ebbfe3988bd851b1445a83e37bf80f8e0c024fb0c7981
SHA512 52481f06e8190ed702deff23a9c92bf4bbc385896ff3e34632acaa02e34b9cff6b011e52eaa4f031fe4aae3cc71cdb78c0b0c6dc083e0420dab75a637bbefc1c

/data/user/0/com.paprbit.dcoder/databases/google_app_measurement_local.db-journal

MD5 65184d09e569dbafc41493998fb62665
SHA1 4a7c6fd017720540316d17175adbc39b53c67152
SHA256 0987fb4022b99033c6bba4ce3257b1a131f361940d99aea525ded95a98b71fae
SHA512 c3de6bc4da72e667753d3d07e7d2c900dcc386cbd558421b7ee5977c4cf56fb26b5fce73b29cf4f73cda36a831b21b6fcd462f541317f2b93a45c31382af3324

/data/user/0/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/user/0/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA234015D-0001-1226-DB920E53F50FBeginSession.cls_temp

MD5 2e8805c36468fe4acf1f9d6058fea51f
SHA1 afd55730d8dea4ec9e447dec582d1ea1092a9c42
SHA256 e83d00870f60ff8d50fa5f3b6570002bc85cd00d8e2fa6786fcd4f44d756d5bc
SHA512 d7ffc0d3edb4134ebfd4ce478542eeaf43f29412057bbb30b90f1563f6ea926d9de319146c7b89d15bbe1ac6097e3d439d7245cd4b3312c0c5fd799d293606e1

/data/user/0/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 7d1c248b29f17a52bb0d83b7e67600f8
SHA1 57beca5c74841b9517ab8da07577ab0eed4301fd
SHA256 ced8e0e937ff3ec7c8ea6aa331e57dabec11611c384044fd7cf2cce730dd60e7
SHA512 ff8310ddcc8de12c63bb4a0f78131d24d48efd286d1a651113c57a3587cab2713f8d2d71e7d15da42cdaf599beafb5a7557806284ce7534c5a8d567342ea5c0b

/data/user/0/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA234015D-0001-1226-DB920E53F50FBeginSession.json

MD5 729627ba378518947a74d3eaa213d814
SHA1 d0337ca8126d9b043179693feaa204368935dc89
SHA256 a220f0ee1eb17029c2e488eae8f0662424a8cef1b9a367851c7a7315277ec19d
SHA512 fb6bdef894ad829ef765489307340d2eebae3e8bbe394c5cae2ad5c0dbf3c803db26b0e3daeba95abc07d1cbc93adff23f31aaa2616715bc474efebd0301d704

/data/user/0/com.paprbit.dcoder/databases/google_app_measurement_local.db-journal

MD5 d9ac63a1fb45577100454e9fde61df3c
SHA1 0bfa32827d365afe7485f763924c480677e40570
SHA256 935ec5ca488443aaf5f083286819ebea0068ed70c999967c2f2bbc9c1c8ff924
SHA512 06245ef6093c73da1a4c079e84a51b538fb7d6c638d4e0569388c441eb2870b50977bf85c5eb76dffecba518d85f0df40466bc3b3a898d4348fd17a4628915af

/data/user/0/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_94729066-a285-4f20-b868-00d57821d66e_1718395450012.tap

MD5 ac5fa12ed4e99d5ebda2dfadd3cbae38
SHA1 06f040aca8856f94c63774ff2e6d936eb778fdd9
SHA256 06efeccfc7a041141659f7d18c972360d3187e110687418590156d90cc075839
SHA512 dd720e9f4c8b98cdf70cc2320e66378f285d2431fce9baa4c00f805cc34e87556e7633367d44e47e2e18bb054f8a26d899d1aefda039acc3bec738df89f4aa62

/data/user/0/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA234015D-0001-1226-DB920E53F50FSessionApp.cls_temp

MD5 d184fc2da053d4df258ebea482dad670
SHA1 ff6ebcd1df8b19b2ef57357145390382936643e4
SHA256 b9c5236011c5afd4f72110596400652241799fc786fe51aacee6fe7b81aa218d
SHA512 e94cc1aded3b1042f57dd3b7e2ef359375eb10ca4a587d1baaf1466d83707b15912bb08fb9184beb9c5d072bd71daa62717b56d046f66e2097551e7d8fd4a0d2

/data/user/0/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 a8083cf7b939e1571d7eeb8f93c3f843
SHA1 b60cefd5b492611ab6baa0dc7699bfe3360b6d71
SHA256 b2a9e6273147c559e9f7c164ae3b377f2ef4f9126375a50d2f31d9e645b1d934
SHA512 14dee06a7ae7aae82d75de8a9cfa47d41033d52b48d2f19c876004a219cf98daa85d46d4e9d2e6dd98ace73142149beca81f97b7a90f7e0226bad2c5680dfeec

/data/user/0/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA234015D-0001-1226-DB920E53F50FSessionApp.json

MD5 9a017064693b0574dc79d84e7f24bb82
SHA1 efecd98400f58ea285cae7508fd1624d5a0dc1c1
SHA256 114caf7c1304434b46e72398ff90fbdea658af7cbaf9261b0287e30405108c80
SHA512 fd34c6916c4f8498b27b227cf2d06dda35c4de76cc329378da6ad5ee7ae7a030464d6a8c5d2ea0135001f07636b41acec98ebb564f390736bf85d3e8e317aab2

/data/user/0/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA234015D-0001-1226-DB920E53F50FSessionOS.cls_temp

MD5 b3d9541cc92a9153d14e5160f8d8c008
SHA1 2e1ac80eb381dd82a03795b682f92020348c0113
SHA256 1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA512 78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

/data/user/0/com.paprbit.dcoder/databases/google_app_measurement_local.db-journal

MD5 d700269a8058db6595262cfc30c1181b
SHA1 8ec2818e2b4b29884e20f5135049e3615209d689
SHA256 73f87989d456ae27e9b345a6977f8af41b691191cd164c0e433973f9b64aaf24
SHA512 e97c1b9967189522f86e3f8ec5ae348842683054c30874ad46044add5cd07ad84d5bf37c8f49e6b576452ee52dcd1cc678c88e388af2ad71916ac4eb4774710f

/data/user/0/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA234015D-0001-1226-DB920E53F50FSessionOS.json

MD5 fc1dcee4e422d77e7fab7c08c8a41344
SHA1 d5340127e9d5f735b9d33b9dc61c772fb0e2dc15
SHA256 b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7
SHA512 3ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61

/data/user/0/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA234015D-0001-1226-DB920E53F50FSessionDevice.cls_temp

MD5 fd6372364a5c5c9cf8945ac3ea7a5d94
SHA1 3c798cab71f6ae7a81e71e58712368231230588a
SHA256 7400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641
SHA512 a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276

/data/user/0/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666CA234015D-0001-1226-DB920E53F50FSessionDevice.json

MD5 eeeb942571fa704cf8ae49731fbe9789
SHA1 b5989c4cb932ffc779ee25bb3f7bfb79cf720427
SHA256 78809f7ae96de01e3922b6d3a134c3f7e9a0cbdacef313f70e8d9345bf5fbd71
SHA512 71e55c16f9f8fc936f8607448916bbfa1ba233b7120b8676fe11552916ac4dd3e3a7b0f9c31e14048933c8bb9c9d6d630ab7d28389f31749640cc965b2636565

/data/user/0/com.paprbit.dcoder/databases/google_app_measurement_local.db-journal

MD5 baf175154d905e0af8e83de06eef5866
SHA1 ae4cd6b630576f9a87b4eca7529be0dbb6bc33f9
SHA256 a36afd4772b8975b3c198a418be919c756c790ea1f4d41d8de5cff2b662ed57e
SHA512 6c93ed2f069cd5b2b1e8c5163b3ebe01e8011cc0a6ac57e7d30663176d63b82e0c56965ee25e7c6f927aa57d486a96bc532aa4a080fbd8f7632a70840f8a9584

/data/user/0/com.paprbit.dcoder/databases/google_app_measurement_local.db-journal

MD5 1cdeb4a745bac7cdf687987a765c1de1
SHA1 c710df50f83841fef5047944a0b4385eb9fe3ad2
SHA256 8458d4520d7432d7f0b98d5c53e62d030dc63d6de0a0c76853af82f94d229210
SHA512 8e5b825296b36db72a26a17925dc6ba03d3751891ecf687c22a2d4d64f7b6e4414188bd21036dd3a07e537bff17c336d858eba05d600b080fda1b77a0e5914db

/data/user/0/com.paprbit.dcoder/databases/google_app_measurement_local.db

MD5 63f92ec5018c647fb744e7bb8938af72
SHA1 caf694b838fcec93e7f1b5f431b764c5abe21b26
SHA256 d9beb15fc7450bc44f012a956fcb38086e2f2354dc51e702854b359d1a352cfa
SHA512 e58d435f3c58682cc717ab815dc6c4647c4e211d226020d175d40ae08f39edba1bc384d107f139a761074313cc91809d3d3a4ddeb84a0f4a1bb875785369dfa4

/data/user/0/com.paprbit.dcoder/files/AppEventsLogger.persistedevents

MD5 218743d435948f076308f8d99c2d917e
SHA1 8609f7046131fd549e92bef781a512267c673bac
SHA256 211e6c4e12fc3f05c379822299ab5427d728ba83544910ece7560b5e845391d6
SHA512 e66d6a2907e778c1e6e949a17aee60f1c29a7240772c3b545765e3d24f9a3f5c2862ee76786dfa9b179eeccfef2d905829af0b89a8d5052060cb3a3a833ca0ed

/data/user/0/com.paprbit.dcoder/databases/google_app_measurement_local.db

MD5 820d2c1b99621e3172578092b5c13d77
SHA1 e523f9772de57b237256539086958004acf435ab
SHA256 001c19f3af2e425b08cc5097a2273a7c4d5cae4553c32164ebe4ceb5164793c2
SHA512 e1f9e031d222aba7c3a8bf295b3b1227ecee6245553fd309a0b786b01d8a46c82195d3b3330fa950410c2a12770a6c2af09d7f8c5620beb419f42eb4ac2008d4

/data/user/0/com.paprbit.dcoder/databases/google_app_measurement_local.db

MD5 4943ef65a869d7629b8b12458393ef7e
SHA1 a96ae0397390c08f2840faba03dcb418fe0862e2
SHA256 1bb7a94167b1da7b04a769432c4018fef68c5742c697058c170238e2f3960b7d
SHA512 ae6dc4e8c20d57699b1d97e6fbf55d50b21f497277a7b0bd7a5dd401c0a76bdb7f8c8c09f82d9de066d997201626a78e9b093d4bab04c180b07bd0f0a812b04c

/data/user/0/com.paprbit.dcoder/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_026cd24b-44e1-4d9a-b086-9f20e231118d_1718395459706.tap

MD5 b8023a17fc0b16c28245f54f136bbd2e
SHA1 11a05f0c17d8ebaa2089062a6d510e394b63ce99
SHA256 2865f7e00c7956c5f153ef2b71c6832ca9ced0a19c954ad59c940f1fc046343b
SHA512 a76fc6d395054094b0641d4a7dba2dbf2002e5000d4797a1ba15a665a5054ce5ddf45d6d296a38b90421467f31853e8c0dfcfaee6a0cabdb41d505356c9f5429

/data/user/0/com.paprbit.dcoder/files/persisted_config

MD5 4b6b8c8f93a266e08c6a052dbeac517a
SHA1 65ea6b3c18ca293dba1c4627a9e5ff4ab5f9448d
SHA256 3bc4a324308c5a3dd0e8e319fbdee3c6469390a4df83620948e7d3415c914e05
SHA512 6ae765946c4304f66b10250a244968e621a01367a82e6fe2e86d27f94dc16280acb2c91f5015ec0ddae65e394538deb83a8073359fc70a1df356f5cb9ba8ca98