Malware Analysis Report

2024-09-09 15:59

Sample ID 240615-ct1bxszdmm
Target a6b4e356377427cbfde6ec72f92b793a.bin
SHA256 8de43470c81536505713bac1e7f073b4231cbaa0e234fd2746ed7daf2bf3d836
Tags
banker collection discovery evasion impact persistence credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

8de43470c81536505713bac1e7f073b4231cbaa0e234fd2746ed7daf2bf3d836

Threat Level: Likely malicious

The file a6b4e356377427cbfde6ec72f92b793a.bin was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence credential_access

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Reads the content of photos stored on the user's device.

Queries account information for other applications stored on the device

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Reads information about phone network operator.

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Queries information about the current Wi-Fi connection

Acquires the wake lock

Queries information about active data network

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 02:22

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 02:22

Reported

2024-06-15 02:26

Platform

android-x86-arm-20240611.1-en

Max time kernel

87s

Max time network

147s

Command Line

com.joeware.android.gpulumera

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.joeware.android.gpulumera/cache/1582435991586.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccounts N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.joeware.android.gpulumera

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.151.23:443 graph.facebook.com tcp
US 1.1.1.1:53 candy.jp-brothers.com udp
US 1.1.1.1:53 setting.rayjump.com udp
DE 35.156.52.32:80 setting.rayjump.com tcp
DE 35.156.52.32:80 setting.rayjump.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ads.mopub.com udp
US 34.111.158.155:80 ads.mopub.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 net.rayjump.com udp
US 34.102.167.98:80 net.rayjump.com tcp
US 34.102.167.98:80 net.rayjump.com tcp
US 34.102.167.98:80 net.rayjump.com tcp
US 34.102.167.98:80 net.rayjump.com tcp
US 34.102.167.98:80 net.rayjump.com tcp
US 34.102.167.98:80 net.rayjump.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp

Files

/data/data/com.joeware.android.gpulumera/files/persisted_config

MD5 0e3e306e28e8bd415a130cb2db93c9fb
SHA1 e2d07617a766877b837ba463208edc13b5ebb27e
SHA256 726c9e0083719d2844d46b3e8f5d119f0bbee10e489431c07b80bc7a20712842
SHA512 01c404a7140f7ced077cfcf0b0467537336f4022ab0639556197161fd67b044229ff666e99f7ac0ae1e9421e7d2557533d03a566ba7b8e212e19e49ccfc030f2

/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-journal

MD5 b9d3ed2314627f8a554c91e984a4adb0
SHA1 075a19ebdfe022dd4fa52f95ce8daa83e9a844c6
SHA256 ab1980cb3c5f76d485c50d2b82014411293ef36607bbd8a76dace6fc9d413596
SHA512 5b4652662d4f30068b40fe01efadaabc065649e4b042135d1e828a6ccf77089734bed77ed5f35b20b0ddcaee52fae971c94cd257c299dd4c13a59c723430e03b

/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db

MD5 45c656ec3ec12082620cbcd354537f77
SHA1 0997e7a702eae8165201997372785c02ce63b560
SHA256 cf70c36279115582823ce80c207345aec29e682711008b75db8795cb5a1d04f4
SHA512 c51e80b64a7bf3bf40b6bfe960d6122522fee727fc04d753184b2f37ff1c2c1bb19dda37607d7e776fc2ff37d0c1448aa1e686de1ee4bc0e582c37b723333054

/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-wal

MD5 8bda88d020bc32ef8e8f2266d182417b
SHA1 09c55789412e91e0cc946f865f7b47d149d63d2c
SHA256 fc8658a904114e2a8b29341b89aa72a49621190f2597127e257bd14a44e9bb81
SHA512 ebbcceb7cc841ce8e11cf4fff663c4eae4ac17a3a197be138293a4aac4ecaa6cf16bd1c4555b31cc36d821f9ea59c4f6a47b2b4ae1e6298c82a9ffe2915f5f09

/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-wal

MD5 829701beae6119ff65edebc89156c77f
SHA1 0f77e8c11726d721deb434d5cec3f8cbc8712ce3
SHA256 11db828de7d48a5afa1dafd217dbad0ba54d64934947a25015c870d96c11480b
SHA512 8fc95b3d717706eec80f951ff8333a97d3e900aee293390490b948863ba668a9373756c7ed613b1b50cea11ae90495902777b5fc406e32b3d8b24d799254ca8f

/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db

MD5 919e6ede8b37183355e8298ae9b6d6a4
SHA1 6cd2bbc4e3442f686ba1df804d58cc7c8bf1ae0e
SHA256 854f7efcea1d72a9cb7e9ad0acb74f5e066f6ee9b90f9082fd8c8d6fb75077f5
SHA512 4a8338980f928b8c03e34fc16b052c654e0e776878125253262379523ad6bfda3978feddbfee6ca8701e541e06034d08afc2809ef0b1e3575795866ee6a0d1af

/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-wal

MD5 c507ba9594be181d4cdcc85cb1b8ef92
SHA1 23f2f9a8771e74aa1dd796e51d812825a037711e
SHA256 0348b5c509a0b2569b033feff711c56ef916ec8b49767df3291001026a099be6
SHA512 9052f933d78454df7156c57b8b5d2a488225e646e40015199cb5404e05c433d398cdb7fd819f95ce9eafccb0ae0b5cab6590c4b62727f7dd03503995bc88d5b6

/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db

MD5 f788856b7c0ceaa22c04ecc158522dc3
SHA1 a2d2b649cbb99654aa4235bb736a91d307e8d240
SHA256 165045071989338a809911821340b130b7d0887bc6f1c46184e5b5ac200b603f
SHA512 be3bb4d52d42e057a1c694092ba8d304159f5e4b1c3e32b25a7344a16b275b35a122ee8162a8eb5a89c1dc2059cb0380728c8313b5235553bcc229b840f21907

/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-wal

MD5 99f18624e805ecd2293f9db536dbeb78
SHA1 1390a8ae04d6f5055ea9448a61db2f39fedcd657
SHA256 61ff88921ba2d1ab575eac9a49fae052d9614ab0471532681b274f440f944758
SHA512 e6ae0fbb368fba892d6b2200e3391b1360543a77bcbf62b292f42be164247afad464dcb450a44c01f972eb7fb5be2cd9eb3a679abc3bbaace0c8a8cbfcd3df8a

/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db

MD5 926da35ffc39299c6db4e0508c21d67a
SHA1 4c369e9bf7d629e37b4e36705d90f1c7ba556505
SHA256 3bfbbcab2db39cb5d9539dcaa902bbee528b259052c1936759c7baff72160d16
SHA512 2a754fe9f109337d75561dc0bdbf649de4137b6eb62e4072698023c92b0f1717b3501de94756799c7c77afe43770e7821df4782ebb6aea8eb894ed067791c2d2

/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-wal

MD5 a3e63ee5f32fba3b2526164da7e51b61
SHA1 cb723910d655f1a3f3c05f46d94fb1f987ec9d84
SHA256 b2ff6466f2e90bfcfb115ca31de838f1c7f090d181e8bcead9300423c8741970
SHA512 fa5a59fcc2f7ed16dc15ba1e4d4e53d229528e9d24ad2ca6202793b95a074c7594648e773912df7e15ebd9c639bcffc8419c4e2561b0f5d3705c0a9431699a39

/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db

MD5 31102412952d0d5cc87550c27a5bc47c
SHA1 3a75785c08f0e1c43fcbaa237583f9807018d7c8
SHA256 c2c82717c898c8473d4b04ce21633bf40ea548adb3fc70d16132851885d8c5e3
SHA512 acc3c323ea5e5fbec1d38951e6562ed4966a4468148601e320175183b5cedf952f9422f286e47d475563b45970aa7fed75e7cf31f5f7f33d97797761a6290482

/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-wal

MD5 57ddf2f1827054364d52eff07fc4a9f9
SHA1 fc16eba69a08f61354a66119b103c879009814f9
SHA256 b264f14162a96f8faddbcaa8d8b78faa68df8f1328e347202ede69d07f3e717d
SHA512 70346a58f3223299442814fd3dba4b7ecffb5f175f8b31a3da3487f80060a84bed78959d20bd15f1fbb45b49299d99f99074175bd4ed76224e0a4254559439fa

/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db

MD5 771939bde3b2aa62dfbe3ef881c23471
SHA1 754eaf1974cfd57df00337a061540ff083ac8d6f
SHA256 6b5383a316d365d9dafcc4318bf11d86aafd5299e498349012c45ba33af2eb98
SHA512 c07d6abdc43d4249e7cc0b4f67d0075b729eecf8f314c7e1d9091d15f361f36eef3f10fa5fedd4268bb2d6558d0b3b35cd51549fd68a889fa1f23841342529d3

/data/data/com.joeware.android.gpulumera/databases/evernote_jobs.db-journal

MD5 a4feb189dba59e1267fed629dabf6ba4
SHA1 2f1d63747474ea8acb3a7cdf6067c67b24567b98
SHA256 6e131e45a0d0e272fbe041443b148bba5650aa150be8d5cf5d3657d29817c3c1
SHA512 12637e02d5f7f5edf5bc6d8169e98c97760a05e2a00137eb81542afb44e4d271fa54c8f9eac34b997cf1954b39ecfc42fd558c7ee7f2038809c8a06c5485c5a9

/data/data/com.joeware.android.gpulumera/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.joeware.android.gpulumera/databases/evernote_jobs.db-wal

MD5 3fe5dc4cfb2dd5ed8d6aaf88b8aae4f3
SHA1 e551213120cb6687e4c625b7a54f3b7cf736575d
SHA256 8b8d2a4387a8457ba82139dab783f499b074087bedfd27d809d5fb1e26230eec
SHA512 c9eb74fbbbb012edf97e71bf2137bf3cf3d217a9ba0bc8ea473daa3e772e79f7ab9a965049de42f178884b791bec20673d52b18e0514dfd770fa3e1d6ee029e6

/data/data/com.joeware.android.gpulumera/databases/mobvista.msdk.db-journal

MD5 269a2a95ae8fc3247d2f5b8ad43540b7
SHA1 53f849a5496797ae7ac1aec8a465cdf190853361
SHA256 b6922145306b5f6a2a216bd2e1992d3a35460c9b10447ac514986ac3047383ba
SHA512 d515ca7b79688295daa8032d46c1a822626c5febb65ff528f371475ec1daec5f387aff41da239ba66317a62cbc740916b652da289d5d61ce027dcac1206b24c4

/data/data/com.joeware.android.gpulumera/databases/mobvista.msdk.db-wal

MD5 cff02dbe315f84d5746a97944a1feff2
SHA1 fb778fee588756970351fa565fe12b6ce2865d0c
SHA256 3c080fa6d6520fcffb582492be16df87331937032d3ac9a56bfd26352f0b5ed6
SHA512 142e6f82b2333488554cb69f012a36985dc219fdf6b881aaf1d192663f6b44b4d474a211e7d5c4254c11b4cfcffecb079eafc216b92fe59ddf19afc346e974cf

/data/data/com.joeware.android.gpulumera/databases/google_analytics_v4.db-journal

MD5 9c2f8cacd9436f4091bdc8319c3ccb68
SHA1 f2792be9741508f250ee21fa676d37f74002f437
SHA256 c3c83f248fcea03cdf63a53d7c850e754dc524e20257277c68dde7e9f197e842
SHA512 e641e626831a55456acdd9c1170c8165ed3ed51c60ffc31de4151cd75fe737dc6fa80357527d6977147b4f17d0de6682881cb4cac27eadd39fcd3a6826ead2a4

/data/data/com.joeware.android.gpulumera/databases/google_analytics_v4.db-wal

MD5 a4d06202ddf08a49c6f9079751e5ad01
SHA1 22a5dfce089df84143b22b6dfcc1cd49a394dcb6
SHA256 1e3b937486a67d769cecd0b079b49d8d4a65b65c8027e0b6126248a7f0eb0124
SHA512 bc72ac1ef1026f94b17fdd6293d4800526e70ee5c29d044fff203efbdfb5ad10aa9ebaac35c70922cf1259f4f282396505e3fd67888a49ae34ee74a385db60d4

/data/data/com.joeware.android.gpulumera/files/gaClientId

MD5 1118ee624432a0dd8f13da882da20454
SHA1 8740ff0fa539d8eb7339277e4cfbf1aafa57ca88
SHA256 4bb75bd62df65952eec5e79ee7f33bf2d545e33d689d1d78857df6305b13cdb2
SHA512 684088361e94411d61057cc3296ed09ce5053324087ba3966e984a2509afd410902208eb72bd0a21beef19e329b819dc5cc3d53b3fd1598b20bae4d1593892da

/data/data/com.joeware.android.gpulumera/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.joeware.android.gpulumera/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/com.joeware.android.gpulumera/files/persisted_config

MD5 5dfe968f6f027803a65887ca7fd3e9c8
SHA1 05c5568ce434d16a41c9b843c34b80e08943b1ef
SHA256 01047208573b7248879ea625f342604b59921b356b38850040820cadbd7db892
SHA512 6e5379fe74ddb531aa0bfe376d705763294a1bcd757eaad0bd9850ebcb7ba957ef36d8de532d817ef95ff77db3651d813f259f50610b2e8fde7867457c74f1f3

/data/data/com.joeware.android.gpulumera/files/persisted_config

MD5 f645c88674cba3a9de362aec4c837cd4
SHA1 8048d126abaff08999120d0c8385b1f138d646e8
SHA256 5ebdd6797c0a8eee8b816d61f6b5cb5eddc42dd452e1883ddfe779fed0e3c12e
SHA512 9b8879603da801fa702cc4f350bd72fc5311f326caa695e2966a15ce45b6b1d3aaa2461e506991c8d3046d6bbf4576e7e8430f501dd03e999b57c82a34d33409

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 02:22

Reported

2024-06-15 02:26

Platform

android-x64-arm64-20240611.1-en

Max time kernel

73s

Max time network

133s

Command Line

com.joeware.android.gpulumera

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.joeware.android.gpulumera/cache/1582435991586.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.joeware.android.gpulumera

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 candy.jp-brothers.com udp
US 1.1.1.1:53 setting.rayjump.com udp
DE 3.66.149.105:80 setting.rayjump.com tcp
DE 3.66.149.105:80 setting.rayjump.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 ads.mopub.com udp
US 34.111.158.155:80 ads.mopub.com tcp
US 1.1.1.1:53 net.rayjump.com udp
US 34.102.167.98:80 net.rayjump.com tcp
US 34.102.167.98:80 net.rayjump.com tcp
US 34.102.167.98:80 net.rayjump.com tcp
US 34.102.167.98:80 net.rayjump.com tcp
US 34.102.167.98:80 net.rayjump.com tcp
US 34.102.167.98:80 net.rayjump.com tcp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

/data/user/0/com.joeware.android.gpulumera/files/persisted_config

MD5 1313e026efaf9feddb75390e5d7785e7
SHA1 788c139408c3cac7016994d7bee5b87591aec629
SHA256 528786c65d53e2e6e20f6c259eb3cde020df3a5d6d4bf9dbedcfed716c3be640
SHA512 2bdf43773d4e163a29641b7ef0f257cbd40d4301cb83fd96f8f977b993aae8c79b8c51be759cb38287de18152ee3bb76bc0e40f4495539e95c5dba3218a4f960

/data/user/0/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-journal

MD5 d01d26a66422d6c2819210eb94ea103d
SHA1 c59a9eb48ec989da6682b8d4b29f73c51398398f
SHA256 66a50bc49de619fee7e0ab3614e9ca7a4261f86e49fa0003ca991e7e6fe30cca
SHA512 79d14b9b102c554be5c27f97c0d72edc9d673ee75cfca9c2a28ebc7547c17ac25b06c834ffb1ccf1da558ef639af78c6ce846a8ac298b4865c7bf54404b9be1c

/data/user/0/com.joeware.android.gpulumera/databases/google_app_measurement_local.db

MD5 b6017c7594630a6e50c3c0e607b86615
SHA1 7f4b799c8e9ec80308742b819907ab1878084b82
SHA256 50fa9a662fd334d8a4ce8550f2002f97fb0c70e1da2933c4a9b0ca46fc4f29c6
SHA512 dc752a4faf6c8c445d2d14e92979c86a3466f4ac6b1a1448fa8954041f059a4c3a930b1b99e11eefa27266868c893f229b341350679439dd34068baa5adea796

/data/user/0/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-journal

MD5 567d1fa348bb5c151b195040d1ae99e2
SHA1 5f4c9a821dd1d00142a33874d2143b249c806876
SHA256 fa78c4a6db58adb09df363e5aa0e318636e0ee712fd2e9926cfe9b3c197ab733
SHA512 204370be0230de025d2dac82a64d9457f5020fcbcb84c139ec4decec607ed2eedf2158951314be176d221e7ec24a9102a62c079d658212965af803dce6aa4157

/data/user/0/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-journal

MD5 a2602b3d2b1cfc72486188bb54fbbcf9
SHA1 989e1326deae3c0aa8e300b66d5b6ccb5ba6b5cf
SHA256 eae804ba7c03c9b70c8a2263b4d10cb6383cf75af876bd13020c817bb8d1922e
SHA512 87b8581d87f447011c32632ff6ea74fb7c65f48d09e4186315ae802d8d6487c8cc044f069cdba565b19b525f6df6fd07f3fbb67a20da9205cf024b048ebe30e9

/data/user/0/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-journal

MD5 e09b0ce20f3e9a56955e2d79a8e9ac06
SHA1 6729656de02e6b2ec0971ae5b3b8ebe8913cfb1d
SHA256 c401cd540c189fef3106dc71c83f918c1cd9be5a338879ee0569f8ceb7c41519
SHA512 72fc38214bed9b61566a20a4b53d0c59556736913c3cc80bd5e28cf788adf6f2ab90cd078b551ff4cc7581575070213a0c6b6892f88dcf52692363b7b368e926

/data/user/0/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-journal

MD5 2dbddcd87991a88bb4053363d1841249
SHA1 2ea54a8e90720d48fd16c7c58c525456b0685086
SHA256 5ad5633e60b65125a9f8cf603ef59dd8fdbb82dee13118af1b79210e58be7c40
SHA512 5d31c4aaf488fd9de951164eb286cb81ae424cf8a6c756ca2d20cd9cc2503ce08da19ee6ea72307489a2cabc217fe736e0f71c7fce672fb5f0aec74b73f73c21

/data/user/0/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-journal

MD5 e5467e45f3d65b201eb8dfbd33cb33b2
SHA1 f308d983f2b4b230e03f7b46d7f272435115c26f
SHA256 664e0aaeb9a3f59c7b20863cafd128c6df5532b91cb51b89e0552ade9c162bc9
SHA512 44c4a552924a52e08421cce8f2d195a644263849af7cece8cba256e23f3e5bd71c304bf12961b107b518cc28308e40e77d7f1e464f5a12e3a8cdf5d2274ea0d8

/data/user/0/com.joeware.android.gpulumera/databases/google_app_measurement_local.db

MD5 03b19061e0adeb71c901286235ea21fb
SHA1 deae1370143e754a9bfdb930a54c53fcee1a6243
SHA256 9d6499997d36b49b0988cd105f50efb1138d0ae4ac09bb11e453c406f88b1656
SHA512 b24c81844bf17ad6f4873a5b9bcf6ceeed353e9af280193665c9727d55466f3a2e61403c89f474cd667cae494a49dd935afde1ed3bfa9f7e8f1c349226e45964

/data/user/0/com.joeware.android.gpulumera/databases/google_app_measurement_local.db

MD5 6c4df6e1c2425bab471d9a24d6bf7b34
SHA1 7c5e32761f85bc0974bd3c9a27d21d52ab181ae5
SHA256 cda21f47e3f5a7415adc96e00ab1def0bca6435486cd81d154bfd41836027972
SHA512 ce11796308f750d5add24257ed4debce0cae344f719ca9693e188c9f0d66b0182781e84f4477692e2a425e3adc6d0613e1dc456d3108f83e6cf15049de2afb5f

/data/user/0/com.joeware.android.gpulumera/databases/google_app_measurement_local.db

MD5 6ae08dc176dfb3fc759624a04758a5ce
SHA1 7d1a708b61d775360562693446a2122fd55df44a
SHA256 c7ea0f86bff0189bea792c6c43a8ad8ca5475ea8ec26c8fc6557533fa504d536
SHA512 42d7ca9307af58c32c0867c5debaae00f16c11015c66e3c538832e85a6bafecc34496bb6dda5fa4899540f61c56525a36dcfb2f25c65cabdfef980c4ad99f141

/data/user/0/com.joeware.android.gpulumera/databases/google_app_measurement_local.db

MD5 8fbae30cb243f315cccb2d8ce3df39d0
SHA1 474d186834c32d59e081da54f2611d39e3acb58a
SHA256 3ba6a139bf9787ca4c7fb69a625480f335613116d22829ae09ddf34a2d3f54d8
SHA512 8bf8524ed1457a32cc44b5a8ba18bb3a35b8a98ffec2dec28bf58ae90b01f5e48ba8059c52bf6d1a1cfd5a067d646a5ffb52b6d0e291ac5f94320fc32a241208

/data/user/0/com.joeware.android.gpulumera/databases/google_app_measurement_local.db

MD5 9df832cf314dff9eb6e4bd5a733b2b95
SHA1 35d52a961b4b6e3c944ef4179fdb51138d0a3cae
SHA256 d4027e338b5445544ce1a3dff7e40fe8b97d60eb9277baa9818167ae21d5536c
SHA512 4b87e4c47371e0e076084c164be811b19ebd54c2095c2a9821cec6f6e9058b25d2fc9e16b93410f0e0b0177ce057429da13f8210e9a0aeb4adedb31bb89c0bdd

/data/user/0/com.joeware.android.gpulumera/databases/evernote_jobs.db-journal

MD5 84a1daf0b6d78021e50a911b6272a8d3
SHA1 303d48358c496c02ffe2d28f52341acfc2f4508d
SHA256 cd6c3a89e01413266642fd195c7aef649c1c1048f8bde48e5f2af54608ec58d4
SHA512 7ec51a8612c76d69f0fb902829118199f313aa98f7cafbc14096c25b67a737da99145de11325df8ab444dd742202ae790d935377f6a64e21576385480b95e337

/data/user/0/com.joeware.android.gpulumera/databases/evernote_jobs.db

MD5 aa7aca312e7cc685dbc502cfaeae1652
SHA1 b71fc19f5450beb135c6a77f1c82f12ebd7e4964
SHA256 eaba74c0bb6bf63125ab7f93a1a355be452dc0dfcd3b81185c2e73d84a4589de
SHA512 f1a2d44fe5c3994c7c316f7c230e566441a3621ccc2d7ba98913fcc2429fd274a71b38ea0b8c15ce9a8ff7e4c2a0e93362a12fb0056dd4f97d38ba7745627691

/data/user/0/com.joeware.android.gpulumera/databases/evernote_jobs.db-journal

MD5 cd46de1d8d7bed816912fa600d8665b7
SHA1 f3bc348b1ed8c81c765485e152e2ec65e288b059
SHA256 63073b793c8a317b651dabec4a40b9d92a779104140fa172b5c2e829f43cadc6
SHA512 033a32af13c9291423993a3bd2e20a04ce99d66b203abc1fb773b6868993ca608031dfb881ed42bdfbfc23d2d629a274154905595e6d0189b8c63420ee43a96c

/data/user/0/com.joeware.android.gpulumera/databases/evernote_jobs.db-journal

MD5 7b1ea14b4d59d2bf624934f1672a65e8
SHA1 382f2b4f9499de3e7af9ad0c5439f8116550a78f
SHA256 5578a8f93cb84ed99a9b6cf2596a9b225cdbab1c1301c2e816502bcad0c56f88
SHA512 3d9e5ee24bddc633bb3c5c3aa51c0e8e1d683c1248d013ff1cdf98d06eb23066257d3d79646fd4f6ef937aa7d9c7cef491a02505372fc9a96c3bc033659bee5a

/data/user/0/com.joeware.android.gpulumera/databases/evernote_jobs.db-journal

MD5 13482bf047710b13ac90f2c9b2952f09
SHA1 08b3b2600b7fed7049abb895e3333d972e4094c7
SHA256 c53f564a091d15146772877f1335f5935e936120d5fa5687c5d7c8b0c48df4a0
SHA512 efa33d22e67510a30d6c2ba89cf8fe87f9af0d297d2b83c14dde2bbf7c8083488e7e7355f0cf673e7a6a739570344767b57525a22682bbc92189b34f5cb7f274

/data/user/0/com.joeware.android.gpulumera/databases/mobvista.msdk.db-journal

MD5 c586cd2c445631796469f547f35b7a34
SHA1 f4a780ac295eb72eb45deff4836fa5c3c4360256
SHA256 9a3963f47944bce54d15b41567cdd287198fbbe5c98a30b746d267294f4292f4
SHA512 44afa678382eb42ceea1be3b3b36ac3612a8505c1a2b65f2d41df1669f93b4313f4cc6c518294347822698b16f837ead8cfcbdcbe3b0b54c6dcef0348d216324

/data/user/0/com.joeware.android.gpulumera/databases/mobvista.msdk.db

MD5 ee1b9a7fe69d65831121c5c56a938a6d
SHA1 40f941628196f68943bc722e89609120685791ff
SHA256 0296f190da0bef1dcea6857d32abeff5b9baab5a09b15f49d1351271f1b5c6ea
SHA512 f0696daaf29f79f2a15788170391375e67247b43c2f127262a492fd60df9caedea28e3491bde51d936966a52a910774a46b7bce1a39d708abe3912c5356b45b4

/data/user/0/com.joeware.android.gpulumera/databases/mobvista.msdk.db-journal

MD5 4130fe71fdf1006779fceed4721c153e
SHA1 10c8643d538cf9bbb4cd2f74785be16704c14ce6
SHA256 00c98b204c6826f7b61dbd1596aafcf22a9506164610301218bc0932413671f7
SHA512 d117c00243e591ecbe306f3c78d5e3893409a18a3b04c7135451ba40257a12cc962b151afc5cd69a07012c6c597a6ef6914ec086aee982101973b00501b70c71

/data/user/0/com.joeware.android.gpulumera/databases/mobvista.msdk.db-journal

MD5 9eebf2f30aa8e3462dde425c65ee3c12
SHA1 eff3271b445a9b5ddc89c36b19f0ded4fa2f619e
SHA256 17b5748606e67be665b7b253ef2263ae5d8cfc446db09df95b4a34aec9746945
SHA512 f4864d12a9dc7d48a40772d451a0dd83e45fe32a7674b4963569c9967df662f1d4ec6a3f2b2e0c9aae4bd110ff6b6f555109a26b78fd739887278e4ef7af0955

/data/user/0/com.joeware.android.gpulumera/databases/google_analytics_v4.db-journal

MD5 2fcf6e62453a99ad681ddc199ae190a2
SHA1 a1a3187891bc20c86079274d60379bc19b221cf7
SHA256 17d939285bfeda55b04fe46a6a1262a0b2c35c034ef2344b13fd2306877c7991
SHA512 4bc00ee8c85fe00ac566d0d2d04f527af947e951c0bbfd0e110042f158597579da9000f32ddbb008db2991b39546d05d690cd355e03b299fbebb544a54007853

/data/user/0/com.joeware.android.gpulumera/databases/google_analytics_v4.db

MD5 4b232f8744d0cd597a3d3c4838a54518
SHA1 b4ffa88cb456fe8d2831a5b77bc0ef7473ac6f66
SHA256 07f31e6a5124c8c7579068e5073d4b491a3b47991e37f0ddae25ecb675462adf
SHA512 d24be51bc460a4802d3fce4764349d2d8cec0fa64d9cee3dd4938988dfb0736c24029d16facd0ea848ee7027eec49cdd1530f8668661db4f6663315464b88097

/data/user/0/com.joeware.android.gpulumera/databases/google_analytics_v4.db-journal

MD5 e24bab2e944bf0f029c6ea8c3b7faaa7
SHA1 37128c702bd54bb13ae9fef2cd482ae759d532fb
SHA256 6bbb01206a72c03adda88d20505ef419bf25d65821de6adb245bb9a9cf98d040
SHA512 6e405cbec98ee052c001927880ce173c7f070d9fc7c2a0845b843dc2e63031e81dca13797892368a744810aa23618e0a0737594f4576f8a7b989aad4f245611b

/data/user/0/com.joeware.android.gpulumera/databases/google_analytics_v4.db-journal

MD5 c526855bedddef34f4a168c20e462021
SHA1 7de339c1b8b6edcdc76b064be157ef33f0ae0351
SHA256 8cf541d6eb2764fef4f1fa09ff865dbc48117ac9c954752d3907c823a1ee182a
SHA512 37154b17a22d92e795e74c4590a2698e5c82ec6d509463d813bc5cd2afd46c953bda4003f02ded448a13c3e609cc95e98303b34bfdadd16b0d0b0a891f5b2858

/data/user/0/com.joeware.android.gpulumera/databases/google_analytics_v4.db-journal

MD5 085c533530ad6124cc327300a9f0f297
SHA1 13ec927a4d6c7f9665574f0413e5741bdd111cfa
SHA256 0777f15ddbc9a8982f509fdac6913c50afc199b845ef9c8239695ccd7116be4e
SHA512 2ad08d60bf654adae144c776d182746f937a8567b2abe1bb67fef3fb9ddf217c0ad1e585aedf5bab3f52800a6278a7b75b0df6dc7a23584086bb5756ac409048

/data/user/0/com.joeware.android.gpulumera/databases/google_analytics_v4.db-journal

MD5 f78179bc36f7b484b6a6fb1d3979adb7
SHA1 973eab6d5c6886dd0cdbf161255fdc777fa36e82
SHA256 731c49e37668c0b6eb822d5cca085420e7f63d07bf507a1caece5b0697527b29
SHA512 ae38ea110efa452e266a20fc8eecf682b2fe35808172380e26fe113d0b4e567eef6f49dd1f90a2ec51fb4d7ea1071ead2df9d0b16d52bbd6702b81dfd49dafd6

/data/user/0/com.joeware.android.gpulumera/files/gaClientId

MD5 ce34ee211ba2b548fd737fabfab571f2
SHA1 8287e4cd00104d4770c2c185d858f7d620181b0f
SHA256 e9d889fb1d6165e802a26fb2f5d01d3412e2573acd1ce49b926b1273229f818f
SHA512 643f4584af802d7310b5c45248162f3ff2ed3ec7b22090fd9d11250fd887f71835c52ed9ddfa250789c1e96150622c3f86264b0e08c8a1fb004153350ae0c80e

/data/user/0/com.joeware.android.gpulumera/databases/google_analytics_v4.db-journal

MD5 e4f1e4b07838340c233751d64f594362
SHA1 d4e4181a15bca97d80197929f8c35b2d08113f8d
SHA256 6f24a5dae31693f6337bc3500db3cbd5a0cfebf9ed373da2e212063dd9eac09b
SHA512 df06cf7f9f833869398695af6390fef38ea226e085f162a47969bea5ac321ac26470c4cf7fed5255e4cf225e84235e4013d95037dc122f60cd712f484cd5768c

/storage/emulated/0/.a/track_id.bin

MD5 bc6d2218c3eeb6e0a3d63ac1ddcdaff1
SHA1 e9f1a0791bf9303bb989d32e2cd9aaa72d8c6acc
SHA256 4e652e99fafc96180381421428d6d3714dca02bc3e081b053f5f13eb5f615072
SHA512 bfc2263a9a0a7e30d47e9bfbfa84cb8edd9c03f282ab48e05c4a72639ec8bff4bd81f0d9d1b04d88595becedfaf1f01e8eddaa6c65c0796eeeb42f5309fdb364

/data/user/0/com.joeware.android.gpulumera/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.joeware.android.gpulumera/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/com.joeware.android.gpulumera/files/persisted_config

MD5 7e271f980564c3bada80f963a5df00ae
SHA1 8bccf77ef297aef6f64dbe3fd0ac68c0a524a5a9
SHA256 e29ff8e8d67a24f9402004a73c8d99bd72c9bcd734ee11890bf7bc8d61862594
SHA512 ffe47e95445f544c6e46764e19fc8dd5df5aa2e27a863919df35e497ca09a57e5590aa414a2fc4e6ddc29b0422054fa0de1a08442a0aaaa7fba2d3b0b85fc9c2

/data/user/0/com.joeware.android.gpulumera/files/persisted_config

MD5 64f78d87affb14e77fa96281cf231611
SHA1 e5aadec11b3833b3f9b80a7c8a5439e117bfda30
SHA256 b3d06116085277c0318d176c214afe2a358cdeea86bbc8a850389255e4cd332d
SHA512 cd9a975791c84d2d008a60b7c9736bbfc211538a2010f7acf369368b0b24a1a9e9fe073afffac54f5a0027ec1e881c93ac70c8448a10b0689ccf80bf2043b35a