Malware Analysis Report

2024-09-09 13:33

Sample ID 240616-mlfmnazenc
Target b30c2dc0a49ee95cc1440c2dde85dbe9_JaffaCakes118
SHA256 19e20c9809cc61b1d4231cb0c3156b1a12b7ec14f9825e9fa2f8fd1eac359c08
Tags
banker discovery evasion impact persistence stealth trojan collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

19e20c9809cc61b1d4231cb0c3156b1a12b7ec14f9825e9fa2f8fd1eac359c08

Threat Level: Likely malicious

The file b30c2dc0a49ee95cc1440c2dde85dbe9_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence stealth trojan collection credential_access

Removes its main activity from the application launcher

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks Android system properties for emulator presence.

Queries information about running processes on the device

Loads dropped Dex/Jar

Reads the content of the browser bookmarks.

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 10:32

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 10:32

Reported

2024-06-16 10:37

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

130s

Command Line

com.cn.zzmain

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.cn.zzmain/app_ttmp/t.jar N/A N/A
N/A /data/user/0/com.cn.zzmain/app_ttmp/t.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.cn.zzmain

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cn.zzmain/app_ttmp/t.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.cn.zzmain/app_ttmp/oat/x86/t.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 142.250.178.3:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.s2sddl.com udp
US 1.1.1.1:53 api.downloadforpl.com udp
US 1.1.1.1:53 a.asense.in udp
US 208.100.26.245:80 a.asense.in tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

/data/data/com.cn.zzmain/app_ttmp/t.jar

MD5 39f7c5d4a7962708aa7d98bf2fadfc27
SHA1 cb348f750596b2e54705eb7d20b9fb2cc9d8807f
SHA256 e303dc3a3e31e4d525840e20486b6a99821e330b75c11e61c0f78d56f5dd9558
SHA512 55267b2721b056f9dab24c9f29df40db648cc3bd2eef0f4464da5545e6540f3f18cd8cdd9b7e7c77fe7a4fe37a08eb1bde482edbdd7eb364dd840f7f83740caa

/data/data/com.cn.zzmain/app_ttmp/t.jar

MD5 cf9c7fb39d30b43019bfac428a3269ab
SHA1 912d7b2f83d9d0eae24d5b4cf1a5033cd2b8a283
SHA256 9031644073855d5bc7ad4ac8f211b472c7b52b8a5b743e85b40d1864f95a09af
SHA512 2450ac53f0f2ecec5d32ce0fb90ce4ed051d25319965d6758d90e0ede8cc813d445911e7511f140510d3ed19390a1effb9c1758861a95cecde8760abe127590f

/data/user/0/com.cn.zzmain/app_ttmp/t.jar

MD5 71f79ba9526f0b6a04ff423212d75238
SHA1 ff505b3673f566a812ae925acc84157a1b6f34d7
SHA256 ab9672e93263e2459e8381f5216b8d8ce928c7bff5fd74cca8ae6f32977e557f
SHA512 b8df08dabb951a4881c0bb7cba6b80b76eeef9776fff51730daa8672f0afb6fa514b9c8bb8981b93db698698a83b77391e16aa612b55cf1150d6c18881aa2253

/data/user/0/com.cn.zzmain/app_ttmp/t.jar

MD5 4d50d49666dd4a7aab4ba4c4152abbd4
SHA1 b0ed22f4b8b27c2c20bf081eaf7f95a9dfd9cdfa
SHA256 67ee73418973fbe2d071df13f4e340c8951157a1594914b987605df034063963
SHA512 7979989b4a22c23d175052478c75c9884f51f85fde38dc440c42a76202e81bf51622fa9fd44a58748c0b562111cb54fd8e4fc0aac702b506a58ced2db2e680ff

/data/data/com.cn.zzmain/databases/com.cn.zzmainb-journal

MD5 2eda622f9acdd7768467a72486e3e519
SHA1 0fea86e762f526dd6a969ffab89b58350b1c1397
SHA256 baea362f0032acc49d82243bb7e011588db3a33cb2948288fb62bea26ef18c9a
SHA512 e7e84a6ace36e9a995867b07529273d78469439e041daad6477d93c03cc774c9d98ebc6e2a1ed15696dce40a7435bb0e08bfb8369fefe52dcf85b06d2937c7cf

/data/data/com.cn.zzmain/databases/com.cn.zzmainb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.cn.zzmain/databases/com.cn.zzmainb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.cn.zzmain/databases/com.cn.zzmainb-wal

MD5 0d9e13ff1abd6ac50d8bf380b9e8b100
SHA1 19d21f101d7d2cf55e3e257ece42659eca163c9e
SHA256 3ef0ff2b14103b70fa92dbacaf473a23727ad18c86b418095e3e8881835354f6
SHA512 d002910119faaa538c6d9c621f85a597c5f9bafa6f8abf722b7955962ad8bcef6107537cb25e31b39eb6d1bea02d30e8e2da9bdda598b5a7426058b13712f796

/data/data/com.cn.zzmain/app_ttmp/oat/t.jar.cur.prof

MD5 4e058e27061dd17c14f95b43466500d9
SHA1 943f297f3d9ba7b3d788412d2035451d3c48dc4a
SHA256 26cf4c03e90ea17d53c81611d0cd15089cd2c8987ed97a50b0cbc03ea4a1e5a2
SHA512 9feb6ac0bd9eaae63690cb61e2619b54634e2969df7bc520f95664ab68fac7a0b1cfa57c38857be8bd3a493b885165e0c947bf0908f1c49753f92f2a79eac5d4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 10:32

Reported

2024-06-16 10:37

Platform

android-x64-20240611.1-en

Max time kernel

177s

Max time network

129s

Command Line

com.cn.zzmain

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.cn.zzmain/app_ttmp/t.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.cn.zzmain

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.s2sddl.com udp
US 1.1.1.1:53 api.downloadforpl.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 a.asense.in udp
US 208.100.26.245:80 a.asense.in tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp

Files

/data/data/com.cn.zzmain/app_ttmp/t.jar

MD5 39f7c5d4a7962708aa7d98bf2fadfc27
SHA1 cb348f750596b2e54705eb7d20b9fb2cc9d8807f
SHA256 e303dc3a3e31e4d525840e20486b6a99821e330b75c11e61c0f78d56f5dd9558
SHA512 55267b2721b056f9dab24c9f29df40db648cc3bd2eef0f4464da5545e6540f3f18cd8cdd9b7e7c77fe7a4fe37a08eb1bde482edbdd7eb364dd840f7f83740caa

/data/data/com.cn.zzmain/app_ttmp/t.jar

MD5 cf9c7fb39d30b43019bfac428a3269ab
SHA1 912d7b2f83d9d0eae24d5b4cf1a5033cd2b8a283
SHA256 9031644073855d5bc7ad4ac8f211b472c7b52b8a5b743e85b40d1864f95a09af
SHA512 2450ac53f0f2ecec5d32ce0fb90ce4ed051d25319965d6758d90e0ede8cc813d445911e7511f140510d3ed19390a1effb9c1758861a95cecde8760abe127590f

/data/user/0/com.cn.zzmain/app_ttmp/t.jar

MD5 71f79ba9526f0b6a04ff423212d75238
SHA1 ff505b3673f566a812ae925acc84157a1b6f34d7
SHA256 ab9672e93263e2459e8381f5216b8d8ce928c7bff5fd74cca8ae6f32977e557f
SHA512 b8df08dabb951a4881c0bb7cba6b80b76eeef9776fff51730daa8672f0afb6fa514b9c8bb8981b93db698698a83b77391e16aa612b55cf1150d6c18881aa2253

/data/data/com.cn.zzmain/databases/com.cn.zzmainb-journal

MD5 23dacea7063ca89e3b05704c003e8374
SHA1 054b78a247a9ed012dbb7e6ee9ce690f20734a9a
SHA256 8fc07731da6bd644378791ea291659179166094b66f8035a0ce2df3ba6c78ecc
SHA512 40ece1b9f98773f1f3675127f747d8232e0b6e5d31bf4c2d5555a2844e172222a9d95d895ac96d0410c838ff3fea835902a03329ad393a49d21e08867aed645c

/data/data/com.cn.zzmain/databases/com.cn.zzmainb

MD5 fa924636b030c0e3f1740fbcaff2554e
SHA1 54d517dbf526000b0e86d28cf8d1a24c5f6381ff
SHA256 bbdd13113ef4d15bdec732a01fe398eb3f45b556b219d067bad5af8172c5c926
SHA512 e747a9f2b9f17bbabc57f66f1ba03cfee9009d5266a78deb57c459a6f176a23a08263639cf03c057b41b3dc6ac839c67666ef261061f5f667fa955781bfe85de

/data/data/com.cn.zzmain/databases/com.cn.zzmainb-journal

MD5 a33d9e88b64b7f0426897fd4fb01ebf7
SHA1 d7a3b8d2e6be6a08d62fe6899a917e66153e9838
SHA256 5c2f0cf6132fbc77fa086a86da407feb7ebcc5b62185085b97f4ee7e9724099e
SHA512 bf129483d67ac02461d158b32885f3085c6a9c8c42ee118494b6e1edd2a5e44c4347316521051eb7dd33bf97e743d2848ddeaf7d63beb9fa029c947c6f2cc09b

/data/data/com.cn.zzmain/databases/com.cn.zzmainb-journal

MD5 56a7478bad096007bc3c96eb56588df6
SHA1 cef3a995c9db2bbd866e916e1031ed71dd0ca576
SHA256 f9911db848cd13402aad91be90d62aef42548cce834850e7a47297cd6cc2e69b
SHA512 b169c1f224338930267ec096d71ae7b1570ac7f90185ea8eef4464b490be756d7f1179c81fa258eb8c4d0d279dcc9df989a9978191152fccfbffb13d2615a8ce

/data/data/com.cn.zzmain/databases/com.cn.zzmainb-journal

MD5 8df7b0b741aff704ae88666648f8ef7c
SHA1 d33ef0832599995b5f6d4219680d85129d372b6a
SHA256 65c1cf409cc8ac8cd9623235b14e8c3242b5e4a5a49efa45377db41fe2fb1853
SHA512 d86e49ee6cd5a8130cd8fa56992b86a7032bae7fed380ccb453f61497c8102568d74a9f8da143f3fdc2a13ff2037c0f564cc62d28589dafed676854c524bd5a4

/data/data/com.cn.zzmain/app_ttmp/oat/t.jar.cur.prof

MD5 ce2e2c0aafcce5115d760c4c6f101b7c
SHA1 41fd44c6d813975c438b95ae401c681586012cba
SHA256 5e5d9a222bebbe7291b674c3ab72f6c3547a5baefaec378a19309c3bd760ee93
SHA512 f155a49a519d991fefbe6ccf9986dcf439a1bc13f51e3c23f1729c9a8b102bb41251e71106b61aeb47243ea0315c33dcc7d2f8cd7ab903d6a9a53f4a648544af

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-16 10:32

Reported

2024-06-16 10:36

Platform

android-x64-arm64-20240611.1-en

Max time kernel

179s

Max time network

132s

Command Line

com.cn.zzmain

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.cn.zzmain/app_ttmp/t.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.cn.zzmain

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 api.s2sddl.com udp
US 1.1.1.1:53 api.downloadforpl.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 a.asense.in udp
US 208.100.26.245:80 a.asense.in tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/com.cn.zzmain/app_ttmp/t.jar

MD5 39f7c5d4a7962708aa7d98bf2fadfc27
SHA1 cb348f750596b2e54705eb7d20b9fb2cc9d8807f
SHA256 e303dc3a3e31e4d525840e20486b6a99821e330b75c11e61c0f78d56f5dd9558
SHA512 55267b2721b056f9dab24c9f29df40db648cc3bd2eef0f4464da5545e6540f3f18cd8cdd9b7e7c77fe7a4fe37a08eb1bde482edbdd7eb364dd840f7f83740caa

/data/user/0/com.cn.zzmain/app_ttmp/t.jar

MD5 cf9c7fb39d30b43019bfac428a3269ab
SHA1 912d7b2f83d9d0eae24d5b4cf1a5033cd2b8a283
SHA256 9031644073855d5bc7ad4ac8f211b472c7b52b8a5b743e85b40d1864f95a09af
SHA512 2450ac53f0f2ecec5d32ce0fb90ce4ed051d25319965d6758d90e0ede8cc813d445911e7511f140510d3ed19390a1effb9c1758861a95cecde8760abe127590f

/data/user/0/com.cn.zzmain/app_ttmp/t.jar

MD5 71f79ba9526f0b6a04ff423212d75238
SHA1 ff505b3673f566a812ae925acc84157a1b6f34d7
SHA256 ab9672e93263e2459e8381f5216b8d8ce928c7bff5fd74cca8ae6f32977e557f
SHA512 b8df08dabb951a4881c0bb7cba6b80b76eeef9776fff51730daa8672f0afb6fa514b9c8bb8981b93db698698a83b77391e16aa612b55cf1150d6c18881aa2253

/data/user/0/com.cn.zzmain/databases/com.cn.zzmainb-journal

MD5 c042f053d2c0d086ac04e8954d3bafa7
SHA1 d5927c37eb08d8018b412d2d89310f5ec570db44
SHA256 5bd60b5f5a6e64c75de50523450cbbfc1e131c43fdba0828a77af5993bca1165
SHA512 8d0bd94826b4ecc15e385c0ecc83515ae5419ef71f4d0618b1219c7cc232e5e122ef86d7fd04ffd5719e70cf43b6756ac947cfe1637119557f095bc0346f5f60

/data/user/0/com.cn.zzmain/databases/com.cn.zzmainb

MD5 32f6f1cca78c956b13848ae7d56697c0
SHA1 4f43d196583f67fe6e264b9d17b351bce9531a03
SHA256 b155c2dd93afeb770adda725eeacb1acfcd52afe9dc0dc4eef366d9685584e28
SHA512 cc011646e419eb51ee1eff914f2a73127cfd1caf82144afe71891f682add672fcbc8c26223857075264b1814ce61c5aab1e6d85300b6e8444d9925fd635e7c95

/data/user/0/com.cn.zzmain/databases/com.cn.zzmainb-journal

MD5 2e57ba2e93e2087ed73e0ff4abe7e159
SHA1 2a6331dac991644225672c6bdb99afd6989d2f82
SHA256 f092e85e2615a8485a4eb042add8adad84fe674a7cac09b476c9a45062151462
SHA512 4f7047fd4f4bceb445fb9c474da796ea82fd7ec89f0f51833238db4faaee971c9739eee706c4b366424cc6f9bc9e3b7c1d7a33d09523775b62eea1a380db23fa

/data/user/0/com.cn.zzmain/databases/com.cn.zzmainb-journal

MD5 d54336050b2b78042fdd6dac4519b98e
SHA1 69ca6b6be765202795738483d3c489c292946c9f
SHA256 35598be03e17d7a4630eb96390712e8ddf8abc0b433027a9160888701540f533
SHA512 4d5c92f1a3ce6ead43e20292efe9b4f371c41b6719e86c8ae80e8fcf12ac8f0bfd122c33e86907551ba43155c6ed9f3708959c056f9850f138ce5069a637be7c

/data/user/0/com.cn.zzmain/databases/com.cn.zzmainb-journal

MD5 01de85d6a58b091f45536f001b957dfe
SHA1 3e7aab94dd24cccc0e45d7295edcd34f88930a65
SHA256 d90819ecd055f9353241357c92b150e45922f9c7420ca59efa063d4c21426040
SHA512 a083c5b6cdd8c874c67653c27da72d8f927f61a42b0bc2e99f0ca0e0c30ec3b84f4c96d8776faafe20aa4f1eda268284ffea61f3c1e1b116dc5138ce8d665c7a

/data/user/0/com.cn.zzmain/databases/com.cn.zzmainb-journal

MD5 1caa05a9f81486f42bf172a5771f359b
SHA1 39c128f5849422d929a5509cf46b00573f84a3af
SHA256 1c99d0ac77fe7a4ccb32ec63f49bb01ffdc0c64537eb630ed81cd4fd473882f6
SHA512 5c48f948b4c39a392ef62f5cf666f0bdf0c47e4a552fe6d0a043c230e9a0abc611f00579cc281cdc538b06ab9887fd7934aa90e3866a41597dbbc674ca1ef02e

/data/user/0/com.cn.zzmain/app_ttmp/oat/t.jar.cur.prof

MD5 e9ba5634e5413973e548ea52570e28fb
SHA1 f8e6832cb605dbaf676e1aba86ba3a9ab3e40196
SHA256 8700af2f491dda3fc63ad71f211c81afff7cd077243f2e49948c859968ac7ea5
SHA512 9f19dca87c6962382e0e3881c71d70a7cbb1ebbf1390e58a38edb79d305ec9f336dbacf6a1cbb90f21393a4a5021672053666367447f35f3950b758ed9bddde3

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-16 10:32

Reported

2024-06-16 10:36

Platform

android-x86-arm-20240611.1-en

Max time kernel

178s

Max time network

131s

Command Line

com.tech.browser

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tech.browser/app_ttmp/t.jar N/A N/A
N/A /data/user/0/com.tech.browser/app_ttmp/t.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of the browser bookmarks.

collection
Description Indicator Process Target
URI accessed for read content://browser/bookmarks N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tech.browser

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tech.browser/app_ttmp/t.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.tech.browser/app_ttmp/oat/x86/t.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.stosddl.com udp
US 1.1.1.1:53 a.asense.in udp
US 208.100.26.245:80 a.asense.in tcp
US 1.1.1.1:53 adserver.kimia.es udp
US 104.26.15.115:80 adserver.kimia.es tcp
US 1.1.1.1:53 google.com udp
GB 216.58.212.206:80 google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 104.26.15.115:80 adserver.kimia.es tcp
US 104.26.15.115:80 adserver.kimia.es tcp
US 104.26.15.115:80 adserver.kimia.es tcp
US 104.26.15.115:80 adserver.kimia.es tcp

Files

/data/data/com.tech.browser/app_ttmp/t.jar

MD5 39f7c5d4a7962708aa7d98bf2fadfc27
SHA1 cb348f750596b2e54705eb7d20b9fb2cc9d8807f
SHA256 e303dc3a3e31e4d525840e20486b6a99821e330b75c11e61c0f78d56f5dd9558
SHA512 55267b2721b056f9dab24c9f29df40db648cc3bd2eef0f4464da5545e6540f3f18cd8cdd9b7e7c77fe7a4fe37a08eb1bde482edbdd7eb364dd840f7f83740caa

/data/data/com.tech.browser/app_ttmp/t.jar

MD5 cf9c7fb39d30b43019bfac428a3269ab
SHA1 912d7b2f83d9d0eae24d5b4cf1a5033cd2b8a283
SHA256 9031644073855d5bc7ad4ac8f211b472c7b52b8a5b743e85b40d1864f95a09af
SHA512 2450ac53f0f2ecec5d32ce0fb90ce4ed051d25319965d6758d90e0ede8cc813d445911e7511f140510d3ed19390a1effb9c1758861a95cecde8760abe127590f

/data/user/0/com.tech.browser/app_ttmp/t.jar

MD5 71f79ba9526f0b6a04ff423212d75238
SHA1 ff505b3673f566a812ae925acc84157a1b6f34d7
SHA256 ab9672e93263e2459e8381f5216b8d8ce928c7bff5fd74cca8ae6f32977e557f
SHA512 b8df08dabb951a4881c0bb7cba6b80b76eeef9776fff51730daa8672f0afb6fa514b9c8bb8981b93db698698a83b77391e16aa612b55cf1150d6c18881aa2253

/data/user/0/com.tech.browser/app_ttmp/t.jar

MD5 4d50d49666dd4a7aab4ba4c4152abbd4
SHA1 b0ed22f4b8b27c2c20bf081eaf7f95a9dfd9cdfa
SHA256 67ee73418973fbe2d071df13f4e340c8951157a1594914b987605df034063963
SHA512 7979989b4a22c23d175052478c75c9884f51f85fde38dc440c42a76202e81bf51622fa9fd44a58748c0b562111cb54fd8e4fc0aac702b506a58ced2db2e680ff

/data/data/com.tech.browser/databases/historyManager-journal

MD5 4629cb59fde2158df4ca711207aec810
SHA1 505cc43fdb664744cfb2814c034a543a2c886260
SHA256 40575dc5e72e41a15a9ae1e2344e615a22377ea6e68f58f78847f56fb77e8258
SHA512 536de2e368668bae5cb3eef10f1b785c10c8335ec6517afc9f2b0cb88e0bab17872f0fe0934193378608bcbf5e4297d1742f293d80c20d987c28b5b26aa0faed

/data/data/com.tech.browser/databases/historyManager

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tech.browser/databases/historyManager-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tech.browser/databases/historyManager-wal

MD5 e8c45449961c676c072251264455bf32
SHA1 ad549133ddfa5201c655b8428216140f09e4c64d
SHA256 9e43593cef2cc824d53a7e473a8f333e5671e6ef5631314add486ecbf294681b
SHA512 d50a86cde9bd053405dfb8b78b36d6a2f5a4664a833ff3ddface6c1a5f1a4482ffe4e661b1b508e5266aac63ad8180fe72022bbb751cbff2c75d5eee8c060286

/data/data/com.tech.browser/databases/com.tech.browserb-journal

MD5 7a6d1a54fa1b88c2be76eb61f5ef1ce0
SHA1 a55cc606dd2a8f842c1da7207828dc3a590552d8
SHA256 4ba8b0ed090ef8c17ce727b37150e7eff122b8ccc3f5d7899bcb2278a7611043
SHA512 b018647001f7831aaa21a3d83d8e4083cde38342c31f7693df3f1c7e2a7c4be59def5c8a0211259e75006be335983e936a0ace7af1b80721786c4725aab9eaa3

/data/data/com.tech.browser/databases/com.tech.browserb-wal

MD5 fcbf6a6a4538f6dada5f7aebd29f29ce
SHA1 ad7b08bc634a2269ecf49ca76ce08715319d00b7
SHA256 b595a21e27f6f1377e8389a45ae4d57d4602b63977385730fd3a765ca5f34bf9
SHA512 70ca1b13caae833c81f77d9f28bdf21944120901ef10626bff26875567583dd8a6b8910aaf4831d71ff7ddd964a320bb769666be8ccf52456b1ff38bda699338

/data/data/com.tech.browser/app_ttmp/oat/t.jar.cur.prof

MD5 1f00ac868da3c6c402c1e2f7a5f28d33
SHA1 4986fdaf39b009ef69a4239f6d08de48c8f7997c
SHA256 4ace29158538e419cd1361ae3bf70be8d6117c18f2a26be92f00fbc4335bb052
SHA512 2e08991127f4c85080c1f7efb877bc6d615344f70d4310698febe7db7902dceee4067be12ec64c125a21a1c9d77ee1298cedaae310678501848013edd6a02de5

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-16 10:32

Reported

2024-06-16 10:36

Platform

android-x64-20240611.1-en

Max time kernel

177s

Max time network

151s

Command Line

com.tech.browser

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tech.browser/app_ttmp/t.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of the browser bookmarks.

collection
Description Indicator Process Target
URI accessed for read content://browser/bookmarks N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tech.browser

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.stosddl.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 a.asense.in udp
US 208.100.26.245:80 a.asense.in tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
US 1.1.1.1:53 adserver.kimia.es udp
US 104.26.14.115:80 adserver.kimia.es tcp
US 104.26.14.115:80 adserver.kimia.es tcp
US 1.1.1.1:53 google.com udp
GB 216.58.204.78:80 google.com tcp
US 104.26.14.115:80 adserver.kimia.es tcp
US 104.26.14.115:80 adserver.kimia.es tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.78:443 google.com tcp

Files

/data/data/com.tech.browser/app_ttmp/t.jar

MD5 39f7c5d4a7962708aa7d98bf2fadfc27
SHA1 cb348f750596b2e54705eb7d20b9fb2cc9d8807f
SHA256 e303dc3a3e31e4d525840e20486b6a99821e330b75c11e61c0f78d56f5dd9558
SHA512 55267b2721b056f9dab24c9f29df40db648cc3bd2eef0f4464da5545e6540f3f18cd8cdd9b7e7c77fe7a4fe37a08eb1bde482edbdd7eb364dd840f7f83740caa

/data/data/com.tech.browser/app_ttmp/t.jar

MD5 cf9c7fb39d30b43019bfac428a3269ab
SHA1 912d7b2f83d9d0eae24d5b4cf1a5033cd2b8a283
SHA256 9031644073855d5bc7ad4ac8f211b472c7b52b8a5b743e85b40d1864f95a09af
SHA512 2450ac53f0f2ecec5d32ce0fb90ce4ed051d25319965d6758d90e0ede8cc813d445911e7511f140510d3ed19390a1effb9c1758861a95cecde8760abe127590f

/data/user/0/com.tech.browser/app_ttmp/t.jar

MD5 71f79ba9526f0b6a04ff423212d75238
SHA1 ff505b3673f566a812ae925acc84157a1b6f34d7
SHA256 ab9672e93263e2459e8381f5216b8d8ce928c7bff5fd74cca8ae6f32977e557f
SHA512 b8df08dabb951a4881c0bb7cba6b80b76eeef9776fff51730daa8672f0afb6fa514b9c8bb8981b93db698698a83b77391e16aa612b55cf1150d6c18881aa2253

/data/data/com.tech.browser/databases/historyManager-journal

MD5 8428a108b0be317161c883359bd94d2d
SHA1 853b4d5525b08cd5153c9f933c8e99767ed9f274
SHA256 b5abd98dc038c904861e7732bffdff780e2555186264233d9e5059325312441a
SHA512 a575ae15ec452d042cec41585ff9e13c03bb429fba5add416cfd2b6c40ce4d6a26927b143fa6f6015cc4179bd9f57f17215185a645e10e94bd2befb523f76aae

/data/data/com.tech.browser/databases/historyManager

MD5 fa825da9100731f60dfdf25682ae7f2f
SHA1 7b4f3f064de4ff3fe37fb39db0bea9628bd46451
SHA256 3b54ff4c6cb875ceeb6a38037c9fc6449e8d2ef60ae0dc27af998020c89db354
SHA512 bc8315805acdb6ed1af2ccebad769f9423456607f661a425a665d8a12fc65d860bb5dc128ce238e51059d0c92847b904bfc934f7d27e74e7c1b09347316048fc

/data/data/com.tech.browser/databases/historyManager-journal

MD5 140a94b13882950c6266ee3600236323
SHA1 956b3dcf7496d63b9ed9f2b51b68b7dcd596d7dc
SHA256 af4e6707a99eba2e4fb7bf4d99dc5ddb97f6fac49d08c99133ee23a6f36f2f5b
SHA512 2748f6d847cc96ad8228c6d5cf20c4d94b0d3861c255ab2cab702c8d2349c7970221ed9303faa0668360c1e1314b9b5e03ba80733dc298634fa497be7bd520e4

/data/data/com.tech.browser/databases/historyManager-journal

MD5 df9006529797de0e61fb349ab4759ddd
SHA1 62d73be25abc7b5dfab3f049cc177664c1e1a823
SHA256 61d563a60f6fc85c0a66a8803f2717d7fd8828fc50ef0a03e5d9da214a6b1c33
SHA512 535a3ab738db035fee0f580d2a2311739b54419ea314d5b1252470deace3f52521454131f05425f98d158a89a65a9a6d335275e41077207884621788295f9906

/data/data/com.tech.browser/databases/com.tech.browserb-journal

MD5 085cb1def61f772ff7d8fa719fecf02d
SHA1 44d8c12b727c5a9d3ef7b59223602d49041e068b
SHA256 3c8371fdf484ecf39caf9879ae3a9d3717c9c1c44953afaf22f8e80b33735ab8
SHA512 ca60aa1bcb07f3e921ce0a6843a9ae1d07644e61be88529cf1c6a311eba920e0cf1aee0d3a7699add08bd2dba283aa3e165a6b2edbf1c457f32c345821cc0e9d

/data/data/com.tech.browser/databases/com.tech.browserb

MD5 bf015973436517728975e29bc8163e11
SHA1 97679a87845a2d90194942f60a070b1cae801656
SHA256 976fb5fb2f4f4405ff69455ec01fe7f73746974a4b763edd8d6fed924a0e943f
SHA512 1ada3aed8d9336558d7d6eb88e78f5b0a94508a3afdce715ee210b1029d04623eaf28680c5c4f06dced79cbf0b9dc75a38b38eb47407a88ce08342c758ae96e4

/data/data/com.tech.browser/databases/com.tech.browserb-journal

MD5 6b1141f7faa7317f5139e6349e514cbc
SHA1 fd5d96437305213fd6ce9c421900f1b1c25003c7
SHA256 221440bfe0de54c6fb18c58479a3a518af1010e0e884baeb1b30cd36eb32118b
SHA512 86643e4b91dfecb300431a2fa27a66b2b5d6d41607cf6459541f02bba69799999a49d128eabf5580e3e773788b54e5ca4bf85e5c636e87afceaa741b68fe5580

/data/data/com.tech.browser/databases/com.tech.browserb-journal

MD5 367fecbf42e25ca46a0688d2fc288f71
SHA1 e5df7330e64f2b74425354caf7c9eb98d07c4ea5
SHA256 cc29add1c034501b466615405fc2830d965d5f48953ff9d85207a1c8056f0eae
SHA512 0d2178bb6d101458626f22f9a0154f7e70a0ee07c02eaf0ad6ef226424605620daa0e5e51e331db882a1a8ad68ade1a43cf30604b41d36257f80d71e26e880e6

/data/data/com.tech.browser/databases/com.tech.browserb-journal

MD5 657ba174afa1b194c90355f2d5b822c8
SHA1 153c84c082b4b36d2b7c2702fab39dfaee214410
SHA256 2d683f46c37bfec3ff1cd5967defa1e3906a16bb74629d12621b9d0a7d6e6fa7
SHA512 512059731491f3d29fd6160e2f3e57970d36aeb8cf57eaa8f0025de5ff9cf4b12efcfc0083372b847f34518b576c3f18eee317207f805ac2b64d2ea096156d4a

/data/data/com.tech.browser/databases/historyManager-journal

MD5 0f644f23696eebc658c562d884260633
SHA1 e85bd14631896b5b54b92db0dc12f5114ae95548
SHA256 6dd725205d85d5c981258235cbb693e7022165a0f8613d557e2dab2643a82f68
SHA512 c389acd17ca12b7a8a7f3049b893023b9084e512fd06d32caf1ef73676969169b45725daf7792dd271556aa83ef2f8c74957320aaf692dfe67b6052ee53b5aa7

/data/data/com.tech.browser/app_ttmp/oat/t.jar.cur.prof

MD5 059c45b0cf793fe1e53b391ab9dfc147
SHA1 82c60f03dae6f6ea4866d6104fb5487eee0bea59
SHA256 2c403ed9ffd05c9888a7a016d64ed64ed54ba5a5dfe339881d823d82f98e6292
SHA512 ed6a88f9240113d7274acd23c6acc4a9bca50a4ba0719eb7d189576d92994722e36950024226d2509693cae8081b7e99a9288d57c18e5edc41998c4241dd42ea

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-16 10:32

Reported

2024-06-16 10:36

Platform

android-x64-arm64-20240611.1-en

Max time kernel

177s

Max time network

132s

Command Line

com.tech.browser

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tech.browser/app_ttmp/t.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of the browser bookmarks.

collection
Description Indicator Process Target
URI accessed for read content://browser/bookmarks N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tech.browser

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 api.stosddl.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 a.asense.in udp
US 208.100.26.245:80 a.asense.in tcp
US 1.1.1.1:53 adserver.kimia.es udp
US 172.67.71.21:80 adserver.kimia.es tcp
US 1.1.1.1:53 google.com udp
GB 216.58.204.78:80 google.com tcp
US 172.67.71.21:80 adserver.kimia.es tcp
US 172.67.71.21:80 adserver.kimia.es tcp
US 172.67.71.21:80 adserver.kimia.es tcp
US 172.67.71.21:80 adserver.kimia.es tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

/data/user/0/com.tech.browser/app_ttmp/t.jar

MD5 39f7c5d4a7962708aa7d98bf2fadfc27
SHA1 cb348f750596b2e54705eb7d20b9fb2cc9d8807f
SHA256 e303dc3a3e31e4d525840e20486b6a99821e330b75c11e61c0f78d56f5dd9558
SHA512 55267b2721b056f9dab24c9f29df40db648cc3bd2eef0f4464da5545e6540f3f18cd8cdd9b7e7c77fe7a4fe37a08eb1bde482edbdd7eb364dd840f7f83740caa

/data/user/0/com.tech.browser/app_ttmp/t.jar

MD5 cf9c7fb39d30b43019bfac428a3269ab
SHA1 912d7b2f83d9d0eae24d5b4cf1a5033cd2b8a283
SHA256 9031644073855d5bc7ad4ac8f211b472c7b52b8a5b743e85b40d1864f95a09af
SHA512 2450ac53f0f2ecec5d32ce0fb90ce4ed051d25319965d6758d90e0ede8cc813d445911e7511f140510d3ed19390a1effb9c1758861a95cecde8760abe127590f

/data/user/0/com.tech.browser/app_ttmp/t.jar

MD5 71f79ba9526f0b6a04ff423212d75238
SHA1 ff505b3673f566a812ae925acc84157a1b6f34d7
SHA256 ab9672e93263e2459e8381f5216b8d8ce928c7bff5fd74cca8ae6f32977e557f
SHA512 b8df08dabb951a4881c0bb7cba6b80b76eeef9776fff51730daa8672f0afb6fa514b9c8bb8981b93db698698a83b77391e16aa612b55cf1150d6c18881aa2253

/data/user/0/com.tech.browser/databases/historyManager-journal

MD5 d2f1c0c8fd10d9c156187c2e4ae9eda0
SHA1 cd7d8a78d9bb4173d52a863281541124cd05db54
SHA256 5454d00301474b559162feb6698b21eebddaa0ecd1d6f1a9e04e459bc8521b40
SHA512 11a5ec553aa1166150a5d5e0c11c61e6fdefe086ffc471d28058af4925704964e94258d09aacab595650a38f44f141ff4083fdf761676f599fcab89fb8ac8989

/data/user/0/com.tech.browser/databases/historyManager

MD5 d2a0385b80b915e9e6ce698e186f713e
SHA1 b2791058088a849b5471a4e69d9a603f5a5c7d0a
SHA256 283af987aa07e691c6e2d66b9b7755a0d8afa25bda41b35d03eb272a8b4745df
SHA512 a16a8b492abb189d6292f1710fbb55a19dfcb0372dbd4fbe78d32a6df197437efeabcad2621b259ac5264c806e5289ca2d56eff567c781d7dfc9c160ac3af92e

/data/user/0/com.tech.browser/databases/historyManager-journal

MD5 36af76a42625fba6b54277f490a2739b
SHA1 c746d1f01a918bacf2356b785cc9aafec44737fe
SHA256 fa8cef2fb3350ad8bfbaa3dbf3e900fa3a2c0fd62780af261fe8a1bb7b932e3b
SHA512 8c6c5a73c4242231114a468f804348fa6f5cdc19cdc8652406de27951155edebf0cccc942bd5ccde4449de0700742222748f6404d65eef142a5e8aafdba849ca

/data/user/0/com.tech.browser/databases/historyManager-journal

MD5 b4528177060de91767355a5c92bd7b42
SHA1 10b08f920f34016072ddde8dbcb936b84f60f7af
SHA256 34ebe864b966dfe963b3b954519a0df29a25a93719711b40fce1089628606583
SHA512 1a2e37fca690532298f41042a89e4a15fbff60bd7db579398c6f5a6d3c1903f425baf3949f91b62c6bbeb5c4c8df68140703f397d215e335c09f20579072e987

/data/user/0/com.tech.browser/databases/com.tech.browserb-journal

MD5 c74c5f054186d41941739fc022a7b756
SHA1 5a39969edb41b82f40ea5e64c702de846212c591
SHA256 e042733b4f8d5477955d8be12a21a926b420ea35d0eff83a894b8de2a8fd07fc
SHA512 24802d59bd73ba422224b2837dc2549b270080e7ad47db678eb7ef11fd728700e376f4e0530e2aa6293dbe99f67090aed5f21a035d548c02643b73eee41b5770

/data/user/0/com.tech.browser/databases/com.tech.browserb

MD5 8f13ad1dd8e771ede171330192cd0b06
SHA1 24ff36095cd09b7024e8d2b833df0580182fb789
SHA256 9ce65a0c28f6e17d0e7a4aa90fd3540080858fd814c0131d07e101b91fd9603f
SHA512 d7a6d872c9203bd2ea597217bb8d8a7413a0fb5424e0b9d16d024412d4baa2b54d3798ebb5ea676dbbb4b865ba974b02b28b0ab1f561100769b4e0bcd56769f4

/data/user/0/com.tech.browser/databases/com.tech.browserb-journal

MD5 a13a47347d4830f9c19e56b22f72bb1d
SHA1 e0b962ef6be531aec3420c322ad6af6587c02fd3
SHA256 3c8fecaa54a1fce57fd20dd7303d51f05d3b01542076049c44e4a2515fe9ac48
SHA512 7e82a11e3bccb5a25c8ddbaf79c59545101aa70953e09bbcd8cb06893d4da66d41344f6842247e15c3fe9cef069c9ae0e943bf10992db5340521aeae19cc3a2f

/data/user/0/com.tech.browser/databases/com.tech.browserb-journal

MD5 721584ebdc42c6984ad2e0c4ea5c0383
SHA1 501247c118a53a7ae3d26ea1bb02ab5b2c5dbc84
SHA256 d4851c268256d0e37e68833c68fc3423613ce2a9d7d41f06c7f3193b9c846756
SHA512 6aec84811c3771caf67acb499210b8b70d9d125a174426237e199ab9757ab255a5e696712ed5d9c1c33e681a7b9b64ddb3625206f6ca97dc6d6eae9ec7b87e6d

/data/user/0/com.tech.browser/databases/com.tech.browserb-journal

MD5 427435e940a0b1b27e70d7ef252bebbe
SHA1 44789eeda517566bb8697b83462988095d3e2ec2
SHA256 7215aee20b9f99264dbdcde44ccdbf14f166efa35b255c552a102fd2ca9d5a60
SHA512 cec211013ea83eb65fa89a14277eb30ff2396b1f5a994dacea1a526f4c3a93dacb5316177d274fa5f5fea301a23bc6dbe05fd97824fce729080a019179e95ed4

/data/user/0/com.tech.browser/databases/historyManager-journal

MD5 b22e4509913d4f393f8919db240f2138
SHA1 e482d4501f64f810d154eae2ca10fb4b29dec4b6
SHA256 02e0676a3516ba34f7714449e8495843459aec26b99653b122625366d1ff20f5
SHA512 b062127741cd453000ede6ca03ec483e343f9840c71013e4bc39cc63af25c33315813063c13234354c782bb34455a7f0f79b762f3e94e98a8dc3478ae203345e

/data/user/0/com.tech.browser/app_ttmp/oat/t.jar.cur.prof

MD5 0db57f13cc657f373ff7c9572e6cb5da
SHA1 b69472b5e275a7315a60132ae3ad92a04a1458d5
SHA256 c6f99b792360d915cb4b06ff202df1bc47426cd30c4dc11a74e4a436e706bc6a
SHA512 eb242fc39698e7b10356b822d9e808723c73a555d843d895cdaa4777a3abbf6be078d6e6c6f8206fef26ba9eccb0e732b402dcbdbcb6c872f5e11be75095c7a4