Malware Analysis Report

2024-09-09 16:20

Sample ID 240721-n2lz2szcja
Target 9ca1f601e4a014349e56f6cd07f44d0ecf2d0d2bbdf75841257714161b61c581
SHA256 9ca1f601e4a014349e56f6cd07f44d0ecf2d0d2bbdf75841257714161b61c581
Tags
discovery evasion execution persistence collection credential_access impact antidot
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9ca1f601e4a014349e56f6cd07f44d0ecf2d0d2bbdf75841257714161b61c581

Threat Level: Known bad

The file 9ca1f601e4a014349e56f6cd07f44d0ecf2d0d2bbdf75841257714161b61c581 was found to be: Known bad.

Malicious Activity Summary

discovery evasion execution persistence collection credential_access impact antidot

Antidot payload

Antidot family

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Checks known Qemu pipes.

Queries information about active data network

Queries the mobile country code (MCC)

Reads information about phone network operator.

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-07-21 11:53

Signatures

Antidot family

antidot

Antidot payload

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-21 11:53

Reported

2024-07-21 11:56

Platform

android-x86-arm-20240624-en

Max time kernel

71s

Max time network

154s

Command Line

mob.play.rflx

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/failsafe/su N/A N/A
N/A /system/sd/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

mob.play.rflx

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 = udp
US 1.1.1.1:53 firebase-settings.crashlytics.col udp
US 1.1.1.1:53 configv2.unityads.unity3d.com udp
US 34.110.229.214:443 configv2.unityads.unity3d.com tcp
US 1.1.1.1:53 adsmetadata.startappservice.com udp
SG 138.2.110.152:443 adsmetadata.startappservice.com tcp
US 1.1.1.1:53 infoevent.startappservice.com udp
SG 138.2.110.152:443 infoevent.startappservice.com tcp
US 1.1.1.1:53 m.media-amazon.com udp
US 1.1.1.1:53 i.imgur.com udp
US 151.101.1.16:443 m.media-amazon.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
GB 18.165.227.78:443 webview.unityads.unity3d.com tcp
US 1.1.1.1:53 info.startappservice.com udp
US 68.232.34.193:443 info.startappservice.com tcp
US 68.232.34.193:443 info.startappservice.com tcp
US 1.1.1.1:53 trackdownload.startappservice.com udp
US 150.136.215.59:443 trackdownload.startappservice.com tcp
US 1.1.1.1:53 sdk-exchange.startappservice.com udp
DE 132.145.224.90:443 sdk-exchange.startappservice.com tcp
US 1.1.1.1:53 thind.unityads.unity3d.com udp
US 34.107.172.168:443 thind.unityads.unity3d.com tcp
US 34.107.172.168:443 thind.unityads.unity3d.com tcp
US 1.1.1.1:53 auction-load.unityads.unity3d.com udp
US 34.49.168.197:443 auction-load.unityads.unity3d.com tcp
US 1.1.1.1:53 httpkafka.unityads.unity3d.com udp
US 35.244.205.3:443 httpkafka.unityads.unity3d.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 142.250.187.202:443 firebaselogging-pa.googleapis.com tcp
DE 132.145.224.90:443 sdk-exchange.startappservice.com tcp

Files

/data/data/mob.play.rflx/files/PersistedInstallation1080125353996334658tmp

MD5 8594149dfd6d2f2fb8db68c224f4bd13
SHA1 679d45662443ca3190241e7851dd15f9af71d1f1
SHA256 2265df708ca8fc6dfb7c1f3bde4c4ec711194b075437385aae21256e87988167
SHA512 a57a6b9cd42aec72d4b0650833342eb06c66fc5bb725fca0a5d73cdbbc72e77e7d845ac8cf283a4212c71b6d747063f916cbff0d8647b2666062875e1a0fe6a0

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 d1a4a29cbad79348beadbf63e8aca70f
SHA1 f99f75f53f3298db17b271661fa2696e6447b7e6
SHA256 cd205a19f70eae073fc603103c26a3065a7a246d08fedcdf63d642d11a7ec479
SHA512 7a79dc52cbeb7da8408b72bb7664f81e19bc26461d19f3b0350d402927588e93f0da5b524d1acd7d1591adcd549779a8898b2511fe99b6c9e98ced54a9f4ce2d

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events-wal

MD5 184c527c62e438fb74fe72a3089413f3
SHA1 45f09950588769710583a2dc485c40f9049f64f1
SHA256 7a6d9ece517332ebf5e1f1635d1dc942d7afb01eb968cb1559d007f53e4815a4
SHA512 3aa73d9ad792e9a8680c9e645b4ef8f969d1acee922408eba672aad6a874e8dcef5d77e26a3b46d20f3f6911ed4edbf3eac6587860800029ac1c8e32f209ffa9

/storage/emulated/0/Android/data/mob.play.rflx/cache/UnityAdsCache/UnityAdsTest.txt

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/open-sessions/669CF6CC0378000110D466BE6B018C7D/report

MD5 60536323e5af7a670598d4eef181795a
SHA1 82fc3d351ed842dce4c06144489fd6ca54c32e16
SHA256 ee2f2422e47220980292ec03fb89d6e12a087dec6f5ffe5099958347a4345b84
SHA512 7a9e82a2e336b889bacc441a7a6e1c98905523ceb11ea2d35a77b7a355ab581bfc17793b79a048e50f480cd0aefa182b543319ff07f43196f95d68ce183b15cf

/data/data/mob.play.rflx/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/mob.play.rflx/files/shared_prefs_sdk_ad_prefs

MD5 65026ee778e1372d9f4aed742772e893
SHA1 5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc
SHA256 15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c
SHA512 589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 cc55fca59467fbca9714c267912f6955
SHA1 7e4baf3d8b0fa5714cbada979fd2aca0bb43e1ea
SHA256 a16d8dcbc86503dd587a203dd3f5c059760bf933538f6f5de833716fac913db9
SHA512 c464f31d20b0dbbef2303df2009fc7a0fce98bf8a3349244567eb35768b7db8414b6866a9d34e99108ee9489bf09b2e9ab3706bc08c153e04cf25a910ab9994f

/data/data/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 b902f8fe0a4e2342ee76e766c7f0f192
SHA1 af5d0ea551baac9b6fd769585d3cc551ffe87417
SHA256 3d99898a52313906f5cbe66f779301a114fe0ea8f2d4153410c479a8c4d9f5bd
SHA512 1f1de122a74b3069a235f40405ae9ff85e6cf351d8b984483971904f0d5acb12bb99bf814f085bb0f46c6fa0a41b3d62b940d9c93a574c86ff117d1bb77f434e

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851-wal

MD5 d9838bdf152baeb71db50cfe315ee825
SHA1 7b586e7da15c0f1300f3aef476c5a8ede7ad50b7
SHA256 cf04b286a6cf8ac6c668de6dc99f39437203a6ab1491abfe9d3cba78fac7b60f
SHA512 1ec67839bc2ea09520fef57796c8699e71e56c72fb1091e26080ec2f59bd06fb73623dc0624c364825f1899e8c9eb2079b92bbc47f822c71d004170e7026b412

/data/data/mob.play.rflx/files/PersistedInstallation2057772360694260278tmp

MD5 82821ec6a868d67d209762d516b8f384
SHA1 355e03e2f0087f7a98654ed6f508f91cd36e732d
SHA256 9851d976120212fb512e51fb8184980cff9547f51433c5b9255f8a8a34e5e3c9
SHA512 52738c080d606799d3cb9175f5834bc8676c5620392256c379a0d80ce52e97a4dda7ce7f95b86b785e3faf1f04970a75897e2ceaec3d7c242d6283caabf3dfa0

/data/data/mob.play.rflx/cache/image_cache/journal.tmp

MD5 d6ac8c8db0504502d7f0e057a78c5ce3
SHA1 8f4cf91a262b24ec9c1a6e7c41fd6d16b6623bb4
SHA256 8f22a32cd8de58916041d1097976f2b9c80f7e9a18593d5a6b058bcaed17e22a
SHA512 100e74f0c65b51a17de6eeff96d5c38bd6d40e3c8ee00094fd906ba5794088fe1ad6f3a15be196480384cf01399ea26665a05471404f1eeebb0c82ae6fb104bb

/storage/emulated/0/Android/data/mob.play.rflx/cache/UnityAdsCache/UnityAdsWebViewConfiguration.json

MD5 d165470950d875a5ef05e52b16fa2b71
SHA1 8eea6374a2f17e04a9265785fa1c805c4c3468dd
SHA256 ec0f12a51524d344321180bd9e3a0ee6056b5a7a563e1c42b5f1c8a9fc9c334c
SHA512 41e5625b05198d45d337c55cc8135651bd11b2e34ad264fa4ccc2766b1efa4f5988768b3323950df1bd523144bb759db5e591fcdff754ba7baf669c67a1383db

/data/data/mob.play.rflx/files/StartappAdsMetadata

MD5 c5ec03049f2a725dbe8dff5598ea7afe
SHA1 3272e70169bcb264b8072dec2dda5c2d2f7432a1
SHA256 8d11f72942817bf46c3b47ba9e7892b70b5ccee1e01116804ac1d5b683c48840
SHA512 8d0134a29ef6c20c39e755d4d36fee2c119ae32d6f05d1d62c8ccf116756f216e8a9825a5cfdd576576d79c9bac33055b47216efea7dd4f966a14111680588c6

/data/data/mob.play.rflx/files/StartappBannerMetadata

MD5 1464bff0fd2bc323b44f3019e32e43e5
SHA1 e723343e3d4bd22bab0510ab4d1233e346b4a838
SHA256 5225c5f27e665aa4efe233d9efa63a60e7a62171ed33c1667cbb5bf6b92e44a3
SHA512 dcfde2c757c5b83ed0060792c6900f1e2614410a2441563d2bdbadfc24326f73f2fa0fa7f2b7bd4555aa2a2b03c15e0ac3d28ad4836e0fda5484f00f8f2eac01

/data/data/mob.play.rflx/files/StartappSplashMetadata

MD5 84d44d07ee0cd574f5c73907b7a6055e
SHA1 19c7bb2bdf7f98e4ec69bbbd94981fd6ef8966c6
SHA256 e0a6705cbbe7af1c15e10c45b471bfff79dada9044f17fb7226c8fb6460f7ca2
SHA512 d8ecf9b58cb4aa25d14be75bdbd5c941dd5ecc98b85edd26110f93da78b552d3264b5458ae1e26a489f66e0d4771dc147d8afc73b6532a795e6457e27aa27947

/data/data/mob.play.rflx/files/StartappCacheMetadata

MD5 c41164d8f5044093acc85a4f93b1ca1b
SHA1 2001e355baa615da01da5bb8b60c88f64d0e57ff
SHA256 5e478ae54831bad55c4dcda78db4fa071411c98ddf9d057ff557a36b1cd9c3e4
SHA512 3812f2c85d4e24df3e68b0912a2dab1d1fff198ae0cd8c238e925239b19a084cbf2d58831bf5897ce764029f28bbe515b98acfb940ce985280beb9cf6251c57d

/data/data/mob.play.rflx/cache/image_cache/journal

MD5 296a35b34a6f6d3416345894df2b7ba6
SHA1 3300ce21a09c34d8f7f1d08d64a10f421260d36f
SHA256 285acdfd5c4d19b04043d3381b54cd7362f72d80d632bc84cc22a6a5f18b7e22
SHA512 b019c9f946ea6e6ddf3f0aa80e1c25d36f712c1c4129b0faef4c7fa94ddb3e0bcc38ee34c09ab3aaef066052dc20189796ab8241e0cf26972c58edfed0b05219

/data/data/mob.play.rflx/cache/image_cache/7ae6fd055fb6315850cb90047af09a0e39b7d21bdc035e7e1427c49364d46071.0.tmp

MD5 91caf4fa77feb35b1c6c7075c304413e
SHA1 f9f83ce433ff6dcbe4279a7e71ef86735cc48f23
SHA256 eebaae33b0b25ad2e560640ad7570f1340ecb472d491c41addf2e8b6a82cfa50
SHA512 b79a2709afaf2a2138b35756d784204d72bb376b8164c17bffa3e1cac176627bcae6762001cc95c6b40d03106adb8029b840044ce8030b7c5ef316de5c16153e

/data/data/mob.play.rflx/cache/image_cache/e23018f4ab59b28a7f656987e73a576d1799266feb9a887f3e1a2a68de2f2949.0.tmp

MD5 a12fdf589e78f18dcf9aef937ac875e4
SHA1 1118b54f3f3ae5364dec700470479ed625700c1c
SHA256 04891aeefbfcade565792b95bb0c94ffa7b9227bbbaf5aa928db03507b1c5586
SHA512 a0dc29c184314820f033207e3081f59981e018a05b05fe08d412bf691ba5369bc801e3b8666dbb275dfe1e1453133ac9f142c93bcb16de1ea7469daa96d4a3ac

/data/data/mob.play.rflx/cache/image_cache/7ae6fd055fb6315850cb90047af09a0e39b7d21bdc035e7e1427c49364d46071.1.tmp

MD5 fda3ba51d2563ae877262ab24a991ecc
SHA1 9668c8c5c4992d7e670a2a3a4cefb3787e86be8b
SHA256 0e004cbf60176d9250cf944f590b71be498ac6dbde7ded9b21bd2385128cd89f
SHA512 bba32cc25a6925e3c57e1a1ef0c05fe8af52b9d69f69e42f3221c760db83705dc6e13362654854f5fb1aca9aebfb1a6811facaffa4cd96072769a1128b69eeb3

/data/data/mob.play.rflx/cache/image_cache/6a6bcad317482f3e63a6b153b8064b8c8da8181e7ba0556e036c1388db7f8c02.0.tmp

MD5 8304563e8809973a5a04b1a998013ebc
SHA1 5860cd88c9f5f1b157400ac1c8672e33883d6a4e
SHA256 9d5363de27a270b97c0f9fc4d767a4e5bc1888dd18812f8553a39a1e173a8978
SHA512 3d712a538e76308c498d8e32d152c0cc4c1b5b0e2de5a89b8e98675d4c106e54aa23640990f4cba31c4a44dbe9b2c8af41034bbf0b3c63904cda97c83a5a3f85

/data/data/mob.play.rflx/cache/image_cache/e23018f4ab59b28a7f656987e73a576d1799266feb9a887f3e1a2a68de2f2949.1.tmp

MD5 ffe181dfc72cb59bc2940e89840a8655
SHA1 4929cb34a0bbb8e28d0c0234d98a196df29ce559
SHA256 f75edcdc1707210faad9433f90ab76ddc115021ef577f2d4100e9680db86eb7a
SHA512 501d279f6e4043988b6085839544d4040b73df092204a135e64aee387fbe627f572b4dd451e5e88e386b961522674d677f5d736471aca148dd5e73d1f06c7d6f

/data/data/mob.play.rflx/cache/image_cache/150ce55074a464f003cbac3e1a2b1c4b3dd5a1353ae34cb113bd6ae9ad2df3bb.0.tmp

MD5 62a0bef2e5307ff621e46f4f26567e42
SHA1 0845b678ede17ce1c850683bd4d26f23762fcc22
SHA256 50b4e80b9809125e0261f36f7e4355860ec45ca2ca0a8fb8e2e7effddeaa85e6
SHA512 ecc2fd752ed22168ac96a42d81123cd290874043b413dbc5e4ccc0c3e3be8d9f1270f2ec5b5226935396dc4148f0a5e1557cba5effa4a1660a9d2ac8c0a2fda1

/data/data/mob.play.rflx/files/StartappAdInfoMetadata

MD5 e2bcd2165a6cf58ccb9a18feeb319d93
SHA1 11b5f16f4c4e419af93dbdb5d1b766ae862d2026
SHA256 8cc77606971661dea6d7de35bdd090567ab4b91287ca50c5d5f0f84516de3ba2
SHA512 ef0b6ae3dc75c588f0509ec45954505462eeae00854c55a82fe8bdc62857c8ca2834f1affaa354ecd582fee2263b59ba39cd258d1ab1ff409dfe43b36081d3e7

/data/data/mob.play.rflx/cache/image_cache/6a6bcad317482f3e63a6b153b8064b8c8da8181e7ba0556e036c1388db7f8c02.1.tmp

MD5 4a2cf19ed9256cdb59a73531a3bcb588
SHA1 058219382c255b8e40d390845335b6451e0a939a
SHA256 8c5b3eea0736712abb344095b8a362323105cdf5ffccd772d5438c43e814136d
SHA512 325353d1ca0d7be8eaca3710b8d53972acdc3554dc1d2aa96c180a26f4f283264d35fd4bcb53f4a05ebbb4ab44ee5b4046e1e9a6fc90e4a10506872af3c97c92

/data/data/mob.play.rflx/cache/image_cache/150ce55074a464f003cbac3e1a2b1c4b3dd5a1353ae34cb113bd6ae9ad2df3bb.1.tmp

MD5 81742588303dd0c3403427308754da5d
SHA1 d2ee73da6a3d47a5c08b4dc16a25dc7f6db96324
SHA256 ac594d293dc889245ca7560b4bd013aa597dfcda940118f9031c88884a38cb23
SHA512 d929733bf20a958ba3c895454295f137ace169c930ef4731111f5508f27da5e250fbd64c09ac7848e830c227bc6bae2d529d0f96067d21c6a698e490bbbb07dd

/data/data/mob.play.rflx/cache/image_cache/fe36d2bb575473fd65d6d20d71b8fc8a89b7d27022626b9089602946a98f85d0.0.tmp

MD5 31394eec82024db7ef4aeb9559720cd7
SHA1 42faa16818d84fcc57684b3bd7710ef52fc5f1e4
SHA256 ae2343aa0d6ed7afb7179aea0b823ce2564c43274b7e6a0fab35187d2d377df5
SHA512 965a3f50ba5fd430132822e9245145758c02cdea6418e1aeb6d6458fd129991c58d080bd341813268d8a30132de884eec01a10ac7c5d16d54cf82544c6fd52bb

/data/data/mob.play.rflx/cache/image_cache/9f818cf05bf8d244938d40094e27880365128a0510357eeb619f6bcc2c31755e.0.tmp

MD5 4e19ba5bf7240214ceab395b9df7e445
SHA1 802d4b3a4c0bd5a2556387464fd304ba58394c07
SHA256 d96bb6ccf99a4f74bb2f6e3a97a04877c1d33d84aa4ed4d3d520defcd1b55034
SHA512 90e3c038ce71a9177097dcfbd4c42dd5a8455d10a583240771bfbc6c0febf479cc66ed617419c40737e67e84c884735213e4762a8ecca172cd642dccbad91a96

/data/data/mob.play.rflx/cache/image_cache/fe36d2bb575473fd65d6d20d71b8fc8a89b7d27022626b9089602946a98f85d0.1.tmp

MD5 0db8fc28b5d233ab557346799f68a4b5
SHA1 802b822e4212b5dc78fc106b77e741113350839e
SHA256 98811f419147a645db5335ea45f42abee877a3fa77fab5dcc274158f51199b62
SHA512 9211db28ec5244673e7856ba06acaf1ea766f94b8d2a92d310b43cf434b544c310d4c1db7b6efe726d69d444a6a4806851829cfb67c2a82a85e956315c74eb66

/data/data/mob.play.rflx/cache/image_cache/9f818cf05bf8d244938d40094e27880365128a0510357eeb619f6bcc2c31755e.1.tmp

MD5 b413347912d6cc6841d4787f135d1bac
SHA1 76ce078af4c3bc6060638a7aba2211c8d9c53127
SHA256 670afeacaf73b2e6bd946a728941e729c59826ece96b6a2d08c295e62f554b55
SHA512 235d7036f06ce4720a77e0634022b836ec1447d5553718e7a9a3ed29dcb78dd323a89f2024751b9869f87ac88add9fce01d88b07dff75c80fcf3f62d8d4f5bd5

/storage/emulated/0/Android/data/mob.play.rflx/cache/UnityAdsCache/UnityAdsWebApp.html

MD5 60613793d0bce882b80f2429f3b50edb
SHA1 48b22e5a190e572e9014a10c4a4543e57f2cb332
SHA256 92eadd3cdd8a390d38fe5df7c795f9398dd143f7de64937592ca16b69e0cee54
SHA512 81e13b31b28f27abff6f67a827e4dbafced5d0814d958010f04f741a45aa3d5b0d991e9672f72e93d6d9680e0104a865ee33a68c29ec976c96c0743c89500993

/data/data/mob.play.rflx/files/StartappMetadata

MD5 59b416585ff92ae222c818c093b55c07
SHA1 d01be515322b5a434c904dd8bfc42dbc1c924626
SHA256 cf15ff193b31cd29f0ae3a57b5c71181fb38580631e1676e5df0e073bf61acab
SHA512 4b762f575cf9cf1d5f80cd84bc8b8378c088894f2a154b652928c7d04a8a5004d3a15798ca47ff45411dff43f7611e5845ae460a66de4e04504a0ef397fb6389

/data/data/mob.play.rflx/files/close_button.png

MD5 4d332a5c731fb506bb4644c91c38f5fc
SHA1 56fdadb5d38b29161910b3c89ce57b1aae67733a
SHA256 43e7ff284e786cced9a54218970d357ff06374836bc1791eb63d9bf26c6a3784
SHA512 c791b70329e32559d99f0259b38a832bc849768cab37973567a04fe8f66e9f5477136014ac17d16d1a0df0ca0f4fdad86d6a5f29581c85068b7979fb9e73b7c6

/data/data/mob.play.rflx/files/back_.png

MD5 527385c9a7dadd870919fb95ce4ff227
SHA1 a83ddb0ba89e4f83a07d6e0524d6ea900e800c2c
SHA256 3df2ccce7702c69051afd3fe66cf99e3f07e86d354956eba3888ddbaf545e717
SHA512 3b2f1781552f701331e91eb46fd38a982b2a9de8eb7259e912a710c63399fbe86fcdbe4c41fd8b8f34b99773a94cb02024e9ec64c38aeea68ef378de4f842355

/data/data/mob.play.rflx/files/back_dark.png

MD5 74860bc33c04b72a4848a5d7b97bec5f
SHA1 336856eed4d49ebd0d429877822ac5781b4a18eb
SHA256 fb479f88bc809d106fc15c465079b19f6027a01ecbd0d79267147c0529adea69
SHA512 9b6993ba917c3a687b0df03deaf9e5e6ac41d3606ef148e259eb32de8c41203249063059a11bd598b860f2e3d795c73cd339c5325f80a2623745e7003f6586aa

/data/data/mob.play.rflx/files/browser_icon_dark.png

MD5 c954c504c75c8ba2b112deb64869f78d
SHA1 5b594778f7a5bdac4e41de2d6c81225d5e329e0f
SHA256 37ee870f153d26b3956abcead4c45160b264fde6ca016bc2d330e9e36060ee46
SHA512 af1705681c3a2ef83427c853d310bc2dd6159f5db1c1b5a5740431a5a928b4c6541dcd5e3fcffd6c06697b87ca740a0ce2473e2cf141f21ee13730f325d4403b

/data/data/mob.play.rflx/files/forward_.png

MD5 795fe2fffc9505398b787eb2f15f440e
SHA1 c124812df2fbd8e4a65fb104aaab352ba300a57a
SHA256 976cb8c0c715b0b0e8b4769b51af1a08f06a4823d69b1f5284fec4531da21fb7
SHA512 c698c060692567afea47446d58d32e92b0bc922088c99e175f5125b264c20d425fe7dddc4b0d70fe9f53d41cfb87ef52965cd40934f21c9f5e2b9281dee72389

/data/data/mob.play.rflx/files/forward_dark.png

MD5 ae1702688d33694b08e2f990527fd179
SHA1 fccea348af9e98608b152c1e35307d04a1cddeb1
SHA256 87916bc88b54b8602b2f43695d34b196b5cc8948ccb6576b24cced2feacb245f
SHA512 aa0aa7306867900ec765e0645e2666ae1a913fb1bc67ba205b3b80d1b37089bd8692c2b34fca233ed3bcfe89a42f095a375df787d5c29ced86bd040981110d2c

/data/data/mob.play.rflx/files/x_dark.png

MD5 2e42562e9d02dafe67ac6404f58289b7
SHA1 c37072894b2169be2643dd5e541ff8dfccecebe2
SHA256 2f70939006596d2496c26284508e70ef260968eae1385c220e91e74b58e0d13a
SHA512 a65a9fff0c6e17c322d0f0d6e0233fcca6d701a331a0fbc7da7eb21474c11875bd0e3edafc6c1df248ba85f22fc47b403d5668316405adcd8f6e4907a893d3bf

/data/data/mob.play.rflx/files/empty_star.png

MD5 136e73ffc6805e043bf61a12b3755b1a
SHA1 b7bd8ee6bd46f7bf3a2f21879e71ff4684e56361
SHA256 ecf9d2a4448842086066d82fecd6ec372497298bfef3c8e3fd17a97187a3e7bc
SHA512 62a12a8070955026e27e6c146d46bc44a345b0b4752e1c45487f06224e11c42490344b259ee6fe51fb6e9847cf4146abd7d4fbd0274d0f2c532868bc4be5d527

/data/data/mob.play.rflx/files/filled_star.png

MD5 4ef85932c17e863921c9bbdf1394fe92
SHA1 f3811986d3648be1ca89162a079aff4644fe26d7
SHA256 0d6e7d7a915944adfb498a45a6db96efc77d0112ba1f374461868e257315dfa3
SHA512 1ba7939efbd515f81333a155064e248de27b2c70cc71004136ab9d3c61ad34baab7f1d00529e1c78d4cdf11deddbad2376d27d5ab1af699a9d29c5b5da7f4db1

/data/data/mob.play.rflx/files/half_star.png

MD5 ba75be02cd7e410fa660a1783b0fff3c
SHA1 b5b60389112f5c6179878423c6c97eb5ab1680b4
SHA256 77a060cb9e3f9a5eb52654135d00106d36208f3d38878ca3b752ca1af85cf42d
SHA512 9985e466e1652eed843a9dd97832b8ee9bad05cd591a4b17548e876ac65c6cfa4da4f46e83dddf89f9fb1924d92dbf21ce13e66059d5cc7dbe0500cf0c0e7b0c

/data/data/mob.play.rflx/files/logo.png

MD5 5f93b7b61e5bcf973fd93c049061023e
SHA1 7c154666967abc13d9d38c9b79eb6933db64566f
SHA256 4e537f889054c9f1dfb4b1a30c34ea180310dbc9b9bcc9123605f0f802a24557
SHA512 d96bb4c9daab3b2a72a3d82682a8f66ee85a0eb525a87afd13f46de949ee8a02d9a560da6584ecd658681c93a13df03d9a0f57382fdc40f56b2541a51e858a67

/data/data/mob.play.rflx/files/profileInstalled

MD5 5801d4c9b36d5efc59995d651a5efd39
SHA1 13b7a7ce97e5e1fa09b21d4651d63952140972bd
SHA256 90b6af0d77258133bab4501a9258f87c6824dc1f0758e5a3835a2cebe93a3be8
SHA512 9dce026bbc1eee740c13dac7a4b5fe593c4cf483e13db0eec5e138edcf6e356f0f34e62f132a12c273daa39cdc14e6aed2deecf7d4744cc0c585cb8468b48c1f

/data/data/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 ba09f769db9a9e4193df322cec932af3
SHA1 6044706d182117e1017f3689a4998a9580928d01
SHA256 1e41223515aa9080e662ccaf3ed44bfba5e5be2b5a86fa426b60f441ee5de607
SHA512 4e6194590d5979719c6e0870b25c3388f5835655a166dab81d15416efef1f674c89a69f485f77faeb220e5e66041d05ad86ce61835ecf32d89cc779281d621cb

/data/data/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 1caf17539732075329cffa69610a69ef
SHA1 dcbe98b6bff628bf1b5698a4113f8dd236ba7112
SHA256 db337ff7e2c5474183473c8ae8ecdc0719ba94d53ba05bffa8fa84b74620d30f
SHA512 270889df3cad4672e7a066018a48ea32270be1f6e107937b9d1e35e36ee7663ab846b870bc03afb5826a7a58cbf2aee5d7a1a2ba90b1c2ea844acfc26043eaa1

/data/data/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 721e2b4e54ed873b61f218adc4b62f8e
SHA1 125c84e0536547a07014593d4b6531d1cb89a36b
SHA256 20df350dcde73072d7b6cba86dbd9041f3b505a8bdd325430926a025b07e1635
SHA512 742ab4bbfa53495f12a5014eb511661d8f9c276659dc3361f834c595bd08d569f9578dc1991d93781df673b42a6ca56d3002b2ecc935f56397e7b5992792510c

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-21 11:53

Reported

2024-07-21 11:56

Platform

android-x64-20240624-en

Max time kernel

118s

Max time network

155s

Command Line

mob.play.rflx

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/sd/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/failsafe/su N/A N/A
N/A /system/xbin/su N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

mob.play.rflx

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 = udp
US 1.1.1.1:53 firebase-settings.crashlytics.col udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 configv2.unityads.unity3d.com udp
US 34.110.229.214:443 configv2.unityads.unity3d.com tcp
US 1.1.1.1:53 infoevent.startappservice.com udp
SG 138.2.110.152:443 infoevent.startappservice.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
GB 18.165.227.78:443 webview.unityads.unity3d.com tcp
US 1.1.1.1:53 i.imgur.com udp
US 1.1.1.1:53 m.media-amazon.com udp
US 151.101.129.16:443 m.media-amazon.com tcp
US 151.101.129.16:443 m.media-amazon.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 151.101.129.16:443 m.media-amazon.com tcp
US 151.101.129.16:443 m.media-amazon.com tcp
US 151.101.129.16:443 m.media-amazon.com tcp
GB 18.165.227.78:443 webview.unityads.unity3d.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 172.217.169.10:443 firebaselogging-pa.googleapis.com tcp
GB 142.250.200.34:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.201.106:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/mob.play.rflx/files/PersistedInstallation208888431781879765tmp

MD5 437f9b314eae48d579077c6ab3976d3d
SHA1 988118ba2712193dd4da4238193d79d77dfab902
SHA256 12c9b8f774eec00ffaa651ea54a8c1f9ca95eb6500285e85588abf29bc73e065
SHA512 48e459f274110f99001ae63ec2b0e43976d7bab58435b3bc77da021e6a33541a1fa91d7c213c3da5ed587465d846c3bf97e088dc5caa0562a10e0456e1cdd126

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 81a40d7d9c7cf9bcb7d66688d1ceb162
SHA1 9f534db28642442758f671f9e92c7e292ec1e5f6
SHA256 688dbb72cbaae65399836c034b02eaba8b7df97d9af198432c7bb6289d046897
SHA512 cdc7d534a4e714fffed465f2b7e014b42e6e622ba4b74179befc90987b604485c229659b4333060dfeadcaa5a19f9ecda2fbfcac0ee6cd5853ef3b67e79a307f

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events

MD5 a4385844cb3e241cd88ac5d50662ff06
SHA1 95d39aed8619cce77bfef45502c38e92c9bc8103
SHA256 f59f82c614c61a581a416749b2b09d1d5436f4627fc1ca737e241ea4e767bb71
SHA512 58822eb8fd169ad58f86c8c26d096f1a8d86227c6809e7bf36a7d0549d83eaad228e9670c20f676908a7605904b9562bcd9919f671a670f3167b6219e5157d88

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 36b24a2cf3af1947f6b7fea894a64d99
SHA1 ae7bb34d1acd33444fd980694b2f4d3df64c2819
SHA256 4a3c51e6149848acc5b921f5d2ad987da7d4a352ae7e06b6fe729afdb3ae88d1
SHA512 4e48ec180c520e2722a2fb576a345231ee05aae963a0565d69f9c4c53ba7e7bdbf75cb8e78adbc13328ebb67a93ba908f4b4e5a47e36936c4ddc00439d40e9a6

/data/data/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/open-sessions/669CF6CC00C6000113623DD8348C984B/report

MD5 acae5e96dd426826c2152304e6646a1c
SHA1 8fbfb8144d4814bd6d03df6128f4fc2c806334ba
SHA256 194676e8e1f1400d985aa8ab0231196de6c43100029c2779596ad0747e8dd563
SHA512 479005ed73637f716b7db80f001cfb01d6270a22cab3b9022630257a0c847e2df29462bb68a5bed5e9b43492908e0bb78940951a70ccff5fe03d27ebaad0480c

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 f1d8febbb45f7124e5fc2ea1909c6be1
SHA1 0299078d506198e4e4894b47b6d539449bebe550
SHA256 9f404f9975c26b8b4e5caa52f0fcd4cfe188dbdd7868ff822bc56ff117e71acc
SHA512 5b487ab3ca98f6bb2daea393dab2f427d86f9196e7ef6030422010ca6a45d44755d7e18dd60890ae59d395e51491d8ebe9d14d9209184b47d74bf1a37a2165c8

/storage/emulated/0/Android/data/mob.play.rflx/cache/UnityAdsCache/UnityAdsTest.txt

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/mob.play.rflx/files/shared_prefs_sdk_ad_prefs

MD5 65026ee778e1372d9f4aed742772e893
SHA1 5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc
SHA256 15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c
SHA512 589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

/data/data/mob.play.rflx/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 876861a761fa94f1b4190ff9532a91d7
SHA1 01b1ee0678ce77a1b37e51942fa7bd0439a03a80
SHA256 9ed876bb160175949fbbe977b6e9499b79ab3c85303580d4d0fd0c23430bce7b
SHA512 936ebe247d57c817b8700994668523a61f3ae74ffde4aace74a3a96a1761c5807c99ff30caaf1837d7c772d03c95b67c8a95832c720d9dd4133a59f0bff5bef1

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851

MD5 bfe3ce584168cac11d2c964bca6e534d
SHA1 68a05c2667427f3f69089a9194d5ead10c196bb7
SHA256 6a38aa9be05f1ce67a227bfe411e6a5455ccf58b61ab0cfb3fa1b8e0ae9afb66
SHA512 4d784dfef285a5bb75bc477afb82c94ea6ba6f4237fe23e3f9ab8b0052ef063ddb53948ccc440f4b31a7f51417abac2bcff8597d4e83aad1075968f5bc1e1705

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 b69950bce1b27a6cbacc77b7d7b68bfd
SHA1 0b0c20c3ad73f8563128ba7290e3705515b1c0f0
SHA256 377a00d3b0c0ce6c1c9d4c16a6f99ba62105db150f73c5d7da71cb000ce5a710
SHA512 987a56675d0e2242112a8faa178124b6390e7410438c7295e837c4adef0e71e2758be8cc0f2886ea5a9dc9d8192caa4f21c84453e8c0f2aa85621dc42a324e9d

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 2f8cd75e60e3b338a208b2cb7004ad30
SHA1 12522063ae9df374a4065b9729b55d75f070216d
SHA256 b3998ec9671d8ee22971cf154aa8b19af2d2ae4f422735a8108271603d2285e3
SHA512 8a15634b62c7b89983f4b97e15deccd643358bbc0fd0d3fa7e94cc22c9152e5607c9d001c23b7e126cbdeaa336ac19de2beca61928f1b1182f3e34928b2a9bfc

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 fa7ecf3497f62dd4336d50052dbe3adc
SHA1 c2fb43d63fe4caa9ea6e9272565343a894b43009
SHA256 7ba8821fdeee31786ac2c382844d0a47d0dc177ebde7e03464e73f5367d95cc2
SHA512 4adeeeb55fbd7d2ec8f04a5a213c82ee7786d3e0f1c2101e2b91055592737604e6c550a3cefa095deac6238f03364f45706f970ee9221a99f7b0c727e5515b49

/data/data/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 a71ece8b252dab072ce3b13d3550818b
SHA1 d3cd4f6c8de23438b2c3408d3e128b5c0ab431e4
SHA256 400eb854650fb1826775927c593306ea4e992585d5be77a597e8d85f5a9053c2
SHA512 55d04abba5110addc97156757b2b2fb7495afded02c0da84e453af0fbb44b220e2accb179fddb5af06de99bfd7000022ca6ef54afdf613ffc1fdd326b248fde0

/data/data/mob.play.rflx/files/PersistedInstallation7244552896960204163tmp

MD5 7fa7b2bd835f580091911da66c5cfaea
SHA1 1ed5131a8ddc8043daadc9f3e821977c4d595fac
SHA256 d4331d5693e4e500b970f54fba48461d30db3362c258b0f5acfdbceea0730892
SHA512 ec976f36541fbc4cf862b202103edbe790e7c6d878b4a6f846d17ead9ea7c5f3e8ce4983204bfbb1a0bf582f61457d9940a87cec9b7407dada8a64ac83c630f8

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 166eba3d4a8090ddd45b10e9007157c5
SHA1 53e676ac7e2a276718693880ae54242da2e907e0
SHA256 1d1640699dba3e71384cfd34f161dfa8a81b23c38513e77285d6545505a03812
SHA512 9e42a80ab0f31db79d17e5ef817851f63c6b9fd9234c9d2343850b1f8389f85de5d5839a1822dad3d2b093b914af2a0499d50113e9e64a3e61a9791f2cdd130b

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 2ad3207ca7a9c5aa9c2c4e3c2f7bb455
SHA1 3e7069d02e487092728e32bbe6323b8c8ee17c39
SHA256 7977905d8974d2905835d13b6ec9203ab373fba3b12a5a98a2b318cc48d2c316
SHA512 d67b9ed86726967eb1c8d0ed223ee311e81e1b69b700ef43cbc2a05c094ee4858bf2753bf6a4cab5f7d07d6fde0899d9e5e894e0a61e861888328ad2a6e36ba0

/storage/emulated/0/Android/data/mob.play.rflx/cache/UnityAdsCache/UnityAdsWebViewConfiguration.json

MD5 d165470950d875a5ef05e52b16fa2b71
SHA1 8eea6374a2f17e04a9265785fa1c805c4c3468dd
SHA256 ec0f12a51524d344321180bd9e3a0ee6056b5a7a563e1c42b5f1c8a9fc9c334c
SHA512 41e5625b05198d45d337c55cc8135651bd11b2e34ad264fa4ccc2766b1efa4f5988768b3323950df1bd523144bb759db5e591fcdff754ba7baf669c67a1383db

/data/data/mob.play.rflx/cache/image_cache/journal.tmp

MD5 d6ac8c8db0504502d7f0e057a78c5ce3
SHA1 8f4cf91a262b24ec9c1a6e7c41fd6d16b6623bb4
SHA256 8f22a32cd8de58916041d1097976f2b9c80f7e9a18593d5a6b058bcaed17e22a
SHA512 100e74f0c65b51a17de6eeff96d5c38bd6d40e3c8ee00094fd906ba5794088fe1ad6f3a15be196480384cf01399ea26665a05471404f1eeebb0c82ae6fb104bb

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 9f13d5210f72e56dc5bfa690a3af2621
SHA1 a20fed5159ae88bda40a430946cb0e40a78bc122
SHA256 6ac26f5e5f7ac152baa72821fc650aa79fd0d488097770458d434e8dc2badaa7
SHA512 d53260a01724f777f4ef586e05d15a4a60b17720d9ae90c478bdffe662f05c2f698f4d9df3acaba51127bf8b6f65bf707c73186913a1226323687f273cd9fafb

/data/data/mob.play.rflx/cache/image_cache/journal

MD5 b97eb9176e365137a92218ff93880039
SHA1 07b0ccdd5022ebf970a5af0e06878e6f06d4d3af
SHA256 75c1709cd6be04bcb6b2d37a49f4721039b13aa87800a2402cd4cc4d9a8cb8e4
SHA512 dac37c18ed60577d9e8d9ce8dc666ecf9ebb724d59f37a353d405d28fe1a601b7c61239f1ae36bfc3c6f45952383fed655a352ba3b08d22fb164a712e33775ba

/data/data/mob.play.rflx/cache/image_cache/46367177e86410546bfa2a0315358b82614a85471f85818211f9f1dca04132a7.0.tmp

MD5 819ef5556931b3471b5d14235a0b0333
SHA1 b841dea61a4cb9ff599a63a35352d8a18098ced6
SHA256 e29d97915d03f4e61f0a0055947b7a49725150469433ddf350ad9a9c06aec549
SHA512 cc9a5e41ddb21d39712e8a99bea8a135ba64c6f958f1bef0b4e0a7f0d78d12225123b7a61de7ff2c9ec4cbbfc54ac12e5735482b38a35196a935b4797d8d279f

/data/data/mob.play.rflx/cache/image_cache/7d89fee0b6e82b012c340a3f5b8dfc898b9e1366c43d5868f5eb10bc345e2b8f.0.tmp

MD5 c2f2518a4350b7eb506be00ed249d3ff
SHA1 f3214075a2057ff91ed7a8e9111070f3721e25e9
SHA256 22b51ca0eecaa914a00629c62805bff88edfead4121a2ad77ff3abedf67ae663
SHA512 7fecc782b3fd21addd7b8fac896de7d4717de627737f5eb097493bcb35a87068ab7baf71e7a458f6bc4a39b84bb55e21c486ca7cc5af1dd07615e986f3b03241

/data/data/mob.play.rflx/cache/image_cache/46367177e86410546bfa2a0315358b82614a85471f85818211f9f1dca04132a7.1.tmp

MD5 2492864b8ca714702acb1c6258a0b194
SHA1 f6b13aa2d4a0fed83c3f353f788e3a00c699631e
SHA256 20e436f8cb0e0d42fe22047c554f7a74cd562a1cb30a43b8cfe06d7c8c03ba45
SHA512 fa1fefc6d774ddd7acb5d049e3cf32b8150f2ed51f0d21570093b2ec4195f8d0965cfb125787b1b8474228a8e0d148b7207d1b1fb951e3253ea72da259ab3682

/data/data/mob.play.rflx/cache/image_cache/7d89fee0b6e82b012c340a3f5b8dfc898b9e1366c43d5868f5eb10bc345e2b8f.1.tmp

MD5 9a2f653e57ed9bef35e5ac0b020356f1
SHA1 9612df0bafb0b2be4348374fa1b4c5d333ce9b0e
SHA256 9935dcf9478f20a8d388b61de7357f507a442f843b582b955cc754c1d1952ca8
SHA512 e02ac64493fe47702f99820786ab39fe076d513e31ac25c3b48e64466ff2f90587a408ab3cf7b432ed7408bb66248f69287492459e25f9e6dffb96f504073f4b

/data/data/mob.play.rflx/cache/image_cache/89292c12a1a0ff8e977fd9ea493758c7813ab321ffaf8c4e8084651eec1e21cd.0.tmp

MD5 c1873beee04110eb74bc61a15209b913
SHA1 03e2a7535fbf0097b9a3c1c8980a64c3a14b4cec
SHA256 d9abefc3b0d08560533b5bf0027de927649c558e528f5c1c7b308b8f18d4de95
SHA512 483a690fda472dd004ce40b3579d513751b81db4b0e9aaa3ff23eb47fe05b78e1a6c1f865a44eaeb3a290714f56a0e7e135b36968f88aca57ce13981c5c3bd6f

/data/data/mob.play.rflx/cache/image_cache/89292c12a1a0ff8e977fd9ea493758c7813ab321ffaf8c4e8084651eec1e21cd.1.tmp

MD5 e6ab1eac366f3eb792b1dbd4b0131c63
SHA1 2c28b2827cd5604db261c2731980eea697fecd28
SHA256 db2279e5c436fc5ca52f719dc51c3fb92f3d5f5c88af2e05dbc898f867a1fb25
SHA512 88876409fc405b70a43ae54a2b87198d835d0e4fdd5333d962e6cad29989c08970b89e89e68893cb26b9f3887cf58080fc2c1b162315efdceeb99437801df74c

/data/data/mob.play.rflx/cache/image_cache/4c5f26a015251d5a881d3088262050088265824ae755b2abf8a679d71bb2e1e0.0.tmp

MD5 7fd7d792b3403f23ab56eaa4a8befc03
SHA1 eeba30b623adf111366034b4d5d6517f4c7330e7
SHA256 2c388f9ec2eea5bc571d4532f01cc0afb25ca09f1aa633066cfa9f0bcfaf3e0d
SHA512 403f8a0c1963abf236ade5488e4a34caedb8758b4e523ee3d3214778e6b28c2d472c360d98f5acdf0a6ecab1e0de3aa1de1624c8008905513f68ada5c4c5b432

/data/data/mob.play.rflx/cache/image_cache/e0fbf7ac4472ca64af20c6f102c611403c9b08355707cd5db8f280b52258553f.0.tmp

MD5 5c0c13d6e39ebc1ee9343c53f50b3111
SHA1 daee7a60d28f7509838c9a1fd41a629b1d29b1fa
SHA256 94628936551e91db2023e6c9da87cddff9ec308fb41e7a12f9f534945ce5e552
SHA512 2ae1167b9b42401035513d01e73237b31bce24cea6ecb005c74f8050dfa07d822c4ac554bfcb96bfea79764a82feacc64427a74ce82eaafbf47590c97a9d72ae

/data/data/mob.play.rflx/cache/image_cache/8aa1e1cbfd7329fbfac10e9146ac221fb955169a2c0df6003d8ddf8c3ef48b66.0.tmp

MD5 ea521fd593a81fe6f4764228fce67ad4
SHA1 73c39feb94b263f63590d5eba3bd6f7b2cb67444
SHA256 40e5d6f74cd0acabc4e9bf4d934039066352ce99df93a85f0b3a537892acf28a
SHA512 226e7ad84948565823f08413df08b955fa03b0bb2922a8d4909c2373cbb64e79e479a71160ca7ce4d6f0b8423ad68c3462e9b9990140321a4f4524e6b9255a49

/data/data/mob.play.rflx/cache/image_cache/4c5f26a015251d5a881d3088262050088265824ae755b2abf8a679d71bb2e1e0.1.tmp

MD5 204e4f34ef11e8289fc91919e0e52b7f
SHA1 e195e4e78e4a1f2097c63c85b4756f7935e02b7d
SHA256 46776e04fcc72873b69838170f25fc4dea9c33318de95a90d11eba6cbfa968ad
SHA512 bb56e00e6cc8485f0983aeba84996dfa81a1a3ab5b0938646a09a867404d99cb1140ba5da7890af833738e592f1c415f59d22bf9f6ee9afc0592c8df57fb0832

/data/data/mob.play.rflx/cache/image_cache/e0fbf7ac4472ca64af20c6f102c611403c9b08355707cd5db8f280b52258553f.1.tmp

MD5 e65b29219c49797c1f0f835ea7aaea7e
SHA1 3650329d166e321ad50ddd22320455edd6f92755
SHA256 00c3ad5706fbdf841c77a65e86ecb06eb4b98ccb7a3e7db12a0879f84da1dc94
SHA512 6b5f5f730bb01c630cf8497794670a6d7a4af2884acb1fc2447d44f927a530a58832197501bf1067dd555237e708f1a86c4441f843de4f3e8a300ce98eed5a32

/data/data/mob.play.rflx/cache/image_cache/8aa1e1cbfd7329fbfac10e9146ac221fb955169a2c0df6003d8ddf8c3ef48b66.1.tmp

MD5 c611eb0721e9f82ec391937424e325a5
SHA1 d6139e0eea24f6bb7a129f711acb049f14f815c3
SHA256 b8e9020cf8c864ae15d2164c7268494e8a2d3d174d2b75aa61721af04d434687
SHA512 09a47218b4f73008d44eb2292d9a0fc8dffe3bb6b795b854a86e094b4cb1145780589f754d92cca9f67dd0c7c2c7b07c833511f3853f2343875e73778b3361d4

/data/data/mob.play.rflx/files/profileInstalled

MD5 1b49208050154951e87b7d783a80facf
SHA1 485ee0d6e70bf7ea560f22c196632d9c744a902f
SHA256 b49312bf057d4d2fc441238b2889919573fef0aa27bb66dc71662d9ace0e4c49
SHA512 eda71e7c2335d634c408e392d93092e1415308ccbf7f3b4a01d70bff9e924cccb5a71a4bd2e21adafc62c72b246a4cb154dad9c2a6d59586faff21f22ac73e29

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 d661c418992337712061e4338b2cc46c
SHA1 ef4392c5b11fe0154d26235ef5fb553779b4568e
SHA256 bfc6f50f5f970189af8c8819db3936baf54a4677c23e91bb5d42635886fa0140
SHA512 2ae6b5abe07f4e026fd09b6fa941b13ec5e0efc43ae40b5be3cc6ba4fea3a002f4f0cfdeb785cdfa491af12d91f164c405665be2af9ae41969eec803a2b5c61b

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 0caad8cee0efe16b25f50009a5d20b0e
SHA1 b44f7b6322f38a647c67838a873ed815ed31c7d2
SHA256 1ca8fd931bfb38e2a0422a2403483acf4a8dbe01b49c6a89007ae997ca2868be
SHA512 f32b269ccecb6bd9f3af80c4b020edbc9161017f5d8080730f5ecec6d8b11e838d61c5a4ff81ada1430396fd729968ee939f18fa28f0236ddec83ba393be7d66

/data/data/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/open-sessions/669CF6CC00C6000113623DD8348C984B/event0000000000_

MD5 fce630e28ab07baa0df734d5a6480540
SHA1 24bd62387d830ce7490601e2d97628777e53a7ff
SHA256 0aaec2274d07a4618da6322a4b68b821e828b0576cd34484aa2afecd42025a27
SHA512 fbf5c183b5f5c5069bd60aee8518110d65779bed466408598fa180c3724e58b4aabedf65315133a68fca2665db83f580f2105610c8c9411954e9cbe2e490b181

/data/data/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/priority-reports/669CF6CC00C6000113623DD8348C984B

MD5 94f96891c861bb61381ad01158cc2b1b
SHA1 dfd8f0d085798bcdd4830dbaf67b7c4ae2d7b645
SHA256 1757d8450ff38f591745f08f90839936383dcabaa68b0bcd288b99f65515edd1
SHA512 bcd7b77981319588be99750287b44671889ab10b4f709f809c17683ad72e9d4a7be49ecdf311a4192b7023c66fa66f7a8591404ea2049f0cd2540f2a6d159e92

/data/data/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/open-sessions/669CF73B03D4000213623DD8348C984B/report

MD5 5df87b22943e3c8bdcc97f8b8fe3ff6d
SHA1 ea915a587ce8b19bf40db51cd430cd35f3c38dda
SHA256 569abf7f6dc12808b1c1faed50ce49581e0f94e9f3cbf1bd47ac53ef353da6fb
SHA512 e59d9e6453baf09e245025417ae997a5652f89168146226b8cc2d0731dd7b8f208dcd6d021e65b10cde5e0e500a3e602b98357dcb2db021de85289ee683a956e

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-21 11:53

Reported

2024-07-21 11:56

Platform

android-x64-arm64-20240624-en

Max time kernel

36s

Max time network

134s

Command Line

mob.play.rflx

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/xbin/su N/A N/A
N/A /system/sd/xbin/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/bin/failsafe/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A
N/A /data/local/su N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

mob.play.rflx

Network

Country Destination Domain Proto
GB 216.58.212.238:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 = udp
US 1.1.1.1:53 firebase-settings.crashlytics.col udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 configv2.unityads.unity3d.com udp
US 34.110.229.214:443 configv2.unityads.unity3d.com tcp
US 1.1.1.1:53 infoevent.startappservice.com udp
SG 138.2.110.152:443 infoevent.startappservice.com tcp
US 1.1.1.1:53 m.media-amazon.com udp
GB 18.239.245.205:443 m.media-amazon.com tcp
GB 18.239.245.205:443 m.media-amazon.com tcp
GB 18.239.245.205:443 m.media-amazon.com tcp
GB 18.239.245.205:443 m.media-amazon.com tcp
GB 18.239.245.205:443 m.media-amazon.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
GB 18.165.227.78:443 webview.unityads.unity3d.com tcp
US 1.1.1.1:53 thind.unityads.unity3d.com udp
US 34.107.172.168:443 thind.unityads.unity3d.com tcp
US 34.107.172.168:443 thind.unityads.unity3d.com tcp
US 1.1.1.1:53 auction-load.unityads.unity3d.com udp
US 34.110.184.100:443 auction-load.unityads.unity3d.com tcp
US 1.1.1.1:53 httpkafka.unityads.unity3d.com udp
US 35.244.205.3:443 httpkafka.unityads.unity3d.com tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 216.58.204.74:443 firebaselogging-pa.googleapis.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/user/0/mob.play.rflx/files/PersistedInstallation4819159836688108724tmp

MD5 cc875e70fe90cdce25d1c7fcb67fd916
SHA1 f0f68c2c07363f9b1a75249e56bd82097cbc3e09
SHA256 60e1b3111f585916bcb3d9c4dd80eb3fbce9bdd399e55894d49e96166e2083ea
SHA512 e27ce35df5585dd6993252c96cbb5f8e7f15126c43a5700319603f6806068b080638119c5cd6caf7415abd78f951fa5dbdecb2a7706f94866f32448313c9948b

/data/user/0/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 d4e736884fe742c59e450f3fd9a7e235
SHA1 5d531b1c73bb5bbbee40d7ba49fff215129255af
SHA256 189feb8557c6be08ba044147adc192b9f46b0937239b3933a9e3c44823e0355f
SHA512 ce5365ed0913ca808a3855fb4366d8974191ccc2b1eaf403bb52fd48b26c1e5402f09346d153c74c7277957c216ec9d75533458091d173c1996a2ad60f2182a5

/data/user/0/mob.play.rflx/databases/com.google.android.datatransport.events

MD5 7b769a11a978289f773c925926c3ea7c
SHA1 ad3d722cc65a491d6ce392214b767487fd3829fd
SHA256 ec2fb6667343bea1ab5c0ad1019d2a0560f2884be7c9723132e35cd2066a9fdf
SHA512 cb0a7fc77a88379e3bccde58b49722928984f2be3d91c492058bed1077b5889dcacc31bcd3a58668a0e2111df466424f15e4af78aee415fe057e6c0c145db8fa

/data/user/0/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 bf68268cab271e9200feafa89492689e
SHA1 78506f0a3880f724222ee9f3ad310c9ca3d9a3c6
SHA256 2a7f9b4a7ff925c6d69a435e5514a56cf898830266d6fa08f9722b916ec7e8aa
SHA512 dd9aaef7ea94fa96897f5012eb66d59a005ecfcec32960ce84f12d618ee74bf2a6c8bfc278b06908a1f0295319bfcbe510575f98e7bf5ff76915d241b8c6333a

/data/user/0/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/open-sessions/669CF6CE00200001119982FB3E50CC1B/report

MD5 fb95381cb4c644075c48a30e88923f1d
SHA1 5aed6ab25f6f532208080ecf66257221434ad296
SHA256 0ac10fb31116e13ea55c4228b0dfafcdc6190be4f810e796f79e77349e0b2161
SHA512 59682e9e58c09c4d578c8ea67655dd4a49682d562453d0945be919093b09581504ab05c75644123c469a292551b048743b306be99a7aa2a6fe5e2752274b9acd

/data/user/0/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 e1f4dadc177f08b7e82a6ec8b03b12a3
SHA1 e4a083052c29879c2af17a5d22d90350dc58e182
SHA256 73ff9cb829dd05de264ea945f5e62a2c11879a0514c8b73201e160ea18de2c04
SHA512 76cf1baca5e7367b3bdd7cbf3ec80cc1e5ca4e803853231efc447a1599e64862591abe7aa42d9ddb33a50d7735fc3f61655e45775423196120e174dc2d6291b1

/data/user/0/mob.play.rflx/files/PersistedInstallation4233099980930762263tmp

MD5 db35569f7a578a888018253400be7c76
SHA1 f2f230fd02fe4c6f671364d6dc3ec07307b96d67
SHA256 29f913648ee0b32f12bbb39abceef1f3f809a5107ec5765dbbfe1aa15d88aa0d
SHA512 2ee52c918708408e8c1a6b5679c9ba9f3e8da61cad8ba76c63396c2367effb2d5568d79a375d77aa0062d5b1a7dc9c6320bbcd3378e413a218d2cf176bf24fcf

/storage/emulated/0/Android/data/mob.play.rflx/cache/UnityAdsCache/UnityAdsTest.txt (deleted)

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/mob.play.rflx/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/user/0/mob.play.rflx/files/shared_prefs_sdk_ad_prefs

MD5 65026ee778e1372d9f4aed742772e893
SHA1 5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc
SHA256 15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c
SHA512 589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

/data/user/0/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 160a21e4374782602f821812bfde85ca
SHA1 e6db0d98ba9006d5a4c02e5a117be00a0021b2f7
SHA256 9b23dcfb6100166834370524470a3b1427f7d9d0ff85d220da2b7644b0782c2d
SHA512 c838d28b6cd006878382b9510ccf2a457143e9a4eebb3a1460c71e6bf2f4a609f436dc29ed72915110b753fcd881c07003ad931f582fbbcea52e54e788789fc2

/data/user/0/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 716fe77611fb62ec65eab284411f54a2
SHA1 fca14f702ec7e752b692062b448f3215dc5f2e67
SHA256 d4d3166b757e242043b9f2efdd30f19a4abfa4d0407d52a809069b3cfc5a7aac
SHA512 4e5f416cbd1857e9b47771b7f2bdb9b8ca944f03497aa0aba5843869b496371ddbdd368434cb8fa163bfc675d34c5307ebc5fd28780ad840de8aac1864d97b63

/data/user/0/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 9b08e3c7abc22662e0fc73cb49ff554f
SHA1 bb76140155412e8a82eeb815d6ab74c34bcf8d80
SHA256 2c542585154ca1b241fd274eecd1e3bf56c16c8d33a4344ec2f1b3f58b859bfa
SHA512 66ebe23807dc55eb80a9504f2b726f18ced014e236763195e62e22483256965bfc42eaa3f3dfd6ce4ceeb6572e91efc4b6f1125761b3c2a1264452cf3b96bad6

/data/user/0/mob.play.rflx/databases/StartApp-d6864f2502af7851

MD5 f6ff49fc92bef3d942852ec3e67c170b
SHA1 0fd4cf176dc644eff726b9287bb27483274d2811
SHA256 a465648b6b8437989aa763ac7fef688c054de03410dda0043e5a083977f42b43
SHA512 e528e2f45a97bf15373d0d0ff62e14928598e41d82847baff0cd0f4b6cb98942fdec2cfa1e7b8117551cfdfda7797d728731fac44aeb30708f627e36a87f7956

/data/user/0/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 b92180f8ad96c616fa389118e0d1b1e0
SHA1 5949c3204c396b6c6b578bc54c25d18a63fc080b
SHA256 99f085c0e46a89bda563c2cfcf08e772424ba496e4ece2fbae7e10c5a6622d62
SHA512 f0b7112a0085419b0357a4fe74b4e0fb27baaef1d881fe99714eed5debfa37734f67bfcc81bf546655547f6df7b41616ea15e3bbeae7c9db0caa9adb9b94e37a

/data/user/0/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 a89dc0268b5313f0b7309ccb353fd461
SHA1 e68b0653ac115a825226b840cf254df9e9618cad
SHA256 4f64e715626a2f2e338ef85f82982aa4a32fe9fa898c38151484ab34411d3c65
SHA512 6b38edb4f52f61864148bba31a17945ca7b4c09e82a34ea54cdd5ca33d494fc9601b9a02fa228d87c68d8c9e14f795738dcd3d5552e9b510b5e51767a8a377ea

/data/user/0/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 53da7406bf074785e40ce98936390733
SHA1 301365d759690344e826341e8a28a4ec297f718b
SHA256 fcec6d06a1b7032a849a6b53bc44aa34d482d52905a43b780110a113df46e527
SHA512 1ce493563730187b8ec6d8932487121ec47cef434043466555a1bb79ea7f23fbd6bbf2e04c7cea3bb44941ef67e0465c75e45c91d6bc847f61139fb0aba38331

/data/user/0/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 7f8e1195d17f6d68f99c7fda3e4100ff
SHA1 2c4ebd1e061edaeaedf772b7c4b418f33d978865
SHA256 6251e57c3844d6bfac51491ee706ae67983b3f52d9a2176bda0355df4f920bf6
SHA512 5b2ac2da0351124d4b525bff312f2c53fba767f3b8f97304ae64f2c6a96fd38d54e2ca1b0256a607c5f5adb8869a43e2ec1acbd1dc1e1ebd07afc58b9db58c9a

/data/user/0/mob.play.rflx/cache/image_cache/journal.tmp

MD5 d6ac8c8db0504502d7f0e057a78c5ce3
SHA1 8f4cf91a262b24ec9c1a6e7c41fd6d16b6623bb4
SHA256 8f22a32cd8de58916041d1097976f2b9c80f7e9a18593d5a6b058bcaed17e22a
SHA512 100e74f0c65b51a17de6eeff96d5c38bd6d40e3c8ee00094fd906ba5794088fe1ad6f3a15be196480384cf01399ea26665a05471404f1eeebb0c82ae6fb104bb

/data/user/0/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 0fb44b17ac5d6f61d7abb713f5e77682
SHA1 659e189626e4d47486a7d6af7eca025d42975aec
SHA256 15cdb3676b4f50a80e59b423d3fcfcd559f2b266061cc3d276bef462cedc7d3c
SHA512 64421751fbc49ee65074bdfd328bcbd60a38495bca9c4b8a408f3972a38f25a5b0c02fb02550eee7ac27f213d88f4ecc26c49f28d9bdd31e3194d91ef264039a

/storage/emulated/0/Android/data/mob.play.rflx/cache/UnityAdsCache/UnityAdsWebViewConfiguration.json (deleted)

MD5 d165470950d875a5ef05e52b16fa2b71
SHA1 8eea6374a2f17e04a9265785fa1c805c4c3468dd
SHA256 ec0f12a51524d344321180bd9e3a0ee6056b5a7a563e1c42b5f1c8a9fc9c334c
SHA512 41e5625b05198d45d337c55cc8135651bd11b2e34ad264fa4ccc2766b1efa4f5988768b3323950df1bd523144bb759db5e591fcdff754ba7baf669c67a1383db

/data/user/0/mob.play.rflx/cache/image_cache/journal

MD5 48f6f23b7f40acc12f6b0ec5a19d8470
SHA1 2d6f489b2530bcb3262790e76c262e80294790ae
SHA256 a819332935989616dac4d3c9dd31abb3174a9336fba841f6052211b2c3995342
SHA512 2d18809e3c62bab3da19a164032bb1d9c584ccc8b28e3b1368f5675be276d869af8d06ce63e6d4ab9d510760d76b5207cc8902650f6b9fe1b013acb8b2841462

/data/user/0/mob.play.rflx/cache/image_cache/5c12cba194e2aedc6a00e2404f3d77d0666c7728883f50b9de3f031955c87252.0.tmp

MD5 4a5078669db4ffcea399ecb16fbc6d06
SHA1 9bb1e73585792da525327fbaf7ca3ca5008cb785
SHA256 67052c52b6c49408e45b9e74c5a14773e18e18b0a8b8ee1315f786188ae861bd
SHA512 228726603de34133fe117fc8de085fed16f0f343098c6556b90693b96db2eb72a55526b6587dde4785e4c8b7b3ab72734f05ae08e1240a04f30075631c5b3ed3

/data/user/0/mob.play.rflx/cache/image_cache/5c12cba194e2aedc6a00e2404f3d77d0666c7728883f50b9de3f031955c87252.1.tmp

MD5 fad86a9b3e42bf67c347dad5f70aa01b
SHA1 c5a0a91928b166b9c87fa5daee383ff8f4c0e944
SHA256 365fd0b1a2ae7d2502b490d6533fbec35a35e36ba425d8a1100b21f4ec00bc3a
SHA512 0f84a6b6479f31fa40d0ae37095c0368f067db8394397539671c3f18a427e0128d9ca276c89d27d1cce74dfed1f22ccd13837c3631a3c64ee1455ca55cbbbcd9

/data/user/0/mob.play.rflx/cache/image_cache/e7ee3df443c65fd62d3df57e88fad45b63617fd79f4807326628c8bd0e3a5a26.0.tmp

MD5 e3e9dc677ab6f7e71e3c40f2bf1acba8
SHA1 966c05c5921fd186c7986fbf28bdb726edfe71d4
SHA256 923b7ee1fe62709a7e3d017915407f200272b420614496cb4f13d87150f859e9
SHA512 3fee3d8be23520151891bc74753f4a4a85115a7cd2a1b85a303e9d2e8cc311ea175adead246ffeebe2396ae6d311a2bf8984f4967dce4c118d05fd8c13d8d546

/data/user/0/mob.play.rflx/cache/image_cache/e0fbf7ac4472ca64af20c6f102c611403c9b08355707cd5db8f280b52258553f.0.tmp

MD5 e47651443e721e88e5563d95268817c6
SHA1 42a8efc5840a3e64fa728accc6df2d8baf4b279c
SHA256 31f8400813daf7a1417b0051175fce85c45374f39d617db471845a12d0059443
SHA512 273ba36260a0010980d9babe33223c58c1f7301823da15aad916ce0a0d498bb2c469357eae25a1f99ea758d1b4d423beb0b27af503ab81b5abd867f7c554cd37

/data/user/0/mob.play.rflx/cache/image_cache/e7ee3df443c65fd62d3df57e88fad45b63617fd79f4807326628c8bd0e3a5a26.1.tmp

MD5 f396bc80ab4e2fcbdfbde20228caeddf
SHA1 d7c8877dba9f1b5f0f7d1917231bf47b640d66a5
SHA256 3d9630f0a992a76b855d713461eef38e6c0b125ec22cb3b342fdcec36505ba2f
SHA512 5ba6e148defb30e5b099c025164d5ff0bbc4d2a947b78f8fb1838a910fb2f45f73817ffca073758f7a2ac400782a175d826c90df675a04341849dd5908b28737

/data/user/0/mob.play.rflx/cache/image_cache/e0fbf7ac4472ca64af20c6f102c611403c9b08355707cd5db8f280b52258553f.1.tmp

MD5 e65b29219c49797c1f0f835ea7aaea7e
SHA1 3650329d166e321ad50ddd22320455edd6f92755
SHA256 00c3ad5706fbdf841c77a65e86ecb06eb4b98ccb7a3e7db12a0879f84da1dc94
SHA512 6b5f5f730bb01c630cf8497794670a6d7a4af2884acb1fc2447d44f927a530a58832197501bf1067dd555237e708f1a86c4441f843de4f3e8a300ce98eed5a32

/data/user/0/mob.play.rflx/cache/image_cache/3f5d82e357ce5154d866277c15436beb0428c8e2b2134dd11aab5537228965df.0.tmp

MD5 948ae1e9a2a77ed697965f7688fcee0b
SHA1 1862340cab48d95fbb82f5a1e4038f8be6c6bdf3
SHA256 f8373476d207e69017cfe71a02feb4aa7a9226e6550fef6c04280c1e09a23bdd
SHA512 7f12993b6caf8a09f9dd36826aaf94f02d34ccd119e5a3144bacc796a0d78106e3d49303e7a89788e63127a3eaef2a6c1df2d4316979b5cff7b943f1170bf59c

/data/user/0/mob.play.rflx/cache/image_cache/e2a9598a39ac08e28d54c24bc3799cc80f16b5a77d770923d34db37c65b44d1d.0.tmp

MD5 f7db9bbc0daf4cd60586b7b636b4826a
SHA1 852ca001c653b6645cd8ea8b5d2d53405ea2130e
SHA256 7f3306fc3a9493c32fbd302e20485e48f9bd8f64eef269cbcb4b921311362fc9
SHA512 02610f8b17839dddc964e8b1b23020be80c90036faa165e2ccdc3df4817584fd5c1b1cc4e6c3526627ea466ee038f2bc80352bae1e119c024e4300392ee41c4b

/data/user/0/mob.play.rflx/cache/image_cache/359aacf6c9d9cbab0b4b03ce832213f2a8b1c781830a1019c4610c542358a002.0.tmp

MD5 160169bdcca731208d8d95d954b23f05
SHA1 2ba88ae3f8b06417f8a0407e7fa9a2d98bb06afa
SHA256 2aa0e44da5be5ccbe9d77b7ac6bfe621136beee7764836969b215de79c070c09
SHA512 42d5ec2b05b9ae041705d40481093bb40a1da39cba1a9807498b4383c4aa9127d60973eeabfd6d38d3964b6e820b75e156bba13e94a0763d3e4344eb36777051

/data/user/0/mob.play.rflx/cache/image_cache/3f5d82e357ce5154d866277c15436beb0428c8e2b2134dd11aab5537228965df.1.tmp

MD5 cea398c99abfa88a40add415e8a2c4e2
SHA1 94e25931d9e331c1eec75e0f3a64b3d11b289755
SHA256 19102e3d77208cf3a950b1aa0e18be9170e8032d66752967aca725513ae4b50f
SHA512 22775aa438b106b1edb61dd96850658b9261862259a5d3b633d4f0e265429b2e6142ea7f84994b68d6c9823f1f17b9ef44a5b5e2c75975f62e98818bbd0a40ee

/data/user/0/mob.play.rflx/cache/image_cache/e2a9598a39ac08e28d54c24bc3799cc80f16b5a77d770923d34db37c65b44d1d.1.tmp

MD5 923e5fa4edc591f8bca9b8623563ec27
SHA1 3289b2781b5c1c82997ec9cb35f07660635a2da0
SHA256 3533e93bbad8a405eb09d22ae6a180f1b16daf1ac5d828d8ff916e16bb825e30
SHA512 cc58edc0a283f863093b3d8722033da6ede4de559f607e286ade7aa8590d5263104cc7fe319a2e0beba37155f9a8ede9d8aeab0395861bcd5c00c5fd36d1bdb3

/data/user/0/mob.play.rflx/cache/image_cache/359aacf6c9d9cbab0b4b03ce832213f2a8b1c781830a1019c4610c542358a002.1.tmp

MD5 c555f9e232c6f4e00a788bec76e043fa
SHA1 5743a8254a1c91cc9fc63bc06f13f1dd9c00bff8
SHA256 dfdcc5d2ccb57c3a3bac51c45dd5c8bee96e3d8707cdfd7e3a4e3a1a001f97e2
SHA512 a6d8a1865649eaffb756cc5f2ead5764dc806311b16c93ec5df593942b6f8d14d57efbfa88de60fb754a37bb44f61cd9469f4f8d9deb4ce143093fccfe46ea95

/storage/emulated/0/Android/data/mob.play.rflx/cache/UnityAdsCache/UnityAdsWebApp.html (deleted)

MD5 60613793d0bce882b80f2429f3b50edb
SHA1 48b22e5a190e572e9014a10c4a4543e57f2cb332
SHA256 92eadd3cdd8a390d38fe5df7c795f9398dd143f7de64937592ca16b69e0cee54
SHA512 81e13b31b28f27abff6f67a827e4dbafced5d0814d958010f04f741a45aa3d5b0d991e9672f72e93d6d9680e0104a865ee33a68c29ec976c96c0743c89500993

/data/user/0/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 a8c3b5db9eefa7e80c4f3f0b6f6ff923
SHA1 6077d95714c0062be55a377e82d3189feef6bf7c
SHA256 4c83c7bf6b1640272ffd7590ccd72e57aa8ea7049d4a99e626c410163244a1df
SHA512 0ce238a36990ffbcfe880bb635cc00f78270aa0ee49c6fc982e6ab7ab0f6ceccc2ab53ce59cef433e9dc2cc8fd9a4601569a4428a13c4240657075b0215c2a6b

/data/user/0/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 5151400085185cb82ae8f8f535f20bb8
SHA1 3fdae348f7b14f31d975a7d80f3aa0073f044217
SHA256 97b03f4217c4e97c2b8202974eb930fb7b836a126e7d8948e09dad397db0fc38
SHA512 e8d6a6f62c0a2832508899054ec73556d4624f9f5d9b1e4c0a4b6216b4c6f7f56cd78c9423a49ddae6f21bbbba1498673dc7cd3e601e2b6fad7bb85ecf3968ae

/data/user/0/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 e25ac5562f3ca04e65608f61cbecc2d7
SHA1 d2473368dfd7ee66baeb2c348f1a18fc126f9e5e
SHA256 dc9b19bfbc9ac10b69268d441c2faf1bc6c5aa89520abf94911a7e1423cd40f7
SHA512 c6becbdd3282df24e91fb4fbf4879add05223b0a0de15d7788ec0f23aeb9584d3befdbfbfde7739299430f8a9590de71f03648822327b9e926c8ba9fcd3359c9

/data/user/0/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 564328e40a26eaadeeb8935e73761ab2
SHA1 7bda3fa7b6d5e914c947737269a55ac1a08d94c9
SHA256 818bca138e26ca75b3c74ebd9ad3ea2c2720cb2fd090a518c34194f66a171ba1
SHA512 7a4b7fb833882b5b4589e49e9f057c588373c913e8383517ada6a07f9777df9d335b39a48d4ac1f024631c0991b1bd74d6cf6c9ea87f0a7d6f79576e145de08b

/data/user/0/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 42516f9fc4ab0b2d309ec3bec6157342
SHA1 936763d38816f63024a767ea852e506ffc97d338
SHA256 0f0c51090a2a2c7a3456505136bb04e990eb8fd33d944319af58d2fcdd67ad30
SHA512 79277cfe7e146dc24505cf97e840302a42081cdeaad39697f21b91160c88788cbb55e6c0f3fc0d3b649fd5a3d907a5962ce4db0fc422cc0badda030422b5e7be