Malware Analysis Report

2024-09-09 16:21

Sample ID 240721-ntwvaazaqb
Target 5f80dd7fccff6e15d5eda6e0e8263d9f985462155d23f335baaa0a44ea7f5712
SHA256 5f80dd7fccff6e15d5eda6e0e8263d9f985462155d23f335baaa0a44ea7f5712
Tags
antidot discovery evasion execution persistence collection credential_access impact
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5f80dd7fccff6e15d5eda6e0e8263d9f985462155d23f335baaa0a44ea7f5712

Threat Level: Known bad

The file 5f80dd7fccff6e15d5eda6e0e8263d9f985462155d23f335baaa0a44ea7f5712 was found to be: Known bad.

Malicious Activity Summary

antidot discovery evasion execution persistence collection credential_access impact

Antidot family

Antidot payload

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Checks known Qemu pipes.

Queries information about running processes on the device

Queries information about active data network

Queries the mobile country code (MCC)

Reads information about phone network operator.

Requests dangerous framework permissions

Checks the presence of a debugger

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-07-21 11:41

Signatures

Antidot family

antidot

Antidot payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-21 11:41

Reported

2024-07-21 11:45

Platform

android-x86-arm-20240624-en

Max time kernel

86s

Max time network

158s

Command Line

mob.play.rflx

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/sd/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/failsafe/su N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

mob.play.rflx

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
US 1.1.1.1:53 firebase-settings.crashlytics.col udp
GB 216.58.204.67:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 configv2.unityads.unity3d.com udp
US 34.110.229.214:443 configv2.unityads.unity3d.com tcp
US 1.1.1.1:53 adsmetadata.startappservice.com udp
SG 138.2.110.152:443 adsmetadata.startappservice.com tcp
SG 138.2.110.152:443 adsmetadata.startappservice.com tcp
US 1.1.1.1:53 api.npoint.io udp
US 216.24.57.4:443 api.npoint.io tcp
US 1.1.1.1:53 infoevent.startappservice.com udp
SG 213.35.101.181:443 infoevent.startappservice.com tcp
US 1.1.1.1:53 m.media-amazon.com udp
US 1.1.1.1:53 i.imgur.com udp
GB 18.245.154.202:443 m.media-amazon.com tcp
GB 18.245.154.202:443 m.media-amazon.com tcp
GB 18.245.154.202:443 m.media-amazon.com tcp
US 199.232.192.193:443 i.imgur.com tcp
GB 18.245.154.202:443 m.media-amazon.com tcp
GB 18.245.154.202:443 m.media-amazon.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
GB 18.165.227.63:443 webview.unityads.unity3d.com tcp
US 1.1.1.1:53 info.startappservice.com udp
US 68.232.34.193:443 info.startappservice.com tcp
US 68.232.34.193:443 info.startappservice.com tcp
US 1.1.1.1:53 trackdownload.startappservice.com udp
US 158.101.105.86:443 trackdownload.startappservice.com tcp
US 1.1.1.1:53 sdk-exchange.startappservice.com udp
DE 132.145.224.90:443 sdk-exchange.startappservice.com tcp
SG 213.35.101.181:443 infoevent.startappservice.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 thind.unityads.unity3d.com udp
US 34.107.172.168:443 thind.unityads.unity3d.com tcp
US 34.107.172.168:443 thind.unityads.unity3d.com tcp
US 1.1.1.1:53 auction-load.unityads.unity3d.com udp
US 34.49.168.197:443 auction-load.unityads.unity3d.com tcp
US 1.1.1.1:53 httpkafka.unityads.unity3d.com udp
US 35.244.205.3:443 httpkafka.unityads.unity3d.com tcp
DE 132.145.224.90:443 sdk-exchange.startappservice.com tcp

Files

/data/data/mob.play.rflx/files/PersistedInstallation5914275698242588084tmp

MD5 2960507107b259264fb8a362a4e26323
SHA1 5c119cfc6f810a01cbc4ec714f71d9c49ddcaf60
SHA256 994d6ea2fdc5cc7eae5912d32bf8e14b3389b70f6c44560d37ed9921ce261d76
SHA512 d5529bc16ab8cf8d00db65cef5e70c62870ad0be197eae1eaf8c518e60b1a393490a4a1c98f99b02f7b026f837f234433be72ec34642d31619602c769f199de9

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 0167eaa01ec3613155d001b0d6b01c0e
SHA1 842951f621da71db197418b95e7c4c75957fe3ad
SHA256 d4ff8e1af017e16cf812f5b4f388a0937372e5c26798188f79c4f9e6f76ea0df
SHA512 6a288e023568441c39e0a1dd1f8696eda5de7171e25eb02d5d3bc409b13fe3205c3829f998cb5b9083dfdb35d2ef8ac812f6eee1c2b36fab4c40214771e46823

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events-wal

MD5 9c7a12faa9ff2c7457d5c660d0d03955
SHA1 023c834faf04af54672864651d933b57435bea25
SHA256 c677ffee854103145e86f1fb9d29e2913939e6d3aa54a3f92a0a72e76c154cfc
SHA512 fe545f61bffb50c8f525a7d183ee30494d6af45dfefaeff968e746749ae5b8ff350432699fe78c05e62f3e481367ab3b042b435304bc7fdc6d198d191d8f4f9a

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 d98acf73268ab1cd60a45f3e8311b443
SHA1 a44d01aa169f9b84f9cbc73a227fbd89704f4242
SHA256 4e52522598993571af547e343bb120e4ca1a1c86765f0c85f53d90360c79f7f5
SHA512 5a7c8f2f49d20566f75b4d24ed4456d457fd5a425ff2dd3d44c3a39210fd96d6a11ea9535689c3cd8f4c9ba823434c55b1a956265d7c4de1bbc94508c04c0664

/data/data/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/open-sessions/669CF40D037700011094638E5591CB7E/report

MD5 3e08b123382d4e92c11a582ab0e539bc
SHA1 8c1e1ade0ba99335635a7c5198acbcca8e119493
SHA256 45b9c7a9799aae911c9a8a0da4083a9b719c3705fb6773ec0bcd08617efa8b59
SHA512 919463dffb73892308526be807e2ede7481ee6f866313b9b98f8142ac9a5094146f50c43a02a898d11658d12413511a772e8a8273e345910684a923c28a22b8a

/data/data/mob.play.rflx/files/datastore/firebase_session_settings.preferences_pb.tmp

MD5 35b51faac8b5af3886e70bb5a885dab1
SHA1 e6cb282da46cd4bf113e25c8573268578dcd11b6
SHA256 af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b
SHA512 6ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851-wal

MD5 e531e56295f09caa5c84f7e628861ef4
SHA1 754fdfcbffeac94425fbbd494a3f044378ecf8fa
SHA256 4aba2485304991b9df0cc52d49fdcb28f338e41be9ecd579eaabc55c5d090d9b
SHA512 c9cf36be687c20951b48e95997bac03fe9efe6091c47cb1d8e55ce6ec2f678528c6d55fe2f2a426b40f26ab808245064ffc8aa51c85e56b5cca9ed3251233ba9

/data/data/mob.play.rflx/files/datastore/firebase_session_settings.preferences_pb.tmp

MD5 944e6a5a08cb971370c65c06061f0ab4
SHA1 84d47725cc29bf167b782c702575bce4bf2ecc5b
SHA256 ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab
SHA512 bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783

/data/data/mob.play.rflx/files/datastore/firebase_session_settings.preferences_pb.tmp

MD5 ffcbf87665a36fc21782400bd0537e79
SHA1 3dbfbdbfdcde953317b089f9a9fa0bbe50c698ee
SHA256 a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d
SHA512 7f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57

/data/data/mob.play.rflx/files/datastore/firebase_session_settings.preferences_pb.tmp

MD5 dcf7d6c1cfd5e7b56074e3001577c78b
SHA1 b8eba89aee9f6688ecda6675ef8ff4998da0b141
SHA256 ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91
SHA512 42d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d

/data/data/mob.play.rflx/files/PersistedInstallation3520464644852240505tmp

MD5 f4c89fb55ae8564d17bd057fbabb81e0
SHA1 9737523f490018c8916970626330f5618e1b2575
SHA256 13492fac91a0be2f2ca55539c13345a7342274e80f9566ae65ff3cb58713247d
SHA512 39796248598d22d4f4e62627440e1d99540799e22562dac8accfee618864af30a1d3d6d018d174f10befe953e68a4554d15867b7a70e460445f238c145a866d7

/data/data/mob.play.rflx/files/datastore/firebase_session_settings.preferences_pb.tmp

MD5 9679a75da6ff92cfb31f9cad50cb56ea
SHA1 df30876fd7700dad16701a4f7be58b4df69868af
SHA256 d68aa564182fd41d4123c535a092cac47ee37259765d599b5b2e1b9386a18169
SHA512 84c679ac38088a8e508d2f4e2e95c00b9dbb8ff2ab839632aa973fe19ca42723fcfc750fdd20af0f9f5a0432c0fff075055a7439e945faeed6ce26369b6be34e

/storage/emulated/0/Android/data/mob.play.rflx/cache/UnityAdsCache/UnityAdsTest.txt

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/mob.play.rflx/files/shared_prefs_sdk_ad_prefs

MD5 65026ee778e1372d9f4aed742772e893
SHA1 5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc
SHA256 15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c
SHA512 589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

/data/data/mob.play.rflx/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 cb4a66659c2bc6c54a492b59a76b5276
SHA1 442284fd126eb80d2b6f7917619f1446b94c8b5f
SHA256 332a1dc0694d89b3d46440a61fa25cb4a628cea90884880af3e6ea742c14949f
SHA512 88ada5dd66a18ae374e0b0df0007567f2f46159d400167b63ad46595419c214145e88f431c95a04da326a385d6070f0c759840b9d3a056a70d173db5b303bfb8

/data/data/mob.play.rflx/databases/google_app_measurement_local.db-journal

MD5 a0ee0346e964eafdd891d566dd7f7fee
SHA1 8eed4ec7b2fc07c310cc25fff243b78f400812bd
SHA256 96be54b2a36fa369f9200fc3ef62d82d9776db17266cb20eae404aaa9c9ce1ef
SHA512 541b3297b05bd803a6f29d59dc1a1b434aa2c6b035c83d5574144d37f9fba5794a6e3a810b34c92134c2ea877606dd68e01691d2b447433469967e0aa201f56d

/data/data/mob.play.rflx/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/mob.play.rflx/databases/google_app_measurement_local.db-wal

MD5 5f2c2612d285c7555473e03a1fbb8cf3
SHA1 02174ecf2f11c42038316c6cd85efab24578021c
SHA256 8035b07ed4efafb0f6f6738620ccd901d5514447d6dba7346a0ea276d331766c
SHA512 ccc94a45bfffd6aa9074e6cc72144a2aad2468301acdb75f706d317bb0d676494d4760183f90248079317bc0ff429e4454b2d748178ac99c719262734318b1d8

/data/data/mob.play.rflx/databases/google_app_measurement_local.db-wal

MD5 dfabf42b00197ee8e3a2cc6289810cd8
SHA1 9dadef3401f921403bf681ba5d5c7c1d750d45a3
SHA256 1cc7d350bc1b6b39c3eb112b858de16fa8c66f2e02915023194b0d90a7908895
SHA512 7fc97f1a2a4fe623d591637deab48471d307e38c06e23c4cf42e957b0f0835ebdbf19cdede92bf89d2fc7a3848e871744a7dce5138c30b2b6e000cd6ef168ebe

/data/data/mob.play.rflx/databases/google_app_measurement_local.db

MD5 6c98396f104bb64885a514e268eaf6c1
SHA1 3d446e4c8ac9fd0c65a25209f4dc5a7c0f099cd6
SHA256 c1eced97f992d1e56771ee7909d75ef545e2c06b088716510bd91d21e94418e9
SHA512 1194b43615e1bf52bbfb7f68030b87367cc1959f5bc521f041e684d1d96127650435ddd4143299f8320cd42080fbaf5e68ed55bbfdc024212733c346a7fc3ebe

/data/data/mob.play.rflx/databases/google_app_measurement_local.db-wal

MD5 94cca532847bad76dc53a5ef20db85fe
SHA1 b43da68452ba1392a1157d6c393bdd78e9f2dbad
SHA256 98e1f44a991c7949102e1ef9fc1663edb6c227af0019971d097ace5b4d04c848
SHA512 beb48c58c953e27dfb483c31cd2a7ffd5fb632881c7b74cfd595b2b097c3deaa90efe60d600c4bde08877ab35a60a262e687ee2df578dfc36f899a7853cc6866

/data/data/mob.play.rflx/databases/google_app_measurement_local.db

MD5 10eeb9241203bc62423423dd1ca6eed6
SHA1 520ea66d85645f3b3ce4775dac213882b9adb9e9
SHA256 3aa21bc0e8b518feff274cfd2023f0e178d13d7fa3dbdab43d16ad7acbd22cd6
SHA512 9832552c2fb5186688b927011794a537c4838c050a3f48f57e40898022d7338106a19b24c14779c3878adaa9f6a439e48d43e4237c0d80f55f250ebc9b16c0bc

/data/data/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/open-sessions/669CF40D037700011094638E5591CB7E/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/open-sessions/669CF40D037700011094638E5591CB7E/userlog

MD5 74aebbf5de1fc8950baa7d374ed3ae8f
SHA1 c83bf354a208ad890482ab44f8d3d4d26075ba2f
SHA256 93a5236a6601a8957eb1079baf1a10a959f2dbe255deb0be1ae397bdad95433b
SHA512 e58318bf659d00ec8f786ebaf9ac696db11bc8edf38088eb2f89cceef8c2dfe4c5da31dd8a2698f10a9935ba969756a3880cad6dad1b2ab8a1e04a4d8d7a363b

/data/data/mob.play.rflx/files/StartappAdsMetadata

MD5 c5ec03049f2a725dbe8dff5598ea7afe
SHA1 3272e70169bcb264b8072dec2dda5c2d2f7432a1
SHA256 8d11f72942817bf46c3b47ba9e7892b70b5ccee1e01116804ac1d5b683c48840
SHA512 8d0134a29ef6c20c39e755d4d36fee2c119ae32d6f05d1d62c8ccf116756f216e8a9825a5cfdd576576d79c9bac33055b47216efea7dd4f966a14111680588c6

/data/data/mob.play.rflx/databases/google_app_measurement_local.db-wal

MD5 4f81837ba26c3a75ebe1e6e1c03078dc
SHA1 c722524f5f31b78ccfa0fc0bb811c7090778c3d8
SHA256 b4472cfd6ed4408bd26aa87cb84efd74b838f294c1ad9c33882926c2b58e1bf9
SHA512 b7f26611033d79b706b5b447e3073871663213fc07a807b57dd90f1b160ceb6902e8ebd0ace0aa2f1c26e0c682504322ec0ff0ede408ca5e7a2a665f7dc9fa85

/data/data/mob.play.rflx/databases/google_app_measurement_local.db

MD5 8063483dd8256a196090722ea8f94902
SHA1 4a120178c9be414ea5d08f0543bdfc2da390df97
SHA256 ff02a9bdfeb4e6d8447df1ca6f40ecc7bdc62c0fee2861f744c21e560e49a3cc
SHA512 acc68e920ef1cbddcc691717220aa5378df42e6f3db050620af0b3ee9cc869a290db65352f7e1fb09651fcc95040ed7585034d65358d1f7907479fd02db7c859

/data/data/mob.play.rflx/files/StartappBannerMetadata

MD5 1464bff0fd2bc323b44f3019e32e43e5
SHA1 e723343e3d4bd22bab0510ab4d1233e346b4a838
SHA256 5225c5f27e665aa4efe233d9efa63a60e7a62171ed33c1667cbb5bf6b92e44a3
SHA512 dcfde2c757c5b83ed0060792c6900f1e2614410a2441563d2bdbadfc24326f73f2fa0fa7f2b7bd4555aa2a2b03c15e0ac3d28ad4836e0fda5484f00f8f2eac01

/data/data/mob.play.rflx/cache/image_cache/journal.tmp

MD5 d6ac8c8db0504502d7f0e057a78c5ce3
SHA1 8f4cf91a262b24ec9c1a6e7c41fd6d16b6623bb4
SHA256 8f22a32cd8de58916041d1097976f2b9c80f7e9a18593d5a6b058bcaed17e22a
SHA512 100e74f0c65b51a17de6eeff96d5c38bd6d40e3c8ee00094fd906ba5794088fe1ad6f3a15be196480384cf01399ea26665a05471404f1eeebb0c82ae6fb104bb

/data/data/mob.play.rflx/files/StartappSplashMetadata

MD5 84d44d07ee0cd574f5c73907b7a6055e
SHA1 19c7bb2bdf7f98e4ec69bbbd94981fd6ef8966c6
SHA256 e0a6705cbbe7af1c15e10c45b471bfff79dada9044f17fb7226c8fb6460f7ca2
SHA512 d8ecf9b58cb4aa25d14be75bdbd5c941dd5ecc98b85edd26110f93da78b552d3264b5458ae1e26a489f66e0d4771dc147d8afc73b6532a795e6457e27aa27947

/storage/emulated/0/Android/data/mob.play.rflx/cache/UnityAdsCache/UnityAdsWebViewConfiguration.json

MD5 d165470950d875a5ef05e52b16fa2b71
SHA1 8eea6374a2f17e04a9265785fa1c805c4c3468dd
SHA256 ec0f12a51524d344321180bd9e3a0ee6056b5a7a563e1c42b5f1c8a9fc9c334c
SHA512 41e5625b05198d45d337c55cc8135651bd11b2e34ad264fa4ccc2766b1efa4f5988768b3323950df1bd523144bb759db5e591fcdff754ba7baf669c67a1383db

/data/data/mob.play.rflx/files/StartappCacheMetadata

MD5 c41164d8f5044093acc85a4f93b1ca1b
SHA1 2001e355baa615da01da5bb8b60c88f64d0e57ff
SHA256 5e478ae54831bad55c4dcda78db4fa071411c98ddf9d057ff557a36b1cd9c3e4
SHA512 3812f2c85d4e24df3e68b0912a2dab1d1fff198ae0cd8c238e925239b19a084cbf2d58831bf5897ce764029f28bbe515b98acfb940ce985280beb9cf6251c57d

/data/data/mob.play.rflx/cache/image_cache/journal

MD5 6f2e1d49c06d4fa3c6c95abd5b003f34
SHA1 bf2016657bb96cca4c050ae8e4de5a82139676c9
SHA256 43a540a9c11bc7a46a6e741c0a42392895d715942bbeb89e1a136ddd8155dec6
SHA512 04d1ccc77a7706b42c969d5b97165a79f7d5648b2585c0825ac701b6d5191a234d8aeacd79ebc86decf1cd335a914f67eee4da91867e98795e3e8036f3342b14

/data/data/mob.play.rflx/files/StartappAdInfoMetadata

MD5 40704af53f5eddee5fe1c7816326e733
SHA1 2ed50398dc42cd6bd41fc4340f464d6c5ffd304f
SHA256 1e80ce374d8c3a90a9f5183b3820a850db6a8e5431930bb9531828488395c941
SHA512 3af91e7f8b2451b1012ef18ddb2e2d45c44067236faccb758ff4f50a5f05fb9db641a202f1ae97a9efb07c5107d7a9aaadbc596b769709017eff86088485330e

/data/data/mob.play.rflx/cache/image_cache/b4357f191eb2113e24c3ba57eee0c82c665d9ba9ecaf690c4b9cc818c99456c7.0.tmp

MD5 f7889703b853d9404a498f0a66584a72
SHA1 b1847d4854a4db6eece1a114dea0bf04b725d3d6
SHA256 c6c87cfdb67041a932dbcf47ccc47c04e20c7afa450c6f631bc44cde19f722a7
SHA512 ada9d85f935ae4fb0d603f57a826922e423fed3961c9075e1beaccfd8546c212a5eeb4c85654a6a812476f299a75aca3157505ff1434df83919ad02b66e83a11

/data/data/mob.play.rflx/cache/image_cache/b4357f191eb2113e24c3ba57eee0c82c665d9ba9ecaf690c4b9cc818c99456c7.1.tmp

MD5 8009da1d0a5714c499a604412408c630
SHA1 76037bca5c34d8c414109ea2383b4be50df5a317
SHA256 d1d31dcdb835738a46d7391594bc66eee0c8e27061c053e4644c3d25d78f629f
SHA512 bfb6bded0e8ad3474379a296c0123217de19291fb99227a16f2363598127b21c6a665e5ab8878a2a0b3d995b5509a4ad78e83e1710270375c993dd4a3013c234

/data/data/mob.play.rflx/cache/image_cache/cd48320395cc4b383d8b1dbf39da61cc33acbb8508ee39b878a41ad85363e67c.0.tmp

MD5 ca9d62689a82c55f86423d8bb027c583
SHA1 c85c74591e0fa1d13e9a46c644800a10e7405517
SHA256 0a663549aa383c190ef4763394a180cb7333196e1d456cfcc86f638a4b69c5c6
SHA512 e26b77c02f9705f806f9776253173026b82ed05a9a67b82c2116c35ea70744250f8de5770b868603224bb5a0962b5ad825a9476b8f62057695ca9a089b6a0ddc

/data/data/mob.play.rflx/cache/image_cache/c2db154e9c5dc9e3865fe230279f47c5a5927f9011591ad2dab2f4aba6ebb8ae.0.tmp

MD5 33fdc135b997e93edb82b58b4a3b17d9
SHA1 88ea830893fe0df82c48b215cac5362962075d36
SHA256 6692fa030d57cc67968c541bb4d6f97dcee0e73bf0b306bce3517ec2b7167f0c
SHA512 b67bc0142cfd02c7dff7f53ec2f65b3406559e69e59bef46fdd5c1e670a3e96e202fe46461f994868f10fd2408f53ff2aca764a85e28afdb5c650f0aa5bef157

/data/data/mob.play.rflx/cache/image_cache/c2db154e9c5dc9e3865fe230279f47c5a5927f9011591ad2dab2f4aba6ebb8ae.1.tmp

MD5 5e7fe455fbcf15e641f29f91c57d302c
SHA1 e35f3a2af1d28a8e0c85bd1160909b86c4f50b15
SHA256 a8a7a539f4365a950b9ad1a81fcc2d1b3d7c73ac7a0587a1e7a5da4cdec4b015
SHA512 4195c21b7eabeb0677585342f7ead8ac2abef7c71181f7e9d51297b5f5ab6b70f4c8b9aa5f3ea23848a87fb43f896fd804926e8b5ced30c977e70aac1404b81d

/data/data/mob.play.rflx/files/close_button.png

MD5 4d332a5c731fb506bb4644c91c38f5fc
SHA1 56fdadb5d38b29161910b3c89ce57b1aae67733a
SHA256 43e7ff284e786cced9a54218970d357ff06374836bc1791eb63d9bf26c6a3784
SHA512 c791b70329e32559d99f0259b38a832bc849768cab37973567a04fe8f66e9f5477136014ac17d16d1a0df0ca0f4fdad86d6a5f29581c85068b7979fb9e73b7c6

/data/data/mob.play.rflx/files/back_.png

MD5 527385c9a7dadd870919fb95ce4ff227
SHA1 a83ddb0ba89e4f83a07d6e0524d6ea900e800c2c
SHA256 3df2ccce7702c69051afd3fe66cf99e3f07e86d354956eba3888ddbaf545e717
SHA512 3b2f1781552f701331e91eb46fd38a982b2a9de8eb7259e912a710c63399fbe86fcdbe4c41fd8b8f34b99773a94cb02024e9ec64c38aeea68ef378de4f842355

/data/data/mob.play.rflx/cache/image_cache/6aeae7ce4c302f286ee4db30d2a576f01443d3f5221091717edd4887e51f65b9.0.tmp

MD5 6cb236bdd4fc367079ab8c935b6a5c03
SHA1 497afbefc3e2da1b6c54720731f3cc76217ad13e
SHA256 9b9a0e7f17e0cf7f4ec6d064b7a079bef464b02077741d735c09820d4c35796c
SHA512 2ea3dc7ee81ec85dde7195b55be7862d421742b25d96b5bba300c91afb1c51e2b74fadf30017e8984a96af85d561177620633bd306fa7ebf47af58e6b920b09e

/data/data/mob.play.rflx/cache/image_cache/cd48320395cc4b383d8b1dbf39da61cc33acbb8508ee39b878a41ad85363e67c.1.tmp

MD5 309c949338ffd39a1a040279d48dc769
SHA1 7e0bdbc4f418f28343a836470159e67896cfd3b8
SHA256 b8392328bc9b4ade69cc48feef07d8713135e1ce88041d6427b363214c2e8d20
SHA512 0b7d755ce5606e84336e45ccd7a40a32de875f773354fdc3ed6909d9f78c993d22e2511ce8e86caf8eb1c4f6da79125abfbadd5591ab7499c701d34929ea6936

/storage/emulated/0/Android/data/mob.play.rflx/cache/UnityAdsCache/UnityAdsWebApp.html

MD5 60613793d0bce882b80f2429f3b50edb
SHA1 48b22e5a190e572e9014a10c4a4543e57f2cb332
SHA256 92eadd3cdd8a390d38fe5df7c795f9398dd143f7de64937592ca16b69e0cee54
SHA512 81e13b31b28f27abff6f67a827e4dbafced5d0814d958010f04f741a45aa3d5b0d991e9672f72e93d6d9680e0104a865ee33a68c29ec976c96c0743c89500993

/data/data/mob.play.rflx/cache/image_cache/6aeae7ce4c302f286ee4db30d2a576f01443d3f5221091717edd4887e51f65b9.1.tmp

MD5 81a9125ee296d8e00e7964c0676c7a34
SHA1 25dc58b095b39c5bcc6897988999c2e9aa7fce6f
SHA256 94bf1fc36e2d7fb7db20d5b207131d8b0ba9f781ccc58e7e73e5735229822142
SHA512 1540a3bd7647caa78051e7235313749dbd6fddbe80cbe0b68f9f4145c8e7ad44aed42e018d62cd6724e083a03da371fd441a1c2f163b5bc8b86ff79af30f051f

/data/data/mob.play.rflx/files/back_dark.png

MD5 74860bc33c04b72a4848a5d7b97bec5f
SHA1 336856eed4d49ebd0d429877822ac5781b4a18eb
SHA256 fb479f88bc809d106fc15c465079b19f6027a01ecbd0d79267147c0529adea69
SHA512 9b6993ba917c3a687b0df03deaf9e5e6ac41d3606ef148e259eb32de8c41203249063059a11bd598b860f2e3d795c73cd339c5325f80a2623745e7003f6586aa

/data/data/mob.play.rflx/files/StartappMetadata

MD5 f47ceb0ed3053661904cb5da89068f79
SHA1 26449e9760c4dc279febfa87f4eba8be4a0925a4
SHA256 026b35dbcccf26464948b101248c29772ae5a3d8c8fe880787f72cd2deb02145
SHA512 0e7ac4ee4fe4f8bf6648014391796ee80b6cf53af4ee574df36309d1cfdb5f0ddf5f292e9b5a6c5e37bfc3011fd0ca1a6a8332b1344be16e77088101d41fb35e

/data/data/mob.play.rflx/files/browser_icon_dark.png

MD5 c954c504c75c8ba2b112deb64869f78d
SHA1 5b594778f7a5bdac4e41de2d6c81225d5e329e0f
SHA256 37ee870f153d26b3956abcead4c45160b264fde6ca016bc2d330e9e36060ee46
SHA512 af1705681c3a2ef83427c853d310bc2dd6159f5db1c1b5a5740431a5a928b4c6541dcd5e3fcffd6c06697b87ca740a0ce2473e2cf141f21ee13730f325d4403b

/data/data/mob.play.rflx/cache/image_cache/0631c52cc80be41bb7a2b5000c18a63ed5ee588b497f25a4ecc5c457e9b5cc76.0.tmp

MD5 0e44ab502347cd6860ea57915f71154e
SHA1 a55724906ced449fc37e54f7be15367825f004bb
SHA256 ea3a8a7d0d9245205b7bb92d524fb62b9fc89292a60f944a0b9ccdc7cc08b18c
SHA512 da2c2c8408a81f04b98b6c75b99709a93aed527150b359377712abd2c48e80c826cd1f4a9a38694e35f05235195c9e350a7e87e566ed3ec60d20618c34db0458

/data/data/mob.play.rflx/files/forward_.png

MD5 795fe2fffc9505398b787eb2f15f440e
SHA1 c124812df2fbd8e4a65fb104aaab352ba300a57a
SHA256 976cb8c0c715b0b0e8b4769b51af1a08f06a4823d69b1f5284fec4531da21fb7
SHA512 c698c060692567afea47446d58d32e92b0bc922088c99e175f5125b264c20d425fe7dddc4b0d70fe9f53d41cfb87ef52965cd40934f21c9f5e2b9281dee72389

/data/data/mob.play.rflx/cache/image_cache/960548dd38d1fb7efed33491e8374ddaaa25e77bdeb19c92e8fd6cd4efa5d25e.0.tmp

MD5 b062371d70d94204e2dd132c51419c5c
SHA1 59750bafa5a809e30aa160d1775dc3f826e609e9
SHA256 9dcb36376e58862c6acc208909c7fec4cc22324af69fb94d854b22262e28fabe
SHA512 4f47fc640cc2b995a658c2e3c858f08207f350556bbc7982c2d9b15057e640e00e130165f4ebebe6b000f815b02473e2829a9baec73be8932b3d0085294ca0fc

/data/data/mob.play.rflx/cache/image_cache/0631c52cc80be41bb7a2b5000c18a63ed5ee588b497f25a4ecc5c457e9b5cc76.1.tmp

MD5 61b254c88b0bfaf95b7466e1f9c1d5ed
SHA1 518c9a33c2124ef01f7f9806c7d097997ea844c7
SHA256 59e5c02555ab3e2d0680fc66897fbee9f911863f8187753aaadcc40b211c3337
SHA512 9f3e177dc50756308649867fd2d2b155d25450534e539e6189ca573a60c6d53c02fc82f19976f88a9836522d5f2d79e35b5c3b57f7e1afdccbabfd95eb35efed

/data/data/mob.play.rflx/cache/image_cache/960548dd38d1fb7efed33491e8374ddaaa25e77bdeb19c92e8fd6cd4efa5d25e.1.tmp

MD5 9ff295239bab3308657b0d5f17673b8f
SHA1 a4dda42677bd31253aa4c6307601c83d65847b3a
SHA256 efd50d627d6b634ab04203912f60335a3f11b57a9fe5bece1bee9ea12bfa2c34
SHA512 a21a09eb9321c4c19157e7f49e93b6da53ddb0c658e3a48fcdb84b4ca9ca2167bd075cf4e6865bd85f2e4e378d3507a049376a2316808e7f1b34b35c2a0564c1

/data/data/mob.play.rflx/files/forward_dark.png

MD5 ae1702688d33694b08e2f990527fd179
SHA1 fccea348af9e98608b152c1e35307d04a1cddeb1
SHA256 87916bc88b54b8602b2f43695d34b196b5cc8948ccb6576b24cced2feacb245f
SHA512 aa0aa7306867900ec765e0645e2666ae1a913fb1bc67ba205b3b80d1b37089bd8692c2b34fca233ed3bcfe89a42f095a375df787d5c29ced86bd040981110d2c

/data/data/mob.play.rflx/files/x_dark.png

MD5 2e42562e9d02dafe67ac6404f58289b7
SHA1 c37072894b2169be2643dd5e541ff8dfccecebe2
SHA256 2f70939006596d2496c26284508e70ef260968eae1385c220e91e74b58e0d13a
SHA512 a65a9fff0c6e17c322d0f0d6e0233fcca6d701a331a0fbc7da7eb21474c11875bd0e3edafc6c1df248ba85f22fc47b403d5668316405adcd8f6e4907a893d3bf

/data/data/mob.play.rflx/files/filled_star.png

MD5 4ef85932c17e863921c9bbdf1394fe92
SHA1 f3811986d3648be1ca89162a079aff4644fe26d7
SHA256 0d6e7d7a915944adfb498a45a6db96efc77d0112ba1f374461868e257315dfa3
SHA512 1ba7939efbd515f81333a155064e248de27b2c70cc71004136ab9d3c61ad34baab7f1d00529e1c78d4cdf11deddbad2376d27d5ab1af699a9d29c5b5da7f4db1

/data/data/mob.play.rflx/databases/google_app_measurement_local.db-wal

MD5 8dc51460616239cf4647089d1262f7f4
SHA1 c2ec315b403abbe6a4015f44f0b578f89d9b6af3
SHA256 1b90f055a6a3446b3bbfd1f7c17e9f792df930e910ecafc92ac4321f72111306
SHA512 bde36a075fa94b205b7b1ea1b0265d3f981152a09bc767edab1706d019a460f18749a88c35e06b77e47f36c869d8cffe4fd8b3e5dce749717e0f8665424e6649

/data/data/mob.play.rflx/databases/google_app_measurement_local.db

MD5 d54ea409dd8d37334b9daced039bfef3
SHA1 819088d53c3663c808258d472a1a2b31f3248851
SHA256 10efc55e53521fc17046238ead196983bbc2d531c124fcc506108f245af388f0
SHA512 4e01c600ee0100452f9016c37e5c8d1032ba5e7d9e30e41f7ee8302e7aadb071737396bef9a225545c05a27fae6c6759b6936032d29479e4657d9bd3a840f70e

/data/data/mob.play.rflx/files/half_star.png

MD5 ba75be02cd7e410fa660a1783b0fff3c
SHA1 b5b60389112f5c6179878423c6c97eb5ab1680b4
SHA256 77a060cb9e3f9a5eb52654135d00106d36208f3d38878ca3b752ca1af85cf42d
SHA512 9985e466e1652eed843a9dd97832b8ee9bad05cd591a4b17548e876ac65c6cfa4da4f46e83dddf89f9fb1924d92dbf21ce13e66059d5cc7dbe0500cf0c0e7b0c

/data/data/mob.play.rflx/files/empty_star.png

MD5 136e73ffc6805e043bf61a12b3755b1a
SHA1 b7bd8ee6bd46f7bf3a2f21879e71ff4684e56361
SHA256 ecf9d2a4448842086066d82fecd6ec372497298bfef3c8e3fd17a97187a3e7bc
SHA512 62a12a8070955026e27e6c146d46bc44a345b0b4752e1c45487f06224e11c42490344b259ee6fe51fb6e9847cf4146abd7d4fbd0274d0f2c532868bc4be5d527

/data/data/mob.play.rflx/files/logo.png

MD5 5f93b7b61e5bcf973fd93c049061023e
SHA1 7c154666967abc13d9d38c9b79eb6933db64566f
SHA256 4e537f889054c9f1dfb4b1a30c34ea180310dbc9b9bcc9123605f0f802a24557
SHA512 d96bb4c9daab3b2a72a3d82682a8f66ee85a0eb525a87afd13f46de949ee8a02d9a560da6584ecd658681c93a13df03d9a0f57382fdc40f56b2541a51e858a67

/data/misc/profiles/cur/0/mob.play.rflx/primary.prof

MD5 8e1f9222fb599ad3bd0609c68c453e97
SHA1 c6f1b2b173917844eee1519f85572faca81bf2d1
SHA256 d632bf8f2047d9a3278120b2f35ad5960a78f62ab8bd8b8cc04832857be39bd3
SHA512 f7656a5f4e0eb97d920c65d5a402d6efe64278ef9d3eaec835830f65723b71ef13abcdf97fb07012d5ef4c4c00c56a6e266fadf42624f5aa8bffacd39bf8bead

/data/data/mob.play.rflx/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 8bebcf35e41d85b42383cd4843a8454c
SHA1 373cf730ae6f0642ae0272ea0f9b60e249793822
SHA256 1f3f4e806d378f4ae0050312ec76422afa3c59f17a275d7a217c74c159fcf45f
SHA512 7fb81708e8827e6adb9b47bbf272a29f5446f2eb4d44d5038b9fc2b835a1a169454e9756e39af06efde35ee94a09b9217f3027af968261cb632168cc199a4c82

/data/data/mob.play.rflx/files/profileInstalled

MD5 923e8c206e12345dff7eca043da55f39
SHA1 cb0aebeba580eaa772ef792deef1c711f5f8ed72
SHA256 acdb9c1fa5c01186d2d00b427fb8d874868eb25c1d6a8ebd9df40680777aa5c0
SHA512 64476099155ccca87c1b67b324ba361298700350182d0ffcf0dabacb67ab083d84b6ee5021c8c54945c9780d728a8df84885f81cbfca6fdf359e875cc76e523b

/data/data/mob.play.rflx/databases/google_app_measurement_local.db-wal

MD5 45fa674ef769a86bc38685238be35585
SHA1 ae71c8bbf4fcf452945cb8b6761c2510c9bae466
SHA256 4c1649a4be8e566da1fbd55a3eada4a17e0a1378b25c701eb8b6007f284ea37f
SHA512 7c16af890e0f9f020db48d23473571123a3712aeec7e04f0cb82fcde5ebf4dcbf060b271bdaee94bbfca3168864f97a7f99ddf942e886f90e2afba1181b91449

/data/data/mob.play.rflx/databases/google_app_measurement_local.db

MD5 a1a24b47ce4a58a49c982a81ff846289
SHA1 69faac036ef0f29b0c4c0e89f1bfcb8357b60cb4
SHA256 2f0a99ba8d927ef83d9e653ad169cee72ae639b0e002394a8e45119206f2f4d2
SHA512 708a5abcb4d908d2842a028b76aa1eabf66a6114ccd580667198fec6c07444c7665ed257ceda7937f124e1c8f81325d89647783398e9ce3655f01018ae75f3ec

/data/data/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 6b0f993c0b32d82defd46e43fe50c1e4
SHA1 fe1dc6faf3506ec46f135961a649d89909d1ce81
SHA256 708fa0f17498744cf530d20d0d1b9f61feb03bf62138b309d5363ea7ae0619c9
SHA512 0c79617f06cae366baaab7bd58372d4ab3d3bb7dacdd20c1a4297e5672778f75a9e451587735d6e8a37b4d68877796da15c9f381f789e6371027718b6729844a

/data/data/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 a621728dcde6d82877f26c453ddef983
SHA1 ce1c09ef7cc83c24a2672c9da12fce90b1a7473f
SHA256 d9f27a7828e6927e47f4611a023017247230bbc4a52b8f2f50a8cd6e566760b1
SHA512 067c1957c458c82df9dedb3846587cb42dc7b7b2e3d5c858379975736776bda3cba3f5b04dd6bf7cc04eb7cb0535f224cd874586f84deb6eebb2b9a0fbf9ef23

/data/data/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 2e256141924caff79039907bdb890c58
SHA1 fee6e73f786d421b578a93b8d7a1e93bc8288de0
SHA256 ac208d6dc57111dfb3e1f7844132b03d0c8996b4956b72be141ec545f85d5da4
SHA512 3296acfc69a432dda9f78bc84c1e44f55172963c9041e194ce5c493bb2a5e9a871e563da85231ac69fdf5c644ea46257a80d773788aa83cce3bbc2439191da67

/data/misc/profiles/cur/0/mob.play.rflx/primary.prof

MD5 825020b2dd34a7dad3a6287980239f5d
SHA1 420f97c7e2d7638d1ad84ee4a108008f934bf01f
SHA256 1b97b78c194adefa6b3f29974d818802482f2af76c518035e59dec75bb44f434
SHA512 ee37116d2dc03ccd06279bd451b3107161b0af4bd1db966ac3be94d771c338a9265dee4429e82f07dd2364a4e02c103ad9cdc80a495d4ad8cd90f945adb19416

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-21 11:41

Reported

2024-07-21 11:45

Platform

android-x64-20240624-en

Max time kernel

9s

Max time network

148s

Command Line

mob.play.rflx

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/bin/failsafe/su N/A N/A
N/A /system/sd/xbin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/xbin/su N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

mob.play.rflx

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
US 1.1.1.1:53 firebase-settings.crashlytics.col udp
GB 142.250.179.227:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 configv2.unityads.unity3d.com udp
US 34.110.229.214:443 configv2.unityads.unity3d.com tcp
US 1.1.1.1:53 api.npoint.io udp
US 216.24.57.4:443 api.npoint.io tcp
US 1.1.1.1:53 adsmetadata.startappservice.com udp
SG 138.2.110.152:443 adsmetadata.startappservice.com tcp
US 1.1.1.1:53 info.startappservice.com udp
US 68.232.34.193:443 info.startappservice.com tcp
US 68.232.34.193:443 info.startappservice.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.178.2:443 tcp

Files

/data/data/mob.play.rflx/files/PersistedInstallation7679445185286385875tmp

MD5 d79df676b968eae2121c9bae810c833e
SHA1 939be0b072b6f29b7fb9d2306f8b039053212089
SHA256 b132e0483389f405c772c848778650ddb8977f2ab516f23e47dab4d2d108c40f
SHA512 8b8ec7f56882333ac17902203814b585a7acd1ea330357b75959e498b1c8a4a5229a33dd7fe069e856036324923c62743b1d7a204e9651092bf6477ee9f0cbc5

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 38fa3cbd562e4af5fcce18d0d8a399ed
SHA1 2c3c0c7a8921d7fe55b59641a041a550f7020fc8
SHA256 97f4cde3d46df0f615ba6f33e9fb7ea6899b3fc1fb013d93377a23b7c067c170
SHA512 4a7510522cb3714ea9d8e0e377ab03f82e9df680a7d4a70125ec609fc73369efdb9ee9fe93de9ed0cb5bea20574218777a07be81e183d6919c8261f5f72f3180

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events

MD5 3736066a42aa8323b6058167aee2600a
SHA1 996140b9ba84bbf5d916a98c4e11819f8c67039e
SHA256 f5fb3babd79fc65819b43fdda743c027ef8b66659186aaf5a7106c799d0f0ad0
SHA512 096f2f59a50df6a7da1c9a4709cda2bc66e1125338d46ceab688f7d53af4f61d8101bf398e8f153dad52e6e5ed70ba2537b99cfc834258cb2669bd5dade1bdc4

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 a9ef26edecdc8c69670d87ed9470b35a
SHA1 22b53aed57db9e30b87d8420ace861127dc77b2f
SHA256 0030606ad59e0da1754170b52bd426ea55ec03361f1595fe90b1eaa9406fdfc1
SHA512 b4621639a01dfd3d7521546372442d8a2c767dd26f63f533a4cf548a5c1b9bf42b32fac21013df9aff9548d6a74e70884f6f663be550912da27944816a1c91dd

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851

MD5 f98d4a333de944dcc860384d88b16a29
SHA1 2e812d538f52346fc7ac31c5e1e5fa4d75fab2a5
SHA256 dcef842b6b5ff248e74b7c168e2d748b50109892490ab6a361bd06c8df848bbd
SHA512 734c18627f0cf676bce87a4c089dc0a33209e5195d74884a3a6dab77360e051e93ff51186034c8a952b68637835936d91a5c6f3b573ce14a955909cd2b12e4de

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 a3841255ce11eaac671ece9e05f32b96
SHA1 f0d4f43f89b8e9b88b37f21447cc9c0daae7abd6
SHA256 8bf0d4a408b2c528f856f017b27f83e2612943e66a94700d5c1f987ef53b5264
SHA512 9602771d30f9f9e6e59eb5806b4106c5d61a3d8b6134145afdc969494915e4e43235fe55d05fe84cc5cc913f643d66378e99052083768ed431cd9dcc7c41863a

/data/data/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/open-sessions/669CF40D03420001137194310FCE0536/report

MD5 bd727ceaa5952d47293c7b6b3109f8fe
SHA1 7f4a813afe315178289a1d9d3b29ad7c424d7a6a
SHA256 04f3b8f11b0e14e6bfa4b49828758e0cc689faefe56ba7a53f0da9de22769f89
SHA512 4c4d0b04f0be10abd019d71bf818501e7dad590c65a4288796df8b20a5640bc714c84d86c3fb46518a38da867e79053ed582b2038f71e21aa69d968271423b46

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 847f198db1ac637ceca74345e34570a3
SHA1 c94e0c078c1d1c027a15372ed4d96004c0fdfb8d
SHA256 2a641c6f5d3765612d2e6e2dd1f5cd82705a2a6f6a507c791c56719cf9ef4332
SHA512 40cc8add4e2b64eb751674b14e9d5914075cd24e5f7f28b8d704cf1136448d27254b1bd487bb3552216e3a26c47f78efc885510ae75c6f2ca29a196aa8833c12

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 5fd7f01a2335c0e6beccf417fd8d04b3
SHA1 f0c7c9a6041356ad32b8feb331bf01287a891871
SHA256 3afdd8216a367375e079eb6bb7646457e87210d51eda38cdc794e33b2a7ce7a4
SHA512 7e6d2af792e54d7b3752e13753cc8e99d6431d275472f4289694ad0324a16d47fe97e4478ca239c8765be0035aa0f3b34477cd7909f10b5e01e3aae53468bc7a

/data/data/mob.play.rflx/files/datastore/firebase_session_settings.preferences_pb.tmp

MD5 35b51faac8b5af3886e70bb5a885dab1
SHA1 e6cb282da46cd4bf113e25c8573268578dcd11b6
SHA256 af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b
SHA512 6ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa

/data/data/mob.play.rflx/files/datastore/firebase_session_settings.preferences_pb.tmp

MD5 944e6a5a08cb971370c65c06061f0ab4
SHA1 84d47725cc29bf167b782c702575bce4bf2ecc5b
SHA256 ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab
SHA512 bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783

/data/data/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 98e2b2604234a6e426c659c8690c9496
SHA1 b2eaa0e708f503661b552a60e971738829633827
SHA256 987cf22d8023922af2de711d2aebe518b367ac9bb8a4744a9d9eda48d7aaba3b
SHA512 c2e5082f639d9aa49692f6b952016e010de21eaf687bb13c8f1823de469fe90bd809264777e798ae93c088b5f7454dcb72480a15624d449f4a8a2cbd6320316e

/data/data/mob.play.rflx/files/datastore/firebase_session_settings.preferences_pb.tmp

MD5 ffcbf87665a36fc21782400bd0537e79
SHA1 3dbfbdbfdcde953317b089f9a9fa0bbe50c698ee
SHA256 a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d
SHA512 7f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57

/data/data/mob.play.rflx/files/datastore/firebase_session_settings.preferences_pb.tmp

MD5 dcf7d6c1cfd5e7b56074e3001577c78b
SHA1 b8eba89aee9f6688ecda6675ef8ff4998da0b141
SHA256 ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91
SHA512 42d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d

/storage/emulated/0/Android/data/mob.play.rflx/cache/UnityAdsCache/UnityAdsTest.txt

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/mob.play.rflx/files/datastore/firebase_session_settings.preferences_pb.tmp

MD5 7d1787833315f9b2895173a54ccfc1f6
SHA1 3be22722cad564ef0173ce4d20f78076c3037496
SHA256 7e213ae9a67e9866f731e9da11552253b96a1e9cfe69dfeeca70e3bb3073be42
SHA512 5faf2adad4ba7018fa76c5b934092d835693aa3a89b62639d6ae09c76d777aa3764bcab175b7aac80b4b526d1244db51c70eb9c20478a4f49394f7ce0411f5ca

/data/data/mob.play.rflx/files/PersistedInstallation8167374282359380489tmp

MD5 39154be948b21201d2f4d3f77894ef06
SHA1 995a3ad068d5272cff77b1aeba24b86262903182
SHA256 537d9e3bd02b71ccd91e20109d2fad4bd4b5eda0549ef40ed2ce8c504eb57ab9
SHA512 c7c3a78ff58d8202b0a294e36162a75fc017f4a079bd9c4258f85dce0c1474b808966f5624a297c77ecb29521a63c854c819885891c911d1caaa9c1498c81465

/data/data/mob.play.rflx/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 476a9a5ac80eed08a4e66f4d29c8ca3c
SHA1 b448c0954df21e3b3b73533514961e9d252ac829
SHA256 72661011844684cef36908b82ac2a14ea6cb33b70ee99228c0bf5330632c0b82
SHA512 3da0553793fff80b2eaa5588a2c21a86af8899aedeed6a85f8a88bf2a9b5033931b003cf9e4041614bb9791715058c113b970118aa10d639c57ecda2f21d0798

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 851142642a2bf7dcc6d6152c9683a5fa
SHA1 77383d2a4f9d6b4dcdec02973824a6e252afa12a
SHA256 dadbd5778b05491ca0e561698c084fb69a307424160593a79189e2481bb4c152
SHA512 57df69ac39d8aedf2a5c98d000aa42cf8d741bc953c0bc09799b08ccad4a34fe6ff2d978f39c9bb1c1658bd00d5d87b4aa302e19ce57dab7dc2b771ae7adc1c5

/data/data/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 787625e30bfed8fca24e1367851734f0
SHA1 204baf47663aff191d2b09ea8f88a1621699c72f
SHA256 b6b1d10b0a20de2f39aa6ed6728eee7b6eee8e3443edad6fa8747812f1969bdc
SHA512 a20228d686aff362ae6fc77c6f1057ce7fcf7690b5fbd671f224c16aa355e353c73d202b5ace178e30b5fbb99f96182aa143f44d8a7bb8a2c6f499279f85ced8

/data/data/mob.play.rflx/databases/google_app_measurement_local.db-journal

MD5 b312b57698f5bcc244fb8eb807ea428f
SHA1 99e5ceb23a615d911c7ce9d137eeb85517bee98d
SHA256 b8cdcc4b955277ce6768f7f05a9fcbb0300ea12be60c85249b79e182c6276234
SHA512 14c894e9a94c0f5f696fd30e1f6f44cbc0e76ff70d2fb6c87097cdabec93b4aac8bed752fc152e30cc54cd84ccf0e61942ea536e30c679cf97cd27d6c8e6feb7

/data/data/mob.play.rflx/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/mob.play.rflx/databases/google_app_measurement_local.db-journal

MD5 e15dd98368921702c9bc9e149d43f3d8
SHA1 7344036e465d62d8964c6a69790e540219b1753d
SHA256 c141e06d6f65e1302a01745bc6cbf178c06a2b29cb856ff2f5d33590714f5d54
SHA512 efc246b3f0ef843082743f6f3254f453e97c4ee2c76d5e62581e6558062ee4b25c1ac1baf8841b55554cc52a07aaa78ede642feccd76e0637c9bce7cc9d88098

/data/data/mob.play.rflx/databases/google_app_measurement_local.db-journal

MD5 2d2b8121bcd2a4a9b5b3b7cbcbc9339a
SHA1 0a9c76aac5c3ddf09f99bf37418113bfcc608900
SHA256 366db1a0b217b7b46fb1efdeb08e60d78d5ab3f10cad9e5bc6b7e3664ef0a059
SHA512 e5f3d6d72ece3d13fbc054f404eec63dc2e682e75d7e93ef385ebce5069098facfb1ee5315b8ed42c03ab3e9f1d6c6b02c1cb960095931de9f71caf2b22b60b6

/data/data/mob.play.rflx/databases/google_app_measurement_local.db-journal

MD5 e1299226acd9c7f934409fc38c654167
SHA1 faaaab4d144cec358463fe6c31c1fb05341b7bec
SHA256 df91f9bd860aa29fae244e4e52c383ae37e405a65e581499bbb2642a8b892fd7
SHA512 b28f8505ec24740bb05aeb272dfd04e12b2572ec5b9ac5d0817c8acdb1e888f2fd72dd70e6e39441d8ab28be8f80586e3a2e5076ed27437ac4317bd4c21258a4

/data/data/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/open-sessions/669CF40D03420001137194310FCE0536/event0000000000_

MD5 709ca4252cd6bb6f2a9a95180e04ee92
SHA1 dc3e74fd9f7149081640fc27a03cbc331aa24b56
SHA256 0cdb0206c0fe1617a4c0b04002baeefb4b17e3b9c66503238362cc2f19e1b54a
SHA512 3b87e96be16a897293e7f12f9c38a77af5adee04341f47d2794f3aaec7e61e17fcf2bdbf5211e7571719348d5d447ae6edf3fcbbde8e20a3847816c81ebe752a

/data/data/mob.play.rflx/databases/google_app_measurement_local.db-journal

MD5 f39c9e2ae1ce352f5c6d0a6614ceff1b
SHA1 d84b0826232f1d7c3dfcfab57c2f6f7db0bc6ff2
SHA256 24ba3c7fd96b141779d39436d2d6c1f0de4998af8563e1046cd1d550963a7f48
SHA512 5270f8ba45562e0843eae49f9bc00b4e4bcb34fdc04928702013b5d2f0c526872d7053803140cc4198939ebc59c0604a1eb319a6699f87c69961c8827132428a

/data/data/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/priority-reports/669CF40D03420001137194310FCE0536

MD5 aa465d2b95b3e09ca05f20a4f2f01576
SHA1 3bf409fba5704b8e2fa957793f8f28f2f2e99c0f
SHA256 d669e71c890c71cb2c9dcb57db727d2d37aa8245e06d4782c2b41b5a6809895d
SHA512 c600dfd92595d1903b91a59e8edfb0461dbe06b67526d7981b25e2228a4a62484eb68346bf016fc63d9d4b2020bb222746288fdf299c277893c01173f3761513

/data/data/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/open-sessions/669CF41300440002137194310FCE0536/report

MD5 9462a4e20d0bd0fe19ab51b4c97dd399
SHA1 102c9333fc416ebe6dfc883d7ef08b5de76bec70
SHA256 eb9537ab94662336411d011c1291bef85018f4e335ded35cdd4ad1e878ab18f5
SHA512 e5a71239cb1734851b915b53e9a927798c8033bfb4318db2d17413e4e0996a5af0f4d900ada38ad9aea21333c49f19cbc00e0ffb331bf28e987c9a87bc087f37

/data/data/mob.play.rflx/databases/google_app_measurement_local.db-journal

MD5 f02410f57bb3a778d7031f484893ede4
SHA1 79184656516a208f112b0a65542fd1a0e95568af
SHA256 f813fbbb1820516eec902c5fd32c97dbcfa9286fa287b338f0668754a28bbdf7
SHA512 463b4e84aa07fef18ecbe1961755e0652e21bd593156092fa00e9f9ebed545b6bd418e687cc1b87b640ad039df119fce4147e53f838a24ca25ea700f46c9dd14

/data/data/mob.play.rflx/databases/google_app_measurement_local.db

MD5 7490f7d0e3b7fa2fbf40db5ba889604c
SHA1 2c0744e76c9d98b97d3d330c1868137b8c09af4b
SHA256 07e6058ef97ef2553bb8b3a55bee24e2a58cf00ba4e73afd14abc99f00300c46
SHA512 499b3638bf3efee6330a3f664bfccfd0f6f249a59c23483b6c1f7371c6c8faeeaa71f0277519b769379c18e4af1df0c960021cf60098a259d2600f298001ecea

/data/data/mob.play.rflx/databases/google_app_measurement_local.db

MD5 0b669cdffa68b3d4f03842f52cc504eb
SHA1 9f95192ce5448c8649b4af643d988485581e5461
SHA256 979a9f312c5f9540424b36ea43a2a28ec6f48c5297fbe65e814e342c6d32ca23
SHA512 f5f2960a47b48c6c4fde7702430690e88839f137f4facb95bcf7c2941b279cb0d2f36f5539d4e4c27f4834136f6b20f78c26e619e186e879c2e3b5ad00f263c1

/data/data/mob.play.rflx/files/StartappAdsMetadata

MD5 c5ec03049f2a725dbe8dff5598ea7afe
SHA1 3272e70169bcb264b8072dec2dda5c2d2f7432a1
SHA256 8d11f72942817bf46c3b47ba9e7892b70b5ccee1e01116804ac1d5b683c48840
SHA512 8d0134a29ef6c20c39e755d4d36fee2c119ae32d6f05d1d62c8ccf116756f216e8a9825a5cfdd576576d79c9bac33055b47216efea7dd4f966a14111680588c6

/data/data/mob.play.rflx/files/StartappBannerMetadata

MD5 1464bff0fd2bc323b44f3019e32e43e5
SHA1 e723343e3d4bd22bab0510ab4d1233e346b4a838
SHA256 5225c5f27e665aa4efe233d9efa63a60e7a62171ed33c1667cbb5bf6b92e44a3
SHA512 dcfde2c757c5b83ed0060792c6900f1e2614410a2441563d2bdbadfc24326f73f2fa0fa7f2b7bd4555aa2a2b03c15e0ac3d28ad4836e0fda5484f00f8f2eac01

/data/data/mob.play.rflx/files/StartappSplashMetadata

MD5 84d44d07ee0cd574f5c73907b7a6055e
SHA1 19c7bb2bdf7f98e4ec69bbbd94981fd6ef8966c6
SHA256 e0a6705cbbe7af1c15e10c45b471bfff79dada9044f17fb7226c8fb6460f7ca2
SHA512 d8ecf9b58cb4aa25d14be75bdbd5c941dd5ecc98b85edd26110f93da78b552d3264b5458ae1e26a489f66e0d4771dc147d8afc73b6532a795e6457e27aa27947

/data/data/mob.play.rflx/files/StartappCacheMetadata

MD5 c41164d8f5044093acc85a4f93b1ca1b
SHA1 2001e355baa615da01da5bb8b60c88f64d0e57ff
SHA256 5e478ae54831bad55c4dcda78db4fa071411c98ddf9d057ff557a36b1cd9c3e4
SHA512 3812f2c85d4e24df3e68b0912a2dab1d1fff198ae0cd8c238e925239b19a084cbf2d58831bf5897ce764029f28bbe515b98acfb940ce985280beb9cf6251c57d

/data/data/mob.play.rflx/files/StartappAdInfoMetadata

MD5 754ad49457c31a4a8dcb51a8a702d232
SHA1 1db8908483c154ad82475d3a7ac5b8342f5e5829
SHA256 b7553fa19e1a869edc56e5f9d63c11feef71a654a54a95a3e3d9e247c99f3784
SHA512 c57b0849e576668e178988f8a11424cde30e53755e34c7c163d55e31527d9874d24c30cf7909304e247baaa3437ef4784fdda33172fd91e0d33eac0091581c57

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-21 11:41

Reported

2024-07-21 11:45

Platform

android-x64-arm64-20240624-en

Max time kernel

74s

Max time network

159s

Command Line

mob.play.rflx

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/sd/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /system/bin/failsafe/su N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

mob.play.rflx

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
US 1.1.1.1:53 firebase-settings.crashlytics.col udp
GB 172.217.16.227:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 configv2.unityads.unity3d.com udp
US 34.110.229.214:443 configv2.unityads.unity3d.com tcp
US 1.1.1.1:53 api.npoint.io udp
US 1.1.1.1:53 infoevent.startappservice.com udp
US 216.24.57.4:443 api.npoint.io tcp
SG 138.2.110.152:443 infoevent.startappservice.com tcp
US 1.1.1.1:53 adsmetadata.startappservice.com udp
SG 213.35.117.150:443 adsmetadata.startappservice.com tcp
SG 213.35.117.150:443 adsmetadata.startappservice.com tcp
US 1.1.1.1:53 info.startappservice.com udp
US 68.232.34.193:443 info.startappservice.com tcp
US 68.232.34.193:443 info.startappservice.com tcp
US 1.1.1.1:53 m.media-amazon.com udp
US 1.1.1.1:53 i.imgur.com udp
US 34.110.229.214:443 configv2.unityads.unity3d.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
GB 18.165.227.78:443 webview.unityads.unity3d.com tcp
US 1.1.1.1:53 trackdownload.startappservice.com udp
US 1.1.1.1:53 sdk-exchange.startappservice.com udp
US 158.101.105.86:443 trackdownload.startappservice.com tcp
DE 132.145.224.90:443 sdk-exchange.startappservice.com tcp
SG 138.2.110.152:443 adsmetadata.startappservice.com tcp
US 1.1.1.1:53 thind.unityads.unity3d.com udp
US 34.107.172.168:443 thind.unityads.unity3d.com tcp
US 34.107.172.168:443 thind.unityads.unity3d.com tcp
US 1.1.1.1:53 auction-load.unityads.unity3d.com udp
US 34.110.184.100:443 auction-load.unityads.unity3d.com tcp
US 1.1.1.1:53 httpkafka.unityads.unity3d.com udp
US 35.244.205.3:443 httpkafka.unityads.unity3d.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
DE 132.145.224.90:443 sdk-exchange.startappservice.com tcp

Files

/data/user/0/mob.play.rflx/files/PersistedInstallation2460124408738135322tmp

MD5 a38b190cb6fded7bb5ad3c236d23c5cf
SHA1 a43d281c6ce74fdf00e4b0705de67ef20e090589
SHA256 d2827ac501d293fe72a1c14c505dc429179be4646c935adb5106f28d626fe472
SHA512 e4e4ab2e3182971788fbdc3043bf3b45c42b4074400afae0f51611fe8bca181dfdcb0e94e061bcd2ca683f50c9e419bb24c30fbdda1b238947febd62333136b0

/data/user/0/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 f62eaa459b53a5d171dbfbb638f512ce
SHA1 bde80f2645cac68b9b2053e226d0710af961702f
SHA256 304e2b4be49ccf4a3bcadb09fc929718e42c21abbed34011ef0f826bd4dee277
SHA512 d1069b8660edd25816ac9b09930d3361bf4ce6984598218f030aa39c2e2a64a25e1a357bd9d76d9aeec9f25f6bdd1ad75458f49e5cc9bc4d7ee550ca2e6057ab

/data/user/0/mob.play.rflx/databases/com.google.android.datatransport.events

MD5 ede89099675fd3420c5319ad3e1c8989
SHA1 4a99cc0ef8bed966d7ecec960706ddab82127ea8
SHA256 8ff277c37b1606fc2a4f6dc3fe36a4ffc9e87262cb88980c2aa3c535bb174b80
SHA512 ffd1a5327fea517b94b9f61cfb49dff2e19ffed144946b4afe268062a037c522315d5e1d2dd0d91cc95050d3bdbeff70ac9ad433f6b2b1386b6aba47f9f32ae3

/data/user/0/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 b197867820e9b2c1fa3c351b09a72074
SHA1 a8eadd1c77008a22795e4bf0799580430f47c276
SHA256 63d552dbcef87a1ec9a30e0971ff8a2928307bb8eea2d0b3e3cbf7dbbd0ad580
SHA512 6529921ad7f968549e1765512f6e1b64afb072b03b5dde62471b59265baa9c931383e9cd7d5e05928a678cacc4e45ccc87f57e0fd358d6dc4874dc2df34b2a7c

/data/user/0/mob.play.rflx/databases/com.google.android.datatransport.events-journal

MD5 715532f507543bb6beeab73745f351fa
SHA1 b63c9f1bf0c647efac9b6e36d6a766696c4d48d5
SHA256 46d8432ea22d7e9eb39e44065a17f659022854b477362202a8b97341294cc462
SHA512 ff682bb0b83e3b02d07660c2cdebb3f1b8dbe2ff76d718a5ff1ce2d1ffb1887cbc16be4cbd8c659f773497113d32dcc9bceba7f02ae46e23f183eeee571fddbd

/data/user/0/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/open-sessions/669CF40E02AF0001118CCC800EC56357/report

MD5 3f45ea1bfdb57873b69f4a5c476cc80d
SHA1 50420cff604affb130baab69b611e80226b77076
SHA256 07cd35cca2f7f9e9f08d8896baaf5c150842e86b182ec0a726f907951a3ab7fd
SHA512 7e27f160fc5364faaace54d1d57fd68ab87a3d7dc7c082db0e0d3eacb65603f8d081f8545ef763f91e8afa76dc8c688712094d1a6ffe34bc84a05ce174f1c026

/storage/emulated/0/Android/data/mob.play.rflx/cache/UnityAdsCache/UnityAdsTest.txt (deleted)

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 403ede4bb876d17bda7a9c0dfa00ff32
SHA1 54bde8e3f80e4c005428d5025b6a6bd6c04e4b74
SHA256 3da853adef321db2a7852cc1e47b3188836bf1ab71afa7a3faaa0a0fa7685395
SHA512 71a6548e6ab10118f63dac0b3614544d2e1c12e9d35d381eef004ffa0ca2145d219b0af384a751e848e32d91612bef04923a6b63e621b53894ad489e0cac588b

/data/user/0/mob.play.rflx/databases/StartApp-d6864f2502af7851

MD5 5700b496777e4f094190353c7a867f7a
SHA1 89455e21ad3b946f1b4433dee80b4898deceb194
SHA256 5ccf1960db2a7f3dd73ab68984c21069272bf9419b496a8345929f7051b47bde
SHA512 383b70c95c9af69d890d4fe5325dcdfad13a60815b6825bee56571601dd62e122852fbe431bb3840e3a94f8332043b1ee09ddcf84ec84cac543f2396fa5f287b

/data/user/0/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 9ae58917b4ac460353849e568effc21a
SHA1 7d24d09ff4f91338c5c0bef22780e4c8dc9d7830
SHA256 b5cb5cee60657fe4deed92f5e4f10d7741395ea6c1284eabc9d8f79d55cdfb4d
SHA512 ee40cb69f6ccdc2fc8418227c9a54d7ce6c5e02e521778f40c42620a6f0126bbc45a32087c0d283f84fdaceda585bf2ff476f8601aad5ad6b05744dcdc2f11e9

/data/user/0/mob.play.rflx/files/datastore/firebase_session_settings.preferences_pb.tmp

MD5 35b51faac8b5af3886e70bb5a885dab1
SHA1 e6cb282da46cd4bf113e25c8573268578dcd11b6
SHA256 af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b
SHA512 6ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa

/data/user/0/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 244f4b9515d5d41741377f525adb497d
SHA1 0ad1cb03d45a84a890b9fafe433e16674520b40b
SHA256 98f810458eaca5b378e259a8fa2291d0a4b5301e2d940bf307de6fcaa619053d
SHA512 403875b2fdc3549b5468bafa033bba6b9e7d52426509b462010cb216ee95cc020bfd5ce9c5955d82023301f6a104402a237e9c709aaa29acf4309691e2e549b4

/data/user/0/mob.play.rflx/files/datastore/firebase_session_settings.preferences_pb.tmp

MD5 944e6a5a08cb971370c65c06061f0ab4
SHA1 84d47725cc29bf167b782c702575bce4bf2ecc5b
SHA256 ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab
SHA512 bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783

/data/user/0/mob.play.rflx/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/user/0/mob.play.rflx/files/datastore/firebase_session_settings.preferences_pb.tmp

MD5 ffcbf87665a36fc21782400bd0537e79
SHA1 3dbfbdbfdcde953317b089f9a9fa0bbe50c698ee
SHA256 a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d
SHA512 7f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57

/data/user/0/mob.play.rflx/files/datastore/firebase_session_settings.preferences_pb.tmp

MD5 dcf7d6c1cfd5e7b56074e3001577c78b
SHA1 b8eba89aee9f6688ecda6675ef8ff4998da0b141
SHA256 ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91
SHA512 42d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d

/data/user/0/mob.play.rflx/files/PersistedInstallation2471588506942396665tmp

MD5 24e3c9c51a784a60363d27bc109efad8
SHA1 7618f2fec2567e947ae34e65d7ba2cc6e6f14ed1
SHA256 555a913456f357777e44a830b204fa96bf1def0c63baad1b44d5fc4c8e55072b
SHA512 5590845d4f23d07c3883f1e459c1202a1acf10219b25fcb3fb749e679db4da369357e3d9c77f4b23a5961f10e0245ff758e0c97fe8c3a3112f810156b48d1a86

/data/user/0/mob.play.rflx/files/datastore/firebase_session_settings.preferences_pb.tmp

MD5 f435a87c3ecf4c1823dfb5a429f8f9de
SHA1 2a2ad2df48f91265b691edd3e003e630e1797fd0
SHA256 fa97c47ae3b896fcae707927049765ef1a85e1927c7ad641a9bca62039f4e06c
SHA512 2b77b0b9ebfc75c4889074a76ae71a3314cfcf357fb5175910ef722feab02209fc2af2e5228e6d6f8918e6b2bf4d86e6083bb1c60b152717d602b3f003cecdf6

/data/user/0/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 5ccda20bed2e98ff3cf35210fdc9b020
SHA1 ec3311483366d3cc020d824ce2ee3e8899bc8ba4
SHA256 9aec96690ca1d0f95b86ec38c507f3c67fcc45c16eb652025a7c3802bd2b83f2
SHA512 7196898eba48bfbd9e6cd3cb8bba85a481fe07bc7319f272b3ba9a6fa52b269ceaedf21bff07568e919902ab49e78cd90b6db724c8b372d62011a344bda10a0e

/data/user/0/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 bc83d3ac411970738bc1386504a11167
SHA1 d80d6485357c6c2221bdc703e0d0ec0e84daa790
SHA256 121df69abcc0db2a90f123af342c009923f1ed4f89ed7a9a7a1c28dba0d9147c
SHA512 5b586f645d493d3881d3f15ab5e098eb0c60429a201f7862cf1d046525a2ede9e33c31b358c35c9b86d16681dd05e7805d395d25b1905d090cbbe24b55d9d57f

/data/user/0/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 9b747cf849e7ca646b56b4780bba95b1
SHA1 75c85383927bb7a1abb6764508e0350d228b2f1c
SHA256 44f211ec0b53b3e5154f903af164bab6724b721d2c4d57f796e4eb20bc940e50
SHA512 8c58f5a27e1d505ea0d0bf3f91b7c26bcab1adca6096f9bf655cd3f35417841f04cc9020fbcffa910036ea6d8bf5140d73f4db0275638564d00e5daa8c88b1d0

/data/user/0/mob.play.rflx/files/shared_prefs_sdk_ad_prefs

MD5 65026ee778e1372d9f4aed742772e893
SHA1 5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc
SHA256 15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c
SHA512 589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

/data/user/0/mob.play.rflx/databases/google_app_measurement_local.db-journal

MD5 776920ade0520730f2629549a98ee3fa
SHA1 d2aa1c32903bca7bfc592c75e4fbb9cd5b27e417
SHA256 326dc2dfec22bd157b3870b2f54ce13cff3e4a691e399d8289e3ff1cb5096ccc
SHA512 8590ee9cafb436dd787ccd0837c4997c52f79b66964e14430ba2c74c589a2d9972a05fff4521ecad3360c90df6d51890c0f9c9ff3c87fb874d5cf60e0db56e13

/data/user/0/mob.play.rflx/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/user/0/mob.play.rflx/databases/google_app_measurement_local.db-journal

MD5 16a363fac733d49373454ff033b3ad61
SHA1 eae71680c4dd522ff6df104e43654c384c12a1c6
SHA256 6cc3b67d426bd2ff9e2a0a4e06e779c6d516107810dbdb3e7dc85dbd02c89265
SHA512 959d7a03cc18da6f5f409a434e68d7a5e5d2552cf101372751234b4829c6e60e1e164c7049d26858e82699b38d9baf0e52b5fd5f87235a88b2994d4bf6c74546

/data/user/0/mob.play.rflx/databases/google_app_measurement_local.db-journal

MD5 c83e6316fb857dc5168932338fbef94c
SHA1 ad05948735696071e0398279caf8258155ed2c6b
SHA256 19d5344bc6c69f357165c5bda2ad94bc49bdbec23c4ae63111183160f2af1f6c
SHA512 e53001b9bfccb4809925f90b4924a6ad172d263331b22472eebf3af5431ba56edff02fe9aa5522064751e4b29b0e9f4a827c31e914a5e57da945d1da91950d63

/data/user/0/mob.play.rflx/databases/google_app_measurement_local.db-journal

MD5 f2dd7789c39ad54e25c360b9c9f5c16b
SHA1 4499a5a77bfd33a0e012c2987925296d8d876e75
SHA256 b031f80b7e6132a8e7925a455f847e04140bc720099412426b1abe15e61f6842
SHA512 db66d3875a364b5374b560422962aa96bfbe65c7841666715453d71b088800f1cce0eaea5ff01fe2ae1da2cdaf62281cab13513a058b5b5905ce69a7c2c2c7f3

/data/user/0/mob.play.rflx/databases/StartApp-d6864f2502af7851-journal

MD5 fe771e4f03d89a90725d3d4981c249cc
SHA1 926b2eb305626c39a2d76552fa59a7985f95efc6
SHA256 4eac543b12ee80fe6fdccbb2ec2e46c18465b0b4903b1b470d3ecf791222bdd5
SHA512 16143172cd2430454d0de96c7f7948e13524385d7c471cfa3919100ef29fadbf6328df5716b12691ce18e66350ab85895afaf514be8010fdc1c12713a89fd2d0

/data/user/0/mob.play.rflx/databases/google_app_measurement_local.db-journal

MD5 e9641e4a13a2f82b31c0f90ea1d3fb12
SHA1 37946aadafb13eac9b39161ae040c66a15fc0d09
SHA256 bae57c29d9450e9c766b325bb0ddc9653deb7092aa93020c2fedeb404582ce17
SHA512 4ef0a72ad690f0548449eef9f2159988d8bcacfe859e9455f79a5ea6407944b2de41ffeaf69ae2cabd635c3f3509e5185835bb1a4dec331da64965d535c4fd81

/data/user/0/mob.play.rflx/files/StartappAdsMetadata

MD5 c5ec03049f2a725dbe8dff5598ea7afe
SHA1 3272e70169bcb264b8072dec2dda5c2d2f7432a1
SHA256 8d11f72942817bf46c3b47ba9e7892b70b5ccee1e01116804ac1d5b683c48840
SHA512 8d0134a29ef6c20c39e755d4d36fee2c119ae32d6f05d1d62c8ccf116756f216e8a9825a5cfdd576576d79c9bac33055b47216efea7dd4f966a14111680588c6

/data/user/0/mob.play.rflx/files/StartappBannerMetadata

MD5 1464bff0fd2bc323b44f3019e32e43e5
SHA1 e723343e3d4bd22bab0510ab4d1233e346b4a838
SHA256 5225c5f27e665aa4efe233d9efa63a60e7a62171ed33c1667cbb5bf6b92e44a3
SHA512 dcfde2c757c5b83ed0060792c6900f1e2614410a2441563d2bdbadfc24326f73f2fa0fa7f2b7bd4555aa2a2b03c15e0ac3d28ad4836e0fda5484f00f8f2eac01

/data/user/0/mob.play.rflx/files/StartappSplashMetadata

MD5 84d44d07ee0cd574f5c73907b7a6055e
SHA1 19c7bb2bdf7f98e4ec69bbbd94981fd6ef8966c6
SHA256 e0a6705cbbe7af1c15e10c45b471bfff79dada9044f17fb7226c8fb6460f7ca2
SHA512 d8ecf9b58cb4aa25d14be75bdbd5c941dd5ecc98b85edd26110f93da78b552d3264b5458ae1e26a489f66e0d4771dc147d8afc73b6532a795e6457e27aa27947

/data/user/0/mob.play.rflx/files/StartappCacheMetadata

MD5 c41164d8f5044093acc85a4f93b1ca1b
SHA1 2001e355baa615da01da5bb8b60c88f64d0e57ff
SHA256 5e478ae54831bad55c4dcda78db4fa071411c98ddf9d057ff557a36b1cd9c3e4
SHA512 3812f2c85d4e24df3e68b0912a2dab1d1fff198ae0cd8c238e925239b19a084cbf2d58831bf5897ce764029f28bbe515b98acfb940ce985280beb9cf6251c57d

/data/user/0/mob.play.rflx/files/StartappAdInfoMetadata

MD5 bfc23af5e0fcb14a5a46631f6cda433e
SHA1 5dafc3eeff803f3acb9a97fc1ae28c133da4eb2d
SHA256 66a44be9e9052d57636a4f8e62eeb6e8dacc0eb11507b7b85fd234dd2ea3a003
SHA512 f6683a398d3b24082eb1461f434245d0ff7d0bdb37ba70459d4ea41efe893cf005b030e66c90cb4ec06c4659f9e83bd10083481b2654cfac41e14b26e7c2d4ae

/data/misc/profiles/cur/0/mob.play.rflx/primary.prof

MD5 8e1f9222fb599ad3bd0609c68c453e97
SHA1 c6f1b2b173917844eee1519f85572faca81bf2d1
SHA256 d632bf8f2047d9a3278120b2f35ad5960a78f62ab8bd8b8cc04832857be39bd3
SHA512 f7656a5f4e0eb97d920c65d5a402d6efe64278ef9d3eaec835830f65723b71ef13abcdf97fb07012d5ef4c4c00c56a6e266fadf42624f5aa8bffacd39bf8bead

/data/user/0/mob.play.rflx/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 45fc3fd1b87579d9b28b3a915c2fa62b
SHA1 cc0351ce25a51afcf85fbeb44bb98e3ba1907530
SHA256 afa28eb8f1c13a0f4a52fb85545ca80f3f20c414240e7f1008408ad4eb6c5f3a
SHA512 475c58ecd23f27faef2cc16e18b571cb9ac7bea92a7014fbc4714b262cecc06677cadbf0851c3556be6b55d3d7667c3f0d48c411461f431210e10e10479b62bf

/data/user/0/mob.play.rflx/files/StartappMetadata

MD5 b67d1bfa6bde9324a31f6c654d008d86
SHA1 b69f65ae69041bd3cac602b94e52f1245fb6385d
SHA256 b1ecbb77c076b0e20b96271cd0d362bd211323a4ffa16f47e0b9c139962562a5
SHA512 a8ec386dc81283d3dc09440ae4173c00a9708755a1a6ecb4a550f7e791d5028d297a31c216a8281a7cd15e2d60baeec7ce275a48f03090684bddfac1c5a9acb5

/data/user/0/mob.play.rflx/cache/image_cache/journal.tmp

MD5 d6ac8c8db0504502d7f0e057a78c5ce3
SHA1 8f4cf91a262b24ec9c1a6e7c41fd6d16b6623bb4
SHA256 8f22a32cd8de58916041d1097976f2b9c80f7e9a18593d5a6b058bcaed17e22a
SHA512 100e74f0c65b51a17de6eeff96d5c38bd6d40e3c8ee00094fd906ba5794088fe1ad6f3a15be196480384cf01399ea26665a05471404f1eeebb0c82ae6fb104bb

/data/user/0/mob.play.rflx/files/close_button.png

MD5 2d858e8af5d9426fe061df5c82ffa6ff
SHA1 bc1b2eab876aa221b6449d11e482de24b777d58f
SHA256 73d875bdb982c50c666e30ba2b8ae2dceecc63cd0d5f8a35158edfe5f3303835
SHA512 aabaa75856cfc07bf65f3f2dae118e357cba83a45f0a900aa625f576de47c2753b0a00fb1913e45c1d743acc0f6e0100a4a6a326f402b0f4664ba181ad670c0c

/data/user/0/mob.play.rflx/cache/image_cache/journal

MD5 64d7b01c5568f29688bfabc5e753982c
SHA1 2b50a85337ab38792b756f8e4dc501987daa0a99
SHA256 aae24fab27c478799cafbaa037c088b6b9230bf06c5f912f360bd9e7b1729755
SHA512 1be5bdc18d45691570cfd13d6304eb28dddc78d1e0f8fb7bc63a32f43b69e676e1885f9f0a59e5b05e99b44e9e11841430649cb3f3f11538e69434ea33387004

/data/user/0/mob.play.rflx/cache/image_cache/37621656dc41f6deb62e68f91e7aba53d50f961bfc9c123dfc868389941c410c.0.tmp

MD5 aa3d74cec474480c3620da3edbbb298c
SHA1 a4b62b8f4d8eae3348e0928b0a0c2ea25ef7a87d
SHA256 1f42e1b1e6ef1f882ca7ed688027cbe88c5297fcccdf019fbdbe6c4826db9243
SHA512 8b2ca1a4a50067fc170a7656efcc1ce2ed077a332ef60d7e464c7168a36368850754eaa2528e02519885cf84ffdac9a75e33f5decb09f24b32d9f2551e136841

/data/user/0/mob.play.rflx/files/back_.png

MD5 ebc06fd3d86c27a426932a83325eeffb
SHA1 461c990e677114de3baba2a33f0a60c0a10bb9d2
SHA256 ada010f03b82133ccddb4ac69a7c81a1d507121ef1d276c7c191bb55401c2230
SHA512 3b3c682dc3876f7c813bff1a38e53e0c20f6c776eeb8362a8a750b81d0a3132a207b01740a493c61a03261748399e020aec5fcb7354c723e4f5703efe5418b2b

/data/user/0/mob.play.rflx/cache/image_cache/4fd95bdd46bb0fb813237467965c36bc674b2b61f86b189b7033f50f38aa917f.0.tmp

MD5 7f85751cca9279706fd1ce4b18e45c84
SHA1 840c2fee7222755fa8ca2b38006a6adc1d17834d
SHA256 823452fe081f0cfd2e242eb004af76d0e8f300b226190db78363bd73bd55d76f
SHA512 370aaaadfc6ae6a3f214392b2bee33d250c3f6cdfee32c86baabff0f53ee7bfad5e52751d5126fa54ec43e9f10815ad638efe36be0fc376e6c5ea75cd0248c58

/storage/emulated/0/Android/data/mob.play.rflx/cache/UnityAdsCache/UnityAdsWebViewConfiguration.json (deleted)

MD5 d165470950d875a5ef05e52b16fa2b71
SHA1 8eea6374a2f17e04a9265785fa1c805c4c3468dd
SHA256 ec0f12a51524d344321180bd9e3a0ee6056b5a7a563e1c42b5f1c8a9fc9c334c
SHA512 41e5625b05198d45d337c55cc8135651bd11b2e34ad264fa4ccc2766b1efa4f5988768b3323950df1bd523144bb759db5e591fcdff754ba7baf669c67a1383db

/data/user/0/mob.play.rflx/cache/image_cache/37621656dc41f6deb62e68f91e7aba53d50f961bfc9c123dfc868389941c410c.1.tmp

MD5 13513e59bb753a5ed6537aa79e9ea222
SHA1 c873ac163413c36d25d40bd525abdd9365322206
SHA256 847f9581076f0788bb181ffe4a5b61fd8af392ffa9e63c5bf68c7e0b549d8013
SHA512 04d048f23a23f639a79ad9f35f8c7a6a22060aa1c182b8f85b9685ab7c6d32ffe380d5557a23a006f2fc04c79c7a2c7c4e8926b6547607e7ff52805165590cfe

/data/user/0/mob.play.rflx/cache/image_cache/30a6e46c90cc34cb3b33fd83abdf91652ede4f8ab5ba36ee3970eac7e9a570b6.0.tmp

MD5 53d5ed8da5f14c94e8399d498daa246e
SHA1 a0ddec167dc4e1eef3e821c57290abbe750e79c8
SHA256 47ffb85680829adb891c557a3e3015ec9b9708f4e2190cecca0ec19f6b86cb65
SHA512 28e899b7b584fb37e2d6e3ea12e8d2e3cd26ca2b0db09f0e4557d30e1a066ac33c1a78d84b828f8031ccb09e629c9128d7c19f6eab3e471ff14f415bd54639d2

/data/user/0/mob.play.rflx/files/back_dark.png

MD5 355eb0af21063fefca005d93d6afa9c9
SHA1 f854e3d2f0c0470a54e55f31017f9c499bd3671d
SHA256 b50339f939827a8e5a918ee4ed1d8213e27f6d546a98313f90449b27a1ebc00d
SHA512 ffff59e303636383dccc1282dea4c13b8c46d9aea1d646d745f7d26607cfabc25aea8001af873942749129291abef5dc5a858e7360cbfc145f870b80689b34e9

/data/user/0/mob.play.rflx/cache/image_cache/2123247e8d39cf4243f7342a860f26886fe460808ec86023c4779a8dfe41bb08.0.tmp

MD5 b30c0a389e89a52abbe0a1ef5d6c9c06
SHA1 8b3cbd7b44497b3b770b833a94ae9bd62e71e9c5
SHA256 64dc8126833b5608d732e07a56d6706ec43e0cb0b9e9648810c608ea7bfc404f
SHA512 38e9ca6330e26b4b81b2a786cfaf2f37917f9002a35d710fefce625740170be26c7bbfcfa82679e127ec1d74105f64d32de1b80e70cd45b10962fe9f520ca363

/data/user/0/mob.play.rflx/cache/image_cache/4fd95bdd46bb0fb813237467965c36bc674b2b61f86b189b7033f50f38aa917f.1.tmp

MD5 b0e2dfbb88f67a05ebad30f385d3c0cb
SHA1 f0a1b5c5a2857eefd10d4791a29b6a2bcf83c895
SHA256 4e49e2dd5933d1e544caaa7f56f542309d61e6a3a2d454c313d505885c3f98ad
SHA512 b6bca5a6f6b89c26538ea114e70ae7f653c16846fb90d7d686c7092e320b785e382f5d4b7cfb695d8d230c56bc31ca3de814531cd3c250be28fb1a2065188216

/data/user/0/mob.play.rflx/cache/image_cache/30a6e46c90cc34cb3b33fd83abdf91652ede4f8ab5ba36ee3970eac7e9a570b6.1.tmp

MD5 cea8001ff9326d8af4d5b38aa1741de7
SHA1 9b1e1f37055d77de4c71c29cd71e439e6a1ced35
SHA256 fac30c56b514b8d593c5dd0b5ed6b98e84397ba1db56c0747ded85931c6c69b0
SHA512 c2dac5e842cd3f27a4ddca399a2e250ee9c116fba6068671e26581bd4fac418a51493764651af0ce9b51155e73aa9cd985e4cf456addb2324c235c55d7f50b57

/data/user/0/mob.play.rflx/cache/image_cache/d3764c4683a79f1170fd8fceae6e6ef597edc11cd4541d658efe00656652e594.0.tmp

MD5 87e1c8067b45fcf5fad8d05c558c5340
SHA1 97888d1bd189fd98bfb5fc9e916e54e689defce9
SHA256 aad6be18561fc037429ee072a75ea69a4e4a4b6f58a64eeaf9d03f8f350f1faa
SHA512 8c7aca85d555d6c214f6045818a066f192512a464657d7b67bc33cf2ccccef6d9b0861b0cd87400a5b81cbca89a8733f4c313359cdd0e5712926cbca726cd276

/data/user/0/mob.play.rflx/cache/image_cache/2123247e8d39cf4243f7342a860f26886fe460808ec86023c4779a8dfe41bb08.1.tmp

MD5 4649383ae7f1811e25d6bfb0051d33ab
SHA1 aa3b8215e57071d67c879a886a84b335f4185782
SHA256 81074508ef2721e86a18cc38f2913e6fc1d943752d39743be41dbb62f6a70288
SHA512 0ff6af144bbb82245641cdcc49d4b14eb1095e4ad24231f51df72be1079d58ec55e40735a5dbbe3ce073547abecd897a9355b392b4073e71293fe7d159817399

/data/user/0/mob.play.rflx/files/forward_.png

MD5 9ee047a6801bec9459a9dd5ec7068078
SHA1 1aaaffc208e2d86e53fc031e8413169850e65746
SHA256 9f63f6c9ed9d33f235c30508df34c3358b55cac8bfb4967fc3e15afc61a6fd12
SHA512 8245818df5ffe06c8f369c8d77479f9f2163d10dac36b0e37c834018b713dc8b063ec1de1862fe16a8c1a769b496652be880ddd48d6fcd24ad766a395bc3ff24

/data/user/0/mob.play.rflx/cache/image_cache/1987bbc98226415f813a22370fd7d301ba05fb215380d65963f6c44f932afe51.0.tmp

MD5 f056598e00cf79ff7a4929140868d172
SHA1 8283b514f52d642283c656953403b1b15b57964d
SHA256 38a5a23d5d2c3c166fde0884572fb26e39b87f4d9a07e10fa2b70bddd3a8585a
SHA512 0f4f67bcc03f5f3c25b29c3e48135c0c6c825a29090fd157781a5ea7e7bdad56335c200456d8996c0b3292053d05d5cdc48e274e445d47177a95fd31610b093a

/data/user/0/mob.play.rflx/files/forward_dark.png

MD5 12bfe20382337a84c0fc004a52b9ba9b
SHA1 ead15f7ef372c16f78060b8f8c5fc6e0ca6a96f9
SHA256 621fbcd864a7dceacffddb00a682148042732aeb675e22cd42b1a0937c6717a5
SHA512 7a346febc49154dd348be77f88c6e7ed5c7a531c2fed981f12c40e22a19e4e1a5c51fa766b3122898d97f05e1546a6f2a29b598b0ff441cc7de5e3c505aa33c4

/data/user/0/mob.play.rflx/files/browser_icon_dark.png

MD5 cac9a26c27728066be7a285defc0df6c
SHA1 9931d42eea7663aaec4eb901bcf279b246c19e34
SHA256 9347cbd8e6e2af4d09759e55b7595474648619da07992d6485b9756ab4d8170d
SHA512 11a3abfc4558e6c887f1f809a3837ffe6f4c1702407db945319acacaa5e677f6b117c07ca676cda6438639a1ebc447a2993e0ff31be8ef797bd219700f508ba5

/data/user/0/mob.play.rflx/files/x_dark.png

MD5 1b759349f0bf3e55c51e2a2c2802b3cf
SHA1 5a608a093fa5f513d1ba52e8a9e01f693c47da98
SHA256 59d83bb6ebc5394c048273ea9e1516a2bc7a6f80212d53f81ee44cb1f9b65443
SHA512 3b39d22d0f8368dac2e36884b0316c5aba24180f51cb3a993fdefcdcfd5a36823d6c02c75863cd5a3bc0808223dcadf9934d548c433332bb9528f0eb8cecc0a6

/data/user/0/mob.play.rflx/files/empty_star.png

MD5 76ce13c6312eb334fd351e3b5cff4bf4
SHA1 203bd863b812c071ab3ae25bf4ab2f9c4d42942b
SHA256 f0a8e8d6b8bcb84e466f921dfb20a91fdd4e4b1777d9b0be6ad4d03d4a253af8
SHA512 d06ba34786090e3b027670a17910d2e35f48eb7bc639e6da1d08214534215797dadd1a56be44422b176801e5d1a1345cd2bf29e73acb6a49bc9a2f7670710783

/data/user/0/mob.play.rflx/cache/image_cache/d3764c4683a79f1170fd8fceae6e6ef597edc11cd4541d658efe00656652e594.1.tmp

MD5 cca215e31b3f043c725af7f7e1b1ccec
SHA1 b5c1e672d86453292fdafb29df9be2fc0e99959a
SHA256 02597c34c7b219baf1364ad455a37f97d7feea64becfbde849310ed72fd03627
SHA512 62485d4ae773eaf3652372705b0612ec959c3485b0e39c4cd4c6bd3fad612113580f0c569fe22316868809c9d8eb458f2b1573aaed66925f692c28406aa0aa3e

/data/user/0/mob.play.rflx/cache/image_cache/1987bbc98226415f813a22370fd7d301ba05fb215380d65963f6c44f932afe51.1.tmp

MD5 725e152b6b80506956656190ed2797d0
SHA1 0256492c90cc2af6b1b3e270b8099eddbe304c35
SHA256 b6452b85ad42321c3304e02ee358756f6c397a5c23ac0c3b4ab0606c7b24fe0f
SHA512 7677b827a86a19e265562c123a507b1ca485556ad128763e3e048c9c5a28c3fbd8930cde6448f68ead17b3f611271be62f799d523535d930fdad2097db8a7603

/data/user/0/mob.play.rflx/files/filled_star.png

MD5 317f802aacfab6282b8f74f280e841c1
SHA1 3b746a76f6322e97fd6c09a43d03ac14631d93e1
SHA256 f37f9a17c20ca3068f4f9db08c262c62b7b86544532f612a78421bdee92f4196
SHA512 a714f902ede615507cef840dcc03a5eca183c21c82cc419a924587f38b6974f5aa45fcfcc2bac4d6cf82b81d1b6ad452540e0581751bfcad72e524c83757a301

/data/user/0/mob.play.rflx/files/half_star.png

MD5 a40e6a567b7aef329bda0ac200f7a23d
SHA1 2fa463649c7ba586b28670675a15e0d7a630c7e0
SHA256 ee0933e12dd4e302b1e18572d22f48861e8125e5d0201603e024d18ef5e38556
SHA512 5e77ca21445a09aa903ca08c10c1bcaf769d8273368b7981aacf1bbab08cefb7a521687e78d280828f46b625c99fde02050f5c914dd4d07fd742723f7713ee4f

/data/user/0/mob.play.rflx/files/logo.png

MD5 45c24a8686a0978086c99f7039accc17
SHA1 c63ae2601322045390c7a4f230602b74ae18d2d8
SHA256 bc9c4aa36a0dd7efe16a8b3bca9172d970fd13d70d3e718aad17a78269079912
SHA512 d5861c64b9dc9139904c3bfc7da26fa6f3d9676a5b4203ad617c661d54d3716508fb02f282f5c204bf9d6a0c7162bbb565a44f2ceb96d825177065818b797727

/storage/emulated/0/Android/data/mob.play.rflx/cache/UnityAdsCache/UnityAdsWebApp.html (deleted)

MD5 60613793d0bce882b80f2429f3b50edb
SHA1 48b22e5a190e572e9014a10c4a4543e57f2cb332
SHA256 92eadd3cdd8a390d38fe5df7c795f9398dd143f7de64937592ca16b69e0cee54
SHA512 81e13b31b28f27abff6f67a827e4dbafced5d0814d958010f04f741a45aa3d5b0d991e9672f72e93d6d9680e0104a865ee33a68c29ec976c96c0743c89500993

/data/user/0/mob.play.rflx/databases/google_app_measurement_local.db-journal

MD5 96a362089bd5d857c69f9a798167a53f
SHA1 ad1a0a03af2dfda4cffbb7114d9af4574e54eaf6
SHA256 7a502d293083c5d60ee9844683e7a9632a533c0af4578571bd6821e62b180a7f
SHA512 faf5cf95d5aa81527834af33962ed98a68aca8f2fde9818c27e6b1c91824d779e55d79109298b6175952965a2627103844c66bdba79f8e0bf1a83abfe6b4cb75

/data/user/0/mob.play.rflx/databases/google_app_measurement_local.db

MD5 999bded40d46adcbeb31c961ff274751
SHA1 77e54d5ad5c8e6424cdf3eace19b35329ee896d6
SHA256 8549caea60080da76f92ea0eba31c42d49abbcd78306b58ca724137f972686b6
SHA512 a76e4c235d69250810ff13e6600231113b87c4bb63e35beca5f4d99f73fc56c4c4f6c1032340a99e966276247158e3582a65164619a1d5fe5e31e7e6351bb45f

/data/user/0/mob.play.rflx/databases/google_app_measurement_local.db

MD5 f4c0bd857bdba68b5689e858092570a1
SHA1 93e9800e3951b71bb3b7fa4a3f31da8d1fa91676
SHA256 5f6aeb9151eadeaa0e73248c8593f3b3371deb6b29468ba07a85ef2229f07fc5
SHA512 f6bba5b0c6c6e6974d3d2882fa0e730558c95433451430cdb1e59adf0632ad772d4e07f47f05aa47eeb9df4b0e5049f80fa03a56184718328103e0c0d50175c2

/data/user/0/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/open-sessions/669CF40E02AF0001118CCC800EC56357/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/user/0/mob.play.rflx/files/.com.google.firebase.crashlytics.files.v2:mob.play.rflx/open-sessions/669CF40E02AF0001118CCC800EC56357/userlog

MD5 98a6a814e9f6a913617cfddefd068447
SHA1 b81e28a62ac5718dca68a4b996d42b2ef87efd02
SHA256 9d2248f1425a7767bf4f709b6de6db913d88e6e6a324b9467f5190ff044c8afe
SHA512 6bcfbe36235193b905b04a0796a9feb25eb519dc3c60791498407a1effb225829a37dd0221e4cfadfd8d04bdef9aad2e23cf1680b08b628de8f4c57e9a7f27a2

/data/user/0/mob.play.rflx/databases/google_app_measurement_local.db

MD5 2d906c70776a79bfebd8b4418147600e
SHA1 6d5e9017294ffc531ca053beaf6fa0df90cbc836
SHA256 f178669a32395781f093e6cd82fee4c6bb970934a58f9d8ec282b6aed49f0b5c
SHA512 8e7bf1b52423c516a92432dcecb561f6b589380c2cc6830d43a40e26a4142f59f98d96fb8e34642a97dbb30ae3330fbf42d3a16364a9700e6a35be58f9d1a866

/data/user/0/mob.play.rflx/databases/google_app_measurement_local.db

MD5 9db0e4cd3da2b6efe35292dbae9f4c36
SHA1 2da3a19e07daa38fafaca4d62131f9ef05faf9dc
SHA256 c2236093452026a7bebe8d229bd8f5288ae9eefab3f11e4dcb34046abe8ed43c
SHA512 a74082bdbb6541997872386a0c29a1f59b11764c24ddf6a58f187c7ef09082753089dfef9c8070097c3f9e42bda8b0e5dd19fea3a816a4204edf2ceda71c1468

/data/user/0/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 3cb453231d4f252a0b418177dccb5caf
SHA1 24d99c803b240519e8ee9bffd831f6591869cc37
SHA256 4d363ccff771759380b8e29fa667759ca38fcc0344d5628dd94add2f24a46868
SHA512 0d8dc7814322863252caf6beab87bbb22fd3614778573bc8f7d165df4d130c0537e03d9dd243b6e3c4e7709ac6fd559740c2801af377b3bec97d89308cdbcf4a

/data/user/0/mob.play.rflx/databases/google_app_measurement_local.db

MD5 7e6b0bc382bc83bee2531f18a58243af
SHA1 0d50744da8d3a5d5f818dfc694d1a86e397bd425
SHA256 b0b63a87432b7a3e63f22203c036adb36c4801f6de19638226107cc4bc94c68d
SHA512 955b9ea2ee1ace0917b1358cce620edce7d0e5fe0086eb98cf573fd4e261cf9938b7fd925230dd6013930892b70ad64e7930afd9c4e95481dcf5e65292b5e350

/data/user/0/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 1af5a2c85881585c6cf16e9134919eaa
SHA1 26bf653c087df588424ca19c32eee2d0d32f5fc8
SHA256 50505912927a9f30adb7ccf930c6358ffe7788c395f63648d8944698f705395e
SHA512 4f7e4b73f2a71cf33a08497dae97da8bc57d9174988ebb12717163a81ceb1805d067a01dd08bc4561115609de139f6b327e70d7c55b3d106fcab4e118b8278c2

/data/user/0/mob.play.rflx/files/UnityAdsStorage-private-data.json

MD5 daf04368bd92fc4a9180d7bdf45559a2
SHA1 e5d25461647f8eccb7df1db5d89f94f9ffb37f2d
SHA256 87a7b5be2b46736d58cf281c1c5a1e2d82bd081c2af1f4849ed386590d653ec8
SHA512 7115fde7419b72a80c0c99257178fc574f6cad7e4eb78cf9654f53a4f6806cbb8dd7c6cbc2ebdf2ed6373ebe0cd2b64b460028b87f89a07fc791bb983b0a9888