Malware Analysis Report

2024-12-07 20:01

Sample ID 241113-121jnazhjb
Target f7938eecde8e8964af0d1af2dc215eda6cbb8bb43ca4e2bb7a92e9f43af7ef74.bin
SHA256 f7938eecde8e8964af0d1af2dc215eda6cbb8bb43ca4e2bb7a92e9f43af7ef74
Tags
banker discovery evasion persistence collection credential_access impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f7938eecde8e8964af0d1af2dc215eda6cbb8bb43ca4e2bb7a92e9f43af7ef74

Threat Level: Likely malicious

The file f7938eecde8e8964af0d1af2dc215eda6cbb8bb43ca4e2bb7a92e9f43af7ef74.bin was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion persistence collection credential_access impact

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Legitimate hosting services abused for malware hosting/C2

Queries information about active data network

Reads information about phone network operator.

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 22:09

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 22:09

Reported

2024-11-13 22:14

Platform

android-x86-arm-20240624-en

Max time kernel

10s

Max time network

131s

Command Line

ru.hqqduiga.sjzbmtyjt

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

ru.hqqduiga.sjzbmtyjt

su

su

logcat -d -v time

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB-journal

MD5 dc25bf61c54794ddc105e229c5a9f153
SHA1 4e304a747bd6a2c21e58fc8fe06f11740963cbc4
SHA256 3b32bd22fa5805b3ac58c5192e01ad33f9230f766162709b75a65c5b5a159dc5
SHA512 009c22e518f6f50642f94fa91fc484da43e51e6981b57e06a7fe45693f013a29032ab894802cbfb5aaf90f8c30fb66023f4ab5d4fa923a5cc48fcd6f658fa478

/data/data/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB

MD5 c1388d4727aeac4b5fc63cd219079f6a
SHA1 c5a1f0f14b500d3af520b2acb6ae134ecfc07a8d
SHA256 482f7accdf4c3901e9245b191e08a2116159f7fcc4cfe379429a7988a914f73f
SHA512 af538f9888088bca797120720afcfb63f802d58fa6faa8b3a8f3b385552539148d37273c5acc322acd4e4622bc6683c3231d4d400e591b28c69e0c21248dcd09

/data/data/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB-wal

MD5 1067df20b66e0d10d4fbed9e000c856a
SHA1 a09c50910f3e59281ac9e270075cb7962335e960
SHA256 0ec1b76b68fedf1a5f07781a3e9e5445126376911faefbf2a57163b00d96d23f
SHA512 373f85f7fcb8162a6b4533fe2390bdca8d8d795c32e6db38143d5f54c56194861b7ad7624fd39c6c3745c0ac8276ace21d23f6092a7a35dec16f375f6b124c69

/storage/emulated/0/Android/data/ru.hqqduiga.sjzbmtyjt/files/LuckyPatcher/AdsBlockList_user_edit.txt

MD5 302f7b6d9a4ffeccdda9ef94184c8326
SHA1 d4038ca0629f57b7e5c4056e74a395e5598aa16a
SHA256 5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe
SHA512 299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

/storage/emulated/0/Android/data/ru.hqqduiga.sjzbmtyjt/files/LuckyPatcher/AdsBlockList.txt

MD5 a39d3e83724992bacc8e8618952cd4ba
SHA1 7bea1709ae2ae49bd4178fddedaeb04414e447bb
SHA256 eb89dcf955fca4d11d336236724ad91d6cd4803e1c3706a265191ffe58499462
SHA512 e31f7dc2bbdfbbe90646f87f7c21156729955f91b6a4ac300464e048e28f9eb87c05b6bb8f171c8bb1a85c2ac49110d7fc3efe943443baca46d7d83dd2501e96

/data/data/ru.hqqduiga.sjzbmtyjt/app_error_log/Log/Exception.9.7.1.txt

MD5 633b8050820556feaedd1c520f2418f5
SHA1 3d17fd0d399e6d77632ee2539a829d031dca923a
SHA256 68263f734b9617aa223648669887d19b5ba4fde7197f210a813f376c2e673e2f
SHA512 29f9d865a2027d009236d8f8503831d8bc1ddff27f1e5d974f8ab2b572c4dd0d2e0c7e895061ee9e449a79fb0f7b728ee2ad2400821c8c62d3f99ca02c362de4

/storage/emulated/0/Android/data/ru.hqqduiga.sjzbmtyjt/files/LuckyPatcher/Log/error_log.txt

MD5 d95dc28c769844dd59e537b7370729e3
SHA1 bb0f08619744c7ed0ed81b57682fb954a1038251
SHA256 3d809e6aed0430de44e89f21f637babc0cc4fe6f6cb8917f58ed7eb8eb2217cf
SHA512 aa595b810005ee7a2d4c1d7ef5078c9bf4a3dbb12287ff0f1f35bba081aa79434e34bfcc7f7877ab8e4172e4950a83820828687d9d2661dc086aae29d4765c24

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 22:09

Reported

2024-11-13 22:12

Platform

android-x64-20240624-en

Max time kernel

11s

Max time network

155s

Command Line

ru.hqqduiga.sjzbmtyjt

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

ru.hqqduiga.sjzbmtyjt

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 216.58.201.98:443 tcp
GB 172.217.169.46:443 tcp

Files

/data/data/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB-journal

MD5 466c3b73e34e4c3503bd5b8b39f5edb5
SHA1 3c23bf2e9174c7d12a3bc8eafdc2a235bb7bca7f
SHA256 110ac4ce06d771a3d84dbc4712fa3c2d27842b3df65b419ee4ddc147b30a4819
SHA512 31c1b3c48213af11f11724d3bd41c2dd054f47cb9dc95f1777b1756e8673107113a0fdbfb2b64f2f4580030dea308f3ba5d37024b6f01d62f3d87c76a99646b7

/data/data/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB

MD5 ab3d86398ec0137d1c89e9f456de4ac2
SHA1 3af5c57d4251331d433261e4d536cb5d82cd9b98
SHA256 ff658dfa2d7967c8a177aae7b237a3fe39e2128b41418cb64c8a670b3e127121
SHA512 819c85baae460ed3273587b05f3b0efc9a41ddfcb84b1e73600dad737b8e1d063233649280a3d767fb12e3eccc77f75ee43745445f5488008e0bf6f6540216af

/data/data/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB-journal

MD5 488c9ec7a8b995ea144d0fd2b9a7a969
SHA1 481236e911dc55a64ac8b56d84d7e91249091a47
SHA256 6483c127e8183da3505d5bed9e4c3945b265cc6de09622b8bbb11051560f3727
SHA512 baa7985b829b697ce116b32d17f597bd45214af980db142ac1683b2d53b10a1c039d6fef92e4fd6722990dfb262855b792d28989aa35a05b162be4721dc74f17

/data/data/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB-journal

MD5 43e6692c82a7c832dc20892d578ac643
SHA1 7f1422ec4e68f043c3583f21e04d271fd8ae9423
SHA256 c395ac3993c396faca8f418d2aa85f3aac135e129f20d5eb7ca1392f73d1b679
SHA512 2e9eabe2ffe6428836709306f835ca39686cd4f97b91c8ced1a081de21b7bab112f6743a32e82f429aefa7622d225fc7117ad0f6c5c23fbccd6dcdecfa7e13e4

/data/data/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB-journal

MD5 fcfb5720ae3040603b3ef245c70ffae2
SHA1 3418ab96a2e006a14b2f58b17b53315bd4ea97cc
SHA256 7299fa4fba6bb77a898758ab094428a57ebdbce6a92f3a58c33a259b6ce10580
SHA512 02596ff7b5a30aa9134c2c6a80c2daba0aef1d3d0d7f7fef844b4002a811c9b0c04ddd41e1396ac3dc32c1c87326565c6d7164e70186b10cee6a649f53c0dcfe

/data/data/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB-journal

MD5 19bcf748650437a46cacc8071e9c6c91
SHA1 7db4eaad98f6ca5dbfe75f789e8c374b1976ed07
SHA256 594d1e387b2a9d76fdc54b9f0ea9a6e2689f281c9aa4a03a28a8743a8fe9df46
SHA512 a0e54656dc6e8e9846731ac0232a47b763e6fb6ec42ff5d81e3f10d99db1916cc07c99a2412e2effab0e1bd85e92aa30e373ac0390630f531660fa66310c1500

/data/data/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB-journal

MD5 e2823e194e4229c03bd2076c520a8dfc
SHA1 64bcece105d9f46024a1c9378719fbf3f125e242
SHA256 1a45809ba17af3e45c498b2132d09e495585ab396e32ad95ee006fc4df36ac66
SHA512 3468a93a4dee6243645a43fd74c4cf6322f31ff83f91dfd055ee58377d5a5c637ba32d1659580c43cbf1fa7cdce4dd4b0e0fc6786f12fb4d615396b1c85a12e2

/storage/emulated/0/Android/data/ru.hqqduiga.sjzbmtyjt/files/LuckyPatcher/AdsBlockList_user_edit.txt

MD5 302f7b6d9a4ffeccdda9ef94184c8326
SHA1 d4038ca0629f57b7e5c4056e74a395e5598aa16a
SHA256 5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe
SHA512 299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

/storage/emulated/0/Android/data/ru.hqqduiga.sjzbmtyjt/files/LuckyPatcher/AdsBlockList.txt

MD5 a39d3e83724992bacc8e8618952cd4ba
SHA1 7bea1709ae2ae49bd4178fddedaeb04414e447bb
SHA256 eb89dcf955fca4d11d336236724ad91d6cd4803e1c3706a265191ffe58499462
SHA512 e31f7dc2bbdfbbe90646f87f7c21156729955f91b6a4ac300464e048e28f9eb87c05b6bb8f171c8bb1a85c2ac49110d7fc3efe943443baca46d7d83dd2501e96

/data/data/ru.hqqduiga.sjzbmtyjt/app_error_log/Log/Exception.9.7.1.txt

MD5 cba9aab173d787ebf574ad1717de49f4
SHA1 234e69f2b2119dd94c2f0237d7b0541f09d487fe
SHA256 d5c6ba99092f49b9dd2868f5d90b10241771dcee78352dc332e2bd4cfbfb8bd1
SHA512 f668a08e5b9b25789456741c108aa4c8cb483364bc6a2e414fe7710cb61fff25282daf8ee2f75ab9fffcbacb17c9dde7236824c0bfe8ce0a13d7c2bced144484

/storage/emulated/0/Android/data/ru.hqqduiga.sjzbmtyjt/files/LuckyPatcher/Log/error_log.txt

MD5 31dd17dc0a1e27c36a093b673fd95808
SHA1 eb11d4f76c0c61504f47648a89c108811c95ce39
SHA256 0883bd99bee49a8a1b11672d85dea53c491b5411d059770a9f215819a2cbf8ab
SHA512 d2c01b98c9c4d1c0fc9a93836c7bee912859179476c00e6e3db8348d49e0258fe1815beedfe458758ccea6a48bd24debc4c4e373daf4326e22002fceb2361bda

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-13 22:09

Reported

2024-11-13 22:12

Platform

android-x64-arm64-20240910-en

Max time kernel

36s

Max time network

151s

Command Line

ru.hqqduiga.sjzbmtyjt

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

ru.hqqduiga.sjzbmtyjt

Network

Country Destination Domain Proto
US 216.239.34.223:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sites.google.com udp
GB 142.250.178.14:443 sites.google.com tcp
GB 142.250.178.14:443 sites.google.com tcp
GB 142.250.178.14:443 sites.google.com tcp
US 1.1.1.1:53 chelpus.com udp
US 172.67.182.114:80 chelpus.com tcp
GB 142.250.178.14:443 sites.google.com tcp
GB 142.250.178.14:443 sites.google.com tcp
GB 142.250.178.14:443 sites.google.com tcp
GB 142.250.178.14:443 sites.google.com tcp
GB 142.250.178.14:443 sites.google.com tcp
GB 142.250.178.14:443 sites.google.com tcp
US 1.1.1.1:53 config.unityads.unity3d.com udp
US 34.110.229.214:443 config.unityads.unity3d.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
GB 18.165.227.78:443 webview.unityads.unity3d.com tcp
US 1.1.1.1:53 publisher-config.unityads.unity3d.com udp
US 34.110.229.214:443 publisher-config.unityads.unity3d.com tcp
US 1.1.1.1:53 cdp.cloud.unity3d.com udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
US 216.239.32.223:443 tcp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.179.225:443 tcp
GB 142.250.200.33:443 tcp
US 216.239.32.223:443 tcp
US 216.239.32.223:443 tcp

Files

/data/user/0/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB-journal

MD5 458ae80882e7a973992c2e38826e410f
SHA1 9d32c68bc97b436952202ecc49531cff8bab689e
SHA256 2ec07609a0de423a23d4ecbf10764e3fc15a1fb526ceffbd2d03b77c7d86a321
SHA512 064a645d885385e22f2b660a41c334d9904b659a0528e07b173b208576d08073e6f5d1c79fbf877eb4fa5da23d77cbcc7e1759f892d50bde830a6146ad04ab38

/data/user/0/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB

MD5 e3090a52b889e51b72aa834c34794230
SHA1 bac995577105231579ba90866e96ff901f3d5c74
SHA256 d2d7b2f8d0db2e7e27256823d22bdf50a3f21c47d1329ebb657523f7a0f47ed9
SHA512 56f602d4cb0e22556d83e97d2dc22d24b30d1771a6a3b92fda2603683254e0400df77e907d3454fea4cbcbc91b384eeb81176fe64e0fcbbfdc5cead3d3607ba8

/data/user/0/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB-journal

MD5 691beee6179ee87b9c97c467f2dce199
SHA1 7abe1a656ee9ce6654d20024e27f4fe9caa8ff9e
SHA256 3fc32c526aaae0fac7e5e7a4c2f86e87e7277aa047d03de45c39612a43ea3812
SHA512 322927193d19c94d6164bb25630832a4d02c5b4ea2ed27a46f468cdcea1cbc97e2ed2b3d4349f1805d1a8679e0c1d535a7855db25ad3e4284fe67838fcd16bd9

/data/user/0/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB-journal

MD5 0c37b0e654be61b9bdfb2681ab6537d6
SHA1 243c4ac3a48c4bd8f7d7bf35e9342be32c67b6fc
SHA256 d85a02ad67dcfe96b85806cafc58ca2829e5223c9c52ba041dc61da61d427c48
SHA512 f2eed254df3d378ed602d2de6483a8f31a5f8e4fbfa9f139e958fa27e1145d9b98b58670abe2c2800475275b1199ed06b00f71468caad530b75735df0603e2ef

/data/user/0/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB-journal

MD5 4c4cadd5ed7932cf04dc53f1d34e036b
SHA1 66271d27555fb7ce88e29c4edbec97c0c596c958
SHA256 554f0bd1df6852deea1aa6798eca621753b788c110c806c1e7a719b14ceb5902
SHA512 dcc8f3c761e6bfbad4789ba4fb57a2e93a05ac9849ebed95e0cb13ef22780c2a06e7fb8b043d8b665e97eaff144162748309ca7dbc524427fe34f3b8d91da827

/data/user/0/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB-journal

MD5 2e0ec69130b8e390215498fd5d037ffc
SHA1 b8b06f30cc69507f6ad68dff528105d24571c20e
SHA256 9c4ed5b4efe3a7e15dc6419bc7317159bdccb7a6a7c8f279eb552a7043bbfaf7
SHA512 d1dc07b67d0b6c4b0cbf5dfc424cd929040bf568c0f84d55864a7ffb32bdf03b6b3ba65653c765089832f8a270064f4e1a0b59a8e892a343025b9f075d4d036c

/data/user/0/ru.hqqduiga.sjzbmtyjt/databases/PackagesDB-journal

MD5 827b82c7f166e029a649cab1cfba8f52
SHA1 e147f60d9dc8e3948e0a2686a30cfa6b8696a2d2
SHA256 f1df7885233d602e836421ab2e5b9a72305d5e328220394051bd251437555ac1
SHA512 f9be3d762787f2e3262eb68f529d9089b3ad2460fb9e7f218a916206e339829f9232c2e009b12ffcb5ea7c4231b7c152c0aded8e23325f9927cd8f6359886046

/storage/emulated/0/Android/data/ru.hqqduiga.sjzbmtyjt/files/LuckyPatcher/AdsBlockList_user_edit.txt (deleted)

MD5 302f7b6d9a4ffeccdda9ef94184c8326
SHA1 d4038ca0629f57b7e5c4056e74a395e5598aa16a
SHA256 5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe
SHA512 299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

/storage/emulated/0/Android/data/ru.hqqduiga.sjzbmtyjt/files/LuckyPatcher/AdsBlockList.txt (deleted)

MD5 a39d3e83724992bacc8e8618952cd4ba
SHA1 7bea1709ae2ae49bd4178fddedaeb04414e447bb
SHA256 eb89dcf955fca4d11d336236724ad91d6cd4803e1c3706a265191ffe58499462
SHA512 e31f7dc2bbdfbbe90646f87f7c21156729955f91b6a4ac300464e048e28f9eb87c05b6bb8f171c8bb1a85c2ac49110d7fc3efe943443baca46d7d83dd2501e96

/data/user/0/ru.hqqduiga.sjzbmtyjt/files/pinapp.apk

MD5 ba57f9fe62bbcf10348091b7d08ce123
SHA1 0fba82354a775094f68fb49bd8530f97f6db97cf
SHA256 1df6c43a03bf45cb91c83eb81d123877eb4f663b0693daf4ba590df900a01160
SHA512 d030cb078a399eb104e5780426e14efeaeeaff93c4710186d1622b64a5ec547e20e318f72ac3c6adc3baa4680a955a3e43fa5964dd87a0684b21902672854e69

/storage/emulated/0/Android/data/ru.hqqduiga.sjzbmtyjt/files/LuckyPatcher/Changes/changelog.txt

MD5 61a55da92ec27d21434035f229201c34
SHA1 f0b036ad91a2f88a305efa12858661bd74e1774d
SHA256 cb34089d0e17b9e2d75b8940803dee678005332279c557d560293cddb8fef9d6
SHA512 ec1ad8696495025d0c1f598a03d430040a3d63fffd2d890db633a1276a4508893f6d4e128db30471873c019bb3400159558f00167a865f6f26c6c2952faa8fa1

/storage/emulated/0/Android/data/ru.hqqduiga.sjzbmtyjt/cache/UnityAdsCache/UnityAdsTest.txt (deleted)

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/ru.hqqduiga.sjzbmtyjt/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/storage/emulated/0/Android/data/ru.hqqduiga.sjzbmtyjt/cache/UnityAdsCache/UnityAdsWebApp.html (deleted)

MD5 ec0be7729506bf50791fa8831a1fc680
SHA1 9ddaaddef48db397270eba733a39b4e30eb1a39f
SHA256 3a523de9bbcb80dc3cd9ec2c2d87a46bbd5cfa8017f1e03786317292a8e6d5bc
SHA512 f98fcc152d485d35718150d4ea3e59f6a91dc61dddf6fc851d0775f719253b24b1972f34b9d5b124a0c5f24464b0e14596afd354bd976567532892054300d5ac

/data/user/0/ru.hqqduiga.sjzbmtyjt/files/UnityAdsStorage-private-data.json

MD5 16d3e6eac0e79222a9b368edac765b34
SHA1 48d5e621fcdd84108f5750d6905180b622715b11
SHA256 3a518b70256a689906d6740062462e3124aad6e55c5aa47339a87a56e4933ee7
SHA512 d0aaacf86100135241426e2a0e9ba44414aa456cd708124e2f9c3a8037e008870cbcb506d316e4fe7cfe1d6dc3073393989a6f3c29f7cfabd6b0f65057afe747

/data/user/0/ru.hqqduiga.sjzbmtyjt/files/UnityAdsStorage-private-data.json

MD5 3fdea6d268ee9134f55fcf21eae17f8c
SHA1 5ba222c3cab4535881cdb988f0f0f409947727bc
SHA256 84c378606f00c77be6f672e702598d6f8e34d7cc7e2e5be542113313a3a538c4
SHA512 13246dd192cc291be886f5d4dc115304327bc9ef47d66427165b79218566b996ecba4cc2134ab91d559368d26f977e2e812057e59e93b43718b67ccf8b0f4bbf