Malware Analysis Report

2025-01-19 05:31

Sample ID 241216-bqf87sykeq
Target f6a294d150c5c291e2f998a8cd4e4874_JaffaCakes118
SHA256 71768a11c8503aef5ef025423e0dd41f526bb5ec27ddca2e128bb7c1ad033c82
Tags
andrmonitor banker discovery evasion impact persistence privilege_escalation stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

71768a11c8503aef5ef025423e0dd41f526bb5ec27ddca2e128bb7c1ad033c82

Threat Level: Known bad

The file f6a294d150c5c291e2f998a8cd4e4874_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

andrmonitor banker discovery evasion impact persistence privilege_escalation stealth trojan

Andrmonitor family

Checks if the Android device is rooted.

Removes its main activity from the application launcher

Queries the phone number (MSISDN for GSM devices)

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests dangerous framework permissions

Reads information about phone network operator.

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about the current Wi-Fi connection

Declares broadcast receivers with permission to handle system events

Tries to add a device administrator.

Queries information about active data network

Acquires the wake lock

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-16 01:20

Signatures

Andrmonitor family

andrmonitor

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-16 01:20

Reported

2024-12-16 01:23

Platform

android-x86-arm-20240624-en

Max time kernel

129s

Max time network

142s

Command Line

com.program.androidmonitor

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A prog-money.com N/A N/A
N/A anmon.name N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.program.androidmonitor

su

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.213.10:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 prog-money.com udp
DE 157.90.2.159:80 prog-money.com tcp
US 1.1.1.1:53 anmon.name udp
DE 168.119.91.88:80 anmon.name tcp
DE 168.119.91.88:80 anmon.name tcp
GB 216.58.213.10:443 semanticlocation-pa.googleapis.com tcp
DE 168.119.91.88:80 anmon.name tcp

Files

/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F807A0135-0001-10A6-0F41B0DE5428BeginSession.cls_temp

MD5 2a1316c796a87f7e392d74a9714de8f6
SHA1 f5eaaadc76e07b29dd9aa931a2dae3592a2a2f95
SHA256 8077bcfb2aa5bb9317cd6eb38644d6095bfc1dc59023547e389e7f62543e2538
SHA512 b836ab36c3c8a58ddfa00bfa0f326a389aa547a8c9ecad0bf3db98639db4c6f7f6194daf80151469eb7a246c5e323a307eb801746adddfd1f7588efe728d6202

/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F807A0135-0001-10A6-0F41B0DE5428SessionApp.cls_temp

MD5 c7cfa2ba2a3ac116d99dc9935aa9b930
SHA1 ffde15908903d3c11ad3cf745c836119e6a250b8
SHA256 36b4fbaa92b655f048bbadfbfcfed928b16a5adc5deb4b621e6dc85e77b73d71
SHA512 8e14358e70ab54c271435b3e4514d6fa9a5f3b463ffa8bb1e0f6b9ad1151de237606464ee9ed70a68bc65bd2dea6c14c9e13ad88bf867584325fa4f5626cbc24

/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F807A0135-0001-10A6-0F41B0DE5428SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/storage/emulated/0/.androidmonitor/log.txt

MD5 03dd48fa87068f930715fab9f5adfb89
SHA1 509fbe62acb5b1f3aac736ed9f40e983d57e4c78
SHA256 ac3c2a50cb7e4cb486097ccf5c5486aaf70d7e230a46d66ce310134084fa66cf
SHA512 a684be428c8d0aa758bc4300472801ce7b590800ee5171fecf0a80cc320edb9276ee1864248469e0d14cae24a346e4a3ea02b7cbe5547775be575831ac108ffd

/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F807A0135-0001-10A6-0F41B0DE5428SessionDevice.cls_temp

MD5 b13ddb8779abc65e846e659f0a98c939
SHA1 65e5836d42943592c4a637370be0bcc1e3d77323
SHA256 3ebefa508b857dc71dff7723b773ad1c442527780e2fe657d60945c2b290d190
SHA512 a4e94e70168bfc78ea0d7461c9dcd74e074fc8bc462c52581dc10a1ff3a569d339f6fc6a39c196e9a3bbf04db65ed5575f94f79e5f1684b97b516a6ac3ae655b

/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/storage/emulated/0/.androidmonitor/log.txt

MD5 b550e6d702c468c43ca86151737b6464
SHA1 80e286f4b29aceebedaf56c1c80de0da0a41790e
SHA256 4b5f695d958f8cc141ab6e11fe7dcc886f8f5fd5c71556fb4e8b16cf9213f13e
SHA512 54f95f076957f473b4f21dbaef339a26f580e8a619022a3dc05d0aeb7234ade77d0f319629da6b57919b6bc7155a5aa13021c03eab095842b4e820ae1cd46b41

/storage/emulated/0/.androidmonitor/log.txt

MD5 b8444247c97f1a92eb050ddd16cae63d
SHA1 ce9bad4d7d62b6684c640af1e17a63af9d8044bd
SHA256 1c8205b729dbc4bb0828ceace0b714e7e69416d81343f2a578b61860070c75d0
SHA512 4e979087a5f38a98ef899df6e3c0f3a733e55ec0601bea390f19822bb0515121b3f254b46c78922075a79f5c9cc3c60173ee8a0cb9c0f38326aa6b524728ecbc

/storage/emulated/0/.androidmonitor/log.txt

MD5 25d1cc73463d8b20fe725e05a7b41ea5
SHA1 bd2273030ea14ed6a8825695af4eef1ea97ae21f
SHA256 adfb40965c90337d1cc3442928a9ecd0625c0e6d5d8443470f8d9983cc5f267a
SHA512 7e5c079983c9e856ea8984a98d16d8a0dd924cbee0d4e56539ece84be9bf7e4947295c418b2c56e2fa13cfad8ddb5a73d666079e7121167311b8a3a59d1f6a31

/storage/emulated/0/.androidmonitor/log.txt

MD5 2a8ce7fee0ab1c313116d092178993b3
SHA1 acc8f40c9cc93dc7a51d07dc383fc67907720f4c
SHA256 5ff2562a42e81a957a51362a17f07ffb20450fb9658290b79df7b87f553ee92b
SHA512 9c3233bd0834ae0f0942a7061f862b03c2e8d2fadb2fe89e06d8c5885b78040dce8a6088794b56a635db5ea45e1ee72201238e3007f2edb35e0d94bbf3cb978b

/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 f4961c8a198eee769009c96f4b5601eb
SHA1 80d1ceed859a1f7dd85e1e7c7c6efd370f2c2ebb
SHA256 606f82291eb30613bf1368032548d4cf99d135b427ae785ac1f821617430308b
SHA512 04459b0bbb5162dfbbf6ec38d4ec30e0b1db18f35ed63e2d72b6fb6755e349d43e6307c4d1d7775bc7008c7a731d4694feec213c04c960433d530c3bb6343d58

/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_28e4240c-6f46-4c49-9d53-9f5b0909d3af_1734312058476.tap

MD5 32809a16948f9de6a12f0c319322ee76
SHA1 efb45d9ebc87d046febf6d4e9e173478dc116031
SHA256 28a852ecdac85efe58b9b93f2518863fd231b01f869b77586610ec91a5e03630
SHA512 a882cd582cda99238c652b8b867cc49fff19bfa90f69dadb7f709de2efc93adf47ae23040b579703a2984c43c15a00ffc15d4fe8b36d0e43aef38e6ed027263c

/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F807A0135-0001-10A6-0F41B0DE5428user.meta

MD5 2e24f7e64aa1ff176b3d0bbf66b47972
SHA1 d70934a5531757da24fb6b2e4f1ec6c0e16f32cc
SHA256 2eb995e182f00f6717ac27cc51e63239bb08a191569141d053d9384397488289
SHA512 a2c0350774a38faa053e603c75706e37ecc3db464d1dd4bea1f9692bf663979038e358fd8f24b459198d2b9164854123d61320cd7ab2bde195ab5832f2a6c90b

/data/data/com.program.androidmonitor/databases/SettingsDB-journal

MD5 958c5bff84a82372a7f8671c794c804c
SHA1 fd7f01258b78cabd07b621f6cf99809b28c46e25
SHA256 01b52362750421b1015b8101ec6c7441ef6f05ca4a7bd825dd2fbe6912183f83
SHA512 363cde261f848f1dd9a0c12c600d7f8923bd34c033030c1777a7120722d91f8a46eab1252bf6bc12a7646391c1656f83a163d45a52b79267ff3e40c2d4ec182a

/data/data/com.program.androidmonitor/databases/SettingsDB

MD5 fb3981450f208ff3e9aef0e4014d61e6
SHA1 739044cacfb79c5692215b8f02cd8b997e8af942
SHA256 03ac5402754668a4327c662f916356ee9b1901634c67b9b6c242b8d50a1db275
SHA512 8487d7bfe0545d18f6b909e692a607dfb9198105bdeaea0cca5cbcfe01999d3750e43aec6403804c874eece5297a52ef8072402d13e95db61ab0ffdccbe55fa0

/data/data/com.program.androidmonitor/databases/SettingsDB-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.program.androidmonitor/databases/SettingsDB-wal

MD5 5f521fd3d5d5c4fda68204051d676d1c
SHA1 45e7767d5c0756c714b89ca0704cbe1315979147
SHA256 26216a4ec47aa4c0dcffd49e8e055a0d7ed50723de69830dc5fcb4dafab3d8f6
SHA512 468e8f41e3db53efc16431dde6d517ad224e599faf1f254edfdbba885b41006fb503240af874fedeba88b26f1d30378749a8a369046bdb334c617fb834c9c605

/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F807A0135-0001-10A6-0F41B0DE5428user.meta

MD5 69de0fbc5ecc151462b35f5c0795f4a7
SHA1 871ff44a8c5a2c682c0943c0ad522ca1dac22044
SHA256 9c01223aa82dbcaeb26cc6500e86c08157e1070eaa0469f20fe2b40a0fae0df7
SHA512 e1f367d078f8cb9818c3197442c4479f101f233be9a6baebb0ee20bb69bfea8bb305204e8fa896d66a47b45c860d53693ccd4c683ba73a7d3177f02b925851e4

/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-675F807A0135-0001-10A6-0F41B0DE5428.temp

MD5 d058ac9d6b7cbda86f728255f3bb9ead
SHA1 a3494fd3d070ad64c48acc67207bfaf5c51c5e4e
SHA256 0e5a722eb605f3bb0fd82173c014b262b2417fd078629838a875339a3a7c96f2
SHA512 d56820bdf883c8cc37811664b648b61fc9cd521e780177dcbc8aa38bfe1c31a2d5b0e33a3b8a91f7cb6faf2fd7b692317c2d13fc1a7b5c7660ce418bd79b2f67

/data/data/com.program.androidmonitor/databases/SettingsDB-wal

MD5 11fa90b41a589721df95185fee9c9a5b
SHA1 a5d8f3a9f2868c7d38942a9e2ea9c472b83d4e8a
SHA256 63998c1160d295da7f32be4d4d7c5c784cb013125af1116aeaeca39e622a08ad
SHA512 8c4475fbb2d21e44e791f533c222ed9cb822b0aa4b6e96695e5604f440fb7137bd1f06ed2c0961d9639d0e93d80d73579386d06867bd48dac82e70eda3c76c64

/data/data/com.program.androidmonitor/databases/SettingsDB

MD5 079700dd24e42c6c986319268907fad4
SHA1 1e11b0dc3e3c283f05aa38219a5b5417b73ec1be
SHA256 8c1ce76976707828509fc7073b465ed81f6c1722cfac88504928765003f781a8
SHA512 f8ee3d2d66cd620d4d1cef5e1084c0225f28fabe266a19efaf690c20cf0d4c1a362c32f3bbdc4acdb41fb189abe5b134542638cbf73d5a71a80b76c2942d1836

/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 e6b1982271a221a836c41f75b40bd65a
SHA1 03492e4f872784e0e31c16ce9202f39576aed878
SHA256 03374e954b8f969d40208576a4463cddd6a6d6f99526535b32ee8833185455e2
SHA512 03ac63d018e16b8a2a40e11a26369bfb241953c906180d4e34c2942b23b4ce53a11487c26cc7a164dd926643206ac40bc50f639b95ec197475b1ecb1973d1f1a

/data/data/com.program.androidmonitor/databases/SettingsDB-wal

MD5 712026bf7fe14cf71a9419b507d3160e
SHA1 e404372292386fdaa375f72cc0d32b8c8b36b67a
SHA256 53dd28c00a52e17bdbdd99aabbcd1e64805724941d5e6007bb23b5ab8978156f
SHA512 b016108357bb74aa0a7f67314927a87e06758abe84ea4d1e8e713af7c3f81b21c51c5b837aaaaf7e288b0ed14a13ebfafc147cc928e0ffc26de1615874fc051a

/data/data/com.program.androidmonitor/databases/SettingsDB

MD5 cf128078a6a255adb99f13a06c9269dc
SHA1 1447fb46947b6b51676a5a3d238677277a540949
SHA256 085e37808ba2a2cc3f06664b670a6e34ecd2a456f5b4a32bdc8fa084665c6762
SHA512 751d7a4161252271940630ce4082ac971f09b61106d195c742fc7ead6414608ac986ace3aea582f6ce4be8099e1820272c8646185367af6d79c6bf0e3003214e

/storage/emulated/0/.androidmonitor/log_.txt

MD5 9ce8d1d6cfc18b36dfa85273a44ab260
SHA1 502ccf0e37aab9823cb04ccaad6b5c468fa20a89
SHA256 296e23d58123ce929c41eacf85526109cba2953f9003a5596e031c45b3ad2c27
SHA512 36fe3c8f2ecf238719adb4bb3341c8a31a84e3d103ebdad05ccb7917e0fb0f35bf0cd50c4a7137a9830aae2951505dc4e9961fe16f94312a93cbaee95029bac0

/data/data/com.program.androidmonitor/databases/SettingsDB-wal

MD5 49341673bb627743445a22e1bbf10a52
SHA1 f95e686d2714f7baf706f4325bdfcd72e257f273
SHA256 e5d66fdfc92bd7ceaed1087396636e41c5dc3f4ee32063959f816140ecef0407
SHA512 857e2d4948764abd72a0d77ddbe16ed8ddbaebe17820b1f21ddf4b66acd02952fc1403d0ba58f07e87808fe11d4d8bb8929b13c7f9be545ac5b17654f41a47fd

/data/data/com.program.androidmonitor/databases/SettingsDB

MD5 6aa9615f9539ad8e71d37d9c061665bd
SHA1 8df86c55c31a5dd66f6bbcb9a5a8646cfe6ff318
SHA256 cb6c76c7d4c18c326934a39ec67cf7cb6813bcd18f31c0062b60388bc9c57ff5
SHA512 f927c283ec6790b606022df779f5b4ccd509452c532cc4de422accf1b2dc1c644477cecaa63574fd7ae1dabbf504fbd41de52ce1de68f81ef3e21c7b0e818836

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-16 01:20

Reported

2024-12-16 01:23

Platform

android-33-x64-arm64-20240624-en

Max time kernel

104s

Max time network

134s

Command Line

com.program.androidmonitor

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A prog-money.com N/A N/A
N/A anmon.name N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Checks the presence of a debugger

evasion

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.program.androidmonitor

Network

Country Destination Domain Proto
GB 142.250.200.36:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
GB 142.250.200.36:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 172.217.16.227:443 tcp
US 172.64.41.3:443 udp
GB 172.217.16.227:443 udp
US 1.1.1.1:53 prog-money.com udp
DE 157.90.2.159:80 prog-money.com tcp
US 1.1.1.1:53 anmon.name udp
DE 168.119.91.88:80 anmon.name tcp
DE 168.119.91.88:80 anmon.name tcp
GB 216.58.201.99:443 tcp

Files

/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F80800294-0001-10F3-7A94D112A1A0BeginSession.cls_temp

MD5 0efd5f5e25c3597c63e3dc173136e1fc
SHA1 61ce492bb7a6fddd228ce87f896cb4e7c9acd306
SHA256 b6c60bb14e1cf729b760973cbba8044ff50b61e100a8d9ef588bad4465a09407
SHA512 8ba7c5f0e4ccec6647b5fdaf60c77df9ab216dcd85edf06c65aea9ee1379501f69d40bf01aff7af78d9b8e19c8dda30a92881c8d5c786bf5a8f5ee39e690d007

/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F80800294-0001-10F3-7A94D112A1A0SessionApp.cls_temp

MD5 7fc1f6644ef78c134c03e6e6c2c7f79b
SHA1 e1061f8f4e9b2ee3f7f6507e0be05f9aedea7e39
SHA256 76aff657278d5df9761b61892dc4e6e157a39911b6167eafae94d3a65f30e061
SHA512 704fe9a6c8585b6cc9529efb06d1689bc6e0b7e119b8c37387453cdbe5aa518313d63d14f36bb4ca367611ffd309bf95df4712c746c28ef819e22ccb01d2ea78

/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F80800294-0001-10F3-7A94D112A1A0SessionOS.cls_temp

MD5 f8b3ebea29c91d82f009e5a9c6d11060
SHA1 99d88c4b39d9143084e777b93d9692a59a3d087d
SHA256 b7869422f5dcf3f24ae91560cec05ebb39852ed45baf3a31176f9b90de87aafe
SHA512 6f89bfe6bc1c0a68bca73ef92c53e1a308fd63f2228a25a6e34d117fc5cd253209eed56fe08f51d5643343a152acfdbfbb1c5dcea224e2750aed46074af369de

/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/storage/emulated/0/.androidmonitor/log.txt

MD5 f6f186ee663a08f5ba1a28ad40de1212
SHA1 0220b8f1fe9f72a68746bc875e3eee1a6c435c34
SHA256 2b3b4d3a31d1dcd9373f8d48eee829a46d096924ef487684d674db2774561f3b
SHA512 6c0ae1969727a0ac444bce663f2af90d13863ff9faad66ab4608a9ba908721a83ced0314d478c9068a31707db4d8ea5790d752a5a05f2bc4d4dff280c9833073

/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 b49ec12e4146d129f8da3740d8afb6df
SHA1 3b4869043c217019f5d523dee03e4103737ba36f
SHA256 0d7a114bb1f4586f91e2fbbf8afa9ba18a00155b69df3d98942ae2379a8bcff0
SHA512 dcab32a60a21cc00f334cebdff9938a4c25ca5b486c1bf17e47df49dd48063e11c5d92ecd5539c6f44d3e7254fffcc9f83b67c7bd3f7a78f7d0b3327fc554aea

/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F80800294-0001-10F3-7A94D112A1A0SessionDevice.cls_temp

MD5 bb49d2f020f4bbacedb2c44e6da9ff94
SHA1 2156117eaafa70b9a5056cfaa7047dfe53b18c3e
SHA256 f1d4f82514c7a656b067edb48e90f1fd27181f1626dd8b561183e9774b88a9e1
SHA512 cd8265005a5fba6968d44b9dc3e1ee505195a4d0a35b27d6ca1880273bb56dd8b1045f6109d5b6306ab17c4b05978dc0eac4d7b5781ca82f67441babfb9e4cd0

/storage/emulated/0/.androidmonitor/log.txt

MD5 2a769d5a81ccac9ea6c3346e347e8a67
SHA1 2dd5180e699fceed58e1d31db7c6b605954964c6
SHA256 80d175d933cc4684ba63cb9fe01d2deee4603cf9b8030372461281bf6884e4bc
SHA512 dbeff0c1f0bb11bccb837a51193e5abadfebe843ba23a826060f25adefad44a88c2c710e0e8ceef4529309d9c9676d97ff12aab9c4e3028e8cb8167cc261b294

/storage/emulated/0/.androidmonitor/log.txt

MD5 9978c774ba90edcc66bd37a0f3487a01
SHA1 b251515e011e7a1b6c07be913696bc001fb2d3d4
SHA256 c030abc45a8c3c3fc2af6f998f99bfc95535c639e0db664c4aaa89b7af5ea831
SHA512 449ad709b82da504f667e3cb8517b27347df67b70941e53bd31935b2d4ed905f04ac1ae7aef504ced07d5fc3798f2e511fcddf5b4cce9094e65d5c5605a357c3

/storage/emulated/0/.androidmonitor/log.txt

MD5 26e20c1992639aba3870041f0bd65471
SHA1 9b8af9b521cf0d9606e7c14a8858fa2199fb51e8
SHA256 c08fe1e5520bb3d8c72b19637964d1df37658b2d8677f5ecd062789b71c538e9
SHA512 29e8045bef0c78c4c527f4bedfd82def7f3ca945cd8cacc993bd73e46be43080adc493fe1beb23a5bda96710de9055de1bb899355bdb3f93f20753c9164ecb27

/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_1796081f-fb84-45fe-a467-87af376e8c66_1734312065186.tap

MD5 779b3495c27ac429dda782c989c4edb3
SHA1 bd44ba258daf9f6b8474bbdd8aadd826ca3d3afa
SHA256 b760dc71060e345ef611b8f520e1a0428dae75783efb58060268376806b76cd6
SHA512 a536bff051fa0be3231913eb950f55d886a72ef39370c904ace9ec5f65a62dfeeb0467b0dfe380ff75117f05d3ba20cb3e6bb9c2e70f2d836dceff1aaf9c127c

/storage/emulated/0/.androidmonitor/log.txt

MD5 311cf870b8e937ea926b45a7d8166584
SHA1 b7af613a24d7f4621941c6b68186bf6b885ff60b
SHA256 22b926ef8d0a52345c9b7e6e380253e5d0ad444fc7e9c0b169c0ebf9a1a9769a
SHA512 5f29f95823273e11ce1874685e68f367d25a6a461103f96d1a465fc623ea5450e28c3c6ab3e961aebdc10738dd9bc98d3b91f6a12660daff86cd0086e9a60823

/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F80800294-0001-10F3-7A94D112A1A0user.meta

MD5 221f923f8e79d072a7b240f9edadc319
SHA1 92a61491632b6b4e9cde67673aa795a20e8227ca
SHA256 aaec999ab0cce9e96a48553082c025ed0179de3a34a1b00b4925246c02c1ed29
SHA512 1a593e865d411d98e508ec1e330a7b2790e6b309f76ac59fa80aeafe9ed7581d3f308a9dbdd11ecf9e901b6b67d75f732de1d61fa5e62fd538b7b64fe357b64a

/data/user/0/com.program.androidmonitor/databases/SettingsDB-journal

MD5 37bf8b340010957aadc5b315374980be
SHA1 a293edfe55ad46f2b62438a7f5cdaa7932c8b9e0
SHA256 5afc7d0a31af11443a8ed9250789af460db81fb16744641168f315c40a5ed77b
SHA512 f8ad7055264d2a6930890aaa37ed74e2d389cd05282a9247d7826c7351c00e5f3c37252107a01a0efee3af6f177019bc8ccc10bde3922d58d04f6a3cd3f6621a

/data/user/0/com.program.androidmonitor/databases/SettingsDB

MD5 f5bd2af0588d72a3ba832891e6fcf151
SHA1 f46fa8d9d3ec61bf806b92d3eb606b5511989dc9
SHA256 ee3ff376411602a2c14a0097f41d6765ce2acb95c0fd454260bab19de1660d75
SHA512 1ce2eee4c5d847d153d52f17f3e15cdb9f9c855f714435d4f0da24c3e9f83f4d11a80088d161b5c180f0bce8cfc91c46a5a1f567902505758ddb87203189090b

/data/user/0/com.program.androidmonitor/databases/SettingsDB-journal

MD5 011d1e62ac5668ea2bb5207b24bfdd64
SHA1 4d9cb5a02dcbee744c144a0a837e0d6b21d1dca6
SHA256 7416a57bd7bbf376c66cbefd47ca9507459738a26f83b265d0451549869b732b
SHA512 baca211bd9d6d242d6b43cec48f9049b8b04f97177d30bf1e28ccd84eeef42c10425370eba0900642a849f99e544011634def5202ea33855edbd9a643b345949

/data/user/0/com.program.androidmonitor/databases/SettingsDB-journal

MD5 dbd87b5b05169499a5c4658daa646dac
SHA1 8b5a35ebb2056329786c512ccacc9fa83d6dddc5
SHA256 4dcf65efc75f65fb3e1e3887f3016a2150b8117af2fe52c4c33a47a56fb5ee1a
SHA512 21ce974cd30e6f12fa236616083b06f033f8fc8997117dea59bd6f15945881ed62a64803976e9cf3dce8f2213516e0ed2debe296ce163fb651885de4625ff4a2

/data/user/0/com.program.androidmonitor/databases/SettingsDB-journal

MD5 3c61d5ed9013ca1de316cc8432bc2a12
SHA1 257664308738d401ae0e724be23a7cec4aae83a9
SHA256 fbd34b15c36f5b67410e1a96012fbe2cd74ed330f40e98303601cab98c3f7c52
SHA512 afb4169c98beba84b9317de7b0b872fe30f93610f3ee1632160775888cb253e8188ec369674d64a8b23ec3bb7c0c0be722d1974364624821d2a47355e459be5a

/data/user/0/com.program.androidmonitor/databases/SettingsDB-journal

MD5 53eb7347baaa1ea5595683addb7a94f8
SHA1 3cd492a0d837e0679e65e97abdc7fee74f24ff46
SHA256 6aa878a8d27bc4e478b5fe8c2c772021944d621bf4b9f8af56a2b2b27ee2b0aa
SHA512 13758357e35145bd30b67b7cf721ab75a28df641c9a787571f7f5f399249694c6db80c71623330703ebe1fb97d5078e553503ec4bc476f2b9ed7cfb969ed726a

/data/user/0/com.program.androidmonitor/databases/SettingsDB-journal

MD5 e4818869603be8cb5cd7b1506a1c71e2
SHA1 b0263e460b1fd40b1484bc9bceae94073e5d2f0f
SHA256 ff7e8b5378c00202919abffe372e3a063c227050a494c37c6ed587c68d0969a2
SHA512 f69c8e37201b1bce2d9e66858218572a153ad5f880b9d0d2247bb876c79ba0c3d913ca2bfc4734bebfcbe3153e041ef9e9789c805df7502f62750b5227f12db6

/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F80800294-0001-10F3-7A94D112A1A0user.meta

MD5 13a842d387f69746a8c9880873427ade
SHA1 204027597b5246dd5eae1809fdffd0290dcb973a
SHA256 e1aa39072a33740919711bca1e58dd4d3ba079b449637f353b3f1e755401b971
SHA512 5af2a9fa930d5ee45c208104d9d6b71812aec5a8a5a7d7d9a7fb2b82cd5fb294f360d1eb88970066fae5a71907a1b05d91750f9eb7fb91c74b0bf01a5233fd82

/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-675F80800294-0001-10F3-7A94D112A1A0.temp

MD5 57ebe120d6e68a1926cf29f4ce48b63f
SHA1 28a241b9a7b396bcaa44adba70082907bdaa6272
SHA256 d4016ba855b9bfa8f9c1eb735d69a23a413b49a3e8070740cfaf635640ce3a95
SHA512 7d38598b01963dfa01d65b1cb04733eefd87366c7c15070fdb5b74ab5e771282457d96c94c513542e18b847511f05ddd08508133219605c96fc551f6553a7fcf

/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 9291fad05e93d3e3464f6bcaf69dc8df
SHA1 b7ee73c8701dd8fbc568ae6b32cb0663c566b560
SHA256 dcf70bc06d4c3fbf673604358a5ec309c67290605c54f344c427bbd5231ad104
SHA512 b0e302d24d035c911ecb3336eb57079825c3e6b59a288c7f0d7ad03c6687fa69c810860e61f671d01a4f9a66acb8f1108d47e7ffc64060296c05777570a8b3b5

/data/user/0/com.program.androidmonitor/databases/SettingsDB

MD5 97100cfbc4443e8f7d0c28b0682a96dd
SHA1 9662c9065026d4c8b1160f17880b8a971ffa98d9
SHA256 c65ddd08c3568f94070aa0d66f51bef141f2b5f4f1cf521a17808d3d4392e2b8
SHA512 f3398267c43b08d54ae8374253d77de4d879dacd9183e8425014ee6f284fe35cbee2d21695bf1075207a23829682a3d8ba6a63438a697da9f6523ae3dd2c59d5

/storage/emulated/0/.androidmonitor/log_.txt

MD5 81f0814c532690f699592c3c44ae80da
SHA1 d12ba775152cdf4c066b1de47845cf448fc2479a
SHA256 3776b02e93b12df80aea2d9f7cf2017735d15d77f489cf698f6babc84870e7e3
SHA512 0d8d57b5c1033c7571e5d2c7940bea378f2bcfcc237e80bb260464c52c09420f2a2f10d4982248912c5c94c1ce454dc026bf65bb2ca36d4ec7f46a5b7d8c592d

/data/user/0/com.program.androidmonitor/databases/SettingsDB

MD5 204501923b5486a4ffe0f99d224f4a01
SHA1 79f1421f77675e97a623d0fa1552f04a2baa1849
SHA256 c61b2eaa4a9b983bed0ea2598cadd14ea6a6e32390bfe283ad14090cb9b9578b
SHA512 fa6a26811b855409f1c5da9d5f2853a095694e6c05e8b7bb9e61026063f7465d3276517e3672c6a3c929094b0d06da54972a048177b0984f677dc947909ca8f1