Malware Analysis Report

2025-01-19 05:31

Sample ID 241216-gnzwesxkhw
Target f7a01a72056b791898c75c6de13a15c6_JaffaCakes118
SHA256 93ca4d53d68b38627ce7c629f189d500ebe5f43240ae9a4cd1b1c02c68990359
Tags
andrmonitor collection credential_access discovery evasion impact persistence privilege_escalation stealth trojan banker
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

93ca4d53d68b38627ce7c629f189d500ebe5f43240ae9a4cd1b1c02c68990359

Threat Level: Known bad

The file f7a01a72056b791898c75c6de13a15c6_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

andrmonitor collection credential_access discovery evasion impact persistence privilege_escalation stealth trojan banker

Andrmonitor family

Checks if the Android device is rooted.

Removes its main activity from the application launcher

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the phone number (MSISDN for GSM devices)

Requests accessing notifications (often used to intercept notifications before users become aware).

Queries information about active data network

Declares services with permission to bind to the system

Tries to add a device administrator.

Acquires the wake lock

Queries information about the current Wi-Fi connection

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Reads information about phone network operator.

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-16 05:57

Signatures

Andrmonitor family

andrmonitor

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-16 05:57

Reported

2024-12-16 06:00

Platform

android-x86-arm-20240624-en

Max time kernel

131s

Max time network

138s

Command Line

com.andmon

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A prog-money.com N/A N/A
N/A anmon.name N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.andmon

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 prog-money.com udp
GB 142.250.178.10:443 semanticlocation-pa.googleapis.com tcp
DE 157.90.2.159:80 prog-money.com tcp
US 1.1.1.1:53 anmon.name udp
DE 168.119.91.88:80 anmon.name tcp

Files

/storage/emulated/0/.androidmonitor/log.txt

MD5 3edcb1ff1701d413bf9cdefc93050c40
SHA1 726db74232be916db6b835fc797b85a4aba73156
SHA256 fbda8f4e86ceeaa3efc0bb865406c360dae3047234846dc92c8658b05c1c38c9
SHA512 2503958822437158d08bfce6ac46a4bc2c088a49891bca2dab1426192a7af481d8f6cad2a7f10180a90b580e661db8f742c107271e6d36415af0689cf70fea44

/storage/emulated/0/.androidmonitor/log.txt

MD5 de9614b03a837fe41c10bbb8db77e6c8
SHA1 f671ffa397eab6d97e0495f2a2956bf140d71201
SHA256 64ca8cb870b20de3e26ff7e0ecbcf618832c341250ab7af2c39bf0fa9b2a8dbb
SHA512 55386f7d6e7201cd6602132bb6062c4661b00d2d5f5de7180726c0d34dc65bd0f23d6835a8955db3ac0332f0b9a0bd6909acca37ed800ad8723bb17e622a303a

/storage/emulated/0/.androidmonitor/log.txt

MD5 e464a6791eb2232bd71f5df5fab89732
SHA1 f43b37c401c7e17dfa05085ae2fca90de633cfa0
SHA256 70124c63960bfce2b7ec2df489cf4b3bf456f6daa752f7ae1a72bd9e9d4abcb1
SHA512 c42ac2e5824e474bb0089e62fa756a86e038004e22f9ea747c52640a931d42578620401e84e1cef45a4d0f451fc42077e996eff27590f014d32cc777f65c9dde

/storage/emulated/0/.androidmonitor/log.txt

MD5 f3875ae4022386fae3e5a9ac25b89b96
SHA1 35bc70682e1f7afa70c168943dc0133ca26ad1a7
SHA256 0704ea23802f7d207d24b6f39deb6401eb201a6bf32408ca048fa2f9142ac55b
SHA512 1a5a773551dd841dbb86fddd68be5c472a7f0d20f172ce059eba7298c73caed8ce6a8e7855a843ec8a8c08efba4025cd0e91380ada8fc805fe827d9503cdbff3

/storage/emulated/0/.androidmonitor/log.txt

MD5 238615ceb670f9558b1dbe354843a7cd
SHA1 120bc529ef50e98a6b5ba62e21c8aad57ab48772
SHA256 622d43a1ffa37fe9b1d57fa4f47a0f850e856258969325fe79218062d291a1ca
SHA512 f2b60df0fc32b243d26a7d27d6dd7e8171a13419d9ad9dc9d139c7095c301b7922dba86246b52c95ce06cf4f2a61ca23ec5f710161e9589655e7fda6d142f970

/storage/emulated/0/.androidmonitor/log.txt

MD5 ef04559fdda3f8d27aa715aba790ed3b
SHA1 45486adf938aa5f22dfd31e6d6f98b7f1dbc5448
SHA256 900db01a3b1b4cf74103a589a567671df1cef3740e2b7f22301fe2e956bc7f27
SHA512 8f6d31b0a38976c581cedb6dfcd93a4a527a3539764e91fff153e78642e927d3c118ff399bd70b19ed695034db0c82735cb4ee4e5c6d9425a3acf2806c0e71a9

/storage/emulated/0/.androidmonitor/log.txt

MD5 0f275ce88074e5e1821802741007e33a
SHA1 39f0df6b68cce7a974aa0a83951a4b732cf6d8d7
SHA256 1c2597a39c6343ae7585fd4466bc6efa03820e2941cdf826207e1584dc60fc49
SHA512 37a4f428c704f1c39978a7c2fb60fea764a33df802feea69242f708277ce232b77809c1c7d9a987889bad291e4a4e23aa29a2d2fb0b6e8bf35b4c77f2cf3e1cc

/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331BeginSession.cls_temp

MD5 d523eb8fcda229642ca3f576e2562a2d
SHA1 e52e7d22f7a95618eee68ed230a83cf81a66bf18
SHA256 cfb8acfe8a1addf7740efe6541bd08b73afbce03ede4e29b93f75bc0cada2437
SHA512 5c9142bdcad425db8ea9d786385a634296c45021eda025ac32ace4a5e2955474ecb788c719e2d89f3182855f28872a7c39d1464a3d9d71e82b59238dab3002cd

/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331SessionApp.cls_temp

MD5 309f046ffd61f8362b69a4e1e786039d
SHA1 9716566eac350d6104ef0c7b8bbefb9e366981cc
SHA256 65e3e71b679c7cf0249bf5d13f4d8ff0b3142a414faa1b99b800bc4f7cdff6c4
SHA512 21cbfe9d650b21dd0538cfe818f7162e286389ad907e73ceccbf5f7c4a55cdba8b4cba81730929b45e02fd638a936a01719581a9fcd0ac246a02ab2dc817760d

/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.andmon/databases/SettingsDB-journal

MD5 3688092c32ba968c2ab462ba71ffc537
SHA1 fd974236459053bcddaf7a6e62aca853ec0e301e
SHA256 b03a0d7498397bc80c2748b6a79379b9d3522e38e84e84a94b9ec147170ccede
SHA512 17b60abf6d858c37207c6cf80f9151efd1814cac05254f0ec0e7d5762ccbf1a7d373955d1db2bd4ed582c774be7d6bae9cedd70270e73ce8d3d5370ca4fdd043

/data/data/com.andmon/databases/SettingsDB

MD5 9a1705f1f84f97bc19044a9bf9ef2949
SHA1 db883500cfcef8b692ec4192f4cb55c00bd8d8f3
SHA256 cdbba48a7b88d3eb944631d7caa5fff47f79210e207a26607c7ee332e087d1b1
SHA512 6b2e7f463027c92d12b2fc2a75ba4c10ff549cb30efc62168d7b1b9dad11dd9c5138fc975b230d3985a7979d5e989fd35fc753a78825f18dd9ca5855b36a21f3

/data/data/com.andmon/databases/SettingsDB-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.andmon/databases/SettingsDB-wal

MD5 e432f9405928440cdbcc3a4923da7f18
SHA1 288a2f8ac17a905010544ac981f590550d85a117
SHA256 de0e5f97232b239804003b1ba5d092260eec415d4fd846cc388a6d76fa6e0582
SHA512 313f15e19d6255cf437b8258edc43efdd3524af0aebf5ed86d41b47451a406cbd3dc86da373b7b4019c152779301ebb4a36a5005c0313f1fed7f6eb82c06a5d8

/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331SessionDevice.cls_temp

MD5 109c0893179e4534e4a15c802896b991
SHA1 7928002b83d3b0c2599fa59ba964940fad78d0ba
SHA256 474426810d5d5d6b36629582d784d7875f4235eeff21d3c461a26ebf0a12f364
SHA512 bea4eaa6a055a6cfd76081bffc404c2ba7c1fa565fa49dd4e60e2a59dfe7ad3f5224caaa6c2df214ea36f153c7150120ef26dfb77084d50791450dffb2929b6e

/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331user.meta

MD5 2e24f7e64aa1ff176b3d0bbf66b47972
SHA1 d70934a5531757da24fb6b2e4f1ec6c0e16f32cc
SHA256 2eb995e182f00f6717ac27cc51e63239bb08a191569141d053d9384397488289
SHA512 a2c0350774a38faa053e603c75706e37ecc3db464d1dd4bea1f9692bf663979038e358fd8f24b459198d2b9164854123d61320cd7ab2bde195ab5832f2a6c90b

/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 14e72c18b20f6bd94b494eeb929b9098
SHA1 d91161a21953623f1dfca01e58e0332bc5a67cca
SHA256 f4e3e730d9df337308603a25815d41728c1a91330f5524b391499d21195e4fa2
SHA512 0c4ca6bc9807d409bb19d03d5e9cbddb7ce6fa157b0c31dacf0b52c643bbd87859a7e5bb41a2ebf81b6e28e43fc8dee9bb29042d017816ad0fe8ee0dc4686229

/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_6a403f87-bfea-4f4e-892c-beca2a74b178_1734328681192.tap

MD5 b7e366798f05643e873177abd1d8baeb
SHA1 f2464c0f839a24f1f08afcb9a3896c49d1df9414
SHA256 8431cdecbcb9bef757a1a9c9b8c66a34d98e069903ecd2aeac454c93e8118699
SHA512 8247311a4e2f4cbd1be5f7a8b5ebf9e0162495bc1c7b960632e6d916a876a65f68e8c75e1eb656f4ecbbe44f46ec3b7bbc5b7bb0c4ee602d0fd4f75178824817

/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331user.meta

MD5 69de0fbc5ecc151462b35f5c0795f4a7
SHA1 871ff44a8c5a2c682c0943c0ad522ca1dac22044
SHA256 9c01223aa82dbcaeb26cc6500e86c08157e1070eaa0469f20fe2b40a0fae0df7
SHA512 e1f367d078f8cb9818c3197442c4479f101f233be9a6baebb0ee20bb69bfea8bb305204e8fa896d66a47b45c860d53693ccd4c683ba73a7d3177f02b925851e4

/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-675FC1680233-0001-109B-4F4ECB695331.temp

MD5 94dbd2b8735af74cd18126ae8fa5a56d
SHA1 ec647e516239a79666eae1e6757a3a3a7b41d379
SHA256 1de61a15bb1c3ab5beee1f000e8f2c1502ef0d064e8019c187fbce0e098b2479
SHA512 b0709f96391f8a569f9f383db918b7dda9be121714c8cbcab0e916be04c8cfd0aae5a63cff38b7e73ae903ca07a8fa9c84ea29959f15dfe894fc5cb8e07d4323

/data/data/com.andmon/databases/SettingsDB-wal

MD5 929ea3d7700ba5b158515f5a6a5799a1
SHA1 3e3a0012d07ae2c8752678248db543c4044c3a4d
SHA256 72143820913ef13f408f8b5e2bf110d9853160e3b5378520692a7bcfff4a0aaf
SHA512 7bf98ff00556f5c56d6d3525463069292480dc86229f8b1448d65af8431d9a75b440bef2c589aa519c0c73cbee63b8c1db6c884019484846d0f8a901b3149a80

/data/data/com.andmon/databases/SettingsDB

MD5 079700dd24e42c6c986319268907fad4
SHA1 1e11b0dc3e3c283f05aa38219a5b5417b73ec1be
SHA256 8c1ce76976707828509fc7073b465ed81f6c1722cfac88504928765003f781a8
SHA512 f8ee3d2d66cd620d4d1cef5e1084c0225f28fabe266a19efaf690c20cf0d4c1a362c32f3bbdc4acdb41fb189abe5b134542638cbf73d5a71a80b76c2942d1836

/data/data/com.andmon/databases/SettingsDB-wal

MD5 20314c456680cf91a9a46b75bb4489b1
SHA1 07836bdb1fa9691d649df2191be681ee6b633e22
SHA256 3c1d4338c96bb617f301230361812fa9126f84412e01c2fd30615c61102992d9
SHA512 f4b05ede622037fb58a9a25664609a38b93b57773941785d92d78c03ce9b25ce14be3ae251cd54a54bc0afb287ad2dba78e4ec4db1a4df22e35785f9b6e97758

/data/data/com.andmon/databases/SettingsDB

MD5 4e0b9a0dc7245d33336e781747c5c808
SHA1 1ce9e0ec9fc8acdfdbca282ff9ea2b792ca0f254
SHA256 104de7f907389c6e86aa4ae8c9366acc8b4fd01bb4994d58a826b7690f562d6c
SHA512 dd4891258c98c9966f5ba176ea060097e71ae35157522a08681b952f1f99517d4a6231eaaf64ff7dc404370b1080b34716d7023d33d03efc121b9bafdb1cc280

/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 83833197638eb634e4f02bb5cf721187
SHA1 cd662fac2d34853fb661b5d1c3980b710c6d3b85
SHA256 406140bed03c75372b53b4da33af16cbdad28e669d8f1efa3f7a81d0fc30f65f
SHA512 8f654165db90e5c88bb3f27b5d2a35e39f6570118297b80082714b7f56912a96d01c3726e31ef7de014600ad5e2837c4f645fee4311d522bf908c7d2e8cf3f9b

/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_3a43271c-7acb-4a6c-893f-eccf69fdc7ed_1734328692742.tap

MD5 692cd7d03d0795185fd882d9c568f408
SHA1 2b16d77a08a20d9307688be2908c8f218202238d
SHA256 fb438a6505a57625a12c1614ec92078b2153a18048f0a53316c915db2c0ac9e2
SHA512 9171225b39fd2addafaa10e8f5c26ebabbbaca6245e93a940345465d4dd7a375f57f520144ad4d63bc875b57d98cdf96ddc401abe4beb92820f65c81680b5a42

/storage/emulated/0/.androidmonitor/log_.txt

MD5 e59e078f4edb500e9805ec0a8575bf12
SHA1 c6b39ce01a59176a3fc4423ae0a4112b297df9fe
SHA256 15b3cddcddad74dd5e28527594d36c2900a67e9c91e9dc3a0682edf1dbfa0791
SHA512 7054c4ea8b96823da1ab408ff0c19f4ec43d3e51cac457c7f7a4f1852f3f9d4ee460016c08661ad1695264c17d2961c7159f94638e5a51d49b2312b0ac139d03

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-16 05:57

Reported

2024-12-16 06:00

Platform

android-x64-arm64-20240624-en

Max time kernel

135s

Max time network

144s

Command Line

com.andmon

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A prog-money.com N/A N/A
N/A anmon.name N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Checks the presence of a debugger

evasion

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.andmon

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 prog-money.com udp
DE 157.90.2.159:80 prog-money.com tcp
US 1.1.1.1:53 anmon.name udp
DE 168.119.91.88:80 anmon.name tcp
DE 168.119.91.88:80 anmon.name tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/storage/emulated/0/.androidmonitor/log.txt

MD5 3d1715a31944cfa9ed4514ef6fc6811f
SHA1 8c91e97a55d7bd4e04e3a6263cee6f7eb61dcfbc
SHA256 bf84e9477b907ddded90ce923c95b4645c93c18974a6f79b0255a42ffc708d18
SHA512 9cffde9e66495cb93e968bf059bcca5faef90762d450bb34f74cb582ffc3ee742ab48e44abd7758e7511098dea8f0ef4bf9ceb09208185ff1eb627c4c34ba377

/storage/emulated/0/.androidmonitor/log.txt

MD5 e3bf390a60d97e4625090c45a56e4352
SHA1 2f95980788dce8635361358ed9fea92a27f81ff3
SHA256 31abc2cca596ebcffd20f168ad55bab43a6de4303f697480c2ea793900871ee4
SHA512 8c0607f7eade69d3c031eef9261476585f8c46aebf896a4be9b269f5dcb39f3ec7347b5b345e96eaa91133c9a4f451a1e21eac104782ea4c6ee4ff0877d7eec0

/storage/emulated/0/.androidmonitor/log.txt

MD5 24c8387f52203ad9feb05880a05f00a7
SHA1 d6fae80938de0f51f996ced23edaf6af136952ed
SHA256 6d5e54d1e5353c712ccda4c8596f523ccce5e63593096d312af2ad1c492ee209
SHA512 b7f28673e8a3c6b6a60b2e004fcc08c882de818343a52cd24b5512bf62bad17df56b7474b96dbd7a9f9a817f62354d351922a541cf3e4c7a3dd0cc4546858ed7

/storage/emulated/0/.androidmonitor/log.txt

MD5 3413e1f113aa6d63356c1023f62a838f
SHA1 606701b2c24341d603f961192fa5e79825effab5
SHA256 923b26363ccc51943416e2a84ec56798819aa10cec3e930761c3abf2002ad30e
SHA512 5b3bf928536a9a92c927dd41af700a53ee1f5c2bb919fc694edd57ca86482fcb801f7f69e6f1a42ccb7920977a87f7e8444f9aa911f12cf4f94dcb3fc1cc9cd6

/storage/emulated/0/.androidmonitor/log.txt

MD5 5934325d84114f064a87ea6012af4af0
SHA1 57349f2e35d1dd40e727ecc464ce985d969f00bb
SHA256 ca2142332a533f1969fce44143bffbe4b386bd33b577da0d6d8fdd087fc409fa
SHA512 f215072228a4af2138ad60be0dbc885695fd9eab84dbf35bb24d108941f5c8aa55323f971ce489c5c92eb5720044016d559d6379d4586be5c77069c72cfa70d5

/storage/emulated/0/.androidmonitor/log.txt

MD5 5993890ca691f59f550cadad78f99649
SHA1 95d174c0dd7416b17f73000e9f409bb4f2ff86dc
SHA256 8d14ca00ef80414e8c4f60798d801e8273b36ec37ddc8fafbb53533a200950ce
SHA512 843d5fe2d0b79d3f1b84b336f227133f58e4798d477445f258f10984a9c7be7adaea4ac4b319eecfe706987cb0fee639f1815cfea27e1b36ecc6c7bfc6251983

/storage/emulated/0/.androidmonitor/log.txt

MD5 ce7d9ff79fc1664184ad36965f202977
SHA1 9672a3ea3931fc48d232d64c64c9606c0d2c9ade
SHA256 0e37b7bc135b2ad29c09722b45dc8fa4f252538ea316de4140a93c55e410e7d2
SHA512 07cb2e67c4fc5be769ea60547a36e0241d28cb3847e71e8e59c6b2ad43edc54001a92446bb4ad4a0dda0ead6e6a5e12e5761d88486fc619202eccd0bbbca0db8

/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC16A0326-0001-1159-53C3D46B5BB4BeginSession.cls_temp

MD5 99e0188b08cc99af5add193f7409f599
SHA1 b363819fe5d1e6de8861576722ff2f19c51ffaaa
SHA256 be0da73e5fd423458fdd6cccf7b0d451802a71f234f327b1c6fddccb8957a4ef
SHA512 5e118dfd035b9ea2c5d03c4c3c654da352159f0a3696bd7342b674c3eeed41823a36d523dab220e0248de8c0da7674077b39c587f5be7b0877ace1596fd24310

/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC16A0326-0001-1159-53C3D46B5BB4SessionApp.cls_temp

MD5 e8ddc3ff39f7c3caf704b1767d7bbdee
SHA1 6c1208ee75571f6e5463161fcb8a8c68a2c008d6
SHA256 8cc6a8655b5994039c00a11c7a54c31fc17dc2f42684e4f5ed988b9ece9be05c
SHA512 8a07823eb28534871840115486dc903d3ff13ee684d1fb64e861414c808b203306667528ba15d1b48aa7498617b64f1b9f56b4481291021a0450b4d6c8e8df3b

/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC16A0326-0001-1159-53C3D46B5BB4SessionOS.cls_temp

MD5 b3d9541cc92a9153d14e5160f8d8c008
SHA1 2e1ac80eb381dd82a03795b682f92020348c0113
SHA256 1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA512 78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

/data/user/0/com.andmon/databases/SettingsDB-journal

MD5 2eb6658d0f8cbe101a0fbf05165bf8f4
SHA1 48c9c1a840f71014e56d473c05b7ae63d308d476
SHA256 eb201d607d52d372b72ac90e71463f59772228a5db3672d9c45b87e6c9e000f3
SHA512 be5b676d29397db606a33a9f93c89ee2c539e70581aa69746ca4898a9f70dce9660fccbb4c2ce0b439a907f5832b63b3081fa2f938cca6fabb6f4ce36dbfda5c

/data/user/0/com.andmon/databases/SettingsDB

MD5 d89b97c875ff081652b3b9428f001eaa
SHA1 4ebf43d141d6b4438a022498b926a5988598fcc2
SHA256 c53b2f113103ed317647eebcf65a5e921d5537f66c9f42b48790eeb804c06447
SHA512 4e9b232878cb8b27f89f4f11cb8aeff3d87f9875bc9bc05d3658d1105705a5ce512471240df91327eb64f10c96da1e9f23579fcc5b81b7bbe5e9e54a5ca5f385

/data/user/0/com.andmon/databases/SettingsDB-journal

MD5 cb2276501645da5bb2492b55a428da3d
SHA1 d7261a3d925a1676f6427322942c95652c7bf540
SHA256 c80b2f01fd9ce6bc95a7a637bf39d2b3e5abde9231c9e3de03899003b9c3d755
SHA512 aa8ebb7cc8d687fe65339ce012c01293beafc25c653391af9f75fa07cc8e643963815527ce677e7d82b486752f8dae9c5b78a61716795202987b9b07149c7b0e

/data/user/0/com.andmon/databases/SettingsDB-journal

MD5 7cd436ca3c20d8c455540174894447bc
SHA1 0d381024b99f21fecc119834f6bdd427022f2db5
SHA256 7015536a7cd26a86657e927fb7dabdf05d3b149f984f1b1011cee2fd976c5277
SHA512 a1ab1f1c70463a4b562fd0321ef83c322644ab4ca058f54f57283fe1eee3937f2c5a0dc99be33f7401382c27b666ab65d36c47fad0a669790adda255a46d4de7

/data/user/0/com.andmon/databases/SettingsDB-journal

MD5 9887bd61c5e283b5e1c11d4a748cda13
SHA1 2305346869afd757cbb2b4fdb943b5d17b04d8d8
SHA256 a7faf17622a51fceb631788fbb37b0ac646788641f42c0eafad138a2920ee6e0
SHA512 e659ccd31269ce99262a9ed4df7051b5b3845000de55deb48e4f9d30da441fc52d11d8c82d2cd0b7a115a81acc7df2a6bab780733026905408a720512d49e7f5

/data/user/0/com.andmon/databases/SettingsDB-journal

MD5 39059059297019ec7b519e0ed414e96c
SHA1 037a3595adf60829b0c844b536e2d2db44ac6551
SHA256 ea0a5583b3964dd28224e9166d6d9a93fe7612535aa27d61106de0bebdd106a7
SHA512 e618431abe3cae39753fd0512e4c2d62b69c0a5807effe1372f7d893650edfa0feb8bdd3256cd1963edcdeedb8d196328e1bf51a9160f57252c4821b2fd9d5e1

/data/user/0/com.andmon/databases/SettingsDB-journal

MD5 06223cc01434ac468acceed1e2955085
SHA1 a49fdd47c2f3e7db17204cc7380df7a0c70840a6
SHA256 034bdfb5b4cb9ddf466f2c46cfffc5c0b769516f65eb2b278e35ac3e3c3d5198
SHA512 a1f9f76bc67bda1b4f1ffd9656469490cea22cafed5ea6811e26821fedf47c5da8ceda70da1149b90c614511ea42711b7f26c62e2d48ad129a8fcdf5422a688a

/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC16A0326-0001-1159-53C3D46B5BB4SessionDevice.cls_temp

MD5 2824869e2b48847ee06aa112458a4c18
SHA1 62ac324365ca456ba4e5308a446b3a95a30d2aa6
SHA256 1e6829928e284cc18fd68989ae7a5a2a67970dc2c79cbb94e49263dbbc5621be
SHA512 7028d0b43fb51081ac279a3846ae5a589d97657e403dacb0514ecf08dcd2b38c573c50b6b845fa67fdef7027bda6445011f0c6c7d3de8a8005ff7becff5c74aa

/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC16A0326-0001-1159-53C3D46B5BB4user.meta

MD5 f5454a0160dd1c70ae6ca4b5eca84966
SHA1 4649dc7548bf4e3b473edb8faf645bd7fd1d12fa
SHA256 4ab1a2641b9a60d3b60308e63592b192a71be9d10ad793158ec43131a7c7ee40
SHA512 de8e9c47fb0c4d2e913bdf719bcefcebeff26aca3e79da3dc2acdf73a00c85c130487f2ef181605562ba6cf69d88206c9c0f592bb4ccfd695262c01239b664f3

/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 2973bf8b96cfe798a27fbc069841bcae
SHA1 310cdf5cc1af684adeda3136fb4348da50c75360
SHA256 8ed3483b33decfe1d410d6b72fd21b60f1bf03adc2b770c7389b2fcb506e8c3c
SHA512 85276686e8b73d1ad8e4ef81c4dc38173fd4ce83c03557d7462bcf8b18350631c09b84e2db940a68c5d2e4a2e6829a51947bb24aac6652c15b962b7dcf05df3e

/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_c9df9bc0-45b6-4bee-a84f-9390d93b777e_1734328683355.tap

MD5 fded08a606cd53ffe3308311932766cc
SHA1 96b8fc6790aaa04a2a94f7b8dad38b00d0e55afe
SHA256 32572f5d16cab36f3fc2a60c9145a9faa0855922f7c505838d0a6332db4ed3e4
SHA512 23c650e411eb540946384af46ab228842bf9cfb9d1c94aeba6d005c4a9ea110c46766ddffc4a010e99014bd6eeb3785967e214bba309c48da53d31f367a244c4

/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC16A0326-0001-1159-53C3D46B5BB4user.meta

MD5 71f360ddb4cfd7eefc8d66ad9ab29dc3
SHA1 2b476760bed51444e0182807942e6c0b516d8e4d
SHA256 5eb4961a3f79e653013019b4c2f61a65ae930c33f51733f127b7355a51a13e35
SHA512 e8b8f692c1fe6a6cd3d6c268bbed983733fbbb822771e2f6b5cb915f26d82a583759905bc30470a6eec71828f7d49b60406a5d5d323556191195cfff48bc5514

/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-675FC16A0326-0001-1159-53C3D46B5BB4.temp

MD5 94a8fd543847b2a420f59f8b5d2ebd6b
SHA1 ef2ca637b4da8354b80baad8031d7e8fa8683666
SHA256 d4883d52d151d64b50510b59d6c8ef6f0387554ef03b80c27b56522ba35d150b
SHA512 91206201cf0b1f6f2eb314774e7831717351ef4856adb51c66e6150b5af4739a708a61d88d5b71232449d6cbea2489fa4eb401f9a891ccf16ec7a4185756a3d2

/data/user/0/com.andmon/databases/SettingsDB

MD5 dad5d1eb3fa8ffb777a3d862a67a1a52
SHA1 0d1fbf27ede5166c7b3fbc63d12f3f390ecbc800
SHA256 07f241f53ad04379da93e2d95ad4bb8f99d220ff6c7e24f99de35ab86258b3c6
SHA512 acde845157bbfb7ee649ba1a4d3ac688cd2a96dc1951a21dcbe6a484cf6fa319f345f611bf74f00be1ecfd49d0baef4dc12b294e6967943ff98912ad4045eb47

/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 47e165a09286769149229bedae898029
SHA1 edc649a51cf58af4809a7c63eae567be58ec73fc
SHA256 a716a596cdaca1d8aa7294eb1cc4ad6ef91712ffac16fb3dcf2b307d2b66fa5a
SHA512 976e0798f736ef5e7f2c5db0b698c5ff83d61f480334fd72f09332fc1462d3cad2e525362895b7780b9c3282eaa32e2f3b5437e415167b4516f18b77800627cd

/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_a69ecaac-cede-414c-8dfb-66d1c1b26cd6_1734328694643.tap

MD5 a24a02cd338abb6f0765f5a01d13c68b
SHA1 4df1050238ca56253ecb6bb0507e37a1cd74be86
SHA256 64564a110bfa73c11316ac57ead377746dd1a9c21c3076b000f7f4d7b3834480
SHA512 fdf35c9aea423777607de50b6206c4198aa41929ae64b9d987c405f5af0c7e606c975f058d16d163a328d562114e66b9e0f787e1d60a4e70d3fea723f2aa376a

/storage/emulated/0/.androidmonitor/log_.txt

MD5 31d19668567265277d4c0a0a21176d72
SHA1 e3278294496631bacff73bfc1b2245379f4e042f
SHA256 833865e57a09dbbd18292dae37fe0db016d5df3e580956a27379f313b9403f65
SHA512 58d3bac9d350dcfec876ee74f78cf413a1406d52044d09933d01666e77a60d32fe33cbe96223ca97f090a5e34fcfb5e61b751efc04576cf11adaa0c87169bf09

/data/user/0/com.andmon/databases/SettingsDB

MD5 79e890ec06309e1e66b79189789651e9
SHA1 25fe4e4576d5579398957152930cdc4cb12b6d07
SHA256 f043b5e84b8077e369b7b6c49cf9b899c1f2d30533d700a31a42694a42910790
SHA512 9d2d55b4c4e7a0c940a3fc7cd2c6f99a86da40ea8bb8d5cbbed813c806533b5e279e727d65b7b03973374f22ba1e7c75b78344df50283338e6ada60f51ef3393