Malware Analysis Report

2025-01-06 10:32

Sample ID 240601-ecfbjagh4v
Target 89472a0e2c72bd040ae1324005d35927_JaffaCakes118
SHA256 6bd7e2a5f2d902275d81f0537ea1af67f3ee9ba4f9f324f661120bf41615d60a
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

6bd7e2a5f2d902275d81f0537ea1af67f3ee9ba4f9f324f661120bf41615d60a

Threat Level: Likely malicious

The file 89472a0e2c72bd040ae1324005d35927_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Checks memory information

Loads dropped Dex/Jar

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Reads information about phone network operator.

Requests dangerous framework permissions

Checks the presence of a debugger

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 03:47

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 03:47

Reported

2024-06-01 03:50

Platform

android-x86-arm-20240514-en

Max time kernel

163s

Max time network

171s

Command Line

com.bennanan.zhaoxiangisaopgwte

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.bennanan.zhaoxiangisaopgwte/files/17172136652491.jar N/A N/A
N/A /data/user/0/com.bennanan.zhaoxiangisaopgwte/files/17172136652491.jar N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.bennanan.zhaoxiangisaopgwte

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/17172136652491.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/oat/x86/17172136652491.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 api.sambardeer.co udp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 api.sambardeer.co udp
US 1.1.1.1:53 api.sambardeer.co udp
US 1.1.1.1:53 api.sambardeer.co udp
US 1.1.1.1:53 api.sambardeer.co udp
US 1.1.1.1:53 api.sambardeer.co udp
US 1.1.1.1:53 t1.jzkapp.com udp
US 1.1.1.1:53 api.sambardeer.co udp
US 1.1.1.1:53 api.sambardeer.co udp
HK 38.177.69.164:7101 t1.jzkapp.com tcp
HK 38.177.69.164:7101 t1.jzkapp.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
HK 38.177.69.164:7101 t1.jzkapp.com tcp
HK 38.177.69.164:7101 t1.jzkapp.com tcp
HK 38.177.69.164:7101 t1.jzkapp.com tcp
HK 38.177.69.164:7101 t1.jzkapp.com tcp
HK 38.177.69.164:7101 t1.jzkapp.com tcp
HK 38.177.69.164:7101 t1.jzkapp.com tcp
HK 38.177.69.164:7101 t1.jzkapp.com tcp
HK 38.177.69.164:7101 t1.jzkapp.com tcp
HK 38.177.69.164:7101 t1.jzkapp.com tcp
HK 38.177.69.164:7101 t1.jzkapp.com tcp
HK 38.177.69.164:7101 t1.jzkapp.com tcp
HK 38.177.69.164:7101 t1.jzkapp.com tcp
HK 38.177.69.164:7101 t1.jzkapp.com tcp
HK 38.177.69.164:7101 t1.jzkapp.com tcp

Files

/data/data/com.bennanan.zhaoxiangisaopgwte/app_Parse/applicationId

MD5 40c8d22e93e466b98e76537bab51ebc4
SHA1 91d736c20368b903957f8da9e7afc5eedfabfa32
SHA256 6ee5bd77b0b3de536386b08f461fb0e715fc8a806b5cd4af94dddff2c3772ea9
SHA512 9befe41c17d6d576c013736f84a0fb96ebfe402bc3dcb1857e9a174544e5efec62b747467068f47da2ffe5197b5fb1b2d7c230ee3849dc4823c7391fa55f69fb

/data/data/com.bennanan.zhaoxiangisaopgwte/app_Parse/installationId

MD5 dcd5211d0c9cacceb4bfe330338f0f3f
SHA1 18839d068040cdbb649ced59cfc445ceecf12d36
SHA256 d0146eabc151ad7238154ca0fb4ae681622fbed6f34770a83bef985163c88761
SHA512 a91540e9cac6f4739e23a2ae64a7f663008e9431695eb2397827e9083a482fc0831d1af3ba413f20d3930a16e960f50d9da3566d37848fa63cb9d790f968791c

/data/data/com.bennanan.zhaoxiangisaopgwte/files/17172136652491.jar

MD5 3eb25d946dbc148d72f07cdae3a7c0c8
SHA1 fb7f2fd3ee9bcbd2ff29564623fef5fc528062cc
SHA256 ed777d16c2353b497c57d6e92e7aa029771b0961d07cb44dddc6814703e987d1
SHA512 cc249d7ab567a8e5c25874e027c3fb019a0a60623961197843e56d6172bdd782e6a522f092d41905187f37cb8dbcdf345c1b7aa0ed6bf0b79d3a811410a8965d

/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/17172136652491.jar

MD5 8ae00b9335817d085441caf5cfb54f65
SHA1 623e17da298ca9c0044c295be9f8d7702ef84480
SHA256 2106565ad1234144c2143fea33c571f1bf5ff788fd5114b0d3e6316042d94e1c
SHA512 9b5e4b9b90067bcaca12798ffc379e12bf9ca3a5990a86fe009792824340289e3da5a3c442baed1cdb2e512474c0c8933fe0d5d41ec0f6ed34ea1418f00b51ff

/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/17172136652491.jar

MD5 66b8b7ad3dcc08b32be205093f3e5d4b
SHA1 9820f265e047492d8088cd19dab4309f6a7a7f70
SHA256 9d1b5a933ed5a0fcef96819a2c26e662483e5308dd34d637527b8551a64b4bf7
SHA512 a8bde13ad651577ec0bdcf81e0eb373376f29a9e229d9faaba5feee89830fdc2ee5ab752dac949a6b39e9eb940d5d319296e2e9de70740801570b3ad813f9225

/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E20303-0001-10C1-D268CCDF0DACBeginSession.cls_temp

MD5 03912ae14a454d49890dc194fd88a7f9
SHA1 f886ad53bf5bb39e35a44fef9831cb3326428a76
SHA256 49bf6848d7cd9dc348099a40d2994c07068e9d6de284121e27c8e36aea8baada
SHA512 d05c51a6ed4de07cb24bf75fdd0db9c1c80f9b96f544747c1ecc29b61d91d5a0eab87916b4dc2aaa7936799cb684943fa491eb255ef016041304d3b61c5bfc8b

/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E20303-0001-10C1-D268CCDF0DACSessionApp.cls_temp

MD5 cc0638182849845c6a96eae65dda0d76
SHA1 5064240f4a299352c0b8e7f32125f643790bab88
SHA256 42f355907b85b48f0ff3a4644145c3616b5b42083212651c0a96a336ec8c1e9d
SHA512 20d0d84c1a4551c67538720fa2c60d49b71a546ce885b61d5b4a257703e5cdb7900c8a3e3fe158b30c59a3385a6d2d8b2edebdb3ac65bcb6673554d3196a1ac5

/data/data/com.bennanan.zhaoxiangisaopgwte/files/gaClientId

MD5 b246185f76796e9a100521a980959764
SHA1 b3d392901321c90187bad33c1c6a0441e973d45b
SHA256 935e887b31148a6d43cdf75b7930cba62023bf28ab91bf54e4d224199964bb82
SHA512 1286c27d22f030156ac8cb1eee1613f4942ba8763ca2049bd847ea740a3a86429d4a2fbf51e73cacc3433b5575614b6b049031e678fa1fd5449dbabc6cbdb8e6

/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E20303-0001-10C1-D268CCDF0DACSessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.bennanan.zhaoxiangisaopgwte/databases/commments.db-journal

MD5 a7bb07bc293360b55dd223bd784254fc
SHA1 4e1e54f9eb01b5d0cfe0b9540d1a5bbb6ade8379
SHA256 b55e92813081ce9afcc7bbfd26b2454edd353adc52069666bd00ae86dcd153e0
SHA512 56a7671577bdcfceac43a7e617f8447edb2ec9334be2c6b1bc9c2c6e2894648d2fa13f5c13103b9ccc10dab178242ae929f12bd962e5933908ba308ff8f44079

/data/data/com.bennanan.zhaoxiangisaopgwte/databases/commments.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.bennanan.zhaoxiangisaopgwte/databases/commments.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap

MD5 79c642a6b0afe86b6001d2ca55d007ef
SHA1 555af9c517216aa5afa423f289e74f6bddfd36f7
SHA256 cf2446c04c5c06e81bfc5cf47ec45be3e119bf66b7bf457ae82aa6c1bc9ad10e
SHA512 e9f5d324171befaa1e84baed1ff66e0f4d622bcbdcaa4981325754819a06d811e83fab545bef31fab068fdc37aa2ad540358707f4fae84b71907576bc7bc5394

/data/data/com.bennanan.zhaoxiangisaopgwte/databases/commments.db-wal

MD5 3af490016d2dd1c532854ff17e6c8e2a
SHA1 bb96c776a938dfc9fdaaf1cebed99b40ccddc1ed
SHA256 82f3393879f6e86afaaa5f8577eac9e72a4b092bbf39eb0c5975bc7cf77eb413
SHA512 267b812c0ad45918e2e1a5b2141f470480b5128fbc8ac3d4fd08d2c4d19342c91faa12764f217beb7b5d097fbba1a4f915b6fc590ab6acef27de2352921550e8

/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E20303-0001-10C1-D268CCDF0DACSessionDevice.cls_temp

MD5 930f4ac7f18324403553702956d08690
SHA1 062dfa8ae725a0d6c433b6a73c7dea171726bfd1
SHA256 8953accee02c4aa78e33921e46cb8dbe884f0ee1bfafc4eac0d367ae2d44b220
SHA512 a58cdfe55de8334f76b2023ff5c8d676611c2059cf264bf9b59e4aedce3237a8107f7cc6d284614badaffc829c98ab0566384104b5cfb27af792a028753198bf

/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics_to_send/sa_b2ee6df5-8fa1-4d0a-901d-1cb7f7967d1e_1717213667131.tap

MD5 f3399eac7ac279fa6f7a7dcbb02e63f0
SHA1 43f22a4922084f28b8f561ebd47b144371e2b557
SHA256 3905c6d44f723b5448db7c475e1bbee4d7f4f253af470895fce47f80d59763ba
SHA512 88d2628d0c40ebdfba6081c39ebb98a29c65764462d2828f8590647ea5e28004d96f57f8d2bf7f164c5bc38249ff4da93c46f3da08d770fb3ef99443f7101ad5

/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap

MD5 a4680624109e2e339e786e28f9b014b8
SHA1 6822c7f7964ed39f39367ee3276baf645d85e5d4
SHA256 e1c45527dd2c886a0fe40be89fd34a3c9897680f63a9d1d84c681cfaa2831fb4
SHA512 aca5cfe751195b11990c1409e94683a776fbe62ab6b8e98588f17c606c77099761680021a279bd3f617ff13eb5f800f7e71a5dcd800a94790bd819eb0ab8a51b

/data/data/com.bennanan.zhaoxiangisaopgwte/databases/0358240051014041.db-journal

MD5 5fd59645e9426770f00400687b6cc674
SHA1 30b1a97ce22928176a713800674c05a8990de020
SHA256 966e369f618e52674392e61e35e987edf6acc7eccf26fba29a7ab28a7716c98a
SHA512 df0d820c0f3a8292b8b99152cc895abe64d2391f39dedd08c04e533a68bc09d2486779634e95fa31c8f95d689f7539fee5deafede6868c6865a1830ba5c00434

/data/data/com.bennanan.zhaoxiangisaopgwte/databases/0358240051014041.db-wal

MD5 39de9890854f864085c1f6bd5341c643
SHA1 00c06155198a6b98b89cf34372bf15f35a5bbdd7
SHA256 bdaf3906f34271fad083d67c4a19d13bdb6a4ec932f9813233a420b4c184e0bf
SHA512 fe9a050796797cdcb9d33027e02d7e979136d52021bab4712538a19aea1ecbcfe69ff7fee1d856b445d7fac88b9f4a28d02a3cf61d46295e53a889db4d1f392c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 03:47

Reported

2024-06-01 03:50

Platform

android-x64-arm64-20240514-en

Max time kernel

123s

Max time network

133s

Command Line

com.bennanan.zhaoxiangisaopgwte

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.bennanan.zhaoxiangisaopgwte/files/17172136648451.jar N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks the presence of a debugger

evasion

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.bennanan.zhaoxiangisaopgwte

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 api.sambardeer.co udp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.sambardeer.co udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/com.bennanan.zhaoxiangisaopgwte/app_Parse/applicationId

MD5 40c8d22e93e466b98e76537bab51ebc4
SHA1 91d736c20368b903957f8da9e7afc5eedfabfa32
SHA256 6ee5bd77b0b3de536386b08f461fb0e715fc8a806b5cd4af94dddff2c3772ea9
SHA512 9befe41c17d6d576c013736f84a0fb96ebfe402bc3dcb1857e9a174544e5efec62b747467068f47da2ffe5197b5fb1b2d7c230ee3849dc4823c7391fa55f69fb

/data/user/0/com.bennanan.zhaoxiangisaopgwte/app_Parse/installationId

MD5 fec3a98253913f684eefa51b6dc3e906
SHA1 ff2d9701ac9b5aa43f876ed88dc2c04d983bc5a7
SHA256 5b31d57c36ae032d5a29d5a2fbbee744533c9328eb1505d393ff01985f9d9a34
SHA512 cb6b7b9dcbb6cc574ea8de12c24a606564ce1d78a9df7f96ddd731d7ee537d1501023a790542204493bd8e79a259c7f892e3e26c75f73ada51c8e50cd7c16b6d

/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/17172136648451.jar

MD5 3eb25d946dbc148d72f07cdae3a7c0c8
SHA1 fb7f2fd3ee9bcbd2ff29564623fef5fc528062cc
SHA256 ed777d16c2353b497c57d6e92e7aa029771b0961d07cb44dddc6814703e987d1
SHA512 cc249d7ab567a8e5c25874e027c3fb019a0a60623961197843e56d6172bdd782e6a522f092d41905187f37cb8dbcdf345c1b7aa0ed6bf0b79d3a811410a8965d

/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/17172136648451.jar

MD5 8ae00b9335817d085441caf5cfb54f65
SHA1 623e17da298ca9c0044c295be9f8d7702ef84480
SHA256 2106565ad1234144c2143fea33c571f1bf5ff788fd5114b0d3e6316042d94e1c
SHA512 9b5e4b9b90067bcaca12798ffc379e12bf9ca3a5990a86fe009792824340289e3da5a3c442baed1cdb2e512474c0c8933fe0d5d41ec0f6ed34ea1418f00b51ff

/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap

MD5 1fa2441b4d45c42ea142edf9f982c5ac
SHA1 28a6c74620a3aaa39129f44f720630e19b9340c7
SHA256 ef98ec6306b45847553b074f755e79ae3145375ddba8fff3069ceab96c29202b
SHA512 bff5be51fd8bc8289baacff4e15d9d2ba1345cd5cdc69b325818c35ce4d8599eb7fecf6ae7d82d1e52eeb29df50939c3d654ae99e857c81c9d6e32d8f7087762

/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/gaClientId

MD5 ad2c0bbcead60c09e55baff67e618a87
SHA1 e22a33c798e5d7bf2faa955866fb16429a111207
SHA256 095ca96ae75c51fd79cfaf078ce4a25222d4baf77eb9d06a4a5b0922c5aff67f
SHA512 d97bdbb7c14029d9b08b3393c88e3787e7b40185da7ce669596d151e0b42e12c912fe78f33d9f12251683ae0c8e42b20a3de771908d0f961f38a8977b0df3f9a

/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E10160-0001-1231-F58ED1B366C7BeginSession.cls_temp

MD5 6276a48c2b4396cd86108a630dc96a38
SHA1 4e7417fa1c95cb1c87de0b3ff1493e137ccd0a3d
SHA256 2050df3aaf8982d956553b14e1415d4d1f97c74d34c51aab158d81aa5787eb99
SHA512 aabadfddfaff8125fdd62e7b9180d16d81a849e85f4291cbf9bb449e6d3d207df32a2c743c2f74856076ab5e166c846a439fd88a1550d8b0732f812eec9c5e7b

/data/user/0/com.bennanan.zhaoxiangisaopgwte/databases/commments.db-journal

MD5 a9de4476939cceb9b2bb09ed40db2e4f
SHA1 8d1acdd27210d1f0cbe9d10cc508a9ce6026c43b
SHA256 7de4a920023153bc41db707658a9a8b2bd3622ed4831f0a519f464b4f6a2ecb7
SHA512 a91131304aa92c55c2aa0148e31c6ac0d76cbcec68fa984a3fab62785490f7d1056d900601068600c9163295e7df52628dba18016022e3ab25aa517b2911ddc5

/data/user/0/com.bennanan.zhaoxiangisaopgwte/databases/commments.db

MD5 811136c742752f9db7d861e25f2338fc
SHA1 03bb54f0642a5fcfbb1e74b6f0e35c2c34f866ed
SHA256 b24ffb84f61bebbf2db39310fa0c2bfe98634bfaa6c3092e4ae8784cfcb1f7af
SHA512 c969eca3820eddf51975ff04409ccb3b8268cfad96e76a4e3566a744b0ac0270da8480b583c7dda51dd38b71d9bed549a13f7b4d778eed989fa01ffc7f0c8b43

/data/user/0/com.bennanan.zhaoxiangisaopgwte/databases/commments.db-journal

MD5 07ead87596a77f0e879325d49bda940c
SHA1 5ca87e92c719551269caffc523a14f6b97318f70
SHA256 3412b837bc1e12f88087856595c21419b878ecd518ec440a789eaa97822080c8
SHA512 c5e66b87f8d1e90ff5a316f0b7e5af5029b9d86221d20c2ed7cf1bc6078dea4d6c01358b762fe251acbccd3c679bb47c83c9f89f0a1987a95b9c1dec03ce8347

/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics_to_send/sa_f7286608-6fd9-4b53-84af-3a70af451997_1717213665604.tap

MD5 1eeb116a8dac8b37378156e9b5ee040d
SHA1 2b7a775a227c85a86ca85eb39e5a57f505eb503f
SHA256 b93fadfcd3217401891017ec8c8108c872cc311252db268577bd335fdae72098
SHA512 586c7b952bda5f2241f01c9db8877be4159838f088f5c85e6f5f9f3311a7f85a2431624834b9b042a294717f28d24d37d04ec5eb3777edd26877711e5b126817

/data/user/0/com.bennanan.zhaoxiangisaopgwte/databases/commments.db-journal

MD5 72aa837d04b9abde6548fe159787b81e
SHA1 91297124eb2b32846ef9f1e9f368470c7192ea10
SHA256 ddcd190398d4326ce8fa0cf7573f9b09a8fcca615edb0411bbdf93df672b2b08
SHA512 b7335f9ae11e83ab17d8c38bc8ce0b3f8f19cb84ac1e3fb7dee0433d856fa1eaf00d5afeaea8803af4079d7a7defe55516e9aaafa997b33fca6e3b52b4c478ea

/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E10160-0001-1231-F58ED1B366C7SessionApp.cls_temp

MD5 561981a2915e5b5f2d30e897d84addcb
SHA1 919f00d3e315d55639010b38fd3127a44e56d3c3
SHA256 88486ddc2546a1de517dc137727eb4a77ebd90acfa89f277f41eadf8ed85bd4b
SHA512 960fb04605a6a4ac3cddafd35f9d014f961763b591fb22198768957ac132bc6205234caba7dccf119acac37d44e7d2fb80657986bda9fa31823de2677aa5a938

/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E10160-0001-1231-F58ED1B366C7SessionOS.cls_temp

MD5 b3d9541cc92a9153d14e5160f8d8c008
SHA1 2e1ac80eb381dd82a03795b682f92020348c0113
SHA256 1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA512 78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E10160-0001-1231-F58ED1B366C7SessionDevice.cls_temp

MD5 6d714a5eb42eeaba7c23d4e146469ed5
SHA1 a7a230be1b366e47733d62e0d584ef484f21373b
SHA256 89b2dd253fbf6624a7fd9170a016c1b6cfca6e977cc8973d15aa5d23060ea639
SHA512 998cee982171fdc710da034290a3ad28d4239774fdb9a75943324083051519496f7814654be3cd93aeaa3d4e357983593608f5a619080198b8385689cf7c6a9b

/data/user/0/com.bennanan.zhaoxiangisaopgwte/databases/commments.db-journal

MD5 d85e7dd9e6b319b32d1b46e7ddd39b0e
SHA1 56fa842404e1f78b753b3b44b227411db82bb743
SHA256 b427047d0ff6f33df94f54880349c2dcb000bcaa6cc81a2acaf4da74aa183da4
SHA512 7746f9836384950366e7696fa2a9cdfd2c91711bdc7a3e6259e67aa1516ab597434fbcdd8146579144d7c92eeced14997e284770708507705854b173611d473a

/data/user/0/com.bennanan.zhaoxiangisaopgwte/databases/commments.db-journal

MD5 1ee4c865bc4455dd242f2cb50a1e0f43
SHA1 a591e3f33d8dcaad382626032bdab98160a021cf
SHA256 3f2d738e2069295a46f4b518831d2f36b6110816b9429f928184ccea188afb83
SHA512 dbd643cfd23cd5799f6f218bec1776f1a02fbc5b497abbfee040dc287aa5f811f1466abd4d2bda31817d827b41d90c0969d0e7aae5033e41ef2c9375e548f1d2

/data/user/0/com.bennanan.zhaoxiangisaopgwte/databases/commments.db-journal

MD5 deaab972d92cb3f7b5055fc7aff2aca4
SHA1 0d8edfd424e773ebaaced96de9d4d2b6eda52f33
SHA256 d891099e840b87a63bd61334e3998af5ac08ab2e33f595a33d9c7faef4101be2
SHA512 06357605c7ae66fb16b6f43646277e1f71cd689a1447276dbdb972f26ee59b057e397d67d036034ffdfe40dee514621204aa0dc478f88d68203f3ca462f73b4c

/data/user/0/com.bennanan.zhaoxiangisaopgwte/databases/0.db-journal

MD5 7b607c87fb5afd8cdae6e8b87eee6bbe
SHA1 e88684116cbcfa9364beb9f2ac8d37622eec2b3c
SHA256 d1f23ab47043301e1a01cf49c647f315d9edb4f6afa93b3dc0b6518f407ca367
SHA512 92b033318732f230ef67d8ba39924ba656110e34f0e18e5dd777f7f68e6020c98b51d43efa221e1217a62780678660718c0751e8810426a0cc888cc34b20f7a8

/data/user/0/com.bennanan.zhaoxiangisaopgwte/databases/0.db

MD5 1051d2bf4b014ea25378fb836f5e8cea
SHA1 9dacc3c2bdd415bf9c628660c95bd2f0fdb688b8
SHA256 f2c0d80f4e72893322edd46984ef4462b5ec0b7e8ccf4c651ae2ca698bee74a4
SHA512 883b5ac3d4e610744e8dedd2a7fe99d422a62a3b6b97eafd64d6b7201c3d3e8c57d0785977d5d4c0c6d9f6db9f9bd40d42e67872a29d400791145f06ea15b221

/data/user/0/com.bennanan.zhaoxiangisaopgwte/databases/0.db-journal

MD5 ada58fc64916db3d3dbd56409e7f1c2c
SHA1 54f36b6638385ddf4d66fd8acc216f44bcfc88ad
SHA256 73e8208457ce936e854dc03de434af7cee8918067e841871e7ca4147d0a0814f
SHA512 a10ee9f0ce0ddd46fea0a07265c4d887004fb41b01496439be7484bbb8c78fe9c3564cbebd104c0b21f056552a006e7a684d153ca68b6c9907ad2fd33258ece3

/data/user/0/com.bennanan.zhaoxiangisaopgwte/databases/0.db-journal

MD5 5ba4580dfd6a718e7f6aa8d3356b7a64
SHA1 6e5b386a736e9aab6010a2e6b2c4aef1f6f3eb96
SHA256 abbca6109d03f76d0327175e513a7032f68f1755985915356f48a4a7288c8fea
SHA512 5ba473fe4809d5588f06006880bfdf8c759f0e9792031120fce5b713ff2889975f89c71f95fde3c8368fd4872b33e093ad5a5d7d76227dde32383fc481c3b8f4

/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap

MD5 1a8be97e2fd2d142e9f342ed5630620a
SHA1 872cf15746701e944b0c25b39bf18647691d8d0d
SHA256 55751042dca905511a52523b138470d61f571d4491c2d1311c30014357fed5b3
SHA512 8a1c935514fb0e6cc8f57cf38a70ef50a4c8ccad4ace1cf551b3ae9d98716e2caa4c2731c269425a10d505920a0e89c7957fda22a502ff7bc4e0ba5da55c718f