Malware Analysis Report

2025-01-19 05:04

Sample ID 240605-wc1qxaec69
Target 98d1e565e360d583e7aaa5e1fd09a5bf_JaffaCakes118
SHA256 14e5131a09c05706b1f3ea9d0e8aca4a94324bef3e8e998af9d63ee6554db375
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

14e5131a09c05706b1f3ea9d0e8aca4a94324bef3e8e998af9d63ee6554db375

Threat Level: Likely malicious

The file 98d1e565e360d583e7aaa5e1fd09a5bf_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Requests cell location

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Acquires the wake lock

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 17:47

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 17:47

Reported

2024-06-05 17:50

Platform

android-x86-arm-20240603-en

Max time kernel

178s

Max time network

187s

Command Line

com.sharetwo.goods

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.sharetwo.goods

com.sharetwo.goods:pushcore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 api.sobot.com udp
CN 203.107.41.32:443 api.sobot.com tcp
US 1.1.1.1:53 api.goshare2.com udp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.112.112:443 log.umsns.com tcp
CN 47.111.206.121:443 api.goshare2.com tcp
CN 47.111.206.121:443 api.goshare2.com tcp
CN 47.111.206.121:443 api.goshare2.com tcp
CN 47.111.206.121:443 api.goshare2.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 121.36.205.81:19000 s.jpush.cn udp
CN 203.107.41.32:443 api.sobot.com tcp
CN 47.111.206.121:443 api.goshare2.com tcp
CN 47.111.206.121:443 api.goshare2.com tcp
CN 47.111.206.121:443 api.goshare2.com tcp
CN 47.111.206.121:443 api.goshare2.com tcp
CN 59.82.112.112:443 log.umsns.com tcp
US 1.1.1.1:53 sc.goshare2.com udp
CN 120.55.144.21:8106 sc.goshare2.com tcp
CN 203.107.41.32:443 api.sobot.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 36.156.202.75:443 plbslog.umeng.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 120.46.131.222:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 121.196.62.198:443 api.goshare2.com tcp
CN 121.196.62.198:443 api.goshare2.com tcp
CN 121.196.62.198:443 api.goshare2.com tcp
CN 121.196.62.198:443 api.goshare2.com tcp
CN 123.196.118.23:19000 udp
CN 47.111.206.121:443 api.goshare2.com tcp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
CN 59.82.29.163:443 log.umsns.com tcp
CN 121.196.62.198:443 api.goshare2.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 36.156.202.75:443 plbslog.umeng.com tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.137.47:7005 im64.jpush.cn tcp
CN 1.94.137.47:7009 im64.jpush.cn tcp
CN 1.94.137.47:7006 im64.jpush.cn tcp
CN 1.94.137.47:7004 im64.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 1.94.137.47:7007 im64.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 1.94.137.47:7008 im64.jpush.cn tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 121.36.205.81:19000 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 59.82.29.249:443 log.umsns.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 117.121.49.100:19000 udp
CN 1.94.137.47:7008 im64.jpush.cn tcp
CN 1.94.137.47:7004 im64.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 1.94.137.47:7007 im64.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 1.94.137.47:7006 im64.jpush.cn tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 1.94.137.47:7005 im64.jpush.cn tcp
CN 1.94.137.47:7009 im64.jpush.cn tcp
CN 121.36.205.81:19000 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 110.41.162.127:19000 sis.jpush.io udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 59.82.31.160:443 log.umsns.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
CN 1.94.137.47:7005 im64.jpush.cn tcp

Files

/data/data/com.sharetwo.goods/files/sobot_chat_log/sobot_chat_20240605_log.txt

MD5 b3d8c8d49d4d3093854c3b3e3efd6c16
SHA1 370788ebadf77b8c8adbbc6b8aaf3f333b0aa5d2
SHA256 a3e5ab498fc9ef3fbbcf3da21532929eef42fe75fc8025e56de7e8b7a4cc84b8
SHA512 a83b0256240b8e7cbff11ca8a2881d0113a68a6ea699cd264ce23af3d183137e80adcda4f34c29385c5435d6083a8ec612b90484c943555eb6acb99eb5d22444

/data/data/com.sharetwo.goods/databases/com.sharetwo.goods-journal

MD5 a78c0cc35d0161977bb9033b724c3e6d
SHA1 49031617105c3b44ba041188160cdda9932eb695
SHA256 46786aa3bcb15fdcad4ecc5cbf9615e19955e31193eb5883f029b9d8d098696f
SHA512 fc797f9c11d8c13815543eb7111187a3d56a5f88162c0254b50b78415d2811d0297bf3e17f038dee9833d3ec819ceb1337f440e4738874ba69b7aa128592ef8e

/data/data/com.sharetwo.goods/databases/com.sharetwo.goods

MD5 548d50c16a3d3756a4c2a262bd487b8a
SHA1 6da8a90bf7808232582dd0180cb339e013355ae8
SHA256 6b6d561ba218fd864cda7d159bb2d8732ccbca7357170f2fffd476174c873602
SHA512 12fcc419057d42d8da2349d137e2277f188077b045baa63b84c0ffa3c089fdd74f72377afa649da5b4f62edebeed811d61d95ab530142db7b02274f13e759372

/data/data/com.sharetwo.goods/databases/com.sharetwo.goods-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.sharetwo.goods/databases/com.sharetwo.goods-wal

MD5 4954c533d08a79e25feab06215b0f40a
SHA1 ae45261d8fc5a3bf2d4367a4e055d9908d25e6b6
SHA256 6bac5b148ca1106c131db51df0108a1233867da539a11a7a5404705caa8648c3
SHA512 b2ec6067f455e3e59d93b127ab1078da079209b50b13b2f4e134c325757f0bcd04be71621cccdb52dbec9d28b3427ff5e743664daaf1020f910cac52d8db6575

/storage/emulated/0/Android/data/com.sharetwo.goods/files/tbslog/tbslog.txt

MD5 22e1b7a1ce6304c6774abd0138429a18
SHA1 f90295375b41931d4edb9f1b83bfe13ac4bd39ba
SHA256 377525ebf562f81cc094d309b51b70be946284776be59c7f840c92802cc69fb3
SHA512 c341df090351b146047b181739657ccd8223c1e1714212113326fd07e5f665a2ea2ffbaf9abd5b31f483b6b3deae3e1e81e421782dbe61bf0adcc132f2084eb7

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 17:47

Reported

2024-06-05 17:50

Platform

android-x64-arm64-20240603-en

Max time kernel

177s

Max time network

187s

Command Line

com.sharetwo.goods

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.sharetwo.goods

com.sharetwo.goods:pushcore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 api.sobot.com udp
CN 203.107.41.32:443 api.sobot.com tcp
US 1.1.1.1:53 api.goshare2.com udp
CN 47.111.206.121:443 api.goshare2.com tcp
CN 47.111.206.121:443 api.goshare2.com tcp
CN 47.111.206.121:443 api.goshare2.com tcp
CN 47.111.206.121:443 api.goshare2.com tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
CN 203.107.41.32:443 api.sobot.com tcp
US 1.1.1.1:53 sc.goshare2.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 120.55.144.21:8106 sc.goshare2.com tcp
CN 1.92.70.140:19000 s.jpush.cn udp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.107.80:80 log.tbs.qq.com tcp
US 1.1.1.1:53 da.goshare2.com udp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 101.37.223.218:443 da.goshare2.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 119.3.253.130:19000 sis.jpush.io udp
CN 121.196.62.198:443 api.goshare2.com tcp
CN 121.196.62.198:443 api.goshare2.com tcp
CN 121.196.62.198:443 api.goshare2.com tcp
CN 121.196.62.198:443 api.goshare2.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 120.55.144.21:8106 sc.goshare2.com tcp
CN 47.111.206.121:443 api.goshare2.com tcp
CN 47.111.206.121:443 api.goshare2.com tcp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 121.196.62.198:443 api.goshare2.com tcp
CN 121.196.62.198:443 api.goshare2.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 120.55.144.21:8106 sc.goshare2.com tcp
CN 117.121.49.100:19000 udp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7008 im64.jpush.cn tcp
CN 139.9.135.156:7005 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7007 im64.jpush.cn tcp
CN 139.9.135.156:7006 im64.jpush.cn tcp
CN 139.9.135.156:7009 im64.jpush.cn tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 120.55.144.21:8106 sc.goshare2.com tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 1.92.70.140:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 59.82.29.249:443 log.umsns.com tcp
CN 120.55.144.21:8106 sc.goshare2.com tcp
CN 103.229.215.60:19000 udp
GB 142.250.200.4:443 www.google.com tcp
CN 117.121.49.100:19000 udp
CN 139.9.135.156:7008 im64.jpush.cn tcp
CN 139.9.135.156:7009 im64.jpush.cn tcp
CN 139.9.135.156:7006 im64.jpush.cn tcp
CN 139.9.135.156:7007 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.135.156:7005 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 1.92.70.140:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 59.82.31.160:443 log.umsns.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
CN 139.9.135.156:7000 im64.jpush.cn tcp

Files

/data/user/0/com.sharetwo.goods/files/sobot_chat_log/sobot_chat_20240605_log.txt

MD5 e5bce425d8c821a712dcb10e27c3824d
SHA1 16fdc99839c92e02b080ac511a1fcbe4010c3747
SHA256 55947a41c4309588677c2c90533a03031e74dc21a579ee41c525e2dbcfbb7a90
SHA512 1d1a639f06e74f251f27e205926e191232253c9231f26c7561d2ee9140892a58ada14f62ad66fcaa20fda6b02c3e2d96f979f8ba12177df2e186c7f4aa68716d

/data/user/0/com.sharetwo.goods/databases/com.sharetwo.goods-journal

MD5 1bcf666116ab25b3caae41bd79e9f715
SHA1 384e090302c5e530e8caa01ae301c441ed778738
SHA256 2de2a26ad5ce3b9aabc928b81dfaff9322102c720817a2b17b627c2e5b98fa25
SHA512 93fe799100108182737e1b11343ec518c19cfad306f1f6cb0f9f952a61772b78ef14abc9a347ad06ba9384995515b82e628da157b94c676ed495851b64f9abdc

/data/user/0/com.sharetwo.goods/databases/com.sharetwo.goods

MD5 d208c7d4d5bf559fadb8da1c0c79c415
SHA1 cdebc690467b236775f8a87c7f2f568247ba3b07
SHA256 883fa710d91861bc19a65d57f5e82170773ca25e8a3b1c256343ed30aa5ea64b
SHA512 1185df8762e1410f329f7439e2a9ce94977f797eafb3a3f90a16cfce00b7906b47271e183a39d6c1b2b6e06a1a2554420acc84dd0212ee7442352c8d9034a50f

/data/user/0/com.sharetwo.goods/databases/com.sharetwo.goods-journal

MD5 4437d3dd339abba1a17e1aee9bd82030
SHA1 eb94d50090368bdf1215724f5654355691c66ba5
SHA256 78043e89b8eee9434703dd884b804bf2f59873363e75375904c87c1925ca88c9
SHA512 e6aacef4ecbbef6e923444a24cf670f2b759f7264bfd62a1ea352d021a8f0b07975096b186dfd988c62d96abb65d4fddfc51621db8defc03ded260c9017a8846

/data/user/0/com.sharetwo.goods/databases/com.sharetwo.goods-journal

MD5 bb0f73ff19e6d9fc52e217371a71e5bf
SHA1 6e353e385aa413a5f82ea58d9b571e9600e596dd
SHA256 c135f471cc869204e750f8a548e861a17e7504941fe7df5d44a1ccf19327e2d8
SHA512 d2c9cb97851f045dfa55ab61a06085ab8d134732e81887c2cd5920a355ba500134e9b293c1647aa4a50b68f2038ef00d9c2ee6034499d8259756e89b038e5636

/data/user/0/com.sharetwo.goods/databases/com.sharetwo.goods-journal

MD5 6f1dcaef95ac47a9f7ce9a0161320958
SHA1 d6eb3db7311b24db3b677cf762b4ef2723b1cf8e
SHA256 18ea7666f9fb406cc09756700fb8b0142d48a224efc5538258f53b0abfb2d83a
SHA512 97803b2b2e9debefa9d6b9e4670d9649dad3435076ed24e1715f012822b7b3e39909e635a9fca05c08b1e3dd040ab65621a6d367e371f5261ed1a4777d40b8a2

/data/user/0/com.sharetwo.goods/databases/com.sharetwo.goods-journal

MD5 60f9027e9d7f7d881e2b1572397c545a
SHA1 d4bdf335e406f4bc258ed62c0860bc316c2c51af
SHA256 b6bb1b04d489154e6c62c58c8f8e234064c93041568b4717dd0b739d0b52c995
SHA512 b50673c736b7e385205fe4c14678f4dd123d6b0088db687f65e3352ba8a58aa2b240f8ed1049e737dc347787d0336600b313961e9f4a9c7d646b0ede73a95e84

/storage/emulated/0/Android/data/com.sharetwo.goods/files/tbslog/tbslog.txt (deleted)

MD5 3b0c37b69850c45ed75f4208acb0a2b0
SHA1 dbe2a4a64a636fe84dd4c72d8dd20049d15ecc44
SHA256 bc4e354d59c775e431a2c3d3dd0dfadc4a8c9fc1dcd94c7080ebe8f74a0ecfb0
SHA512 91e0f7811fd9ac87835184b25a06346831b488ad677e70630a3ae58803b3395945a078ed3a067f69ce1415e99b675bf33fb48ffc3649b5a58550f950791a9265

/data/user/0/com.sharetwo.goods/databases/tracker.db-journal

MD5 6618f4fd8c42ac9ea1b8630d06ca82f0
SHA1 101e6124f5841c590465ef2950a66ccf794de5fc
SHA256 501618065fbd20765e061a1d558acae9b97d2bb1817de7511727a5cb18d629a0
SHA512 04f9908b84e4976f874d41b6af97c3a10c561ec684b3b3d0dcd73d75053db88cb100934fb4411c86a14c21fec5e57f8f0b6ef57b645f0c263596626c3d93cc6a

/data/user/0/com.sharetwo.goods/databases/com.sharetwo.goods-journal

MD5 36bf9de0491b4954669d5b560c4842b1
SHA1 bc5c3212d2aaaab7e60fe9d995d094aea9edde34
SHA256 e2f854992000b7fe95db9f39a6f5c2c6f7cb76120723bf25e12e76a126ce6a70
SHA512 e350db0a88e5b15ca0dd222c58dcc74a9f24b884ecfffd2448347d9ca3a19dc1d3cbd73dc553b1138f0e82a93ac8a9fd339062b0c5fc353f5012bbe66632db1f

/data/user/0/com.sharetwo.goods/databases/tracker.db

MD5 9cc6b03d88595faace3360e26a93aa17
SHA1 38647757a91781d8c1ac458e8b5784d06e3c1869
SHA256 98c89a46117d00a1009fe19ab2834b7c18ba071deee07ff8b2a2a2e8a1fa13cf
SHA512 13ba0a803c025fa6e259b1d27707a87de01eeea99473fcd8e8453f40e69721afcdc8aca36a4515285443a85911d1110f6e34b82449789deeeda3d52d0cfee000

/data/user/0/com.sharetwo.goods/databases/tracker.db-journal

MD5 5996b91f47d528ec9895bd98b0344bec
SHA1 8428449c52d592faba5c8ff020b8043528eb7209
SHA256 b4472a2f8496090fbb1fbb2125f82a06467935fec6249ac4f120d63689228d4c
SHA512 0341f39c752efc687052654edee7a6c1eb240a20a64429366304ea3270d3ed11a2e3120c9f7ce0da4d80983f5e002deceefbde7da86ff37e53ed5cf07903f511

/data/user/0/com.sharetwo.goods/databases/tracker.db-journal

MD5 7df172175e5ac9d1ed1aff45887eee50
SHA1 6e4883b792985dd878932ffbb4a048c5fb83a382
SHA256 2b1578771d2eb3a28201796815b26a9eb8830392b17d14e4242dda457d3a84cd
SHA512 def37f613bd43e03f2508a5278eb2b1a65a80c554cb9bb79b59da3453839bfb64331a65a27f181973aa02170d11b7da3d7f9c74e820827e3b9c35e37fa7dffb3

/data/user/0/com.sharetwo.goods/databases/tracker.db-journal

MD5 c3c83c8bc96088ee994a496ab45c1f80
SHA1 458563bc35c449c9ba1a885832c00307cf8b3264
SHA256 9055b3597b7e13b06cb77b1717fa7bf8fd07a937cb24a7fbfc1da793a701fabb
SHA512 b5d7def8a9c12a1be0db246701944a56392f43ed98dbb9373f35896311ccd027f91f95c590e628e965a8cd44f1025b43d0e5113607be3958ab3f5125257403d8

/storage/emulated/0/data/.push_deviceid

MD5 164dc2159280f9f98dc5a2652e171e74
SHA1 998f1795cae00fa0069f27429c138fdffada63ca
SHA256 5661d8aaf47b73f8307bdaefab0b2ec08c096eb959fdb4dbcb2b8b2acc391602
SHA512 1122fdf62e44ed161d38cf953d0468cb5ed9d35dd0867c050fe369a206d0595b5cb23688d5dd84a8b478b3cb615b7fc9431098f529f1e437122eefa7d04bea11

/data/user/0/com.sharetwo.goods/databases/google_app_measurement_local.db-journal

MD5 4b4b56171fc5716e7b00a07731849bb4
SHA1 e9ba5b0a7c396f2dc34030da7d8faa3572a04647
SHA256 5b7bec90d9a73d106658c3a53aeb83d918b39772fa34d5fc436f039e7ef5c967
SHA512 4ced58298b1d66edc04410a20915bca25d68095c8ad9941f50dfdbd35d23eebbaa223aa395c5ba9bf2cd4e0dbae8f74ce8382ae640f66e842d1f03f90ee18ad9

/data/user/0/com.sharetwo.goods/databases/google_app_measurement_local.db

MD5 d25095da1464975c2195d204bb72347f
SHA1 8fef83157bdf892f4e752b456af7552f1279f448
SHA256 0f0fdded82e75414dfd6520bf790bc7ca877ecf8b75399d1d93781b98ee28f51
SHA512 a48c75f35d8a2888be6e392c884a2f280706a5fe40f8263d81f05a2b8de8a1f03f3c1cf0154328282757b80692f91de49644a561d63dfa2231345db735dfa21b

/data/user/0/com.sharetwo.goods/files/umeng_it.cache

MD5 a789d42d1e068994cd6e2c62c0015019
SHA1 3f862d12638fba02a781844db77cabb1d935d5ff
SHA256 532e37212a013cdf7cb330148695968c0b02bad735c0df722365200d0f9fcab4
SHA512 baf2b04d69e8c29d4a9e1daf5fe7bb574838429a55bb3f93a662332a241de848a4474bede13cfe0544812a4ee11dc04ed5eb25c13e3e7d0ce861591fccc8c561

/data/user/0/com.sharetwo.goods/databases/google_app_measurement_local.db-journal

MD5 75ab9fa22b73f92960476a55320e4345
SHA1 0f90593a5a7f9d3fca69fadd9bf061ea18d64d6d
SHA256 8dce28d6e15213813d55143496ab17f0c86e47a262352023b781d956864e3e52
SHA512 072105b3ff2db903fb373a53c58637a54197b8001021d16d49bdfbdea3749a3e5135709afbc4f29acf71a5fa3d19d53c60e28a99449a15691b8c360c974bb045

/data/user/0/com.sharetwo.goods/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NjA5NjU4Mzc3

MD5 c4e68da81e2397f511c4c5ee18ab8fea
SHA1 4177b9aa63a342c3d44fee3d97867faf11181ab9
SHA256 e2e75830c4ce4a9982a0eab05952c29c0cdcf948fc037bc790e1faf6cd633532
SHA512 a8e4c1a5c38c103f43aa171048063d49d5a6072a843f10a9fe49e2f185747bc7bb502334c4ed7736a756d96aa69f846ea4748cfb8ff66b3b46b470dbf90aa5e6

/data/user/0/com.sharetwo.goods/databases/google_app_measurement_local.db-journal

MD5 6661a2213cea05956ec72a28aa89f186
SHA1 8afde9e7a116a8e5e9a3775db959bda816964c5a
SHA256 b004297d748191bb4f31f3a442d0613f283fd814983822d995789698233bdc2d
SHA512 759118ab8e3c06e2c81696314d04498da0de576ff9ce3f52659603079f632b171145b637ebd6f078c6dbc453da37921da5f2d5cd0824e1e1d34c5db2e8e8af5d

/data/user/0/com.sharetwo.goods/files/jpush_stat_history/active_user/nowrap/2058ceb6-0f0c-404e-921b-ecf56f5fdcf2

MD5 96af96a1986e86e337ddb98ce128ef13
SHA1 e5fa11b73e0790aea7ebce3ec10d1c92cd04ec57
SHA256 cac60cd5f8d6f7ffca2d064a958f2b0261ea91ca55bca23c42a9235f132da524
SHA512 01f8ef8e7384ad5a493ba377d09d42005881bd1c96424c9c1bf4b368cb5111ba2a10425221bae0df5e7a8e076d2ff64fe286c80f7d3e857ff18f25c22c39c089

/storage/emulated/0/shareSquare/users/-1/798628847

MD5 eaa055655b2c79f33bc94dd1f3dfab8a
SHA1 670ef74ca867916e47cd7053bffb5206fa763c2e
SHA256 57f853fa55ce6e61f51b010b5be4ceac71f66e442422493281809688b514ef7c
SHA512 e8423b7a8dccbab23bf9264d4683bbc44abadd0f926406486fb8d2821cd645a7591e5aa31f662ea1e75dd86a3456545f20de7940331e012d28666003aa82ba65

/data/user/0/com.sharetwo.goods/databases/google_app_measurement_local.db-journal

MD5 537a16903df773e21be1edb6447ea770
SHA1 5aea85e7422e9c909ef5a7a3d2fddab058666253
SHA256 9550b64c958ce38e37107671f47303eae3a60544bb4cc9391ab1e377202d8e82
SHA512 a26dab3ac4208c5ca43d54ba532fb8ef5fff3202fa78da0830abd7c788bf5645eb4715c2416b5ba9556b027914a48a71f182226a5355b5ff5d29ef59dce71fc9

/data/user/0/com.sharetwo.goods/databases/tracker.db-journal

MD5 edc367c91b4a5fbb0bad90c6c836b61a
SHA1 0843f82b00537908ac4a1ee063cf65c2d8bd1f56
SHA256 5dc56e080cb5adaf596bad6aa9c592ef5a660b1311a2e1d9f991c1d626051c73
SHA512 23693972e9c4579f193428419e4dc7e2e0fdf0a448a679818d99062449d79c4d793d3104411d4be87388bf2d82a3a23b4a4a600ad178dc58d52ff07ff0964e47

/data/user/0/com.sharetwo.goods/files/jpush_stat_cache.json

MD5 cf4a8565deef3842a58bf42a0a47cc5a
SHA1 d14f73c017f472718ab92e1e4ba63247504bd420
SHA256 d4f53e03d34eef501ef978ce3812225db774b22d040313b8dad57011c85190a6
SHA512 c3a576656c9b2b527e6c8af1c6a7d2ec4da82c71067b4d8b9b20790d8544823b7a6a317f7892b78ed443b6b3731c8a714f755e58033b668aca34644e2e8d6070

/data/user/0/com.sharetwo.goods/databases/tracker.db

MD5 af8cf2db0e2566aac0ccc7dada78ad17
SHA1 a2124d9de9eea1639b94509a5592e35228f9bc11
SHA256 17232d9c67d45aa9282d30527664dfd9dd315c4a9b4fcfe2e7f505ed2e9be269
SHA512 ffdccf6a4b1e423feaef8e3a5bf5591a1792ec5befc32729476409431103be10b2a45dfa5cb097ec3a7fec98761d193e40fcfcb6b682f450b8d59d89aa2a60af

/data/user/0/com.sharetwo.goods/databases/tracker.db-journal

MD5 5282897faf856b2c6c67d1b4b793206b
SHA1 fdaaede164d5c46f6b891b5fe4cbe23872ce6081
SHA256 295ca98559e5b22156a6102dd5d683df0e49661dc69a1ef74056c5de36dd9402
SHA512 b29dfe9e0c2ad3530c7056e779f308f2a45916d48192c43690d155e26a8a7c7b12ac16c39cc736327b5259dd91d579d36ab9097503bc7d82cb4f4af2a1019f85

/data/user/0/com.sharetwo.goods/databases/tracker.db

MD5 fe268b65e8683fae44f44dbca0b98970
SHA1 d58e5a020469eeab8e3a0c3d3bca2616bf2f15f2
SHA256 cfb1e221f69864b33ca154e5f84a27ff31328838e738812580bfab557a4dcca4
SHA512 1176bdf671a089fab2b5c86e844756900b51a831d66be6bf098c4cb87be0caba8934b877d17373dfb6fa5b6411e74003d27f7e7cf4fac176a9f75c1ca30c61e5

/data/user/0/com.sharetwo.goods/databases/google_app_measurement_local.db-journal

MD5 2787281f5087a710b1a2221ad0ba7ef7
SHA1 e3ed61050a1c7fadde1c0fff815e90594488a428
SHA256 924ff427c7603f427980f021743f849690bf3aa25eac4edc0ed0125559c992d7
SHA512 174dadbbc0e7daacee270dbd44854090569e2a2c83d5526fb0ac39219e3b3948924e608971f47a5b1ca2708cbb1a0af709beb5d66d234e132d67129d5cdc6564

/data/user/0/com.sharetwo.goods/databases/google_app_measurement_local.db-journal

MD5 f2a23395b6cca1b76f15d56f8e61df97
SHA1 11009f23bf7b8afa299f9d9d48388b9de3992bd2
SHA256 92e014c17fdb3c79aaee2a2320c562c20da98bb97ae8cc9ac2933195a0578a4d
SHA512 8310415cabe6224195ce3793742c2662a71a3b460f47186520e19f3db2e604db2961db0f000aebfd9875657504dc13763ef05cf51139517fcc8887b07e87905f

/data/user/0/com.sharetwo.goods/databases/google_app_measurement_local.db

MD5 d58a21dd780cee548cbdef81d20d793b
SHA1 fb37e340ad370858604de5cafb0d7885aa9d691f
SHA256 9ddd6448554e05f109bcab74eb63c20ebd9612a1b88f701563419c914cee2298
SHA512 8fcdbca20211f084c65214eea093bd8e5ffa24577193c030468f27064df1b035312fb79b36e344b3592ff845ab3f343b080e5fbec27e46f553fc368ba4091baa

/data/user/0/com.sharetwo.goods/databases/google_app_measurement_local.db

MD5 78b8af0b601c7e6e449de2a06dc9f897
SHA1 df478a66088cbc1eba4e52f542d5b7bba73e6641
SHA256 01b8c445492b8d1d3a2d9cf40767da9c14180d5ca5bf0018462d75cb31984a20
SHA512 ed10b270d716c18903e591715d88142e3112af317d0a588d816fcb1c16c3310c0f7b432809b4894e897e7341a2c7fabf893ac0a7cc9da8e52acb9ede6ce7f02d

/data/user/0/com.sharetwo.goods/databases/google_app_measurement_local.db

MD5 f481668c493326f04c986c1cfab248ff
SHA1 f5c9c802971bb1b900e3319b2a329448ae4722dd
SHA256 8219abc6866a8b5e0718c308a91c6629ca5d534b5daba02ee5eda393b3594ee2
SHA512 7cea8dfd923f4b0d993d859e4e525001e7b3364f3d1d4aed32228c7aa6ed8436066fc6ea3f350dcc2cc0ab4311d89ed0d81e1275d7f36f00d6c0c6456ee2207d

/data/user/0/com.sharetwo.goods/databases/google_app_measurement_local.db

MD5 1573de7c24a2e5aca7e808df02c30952
SHA1 0b9b005759d92661f3ff94c95af297f6d364336c
SHA256 92d58bd5a9000a0db81bc64ce1bf722c78b00e357c2aa594cdf477cb6f144807
SHA512 fef1ba2568a94879c74daa235946439cabf4af1a3498b131c99a8ecd788d648416b5cb256e51c0c645a9cc3244cec9dea9c56d55dab92fd6d353648207c43ac7

/data/user/0/com.sharetwo.goods/databases/google_app_measurement_local.db

MD5 7fb90a008d32543a6f767d94b1dbfba7
SHA1 2e8bdb1cd1b3c0e54c428d84c37cb2584747e16a
SHA256 7053f8ae7ad3e699d23a84c5dfe5366e9acfd4652a497fed0789201a3272a4bd
SHA512 77841ff5085b88c6a67202c713af5398197a5482e6ec48bbd48e69455ec192246071e4f4f12c00e72286d78f279dd3c2829ceb8e6e9ced9409a9fc8df38f1c41