Malware Analysis Report

2025-01-19 08:03

Sample ID 240610-t4t2bstbqh
Target 9b546571fbf9527f66b5e91486e46bc5_JaffaCakes118
SHA256 6db9ff227370985db5331fd4f4139f1e174b539795f12dfee9a5a1a13db136ef
Tags
banker discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

6db9ff227370985db5331fd4f4139f1e174b539795f12dfee9a5a1a13db136ef

Threat Level: Likely malicious

The file 9b546571fbf9527f66b5e91486e46bc5_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion execution impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 16:37

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 16:37

Reported

2024-06-10 16:40

Platform

android-x86-arm-20240603-en

Max time kernel

175s

Max time network

180s

Command Line

com.vkankr.vlog

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.vkankr.vlog

com.vkankr.vlog:pushcore

cat /sys/class/net/wlan0/address

getprop ro.build.version.emui

getprop ro.build.version.emui

getprop ro.build.version.emui

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 sf3-ttcdn-tos.pstatp.com udp
US 1.1.1.1:53 is.snssdk.com udp
SG 103.136.221.67:443 is.snssdk.com tcp
US 163.181.154.233:443 sf3-ttcdn-tos.pstatp.com tcp
US 163.181.154.233:443 sf3-ttcdn-tos.pstatp.com tcp
SG 103.136.221.67:443 is.snssdk.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 124.71.159.41:19000 s.jpush.cn udp
US 1.1.1.1:53 sf3-fe-tos.pglstatp-toutiao.com udp
US 163.181.154.236:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.236:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.236:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.236:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 1.1.1.1:53 vlog.vkankr.com udp
US 1.1.1.1:53 api.exc.mob.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 124.70.128.38:19000 sis.jpush.io udp
CN 139.196.92.56:80 vlog.vkankr.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
GB 142.250.200.46:443 tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 139.196.92.56:80 vlog.vkankr.com tcp
CN 139.196.92.56:80 vlog.vkankr.com tcp
CN 139.196.92.56:80 vlog.vkankr.com tcp
US 1.1.1.1:53 sf3-fe-tos.pglstatp-toutiao.com udp
US 163.181.154.237:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 123.196.118.23:19000 udp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 163.181.154.237:443 sf3-fe-tos.pglstatp-toutiao.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 103.229.215.60:19000 udp
CN 139.196.92.56:80 vlog.vkankr.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.137.47:7007 im64.jpush.cn tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 1.94.137.47:7008 im64.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 1.94.137.47:7005 im64.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 1.94.137.47:7009 im64.jpush.cn tcp
CN 1.94.137.47:7006 im64.jpush.cn tcp
CN 1.94.137.47:7004 im64.jpush.cn tcp
CN 124.71.159.41:19000 easytomessage.com udp
CN 124.70.128.38:19000 easytomessage.com udp
US 1.1.1.1:53 f.gm.mob.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
CN 1.94.137.47:7007 im64.jpush.cn tcp
CN 1.94.137.47:7009 im64.jpush.cn tcp
CN 1.94.137.47:7006 im64.jpush.cn tcp
CN 1.94.137.47:7008 im64.jpush.cn tcp
CN 1.94.137.47:7004 im64.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 1.94.137.47:7005 im64.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 1.94.9.210:19000 s.jpush.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 110.41.162.127:19000 sis.jpush.io udp
CN 123.60.89.60:19000 sis.jpush.io udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp

Files

/storage/emulated/0/Mob/comm/.di

MD5 70a42cba408700f9a6c01c7941a8829e
SHA1 eab01cc2c0671538795fb0b1146017dc099d0984
SHA256 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA512 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

/storage/emulated/0/Android/data/.mn_410185822

MD5 be017d91b535371ea25898f66f18cc29
SHA1 3d903a2b4bf46df4510db8ea886d4ae40cfaeb5f
SHA256 097cd3d5f5d4eca1ca8c84c793b7365cc6091c64ec208b67bfb1a23b4db4dde2
SHA512 4d98220cd78f0918132d2d2c88c0e4599761f97e468af3824c8eb07b1d4aeec0e45229b73fd52f07e206c08997ca855c28d36fc3531b34ebb38fb7ee71968b8e

/storage/emulated/0/Mob/.mcw

MD5 9e3f48d8ef3a02f3dd75c276ddf9a7af
SHA1 b58c923d5539d8c18376db908f9d7878f18c43b0
SHA256 a4ff059c2c08f8d2883e9255df4bffa74dab7838837e40d9e49f87eec2dd0caa
SHA512 6d3baa16189056d635fd07871d4b25f78902d74b5a6dbc3171937facadc9671aa4e7c965f191e83637231e4434271c44e209059d1aa6bf533abafc293d399842

/storage/emulated/0/Android/data/.mn_410185822

MD5 de76e75818c0411f363c9a7fc864e1ef
SHA1 0f46d043125ba515aa370d0e2308f1ad2d17e8e2
SHA256 e9b5ad62ff6629728b0970edc12a7000a30ca17f09c81283a11280259c28c228
SHA512 04c049e866011b577238de705b07af18bde5c224fc358ea4cf63f19081db67e22a4541fda6f8e626c199779db79ffc091f2a8412b4a24beced44e8d8e36af592

/storage/emulated/0/.mn_410185822

MD5 fa616de48af4714c5eb3a6034992d90f
SHA1 ee2dfd727fb9798340230b8fda2a271636964207
SHA256 9e096394b65bccae1e833bf6e8bfb76f79ebd0a54f0710408e35c6628e7ad5c8
SHA512 61ef06b36da9281bdd3952d1c2eed5802845356c9777d152878c8aeebdd362c405a064b0a88244f123897f36a1740d6b63eab60fdbd90e966f8ead7dfac2765c

/data/data/com.vkankr.vlog/databases/ttopensdk.db-journal

MD5 06f4c226598fa54df40837e72614da8a
SHA1 0b2fb1358cebf4bab945c7014e164881c89ac823
SHA256 8a3f18f33670908004b9f101c1c58403352cda35ee434a07385a35265f016701
SHA512 073b51aa439913f768762b341a895cfb37d5bcb40a2771d4ed248808b54390137fd4bc0773c9a29f74ef9f1027963c63c124b8f4ef243b06319ff96c134a2f40

/data/data/com.vkankr.vlog/databases/ttopensdk.db

MD5 0bdab971bcede3aa232104b0d55dd4d5
SHA1 18023c04cd6d5b4398ca6c4b19c8f7de47fbc9dd
SHA256 d490d53ee491405df5ec39f241c9c49e4e2de4041b8e6dbc98968c4888d6304d
SHA512 b11f3c6bfb0097899230be40700232c75389ebadd604eb5b514ebfca440bbbac1239dd93adaeb8fa4e68d2d2bec392959b5693650f882a817e34b6f07f76d54e

/data/data/com.vkankr.vlog/databases/ttopensdk.db-shm

MD5 d77d96075380068ff2ffcea42b57acb8
SHA1 8b469e9b1d49c31cac24e117c2e6d3e03310e597
SHA256 e82afb3f1537f6854427b6ea86a6006a4653a1e52670e23b8cbb0c3d5ba75ba6
SHA512 c0c8bda0c85e2caa592b1da76016b55d806d0f9751079f05c5574dd9679f06c6c290bef85a19d38c956d22e736d61f3db31049fb543bbddde13d54b6f9f99ade

/data/data/com.vkankr.vlog/databases/ttopensdk.db-wal

MD5 485558a7fd4f8518586ba3bdb04f00c6
SHA1 9007069da5d6e74dd454cb94ec9ebc4547e338f4
SHA256 0a6f174062bcad6b663f7f4c162c6fceffb48513572b30651f4f79898e17e168
SHA512 422c7f6eb932c68a009138612794716cf399620a51438fb71b2c185153f284298205ccce6fcd3fcd89a1043d3df5606792c556b3fb9927c066ef8ca8d7893267

/data/data/com.vkankr.vlog/databases/downloader.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.vkankr.vlog/databases/downloader.db-wal

MD5 3cb18addbd563508da9d8b24af3e9bad
SHA1 9b6ce986414cf209e720bf0f7515688df1101062
SHA256 9614a250c3921ab426426cf2df2a3f5d5741449de032a053e40ff056bba9d8d3
SHA512 afad51a9747680a5160defd977ddd4c75c7a05f851688c56b6acad284cf06077ea99eefbec9770f5c111d8d544af9ab43572ace5ac7310c350f77b22c7cf5379

/storage/emulated/0/data/.push_deviceid

MD5 789454e8f452f56398435e6aea23dd93
SHA1 afee2648f93806844f30669aea812e694aa51527
SHA256 5c12961e88139a6c353a0900bff017867e0aae277f422e551af459e3daccd99b
SHA512 6e92c45654cc7da14e8146ec6222465ee0b2ce2fe4b83f8bb4ea6ea0f5768fa1b41d193f052548acc2a29ead5ad14827bac3231aa3c448fb96d5c7f34c888c94

/storage/emulated/0/data/.push_deviceid

MD5 9f11cf4ed68ac40749adec9e850ae781
SHA1 e3bb00fcfa3e6db22527fa11351328ffcc3b1ea0
SHA256 0360b0c7e8d7264fd7386d400d2b9c7eafda10df26286df39dd10e0faec2d6a1
SHA512 a80378af5cb009b0078de1db9634d908265114b39a3d398d182f768b2e94ac989794cd9c1fee0dd2ef37fa71a774a7b59661e15aae1b75b380027413952cfe2f

/data/data/com.vkankr.vlog/files/jpush_stat_history/active_user/nowrap/f1b6ab7f-e773-43e2-8610-a9cf05476cfe

MD5 b58ccf8008b50d6203f345f29a61ee04
SHA1 1e66ff5e626431d98390de2574ef63a5c96da2a5
SHA256 c10528905d5a13627c3344d59207edb7f3d13b7f9e2cb3a59140a93f4a02ffa2
SHA512 33fc5636474304dfc744972caee560e88e42eab40758f8b302e41bb7df57f67a920a37f6401fd613907fb087e05a2f7724a722868ceb5954df42719b006c04e6

/storage/emulated/0/Android/data/com.vkankr.vlog/cache/tt_tmpl_pkg/template/a6a5b5b6c7a6425d8847671531c736f9.tmp

MD5 3610043095edfae0fde800376f4f63b0
SHA1 c58f32ab313bc9c8b0a2a9d2ee7f445972973c8c
SHA256 b37b20aef8aedef7f952401b48d8d2da271ab65c8acbc1c6a296b244875ed088
SHA512 d9440d22eb1886705a8936d16585a9c0f439a04303a432818b61ec608aec9fb21785f2098fff0607c23a2f6ae1727c4103b350d82591d0c5bf470ac5d17555b7

/storage/emulated/0/Android/data/com.vkankr.vlog/cache/tt_tmpl_pkg/template/temp_pkg_info.json.tmp

MD5 9542959bdbd3cd5202961a7cc671dc51
SHA1 4b12439954048f49befaf56e4eed9010f9b4e0ab
SHA256 f1349c936f710bded92f7b5bcfca5d6e56a99723fa9b10770d429a41fb961440
SHA512 e161613d04109ad580bae3c9247fe7a9f09100ea4f5054dd8c54cc591afb47d9c7a6117a50419014db65c25e5f0d4f12de0f2283b824664af13d760a21514080

/data/data/com.vkankr.vlog/files/jpush_stat_cache.json

MD5 d96fd7aeac359efb3c0339cdd02bdc4b
SHA1 2f6c1e9096b656a20bdd6a065b472af20eda3cd4
SHA256 bc5fa11f47df554d5f7ae003b35a4a41ce10c3bef574d443eaf9864062e40101
SHA512 29e9513d245c9f9f38ee5edc3c41236f479754618dbd932a155a074f68cb9553b269bd46eba355d47df1c1d3fb618e5a6b5a18888b977e2f7e2233ae63803e16

/storage/emulated/0/Android/data/com.vkankr.vlog/cache/tt_tmpl_pkg/template/b3c7b290efa296bd34365e2948d7b934.tmp

MD5 3635d1f849075ef333f78d609509cfc7
SHA1 f37e20477927df34fbd2f353d520f1abae5d81f2
SHA256 f1480555d3bd1cfc47f13714fc39eb74d98ed5632ffa040f63d39dfeecc85f93
SHA512 f23f37239b8ce3b56ac42713aff571b53829eaa1ea0d6b2c060f2aaa2b77edadc34ce655b439d4e4ee71eccdea341484eb13a060aa910c6be7ace64e7597ff8b

/data/data/com.vkankr.vlog/files/Mob/mob_commons_1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.vkankr.vlog/files/Mob/mob_commons_1

MD5 9ea61ef5483cded966428728d1520d60
SHA1 4b35a9252f1528c2c8f7be188dd82418ae80ebc2
SHA256 b824b5a5293a588008a86ee0e20c95a3adc8390e2de31350f527ee77cc0044ba
SHA512 e7802672e66f90dfc713d1c6a915df14daf722bbf31d08143bcb6310e0f89144aec433dc2404badb277642b96a2429a7c848d705558c178a13aed64a5ddab7b1

/storage/emulated/0/Android/data/.mn_410185822

MD5 f9992727e09cbf287058c9266b2b02b5
SHA1 796ae34e466a8eac138bddedbe69cfdd0d4a75bd
SHA256 bc90816fb8d123d4ad1d5daaf04ee2198d3ad5366b83905280aee038fea9d690
SHA512 aef1b59df8e56c220a0ad3c6c79e60f6649071642a36ec5c10036974eefedfbc42d2e3883e2d053f6c1ac6d7600df8e9ef43bf72b310df96ea88ae873a7b25e0

/storage/emulated/0/Mob/comm/dbs/.duid

MD5 6ea1e144eba76d0978ea6e771dce9e8e
SHA1 46a9bb90145f9213c0483b4b6b11c7b26adb0613
SHA256 9a255709538874f4c9ca3ba8385b6716abe7c66baf6f77dc0ae1124b4f89df6d
SHA512 388e2a1e9e4badcc40d890e5925ee0c94fd4b570341c8446b2f449d53adbeef9a426304716cc0dc9ce9c20f545e38fcb8993dff0a286f8a3025f3557415dd357

/data/data/com.vkankr.vlog/files/Mob/mob_commons_1

MD5 d1ec84d33ad02bacd28164c66c670c60
SHA1 68f52c68ab04f3dc36aaff9e3064b94c7de65e47
SHA256 05420001423c075107535bde1296cb360a51b763c9c4dfcc5e85738e4db35b92
SHA512 4553f04488fa63b83b4dda6027c89740bac24301ed3b06618afe0d0998f9d1212da9e958d2665f8a9533aa43cd38063663fdf4de5788d73ca052cccbca7f6404

/storage/emulated/0/Android/data/com.vkankr.vlog/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.vkankr.vlog/files/jpush_stat_cache.json

MD5 038d2df7e6e2b3ea4893729b8e2b4eb1
SHA1 73f17aeb8bb8d03834488de1597946a7dd2701fa
SHA256 37f82ef2222d14159cef5bd52cd3ec1a322dde242fecd787380deb47f6dc8363
SHA512 6ab3dc36603e5253d48eda6d7d1d1e807399a1509712713580999eb846b819ba1917b52818db3f1b04706b82671fc83fc487c0b09d6dd87e43fd56ae7e063ce3

/data/data/com.vkankr.vlog/databases/ThrowalbeLog.db-journal

MD5 285d1e7fb98924a2ee25e866c2de35ff
SHA1 77f76e4b2ea7366b829ea7c8f0972f22bf7ca97d
SHA256 dbdba16210ca0bcd8b53f71de97fc360c6c5de922dfd6c3b01c8eb6851c7c5eb
SHA512 1a85613b9368e3018391d70a7c5971a06093028ca12fd69c08c02e37c8ab0c5a4cb574156bf8d02951de93298fa99b709703e3558e85d96c97775aebecf56bb4

/data/data/com.vkankr.vlog/databases/ThrowalbeLog.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.vkankr.vlog/databases/ThrowalbeLog.db-wal

MD5 dbe48f60d36d8dbb5e7fff7e79e078ca
SHA1 eb94c25e9eed4b42bc9e96ffde00a74464dd2ecd
SHA256 428bc0c5631519260ebf67612e069157e2d86805535099fb9a0fdb8d01bf2f12
SHA512 e458944f1130beaebf49f7e6d4a3aa7b67f4782e3910e1131e11cfdf97d4c782879f2b3e5c39477af396a12214727a40fa2dc1323547976c4e5b8c47f565c35d

/data/data/com.vkankr.vlog/files/jpush_stat_cache.json

MD5 cadc30aea7d975d415edde8f1766e86c
SHA1 0977a71cde3c4d14767ddd7f35d66f6c9645bf27
SHA256 f7960adc1e32d65f919964bca2b8b512c2738d0c7ce06892209f4eced8d80454
SHA512 39d0b0eda32b452d83d14de6d32c70a13ef58b8f959be5cfef2033b5ad0d04c798938b6cd80e8bca4a8ae9f1079245ad0707b8b1a43aa8885c407c68dffde0e3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 16:37

Reported

2024-06-10 16:40

Platform

android-x64-arm64-20240603-en

Max time kernel

174s

Max time network

180s

Command Line

com.vkankr.vlog

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/bin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.vkankr.vlog

com.vkankr.vlog:pushcore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 is.snssdk.com udp
US 1.1.1.1:53 sf3-ttcdn-tos.pstatp.com udp
US 163.181.154.236:443 sf3-ttcdn-tos.pstatp.com tcp
US 163.181.154.236:443 sf3-ttcdn-tos.pstatp.com tcp
US 163.181.154.233:443 sf3-ttcdn-tos.pstatp.com tcp
US 163.181.154.233:443 sf3-ttcdn-tos.pstatp.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 116.205.165.66:19000 s.jpush.cn udp
US 1.1.1.1:53 sf3-fe-tos.pglstatp-toutiao.com udp
US 163.181.154.233:443 sf3-fe-tos.pglstatp-toutiao.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 163.181.154.233:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 1.1.1.1:53 vlog.vkankr.com udp
CN 139.196.92.56:80 vlog.vkankr.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 123.60.89.60:19000 sis.jpush.io udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 139.196.92.56:80 vlog.vkankr.com tcp
CN 139.196.92.56:80 vlog.vkankr.com tcp
CN 139.196.92.56:80 vlog.vkankr.com tcp
US 1.1.1.1:53 sf3-fe-tos.pglstatp-toutiao.com udp
US 163.181.154.231:443 sf3-fe-tos.pglstatp-toutiao.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.92.210:19000 easytomessage.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 163.181.154.231:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 123.196.118.23:19000 udp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 139.196.92.56:80 vlog.vkankr.com tcp
CN 103.229.215.60:19000 udp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 117.121.49.100:19000 udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.135.156:7002 im64.jpush.cn tcp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 139.9.135.156:7008 im64.jpush.cn tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.135.156:7006 im64.jpush.cn tcp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 139.9.135.156:7005 im64.jpush.cn tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 139.9.135.156:7009 im64.jpush.cn tcp
CN 139.9.135.156:7007 im64.jpush.cn tcp
CN 116.205.165.66:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 f.gm.mob.com udp
CN 123.60.92.210:19000 easytomessage.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7006 im64.jpush.cn tcp
CN 139.9.135.156:7005 im64.jpush.cn tcp
CN 139.9.135.156:7008 im64.jpush.cn tcp
CN 139.9.135.156:7007 im64.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.135.156:7009 im64.jpush.cn tcp
CN 116.205.165.66:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.92.210:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp

Files

/data/user/0/com.vkankr.vlog/databases/ttopensdk.db-journal

MD5 422c6df2f67376c08b4207e8d5d210fa
SHA1 2518230cccbbe83cc3400bc10026d82a72ff6983
SHA256 213b3208bf351fe7795afce7559e743df6666a3f045904c332d0dfdef4bf885a
SHA512 456844d7ff69ac7a11e78da574210f423ad8677e064e41cd3aae8040760ed51a4f8166db468bbca0c9c4156bf3357a58584145eabad28c5d9cbfe8bb82cd092a

/data/user/0/com.vkankr.vlog/databases/ttopensdk.db

MD5 490142d25d42fe279cc11875307232ee
SHA1 f6678ed6bfe4c4867d1e8573b514b89ece5bfc97
SHA256 39f849b864c1625f2fbfa4edaac8a9fa25975dbb4518820e8d4db494e2a9cbd7
SHA512 9ac0f5cdcd2064025b009411bfe4fb48754f4cabedb71aad1adc1faec0ea4f70e7f653dfc6f03d544277ac7c911fbe340eae157efe8adc315b58d0c39f2c1b97

/data/user/0/com.vkankr.vlog/databases/ttopensdk.db-journal

MD5 39a44e3d9cae4a1e3241366f100a5258
SHA1 bb8b3ea52ed6009fe40a22980ba21f69acc15c88
SHA256 fc31f4c84f113ebee963f92c2ebe5405a4b1c8b620f5e054753234c87a7b5130
SHA512 df0dc23ce228fe44716b377e80ed09585080b32ae1fda29102fb4c19f869c6d5bf9eea9d18a82340a6d89d36098628343a8af643ae5997b067a91f807606748f

/data/user/0/com.vkankr.vlog/databases/ttopensdk.db-journal

MD5 7693a95eec1b897e41e292a4f99e42ce
SHA1 7259163eb0c4e9e9696650f8835a3c33d01ed0ca
SHA256 cd81f558e0064b5d128d2022067b2c77fae8e0028bbe7f37ba5906252a8ffb03
SHA512 449b164b7026ccdbffc5368e782d93f0949bbd0c3d53d928e68bc76849da0549a6985a1e423a70059dfd47847fe83375120d103a291e21a6957f9437e2abb629

/data/user/0/com.vkankr.vlog/databases/downloader.db-journal

MD5 0883d6a4d39bb3b67a55accd2a15f310
SHA1 7746b9bca0ef49ab013af746a3fcf6bfc7ea2b08
SHA256 d03fb28f249f3e4aad1a4b76b4d1bb78f6bb3d610dcc6a85803ff5f0b75d3fbc
SHA512 1bbdb805bc2b07a6df14f157d651e929780856987117d9db209c4f441e5d5460f3f882c817adfb2efc2f1112009e3761b911b27285171f1a4539c12690b459df

/data/user/0/com.vkankr.vlog/databases/downloader.db

MD5 40b7d099fc8c4320b1bb8dbc6e03151f
SHA1 bb556886aaa719ae155b8e499f530fe970e6e5c9
SHA256 02fec0e756afa49755e14043766cf3ff533addef9567b0243e06beeab805ec0e
SHA512 dd476b16caee9c451571a95c98fda38496c8a75a4f5e778b4900e122ce34a7b474831c6ca84d1b42e83af4e6cb0b693ef0fcc8fe5c3e4162f7effc6c85f6fe3a

/storage/emulated/0/data/.push_deviceid

MD5 87a1275d161bafa08a8b4d98d4b2e0e1
SHA1 da4243fddd9e899b020c696a048e350b0470b6f8
SHA256 4cd52979487b1bdb796c7f976f21e1b9231ed49e78ee16406928eeb9cf61f0d7
SHA512 8aaa81d60e619c29ef6d39309a2b0c90669f24ea6a8bfb09713864ed87a7faa38538cad7e026413ddd4eb3204f1eeed9645d919ac31546810d852493f052fb25

/data/user/0/com.vkankr.vlog/files/jpush_stat_history/active_user/nowrap/e30dc9b3-8982-44c9-9368-436b6e4f2d4d

MD5 68f1c054186a7aea627ea1e03b5ac9a5
SHA1 3fbc1190203763968df8fe33a8930202a9b918b6
SHA256 028c2982faa41b918eaf8ca82f4a466653167dd5aef42e2c4e6053ccf2a6624d
SHA512 1cb5407fcdcea760ef033f8d1fbcd6305e7b14199bc7efa439bdaed8ed7bf8bc5f98395721ffe5905c064c1bb28f0fec0e264022367f3f680e2897c294df04ac

/storage/emulated/0/Android/data/com.vkankr.vlog/cache/tt_tmpl_pkg/template/b3c7b290efa296bd34365e2948d7b934.tmp (deleted)

MD5 3635d1f849075ef333f78d609509cfc7
SHA1 f37e20477927df34fbd2f353d520f1abae5d81f2
SHA256 f1480555d3bd1cfc47f13714fc39eb74d98ed5632ffa040f63d39dfeecc85f93
SHA512 f23f37239b8ce3b56ac42713aff571b53829eaa1ea0d6b2c060f2aaa2b77edadc34ce655b439d4e4ee71eccdea341484eb13a060aa910c6be7ace64e7597ff8b

/storage/emulated/0/Android/data/com.vkankr.vlog/cache/tt_tmpl_pkg/template/b3c7b290efa296bd34365e2948d7b934.tmp (deleted)

MD5 05f1eda57c22c21c8d0fd4583ec0188f
SHA1 42f54f50b070578b7c4ed99eb2fd095418d82def
SHA256 26ed45721f437bd932cad26903d3aa8529324655e3c2746f56b730d8cea78519
SHA512 f160e50a200ea45e414db5a56f405824e6f49d42152c4d05eda945fa2974fee50e8c22b58edeec3916aa39dfc9daa7a1719906a2d7bf9a7400c6857064e9f2f7

/data/user/0/com.vkankr.vlog/files/jpush_stat_cache.json

MD5 82bea9e66eb7414e2e7bf20bea7def67
SHA1 e5d1e8f61ea61d3b59ca3da592e8bb4d4db89911
SHA256 556f77517e64329e13f1a1e67a2cdfcaec3ac36f8a024f9db1156cd8dd49e7b0
SHA512 52b0ffa5dc3c5db40b931a37f330a2c2ef0bc09652a06fb1ea081fafbf5ed07cd46c7cd4905aa588a177789b0f5834a560e5881e06221828c6519a9c41e591c8

/data/user/0/com.vkankr.vlog/files/Mob/mob_commons_1

MD5 e07a1c3d5f93a0e764c10e31b553f838
SHA1 1df379708b3e8b4299c36074c0c43c2e05f7ab89
SHA256 cd8eaecc857b26c53a2979d589306bf679cd1c502f18b1a31d7ba90b31e1128b
SHA512 0dccc3e49cdc5a3ce1247fcd7bb9b8ed5dd42ad6293e5cb68b64458a60243115924c5cb277a38bb9205769a5e5e1816b0b0367d741537472ef0900a800073670

/data/user/0/com.vkankr.vlog/files/Mob/mob_commons_1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/user/0/com.vkankr.vlog/files/Mob/mob_commons_1

MD5 7ac1cb685b29cb35338183b80dcf4210
SHA1 8ea8bbcb5e282e723c77ea90b3eb61c62b277e98
SHA256 edfc7f1144a28c4053044f7dcdd324e4c5f38e3155a6f37413740eb805984bd7
SHA512 0ab697f8a8b111d4fe3fb1007a0406c7197a44c537536d7b4fec38b827aa492c3390a2152ec706398de46ceac13eacd31343181fb378e2fc5b11088fa1318490

/storage/emulated/0/.mn_-1226295269

MD5 d9ed35602aee595e23c4aaedfd90421b
SHA1 681be473e965c31712f10b2a5a7d585bbd36fc8b
SHA256 ab18dc02cf90469e32aa65549f687e63d5dc35125e5e2efdcbcf29cf38f8c65e
SHA512 4fda7cc46c101e0774d3c70d119391a51ed96b6de0679925f9e26848de85911784745311ce32731f2f15f62f3b2ac50c3a7363ffa203efaec49bb2840f029f3e

/storage/emulated/0/Mob/comm/dbs/.duid

MD5 97c5441c628c430ec5df91b1d71e7b22
SHA1 d0997ccf13471b369f400af271d30fb72373b96e
SHA256 8b6ab9b0db5c40cb92cec7d3b173789fadc50db9b2c9410868a7222ccbb6d1b0
SHA512 86903321aed11da3fe98d048eb42ea899a185e0a928e83103a2832cecaad3ff34220028fc9adf0991386e0736277fda3008af7a7400db243367478680e50c190

/data/user/0/com.vkankr.vlog/files/Mob/comm/dbs/.duid

MD5 db4ffdb394ebaad13fca946b4a7dd7e3
SHA1 3d856f9379f420822cd1343ba5b74a4f8c33ce34
SHA256 6d0eb0d7872dff6d52afb701dc610e17b3ab0c00088f4e05decc938a1229764a
SHA512 11ce35bbffe3a567963e022ded5b433578080e96f4770c99b01dcc97a2f078129d56a117182e2f9467ccd30062637667d73bfba4774dc5dd7be473ead36cb76c

/data/user/0/com.vkankr.vlog/files/Mob/mob_commons_1

MD5 416e7111730274fbfa7e7ac6038ccfb6
SHA1 6ffbf9da0bbc4d8e8252cf35395c9a79b6545963
SHA256 75a87277830b88033eb8ddea96fb08b764d53992afe98cb16eb4aabf1a7bcf2f
SHA512 f92b83c10de453c79445b26e0fdb12e56a2bc0f0aa20968f5294accf13dc35c36d231aef020731697c87c31bc61268aab9d11f1533d99c626e8cf6fe2de98c4b

/storage/emulated/0/Android/data/com.vkankr.vlog/cache/uil-images/journal.tmp (deleted)

MD5 09c751685e4f5951529ac71b27636e28
SHA1 2cf06af69905c18362ce4ad327542cc8f6b6c856
SHA256 11a31cb473f893c7d067b22b229b2918134088f089aa159b625d2713ebc0d301
SHA512 af21e8d9ed9c459b2f8dd3799d8de73ce1cafdf2ff89b9101df9ea1dff8018113eff9a2ca98502e66b02e05cf2450b4d5c306d8f8bb482152235fe4ae99c06d0

/data/user/0/com.vkankr.vlog/files/jpush_stat_cache.json

MD5 c25fd8714511895f90a3253c551dd2c7
SHA1 1a5df67b45a1963a5bc716d7b85a0a46cec427b5
SHA256 74c6b8a83a8e76e384ed1190fe0b843695e414ca27b58f4801d4fefcc3b2fbad
SHA512 1a033b1306373ced26e3d8afaff089540b0b57cf3dafd70d7dbf450d0608a3d527107bca3675fb9c1cfa1d72b706414877a0de5d2a0690c059e24300dd233722

/storage/emulated/0/Android/data/com.vkankr.vlog/cache/tt_tmpl_pkg/template/a6a5b5b6c7a6425d8847671531c736f9.tmp (deleted)

MD5 3610043095edfae0fde800376f4f63b0
SHA1 c58f32ab313bc9c8b0a2a9d2ee7f445972973c8c
SHA256 b37b20aef8aedef7f952401b48d8d2da271ab65c8acbc1c6a296b244875ed088
SHA512 d9440d22eb1886705a8936d16585a9c0f439a04303a432818b61ec608aec9fb21785f2098fff0607c23a2f6ae1727c4103b350d82591d0c5bf470ac5d17555b7

/storage/emulated/0/Android/data/com.vkankr.vlog/cache/tt_tmpl_pkg/template/497c338886e619460537c8c4b99e37ad.tmp (deleted)

MD5 3cb18addbd563508da9d8b24af3e9bad
SHA1 9b6ce986414cf209e720bf0f7515688df1101062
SHA256 9614a250c3921ab426426cf2df2a3f5d5741449de032a053e40ff056bba9d8d3
SHA512 afad51a9747680a5160defd977ddd4c75c7a05f851688c56b6acad284cf06077ea99eefbec9770f5c111d8d544af9ab43572ace5ac7310c350f77b22c7cf5379

/data/user/0/com.vkankr.vlog/databases/ThrowalbeLog.db-journal

MD5 8f0d341bf92d78f08febfa8df08fdf6b
SHA1 52263412217fc9e36d6a50522ca221b1d6d7e896
SHA256 e9ce6a20fb86ae34689e2e0e35994cb66ea742dabf6db57a94a5bd26e97ab492
SHA512 c7da1dc63d05429ca7f2ecbcb214c18206e5285fde5bd446d44e91633a1d59da7b5b65b383bf75226dd9e3ee670f94de7338dc8e85d8488f9e4d2d6c5f6d1f06

/data/user/0/com.vkankr.vlog/databases/ThrowalbeLog.db

MD5 9b2b90b8f948262013e9d0b12927b2d9
SHA1 c6dba76b5beecd5087c91d17237d37becb87a617
SHA256 b4500d9f9f435c34927adedae23343e504dcc2b149164f6130974ee03592b284
SHA512 92617f9d99651cf20b8aec57716b1d6335ef593aab480f61bd9a769ed1ffa516e7d943119314c8d92a1f229b73bfbf744162a0a8dfbf6bf089ad1344f8b5e80b

/data/user/0/com.vkankr.vlog/databases/ThrowalbeLog.db-journal

MD5 b1996d1b3b2293fc51eed8ec21f07ef0
SHA1 c99ae269bad052491800b9ad8c72e106a854beea
SHA256 5c16d0996f441dddb14b01c692b29f81f36d3f1e6b19319d55d03b2d586a8a65
SHA512 1baef840a7e0559154624ba6fd4ec9acb00291c295a37aea48144b930ef968b72bf9e2207b8ea82ae64fa2c3e36991a5ce16163c003a86224056ba51d5ea3da4

/storage/emulated/0/Android/data/com.vkankr.vlog/cache/tt_tmpl_pkg/template/temp_pkg_info.json.tmp (deleted)

MD5 9542959bdbd3cd5202961a7cc671dc51
SHA1 4b12439954048f49befaf56e4eed9010f9b4e0ab
SHA256 f1349c936f710bded92f7b5bcfca5d6e56a99723fa9b10770d429a41fb961440
SHA512 e161613d04109ad580bae3c9247fe7a9f09100ea4f5054dd8c54cc591afb47d9c7a6117a50419014db65c25e5f0d4f12de0f2283b824664af13d760a21514080

/data/user/0/com.vkankr.vlog/databases/ThrowalbeLog.db-journal

MD5 86f9f03d0331893b144604857b3004a9
SHA1 6d45f0345a10bf7105b89811fbc878a8d29d69f6
SHA256 e7afecaebfb203b20e3c9d8ebe62e05d5981987fb0cdbfcccbf5829804346fa4
SHA512 75ce288a57caa90220d1ab9745e7df8da431252a3c956cfc64055f199e68126023e43347ec76096882cad7db46ead51d1e86cb7bb4edfd6f272746ee7469b2cb

/data/user/0/com.vkankr.vlog/files/jpush_stat_cache.json

MD5 c2b52446811c6ebdf02e409016375470
SHA1 eb7a4a458e3de172bb2275ebddf6d32b992b06a2
SHA256 0bd56c195b1c23a210fa079491033f287877952d50df3a90dcca952dc647a686
SHA512 8f830c75b2c9686af2b73cb4bcd6b1e7e77f0bc29618b66a27e800adff8ec660d15bee2894761cbe0820a529ea160713fbba0ba9743ebe1807b5b0ed32e4c64d

/data/user/0/com.vkankr.vlog/files/Mob/mob_commons_1

MD5 57259a5dd4d7bffd2246ba91c2a00257
SHA1 ece21367154b48bd8c04fab6ddb9703cac9d2206
SHA256 72a09286e3ab010fa66df6d5f2544c369bf541923cdc11041fbe81fac89bcdfc
SHA512 da3abb1a8c5b98285e3b70c91c0d64cd8f78b0579b651b366352a0a9633576e5e660b738d1d3b6d9178c05a2eb6b45005f92b0c80203235cf09dc9950dcdb2f7

/data/user/0/com.vkankr.vlog/databases/ThrowalbeLog.db-journal

MD5 f80c2c546206d658ce5e96d3b746493f
SHA1 b89f201379e4659e85305b0f8f316bf223ab7261
SHA256 b98e3b43282c520b9814c0f8d9a6130e37ffc7b0b6717d8a011b405149fa654e
SHA512 fa162fa720a02b21f808bdfda0706ce7c335c4cfc785b8e497d5f908735753c8cca2de7b660457cab0e880ffa3744befa0b2f0e03d89b9696a317cd15741369a

/data/user/0/com.vkankr.vlog/databases/ThrowalbeLog.db-journal

MD5 48f7427f673f10f6fb15e5ab5644c771
SHA1 7a87a9bebab0d64154828bb1532f4c61de53eddf
SHA256 ce422c212a6d583257158f4ae06c12a8e081e6933a32004cde50f41932125e2c
SHA512 902b145901dd67d142dfb1df5ac5c69c1ffc8155cfddc365bea042bede14dfa04c18c26f546effcf68a8246a08e73761e6094be9ffd3b12012d9ea3137fcbaa9

/data/user/0/com.vkankr.vlog/databases/ThrowalbeLog.db-journal

MD5 a6e7c12d79e7c8a66f8b8a824e614e0f
SHA1 80f4eb3a6f013b48bb951aacb7d9a5fbaee124a7
SHA256 c742a02effe67f6e2449093429caac9714dd5a2bea1405e583e9e11db5e4f2f1
SHA512 5976e6b717a14bda0f9d13405a3fc26715c16eb8f1940e8d7be982439227d69d60b14ad747b9845e1c8d2b2416a601c23674eae8456c9ce795fb844fdf6dffef

/data/user/0/com.vkankr.vlog/databases/ThrowalbeLog.db-journal

MD5 0370f94e30b6514ef2b7c3b924c52a4b
SHA1 270885ead150846f13132befd7601d001aaf0646
SHA256 2888114a578360df9a3c159ccabbc87bc18285cfc7a2f31ea167fad1a200963c
SHA512 0d5de89f97485e650b425202e5371f67d498f1a6bc92a5ccb573b6707c22368d816ed4306fe91f1f49ef7b131434bd5628941a2e0b3e0b5b3bb7c0db30b74b62