Malware Analysis Report

2024-09-09 16:25

Sample ID 240611-jclkrszclq
Target 9d6ee18795c552b6112d9564c32c73fc_JaffaCakes118
SHA256 7a1a20240807361fa0daf1f6cceda0b335ae2ebd87edd2a2534f7429a8844e03
Tags
collection discovery evasion impact persistence credential_access
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7a1a20240807361fa0daf1f6cceda0b335ae2ebd87edd2a2534f7429a8844e03

Threat Level: Shows suspicious behavior

The file 9d6ee18795c552b6112d9564c32c73fc_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery evasion impact persistence credential_access

Obtains sensitive information copied to the device clipboard

Requests cell location

Queries information about the current nearby Wi-Fi networks

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Makes use of the framework's foreground persistence service

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 07:31

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 07:31

Reported

2024-06-11 07:34

Platform

android-x86-arm-20240603-en

Max time kernel

4s

Max time network

159s

Command Line

com.alipay.android.app

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Processes

com.alipay.android.app

Network

Country Destination Domain Proto
GB 142.250.180.10:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
GB 216.58.213.2:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-11 07:31

Reported

2024-06-11 07:34

Platform

android-x86-arm-20240603-en

Max time kernel

3s

Max time network

132s

Command Line

com.alipay.android.app

Signatures

N/A

Processes

com.alipay.android.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-11 07:31

Reported

2024-06-11 07:34

Platform

android-x64-20240603-en

Max time kernel

3s

Max time network

188s

Command Line

com.alipay.android.app

Signatures

N/A

Processes

com.alipay.android.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 172.217.169.14:443 tcp
GB 142.250.200.34:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 172.217.169.46:443 tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-11 07:31

Reported

2024-06-11 07:34

Platform

android-x64-arm64-20240603-en

Max time kernel

3s

Max time network

132s

Command Line

com.alipay.android.app

Signatures

N/A

Processes

com.alipay.android.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 07:31

Reported

2024-06-11 07:34

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

187s

Command Line

com.jh.APP469148.news

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.jh.APP469148.news

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 app.iuoooo.com udp
CN 39.106.150.146:80 app.iuoooo.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp

Files

/data/data/com.jh.APP469148.news/databases/public_contact.db-journal

MD5 ba4c3d6551be385c9a01b0efde7edc53
SHA1 1b5ad9d4532bf9354a7db208c0dc5da5355e6ded
SHA256 d82ccf972e7398c1b4af565e99d67b130ac9595d25cb00655202be8bf43424d7
SHA512 c2d709212e5a352bf1b10fbb83556e2910323b48111adc7cd38609323a19212c8f0b459134120ad3fa14bfbfe618b9fe91081ca9231ea2e8e016521cb45c1830

/data/data/com.jh.APP469148.news/databases/public_contact.db

MD5 7f6220c44f8ae0c32ef89deb118079c2
SHA1 5c2281fceb665e36a69c5647f6bec9465b8dbc7a
SHA256 3a1bd334ea0f0ef93629180f3a17fbae1a8b3fcffefdfb68b3ff1685258ec03e
SHA512 c6e8838399c752c6c61514b625135c8ee7e45af9ecdf5997c9c3319cd7d65a961442a4e93fcbfd8d16447c7ea8dbb074b66749e6df90058b16f0a060add1977e

/data/data/com.jh.APP469148.news/databases/public_contact.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jh.APP469148.news/databases/public_contact.db-wal

MD5 96968647a06407bf7839ab16c654d1d6
SHA1 15f328814749560f8c85a7037b5912f5c42571f2
SHA256 ab5bc59b5df27ed26b822a41bb9e611294caf448dffbe095ac483936a5457001
SHA512 9bcb41ba40bce4fe77b9322bbe3f1f1af545693c07eb0e55c47cbeb6bacd924811365a670210f4e64e38d676516106d2679b3284f1722eb1aaa7844d68a73090

/data/data/com.jh.APP469148.news/databases/revelation.db-journal

MD5 e24c39e4b8da809ffbaca976d67dfa71
SHA1 dfbb9e8bb1a3f6488879c669ca3bc09574314333
SHA256 01553cfe1172faf64c49d84bad44c6ec2da6b0e0a36e8fbc6452fc1a2c4c463f
SHA512 d49c144a4280d033ffa3b538812ba6ff30384a7d7f32cf006ab17fe56ad865e8aac54c5386ad515689384a782b82a1f88e0f098eed70fd269d652f2f4d8a7b52

/data/data/com.jh.APP469148.news/databases/revelation.db

MD5 edea3b196fac4ca1a81f0cba3ed6e13b
SHA1 f010df0b7de7631d5db6a1c88886b63a8fea6212
SHA256 58d5276d563a9154154382b93eab4fc5424e1e875c2dc39e3f3a19aab0869b3c
SHA512 c4f7cdbe2318b39d5d9c673f299c316a6e5e216fbe5323feeb0e0cd5be9bf4203c41bb31ee3f968379933727e2b5627be11d57355ef1196de00e509a07a53df0

/data/data/com.jh.APP469148.news/databases/revelation.db-wal

MD5 d680650cd8f2855a1bfa851274a4e240
SHA1 a79b46258c7af4af4aac9840619511bee8440466
SHA256 17307dd39a3aaacaab20b23f3353d6cf381f0c696419127f14df264a8724a707
SHA512 6278332cbe1a4b42ad1d7e6161ac4b2ab7ef65a679bf14bb5233f842a63c1b79840790235419725e84a566eda6dc907cd2cbec9af02d8e14414f1afa179960f5

/data/data/com.jh.APP469148.news/databases/public_contact.db-wal

MD5 9856e51c618c0af7feccca6560c08a93
SHA1 a297e0a91bf6093cca670b057123add1c5de363a
SHA256 caa38b66a8a755070c066193e231229e16b653309f97ddf5f2e3f1b96648b294
SHA512 6f82f214d36c6b48f9a48c368cad04b8f534bf8674867b3fff85c9624c664a911412142139e435c07f5b44af31932228711804b1bb7a5018b9da0339e326fb31

/data/data/com.jh.APP469148.news/databases/jhcs.db-journal

MD5 b0b0b7afce3f32c78b3c8c243a5c6b99
SHA1 9be911914fbe43b6d3c98fbd2e4eca85a706dd51
SHA256 1677bce1fd642e6185e6ac3309e5c9dfc8e9458fecbe360ec560621a363e5fe5
SHA512 500849043257277b5d8d9b3e47391173bc12524cae70f9046b28d245e222ace5cb40aa4e6014eb0c170f22c0d7b88d7f0e709a27c1c4642e0f58f633e796a91c

/data/data/com.jh.APP469148.news/databases/jhcs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.jh.APP469148.news/databases/jhcs.db-wal

MD5 93d34bb166f8016cb4b5c56f18fdfdad
SHA1 96c2e18759db4e2f9101c4a1eeba01ed66bd117e
SHA256 fd993694b378b16bfd763de36b2eeaeb01f746aedc6b93e27cb61d7b8f947ed1
SHA512 c0b9cc630c13529a90566e5cba37fdf71763b31eee23576bf324571f8ac27ee2401e311c4df45a496ad3f16ab2f1f260eae61ab059c293b7cd2b5588dd052ddc

/data/data/com.jh.APP469148.news/databases/public_contact.db

MD5 310eb17e82879771545a86b68c208bf4
SHA1 79f06f28ef9dff90b384975a967ed73965807e32
SHA256 db6afd079553970ecfb92ff41823a1c3a55e167f08068b92e3ff87e69bcc30ea
SHA512 a2ad9c4a234d31a936aff53a774c506aeed36b59ae287eead34ea2f6d7c2e833f18e98508aa085d69f4109cdfb35f13fdfad4a8cba27bf8f3bb99d55a253ac25

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 07:31

Reported

2024-06-11 07:34

Platform

android-x64-20240603-en

Max time kernel

166s

Max time network

184s

Command Line

com.jh.APP469148.news

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.jh.APP469148.news

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 app.iuoooo.com udp
CN 39.106.150.146:80 app.iuoooo.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 216.58.212.202:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 restapi.amap.com udp
CN 59.82.132.217:80 restapi.amap.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
CN 59.82.132.217:80 restapi.amap.com tcp
GB 142.250.200.2:443 tcp
GB 172.217.169.78:443 tcp
GB 142.250.200.10:443 semanticlocation-pa.googleapis.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 59.82.132.217:80 restapi.amap.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
CN 59.82.132.217:80 restapi.amap.com tcp
GB 142.250.180.10:443 semanticlocation-pa.googleapis.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 59.82.132.217:80 restapi.amap.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 59.82.132.217:80 restapi.amap.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 59.82.132.217:80 restapi.amap.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 59.82.132.217:80 restapi.amap.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
US 1.1.1.1:53 restapi.amap.com udp
CN 106.11.43.113:80 restapi.amap.com tcp
CN 39.106.150.146:80 app.iuoooo.com tcp
CN 106.11.43.113:80 restapi.amap.com tcp

Files

/data/data/com.jh.APP469148.news/databases/public_contact.db-journal

MD5 62f0197e453afdca98e8396ab0816315
SHA1 44fdc675a0ed301b5a66a3064cd9d2bef84af57f
SHA256 4f4c430688a6635d7c21322a5bb5503989d68eb64c90c2a3ed05488831eca765
SHA512 ca57dbf7e21e0e5e02daead9632134ecaca14fcfe5ba3693ccb7f3201fa4c1b38777b597419c42ae58ff1192e9c901d94e770c893721a6cfca9bdf92845634a2

/data/data/com.jh.APP469148.news/databases/public_contact.db

MD5 cf65c4753dccbf37329800ef161e2741
SHA1 80994fd25b2484c049381a0170e6e12d64ce28a5
SHA256 7b2df2c0dfb4db2412cf8bb04400a8aa3b6f2a4ddcd65daa56f154f13bc61a4e
SHA512 2e383be7f1e3c4158ea9ebaf195c05176f8debca809e0fed6b03f78be693281b752c8e452d3cf147ab9d22eb13c8024b86a4edc2a22af2afbfe09a4696396570

/data/data/com.jh.APP469148.news/databases/public_contact.db-journal

MD5 a729ee1d0855919ca1ff992a196252ff
SHA1 1ca232cd3a647db2e51f129ac11cb5144b0fe6f8
SHA256 3032a8133bf96b6d1439196c2a162911daf49fd1490307b519ebf5a4c171bb52
SHA512 7661e69ca09b57001456c1c9ca478e131c3efdd9a7dd31f400b50f9ef1b26540f7985113a889cb0bef302c779bf8566596d41689cc95cbd06c51208058d53686

/data/data/com.jh.APP469148.news/databases/public_contact.db-journal

MD5 fbae7816a70f64dfd2ffb55812850cd9
SHA1 6b2011b8b8e7de8b85e88535a37f377b6cb7243f
SHA256 4a48bb283a43bae0825beb40f9f1897284cc206f6c0a11cd1e7a5257c4fa1077
SHA512 270743e26c8959258c84da0e712eca3e1d48181176bbf114661618dbdfbbf58ab86f53ed1a952678a1aee9796be57f530d230cdb6e438a3bf9f9532d72748c7d

/data/data/com.jh.APP469148.news/databases/revelation.db-journal

MD5 9cd6b7f42a9091913ff18e2cbec8ece6
SHA1 bb264bfadedae41a819e60ce060ed80a839bce4c
SHA256 b4b53dd62f2378fdd7ef691d9337ef3680280d0dc2362e8b25d84a77aa3aefcc
SHA512 0bd70075b9a2e7cdd86e4840ad5452953e0a3c00aaf3efd57663dc96a18d1d4e388323b27d65f262f773fec26a93355732d2224869acb61b375dc7e331068d3c

/data/data/com.jh.APP469148.news/databases/revelation.db

MD5 b77de4046b9ad3019bdde20ee8d6da61
SHA1 78094d39e5d42a4957b7a2f1be6996d47151c88f
SHA256 823e004f81676b7ac5070de59c6c8e6681e67cbdf7bd584d983107937293d25c
SHA512 a6345ff28a86ec3784263e4f94957254fdfb25598f692b17b752c6e42e662cbf1f2b527cb1220e8d3c40b7c5ac16c669e58c48d9540c986b1468159f21cb948c

/data/data/com.jh.APP469148.news/databases/revelation.db-journal

MD5 f6c2d541eeede4e269a5e8b0224e43bd
SHA1 39ea9a4d53cad9c07b58580ef2f1d1ae152ecf73
SHA256 ef25341052f99fc4f956bea3c5a58aab316583af90f4464a4a83731b51318331
SHA512 6fa2dbcc09413e2ec50742bd7b24076500d1b792f52c0b6146fbe34f579c9beb1d24e250b23d4b5973e20857d319f6b8f9c9927b87d36920c6267ad5603f2c1d

/data/data/com.jh.APP469148.news/databases/revelation.db-journal

MD5 764311fec2fd7dc25bf805cb3ea61368
SHA1 6b89789899917935a01064977df010faa2d6c3e1
SHA256 85e7413a025030761df409f9ebf1cc19ddfb2c7a144dc950f3d2f86076cfff75
SHA512 f84c2d3edbbfaa8478ce41d000572d9792b1f4374153f6309a8700ea667b07dcdebb55b907ab588ba03ec92b67765371c9dad96ce595570a2b236365720f15f4

/data/data/com.jh.APP469148.news/databases/jhcs.db-journal

MD5 2cf36687529b0fcd7fe98d7e89387610
SHA1 39af2eb8290daa78004853359b5f167dfacacccc
SHA256 9e764d37f59eaddf0f098e9044aa07628897789fbd9cc4904b8d170778b7a72c
SHA512 1518c24efe836c4a7a53d59ef5c4a134ce6ca5729140e72e1405ebc6a710fcbe609fea02ab68ac6e5df103cb3ef3de71b0a64c37d40adc2000a95a0358e1e319

/data/data/com.jh.APP469148.news/databases/jhcs.db

MD5 7823ea14c193b9cbb2125b1cba501ec4
SHA1 4649d6797e59b9e4d6f667deb97ba749389834c5
SHA256 9f5282aadee8b7fe54a7cd0f58a356ce2246f2b237144d67aa417005ab91ff98
SHA512 4f813f42ceb569464228a9bada7d47b3781ca48dac02d70d4be3d55658a6594ce3b9eefbdd8d68627b58b8244e78fab162211b5cf3f3dcb333371aaf1ef5e43a

/data/data/com.jh.APP469148.news/databases/jhcs.db-journal

MD5 4cb76252b1abc1021533a8a3cbd7ef54
SHA1 482cdfb2d830ac4dd8c6a0307e022ea5d2a9fb9f
SHA256 c4fc4e43425f256aeb08c5731b41ff1f2c0c86e20dbd09669462949f5fd60ff5
SHA512 119b5f99ccf87f06c5eb04434839ccb412693e56c92d309849a087d99b83bda5d4b74597e1595ec82cfa7616eeff73992f5e989146000c41d2750a1b6293f8e9

/data/data/com.jh.APP469148.news/databases/jhcs.db-journal

MD5 ad39bd5385874f05be86988cbe563f39
SHA1 91fcb22ed31dc348d40d61a0f1cc3700bd05e4a9
SHA256 fdefe5673a50e721e520e75f03d2f0a418aa1388d2809161a0d68c03eda073a3
SHA512 930917262ced008baaf5d39520c9d2cb6a03f37496c438869e610a90bd6028ff1ea5e3a7317c0218c8d7f2ff83c9b9fdaad97c4733121f20989b3b2d00605bfa

/data/data/com.jh.APP469148.news/databases/public_contact.db-journal

MD5 5521d9c0407b4b02b57fa49f0ee2685f
SHA1 249dbdcd32f18efc67481308b9fad95d0341eee1
SHA256 6903de132cc0990175262ac2a95e551f52b85853db4a114b1edc60bbe3970cfe
SHA512 d71b71b39c79eb6f94cca4c4155d8b15c91a7c883202f8eeff508229db8d459eb959ad05529ffe475794ada6492d74f1a795265b0be07901f9ace48cdd8eaa63

/data/data/com.jh.APP469148.news/databases/public_contact.db

MD5 4695029126d6b095bb51b51ed2f02223
SHA1 e13370d1976f8b0a6a30d1b8c1d656002369f120
SHA256 4f8fc07ac062fac213ada29d4ce82ffc589b9c4730778775e3c8ae5a78038237
SHA512 dec4d41667026e3ea5f66c24409e9f415979efcfb808c3cae4434aba00baf2df744cd5d63ea7ca83c3f8d0afc0c872bf13a7ab41312d032c4d5581749b2b078c

/data/data/com.jh.APP469148.news/databases/public_contact.db-journal

MD5 c0133898cf8d2bde50ca7d7be0e8b40b
SHA1 311fe2996834e3003f674475e2accbabff00aaac
SHA256 6a26019ed8439e4271201387cee116d576defc8b729e4d9dfbb40f18c054be45
SHA512 87f24601a61225c902d0d17eadeda69c0078dec2b9ac39b93deb7c7cb8abc3dd9e65cdadf77d1315007333859de53e906180ca405a18dea418ca16f371f38771

/data/data/com.jh.APP469148.news/databases/public_contact.db-journal

MD5 c46cc45f1482152046a7b039d273efe2
SHA1 ce08a78abe9d45c33df5dafe1372c295d09af0f2
SHA256 d19d6cec0a30ec26c85fb3733c4c724efcd67be34b993a48eb3b3a97cf1c6690
SHA512 254b3f0d217ce8d7f6899f46bebda2faf987472cf41cc273e13313d8aff2aa55fb9f55f729e49aa83d3d16fa375fa6295fa45b0090335f864bf27cfd14c1d40d

/data/data/com.jh.APP469148.news/databases/jhcs.db-journal

MD5 a5f5aff39212af6b979e72460f69305b
SHA1 53e1360a327a95c7b856d24f11bcd3f463ae2dc9
SHA256 414cc42c2405266b33263d9ac975b00f113c228e1c2fbf8a84941fb77d14409f
SHA512 3a6fd184fad79d7cc5c8b4ee7f5eff33f22db07e1bf44296a40463fffb8b4fca0eb2f715df62bfca1b701e4cdabe7b5751c9008788551385cd59a0b79d6f64f3