Malware Analysis Report

2024-09-09 16:27

Sample ID 240611-mkwmgsthln
Target 01bd7edf9a3424a3ecea72a412275808.apk
SHA256 ebf849b931a7da177013dda573cb7e728405966b8d21a4c034c1c8399d4fa8de
Tags
collection credential_access discovery evasion execution persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

ebf849b931a7da177013dda573cb7e728405966b8d21a4c034c1c8399d4fa8de

Threat Level: Shows suspicious behavior

The file 01bd7edf9a3424a3ecea72a412275808.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access discovery evasion execution persistence

Makes use of the framework's Accessibility service

Queries information about running processes on the device

Loads dropped Dex/Jar

Queries the phone number (MSISDN for GSM devices)

Queries information about active data network

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Declares services with permission to bind to the system

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 10:31

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by in-call services to bind with the system. Allows apps to handle aspects of phone calls while they are in progress. android.permission.BIND_INCALL_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows the app to answer an incoming phone call. android.permission.ANSWER_PHONE_CALLS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 10:31

Reported

2024-06-11 10:34

Platform

android-x64-20240603-en

Max time kernel

93s

Max time network

110s

Command Line

com.jcnxu06gkldyhsxkdhbk.security

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.jcnxu06gkldyhsxkdhbk.security

com.jcnxu06gkldyhsxkdhbk.security:remote

com.jcnxu06gkldyhsxkdhbk.security:acc

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 okdabwq.top udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 172.217.169.14:443 tcp
GB 142.250.179.238:443 tcp
GB 142.250.200.34:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp

Files

/data/data/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex

MD5 9de2fff58f372b72213eaaa094df13d1
SHA1 fc1f583fcbec12c81030726e9d26bc9a2ebf187f
SHA256 5b7b6dbb5d8d483d7d57720dbe55c5f8ad3abdbd2b515977cf2b72d21cd3d125
SHA512 f18b18583a9adebbe41da773dc7fbf3407ae5bc37aff51ba4545a4ce75dfe07573c136bad2625be4f94d3d103d3132795298b880ee3d5c4884858a9a87c47547

/data/data/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db-journal

MD5 fb0bf490a1ea4ad19a24f3673a5d332c
SHA1 5cad04778e2eb8541b9b684360df47a7093a0c56
SHA256 5954961153737b571aff4593c207df912a91d3942f86ba12c80e0f31baf43beb
SHA512 b62d1bc93f9996c83008bf316a748b6b3d7923a63d373b08196cf62a81ef03122b9c6312b89c39e3aecbda65369e64edd324d099dd3237218c3c0c89b181ffe0

/data/data/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db

MD5 d47ba3823564b9cd8004be64a8ee9855
SHA1 b512c03df6133877ff8c182e675708cfe7a1a7c5
SHA256 8feae78e05dd32f5bfb41a8bccff295490c1ef04b2d53b0f46043d2426694138
SHA512 3644614fd723caee66469be3f495792c639cee31867f6c7bd31a69ac27d90ecdf9854561b5194ddaa0e83363e557c191e99e42be8594b3157836d3f88089cccf

/data/data/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db-journal

MD5 27680a3470d45c70db19dd1477d16d4d
SHA1 25e7a898cc581dea3e6b1df918e5704439f6e34f
SHA256 37a05228b4af88d1af1ea02b4a6df030f9a88d524ac260ac534f1c31267be8bc
SHA512 efffc25ffa7ef462a41050bb884a44b67116a88c079c06479c66b788ba426055687c567eaf3f6418dca74d0d8474cb5f201e99a7f34ed11823611232517957ca

/data/data/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db-journal

MD5 f3b96d92b25110da9d7e9c8c27d2818f
SHA1 9c266aabed860fa2af6124f695ff6e82522a11ce
SHA256 c206a35c522210b2e200d730ef3eaa8ed00fdb9c0180e4d6d6a66a0ccad31db7
SHA512 5ec90daf4d5a9488372a1515b3af1e65e76e72fb104d06331e3006f1930f57bdc676a835c8f2c5eb05ea598bec041bcba8e34f75ecab5a30e383d23870032a3f

/data/data/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db-journal

MD5 5adf806e34991441010d92651dd4228e
SHA1 59bee7bfe9bc052585d2f23cbb88022855e679a0
SHA256 416cec3e504fd244a96406c62e5dc64ee99e5cfb4a37c1c265b28f32667ad91f
SHA512 da5c10554749f8a544e54e3524d68f5fa394026019ebf14a69ec6fe7c6358d7b73b074de411567afa84e1feb1d362ece33bc5ba7897e42efce111ceb679cb450

/data/data/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db-journal

MD5 cef7498fae4b62f4bc786eed1966ab9a
SHA1 77366ddb55e1e781aff4d86143f86cf0a68e8c03
SHA256 eb95d5895a942cce0f0f2baa04cd1637e90d8844d397bed1c3881a75ff4717dc
SHA512 01630edb203ea5304ee7101169338653a306086a71fb2b1bace66a148c6845d69f9c7ea148ff679f7f616832fe9a2e857b0de42fc92977bc5673f0f802007237

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 10:31

Reported

2024-06-11 10:35

Platform

android-x64-arm64-20240603-en

Max time kernel

91s

Max time network

132s

Command Line

com.jcnxu06gkldyhsxkdhbk.security

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.jcnxu06gkldyhsxkdhbk.security

com.jcnxu06gkldyhsxkdhbk.security:remote

com.jcnxu06gkldyhsxkdhbk.security:acc

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 okdabwq.top udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp

Files

/data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex

MD5 9de2fff58f372b72213eaaa094df13d1
SHA1 fc1f583fcbec12c81030726e9d26bc9a2ebf187f
SHA256 5b7b6dbb5d8d483d7d57720dbe55c5f8ad3abdbd2b515977cf2b72d21cd3d125
SHA512 f18b18583a9adebbe41da773dc7fbf3407ae5bc37aff51ba4545a4ce75dfe07573c136bad2625be4f94d3d103d3132795298b880ee3d5c4884858a9a87c47547

/data/user/0/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db-journal

MD5 3105d5204a5ae872360c28d83fb627f1
SHA1 b550409226a9e481e520affeaa85d79ffbe290a0
SHA256 a8d39730779d887fe23da00000fee39e6a9f8cbbf0532e63d9dee0dc43dc3749
SHA512 560dceec9bca055b7af8d4682ecffb07ea7d6c49e3e063f98fa05abf63f56f93745b242c0906f894e96be6d60d56eecb67743d9516bce652938e749560c89ddb

/data/user/0/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db

MD5 ba5af760aea5e4ab1275c1b7047372e8
SHA1 fe94c7b58ab21e43bb181cc5e72e9eb14c730844
SHA256 9a1e594d71ad99b83c659e8673fcb4d1245b1bd20c4808f0c8fe1b6d3e3ff89d
SHA512 8fb99f6a4318ff3737b467f26af4f25fc068d31922bdd05dc548ee8b3813d96de62b76bd1ed06c6192a73838e1ef95ddccf9db5cf1a7c04b2efa8d52dc669312

/data/user/0/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db-journal

MD5 3ef1e93e511f9b1ad6a80720094a2251
SHA1 d715933a30f732cadd620448a297981474ea36a6
SHA256 cafe93a58f3959769a9b1be48300e95865c9e775e51d264f39f9e399420be5ed
SHA512 568376372ed08a92fa574235151161501be362371200acb60ee9a781930b91027605d446423f4cf400d8aa3ba7e90b69d0f8956c93bd6bc99f02413bdd60ab0b

/data/user/0/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db-journal

MD5 13c9de1e33bd6a0791772d20686be81e
SHA1 1e29579918255ef8e94349be6e072943ad5921d0
SHA256 f531157f4b661cbe0f455f17e6ff18c32ddd8a26930c9d29ba9c4cc572e4191e
SHA512 782e0c700901b736a38b6c6f4a35ee76332cc22f871f7dd73d226f5f14efab2b54bdf18f044ffe605a5cc1e3e5266d607bc352d5f15e7011aae7097297c76b80

/data/user/0/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db-journal

MD5 c78f0562eb7cbc7773c087588ba2e23d
SHA1 266fc7a10654f3b8040f991af9398a518d5e6e47
SHA256 60ab35bb64573e6737d5b597c7fc3cf3c2a8d638be8158f4093321ac02998589
SHA512 1ab38fb4c83357be197fad8962b57d31fe8c87d08554b0e044fe5b7b4a62a34517f9bdd020437514db91c7fd2a71bb18f50b5623c9596b5939144d52daf4dde5

/data/user/0/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db-journal

MD5 39184a5eef2b46e3ea12df8548ec519b
SHA1 62335d9dde77fcceed276fcf9da3dec0461e9b57
SHA256 ff1b2b879050f9313d6b5ad24ec38fb0b37cab8263643465022f78be71a6768b
SHA512 6d401165ffe1de1af8d6a374cb71a59c9d528b68c5e4fc7bbc23f16cfcf3b003e310097ae1848a454014868eadb7876c38797cd6eb2fe915aaed69243590bd9e

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 10:31

Reported

2024-06-11 10:35

Platform

android-x86-arm-20240603-en

Max time kernel

164s

Max time network

131s

Command Line

com.jcnxu06gkldyhsxkdhbk.security

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A
N/A /data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.jcnxu06gkldyhsxkdhbk.security

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/oat/x86/0.odex --compiler-filter=quicken --class-loader-context=&

com.jcnxu06gkldyhsxkdhbk.security:remote

com.jcnxu06gkldyhsxkdhbk.security:acc

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 okdabwq.top udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

/data/data/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex

MD5 9de2fff58f372b72213eaaa094df13d1
SHA1 fc1f583fcbec12c81030726e9d26bc9a2ebf187f
SHA256 5b7b6dbb5d8d483d7d57720dbe55c5f8ad3abdbd2b515977cf2b72d21cd3d125
SHA512 f18b18583a9adebbe41da773dc7fbf3407ae5bc37aff51ba4545a4ce75dfe07573c136bad2625be4f94d3d103d3132795298b880ee3d5c4884858a9a87c47547

/data/user/0/com.jcnxu06gkldyhsxkdhbk.security/app_com.jcnxu06gkldyhsxkdhbk.security.apps.BaseApplication/obfs/0.obfedex

MD5 c0a5c1944a322d106f9a4838ee081469
SHA1 f1217d65cba7481240f482731da53184a11d6ee0
SHA256 b87607dadd0d203d9bd049fdf73c6404812e6ae2981a02afef258a3a5bfd98e7
SHA512 cb66822b53e6d2ab886fb8fc0094ccee0319574deb9f198fe2be8af2fdeab30a6e49e6698ca21bf1335d436db2d8b300df328fc0322f1f87a30f3229053214d0

/data/data/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db-journal

MD5 1922693df01014a52465d242ccd3de97
SHA1 e2c31e30e852df53a2522759d8280bd98559d2e0
SHA256 4c8fc86a92c24f764d1a0203656159f085267349b686564e681fec82bb3d1214
SHA512 e30790f86c82d219a948fea998f2f319cf0488b8e5b1434ce3271fced1d1601958fa0a331a67c765ab17023ac210f94bb020a18c5cae2256989fd4766b76c2c3

/data/data/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jcnxu06gkldyhsxkdhbk.security/databases/db.db-wal

MD5 cabd39374fba55a699ba5a8ec91527e4
SHA1 9754cc54d0210f927ba2cdc11f7e6b3481faa5bc
SHA256 5b5163de178a496b1240f089c792593c02a8022034fe13d106bdabae2a4ce7af
SHA512 864c9c9f26613dd250cdc7e170948fabce74eec520d2dbfc8159db2fd5d16e8e464488bd8cc040b4a06396b219659aac050c49c20d318c377ee1e5fefc2b5e22