Malware Analysis Report

2024-10-19 11:54

Sample ID 240612-psh3gaydpq
Target a0afa1db0734de8050df151ad4c92357_JaffaCakes118
SHA256 4d1e6be467d6d8ae1ecd19fae94281a2e0e75dd7d74afc50646f79eee1a0251e
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4d1e6be467d6d8ae1ecd19fae94281a2e0e75dd7d74afc50646f79eee1a0251e

Threat Level: Likely malicious

The file a0afa1db0734de8050df151ad4c92357_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Checks if the Android device is rooted.

Requests cell location

Queries information about the current nearby Wi-Fi networks

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about active data network

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Reads information about phone network operator.

Queries the mobile country code (MCC)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 12:35

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 12:35

Reported

2024-06-12 12:38

Platform

android-x86-arm-20240611.1-en

Max time kernel

177s

Max time network

157s

Command Line

com.wTheOldWitch_7675058

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.wTheOldWitch_7675058

com.wTheOldWitch_7675058:Metrica

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stat.appioapp.com udp
US 1.1.1.1:53 ads.appsgeyser.com udp
US 104.21.62.130:80 stat.appioapp.com tcp
US 104.21.62.130:80 stat.appioapp.com tcp
US 199.115.116.164:80 ads.appsgeyser.com tcp
US 1.1.1.1:53 config.appsgeyser.com udp
US 172.67.168.94:80 config.appsgeyser.com tcp
US 1.1.1.1:53 admin.appnext.com udp
US 1.1.1.1:53 cdn.appnext.com udp
GB 108.156.39.111:443 cdn.appnext.com tcp
US 34.196.154.4:443 admin.appnext.com tcp
US 1.1.1.1:53 onesignal.com udp
US 104.17.111.223:443 onesignal.com tcp
US 1.1.1.1:53 startup.mobile.yandex.net udp
RU 213.180.204.244:443 startup.mobile.yandex.net tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 108.156.39.111:80 cdn.appnext.com tcp
US 1.1.1.1:53 global.appnext.com udp
IE 63.34.114.190:443 global.appnext.com tcp
US 1.1.1.1:53 report.appmetrica.yandex.net udp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
US 1.1.1.1:53 certificate.mobile.yandex.net udp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
GB 108.156.39.111:443 cdn.appnext.com tcp
RU 213.180.204.244:443 startup.mobile.yandex.net tcp
US 1.1.1.1:53 startup.mobile.webvisor.com udp
RU 213.180.204.244:443 startup.mobile.webvisor.com tcp
US 1.1.1.1:53 u.startup.mobile.webvisor.com udp
RU 213.180.204.244:443 u.startup.mobile.webvisor.com tcp
GB 108.156.39.111:443 cdn.appnext.com tcp
RU 213.180.204.244:443 u.startup.mobile.webvisor.com tcp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
RU 213.180.204.244:443 u.startup.mobile.webvisor.com tcp
RU 213.180.204.244:443 u.startup.mobile.webvisor.com tcp
RU 213.180.204.244:443 u.startup.mobile.webvisor.com tcp
RU 213.180.204.244:443 u.startup.mobile.webvisor.com tcp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
GB 142.250.187.226:443 tcp
GB 172.217.16.238:443 tcp
RU 213.180.204.244:443 u.startup.mobile.webvisor.com tcp
RU 213.180.204.244:443 u.startup.mobile.webvisor.com tcp
US 1.1.1.1:53 u.startup.mobile.webvisor.com udp
RU 213.180.204.244:443 u.startup.mobile.webvisor.com tcp
RU 213.180.204.244:443 u.startup.mobile.webvisor.com tcp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp

Files

/data/data/com.wTheOldWitch_7675058/files/webWidgetConfiguration

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.wTheOldWitch_7675058/files/widgetsController

MD5 21c262bbe100f90b89a6a9685295f8ac
SHA1 f5c28d2866216122a49c07ee8e60f982d42d8266
SHA256 9a271bf47ac31d9862b31eb95eebe1366a914c07319d7e2cd19d9f4617d21a90
SHA512 7403af0c9b1a2f9ea0a06cb74bd16e65f567e573b2023112d4bdf9571eeae8f7807d2a958ba262532ed634d5746fa1534f25288ad238678d85832e950ee66171

/data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db

MD5 880011fa7df8bb90a5adfab8364e2e49
SHA1 8640c23913dc2b771465a63c5f9417bf5327522f
SHA256 b9b37a47c3aa2e7b718df97281ea8885b70c12c9456918127987552ab36098d7
SHA512 e32127b9e15767334e13903462b81df74cbb3bd894f35d64aac97e08260ecf3245a3574234f13021e6ad3cc8cbdcaa6824179442e06e2a18c28c44a22515a5c3

/data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db-shm

MD5 4e71a46117c1c7a5f1bba42dc39305e1
SHA1 9c68cd69b984c87a7be52fff7c80bb11b57f2728
SHA256 bfda4d86896dc945153d1385c1989a3c830a89a1d40bba6a4284337bd11e8e71
SHA512 4b9f14cf8184b20226bb235450473a95f247b4df9a130fbde0c2a44f7f00830db24a160cb94620ef9ae37637be2b4fd1f4f39382397c8a9b36691805ff58e7fa

/data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db-wal

MD5 bffca3f2e64368f3a6f62f822488c434
SHA1 213eac53f4416f10f137c14a70e0457e598cfe6c
SHA256 db104fa17b70da458ab0e1bdc99f082e43ea6e2526e06fc5b14a794eca309573
SHA512 f500854880bf88a1239aa0933159427337d9afc7fb91b28a2a837e70e2326bbc70d46fff50e3487608fc473d48099804ee0786ff7e3465f962b1d7ae4d33ff31

/data/data/com.wTheOldWitch_7675058/cache/volley/5917902771060619102

MD5 d42dc9d3791650dce48458b9d7d07e19
SHA1 01a2ed71362d758e48ef4377cdf9466e2f2e6186
SHA256 4572fa51b61a65cb768b03d694fa5321bc4bc8b3dab0e703500597c07fbccbc7
SHA512 aaf5b9b9e01e0efaf33c2abf17f00f064b216e74c5fb9938d9d3c136125d4d7b750a013c3a692bd852e56f424aa80770456fd411d2654ef10bfba67b27dcbeb7

/data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db-wal

MD5 16e4b797c3119b3c6294ec7d47c081af
SHA1 4732948a5fc7358858247931b29a6b6eb5f47d94
SHA256 96bef75945e0cc2cb30c1195eb5d2c1bb248a6e3a3e970cc20df3b57111d2713
SHA512 8a99a0116e1363b0327bd293aad3a020dc1df334e724d3c753b05721d75aa0a58a2434fe36a2ed927013dbc537a7d70f614d0e9b5c63e222fcc1e065f46eb757

/data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db

MD5 075f5909df8260245814f0c0b0afe448
SHA1 206bf8ea9f10b1907378bcf5413a5d3565f3c5f5
SHA256 210cdb9e99f514168c2408ba437f240bd812b3b0162f26ed29ac383c71f603fa
SHA512 a0ba6cd4f02f4ddfe341135d86965cf8b8c28421f29532e50f352963f7eda68ba4c464416cafc1a27dc14bb38b7ff2a7da85aec1cc00b735d3cc31aeea9b947f

/data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db-wal

MD5 06750ae79edaf1dfcecd4f9c5a7ecb52
SHA1 ff5f75779be715fecf6c9d0cb9af3aa0eacb25af
SHA256 5072a3b3bc87fd56ca767142d1f6f7b138e395364c1c92941f3bb714b4f93b91
SHA512 0bc5df7ac082d35964cdeee73ca59b38fc5dd0cc2c9f672add5b84aeffa3750f877d0847535a43b2dc6bcad7e9f5379604ac9e45d13f3435f95a2f959c309bb1

/data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db

MD5 84e05be42d118d2e10887a16c9535b0a
SHA1 a5349a6f02dd79035a3bfa397875b4bc3bcb106f
SHA256 68207d184cf0b3f4abf91fc18d7917463ae20cc1cc45235e741f25752d99ad09
SHA512 ea5b483674583ff14421d310f8b50a179d5ef2172fc343dd682c747559c55173fa57d61c751327914a2946e0ed097034b3c38f8f06a7024efd8c0bfb597244c1

/data/data/com.wTheOldWitch_7675058/databases/db467-journal

MD5 5628cbe83e3ca8a32cc4a77f4875325e
SHA1 5ef7bc9a27b90ce4fe96b9d7ed047ba9c093dfea
SHA256 2295aab340c0080a0defbb0f2670d86c4fb3c691a19287f502867e344df77701
SHA512 8d082eb64ee9378dc84b88f55a79405726635c042523e5a666c1b13718bbbfdf5f914c5a3a777d9aa6faf80ce894d4a2c275c5e168adf35ce9666c570d47fb47

/data/data/com.wTheOldWitch_7675058/databases/db467

MD5 94827aab6dc02dfe9606e91f844a96d4
SHA1 01ede4ded508436374784ade4c68d8a6a7b02ed1
SHA256 a50ffdf4137770355df34c94d3eb1edfe9567cc903e68eef3c0457172dc3fb39
SHA512 068ca063b75dfda9344bff4cc5b60d0c86b5855f382f1730a735c2a7b26ea3fd770230d3911a7c40b614740069eca398f2c4285ab0d866be06c09a15a15cd3fa

/data/data/com.wTheOldWitch_7675058/databases/db467-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.wTheOldWitch_7675058/databases/db467-wal

MD5 2ad680933dd8f14effe04840f5fd377b
SHA1 c6fc0809ea57b9360715f3836fc18a73f6f02585
SHA256 00f17ba649bc3e4e33f76f47c0cff9b59ba0794fee160c7e84767590bfc55dad
SHA512 e18d89259a70a284157283d0926e56a60e9cb691e8a3aac02c2e4b6c6911d5f62f7cbd5adb3d4bf4bd41c125b8dabf34863300e67cba7e50e048053c6dfd84c1

/data/data/com.wTheOldWitch_7675058/databases/db467-wal

MD5 85ffc36ad8667b955e418302c806161b
SHA1 c9deeb4704134cc888d30c26d966f7980225cef6
SHA256 a5e8c059bb1f2cabeeab33f435ffc726d250afb9386a67519bf84ec0393290e7
SHA512 b6a4fa99b7df0137c20eeb691aac424a2db1bf12981d82a2ad3a715580de499dd45494ca2aab901ceae6666d295e0481ac2b2995c5a5a841664d9921ddf7ca87

/data/data/com.wTheOldWitch_7675058/databases/db467

MD5 967575234b8a9e064eac2e069293db56
SHA1 61f34022f97b2b9fc4b8d265d45b2e8fb740ad61
SHA256 47fa9c9724b4065cea8afc5db3109462b7ededdeadc43506ae7ed3797f7a853f
SHA512 2e1957b228dccfded29fc9102b8f5cf267bacbd13b73a4bce595f9bc861eb7a29f33e18ec71688643595d988fb68ff33691169a3d444c2b2b5132bbd545f3a64

/data/data/com.wTheOldWitch_7675058/no_backup/metrica_data.db-wal

MD5 f1f8d421164dc7737e2ebeed7fb913b4
SHA1 e073b2d6e37eb05147cf4f76bded3d4ead1b8e81
SHA256 ebf256945eb8ef1d21e3f3c801ca3e890a217e9a0651a252a6e028d1d0bb219a
SHA512 d7c55d79e3e6d8a1eda703b0eb5e8a5fb276dde16a651e24d5a7ca1d2c507473e4da585059d36ceac08044acb9f675fef9ddc7dbc7dd5d577885a1e73964eab8

/data/data/com.wTheOldWitch_7675058/databases/db467-wal

MD5 94a71b1b9498e4fa8952a6d37ff24a1b
SHA1 9e349c78a1893a3d5dbde7e1394d04b01ed8253f
SHA256 c35a5d4e3fbd17114eab1abc717c8b3865574e1debc30a2d93b7f8a90f08964c
SHA512 1c12288580947d12fc1a6661183c598d751a636ffa026c6aba7b7eae54f878ce2eb1d7c7905c478ea74b26d93659c1feb3533684e890e452e21aa7f5d6059500

/data/data/com.wTheOldWitch_7675058/databases/db467

MD5 9d2149a632962978a7a1eecdb5c4e474
SHA1 6037af9538023521fb79e7d64372f6e6824e7196
SHA256 838ae406231aabdea2305ee5567eb7645d035ea88b0106e210dd3e77601e6eb5
SHA512 a4dd23d48be3b3dfdedabaf31c654cf9ae91db0a996a3a831c29d149c5a7e77a52957b54a5e7c4fca8de9cf00957c4cc18a361c72cef6975af9fb021128828cb

/data/data/com.wTheOldWitch_7675058/cache/volley/-694382621281852850

MD5 dfd10357863183307e72ce8e1a205530
SHA1 bf1556d8ee152a4307ecd149d6d0c72ee23cef01
SHA256 2d4be46195d6f7ed3d35e1436877202110fae26052955816e1a9ced0c39227e2
SHA512 63c8ca1f3ecbeb6d1b0d0d54fff927420ff1e6f15077a4d8a6063800e7873ac326552435b62c955077d27fe564181ea8afe51a097f79c47e1e548f10aa44af93

/data/data/com.wTheOldWitch_7675058/databases/OneSignal.db-journal

MD5 89b9347e919d25b8051334b2aa33b2de
SHA1 e36e43c609211ede5788b7e72a656e62bd04e5f4
SHA256 2f3b62be87ad3cd6479a3c732d3609393af61e5978bf48aaaa6a4c5d0d8e6ece
SHA512 d5eca1edf987a5b7f5f15e5a3bd2b813d5fdfeafd14d254e79dddc1dd29915315d74f1b13ad0ebc62e989ef9a1d454f9dde16c794533391d51addbdd2fc245b2

/data/data/com.wTheOldWitch_7675058/databases/OneSignal.db

MD5 9a553921b377e8f951daf2cbf7996b3e
SHA1 8690f69bb7aa45a10711fb34bd1726e4363bdadc
SHA256 9cd42d2e9d42c9018f7e23bbc7cc0b8cbe6134ecbd517179a5b7324c02929d43
SHA512 d17614230d45ca610a2fc0efd89f236b50f8570229b01f8fa2f0128829d6ab8121e6753039a376f5558f940c6c84a420d47c78ed2e9584ebc0ee7408159bafe6

/data/data/com.wTheOldWitch_7675058/databases/OneSignal.db-wal

MD5 bd66dcb46a0161e61ae0656f74dc4b24
SHA1 cea62a292dd67b883b867ef4e32eb182475e7556
SHA256 c7f36c868d8e37c9d2dce66c6bdf9278fb26c538ae3be032bf71fbfed70990a2
SHA512 bd5b1726acb8a28dc95998d57cda7abe27a15b9e2887302644b5c97bbe06f741d2bf6881fbc80a9421b55df814281c9e3b70989da38a6fb92c444256ec0612ce

/data/data/com.wTheOldWitch_7675058/databases/db467-wal

MD5 20126044d6424c3369362708fe686a4b
SHA1 5067546588b873e8b3c93b6a3732577be7df5c8f
SHA256 d91b92b390b0b8bcc2ed528c617c96fe6767a188ab45db018426feb5046bc5db
SHA512 07939a00472ef6da44391031efb5a2aa8d3d364d18a7347a127bed0c5422c1ac349bccc93958732f074d6dfc503af1a5a96350d7a982e8bf00d8ec31f15a08b4

/data/data/com.wTheOldWitch_7675058/databases/db467

MD5 dd42a7643c383f6aa383ae34bdc529c5
SHA1 f4fbb1d60628710adf8a17522f9d332ad1e3be3e
SHA256 c4568291b733af50cb3843dda5e19d8380dd67a447cb168ea4fa2b7a60ee3c5a
SHA512 2cb5231ab240306c758cdf69e4ae5a7b63514b71d910ca90d18e0e1b6b8d84a713f9c0009681eda8a4f2aaad7e5cde336f85135e2dac2830adfc36fd74fc2d87

/data/data/com.wTheOldWitch_7675058/databases/db467-wal

MD5 d540f98c45a0fdfb477725476117d0dc
SHA1 525ea8094677059330f8bd4da528777e99c0dbb2
SHA256 eb5591c2836f9d0b145a64186bf60602e03c54d5e3a34680486695a9e698f789
SHA512 c51b401a23f2a7561f9a5c495b4fb620b2bc7f87ce7c2d2336b5d2451bc66327547f1e318b38bee74d9d0d8361609b096e66b46255804761cccd94e8ddd0aa9a

/data/data/com.wTheOldWitch_7675058/databases/db467

MD5 3302e5513705acb31ed7c649c53a776c
SHA1 8b9162970d24954b2aa5002c86dce9df979f53ed
SHA256 9543aefaa155d586edb5dfa8797d4e8242e59b6e8b4ad5697d58c74a170a5d6a
SHA512 63b3de3fc12e338ae72c6b4b6ace1223be060a1cf19c32d81fe25f22ff49398a8378ddb899fb6c019be000d14c30b6352cd67e0b1fe434109f8b3cc7c44ad123

/data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db-wal

MD5 9e2ba21a5eb766367d074bcabb127744
SHA1 67a9bd1162294abd7cf3a58b5fb3a8b9a6d5c5a4
SHA256 c528ff6203073c2c1e6a0d12b76134ea6850ca2c4c02087b33582d22ad38503d
SHA512 60e507ae1452665a808dbc7306cbfd5f39d46e5b61102ddaa0ec3fc2dd9404234ec93625e70bfffdfa5b81834f6a047a86939f2c6aeab1f8c01d43fbe330e8e1

/data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db

MD5 349107fd9a3bbdc234b93457918ac3d5
SHA1 7be656bff77d8719dadf3aa30482ce1dd53b2d0b
SHA256 e0ef9ce55f6ee38c04eba6f0d22affd616828152ee1c9cf86dae4e88ebba22da
SHA512 aca60def1df40c0792758deffbcfa35f684c250210225c9ee5ccfa8039e38a2e7a01b25d982300895225c688abdd6ad524c15d872b31f607e40b3c40f69ffda1

/data/data/com.wTheOldWitch_7675058/files/data/appnext/videos/video-741148-15_o_1691532153.mp4.tmp

MD5 ac8aa8b2c51df621404d4a947d521399
SHA1 6060c3cb17552ad9ca126e0eed34665df6f1f296
SHA256 2ea34f4b0a777d01c90e8a0040ccb62a210444a189d127065411fc156844bdf5
SHA512 35006e582f51264e2071e4e695bd8b02b6057bccb1ce16086f55f5b9f9ae9c1c9e41fbb0d5d02df69941c9cf168ecbb965ce00c185be8a60cefea19c5c4d5ab1

/data/data/com.wTheOldWitch_7675058/files/data/appnext/videos/video-752316-15_o_1708533133.mp4.tmp

MD5 54c5a8e2736df861c1f2a42c91a750eb
SHA1 13cdf8d99809e9d1b131b2cb15e55f3fa6f4274a
SHA256 aab36846492a032ea9332529e3f1bb69c941fe177a3d309e580dba32810c56f3
SHA512 d0a02804293539d528370086a64064901be0929d557e23141cf6aec1ffeb4f258061afb78d93f999b63328de5f13d613ddbca88295886e2566c2ff9f8b0af4c7