Malware Analysis Report

2024-09-09 12:52

Sample ID 240614-cefnza1dpa
Target a7a6a1a5bbe1dfd1c2f844da600eafb8_JaffaCakes118
SHA256 1984b030a077d27842000e5429c153e66f765c06a04aaec858dff91da9a15fc1
Tags
banker collection discovery impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1984b030a077d27842000e5429c153e66f765c06a04aaec858dff91da9a15fc1

Threat Level: Shows suspicious behavior

The file a7a6a1a5bbe1dfd1c2f844da600eafb8_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery impact persistence

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Requests cell location

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Reads information about phone network operator.

Acquires the wake lock

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:59

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:59

Reported

2024-06-14 02:02

Platform

android-x86-arm-20240611.1-en

Max time kernel

177s

Max time network

181s

Command Line

com.smile.gifmaker

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.smile.gifmaker

com.smile.gifmaker:remote

com.smile.gifmaker:pushservice

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.151.23:443 graph.facebook.com tcp
US 1.1.1.1:53 datax.baidu.com udp
GB 163.70.151.23:443 graph.facebook.com tcp
US 1.1.1.1:53 api.kwai.com udp
SG 103.167.27.34:80 api.kwai.com tcp
SG 103.167.27.34:80 api.kwai.com tcp
SG 103.167.27.34:80 api.kwai.com tcp
SG 103.167.27.34:80 api.kwai.com tcp
SG 103.167.27.34:80 api.kwai.com tcp
SG 103.167.27.34:80 api.kwai.com tcp
SG 103.167.27.34:443 api.kwai.com tcp
US 1.1.1.1:53 ulog.kwai.com udp
GB 23.59.171.24:80 ulog.kwai.com tcp
SG 103.167.27.34:80 api.kwai.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
SG 103.167.27.34:80 api.kwai.com tcp
US 1.1.1.1:53 txjp.gifshow.com udp
US 1.1.1.1:53 txko.gifshow.com udp
US 1.1.1.1:53 txvg.gifshow.com udp
US 1.1.1.1:53 apissl.ksapisrv.com udp
US 1.1.1.1:53 apissl.gifshow.com udp
US 1.1.1.1:53 api.gifshow.com udp
US 1.1.1.1:53 api.ksapisrv.com udp
CN 180.186.38.200:80 tcp
CN 101.251.217.210:80 tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
US 1.1.1.1:53 dns.map.baidu.com udp
SG 103.167.26.35:80 txko.gifshow.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
SG 103.167.26.35:80 txko.gifshow.com tcp
FR 13.37.206.148:443 sapi.skyhookwireless.com tcp
GB 88.221.134.162:80 txvg.gifshow.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 103.102.202.125:80 apissl.gifshow.com tcp
HK 124.156.126.37:80 api.gifshow.com tcp
CN 103.107.217.26:80 api.ksapisrv.com tcp
CN 103.102.202.106:80 apissl.ksapisrv.com tcp
GB 23.59.171.24:80 ulog.kwai.com tcp
SG 103.167.26.34:80 api.kwai.com tcp
SG 103.167.27.34:80 api.kwai.com tcp
US 1.1.1.1:53 ali2.a.kwimgs.com udp
US 1.1.1.1:53 p2.a.yximgs.com udp
US 163.181.154.234:80 ali2.a.kwimgs.com tcp
US 163.181.154.234:80 ali2.a.kwimgs.com tcp
US 163.181.154.234:80 ali2.a.kwimgs.com tcp
US 163.181.154.234:80 ali2.a.kwimgs.com tcp
GB 79.133.176.222:80 p2.a.yximgs.com tcp
GB 79.133.176.222:80 p2.a.yximgs.com tcp
GB 79.133.176.222:80 p2.a.yximgs.com tcp
GB 79.133.176.222:80 p2.a.yximgs.com tcp
US 1.1.1.1:53 p5-live.a.yximgs.com udp
CN 121.228.171.41:80 p5-live.a.yximgs.com tcp
CN 121.228.171.41:80 p5-live.a.yximgs.com tcp
CN 121.228.171.41:80 p5-live.a.yximgs.com tcp
CN 121.228.171.41:80 p5-live.a.yximgs.com tcp
CN 121.228.171.41:80 p5-live.a.yximgs.com tcp
CN 121.228.171.41:80 p5-live.a.yximgs.com tcp
CN 121.228.171.41:80 p5-live.a.yximgs.com tcp
CN 121.228.171.41:80 p5-live.a.yximgs.com tcp
CN 121.228.171.41:80 p5-live.a.yximgs.com tcp
CN 121.228.171.41:80 p5-live.a.yximgs.com tcp
US 1.1.1.1:53 register.xmpush.xiaomi.com udp
NL 20.47.97.231:443 register.xmpush.xiaomi.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 103.102.202.144:80 apissl.gifshow.com tcp
CN 103.107.217.26:80 api.ksapisrv.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 p1-live.a.yximgs.com udp
GB 43.132.64.188:80 p1-live.a.yximgs.com tcp
GB 43.132.64.188:80 p1-live.a.yximgs.com tcp
GB 43.132.64.188:80 p1-live.a.yximgs.com tcp
GB 43.132.64.188:80 p1-live.a.yximgs.com tcp
GB 43.132.64.188:80 p1-live.a.yximgs.com tcp
GB 43.132.64.188:80 p1-live.a.yximgs.com tcp
GB 43.132.64.188:80 p1-live.a.yximgs.com tcp
GB 43.132.64.188:80 p1-live.a.yximgs.com tcp
GB 43.132.64.188:80 p1-live.a.yximgs.com tcp
GB 43.132.64.188:80 p1-live.a.yximgs.com tcp
GB 23.59.171.24:80 ulog.kwai.com tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp

Files

/storage/emulated/0/baidu/.cuid

MD5 473d1e913b5f3d03ff2ed9cac8648573
SHA1 2d88f75550948d0709b4ffedcca97086a4447393
SHA256 22e0c19edd47718400a6a3836448458fd1cc3bf4ca747c7c8e87504a33a5527a
SHA512 125856f02a9bddeda8fde1031626bc3107d577c848e6f831b8531c73892367a81ee34e9f81f655e9502311ba2d7e5ecc89030a92ec17bf781f9ed912d7f9b430

/storage/emulated/0/Android/data/com.smile.gifmaker/cache/.cache/journal.tmp

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/backups/.SystemConfig/.cuid

MD5 35ab6bc35c67ac55c42479967a742b50
SHA1 45e4feced33d866ca9d6e19ffafa1103daf679ba
SHA256 a3df66cf0239655ba9d658b3b61c4aec7b5ff66925e1b67f424a7337b1ba31e2
SHA512 f4ad9cbbe7fdd50adf90f7464953e30771edeabcee10508f26c54df59872ad1dcdf780e5ecaba866c552ec075ac424ed568ad2e9802ef7b7397fb5373533edba

/storage/emulated/0/backups/system/.confd-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/storage/emulated/0/backups/system/.confd-wal

MD5 e8111e003312a4da014531032100ce97
SHA1 f2d61357e7c3414c9731ba52e1c0ff61dd4edec4
SHA256 4c62c8faee32adb72df0e292bfccd382eaab896efd1f527162a2a6b8f4945ebd
SHA512 83d2ddba43e113a349a94aa718f5ab8613727d27b988bbd126eff6c9c54c156283795ce64f9a32b33d38a529a642fb2e1a23811f6ad288f54325021e3fe01986

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 c0d8ec2704eaabfee00d0140e3835229
SHA1 4388d5c57fc36b5a6cf8e3d5cd4631bc98d56b70
SHA256 515a1b02879e4665d63fdbf21fc795f6a81755ed594e628137651eea29fd8b52
SHA512 9c40d5e81673b12097a5f45291a2734a29b7fa459bd27edf99eda6e44812003dc8b663ce3e516aac6a1a6fdfaa9ed4538d932c7c9b842e53a9c2fa4e5556bdaa

/storage/emulated/0/backups/system/.config

MD5 2bf76b17d7ad3e01772f5d7ecf585274
SHA1 cb31a1c62cb3b057e69393d205ea5e06cf6fd35d
SHA256 1d5814bf1a3237be9797922a8065867775141ec076819668d0977c92d9b3ffe9
SHA512 48426ef048ad682867f9a79b2ab002746b195ab1d2afb7680dfa9f1c0cbdfdae3a0d4a5edd206e28a057285940eeb72e847ddcdd1ae9bbc9a45054aa6a6aa856

/storage/emulated/0/baidu/tempdata/ls.db

MD5 0d3e99204c6401ea499fe9e6d9855497
SHA1 09829f00ca458eab7374d5079393a2cd69a2348a
SHA256 63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca
SHA512 8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

/storage/emulated/0/baidu/tempdata/ls.db-wal

MD5 41c7be91f93ac50b721ce81c6ea30e76
SHA1 fc5ebb2cc9be035e8bdc987d54964d5a025d2596
SHA256 9d43a4bc6a2f380daa8b9997c33e19713cfa24ca79e9e60a8f7979c257222913
SHA512 96b543da5a75b9fa0ec6aa50e2fa7701c96feb261cc5e187db9ed6e443aa859bc7ab2698961a87204faf1662d9517b0ae7239dec588b6dfa8b739e3403b55b0d

/storage/emulated/0/backups/system/.confd-wal

MD5 05ec2189d613c4f767a944dc5a11cb0e
SHA1 f4bf9b5ffc8ccf319dbff0c771ddcf00ec1ad175
SHA256 bac2c4b991605eeac147a0bcdbda8e74e01f1bb52c7f04dc806b53e678d3dec8
SHA512 d4ff516ebaa451190a28c669917b59825c7790a95fcd644ae0a5b53ed094d4ba50b219ace539dbca9a91e1f6c74efc9a8da27c57ca25d416d5c3192574db625c

/storage/emulated/0/backups/system/.confd

MD5 55923621b66b89d2bcb3226796538513
SHA1 c24904af6bf2db5a2269f187e02c87ab669de605
SHA256 2cc715954d142a0570ae0076302b838abf36d79d490a57276d4abe86ee0f1fa6
SHA512 ccd5c705840da97b877966fc02acdaab17cc0370e291eb7b38a9dd94a9107300bf6b74353a9512307fce1c9166b1576732b326e313cdd8fab1517e9e2f278859

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 5468d65073337d90b54504bdb0cd2ac9
SHA1 5cc22a6074daca3f225cedd55b980049515101b5
SHA256 981266ae9ca3d6fe4108ff1f56e8d07d0d4839f9be76f2d877babf42c60ac8d6
SHA512 a5454532a737ddf02994322cfce03673e6d0ab8b2d3aec4029d3ad6fc718f2a73ade371c3bedd40666cb32b587f4ba0ca328f3adabbeb852a4bfda264d8440b7

/storage/emulated/0/backups/system/.config

MD5 8b0fbd57eeb8e27ccc65edf5b9590555
SHA1 53a28b77d97265fa16792326e01b0f7aafc79bfe
SHA256 8b0863929ffbf0642dd38397a7f6127b23e32aa50a9fbaec820e705084044812
SHA512 1c5b7120f58fee9260e997cfe9de1b0ea05d1104a08f8ea736f756bce4b2c9a8bdc7874cd531193fa4419bd912f682f276dea114343286157a3eeed47c8e7f08

/storage/emulated/0/backups/system/.confd-wal

MD5 af66d5eb1bf942eba8fa118785d60742
SHA1 539d37a790f306408e04c449b5088f7b2bc25680
SHA256 a582735d2b35daa78655f6422d172dbec7b7063618981095d7f7aa30b4f1f536
SHA512 57c7b97238f718666159ef4b517937cb84f0cb353a3002004eb70972360af93155f2fc16752a939aaf2b4cd4d27ceec4ea796342943409aabb7d23adc9a4397b

/data/data/com.smile.gifmaker/files/ofld/ofl_location.db-journal

MD5 fd864eaef8536a89ca3bedc0b76afeb3
SHA1 5cf3c065f4e508d8c42a5760e3046415bf28fd01
SHA256 1752eb0ea333be2845930d65e1ef1113958e488fe9843c447374c53aad2319f1
SHA512 c08402be3a8b5300defc8fd47dd90682787e6cc4da48a5d8aa2e31e0b4c744a5889a5a99f76d0895592271a93d1205ae878f367e0fd1dd8905a0df95e9a2a17f

/storage/emulated/0/backups/system/.confd

MD5 b588e2490bcce471506ee6753ce4bf63
SHA1 3420e6a0337dbe618b2c16c66b86c8f0f2237dce
SHA256 f5cf0d292b2f3327cb1d33835fe05fd9f805090615df7e22341b1a060ce74e59
SHA512 f66c61ddfecad4d50cc8a16a03ef09b71033fb9ae24368ef9f2c9cef34f54324471c67205244ed9b729a651ba5d23b814b9f0c23a10d7e4317425fa4f98b1038

/data/data/com.smile.gifmaker/files/ofld/ofl_location.db-wal

MD5 21885028f5ef47eee28b2313568332fb
SHA1 60b45f3b40ddda79096eb1a89ee4aed9d779b020
SHA256 5fac67cbd940a0d2d8496901581298c5ee9bff98776a9397567e28feeccfb9f1
SHA512 2b193a81b151275a5e6457a1a6285ebe41be7119983f90a71d7c4ebf7830ff6c72d205eec221b2ac01d393b18295162a7dbd4889090ce61a01084adbc01c1566

/data/data/com.smile.gifmaker/files/ofld/ofl_statistics.db-journal

MD5 2a53590721fe26b64245d6b9a26d3c40
SHA1 b14c07ff0de3901e2f607d3672d89e554b75c80d
SHA256 d06e95a671ceffd39c7d852ad0df4d8c9b81891c0bcf25e707cb09be71426f67
SHA512 eca0cf81e058413d936baf5af1e954cc8b3f69df1c06da68bdbcf855ab450df79baa0ffc1201531cf1852a2e741ae7f938e84a41ea3861ba41fb3a82afd7dd94

/data/data/com.smile.gifmaker/files/ofld/ofl_statistics.db-wal

MD5 4fab9415fa1d73b3de288e352ca111d5
SHA1 f30ff69ef8bd37a8a863726ca72781e464894d7c
SHA256 a30ec7558fc9f36991c9328fa8518c5ae711812154e8649d1289ff69f5348366
SHA512 85a73c29076c18646be1524ea5b9d3d19b716f37e066c974a6ed9b443b6fa3660a6e107ff7451186cfb980f241b9011020086ce31620be5432030b537a10191e

/storage/emulated/0/backups/system/.confd-wal

MD5 51fb5dc0fe23a42af147e80f3e8492b0
SHA1 8ca2669cd9c6051b71b8747524cb9426cf77fc3a
SHA256 d62e23b51cbae8526cb046d925de53275873cc3b1f6b8bf87ba275efa7039cb9
SHA512 a5b060095d00bfac96bae42b3bd68bacf809b4e9785e42a4d6afbb5aca481288c7eb61cdbcd9388862c06a033fd5f8157961e3547a63b4ab00818dcf68eb206d

/storage/emulated/0/backups/system/.confd

MD5 b4c491438a8b40ffcb1b8bcfb6d347b5
SHA1 4779d99b1d7e356a9eee0424b972bc053f8f500e
SHA256 0feb4664bd0410502968e01a497e438d34f0bc05bfcdda8fbed2b8551b273ee6
SHA512 ff2bbd65ceb77d4b74c454ee1d9f0f2b9efee6d7af3b064ec4a634ba7df0c15ff2e0a1b980930a2cb0b690d46cac4ce6d675affbdd2fda92c50ba3ce773b9c34

/storage/emulated/0/backups/system/.config

MD5 18afbba6133f01d716f0bab41c5c7c3b
SHA1 e3550f81f4262f9de73700aff4eca143b41fa7ba
SHA256 8ff03b1ab533a972ba53df251218cd7e41d11330e72a87c9d988f6cbf052526c
SHA512 f8d94c9fd25bdb2da552c2c030501a886af3822cde27bd83ed34aa927397212ba60c29c3d4b256b7efd97910cdda0cffce6a9946202c353161ec67f388d1658e

/storage/emulated/0/backups/system/.confd-wal

MD5 3354774584ef7b3b058608d81a3ae6eb
SHA1 f8df66e47a82503d6602b6e875fe2925c37968c4
SHA256 042631784e393587c0bd5eca0b5de8babb5e44e566a94fa1e5972f240d035916
SHA512 c7fd71bc558c0bdb827e796cf8a09bf4ae6f755174a61e5d80a753c15338cfedac5b4131758370aeb6af2a42a14b481428eca0b3739ad08e10b4b2d4fe837829

/storage/emulated/0/backups/system/.confd

MD5 9884be53d7adb53262af6665fd8fa773
SHA1 7938662764a3ab99513a0c0b86910dea0081aa01
SHA256 56747b3d381114191981c7b95dfbea490ba9d8e1318fc2fafef592d9a9660522
SHA512 0e33ac89fc7693e56aa055baa1c99227ec336956e0f79ca53710b7ce5c34182958e2997ce854b519ed8eff303ecc0a008f455e50db6063cfedd09a387c8366f2

/data/data/com.smile.gifmaker/files/lldt/firll.dat

MD5 2ee7396e4917c328c817c62cf97d4288
SHA1 3e62344e713264ffcd1f60a1d96df3e9987f6c6f
SHA256 48a9834c96b045c24a6f77e08bc40314875c42eb878c725f85350c2de8a23ea0
SHA512 d325c937bf3514a675b8d35dac37832c59a611c1c5a653e47b500856d5d7427b691cc5c5c4b681814353f9fcb81a284cf3ffe73b6a5fcaeae12b7af45d041f7b

/storage/emulated/0/backups/system/.confd-wal

MD5 359f11df77bf536fbff0a21c54ba4d66
SHA1 f99c5c65ae29fd6ef9dc5047b7f4f9ebe52b06f1
SHA256 9d08d7139386656a49dc2102b7605bdb88cfa140714db49691550247277373c0
SHA512 e5c9ea2228ab780ff1fad2869f90d1270ccbab52f58eb072a606fc310d83ba4aaba661cbf1af47b800734ed41586bd2fe99c046bb509ad30edf7ce25acc65261

/storage/emulated/0/backups/system/.config

MD5 1807290faa7366ace0c2aae479f3c3d5
SHA1 28cd47a12f983394684aeac5e5ac5cc670ab5f7f
SHA256 9c80275e302534c36fe3be75045463a624dac5601e7353cf4e01af3940dea606
SHA512 99e0b58ce746395c7aaa1f6a53f0a10da51968428d13afe527fa39285146b8cc037e628cb8dfc04f8c1372a0a1c28cf90acc69a6798507fcce684af2ab5ba3fd

/storage/emulated/0/Android/data/com.smile.gifmaker/files/baidu/tempdata/llg.dat

MD5 161557b06b4a4d3ce095528dea370eb7
SHA1 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256 f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA512 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

/storage/emulated/0/Android/data/com.smile.gifmaker/files/baidu/tempdata/llg.dat

MD5 1febaf98e002ea8ead606853f547d084
SHA1 36380a8cbf4ff29a8eee79ecd6a20a7556dc9a08
SHA256 01de17bb3b1e30c5fffa7a782e1488df218e7d49177477431c716cc4ea1bbace
SHA512 cbe895e3a6e9d5f94b12b390d494f895fc9251a12a8c12d9e76ffd8d3ff7fd21213603c48163cf29137375508ac4413923d4a6c60dc99deb3df62643926670be

/data/data/com.smile.gifmaker/files/ofld/ofl.config

MD5 4a5371b2ef1f183ff78eb25eb4d6f1a0
SHA1 93f3723274d865cc60e91d828247fec55318c3d1
SHA256 1376f242bc867a527309bbea09e52b63909f1e4c37d01ff3ebb6d4cb5b4f1e06
SHA512 c2464b7a4a0d597e6e0e5f8c9860f3f3c1efb3459acd3f0d865dbf6f18cbd805968f831cf0b8a8d9eef5d03e258cc95f57f81c4ba4c101545ed55b2be0daa46e

/storage/emulated/0/Android/data/com.smile.gifmaker/files/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/Android/data/com.smile.gifmaker/files/baidu/tempdata/conlts.dat

MD5 0a0444509093507c82ced64032367adf
SHA1 aa017276e4980c40184bba141dbbbe6c96447520
SHA256 5d1a6a55168439918a366ace27ec8fd0548f4a962aee31a7664781f12bf4f349
SHA512 d2b554cf885c363dfc1d20f1b668fecd9783c96e0e9665f4a8a8422696604f2352cb93349163d4d4e610475c7aa3353eaa0457d60be1c429d27ff89a39d6ac6d

/storage/emulated/0/backups/system/.config

MD5 d9caa331782a867528e9fd6af722e130
SHA1 6fe76cd1739693e40cb32c657a2a3cc4e3ded435
SHA256 2ccd6b53e1b313ba19be91646474c1c20ea153fae6bba3c241e94c30c0b7fed3
SHA512 83db0e3f3a07bcd460237a511fd9d3404da8233d8d751247508aa27ffc6d76ff4afbfbcf12a0843984bb68b056a280a93c9b66872bd70f90a53ea9e5dad2de28

/storage/emulated/0/backups/system/.config

MD5 7c0b20d22a6067b56c916704a783c3de
SHA1 a2d44a8d85e4ee751224778e88769fc8de796716
SHA256 cd9cc1247246b2fb81d2716115eadb8c993642818d298e032ebb430956bf559a
SHA512 c2e75a20620ddc8b3662550af9973b7ced24b11ac7b52f6db4017d27b484b5e9d43252036663728ec10e9193da581d1a1d35ea7494d9c2a7c604b18adc4e5bb3