Malware Analysis Report

2024-09-09 17:40

Sample ID 240614-e6w65sygpq
Target a804b0b5d7ad2571faf52cf15b3f23db_JaffaCakes118
SHA256 b98cc355f223d25ac12c9bb565707c476ba352f194ac92f7afffaa721f5dddb5
Tags
discovery impact persistence evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

b98cc355f223d25ac12c9bb565707c476ba352f194ac92f7afffaa721f5dddb5

Threat Level: Shows suspicious behavior

The file a804b0b5d7ad2571faf52cf15b3f23db_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery impact persistence evasion

Queries information about running processes on the device

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:33

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:33

Reported

2024-06-14 04:37

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

187s

Command Line

com.yxxinglin.xzid27931

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.yxxinglin.xzid27931

com.yxxinglin.xzid27931:pushcore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 s.jpush.cn udp
CN 120.46.84.108:19000 s.jpush.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.94.9.210:19000 sis.jpush.io udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 1.92.70.140:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 124.70.211.119:7003 im64.jpush.cn tcp
CN 124.70.211.119:7004 im64.jpush.cn tcp
CN 124.70.211.119:7006 im64.jpush.cn tcp
CN 124.70.211.119:7000 im64.jpush.cn tcp
CN 124.70.211.119:7009 im64.jpush.cn tcp
CN 124.70.211.119:7007 im64.jpush.cn tcp
CN 124.70.211.119:7002 im64.jpush.cn tcp
CN 124.70.211.119:7008 im64.jpush.cn tcp
CN 124.70.211.119:7005 im64.jpush.cn tcp
CN 120.46.84.108:19000 easytomessage.com udp
CN 1.94.9.210:19000 easytomessage.com udp
CN 1.92.70.140:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 124.70.211.119:7004 im64.jpush.cn tcp
CN 124.70.211.119:7009 im64.jpush.cn tcp
CN 124.70.211.119:7008 im64.jpush.cn tcp
CN 124.70.211.119:7003 im64.jpush.cn tcp
CN 124.70.211.119:7002 im64.jpush.cn tcp
CN 124.70.211.119:7006 im64.jpush.cn tcp
CN 124.70.211.119:7007 im64.jpush.cn tcp
CN 124.70.211.119:7005 im64.jpush.cn tcp
CN 124.70.211.119:7000 im64.jpush.cn tcp
CN 120.46.84.108:19000 easytomessage.com udp
CN 1.94.9.210:19000 easytomessage.com udp
CN 1.92.70.140:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
CN 124.70.211.119:7004 im64.jpush.cn tcp
CN 124.70.211.119:7007 im64.jpush.cn tcp

Files

/data/data/com.yxxinglin.xzid27931/lib-main/dso_state

MD5 10c6cdc8516b00c20c44083a7dc7dea8
SHA1 a23aa938b0cd15d2d2c4d4f5d6a853e3bbb23840
SHA256 34149b53d6b1f28d003da7037ec02c5d18e6cb8b99d85445d5aa020483db8fe8
SHA512 c74319341d275730083c137924865b90be350912d10f10a5e67669f2a9939152489670bf21c91124db358c2dc6d518f5fc62243d8f3fd09e280ed785410f12ff

/data/data/com.yxxinglin.xzid27931/lib-main/dso_deps

MD5 b398118dbd2137cfa8ee50b15163266f
SHA1 296e1703081a8f713680496276101d22e6193c38
SHA256 d9c938ad69b1acb5f85afe8d7b8837d3ce332060f5828a8d20832c9dfd48e53f
SHA512 18a8bf1a176d27c046820e025c8e5d977a37b5c85e7ff1b4d319acc4729d9614cf70861f6286ae046dbe614e18a1bd2df26eac370ec5f5d62bfc5d61c9ad860c

/data/data/com.yxxinglin.xzid27931/lib-main/dso_manifest

MD5 c06857e9ea338f3f3a24bb78f8fbdf6f
SHA1 c5a0a2529d2deb60fec041b4fbd722a2ebe31702
SHA256 957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027
SHA512 29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

/data/data/com.yxxinglin.xzid27931/lib-main/dso_state

MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA512 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

/data/data/com.yxxinglin.xzid27931/app_crashrecord/1004

MD5 382fdecaafc9aa73cf8cfc45b7c286d1
SHA1 d0c0c6ad603fb8c3685a65bd8cb39affee62514b
SHA256 5ba0a2ef8d2cfd8ab8ec10f6f8efef4f10b5c72e3388940b78d944bb91003763
SHA512 783ebcd45dd8437fa745ed28238b7ed281c3e36188575dc228ee0e83d6c231562d6ba1640f8972c31e125123d110f55085146def75c5b0ca4163882897cc3053

/data/data/com.yxxinglin.xzid27931/databases/bugly_db_-journal

MD5 27c7cb004163e419481620de2e94357f
SHA1 24e62a71be069c4dfe936e8d4abde41fd8bd3f72
SHA256 b07ffd062f24f1d26bb5d8b762611c971435048f78e1b20dd923389bddc6d911
SHA512 f756a9696b8bde7f85f5793a839430f91c1d39ea74635e64ba2c8338a7459811d1c797d2da869ccabf654579637842c0102228f04844c538c353ce373eb81586

/data/data/com.yxxinglin.xzid27931/app_crashrecord/1004

MD5 95a1290630203627b37058fd8dfa858a
SHA1 1be2ec93e1f15beca84b8aeb9194b3f0d5267ac7
SHA256 1db62e662a0c908871951ab6fa92fbee305aa8526f6bfcce6163539f9534f80d
SHA512 2db17a119bdead64eb877af6681abc4b37d3d0a1ce6e16a9f716c999c384463c3b79e0fe038c7ecd212d78a80aba6c8ad3960fbfecf05d69650013346163766d

/data/data/com.yxxinglin.xzid27931/app_crashrecord/1004

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.yxxinglin.xzid27931/app_crashrecord/1004

MD5 4f64004202df14befb28c1dafcbab952
SHA1 b898687ecb6f5c7ed56b087e7f924cc920bb120e
SHA256 17e6f6d4e4b82e452ba9b70c447c966eb89afae55af58587b973182348d90560
SHA512 67286b8abddfdb5f876641aaae43abddf1aedabc2b0aa36afc0bd0ad951849a3dff19ae1f44c620e5a6ce44c6887273b35823f37bc8fb22008fc8b1bc3b96039

/data/data/com.yxxinglin.xzid27931/databases/bugly_db_-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/storage/emulated/0/data/.push_deviceid

MD5 a01ceb4ed94666d40ec94345d8c374d5
SHA1 a58afbc755066160dcc7da005126de41a8f873e1
SHA256 beade2476447f87b4a638f072b06d6caa13d846e9e2303e78fff6928c6cf6657
SHA512 1b96b549e79dc96085902b5f8728c6b018d84db5cf2059396fd3bbded402dbe8ebb998871d8d1c3c2a2e658984efb672ba0bb56f790df7badcdee000e1778ef7

/data/data/com.yxxinglin.xzid27931/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:33

Reported

2024-06-14 04:37

Platform

android-x64-arm64-20240611.1-en

Max time kernel

178s

Max time network

187s

Command Line

com.yxxinglin.xzid27931

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.yxxinglin.xzid27931

com.yxxinglin.xzid27931:pushcore

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 123.60.89.60:19000 s.jpush.cn udp
US 1.1.1.1:53 codepush.azurewebsites.net udp
US 1.1.1.1:53 qlxa7v125.99gaoshi.com udp
US 1.1.1.1:53 www.ca2d16.com udp
US 1.1.1.1:53 www.ba2d16.com udp
US 1.1.1.1:53 www.aa2d16.com udp
US 23.101.203.117:443 codepush.azurewebsites.net tcp
US 208.91.197.46:443 www.ca2d16.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.68:443 plbslog.umeng.com tcp
US 199.59.242.150:443 www.aa2d16.com tcp
US 199.59.242.150:443 www.aa2d16.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.141:443 ulogs.umeng.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.92.70.140:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 139.159.137.254:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.138.15:7006 im64.jpush.cn tcp
CN 139.9.138.15:7009 im64.jpush.cn tcp
CN 139.9.138.15:7005 im64.jpush.cn tcp
CN 139.9.138.15:7008 im64.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 139.9.138.15:7007 im64.jpush.cn tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 123.60.92.210:19000 s.jpush.cn udp
CN 1.92.70.140:19000 s.jpush.cn udp
CN 139.159.137.254:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
CN 139.9.138.15:7006 im64.jpush.cn tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 139.9.138.15:7005 im64.jpush.cn tcp
CN 139.9.138.15:7009 im64.jpush.cn tcp
CN 139.9.138.15:7007 im64.jpush.cn tcp
CN 139.9.138.15:7008 im64.jpush.cn tcp
CN 123.60.92.210:19000 s.jpush.cn udp
CN 1.92.70.140:19000 s.jpush.cn udp
CN 139.159.137.254:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
CN 139.9.138.15:7008 im64.jpush.cn tcp

Files

/data/user/0/com.yxxinglin.xzid27931/lib-main/dso_state

MD5 10c6cdc8516b00c20c44083a7dc7dea8
SHA1 a23aa938b0cd15d2d2c4d4f5d6a853e3bbb23840
SHA256 34149b53d6b1f28d003da7037ec02c5d18e6cb8b99d85445d5aa020483db8fe8
SHA512 c74319341d275730083c137924865b90be350912d10f10a5e67669f2a9939152489670bf21c91124db358c2dc6d518f5fc62243d8f3fd09e280ed785410f12ff

/data/user/0/com.yxxinglin.xzid27931/lib-main/dso_deps

MD5 f94e6e9d59e79944e70a84af3e3b2a0e
SHA1 6f9a00e9e8482957702e0264f33a226fb3bfda32
SHA256 8b5719a8249fae3188ae12e13b746f38a46b8ad8e10e8fdabd114b706f9f90ac
SHA512 c7302101a2f739ce2644c55642541bb87d5acb82f6a1d1f97f2a5ae131a75ec00e09e8f5e060ec26ba3ff810fb41ab54735ea1e44b690b983482b835264479d3

/data/user/0/com.yxxinglin.xzid27931/lib-main/dso_manifest

MD5 c06857e9ea338f3f3a24bb78f8fbdf6f
SHA1 c5a0a2529d2deb60fec041b4fbd722a2ebe31702
SHA256 957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027
SHA512 29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

/data/user/0/com.yxxinglin.xzid27931/lib-main/dso_state

MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA512 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

/storage/emulated/0/JXCP/aff/com.yxxinglin.xzid27931

MD5 628999b0e90e459b2ca04c1d1638a057
SHA1 e30e4b31c0fd06a4557f5db86a24dbf71ae2fc0d
SHA256 4f50cee6ad8eff93a57b8098a7c7d624361771778d50ec6e83e7ae273700e142
SHA512 b53eb758a4dd8670fd7de99132b25699dd78c4484568a722b3f86e23942d5269673c2081ab1832a18376736791f8656e6d661fe5338b9dc843f4856bf312462e

/data/user/0/com.yxxinglin.xzid27931/app_crashrecord/1004

MD5 50814d744809c5655c6ab8d2cb9d30da
SHA1 4e1fc42d3a4827a40008fba73bf5bdf489bbee30
SHA256 684297a686d14e9fc03ca7788e959b68b17b91a5745cd8da8c549985d4298926
SHA512 4fac2c5474ed7c26044f7a2a21daaa797c11a448af41a33e00eb5f39f1a275aa4b52d8436028ed68b73448e1733517b6aeeb48abef3dd2466b28a82be59b410e

/data/user/0/com.yxxinglin.xzid27931/databases/bugly_db_-journal

MD5 4ff9feea07afa1dc503b081c2412bc67
SHA1 545d7b874500416cc7e7e705bbdb0881efc4780d
SHA256 62dff12a5d06ae611e66a6c54c046f754916d49a5fbcf8245592486e420a895c
SHA512 ac38fb0fef05f687c0d060de718034c9566cba35b130d62fa910d518f9eff9fc4060b10a93e0719b6ad2e2f0c9c58a5a5a2f4460b4c6db8f5c1e50861fcb32ce

/data/user/0/com.yxxinglin.xzid27931/app_crashrecord/1004

MD5 4ffc92b87d219534f3e02ca46aaaa716
SHA1 c22e076c4319a7d1b3388c0131ece5dc9faba5a3
SHA256 a74f1102e31db574ce44150bd8aa5c5538ab36ea979ddd82631926e4a97effd9
SHA512 e7045786afb2bdc723b22ddc483cb8d8e584c1c70ce8be516f43c50e5bacc10c69b2ce635d2d2551cf843ce98642f3762a3aba0e0ac8fd7d90de9af41330cf1e

/data/user/0/com.yxxinglin.xzid27931/databases/bugly_db_-journal

MD5 4a8120c91e3143b2db43971dbc77cf8d
SHA1 37c5700d35059c4e0a718ced73b3d73ba5d2b277
SHA256 1fa1b6e6bd75bcef64d35785e2fd6f2e73dcdf92dce73c8b2a8fed49746d53bb
SHA512 465cd282927e30a0a894a75ad261feddde5a31869c8cea6b548362afce08fbb7cff7a784bd1d62c3e4c95916ce30e758d3919dd4cdc13176f29d68c2620c185c

/data/user/0/com.yxxinglin.xzid27931/databases/bugly_db_-journal

MD5 e2f935191555786c79a85110469f7058
SHA1 20ffc6d59e4c6beb9ced09f61a1b31c7759904ec
SHA256 b413f3e51800f866fbbad6232d192ab48ea44822cea97a8131c2ef6ae70c7ba5
SHA512 8d5cb8721d530d5e6dddf4fe9ef6a708465f468c6138bf566c76e011c15655c0caf71ba15ff58bc8e5fcb1ec2240e0953dc8c7aa582d36b5a634042b29f64f15

/data/data/com.yxxinglin.xzid27931/databases/ua.db-journal

MD5 99513c28ab5520b4545924dfdb15460e
SHA1 cc5cf293e09055cd7c4c209171b4608976d958d2
SHA256 11f6c2785cab6609c38502b82f868bd7af97c4560f78407beed27c4c097ec017
SHA512 5f822c36b56125abe0ff0f8c9c6f580dfbbb632e50733e7bb2c5a60386fa10feb11a396faf70aa4dad57976f4d28dafaee22897bcdca62799c78e8f0b73499a3

/data/data/com.yxxinglin.xzid27931/databases/ua.db-journal

MD5 44cbe425e6f76b922646eb003e76f579
SHA1 be077abd13475a3d81a482495d6d6e36343b1c65
SHA256 2210618dfe60183543288376a511e1daf77bf19937419ac88a44592ea13e7e3c
SHA512 8052c94be109ec3b20e6ef148f73e65d09ea1c475d7034902358faa21fd1c4d733ddfa6bd2cf6e0abc1823d1386f8819b64183242855438c010ec66a55d28071

/data/user/0/com.yxxinglin.xzid27931/databases/bugly_db_-journal

MD5 bb88deb9cf01ea6c8f6f12dc1eb4caea
SHA1 6b65e8c3d72c1393ef68d76cd1ac36ffd5e82306
SHA256 f53c4604bb20671d0c3f63048618fef5035f33f44a9a0c6e018746a137f391fb
SHA512 505b078453076bf32227e40b8bf9a12a3096d933f07b1c85f91f3841be8d1fb138ae173ae5bf01e7dffda5b4d7725ddee35349eb10c750f78f2006b5fffc7cc1

/data/user/0/com.yxxinglin.xzid27931/databases/RKStorage-journal

MD5 c655462ca08a4978731b4df9e831561c
SHA1 35ef8a86197006dfa91a723b61297c4b755cfc95
SHA256 9984c770176901952ae64961d252041a93fe730d250f29559a1f72721e1f150f
SHA512 73c89cafb3b35189ab5125916ae724b1985d5d10c8cd3347691a4f7bcf6bc7e72a994e9b3beb9eaceeb815cb027145bf1536fd6c5d8310a6dc1b8587b0a18ccb

/data/user/0/com.yxxinglin.xzid27931/databases/RKStorage

MD5 2ea97dadd7af3eedb1219ed5c7d1dc98
SHA1 fed7c852a8a407e6743467eecc5471d7af499fb0
SHA256 4f691376bbe83a3fbef8e4c0025ebfdddfa69600d184d0dc9b6a7116a4838294
SHA512 fe87218777c581338cf69fe021f14a0de37aba85fd8d4333646728310db81110b90d410ce0a47e602a9b91c6390d91050dade7cbb2507a7c2d835e3389881514

/storage/emulated/0/data/.push_deviceid

MD5 b5c0b667e0741fde9d5297f19725d9f2
SHA1 aab21d0738f64f9712e74824cc2ac05ae4cdbf28
SHA256 6e9fd87d81abea16757c4e07acb87267ea43609239f68297cac04112358d8f83
SHA512 cd6bf42e70c5a386d2e24f68aec850f7f422d930107e61f35990330b1478228136fc4218953d0dbb1992dea8d385d428e8853c77afac0d55642ad51d4c8eb527

/data/user/0/com.yxxinglin.xzid27931/databases/RKStorage-journal

MD5 c062e11f819e5b5667618b1085323dcc
SHA1 b989cbcb9893cd18d19738230304562b2ff3f683
SHA256 0ff46725d9e705bd0aaefeff0a1d734512dcd4e6d2d7586b63d272137a3cdd81
SHA512 624b24e1e887ec1344f6cd9ba2d9f70317469036a114f98f55ab24cc75bbbac49015d9794d72c8e361edfa8886e84f592c4ea2cba25fe7cbda3dd2af8d5ac36a

/data/user/0/com.yxxinglin.xzid27931/databases/bugly_db_-journal

MD5 448f641126a032f7c233de1379de0832
SHA1 3c7cdfb81aa6af2a93d9753e4f34b9161d80ddce
SHA256 d71c687432d782c6cf43ddde53ad8da05ebab230cbc11963b2cc5399c6bea878
SHA512 8abfdf6a937156ebf1d4bd88ccd1d78e251c64cdffb0c4632bc4e341328b3900542eaef967e4c8888929bfb08fbd24518c220f2c45c6cbf92c98b21181df6cbf

/data/user/0/com.yxxinglin.xzid27931/databases/RKStorage-journal

MD5 406ec753ce08f90694275ea757e75e9c
SHA1 0bde09767fc9c7a613053888c2a47d692a693740
SHA256 50435a65853c53fb7e1ff5c10d7642957dacff7b5286a9d187484aad5e54f75e
SHA512 e899ffb2da4b975f4637c5d840a42a237ff1feb88d693c128929424c73f255af3b37a83a946ef7021f5ff4eb96f4e6c273fad89ea3db87b0decdf99510b487e8

/data/user/0/com.yxxinglin.xzid27931/databases/RKStorage-journal

MD5 ac586c36dc1565fa29f62bcb4b5007ad
SHA1 9de6095684178052ae4d5a07aae1ebf2a6635437
SHA256 60cb5e0d6af8ac4e3365a749f65f7a827f3c3efb4c877dd6059eb9557adfc741
SHA512 179df382b908660a87f2c1ddec7372eeb39ae2173bd4ae62d3304b19c8e6ca53783ae15ecfe8a8cadb41e01378b9d684be592baf0ee182cd0ddbe6c1797a0578

/data/data/com.yxxinglin.xzid27931/databases/ua.db-journal

MD5 2edebc06711e3cbbfd35df1af1fd93b5
SHA1 af6f977b39a7a71d17a94d44d113ff5c6f2897df
SHA256 2cbf12b61eb8a366c832c1147d9f797d2e2dbde4ad606cf42ca6b0a152634b28
SHA512 d16b665b508ac0a24cde3b9998ee37b32af8b2c4aaf22d91f4ee6319148ade5ede0dc54eaef96209a314faacfaf1120a129f75b454230b5445fcc1524c0b7518

/data/data/com.yxxinglin.xzid27931/databases/ua.db

MD5 cdf9d23eda92c0b13bd55d21658e77b9
SHA1 8cf3f062270efbcca300e519655a8611acaaf0b1
SHA256 7a4f5b0ab23a456e79e1e46576954330f946d791672fae4d9f6ba1168ca1ddf7
SHA512 70b8f52b674cf0d8a959731c6958932e4ed99235c149275eebd9a6a8c7e95d097505463835ac7388f371340cc814c77492ccc8a0c29025be5b5d3890f4c9b0d4