Malware Analysis Report

2024-09-09 17:36

Sample ID 240614-f8alla1anm
Target a82a05489d6d4a5305ba7b763853c2fa_JaffaCakes118
SHA256 586b83196e48c3399e03264447acacb2d39d2cfbae6541df48a9a325e8480fcc
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

586b83196e48c3399e03264447acacb2d39d2cfbae6541df48a9a325e8480fcc

Threat Level: Likely malicious

The file a82a05489d6d4a5305ba7b763853c2fa_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 05:32

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 05:32

Reported

2024-06-14 05:35

Platform

android-x86-arm-20240611.1-en

Max time kernel

63s

Max time network

138s

Command Line

com.openlanguage

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.openlanguage

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 oc.umeng.co udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
GB 216.58.212.202:443 tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/storage/emulated/0/.openlanguage.com/event/evnt

MD5 7ddddb7a65f723bda0a7fd25627ca199
SHA1 f6fea17a5bdc62cc7f95b5b7e9be4d3e5b93ccb4
SHA256 4f59d41ef3e7d93bab04b32e4b6a522748a06f556db146fbc1945f8f0c1b73a9
SHA512 5521f775339c389ae5132c84022f3176f0216af520a3475fdcd74437fb54c0f9dc1539ebab7b488252551937fb7b9e5e7a50ed3da1c66dab8985f0c02069f971

/data/data/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/666BD5E6013B-0001-10AF-3FF6A9642EF8BeginSession.cls_temp

MD5 5566defacb8135e4a969ba0db09e3b42
SHA1 9692864054fc4f9f33f72f7aad75acc49881ab9b
SHA256 52c9a013b87a891ceadebabab408c74fe8eeda7eb90936ad2bb9c4ac5342c833
SHA512 9ebf1ed1677a6b561ce7e386ccc111273f6d151ffee83dbd6184ec1223b917cba10f2ccfb1f4e57cbaebacb0e79a09681bd5615b7a1a2c959e8ca1a471a58038

/data/data/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap

MD5 3734b542810af923a158aa64fab24c0b
SHA1 644f49970c7034247c22c7c025b70c59b71979aa
SHA256 1a066c914640b9e8f486fef2170f5e9a88fdd8268c2e5f56d7678488aa6d9ed2
SHA512 5912c16f55818613731a870ebb73ddaee1543d43216f5a9838810d78c627495cfbd450fe22734c2d64710e1a7713eae77d3b46a8f3f5cf600fe68fc7b8ddd00c

/data/data/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics_to_send/sa_8950d4ff-eb93-428a-9f9d-df92e79987dd_1718343142550.tap

MD5 0b7779d3240884da036f0b87476baa92
SHA1 4c30ec88aa79623feda6bcb9ff9399e5c104dcb0
SHA256 3a57814b61c9cd23bd8f4cc4d1d6b589c7a58b61b39a367f891c1c069be0fc54
SHA512 64ad02e78d6f371912ee622f998bf077b7348db49470d06295e755138a5f481050e781e410117abbb1127cb3cb148699c1772cbbbae2f7f0042fe4407de8f368

/data/data/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/666BD5E6013B-0001-10AF-3FF6A9642EF8SessionApp.cls_temp

MD5 69f7dc0ad420fe9880e2e1f62d2182a5
SHA1 17c45633bb98d8b7df930612df0e93df336ea38f
SHA256 11a7b0a123ca25e0aa72617d8b86af14029223c0133fa59470894284ca7c0ba2
SHA512 6affe6a3e7e8cbfc9be981af7d6eb0c4d2e7e120d6370293c7d34d0cd82df02134744c7cc912f6d7aef2fa83e714e0f50c842ee4440c84a08e39c44b17e3845d

/data/data/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap

MD5 ebef56e8f5885a2c2a126ff4e7aff76f
SHA1 fad61191ceae5016e3403d0ed6a91b645c3a7d00
SHA256 d6dd984498eb471d94faf5147881f046b3ee8de945b90e69d34aa8e3ce3f68a1
SHA512 280530b37da3fdf57585e2c84c3fc43dffc52d98375871cd2eee2e733d2e87feaa26de57658ac32fec3522e80eab40b610fd60b8a01abfcc28fb85e5f134f159

/data/data/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/666BD5E6013B-0001-10AF-3FF6A9642EF8SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/666BD5E6013B-0001-10AF-3FF6A9642EF8SessionDevice.cls_temp

MD5 06204ce2ecb421fc35ff72803c7007a1
SHA1 b36c9014135b67e6f8ab2869d2f201c7fdab706d
SHA256 56950ae8133e990b68da44e73ff4fb789b36a44e453d9674ff36a7141f487aa4
SHA512 93756e5072dd7e40cfd52014bcb9c2627d9bab1f19966280c65a0cb05b04d5525fe165cfda826fb79aa09b9215a90a5bb853eff2a24ef50e696421803b4038cb

/data/data/com.openlanguage/files/umeng_it.cache

MD5 cbaccac9b76d36c10966c01d1dd8aa9c
SHA1 f1f5b52f09d3906385c1f01cc044d92c2ed36e6b
SHA256 06567dcba7782725e32783af2edb94d9d06be460c16c006eab70a229dda312e7
SHA512 b317ddbcc3616643b1e68d16107792b238667478efb56411e22176e1bd04ae58b826a1e92ee962631022b14b01e37963f7bee68d0380ccff339609f3b03cefdc

/data/data/com.openlanguage/files/gaClientId

MD5 8dbb5d59ef20cb8bbd457aa5bf8eaebc
SHA1 04f476c38dd0fe8188e90fc31a27bb9d8af2bd0e
SHA256 5ca33b71784037f8d5412b62b4a9f6725df758ee5f44846cd65a0e2c131a1dab
SHA512 a32a178508475db6ae6cf3a240ecc163876ae6953263fca1780088f57f89475662da8eb535350796bdc46b19daa91c1ea43b10267a6d02a877ba5bd322586895

/data/data/com.openlanguage/files/.um/um_cache_1718343203283.env

MD5 eb830e145087faf1ad04dd6798caf66e
SHA1 555db233999ccde9c126ee538337ae3088d5c07f
SHA256 781c5c192d90653db686c95c117b97dba9e279e9a6189f49f9059997bcdb73f7
SHA512 e537a340ae1c73f14f396c60444e64e3841cbbb152a87a86e70cd79b5808f14063dd4636eda7a84c86690c4a3b6b8eb8452077957040b9550cdcb4b8e223e12b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 05:32

Reported

2024-06-14 05:35

Platform

android-x64-20240611.1-en

Max time kernel

64s

Max time network

134s

Command Line

com.openlanguage

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.openlanguage

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
US 1.1.1.1:53 oc.umeng.co udp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
GB 172.217.16.226:443 tcp
GB 142.250.178.14:443 tcp
GB 172.217.169.46:443 android.apis.google.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/storage/emulated/0/.openlanguage.com/event/evnt

MD5 aef2817162482846fe22bb223f074a8a
SHA1 6e5b9d80fc0715f0bcfaf04c439966e09cc7fe5b
SHA256 72bc60a2293f450ed23d9ec5bacfacac16674e9fe4e6f47f6f109016b94cc730
SHA512 7da7591621bd103fe70946458e8b2c850107622387dd48b74f5de1aae285627966b6408a54cff60f534030d8492dae243a5d9a4552c12d97e3c7dc63bf4babb3

/data/data/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/666BD5E30295-0001-1404-D51BFD2AB58ABeginSession.cls_temp

MD5 0f8f28852e7c1b4caa96ade7c88199e3
SHA1 2fa46ec4284fd8dc311f77bcbbf44857b61bf470
SHA256 73d6c729fc81841acacaddaaae192043cc9c56b98afe83444b8ad81950379590
SHA512 7fb8bc9d91a5e92379f51e7ef85cc26389ea93008aadfa5368f176f0cd97598145b83ed8718709f6175d6287f657b39abc20d5be908ee56316bf29ff50faa4fb

/data/data/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/666BD5E30295-0001-1404-D51BFD2AB58ASessionApp.cls_temp

MD5 c28473e65412aa9f9b686388c6ef5b7d
SHA1 813f23c20bedd3993fcb457bdc7c3b895ed23d9a
SHA256 06d7e2f0f573433c34d96d6ebb8e013f63cb59563d8b3670edc29476ff6ecab4
SHA512 d85f4e8495684b72bf91b2f6244e6091861102c9a2001fb914e04a85d5420a71e6b42252d3a20b4bd7dcdcc7b65b33221777528426a94dc3158167259a37446e

/data/data/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap

MD5 2c8274d7be96788cb6120ae7f24791b0
SHA1 6d8f5f12007c2cdfdd01d386745541e980b69ade
SHA256 f927027d95606326b1176f25d9b6526da09f156191a0b489c7b116c5c442db75
SHA512 8d9cb784f9def53f0a5a8743b196f547f4b5b567f2bc0974c7f1affc5fa1c6731a2c4d696301b3aca5a4c42cff2c8454cd5619161e015b46fd89b46c983ef7d1

/data/data/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics_to_send/sa_4e68a7a0-f1f6-44c2-bc1c-370256f26647_1718343140394.tap

MD5 241e3beea86502b5a528f0d5349fca6d
SHA1 1f6ff5169edd45b3894abe76d9741227e29465ad
SHA256 2d1d93cc2473af53d7d901be56ad2d09aaa435e995420454c436a9b5ed68a720
SHA512 6f9cf14ca98e4eedbb002c5ef37eb8d8e16847eed04ac9bcd5bd05853d22ba5b70ba2a17112631279afc8a6ffe205380a1077100e3e31bdc7511524a8ba019de

/data/data/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/666BD5E30295-0001-1404-D51BFD2AB58ASessionOS.cls_temp

MD5 2566d27ce8c28d8961f082c375d7535e
SHA1 92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf
SHA256 5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a
SHA512 1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

/data/data/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/666BD5E30295-0001-1404-D51BFD2AB58ASessionDevice.cls_temp

MD5 587d7e3bbd780c6922bafd0f664206d6
SHA1 1830d1081729f9d938f4a2a358f5b3e47a87f0f9
SHA256 2c4707df700e2dc1e8cdbf460ad141717ede054303137d954294f15b1a95396d
SHA512 e3268369f55a5132179c590433ad8502092cfbb652b4a244612eec016e45b41df38967b08c40b75f6a56a6fa8718d42fb1f13447063212137e5e8fdcc5673bf8

/data/data/com.openlanguage/files/umeng_it.cache

MD5 d3775d421add716d67c14697bf639281
SHA1 7bbe0874c3edcbde0b12a1ad6c8022d1bfe15cc7
SHA256 5efca4cb01e427ed31a91ee83b422ead88b7baeac2b6fbd4b5eff1e006a9ef2a
SHA512 57a5bc030acecc3f42d74775be749e3a48f60d765574a5e490f990ec06cfc694f39cec68073a369111609d85046cd5bd5dbe6747e1240cab9174557bebbc8894

/data/data/com.openlanguage/files/gaClientId

MD5 605bdb770cf8a3fcc86e22c9b3738764
SHA1 ad96ee5721eda863903edcf063c85bab7038d30e
SHA256 e758285aef7efca4bee4078393841338c3c82f42d5a4f445f3cc36363b87f769
SHA512 c9a43f879d1d5cd120e48a92646a832ba08b3f17691cfdb869d2d14ddeb2cb9cc9f622615096665cd1a5ae5176c0c6bb87f8932042c5a69749ef8d2bef954f1a

/data/data/com.openlanguage/files/.um/um_cache_1718343201180.env

MD5 e2af826166f6e972ef563592c9fc1790
SHA1 ae4851a5ba54bfba7fa085041894e7ba2ed60ed0
SHA256 a18a27c989cb7ad0e78f8dc75152c767ec32bc4fda29a24b7de930812defcb08
SHA512 482625dbc85de742350b0ff7dc27ac09a94117070f47b31e8b1e307f4659a592bf958ec3ee013ffa28f24c9555559633f7849634410155990c64f1fcf2429fdd

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 05:32

Reported

2024-06-14 05:35

Platform

android-x64-arm64-20240611.1-en

Max time kernel

64s

Max time network

135s

Command Line

com.openlanguage

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.openlanguage

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 oc.umeng.co udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/storage/emulated/0/.openlanguage.com/event/evnt

MD5 30058b4c7c0438240727fcd26c94fcd8
SHA1 bc301ef364fb21b95a3bea46e5e66cc3b73c9a96
SHA256 a30e0ad34ad0f601f2153bdbbe609e08043931fb28f89ba8e604b92d4c36ce4f
SHA512 684a17dfd8014f46146c9ecb378b750f52e516ef6ab95ca360a953224ebb3f6fd21ba142137bd8152d3a9012fca17825bfb73c1e1ea0cddede9f32222c2525dd

/data/user/0/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/user/0/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/666BD5E30304-0001-1179-73F9EACE2C98BeginSession.cls_temp

MD5 59edd131642084ba8bf513c1fc217851
SHA1 9f4b5559b0614bb355a685813ee309e692bc5bcf
SHA256 7ddf680677bd7b0e79797261e7cda20a64d3f06c195e5d596015ae8641b2c33b
SHA512 1f15499b11ac0a848ae67bd7a23b0378a47f3ef5f2ccb0325e0125cdd29a3fe38c2b655f3dfcb05e9d81710600c9b3f31cba9989d21a9589cdef30a75b4db572

/data/user/0/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/666BD5E30304-0001-1179-73F9EACE2C98SessionApp.cls_temp

MD5 1673177af8b944287e36132952851fce
SHA1 7aad60f5ca206009f14fc7ab312c6eccd660412e
SHA256 0d011d3c3deebd95a4c9c465aa9b2785a2fd74a36a887906308d9cc6b7b30138
SHA512 f362a4d5ed5c99ade4e9d7c44bbc948e76b961f27e920cfc2a05fdfb2fa445dcc8fc6ba33674a3433109224a2328d308cf30f059954bc5d4252551dabcfb604b

/data/user/0/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/666BD5E30304-0001-1179-73F9EACE2C98SessionOS.cls_temp

MD5 b3d9541cc92a9153d14e5160f8d8c008
SHA1 2e1ac80eb381dd82a03795b682f92020348c0113
SHA256 1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA512 78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

/data/user/0/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap

MD5 532c2b898cde8e9b3c14658e4be28709
SHA1 4be96116ed4b1590b570f82eae26112a2828ae62
SHA256 01ee8d4465d3e6f7cc784789906c88f753bc0a67b4f147277b69ac202146b171
SHA512 f3b3d4d5e4bbf2bf0507cc1b217314c0c22464348e468c6f1156ecfed699d497d53df73a13884cb4b0d962a071960b798621b83e8bd7048c529aa5d6b06058a6

/data/user/0/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/666BD5E30304-0001-1179-73F9EACE2C98SessionDevice.cls_temp

MD5 1f68b10f9e94a30df5472df899af197f
SHA1 5b7708b00660a613b19d56932840cf992ab45943
SHA256 5ada8fe7497683264a8936446bb4dc89e5fb13e8582793422b1bd0d01e017733
SHA512 b7c8572abbb4726afe88356e56395038c96015699b63fe4b792c7d105720a28cc05a48c7ee8a500066045fd3dd0e0367e1ef1e7ffd6709c45ae7e3740a92066c

/data/user/0/com.openlanguage/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics_to_send/sa_903ae9f3-2508-4608-ab9c-7c3a2a3de048_1718343140138.tap

MD5 aca6aa2ac153334c42309d5f6b1d7947
SHA1 12a25bbba1b06a02fe493e017f09910f8b45cb41
SHA256 6a12ca34c4c4e5e917b8bef1ac4acb9ec7a497f9c06553c683273dc56547cd38
SHA512 a70a56eb4142916ca3e63291ad7f18e087d5e6cca8b506ceb290007f70e2c13bb7142023d4a26c815345f729a93a5de7eff19c11d18c2fc7200c0dc0473eb39d

/data/user/0/com.openlanguage/files/umeng_it.cache

MD5 2a5b6ee0d074f1b274c0fcd14ed1feb3
SHA1 3218279877e5c94bc66dc3421b661b40293559fd
SHA256 c6ad376090d85c6fa7772d96111b42898dad789120074fff42472d5462224763
SHA512 5dd9f20a162c6cbd2bc161967edbaa2ed3a3d5705400f16d4fdc1594901c05ba9810f92147df02c73a3b028181b66449ec4071271327f48a05fe11303dd81061

/data/user/0/com.openlanguage/files/gaClientId

MD5 12137fe01acf6c887be73b2a65784cb1
SHA1 c498392bfdd6acf6f2ded4215ed09c67f3f90845
SHA256 cfb1dcf66342ef07e2dd09a8e08d6862c642f9313b585fb816a69b62a9ce278d
SHA512 0e4285be9bf5ce74040a3afc544b37c3d148a3fe09c2cda4b5af2319ba760261d037b787edfa227c24a72eb1d32920b0f96dc4310f09530a2e801068ad4fea01

/data/user/0/com.openlanguage/files/.um/um_cache_1718343200763.env

MD5 c8d94931e63c61f9c87dea0660470986
SHA1 5052d3fe63c54f8066602e94dfa7f59334675701
SHA256 110fe01d08f030c11b573ff8c433b141d082354f3a5f6f647acf301820eb4de9
SHA512 00a7c3106edbe9446956ba820ca03e819183035ce2261e7edd10300b68c0109a0f8a480a38f5befaf0a644c4beafe154cb992adeba988d8bcabe989282965652