Malware Analysis Report

2024-09-09 16:02

Sample ID 240614-l4hz3awbmd
Target a91c56dad9ed8320e45d0f30b7dbbea1_JaffaCakes118
SHA256 b387a0ebe68de7f402a0f4100f59f4f35d602faff645e2e2cdfe1755447d1828
Tags
discovery evasion persistence collection credential_access impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b387a0ebe68de7f402a0f4100f59f4f35d602faff645e2e2cdfe1755447d1828

Threat Level: Likely malicious

The file a91c56dad9ed8320e45d0f30b7dbbea1_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence collection credential_access impact

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Queries information about the current nearby Wi-Fi networks

Queries information about running processes on the device

Queries the mobile country code (MCC)

Queries information about active data network

Queries information about the current Wi-Fi connection

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 10:05

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 10:05

Reported

2024-06-14 10:08

Platform

android-x86-arm-20240611.1-en

Max time kernel

2s

Max time network

131s

Command Line

com.yxxinglin.xzid13172

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.yxxinglin.xzid13172

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.68:443 plbslog.umeng.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.169.10:443 semanticlocation-pa.googleapis.com tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 10:05

Reported

2024-06-14 10:08

Platform

android-x64-20240611.1-en

Max time kernel

158s

Max time network

184s

Command Line

com.yxxinglin.xzid13172

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.yxxinglin.xzid13172

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.177:443 ulogs.umeng.com tcp
US 1.1.1.1:53 open1900.open.7724.com udp
CN 47.102.225.24:80 open1900.open.7724.com tcp
CN 47.102.225.24:80 open1900.open.7724.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.78:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp

Files

/data/data/com.yxxinglin.xzid13172/files/umeng_it.cache

MD5 b27031759bff0f1326775721182bf442
SHA1 7d174dfa463705fa71de19c5cb0cdbf659696dee
SHA256 bc737bc9d461500695f79d8f54f3c428e14e9a447c72559397b13ee9a3c2bdb5
SHA512 9c054614bd0cb6e969116ff974ead88f71a82e5912523b77d3956786563a7c84119380dc1c716e173e105d7dde9ba0a91b12e9c968817adf8dc9fc7a24ccde37

/data/data/com.yxxinglin.xzid13172/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzU5NTE4Njc5

MD5 61c39ce5cb4f6e61cab3a2616c0fade2
SHA1 8bff7bb9c2f7433db551c6f4680ba7794658a5a2
SHA256 a33c38123e545f6a7a279aa25ff4b22c3aa59099958900f7a30296a24be7e44b
SHA512 ec4413c3946bb7171a6262565a2949ef8208dadb567d1c2352a001db6a15b24c4d8ae186d91231889c489ff0e0acff847b1d12af6cf41adf94522dae891aa81f

/data/data/com.yxxinglin.xzid13172/files/.umeng/exchangeIdentity.json

MD5 b885a6e20fd75127ed3c19becd47a36f
SHA1 a41b7da1e047f29f9d50761ce913e57495dad642
SHA256 2497e1c49c5e67fca3ec8d7bbee9db298a1a8f98b3d7636da999181ed1fbac4d
SHA512 1256900198adf656ba6e3d13b9812cc46a603f7947a6278476d3e19c17aa99cbfdf4d89bf2e6c7c098ad8890ddaa08a2db1a57fe6c82c5e940bbc1ba7666f3cc

/data/data/com.yxxinglin.xzid13172/files/exid.dat

MD5 dea092318ca7acce21a65ac85c9d2b11
SHA1 fc24ec3a8fbcb48a2e9141ba61da0fda5ef6d398
SHA256 425bf26238882f2523d92eaaf10e61134c6ab0f370bd688375765f6a23ecd946
SHA512 8649bf0d9a7949d46190edea839c2ce17ca4db1b7babaa22310386cfe92db83b0885815b0a6b8fd01254d1ad58f098a0089e068e1f67123fd38a72f635e45d18

/data/data/com.yxxinglin.xzid13172/files/.envelope/i==1.2.0&&1.0.0_1718359519051_envelope.log

MD5 681d5b7b685cd5156637b6ca4421fcbf
SHA1 6dd1e90ac1392a8a3b67e147578a1304d8ba99c9
SHA256 fa73c9214b83a1a2b8b8377fd55cf5f620ad162a0cbf73be9f9a52e76ed2c1d7
SHA512 1507436e22d8086b6ac3d5e9453175385bb0eb4fbff7770362a580a45adbef46b928d8902d32289647b6f94360147ae9c9c9379e2edc02482df11f26ba0176ec

/data/data/com.yxxinglin.xzid13172/files/.imprint

MD5 bc6f4f6b9f545ae225a6143189840e2f
SHA1 6eb0b40f8840fdf0f927e03a8ef3ba7b374723a8
SHA256 31d67fc83070d177f93504a03af9045b8b16b5b34e7b5067c78801756c624f04
SHA512 7eb825c358e95b5b21aed4df1012dc8a5fc0131cab03ea345421ad5767da8bfeb52f333537dc572fad8137171e3ed3e1f1e2f38754eb5c02bb520a8602293f43

/data/data/com.yxxinglin.xzid13172/files/umeng_it.cache

MD5 0001603c299fe6cce8b94cd8c7569ffb
SHA1 7b745d14e3a7baf568eac74310e8e41cb1c6784b
SHA256 5a1fc6b475e07a39c188d55cd54f71ab7c14fa28c1a10cd9bafbf37018d171ff
SHA512 82a90238d006ef9ef7653775d0d7eac9ad801d57acf9683d7c3d2a9a2a6a7784474aae1224c42dc612ad1f6bd82e7eaacd5b6dfda0ca8a6bc434c1190798abf5

/data/data/com.yxxinglin.xzid13172/databases/ua.db-journal

MD5 ea23798460d8e7efe53d58fa90fecc28
SHA1 65e3bdb5133d1803144c2ebd2a7f8197717f9673
SHA256 0432468365a7eee5b145ea14410638b11cc1bcc966dd9ccf5c1f70310a8096d2
SHA512 9cbfd8b8ba37717b17ce2e390ea6962c07554971ef60817329353bbdccb904d732051697dc1cbad6914ebd33733351db6d0139f31e262666c03e9c448a0f2889

/data/data/com.yxxinglin.xzid13172/databases/ua.db

MD5 b7036131b84bdf2b66c67fde18d62308
SHA1 18b1e5a358d68c846495cab5cfef7c6679659093
SHA256 c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295
SHA512 256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067

/data/data/com.yxxinglin.xzid13172/databases/ua.db-journal

MD5 94d6504ad91ad35b8bb7185140a3bc1e
SHA1 0039151119beef10d6f317bfe75a416d2e3b89d3
SHA256 e3bc6e9e7df1052f26ee782677732f2c03b1cd5cb8da34387df32061231b106f
SHA512 eec412f721a16c09d7d78388c863e5b641d74962ddf1fa37ac3f64a24a906c434f9b6d9d620ea12402124dd8fae092d98663cd4d2bcc15156ab6c4db03d0fcb1

/data/data/com.yxxinglin.xzid13172/databases/ua.db-journal

MD5 c2d0383a01fd2f87f209426edbdc3f68
SHA1 e1f69e9acb2c3839248a1ba837a0722a1504374b
SHA256 e8c678961b3ecd60a4b7e335b64ab84750921410d0ed58ed78cc826c77bbba30
SHA512 cb5e244f52fb5256557eb2c0f8d5f8c3890d966250367e1ea8b2bec620d70b789cabb7a8b9a3787f0b833b68c4e1a9aec95d22073a7bd6b6263fa9b43c5679b0

/data/data/com.yxxinglin.xzid13172/databases/ua.db-journal

MD5 a617ae307a0b8840e021250d4145e09d
SHA1 1e409f69d18d14af0150e5e9d2726e15d815963f
SHA256 1e76263f99432474e04a2ed406d63c13c15d12adf859874340d5b41187047962
SHA512 9c49a9a1050b26c545abf04ce25c80f2c4408139e77d93e7ac2dc2a58c368950d5e11ea381a87ec0b3167bd76c522175854f789d46c2cda0e6287fbdedddcd7a

/data/data/com.yxxinglin.xzid13172/databases/ua.db

MD5 a3c2ff0640b97827108f9203925ed5d0
SHA1 9ada11ae195769dfdb46ac3c61e02e32658b7a5a
SHA256 751f3b4e6e2b191aaa2daee553a8a12d98490407c255d04b7dbc21f612be5291
SHA512 1346f0aaa874123880ecb2ec592d21253798ab13931b854fa2d8c12978d7e05aecab96475265b87834d1b70d6fc013e866fc4b348bbe30c6c6c1f306a6a18ffc

/data/data/com.yxxinglin.xzid13172/files/.umeng/exchangeIdentity.json

MD5 ef44759c26b62024957a336ff79dd993
SHA1 6505340fd57e7c1bf79f26ec14588c093092a302
SHA256 f293fa731e9f03d495d66f371f677d410e0dab4369485e650ce2d79840347132
SHA512 9ac4e44a3cfb93b205ec598b53f64750c40034cdb982fda6d5f37f3de6279cb5955d08970045244ad86e5f7ea8d56b9b960f341f753db37fcbd0ab789750112e

/data/data/com.yxxinglin.xzid13172/files/exid.dat

MD5 0ed966ac335fb30a30dafc93410d4f4e
SHA1 3845c1289e1ac1bbad6765653799d738e6e1fe45
SHA256 0039b29f5aac688500167ae8a6ff1ae4c69b3724a48f6b36051c6889d32f397d
SHA512 ee97287cf7ab3d7027f86e1c2b26583d0914dbbceee6ace007d4b32c8d8fc9c8b48dce1876ff0df5533eb8f090f8b0444fb7f50dc863072c6096fb597187c488

/data/data/com.yxxinglin.xzid13172/files/.envelope/a==7.5.0&&1.0.0_1718359523915_envelope.log

MD5 01a2d1224a1dafa90a9c946e432cd267
SHA1 261741cc49c52f9598a608408d6b020b8ea7a510
SHA256 980f0c023869ccdd39d948f4be30f62ba8c63eb4cd760efa43e24dea77981094
SHA512 1e2da28a107434eb5b597474fa80f2eb87ec967b86b66c20a8b6dee1d76a0c4be64ad43e440b003a591a19ae214d5d35716538cc1c626a78649dce089501d231

/data/data/com.yxxinglin.xzid13172/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzU5NTQ5MDY3

MD5 d9bb3f7008a80e2ae5d2377e68dd3ac0
SHA1 8b66efc7bf680d1a9dd955e3ceff76b4507ca81d
SHA256 0ba07831a62962cb2f018e8c6f2c387d61ba85209a84b1a695474ce93816f958
SHA512 3aaf1761d585cd5fecf5e33bce421daf1a8cd0027e3d8cf50ff7650542a9133162208fb695f3e98c72997b9316f36ab41a4dc72e03b05ec83e6426855cc0a09e

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 10:05

Reported

2024-06-14 10:08

Platform

android-x64-arm64-20240611.1-en

Max time kernel

159s

Max time network

179s

Command Line

com.yxxinglin.xzid13172

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.yxxinglin.xzid13172

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 plbslog.umeng.com udp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 open1900.open.7724.com udp
CN 47.102.225.24:80 open1900.open.7724.com tcp
CN 47.102.225.24:80 open1900.open.7724.com tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 36.156.202.73:443 plbslog.umeng.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp

Files

/data/user/0/com.yxxinglin.xzid13172/files/umeng_it.cache

MD5 cbc14038e694fd733342b910be586fd1
SHA1 cd5e6af2e5c18b0021b2e0edeb8a4b96ed787f3d
SHA256 9a38a685ca0d7d3ed0d89e8b2ca937b407fc80ccd91ac486059d6db05bf11ea2
SHA512 8430ef23103d96302e9962d28fdf32804df14e85a78696c5be1c54dcdcac8bf41a0b95fba6be001475bb252f6c3c38d6ed8fee8037ab8a45c2c43c44fecdce8d

/data/user/0/com.yxxinglin.xzid13172/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzU5NTE5NDA4

MD5 748302a137bb8d1f7fbdbd4dc8521120
SHA1 8ee366d2c041de713f7e19fa242819814398638a
SHA256 09249572b550c598cd38b09bbeb3f74124edeaad92b3c90915e0896d1335e294
SHA512 8c2a3f799cc7267d31a25bf6a464ea297dc8177a9ef40d7d3fe9027fa782b63e920eb6051e8af7a98e5b7cc525fda695a212b2b49c6368bd1e38ff50ddfe7836

/data/user/0/com.yxxinglin.xzid13172/files/.umeng/exchangeIdentity.json

MD5 50dd75f4799e426e102af43801f42646
SHA1 e9f271a5796f272a7bc81fbd635edcf45cd2185a
SHA256 520aaf9d6995643c17e307bb2b9f404d1f3ba93b620340447b0e9cef60398d41
SHA512 a7d0b9a040004b6cc6842f6e9d5b281fa5234c68e717cb47ef8c7775231a029e73d021a29565b62e31234886735862860e40f1044d838af400e6f9a39f6d80b5

/data/user/0/com.yxxinglin.xzid13172/files/exid.dat

MD5 dea092318ca7acce21a65ac85c9d2b11
SHA1 fc24ec3a8fbcb48a2e9141ba61da0fda5ef6d398
SHA256 425bf26238882f2523d92eaaf10e61134c6ab0f370bd688375765f6a23ecd946
SHA512 8649bf0d9a7949d46190edea839c2ce17ca4db1b7babaa22310386cfe92db83b0885815b0a6b8fd01254d1ad58f098a0089e068e1f67123fd38a72f635e45d18

/data/user/0/com.yxxinglin.xzid13172/files/.envelope/i==1.2.0&&1.0.0_1718359519472_envelope.log

MD5 2203577a345e20f59e421e102a3ca83a
SHA1 4981c63987c3d4844d10857f9b4e18865d99aa2b
SHA256 f0ea160d4d2fd04a9ab46af9cfeb491ed83e25915b3c2d877d1cd7067211a05d
SHA512 3b44a22a21a94770236615f6fefbd9330e6f1221ee35085885733c4afc0dc3b8012f77b90cf1a8eefa3864c7a89d393beb1ed0c2434ddfbf46e1a937682c82f0

/data/data/com.yxxinglin.xzid13172/databases/ua.db-journal

MD5 06b68d26b15e83a6f0751fdf8d55ff55
SHA1 4c2b46e93c8d40bb400bad9e9e36bacf7adfa21c
SHA256 ff19ab7c3a7d57b1e6b12f3872d2eea6dfd495e167a9f57e4fae256642ec7dfc
SHA512 158b3b3a8acf37637a7ed7c61d48f8794c8aef13d8d1ed6543a3c5bb9a0ba3fd4c1332e18ebf6b121bc402d47cca5caf2be14aee6f462747da8d4eeb54547186

/data/data/com.yxxinglin.xzid13172/databases/ua.db

MD5 4a8120c91e3143b2db43971dbc77cf8d
SHA1 37c5700d35059c4e0a718ced73b3d73ba5d2b277
SHA256 1fa1b6e6bd75bcef64d35785e2fd6f2e73dcdf92dce73c8b2a8fed49746d53bb
SHA512 465cd282927e30a0a894a75ad261feddde5a31869c8cea6b548362afce08fbb7cff7a784bd1d62c3e4c95916ce30e758d3919dd4cdc13176f29d68c2620c185c

/data/data/com.yxxinglin.xzid13172/databases/ua.db-journal

MD5 15882de06bc6393bcd14605f2e5b5eee
SHA1 06daaf35096945d397cc7ea56622cbfafc4f313d
SHA256 e0010e78efc61f8fc4b203d982ca0b1a371caf8ca7898a101c9c4bb582596f60
SHA512 c965563de1a2c54cdb10727dea6673835afef0ac58f4167620dc5b731b787c0b30dddd5b12b409170b2e9f6e996e6b65e5384de79f5cdc6a4af1dad4ac14930b

/data/data/com.yxxinglin.xzid13172/databases/ua.db-journal

MD5 9b32c8b530b7910b53542e68ec1ef336
SHA1 0d3f8764a9427227ff620f3ba0a836eb37bba51a
SHA256 a8122a1f68a19aa9de0060ded325778c7b2ecc626b449049b4202d744abd64b8
SHA512 99476b5172c13b197f86684b2b48bb738fe8089229610dae003d0aeceb700893bac8be9f7791fe4c8104efc7763c56d9159de16db386772f8622510a47d66936

/data/data/com.yxxinglin.xzid13172/databases/ua.db-journal

MD5 e697cad7b3ba63dabf6b1e85afe8983f
SHA1 e84c4478f5eaa6a83c7515f74d419739124ae67a
SHA256 5bde69fc6adfc0559ba1a7e1503e033c7d46af443a02f0c5156660542cc8a884
SHA512 757903cea36ef2a75af0d7db406731e683beb2375bfc615be9498d848c9cadb096ebd45830ca52eb3d1d05a6b34976c1c738752feb06a96865191d0c140a783d

/data/data/com.yxxinglin.xzid13172/databases/ua.db

MD5 d247d8af344acf30d4a65fe408ce6327
SHA1 e3668c2ff5fd92e784d799568462214659f383ad
SHA256 7f0d1edc338508bdfa77dccf7f85322ffcf5a10156ab77d3435f123349be00d0
SHA512 25ba65bda718c29f766c70d989220635d86b84f97a940b46b06f24c527056d6611191549274414df917aee30e1522cce54856e53b4f41954dfc6239ca18b9dca

/data/user/0/com.yxxinglin.xzid13172/files/.envelope/a==7.5.0&&1.0.0_1718359524586_envelope.log

MD5 91c4ea075b2cb08252d9d01e2a12c321
SHA1 96ace7b69e7c82ffd01e97dcb9a76c463bc951b8
SHA256 3e41161420dcd4a97acb652e962f790d0a0a0665ac6665cbd0d7e67fd03fbb1e
SHA512 a4cc411ecf0706533b3baaf1ca6b2696240d982ec25c6e2c660f617df9f3ee09eea55d352d05792cbd4d64fc71a93f6b8a79ce5f08d0be697423827402609218

/data/user/0/com.yxxinglin.xzid13172/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzU5NTQ5NjM2

MD5 77bcb5656fadcf886fe15505f2ac9662
SHA1 de9ed9bbd900f8d416ec01f776d3c56313f6b143
SHA256 042c2dcc5e495a01485ff5fbaa1aa0c755f38b6fb3b17253108bd7ac440380e5
SHA512 fba2a0585a90daebd6f59a49ea5ecf52535b25845ad071c5ba717f6d7f84ba202bb1e52e05ec9399049c8937e266b2bf7761b0afbb77ec9ebe53dab24237318a