Malware Analysis Report

2024-07-28 11:35

Sample ID 240614-y7gydsycjm
Target ab4e9687a26fc5b0ff18ae9795e96112_JaffaCakes118
SHA256 11c17b2763dc00b5cf89e0856bda2238d59c580d3fa45211dae32ca4b5b21b84
Tags
banker collection discovery evasion persistence stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

11c17b2763dc00b5cf89e0856bda2238d59c580d3fa45211dae32ca4b5b21b84

Threat Level: Likely malicious

The file ab4e9687a26fc5b0ff18ae9795e96112_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion persistence stealth trojan

Removes its main activity from the application launcher

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries account information for other applications stored on the device

Queries information about running processes on the device

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 20:25

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 20:25

Reported

2024-06-14 20:28

Platform

android-x86-arm-20240611.1-en

Max time kernel

178s

Max time network

183s

Command Line

com.lebk.amso.zvrk

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.lebk.amso.zvrk/app_mjf/dz.jar N/A N/A
N/A /data/user/0/com.lebk.amso.zvrk/app_mjf/dz.jar N/A N/A
N/A /data/user/0/com.lebk.amso.zvrk/app_mjf/dz.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A
N/A alog.umeng.com N/A N/A
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.lebk.amso.zvrk

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lebk.amso.zvrk/app_mjf/dz.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.lebk.amso.zvrk/app_mjf/oat/x86/dz.odex --compiler-filter=quicken --class-loader-context=&

com.lebk.amso.zvrk:daemon

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ip.taobao.com udp
CN 59.82.120.12:80 ip.taobao.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 c.ioate.com udp
CN 59.82.120.12:80 ip.taobao.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 59.82.120.12:80 ip.taobao.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 59.82.120.12:80 ip.taobao.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 o.pmuro.com udp
US 18.208.156.248:80 o.pmuro.com tcp
US 18.208.156.248:80 o.pmuro.com tcp
US 18.208.156.248:80 o.pmuro.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 59.82.120.12:80 ip.taobao.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 59.82.120.12:80 ip.taobao.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 59.82.120.12:80 ip.taobao.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp

Files

/data/data/com.lebk.amso.zvrk/app_mjf/tdz.jar

MD5 293ea5f01e27975bed5179ba79d80eac
SHA1 c5b0806a537fd1cb753e11f1a9684933317716b8
SHA256 8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512 c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

/data/data/com.lebk.amso.zvrk/app_mjf/ddz.jar

MD5 23ba0b249042b7ba33e92c0199b0ea4a
SHA1 99b13ee9f7307316c2337953fceed87e9942b794
SHA256 1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA512 0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

/data/user/0/com.lebk.amso.zvrk/app_mjf/dz.jar

MD5 a54a18b58c6720991c021f433dfb2a46
SHA1 d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA256 3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512 e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

/data/user/0/com.lebk.amso.zvrk/app_mjf/dz.jar

MD5 9b47e78a6ff90cce5755ce4742047627
SHA1 831b24aa9e116eb8d7065efd430088d419dfd6c7
SHA256 30d7699b73fd7f276945415c405c12bff69c5958d12f56265a768443f6fd8cae
SHA512 4587a5b26f13cbd0524eade71ed29203fc55029fe150fce850016aa7d9c578623cdc4b6a551bed3dec9e31a39563f8927cfcc9d21e2d83c2c781808b958446fc

/data/data/com.lebk.amso.zvrk/files/umeng_it.cache

MD5 7100e59cf527045a9f9bddeab5c6930a
SHA1 0350c77c3be74f79fef6c7af3de51f3a6e62c32d
SHA256 2ec5a04d3e394b5f01841ff8b43c262575489330931a75ade4d151e11eeb0435
SHA512 a7277b322169d1d25463a56b9289b58f4a9792ce50d7f09682954d7756a47d4c5ae18c0b1116f45f7fa7fe19703348fae0eeae9478e2b64982b890cba99117b2

/data/data/com.lebk.amso.zvrk/files/.umeng/exchangeIdentity.json

MD5 a7c13f56b31855b81901976309dbbfe3
SHA1 8db2a733bd687b265636a2031d87d5bdb3f22f1a
SHA256 896d7e107e36904176418dfa403f8cb44c746087ae6591c31259e7e79efb9be4
SHA512 bd441c17dd41597d5f8b0f3739851dc9c841201322507af608b13b9f0b3bfd44a4e8f3f02d1ff19a47b8034be6c0953a5def9597176d65dcd691cd8cd92093fb

/data/data/com.lebk.amso.zvrk/databases/lezzd-journal

MD5 faa5ef23f37ee2be43f0f2ece1097f48
SHA1 0368a4a8515c121bbff4b9ef53ed9ab628713deb
SHA256 b659b3708814f3d88abb66af4c4b708b8698b4c3c86c254c1bd96dd23a5f2273
SHA512 2cb523ec4e91eeaed01b366a720390829413b4f310755c18c7c46db86a2ce9b4d827a90f8e644daa93a4cdddacc83cbf8f6718bdba776e40beecd233c43fd8b0

/data/data/com.lebk.amso.zvrk/databases/lezzd

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.lebk.amso.zvrk/databases/lezzd-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.lebk.amso.zvrk/databases/lezzd-wal

MD5 c76ed7a83a63ae5e13eb612fa8582906
SHA1 d4641059d6c9b8d0fa011e57f2072e4032759495
SHA256 7c2d40100025b3a328f0978880002fa0af501c8698e5cdc377163deece972b04
SHA512 75282e9a29b2b9331e58bab8cfc8af0754e900f5b3ad240747d0c2edd24463bd638e946d38bc175936ab823109717f12810b604ec5cf26c3f2879dda1ceb898b

/data/data/com.lebk.amso.zvrk/files/.um/um_cache_1718396798113.env

MD5 5bcde1c6db8c719e8637ce746858c941
SHA1 a3638d48186c8cf889810de2f686243ec95bbaf0
SHA256 a47e3fec8beb5c78c958bb6f2adf09ad37fe9682397ff6cf4dbdfe23458ce89c
SHA512 b80f7168b6a2bb70c12cfc6908c7c84c8996ef67668585a5efe4bcd640af7be67f8bacc28fd043ba5a79e2dda2a5a6868ab08d587297976f24b4698b86814166

/data/data/com.lebk.amso.zvrk/app_mjf/oat/dz.jar.cur.prof

MD5 1ea39eaa8f4460fd72b2dbe255983cc9
SHA1 39dbde1e442d8a81fdda8484b63af5a6d50c77ba
SHA256 db56e380cd9cb8b4ba74f37eb6b2a7f18c903a765d444716a7bfac49152f027e
SHA512 b2403592f0c650e8b7ef3d366e032f7b9c292f9d3bd938409e5cad2ee220b9b3e0ab2dce5632ce0af37a5d705303d86a2064eec4803352b92bca848e23d807fc

/data/data/com.lebk.amso.zvrk/files/mobclick_agent_cached_com.lebk.amso.zvrk1

MD5 df93f91b52421711cb239140aa07e132
SHA1 32e8261eb9cc771c6ac1bc5900e57e7a950321ea
SHA256 4e7090dfe9be6289fe832b05202ffccd09ae7691819e2e1cb85dfe50ba5c23f1
SHA512 ced6f5cffb39c1c937c0803af6e6a383932a5d369fe785adf94ad765dd89d68aa3611bb53de2b811fab6d97ba879d18fee8e2aaedcd758cf0a64ca1f08aefaba

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 20:25

Reported

2024-06-14 20:28

Platform

android-x64-20240611.1-en

Max time network

168s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
GB 142.250.187.202:443 tcp
GB 142.250.187.202:443 tcp
GB 142.250.200.10:443 tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.16.234:443 tcp
GB 142.250.200.10:443 tcp
GB 142.250.200.10:443 tcp
GB 142.250.200.46:443 tcp
GB 172.217.169.42:443 tcp
BE 74.125.71.188:5228 tcp
GB 142.250.187.202:443 tcp
GB 142.250.187.202:443 tcp
GB 172.217.169.68:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 g.tenor.com udp
GB 142.250.200.42:443 g.tenor.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.200.42:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 20:25

Reported

2024-06-14 20:28

Platform

android-x64-arm64-20240611.1-en

Max time kernel

179s

Max time network

186s

Command Line

com.lebk.amso.zvrk

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.lebk.amso.zvrk/app_mjf/dz.jar N/A N/A
N/A /data/user/0/com.lebk.amso.zvrk/app_mjf/dz.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A
N/A alog.umeng.com N/A N/A
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.lebk.amso.zvrk

com.lebk.amso.zvrk:daemon

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 ip.taobao.com udp
CN 59.82.122.165:80 ip.taobao.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 c.ioate.com udp
CN 59.82.122.165:80 ip.taobao.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 59.82.122.165:80 ip.taobao.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 59.82.122.165:80 ip.taobao.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 o.pmuro.com udp
US 18.208.156.248:80 o.pmuro.com tcp
US 18.208.156.248:80 o.pmuro.com tcp
US 18.208.156.248:80 o.pmuro.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 59.82.122.165:80 ip.taobao.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 59.82.122.165:80 ip.taobao.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 59.82.122.165:80 ip.taobao.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp

Files

/data/user/0/com.lebk.amso.zvrk/app_mjf/tdz.jar

MD5 293ea5f01e27975bed5179ba79d80eac
SHA1 c5b0806a537fd1cb753e11f1a9684933317716b8
SHA256 8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512 c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

/data/user/0/com.lebk.amso.zvrk/app_mjf/ddz.jar

MD5 23ba0b249042b7ba33e92c0199b0ea4a
SHA1 99b13ee9f7307316c2337953fceed87e9942b794
SHA256 1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA512 0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

/data/user/0/com.lebk.amso.zvrk/app_mjf/dz.jar

MD5 a54a18b58c6720991c021f433dfb2a46
SHA1 d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA256 3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512 e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

/data/user/0/com.lebk.amso.zvrk/files/umeng_it.cache

MD5 8aadffc8fdaf95f9282667d02943205e
SHA1 313a80751e8fdff076345af6c0a98334328eedd0
SHA256 6a7fd13ee8abf6e44716f2cdab870bb6f30b3da8ee7598c8640d29770ecd2f2e
SHA512 0adccc648cd8be83d62511b2c7d259f186de88ffdc7165906230116e982be0447a4920c6c9eea582f791b494e3531359424011dd6a2b09abc73a7ce502af4402

/data/user/0/com.lebk.amso.zvrk/files/.umeng/exchangeIdentity.json

MD5 79292c007214faef7af4c89be335450b
SHA1 cd3bc6501244373069ea3099bbad2d07c7098ae9
SHA256 b9b46ab0d26ff0b467c7abc25c9ff4f8a08145f1f7601ecc8a6884906e0aa350
SHA512 9c6705a64b078c0e56cce980c23b133641fc3a917f54af7560fabf1998208ab65fa35dcf44312bbae542ad7083ea9e3713bef72553fbc7648a510ca01f42db64

/data/user/0/com.lebk.amso.zvrk/databases/lezzd-journal

MD5 a7976c897a430250bb88dcb9b8089a99
SHA1 06e80838fd0d727a45c838871a17a8762313d9af
SHA256 e52742be27e9a19c7e27f6da972a974eba4b2052a6226478ed691dd9fb6f457f
SHA512 ad419f730d64843429368c63b43050d4b2cee80f94811a3f9e99024bb099fc1472e9c914e3ce2798b8033962115ac976c38d4ac173dfe9d58eab37ea72d03c0e

/data/user/0/com.lebk.amso.zvrk/databases/lezzd

MD5 fdb8a92e5060ce104e8f0faca55a47ce
SHA1 270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256 194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512 ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

/data/user/0/com.lebk.amso.zvrk/databases/lezzd-journal

MD5 c9aa26022d6ee12cf7d4f3575fd5f204
SHA1 c61a22ff8e575e23e93b25805894f1a83d84917e
SHA256 4389adc40c4936fae7b2c73b337ace8528571163af7d617bef1a214042aab99f
SHA512 66e4592af6b46ec589a8b0533de8717a9f5385341a8413dda718eafef3f2804d3e25bb5be4677af85e2884f53dc86148f6c42559998f36cc4541b00c444ce0e8

/data/user/0/com.lebk.amso.zvrk/databases/lezzd-journal

MD5 9fe032f7af384bcadcc91d4f3ba7080a
SHA1 34913a21b0e9af5a3a10cd8ee46e6c0697e6116f
SHA256 8e824392698aad6dacf72d26fcb5365eb0654499dad438be10435c1441ade703
SHA512 e68e615df5f007a04a491a7e0db69f75ebd445ff3b502c7fd9f816599d59fa79ceed265993b28daa895f6c6891ef73f207630006247794e119ca0a2c73b68cce

/data/user/0/com.lebk.amso.zvrk/databases/lezzd-journal

MD5 cb2f257b5b14b2b1698e830cc91c86ad
SHA1 fc99e1aa0621e551b6d0227eacc42ce7fd670e5a
SHA256 85468b05fc01c8433dd26e08e2ea798a878c9460293f80e9984d409e58b9d06a
SHA512 663dff4b2fd54a44dd5b874cb6d31083be980f1bac4ac244279213eb149ddc6f2edda36ba94fcd74fbcc6394405cc4470a2d836a0464e45019b21481ed9c9f84

/data/user/0/com.lebk.amso.zvrk/databases/lezzd-journal

MD5 2c5c507241857b85fd89bcbb2cc79c40
SHA1 45699052798d90827b181780b3ba44bd6666a40e
SHA256 28617885258b0aec9ca10b8d610f0dc954f407a54064bfced3a2fd3e2bf83d05
SHA512 8c5c53f75e229f6adfdc0334da76a070faf9a0fd44638aa1ec99bbd87a84a83649011ec42cf02e7732ea0ae00e2225346bbed80576406379f4cd0c494acbe1f6

/data/user/0/com.lebk.amso.zvrk/databases/lezzd-journal

MD5 735ea92a954840dfde8f763d007c0495
SHA1 7238726d3b46a7e2dc7adfa84d9957b656357323
SHA256 77469aa582413d92270863d94a5f67827e859776fdd7b511b4755fc461fac1b1
SHA512 077b66d270c1e35b458176cff80d6885f0e235c6c3cfab31be99cf7f57174bb008d650adfd07164864180fd5aab2e201286bd7692086d854b73e4617e59b9d55

/data/user/0/com.lebk.amso.zvrk/files/.um/um_cache_1718396798822.env

MD5 7813777513d80966223079cb2508de80
SHA1 7565dea94f10b1523561633fd7aafb3a5fac6315
SHA256 eaa553bd106c193317e64fb13d85aa60a7b29e278765fef93307a9df74a92f8f
SHA512 46684275bc4f0cbd4359cb39643e0408edbc805f6d7cb0ad66a0bd3adbd94b09da42b29acecd5a1521dded1256ae37603530d0bc25aab661acc9d7f7ad2519a6

/data/user/0/com.lebk.amso.zvrk/files/mobclick_agent_cached_com.lebk.amso.zvrk1

MD5 9258df0eab168e3d6807f27761ff7415
SHA1 3bb2e7ac0eccd2ce08a710b363f6ffdbf8ccc792
SHA256 b82aeb349ff2cd79cdb997cc7540154900fda4cdd69c1cf7b714ed58f0ff34b4
SHA512 37a7bec177c9e4e416513af93f294ad420d69c8aad7e42876bff5c73017c5b926c7fd98c6a17b99f6accb5ad383f202131ec3a47a975a2f33da7f01a0c7986e6