Malware Analysis Report

2024-09-09 16:02

Sample ID 240614-yq5ywstejh
Target ab37604d358e14b04b168958ffee394f_JaffaCakes118
SHA256 5715d92386ddf114141721977e1f88bcddfc05d255b3b9de58748a35f54bcd4f
Tags
banker discovery evasion impact persistence collection credential_access
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5715d92386ddf114141721977e1f88bcddfc05d255b3b9de58748a35f54bcd4f

Threat Level: Shows suspicious behavior

The file ab37604d358e14b04b168958ffee394f_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker discovery evasion impact persistence collection credential_access

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 20:00

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 20:00

Reported

2024-06-14 20:03

Platform

android-x86-arm-20240611.1-en

Max time kernel

68s

Max time network

158s

Command Line

com.zeptolab.cuttheropexmas.google

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.zeptolab.cuttheropexmas.google

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 installs.zeptodev.com udp
US 1.1.1.1:53 saturn.appads.com udp
US 1.1.1.1:53 saturn3.appads.com udp
US 1.1.1.1:53 api.vungle.com udp
US 1.1.1.1:53 saturn1.appads.com udp
US 18.209.125.252:80 api.vungle.com tcp
US 1.1.1.1:53 saturn2.appads.com udp
US 18.209.125.252:80 api.vungle.com tcp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.66:80 data.flurry.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 18.209.125.252:80 api.vungle.com tcp
US 1.1.1.1:53 titan.appads.com udp
US 1.1.1.1:53 titan3.appads.com udp
US 1.1.1.1:53 titan2.appads.com udp
US 1.1.1.1:53 titan1.appads.com udp
US 1.1.1.1:53 bms.zeptolab.com udp
NL 5.79.105.91:80 bms.zeptolab.com tcp
US 1.1.1.1:53 vps.zeptolab.com udp
US 1.1.1.1:53 api.mixpanel.com udp
US 107.178.240.159:443 api.mixpanel.com tcp
US 107.178.240.159:443 api.mixpanel.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp

Files

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-journal

MD5 fbcdd27e1a7ee3a7c40dee3ab679e310
SHA1 c044c10cfe5e25611a2355f17a44bbfd190b1a65
SHA256 48f1420881ea56abdd3ee26e12b18abb6182dd4b0aa64e9879fddb29cf0de971
SHA512 9b8bdf67ba3cd83d7c5396129c886013f834def52e28e5d31fd79c3ecd1f47111fe9d9057f07818f5c79789572da7eb8ef43f895d696f15cdd9b93cbe23ca2c2

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

MD5 c3db527cd1f616aa2994f315a11ed7d8
SHA1 4b346b3ea6396301119e9441469feb1a8112323a
SHA256 cead145121adf043450199025d9c1abe5fd5a4199fc9c228ec7082d644609c4b
SHA512 d703abf4bccc60dcd3063ffadbc7f8b606084b885b3f23769469e6c9921c5e4251226a4d6acfad7f1ca67ca6289ad9da51355c219d460bbf3cd1cac932b3d1cc

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-wal

MD5 1c64c50afb39a2d7722e794956f2b151
SHA1 1f13ee65578f7f3518ee896973cef9bbba459af1
SHA256 eac81edfda5eac1e344f2b6ade0a1ace0b946f369162dd387b377ba08250e965
SHA512 e85106c69421d01d811ab15a29fd01a6384554a2102468ead25ac538f02f4877dcaa670b336283ef14caf9b0bb6b2fffd4156c7f6e509a2d229d9fb45cbe9338

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-wal

MD5 b8bb56c8506bfac0883b9b58aa0e061e
SHA1 bfc79c13aa13f7c92411b32868178404d41e0bb6
SHA256 e46d3d30cc8c27fc6bc83a131e32451f3863fdcfd7108915ef40489e0b510cde
SHA512 613e04993de4410521050513892ba9fb0fa3e984693086a2ce6490bee68e3e22c6594f7cc548576925833e9953cc7da57aab81b95ac9179fc37b67a944c52872

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

MD5 263881084fad2ac11caa890204e24ada
SHA1 352f3781de3445470bf2e66eb94213ed0ae1e5f7
SHA256 1d945a448f0c6571b77b57353a77b6ba2d584384277230985872673c7af5a5c2
SHA512 913330957eb5dbf4becba8cbe518df7059af42dd02129b2f89d6dc798f6cb265917a412dd49bd2a9c86c4b90aa29d5a56d384a79734cca20092cc3d3bc6871a2

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-wal

MD5 608b4904c33bbcceb874ac799b1559bf
SHA1 ea626b048ca6d7cd9a081f441c0b57c879798956
SHA256 b30f9fdb87f0280e39c57aec4bdd06a35fad01f9fce110cca5ebc2a92e91df09
SHA512 4856cee51a826b9c700e8119627bbabd32a611eacffda2ed6f929a4b7d38557d8586a0d60b636b79a1e40d1cab0505a45e42da12d544ec49eefd73b01d34fd52

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

MD5 ed7e182776f839749460652476b9d15a
SHA1 afee06f30cca9b3e6819d663369df94092b567db
SHA256 02f2c092800307a2ae6ff8cb00a292765c2e5f883507424d6c01a916bc673905
SHA512 9d6d7b157389c0880a2a5dc3ea421081e19e41cc45518dc328c461004a319c8189d519e2c2a928694e095209e09f5a20e465889d2747a6ba6e64eb0d946482cf

/data/data/com.zeptolab.cuttheropexmas.google/databases/cookiedb-journal

MD5 f6567605cec789f9b807e0f1e727eb46
SHA1 dad1fe3c833a0f20ae1db50970c6e899859ea8b2
SHA256 af39a4e89b994a13dc72344bcd5c1313649b99a865c6add27ef695247ca06ce9
SHA512 4b21da694dfeb66f06e1063e64bbc2ad2706b956e5a1c6e760d770b33d8bec47accd11b6dbbcd9961e9ffa22274629c31480d887857f9e2efa35f6b5f60debdc

/data/data/com.zeptolab.cuttheropexmas.google/databases/cookiedb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.zeptolab.cuttheropexmas.google/databases/cookiedb-wal

MD5 af5b2982e4aa0792597a5e5e4987c628
SHA1 e3f052f764a065db76c4d0454a17a4dd4db3d503
SHA256 0a1107d7788800defb4879db85094d58eefc01635ed3dddfb57d38d22d8e3bc1
SHA512 666c4bc026c514a6aede8597afc12559e1036612a8575783fc77a3a0c3aa08acdc24cf55670859a4d4a31c6597a8aa23aaa0ce8b4dfba6b1ffbeab712d1ecbe0

/data/data/com.zeptolab.cuttheropexmas.google/app_cm/6963ee07b9d51cd6dc8067666f4ac3df84baf7ce

MD5 dfa09ecc373ece21fc1cd7384983e5b1
SHA1 22ad7aee4c24c4ce0a31ec29860147c8af791046
SHA256 904ab80cf7ccc560259393efaa4c75c82a57404b13b5cffa61e5dac295b2b153
SHA512 e09726c093a6744556fe7c66a4c284374a59b071166833c4828aed16346676174af9e8962093d429b1a2b73e1c1c4d3bb4ccb24000805f34711063761970721b

/data/data/com.zeptolab.cuttheropexmas.google/files/.flurryagent.432774b3

MD5 8063548b7e855c73fc45f8286b759470
SHA1 c5774a64dae3d3e0e4902d116ffad2944fd3b6aa
SHA256 03decc235e989b65369e569984d31ff81cd56506ff7183eb19b79b1bad294b8f
SHA512 554b67b95257a055ee21a28c0cc0a685c3bcf5b4b294f8c675acdc021d801bf9f49b4bb7c801eeb56193f76bc1cdece991d33b7abd8aa5fa3a543f57150dcbd6

/data/data/com.zeptolab.cuttheropexmas.google/files/.flurrydatasenderblock.f42680c2-acc8-40f1-af63-816f9b929d78

MD5 439f6d0b170933bbae271901dd8f0903
SHA1 377648ff48ddc7c924aa41669f5244b2a4031d39
SHA256 5e4aca4fe184f21577fdb6f52ed338b9bd7555c94b64763c973dc6b22bb604fd
SHA512 181adb419748521949e9c8bf8e4e2a600a41841e538690a1d7574da3f223fdb347e4dc601d5180efbab776d7e38c39ef0acacc03e43d8e77a5ea6767e495823e

/data/data/com.zeptolab.cuttheropexmas.google/files/.FlurrySenderIndex.info.Data_PHYYTKHDJHNTV9TCBZ9S_151

MD5 24dde9d0192c915ee0d5a3da4890b537
SHA1 0ecbee8edf7f54f56b2936f23d72f79c825e6cfc
SHA256 20cb3fed59ceef982296d9c21fc17f784de094fa561a220ddcc3f07d9b8f518f
SHA512 df43016d107a4e682ad85a45274931b5d24c7a62509765c4f34be1ed07e68a44433f72c49ae90e99aeba7e745447a67561f1c851eedc28664f0c42991126d312

/data/data/com.zeptolab.cuttheropexmas.google/files/.FlurrySenderIndex.info.Main

MD5 787cd6b90d3027909e6ee3046ec26ed3
SHA1 bf04997616b55408e8b398de69cb4daf3c405119
SHA256 fd2382fc946ca5ed140cd441ffeb28e83b55241adcb36b6dd2f00733430be99b
SHA512 4b8e8ec94f5433858998d6e3f3f512b488573186041d931c2ee2582e925b0a56b4f68656768a36934487017a9e08413eef4e7be7674cab1cc933f1ad92fc5eef

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-wal

MD5 e3d123d6800f757a942b885d9bb4565e
SHA1 17376abd907983bc406a0c28d76070dd6dcbcc81
SHA256 9696ed50269328220e0108e7333c5661775300a1cb4518728ca9e9c0f1256a7a
SHA512 3fb0995295c409785cb0e9b8ae4a1d1cb54a32f55cf63247609d4d68103f6e705072a83327290d8b0a12318a45372f89503a26278678dadf86d32421a3f634cd

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

MD5 99e0f73f5c6018bd59b767e4ad94d3ad
SHA1 179d263546932189659476b01efe8486a2868d71
SHA256 8c5285d8fcfc6a04e2c05cbc95e868bfac96a1fd1a918eaa205907b39948cfa3
SHA512 ac430b80ab4839ac0c8662d05db78cddfc253fe28d6d75ff1691e6077306cb55c818f98c5ac76caa85eccbf506b6bbd601dc16d643215b2882fdac1a8f7b9bca

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-wal

MD5 dc4941827a5e9f1871122031209dbc71
SHA1 638fb2864e8c4311c9470709ab2d8cc14d94116c
SHA256 620a64a6f8acc4112ae91e0b0102021c88ca308d28b2cc9e33bad49df366ea0c
SHA512 bfbd168bc4f242ca869b9014cf1d2b68025dee730d7f2d96e9130997bf9cb30d6f8880b7400789e7ec975458a1c4634303af23a799bf34bc936c613207137778

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

MD5 f66e02ce58ec80ec8f3acdc78ba503a2
SHA1 15e555402a4ba0abff6806844a5062da6d8a5e98
SHA256 ffaa910769e99f9e27758ea3ffd1ce20a09292a4ba16e59fb6e5531b7c990925
SHA512 a0c2def07caf9b4332ab420552f8c2e7b69888312331c20bb9b941b3a957ad09d1ed3c0e0a8b4c95fd44638d777066a527874348ec597f9749f1185df1a687b9

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-wal

MD5 ff806d887aa7a8341358a0f504103480
SHA1 a2985b0fdc4a18466c123c32680bab848e71fa1d
SHA256 609f88e30c8db931348a61156dbd104b97905fe251a013b4d45d229e7f72826c
SHA512 3c1577e45dbf190b07a49200045ae732f4be9f9c4df4752bedaa354942a8b9d1b89f48176f48f94c97a6e1e4cc6173888621011353ec7bbf2785d42c3a13decf

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

MD5 d377e35bd37c9f678b24c69dd87f6e55
SHA1 ebf0df38060dc375c784e9d3c7dd657e6f0cdead
SHA256 bb8927830e75b06eb0f4dbf141c34f22705d8a851ca6563449f0186acc0eb00c
SHA512 2cae17cf8b98ab3defa160621e755dd858149bed219071ebcfbe38fa4a5739a7b14287916264ec6e0825d8e696ff1475e744c141f05033694bcae29c1943090d

/data/data/com.zeptolab.cuttheropexmas.google/files/banner_config.xml

MD5 a09ed443c8c080df3c72d9de3da6cbe1
SHA1 70480bff14bbe2b172c570b968ffba40607d2de9
SHA256 7e805cc2bfefbc50df4ed95e7a2529d2d497fd27e2c4d3be0034f023cb97ff24
SHA512 aad4e574dab25013f0abf2c438c435b76167b59c8328b7e063be9fd8dc9b81a8ece6073a6ee35c29a1deae6bfb6ff25fb668701e6619d8a44016a06670df7f50

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 20:00

Reported

2024-06-14 20:03

Platform

android-x64-20240611.1-en

Max time kernel

64s

Max time network

150s

Command Line

com.zeptolab.cuttheropexmas.google

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.zeptolab.cuttheropexmas.google

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 installs.zeptodev.com udp
US 1.1.1.1:53 saturn.appads.com udp
US 1.1.1.1:53 api.vungle.com udp
US 44.210.57.23:80 api.vungle.com tcp
US 44.210.57.23:80 api.vungle.com tcp
US 1.1.1.1:53 saturn1.appads.com udp
US 1.1.1.1:53 saturn3.appads.com udp
US 1.1.1.1:53 saturn2.appads.com udp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.66:80 data.flurry.com tcp
US 1.1.1.1:53 titan.appads.com udp
US 1.1.1.1:53 bms.zeptolab.com udp
US 1.1.1.1:53 titan2.appads.com udp
NL 5.79.105.91:80 bms.zeptolab.com tcp
US 1.1.1.1:53 titan1.appads.com udp
US 1.1.1.1:53 titan3.appads.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
US 44.210.57.23:80 api.vungle.com tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.213.14:443 tcp
US 1.1.1.1:53 api.mixpanel.com udp
US 107.178.240.159:443 api.mixpanel.com tcp

Files

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-journal

MD5 e0ae7209f8a5dc1150ccead620b308a2
SHA1 96839a351aa20ca6148d385e656a35b67294b59a
SHA256 f4b3faa634c2f758f9050eba6743bc70f09d32605e543dd4e09b08ea9daaab8e
SHA512 180f7742e5cc14d462f2f16fd4b93c9d8bd6acbfe375f2af6cafebec7e158cac6fbc5cc42fe52429ab4cf260ff4d050a9b2b126c9095cc0936ccc8ad00511064

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

MD5 caf8df69768c07f3f50f95dad4e9d0d5
SHA1 2106296a9e84fdca64fc029f843b16328ef8299f
SHA256 a2392c518dcb8e1fcf487050bdf26b3011311dbd751bbb5aae25f980a75e4b92
SHA512 e902c31f14eb39421fa2f41d44c0a45a7733e5e81aaa720db0154f057f6c150c6d044c81b335fd6890e886a5bb29aa750d2d1448130bb63249952266696a4e78

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-journal

MD5 86d0e24e4420b09b75d94aee86a6047e
SHA1 14d7d7953637cb80fc833ef1d534a4d5b470d7f4
SHA256 62584b6fa6f04be169e32b6958620a3bc6840b6d2781b0b30357ff3b98705bc4
SHA512 d3c8051e624215aba8e8579b2605ebcf63ea9ea94387f655fa4a57d604cf642ff5dcb7006ae2cdafee4f7c9e4f3c4b1d4e5224e049ef89a64d4a7f0cfca74436

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-journal

MD5 09330fbcc10c6339ea468d76c5a8dd84
SHA1 49d2f9b8a50f279912bb6da794669c4a316ecd1e
SHA256 f0b77bb794d86807fb8de7dd178ac8e766118d8d5d43e420bb44a36cd76b94f4
SHA512 5ec0f3af25b5aeba8fc003cab5ad9afe8632e7ea0c3240590133f8b9aa96a96e4f7db788056b34a14651cc8a791e7a8146a797ee01410bcaf20d756eac907e5a

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-journal

MD5 fb82ac0fa12c56adb39c911154d976d3
SHA1 cf8da5965d8eddfe6582edb1e920292c245c86bd
SHA256 3413974d53792d5f90585e2729e5d7fef2039eb48883779d109a6ca6e96eb99d
SHA512 1c51506edffc84a8c0cd74e41d788ff8ecc38d684752afbf854c013413d88ebca3291cb33279f6873ad5509335da5c33e5cc7c59b63409a482869d479a735edb

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

MD5 0ec16a6d18bf40a9f517902830bd736b
SHA1 bff0e51e63e916520a570c92f45ce2a9a3b6f9b8
SHA256 da2d0f9aa4533cf9f16ea65fc06d39355dc25b6c8aa78d2a91a6f2119574f17b
SHA512 545da0eead7dc71187aaf5056503570303568680bfd50477f5e4e95e8effc4b9f452ec7bc7e4f6483d17dff4e9ee7052e00d4be63dde4cc3e0dcc98926e7d8b1

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-journal

MD5 920bee8c7318e45e29d0d309910bd939
SHA1 13d82b3573c594085b639e7b082645b4b99d2e45
SHA256 69b18ac5fd9454a868fe859110a49887e098cd250365f0a7773fa65391e2ede0
SHA512 33faa1a530a762c851be758e8d9b40c991522493724edf8f24f77c124839fac3f2832ccba5c1889fb26484673e2cb33d8d751dfee45a5e32a16bb18c8623acf0

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

MD5 3cb881ef9c5605c9d650adafb653d270
SHA1 0310927fc8efca65d6101fddb766a833bc136570
SHA256 432957b5f4285af4c9fc5f2af63a2749f9e40ab2761174e5d191a1ed9ab6422c
SHA512 f4879bf20ab86bb66cd393a170aaeff71c3977ee589b548aacaa755fc2bc30b014e02d8c9503fa85937defb0f5af89a5a595d81613aec62e8abb9a9517ad0718

/data/data/com.zeptolab.cuttheropexmas.google/databases/cookiedb-journal

MD5 a416a9948002b4000debe0d672b3fdd5
SHA1 254b625d16f26b3fa0e8984260043e6b9f7061f9
SHA256 25ecce833d3cdf80505b53f6a6130a5694e57e85ebec4c7724de0d8b540386f3
SHA512 7127c1d17ad4d290e950c6f192c64b1f4c3195c51331ad7e15904c6c3cc7094905c6b63f7930a4f3720cafea4b8f1ee0e0b781f803d57cda9bcc34bb8c8aea4a

/data/data/com.zeptolab.cuttheropexmas.google/databases/cookiedb

MD5 dd98426488eb9f3ce76c924d7de8ee11
SHA1 a2f3ac13b5eab543e12534a5c5244f2b9584988b
SHA256 90b522a094c0ff860e4f71b36103a5e33a912b1304832eefaa5b0685944fb92a
SHA512 744e3245702e5bc037f5f8ee4595dd20efa12c32b3f130fd25e3ad811735da79b07e6d406471d44e91e3f7f6e67847b36d4052a5747711eb24eaaa8e430ec656

/data/data/com.zeptolab.cuttheropexmas.google/databases/cookiedb-journal

MD5 c6fb9b30b365e00fe2e59eb556df2c5e
SHA1 638cae9cdb5a71cfb58f42255f5ec79d975f01c9
SHA256 e5f169865e7f0ddb835a991586c125f1dcdbc3691dc2f85bceada9f0f0966cf7
SHA512 086599930a38db0bd59039e8a3ad308a98c73ae3a473be8cfe352bf35f9be46018457cd6ed22c3e0143594ea1d52c010d6c54a188c36d8eb0db63cddccdc0639

/data/data/com.zeptolab.cuttheropexmas.google/databases/cookiedb-journal

MD5 41911b7d2e9e25051b9829939d47b4c7
SHA1 c8db2521cb5b174424c75338298abc5666b00572
SHA256 7705b9ffcd5b238a74521064eb20deae47796ec45b59d0ef4d7fbae0dc605c04
SHA512 38ca5f9fd5c5e959e96f9b235bc99f2b0bcbefe3d14ce5d2ae73096e2fb9d1b7c876aae76a8fa390ee6900c458683134139704598386773b38ca5009f3f7f387

/data/data/com.zeptolab.cuttheropexmas.google/app_cm/176e47f73a7c1af8e2e679e03856ceb1f0e5865a

MD5 76e144aac86c4e1e2334a7850613e80c
SHA1 bc1e2d7a5a1b4f2978c6534060991ed52fc11b12
SHA256 4207a947d667ea1d53bc0da01a0016dc122ca896e215a2972c1e08fa19d4900e
SHA512 99aa5c5b45b2ab2359253d56e6afdd7a9cc2e0a179e355712d2b3f8f244907fc70be9ac8ec02338de0c128f3f4939c35e84028c77837db51b63b8dfd67567377

/data/data/com.zeptolab.cuttheropexmas.google/files/.flurrydatasenderblock.0ea1b744-dbba-47ab-a005-cf11df7d4a9e

MD5 79ed5e566fc588e8871ffb2052c925ac
SHA1 1f135f59defffc34c359a838b751084440c367a2
SHA256 c7917f32e0a22e2cb2a4b07c157189fd1874e76a352f63758e8607bc056880e4
SHA512 db5e9ca73e3c71e335abfa3a8da012be340e57dfd0a99ea0c336e3c2778aa3795042a865224db861ba0d26eaf149fb2e3ab7abc7998982f46a825e7d1aaee4c0

/data/data/com.zeptolab.cuttheropexmas.google/files/.flurryagent.432774b3

MD5 4a1a27310b6bfe378131cad4d56412bc
SHA1 eb88b34a7be314b76d78576012d74e05bb043208
SHA256 eebe27d3777d4356fcda89958ca9f5f64304651a64001d25d119a1350796183f
SHA512 159cc3f0433c10ac81e5fd6639690db8a2bf24126cc3e1612b51ffe82cecaf571116b6ccb58bade5097207a2e6de7fed2725fcee77733515bd55800d4f68e15b

/data/data/com.zeptolab.cuttheropexmas.google/files/.FlurrySenderIndex.info.Data_PHYYTKHDJHNTV9TCBZ9S_151

MD5 f2fc11447baac900cd2a8b752c184c38
SHA1 af96b7a05be340626b89330bcdea11f3b04a907e
SHA256 6f37702cd79f6ef2a1f3848225433445d26ae490099d5e00a735a42e2930a133
SHA512 040e24d3488e6e368dc1719b0fe88e802b2fc4d4fd92d56ac2503562ecf554ebeda3ee53300d7d983e8838db434df0e1769f84ba14b83fd61a0de4b309719ca9

/data/data/com.zeptolab.cuttheropexmas.google/files/.FlurrySenderIndex.info.Main

MD5 787cd6b90d3027909e6ee3046ec26ed3
SHA1 bf04997616b55408e8b398de69cb4daf3c405119
SHA256 fd2382fc946ca5ed140cd441ffeb28e83b55241adcb36b6dd2f00733430be99b
SHA512 4b8e8ec94f5433858998d6e3f3f512b488573186041d931c2ee2582e925b0a56b4f68656768a36934487017a9e08413eef4e7be7674cab1cc933f1ad92fc5eef

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-journal

MD5 07527213c065c4fa29fff399c2206917
SHA1 4e4393fb45628754e3f34dfb446ab4dac05a0719
SHA256 0a6f4b6d92fb58294bbccebfe6e29f2aa796a966dfb0c373be53e7cfbc2423a2
SHA512 dc4a66a0b87634fdc0e447bed71f5e979fa19be108d08a170f540c8103d7ddd60e72bba36ac2e39b3788633b33edaaa850d451ccba0db611592bd58a4429df9b

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

MD5 f42bce7f3f57d5883d1b7a8d7cc430fb
SHA1 65025e580fa7a10e4f3f44b4f53d478c201b1750
SHA256 b7ef575142c643830bef799bdb78fe5145651eccb64ba6a499d6698d1ca352b9
SHA512 2713a4001be8a4d7d37e0b48aa03b5a30c180c30dbc3d51852f13e699ca9bd9ce9b36248bacaa12319dec69ed087eb42dc35b805ba5b37cec5b3a88c6acf2cad

/data/data/com.zeptolab.cuttheropexmas.google/files/banner_config.xml

MD5 a09ed443c8c080df3c72d9de3da6cbe1
SHA1 70480bff14bbe2b172c570b968ffba40607d2de9
SHA256 7e805cc2bfefbc50df4ed95e7a2529d2d497fd27e2c4d3be0034f023cb97ff24
SHA512 aad4e574dab25013f0abf2c438c435b76167b59c8328b7e063be9fd8dc9b81a8ece6073a6ee35c29a1deae6bfb6ff25fb668701e6619d8a44016a06670df7f50

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

MD5 83e1af1397111808e66eba9bb2639899
SHA1 39981aaf495881b51204f7073bfa435adf2e0130
SHA256 e92887eb7f6716ca3a9c7e0d52974aff57141ebeac9f7fa51575b039386ab8e3
SHA512 178f47dfc8c8748afb7d0f3ce133d4cb019b104e9f7616b8e4bbade9a16cfa75a48ba602ce050bb933d1832ac8349efac1bb4a78da3fb3f7ab19b80cccdd9d75

/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

MD5 2e1c75f4e1b347620bff0cfd903ba62b
SHA1 a53be390f20dd7ef641c3b7aa5bddf7266fe80e0
SHA256 18794171e3386fe99b58e0365c507516d5d5b80c845cc7699c4e1a20e2b6e3fc
SHA512 c257091be69440f16ebefcfbeb2d83f2d9fbcf325403392e015b76cfc6f6d8a1a961d9febbb29f338a639f2e39fb141c66a5464181411482f18c50bf9009ca7b

/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_25324871

MD5 b0e07fa0671cb9c1a18a62ff94f7d30c
SHA1 eb68ff6a338b60e4a74cd883b1ef206220c93200
SHA256 355dd1f580659a2ef986eaae38c6e4f4cc979e824604bcc188021e57a25241c2
SHA512 f8588d48d9f9057a369a933160876682d26ab07b993d5163834e7b288bceaa88fbb35c69086d63d122e1c91253c3ff229b944cb664ba562ee71a78d4166c4e01

/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_15279722

MD5 2789ad24458d5519742cc9cad3c979af
SHA1 1e34686b67700aa86561437bc9eec2dd8ed04563
SHA256 0f6bb083a11a3a165a827a9053ffb5ab907d9b87c92f80474f6f1bcffcfc94ac
SHA512 a8e4edc92d72098d08e4e850abc0943f3ae0c52d6f8aae9331610d021390df33d45408db154275a7295995264f48e13f1f3a798ba27f03f798c42868c0aad4f4

/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_16406134

MD5 1dc453fc29c2d73e4b041f9c7493be53
SHA1 bfe69b492721806acf25fa09aea4c2406b12d9a9
SHA256 7e8e14ffc09439229ff6db80bc71e30e4ab823f0bba98fef9d6016a4b54e7da5
SHA512 f98e2f3fc4002e3ad5bac0f2bfa14cb38f3b3576ea8dd3fc9673caff855520cce197c9651974c88e4d9cb05b40d8bc1cad116ed164e876482c59884187dced13

/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_103361

MD5 347db3043194e749e1b891eaa7d0241d
SHA1 5b368c1c14b987c0093371c5bec3d56a5f9f8cfe
SHA256 01eb67f42fb95c9b7271bb7730e886b3f025480726c7a4224048d67ed1845004
SHA512 05e25541bf4ed77317bf80e586051704b7996ecde716794d23cc6ed27ffc2f119c1cc94f8a8d14eae4527669e869c9e7a6f9af82de0c5361b4c9d5f08c89b3f0

/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_104423

MD5 f69f5a5cff47b631eb394b9269b45926
SHA1 6d5cf4432880d296cb58beb70dbfa7b4436baea7
SHA256 142a919b4b52b4521d5426f0747f9f2aaca01b9cc411ecbcc5a5eb2ee4dd2626
SHA512 adea76e58b365e4a25e93515f4079b530de4fdf07b03fa577483474a72a2a156f5911bfceed35748cad7ea34826759d34603ea2ac04be13291a9488bcfcca57f

/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_104369

MD5 08033c009d8db602bc999fe5d1066862
SHA1 62b25759b08495cacb61e25b3c825df045d5c8b9
SHA256 24693554f54740eb90070cc049744261f30820893ef7da7473e0bdb872530a5c
SHA512 fb45b23071ad3d4067671d2d096389330f9bd99eef3d861b55528e1e7f5373766c0dca8328606a0c0ac6fb1e32abe4707e832756ed6af043114d1cf6f7641959

/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_103241

MD5 853f6bf0517da2f24cd42f194827b03f
SHA1 597bb233a1d5b50b029e82280c37a6eb3ce1ad32
SHA256 d793ef0f402839d2e8d95abd0e6ff6eb5f1826804f4370ac69faaa20f9bd4336
SHA512 c7f3b933a760daa824ae65c6af961677f73316dabfe8cc3affb3334aeaeae71d2398900f255a421d15fc3f74ece5a11a565a8fbeb83020ba606caf45041985f2

/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_103311

MD5 da47bb9ece634b4dbacf44d01aa5427e
SHA1 03f4144027b17cabb49702d4851161667ee3bdee
SHA256 2ec51bdccbe16958252ab8a8fc912f323033e981f7f553b6eda8f361145356a2
SHA512 92bedc537c001e8880bd9356138f766060fefb5572182847eda0b14ef150a539e54c617b6987137a39312f11c4ba6d700036337f69c326a8800e318599aafd87