Malware Analysis Report

2024-09-09 16:01

Sample ID 240615-hgvhss1erg
Target ad3549428f982733f6cda941f9168d32_JaffaCakes118
SHA256 f2246526f002e68a7672a2730dcce54b41fe604512054ff18f83cd5fabcc84b4
Tags
banker collection credential_access discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f2246526f002e68a7672a2730dcce54b41fe604512054ff18f83cd5fabcc84b4

Threat Level: Likely malicious

The file ad3549428f982733f6cda941f9168d32_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection credential_access discovery evasion impact persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Obtains sensitive information copied to the device clipboard

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Queries information about active data network

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 06:42

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-15 06:42

Reported

2024-06-15 06:46

Platform

android-x64-arm64-20240611.1-en

Max time kernel

99s

Max time network

132s

Command Line

com.tw_words300mrib

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tw_words300mrib/cache/1582435991586.jar N/A N/A
N/A [anon:dalvik-classes.dex extracted in memory from /data/user_de/0/com.google.android.gms/app_chimera/m/00000000/AdsDynamite.apk] N/A N/A
N/A /data/user/0/com.tw_words300mrib/files/coma.sdjfoa.sdfjaios.wcsywc.jar N/A N/A
N/A /data/user/0/com.tw_words300mrib/files/1718433815660b.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tw_words300mrib

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 hi.bi.hbjnt.cn udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp

Files

/data/user/0/com.tw_words300mrib/databases/guest.db-journal

MD5 e57f389272f892731b4ab45e4b7eb3b6
SHA1 c25d00a317160409b53cddfa0c523443bd2477d2
SHA256 64464e5053a3a8f548e5a7bd9e4afcc7710df48df9369de80af5d55b87291723
SHA512 e45387e22ce5a8f8e6be9b1fc73e496e858b1baeb0ddafe58f26e3f8ee89aba41e6be085c23c13048826ec298bca765e9f46ccd987f973930efcc0cbd4bf32e3

/data/user/0/com.tw_words300mrib/databases/guest.db

MD5 b2322d65a319b055e0c219703fadfc7c
SHA1 630e25120adb2ce272e6ae2ab29fd1acd95c7d1f
SHA256 3c9d3d8ed7c0c14aef4ef5c100723847db20786ea283a268410900bc6e2a22aa
SHA512 cfb834db05bec1e8b9adcbff4a3e29fe1081cab8559da30b5d8005189dccb70232eb7fac89bd81085ba60e5875adddf3d40aff398e652bab67431a280ae4f522

/data/user/0/com.tw_words300mrib/databases/guest.db-journal

MD5 565f78e45b268d4c4dbeea79cbff4b9e
SHA1 b347fb2cc7e5f7d4831663ba27b6b2738c75ebe3
SHA256 36fa62af914a1b96086a4256aa49effb08b73617de987111225c01b2b2a2f1dd
SHA512 5b2fbd61daa289e79baf5dd59f1eaab5a3b12c55b13aa46d984451ea29ed1b7ead6c55bfaa80de31a5f6d1e52b9b73e1ec2d10e2d40ca53017bc5c88028f3d73

/data/user/0/com.tw_words300mrib/databases/guest.db-journal

MD5 18468c328005af7a9d77d1a1fec77043
SHA1 8cc1446357a930a83e7ca371a26420f9704d9b51
SHA256 f66f5d94d4f4344dd4de1f018fd181399fca7b976763c177b7d1c71b4b087655
SHA512 4239bf8e26aace3018013f8494b58ab48d82276358253c34645834ea51ac12eb5898b1f6034918ecf3cd8de4e72817ce449bdb3b412bd82c6330dc25abfec31a

/data/user/0/com.tw_words300mrib/databases/guest.db-journal

MD5 94332873ad8b4d3a6756f37b36b024b5
SHA1 d005eba241d483b0df735836eae403febede5140
SHA256 eb4e9ad227c84d36af892ca34e7d90aa4829915c6489d667c288271a9021858a
SHA512 ca6a05e23626dc772226687baa6f4b41c141d05ded935f9508d01b86861b7e072ffd8592c03f469ed41367e26f8c105eb79415e913b2bb6f6958607bb0357d9b

/data/user/0/com.tw_words300mrib/databases/guest.db-journal

MD5 ca3543aadebc3fc87547de32542a7bd6
SHA1 501591d05f9367ad4e54e9d3147dbfec99a2ce47
SHA256 ba1e3b8da0fd842551feba7540a9517babc9f0c322a0a0fcc7835fc9a5493590
SHA512 58b81a645526b26b8961bd9efc068b68f58968d21ddd686aa2ebf3e5b6b486cd9ceaf59b017a4dba8252b93e235214f31e6ba18a77a4ad86c9bca357ae87d749

/data/user/0/com.tw_words300mrib/databases/guest.db-journal

MD5 5050fb36ddf80c82d90c8d5825e48208
SHA1 abbbfcc46fc08b7e3673fbd026a0d9418f520194
SHA256 e14ebbcfb6a892e2d5676aafd2eb3e488d97d2ef2085eefa3a637b52a58148f3
SHA512 5450024387ae093aab5e8d736571fbcb6f3ffbe7627266a0a11d752636cf4d2198861299dd769dc8c727802e062ec1d01eddf7dba83de25cf2a102314d6f4cf4

/data/user/0/com.tw_words300mrib/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.tw_words300mrib/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

[anon:dalvik-classes.dex extracted in memory from /data/user_de/0/com.google.android.gms/app_chimera/m/00000000/AdsDynamite.apk]

MD5 22f5f412be1e027b1b27130f2e5b150a
SHA1 77d3872dc8d055c0bd8513d5374f5cc5b70f57b0
SHA256 7e6ef684cac56dcd6ac78ac8b297af364d050bf2513e22c9cae71ce083a8bd5e
SHA512 6c82f6ecffd3cc5820bf30b71d5bb766f5d46ceb4bbfdce261e52c5480952653bd0b551627e5a434f6866f07b85b14ab3bfe4875532528433eca0b2dc56c42eb

/data/user/0/com.tw_words300mrib/files/coma.sdjfoa.sdfjaios.wcsywc.jar

MD5 0b9415889afc67442b2475098f2226eb
SHA1 27057c7f324f2b748a1721c4e964a8a516e1a73e
SHA256 05ea8fae2e5a47d5795398d9957cdb8fd4b43bfef06a32acac5433d7ad3fee6f
SHA512 08cedb67b73086aa372550fdb1d7a797c9cd10b2bbda203d89fde069151dfb323f7322ae07cb9d9580bdc96e268b1b576cdd30e381b296970a0a67aaa9412694

/data/user/0/com.tw_words300mrib/files/coma.sdjfoa.sdfjaios.wcsywc.jar

MD5 eba5fb8f2d4071032981ea1dd2273500
SHA1 637a909485112e2cb5346f74af9fe408f4e68879
SHA256 443757fb1f99e50f0e7f575c42a43482477d8a23853ce42ed3b1e092752e6c82
SHA512 75d45bd8c4892fc26287ca6294e9cd29a4576091d2040feb2ae21be99d1ebc6f72812a513642450fad581e50d7d46d80831ebc4008f3bf199a1b45fcf96632ad

/data/user/0/com.tw_words300mrib/files/1718433815660b.jar

MD5 7b0966b78cae7137c0b71a62c774464c
SHA1 4f59edd544097834555f7c576f8529a67fac2e34
SHA256 bb3f843f2f36340d0f98d78de1feaad6d5592963e85c712e93b127ab09b7712a
SHA512 2449bbb5817e8a1c87e3f52cc18669923c7ebaec7cf39dccb6c193ac0d54202219cf4839946a836e7d534650b97ba0b84bdcbb375fdafe9269e3236e1b8c4c12

/data/user/0/com.tw_words300mrib/files/1718433815660b.jar

MD5 dbe519e58153cf7c17d2d8ca27cb84bb
SHA1 3c14c5be0839a49809abdd37f265cb43f3b2ba54
SHA256 595a8774153c52517d7ae99b43f48fb2a2d5299648cf2e7b73b0be5a842d41e5
SHA512 2418edccb2debf1facca88ed2f2845f33e1efb0d907e37b697b61594b9039303761f3274e78c1bcb0b8bfae49333e72546c54faf68fe016283768823816988e1

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 06:42

Reported

2024-06-15 06:46

Platform

android-x86-arm-20240611.1-en

Max time kernel

49s

Max time network

169s

Command Line

com.tw_words300mrib

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tw_words300mrib/cache/1582435991586.jar N/A N/A
N/A /data/user/0/com.tw_words300mrib/files/coma.sdjfoa.sdfjaios.wcsywc.jar N/A N/A
N/A /data/user/0/com.tw_words300mrib/files/1718433816650b.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tw_words300mrib

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 hi.bi.hbjnt.cn udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp

Files

/data/data/com.tw_words300mrib/databases/guest.db-journal

MD5 63abab2af3d8b06f9fc575353804218b
SHA1 6613d36a75f8f620a15a3e3789c3fffeb3c80ba2
SHA256 027c75482441a905e551592eca65d9d7579de1181136bdc2e23d83392165c2c7
SHA512 570fc689a0f70d1a70938c5ffe6801070f6842d6c1025b7b5cff5b7ad3d95ea26df37264e972a21af133f00366b7e7c535bb457a3c6b555f67c424b6d7e5402a

/data/data/com.tw_words300mrib/databases/guest.db

MD5 4330812459b53e9dc05d15829fec99c2
SHA1 f0abe6b9296ef96969a1f20b023fd43816e6d779
SHA256 f3cb3793de5322440e5fd38e29f0130d8aa9c4c21ca7346bc3a11cc9488569c1
SHA512 2b61e975f9a2f91e609a02c0e4cb8e16aace7cd044b6766bcc10b781fe8951faabb7379d40b4059948d6d3c4fb23a530f54816809b82c0cb8078706e5690c6a6

/data/data/com.tw_words300mrib/databases/guest.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tw_words300mrib/databases/guest.db-wal

MD5 944d8528e4791f232df28a1ab8744453
SHA1 92c2c16cf3f5da66c047556adb47013a0a48efde
SHA256 545e39ea451126945de9ad31b8f87732b3ea9df404858f560a8ebf347beed8c5
SHA512 a1a5bfcfd562534e87cc323736ac61a173b9fa8cbe236c7a8e04f772c31f271bb3e6469f49ae4175dba272ca725fa36dedfe4bedff43e02365085242d46406cd

/data/data/com.tw_words300mrib/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.tw_words300mrib/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/com.tw_words300mrib/files/coma.sdjfoa.sdfjaios.wcsywc.jar

MD5 0b9415889afc67442b2475098f2226eb
SHA1 27057c7f324f2b748a1721c4e964a8a516e1a73e
SHA256 05ea8fae2e5a47d5795398d9957cdb8fd4b43bfef06a32acac5433d7ad3fee6f
SHA512 08cedb67b73086aa372550fdb1d7a797c9cd10b2bbda203d89fde069151dfb323f7322ae07cb9d9580bdc96e268b1b576cdd30e381b296970a0a67aaa9412694

/data/user/0/com.tw_words300mrib/files/coma.sdjfoa.sdfjaios.wcsywc.jar

MD5 eba5fb8f2d4071032981ea1dd2273500
SHA1 637a909485112e2cb5346f74af9fe408f4e68879
SHA256 443757fb1f99e50f0e7f575c42a43482477d8a23853ce42ed3b1e092752e6c82
SHA512 75d45bd8c4892fc26287ca6294e9cd29a4576091d2040feb2ae21be99d1ebc6f72812a513642450fad581e50d7d46d80831ebc4008f3bf199a1b45fcf96632ad

/data/data/com.tw_words300mrib/files/1718433816650b.jar

MD5 7b0966b78cae7137c0b71a62c774464c
SHA1 4f59edd544097834555f7c576f8529a67fac2e34
SHA256 bb3f843f2f36340d0f98d78de1feaad6d5592963e85c712e93b127ab09b7712a
SHA512 2449bbb5817e8a1c87e3f52cc18669923c7ebaec7cf39dccb6c193ac0d54202219cf4839946a836e7d534650b97ba0b84bdcbb375fdafe9269e3236e1b8c4c12

/data/user/0/com.tw_words300mrib/files/1718433816650b.jar

MD5 dbe519e58153cf7c17d2d8ca27cb84bb
SHA1 3c14c5be0839a49809abdd37f265cb43f3b2ba54
SHA256 595a8774153c52517d7ae99b43f48fb2a2d5299648cf2e7b73b0be5a842d41e5
SHA512 2418edccb2debf1facca88ed2f2845f33e1efb0d907e37b697b61594b9039303761f3274e78c1bcb0b8bfae49333e72546c54faf68fe016283768823816988e1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 06:42

Reported

2024-06-15 06:46

Platform

android-x64-20240611.1-en

Max time kernel

49s

Max time network

148s

Command Line

com.tw_words300mrib

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tw_words300mrib/cache/1582435991586.jar N/A N/A
N/A /data/user/0/com.tw_words300mrib/files/coma.sdjfoa.sdfjaios.wcsywc.jar N/A N/A
N/A /data/user/0/com.tw_words300mrib/files/1718433815129b.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tw_words300mrib

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 hi.bi.hbjnt.cn udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.200.46:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.200.46:443 tcp

Files

/data/data/com.tw_words300mrib/databases/guest.db-journal

MD5 15400be804b16e59aad0c39965534b81
SHA1 2a0351c58db4b6635857c9d6d3912f3ca9479e0d
SHA256 5d5f07474dce41cd9ab8e822c2f0e82647986eca486d8e2093c8f571cccdb3dd
SHA512 dbcca25674d59b712c2f948984668f815b474e397279c520dfa37d606f9dd62b0957a8cf38f93563a0e990e2774bd2ec67e4907098d815b3af9f2bcc4bf05527

/data/data/com.tw_words300mrib/databases/guest.db

MD5 1207198661b2a8b746fd277a86bfe74e
SHA1 e6ce5cf8b5aa942073239ae4959f06b5788f5bd1
SHA256 f3e129f4eb449fa6c1e1b5a3f38a3b19da8bedd4ac95da2b45e0d303e2126f8e
SHA512 8896c172d279cc6176e5d53b47bf944820408cbc169fd63f3e58de4ebbf6be645c89b87e51105d2a569e14a957cf8ff0bdd32122bcc3f577cb7e25bf9fd2e769

/data/data/com.tw_words300mrib/databases/guest.db-journal

MD5 e46b088eaf9e9db7260f5aadfc3e28a6
SHA1 1f80e34768a2f7cf42120770ec33b3f512d6fe04
SHA256 afe7046a1a54a48e1d44db3ae0f0bb22f7ac4dc8b0727e4820082b2559768c02
SHA512 80a6ab231b4a1b2bf47c4a8bc22feb9e378f4170df1b8513fab6a6ce286fe31e4fb311536ed3bcf44e7484225920fa344c2c9e7f4571b716ca70a7ad2ad6e15a

/data/data/com.tw_words300mrib/databases/guest.db-journal

MD5 5907e9e32c18b4deadcac90c5eabc57d
SHA1 d3709e1567a8464adc0830e5555e3fbb8321a23a
SHA256 e693416310620ba827d320c90ff52f2624e3f4aab313261182f8d9644244f3e5
SHA512 f1fc4b38b6a2a14e5ec1b30bf7e1abb71be38d1a149b0bcf9c624bc7ca454ed02e4b40a0d76daa280519a17a38279038a279d221b20b155feed8faf5d0ae9ac0

/data/data/com.tw_words300mrib/databases/guest.db-journal

MD5 922ab343fd00d777eab663e0fddf6c83
SHA1 3683e9fc29188cd2bb73a3552cda407c07c4cbd6
SHA256 3ad274488b3fe4cd75fa7f38ea238b06530a8b4fb4ecdeed33ff978c8b2418b1
SHA512 1cd02ec66070bda07ff228ef6d69e092a6ca386d0adb0fb96985127600ad1609c79bb4cf3ae9f375a0653bb38a98d0bfb68462fdb653977f6fab5577b24b5087

/data/data/com.tw_words300mrib/databases/guest.db-journal

MD5 19e8c1e81c483a017da95d582280288d
SHA1 ab7aad2339ef8dc4ad913dad89d339bbd360e593
SHA256 9b8211155165ac26ea7a95ece65788ea4f19852bddd5404727215615b4d7397d
SHA512 cb5d5f6be9db82db3da72bdd66cbb31f07628e8a12869a82947287804460ccc6f84cdd163dfff1715ef1caa6d5579c69c2938569b8ebe8ee240962c61b3f85f4

/data/data/com.tw_words300mrib/databases/guest.db-journal

MD5 15d35416ec3e6063acadd6868e021d22
SHA1 faf2b4193611ab29b93ae5bd492257e32bde115f
SHA256 467e29e9d05a3a3102401fdf9725a4f443ffd0d0d48e10a63937dda804d30ac4
SHA512 fa1738e1fd56c735f0a5e0cfdf962d584fed061b9ff7d10c219dd94a0a6d19a1133fb80d9f2d93feba77f84973b9dd5a9c8160396c59259672fdad79a064acaa

/data/data/com.tw_words300mrib/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.tw_words300mrib/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/com.tw_words300mrib/files/coma.sdjfoa.sdfjaios.wcsywc.jar

MD5 0b9415889afc67442b2475098f2226eb
SHA1 27057c7f324f2b748a1721c4e964a8a516e1a73e
SHA256 05ea8fae2e5a47d5795398d9957cdb8fd4b43bfef06a32acac5433d7ad3fee6f
SHA512 08cedb67b73086aa372550fdb1d7a797c9cd10b2bbda203d89fde069151dfb323f7322ae07cb9d9580bdc96e268b1b576cdd30e381b296970a0a67aaa9412694

/data/user/0/com.tw_words300mrib/files/coma.sdjfoa.sdfjaios.wcsywc.jar

MD5 eba5fb8f2d4071032981ea1dd2273500
SHA1 637a909485112e2cb5346f74af9fe408f4e68879
SHA256 443757fb1f99e50f0e7f575c42a43482477d8a23853ce42ed3b1e092752e6c82
SHA512 75d45bd8c4892fc26287ca6294e9cd29a4576091d2040feb2ae21be99d1ebc6f72812a513642450fad581e50d7d46d80831ebc4008f3bf199a1b45fcf96632ad

/data/data/com.tw_words300mrib/files/1718433815129b.jar

MD5 7b0966b78cae7137c0b71a62c774464c
SHA1 4f59edd544097834555f7c576f8529a67fac2e34
SHA256 bb3f843f2f36340d0f98d78de1feaad6d5592963e85c712e93b127ab09b7712a
SHA512 2449bbb5817e8a1c87e3f52cc18669923c7ebaec7cf39dccb6c193ac0d54202219cf4839946a836e7d534650b97ba0b84bdcbb375fdafe9269e3236e1b8c4c12

/data/user/0/com.tw_words300mrib/files/1718433815129b.jar

MD5 dbe519e58153cf7c17d2d8ca27cb84bb
SHA1 3c14c5be0839a49809abdd37f265cb43f3b2ba54
SHA256 595a8774153c52517d7ae99b43f48fb2a2d5299648cf2e7b73b0be5a842d41e5
SHA512 2418edccb2debf1facca88ed2f2845f33e1efb0d907e37b697b61594b9039303761f3274e78c1bcb0b8bfae49333e72546c54faf68fe016283768823816988e1