4c8f2bd3a3d108d158e0ec8862b21404fc616d3d8ad0e5f8bf560089254a67c1

Analysis

max time kernel
128s
max time network
180s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
15-05-2024 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c8f2bd3a3d108d158e0ec8862b21404fc616d3d8ad0e5f8bf560089254a67c1.apk
Size

13.4MB
MD5

4828525495a571ba65feb6b0d941f42a
SHA1

5ffe68c387293380c776ded8003d7edb0457ee6b
SHA256

4c8f2bd3a3d108d158e0ec8862b21404fc616d3d8ad0e5f8bf560089254a67c1
SHA512

ef53ed394f91fda4e13b00b6ff52346be6f861fe1764784a6b03a9216936f522431c4b111294eecb998d99279fdc64a9d060ed564f467a9d2a26a9a6868922e9
SSDEEP

393216:GX6TlNm+RP+4KPN9aJIn8DeRBeVLYX9wE2G5WtL:u6Tlt+fmg79wo5i

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

Processes:

cn.win888.banying.dpl

ioc	Process
/system/app/Superuser.apk	cn.win888.banying.dpl

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

Processes:

cn.win888.banying.dpl

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	cn.win888.banying.dpl
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	cn.win888.banying.dpl

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

cn.win888.banying.dpl

description	ioc	Process
File opened for read	/proc/cpuinfo	cn.win888.banying.dpl

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

cn.win888.banying.dpl

description	ioc	Process
File opened for read	/proc/meminfo	cn.win888.banying.dpl

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

cn.win888.banying.dpl

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.win888.banying.dpl

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

cn.win888.banying.dpl

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.win888.banying.dpl

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

cn.win888.banying.dpl

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	cn.win888.banying.dpl

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

cn.win888.banying.dpl

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.win888.banying.dpl

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

cn.win888.banying.dpl

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.win888.banying.dpl

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

cn.win888.banying.dpl

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.win888.banying.dpl

cn.win888.banying.dpl
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4291
- /system/bin/sh -c getprop
  2⤵
  PID:4329
- getprop
  2⤵
  PID:4329

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.win888.banying.dpl/app_crashrecord/1004

Filesize
230B

MD5
0a9475924be0bc9984958731030c5f14

SHA1
fb0b20d7aef367073c9f9029845403a5f5eceb5b

SHA256
60da2a3579b85075368b1a338fdc3fda640df18addb98df6a6b2c5b39e8818f1

SHA512
224830ac525d2b61c927c3b807e561c6e672fa6f74aa9e032e98e631389f878ce3d337328b5ff0d3565f2240eed6dba8d3b4c760be9f80c5549dae599d8ce786

Download Submit
/data/data/cn.win888.banying.dpl/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/cn.win888.banying.dpl/databases/.ua/ua.db

Filesize
32KB

MD5
d15a86a43d5208b5fd193eb203baf357

SHA1
0528e8c559e904e0cd510030508e6381c9220024

SHA256
f63391bd031d29500995ec0d687d0d9926ece255db16dcb6b4ff79508558069c

SHA512
d36277e0c602800cf8196c6539ce1e383cde2acf9b28939085383f7bd139f051e9400b1a08450956d2829a8563fd0421251eaa377d841cf73f3c6acda70b1784

Download Submit
/data/data/cn.win888.banying.dpl/databases/.ua/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/cn.win888.banying.dpl/databases/.ua/ua.db-journal

Filesize
512B

MD5
caa8a0b50d3a01f8669075de0db779f9

SHA1
c151db38e984d0bf0f3c65d82414eaba0b966d0d

SHA256
82ccda9e21e8f0185d8204238164f52bfbe03e4676c9b79fccad5519386f945f

SHA512
c148a262af372a2dc17c6dad3aaf98fa0650ecdac24db7ee1351030d193f5674c778f39658a6ffa72fc7ccdafdc9b565089e4eeb85c18ee7ba198a67137c10ce

Download Submit
/data/data/cn.win888.banying.dpl/databases/.ua/ua.db-wal

Filesize
56KB

MD5
beab2107e38e7f662c5eac92bb2cd77e

SHA1
5b743775d138a36ad8f799b108810826fff06672

SHA256
01e82fbdf097238bb52f653afe2c277f5a3ff72f2cdcde3c9119015d92ad5e1e

SHA512
f3e00774be0d2563739657244604bfc948d57753241d8ca940275f88730eb8bdd422f5b7f3f8d35cbf076ae08f6df4b6579b747194228a457b0fdd4e7486cba6

Download Submit
/data/data/cn.win888.banying.dpl/databases/.ua/ua.db-wal

Filesize
8KB

MD5
7807b1d01d2a1a9c80bae1128b73cca0

SHA1
bd8f6bbfea12443528611d97b2820846f36d8eff

SHA256
2d72d6daf9d78e914be46edd9577908cb2f3166c3f513d8cc0698f350d8d2dd8

SHA512
715bef4515ff7224b137a770a9a6b426d036e9873e8bca94c4c61b043ba65410111d764e907bfe8951eb70e2dd82e4314bf90d4026cad0a204755a29c84461c0

Download Submit
/data/data/cn.win888.banying.dpl/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/cn.win888.banying.dpl/databases/bugly_db_-journal

Filesize
512B

MD5
7db777169ca7997de09b709e6cd8308a

SHA1
f125d0464a122ad9b7d73f23b43f48d7c04cdd0c

SHA256
f8f7c28cae41ca95ef34dedb2898fe38bd4dbf9aedb748ffdeaf77e91ed31806

SHA512
e9c067f416055c774fe7b7b6e6c82ea5427768d78080dc4cea98d18d9b2695a3a7a6ae0b784c80ed9caf96b96c25ec73cbac73222fd03f23b6d772dee2565ee4

Download Submit
/data/data/cn.win888.banying.dpl/databases/bugly_db_-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/cn.win888.banying.dpl/databases/bugly_db_-wal

Filesize
72KB

MD5
87ff6b67e5ed53dbed1968c3ee45442d

SHA1
d8213c59f61d14b3aa87c124e13ece47808b71d0

SHA256
4a72139aaeaa364990a9f06a8a51d7f4ef733b0f0ef0dfcbeeb1db1b13ba5a75

SHA512
f179c99e79ff2e302fc5231177f76f0266b0ededb93a9a8aeceb9c7ca7d967c55dce339b5facda86ee55942d2bad53307916a857dd7d3ec1689b492bddb408cf

Download Submit
/data/data/cn.win888.banying.dpl/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/cn.win888.banying.dpl/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/cn.win888.banying.dpl/databases/cc/cc.db-journal

Filesize
512B

MD5
cc0ea10030072d0811b4645726fe6d25

SHA1
41a9714030fa2f5d58498dfd4526ee705e3d28ff

SHA256
6be4b1078b0c2b9c40d08451ca9ab12366cbd65f4cf6e9295630c65d390e676b

SHA512
3b58b0c1f84d9ee2ebb11e0a3d204e698e1d9c35e3fb75cdfd3c06ba869668ec3f85dcedf5c1cb04e6aabf1050f0ec85ca4b78a1ba9042e0c64b2cf7dbd0dda1

Download Submit
/data/data/cn.win888.banying.dpl/databases/cc/cc.db-wal

Filesize
48KB

MD5
8426ef07910f157f09989fa1676ac1d4

SHA1
5131feae996562b14e703c54278216eaa42e2e32

SHA256
d8f35d23b493487e91811b9812f10f3e78d883a332e2da7a175eaa90468775b7

SHA512
c8efb7bcff2ce318eb5d0f60a6aebd09a643a41f6e68ac0bc1766ff133931593efdf93f77e41721c10aaf1118d337243bcdb850d02a6cd0ce2a7255ed0e0ceec

Download Submit
/data/data/cn.win888.banying.dpl/databases/cc/cc.db-wal

Filesize
16KB

MD5
0cee4d2f1b32589bf2a12a02101ccd8c

SHA1
57785f42185afe5a65e47c7b0b8b0601e7550f52

SHA256
fbb1480470b7a17dbe68bdde9570a17960f8ff664f958a43df4ad6f5a47f919c

SHA512
d855dc3a02fb2eeef4335f42db7f0bcd4677d70fa80116e298fd90ffc3f536d19695f3c20e39378cce7a5745b583dc1476b39f7f9cc2e0657f08a883eb21bf38

Download Submit
/data/data/cn.win888.banying.dpl/databases/cn.win888.banying.dpl

Filesize
24KB

MD5
a90917faaaf6023b7d8b423917004b27

SHA1
644494666d8a90a0c5f604e6af0b0d073b8b00ce

SHA256
6b7e805f69ec47f918f3987b6f4d66e40dc7946d7358a89498a24641361ef942

SHA512
568a91fb5c7ea60993f206aa7dadba034b576b2cfc847379b083c24694e7fe770462b556b2c50fc068b6e6ddd9fdf755c24e4f128dc1da4a84228f770e59c843

Download Submit
/data/data/cn.win888.banying.dpl/databases/cn.win888.banying.dpl

Filesize
24KB

MD5
bfc9fc94896ceae5ee5411efaa487c4b

SHA1
040faf95fa6ce1e56c25d6764d153d5aef7c78ae

SHA256
5bc5c771d5a56596700d6a9949cf95cd5895c78c56dea378d40576fea61feb41

SHA512
55d9d5e7b3d66e1238024b16bb3d2daad5d8b1e10fa171caada70660c9f995a29208ced528dab34e86ebbcd7f81feadb1af87c30e34847da7d05f9f6e731cefd

Download Submit
/data/data/cn.win888.banying.dpl/databases/cn.win888.banying.dpl

Filesize
24KB

MD5
f88f119c485a5161e2cdafd3a4d323d0

SHA1
dd0f897f332775383301c02c780cdd1dee2fcde7

SHA256
7e268c8cc903b5c02b5c49346ef897eef3d361a8f5d1ad50ae9079bca2bbb856

SHA512
db58dda289cdc862a4e677d997efc5dfd7bd5dfba5323f5cd1f34806a0b177c4a71afd61658084db9124f9416c01f34e0a4a68fc9070cb4fef6c9ec7619fa164

Download Submit
/data/data/cn.win888.banying.dpl/databases/cn.win888.banying.dpl

Filesize
24KB

MD5
724ffe4b07a7bdb990a4f6bd05416be7

SHA1
f753d5b3e59ae1fc65993c1ecba21d3efd5ea1d9

SHA256
8e801108a4505e9fba1be380a33e05ba2117343341a838cc2c3d0bd5a56afec4

SHA512
730cf6ad8f761d68b4c1dfb29fe9674ff4b7b32d1aff6359b09a0975f2496aa172c242251de954e9dc66dc852a2ae15b1adba6dba7b741cdfc10d9afb06a9b98

Download Submit
/data/data/cn.win888.banying.dpl/databases/cn.win888.banying.dpl-journal

Filesize
512B

MD5
40bc0cce5ec370a827d96d8002b380c0

SHA1
64b0c70dcbc2ad3eba626cce815462da4cfc425b

SHA256
9aa069d32806fa5e003e5a306b1b19845da7d0bb5701ab1a60b6109ad7250572

SHA512
5de6237196f83c01844f66d62526e829a4dc1fe0b7889b62799eab78feff9799ad5216e52f765e918ac8d7f4a66d7a155ab74fb8ee81ccd9d8c6b963d38dedba

Download Submit
/data/data/cn.win888.banying.dpl/databases/cn.win888.banying.dpl-wal

Filesize
48KB

MD5
3b794514a88f699612950375e2b09d84

SHA1
be64e6fbbebe6d7d0d1669abb1d5a81384d0e92b

SHA256
9261d12918684e9cd7a315cfa943ca24a414b5e744f8f4c4139748d302d9f02a

SHA512
b774f636310737c5e6ccf062b694be58bc6a2ec02dfa0492152419bbf0f9726a06af6efbda361b264c8310b6b4276a83f37fa26f64a022a038a4ca6c38f07cf8

Download Submit
/data/data/cn.win888.banying.dpl/databases/cn.win888.banying.dpl-wal

Filesize
12KB

MD5
546dcb93aa552a141d886b78e8e86d52

SHA1
775cc2607668cee878422219880510d9ba13323b

SHA256
782ce88e8f7175eee635814c65cfee9426cee51dfea997761208151359ed400b

SHA512
b6881d2eac3a8f558ff15d67759f3e807ce3f040c0272d0540bef56cb8e6230377e4e03fdec31557532a4a555dc304377f232b793cd86f86a046fcc9b8978c5e

Download Submit
/data/data/cn.win888.banying.dpl/databases/cn.win888.banying.dpl-wal

Filesize
12KB

MD5
49a9e6f5e046074bd6f6f2f55090bde4

SHA1
90f358e51c71bce32b3ba62d270e364d90d655ef

SHA256
8ff9e9a1193fc775a01f7271aa1f719cd555a8cada2785249c195f8ce6d9634e

SHA512
0a982ea46032f88ee89b37b56cc8519225c0ac69ad17c2acb3a7b62bda6483a3d0ed1101a9b2d2540a61101e3196e847a0eb895255df92ff11ee623b7587320b

Download Submit
/data/data/cn.win888.banying.dpl/databases/cn.win888.banying.dpl-wal

Filesize
12KB

MD5
8441ff563766a0b37627e887411e3194

SHA1
1dcd619913b233e06fee136652b917b1c2de5632

SHA256
07904bdb70842fad4dbcb2c98f3d47eab978af21ec513420e8f74fbf7ff4b1ca

SHA512
16ed087ac9139918d7ab5838b319578398307b28b881ad5cfeb193952750906057f29f62a6e678cd3c7843828efa2bd4dd4b8d7d9143f034155d740ec06284bc

Download Submit
/data/data/cn.win888.banying.dpl/files/.um/um_cache_1715809560244.env

Filesize
1KB

MD5
5fc90cbd72995b0fac34f46d7672092b

SHA1
889c916aee2a4fb567a54c8257c11dd6aa2dccf6

SHA256
9a21b1c728022cbe6e4bf9d396a34e0eeb9a36deb06382a38e3936d457d33fd7

SHA512
df46b38a327ef0bec9d5a1df2d311bf9d85d58a34b28cbea2f202bc3845bcb2fde083cd1a3b430c38b0537f25ff280b704d8600226f066fbbc76d315216ffdb1

Download Submit
/data/data/cn.win888.banying.dpl/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
858ea72b39bcf32da52bbe8a308ba6b6

SHA1
835071536d20914a3b17786d26a27fbfe66fcef7

SHA256
6c34db73e7c01dfe9333db4dd7157b08d83234801c90e2eb8ff3feb13843dddc

SHA512
456c58960e40a8bec6dc52e69221da71fde67fa3f62896b826ccf455c1c65a31920c1814ee504aeff1afacbf9bd4a1f521fa7d9e1bc7b12614b6b7c7e3f08b9b

Download Submit
/data/data/cn.win888.banying.dpl/files/exid.dat

Filesize
54B

MD5
f4f290a8dbcd01e61ac3f357f46db9c4

SHA1
9d8e7487cf58474778b3bc0c05cf76e975256d68

SHA256
a48dcf8e576ed21eea2b8ed54f7b7b304d0e85641f92f3fbfdc228beb538f9a8

SHA512
d0679df9dd3eb0230bc7a3c38eb11fee7e09b41a70db14332a83f2f83e7e418c01217e37bd284b99f8ac55c8d429cbe31fb7115679b885b3039d316b3ca7f8a4

Download Submit
/data/data/cn.win888.banying.dpl/files/td_database1SaaS/1715809438220_4291

Filesize
2KB

MD5
b259ada5fad0c51c2a6a26b49f11b294

SHA1
160b6a2dfe9bdae65b8885f9319fcac1095f8ed6

SHA256
c3c9a19489a5c6583e290c4df984dfa7c4f4d211970412f255a72a828441bee6

SHA512
2cc4f53c0b3f58aafa1dca24d216442a5aed38013e62e04e1f1cdfb3db415ba0f831abc71acf575cef603994e7862ac36c186e7db9d3b7cbaf60c55286b18b41

Download Submit
/data/data/cn.win888.banying.dpl/files/td_database2SaaS/1715809436748_4291

Filesize
2KB

MD5
3fcfc144d5af2d4b2957bcc9c1bcfd6b

SHA1
8585fdcad821271bb1f593946a12c4cbdb378965

SHA256
3ee0f828257e5e497c4532d0df62a717a116350d0b18be3e11ee43c0c4e05b86

SHA512
2dae96f765525cec46f7890491e1bea3a8a86466ca3a8684c57aa1be5b49c2c22762fb9e5118711b5bac018e661bbe52dfa3e8595a4339de63c1dfe6aca15553

Download Submit
/data/data/cn.win888.banying.dpl/files/td_database2SaaS/1715809437129_4291

Filesize
2KB

MD5
1faddae371074adfd0792941345d78c1

SHA1
1f373616f69e29f37a0f82553e7f839464b3ce5c

SHA256
51cbb7d5e18eee69c247acb0484dce49aa2b0a72562673c407bd9b6c08313605

SHA512
e2720f2d60792340cba0a4551d170c4bce8c0b5c4f4c23c6d2dcc67bdbe2552a1c704bf973b7889d22da3ccbb895a7823656e0f6d2db9aaa6ce9f1beec67aac0

Download Submit
/data/data/cn.win888.banying.dpl/files/umeng_it.cache

Filesize
498B

MD5
c0931274ad35800d697254566bc8dafb

SHA1
0668e1c672a604a2fdedf7ab3f0ff2f8c3199944

SHA256
0ac037c6480950e77bbad85868ff19dfe00237a07ad82cb8007136b916cb2783

SHA512
c9d0f623e6346735caba8d39ef5e50bd8411b803d151593478515c7b5d2dbbb9842b9a119c8e8ed31b23132e39caf170182900ce17bec383fb675baebec90668

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
37cde0b0c4aa794fc7618ea0149a8b5f

SHA1
19beff161149ea5fafed3f4ac63224634ff4bdf8

SHA256
6538a4cc521f3bcc30e0613afa25d6f8be2b663bbcd96c11908840cb96f22336

SHA512
34a11c37e18f51b22f17311f8e7f8d480735ca7f8167c8333bb140d2b7514b4eeb7e195b77be139e0ec1dda9383f8ffa1463e0679adf14a49c2c82a9aff55b89

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
b55c3e6a3421f5abc20ab0f3799db4a3

SHA1
51568e905ce63d201af54a8608a4c19c31d5ec5c

SHA256
7bda455b4eb8250f0eecee09baa67c33e4ab8e28a0b80cbbd1d3afb95625b19d

SHA512
7d01a46464e8850c624a1a0426b6d744f1dcc6498b99b2f91508d8dcde03763467f3373d7ba25adec1e95c69fcee114a5581bb7dfdd7705ed06e65053c6dde60

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
4e2501d52a431ebfc22861c6e2ba1840

SHA1
c10e7e815569569a47184ac9d225fe08c48c7dda

SHA256
48a67a36aaa10857e062d7a3442701ba413d002ed7e0a3ec8d38a54f8df21bd0

SHA512
0f7ca01be774071ee4057330b3d4f6f04ee86233a60adeeb97b2ad6eef6f54d710b9620d804534f8ac9e2707fa724a90aca708c195b0eaa30620cdc3efc80bf8

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
87c2cc18918a074673943d691f1c0c86

SHA1
5465dbba850d78ec320d21043026fad2d8b12675

SHA256
534bdaa16e0adbe05ca227bc90e7e3e5a5670c6137c005247bd6b9093ba1bfd1

SHA512
5bac997b6ee3b13e74f47bb1f93126a85c338a3eb0d5d561357d4fa1a00d4bbfb17c904c65e45d22cc44cdb174ac1d6f7f29c640cc0de94638f3cce4f176f578

Download Submit
/storage/emulated/0/.tcookieid

Filesize
33B

MD5
057bc883a3c2e5a276bf790055716a6b

SHA1
e51a2a7d3b700ed4d484597fdd8a83745ca6ac30

SHA256
cdd779c62ed422ac433a93280c0d0aa7cf783cd42c132e7ee607865b772767c4

SHA512
f82844188b952baf340fa1760da0f2fc4686795d4704f2e7a2f1cf61ac304f9bb981043335762f7a7c20a0feac492e300a73ad279b1bc23981ff529d35d7e7ec

Download Submit