c5ffd3ce6714500166a4c18dae7f28b1b1b40323ca15b8fdc4eab3f9c8e2675a

Analysis

max time kernel
178s
max time network
185s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69587d5a2a638b1e4246a3023fab823b_JaffaCakes118.apk
Size

20.5MB
MD5

69587d5a2a638b1e4246a3023fab823b
SHA1

8952a3d4f66c17f24d589350451cd91b15cf2659
SHA256

c5ffd3ce6714500166a4c18dae7f28b1b1b40323ca15b8fdc4eab3f9c8e2675a
SHA512

3bfc7e74586a6a276f282ae4486723e38e14d6d8f54e177e9c48143e140f58b4bbadc4afddeecf5a92c25ee314316bb3a3ba07cbc57fb773995e1ba296dc574d
SSDEEP

393216:IjhkcfRKDBBaxg7X7z08z8QmFv/LvMQcgSxMji+AOXoNuyK/oDP:Ijhky8B8+vZk4qUMPAOXoQyWk

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

T1426

Processes:

com.wenhuapiaohao.app.Coin

ioc	process
/data/local/su	com.wenhuapiaohao.app.Coin
/data/local/bin/su	com.wenhuapiaohao.app.Coin
/data/local/xbin/su	com.wenhuapiaohao.app.Coin
/sbin/su	com.wenhuapiaohao.app.Coin

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.wenhuapiaohao.app.Coin

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.wenhuapiaohao.app.Coin

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.wenhuapiaohao.app.Coin

Checks Android system properties for emulator presence. 1 TTPs 7 IoCs

evasion

T1633.001

Processes:

com.wenhuapiaohao.app.Coin

description	ioc	process
Accessed system property	key: ro.hardware	com.wenhuapiaohao.app.Coin
Accessed system property	key: ro.product.device	com.wenhuapiaohao.app.Coin
Accessed system property	key: ro.product.model	com.wenhuapiaohao.app.Coin
Accessed system property	key: ro.product.name	com.wenhuapiaohao.app.Coin
Accessed system property	key: ro.serialno	com.wenhuapiaohao.app.Coin
Accessed system property	key: ro.bootloader	com.wenhuapiaohao.app.Coin
Accessed system property	key: ro.bootmode	com.wenhuapiaohao.app.Coin

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.wenhuapiaohao.app.Coin

description ioc process

File opened for read /proc/cpuinfo com.wenhuapiaohao.app.Coin

description	ioc	process
File opened for read	/proc/cpuinfo	com.wenhuapiaohao.app.Coin

Checks Qemu related system properties. 1 TTPs 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

evasion

T1633.001

Processes:

com.wenhuapiaohao.app.Coin

description	ioc	process
Accessed system property	key: ro.kernel.qemu.gles	com.wenhuapiaohao.app.Coin
Accessed system property	key: ro.kernel.qemu	com.wenhuapiaohao.app.Coin
Accessed system property	key: init.svc.qemud	com.wenhuapiaohao.app.Coin
Accessed system property	key: init.svc.qemu-props	com.wenhuapiaohao.app.Coin
Accessed system property	key: qemu.hw.mainkeys	com.wenhuapiaohao.app.Coin
Accessed system property	key: qemu.sf.fake_camera	com.wenhuapiaohao.app.Coin
Accessed system property	key: ro.kernel.android.qemud	com.wenhuapiaohao.app.Coin

Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.wenhuapiaohao.app.Coin

description ioc process

File opened for read /proc/meminfo com.wenhuapiaohao.app.Coin

description	ioc	process
File opened for read	/proc/meminfo	com.wenhuapiaohao.app.Coin

Loads dropped Dex/Jar 1 TTPs 9 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.wenhuapiaohao.app.Coin/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.wenhuapiaohao.app.Coin/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.wenhuapiaohao.app.Coin/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&com.wenhuapiaohao.app.Coin:pushcore

ioc	pid	process
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/classes.dex	4303	com.wenhuapiaohao.app.Coin
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/classes.dex!classes2.dex	4303	com.wenhuapiaohao.app.Coin
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/tmp.dex	4303	com.wenhuapiaohao.app.Coin
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/tmp.dex	4355	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.wenhuapiaohao.app.Coin/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.wenhuapiaohao.app.Coin/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/tmp.dex	4303	com.wenhuapiaohao.app.Coin
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/classes.dex	4397	com.wenhuapiaohao.app.Coin:pushcore
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/classes.dex!classes2.dex	4397	com.wenhuapiaohao.app.Coin:pushcore
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/tmp.dex	4397	com.wenhuapiaohao.app.Coin:pushcore
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/tmp.dex	4397	com.wenhuapiaohao.app.Coin:pushcore

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.wenhuapiaohao.app.Coincom.wenhuapiaohao.app.Coin:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wenhuapiaohao.app.Coin
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wenhuapiaohao.app.Coin:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.wenhuapiaohao.app.Coincom.wenhuapiaohao.app.Coin:pushcore

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wenhuapiaohao.app.Coin
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wenhuapiaohao.app.Coin:pushcore

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.wenhuapiaohao.app.Coincom.wenhuapiaohao.app.Coin:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.wenhuapiaohao.app.Coin
Framework service call	android.app.IActivityManager.registerReceiver	com.wenhuapiaohao.app.Coin:pushcore

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.wenhuapiaohao.app.Coincom.wenhuapiaohao.app.Coin:pushcore

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wenhuapiaohao.app.Coin
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wenhuapiaohao.app.Coin:pushcore

Reads information about phone network operator. 1 TTPs
discovery

T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.wenhuapiaohao.app.Coin:pushcorecom.wenhuapiaohao.app.Coin

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.wenhuapiaohao.app.Coin:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.wenhuapiaohao.app.Coin

com.wenhuapiaohao.app.Coin
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks Qemu related system properties.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4303

chmod 755 /data/data/com.wenhuapiaohao.app.Coin/.jiagu/libjiagu.so
2⤵
PID:4329

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.wenhuapiaohao.app.Coin/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.wenhuapiaohao.app.Coin/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4355

sh -c ps
2⤵
PID:4540

ps
2⤵
PID:4540

ps daemonsu
2⤵
PID:4565

ps | grep su
2⤵
PID:4584

ps
2⤵
PID:4624

com.wenhuapiaohao.app.Coin:pushcore
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4397

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wenhuapiaohao.app.Coin/.jiagu/classes.dex
Filesize
3.9MB

MD5
a507a5513715bebef7f3d61fd38f954c

SHA1
be31ec3a5a21e665428cc33b20d6279e3220bddb

SHA256
28e6d82fbe11a76eb049784eaeb47f2c046adfcb6ca75ccb16f3ed4d0bacb81b

SHA512
e67ccea39f022f059b88a1f6497e7978b6ecdaffab39b956def543c0f9c78926e3ee2e14ae88b9c7afe436a017bfe9ce042a845550751f8362c5e797a8494af9

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/classes.dex
Filesize
5.6MB

MD5
29d78566170b74dc78c1f3ee3e337552

SHA1
d3c656b047f7f38dfbc1a6f836d9952a5498b656

SHA256
199d99263ab1bc8e4b766e520b97de8d792a2cf6f3b5179e3e4448e2164c1124

SHA512
fe696b6173d2a787703806e9f4081b63c327bbd60283260188ccc223b664d3ff24969f1bcd66829b8448ea6350ed2d64db8f821e3b36a4433a04a221d2e66540

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/classes.dex!classes2.dex
Filesize
3.7MB

MD5
57464ec7afc8687f9996203a709ff7b8

SHA1
9063a721dfa2279560a014afe033839671c25537

SHA256
7a47029f6edc2ee77a23e30154b7e16dd4915eda661912d66f47bb27d36af3ed

SHA512
ec9cb8cf3aee1311e938ca33830ca39266b21e5c07a349b156d160a645c2e9136ebb2f573be24c78b37406d90d775d843b367808023466d4ce2d2b8b8c0ac19b

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/libjiagu.so
Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/tmp.dex
Filesize
32KB

MD5
e3280f4403e1e556e704693c6fdb2be5

SHA1
0437e39b4172fe7dbec5d29a37bd2a0eda538130

SHA256
6edcd0bb367f06f31b5a07b4242de0bbc214f5cad4ee6fcf6a13283a516b1c0c

SHA512
b614a7271848bb6c50d57c49b6dead47113b32a30d4962478b1aea2b9a6c0095295ea561051f14e2a6c667417a5511744693ce12f3bbcc510911175446eddfd5

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/app_jgls/.log.ls
Filesize
38KB

MD5
e8f33b3d9141b6abdd53a2c5b78bfde6

SHA1
ce0255f5945cd9d447bbd32670f42c7cab7d3a81

SHA256
9b8f09a03dc5da4717399ee76a0e4177ec39910614416151b147ba30c09b3ae2

SHA512
5967380b70b0a75c137b6672e2af35229d16ee05d741871c98effd27c707528f3c151feb782915303993953ff0d37c6973cb2ceda3a8ed524cb5aae4ef6ebdec

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/app_jgrpa/.log.rpa
Filesize
4KB

MD5
f2e6f1ab4c6d53f657603ad5f46c77d8

SHA1
93fefc3e83e00d060bf61fdd2193c00987dba4c5

SHA256
dd94adc1787f3ae29ad9ec74c4fce196251177c7395ec9612d5d42ea4b067015

SHA512
5498689ae06f7f0af2de22bf36629750dd442c91f3d43f3d026bd12928df3e3f89e937bbbd4af594cdc75135b8d34e61d54b7b644975d37a44766bf318afe48d

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/databases/com.wenhuapiaohao.app.Coin:pushcore.growing.db-journal
Filesize
512B

MD5
ea2e8b2db7b006230fa486b98ccf5dcc

SHA1
f3acdac629f3372d6d4aee75873b4dc1b1be67a6

SHA256
799ca802f93766e92566f93a18152a437260e54b4089106a998faf13c9adcf8a

SHA512
85c29055865476e04ce0a2f148d1d740ba0d69d9a750a38286debc798f0b1b4c8da32b46783647adbbd657f08481a70d753269b0f2670d7b703dd6eaebd53548

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/databases/growing.db
Filesize
20KB

MD5
62f72aaba8727ebf722bf25fdcc506c6

SHA1
a51cc378c54a8805f71a1947c8d93b4e7f4a710c

SHA256
95ebf79fd2fbc9f462880368117b9ecb95aea8f073e11f5be41f5f5c9d4f0886

SHA512
68a4498e9c7f6a08b6ffa4659127f248eeb5f9575eddf8a1cf25544e300994a705de6797c0a411461eb0d77375e48deaedcb4b2906e298e68523589c8ca6543c

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/databases/growing.db
Filesize
16KB

MD5
93a2f1630cf74945f7d765d113e8e70d

SHA1
1389481fe3d9786dd64eec345e29e2c8e8d71e4a

SHA256
745cc0f0816d7d980c502e7aec244102ee8521022f125562052042d25ff3a0b6

SHA512
e00b50e93f67c5c2b4ec5e39b378cfd7069fbc0b5d96847cedba712cc7ba7df435281e5541c9ec5f82692aa1af54c31e2dc3d08e5f81b42bcfd9fce4bac49e1f

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/databases/growing.db-journal
Filesize
512B

MD5
7e23de2f8bc28c1145536d357962c6d2

SHA1
2f282d16ec3d30e8b848649a6f8ce4a5c58a7f1c

SHA256
71b412ce83d07c955a19b1cea2bf35225cb846f69e4ca88e922f138f92b288d1

SHA512
a8510c308b2e7a062e9d3fa202a7a112dfbc9dc4341fb53472d9ee603ac84eee28e657616ace7c421900ba076fceeac0fa204630c267ec713ae63630bf78ba62

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/databases/growing.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/databases/growing.db-wal
Filesize
72KB

MD5
e863c46bb634937cb623e688e3e0d8f6

SHA1
c80bf3a20ab13b86aa679132d7ea04164957635c

SHA256
5919f3105fd084a7695e526153091c4d46dfaa678121571a0d2173cca75d4d3b

SHA512
75ef6dcd118fefd06921eed2b6a31079abbc5a906ea017c5561d9db0b307de2636f1271b34e85092c240045e7e9756169f7c5c3ef924087426e085ddb33ad139

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/databases/growing.db-wal
Filesize
8KB

MD5
9e0f11f2e799638b35b06c67910d1e55

SHA1
81223c33364bcb8744a88fde70757ca786e85276

SHA256
d8db102a082e479084575ed91945bc518d7f51bdb2959de5d5a1cc6898ac06d3

SHA512
4c1b132a02bf4f66d0067608598b4763f9abaec3065162dc4c51366a565101688d126c83cde1c55c1bf6d84360afef4ba845a073583089dd9027dd9cf8a6618c

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/databases/jgad.db
Filesize
20KB

MD5
f974f117c977ecf8b8ce2052d51f86ea

SHA1
63b65e8cea1dde56b380413252c5b2255e292477

SHA256
c8a47b7a573d61ec91e8144ff6ec22f0231b1b8fcf946e92ba1a03e8bb3bfef0

SHA512
818cab46ffad0c018b6f935a7efae96d5ee76ed285bbbbee4e73c842eb6b46df5f9fca0596773169fc73b83322db9d4f813ae019d4fec45eda63e5f0b8fe40d1

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/databases/jgad.db-journal
Filesize
512B

MD5
3478010640db3d3a0f4ea3217b914691

SHA1
15fcba75a20c25ead4bfbb206c37bf6af4f47513

SHA256
42a099f4ecb230ccd44f31f45880512dcbc2645aaeda87cccd05b5e2f9422325

SHA512
411f95dc1323f6e2fc08b208c17dfc4fb7e2f1f280e007f7bc2c10dd514421b98d5c4e7c65ebb0b34f52ecdb854d73b39347ed5e631bf5e2d5499ad8d4cd63f6

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/databases/jgad.db-wal
Filesize
32KB

MD5
85690fc10b620f7d49702a2e65db224c

SHA1
d37de2dfd469766f52a8a20c58de3c9c8abc2b8f

SHA256
e5f5a5b926460a3479ad374389486251a82a81c69615117a3d333541bd166eb4

SHA512
85aafdbb57146055fe69dc4a00829292acf6f7b0cc0214702d3bffa7d0875db2c0c0050524a0b25c29bbb8f09a2f54e036eba1c7b9e39fc7c1a178bfc6ef3103

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/files/.jglogs/.jg.ac
Filesize
40B

MD5
76009257f830bdfbe1e1621111a2e9b2

SHA1
4dc8c80a984602eefc79406bdf8fcbcb193961e5

SHA256
ebea3bc6b15d6b86b60743e8c69fe282e52c311318fb373cd32b68f165743606

SHA512
352127bce270d959652dcb113ec38354a2964f74808ceca8a754d7eeae2c110cdedad6598a70886e1439b24a44925983e5f63e9e28fe73f91ff6f6c70754f00b

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/files/.jglogs/.jg.ac
Filesize
40B

MD5
716d92108558b6ab32875327f382a6b2

SHA1
8b95c35ffea9d7cef0f8bdfebf00a86dbb8cabf3

SHA256
a3d97a5e023615d630289686c6c6b15123423f0c24eca555369669c3b39391fd

SHA512
73b1baccb883eb21d1fbce03b7ec5d2ba643ef78b3a4fb1bea0c1e980eca8cbe437bc50086427cf4be993e977d9bdda398fea8d5eaebadb59d4d1b57e289cf62

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/files/.jglogs/.jg.di
Filesize
340B

MD5
1e875d8c3a46fa62ee657fc9b38673de

SHA1
2aabd4a53d7e1f3d6b260bcc94d6bea72cfc4d2b

SHA256
286e88cd48b1049ccd8a7b1d6b4690de9db073d80fccff040d5d29caf8e489f0

SHA512
ef961817bf72dae2b810eab8a3e361693aabeb51db00a174542f41cad356c7a5cf4c665673f5fe54ffe13087ff972e88d73fca793b257b1cd33ba48d1f0523f8

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/files/.jglogs/.jg.di
Filesize
340B

MD5
589d80690fda99075beaa11c2b5490fd

SHA1
7d0414e7adda0c0361f52f5d970689caad52e0e0

SHA256
dcc95aed60c590931302204b9707702c24f1e340cecbbd10f37911781257b034

SHA512
b276ffb095a357478b6dd3e4517b1337691491a20e0f7bfb03cee6fddd8db01b1d51aa78eb8a547d1b5a560475d6d212bef444420c67f5bbc55437a527ddf5bc

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/files/.jglogs/.jg.ic
Filesize
40B

MD5
5858a4eef5346df8df09168a08152499

SHA1
f9f7fbc1be71b19924ae93f2291891c77cfdbefb

SHA256
ac230f9a33c6cdd868fbb056dc650de8bff589e4cf7fb1bc25786e6afb499534

SHA512
a3832e811a4b4b45625f254200db4f3a0b7fa640eb9f4b4dc2b288e0a87ae60184018bc8018ec418a9a98cae73d0dbeb78c7c216c995218b0f91cf792ea2ef2e

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/files/.jglogs/.jg.ri
Filesize
314B

MD5
4f72b617ac7e236be96bd3fb04eec02e

SHA1
022799649eb35c7fd54f08aa60296c33d52d62af

SHA256
d1a3e4e790e17e52119c8bbab3f7c35aa073ae513f282a6fa70670515f192753

SHA512
fc30302e1d36deb2809dd3533a5a5a70cd4e955e8b249d615bc69731017074511eaaa9734b2e99283e6a405dcc1b3b6f42f4cec6dc7056a26234144f847fc4aa

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/files/.jiagu.lock
Filesize
27B

MD5
52f0712d6e87cf350cb1ad8f5c27ac48

SHA1
32aed45901f497b170d2781db6eac1a222ca2c1b

SHA256
0a0a564e03ec581f642f391b06204e4120b4f1b3d4bb554f857922455d28259a

SHA512
e82b991e9b1958898c1c5798944847491fb5946373198c45b24cd3cc615e86e8c2c837dec196c02774c584e8dabdfa59e8b309ac8d551e7411b30f13ccf3b167

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/files/jpush_stat_cache.json
Filesize
123B

MD5
cf1f43d530d9a4646ed5f7204ca1b98b

SHA1
1fbd4e49402d5f2a7798a46553c11242cd3d0b75

SHA256
51404a47006ae367767ee748e7e20728a30f00f45a91dec68aeabc1866f18fd6

SHA512
d21575fc30f95b7b4a5923f8dfe1da5420e62b15da4cfd7c0fdc2c5e0c66034af073d984bf6a67b6c3a45108abe4a4bbecd2979a97f88c746e6909652decbef7

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
dd94d828cd9c69740ba4e427eae6d37d

SHA1
cc94b3b1066d6ad798adc597d6da775eff68caa4

SHA256
0e35c11b9b84cbced8196104cdf71e4f6ff59a5081407288c8eacc94b10a5bfb

SHA512
94fb99fd842466bfac0d053d8ba7f129ea71c360e4587a6ae6e64445d71f3d6a793e2b790bbe22d87e10212392ae8cafafae8f3c00c4a7db0f9d0929470c3e8a

Download Submit