5d4f5e65b571e1a4b19a829f3d7b4eb4a19ef8b0d7f6a90d33c960a39dcb2726

Analysis

max time kernel
163s
max time network
186s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
24-05-2024 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f41ed0a6bcac98f036fba178457a0c3_JaffaCakes118.apk
Size

4.7MB
MD5

6f41ed0a6bcac98f036fba178457a0c3
SHA1

4028b8e76b021d87725eb3b2636f0eae58972a7d
SHA256

5d4f5e65b571e1a4b19a829f3d7b4eb4a19ef8b0d7f6a90d33c960a39dcb2726
SHA512

50cbe56cee0f506ef0acb5b5b0bc618ccfe5c1bd3dfdb8f9e71d6a99d04c61273cc6281bef86354d51281ba62a239060e5a42ba8c3cef75de132cadf3d31b39f
SSDEEP

98304:p0jXJ6R7OTuQ44BMqr7AsJt1kRuqXWb4EaVkyw/xrzvVp:W16lkRBMq7BrkkqvE1b/FL

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 15 IoCs

evasion

T1426

Processes:

wntgq.dcloud.DUSFWHVIwntgq.dcloud.DUSFWHVI:pushcorewntgq.dcloud.DUSFWHVI:multiprocess

ioc	process
/system/xbin/su	wntgq.dcloud.DUSFWHVI
/data/local/bin/su	wntgq.dcloud.DUSFWHVI:pushcore
/data/local/su	wntgq.dcloud.DUSFWHVI:multiprocess
/data/local/xbin/su	wntgq.dcloud.DUSFWHVI
/data/local/su	wntgq.dcloud.DUSFWHVI
/data/local/xbin/su	wntgq.dcloud.DUSFWHVI:pushcore
/data/local/su	wntgq.dcloud.DUSFWHVI:pushcore
/sbin/su	wntgq.dcloud.DUSFWHVI:pushcore
/system/xbin/su	wntgq.dcloud.DUSFWHVI:pushcore
/sbin/su	wntgq.dcloud.DUSFWHVI:multiprocess
/sbin/su	wntgq.dcloud.DUSFWHVI
/data/local/bin/su	wntgq.dcloud.DUSFWHVI
/data/local/xbin/su	wntgq.dcloud.DUSFWHVI:multiprocess
/data/local/bin/su	wntgq.dcloud.DUSFWHVI:multiprocess
/system/xbin/su	wntgq.dcloud.DUSFWHVI:multiprocess

Checks CPU information 2 TTPs 3 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

T1633.001

T1426

Processes:

wntgq.dcloud.DUSFWHVI:multiprocesswntgq.dcloud.DUSFWHVIwntgq.dcloud.DUSFWHVI:pushcore

description	ioc	process
File opened for read	/proc/cpuinfo	wntgq.dcloud.DUSFWHVI:multiprocess
File opened for read	/proc/cpuinfo	wntgq.dcloud.DUSFWHVI
File opened for read	/proc/cpuinfo	wntgq.dcloud.DUSFWHVI:pushcore

Checks known Qemu files. 1 TTPs 9 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

T1633.001

Processes:

wntgq.dcloud.DUSFWHVI:pushcorewntgq.dcloud.DUSFWHVI:multiprocesswntgq.dcloud.DUSFWHVI

ioc	process
/sys/qemu_trace	wntgq.dcloud.DUSFWHVI:pushcore
/system/lib/libc_malloc_debug_qemu.so	wntgq.dcloud.DUSFWHVI:multiprocess
/sys/qemu_trace	wntgq.dcloud.DUSFWHVI:multiprocess
/system/lib/libc_malloc_debug_qemu.so	wntgq.dcloud.DUSFWHVI
/sys/qemu_trace	wntgq.dcloud.DUSFWHVI
/system/bin/qemu-props	wntgq.dcloud.DUSFWHVI
/system/lib/libc_malloc_debug_qemu.so	wntgq.dcloud.DUSFWHVI:pushcore
/system/bin/qemu-props	wntgq.dcloud.DUSFWHVI:pushcore
/system/bin/qemu-props	wntgq.dcloud.DUSFWHVI:multiprocess

Checks known Qemu pipes. 1 TTPs 6 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

T1633.001

Processes:

wntgq.dcloud.DUSFWHVIwntgq.dcloud.DUSFWHVI:pushcorewntgq.dcloud.DUSFWHVI:multiprocess

ioc	process
/dev/qemu_pipe	wntgq.dcloud.DUSFWHVI
/dev/socket/qemud	wntgq.dcloud.DUSFWHVI:pushcore
/dev/qemu_pipe	wntgq.dcloud.DUSFWHVI:pushcore
/dev/socket/qemud	wntgq.dcloud.DUSFWHVI:multiprocess
/dev/qemu_pipe	wntgq.dcloud.DUSFWHVI:multiprocess
/dev/socket/qemud	wntgq.dcloud.DUSFWHVI

Checks memory information 2 TTPs 3 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

T1633.001

T1426

Processes:

wntgq.dcloud.DUSFWHVIwntgq.dcloud.DUSFWHVI:pushcorewntgq.dcloud.DUSFWHVI:multiprocess

description	ioc	process
File opened for read	/proc/meminfo	wntgq.dcloud.DUSFWHVI
File opened for read	/proc/meminfo	wntgq.dcloud.DUSFWHVI:pushcore
File opened for read	/proc/meminfo	wntgq.dcloud.DUSFWHVI:multiprocess

Obtains sensitive information copied to the device clipboard 2 TTPs 3 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

T1414

T1641.001

Processes:

wntgq.dcloud.DUSFWHVIwntgq.dcloud.DUSFWHVI:pushcorewntgq.dcloud.DUSFWHVI:multiprocess

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	wntgq.dcloud.DUSFWHVI
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	wntgq.dcloud.DUSFWHVI:pushcore
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	wntgq.dcloud.DUSFWHVI:multiprocess

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

wntgq.dcloud.DUSFWHVIwntgq.dcloud.DUSFWHVI:pushcorewntgq.dcloud.DUSFWHVI:multiprocess

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	wntgq.dcloud.DUSFWHVI
Framework service call	android.app.IActivityManager.getRunningAppProcesses	wntgq.dcloud.DUSFWHVI:pushcore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	wntgq.dcloud.DUSFWHVI:multiprocess

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

T1421

Processes:

wntgq.dcloud.DUSFWHVIwntgq.dcloud.DUSFWHVI:pushcorewntgq.dcloud.DUSFWHVI:multiprocess

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	wntgq.dcloud.DUSFWHVI
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	wntgq.dcloud.DUSFWHVI:pushcore
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	wntgq.dcloud.DUSFWHVI:multiprocess

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs

impact

T1471

Processes:

wntgq.dcloud.DUSFWHVIwntgq.dcloud.DUSFWHVI:pushcorewntgq.dcloud.DUSFWHVI:multiprocess

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	wntgq.dcloud.DUSFWHVI
Framework API call	javax.crypto.Cipher.doFinal	wntgq.dcloud.DUSFWHVI:pushcore
Framework API call	javax.crypto.Cipher.doFinal	wntgq.dcloud.DUSFWHVI:multiprocess

wntgq.dcloud.DUSFWHVI
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4625

wntgq.dcloud.DUSFWHVI:pushcore
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4810

wntgq.dcloud.DUSFWHVI:multiprocess
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4886

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/wntgq.dcloud.DUSFWHVI/databases/ua.db
Filesize
36KB

MD5
4a8120c91e3143b2db43971dbc77cf8d

SHA1
37c5700d35059c4e0a718ced73b3d73ba5d2b277

SHA256
1fa1b6e6bd75bcef64d35785e2fd6f2e73dcdf92dce73c8b2a8fed49746d53bb

SHA512
465cd282927e30a0a894a75ad261feddde5a31869c8cea6b548362afce08fbb7cff7a784bd1d62c3e4c95916ce30e758d3919dd4cdc13176f29d68c2620c185c

Download Submit
/data/data/wntgq.dcloud.DUSFWHVI/databases/ua.db
Filesize
24KB

MD5
77d09ba64030a08a86bbe5d05ae53d0a

SHA1
83a914168f584a0d2f67e43089e7f8a3e8a2d1ac

SHA256
571230ba4e33562b98619c40fd5f4b74cfbc718a57ad73c4aa1559807803a2ab

SHA512
aca6d0ef6e2bde47aec23b6a98cf12286eabd840f6f6c1513187497931e6895688b2f77d9323b31154a35f527d6b70826a6e0fc35b730d54060143b5de39fe77

Download Submit
/data/data/wntgq.dcloud.DUSFWHVI/databases/ua.db-journal
Filesize
512B

MD5
76dbd58ddbfc5672f9b69fac5ab1a676

SHA1
abd697e3f8f3f10985656e85afbd6089eb80f32e

SHA256
1a692596cac552375747188de1fd8eb894b77b9be4adb997a5209716526b3878

SHA512
a3e946635dffb8861569732ceb6ecb383edff19b9a99fdaaedb289041d6b0068fa4f2a48dcf04f69716dec8ee3146131bb8cf725e997584d78c9a3431ffc7b4a

Download Submit
/data/data/wntgq.dcloud.DUSFWHVI/databases/ua.db-journal
Filesize
8KB

MD5
f70cd4f6e45607951a4082d47a1aee11

SHA1
533495c849b5e99a690a6357de9bd0c57d5ad2eb

SHA256
3b67d6cb350b013a781ec328d1d442ab56838a5cc6b71388d3e0a4e28f216d57

SHA512
6e97088e288291e76f7106d3b541154399fd1a5f239ea020171ccd334c5e8106008f1e285e1aeabc5af906572115928c1663d6998825950aff2dffe56cb6d0d4

Download Submit
/data/data/wntgq.dcloud.DUSFWHVI/databases/ua.db-journal
Filesize
8KB

MD5
ee31944a9ea04206441b11d3cae989f2

SHA1
0d4ab2b2a7c1571783c51dab73eb66ba9ab8698c

SHA256
2458bb42376a2594b32a152aa7ea490ad87a79e5cfea27c26c00e554c0f9ecde

SHA512
8b5c8683d4529b97affc4b562e674dc4475c33ba27e62735af28ba3f3e5ccd7ad2209641a0840fb8555e4e28bb5eb6bd473179709584af63557b913838f084c1

Download Submit
/data/data/wntgq.dcloud.DUSFWHVI/databases/ua.db-journal
Filesize
16KB

MD5
fa4cfee5feac0ea86ff397e7c729c425

SHA1
8f0edc87e72b0529ab80a940de8835d96df2f4e1

SHA256
d4da3bf8e294940bb069785b200987a1494910a791fe26c50cdbe80aed12af01

SHA512
b8989ea241d6441051cc19ca61933783277529d7c9588a046335c98864e9e8ff99097340f9d3646b6d6aa11154276ad8f05be6b55bf4e03f4896591e8ec90aac

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/app_crashrecord/1004
Filesize
230B

MD5
8d2338f8af165b839c9a810007c57cc8

SHA1
5a35a8c21775b65f15b184f5965aba68975d7926

SHA256
bd6d5ad0a3d6f8edf7f36535c31fc4e870aa68b239e6aaa588faaa54b96620e2

SHA512
0cb6dd1bc7ce4bcaa247f5d938f0a9af97b3ee7305161f63902860c124e940cf447d907f4d5f4e56360575fd5f86c40767961bb33c77a892d972fcd82252b6d6

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/app_tbs/core_private/download_upload
Filesize
84B

MD5
f9772d71140d80632ea89c0c4dd1d90b

SHA1
a915af66e726369fd00101bfede9b29bd13940a2

SHA256
8cc469d6d53ec6d7fe8c91625de406f8b242329ce4e60f50d55e42f2582a7b7f

SHA512
a2397496fb641d75a930f8285522aeebba95043556c021e5e60d1a5b3ff60513caf88195f827d10d45c614c0a028fea13a2941551ddebf93a2920157c3d32869

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/app_tbs/core_private/download_upload
Filesize
16KB

MD5
5df4411f09e6411846d2622e6dc70d83

SHA1
5c2a99955733502a3f90a4cccfe59b6474751bbe

SHA256
53de6d03daf50dd9e80f87665e63955c5e461029108d699fe7baec1817c619c2

SHA512
d129c49e202ebeedbb6cbc8129de7a962fa947e70f176ff3d7048599208a28672c5717310f22bc5cb58e892319c859f81a5df961d44eae923da699763eca5a7f

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/app_tbs/core_private/download_upload
Filesize
84B

MD5
134e76738364108400fcb4acdae0e9dc

SHA1
6268e0f79f376d29a4fd250ab994a7abc09c4fa5

SHA256
2b13a339925e71fb1513fbba8332c51a5f786fd1b44a5f5d65dc2e75da855de7

SHA512
65e403c1649d0f26fe156502c4f1ca0a2c94900fce72ad36e6b00a3d69fb25e0613bbc959954fab6845e964542d39e7e9577deb93606290516186b0871ccb519

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/app_tbs/core_private/download_upload
Filesize
84B

MD5
43326b7ed9efca87d1910fd1623d7663

SHA1
9b7cc2de75ba50dd9529c98f2c7828d2bf0ac728

SHA256
9158027882b9c9246f8a3f1348f83d544ef5855d515793699385ec80329cb00a

SHA512
a01af21ef9bdaa935e6bb0dccfa245af66b7a18bf73cf7865f5af0061d4dd91160a5db524564224353f26e9cfa8ec107fe1a0a1f01806c127a9ec2dac99154d9

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/app_tbs/core_private/download_upload
Filesize
20KB

MD5
cbcdd59d8622a42991a7227727460bd1

SHA1
a89be44f9d63a7ce04973259e56379f9b9f9213c

SHA256
a6687bcd255aecfea96bbc6a60835b7369ef41c74c88e81cbb9243a787cdb625

SHA512
ee3e5f791fa825d3139c9057e0dcd5febd0c9dae1f7dbe4251f06a9212b1921007f428b09c9a154a704b641e54e00e5045b7f7b41b61b8cb410e6e37ad836942

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/app_tbs/core_private/download_upload
Filesize
8KB

MD5
50aadfffbedb399782eb17e0866f1ec9

SHA1
e86c1e76560da6e810a9bd73b482e2853eca258e

SHA256
66848d71b36e9b4840de5d7b83d1e7f9002fc6776d25b729be238e7aaca02267

SHA512
f0039c7e329764c3bc4cff4e27c03cb5f7e1e1d1e1a6f1de46b2864bf5c5df2dbe8f2ab06c885e80ad8947c5316d99141d932b72cfa40bd847f8cc5d41e8cb55

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/databases/bugly_db_
Filesize
52KB

MD5
6644a4673a7c80006dfab50f0054f840

SHA1
20dcb3b340c99ae21341c216a52fca1c800246f3

SHA256
04580199bf3d31d02b7d1f56017457ef81017134e00bad838fb9178c6b2e200d

SHA512
13bdd3898d1de7edc1631a434705f6914fb055653edf17569fa2024ed8f0b2a04f24f00e07f4e30831f85f2ad13c8fd6aa9d18ba45346049d7fb43f580a58f1d

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/databases/bugly_db_-journal
Filesize
8KB

MD5
58cc844f5b20bd9e20f07e7d73f6ab6c

SHA1
4d4ad4069983d88b5be9e8ac8008f289ec57948f

SHA256
d9b43dd9944d13d5a0ef72b75597b0fa9454db645d36bd3a1301876254819c06

SHA512
136718684377cfb9279b2b33735d19543dbe45870cc3226ab415ef70c2d84b627c72473781e70bb80fbbb0315aca1d808085aa7c60ea5e71555bb9b11549c5b0

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/databases/bugly_db_-journal
Filesize
8KB

MD5
81a313c74016c4b85c7fd608500abf3d

SHA1
5f443d8c75a39cebe20c1939fd241120548c526b

SHA256
dae56d9b5020cf3466d92f898f461d66cc005ca5d5aca4280064367573328399

SHA512
c57c90f24bede507ed948ed6b6a67e0553bb9bcd0afd11e9521f99e491c54ad3ed06994ea7ab7a18993673af8a7eff8b134fcba51d4f7ac0dd126d6be17bde69

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/databases/bugly_db_-journal
Filesize
8KB

MD5
e0da1ebd0f02fe5ff522405ca5504473

SHA1
d61d315a97c29e9958175ba5a3160678990b6568

SHA256
dcde54febdec38007b57d0537dfcb87b285273622b49c870ed548ffeb0af9b0d

SHA512
ca8684c565b200f69d85e38bfa1c05e088c9cc0aed79d9817b0e42032fb46bc2cacf2ea0335efabf1c1c66783b1c4f0230b563350cad3b2334d29d805546edab

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/databases/bugly_db_-journal
Filesize
8KB

MD5
61f205c4943762f7b122d26c2af39978

SHA1
21ff58149212efe0b907a6894bb0782f4850e0af

SHA256
1d647762f7b1244de598ca46bfb7748e08ad4e4f472a012481b0c1a237e62c1a

SHA512
5602293142c1c03820470891c5ed0b54a5e69343aa27a380c82f3eaa5a94be43417e76b478e9a0c8a2ec8df3784241db204239ed22d1de70ba61c4f91e9e7bfb

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/databases/bugly_db_-journal
Filesize
8KB

MD5
82e9cc87a63ec27d2932d2d3cc30acf8

SHA1
fbe7d71e27a0d93f65a72746b7ad15bfa7e4688b

SHA256
8739a5ec9112b9bdaedbd2368138a51075857fb1b6d098ee02c21e9935b3ebe0

SHA512
187b233a020eb619f5fbaefa60f8078e48cd1f41e3c7f1ac9104e0a300def66e9aa4236d7f464448a8c829fe975ee667a4e26b5dd66808c1f78a8a011b759fc0

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/databases/bugly_db_-journal
Filesize
512B

MD5
02810dc9f079c449b1f0d9b2f238302b

SHA1
7f86ec7d5a7cef3deea8ad51b717400fe9189516

SHA256
86ddabe3c32cb51c2b6596749c54badf1a9ca3046f123f68be0e7a6aa483097c

SHA512
704909266e8076031fd8ea19becf68247b2def5b27b872c68a8714125caa73d63a7bfb43d3bfbd282909948ced18a7eec0fc17af60e5ed98f07b50f24565a1e4

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/files/.envelope/a==7.5.0&&1.0.0_1716571196799_envelope.log
Filesize
1KB

MD5
25dc0a1fafa318428cfc74ddd2c16e1a

SHA1
a453b79304cf807a74b4b4014674e6c06385b812

SHA256
9534c33d0f0aeb95d079e9bcd20c7fa3873544549f7b3e118dc77e941c6acb7c

SHA512
956977102c6726b728ed1dc908a1a1482f314dbbdbb6fa81e45f0d8d1b4b6d7d2e75720e855111918d59fc07e4b3f0b2c8b72ee01a6d7a787245447b384b275a

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
87dbf824bd62f8401c4507f2765217f7

SHA1
ff230ad83d78893d12a4d5f43daabfeba605d851

SHA256
e0fd5fe198a3f2c52282ba1128fd0ba77c06f93e069f879fc0dfdc26e295e0be

SHA512
4689b2c73e6fb933d1059e36befe7d0b0f8bbc32f7ed4413f9f85ddf3eb16a3b78ccaa249b51e7b413b9e861574bb99716d26dbe0a94b35783242dcee4196a09

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/files/exid.dat
Filesize
57B

MD5
ae47104e6e03648bc92645bcf269a220

SHA1
cdbeb4b59e70e762778ba29ceaec82b1a2bce3c4

SHA256
83aab6b1cbb932f64a4510241f1115201398eeb460112cbe612002b1b31f9a43

SHA512
3892d5555b697250664b0b6ebb80a60a11d7f9bfdb8c9d768076da1cc2cda4f14e68bdc0ddc78744c446a6250c49ee2390b7fe8de8fa5354dbd3b519b0cc40af

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/files/jpush_stat_history/active_user/nowrap/7251602e-2941-445d-a061-f121d6cef955
Filesize
159B

MD5
15615b2d51e6acf8c22b18ef27bfaf04

SHA1
6e7f98228643b8f836c998aa482c4435e9ac4830

SHA256
b6820e2464e099d91de3fe698a772271c99c8995c1fec1514b4ed1d5f9117261

SHA512
28ae9c149e9d691a2217c5d372f28eb34356f22576b2aa0eb6ded8522b32b42f7d5960b8c79d64f1147bc8800a7902630df376ea26834fd705aa34a569539c7f

Download Submit
/data/user/0/wntgq.dcloud.DUSFWHVI/files/umeng_it.cache
Filesize
350B

MD5
c9de7c2af538924d954163df855dca92

SHA1
1a6b9ab7ac919c0686c78b7877a5fe492d0c53d1

SHA256
767808c34cff52afe9803460edff76d0aa6b5811486e7bd850f9137e7eaa4d3e

SHA512
07c719639b4fb12916b41a0e9196347e4aa80189654ef2daad78196e222e570db4e2c93e3324643a043a25d9df2ac7b3aa7c66f73046884152c23e720159b7da

Download Submit
/storage/emulated/0/Android/data/wntgq.dcloud.DUSFWHVI/files/tbslog/tbslog.txt (deleted)
Filesize
13KB

MD5
764b40a4a0f7bbeab55835d3d4c03d55

SHA1
c865297af3fe5d942f0648d0244e94ff8b16e81f

SHA256
310dfeeefa74d396a6eb86691d0354e9354c901ae389f0ea7632b165ffe9b14d

SHA512
1fc209994d32acaa6d32935f3c54ed7e849b3c3b96819b5bf2bf6b447edb2e99a0bf6ed584555b98a947752b45c19c33fd25e0c66890fd7fd0f10b2f16a073eb

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
32B

MD5
d62969c617fc591d086c03a08f5903aa

SHA1
98387fefafff137e3a549a4d3ce41bbc67141ea4

SHA256
ec68f0dab6bbbdabffd5caca03f4d3065339d1fba04ebc6813cdea36c8f23196

SHA512
d71d436ea41da599492d9014c36d46a4046351da522ea06ab57dd0af3abf8053ccc1dcfcb53e0e0d22dfdcfbfe03f853b5c87ac992b9ca83bda628faa835ce11

Download Submit