Malware Analysis Report

2025-01-06 11:29

Sample ID 240603-e3sdsacf58
Target 90877bcf48250d65a2cdf6f515d34c66_JaffaCakes118
SHA256 6bec52db37a08b8f0f561efdc1599f8ebdafaf9c0372ec2427a833655c4d4394
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

6bec52db37a08b8f0f561efdc1599f8ebdafaf9c0372ec2427a833655c4d4394

Threat Level: Likely malicious

The file 90877bcf48250d65a2cdf6f515d34c66_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Requests cell location

Checks if the Android device is rooted.

Checks CPU information

Queries information about running processes on the device

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current Wi-Fi connection

Checks memory information

Loads dropped Dex/Jar

Reads information about phone network operator.

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Checks the presence of a debugger

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 04:28

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 04:28

Reported

2024-06-03 04:31

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

185s

Command Line

com.cherishTang.laishou

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.cherishTang.laishou/mix.dex N/A N/A
N/A /data/data/com.cherishTang.laishou/mix.dex N/A N/A
N/A /data/data/com.cherishTang.laishou/mix.dex N/A N/A
N/A /data/data/com.cherishTang.laishou/mix.dex N/A N/A
N/A /data/data/com.cherishTang.laishou/mix.dex N/A N/A
N/A /data/data/com.cherishTang.laishou/mix.dex N/A N/A
N/A /data/data/com.cherishTang.laishou/mix.dex N/A N/A
N/A /data/data/com.cherishTang.laishou/mix.dex N/A N/A
N/A /data/data/com.cherishTang.laishou/mix.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.cherishTang.laishou

sh -c getprop ro.yunos.version

getprop ro.yunos.version

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.cherishTang.laishou/mix.dex --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/data/com.cherishTang.laishou/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&

com.cherishTang.laishou:multiprocess

ls /sys/class/thermal

/system/bin/sh -c getprop ro.board.platform

sh -c getprop ro.yunos.version

getprop ro.board.platform

getprop ro.yunos.version

/system/bin/sh -c type su

logcat *:e *:i | grep "(4388)"

logcat -d -v threadtime

/system/bin/sh -c getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

/system/bin/sh -c getprop ro.build.version.emui

getprop ro.build.version.emui

/system/bin/sh -c getprop ro.lenovo.series

getprop ro.lenovo.series

/system/bin/sh -c getprop ro.build.nubia.rom.name

getprop ro.build.nubia.rom.name

/system/bin/sh -c getprop ro.meizu.product.model

getprop ro.meizu.product.model

/system/bin/sh -c getprop ro.build.version.opporom

getprop ro.build.version.opporom

/system/bin/sh -c getprop ro.vivo.os.build.display.id

getprop ro.vivo.os.build.display.id

/system/bin/sh -c getprop ro.aa.romver

getprop ro.aa.romver

/system/bin/sh -c getprop ro.lewa.version

getprop ro.lewa.version

/system/bin/sh -c getprop ro.gn.gnromvernumber

getprop ro.gn.gnromvernumber

/system/bin/sh -c getprop ro.build.tyd.kbstyle_version

getprop ro.build.tyd.kbstyle_version

/system/bin/sh -c getprop ro.build.fingerprint

getprop ro.build.fingerprint

/system/bin/sh -c getprop ro.build.rom.id

getprop ro.build.rom.id

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.68:443 plbslog.umeng.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.178:443 ulogs.umeng.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 110.41.162.127:19000 s.jpush.cn udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.94.119.240:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 124.71.170.130:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 36.156.202.68:443 plbslog.umeng.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 139.9.138.15:7008 im64.jpush.cn tcp
CN 139.9.138.15:7007 im64.jpush.cn tcp
CN 139.9.138.15:7009 im64.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 139.9.138.15:7005 im64.jpush.cn tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 139.9.138.15:7006 im64.jpush.cn tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 119.3.253.130:19000 s.jpush.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 110.41.53.90:19000 sis.jpush.io udp
CN 124.71.170.130:19000 sis.jpush.io udp
CN 123.196.118.23:19000 udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 139.9.138.15:7009 im64.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 139.9.138.15:7006 im64.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 139.9.138.15:7008 im64.jpush.cn tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp
CN 139.9.138.15:7005 im64.jpush.cn tcp
CN 139.9.138.15:7007 im64.jpush.cn tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 1.94.119.240:19000 s.jpush.cn udp
CN 110.41.53.90:19000 s.jpush.cn udp
CN 59.82.31.160:443 log.umsns.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 124.71.170.130:19000 s.jpush.cn udp
CN 123.196.118.23:19000 udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp

Files

/data/data/com.cherishTang.laishou/databases/bugly_db_legu-journal

MD5 63ed3205a330f44f3a94d29a4c121ecc
SHA1 906f324e8454d8523b84bb6d060adbc5145e95ef
SHA256 63354879ef57597a9c2a8c116d8a1c4c39f49753a93854577b767ce7f26600a2
SHA512 a94a53b9f758210e42c46c9184d3f077c178b64203b6698fa0a8380180d68b7dc944662d5dfdf5fa8de450ea981111111b7e76d9f832c1a87dbc54c705cf7d3b

/data/data/com.cherishTang.laishou/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.cherishTang.laishou/databases/bugly_db_legu-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.cherishTang.laishou/databases/bugly_db_legu-wal

MD5 97e10619e0a2d12ae070aa6401589c33
SHA1 a933fd69cd962343c827f70da9217935a651d8e5
SHA256 7962f1845bb918e76c347f7358571360bb4e4dc3ad7f0f8c7885d07aeaa7c798
SHA512 5cdd74c0d99857f340caefbb790d2d23a53cc57477d3c13bd3099d04cc47aa7c88efb765804da41a55ab26479773c9bf6047d948703b6197d909b1b6ce6c1b68

/data/data/com.cherishTang.laishou/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/data/data/com.cherishTang.laishou/files/libcuid.so

MD5 f55949365f5e41c949bcd05a316f268d
SHA1 aff72dbb47f7218130c3b7ddb3c2fbad4268c01a
SHA256 976e132fc9b30c55227127fb52d577ed27366bc6c169d9b93cbb52fb54129306
SHA512 4814474759b31fa63f4529541c852292dafa070585e1a26b38fafad97a81f8b4e1a8dac50ade0b214ab3505ac26e74d89a9668f77416a179e190e69650dfecb4

/storage/emulated/0/laishou/log/log-2024-06-03.log

MD5 7cebd605748f70be51cff59a73c3de7f
SHA1 42b0676602eead6ec51819cdbaeff854252fc6d6
SHA256 33268183ac0eaa72e08ec454b30843822077354f88d9d109e583eaac5beaae19
SHA512 470eee6571373161a45c2a54487fcf65c3da237a05e7fb6478af086f2638de341e4f004d2829ad9cd571e81157b573fe224f88b8b601767a7941bb6f830ed9f8

/storage/emulated/0/data/.push_deviceid

MD5 8bc6e30772b979f48f5037d32ae13b98
SHA1 853324487c85b80e320a04d2f17cfd97ffb2d625
SHA256 153e9f4860ffe9191f084155deac4ef4dd26e58e055759a26d6a658eced4784e
SHA512 25d7d3abf3dfde82c8ce9af531622d7a4f5512a35c6ca3bbc4e0f7734f4b53f6332ced7c4dbbd7bc57dba06221074d89015b66de48c17370d0c8c261dca22975

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 04:28

Reported

2024-06-03 04:31

Platform

android-x64-20240514-en

Max time kernel

11s

Max time network

131s

Command Line

com.cherishTang.laishou

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.cherishTang.laishou/mix.dex N/A N/A
N/A /data/data/com.cherishTang.laishou/mix.dex N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Checks the presence of a debugger

evasion

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.cherishTang.laishou

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
GB 172.217.169.14:443 tcp
GB 172.217.16.226:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/data/com.cherishTang.laishou/databases/bugly_db_legu-journal

MD5 0815addf3c609f0637c346f0a81b7d89
SHA1 f0c88dd87ec4d5494a894317e137896c5763f48e
SHA256 f077fa932acf9e93bc7947815b7bc7690eba0fe966827c0907e8134ef71e93c2
SHA512 ae32ebb93d2dd1046c0830cfd9cefc989f4344f73502c05d305f22bfc57b2197f7e820aa6fec397d63bf5ebd87ae27883f0d1d8f560dec5f97fc165a61b18d01

/data/data/com.cherishTang.laishou/databases/bugly_db_legu

MD5 b9389fe1efee7a30ddde5f8d6bc73349
SHA1 ed4b986682cde4fb5e9bcaf91744d04d2f4962f1
SHA256 2b2d100c0d83e48369386f3b8a7abda05b7a394947a2d7fc6d41d5032011be45
SHA512 07a0f865673694c515b037f7ff3ce6a005b4b2efd14c66595c581a4779689f9dd5d632cd934e94f7f996fa434fd207dabea5f8efe2eedf4ea6094a4898ed9c4c

/data/data/com.cherishTang.laishou/databases/bugly_db_legu-journal

MD5 2dc2d18e9e25fafd9eb244d1edb5b732
SHA1 bd434ed15a8a6a964452ba2ed02272e6ad59a699
SHA256 308fd1f3c251c96f05b12d2b249a48cd477dd4fc7ca48d1b3046c919b43803ed
SHA512 15f2aea1e4c1721cbbdb21b21ceddf7d1e59f37bfea9e359696487c4146a9f65a726abf95c059eef7e9cd1101695dc91de4c977071dc8d4f6a3524b834554bb4

/data/data/com.cherishTang.laishou/databases/bugly_db_legu-journal

MD5 438c16b7812d570fff8dd0340460c462
SHA1 c6cd4a870140b37a66831233f3f3d0cc48f63443
SHA256 137d1c4c9bcffd9586fc71cb232abc01fe99f310ce74f25a9812b5c3945d452d
SHA512 00bd4a85917a67f226cc19b7ec57113ab328888a6a7764ff17037fd4310ac4f18455ccf52c90ebfcf53a6f1a8983f8059acdc146afad2365fa917216056cca3f

/data/data/com.cherishTang.laishou/databases/bugly_db_legu-journal

MD5 7f8a2aeddd24e3e43889cce85a8daba6
SHA1 efeff3acf6351d9f89ab4e2340f67808a079d1fb
SHA256 e98ad461d03a857b8af6ee7ea4dc1d7f861b7c592f538f03db5fcdacce1499cf
SHA512 1e19e80f854d61077c82b2f58e2eeee0e3c8b93d03e929698e04353abd72d0931ea385193cf0c57f49b8dc822eb210f328cefde840b7abb799b3199656162f39

/data/data/com.cherishTang.laishou/databases/bugly_db_legu-journal

MD5 612d9f57448a06cf2437abe292b61683
SHA1 95cfa072eac57f554ee4162dec102613a443ea52
SHA256 05b3f8482bc780b72d74c8b7102bac2784ffb885996ca4e5f21c47b172c80c1d
SHA512 44562e2f43818111f981b20d776c203e588733bfb880f0239c5f4e70763a1cc0b5edd637f2a40fa78d8c269cda5cf8f83701a53c4ad5f9f1736200649f153eb6

/data/data/com.cherishTang.laishou/databases/bugly_db_legu-journal

MD5 dd4bde1719f08217ee91252cf8ebf080
SHA1 f1c55b5a4b1554477a49783fb270b44f9033ff00
SHA256 11161e994d5d5fb44ad0b9053576e6a197ac2041368e77d2568683fe4200485e
SHA512 8070c0afe37a1942e28a773e53f9e999ecf2e92183ba1b3e50283f1b1be37f68f7ab1be90b7a082f9b11ce73179ae4e747097f642ca7e19cca0ee94dc3e4e57b

/data/data/com.cherishTang.laishou/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/data/data/com.cherishTang.laishou/app_bugly/tomb_1717388915302.txt

MD5 bd0f8f8f3ad93fa07623422ec6e72003
SHA1 c3589295e7a4ddcf35bcd7a2c13bfd381783821a
SHA256 7fe875398dea7537a57a77c5275cbc8647aaf63ab6fd9148443b65df2e1d0647
SHA512 2ec3e073321262b667afbf98fe4e9f51e4c0c58baaad506b120239031f10699d699b94470bef13007bd6199df3d3b03f1eaf147c0cba5178aee7e267072b1c0b

/data/data/com.cherishTang.laishou/app_bugly/rqd_record.eup

MD5 45c93c3470dc5940190e4cd30772ef96
SHA1 b373d95c3a2ad1703e44b570ca112776f1b81372
SHA256 c275d31f3f3805d873721039a00bfb14fc357aa460ec90ea9dd8e602b0b28850
SHA512 e3f83b9105d702bc09f2ebf67632f9591fe2aacddd3e41f173965035bea17780819b2da620d266a92121cc2edc254e357bddf3973f0ffacbf4b776b6ef4c948f

/data/data/com.cherishTang.laishou/app_bugly/rqd_record.eup

MD5 031ceda44f7f82c53270c2fedca02140
SHA1 396166fe9ed36471c7859f2d13f5393c4d86d4fa
SHA256 d790420cacbabb2d0e453eb3039e062465ca9e2e5b276769dccff89d61966d24
SHA512 39e130ac2cac04ed2e046ea3332e68b63b71b319cea941668dd84cd8c7d233df2a2c43ce289d80b1fe72430ef97d1ad000b83d8ff20e71c468f47f39c320c2bc

/data/data/com.cherishTang.laishou/cache/tomb.zip

MD5 afe9c3417c8375d383366c2a77fac6ff
SHA1 11c83b5014c3e28bb67c95211e550c1f1cd5105c
SHA256 e13aeb7b8ed0fa37d2d7e705a5ea9a8adeebf2a06d4a5d1e6411b00dbefb85f6
SHA512 2a3373e2bf2a0874f9d7cec242f700e8edba722a51ea9a939feef22b88a0628addc310f4baed8d547935648b79d6d71a5c8f7ebfba9ff01ab2e0f529051a441a