Malware Analysis Report

2025-01-19 08:07

Sample ID 240605-sqmvesaf6s
Target 987b9a74ebb1c1c7c4a63d1783edd345_JaffaCakes118
SHA256 fcd9e1fe740e58df6f733687ad6aef5e8ab8d8caab48717b1c8f018df4730765
Tags
banker discovery impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

fcd9e1fe740e58df6f733687ad6aef5e8ab8d8caab48717b1c8f018df4730765

Threat Level: Shows suspicious behavior

The file 987b9a74ebb1c1c7c4a63d1783edd345_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker discovery impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Queries information about active data network

Reads information about phone network operator.

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about the current Wi-Fi connection

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 15:19

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 15:19

Reported

2024-06-05 15:23

Platform

android-x86-arm-20240603-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-05 15:19

Reported

2024-06-05 15:23

Platform

android-x64-20240603-en

Max time network

152s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.187.194:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-05 15:19

Reported

2024-06-05 15:23

Platform

android-x64-arm64-20240603-en

Max time network

186s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
BE 74.125.133.188:5228 tcp
GB 142.250.187.194:443 tcp
GB 172.217.169.78:443 tcp
GB 172.217.169.68:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 172.217.169.65:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 216.58.212.193:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 172.217.169.42:443 mdh-pa.googleapis.com tcp
GB 142.250.178.14:443 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
GB 216.58.212.228:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.179.227:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 15:19

Reported

2024-06-05 15:23

Platform

android-x86-arm-20240603-en

Max time kernel

178s

Max time network

190s

Command Line

com.wufan.test20183063884216

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.wufan.test20183063884216

com.wufan.test20183063884216:lebian.base

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 40lwk1ag.vr.loveota.com udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.76.198.209:80 40lwk1ag.vr.loveota.com tcp
US 1.1.1.1:53 datainterface.papa91.com udp
HK 124.156.122.8:80 datainterface.papa91.com tcp
HK 124.156.122.8:80 datainterface.papa91.com tcp
US 1.1.1.1:53 anv3cjapi.5fun.com udp
HK 124.156.122.8:80 datainterface.papa91.com tcp
CN 106.53.80.151:80 anv3cjapi.5fun.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 pv.sohu.com udp
GB 43.132.64.26:80 pv.sohu.com tcp
HK 124.156.122.8:80 datainterface.papa91.com tcp
US 1.1.1.1:53 comment.5fun.com udp
US 1.1.1.1:53 anv9.ctapi.5fun.com udp
US 1.1.1.1:53 consolegame.5fun.com udp
CN 106.52.191.147:80 comment.5fun.com tcp
CN 193.112.116.108:443 consolegame.5fun.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 193.112.116.108:443 consolegame.5fun.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
US 1.1.1.1:53 domain.aishengji.com udp
CN 114.55.145.31:80 domain.aishengji.com tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
CN 106.53.80.151:80 anv9.ctapi.5fun.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 40lwk1ag.vr.loveota.com udp
CN 180.76.198.209:80 40lwk1ag.vr.loveota.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
HK 124.156.122.8:80 datainterface.papa91.com tcp
HK 124.156.122.8:80 datainterface.papa91.com tcp

Files

/storage/emulated/0/Android/obb/com.wufan.test20183063884216/sdkinfo.txt

MD5 c7c8d45e0fc1a2ac188f9b0a62f1a797
SHA1 ffe2c07fa6f7f6b99e9be07d89c766dc029b846b
SHA256 91bf44d0a10bdb192c372abd8362e5089b7da61c9dbb2dffc0d936b0f33b5caf
SHA512 6abc5570f847c76a8f091301c26679321be9e27ea4fd07d067227937b3ee7d1a4c6e0020e4bffa769ea0d9355604e390ca29d2c998c2ca49a9341cec57a54755

/storage/emulated/0/.papakey

MD5 c0a94a8f07c7ceae1dc98ebdf53e7c90
SHA1 4e3c7d0b57cadf465906c8d8895c953488d22cd5
SHA256 e18b41a53760e45a9dcc691e2dfb770cf98badfb20c9423489cec275052d9db7
SHA512 5276f79bb3d16caebc970b014ab5a8af8d73313385de9a7f5f473ef38364f2e14d682d81fd8421182523f09cf0ac90f335e18cd28444a9cfec29e0f807b456a6

/data/data/com.wufan.test20183063884216/databases/papa_stat.db-journal

MD5 5e26bd4b765516bc62e3c79ea2a5481e
SHA1 17873185e5d939c42d4a8929cd254334225afac1
SHA256 31bf31fdad335b7fdae0b5aba6e9c04c7ba19ab22b7c4513d2967f98fdc9a81d
SHA512 d97cca2030e403762ff7eddac8e3cdea28ce4a9f753f78211869cd0fcf722be2f2d0a1bbd013c0d4c1840c440468f3a0a3dfef9e0b1d86bd6242e9408b205707

/data/data/com.wufan.test20183063884216/databases/papa_stat.db

MD5 3166f8cb52c45a1332ea41d6ab94e5b8
SHA1 aff7dee287f4d4e5fa0e6ca55773b3ac6bdde4c5
SHA256 3f636427d297bf7be079eda728e3f8a6c878f3c3073497a0b7d82c27ea25cbf6
SHA512 ed076f9b955646d38ab405933593d598bb71a3c31b3f4fc2ed6838510ca980d99be457f9a9d433404c18d285f5f305734815312abcf26aa10fdbb5daffceb00c

/data/data/com.wufan.test20183063884216/databases/papa_stat.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.wufan.test20183063884216/databases/papa_stat.db-wal

MD5 9d9ca82cefe64ab29b6fd8dc89ef96fb
SHA1 bada02213fe3b1101c1c7264aca5059f87e3f7aa
SHA256 147b85efdeaebb70e9335415e49771f9a05378bef4388ee6e51b9f8af86b1b1c
SHA512 b0b37589e50ebb9c5383b70eec20c3c2ee3f2b4280b9c911b785fe2a45b783778c6eb4a9644bf5400bb5a4eb819fb1be0ed8cf38011175926519e57b9f9f4f8c

/data/data/com.wufan.test20183063884216/databases/mgdb-journal

MD5 57727ec46fa1b20e42122b5a861121c5
SHA1 76deb7fc115920d7d892dad7656e5dd255aba567
SHA256 05074c78eac015bc7f38c3db4ec40c919e9e496ffade74be619ca20ff9e0e1b5
SHA512 dce40dfccd1c6cd48fda61fe771f6cb6b018e70a4d71815a1f0b2fed7fa1c17e2d2d3505564416d19144ef168970571bdd8609926072ad73783f1c68a897074e

/data/data/com.wufan.test20183063884216/databases/mgdb

MD5 f19ad37702199ffbe9ea075d2e1f4418
SHA1 bdb621263c6319b387602e9f758832f02d7e49b2
SHA256 456d1dd37a67a3ec9c9373078b4a05a50dc0efff725da5ea9c8e24ff9cc0ee80
SHA512 ecc51c5b72c235899de2a3e3648b5c5de8c6c4ee78a9214c938a2a60baca39b8f8256f53a975a10208abecfc6b37454f2eddacbe1389f1e7d4328ca31877e8c8

/data/data/com.wufan.test20183063884216/databases/mgdb-wal

MD5 1638e89095417639e6d7afc007658eff
SHA1 7273db2687157314913e312d322f0453736b07e2
SHA256 8c58ef4158201d0738e503b7a46d44b0a4cc8fd6157a14b49a869704259f9bab
SHA512 54550ff9c362f486800cd1dd8d0bc0c97a667606a1a52e6f2e31e3036160dca303a8571c00b0f37fc49ca8df0181e42518dbc5529fbfacbc4c165ff5b2ad3dde

/storage/emulated/0/Mob/com.wufan.test20183063884216/cache/comm/.mps

MD5 840eaa01e5d03fffee257ed5ce4fba9e
SHA1 886bd732b29f6dbdd94b890a2b203c5a276ae773
SHA256 7648e772307acf936c331c4ea9d92872b1af6367cbf83f33f569ac204df65595
SHA512 b0a4f9238c4b60bec0cca9c72e551a702a95210a735bd8176c1d5ba741e264d2f1e885d65ed07a88086afd74f69c5e02a92db8068b222a62c6f56762a26b7d4d

/storage/emulated/0/aray/cache/devices/.DEVICES

MD5 ee6220ff537d6952ec496d32f27270d2
SHA1 c1b54295002c2d103c1c5320b5c31308b8fac846
SHA256 7e61c5c1af591b9b8a934d90b2611958955700bca4b5354d5eccedd9eb3d8b5c
SHA512 9046f9b0390b57aa41cc5b08795bdaf083c460471770ac6af7446f2556a8c0246050f13835785dd08ec110569340fb21c5965f8ddeb272b0af13b9a5195e57fe

/storage/emulated/0/Mob/.iew

MD5 d62b25791b9f8972176645601373ffbf
SHA1 03bb840c1867ffda55c486a53fc36a9ad95ef4fc
SHA256 2050f5a0e4bce2cc95fedb74e8438f87814131057ba93f8b5e175be144bd5ae9
SHA512 21de1d2fced190df5709a7444cc2300c850537aa91a26a2ddb6d87fe59321f54e1b96e616ad1462f41a1d73db837beaa36333bcd6b7e2be29dd25c261e29c112

/storage/emulated/0/Mob/comm/.di

MD5 70a42cba408700f9a6c01c7941a8829e
SHA1 eab01cc2c0671538795fb0b1146017dc099d0984
SHA256 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA512 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

/data/data/com.wufan.test20183063884216/files/umeng_it.cache

MD5 614400ded8f685b92cb7b13398fea439
SHA1 8df3ff57b604c1938822dd84e042104109771e81
SHA256 8ead907cd205757f8bd768e031618d485d1ab43be0e6ee33beb8eeed1df285fa
SHA512 3fd4494a1f537d8d6fee7937cb671da7f968bfc7e6675e91a10606aeac17754f443c1281ef50ca2464bdabdabc54f013b4e1aeb5384f7b8f265eb9c368defcc5

/storage/emulated/0/Mob/.slw

MD5 19402718bfb1c685a726b4e1d846ad98
SHA1 02a7e30044a67085f2f1da24e16e4ecfede65b72
SHA256 079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0
SHA512 25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

/data/data/com.wufan.test20183063884216/databases/ThrowalbeLog.db-journal

MD5 7d2f8178de23e0571b05c1f5f2f53754
SHA1 de82c13a76dd2146e53ceca056b77a89213e065a
SHA256 c4563a1c8217ed13e5d6a7c887e61baed9498ce1b3b4742ba8b0580ff050238b
SHA512 3338ff9890cb989fef720c3401a8e1769abee3cfb4decea85c1b4e1f8dc73df540e65dc6f80fb279aa32d47554943066bcd91941673b68d1d9ff4ca77ebc1b4a

/data/data/com.wufan.test20183063884216/databases/ThrowalbeLog.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.wufan.test20183063884216/databases/ThrowalbeLog.db-wal

MD5 4de1750dfcb300c55fdf4c805131c20a
SHA1 5dc988700c7c196bbb676d7d961f47a5405d0626
SHA256 f2bb909fe5d26566f0ae91cdba297daafa751cc6e7fe49828c5decda5ae01826
SHA512 8bcd20ded34d4fd977237deaab60fcea906d30092cdf6e6a4580578780f86be408f425a8fb9d5b44e27f933b8d6d7d41e15d081e4268ad2674af3bcb79469f55

/data/data/com.wufan.test20183063884216/files/Mob/share_sdk_1

MD5 0893c2281cdd5524505717f5b1433e00
SHA1 3ac7944efc9aedbe2a29850138cf68c5d63ef0be
SHA256 cbc83598fb00ebd5eef1234a828ec5ea6ff13919376205bd345ad818280af0dd
SHA512 d4a8aae5ec2fcb685158479f5fabc1c5e906d270ed5f00308e0f314a6a6fe7feb7e08866d8921e1dbcf890a063e4239ba8cfa8aad2d3437deb5945f5a03d640f

/data/data/com.wufan.test20183063884216/files/Mob/share_sdk_1

MD5 19cc3c1dd1e5abdf0fff5687e63dd024
SHA1 39f9bed7eaa70c1a4c13ab06a3fb3604b7d92e9e
SHA256 8d710e3ff4ae66c8a2a8dd20d59b79377c409701953c58cba66724b214886bfc
SHA512 306112885c64692476cac532ca47d0179b6ac0f153d7fc3ffc7665fc11a7e4ed7bfb1beeee755313c49cb43c9af60542753eab53ee39b105165812c5569da0d1

/data/data/com.wufan.test20183063884216/files/Mob/mob_commons_1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/storage/emulated/0/Mob/comm/dbs/.duid

MD5 d7169fd90624dabf58efd145a4669768
SHA1 1df041f4bbd8fca00002dc112243246bc850d38a
SHA256 b6404a5781e12bfdc9d691562247e14f51015ec2e7a7a0eb1511660643dc1979
SHA512 d7366ae23944473c15383f02d848d73d8f44a4920c6c79ca2497c68610c79b45fc9364f0dd0cde69ec74c01319cb8e1aa47ae7d3821655505d958e3e85e2f0c6

/data/data/com.wufan.test20183063884216/files/.um/um_cache_1717600877110.env

MD5 e9143ed09bce3317460077dbe8e14867
SHA1 14b74276dccc4963eda38bbf68c79255a933a56f
SHA256 681ebeadafc5e07e99923807e0c45c0f4a7facb431ee12957a3db811f93ff812
SHA512 ac5491a797e54c3badc86f2e1ebd1e116a4aea47278d5b4771cdc3f0034951f3268fa1bab0b8776e46cd1407677541310665c6b317f472f432e28c312c1502c6