Malware Analysis Report

2025-01-19 08:10

Sample ID 240606-b619bafa65
Target 99bf0892ee0c2e3e7e2262f016a187aa_JaffaCakes118
SHA256 a3e759fcece21e51dcf408cfb95e4f3a3c46d76c0cf7a08d2067428ee17f62a7
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

a3e759fcece21e51dcf408cfb95e4f3a3c46d76c0cf7a08d2067428ee17f62a7

Threat Level: Likely malicious

The file 99bf0892ee0c2e3e7e2262f016a187aa_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about active data network

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-06 01:46

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 01:46

Reported

2024-06-06 02:08

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

190s

Command Line

com.wuzhaiyigou.users

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.wuzhaiyigou.users/mix.dex N/A N/A
N/A /data/data/com.wuzhaiyigou.users/mix.dex N/A N/A
N/A /data/data/com.wuzhaiyigou.users/mix.dex N/A N/A
N/A /data/data/com.wuzhaiyigou.users/mix.dex N/A N/A
N/A /data/data/com.wuzhaiyigou.users/mix.dex N/A N/A
N/A /data/data/com.wuzhaiyigou.users/mix.dex N/A N/A
N/A /data/data/com.wuzhaiyigou.users/mix.dex N/A N/A
N/A /data/data/com.wuzhaiyigou.users/mix.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.wuzhaiyigou.users

sh -c getprop ro.yunos.version

getprop ro.yunos.version

com.wuzhaiyigou.users:pushcore

getprop ro.product.cpu.abi

/system/bin/sh -c getprop ro.board.platform

sh -c getprop ro.yunos.version

getprop ro.board.platform

getprop ro.yunos.version

/system/bin/sh -c type su

/system/bin/sh -c getprop

getprop

logcat -d -v threadtime

/system/bin/sh -c getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

/system/bin/sh -c getprop ro.build.version.emui

getprop ro.build.version.emui

/system/bin/sh -c getprop ro.lenovo.series

getprop ro.lenovo.series

/system/bin/sh -c getprop ro.build.nubia.rom.name

getprop ro.build.nubia.rom.name

/system/bin/sh -c getprop ro.meizu.product.model

getprop ro.meizu.product.model

/system/bin/sh -c getprop ro.build.version.opporom

getprop ro.build.version.opporom

/system/bin/sh -c getprop ro.vivo.os.build.display.id

getprop ro.vivo.os.build.display.id

/system/bin/sh -c getprop ro.aa.romver

getprop ro.aa.romver

/system/bin/sh -c getprop ro.lewa.version

getprop ro.lewa.version

/system/bin/sh -c getprop ro.gn.gnromvernumber

getprop ro.gn.gnromvernumber

/system/bin/sh -c getprop ro.build.tyd.kbstyle_version

getprop ro.build.tyd.kbstyle_version

/system/bin/sh -c getprop ro.build.fingerprint

getprop ro.build.fingerprint

/system/bin/sh -c getprop ro.build.rom.id

getprop ro.build.rom.id

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.107.80:80 log.tbs.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 124.71.170.130:19000 s.jpush.cn udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 121.36.205.81:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 124.71.170.130:19000 easytomessage.com udp
CN 121.36.205.81:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 117.121.49.100:19000 udp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 124.71.170.130:19000 easytomessage.com udp
CN 121.36.205.81:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp

Files

/data/data/com.wuzhaiyigou.users/databases/bugly_db_legu-journal

MD5 f711b944636e52a76f575ae3c5c70535
SHA1 3cfb5c435ac67457e2f230cf3aee04454dc90677
SHA256 1e3afc5516a2fff17b42e18cc14e60a2af5d13c97466f2942a77d32c27f2e96e
SHA512 ab61ae959f3528294ef5f9406921636dbc8742abecf5b02325a810bbc0ecfc8501f282a73c1f0c0a1d449caee798d48fcf761cbed01d5843b44a9a53c9c84f39

/data/data/com.wuzhaiyigou.users/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.wuzhaiyigou.users/databases/bugly_db_legu-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.wuzhaiyigou.users/databases/bugly_db_legu-wal

MD5 f9da71276b874dd38e12cf5df8c9c550
SHA1 4d0d8c64bc368f3a2294315d8f08d72069fdd5fe
SHA256 b520165ba6e046fc78f9b35b2bf45be51bb2f8bf8bf2e910e55261e811b1d487
SHA512 6aa599eff084f4a105432c1ee7069850560b6dec9ed1478d84927a50a8d827f53282abaeac9b4c441ce4af26b3e61875237f4209e66710ba8f5e86efa66dc94a

/data/data/com.wuzhaiyigou.users/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/storage/emulated/0/Android/data/com.wuzhaiyigou.users/files/tbslog/tbslog.txt

MD5 21f232ae00aa5af3a680f1a260613ddf
SHA1 143839c2be3ac5589bbbe508afca6891a33f2034
SHA256 cffb45f80a18817d61ffc6469b383b66a2236cdb0b5261f38aa50c414ecc2971
SHA512 49e97e04394cf0c08920852fcd435da04ca9eb27085d3a9091aec53fc72445d070d77d17f0fcd148a46aff8080165dbf61baa73f85e52b86549bd54e5f997760

/data/data/com.wuzhaiyigou.users/databases/bugly_db_-journal

MD5 4ff9feea07afa1dc503b081c2412bc67
SHA1 545d7b874500416cc7e7e705bbdb0881efc4780d
SHA256 62dff12a5d06ae611e66a6c54c046f754916d49a5fbcf8245592486e420a895c
SHA512 ac38fb0fef05f687c0d060de718034c9566cba35b130d62fa910d518f9eff9fc4060b10a93e0719b6ad2e2f0c9c58a5a5a2f4460b4c6db8f5c1e50861fcb32ce

/data/data/com.wuzhaiyigou.users/app_crashrecord/1004

MD5 81c1a0818d558cdac12a3512bdc9065a
SHA1 f5ddfcdebe8ce98709a9cd74164cacf84ce3066d
SHA256 22016c84e41679f33a0cb648c6fd5818e63b5dfc285bf1fbb3a60b7f83a303f5
SHA512 b8c1443f9ee8adf11f00fbe5ba191407c362c77c81aa06c0cdc227a7c497a4f305d6a6bd0135d1ebd9b4953aa602bc596f285ec4878da4d380287d02b0dce6f2

/data/data/com.wuzhaiyigou.users/databases/bugly_db_-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.wuzhaiyigou.users/databases/bugly_db_-wal

MD5 b388c71c34ad95f3d3428484ecbb121a
SHA1 9ec459d09e96964653b831edb159784599ac909d
SHA256 191d016243f784e168ae975582e7551f4a83d5819507a8a984f9baf6a1c92890
SHA512 712680e210d9844e94e89c18555147b299b98c04d49b695e2352cdb1c83badd3eae6f9e06c64d4c671d5550496fab1469a1f74b051077b7095813503efb27542

/data/data/com.wuzhaiyigou.users/app_crashrecord/1004

MD5 6a202ff147cb12918207434cdf285ebb
SHA1 8773e00941e5c0ae62f47ab2c971bece30e05b34
SHA256 6af6690a98a5c182e2204b764216d8f96b3b610c4aca684fc12a079bfbc52d84
SHA512 844a934aea2f710c53ffaa951e8822e9941994d9eb35f0b72172747c5cf295bedff4c3a16ce99d5904eb0b2eb9160b936f1b7a89cfc3df528869e116678e486f

/data/data/com.wuzhaiyigou.users/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.wuzhaiyigou.users/databases/bugly_db_-wal

MD5 82cfab44f58d16c846560e6e1f11acb0
SHA1 21f32019accb0bf916c6bbddf9f281e972924e10
SHA256 c537871ab54d8d72e9ee767efc0908f71104f7a1dc2adf21a2a215a2984839ae
SHA512 a3e06b71e3d262b61aea175cd0b91c57f3d1977bb7e2772b8648c97405c77a48843b8e6fa2cb66e8b962ed15b36efc7efbf7a698403d51f874bab375748a0b88

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-06 01:46

Reported

2024-06-06 02:08

Platform

android-x64-arm64-20240603-en

Max time kernel

14s

Max time network

135s

Command Line

com.wuzhaiyigou.users

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.wuzhaiyigou.users/mix.dex N/A N/A
N/A /data/data/com.wuzhaiyigou.users/mix.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.wuzhaiyigou.users

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
GB 142.250.200.10:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp

Files

/data/user/0/com.wuzhaiyigou.users/databases/bugly_db_legu-journal

MD5 6c67a3af78a9d1450f83da9580c4d028
SHA1 20b53562f5c34b0491055d2d040f0021698dd0c4
SHA256 7efdfd34963f52affcb9f88f4876296edcc42397aff24955a78823a073713b94
SHA512 c8198f26c113950aff78a31eddffd7f258ad76124ebffeccc729e889113334e514a518fa039888ae4d2abea2667f7ffc47dd05192d29686870ae8abf8bd3220d

/data/user/0/com.wuzhaiyigou.users/databases/bugly_db_legu

MD5 47a51a99fafdd7c91988014ca3a62482
SHA1 162c6dc0fc73c004f329c9a90d20de293a641532
SHA256 774bee6528376f899148a85c63f85c4bd1f76904b8688bffdc1511d63fecadb5
SHA512 d74ea7d76ff7b284e35623e2f59a6400ee26bf2e1fb44f2403fe8dfd43aa90fc202e3f5b4d9d2b404d05005b544006f6650a416eb29d335a9ca32d4865888c9d

/data/user/0/com.wuzhaiyigou.users/databases/bugly_db_legu-journal

MD5 0b090c01b9bf229a4ce78a3864a06edf
SHA1 8cc21ec14e28e0f33cb8caf01daed32dc30a9987
SHA256 c969955a0b5a0694a40292365446bdc9d33e4750923e681a1dd0f779e39e8b8b
SHA512 4c543511364fee78e827aee2e82ad39a44a538cbdb61f4456f67ad855d79a23a4721ecc74a6867f1749d0cf273768969d17782eb829080fd2559ddcff41f562a

/data/user/0/com.wuzhaiyigou.users/databases/bugly_db_legu-journal

MD5 6f1e0c5577e211bc06047753db1e61d2
SHA1 df4df122f14c1b747018f54311dc65f50a8216ef
SHA256 f5738ce2e4cb3b17f6e5800cdd37f8865005cc71aa2014bea040b646d4720dde
SHA512 7fcf828accf0977937b8c51c7db14b6712cca51aadef2821366fe3d9afc923b6a03f2927f2cc7656b404d34daa800fb2f2ca05bda0559c1450b57866897ee89c

/data/user/0/com.wuzhaiyigou.users/databases/bugly_db_legu-journal

MD5 4b11967eec8f88113c744a37996007be
SHA1 588f722a13378ae74ae9f3512fd42b0a5297daca
SHA256 f8832049f3d6c9dd6964c088d5085e6db11a769e333eeb3db2553323ea317158
SHA512 076ceaca2b50b855cf08c8da17d61b01e07877b2edbca875a091885178715b7c5784a217c0233c99fce4a46e9759e3655d92124c0ccb087ca86181e44c99a3f9

/data/user/0/com.wuzhaiyigou.users/databases/bugly_db_legu-journal

MD5 a1d392089995a950447e22bc7c9eb9b6
SHA1 b366329ed0db5a01e2d0aed9d43302c678ac09ef
SHA256 feac1f1c2fa89a5585e5e0013f646eeb7596a3e673a9e141e0c1864b8e49cd92
SHA512 4f8e3f29aa7b7dd4941736861133bc2846b70b577d524290b51b72eb91f2785e3a361da5acc70e441aeb5b38f8738e90e8bdf6ad1bae334c3882f7ab3110d8ba

/data/user/0/com.wuzhaiyigou.users/databases/bugly_db_legu-journal

MD5 6b73976849e22a2abdeb252b3669b48f
SHA1 e13754341e3be04365f807c2b7070c9859dc69e1
SHA256 134a07a3c8f9cea9a5840d04f594ff272e170158e3b15c54d3820614437ba3e2
SHA512 676a8afafbc47910c1f80ce63dccd3bfb44d041d28de948bf5ba8e4773dfca45c797db61d5a920e2d9e8ccf5f3e1843c083b2d9b2d87481c56b3b13242ea1961

/data/data/com.wuzhaiyigou.users/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/data/user/0/com.wuzhaiyigou.users/app_bugly/tomb_1717639524211.txt

MD5 168d5fe9ec68c6983edc06f824d35972
SHA1 e91e54322dd8c50f5064122ba904dc78b8c4c724
SHA256 852764524e60d65dfe7f93df37338e00c426bb646e37b7cc16b0a2865c8dbaa9
SHA512 338160e34b75887444bf229d000710e4d4265be5a3c6ab38e6035be893ed40537c31cbaa47f018818a646db192033d06c3868973174672270be9274172b08cd4

/data/user/0/com.wuzhaiyigou.users/app_bugly/rqd_record.eup

MD5 e8ee93160425629a7fd20ce2724c6095
SHA1 77a331edbe3984791989b8f85e750f2efb179bd6
SHA256 d869b5e7b846e2011110de4424c3526c09563f8ba01c620e3cb20ac659fd0887
SHA512 88340d5c6473f7695e871b9d8be7f44909bd1af9e6679a81ffaffe53580b61334fa811be30067ef963b5346d728df5472aed23dd0ee1515ab27c7a5cb041b77f

/data/user/0/com.wuzhaiyigou.users/app_bugly/rqd_record.eup

MD5 4070f61ffdb0d5a467235fe79089eadb
SHA1 794e2a596f926291ca126d6153c595d4038f03ef
SHA256 9db9efc871e05fc4c114380c4c1a4f85c03cc982a3eea5ece14a77e5ee45c2cf
SHA512 8c7ecdd464a739f568e09665c5dc9c264fd22e52f49f06df56536355e2e78f0146d72bd1f9e2e06b41084aa5bb4d9586abc0faa032aeae7e9860f569eaf2598f

/data/user/0/com.wuzhaiyigou.users/cache/tomb.zip

MD5 db9535417fb1f65b0e15dd2fdd90d6c9
SHA1 00dfc45062a5c7f34d7c0b23fbf32b0af3390a2a
SHA256 5941331f8a6012963c54b3cb0430455413c044107a4eb5ad0a434214b55b6ee3
SHA512 38d32ae087ac30459f4989b8d8f29c85c91fb171bdfc360890a7a9b8b4442e42bc3084f3734c4e9bae54dd05a8f2691fe5036a3e54400eb36ca396c39799055d