85040f1ca529f8e8b40f465bb9246524c468d9847a2d615944530107d80cbb66

Analysis

max time kernel
12s
max time network
146s
platform
android_x86
resource
android-x86-arm-20240611-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611-enlocale:en-usos:android-9-x86system
submitted
11-06-2024 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f236e0d39f042b69f4e493b86061ee1_JaffaCakes118.apk
Size

13.5MB
MD5

9f236e0d39f042b69f4e493b86061ee1
SHA1

4a10ce8b471fbb2f783d269d7ae5a2581fc7dc48
SHA256

85040f1ca529f8e8b40f465bb9246524c468d9847a2d615944530107d80cbb66
SHA512

657b6979fa8448da1d8f11d7e3b4ba065354bb2664fb11cc3437cb624760d1ddac549b09331a88fe2ee9b482a5d5b74563c99363eb409d70eba39f3c16c6b4af
SSDEEP

393216:QJw8mGyA+tslOmaJ2yvIblwRhj2YuBj13SphzWp:j86tsYrUlWj2Yud13SL6p

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.biquge.book.noverls/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.biquge.book.noverls/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.biquge.book.noverls/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/data/com.biquge.book.noverls/.jiagu/classes.dex	4302	com.biquge.book.noverls
/data/data/com.biquge.book.noverls/.jiagu/classes.dex!classes2.dex	4302	com.biquge.book.noverls
/data/data/com.biquge.book.noverls/.jiagu/tmp.dex	4302	com.biquge.book.noverls
/data/data/com.biquge.book.noverls/.jiagu/tmp.dex	4366	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.biquge.book.noverls/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.biquge.book.noverls/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.biquge.book.noverls/.jiagu/tmp.dex	4302	com.biquge.book.noverls
Anonymous-DexFile@0xcc83a000-0xcc849e88	4302	com.biquge.book.noverls

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.biquge.book.noverls

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.biquge.book.noverls
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

40 alog.umeng.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.biquge.book.noverls

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.biquge.book.noverls
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.biquge.book.noverls

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.biquge.book.noverls
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.biquge.book.noverls

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.biquge.book.noverls
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.biquge.book.noverls

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.biquge.book.noverls

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.biquge.book.noverls

flow	ioc
40	alog.umeng.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.biquge.book.noverls

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.biquge.book.noverls

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.biquge.book.noverls

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.biquge.book.noverls

com.biquge.book.noverls
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4302

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.biquge.book.noverls/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.biquge.book.noverls/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4366

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.biquge.book.noverls/.00000000000/A3AEECD8.dex

Filesize
63KB

MD5
ed73a80eb949bacc52428b8d5a087fa5

SHA1
07e973549a2cee61ffeeb6439abc419cd8a489a9

SHA256
f0ead1ad60e0cc310c1a40685c28fc7a69aa346604552816c51dd3c1718a1e76

SHA512
4bc26c18ca3a2edfe38ca1e14ad1e1415268b4a69cdff3c0f8e2b8fa910c67c2e4bc4f32c21274e586e8e139122ea3dbde7ec507c4722b4a9a778ee2598090b8

Download Submit
/data/data/com.biquge.book.noverls/.00000000000/A3AEECD8.dex

Filesize
63KB

MD5
5061e4948844f7d366972ac8005e9f13

SHA1
a2b79a1c79afb095ddebf0f16a1f9db64482bcaf

SHA256
3aa6caecfcd101531539147e01382bc530b4fdc61e98937d63cc4648793c6a45

SHA512
223d18ce248912df18cdea3c8e864ea5e6ec058ca42cc5fde738188c54abcd260d7f24ac53d4987d3e32f4ae3e1e40e01354054d035bb100eef51b2d695f5299

Download Submit
/data/data/com.biquge.book.noverls/.jiagu/classes.dex

Filesize
6.1MB

MD5
a72d48bc8cf681f0292876a04f65cb5c

SHA1
45f2a6ba73846cfec59b0729d9061cd5d28876e1

SHA256
355cd559da64a3490374b1283af1e486f7c68b61c8136ff9c592d98a560d8f4a

SHA512
6868b085bec16b6f6db6d73c7801c815e8cdb455432f956c7b66aedd0b4ba494575458ecaf96e39a74e095e25fde88803f3f945459bfe3d9cd6a6cca4f5949c3

Download Submit
/data/data/com.biquge.book.noverls/.jiagu/classes.dex!classes2.dex

Filesize
5.0MB

MD5
e3e6b819aeeba9f228827945c5bbd4b6

SHA1
647cfd1a6f4e1ab6c8c378f79b80afacd97b28c4

SHA256
6ac6b69f1b8d8a9d7668a1689ff40248500149bb8841356b3f15eb4102c00de8

SHA512
9c31599e904ab3cbbf711af04e46f48cb578229b3643e3bfe7d1a1f7d8f295dd85a0a1d4cf6808cab6129fa4d26c441d60b90b8796905de02145f8e557d8ec1a

Download Submit
/data/data/com.biquge.book.noverls/.jiagu/libjiagu.so

Filesize
558KB

MD5
98736de515958ae37ae93a0a0e997098

SHA1
72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

SHA256
335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

SHA512
cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

Download Submit
/data/data/com.biquge.book.noverls/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.biquge.book.noverls/app_crashrecord/1002

Filesize
235B

MD5
019fca57eaadad566355b1066443b432

SHA1
591e894fbc490e5e998c90dc54d56184cd84fac6

SHA256
cf2f3a5e8b68678658850036a4b991a9144b366bce214267714c7793dde28bdc

SHA512
c95a32ab61eb59da187360b7f4b3e1b53bdbddef51d0e3f01b7582d3a799130049cae2f509b7415de6e14339ede6268f7e4aae759c099660700151dc1f59f6a4

Download Submit
/data/data/com.biquge.book.noverls/app_crashrecord/1004

Filesize
235B

MD5
7184c394333157b2a86da0ad821602df

SHA1
687365504b0775bfd50987b075ae1acd5ec3e8de

SHA256
eb0ce83263f124d1cbc3a7d26c0c0cc57ad34a55b8a23c3ea11b668e3d2ed4ae

SHA512
95b7a217eb85b8152e88924464596a762727331d630964b385fc063b2b2ed94287315b77b587d0ef97e507ab3a8e276affed6e744f3f1a25b721dbfa3486cf39

Download Submit
/data/data/com.biquge.book.noverls/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.biquge.book.noverls/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.biquge.book.noverls/databases/bugly_db_-journal

Filesize
512B

MD5
e17b7065daf79bf1a7c486af88340ca9

SHA1
06c60c91ba0b77c53e2a42b9695153b94c2c5478

SHA256
40f90f8709e402db7f8263b444dffb98a856ef0178b1f2b0bedc1b630fb85037

SHA512
2cad26c971852ab384fe83260f0b7c06be1e491d3d262c0e3057aa148f31c8bba4a21b66ea5ae6e1857e0e23522bac764a87e8736b8455cf654fb4746ad7bab4

Download Submit
/data/data/com.biquge.book.noverls/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.biquge.book.noverls/databases/bugly_db_-wal

Filesize
68KB

MD5
8b45870e6f2b5592ec2f37b81c61d35f

SHA1
3d1b8de99b7ac31e4a5597a49153bd4f9a23565e

SHA256
7bb4904e0883d0c6ef6307b3d3e5a1c7d3f1aaa04c8946c690daa3ce60f82946

SHA512
d4fb87ad75b80c5bf57d009e00533bda9dfa8855fc39f5e4f019809531039abb17b09212ece4143f5a9ea6afdcd96a0d34603e2fada77ffb58aaa9849bba7666

Download Submit
/data/data/com.biquge.book.noverls/databases/npth_log.db-journal

Filesize
512B

MD5
421c6211a0e24f99a120e3172076dea7

SHA1
fa144a4eb1fe0714d7c6ecea2d384b8a4f87a637

SHA256
dcd9644a5950bdaf6cb9b1e373db8ea318ff042245ea57d85ae55196d51e1ea9

SHA512
6bd6676e78cc05fd75e6e301fe666afc934f403d8bb803c1be44ab9e2c211901029d2754f31eb67d62cac4f98dafe527160ec269a0fd343df4c387dc1b6d81ea

Download Submit
/data/data/com.biquge.book.noverls/databases/npth_log.db-wal

Filesize
32KB

MD5
5b5d2ffd3db3bec6c19b2f889f9f9779

SHA1
a905c53535e01b44d57ab7aef2a8bb83fa724c30

SHA256
40208a78d01e9115b76a80dc5d1bec420b63a36a93636ad4e845ab267e256e4c

SHA512
e74c7f860702628bb7ec1067711c816f3ae94ac83c07af5f32825ca8526e94729f247b4633e328232c9066c3751c8369bf82b9045a7a50b7a37d0c317dd3e2f7

Download Submit
/data/data/com.biquge.book.noverls/databases/ut.db-journal

Filesize
512B

MD5
19084d9d32d0f9e902e31d9522865196

SHA1
967209aa49e7749a307f1006c3813438e572e893

SHA256
41e1a6b938eb317632f8935b7f56540678189c77f2ae546275e05fe2817f9809

SHA512
90b27fe8abc2866d88b180c6feb7eea9498573d2b5562338624a4abdee626757ddc42bf2ca7441cb80b00cd919a87114f04ebca6f6e23c39560f688836589d6f

Download Submit
/data/data/com.biquge.book.noverls/databases/ut.db-wal

Filesize
32KB

MD5
21faad36219301c68ebaaa0d184c546d

SHA1
3bf30f0d0ef269bdf4156c429b95731a571873b9

SHA256
c61ec48ae6cb7808c26fea7291e3bbd74e9b8adad91888492469a009f84b3695

SHA512
63b676a3de776ffb05a7c02fffcfcd540c703717ad0da62e1da5e5ae3a1bfb84eff3536f18bf00ca8dfd594ceddde4c3fcde1ebb818b4d42d8849308941881e0

Download Submit
/data/data/com.biquge.book.noverls/files/.jglogs/.jg.ac

Filesize
32B

MD5
29a95ff4bac131d3cc3b16214f78072b

SHA1
d720f80022455de110b1cae8bfdc0cad154af0fc

SHA256
5aa2cbb989e2a50a932c15f4253dcb2d62df4a5254818b86d2fc86a84571f789

SHA512
d5ce2e0dad1db153a98014f3c97b135aad070ae4d1c67fd0dbf105041b943c9fbcbc44184e319b06395235a0958e8a6e9d3065a00f89ac3e6604af70d2217372

Download Submit
/data/data/com.biquge.book.noverls/files/.jglogs/.jg.ic

Filesize
32B

MD5
6d978f8ddde91ad8df297d900242337a

SHA1
38c90f9c396912301105632cfdc76855dd34b9c4

SHA256
3ba16280c0f2dc67f47f584766b15fa261744cbcbaa9969efb1111cc46808969

SHA512
40f7bded1b675e51c1eea5984abcf185ab7395d152e9953f59a330ca1884a430ac54ed20a911c9d027236027bc8461c1cc0726d52756bd0317f1cf4986d17bea

Download Submit
/data/data/com.biquge.book.noverls/files/.jglogs/.jg.pk

Filesize
32B

MD5
65a52c40b03ddc80a44e3443e3a59cc7

SHA1
643b489988990f2014b20a84141ec3f0b034b356

SHA256
1cae044281a83245e8b95ac821f9da7edff520f0f378fc126dca7736a2c2c221

SHA512
408f0a56a1d7a6fcdea61bb8f815dc04147ba5ecea6829ab3d84bf7bfa77c4939874173358c2a1038246d268ab12c4d05e89979ed8878234c3c6ded52c3789b0

Download Submit
/data/data/com.biquge.book.noverls/files/.jglogs/.jg.pk.h

Filesize
64B

MD5
b11a68dcbfd6f916b8384a40bc487eff

SHA1
c94c3419884bdbe37dae2146f1b12179d89f6221

SHA256
76af2985a0aab0b03ce5c36dea6b371cae0eaa7a94f24202ebf85469fcae8c4e

SHA512
c9b369f259147eb19351d3d366931218ebd51313703da8e53c3c7991b5c3dadf7b5b1052c42a57498679c01ebe6a0db6c0f4a093e249fa92bc48cbe11729cdd7

Download Submit
/data/data/com.biquge.book.noverls/files/.jglogs/.jg.rd

Filesize
32B

MD5
309645c3acd89c23986608cbefc6fc2e

SHA1
ac72d130bdbca6a9b66d207f3e2ac1727399c197

SHA256
84470c48068cce14dc1e3db6f8b8b9a37a356b0c1decefc770572d0d58909d7b

SHA512
27f6615422c683f37ca08a3f84f29cda9b119bf8ebb3b773da0f3310f4f0df9f6685d114f9bd4d89e886887d435aad6c8ade25d3dfdf3b5ac86c9761a629cc82

Download Submit
/data/data/com.biquge.book.noverls/files/.jglogs/.jg.ri

Filesize
314B

MD5
8dc5eb0b7943b645978389c6c7915a13

SHA1
dd47f6fb466442976c59ac1397e864e40decb7fc

SHA256
907398fa581d139b788a855984531f164b73b2abd12497f0c84c490c207b20a8

SHA512
e8cb130c93f669cc27fbd996c19316121b7ac239ddac12358cc112e4f46c16883748da57721807c2be850277bc9ec01d2e9639cc0303b5dd48d42e7ec9dcc22e

Download Submit
/data/data/com.biquge.book.noverls/files/.jglogs/.jg.ri

Filesize
307B

MD5
bef54b5dd3b670e1da74fb207f82ef54

SHA1
3d13db9f0dd5e8ebfd73c9535c3fdfca3fb47d8a

SHA256
a0b5a2df4aa7b356f1794a74e6534d449857626e4521e9814c343366c62bf4d6

SHA512
e2bc27b6edc06b2e36ca6a7045d1e41e1c953faeaaaa94e9c115b6dc9ed5e9cba6e4726b1aa635f53a5aefaf053adb24bbccb044a336e44e337306bad5a48dfc

Download Submit
/data/data/com.biquge.book.noverls/files/.jglogs/.jg.ri

Filesize
307B

MD5
1039913d44a70ed43cfa00af50078b3f

SHA1
9632778e345350f117f401f2bf1a0f240bed27ba

SHA256
cc09e072a6396f483cd7e483473dc10b61662bbb664af4a5f689ba23f3e27f15

SHA512
00f344ebdfaf50662ba5f2f8d3387cca86043c01cba1be9b8627365a2d25d6eeb33a4aaf2bf6ee2bbc1e807f487f838f5f5269221958e84e038a880b0c3f5953

Download Submit
/data/data/com.biquge.book.noverls/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
d01765cb87b6382cc3b9c4e7dbd52415

SHA1
08a1a2041d14ae387a8c38642037da358745f216

SHA256
ee2c9a986f022b7078a7662e947f1d117e6f64e17956708878d5a4495c93ef62

SHA512
1e5e0c560a25ced84ea6ce15bd8198c53194ee297088f3c267c6a87b9cc7f016e4088937217b1c3b605f9890b51e53f75dd9ca7af4808b7fdc13e5ecb6375470

Download Submit
/data/data/com.biquge.book.noverls/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
2603f62e5b9bdac7c1130daf84c09cbe

SHA1
a420c898417b7e88ec90e09cefeaea61e78475fa

SHA256
7971c79d9da81b94bd65b9c27b9aff1b498b31b0533df2c45e6bb78c5ac91d39

SHA512
157251503c070acf5966d796692e9c352bfd363c95a967f215a4d28fdb6dfac2ef7de81e853118300117b6386c83621c3afceaee165c98914b93b5fd25e794a5

Download Submit
/data/data/com.biquge.book.noverls/files/.jiagu.lock

Filesize
27B

MD5
1e5f8fe5ca4f21b394ce7557f2a19b21

SHA1
02c961553af4337536c5328c6a060a50c6ce15b8

SHA256
7ffc685f1cf2f25175fd1c013c29b0675a55b4b70a6433c20fcc5f8ffd0644c8

SHA512
c7c80cd92cb584f0de20496ed4959e83048b3f8c0ab2532a63d633bd1104dddaceefd4e4dfbd555e6d30034360c042eb2f48f7a5171fd04fd530eeac1a6561f5

Download Submit
/data/data/com.biquge.book.noverls/files/com_alibaba_aliyun_crash_defend_sdk_info

Filesize
185B

MD5
e47f2223470f5fec847d8a556c5b84ab

SHA1
78d8dfd61e8a08800eef8010e7665645ceb6f3cd

SHA256
3f4fb3ab6324150b7049289120c6dd02b087fa80627253e4d9da1332307fa271

SHA512
72ad028bcb91d2dc5ee5fd657fb2d992293a86299769dc670243b1fd0882b611350a7f8950c02c95300893ea431c3e60091186b235f11957018a57fbf93d87e3

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
b91adeade59a27d5a841164aba96de2c

SHA1
0cc79c67e2115072e25c9f3812307be542d197e9

SHA256
f9596ad8e1c4e45e72ccc5b19dbf85e20b4c83477a09d487042c07fade308c22

SHA512
213ee13ef26f4605fc89b029b069c4f21f933596027ac43b6db28c57f83124b26dc5aaabc77979995d46ce9a8fc7c50d61864e9f8d91bb4bb3631003ebca6a73

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
24e7cd1491f1b0ce678e7f38d2e5462d

SHA1
4b0649dca4ec3b3389beb59ebdb2011e3091057d

SHA256
17e83efa7e04e288cf3cb0b6cefb828600458c7b3cea3f8ff9f5ddeadb3d70c8

SHA512
ad736583a8beb1fbcd48831a9617418003bb2b778d7638c29e180afe209683524b76671b9fd41b553a98c5197a12ac5ac61c47400db5a43225f36f39cb34a0bb

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
ffd2b3fb021d83347bdccf4cf20196af

SHA1
77fee3d16d79cb82799c4e58c692b4c247bd9733

SHA256
9f649dded95adcb5a26dd5a098ebd85bd2c8129b8b0661665606c9cdaebb4a6f

SHA512
7b7b244f2a07cc83778ebb2fc6e46264e76a39598dbbeb1f6b6f8bffa02dba810759b0b81e3d3b151740ccf4d629a5f65f4a368562e561d6cc2ed3b5e350d2f9

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
1055353d4e776b74d00ca3dbb93704f9

SHA1
ff924c6bafa2f5fce27214dca72230db199d431a

SHA256
fb79e383e1a31543dd4105464fec0e09b47933bd5dc2312c6e4d125483e2a030

SHA512
2bf4748957c5751fa6f5e3091dedce195995795ff6adb53e1581f2d16c1796837c2644949b959007eaf809a10b64f8a07be859b3e2d0a293a67332015fbe27bf

Download Submit
/storage/emulated/0/Android/data/com.biquge.book.noverls/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat

Filesize
36B

MD5
2e0ebf43ca5b6b5cf209863260362e6d

SHA1
d49f363fad573846fa793bca1cedec800127844f

SHA256
4dd77ba3c721d3f3a216116e1532f19809758784186cd60b733f45e6c287530c

SHA512
c8d6633b190d28bc8b366ddc9fe1ce9a7a2e798ead7bb036af129b58222bf423d6d392d17e63abb689cb6ed031ed865d6f3907d3ed72e05efe51b2db91dd6ac7

Download Submit