Malware Analysis Report

2024-09-09 16:02

Sample ID 240614-vd881ayfkc
Target aac4489fb0cebbd95fca21df4b1bcfa1_JaffaCakes118
SHA256 c35815838054f73a66f1b55b78381ee51b58bda5d23cc521b29fd500252d13bd
Tags
discovery evasion impact persistence collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c35815838054f73a66f1b55b78381ee51b58bda5d23cc521b29fd500252d13bd

Threat Level: Likely malicious

The file aac4489fb0cebbd95fca21df4b1bcfa1_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence collection credential_access

Checks if the Android device is rooted.

Checks known Qemu pipes.

Queries information about running processes on the device

Checks known Qemu files.

Obtains sensitive information copied to the device clipboard

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Queries the mobile country code (MCC)

Reads information about phone network operator.

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 16:53

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 16:53

Reported

2024-06-14 16:56

Platform

android-x86-arm-20240611.1-en

Max time kernel

161s

Max time network

182s

Command Line

com.dcloud.leisum

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.dcloud.leisum

getprop ro.product.cpu.abi

com.dcloud.leisum:pushcore

com.dcloud.leisum:multiprocess

/system/bin/sh -c getprop

getprop

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 nxs.lyw111.cn udp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.107.80:80 log.tbs.qq.com tcp
US 1.1.1.1:53 kltdo.dibaqu.com udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp

Files

/data/data/com.dcloud.leisum/app_tbs/core_private/download_upload

MD5 6dca0e70fbcc91a960d2a101ad7cb70e
SHA1 035003fc12086f33b557adca4b8497bc26e2ef3c
SHA256 ed5ecf23ce521f563cdbc4eb5eae0803caec2cf20b773dfcfab3bc38db949741
SHA512 e7eaf508c28b1b30a0b19abd07c9ba0b6ba2b1c45ed062b48d01603fc1ef24295933198a71393fd41c24009b4246918bc4d566422261846cbfb5ccc8aeb839c7

/storage/emulated/0/Android/data/com.dcloud.leisum/files/tbslog/tbslog.txt

MD5 1071df918cd1dc24f37bec0e68befd56
SHA1 52730de0544eef68be331b884a3e52394f25a56d
SHA256 c5aea49826666a0243f049dd2ac05392a12db8a06f28181a9e980916793cee6d
SHA512 16a01798a307d735d74836f8b42b92a61452c2a736319939c22be7dc2a082bb69a01c6a8d4beb066c9097c50e514bc07cda78c6b83db52c2e3427c04d68ddebe

/data/data/com.dcloud.leisum/app_tbs/core_private/download_upload

MD5 787eef0f0e5ac196e6605b4fb1876c9e
SHA1 ea5a9bb61a361d805498a7d02bb69b9aecbec562
SHA256 892c29b8451526b17f092f33a6a2c85945362dc065792ae655230f0531fd220f
SHA512 4e045174171afa0361fdbf71432274ae2dc22391854315f9cfa5a9c3b5564c7cb8dadc7439509e36ee76aae0a0a5ff4c153078b97e6723423a80a52996d729b5

/data/data/com.dcloud.leisum/app_tbs/core_private/download_upload

MD5 dcd4e666b81ae4b207a71dca118505f0
SHA1 960b81e2d073128e96b22f2a1d7eb4a9cd91f54a
SHA256 1f0b0b32dcd7be8bf61789835adeafcabecf6c4ba4c46cc30bc690b17dfe9547
SHA512 e29d6f9c497656b254004491a853021084c214241782df0ea821c5bc025c93ebd83616345131f3651f958f4d1701a3c55555958d794848b8f0c1d97bddf1f570

/data/data/com.dcloud.leisum/app_crashrecord/1004

MD5 b124f095e3aa542a8070d6ccf39c9711
SHA1 7a7462ca71112bfcef57d14bf367d91718b26fa0
SHA256 24efb09a3aff9077ac0e2a9a7c0ad15081e29b2cdfd7b6cec10116b4abf8ca84
SHA512 86430d203c0ce430c4bd23e9f70b0ea6e5154cf63726355f9b97e615f07aab38812dafd182d9aa0f568a8708b0003723fd342a489f96b417f7342f085ca35c56

/data/data/com.dcloud.leisum/databases/bugly_db_-journal

MD5 4d1ba20bf49cea96444f55b0b88f396e
SHA1 9b6c09d38233825347b5086fc8174a6126aa1997
SHA256 88ecbadd8728218a87418686abfb9247e66e07f0e889888c300d10171a4c597f
SHA512 a0ab4a642e8d988d098e2c1c9a525ec7322387a18262ca77b3e3b0f5a8375e80495333f23cf4f77a4fa4d46f47110fa0f8a12ef55b33bad1ce337de567d964e3

/data/data/com.dcloud.leisum/databases/bugly_db_

MD5 ddf341f3ffc3e0c1488efc23a3defd48
SHA1 79fe21ffd6f7b429b0d380b4cacd2ba1bd3ddda4
SHA256 83b67ef45cdff7ed359025143129e978574c5c2d7503abb3041f7022719fc1f9
SHA512 e9769563c68a45313ff4ecb98d76630b2d85b656d8d4538f63617785e58117c96441e504688543047d20a11e837006c79000351c98a152bc8a3f2ff55d20d70a

/data/data/com.dcloud.leisum/databases/bugly_db_-shm

MD5 4e8994d4beda752e9d28c1d44f678185
SHA1 c358a00bc95882ef1d86ae8eceb90cc81a69ebae
SHA256 b8930c6adcfbcb867f6b5217c15eaa296c8f685e4273919b87994cc42a016611
SHA512 e19af09d8031e1a224e6da57bac1105a3987c59e06d9c81f8d6a1a18311b083fe525426cb96dc2f87632c8cbe3d18cd46e239bc7d548ada5126aeb0008ea0263

/data/data/com.dcloud.leisum/databases/bugly_db_-wal

MD5 f769eb488ac276ad5c524492e49a064a
SHA1 12795a5c027a80e0f6f6cef054618fd91f547b02
SHA256 a76d8ba44adee89c63cb70f38b59bea4ca789231745fb5edf98428a46e9c21c1
SHA512 b441889d8a7d97f8d6b9c6dd825b32db77be9854956e550ffa2fa221b7de359f413e89946131c6d35a994e8fc388d7d205f298c564067bafbdeb1b8946c48ed9

/data/data/com.dcloud.leisum/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.dcloud.leisum/app_tbs/core_private/download_upload

MD5 bdcace5b0aa0df5147aa840020895c9b
SHA1 f0887436b333145e98fe6d7df636f47f35e82067
SHA256 b500efa89cfc3159c08a99928a161655e683433c88e21a635e762a68aeab84a2
SHA512 f1c23edee4625963cfdab2e2a497241aa024dedb33518c58555169ce027411fee4bb90d3f2fb208eebf2018427e2657b91bbff61ebfabc045b26d8775bb7630d

/data/data/com.dcloud.leisum/databases/ua.db-journal

MD5 0bc00805675b873a0a1c09128265ceda
SHA1 7fac7442ad389907d292e627a5fb02bdd112af25
SHA256 4e78b77a494886e64350e3ca5fe7a4dfb71ecb32c58fea65bf7efd80e8a420c6
SHA512 58319c4acd46ccbf3c8dee433c41aeb4643d79ed188dfbdc79e95c93e718b7599ddce71f1431de08a7285fb3b8b856dad40831df1a4d563247638b3f439c2089

/data/data/com.dcloud.leisum/databases/ua.db

MD5 0adda9c85a5e4808f5b1b74c0a8591a5
SHA1 5048107883ab1e345af9cf2e6849ce46e0e612bf
SHA256 1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1
SHA512 646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

/data/data/com.dcloud.leisum/databases/ua.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.dcloud.leisum/databases/ua.db-wal

MD5 a4a6b0f35ad0b10dea32672f17973a33
SHA1 b0484db1ab16a0f67697ec70e68293902eeb9949
SHA256 f67b3bdba35c4a2d089a93b4dece97241baa26914654c94a42cdba2d642dcd08
SHA512 208cb576a556db05d52bba4a4359bc9a5d464812c14043113b28d91e143fddda4d41d821a358b7622b39727ccb8bc5b7e1feb4963fece7c41cb30c39e656be9b

/storage/emulated/0/data/.push_deviceid

MD5 1e7e6677d449f9f492ff3d63f9c8f26b
SHA1 1c5eb8c2e7f2da4a2aee7983e589f084db3379a3
SHA256 a45a92dd46383a61e910ccfb99a7ee54dd6b2c75c2b8600c9ec6c876d6c94581
SHA512 f16548ad1e86a9fbf293ff003feb1f3dfed2047d9c252b79b009f9c960a72653d883ca8c9bde250bab313eee1115d8963d959e8bd34252064ce1ea424e7d3a7a

/data/data/com.dcloud.leisum/files/jpush_stat_history/active_user/nowrap/00eec339-bf5b-4205-9e41-e688c479d213

MD5 925746ca0b2baa99ca5fc2964fb5c76d
SHA1 c04b27872f9a265c9c6a23e81f52ca792cc2cc32
SHA256 6f0f3065677e3bfbe68eff1983471c25763e477ff6ee954772b2982dc5a013f4
SHA512 f5f952e2b0be45cb94a13fa4df665a9c0e95212ddd265d8b7508801bfff98bf4a6080c5fa64bb3a6811d24a5abb74955b1d46c30ee4c1df96283179757ac39ff

/data/data/com.dcloud.leisum/app_tbs/core_private/download_upload

MD5 ed8926c8cab8a2d0bd2c0203246347ac
SHA1 c83748da19982b31a5112a823bde0fcdae477125
SHA256 7f86ca65af28f1c346b9e2cf4157268c635de4963fbe132ee87cb0473cd2687b
SHA512 6cbe3d839e6e214ea6baa79c6b1f7dc1164cb3d10e1c3152d2e11f7ca357400b5e1184bb05bd11f32016d2575815c477bfdec95a1c387e768a49808230fe242f

/data/data/com.dcloud.leisum/app_tbs/core_private/download_upload

MD5 4c6a21094054edb673744e670f60af88
SHA1 1fe07b28d1f43784a407c7590a1d4cee39488f3a
SHA256 0a2876bca5a4df47fd2c71c965c46e39ecd8e1029f18631edf94863f79ec8e97
SHA512 0da65632e9f33a120ef4b32b1ee59288bf6294e16db2353624b6096b2c1420c9cb70117ce72e865c350caf218bd56651a973887826eb0d0004866cba612708a4

/data/data/com.dcloud.leisum/databases/bugly_db_-wal

MD5 1a142669cf4c5c3c2805aff8daa269e7
SHA1 c5e5c10e1ac58b3a2a039cb64dc908d1abaae25f
SHA256 87e94d60cb1abfb54813ecb6400564bfdcc7bf6682fd8196744a7c574fbfbcc4
SHA512 bcfbae61efd588bfde7a02122db2482c10a147675ab03b61c379ece9f6c45f891d5007ffbb16488d4a15bcd20c91963754d82029dedd56a09398acb05225ae8e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 16:53

Reported

2024-06-14 16:56

Platform

android-x64-20240611.1-en

Max time kernel

161s

Max time network

183s

Command Line

com.dcloud.leisum

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /system/bin/qemu-props N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A
N/A /sys/qemu_trace N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.dcloud.leisum

com.dcloud.leisum:pushcore

com.dcloud.leisum:multiprocess

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 nxs.lyw111.cn udp
US 1.1.1.1:53 kltdo.dibaqu.com udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.187.202:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.107.80:80 log.tbs.qq.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
GB 216.58.213.14:443 tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp

Files

/data/data/com.dcloud.leisum/app_tbs/core_private/download_upload

MD5 2a471538ce5fe23c712ded7d4b7cfd6d
SHA1 f1ff09deeea78272405b68d72c34fe6ad1c5e5f1
SHA256 f52161134c371352977315f12241ffcaf82206b3408ebfe6e630189363f5e0a5
SHA512 4371df5b71fe1b22a9195e71f779b3b810a821d78b17926a50757819d1a1faa40df70afde83cd04d5c46a2c3dc89a5a30e81abcca567dfc3b7b05b0949286020

/storage/emulated/0/Android/data/com.dcloud.leisum/files/tbslog/tbslog.txt

MD5 30fb1e48bef935bb0815145c831a0c5e
SHA1 06d3e9d0d5ee7d377a60c2655e549c9ee6ba500b
SHA256 0b2faf696b0410144c1fab18b713448af29e2ac275b9b00c6d72a5e11b63e275
SHA512 650aa6ed33dca7e09c42f50ef77073c5f8f48898509b35a0aedcae4f556ec029f6756dcd504723878f630a5d572ea67fdad43f8efe044d849fafe40df2f02b26

/data/data/com.dcloud.leisum/app_tbs/core_private/download_upload

MD5 c8084959603d5a0b7d1f7dae1f1b8f95
SHA1 64389af387ef85f2124204e3e91753e061455896
SHA256 05cf232d032c7b961646db23cec055ace912cada8b27b71dbfab953c26259cfa
SHA512 c4ad2d2cf37a7f35b3abc842a88fb81799ba1f5f82bc2c59f018e80bec9f25e5efbb937ff0b249072b38cccf2866e4f778d114fd98d357c24c369423e1f91d9d

/data/data/com.dcloud.leisum/app_tbs/core_private/download_upload

MD5 4c842e098277e31a3a81af9c740c3788
SHA1 667fe4eddaf24f92be111280918c1e3987e5ebf8
SHA256 ae44b6307748716e8009f784d1ae813c33142c04b89a629a58f93eba46632903
SHA512 5594ca10f438773ab394b8eae44900d90b2e20d77b25b9a70a6091274147d654284cba55f3ec38b4a19b9db12f131632146dc7c658f9def6d8b9fce5dbdc80e9

/data/data/com.dcloud.leisum/app_crashrecord/1004

MD5 131daa96a844739a88582a6ce1d38bed
SHA1 ba9f17610cafa4f6a048db14661f2b53c62a2c76
SHA256 b4d3fcd03e2a26be533e7903ebd91cd662d0364879113d192b817f37d7600cdd
SHA512 411d13feac41b9d8eea1b9eff2e94731acc11040e362ef9ff8d68386cf734c4a9ce7fbf3d06a8ef670d9ca9f3dd4147781aded3d6561801428121956bd09c8f5

/data/data/com.dcloud.leisum/databases/bugly_db_-journal

MD5 81605e2b2ee7e4c94f3643453cffcc56
SHA1 a3cc5fb051e39581fdf854bc50200582e813fac1
SHA256 5f7e25c8baafb84ffc71e38b32c1ad83ba49f8e46019940af564b9d256b9cea2
SHA512 b89ab0fb98aaf2e5848c48e3b137cde1ccdba9f226faa2d5d54f2d235bb30bd7a16babbfec618535fe2635ad02ef3922fa1730810d271da7ca6283dd937609d9

/data/data/com.dcloud.leisum/databases/bugly_db_

MD5 4220370c63c394d0aa4856376cf20a4e
SHA1 9b9d3ae867f192a90a40eeeef3a2c5b9cf6eb183
SHA256 2102c04ed8c3d3a0f4ed31f05326013114ee8d50d28f67c03a2c71537017e157
SHA512 07f1eb46f7e9c3e630b79176862c8529d7c3d5503b9185ff030fdef2d35ce33749063f43fe476db1fbcce64773d0fd9091e4f70a411ab40730654182bb7ffb9a

/data/data/com.dcloud.leisum/databases/bugly_db_-journal

MD5 4541ec1fb773ddbd874d9e50070dc2c7
SHA1 79b7b1f6dc7ae32e5380e266c1ebc3be2ef9c2f8
SHA256 579119ad3f1dd060df38c008964d8b8a56063e1936296898f0e7ffa7c8663400
SHA512 e880324969f75052457ba0fef5653033d4d3f26c892157ccd9c93bd113746547eafc396b5f6c47428ec44feed5daa09b3fab7f8014a700e1f2139e5ebe0fae8d

/data/data/com.dcloud.leisum/databases/bugly_db_-journal

MD5 ef00cf0429690c311658c3ae9b6fc555
SHA1 7df8dc8194d7d16d99788170f46170ffb7a6a859
SHA256 7d5ca67263de28a4086537d4a071b3e653338be9d6502d9dffb9059dcb66a15b
SHA512 f4293505b1208e561ad85b93a3bb2fc3609ec1d4e0c6e0cdc04ce15f381eb8b202de1321b18945297be480d5a5da7f193f0e3e4089b49a8e9d0308065334afaf

/data/data/com.dcloud.leisum/app_crashrecord/1004

MD5 077871227c2d5d283ecde41a4e0a0af8
SHA1 42cf20d86d0ade281de20f72e7a88f0b7df696d7
SHA256 55dff61855bedbd3838da26d6acc95d5ea5c9c274d337f3d545f5e7abc0bffe4
SHA512 eedb8ec486fc7d293a7793a95387e86813de0b1725b60caf6e4eb38828a1b05dd748244a0061a00dca1b221234e142440d8d8557a0070a717c812ecb70a99c32

/data/data/com.dcloud.leisum/databases/bugly_db_-journal

MD5 f423fbc58171144e0fe03da8c1b7a7bf
SHA1 51e13cd5fcd900a621605a1d7526cf0e55acf448
SHA256 a9c16575d25f4ece85f596f6d0210ef3dd3abb8c116966f35e46d262bfb17af8
SHA512 bbc178e32c8d67b9ab3391ee4247c2336ba4b3f416d17fef121be7677f5dd8f1d74f29a2a4e720ef36f7864fb4aecf48fa731a08402dd989b419f4906dd262f5

/data/data/com.dcloud.leisum/databases/ua.db-journal

MD5 6a234579ab166535ffe7486791ab430a
SHA1 cf4027b448c5cc64b2cf0da5c8e8363529bab9fa
SHA256 cc48dd3fd5af554f0c28dd57d7b7a48155bf07e3a45e7a9f3e5388e6e5e6a1eb
SHA512 38cc748fc450dc3efbb6e0f0dbc1a1be5fe5dec90c2d04c2921c519e0be909c8a219bbc2007af3f2dd77f48d721b63c15893fe6d476c61901ff284a064642be3

/data/data/com.dcloud.leisum/databases/ua.db

MD5 b7036131b84bdf2b66c67fde18d62308
SHA1 18b1e5a358d68c846495cab5cfef7c6679659093
SHA256 c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295
SHA512 256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067

/data/data/com.dcloud.leisum/databases/ua.db-journal

MD5 0477e6aab26d2eaf721db10c5322e01e
SHA1 9cd772a34b1282241f76b77fa36cd582b95214f0
SHA256 57b875477061c109e8653c7db162a96016b1f980b986f0d12150d2f357e48aa6
SHA512 3f0be1c4cfc0e16c3aa1670f9e6607280670a92ce9807d5496f7e7c7582c7d0311d4452e7f6041d90aa6e8e817c2cddd6983f77365d8fbe52ddf92ed06282de4

/data/data/com.dcloud.leisum/databases/ua.db-journal

MD5 01b2bfa729dbe15e9c2872be396a272a
SHA1 ae29a5b173881d27347a142552be61c226b83950
SHA256 25c561a4e1e6fe79a12de3a189f6b8e140cf0f0c29a2e06bd592d28d01641c7d
SHA512 4e6f9e4ad96923706ab32d48ac173a1dcbb1ce8699e8313e98c225f9d9a0a43d91dc04fd3141c12145713a120f352cf67491bf1d6d949e3700ebf48023111da8

/data/data/com.dcloud.leisum/databases/bugly_db_-journal

MD5 82ac280c72b1d72822a1a474d8afa728
SHA1 221702a73f5cb4ea1da8086302c98ec3d599fbc8
SHA256 eb145a2d3384d96ccf061ea5f3c2b32608ede18dcb71eb0ea85f8f058b948987
SHA512 6973c615e8e12e79bef12844538e6128e974fc479e1313395a176c92279201991236ad7702f9f44a2c337bf2c6d7275055c9cd0614a077e08e5a6bdedaed2795

/storage/emulated/0/data/.push_deviceid

MD5 85954d401c5dedbcde752edf8a26d1f3
SHA1 3a91e188acf97787e44fdfebfc03a737c3d436fd
SHA256 2ed83e6162c886788a24dd68d2dcbe884a3c3c90d3e7b684b8286550f5ef05a4
SHA512 25005f12a3897972d99ad6888100275f2b1ee1cb1378197d83efa6ec34e73e672e7f1463c5217ecb4fd284325b32e0603935105349cc114d1d03c2f5c8bed4c7

/data/data/com.dcloud.leisum/app_tbs/core_private/download_upload

MD5 0037625b36fda2dc90c176f993aaa956
SHA1 ee57d550e4ee577338ba0ac465f5cffffa3e7851
SHA256 d0b28000d268fa558c5d31e1c9bcffd871fe4fbfdee9e0b91600e4f3b4054c8c
SHA512 d69d2333633c85ceeca71742408d7e82e20630ed9b01a5f8f24f4f8cc0eaaf9939bff472fe135a4bcdc36a146d1f6434e896b792aca1ed743d3ec11f5060204f

/data/data/com.dcloud.leisum/files/jpush_stat_history/active_user/nowrap/593fe04b-f2ec-4090-bcd9-ab0b5d0eb2a8

MD5 6e124f56d389a36e707fc080d183e9d8
SHA1 9d38f44095cf1723e0b24bca210a7130903f08d1
SHA256 c6df6ff44878cad17cc03e7706c790a9b59f489dcfbd48dbe3bc5125737c8480
SHA512 07e6608cfb1289a3269e707b4b19931a693bfcdc8361fa0f994c4a67e9560916912f35b4b7d41f28610fb29f921253e4aa9056cce70f373b607cda4ebc86943a

/data/data/com.dcloud.leisum/databases/bugly_db_

MD5 7804b42e2d1e0976fd00a4eca7c80eee
SHA1 03b6e0ea20aadaa4ef9d664ab3abeae47f55a658
SHA256 85e7a5ed5e84da80dd5650518001123fd2b7e681da52f3e6efbe0ed7e06970ff
SHA512 7725f6ae48d57840c8eed9db0252ab0186ed1d77b4b21580f95d9501964c18c43f060fffbdbb6d5ffce2b087b4d51a83a9fe1f5232975247d96951f5b3b7b1f5

/data/data/com.dcloud.leisum/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.dcloud.leisum/app_tbs/core_private/download_upload

MD5 25dc229cf74fc1aeeb4aba6caecc14a5
SHA1 d0444fd4d7de9cadf84f53bc9cc531a9e55c9598
SHA256 3895145936e738415e41edd640362b83ca532a5954b3b4e0a4dc892e86a91ac1
SHA512 746f903a2d35f89b18e839b9b94915f2bada0bbbf2b621a601aa9efaee5db30911a7ff876b03a96c43f8f0408ba038809b98bfe43e5b44a39bc6a3ff05ea0eb2

/data/data/com.dcloud.leisum/databases/bugly_db_-journal

MD5 20ada373450dbeb212612ea0b95ea4ca
SHA1 6fdb00fe20f4d317b403ab30437e445c5c323ec4
SHA256 c9f89eccbb313bfa022106fdc35216710e5ab5efbcf4564d7a61c8f1b1300de9
SHA512 e4274146fae6924e18e77a3669d829adb367fbc4c31dbc664cbc4d671f2d621b06beb09eb78ba228d2dda0e611efa5c75e914bed169db1532258cc1fddc3b796