Malware Analysis Report

2025-01-19 08:02

Sample ID 240616-xsw84axckm
Target b4ba70cd977b023fe9637f92898edeec_JaffaCakes118
SHA256 cc8e2f2d9507d60d638765fa69dfc89c616e5788bf4375184bceaf4ad2422418
Tags
discovery evasion persistence impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

cc8e2f2d9507d60d638765fa69dfc89c616e5788bf4375184bceaf4ad2422418

Threat Level: Likely malicious

The file b4ba70cd977b023fe9637f92898edeec_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence impact

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Checks Qemu related system properties.

Checks Android system properties for emulator presence.

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 19:07

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 19:07

Reported

2024-06-16 19:10

Platform

android-x64-20240611.1-en

Max time kernel

6s

Max time network

168s

Command Line

com.wsd580.rongtou

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.wsd580.rongtou/[email protected] N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.wsd580.rongtou

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp

Files

/data/data/com.wsd580.rongtou/.jiagu/libjiagu.so

MD5 4a453408e767c7470384d0a7454169f2
SHA1 9bbaf32ce857bd9d4b82a77c84c2395df9556a3e
SHA256 fd26cf273da2889704549a1fac6020ba4e0022f282187db0f0aaf3771b1d3f52
SHA512 98e534c96fe08fad56289b74ce12981666fbf3af6346c58d9f8888854c9dfc178363626c2fe00f74a5bbff9222859472197ef69b8c9f46b8fb6bbcae2a07d859

/data/data/com.wsd580.rongtou/.jiagu/classes.dex

MD5 3b50f83ac9c670ceea8fe07085b638cd
SHA1 33967029f32ceba80b886af4707ea9bde57f0415
SHA256 6eca0f76b9299ca75656bc6c1458017d1f7d5615ed6b13ef19716814da7cbde8
SHA512 996293efcf4f6a10b84a9241fdb3486109a737b18bccb90df54a16119e69bbde3dabea5353cabcff4ab40d65aca09a18c5f5ce34c53326d3d9a10d7a730103eb

/data/user/0/com.wsd580.rongtou/[email protected]

MD5 4ee9da4c91467b6b703d720074f0813f
SHA1 b783618115a3ec8d886a219937250753110a9b46
SHA256 2531302c9a90204efaa7ce81d47d7df8162b758a4ad49cea8e4a8b654427a927
SHA512 97fc7789434abc4fff754cb5a363ffdc6ba5f1b2f0311f4d02cba8e846f8e773327c1701ec4924764ba0845e2623ee0cbb511ba327ca89a071f5f77d47f84f58

/data/data/com.wsd580.rongtou/files/.jglogs/.jg.ri

MD5 5bb9038988baf2296bb9e27193663481
SHA1 a33426694ab994f39b41880d204e6d5d5435b39c
SHA256 cb6da78ffefc0627dabaf25cbc948ac7887f8e2992e2964fb01cb1816e48483f
SHA512 77dd40c813533b4cbfba1e5a557c21c55577328a4b36bd258c8e70d9eafe98276313a45ab023077c1fa8b8f32143986b01269f958d3beb95015e9b916e4fbd40

/data/data/com.wsd580.rongtou/files/.jiagu.lock

MD5 c77f20a16e2928a5d7dabc9e332c55cd
SHA1 f2f47cdc1c85ac204b85ddc0d1930a69bff0c026
SHA256 5c486e01b184c2a05059d7526e0efe33f1939f4e4b7ddf4a558016ed5767394e
SHA512 d6c450322907628b2d3885bf8304149825013a36c56ceb69a0826370fc5dbd681e468e2448d434962d32ad519525d89e1c84de9e2ee555203b2854d4b5dd0aae

/data/data/com.wsd580.rongtou/files/.jglogs/.jg.di

MD5 3d8b2e13cd3cc10dadb3838f7e74d84c
SHA1 c754d0ae1f5012a3e805fdd79523174f6af2949f
SHA256 95d5356c42d5a5374eff3db84bec636c27e840644994e6564fad2a83e2927a9e
SHA512 30002af59992712a6742a1ca77f85ade351f24b66d4985aee68f8616b33e6e2c6238c70f0f44ac5af500c0c97f6890dd6e0f997b1d5c3c98187e58b3788977d2

/storage/emulated/0/360/.iddata

MD5 e2f2a9d8496bf0cdb6b207fc6ea881c7
SHA1 bfd0792f2f056c1c553671f137b6ab14523aad77
SHA256 562fcf0c69d89eb27e4df1b43a0090e6fe458ce3679ab2e4d11d06433495f22d
SHA512 1daa8ce8df7d4f647eaa25c0b6e77c4adfa212c165e94352c5287719db0e19248a3a7a9a74e7a2ac684cf7ac9fb795c52ef1d4ae1cac48c70dc003298a50a027

/storage/emulated/0/360/.deviceId

MD5 4c4c5285293d5141f582aefa4e038669
SHA1 e01852a72e5a8e6f7d63a21426b515118196047b
SHA256 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-16 19:07

Reported

2024-06-16 19:10

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

143s

Command Line

com.allinpay.appayassistex

Signatures

N/A

Processes

com.allinpay.appayassistex

Network

Country Destination Domain Proto
GB 142.250.178.3:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 19:07

Reported

2024-06-16 19:10

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

184s

Command Line

com.wsd580.rongtou

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.device N/A N/A
Accessed system property key: ro.product.model N/A N/A
Accessed system property key: ro.product.name N/A N/A
Accessed system property key: ro.serialno N/A N/A
Accessed system property key: ro.bootloader N/A N/A
Accessed system property key: ro.bootmode N/A N/A
Accessed system property key: ro.hardware N/A N/A

Checks Qemu related system properties.

evasion
Description Indicator Process Target
Accessed system property key: qemu.hw.mainkeys N/A N/A
Accessed system property key: qemu.sf.fake_camera N/A N/A
Accessed system property key: ro.kernel.android.qemud N/A N/A
Accessed system property key: ro.kernel.qemu.gles N/A N/A
Accessed system property key: ro.kernel.qemu N/A N/A
Accessed system property key: init.svc.qemud N/A N/A
Accessed system property key: init.svc.qemu-props N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.wsd580.rongtou/.jiagu/classes.dex N/A N/A
N/A /data/data/com.wsd580.rongtou/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.wsd580.rongtou/.jiagu/tmp.dex N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A s.appjiagu.com N/A N/A
N/A s.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.wsd580.rongtou

chmod 755 /data/data/com.wsd580.rongtou/.jiagu/libjiagu.so

/system/bin/sh -c type su

sh -c ps

ps

ps daemonsu

ps | grep su

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.wsd580.com udp
US 1.1.1.1:53 android.bugly.qq.com udp
US 23.225.65.238:8001 www.wsd580.com tcp
US 23.225.65.238:443 www.wsd580.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.bugly.qq.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 1.1.1.1:53 s.appjiagu.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 23.225.65.238:8001 www.wsd580.com tcp
US 23.225.65.238:8001 www.wsd580.com tcp
US 23.225.65.238:80 www.wsd580.com tcp
US 23.225.65.238:80 www.wsd580.com tcp
US 23.225.65.238:80 www.wsd580.com tcp
US 23.225.65.238:80 www.wsd580.com tcp
US 23.225.65.238:80 www.wsd580.com tcp
US 23.225.65.238:80 www.wsd580.com tcp

Files

/data/data/com.wsd580.rongtou/.jiagu/libjiagu.so

MD5 4a453408e767c7470384d0a7454169f2
SHA1 9bbaf32ce857bd9d4b82a77c84c2395df9556a3e
SHA256 fd26cf273da2889704549a1fac6020ba4e0022f282187db0f0aaf3771b1d3f52
SHA512 98e534c96fe08fad56289b74ce12981666fbf3af6346c58d9f8888854c9dfc178363626c2fe00f74a5bbff9222859472197ef69b8c9f46b8fb6bbcae2a07d859

/data/data/com.wsd580.rongtou/.jiagu/classes.dex

MD5 3b50f83ac9c670ceea8fe07085b638cd
SHA1 33967029f32ceba80b886af4707ea9bde57f0415
SHA256 6eca0f76b9299ca75656bc6c1458017d1f7d5615ed6b13ef19716814da7cbde8
SHA512 996293efcf4f6a10b84a9241fdb3486109a737b18bccb90df54a16119e69bbde3dabea5353cabcff4ab40d65aca09a18c5f5ce34c53326d3d9a10d7a730103eb

/data/data/com.wsd580.rongtou/.jiagu/classes.dex

MD5 4ee9da4c91467b6b703d720074f0813f
SHA1 b783618115a3ec8d886a219937250753110a9b46
SHA256 2531302c9a90204efaa7ce81d47d7df8162b758a4ad49cea8e4a8b654427a927
SHA512 97fc7789434abc4fff754cb5a363ffdc6ba5f1b2f0311f4d02cba8e846f8e773327c1701ec4924764ba0845e2623ee0cbb511ba327ca89a071f5f77d47f84f58

/data/data/com.wsd580.rongtou/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.wsd580.rongtou/files/.jglogs/.jg.ri

MD5 31289c32f6ae0a1b480c9aed1d2968bc
SHA1 3e9c624560d2544eb2f9d7e0fed7833c879af219
SHA256 760b1da02923aaf80a683923e7d16159c1e183d71c76d41a4d54f32109f53188
SHA512 e3281cccfafc77185d3d05370e2abeb94be2e685eebb385ef898dd88c7acb35932c0b1aba1716562e22283cf950ff4f55c1025cd410970f8d2d151b5765ddd6a

/data/data/com.wsd580.rongtou/files/.jiagu.lock

MD5 99040d2939fb066ca03688dd42afa412
SHA1 f2516e23bce10c2a455b6e33984a5a42faff27e2
SHA256 d20527a94d1708d7aca8584f6bbea3819449de823759d823a86760d0ee22694a
SHA512 b81a75af3fbf0754d25acbabc7b7c9e1a3018c6b0f9576d247ce9d8a06d64a98cd38c4530ad05b030c469646924e65ac615a48343b312c9e83a5f09019e7d425

/data/data/com.wsd580.rongtou/files/.jglogs/.jg.ac

MD5 b87a6c95bded67ed0dea5924eed6c2b6
SHA1 80fee5244c56646578bf25feed6c5b1fab1365d4
SHA256 d6410afbd9a5fe63616713cc143a2ec67bc853faa521772c49a604536c1e23f0
SHA512 ab2c8de7b707133ec13104202297ff5d96b92dd6ad209d08cbfb180b2f850ff15884c1ad073f8969e316d4d78ad87378be492bed23ef179745e00ba6bccf0e24

/data/data/com.wsd580.rongtou/files/.jglogs/.jg.ic

MD5 3f9b6fe3b0d2caf0de98458fade29457
SHA1 a6a97bbf2ef135cdde4e04dd252468e4dbe0f781
SHA256 1d10ba348433d9269c33218be346493b6a8f051b730213618ffc4fe2204d5711
SHA512 862f600aac52a507d473461935259dd944055f4bdb8e8c297368d93181d3542504c06e812f73bb7be58000ad90206377589c1ee6c6165f4e8f17c3b8471f6f5b

/data/data/com.wsd580.rongtou/files/.jglogs/.jg.di

MD5 51bd1362b9014c179aebbcf2539ae651
SHA1 cbf6a01370f036efc025acd56f228bdd972b2121
SHA256 8d138a2e478dc880e1486cca123cc6bdc01f55de59146290395a4c9758fd50c1
SHA512 7a657e2611289169c759a51472030cf02a66851660276c18f1762b07a141e5f25e243a114afb7bf056658a654346bf6071672a72284d900aa5eaaf9ed62bdcbb

/storage/emulated/0/360/.iddata

MD5 2e31529efdb5b31a3617169e33a20fe2
SHA1 c14297663cc839b2910972344d140475802a3400
SHA256 a6350eb5e9d8dd05d179c4098937f7ed34ea183339887d428ad8e9176a296dbf
SHA512 600bc6117fa049572c0042541334b6760365b9991c0bb5ee9654005d2520df2f88108de52fd6c7658741c33b0e59928dbb1f6e8874a9f8cd75fe8039b8c48cad

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/data/data/com.wsd580.rongtou/app_crashrecord/1004

MD5 b5aff2a5cbb8b91421794a12c6ee3b7d
SHA1 603e446fd7fa9b17a0856a34a3c99a6be8c94489
SHA256 35dfe428d017b73b22fd4d8e28d51ab4d9110450e8ca2868eb2acb6af0c113a5
SHA512 8d40894e3575892e3c70fe50de10664b67f0aff80d1c1e73c08592e7b15254fd9efcb722ec341af7edc6a0d2df7036e42cfdbe19a60f2153a951f1373fc828ba

/data/data/com.wsd580.rongtou/databases/bugly_db_-journal

MD5 0eaef7327b490d609d29c3ec0cd2bb0d
SHA1 31e2949ecda2c50ccadfc4c5fb33def0759631c7
SHA256 e9ebbb3f56f98b0f423e23e0306911fa7e3421c11cb522b7d387419aefa3ddbf
SHA512 b7cf740ccf200337ebe9da0dd39b8acd53681598966a6547cc9bd0031cc589e19f8a86954c5c35f2e6f0708bb5a5ef9e8e89ca8c097309803ba06dc40773a0dd

/data/data/com.wsd580.rongtou/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.wsd580.rongtou/databases/bugly_db_-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.wsd580.rongtou/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.wsd580.rongtou/databases/bugly_db_-wal

MD5 b4f89db9adac6cd3130aa53fb39eac23
SHA1 9d9f7b9a2a0841a5282f831afcea13272473a9c1
SHA256 ddeb3189d4f696026b4f2c014810431fd4c8f13d6252f65716ac04ba8d1b7127
SHA512 886c5121d49d88218ebaf9b10a0554130848c074ecab38ec959aa93f73172416b1bd531b404a4cdff64632cd1df0c3ae589ccc396839dbd531e6511975e1f63a

/data/data/com.wsd580.rongtou/databases/_nohttp_cookies_db.db-journal

MD5 9f7e5caa71dd62f61de0a941abaafccd
SHA1 a93daedaeb22d14860b6a577fb3d242486c7e0d4
SHA256 0fc8dd40599fc10050cba46e122b149aea9d93a7bb4dc2f9e38deaf1685bd7d8
SHA512 ebdea16c345d760ec5209f5fb5c9fbbd4097d4c8b916ee66ce63b2ab61fa1fa763ad4fcdeaeda9a16bed0fb02fbe09983eec6fb742862cdd3da56da7e6f3134f

/data/data/com.wsd580.rongtou/databases/_nohttp_cookies_db.db

MD5 692957a8f6be4a25986a068c449b83ab
SHA1 04223c8cbcf0032443488e3f5f9bee9f91eb5f7d
SHA256 4895bff14c71a617ca75f6ce7933b28332ee06a1b2aa431ee3e108db693cdf0a
SHA512 0617a88df6a60252050fc5403f6d01936bbcba961d707474d62bf97cf1e2034999befd13fac5e58d430ce43dd45dce8e2e6c8b6b125ea53dada382aebcfa3742

/data/data/com.wsd580.rongtou/databases/_nohttp_cookies_db.db-wal

MD5 b4151053daec6b444dbb783426ad67d1
SHA1 f9c8c236a5550ae44da52bb04b1a58c31336f81f
SHA256 4d78d73d58e61ad7dc680d8927b3224ee86631df1453c816673bf5a1fb4552d7
SHA512 f8cd43cbabb87ae64800c76d42f86f350c2da12a175a73ec332a79a5dbe08d3c7f70afd80477e197349ba2ba2796ba9671ed8a4881e81b70959bdbb46e0e892c

/data/data/com.wsd580.rongtou/databases/_nohttp_cache_db.db-journal

MD5 323ea00cc84e86ed31b3c548b459ec8e
SHA1 42aba4055433194d75cea6e7ea363f91e821cdfd
SHA256 3e5d98bfcd35ab3e208c82a573db1fd860c3f22614a8af5e81c82a5bc97e0636
SHA512 a545899963e5a077efd92bae9c88140305bd03d736048b92f2d7278f08d89404a44a62a184ccdbfb13f3e85138c19cf2cece28c667bcf69df3e45daaf7f88dbc

/data/data/com.wsd580.rongtou/databases/_nohttp_cache_db.db

MD5 d8513ad4477a6311d4faea7b49b18a01
SHA1 c26834167d1bb135cb62a2b33b1930776cbdf3c6
SHA256 c5852b70583d9316d56ed07230a7350a48e98eb1cd2bc9a3df07709ff82d6ec7
SHA512 32bbab99954f7ea0bfb57ebd53c9f154c1271e7c4ab36bea7bda33b7325b91284bf097b27004a36fb3fac91edb4296b5fed079270f80d1bd1555ef6d6a8af63a

/data/data/com.wsd580.rongtou/databases/_nohttp_cache_db.db-wal

MD5 ee6051eba18ae4398a773de99af89d49
SHA1 6baae8d4c8519f43c25f9735dfd710723eb6802a
SHA256 019985a702b25b57fca2a1f38f1b2af3b41455c8260d636679696dbd74f4f550
SHA512 8b90f7af2ee56e9b71f0cea9563e2cd48006a2cf5472e131ea56eca8762f5668799c469a195329d9db9c0aa0e3eda678fef4f284a0fe730809c211e465c95db4

/data/data/com.wsd580.rongtou/files/.jglogs/.jg.di

MD5 2dbca73d2046eb7ebed5a8a9eb4c5cb2
SHA1 a5eb7f9843583d6f70612bc537d2495c0fb45d12
SHA256 549ab47227bba98863b2deabb17ecfb707986d0646cf7ebbd2c4d206e0d51f7b
SHA512 d93398d0397ba56f52b21e6c751ce2b93ddd1e21e052a576f520541aa93c704d269d78d5e1d8f78bf08d96fdc973eee423fdc0498fdd2c89c2ee0b638737699b

/data/data/com.wsd580.rongtou/files/.jglogs/.jg.ac

MD5 1bbb18d1794fd806593666d4898c79d2
SHA1 c316919e29b58a9bdd6c561f678b76af6ff7826f
SHA256 9bdfda1b747234c8b25670f8577e54c6965b46a293ec7e34714eb26d18feb5f0
SHA512 26e9b9534fa0d891b289169f842a42c8522385d8349916b0bee26226ae26ada0c75ead39222f34f5e92e2ad2bd763ab7f5061e568cca0c9efc31d7004d52b926