Malware Analysis Report

2025-01-19 04:50

Sample ID 240617-3x2bhazaka
Target ba2e81e0722c0394dafc1553ceec5d34_JaffaCakes118
SHA256 95be7d9f3f5b37c616319b749ab43a84b894912f725ed3cb06f55f87ef13f63a
Tags
discovery impact persistence collection evasion
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

95be7d9f3f5b37c616319b749ab43a84b894912f725ed3cb06f55f87ef13f63a

Threat Level: Likely malicious

The file ba2e81e0722c0394dafc1553ceec5d34_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery impact persistence collection evasion

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Requests cell location

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 23:54

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 23:54

Reported

2024-06-17 23:57

Platform

android-x86-arm-20240611.1-en

Max time kernel

178s

Max time network

186s

Command Line

com.yiwyxb.qp21372

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.yiwyxb.qp21372

com.yiwyxb.qp21372:pushcore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 s.jpush.cn udp
CN 110.41.162.127:19000 s.jpush.cn udp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.68:443 plbslog.umeng.com tcp
US 1.1.1.1:53 www.2123djvgngfvw.com udp
US 1.1.1.1:53 www.alkgf.com udp
US 1.1.1.1:53 codepush.azurewebsites.net udp
US 1.1.1.1:53 www.2123fuiudifjjfc.com udp
US 23.101.203.117:443 codepush.azurewebsites.net tcp
US 1.1.1.1:53 www.2123jdjkjwjmmxx.com udp
US 1.1.1.1:53 www.2123lkjdjflkasj.com udp
US 1.1.1.1:53 www.2123kkcckxknxxx.com udp
US 1.1.1.1:53 c40b6e3d664556ab423d3eebc01ab2fd.oss-cn-shenzhen.aliyuncs.com udp
US 1.1.1.1:53 987645ba00a9b0416b254f33d918ed64.oss-cn-shenzhen.aliyuncs.com udp
CN 112.74.1.127:443 987645ba00a9b0416b254f33d918ed64.oss-cn-shenzhen.aliyuncs.com tcp
CN 112.74.1.127:443 987645ba00a9b0416b254f33d918ed64.oss-cn-shenzhen.aliyuncs.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.176:443 ulogs.umeng.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 119.3.253.130:19000 sis.jpush.io udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 tcp
CN 124.70.159.59:19000 udp
CN 120.46.141.4:19000 udp
CN 121.36.15.222:19000 udp
CN 123.60.79.150:19000 udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 139.9.138.15:7007 im64.jpush.cn tcp
CN 139.9.138.15:7008 im64.jpush.cn tcp
CN 139.9.138.15:7009 im64.jpush.cn tcp
CN 139.9.138.15:7005 im64.jpush.cn tcp
CN 139.9.138.15:7006 im64.jpush.cn tcp
CN 110.41.162.127:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 _psis._udp.jpush.cn tcp
CN 120.46.141.4:19000 udp
CN 121.36.15.222:19000 udp
CN 123.60.79.150:19000 udp
CN 124.70.159.59:19000 udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp

Files

/data/data/com.yiwyxb.qp21372/lib-main/dso_state

MD5 feaf87c9316edb0dad6cd6df55c8209e
SHA1 659980c3c66355bbb262f826df5ed2c9fcd50e95
SHA256 4b319b97114b4ebdda888297f5786108af46c8767435bd3710acac586467c36f
SHA512 d31cffb4e275922d1c3fd253c65ab03f86ba897907e57cec3e45614d68e2da35375e817a6252e06d35585d7b0a79fb3031fae3765a3d8f5cf597e3f104e1aa3c

/data/data/com.yiwyxb.qp21372/lib-main/dso_deps

MD5 a4f06c8614460767e35100c1ba07fac4
SHA1 2506724b32daa0887db41ce98500a0984071363a
SHA256 a0827883fecf929d950b5e35c47175233fb398888eb0231fce3ef56425263ca6
SHA512 aff80eb6abe35427080b60b0079f83458f64427b4b1c684b15360755bb5ffe894946f365ffbf96b41e1e16b013ba8bb21f5b0dcb3c956975c83aad3a132d99d8

/data/data/com.yiwyxb.qp21372/lib-main/dso_manifest

MD5 c06857e9ea338f3f3a24bb78f8fbdf6f
SHA1 c5a0a2529d2deb60fec041b4fbd722a2ebe31702
SHA256 957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027
SHA512 29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

/data/data/com.yiwyxb.qp21372/lib-main/dso_state

MD5 7db7bb15078be9796f04f0e4b3762044
SHA1 c7813b2bf4d7ab8f0c9444f2175f5858e990201d
SHA256 d242edf0b7a4ecfae6e6374e7e91cf803cf0dc4c4fa7849e1274d40720b1c36b
SHA512 cafa914e75f966ad14e66cf13b3105a30c12cb9555f61fea54353ba999019256cf275659572dec30555efad9600ff542c5ef4c4fd1e68997f71277e6319da022

/storage/emulated/0/data/.push_deviceid

MD5 3f8a4f13559769015335bc9db9f453f9
SHA1 a152cb3fbaff35ef323458ba56ce7a302a7b75ee
SHA256 e723235aca36487cbb3a2cbd71fd63c06ed79e36b868537e9836ee1f5cb0bf0a
SHA512 c486daaeb5a11343fe271a828e0fb9f961c13a583ec76bfd440207b844c94354f6399ce86f0b1e43a0aed8f42138ba6808ae07dc14c791a0d11db4137c3d19d0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 23:54

Reported

2024-06-17 23:57

Platform

android-x64-20240611.1-en

Max time kernel

178s

Max time network

189s

Command Line

com.yiwyxb.qp21372

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.yiwyxb.qp21372

com.yiwyxb.qp21372:pushcore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 124.71.159.41:19000 s.jpush.cn udp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
US 1.1.1.1:53 www.2123fuiudifjjfc.com udp
US 1.1.1.1:53 www.alkgf.com udp
US 1.1.1.1:53 www.2123djvgngfvw.com udp
US 1.1.1.1:53 codepush.azurewebsites.net udp
US 23.101.203.117:443 codepush.azurewebsites.net tcp
US 1.1.1.1:53 www.2123jdjkjwjmmxx.com udp
US 1.1.1.1:53 www.2123kkcckxknxxx.com udp
US 1.1.1.1:53 www.2123lkjdjflkasj.com udp
US 1.1.1.1:53 987645ba00a9b0416b254f33d918ed64.oss-cn-shenzhen.aliyuncs.com udp
US 1.1.1.1:53 c40b6e3d664556ab423d3eebc01ab2fd.oss-cn-shenzhen.aliyuncs.com udp
CN 112.74.1.127:443 c40b6e3d664556ab423d3eebc01ab2fd.oss-cn-shenzhen.aliyuncs.com tcp
CN 112.74.1.127:443 c40b6e3d664556ab423d3eebc01ab2fd.oss-cn-shenzhen.aliyuncs.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.176:443 ulogs.umeng.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 110.41.162.127:19000 sis.jpush.io udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 tcp
CN 120.46.141.4:19000 udp
CN 121.36.15.222:19000 udp
CN 123.60.79.150:19000 udp
GB 172.217.16.226:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 124.70.159.59:19000 udp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.213.4:443 www.google.com tcp
GB 172.217.169.46:443 tcp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 124.71.183.120:7002 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 124.71.183.120:7003 im64.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 124.71.183.120:7000 im64.jpush.cn tcp
CN 124.71.183.120:7009 im64.jpush.cn tcp
CN 124.71.183.120:7008 im64.jpush.cn tcp
CN 124.71.183.120:7005 im64.jpush.cn tcp
CN 124.71.183.120:7004 im64.jpush.cn tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 124.71.183.120:7007 im64.jpush.cn tcp
CN 124.71.183.120:7006 im64.jpush.cn tcp
CN 124.71.159.41:19000 easytomessage.com udp
CN 110.41.162.127:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 _psis._udp.jpush.cn tcp
CN 121.36.15.222:19000 udp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 123.60.79.150:19000 udp
CN 124.70.159.59:19000 udp
US 1.1.1.1:53 easytomessage.com udp
US 1.1.1.1:53 s.jpush.cn udp
CN 124.70.128.38:19000 s.jpush.cn udp
CN 120.46.141.4:19000 udp
CN 123.196.118.23:19000 udp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp

Files

/data/data/com.yiwyxb.qp21372/lib-main/dso_state

MD5 feaf87c9316edb0dad6cd6df55c8209e
SHA1 659980c3c66355bbb262f826df5ed2c9fcd50e95
SHA256 4b319b97114b4ebdda888297f5786108af46c8767435bd3710acac586467c36f
SHA512 d31cffb4e275922d1c3fd253c65ab03f86ba897907e57cec3e45614d68e2da35375e817a6252e06d35585d7b0a79fb3031fae3765a3d8f5cf597e3f104e1aa3c

/data/data/com.yiwyxb.qp21372/lib-main/dso_deps

MD5 8838cb68baba743570bef1a66e0091d5
SHA1 7b33e8f975d6b1acc202ade928ca512f41cf8906
SHA256 a4d24ecbe1308f5ad2ef0a4952a459a19b94085dfcb1f23106b70117759fbebe
SHA512 e9644a1f34ce112abf3285d50de594dd41b997c79f24008f0d681de5a82704ed48f332567f9c39f5f9e035dd473388109315cba1585dda97d72f1b866842adaa

/data/data/com.yiwyxb.qp21372/lib-main/dso_manifest

MD5 c06857e9ea338f3f3a24bb78f8fbdf6f
SHA1 c5a0a2529d2deb60fec041b4fbd722a2ebe31702
SHA256 957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027
SHA512 29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

/data/data/com.yiwyxb.qp21372/lib-main/dso_state

MD5 01e7484b0b09980811242de0b86169c2
SHA1 368f7de775323b7d18f034f53366439d65c574ac
SHA256 f3ae709859ca77382695a6452cff38487bfbbf6c6e54a5d1c374509b8f266af2
SHA512 26d0190cb44eb40935ee6162f6c17cb91a35e32f66a8ea6b13e914a2d17ed7874930ccad7b66aee33d8b4691218fd805d316d17562641e9259368b2d95f95d8f

/storage/emulated/0/JXCP/aff/com.yiwyxb.qp21372

MD5 a026dbe832b926780021e0dab28f615b
SHA1 d8e9799b30e7465084e461cb767196ef37924bdf
SHA256 b1d26ca3d0dec1da7e56115f5f4fc62f252647588fb3d6ff62fb08cdd7296b08
SHA512 9236c351c6c87aa36f28c98ea74b9c242d551a6bdc894ecb59c7283e87c0bd62823e9ac5b829f36806122f109ca91aa018623d3119d8307a3c9336e6a7ae4395

/data/data/com.yiwyxb.qp21372/databases/ua.db-journal

MD5 7eabe31171aa67853ef621ce1d9280d6
SHA1 f99620ea511b4ff272a3ba3dcf6f774290a28ae6
SHA256 1a40059e46f98e2769be82a88b14f267bfa2a041359d1c401a5a5dbcbffdf24d
SHA512 1de56a6b3311c0469355d9bcfc145d8bbc3f4d647f1e71cb5f911957f4b954c6b1cc98db2514ca1f11a09803d30fc562cb95a3de548cb3152bc7b4985bab80e3

/data/data/com.yiwyxb.qp21372/databases/ua.db

MD5 b7036131b84bdf2b66c67fde18d62308
SHA1 18b1e5a358d68c846495cab5cfef7c6679659093
SHA256 c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295
SHA512 256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067

/data/data/com.yiwyxb.qp21372/files/jpush_stat_history_pushcore/normal/nowrap/3c626a96-a784-400f-8ebf-113a008e9f67

MD5 acfa3996915eadad4b259162dbec9815
SHA1 329a613b3c9a3a33cf0648c13bda20ba24b54106
SHA256 d0a057eabd46fe5ac6595599efd210ec65aefa4d3ecf26d4a9ea3d08d06fb128
SHA512 69b3f3712da741ef88fba61110d428fb3fde7c3043492202106070bf3150e652f6e77edf1e196cd579cedad40574fd22708304a666c1e3d925521071b6ce9546

/data/data/com.yiwyxb.qp21372/databases/ua.db-journal

MD5 b3f7ebea3b74e93970644813f7376143
SHA1 008acc8cb96dfdf299eaca006e9281c38f2e9662
SHA256 b618c6627674972590690e20b8c490012f91b9e3e2cfbcb3c31df5de0ff243e7
SHA512 2676a76bdfcd18645148236cf757b75eda3bb01be9fec666fc7694cb8f22f48c450f562ca62d646aa8fa8c426bb365d3819d32b75cc5ff9e7406b1ca06248afe

/data/data/com.yiwyxb.qp21372/databases/ua.db-journal

MD5 8eebaa02bee46d0f043831789a32ea29
SHA1 5db45ef7bea306174d383a69e46e370c65c958a5
SHA256 f99e1c0fdd6cf86a1a1f93a9f043de42c7fbb45e4a22dc1b6ad2cd66173d4981
SHA512 534236b7a0c5f31e46e2c6c5c684cb54cf781c2d8786fef2f4e5fe101e09e61eabf1fc676430ae5bfc6d0736c434ecea5e7279df37aaccc736ef5905e1f98162

/storage/emulated/0/data/.push_deviceid

MD5 0105d1fdd705a07c0dfa03c8cbc75082
SHA1 0b767d8cc17590b722f4b49de0e6e1088fe048c3
SHA256 0f9d94254138bea8d64acec2dc959c1fc4d5ff4a12b4c657c77d25c5d29c3f39
SHA512 d3e5da8d818cef123ccdc8cb1fbc763633e468d6a920a19d781b3269d7cceac54a4b5aeee3bd86782b9bf6bc4cd778de19329f2c08bed4d42aed2d89b9fcc8b0

/data/data/com.yiwyxb.qp21372/databases/RKStorage-journal

MD5 8f33af4480aca61e52e4e191703b496a
SHA1 a88b7e3163d1f5584a5bcf1aa1057c139b38a87a
SHA256 f989c06d4602e57ef4cad97bcf5cdfdb6c70a5e22ba14da36fe620c474e9f32a
SHA512 d2c2da0e5d578cc643e0f24a951598de9af2ed4b2b23b073538fadd422864347e31bfcf4909e833a36f3ecc91bf164909fb30425d4355b0e8df3def0c9e1cb35

/data/data/com.yiwyxb.qp21372/databases/RKStorage

MD5 6c69e06d72e6f7c3ea3de51d8b2255f9
SHA1 87dc2f62cec0163b7477c554b0edbf550af7ae88
SHA256 b6aff5aaa01d047364d0552a4112893d5b3b77c656065ecd58373f28cf2cf11c
SHA512 fdad987a6ae2abc1967bccb8cac76735d857806e2493d6d0b7cdc44c71d6e55d3245633bf9549181c592d01738e81a1f474f3b788c6b4f773db091f8af9c5a7f

/data/data/com.yiwyxb.qp21372/databases/RKStorage-journal

MD5 85b9023386ece890ed8865e5644ba820
SHA1 e69353a96e254c361037bfcead73ba9a01d584fa
SHA256 473493c87afc1a5ba1938f4d032267995d3ccbb51e6cf6b73bd8ad9ddde31576
SHA512 9b90a33f413af215a56b815296faf8c68e7f247cf11ca8b2634c54ea8bbd39aaba78aea2b629fe0d63410e4d386f4cfdfebc559d36f1103353f442fb15855f71

/data/data/com.yiwyxb.qp21372/databases/ua.db-journal

MD5 761c48bbb135243c369fe76afb302fa9
SHA1 d8c21378090a914a7bacb414cd67917ca41b7ce1
SHA256 f5c3af15027a72570fb952538a49283d28299e16bd1bc1171ed9d5a31839ac0c
SHA512 010ab73bd8a98f99afb3c76b9ae055c7276a84978c9942b6b8900d2187b82def2a2343b479df82aaa7a6d0f53dfafd7f2015ddd270376d8f986923dfa3afb123

/data/data/com.yiwyxb.qp21372/databases/ua.db

MD5 bb8d9d7d1d17987dbcfe6fde0b7b1dd3
SHA1 c9a8a23e71e2eecc92741f5cca72a76fb2f47614
SHA256 7a1c2b29d4c6d2eec925ff801f3281aa661fa7148237b61d091f8fe788ba4791
SHA512 266de075692e076d07fa05bd29ad355badbb9f06f9db5fc173bb992081716ac67349500c6cc63f56576024b53f9293cd6654bd0bef892b4a6f94766ff7a38358

/data/data/com.yiwyxb.qp21372/databases/RKStorage-journal

MD5 a34fa48ec27dbe91a553eebe5ddd2bd4
SHA1 501095e8070a42d728d5cc279f3d5566f52f33a0
SHA256 3c6e3c6f6541d680d22a141f18fc9bad2759d746615e73e4005862bebb8019bf
SHA512 184921ee72d200f2f90a00920d7a77adea6eb4e7d93880a72b9e93f63c497c3f38b3a1bc42cee9654b3eba000ef40e226b557bc521367f284ec0fe2d000da1af

/data/data/com.yiwyxb.qp21372/databases/RKStorage-journal

MD5 7af08646b26c71c104480956f6c527cc
SHA1 513e8e7f7e1fb4d1efac40ddb1baf4ecac9a49a5
SHA256 c2d4ba9364b4f5cd47919f4f521d057437cda0d2df2d2d38b15f920f607593b4
SHA512 bdd748dec2aceec1cbac371dcf6c0d70ba753c0e1ac900c1b6934df02a55e83d700d0212271cf586917f1d99f40e68b82bedf477de2ffbac6fa7bb9796ae6d40

/data/data/com.yiwyxb.qp21372/files/jpush_stat_history/active_user/nowrap/050dfcc0-a690-4c15-8e7a-829b0e863a66

MD5 6ae5224c1fc4eaee27bd88107620d918
SHA1 041f6b8ba05656a15ec2ed7b36b6073857efed9c
SHA256 08680d30668a9d18aaa50605494eddfb98576cbf1db15491d658d6c7b657cfd2
SHA512 5cb83cbc3dc16f1bff2a30fc4bda9bbe1478bc7b5a08a60b2d4361f8673e0e9d5ee8d863f7dea43b703e50ceae15f4f96119d0d8354ec90702afa553b4f91f28

/data/data/com.yiwyxb.qp21372/files/umeng_it.cache

MD5 4dd08ede5a6e78b7259b873c853dc541
SHA1 b44b24a5bc69c936cda6344bec686b36ee64913c
SHA256 10a42936027e58a84e3c68ea54a1a67ee772c881d933d074f1816003169d21bb
SHA512 53bed16bbde309c8f80bec88b64f8c73f67509900f4b27a18ddbc9924fa763514290a47dbfc298ffc99f4c50f57538f9ad01090bf5b444cf0920409a2e299d83

/data/data/com.yiwyxb.qp21372/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4NjY4NDgzNzc1

MD5 700df9466b44ac9fd09ad478a8581ea8
SHA1 d9383c68fc26fdb23d85cb3cdd292a5065855ee2
SHA256 5f8b541fbc500ad5ae41d5b0a2359004a7534ca48e59adedf3a9c5ae0d56ae11
SHA512 8e5ce4baa820ab00d745b18a4c529543fb6daced6eef92dfc5da5b87c20ea414a314da57a3789e48efe186b1f6dcf70106427afeff262f8eb2a0419acf66ac85

/data/data/com.yiwyxb.qp21372/databases/RKStorage-journal

MD5 f04b412bd3d91e7070147f639b6f962a
SHA1 23adb4aace19a27e37acefb347e9855bac931616
SHA256 014a3c23a7adc81767f5e0e397a3311a1a53ffeb002faf603a224564bd9d62a0
SHA512 897255f8434e6b9e6834af1885937ba978a7208e1ad6575f02f60363e644977acb330a33c341d656c261d801c17eeacacc795b44e5742446116e25a4725438a0

/data/data/com.yiwyxb.qp21372/databases/RKStorage-journal

MD5 a81089980ed5c7e6b0f892183c42ed16
SHA1 85003955cfa44cd9ba7b5218c91ef95178dcf34d
SHA256 9b2766ea2a29ad1dfafb05cbcd13c599c56df68a4adbdf9dc9c4196ba469a619
SHA512 cc98959373c7a32304f015a0abe6b493a260cf1cd707bf8f0c6efaacba3bd8956cdfe37c04e9655d10f3955257d8a0c326da6f690ce6e61eacf0f0ae8933a77b

/data/data/com.yiwyxb.qp21372/files/.umeng/exchangeIdentity.json

MD5 5c45bfb965f3f3d8328e019490b3534c
SHA1 14abd21c3bea3637f4d565bddb0fcc5177f5a986
SHA256 ef498575cd0be8ac09a3698adc82501fc0ce37118f27ad6fdd163c9386f05faa
SHA512 d8d9ac9c927b324bc4a5888c36fdab410a552325d8d8e9b3deeaf08ff3d5d0ea622907d5c618594a45575d4b26402d435a36788c4a6099c455963a4dea4c0810

/data/data/com.yiwyxb.qp21372/files/exid.dat

MD5 de11fefc496db43c755798084edecc7b
SHA1 5476be2d6b911eaadbc32dfdc5843b05d6621ce8
SHA256 58a86893a5419c6910b26ce1f077cab667eecaaa3ec72409d3997cd236271884
SHA512 e8f5255401fce4e7414247c96185af572d4f63f21dc42e971b618dcece215d2e9328bae4722f4d23390415a8b1c1d3475aeca4de4cb7e12ab50457b515c431e2

/data/data/com.yiwyxb.qp21372/files/.envelope/a==7.5.3&&1.0.0_1718668485227_envelope.log

MD5 d8eff78cfd921953276f81829314618f
SHA1 a54167d7a7c2e18384c98b56991230b9e289d59c
SHA256 2486b1d36e193e44ce339e68b3bdf4b6be4fcc84232b07622f28780876d7e710
SHA512 1392eabcb8f80fee64381ef00c15b804665b36475be7762d3987883bdcf631c905469681d260cdff6b57f423e31de102228e4a3eaff995c7c8fbb1748425f4f8

/data/data/com.yiwyxb.qp21372/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4NjY4NTE0MTM2

MD5 b416c55eed79b9fe3a90ca0cb63b59ec
SHA1 7526961a1ca51fac132c6399f6be5c4028e7438b
SHA256 8b1aba65c760c67e46fe3cab0815149af830e69690eb8322ad9c29e63039653a
SHA512 8c9c29a6910b58b6b9da05a50f191c741ca8577ba59f60455505cbcc0189138c6131d662b42b9c492e6b91027c1c9cb35cab69d7723d54b02d3e82130145f10f