Malware Analysis Report

2025-01-19 04:52

Sample ID 240618-l9gzysyfpd
Target bb65ec0b08cb4b018309c13ff33fa52a_JaffaCakes118
SHA256 8c60bca36e47d470936bb5a245f93ddc3a5130a4f39e59340ef007d4ed63dd01
Tags
collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

8c60bca36e47d470936bb5a245f93ddc3a5130a4f39e59340ef007d4ed63dd01

Threat Level: Shows suspicious behavior

The file bb65ec0b08cb4b018309c13ff33fa52a_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery evasion impact persistence

Requests cell location

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Makes use of the framework's foreground persistence service

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 10:13

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 10:13

Reported

2024-06-18 10:17

Platform

android-x86-arm-20240611.1-en

Max time kernel

121s

Max time network

189s

Command Line

com.ruanyuyin.main

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.ruanyuyin.main

com.ruanyuyin.main:pushservice

com.ruanyuyin.main:remote

Network

Country Destination Domain Proto
N/A 10.127.0.1:12000 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.60.44:80 log.umsns.com tcp
US 1.1.1.1:53 api2.momoyuedu.cn udp
CN 59.82.60.44:80 log.umsns.com tcp
CN 59.82.60.44:80 log.umsns.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
HK 103.235.46.246:443 loc.map.baidu.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
GB 172.217.169.10:443 semanticlocation-pa.googleapis.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 59.82.29.163:80 log.umsns.com tcp
CN 59.82.29.163:80 log.umsns.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
CN 59.82.29.163:80 log.umsns.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 59.82.29.248:80 log.umsns.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 59.82.29.248:80 log.umsns.com tcp
CN 59.82.29.248:80 log.umsns.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
GB 142.250.180.4:443 tcp
GB 216.58.201.99:80 tcp
GB 216.58.212.238:443 tcp
GB 172.217.169.34:443 tcp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
BE 74.125.206.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
US 1.1.1.1:53 log.umsns.com udp
US 1.1.1.1:53 mdh-pa.googleapis.com udp

Files

/data/data/com.ruanyuyin.main/databases/hi.db-journal

MD5 b5c3c86b32649e85cab37fef576146ee
SHA1 93125a00150143de76eae9f4c1f2bd51ba99e8b0
SHA256 bd91c64172b0d6a68d85035018444a4ef9bc94e39c4946b16bbfda5d3385fea3
SHA512 dc3e44f3a56f36e82fb8aaeb4d7be07d44fc3e4b6a49adf7850829f943e383a1fabbed1ab40dabeab0578dc91ce5d8d4dd0941834e5f5ad037763f186b26c26c

/data/data/com.ruanyuyin.main/databases/hi.db

MD5 09f96b7c746820d1eb30ca37c1eb40ab
SHA1 244caddb7562d43da1d286d7660cf6512004bf79
SHA256 1de9f1d969afef044e86288f6960cdd9ebdaa00317583d6d62e1d5c9e63647fe
SHA512 b745961309e2cff7a1392faee120e042f6e589e045e085899bb97d889beeae45dede92c4807cd232796e9244699b4c72a529ef10b0a7e098ed26e74ddc6af720

/data/data/com.ruanyuyin.main/databases/hi.db-shm

MD5 acb82c6e8767489538da2a0fb1140582
SHA1 62debe510f2d672adfb21fc4a0d357d1cb854472
SHA256 9f49e73df6ee4961279880914ba4b1f92d673a3d74703ac98e065bc069b1fe12
SHA512 bf1853f7d720c0d8fb68ebba522dfe8534fb89154dd09e41e1f3269e92214932c363e258a9a7685502cee1329208b512e89854f1c7eb98281a49aa92533899a0

/data/data/com.ruanyuyin.main/databases/hi.db-wal

MD5 260cd12614f1b95a31e9701cb1bef7e9
SHA1 f325c76239e771b18bb9e438553afe7a9b2bb8a8
SHA256 e997e8c9c54e7e9f7d129df9975f8f8e1174c6ef33901dcbc2ccf55a090c174f
SHA512 fca10397a6d485c41c0b910225810fae9e6912bc5821ae6e2395ecb909f80fc62b90370844efb2d3b47c0ca8f6ed9180c28a8f253694db72e70259dc033774c9

/storage/emulated/0/Android/data/com.ruanyuyin.main/1109171220115678#niwoyuewan/core_log/easemob.log

MD5 366826530a07ef7a4556b567c219bf92
SHA1 de4126295e8fe794bcd10e506e1f6fb57fad7497
SHA256 56ae4e9700b4e84adc1a44185923a223605c13d23089a8c14b5bfb935c8fc88f
SHA512 7aa1e987ebf501a1d580b27e642fb976cd036c3921328b9228bfcae3c57543640e005789f8a8caf38b9588fa7c340481b93e589710041b80cb81dc3c82798f38

/data/data/com.ruanyuyin.main/databases/cc/cc.db-journal

MD5 3e6691a26a1076520c3a52dc6881fb77
SHA1 15beee4548e3550513bbd950a7d0d4eb51cec32c
SHA256 4ce7a652bf0f093a87e66f8edbec5616ffa988956443e8ab53ec6a693e38509d
SHA512 8771e8680751ac54da77024f74acdf3d7c3295b87c32675245b5e44ff56805e5c9b7c41fab7b2a9b7af6cffdad0d1288b7f486e2fb667e39c5a9e646bea2e9c0

/data/data/com.ruanyuyin.main/databases/cc/cc.db

MD5 fd348517c53cc0123970ce8e62ef4e7c
SHA1 8bc6f0795a1760379c4798f7ba42dc205e5d7268
SHA256 228f6e9064a054413346021406992e4b7986c0ba194e0d8e05952073de5b811d
SHA512 424dbb895a064bec378dcbc99227166721c51cf416ac2d5edc522725d281895977af66b530fbf4e142f41ec30422748c5a239ebd859dba34143447b6fc67a94a

/data/data/com.ruanyuyin.main/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.ruanyuyin.main/databases/cc/cc.db-wal

MD5 738ae1c2d8acee07cc14753e7702e52e
SHA1 bb365b941233aadfb699257ca0ab76f16161f2c4
SHA256 85029e29df27f1545f085a2e4c04ba978d22b376b12a50addd6b4d5500004dd3
SHA512 a305131b97f41c880d8d722f12cfcff04d210b1c3553d4466c05ccfaaf056755220e290eae64ba3898c9af260d4fc1386a9f7c6d025d10892104ae0f0f6a7ad7

/data/data/com.ruanyuyin.main/databases/ua.db-journal

MD5 776d85341b55c116ace8fb38c4f4cd05
SHA1 14206238d756537f4ae6b1bad077ca0ae08e7d4a
SHA256 498c61666ec7b0168ec34fe65c6b036541a9de5fd0f232abbc85cd9438b7322a
SHA512 0f840b59b68033385853ce8a2dcb043d118793d994544ceb31acd937fcc2b1317977a1ff0533c0662bb4a4791c00f548af1eb920c927e04cda1efeb477a65d1f

/data/data/com.ruanyuyin.main/databases/ua.db

MD5 9ed0ae915e4d5658273eb58bce01c23b
SHA1 ba1bb4ea79d1a1ace32895c21bac8d4ddf81fcff
SHA256 5450325cd6195d7e2181f6cfcbcb42f89a70cc2a1fd4b1516ec6ace29a6c1971
SHA512 df989056a603c9e23901a61f22865f80621393b7af13bd7686d99543e215892d986af016acdbc69a021833ea90320bc7507be127c0ba264cb97c2828256a1bbe

/data/data/com.ruanyuyin.main/databases/ua.db-shm

MD5 120d5e5e082e13a8ff4efcf7911cbf39
SHA1 95d6c99abef4852b3cd932474e1b680b6d9c72b9
SHA256 dfa05cf3aeda884822ac09ec2db519de0a36a75a24af5a930ac11297d97a008b
SHA512 7e9956931fba988f8bd5a4a70b35203119539053fd49af934906cb381ac4c115e1bfd75d53e47227d35596944a682d3d2b44b2ee41332810c5bcabcec52d6b43

/data/data/com.ruanyuyin.main/databases/ua.db-wal

MD5 924bf0f2e4cd60e0bc2935a1c2b38559
SHA1 a67a30daa1d31008fef0b257a4d7baae4e2ebb62
SHA256 c3ba3042a1df3b7fc411cd07190e41aaf63d80518f1d8654beb53ef4de38f121
SHA512 0d8e9a76e1c2a6f8d92c63beb43a1c3b467dadf26c5089947b6dc2fc51943604a06117421e12cfa5f23e4db23796c9886f735ce59368412bd0f46cd696231ee6

/data/data/com.ruanyuyin.main/files/m.dat

MD5 4a1db69fbb187cecac55d43794ac466f
SHA1 0489ace46c3f3b369fe84ed638e40ba5d3cbcafa
SHA256 0d190841258bc9ee544350812847d18a20b79041ff68ff0801d0c95b01306e5f
SHA512 adffa9fc1c2fd9e284a56c45fb45f8463a32e02c6925e56ada39c8308507f357599c7220a809467a9b0b798abd16ade51fdf50f8738e986f1d7797e75ea2623e

/storage/emulated/0/system/m.dat

MD5 89df24197017d6f039a592f85391a772
SHA1 e9887aee6ab8b98bd358b1ea682e8db56bb46ab1
SHA256 0c0f76ca138384cc0e425118c3b683d439789e9f60a78e049ee68baccbb38b4f
SHA512 67c1d0d3dac09100dcbbeefcdca272534427cc1c287710ff688e272caecbf7537b35fcd976d6ebc5d52c43318cb0257ade98c8a70432de813d435e431b20c217

/data/data/com.ruanyuyin.main/files/libcuid.so

MD5 994575e44d5fd138d8894867e47c46e5
SHA1 01a185cc884b79c3aed43d88b41b97d9cc35dae7
SHA256 be2daf19c8e9b23b30c04c46d86ea6df212878a7bd4defb9abbc86372b6cce6d
SHA512 8ac1cde56c5f950f51284c449debfb073d0202402681cae2e56cbda47641edb80a5e7a347979d92e22bcc4b44e2bc08bf1c948ca84c2b1f66cc3308363ca71cc

/data/data/com.ruanyuyin.main/files/umeng_it.cache

MD5 b0d4c0f5da3e955ed3aa5dcc69bcd5ca
SHA1 23f54c1e6b7570504613317dd96c234f029085ab
SHA256 e04e75a4c49e7371e88234311f1eff07faa2027936ca55087957773aed8d98e6
SHA512 6688cbb48ec6e55d572594e4c4b49056e972a902ddce1b5e37868e6a62dc88a7a4233ccd13bb8f036b671e7fba9657748ed382a1105f4b5462399714f045cf68

/data/data/com.ruanyuyin.main/files/.umeng/exchangeIdentity.json

MD5 3846f10997c74ee4acad6c32d9f2cfc0
SHA1 518445ab5f6ab1531c4f29d7e6fcfcb8e2eb12ac
SHA256 ba3bc5f69deac9e01445514fdc53cd9223d95f52710bc923e0ee41c41c895ed3
SHA512 3329dbfded07697bf9198015ab401e3a19d3dfb04ffa6de22fe130703a481af043e76098bd0e62583a9a63bb3bca529641544f4bee92c63e8103751963e95e96

/data/data/com.ruanyuyin.main/files/exid.dat

MD5 057d40b8dfd71dfdffa73a181023daf6
SHA1 9fa0e297ddbdded0166ea5c05d2af35d8d3c56fb
SHA256 3c330bcf924993c1b482ec5bfe4e176c912542cc78df336be1c6cf7741b24c5c
SHA512 782bad128f8ed714b60148d00e61c91d270f24a5dbdbfe6917c3b483f053b00473186bf10b22c2113b400a72b36cd1836a98d2c31b730635a800e483e63bb68d

/data/data/com.ruanyuyin.main/databases/ua.db-wal

MD5 0ac5e96ddf9febe83c9cc8711a089ac1
SHA1 3cf55a23e1cb6e298dcc5bac50e7b940ee11ea16
SHA256 ba66d338a8830411db0fb3d11ae1dbb57283d7443eb37bb9fa9c35b38e8ac924
SHA512 b2cbc6063b540ef12f828cc701cf045f05625739a9ae9d45890036d02b677294377d2dd81e8afe40f80d83c0ecf11d0b3fe54527f03cc8e1022a0f25d6a3d10b

/data/data/com.ruanyuyin.main/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.ruanyuyin.main/databases/cc/cc.db-wal

MD5 a2421974626e7bf6b981f29502c1fe7b
SHA1 f1423cc0004ff1dd4e0b16a2745eae4a0cc476ab
SHA256 f15a052d7fd5aed22a5318b03768e30c69465ed6d75e1df2baee2716fb468b0a
SHA512 c38451f280a43fa8d3987611d95cef60653f64b876985066826ea72627077ebdead92e87ec84600ff1590ff23dc9c899997ea2d6f7cab22d911aa924430bfd77

/data/data/com.ruanyuyin.main/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.ruanyuyin.main/files/.imprint

MD5 fba2d71a821c82d99e1ca1cf19ac9857
SHA1 aed6a66d0de0da5058486705acdf2d5341bb9631
SHA256 5252225492edb28110427c528c87f21bf8ea5352a15893cea7ca47b12ac21ec1
SHA512 615f7c912d6494c0623a5885a315048e4d82fe95ce892f5e20ceb27477d76bd94d0fe434edde624bdfbbc1d48d6fbeb646f90e2a3605c0dfd29bb98534c73131

/data/data/com.ruanyuyin.main/files/umeng_it.cache

MD5 0784d22f736f761c23a78c098dc4f298
SHA1 450f319aa1684dbfd8dda6aa2afb2777f800d5a6
SHA256 a38df318c26c2b6e8c2a0e48adc321eeb449dc828c2b6dd587cc1e70190e9942
SHA512 ced19911f77aec9743104d7529bec4d0b02ddc348f6a2b9aa79723b4935cb54b3db0d7c1dee982f6b2361e7b9c63d166e0d091d1f79eb7dab043737fd376a79a