Analysis

  • max time kernel
    174s
  • max time network
    183s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    18/05/2024, 08:26

General

  • Target

    53d60ec7aa348149772c1ff09622f3e9_JaffaCakes118.apk

  • Size

    20.8MB

  • MD5

    53d60ec7aa348149772c1ff09622f3e9

  • SHA1

    2eaf93a89178a9258890b6334369ec1e58b2f5d8

  • SHA256

    c890f65f89c17da6f0646856e0d57c98f3f524dc9bd9e522d0b0ff11eeb4ae1e

  • SHA512

    33faaea0ff8f874642ccbe2db58f58ccfec3c4d8e70161ad0d73d7dc77c557dad3993aa59492f97f5dc202ecbd46d53fd55b7fd7361d4a1ff6cb68db88e12ac3

  • SSDEEP

    393216:U1i4cN4ucBaJpkOZKSpJJ9Pi2QyADGPDvCtN7WcT+76MUrXudaC8Z:U1i4H7MHJ9Pi2YDi7C3W8XyaXZ

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 9 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.ald.aldfinance
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4281
    • chmod 755 /data/user/0/com.ald.aldfinance/.jiagu/libjiagu.so
      2⤵
        PID:4311
      • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.ald.aldfinance/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=46 --oat-location=/data/data/com.ald.aldfinance/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
        2⤵
        • Loads dropped Dex/Jar
        PID:4369
      • cat /sys/class/net/wlan0/address
        2⤵
          PID:4541
        • /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/user/0/com.ald.aldfinance/.jiagu/classes.dex --dex-file=/data/user/0/com.ald.aldfinance/.jiagu/classes.dex!classes2.dex --oat-file=/data/user/0/com.ald.aldfinance/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
          2⤵
            PID:4641
          • sh -c ps
            2⤵
              PID:4704
            • ps
              2⤵
                PID:4704
            • com.ald.aldfinance:channel
              1⤵
              • Loads dropped Dex/Jar
              • Makes use of the framework's foreground persistence service
              • Queries information about running processes on the device
              • Registers a broadcast receiver at runtime (usually for listening for system events)
              • Checks if the internet connection is available
              • Uses Crypto APIs (Might try to encrypt user data)
              PID:4411

            Network

                  MITRE ATT&CK Mobile v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • /data/data/com.ald.aldfinance/.jiagu/classes.dex

                    Filesize

                    3.6MB

                    MD5

                    e398c649bc411b67a630555eb60f9d52

                    SHA1

                    4397a14c93fcd5c25006d52bef2235a1d5044df1

                    SHA256

                    208ec4b343fa4b3d3d55551e5d87beffcbe63ef8c8e20301ea8eb5c7cf7569a4

                    SHA512

                    bdfb518d7648710331468bfdd98e97f6bd738c30d22c2d97ca84fa6f600d5190517e79e367aa66206e0a88c00cc2a2380d4956f2971fa976a31a4a9497fea769

                  • /data/data/com.ald.aldfinance/.jiagu/libjiagu.so

                    Filesize

                    382KB

                    MD5

                    aa01dd97609092ce310e17bf791069ce

                    SHA1

                    f000840a8f68ea7beb2e29ea466088daf55609db

                    SHA256

                    e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2

                    SHA512

                    766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

                  • /data/data/com.ald.aldfinance/.jiagu/tmp.dex

                    Filesize

                    48KB

                    MD5

                    c1a0d5b312af2cf28eb81b598cb974ad

                    SHA1

                    bbc699428fa61ac1a72e1767654675f302db7852

                    SHA256

                    c32ed87100656c8b5108f9bfbfcf980f53c8aa34216ece017579c83542597009

                    SHA512

                    54f91314c7c712e349d8c241efcf510a32d7215225cefe1865dd000c9cd40392fc66e8dddb56cd312a4ac994c1ba65a42e1121d9d0f99a5061f0cbd037b4ed42

                  • /data/data/com.ald.aldfinance/.jiagu/tmp.dex

                    Filesize

                    284B

                    MD5

                    f1771b68f5f9b168b79ff59ae2daabe4

                    SHA1

                    0df6a835559f5c99670214a12700e7d8c28e5a42

                    SHA256

                    9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

                    SHA512

                    dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

                  • /data/data/com.ald.aldfinance/databases/MessageStore.db-journal

                    Filesize

                    512B

                    MD5

                    93c991073c46ee0caf821c7f4747a8c0

                    SHA1

                    765249d4685d7a3754d5e9e89cffd063fb096b99

                    SHA256

                    d3d6f22efb2e2a9e2e088578a7fd07ca56e54161b3c76a4095b047e619839d33

                    SHA512

                    b7b2e0f0446afae815676153ad894d4fdc3c17dcfd97d24471b35367921c58d0019129403b08bd85939035b9c7988665e4d415696eb681fab8b7d28a50e19733

                  • /data/data/com.ald.aldfinance/databases/MessageStore.db-shm

                    Filesize

                    32KB

                    MD5

                    bb7df04e1b0a2570657527a7e108ae23

                    SHA1

                    5188431849b4613152fd7bdba6a3ff0a4fd6424b

                    SHA256

                    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

                    SHA512

                    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

                  • /data/data/com.ald.aldfinance/databases/accs.db

                    Filesize

                    4KB

                    MD5

                    f2b4b0190b9f384ca885f0c8c9b14700

                    SHA1

                    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

                    SHA256

                    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

                    SHA512

                    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

                  • /data/data/com.ald.aldfinance/databases/accs.db-journal

                    Filesize

                    512B

                    MD5

                    c10ef07237feba6d2d21c54a67a92e84

                    SHA1

                    04045b75a8817aad41c40e9b64855561c933144f

                    SHA256

                    daf0dca00d6fd08b3abf40ffee2a86ad63d0a48c20c58547889d3df2e088d52d

                    SHA512

                    9af8cafeea4c8e3f2d604ca678072ff7a79d03cb2e352f23ea190aeb291ce275d2bf0314a4e2fce109588ec29b277bb830978364d34e9b6023b9a7563b5b1779

                  • /data/data/com.ald.aldfinance/databases/accs.db-wal

                    Filesize

                    32KB

                    MD5

                    897a78fa428f1d2f9b751d3576077850

                    SHA1

                    8d0c3c42a7e5f23c8f4fafa9a6ca5e3da0a78182

                    SHA256

                    9271e7933f9ff464df6711e74ac0e033021db3d4ce0f10c7edae603e1cbc5619

                    SHA512

                    c810b17dcd816f51ad066da580415d4c139a8ab6058f6ec21490d0824507bb4ffa6fa0d5cd932f5d85cb6be2b562d0c02e0ebdccb50a6a42a4c03677a16af5ed

                  • /data/data/com.ald.aldfinance/databases/cc/cc.db

                    Filesize

                    36KB

                    MD5

                    5d7ea1a23af19b4340cc8d90f28297d5

                    SHA1

                    4cfe95b23a9e98378d69c4290af81b51fbe76aea

                    SHA256

                    474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

                    SHA512

                    33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

                  • /data/data/com.ald.aldfinance/databases/cc/cc.db

                    Filesize

                    36KB

                    MD5

                    ce6135aa1b1fe4f2c2db2a546d2a5558

                    SHA1

                    79b59582154017aadab783dc266fcb158c252940

                    SHA256

                    7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

                    SHA512

                    2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

                  • /data/data/com.ald.aldfinance/databases/cc/cc.db-journal

                    Filesize

                    512B

                    MD5

                    4757a0d913b928e2b4c305dd199828ea

                    SHA1

                    fa3f98bd1744792ab069bb351153541c71cd9069

                    SHA256

                    c6392e275edbd6f2b796e2b0f0f5e96f32af6a6c98f2a208ef661de19849c057

                    SHA512

                    b095134cd953b3d245943c4fd6598f6b15fcb840068ca46833b9c232251aeae7ed94d5d0637b783ed21ae673b69444a997e1330f6414e0c7f248b99bad2c45f4

                  • /data/data/com.ald.aldfinance/databases/cc/cc.db-wal

                    Filesize

                    48KB

                    MD5

                    53bb3b22e0415e19ecf2a5688b38122d

                    SHA1

                    6a7581e8202882a3fc53e72b2ecf9f2c2d4c47d2

                    SHA256

                    cf3471db70173857dc83f93629c69a9db3425696980dd13c863506532d71318b

                    SHA512

                    9b8bd95a01709dc9762d1afa9e4833946ce06abdc36234479f9d5c74dc975d5c50c4c86efa5a005b40fb2493e2cc3059e7770b61801a489127ac9db082047e77

                  • /data/data/com.ald.aldfinance/databases/cc/cc.db-wal

                    Filesize

                    16KB

                    MD5

                    8487b5b0472a37fb6a3162357b7a2c1a

                    SHA1

                    b15ec3b86d7d36aa63bfe700db116268f3ebb703

                    SHA256

                    a8e0558952707b2bb091b5edf612d454215963c1bb72684fd7a2f16610a57cab

                    SHA512

                    ac7c4f8d08c9db8e7faf9c1eae8311d1a1e67c8c4aa0934f3be56abc4fe54b0ac9f170571dcd015b67eea96b7621b9f0f009d2b08f1bbebc6674c554155cb3da

                  • /data/data/com.ald.aldfinance/databases/message_accs_db

                    Filesize

                    36KB

                    MD5

                    486e2bac2b3e9e1cb411d2838a4854bd

                    SHA1

                    81dd0a7537f4af319b830ae834908986be85da8b

                    SHA256

                    5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

                    SHA512

                    c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

                  • /data/data/com.ald.aldfinance/databases/message_accs_db-journal

                    Filesize

                    512B

                    MD5

                    6c857d8b034d2f5a349c4cd0769d5e87

                    SHA1

                    408a3d6ab4dedfc0a3b14f7317ebea6fd84db9f6

                    SHA256

                    e349ecb4ee7107112515e8476b35d4cfdec92169b893649d7ef062fc538c6da4

                    SHA512

                    5e6627a7b792dcf71c1ea51c1b0a143dc3fd9fa014293e2fd2f49272fde797d7ba56069a03c5ee1d3ce11e2b075007124dde642a9d298c587e7761064cc8bb36

                  • /data/data/com.ald.aldfinance/databases/message_accs_db-wal

                    Filesize

                    48KB

                    MD5

                    479b0298af9e44fdcb3056390ab80ba7

                    SHA1

                    e2f0fd9df1fbe044ceaba3fa2cd4c233f238407f

                    SHA256

                    3930e9eb12a3b2186bf03fe8b68118938357d9fe5ee16395b6cb846985444ca1

                    SHA512

                    8ed2fab6ba326ad2c367e86a2af07e67636dbc73e63645de672dcc4bce94e0f69625d6c36eed4906bdf01706e020d509f90fbd2082a484951d6f664ed6147a18

                  • /data/data/com.ald.aldfinance/files/.jglogs/.jg.ac

                    Filesize

                    167B

                    MD5

                    6fda9c912d0350553ebdc5089e6f6593

                    SHA1

                    2fc7b5ec0968ce54cffdd138e83d1827568bf7df

                    SHA256

                    d0ab9647828da63059e32331b1fcf8d0a167a1077eda7e204e47f14089bcd129

                    SHA512

                    d595188925d5c601ac79af13c385fd41a013afe8859d5af0e54c3c1a31886692fe8898da635f43793e5d4983700d66255873e6b7b5b2a451ce95240bd61204de

                  • /data/data/com.ald.aldfinance/files/.jglogs/.jg.ac

                    Filesize

                    40B

                    MD5

                    5ec8bd34a52c91278bc5f947e75971d0

                    SHA1

                    bf10f7ee0760c296157285f7b984e206d6ddc35f

                    SHA256

                    51cba43f9b947d114964aabaf670cb55c8c8040622dce396efd09ffd5139163e

                    SHA512

                    0f233346f8c10b1b005253c60fda94f183fa2261bd503a4db7513e2cc72357c6008485074f11541d68c8e81ac1700261b4734fb4ffa04aaea2158f1771156edd

                  • /data/data/com.ald.aldfinance/files/.jglogs/.jg.di

                    Filesize

                    340B

                    MD5

                    6270ab2c09ed43d47e30c2f2a7832b26

                    SHA1

                    5776df604d5ad0011e39369a8bbc445f6ecc94df

                    SHA256

                    844d126f9dd7ab721438ee5ceedda7237b1421feaa69c4fbfd41b718bb0f378b

                    SHA512

                    59a91bdb25149de9a8fae9eff1b461142a1ec66770c3ea1260f5b9628938955db8ca65c3d27d6ac88f677a24c290a47cc4d3861c297874f4c9386735ae740f56

                  • /data/data/com.ald.aldfinance/files/.jglogs/.jg.di

                    Filesize

                    340B

                    MD5

                    8d34716f3cdc5e279b2380b005eb225e

                    SHA1

                    8fbf1948fa310d2b926cdb5de9acb7bfb32cf0bf

                    SHA256

                    8e76265d2da293f34e83d320e3c174691c29369ddc2caee1b1e90aeb33121bc5

                    SHA512

                    8a4b3b06fe1cd2d93ec547e2a71c22c0e67e1c3ae995f93215239db1671f14c55dbe1fc57d99b0703e288c04debf5dbc635fc6cd247b8ab98d4360f98721db00

                  • /data/data/com.ald.aldfinance/files/.jglogs/.jg.ic

                    Filesize

                    111B

                    MD5

                    937c77d87d5ec4ad0709d6dfe5bc23fe

                    SHA1

                    333082196c7f91c4de341508b27c19ed583194b3

                    SHA256

                    c036335aa3a66b15cdd4eff17895a5df0d575bcd5b57d4f85360dc5c7be9a720

                    SHA512

                    868d62413eea2358ac2cac861d15fcb486405dd8ca3b1ced495b0dbab1a44b0f5c71ac83ad48b157c84cb291a42ca7ea05646fccba27918c73657177ed969947

                  • /data/data/com.ald.aldfinance/files/.jglogs/.jg.ri

                    Filesize

                    314B

                    MD5

                    d07f26e57c53c26d5c2f94ac20c87264

                    SHA1

                    c7104eb74c5dae6f6f34703ae6673365248d1a53

                    SHA256

                    4a94744062fee04b8cf7fa6f28b7b3a5e1a1e5cf88ab0639e7c6803be07f5f6e

                    SHA512

                    b2ea1155cd449345932d545630c5305037ae9e225da552ec0548cf58243fbd35d43245e96e4a0e377cb013b60f5376e00c979036eecbf83f85d2b5b895087a3d

                  • /data/data/com.ald.aldfinance/files/.jiagu.lock

                    Filesize

                    27B

                    MD5

                    1e3d55ae2f32675aa9eb4553db8c4b95

                    SHA1

                    3b5bc2e4f9561ec2424c5919b77cfd79d73c6396

                    SHA256

                    a6632ae0809683df651d5927a391b16552e628bcb1e43db4dfb07f17659acbcf

                    SHA512

                    d6d6f34c51ed2d8a9dae3318ae35f41d136c3c14416a7c30f40b0b09576a2a3721d0cf6e71ec38c3ed69ea79d197d04b39794510179b48fcb685bf432b71458a

                  • /data/data/com.ald.aldfinance/files/.um/um_cache_1716020922672.env

                    Filesize

                    1KB

                    MD5

                    87c7a7593c2ae27f96ee608808695de0

                    SHA1

                    a38b043114ef58089bd73885f40c292675f58e4d

                    SHA256

                    9f90ee87fe737220b317372225e0cb8ba9c4492a2f769585aa84bc14774a735e

                    SHA512

                    db89cd4afe9486663ab9df11c9c03972b56621025d39da29bc5763c2d2e04557367a512ba1f9e22e9bdd2eb312ba8ab48594cbd799a4a2a1789f94d73c98ddb6

                  • /data/data/com.ald.aldfinance/files/.umeng/exchangeIdentity.json

                    Filesize

                    162B

                    MD5

                    352a32cd1e292c7526ab1e519c574c53

                    SHA1

                    ab6f19b4184411fa974b9624fe74928351ca1e6f

                    SHA256

                    541df443def4c2247510a81e6e7a667e985f30bfbce0961a6fc9926ac555492b

                    SHA512

                    c7b7d7b402c0d8e8a2e5116ff40cd90f97dfaeda721b483b79dabe9d92cce32c00c56a9f2a3c8b613c339d668d15a11f9a8af29da0ff456db0a1d1f0b683fec1

                  • /data/data/com.ald.aldfinance/files/mobclick_agent_cached_com.ald.aldfinance26

                    Filesize

                    2KB

                    MD5

                    343dfbae4e7c93a37a4ea9745117579f

                    SHA1

                    779b0982d42b223c00487eec95322a93d76bd91c

                    SHA256

                    032ecde0bc11dbad0bd79cbea667dc8ff0a91a04ab353c946ba372e3bb4078e7

                    SHA512

                    5fb02720e6ab4faef5f390293daa217cc5c3d8ff7f744b19bc9f42b708f6f8d24bb7a4144992f0ae80c09d1da54f7ee601b8df81bad65151b0faa3de04e1ad8e

                  • /data/data/com.ald.aldfinance/files/umeng_it.cache

                    Filesize

                    498B

                    MD5

                    d6ccc490fc41f8b18cc0d0daa7cca476

                    SHA1

                    16513cb45483022bbad810a492c357448d1cc5ae

                    SHA256

                    63ccea692298b67268ddfaf9643d546f01d3c07034b44d01ea59f1389031fc2a

                    SHA512

                    527d57f3bdba371ba8c7a1993c257c30b2b00319fb3ac2426c716dbb1a87214c04b02704448d8f31dd658ad310f76680eb542a2b5a1d3fdac306088ab81cbbf9

                  • /data/user/0/com.ald.aldfinance/.jiagu/classes.dex

                    Filesize

                    6.3MB

                    MD5

                    72eab4e8c98d22dff28cac881cd40b9c

                    SHA1

                    829c92dfca3811887078c79668c3c5489b7d2cc7

                    SHA256

                    2a28efe21ded8e88983886c12e93c4b635946f118efe54317b635d63602bacf9

                    SHA512

                    8b60765179db24133a5f37dcea613df528fb6e4f6e2109c3089bd362502bb806ba9d2886ae098b124dd8dd5d1c3b844253eaa709d4179e13f59e6a800f1be0c9

                  • /data/user/0/com.ald.aldfinance/.jiagu/classes.dex!classes2.dex

                    Filesize

                    423KB

                    MD5

                    6b31d6c8d124c0fc51c94ab9002410e0

                    SHA1

                    9060acd243600b22ef5d1ce5b885ca01b4cf0835

                    SHA256

                    3b7eebff931946989b13ed0824495fda8110cddd6775673eb03bb6f0ae7b6140

                    SHA512

                    668d726a5e8c280cc6fe04f8197cb14604efce399df3aa51c0be54d10cdecbf3c31f665d742edbf9f2f21026bf9d7dacc4e1da75cf42f14da02bcb66c26baaa7

                  • /storage/emulated/0/.DataStorage/ContextData.xml

                    Filesize

                    111B

                    MD5

                    eeb053ce2df66c0e2383714466f71c75

                    SHA1

                    643b644436d23ce145f8bb32ad357dc0af05b610

                    SHA256

                    1d8340d0f7182b74e128dbd618393ffccddc1f64dc68274a189a6f921ad69508

                    SHA512

                    09130b240abf0c42d3324ea63479fe3db4cd76a8be964267ca6dc093c101489b6f22b48440a778cf289ca5330aa451ac071587cbac2dea78cca96a0f3720020c

                  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

                    Filesize

                    65B

                    MD5

                    9781ca003f10f8d0c9c1945b63fdca7f

                    SHA1

                    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

                    SHA256

                    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

                    SHA512

                    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

                  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

                    Filesize

                    111B

                    MD5

                    0f55eede17cd0452a53378c66ffbdb64

                    SHA1

                    fcfeee4c05b63cd137d1714e6e3aefa282b36b16

                    SHA256

                    7912dfe2d8889781c7f2342b426b6e6299b52bd697d757a04d9970a756b60abd

                    SHA512

                    7eaef4c978ea2f5cdee6f0c8c36ba15f749b7d54911ea7ebe4896ffbd275ad5bc61586b75ca43be8d30ebba80729dbcfc5e86d0ddf053f76a8a76efe86bc0855

                  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

                    Filesize

                    167B

                    MD5

                    060ce9be60dce8ddd3e0b42dc4806e05

                    SHA1

                    7a1a080f5a42fc418a4cf4c1a46d4fb11767fb7e

                    SHA256

                    d0940799354cad2603e4f776b84a5a235294bfeb6d16cfb86b1e6ddf330ae17e

                    SHA512

                    6e5923ca96989dd95be5cb41ea90445166a2299a990495e8ab0a14c732cd18d831a50850f9a9395dd0f12f61b8645ea195821bbbef84d871ad26cf9de8ab746d

                  • /storage/emulated/0/360/.deviceId

                    Filesize

                    48B

                    MD5

                    1d8d16c4e3b19ebf18988530d9b9a757

                    SHA1

                    bc94c1cce05cd848a53271ecb9c5311e27ffebf5

                    SHA256

                    abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

                    SHA512

                    4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

                  • /storage/emulated/0/360/.iddata

                    Filesize

                    32B

                    MD5

                    f48998b4c3e6d34e8fa36516867d06ba

                    SHA1

                    d5edd1d08f9dc9f8961ff8eaf081e8b7794b13b1

                    SHA256

                    5ecaf4de92f34d6a6cc4257029ff658b449152b18266e86290f793c20aa8dcb8

                    SHA512

                    a2aa8299b6c783d49bd0d196ae9fa0ad4794c75d2154660f42687bab2822d6496bf306c54138b38bcf33e4ea37568e142ee17ad4d8cc155fcaa0b701826d8c1b

                  • /storage/emulated/0/Android/data/com.ald.aldfinance/cache/240e8758cbf349d4b30a7fe8a0a5a770

                    Filesize

                    1KB

                    MD5

                    869e30ea13dc89b7b9875b2e72240981

                    SHA1

                    535059acfb73aca31cfc0308241ccd2b9b3d8500

                    SHA256

                    90f70cf06b13cce6fa424de1911e3eb7fa1b7ef51822c2a874a201e48575014f

                    SHA512

                    e40215cd1f571bc85a0c720804d2f5e92fb66508057417b186250284c76e9fc317591c631315f9bb018a8ba0e55e88d1d5803154505511c1e646f5385c2f0cb2

                  • /storage/emulated/0/Android/data/com.ald.aldfinance/cache/e497ad822efe4c25963dfad0661dedf5

                    Filesize

                    6KB

                    MD5

                    8d5ae6f0eafc81fb35dde3e64e64e897

                    SHA1

                    8298febd0bb956b9293dfae4341632bd2b93b374

                    SHA256

                    f0b289291f680647e954fbbee426d22ca43ed74c7baa533ee55686ce45b7e722

                    SHA512

                    94434bad8f052ff79ddc4919f7e62db31a1ba433c143b194df56dbcee47ab4c166e7c8efee6ee4d6f0d12c5944daed976061b97624523dce329a7c19bd7745b3

                  • /storage/emulated/0/Android/data/com.ald.aldfinance/files/tnetlogs/inapp_20240518.log

                    Filesize

                    37KB

                    MD5

                    da736e3212b2625e2d36f3cc3e42f379

                    SHA1

                    6df92333c25be60a8432c3d26d8e7599d55d0fa6

                    SHA256

                    a39237f34256c89091380267a885e6f5a19b844829881a1dcb35f3d6211c168e

                    SHA512

                    e78ff48e212abbb7ffa694b26fd2e2fd4c0be6605b5e4bdb64b0216d451b8318ce72cc1ec77d584f8eda92f3bdae3ee247e4493cf84f5e850121da767f0df3c0