Analysis

  • max time kernel
    179s
  • max time network
    165s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    18/05/2024, 17:30

General

  • Target

    55f15be5341e7f25d2585d8551a0f489_JaffaCakes118.apk

  • Size

    23.0MB

  • MD5

    55f15be5341e7f25d2585d8551a0f489

  • SHA1

    7e9d686c68f0753a5762f724ce06444b742598e5

  • SHA256

    1fca6409cb30b3fb7f8a62cabba7f6db317f079341af43baa0bcafcf476d5bf1

  • SHA512

    47cfd931f604c1f7e0eb71187803ba156b1c11268f6848ea21e2ede1b79a7a7856d09e720a903923961dbeab6121757f0a08d07ee0c5d70a36a2701ab3216797

  • SSDEEP

    393216:k/faZ9wX1FWKVibpMyCwxyKGh4RNYCph66QGl6xPURI83JIcUGBJvenO2:waTm/iuwxVRNYWQy6xPYn5jve3

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 4 IoCs
  • Requests cell location 1 TTPs 2 IoCs

    Uses Android APIs to to get current cell information.

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 9 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.xhl.kaixian
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4286
    • /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.xhl.kaixian/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.xhl.kaixian/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4321
    • getprop ro.product.cpu.abi
      2⤵
        PID:4369
      • sh -c ps
        2⤵
          PID:4522
        • ps
          2⤵
            PID:4522
          • ps
            2⤵
              PID:4547
          • com.xhl.kaixian:remote
            1⤵
            • Requests cell location
            • Loads dropped Dex/Jar
            • Queries information about running processes on the device
            • Queries information about the current Wi-Fi connection
            • Queries information about the current nearby Wi-Fi networks
            • Registers a broadcast receiver at runtime (usually for listening for system events)
            • Checks if the internet connection is available
            • Listens for changes in the sensor environment (might be used to detect emulation)
            • Uses Crypto APIs (Might try to encrypt user data)
            PID:4422

          Network

                MITRE ATT&CK Mobile v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/data/com.xhl.kaixian/.jiagu/classes.dex

                  Filesize

                  6.3MB

                  MD5

                  99b4a589d1dc8e97206fd1776838a114

                  SHA1

                  9dfa415073cb4eb49b6defc314a53e0d4c21821e

                  SHA256

                  ba2e7ee87f699a81577e58bc38c4700304a7b24a29fbe53dfba8092c04f2022e

                  SHA512

                  a745c1d8519c34b317679fc10330950f3ba0826c4262ab36a4a7f0fb3a9a6f7a7edaa9f2c93f77ee1760b6e3dd0adf7eae471380f90a84d002b3b62eadfbf997

                • /data/data/com.xhl.kaixian/.jiagu/classes.dex!classes2.dex

                  Filesize

                  6.4MB

                  MD5

                  c7092cf2d8ada2ed1bbd6070397bbc7f

                  SHA1

                  6fc9700bff02b09c490315be3f123bf4462ecaa6

                  SHA256

                  97d765e39f34dca5f3c56be3f2d1200f879a7497a5f91cf4a72a14980b3b9c92

                  SHA512

                  7fb06b9bfcb2e6582cc6ce02fd6e26d689a9eb9534e6e70c3296221a543c9788efc8cdbae75a24d36e7be277eb8a1a2fc557e6f76cc9c16454ef69631dadd79e

                • /data/data/com.xhl.kaixian/.jiagu/libjiagu.so

                  Filesize

                  485KB

                  MD5

                  1da618896802fdb4b6f17c92703424f4

                  SHA1

                  b48aa81ac014a5a7f6e95e618e4f951ee12d34c3

                  SHA256

                  2cbf986b5e1357e00347d75d6f631539c0f368208079df36bb44603ac4e6973f

                  SHA512

                  620a06d8df24597467318582a12bce45e2e2cb66069ffbd6fa27ac5a164c58398ddb9c2348e6ef443272a22ca85fcfa03439d0f0f22109a93708d562e0737cb6

                • /data/data/com.xhl.kaixian/.jiagu/tmp.dex

                  Filesize

                  9KB

                  MD5

                  b72cc6fed1d7d7ec4d6bbca74eac8714

                  SHA1

                  b205a39bf5114a7f7a0d4c8018602dfa59965fa8

                  SHA256

                  03d133dbedf9fbac5a6aba4f97f85e7e82064b2a629be191e7a6bd899be27191

                  SHA512

                  4d9c3970f7801b14518664c112f4d00cc4519d80f71d36a7babace924ccd1f2df65dac4904b70b8246e7ec441dc503b94000e11addf46eaa50f3026db9001dc8

                • /data/data/com.xhl.kaixian/.jiagu/tmp.dex

                  Filesize

                  284B

                  MD5

                  f1771b68f5f9b168b79ff59ae2daabe4

                  SHA1

                  0df6a835559f5c99670214a12700e7d8c28e5a42

                  SHA256

                  9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

                  SHA512

                  dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

                • /data/data/com.xhl.kaixian/databases/cc/cc.db

                  Filesize

                  36KB

                  MD5

                  5d7ea1a23af19b4340cc8d90f28297d5

                  SHA1

                  4cfe95b23a9e98378d69c4290af81b51fbe76aea

                  SHA256

                  474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

                  SHA512

                  33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

                • /data/data/com.xhl.kaixian/databases/cc/cc.db

                  Filesize

                  36KB

                  MD5

                  ce6135aa1b1fe4f2c2db2a546d2a5558

                  SHA1

                  79b59582154017aadab783dc266fcb158c252940

                  SHA256

                  7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

                  SHA512

                  2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

                • /data/data/com.xhl.kaixian/databases/cc/cc.db-journal

                  Filesize

                  512B

                  MD5

                  89f64a8f022e10031d4ba9914719495e

                  SHA1

                  bc2eb23ea0546b2b0f53f611af780f94c7584f26

                  SHA256

                  da28b117808f9b0f307dfb322ee9d44382479c5db09e10b6f9c6aa91e363cd38

                  SHA512

                  dad932ca9d9e15e01f6d49ff7a283534310a00ff4d0e48e65f15546d45ae70453868a7298e12f67ca7ab5a00b8a5c4faf340303ef853a014f739d46215fcf3f3

                • /data/data/com.xhl.kaixian/databases/cc/cc.db-wal

                  Filesize

                  48KB

                  MD5

                  2f78b60710da3d6f0055725cf635a6bc

                  SHA1

                  4bb04dfd0b7e87232591a04e20064d53339ce7f6

                  SHA256

                  b76aa393983ec835f945e7f57eb5fd1bdc91308143f7433bc0a792b2f4505836

                  SHA512

                  5eb022b19af5ee1bb4dad685754a9722e462d6a849a7106ae22275b7cfa5cc54e8c703fd865d228626e575a377c87e58b7213a10430c36f79d1eab89987587b0

                • /data/data/com.xhl.kaixian/databases/cc/cc.db-wal

                  Filesize

                  16KB

                  MD5

                  ded33f2a24c80b6bded0c54106faa46f

                  SHA1

                  1384a14748c33b8accdd297830569ed22cebbd42

                  SHA256

                  a2bed1f18d704319268055bb1f40a7fd72ab5190ac5ee383d85e3696e7edc741

                  SHA512

                  73d17b1fd084e29a92ca08c8a226cf84d16458a1825d05f439a09a4dbcdc2eaf88023295d5a875d6343d4dc397ed0c19948cc476611f8d5c82e6fbeb02515779

                • /data/data/com.xhl.kaixian/databases/cqliving.db

                  Filesize

                  4KB

                  MD5

                  f2b4b0190b9f384ca885f0c8c9b14700

                  SHA1

                  934ff2646757b5b6e7f20f6a0aa76c7f995d9361

                  SHA256

                  0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

                  SHA512

                  ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

                • /data/data/com.xhl.kaixian/databases/cqliving.db-journal

                  Filesize

                  512B

                  MD5

                  b80fe644516139022523b8ad14c66ac6

                  SHA1

                  9dca16b361092d5d77e96e116248761e50d7afdd

                  SHA256

                  e7987cde98a5d59af3520baf461b4112cb315e6cddc2395a983f1ee67f7debf1

                  SHA512

                  9fb9c78977ec0ed462b24542f7c296b4f2d5a5e4e12371f179f80c94629e371e4f922e4350e2aab327a8bd7176553f36e570a7d7a5992d05626f7a022b343aee

                • /data/data/com.xhl.kaixian/databases/cqliving.db-shm

                  Filesize

                  32KB

                  MD5

                  bb7df04e1b0a2570657527a7e108ae23

                  SHA1

                  5188431849b4613152fd7bdba6a3ff0a4fd6424b

                  SHA256

                  c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

                  SHA512

                  768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

                • /data/data/com.xhl.kaixian/databases/cqliving.db-wal

                  Filesize

                  241KB

                  MD5

                  fc36cd295408185b61bb5edcdf324acf

                  SHA1

                  24f44b4485b29e30d2ec91d657433508b952dc70

                  SHA256

                  54e19ab9b1f9e6ec245dca6233b778711a06115a67587af0df1179b7cb80612d

                  SHA512

                  c838204622a8b34271ac8baeaaa90c868c2886de3b05c5297ee429eecded95212678607a91ae0595e722d3539d899edda80254bba87ea9efc5ae6c8f2c8dd09b

                • /data/data/com.xhl.kaixian/databases/xUtils_http_cookie.db

                  Filesize

                  12KB

                  MD5

                  3fe30614d7e0d11db870b4624f6c50e0

                  SHA1

                  053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

                  SHA256

                  67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

                  SHA512

                  c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

                • /data/data/com.xhl.kaixian/databases/xUtils_http_cookie.db-journal

                  Filesize

                  512B

                  MD5

                  1aa0906f7706f3cf3cf852c6acd6bdc2

                  SHA1

                  1322f91c0f1fb2cbc9cc4479d01b0bcc8aedd1f2

                  SHA256

                  61138586b2020a1515e971d62e8ccb1fd36f7a98d12978280fe6aa76009b0331

                  SHA512

                  3a5ec11330bc06cfd08dd7ea610804ecb9f195eea4be5f81d4ffbd77b7db92a0ccad55c7253f940ec94077eb6435d4511c2b41cac8456768c03d53df9620fb1d

                • /data/data/com.xhl.kaixian/databases/xUtils_http_cookie.db-wal

                  Filesize

                  16KB

                  MD5

                  366bcf0e7c7976303763d94b1185c457

                  SHA1

                  670285887786418e5b23d32baad789bf8fc4c8eb

                  SHA256

                  6b2052bd8e262a326f7aef77943a0e077a6cab92c90ca2975986cf7eae090bf9

                  SHA512

                  76c0c2ad7eff074178c2dd5ba6038ee5f0623e576e2eb9e70e04dc4529601b61417838f4ceaaadc1b9fa2ef00343132a4586615d89e056276ac97eabecc7114f

                • /data/data/com.xhl.kaixian/databases/xUtils_http_cookie.db-wal

                  Filesize

                  4KB

                  MD5

                  d6bf6c27fbe42ba460efb576ad358c76

                  SHA1

                  48ab5fde38222a3145ae0e61d9a08b6aa713a089

                  SHA256

                  94556be8948a2a645350930133bc936f53000b1862cda6113aee7f39d0ce4b1c

                  SHA512

                  f2f52e1c4a0345b73b4199a139363a0ed498cf7ab4413d17fccac0bf448422b7359dbc92def442f8df38fcb4255185631ee7ceff963e5cc9b1b81fa0b72155d8

                • /data/data/com.xhl.kaixian/files/.jglogs/.jg.ac

                  Filesize

                  40B

                  MD5

                  22c7935a144f1d3dfd2f600c6a980241

                  SHA1

                  35e00d0568513a276b9c65729587b14dc6fcacf6

                  SHA256

                  cb8ee8aa69e8b1d235ad2335327b124f16f69eddc1312e7c15d8c6f78af2a4db

                  SHA512

                  bab57ef5ba6a3110f213a01b2669ca2daebb17c81d38771c14c19fc1fb4bb13b627885ae620cd322fb28c40329b300c3a8f21c32b9af2a56fe05b2bce83ed8da

                • /data/data/com.xhl.kaixian/files/.jglogs/.jg.ac

                  Filesize

                  40B

                  MD5

                  d9296e132c31d056ae191a3a890774fd

                  SHA1

                  3a6d53f3e1e9ef00bd1516a82243c6b19e79b963

                  SHA256

                  51ece7b5fea82875335afe5f50f70a770ed194d09979a558c3bb6c4b57dbaec0

                  SHA512

                  e19b04a1f43a10443909fedf1c096d1e88c0fb4b884f79c9965cca5a8c0de869632e321363d42875902263e9fe387061afff0a64b30f053cb9bb1635c45c316d

                • /data/data/com.xhl.kaixian/files/.jglogs/.jg.di

                  Filesize

                  340B

                  MD5

                  dd9d3150e5bff47ffd1acd1bdb1406c7

                  SHA1

                  ea38d4ff8a752162f87272aac6d65e2287a6799a

                  SHA256

                  f62211f517afe71133fd89bac3609015f6a09f15b5a9c2ce88399bed5fc35bf8

                  SHA512

                  e159fa03c70c8cc95df32afe6a744920b8b8269740a232da0e9405395c574e310693d8f15d8e41a664a1e2a2f854bc69523751b163df71f28e8dbd9abbe71094

                • /data/data/com.xhl.kaixian/files/.jglogs/.jg.di

                  Filesize

                  340B

                  MD5

                  214c0bda2fa1b5592d7719446fca7b01

                  SHA1

                  eb348df8efb5bfa0eae9d2d2a68ddd5516df7e9f

                  SHA256

                  6bbd969313f8813b75b08b2a85b0acb432e67990590c59670ef223616310b7cd

                  SHA512

                  d73ca1d6b9c7631f4663abab2669cf2624a42805333941aa212032c56023c435794db940d54a78016be413611c664e72f928063c0482fbaaa7c12f2416b31abd

                • /data/data/com.xhl.kaixian/files/.jglogs/.jg.ic

                  Filesize

                  40B

                  MD5

                  6a38544ac53213b71eef416397304abc

                  SHA1

                  608c8eebe49bfa222ea54c74163766bcdffaaf1f

                  SHA256

                  c8776995760283cee32ed3122c8dd934f3880ef2da629e62f64f3e86889f4cde

                  SHA512

                  d114e5bbd8dcd07f0b59619ba72f4a72a2c7141967117039ad077966625a3a73018808ed6c53365805d8a196ffab572c643622bd1c67138ecf9839dc8d0db7b7

                • /data/data/com.xhl.kaixian/files/.jglogs/.jg.rd

                  Filesize

                  206B

                  MD5

                  eca3a78ea8de239ebccaa35231a929e6

                  SHA1

                  437691c1a8436231179ffee4ed3b981e3484277a

                  SHA256

                  66dc8fe221869b70e874227b5b731479034c45512beff4b055b18e5cbdb747dc

                  SHA512

                  0a3912fe052094a5d5ff994779bdf43c0c2d733dff8a77d263f0096a411b973ee426a2b6cfb37f9526778db3d50740f1a2d8c0f804bc2a4af2a9c9645c2cf4d8

                • /data/data/com.xhl.kaixian/files/.jglogs/.jg.ri

                  Filesize

                  314B

                  MD5

                  55a5f1d65124089e2b86b1f258e2b269

                  SHA1

                  7ef49af06f910367f978fbfc333d5b7747f09560

                  SHA256

                  fb0c6599001503e0543e138d5e6dc2b6a4b04ea3940c2964b5fc1400aba858f5

                  SHA512

                  d8d272105414d1193874bcab281df3531b342515b3a8c0c610d8b2e6e9a046e6a20ee4c2ae4543d4eb2031dd76c35a71cec73a01d35c0288a2ba1183e0d33a3f

                • /data/data/com.xhl.kaixian/files/.jglogs/.jg.store

                  Filesize

                  127B

                  MD5

                  2bd01c1be5cee4cbdd9eb9295a05ecc4

                  SHA1

                  e111819898e0e2abf55d71966b5b3084ae7d6e5c

                  SHA256

                  243a9f557336903292f8fa4e38a8455ee22fe31627491869ae7638064190565a

                  SHA512

                  403aa49d6478d625b7fb0184de053faaeb55cae850113eb3f0d30706bbcf07128010a11a8836688cc99bc586cc155cbaf37360acd84161b25da7e9ec99d1b7f5

                • /data/data/com.xhl.kaixian/files/.jglogs/.jg.store

                  Filesize

                  32B

                  MD5

                  fc74aacbafe8eacfa5462dd25d0a4fd1

                  SHA1

                  9d8cf4c81a94197188d8dc5319624dfabd518b08

                  SHA256

                  9549b906ae104069a445e40954ecbc5301ba60d1266b407d6e0dcbf95cc00135

                  SHA512

                  ad6b5cf5eb5a2052e82532c795822463bb5510efa829d43c98c465297b4a88e893379668acce8da02b31df53600fcd2d1042a24ca157761d560797f84c81cc45

                • /data/data/com.xhl.kaixian/files/.jiagu.lock

                  Filesize

                  801B

                  MD5

                  0aaca72af996a001d7ca33fe4467fe7b

                  SHA1

                  9f9eacd42c6b02716d06c2a6985cf95d619f36db

                  SHA256

                  f5fe6a2d755a2956211a4400b43f77f2396ce17502e4dec7ffdcded67b40a02d

                  SHA512

                  d6626d8a3960788b23a54b4fb5eb789f8956050000f188c0c8af551e8c8f038d7bf908b03ae804086288751ee087fb2f3f3231151f66b4267b389b2b73750b90

                • /data/data/com.xhl.kaixian/files/.um/um_cache_1716053515058.env

                  Filesize

                  1KB

                  MD5

                  9b87f36c559685572c0df766d59ccbfc

                  SHA1

                  b960dc72207616132452b330677baec988a15be8

                  SHA256

                  e321a8a844edf232f321a7a322ca3442c28591dd7e0d3b0bf75af2669548e687

                  SHA512

                  fc9530c5c70b07d5095ece75258135fb76bd568af26056d0d5858d0792d19a8661745ed61e71481d3fe91be1ccf61fe25511bab26703ef39706faf65baa8bafa

                • /data/data/com.xhl.kaixian/files/.umeng/exchangeIdentity.json

                  Filesize

                  162B

                  MD5

                  a43edaecc2ece261711d569cab7c63ab

                  SHA1

                  0348552d7e7bd54fedd74c593427f6af2a9b7f4a

                  SHA256

                  4c0dfb9f84b6b85c13ed6a91c06bb27edc498abaf640590a8cc3cd9146575f12

                  SHA512

                  e7444b0ca5a33e39f1599a59cfc7d88f681baf919586777e2c64dd75ef18e1f7526afcb96f74de9d7ef359e315e33877cb71e894dbc1239f187ecdf7f6822240

                • /data/data/com.xhl.kaixian/files/umeng_it.cache

                  Filesize

                  498B

                  MD5

                  a18cebaa1a10602e4671ad2db534599d

                  SHA1

                  0be3e8be233e479fa2dddc2c85eaec4141c24c72

                  SHA256

                  54e999bfcf60ce78b47b17b22ab8f29ac42a0db6327d2b49a652a31498c47412

                  SHA512

                  6176d9dffadbd2d6f2107ab5466a07894bb3f1f2b5a4365a8c88dd16e3b06ab5ac1abc8da1a232caa95d050aa766c352ebe3ad59649f0148faba9c323c6f179a

                • /storage/emulated/0/.DataStorage/ContextData.xml

                  Filesize

                  111B

                  MD5

                  bada263ce4994043524043bf5672d2d0

                  SHA1

                  e2af86cdbe663bc85f2df9c31687f31ab2eadc2f

                  SHA256

                  f96a43d2f41228c9d31396fce09c30d45c7cf6033067794f5f4c8e832bc66ab9

                  SHA512

                  a8da028087573818e0c2758680d57e353c7037c210129d2d32be265d70bd3ea4af9e0e73bc6a936f9e57a766a88c01f1170be6a960008fb3cdbb6cec99f9c7f7

                • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

                  Filesize

                  65B

                  MD5

                  9781ca003f10f8d0c9c1945b63fdca7f

                  SHA1

                  4156cf5dc8d71dbab734d25e5e1598b37a5456f4

                  SHA256

                  3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

                  SHA512

                  25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

                • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

                  Filesize

                  111B

                  MD5

                  23c157eff48acc7336c897598ac6cf83

                  SHA1

                  22c4029f6f26afee4dd7480ddda31bfdded936e8

                  SHA256

                  c1211e70d8a51593fd66ca2703bc048c25d9d581cd95764120fcaa08535acf06

                  SHA512

                  31719f15558761af4e9493a390a9d767893f9ce0f14f2972a9276140da565586540a11814d932ba6cfab3a80a10841f46a6a1926e5d39ae8e197aacfff7e06b1

                • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

                  Filesize

                  381B

                  MD5

                  17f478419963dcdbe4cc32f98dbd8001

                  SHA1

                  f3b21a21330e27609e09780b31cd6969af3fa192

                  SHA256

                  c86ae37db02f07c3c67d6b10b34ca6765e89a41d59178571d7c46edd5012ce94

                  SHA512

                  0ee2eeddefc8843d5ae71e07e2aa210917c3c7ba8e6a39d8cd976f97b4687fb6b048258d7ab908f211719f7e5161c49a46bc684e3214813fdffb8067cf671091

                • /storage/emulated/0/360/.deviceId

                  Filesize

                  48B

                  MD5

                  1d8d16c4e3b19ebf18988530d9b9a757

                  SHA1

                  bc94c1cce05cd848a53271ecb9c5311e27ffebf5

                  SHA256

                  abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

                  SHA512

                  4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

                • /storage/emulated/0/360/.iddata

                  Filesize

                  32B

                  MD5

                  5ca95d7a8d4fe891dfd99574469d7c88

                  SHA1

                  d7d5b153c20af84bd46013def46b60d005a87971

                  SHA256

                  c07b1f16937ebd013874a3a7d3350e524fa1481e0d9d574ab357ccbfbdeb9a6f

                  SHA512

                  19b655fe94c29b21438c9051d76646704790b9ddc1ae3b7a74cd20216c1aaeba62b9304cec6f053d7be8e798e6e67897a74fca0d7a5dd21ffca532c41cf94e24

                • /storage/emulated/0/Android/data/com.xhl.kaixian/files/tbslog/tbslog.txt

                  Filesize

                  8KB

                  MD5

                  1d78db76e7634afa019d72e65e2eff68

                  SHA1

                  27c916eba12a9047033e1ceecf5e686bc24ad49f

                  SHA256

                  20f16b8db3ce4111ba12e2b6c3e255a5765b4dc2e5a91ee22f0bd443212f6ef5

                  SHA512

                  d667f7d795a4a15f30c39aa061e562d32ac6aea82001ebc5cbea28fd728c6f6259072c35913a1665acade7d6a6fb8e31c64d933e39b51cb509fdc418a2f68c7e

                • /storage/emulated/0/backups/.SystemConfig/.cuid2

                  Filesize

                  129B

                  MD5

                  2f8aa543c425a1858eebd1da85257a80

                  SHA1

                  5905898d06d23d5a9caafc51d9cdfbc5466bca6a

                  SHA256

                  9d26c6100594e57c5ebd8e36924f2e76663553bf7332d00a4264022a8af36027

                  SHA512

                  2a33fcd8cace4e1fd1a2c41a0663df33658c7588f1234db7c6533a4cceed078459aee1fc9bae213b3511b031207298a16db00d832e6e520097f1d10f8b978467

                • /storage/emulated/0/baidu/tempdata/lcvif.dat

                  Filesize

                  96B

                  MD5

                  7231e59ddb0ad5644d1a82d4349a05c1

                  SHA1

                  4aa06df041b3f0e20ff8a403b1593283385fc436

                  SHA256

                  32b8f8deda264746c471cf46c91c1722d37708c36f278d87bfb91d591aa80721

                  SHA512

                  e893ed48bb6a33df7e6fa8151cebf0bfcedf9a2ac11b2ef10d3bfec746dd0f4d6199496da8a68f788cb8a69c03471a5b379e7119a8ed0a36ebe79966489d126d