Analysis
-
max time kernel
158s -
max time network
133s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 05:04
Static task
static1
Behavioral task
behavioral1
Sample
66179fc1558839280d19eeaa6c876dd3_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
66179fc1558839280d19eeaa6c876dd3_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
__xadsdk__remote__final__.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
__xadsdk__remote__final__.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
__xadsdk__remote__final__.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral6
Sample
gdtadv2.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral7
Sample
gdtadv2.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral8
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
66179fc1558839280d19eeaa6c876dd3_JaffaCakes118.apk
-
Size
11.8MB
-
MD5
66179fc1558839280d19eeaa6c876dd3
-
SHA1
0a01568c78b9862a6ab0ed3078fce82481201e62
-
SHA256
dbecc501197d46abee8f6180587ba3b6be30842eafd53a5b51418c173caae835
-
SHA512
51b54d088510667c9a051a754bc5255df5ad8ac02d24cc16d302b36156dcc3e3e2edcc0236c5ed4799e23aad0ee7b8f04dec6a06b8e528bebc2f6f513e30af2b
-
SSDEEP
196608:wbajmlPB7GYs3l/HA9ZVZ+9uQIDEhcBYUsF3hUnKiDo7yfMve8ImuTnyEVKM:Y7lPZGYsVIZwu1DrBNWgo7NWXmuWEVKM
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 1 TTPs 2 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.aoetech.swapshop:remotecom.aoetech.swapshopdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.aoetech.swapshop:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.aoetech.swapshop -
Checks Android system properties for emulator presence. 1 TTPs 9 IoCs
Processes:
com.aoetech.swapshop:pushcom.aoetech.swapshop:pushservicedescription ioc process Accessed system property key: ro.bootmode com.aoetech.swapshop:push Accessed system property key: ro.hardware com.aoetech.swapshop:push Accessed system property key: ro.bootloader com.aoetech.swapshop:pushservice Accessed system property key: ro.bootmode com.aoetech.swapshop:pushservice Accessed system property key: ro.product.model com.aoetech.swapshop:pushservice Accessed system property key: ro.product.name com.aoetech.swapshop:pushservice Accessed system property key: ro.hardware com.aoetech.swapshop:pushservice Accessed system property key: ro.product.device com.aoetech.swapshop:pushservice Accessed system property key: ro.product.device com.aoetech.swapshop:push -
Checks CPU information 2 TTPs 6 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.aoetech.swapshop.imlib.service.IMServicecom.aoetech.swapshop.imlib.service.TTNotificationServicecom.aoetech.swapshop:pushservicecom.aoetech.swapshop:pushcom.aoetech.swapshop:remotecom.aoetech.swapshopdescription ioc process File opened for read /proc/cpuinfo com.aoetech.swapshop.imlib.service.IMService File opened for read /proc/cpuinfo com.aoetech.swapshop.imlib.service.TTNotificationService File opened for read /proc/cpuinfo com.aoetech.swapshop:pushservice File opened for read /proc/cpuinfo com.aoetech.swapshop:push File opened for read /proc/cpuinfo com.aoetech.swapshop:remote File opened for read /proc/cpuinfo com.aoetech.swapshop -
Checks known Qemu pipes. 1 TTPs 12 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
Processes:
com.aoetech.swapshop:pushservicecom.aoetech.swapshop:remotecom.aoetech.swapshopcom.aoetech.swapshop.imlib.service.IMServicecom.aoetech.swapshop.imlib.service.TTNotificationServicecom.aoetech.swapshop:pushioc process /dev/qemu_pipe com.aoetech.swapshop:pushservice /dev/socket/qemud com.aoetech.swapshop:remote /dev/qemu_pipe com.aoetech.swapshop:remote /dev/qemu_pipe com.aoetech.swapshop /dev/socket/qemud com.aoetech.swapshop.imlib.service.IMService /dev/socket/qemud com.aoetech.swapshop.imlib.service.TTNotificationService /dev/socket/qemud com.aoetech.swapshop:pushservice /dev/qemu_pipe com.aoetech.swapshop:push /dev/socket/qemud com.aoetech.swapshop /dev/qemu_pipe com.aoetech.swapshop.imlib.service.IMService /dev/qemu_pipe com.aoetech.swapshop.imlib.service.TTNotificationService /dev/socket/qemud com.aoetech.swapshop:push -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.aoetech.swapshop:pushservicedescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.aoetech.swapshop:pushservice -
Queries information about running processes on the device 1 TTPs 6 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.aoetech.swapshop.imlib.service.TTNotificationServicecom.aoetech.swapshop.imlib.service.IMServicecom.aoetech.swapshop:pushservicecom.aoetech.swapshop:pushcom.aoetech.swapshop:remotecom.aoetech.swapshopdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.aoetech.swapshop.imlib.service.TTNotificationService Framework service call android.app.IActivityManager.getRunningAppProcesses com.aoetech.swapshop.imlib.service.IMService Framework service call android.app.IActivityManager.getRunningAppProcesses com.aoetech.swapshop:pushservice Framework service call android.app.IActivityManager.getRunningAppProcesses com.aoetech.swapshop:push Framework service call android.app.IActivityManager.getRunningAppProcesses com.aoetech.swapshop:remote Framework service call android.app.IActivityManager.getRunningAppProcesses com.aoetech.swapshop -
Queries information about the current Wi-Fi connection 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.aoetech.swapshop:pushservicecom.aoetech.swapshopcom.aoetech.swapshop:pushcom.aoetech.swapshop:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.aoetech.swapshop:pushservice Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.aoetech.swapshop Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.aoetech.swapshop:push Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.aoetech.swapshop:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.aoetech.swapshopcom.aoetech.swapshop:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.aoetech.swapshop Framework service call android.net.wifi.IWifiManager.getScanResults com.aoetech.swapshop:remote -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 6 IoCs
Processes:
com.aoetech.swapshop:pushservicecom.aoetech.swapshop:pushcom.aoetech.swapshop:remotecom.aoetech.swapshopcom.aoetech.swapshop.imlib.service.TTNotificationServicecom.aoetech.swapshop.imlib.service.IMServicedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.aoetech.swapshop:pushservice Framework service call android.app.IActivityManager.registerReceiver com.aoetech.swapshop:push Framework service call android.app.IActivityManager.registerReceiver com.aoetech.swapshop:remote Framework service call android.app.IActivityManager.registerReceiver com.aoetech.swapshop Framework service call android.app.IActivityManager.registerReceiver com.aoetech.swapshop.imlib.service.TTNotificationService Framework service call android.app.IActivityManager.registerReceiver com.aoetech.swapshop.imlib.service.IMService -
Checks if the internet connection is available 1 TTPs 5 IoCs
Processes:
com.aoetech.swapshopcom.aoetech.swapshop:pushservicecom.aoetech.swapshop.imlib.service.IMServicecom.aoetech.swapshop:pushcom.aoetech.swapshop:remotedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.aoetech.swapshop Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.aoetech.swapshop:pushservice Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.aoetech.swapshop.imlib.service.IMService Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.aoetech.swapshop:push Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.aoetech.swapshop:remote -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.aoetech.swapshop:remotedescription ioc process Framework API call android.hardware.SensorManager.registerListener com.aoetech.swapshop:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.aoetech.swapshopcom.aoetech.swapshop:remotedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.aoetech.swapshop Framework API call javax.crypto.Cipher.doFinal com.aoetech.swapshop:remote
Processes
-
com.aoetech.swapshop1⤵
- Requests cell location
- Checks CPU information
- Checks known Qemu pipes.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4275 -
cat /sys/class/net/wlan0/address2⤵PID:4438
-
cat /sys/class/net/wlan0/address2⤵PID:4463
-
cat /sys/class/net/wlan0/address2⤵PID:4578
-
com.aoetech.swapshop.imlib.service.IMService1⤵
- Checks CPU information
- Checks known Qemu pipes.
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4323 -
chmod 777 /storage/emulated/0/Android/data/com.aoetech.swapshop/files/Log/2⤵PID:4815
-
chmod 777 /storage/emulated/0/Android/data/com.aoetech.swapshop/files/Log/2⤵PID:4930
-
chmod 777 /storage/emulated/0/Android/data/com.aoetech.swapshop/files/Log/2⤵PID:5033
-
com.aoetech.swapshop.imlib.service.TTNotificationService1⤵
- Checks CPU information
- Checks known Qemu pipes.
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4350
-
com.aoetech.swapshop:pushservice1⤵
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks known Qemu pipes.
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4403 -
chmod 777 /storage/emulated/0/Android/data/com.aoetech.swapshop/files/Log/2⤵PID:4646
-
com.aoetech.swapshop:push1⤵
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks known Qemu pipes.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4665
-
com.aoetech.swapshop:remote1⤵
- Requests cell location
- Checks CPU information
- Checks known Qemu pipes.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4857
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
3System Checks
3Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.aoetech.swapshop/databases/UmengLocalNotificationStore.dbFilesize
4KB
MD5eda01d89aa036002d83e6f4a5bb67528
SHA1c19e76d7879040e32fa4a95bd7f19841737631fb
SHA256e7109fe148876d996cdfb9d7d94b2f457285c3db1f60ef48f4875acffd3f0a50
SHA51244aa74f746fc570d00bd50a19d018b7aa3af128a5837b141d08b4c7494b22aa1e308bdac202af078f2ae11296d8406af211db18e95ee0a1d24ffd4fa8f228394
-
/data/data/com.aoetech.swapshop/databases/UmengLocalNotificationStore.db-journalFilesize
512B
MD559db1359dc741da210ef1346829ddec9
SHA190e8b8ef7a70dae3128b5f24c81c0e8794dad16d
SHA2568904eea58421ce3a3d23d04acde8f49db7d8550d10e29e52a3eb3df3a9fd9b80
SHA51202170914c8f3361fe881553b5f85ada177ee30f28e17fd7d9e881bcfa58826a5944c88b0854ac20d1ec9353976a11a83a5bb9325cad434784a7d85524a726eb6
-
/data/data/com.aoetech.swapshop/databases/UmengLocalNotificationStore.db-shmFilesize
48KB
MD5455ee4e4603781338b0ef8b930dcb8db
SHA1324324bb66c2b99da675719d00c28f87dd977bd0
SHA2562bdbd4ef6415d9b4a9c6360eb4534ed9d28ef0a34299fe81ba2ff2a65eec1de0
SHA51226ac91506deed721e0df1ddebe85e8f7a2a9497a0ba182cae8ca55f9d14e93e3d08bd1d5e9dbb851f21afdf361ce49f852c1b188af5944d5dc8a8daf9b2c1bdb
-
/data/data/com.aoetech.swapshop/databases/UmengLocalNotificationStore.db-walFilesize
40KB
MD542e94568b4b9b7895075f69b936898bc
SHA17af816218aa6ebf16a2b318d9c62d3ab10ff65f0
SHA256cabeb7e5fccf2b18e199f07e59c9919d0e89b4d8608e164922ddc373feb81ad5
SHA51204328a833b1b2ebab7b96997cf7dd5f4ce99505cac4f57b97b7c78904c8eb50b148d68686bc0da955bacf8a3a2f9f6003b956741b10f4d42fa3cd921e4ebd41a
-
/data/data/com.aoetech.swapshop/files/.umeng/exchangeIdentity.jsonFilesize
156KB
MD55d6abce298cd673f0091a75d40a25d76
SHA1ece53f2706d93c2312fc998299ab7a39980f1fd6
SHA2568cb79a188701c1a77577e011cb13b5e2b7511493c2cd7e2458dededc140e7bca
SHA51279613a64740d94c3182a7efbd5ccb7e86e3aa01faa9350095050e3a573761c37a971908f0c20f9917c884c762ef5629296727becfa07feb929411f267471d111
-
/data/data/com.aoetech.swapshop/files/config.jsonFilesize
2KB
MD5b3bd3c4050d7f7f2cb73a72818a279d9
SHA1ce849c4638bcf3865de8ca223059551e67265a14
SHA2564eacfa31272d27e47f705b4cf5dbce39c0358167987620dd249fcd44c9c2b85c
SHA512ae817196d16d0906cd2e58aa4f3800f7ff6a60759fbc5549b5c50702c107ad1658ccd47cb94c8c0d8c7130ab3f579a587fd7519f2d6814c43751046ef65156a4
-
/data/data/com.aoetech.swapshop/files/libcuid.soFilesize
129B
MD52c4adea54ea7341b3697d476a3d9a5fb
SHA1fc101afc668c48e8f10dced98bbba10fdeab35eb
SHA256c94d46e9866ad5a9e3ed4103c42894d4f931e262d77302755776a74e09ede3f2
SHA51289a107c6195b5d994252773e68623af46b6717b1432bf87ef5698add8555d92b92b50df1e9c5aea9afe7f1fe7ca7c8cffa736748404e7a49f735c25f61ae857e
-
/data/data/com.aoetech.swapshop/files/ofld/ofl_location.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.aoetech.swapshop/files/umeng_it.cacheFilesize
512B
MD55ad4471c699b4a89500828d80716c110
SHA11740ce4f5caa8792455a0c321bf7feea33bbd5d0
SHA256d44f5317b1323aef32d9785d277065804e0609c1c6176d1a48bf45caf595ee39
SHA512245961e77a088ae3827a6771fbc285d776a99272ce4f1b48bed6bd83f07d7b1b2ba5d09f0524675d41e51ca7e82f5713d5b900f41e928137868b22b47cbeb2ad
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
28KB
MD5d1aee1357a8df803682935b2441bd5ff
SHA18be512355159be232a1b6939b3b81a361a3e1b5a
SHA256f54c87cad0635aa4210a04eb9ac00267ee5cb256f199935ecabab85c42942f25
SHA512b78dea070b0b822ed5c00e64d077940c9dfcb9ed76b0cc89800d8c090fb2cda8878a510066ac4cbcc5d39e187e36c07fff450f595624b6255146bb3b76ad2db2
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
52KB
MD55cd996fc86646338c399c1dc86097061
SHA18aca144820e113cb97be346f40f6ed1019eddce0
SHA25625bc6073e118f09798b7ef1ed643f6a650008abc755c4bb6437c833babf297b0
SHA512fac316dbe67260a73df35fc19751aef9bff99fb968d55098296e7c9f83d173e7b56188d5bb7b4e7d27b8825bb902ca9474655e41c145c772d884b73161817817
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
1KB
MD5b6df90589d826434ef949ce093d932d4
SHA1f10393262ee7959bcdbac747fa06b86db8dcb22a
SHA256915f6430935e19761245cc32dca403a4b9e62861a1d986d645073d833b138df9
SHA51233e2223076234a195d1697f7f530b52189456881245976aba2c5352a84569a37f4c0d57a63e52a1621d689091f2ef3b4a2cf737a81e173eba358521e0888c159
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
32KB
MD5309ee66ed17e812cfe3d7b67bc7bde84
SHA1263be9a1183c3f32d0bc3002cd573cc843783bfc
SHA2563fc4dadc92e1050355ac5a3d3746fba8c2966acb21e003ff22b84d7a8d04b26c
SHA512107bda0d0055e517af6ef9d1cdfdd5864f351ccf55610660db6ba05cc04312fff24f924691d82e05245c16e1f40d018b12d0107b212953a3cb07cb046b0d27c9
-
/storage/emulated/0/Android/data/com.aoetech.swapshop/files/Log/aoe0.txtFilesize
32KB
MD52392c8a1650f48d0a846dfe9cd6033bf
SHA1f32664a9a1e7594b7c4b6336d510cdc31126b3b3
SHA256df5f3f66f1104b6ad5cfc98c942af09c297f490d31f533762bf4d8e70f3dd72e
SHA51261d65f5377d0fddcbce74c791e69a118f1473b648b5798c5ec9cf9314bb2dce19ccf03631e744ba2c4dbb8b195b865a48ad9702b0be5109291471420685091d6
-
/storage/emulated/0/Android/data/com.aoetech.swapshop/files/MiPushLog/log1.txtFilesize
108B
MD5852cf97532858f385dc7501444a81a8d
SHA1baa41176f6e5d4ea54d1dc0506cb284a5979b2e0
SHA2569f5fcfcd3c7732b417ecd8ea6e998a11b9ed316f3fa54b288d880918ad344c80
SHA512102ebe06b19221e3ee9b1de23a7c20af0e0fed7665f25c8f6f873eff501c619deb507ffb76237c3f5368490e7c2634684d120477ca6c0ca9fe929b369e2e2037
-
/storage/emulated/0/Android/data/com.aoetech.swapshop/files/MiPushLog/log1.txtFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/storage/emulated/0/Android/data/com.aoetech.swapshop/files/MiPushLog/log1.txtFilesize
113B
MD53017e915a95332266871c7e74ae48838
SHA135778d016608e93d8d931a9f4ba274f12b8fe33e
SHA2565fd9dcbe7aa3a0eac8ec80426cff769c8e1b797d5f655cf7ab0a88dc99483718
SHA512096ed384b21ac346761c0f9fe395edc6306061fb175697af5f6308f9080e247b819455ebd76317ae94d1643c4e96bd71734372a90ba8cb90f362ba72cb05e481
-
/storage/emulated/0/Android/data/com.aoetech.swapshop/files/MiPushLog/log1.txtFilesize
76B
MD5b425bbd7f7ba676da09d4d3b79e3b1a0
SHA133aee79115ee5d5cbf3d7473ed9dce57b7812342
SHA256b502e75fb1d452eb6aa4de9ec7bd5d097cd82630475f6d0923047fb5bed0a5bd
SHA51214a5f36f11209e2d4ef4ada5cc3587b7b8058a8c5c679dcfd3c911eb610f1dc4436c7ff1d7ad1ae74893f987dfc90d3cf472f38c638671399f5795979d3c94d9
-
/storage/emulated/0/Android/data/com.aoetech.swapshop/files/MiPushLog/log1.txtFilesize
108B
MD57ab6c9c1e9b9d848a157b00474e5e27b
SHA1b50531a6ea06af0c5006f1b23e3d0cd60912cac6
SHA25634d0aaed21235ac7a7fc67943053d478f4bc30b66e832030b8aec9a3f3ffb2fb
SHA5128d34bc4d3dba69c1d752343d6c217aa2d73a01e038588902da94d15b9b7688386b2fbb253adff963c3f979796eeb4c3275c8adaf67b249dbd4cb8e67b2b4def2
-
/storage/emulated/0/Android/data/com.aoetech.swapshop/files/MiPushLog/log1.txtFilesize
1KB
MD508d0cd8b0c9150c48c0cc601604008ff
SHA10f99c3d4bb0b46d4054181556e076bb50aa95e2c
SHA25622366a91e096857269e6c54ff21b88ca87d320f576a6455d31f7864d8de8134d
SHA5121b8e7347a6fbefa8076857e8bb04d33afb99ba496c5124ec6ed1b8011149bf757f356d3b9ec326afce1401d936bd732598c1eb5cbd6094e21c5b56b21c9dbd71
-
/storage/emulated/0/Android/data/com.aoetech.swapshop/files/baidu/tempdata/conlts.datFilesize
674B
MD56fbd3d79bf8314c16a9c340678c31890
SHA1872e745abd3f793bd6f9e0f68832e8059d28e737
SHA256bbb0749532a294259324ba149e08e1bdcf3088d091e4127fa6de84992243c26d
SHA51260e68113cabca0d45c48fd019c1eb53f086aefc971c97fe55ffe7fa54f88936aa25181aa8494b5ed005d161d1219eb65d4cf6c79fabea48be14a44a72ac79960
-
/storage/emulated/0/Android/data/com.aoetech.swapshop/files/baidu/tempdata/conlts.datFilesize
157B
MD573fabf6887021586c9b2c9fdba7a1e30
SHA1adb0d5bd1ef320c898518b0d11e57d4aa57f8c4d
SHA25641be4810fb177604309cd55f92886aaac06f5bf9158c5435cc398299f963e199
SHA512c076776ea06758dae8b946040d96b66279a8c359b592de9320580d26c51662fa25ddb7b7f24800a5cc5a6ca6168ebae578f509749f22a5c29badae87a540f3b8
-
/storage/emulated/0/Android/data/com.aoetech.swapshop/files/baidu/tempdata/llg.datFilesize
24B
MD5161557b06b4a4d3ce095528dea370eb7
SHA18bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA51296ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449
-
/storage/emulated/0/Android/data/com.aoetech.swapshop/files/baidu/tempdata/llg.datFilesize
498B
MD57416de3d1da70f3db6aeff4fbdc638d0
SHA1461b447824664463a25a3d2d101e415c08d500d7
SHA2567763b2cf70eb13fe083845571cb9e0b578c47a2b5c4f3894c2a741ee99ceb6a1
SHA5122d43f32a899ab7cfb112e11847250e77778e19b1f7438a6f145bc5ebd1ed135be8e65159f73906ea1f8a6f0efa85acf53b7e6f33fb93ec015535d04081e69694
-
/storage/emulated/0/Android/data/com.aoetech.swapshop/files/baidu/tempdata/yoh.datFilesize
24B
MD5a936690571e9104e1922dda4a0ba5bd1
SHA165f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA5123be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394
-
/storage/emulated/0/Android/data/com.aoetech.swapshop/files/baidu/tempdata/yoh.datFilesize
24B
MD51681ffc6e046c7af98c9e6c232a3fe0a
SHA1d3399b7262fb56cb9ed053d68db9291c410839c4
SHA2569d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA51211bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5
-
/storage/emulated/0/backups/.SystemConfig/.cuidFilesize
89B
MD5726caa34d111c59b236759ef3b8ce160
SHA1ed68064c9f2f244d52194366222b128b82b25f59
SHA2565986cafab4ec31c3399b1ea31aa098ddf1f19984fb85b2da5763ab4dc6900808
SHA5123f7041a4fc923484ca23cfea817e617e1bbd8830895ffc1521c7171ff8dd8430927dde05631df643aaf6d07b979cd396907e5722b18e3065cf6177baa7177756
-
/storage/emulated/0/backups/.SystemConfig/.cuid2Filesize
235B
MD51ef7a28ac5e8109266216e2f964fd484
SHA11de3f5cba5a624a0731719e4360ebb006f2a94bd
SHA256746080cd208b6d459f361bb9ec91939ddd7f8ea74d01725fea752ae9b2797ade
SHA512f5a6a3042922f24295ba38159efc56c2c11ce9586fc506d7588b253d8d27f3a30f42983199933d7004a337081f737a6212a8e5eb6324f8d2c5066a079162be16
-
/storage/emulated/0/baidu/tempdata/lcvif.datFilesize
96B
MD5355bcd88eba4c92e1e4f14bf2ee061f3
SHA1a8ed1d40bca73926a9fa8fa240d26a8f9955df07
SHA2561988059564b0fccc531a138cf9599622652198ffe6fa58983d70fd720b8c7673
SHA5125b01ba5ea9b35808037ed6ac74df59a6ed5eb5116e20be662770b7356ff4a5d38b3c98c2edb67712bc0390064b8a81704bfc623d3c460421279cf67e9212881b