Analysis
-
max time kernel
175s -
max time network
187s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23-05-2024 22:03
Static task
static1
Behavioral task
behavioral1
Sample
6c675d8a1b628bc6e4dcc98694f701ef_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
plugin-deploy.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral3
Sample
plugin-deploy.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral4
Sample
plugin-deploy.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6c675d8a1b628bc6e4dcc98694f701ef_JaffaCakes118.apk
-
Size
31.2MB
-
MD5
6c675d8a1b628bc6e4dcc98694f701ef
-
SHA1
7085994888a0966e146b083b7ef64ae1aa308e7a
-
SHA256
b362a02586cf5596eb1b6baa3037ad366d71b02240d966921b45c9a36965ad0a
-
SHA512
78b9c398eda5e27cd4aee50cc5f66b028c4edbafad5ab363b81c9be732d73b484ea5533967b61ded9a901e807736a938c568872a684e31bea7067ac8b43da0b2
-
SSDEEP
786432:8EwRYy84Bg/YfUwtJ3bMnIN303iBz0CsAW5Ha/UZd/fPn:P4BgwfUwD3IokS9Kx56/UZdnP
Malware Config
Signatures
-
Requests cell location 1 TTPs 9 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.maindescription ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.ahd.m.main:remote Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.ahd.m.main:remote Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.ahd.m.main:remote Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.ahd.m.main:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ahd.m.main Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ahd.m.main:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ahd.m.main:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ahd.m.main:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ahd.m.main:remote -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 6 IoCs
Runs executable file dropped to the device during analysis.
Processes:
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.ahd.m.main/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&com.ahd.m.maincom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remoteioc pid process /data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar 4295 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.ahd.m.main/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar 4268 com.ahd.m.main /data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar 4386 com.ahd.m.main:remote /data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar 4669 com.ahd.m.main:remote /data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar 4854 com.ahd.m.main:remote /data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar 5049 com.ahd.m.main:remote -
Queries information about running processes on the device 1 TTPs 5 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.ahd.m.maincom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ahd.m.main Framework service call android.app.IActivityManager.getRunningAppProcesses com.ahd.m.main:remote Framework service call android.app.IActivityManager.getRunningAppProcesses com.ahd.m.main:remote Framework service call android.app.IActivityManager.getRunningAppProcesses com.ahd.m.main:remote Framework service call android.app.IActivityManager.getRunningAppProcesses com.ahd.m.main:remote -
Queries information about the current Wi-Fi connection 1 TTPs 5 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.ahd.m.main:remotecom.ahd.m.maincom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ahd.m.main:remote Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ahd.m.main Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ahd.m.main:remote Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ahd.m.main:remote Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ahd.m.main:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 5 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.ahd.m.maincom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.ahd.m.main Framework service call android.net.wifi.IWifiManager.getScanResults com.ahd.m.main:remote Framework service call android.net.wifi.IWifiManager.getScanResults com.ahd.m.main:remote Framework service call android.net.wifi.IWifiManager.getScanResults com.ahd.m.main:remote Framework service call android.net.wifi.IWifiManager.getScanResults com.ahd.m.main:remote -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 5 IoCs
Processes:
com.ahd.m.main:remotecom.ahd.m.maincom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.ahd.m.main:remote Framework service call android.app.IActivityManager.registerReceiver com.ahd.m.main Framework service call android.app.IActivityManager.registerReceiver com.ahd.m.main:remote Framework service call android.app.IActivityManager.registerReceiver com.ahd.m.main:remote Framework service call android.app.IActivityManager.registerReceiver com.ahd.m.main:remote -
Checks if the internet connection is available 1 TTPs 5 IoCs
Processes:
com.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.maindescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ahd.m.main:remote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ahd.m.main:remote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ahd.m.main:remote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ahd.m.main:remote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ahd.m.main -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 14 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 4 IoCs
Processes:
com.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotedescription ioc process Framework API call android.hardware.SensorManager.registerListener com.ahd.m.main:remote Framework API call android.hardware.SensorManager.registerListener com.ahd.m.main:remote Framework API call android.hardware.SensorManager.registerListener com.ahd.m.main:remote Framework API call android.hardware.SensorManager.registerListener com.ahd.m.main:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 5 IoCs
Processes:
com.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.maincom.ahd.m.main:remotedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.ahd.m.main:remote Framework API call javax.crypto.Cipher.doFinal com.ahd.m.main:remote Framework API call javax.crypto.Cipher.doFinal com.ahd.m.main:remote Framework API call javax.crypto.Cipher.doFinal com.ahd.m.main Framework API call javax.crypto.Cipher.doFinal com.ahd.m.main:remote
Processes
-
com.ahd.m.main1⤵
- Requests cell location
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.ahd.m.main/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
com.ahd.m.main:remote1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
com.ahd.m.main:remote1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
com.ahd.m.main:remote1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
com.ahd.m.main:remote1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ahd.m.main/app_push_lib/plugin-deploy.jarFilesize
213KB
MD5e70723b8f6c4c7c09a6019733022cf53
SHA1e3ca32166c65e4dc73c21347ab22d54a7b5a9a83
SHA25632d35cd80b0302e3fcdd7349b4ff9a7b689ce080435109607ff79a834ff710d5
SHA512461c0499193c5ef5aa4e2e5d358031e7d28c98c8e1e38d22b710271bf3b561c28232bfaadbc2c275357e31b7b0ad6bca798008328ac3cff3701c1c9cca2ddddd
-
/data/data/com.ahd.m.main/app_push_lib/plugin-deploy.keyFilesize
174B
MD51ea8459a688352c3573a8e80727c2644
SHA19b47864e96eed98798a6da2b8860c8f8a68f089e
SHA256be2c0f9e472138a78d35f29013fc43dfeae991806dfebbc5be5c8dc86b8a1093
SHA51299a26c03e760fdac91546a47e18e58851996b7e38e93812a6be23f1eee64370323ac492c4c224bd419d91566356fcb8eca3989ff4f2ce41db3d16301fa9dd75f
-
/data/data/com.ahd.m.main/databases/ihotdo.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.ahd.m.main/databases/ihotdo.db-journalFilesize
512B
MD5caccc081c1e88f3daad0019b3f3b51f6
SHA10720b71ddff75d286dc6583c692d085957405ae9
SHA256dd83cd771e9a56c9c6fca0ef0b0199f6ba36f51193c857fa2673b6a00c178c2b
SHA512e2dca1b45d316cf053c5cc40db893e78de77457f683bc6048821101368f1988f704e0fb6cbb8814e65c26ec3a3c6d55ac42b0bf11165e18d9556ff68ca8d2351
-
/data/data/com.ahd.m.main/databases/ihotdo.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.ahd.m.main/databases/ihotdo.db-walFilesize
88KB
MD5ff96d1d51fd10674b4d25694b60fe118
SHA170ecd0bd90cf6553b206bc4b510a61c0e93f9576
SHA256381a7cc6b18bcc1c5829845c8a1dee63003ecb9884aee036d2c7ef93a1b1c97c
SHA51231c6db4280724f0a8db8b7e7ed8aac073873657294a32b5b0e14e2bb5562de672bb254ef952f952c88f4a383b469e1bea106804ff6332f85778ca50b127f78ca
-
/data/data/com.ahd.m.main/databases/location.dbFilesize
237KB
MD59084ab66790148148265589a517b00ea
SHA1621da87a6e7fb80beef917f661a9f7dc19309657
SHA2565413e7dd388fa62439773eebaaebf0a00e5663b748ab991056171a1e59c2ab36
SHA5129c99f562ff6e8e43adc29463ffbfa7f7be2da86b14f6770e79929d226f032927296d60ed675b1eaf614b40c2ccbf42812dfbd3370bfd5e2cdd30de92377eeca4
-
/data/data/com.ahd.m.main/files/.um/um_cache_1716503351548.envFilesize
593B
MD55a8465948fb3ffb3856e8464dc47e679
SHA1bcc53968e3848c0a793e9d12036d7579b45eab1c
SHA25612e399dcf88bc1830ab68a629b70d5217682299f3065680efed812b3c321d7ed
SHA512362616c63812127d71d0a6bab89eafdd03b1d821b5fd17b887f22f1c6b4a1e14d33e88edcb956ecfdf900bd7699f032a309f222601de753c53ccec11172a4a5e
-
/data/data/com.ahd.m.main/files/cfg/a/ResPack.rsFilesize
525KB
MD50357e8edde36315c0e0a4f5385de625f
SHA12e6c6f15010e88dac5078f34e31a8ddf5e032f2f
SHA25644764ad74b21113fb17b21899bd0d4c81740544e868eaad680553b3bd0cb016d
SHA512497385b4e3b512f6a4365486d40bf1ed298422087f23a352ed2cec96331b9b012814ffba9c3ba83af5f777df16b53bbe1bf3ab8313902db49011f01a3024cf93
-
/data/data/com.ahd.m.main/files/cfg/a/mapstyle.styFilesize
248KB
MD546a9f9a5221dbe4ff71bfcd2ee045c5c
SHA1915cb3bc2f0096dede38afc1cd7f09c8782360a9
SHA256ad3067eb308a9420b727b4f24dc5134bc75b36bdda7a7a7c5651090698dd10a9
SHA512185530752b639d743f99e28369f75626900420dccf598a639065ecb08c562ff98c4a1f6abbec9724d1684ed053774d60402cd2f20e3586a534c8715e7cec2ac2
-
/data/data/com.ahd.m.main/files/cfg/a/satellitestyle.styFilesize
166KB
MD53f1348cd6165c9a66a9892565c917ca1
SHA196f0c939438c494cf3fd89246d458e92c0c7203b
SHA2565fbe3817e4047e14c40b567be4955d7579c8bf7b7824bf8370f5e194ebf9767a
SHA512405c3d1d5f4899cf723509f8e293f2ca1d95a79f7892e93401309372335a6a286f2eae9ee9312f69af10c5bcabd091cd90608898a129542b0abe0617c500d023
-
/data/data/com.ahd.m.main/files/cfg/a/trafficstyle.styFilesize
4KB
MD56a86f30539dfc9332cd235fc48fcb62c
SHA15c202003f6346edb85175b8df7c460793f5512c6
SHA25634bfd1e28c3625f50a23240c4b08ac50a90fd35c5e5f88aed1cf36fa8fe5e18f
SHA512f63edb8270e6cd35e5c6896e2b9153144af0d29303e367a4fa81941b1b2bb0de57fa484badb7ec7f05ebdfa67d77b00c3651572c5f05e9314389887f5546d235
-
/data/data/com.ahd.m.main/files/cfg/h/DVDirectory.cfgFilesize
69KB
MD54e9eab735928758b860e48b2f9befd7b
SHA17223dfdd00f8059d3b83c28c6f7d78d2dcaa0569
SHA2561a5650bc57e525ff23c7f0cd058d4574142e772c51a89867a13f89e13b93d6b4
SHA512c7465fab9518be687ee63cbe044f28a4d5c60f1c043fab0ec66a856b2b542c9d99d9ef5812c7eb2033f797805ba37b821572b83eeeebdaac4854a4bf53977599
-
/data/data/com.ahd.m.main/files/cfg/h/DVHotMap.cfgFilesize
10KB
MD5c16f5ca1517683c46e02a6b71aab3c00
SHA12d09a048d1b8d556d89d4d723947e9e234b5e59b
SHA25613d4fbc0d1cb7c2761641a3632c440f6f1d919dce731b8c32cb35e652b0b39f9
SHA512a692b79382747548fd8be8ed94c06198b143c167be1e96f60d8ea7ee9432a0eb1a0cd73d0704523e487d59443bf7ad13eb36e47b67864e227917d33225e3e62b
-
/data/data/com.ahd.m.main/files/cfg/h/DVHotcity.cfgFilesize
1KB
MD5883c30365d5d377966125dd0c079debd
SHA1d296ec1e3f4badb6e3e6166c1473fb55d4265761
SHA25650112e7ed210b33224fbe1cce568c8e95a14fb47f7d39ec905369e2feb9668aa
SHA51200b1604e206a5d929071aa1cac99d83320eacdbb064d517973a5a36757a8a9eb8a103452c98f24e7c8d29adb4b2843e804bfdcb32902da7e364a0c30f8609b7f
-
/data/data/com.ahd.m.main/files/cfg/h/DVVersion.cfgFilesize
86B
MD5298924848d2517a508f43ff0cc51bd3b
SHA1b9fcde7b86653ead6deb57280a6049cf87745710
SHA2560b6eb1f518059d8c472bab90091bb26d9ab877f6c70fac375412ff1582b8ca3b
SHA51263b88c5b9b971ec52a5f724485d9998bfedb073e84ed63bcf0337e726923510d97a8ddf87371b5620f89ba788af01db58300638fff5031856c77dec8e18b4342
-
/data/data/com.ahd.m.main/files/cfg/l/DVDirectory.cfgFilesize
69KB
MD565685a117c72fe8fbf5a92b07073c99e
SHA1b115b527f74e4c291edcaab19b316a446aca8f5b
SHA25619bcea79613a5c3bb71dfe6b311241fcbf3534b538f0b147c7e849b58b24b2b8
SHA512e5821a5212f0790db33ec7274f018b08f499557ff7f2f118021a7905573e8dd66e716fb02144919d96eeec7da9db921c756a88cf0a050f65a9f8de3894dcc253
-
/data/data/com.ahd.m.main/files/cfg/l/DVHotMap.cfgFilesize
10KB
MD5cc3fad9057e0940ad4d4c7ad27922023
SHA1403cbbcd7b819733b5caf49ed2a58d654441e99d
SHA256f6d90bd8621889ab994374b4f51a1c3f9b028aab1a2129b8b3b0e1d7c5c37864
SHA512ebaf2b8c56bc15826ef38b36e72ae41765fc723470c6dcc40bf9f31118f252777072ad39a535a79f53b6aa29811b4b21cebbc9810c47e34ef9400246d789ab21
-
/data/data/com.ahd.m.main/files/cfg/l/DVHotcity.cfgFilesize
1KB
MD51c6abcbbd253448057930ad1cc59ac75
SHA1a5845d1c4bc87b8b4785b456d76edcb8309eda4e
SHA256a46b498ba6586aaa2f246bb34e47f4290ac60273cb86ff662475b0def7172136
SHA51271aba5b2a1020d1925b3844c861cbe595de3b21d665eedb13f1ef0d80477fc091663e0625b09c5f49d4f9d0770970dd0d188b84635e9c75c1bdba9f2a7171631
-
/data/data/com.ahd.m.main/files/cfg/l/DVVersion.cfgFilesize
127B
MD5d54b7b380a5ff46c78283013a07d8e0f
SHA1f697c5f7028ba2679a96d6bc5291c38ff96d7982
SHA256c7ad837b097687d92e0d944815fc70adcb0e1cdc82db28f728d13e8a48d7532c
SHA512ade792589c33179c51305f201bfb6db28c05b2ea098d12bfefc1a5cf9bd3014d53830ce2e71f027719ee1b83b2394c7654b5ddf4fdc7f678840869d2a2787ef4
-
/data/data/com.ahd.m.main/files/lldt/firll.datFilesize
56B
MD5726c273595bdf2846827e327fe15a162
SHA194cbd036811e7dfb786b6497f1535a683697ba65
SHA256e098ec7a791b0ea6bec38a75d3eae3967f15ccd66b73e14086db3f31b2de0321
SHA5125a0ac4ec4b9209f7e53a8827d0fac8f3e897a835f4f903530aa0db7106926197d6e9c5ccc94d48be7f0ddfbca3114957a7c814dce124e1889d2351281dced90e
-
/data/data/com.ahd.m.main/files/umeng_it.cacheFilesize
310B
MD5ac4c5b8df9cc49d807f3a95a1b80c6bd
SHA167394f6ae9b12d5e7ea25b2c2974b6250f958338
SHA25677f557e249b2266b0beb6e81d92ccbd74cc250be3e53a6f0377d7e04148f8597
SHA51268645ca59038384944dda18b1da9a6f43e11978fd800e7f93880bf576b05dd7fbb1100ac34ce884d517992ec998f3f1d1baaa734f952300039fb5fd6b83ea4d1
-
/data/data/com.ahd.m.main/files/ver.datFilesize
12B
MD58d80bc8ea90e9cac010d3ddf97bda5f5
SHA1f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA5129ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7
-
/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jarFilesize
530KB
MD55597a541eabd3fb792c581587550dc4a
SHA16500b0ff20c75717e1cb67dcee76b4641a4e8a35
SHA256473b02216f8d2b5ffb26571e51ff322e3ce04ba45418408452bea103576ee8e2
SHA51239b4acd82f67f11140cd1b0b4291e656a4a46ba63064509977f3f1de24a931dce83964f031e16ccab95cf0540ac5f613ca87d7665ce99f1c1ee4a0778e2c19e2
-
/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jarFilesize
530KB
MD5bdfa71feb08b80b649fddcd7488b03b4
SHA1bcacf11199fd2c353034a7271b5dbfe2dd4cbddb
SHA256f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d
SHA51237dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a
-
/storage/emulated/0/Android/data/com.ahd.m.main/cache/uil-images/journal.tmpFilesize
96B
MD55adb621b1ff7445b9b82232c9a4396e3
SHA1ec8536fac4111674e2a5bb557e86f91be241c788
SHA256c070e6b3139caa637b8ffac7243a88f2c1b4c6311060736e0d4b4e1dbfba9d9f
SHA512c7187455b687a9a7ee1e7ee3781d5f0318a3824bcd46f5a28854af597069827ffddc13262976d52442f35fe48e1f282a6fa2e7a02bd35df523035aebef03480b
-
/storage/emulated/0/Android/data/com.ahd.m.main/files/cmd/concat.txtFilesize
111B
MD5c5d187ff8f41776757e8a245927445bf
SHA1d11339acb62dce13535495531381484efafc5bf7
SHA256ddbd3708a9c3cf5ff2b6a77834e6bc24c70435945a55543ad9217beb273e22d4
SHA512e382ed19ceca8c57ee943b168282533b09a72f23b8cc082ea41a7dd9b5d78a7fa2de411f38ca59ba6237fda648f722198092d86ceb2c0da456b14e4927186c2a
-
/storage/emulated/0/Android/data/com.ahd.m.main/files/video/cpianwei.mp4Filesize
225KB
MD53e5b79bfeace864d4c5218464c4a9403
SHA17538c8b67ae833619ef686cfbc870bd610385147
SHA256645576da29971c41a539f53a5a9f51cc37235e1f3433ed07937b1d4fcbbcffe8
SHA51226fa31ee5962fc17c73e9179cb2f415661e7257715319f8cd13c74b8cbd3de4dfa1ec7f943213039f4a3559c6dd817afa087240679758b2dbb279d0589376b72
-
/storage/emulated/0/Android/data/com.ahd.m.main/files/video/pianwei.mpgFilesize
240KB
MD56bbe3fef3591a96e2cc2a5e543c3e1a5
SHA16d1c3defe65ea43ef8a67c319a53a06114bee676
SHA256782da6cb89c5d30c2e3b4cd5d02b4d863ff5c485c7bfd560d5ae173e48523427
SHA5126bda41540295f59e45b3a7eb5ebb2cdbd0323388dad224c09fd413d5ddb43f9745742af9813d0b215de53ef3f71469eb3a0e62e515a7f808a636ec0826e20ad4
-
/storage/emulated/0/baidu/.cuidFilesize
89B
MD587531c25eed342d339cf20f0f81c3d3b
SHA117d63e1b50240bfe11fd8dc48132472f34b4882a
SHA256b8c58067882a49f0aa2822722a491c4a9da4c51156b19a31cd1d1f6aa5e91835
SHA51284f74cf6d05c5b4a9abc816d1bdf5f653e9b38bcc2dca7be1a466a9d86b5c5cc47a634bb40d83ed917bbc0f1be0d22b52d2c5de52926ea59865618d6ae8b8a79
-
/storage/emulated/0/baidu/tempdata/conlts.datFilesize
151B
MD5cac51deda3bf74a771521d7c7d8d4164
SHA13e8ba430e95a2ebed24e9eaa04f712e97ec0aaa5
SHA256538ac505a512237310fd6ee77cff3b2acb930b3101dffeeafd55e4abf3b9c348
SHA512707a5f0a713b3308f5bdc7ce2d7aae26438f044c3d6d33f09f441371f3ecf0dda145e749ebb9924f3997c863ba81dfd1cab1ff8b8c683522d80f9cba149cf73f
-
/storage/emulated/0/baidu/tempdata/ls.dbFilesize
28KB
MD5ef2c78dbcf5880b8eb95b5bfd47d3daf
SHA1f2ed56f6b66294df1dc77057ea5c8f74e0c20434
SHA256c319cbcbdde2a150b5248e133b1185c5c9e3dcda3b41004a91801daa1bb7d4ea
SHA5127045ee0455fbad3386e389ccada58ed5784dd260e0aaeb82e6aefed1926a103d9225ee76fed27be9c7e28a9f2d0d8d546fc62906f3d4be525e32f87389f1f2d6
-
/storage/emulated/0/baidu/tempdata/ls.db-journalFilesize
4KB
MD591ffac43e7307ceabf17fafde2ad1ec7
SHA1b914861b843a87d3967a731d57209f5f1982060a
SHA2563c206808b5b8142a8f07d6af4849c3916ba4c672b0bf0415f501603a20e200e7
SHA51214762b0a4b20d9288d3fba0463c62600c8823ed2533d5456a26a54136b4d131a70473468fe58da8275968039e9d9be987524ab73b9e24cdf70da402e031a11b3
-
/storage/emulated/0/baidu/tempdata/ls.db-walFilesize
52KB
MD57637794eed8f3cb3ca213a04e56c08fa
SHA12a5f36344f7633973ca1cd2dcbd125a03c96bd8c
SHA2567434e6a99c14a714024eb0d12c5c2fa0646e147fd406f398e75072ea8cf3e78e
SHA512b0bb3697a3ba739ed4f281d171421e3205aa2b93473a5940d84d08e89f42940ad3deee20e2d31b26021528bb6e17029304f96e199a5cc3cd312632ac62c765f9
-
/storage/emulated/0/ihotdo/obj/login_pictures_list.objFilesize
5B
MD59dcf2a6f12095ecff342e9fa0c5ca72f
SHA1c815f34691be353caa9de93bbdb00a31f62a9ed3
SHA2564e68143408826326220a32d6bff59e1cca3dd85f74b018aebd6723c5686c54e5
SHA5127ba3449f5ec3363bbee33d47abe471286cf78034dd70379fa4d0de5fd59215e8c58287eddffed1b9c3c74e157f6a9ad69b0c551001a62d04790bba49df48231c