b362a02586cf5596eb1b6baa3037ad366d71b02240d966921b45c9a36965ad0a

Analysis

max time kernel
175s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c675d8a1b628bc6e4dcc98694f701ef_JaffaCakes118.apk
Size

31.2MB
MD5

6c675d8a1b628bc6e4dcc98694f701ef
SHA1

7085994888a0966e146b083b7ef64ae1aa308e7a
SHA256

b362a02586cf5596eb1b6baa3037ad366d71b02240d966921b45c9a36965ad0a
SHA512

78b9c398eda5e27cd4aee50cc5f66b028c4edbafad5ab363b81c9be732d73b484ea5533967b61ded9a901e807736a938c568872a684e31bea7067ac8b43da0b2
SSDEEP

786432:8EwRYy84Bg/YfUwtJ3bMnIN303iBz0CsAW5Ha/UZd/fPn:P4BgwfUwD3IokS9Kx56/UZdnP

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 1 TTPs 9 IoCs

Uses Android APIs to to get current cell information.

collection discovery

T1430

Processes:

com.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.ahd.m.main:remote
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.ahd.m.main:remote
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.ahd.m.main:remote
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.ahd.m.main:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ahd.m.main
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ahd.m.main:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ahd.m.main:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ahd.m.main:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ahd.m.main:remote

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.ahd.m.main

description ioc process

File opened for read /proc/cpuinfo com.ahd.m.main

description	ioc	process
File opened for read	/proc/cpuinfo	com.ahd.m.main

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.ahd.m.main/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&com.ahd.m.maincom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remote

ioc	pid	process
/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar	4295	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.ahd.m.main/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar	4268	com.ahd.m.main
/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar	4386	com.ahd.m.main:remote
/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar	4669	com.ahd.m.main:remote
/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar	4854	com.ahd.m.main:remote
/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar	5049	com.ahd.m.main:remote

Queries information about running processes on the device 1 TTPs 5 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.ahd.m.maincom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remote

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ahd.m.main
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ahd.m.main:remote
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ahd.m.main:remote
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ahd.m.main:remote
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ahd.m.main:remote

Queries information about the current Wi-Fi connection 1 TTPs 5 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.ahd.m.main:remotecom.ahd.m.maincom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ahd.m.main:remote
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ahd.m.main
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ahd.m.main:remote
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ahd.m.main:remote
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ahd.m.main:remote

Queries information about the current nearby Wi-Fi networks 1 TTPs 5 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

T1421

Processes:

com.ahd.m.maincom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.ahd.m.main
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.ahd.m.main:remote
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.ahd.m.main:remote
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.ahd.m.main:remote
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.ahd.m.main:remote

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 5 IoCs

persistence

T1624.001

Processes:

com.ahd.m.main:remotecom.ahd.m.maincom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remote

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ahd.m.main:remote
Framework service call	android.app.IActivityManager.registerReceiver	com.ahd.m.main
Framework service call	android.app.IActivityManager.registerReceiver	com.ahd.m.main:remote
Framework service call	android.app.IActivityManager.registerReceiver	com.ahd.m.main:remote
Framework service call	android.app.IActivityManager.registerReceiver	com.ahd.m.main:remote

Checks if the internet connection is available 1 TTPs 5 IoCs

discovery

T1421

Processes:

com.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ahd.m.main:remote
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ahd.m.main:remote
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ahd.m.main:remote
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ahd.m.main:remote
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ahd.m.main

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

14 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

T1422

flow	ioc
14	alog.umeng.com

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 4 IoCs

evasion

T1628.002

Processes:

com.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remote

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.ahd.m.main:remote
Framework API call	android.hardware.SensorManager.registerListener	com.ahd.m.main:remote
Framework API call	android.hardware.SensorManager.registerListener	com.ahd.m.main:remote
Framework API call	android.hardware.SensorManager.registerListener	com.ahd.m.main:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 5 IoCs

impact

T1471

Processes:

com.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.main:remotecom.ahd.m.maincom.ahd.m.main:remote

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.ahd.m.main:remote
Framework API call	javax.crypto.Cipher.doFinal	com.ahd.m.main:remote
Framework API call	javax.crypto.Cipher.doFinal	com.ahd.m.main:remote
Framework API call	javax.crypto.Cipher.doFinal	com.ahd.m.main
Framework API call	javax.crypto.Cipher.doFinal	com.ahd.m.main:remote

com.ahd.m.main
1⤵
- Requests cell location
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4268

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.ahd.m.main/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4295

com.ahd.m.main:remote
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4386

com.ahd.m.main:remote
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4669

com.ahd.m.main:remote
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4854

com.ahd.m.main:remote
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5049

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ahd.m.main/app_push_lib/plugin-deploy.jar
Filesize
213KB

MD5
e70723b8f6c4c7c09a6019733022cf53

SHA1
e3ca32166c65e4dc73c21347ab22d54a7b5a9a83

SHA256
32d35cd80b0302e3fcdd7349b4ff9a7b689ce080435109607ff79a834ff710d5

SHA512
461c0499193c5ef5aa4e2e5d358031e7d28c98c8e1e38d22b710271bf3b561c28232bfaadbc2c275357e31b7b0ad6bca798008328ac3cff3701c1c9cca2ddddd

Download Submit
/data/data/com.ahd.m.main/app_push_lib/plugin-deploy.key
Filesize
174B

MD5
1ea8459a688352c3573a8e80727c2644

SHA1
9b47864e96eed98798a6da2b8860c8f8a68f089e

SHA256
be2c0f9e472138a78d35f29013fc43dfeae991806dfebbc5be5c8dc86b8a1093

SHA512
99a26c03e760fdac91546a47e18e58851996b7e38e93812a6be23f1eee64370323ac492c4c224bd419d91566356fcb8eca3989ff4f2ce41db3d16301fa9dd75f

Download Submit
/data/data/com.ahd.m.main/databases/ihotdo.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.ahd.m.main/databases/ihotdo.db-journal
Filesize
512B

MD5
caccc081c1e88f3daad0019b3f3b51f6

SHA1
0720b71ddff75d286dc6583c692d085957405ae9

SHA256
dd83cd771e9a56c9c6fca0ef0b0199f6ba36f51193c857fa2673b6a00c178c2b

SHA512
e2dca1b45d316cf053c5cc40db893e78de77457f683bc6048821101368f1988f704e0fb6cbb8814e65c26ec3a3c6d55ac42b0bf11165e18d9556ff68ca8d2351

Download Submit
/data/data/com.ahd.m.main/databases/ihotdo.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.ahd.m.main/databases/ihotdo.db-wal
Filesize
88KB

MD5
ff96d1d51fd10674b4d25694b60fe118

SHA1
70ecd0bd90cf6553b206bc4b510a61c0e93f9576

SHA256
381a7cc6b18bcc1c5829845c8a1dee63003ecb9884aee036d2c7ef93a1b1c97c

SHA512
31c6db4280724f0a8db8b7e7ed8aac073873657294a32b5b0e14e2bb5562de672bb254ef952f952c88f4a383b469e1bea106804ff6332f85778ca50b127f78ca

Download Submit
/data/data/com.ahd.m.main/databases/location.db
Filesize
237KB

MD5
9084ab66790148148265589a517b00ea

SHA1
621da87a6e7fb80beef917f661a9f7dc19309657

SHA256
5413e7dd388fa62439773eebaaebf0a00e5663b748ab991056171a1e59c2ab36

SHA512
9c99f562ff6e8e43adc29463ffbfa7f7be2da86b14f6770e79929d226f032927296d60ed675b1eaf614b40c2ccbf42812dfbd3370bfd5e2cdd30de92377eeca4

Download Submit
/data/data/com.ahd.m.main/files/.um/um_cache_1716503351548.env
Filesize
593B

MD5
5a8465948fb3ffb3856e8464dc47e679

SHA1
bcc53968e3848c0a793e9d12036d7579b45eab1c

SHA256
12e399dcf88bc1830ab68a629b70d5217682299f3065680efed812b3c321d7ed

SHA512
362616c63812127d71d0a6bab89eafdd03b1d821b5fd17b887f22f1c6b4a1e14d33e88edcb956ecfdf900bd7699f032a309f222601de753c53ccec11172a4a5e

Download Submit
/data/data/com.ahd.m.main/files/cfg/a/ResPack.rs
Filesize
525KB

MD5
0357e8edde36315c0e0a4f5385de625f

SHA1
2e6c6f15010e88dac5078f34e31a8ddf5e032f2f

SHA256
44764ad74b21113fb17b21899bd0d4c81740544e868eaad680553b3bd0cb016d

SHA512
497385b4e3b512f6a4365486d40bf1ed298422087f23a352ed2cec96331b9b012814ffba9c3ba83af5f777df16b53bbe1bf3ab8313902db49011f01a3024cf93

Download Submit
/data/data/com.ahd.m.main/files/cfg/a/mapstyle.sty
Filesize
248KB

MD5
46a9f9a5221dbe4ff71bfcd2ee045c5c

SHA1
915cb3bc2f0096dede38afc1cd7f09c8782360a9

SHA256
ad3067eb308a9420b727b4f24dc5134bc75b36bdda7a7a7c5651090698dd10a9

SHA512
185530752b639d743f99e28369f75626900420dccf598a639065ecb08c562ff98c4a1f6abbec9724d1684ed053774d60402cd2f20e3586a534c8715e7cec2ac2

Download Submit
/data/data/com.ahd.m.main/files/cfg/a/satellitestyle.sty
Filesize
166KB

MD5
3f1348cd6165c9a66a9892565c917ca1

SHA1
96f0c939438c494cf3fd89246d458e92c0c7203b

SHA256
5fbe3817e4047e14c40b567be4955d7579c8bf7b7824bf8370f5e194ebf9767a

SHA512
405c3d1d5f4899cf723509f8e293f2ca1d95a79f7892e93401309372335a6a286f2eae9ee9312f69af10c5bcabd091cd90608898a129542b0abe0617c500d023

Download Submit
/data/data/com.ahd.m.main/files/cfg/a/trafficstyle.sty
Filesize
4KB

MD5
6a86f30539dfc9332cd235fc48fcb62c

SHA1
5c202003f6346edb85175b8df7c460793f5512c6

SHA256
34bfd1e28c3625f50a23240c4b08ac50a90fd35c5e5f88aed1cf36fa8fe5e18f

SHA512
f63edb8270e6cd35e5c6896e2b9153144af0d29303e367a4fa81941b1b2bb0de57fa484badb7ec7f05ebdfa67d77b00c3651572c5f05e9314389887f5546d235

Download Submit
/data/data/com.ahd.m.main/files/cfg/h/DVDirectory.cfg
Filesize
69KB

MD5
4e9eab735928758b860e48b2f9befd7b

SHA1
7223dfdd00f8059d3b83c28c6f7d78d2dcaa0569

SHA256
1a5650bc57e525ff23c7f0cd058d4574142e772c51a89867a13f89e13b93d6b4

SHA512
c7465fab9518be687ee63cbe044f28a4d5c60f1c043fab0ec66a856b2b542c9d99d9ef5812c7eb2033f797805ba37b821572b83eeeebdaac4854a4bf53977599

Download Submit
/data/data/com.ahd.m.main/files/cfg/h/DVHotMap.cfg
Filesize
10KB

MD5
c16f5ca1517683c46e02a6b71aab3c00

SHA1
2d09a048d1b8d556d89d4d723947e9e234b5e59b

SHA256
13d4fbc0d1cb7c2761641a3632c440f6f1d919dce731b8c32cb35e652b0b39f9

SHA512
a692b79382747548fd8be8ed94c06198b143c167be1e96f60d8ea7ee9432a0eb1a0cd73d0704523e487d59443bf7ad13eb36e47b67864e227917d33225e3e62b

Download Submit
/data/data/com.ahd.m.main/files/cfg/h/DVHotcity.cfg
Filesize
1KB

MD5
883c30365d5d377966125dd0c079debd

SHA1
d296ec1e3f4badb6e3e6166c1473fb55d4265761

SHA256
50112e7ed210b33224fbe1cce568c8e95a14fb47f7d39ec905369e2feb9668aa

SHA512
00b1604e206a5d929071aa1cac99d83320eacdbb064d517973a5a36757a8a9eb8a103452c98f24e7c8d29adb4b2843e804bfdcb32902da7e364a0c30f8609b7f

Download Submit
/data/data/com.ahd.m.main/files/cfg/h/DVVersion.cfg
Filesize
86B

MD5
298924848d2517a508f43ff0cc51bd3b

SHA1
b9fcde7b86653ead6deb57280a6049cf87745710

SHA256
0b6eb1f518059d8c472bab90091bb26d9ab877f6c70fac375412ff1582b8ca3b

SHA512
63b88c5b9b971ec52a5f724485d9998bfedb073e84ed63bcf0337e726923510d97a8ddf87371b5620f89ba788af01db58300638fff5031856c77dec8e18b4342

Download Submit
/data/data/com.ahd.m.main/files/cfg/l/DVDirectory.cfg
Filesize
69KB

MD5
65685a117c72fe8fbf5a92b07073c99e

SHA1
b115b527f74e4c291edcaab19b316a446aca8f5b

SHA256
19bcea79613a5c3bb71dfe6b311241fcbf3534b538f0b147c7e849b58b24b2b8

SHA512
e5821a5212f0790db33ec7274f018b08f499557ff7f2f118021a7905573e8dd66e716fb02144919d96eeec7da9db921c756a88cf0a050f65a9f8de3894dcc253

Download Submit
/data/data/com.ahd.m.main/files/cfg/l/DVHotMap.cfg
Filesize
10KB

MD5
cc3fad9057e0940ad4d4c7ad27922023

SHA1
403cbbcd7b819733b5caf49ed2a58d654441e99d

SHA256
f6d90bd8621889ab994374b4f51a1c3f9b028aab1a2129b8b3b0e1d7c5c37864

SHA512
ebaf2b8c56bc15826ef38b36e72ae41765fc723470c6dcc40bf9f31118f252777072ad39a535a79f53b6aa29811b4b21cebbc9810c47e34ef9400246d789ab21

Download Submit
/data/data/com.ahd.m.main/files/cfg/l/DVHotcity.cfg
Filesize
1KB

MD5
1c6abcbbd253448057930ad1cc59ac75

SHA1
a5845d1c4bc87b8b4785b456d76edcb8309eda4e

SHA256
a46b498ba6586aaa2f246bb34e47f4290ac60273cb86ff662475b0def7172136

SHA512
71aba5b2a1020d1925b3844c861cbe595de3b21d665eedb13f1ef0d80477fc091663e0625b09c5f49d4f9d0770970dd0d188b84635e9c75c1bdba9f2a7171631

Download Submit
/data/data/com.ahd.m.main/files/cfg/l/DVVersion.cfg
Filesize
127B

MD5
d54b7b380a5ff46c78283013a07d8e0f

SHA1
f697c5f7028ba2679a96d6bc5291c38ff96d7982

SHA256
c7ad837b097687d92e0d944815fc70adcb0e1cdc82db28f728d13e8a48d7532c

SHA512
ade792589c33179c51305f201bfb6db28c05b2ea098d12bfefc1a5cf9bd3014d53830ce2e71f027719ee1b83b2394c7654b5ddf4fdc7f678840869d2a2787ef4

Download Submit
/data/data/com.ahd.m.main/files/lldt/firll.dat
Filesize
56B

MD5
726c273595bdf2846827e327fe15a162

SHA1
94cbd036811e7dfb786b6497f1535a683697ba65

SHA256
e098ec7a791b0ea6bec38a75d3eae3967f15ccd66b73e14086db3f31b2de0321

SHA512
5a0ac4ec4b9209f7e53a8827d0fac8f3e897a835f4f903530aa0db7106926197d6e9c5ccc94d48be7f0ddfbca3114957a7c814dce124e1889d2351281dced90e

Download Submit
/data/data/com.ahd.m.main/files/umeng_it.cache
Filesize
310B

MD5
ac4c5b8df9cc49d807f3a95a1b80c6bd

SHA1
67394f6ae9b12d5e7ea25b2c2974b6250f958338

SHA256
77f557e249b2266b0beb6e81d92ccbd74cc250be3e53a6f0377d7e04148f8597

SHA512
68645ca59038384944dda18b1da9a6f43e11978fd800e7f93880bf576b05dd7fbb1100ac34ce884d517992ec998f3f1d1baaa734f952300039fb5fd6b83ea4d1

Download Submit
/data/data/com.ahd.m.main/files/ver.dat
Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar
Filesize
530KB

MD5
5597a541eabd3fb792c581587550dc4a

SHA1
6500b0ff20c75717e1cb67dcee76b4641a4e8a35

SHA256
473b02216f8d2b5ffb26571e51ff322e3ce04ba45418408452bea103576ee8e2

SHA512
39b4acd82f67f11140cd1b0b4291e656a4a46ba63064509977f3f1de24a931dce83964f031e16ccab95cf0540ac5f613ca87d7665ce99f1c1ee4a0778e2c19e2

Download Submit
/data/user/0/com.ahd.m.main/app_push_lib/plugin-deploy.jar
Filesize
530KB

MD5
bdfa71feb08b80b649fddcd7488b03b4

SHA1
bcacf11199fd2c353034a7271b5dbfe2dd4cbddb

SHA256
f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d

SHA512
37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

Download Submit
/storage/emulated/0/Android/data/com.ahd.m.main/cache/uil-images/journal.tmp
Filesize
96B

MD5
5adb621b1ff7445b9b82232c9a4396e3

SHA1
ec8536fac4111674e2a5bb557e86f91be241c788

SHA256
c070e6b3139caa637b8ffac7243a88f2c1b4c6311060736e0d4b4e1dbfba9d9f

SHA512
c7187455b687a9a7ee1e7ee3781d5f0318a3824bcd46f5a28854af597069827ffddc13262976d52442f35fe48e1f282a6fa2e7a02bd35df523035aebef03480b

Download Submit
/storage/emulated/0/Android/data/com.ahd.m.main/files/cmd/concat.txt
Filesize
111B

MD5
c5d187ff8f41776757e8a245927445bf

SHA1
d11339acb62dce13535495531381484efafc5bf7

SHA256
ddbd3708a9c3cf5ff2b6a77834e6bc24c70435945a55543ad9217beb273e22d4

SHA512
e382ed19ceca8c57ee943b168282533b09a72f23b8cc082ea41a7dd9b5d78a7fa2de411f38ca59ba6237fda648f722198092d86ceb2c0da456b14e4927186c2a

Download Submit
/storage/emulated/0/Android/data/com.ahd.m.main/files/video/cpianwei.mp4
Filesize
225KB

MD5
3e5b79bfeace864d4c5218464c4a9403

SHA1
7538c8b67ae833619ef686cfbc870bd610385147

SHA256
645576da29971c41a539f53a5a9f51cc37235e1f3433ed07937b1d4fcbbcffe8

SHA512
26fa31ee5962fc17c73e9179cb2f415661e7257715319f8cd13c74b8cbd3de4dfa1ec7f943213039f4a3559c6dd817afa087240679758b2dbb279d0589376b72

Download Submit
/storage/emulated/0/Android/data/com.ahd.m.main/files/video/pianwei.mpg
Filesize
240KB

MD5
6bbe3fef3591a96e2cc2a5e543c3e1a5

SHA1
6d1c3defe65ea43ef8a67c319a53a06114bee676

SHA256
782da6cb89c5d30c2e3b4cd5d02b4d863ff5c485c7bfd560d5ae173e48523427

SHA512
6bda41540295f59e45b3a7eb5ebb2cdbd0323388dad224c09fd413d5ddb43f9745742af9813d0b215de53ef3f71469eb3a0e62e515a7f808a636ec0826e20ad4

Download Submit
/storage/emulated/0/baidu/.cuid
Filesize
89B

MD5
87531c25eed342d339cf20f0f81c3d3b

SHA1
17d63e1b50240bfe11fd8dc48132472f34b4882a

SHA256
b8c58067882a49f0aa2822722a491c4a9da4c51156b19a31cd1d1f6aa5e91835

SHA512
84f74cf6d05c5b4a9abc816d1bdf5f653e9b38bcc2dca7be1a466a9d86b5c5cc47a634bb40d83ed917bbc0f1be0d22b52d2c5de52926ea59865618d6ae8b8a79

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat
Filesize
151B

MD5
cac51deda3bf74a771521d7c7d8d4164

SHA1
3e8ba430e95a2ebed24e9eaa04f712e97ec0aaa5

SHA256
538ac505a512237310fd6ee77cff3b2acb930b3101dffeeafd55e4abf3b9c348

SHA512
707a5f0a713b3308f5bdc7ce2d7aae26438f044c3d6d33f09f441371f3ecf0dda145e749ebb9924f3997c863ba81dfd1cab1ff8b8c683522d80f9cba149cf73f

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db
Filesize
28KB

MD5
ef2c78dbcf5880b8eb95b5bfd47d3daf

SHA1
f2ed56f6b66294df1dc77057ea5c8f74e0c20434

SHA256
c319cbcbdde2a150b5248e133b1185c5c9e3dcda3b41004a91801daa1bb7d4ea

SHA512
7045ee0455fbad3386e389ccada58ed5784dd260e0aaeb82e6aefed1926a103d9225ee76fed27be9c7e28a9f2d0d8d546fc62906f3d4be525e32f87389f1f2d6

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
4KB

MD5
91ffac43e7307ceabf17fafde2ad1ec7

SHA1
b914861b843a87d3967a731d57209f5f1982060a

SHA256
3c206808b5b8142a8f07d6af4849c3916ba4c672b0bf0415f501603a20e200e7

SHA512
14762b0a4b20d9288d3fba0463c62600c8823ed2533d5456a26a54136b4d131a70473468fe58da8275968039e9d9be987524ab73b9e24cdf70da402e031a11b3

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-wal
Filesize
52KB

MD5
7637794eed8f3cb3ca213a04e56c08fa

SHA1
2a5f36344f7633973ca1cd2dcbd125a03c96bd8c

SHA256
7434e6a99c14a714024eb0d12c5c2fa0646e147fd406f398e75072ea8cf3e78e

SHA512
b0bb3697a3ba739ed4f281d171421e3205aa2b93473a5940d84d08e89f42940ad3deee20e2d31b26021528bb6e17029304f96e199a5cc3cd312632ac62c765f9

Download Submit
/storage/emulated/0/ihotdo/obj/login_pictures_list.obj
Filesize
5B

MD5
9dcf2a6f12095ecff342e9fa0c5ca72f

SHA1
c815f34691be353caa9de93bbdb00a31f62a9ed3

SHA256
4e68143408826326220a32d6bff59e1cca3dd85f74b018aebd6723c5686c54e5

SHA512
7ba3449f5ec3363bbee33d47abe471286cf78034dd70379fa4d0de5fd59215e8c58287eddffed1b9c3c74e157f6a9ad69b0c551001a62d04790bba49df48231c

Download Submit