c70e97e740f619efb27e356edfc7bc44479db50a2f702fc50d8877c3e6b1ee58

Analysis

max time kernel
36s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 03:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69a5ff6d5d3d4cd32a607d546149e021_JaffaCakes118.apk
Size

28.3MB
MD5

69a5ff6d5d3d4cd32a607d546149e021
SHA1

1c64a7dd4b895d4a21ddfaf7c84160ead62c9260
SHA256

c70e97e740f619efb27e356edfc7bc44479db50a2f702fc50d8877c3e6b1ee58
SHA512

76588e5d1b399bfa7e2907019293bdadb36b80f2c208692d11c9870f6f024d3ef67e17fda491e1d6842c603b6f5e686a3ec8e5f1ed77c2c77145fed68f831139
SSDEEP

393216:ojkKoTs+T43hx0apTN4ft6wYdXk8H225X63L25X8DCz99nE0aJIWLHXwCCmlHTEe:ojkK76K2F6/dbxX6eXkCz9ZubXwCCkEe

Score

7^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 11 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.kingdee.zhihuiji/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.kingdee.zhihuiji/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.kingdee.zhihuiji/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&com.kingdee.zhihuiji:remote

ioc	pid	process
/data/data/com.kingdee.zhihuiji/.jiagu/classes.dex	4316	com.kingdee.zhihuiji
/data/data/com.kingdee.zhihuiji/.jiagu/classes.dex!classes2.dex	4316	com.kingdee.zhihuiji
/data/data/com.kingdee.zhihuiji/.jiagu/classes.dex!classes3.dex	4316	com.kingdee.zhihuiji
/data/data/com.kingdee.zhihuiji/.jiagu/tmp.dex	4316	com.kingdee.zhihuiji
/data/data/com.kingdee.zhihuiji/.jiagu/tmp.dex	4316	com.kingdee.zhihuiji
/data/data/com.kingdee.zhihuiji/.jiagu/tmp.dex	4370	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.kingdee.zhihuiji/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.kingdee.zhihuiji/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.kingdee.zhihuiji/.jiagu/classes.dex	4503	com.kingdee.zhihuiji:remote
/data/data/com.kingdee.zhihuiji/.jiagu/classes.dex!classes2.dex	4503	com.kingdee.zhihuiji:remote
/data/data/com.kingdee.zhihuiji/.jiagu/classes.dex!classes3.dex	4503	com.kingdee.zhihuiji:remote
/data/data/com.kingdee.zhihuiji/.jiagu/tmp.dex	4503	com.kingdee.zhihuiji:remote
/data/data/com.kingdee.zhihuiji/.jiagu/tmp.dex	4503	com.kingdee.zhihuiji:remote

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.kingdee.zhihuiji:remote

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.kingdee.zhihuiji:remote

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.kingdee.zhihuiji:remote

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.kingdee.zhihuijicom.kingdee.zhihuiji:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kingdee.zhihuiji
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kingdee.zhihuiji:remote

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.kingdee.zhihuiji:remote

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.kingdee.zhihuiji:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.kingdee.zhihuiji:remote

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.kingdee.zhihuijicom.kingdee.zhihuiji:remote

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.kingdee.zhihuiji
Framework service call	android.app.IActivityManager.registerReceiver	com.kingdee.zhihuiji:remote

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.kingdee.zhihuijicom.kingdee.zhihuiji:remote

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kingdee.zhihuiji
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kingdee.zhihuiji:remote

Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
collection discovery

T1430

Processes:

com.kingdee.zhihuiji:remote

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.kingdee.zhihuiji:remote
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.kingdee.zhihuiji:remote

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.kingdee.zhihuiji:remote
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.kingdee.zhihuiji:remote

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.kingdee.zhihuiji:remote

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.kingdee.zhihuiji:remote

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.kingdee.zhihuiji:remote

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.kingdee.zhihuiji:remote

com.kingdee.zhihuiji
1⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4316

chmod 755 /data/data/com.kingdee.zhihuiji/.jiagu/libjiagu.so
2⤵
PID:4341

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.kingdee.zhihuiji/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.kingdee.zhihuiji/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4370

com.kingdee.zhihuiji:remote
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4503

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kingdee.zhihuiji/.jiagu/classes.dex
Filesize
8.3MB

MD5
8695aac83cd9bcbe3ae77ab4fd61da6c

SHA1
87679f83337947a023fc17d7bb022ee13e26d36d

SHA256
72e2798f553540e334502c8c612397f528af0d59253329807eba23b55a006de7

SHA512
862243b21d90e27b46d4017d9dfdd8d8e98263213c383730181ed8cb4bbbe27993f14acc3b686a73defc1f3ead6e83fcf5af9b1bbc3a952b17b3b5b438f2e95d

Download Submit
/data/data/com.kingdee.zhihuiji/.jiagu/classes.dex
Filesize
6.4MB

MD5
3808c9f925b5eb0cd7cfc11a399ba7eb

SHA1
0b13b2d59171040fa061fc0d9e9c5cea12927a31

SHA256
854c262308f1b56bf0321d09d7a724bd7bd001877d29d34f8c92b404e1d35b0f

SHA512
a8a45b7c92dd63a0744d922f2d7814dd71e314046acb590744795e9a9e12b9b08d406ea215fe2bda7526d326ea5012cf631b7fd638ded2aa946e3c3d9032b71f

Download Submit
/data/data/com.kingdee.zhihuiji/.jiagu/classes.dex!classes2.dex
Filesize
6.6MB

MD5
209fc6a1185c0a9736abe81fea2a625e

SHA1
406d12821cdb26129c4847381c93a8a9eea7b19e

SHA256
463535b2c6ff6be7a30773bdc13a57d8514c0ab29595923d4759f8fb2fbbbdbd

SHA512
b784676173b81bac2af12c901ceab21c908d564eefc10f5a002db1012a0fed3075eae188f6f21ad5d7da0c36428ebb2d8a1d071a045510dc4f34d0fab6bb55d2

Download Submit
/data/data/com.kingdee.zhihuiji/.jiagu/classes.dex!classes3.dex
Filesize
3.1MB

MD5
5c7fdbe07e945cb9ad70c1022453fcd4

SHA1
c3be5ea2a079043c40c7e9138a6a0f8a6ee29660

SHA256
e6606c23fea953e5aa79896a91926ebcf2d4073f10b0eb2d524f113dcb42f09c

SHA512
16f4097fe0728121ae4c20e3c94d441e6b260a2d04e10db973dd3c52c29493724be5078b88a50b67d52aca138f784c5995c510eb8ebb245a7106b4e33c147707

Download Submit
/data/data/com.kingdee.zhihuiji/.jiagu/libjiagu.so
Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.kingdee.zhihuiji/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.kingdee.zhihuiji/databases/com.kingdee.zhihuiji
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.kingdee.zhihuiji/databases/com.kingdee.zhihuiji-journal
Filesize
36KB

MD5
69474aa535cff2fef3778e49adb17006

SHA1
1f43c3b216d37311b5a6cf6ab09dea18b6d34c67

SHA256
acb7eacac38e18814434bdd4143685b0dd69babf08f9a431d4990050ca5fa24c

SHA512
02db054f4d962e4da5afdd5b8efd5155dc7f7af7decb83e3e4a3132114cec50ab0975d2f1126a2a6ac3dc6997807a638a38b01ce345fa71938e928846571f26c

Download Submit
/data/data/com.kingdee.zhihuiji/databases/com.kingdee.zhihuiji-wal
Filesize
32KB

MD5
50723033afcd822438b98ccf085fdb79

SHA1
48047d3ceb60c41f3a042faf3abd4fcd0e5b1d43

SHA256
033021a372c60e17c89c7f14b1e7cefa4e04d23ec11216783af78e249e23898c

SHA512
e1568642a9f45c9a129b945b393f1fc59acfa175dde38499e3d2d95c9a169711e359f9dc27f623ad03daea4556c610b116c8d4a03df5aad2675bbff0ac600c26

Download Submit
/data/data/com.kingdee.zhihuiji/files/.jglogs/.jg.di
Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/data/data/com.kingdee.zhihuiji/files/.jglogs/.jg.ic
Filesize
512B

MD5
fe9650651a939a1da02c2befa45659a1

SHA1
4af62942b8bc311ab9a5350234d936ede3078b53

SHA256
8568788e7255c62ea973e596ad407afd3fa4995eff0e5022b4354cbd662c73bb

SHA512
fef99309d12bc2a2c3c551ad7e9a8323385aa5aa0c013b24f09d21cc9b200598f72e23a64117f1c8a47ccf0a46402c163afa85f505a1a97c2b102a05d86c05ec

Download Submit
/data/data/com.kingdee.zhihuiji/files/.jglogs/.jg.ri
Filesize
36KB

MD5
79aa0108c3dfd09e02bf4ef3eb256141

SHA1
0bcb3bd9518709bc2ea25fe70048046d75adc24e

SHA256
ef9d241cca5aabcbc426ff1c0a2f326d7f22c514b99b4b2ace351404cc8da59f

SHA512
5c7560824e913ddcc8ba32e9d0f5182931c04016a2f9b4328343da8fdd137b593a0b2923b78219b354626c161381f26d1264a14606b2fe1a8fb63bfcee69ed68

Download Submit
/data/data/com.kingdee.zhihuiji/files/.jiagu.lock
Filesize
32KB

MD5
c6186b8cf8bd5628efef2442398bfbab

SHA1
4b8a4b71485a7dcf2e4fb5af40d6e7cd36eaf7fe

SHA256
d259dd13332c9bddca4befd35c68af1132778580d2700ebede60be5d3fa81e4b

SHA512
6eef34c8880b6de3a6380bf0baf1dc7794df745cb1934080e14b18a9959d17d709b81481fc6d889105eb1dab45fb3694cec859d6581b3c6f57a9e97f0072e555

Download Submit
/data/data/com.kingdee.zhihuiji/files/lldt/firll.dat
Filesize
76B

MD5
b80e0559b631dd44e0e9568ba5cde360

SHA1
9d15d01187102e5546169817dd2b4110e66497cf

SHA256
ff5834af6c2d4124eee289fafc8e62daf17697ba1ac677514a0958cc77064b0c

SHA512
c65ee07a2f4db306fcd7e30ecfb6f7c1397c60f74d0782ae00a6a1f9e8289ecde4ff101c90554f53abbbb37c4a8b355d37fac577db48ebaf0f3bea274b205d18

Download Submit
/data/data/com.kingdee.zhihuiji/files/lldt/firll.dat
Filesize
16B

MD5
c86794a3429a98324504ee05c2896266

SHA1
6e1d3744f3d24992b8e63cce10937a892afc9560

SHA256
8a5ddef5050d2cda14f7ba53c5f79e122ca96a687a6156a03aecf7ef9b1fe831

SHA512
184038640d3ff479557b0f335add3c6bd7d479036bd3801ff527f0dab87abdda2e951af44b359a538830e7d5ddc2eca40e573c2bffda1732b28365716af9391e

Download Submit
/data/data/com.kingdee.zhihuiji/files/lldt/firll.dat
Filesize
16B

MD5
ea872c7a35088fbaca805e4c2691c94b

SHA1
8ee75c480109cdaa93d0beb85273023626e0ab61

SHA256
3fd66ad41c543a37793f28bd765ce7ad1a079029736548cf9629aca622b8cb28

SHA512
51ce2bde7c34fe950d9e5c4db5cac850b8ae1c464068b626c2bea80fcbcac66e0092d067b280c264328e2fd0c84380683c46863a00695781ce18df842db8260c

Download Submit
/data/data/com.kingdee.zhihuiji/files/lldt/gal.db-journal
Filesize
512B

MD5
f820435da7220516e6c11c5d5b82c9ae

SHA1
7a1d8232f1121da539c9b99fa66a65a5978081dc

SHA256
7564273013c8b81a64b45cba381e30ae9232b0b01c5bdd01b839dc60d1371995

SHA512
5c228ef38c5c8be3d6ae655a6b73c6a2b0510b4d24348ac56657c82335d72612024031d6328ffa2f618f19fa2653b210582aa25b802c5291415672d620f87e19

Download Submit
/data/data/com.kingdee.zhihuiji/files/lldt/grtcfrsa.dat
Filesize
801B

MD5
7c366ea8f849e91e3f0f3093867b5c33

SHA1
88bb005e5643134f8719895233047017afe39800

SHA256
d759d062f4eff809dc55ecf5cf8693b0e062bc1bf3301f11d907f555852b20e9

SHA512
4575109c6e7330735b5421dc6f32abec26c5e9a92fc6ceb5b0b0f360ff97ab42f6001e52ebe63199d17ad27c053deb04b26e18af0025c0462886c9576c1d63a6

Download Submit
/data/data/com.kingdee.zhihuiji/files/lldt/grtcfrsa.dat
Filesize
206B

MD5
6d613136def26031e18f3f404299bb7e

SHA1
14a7a4a3309b932512dad59dbdb35503845e60c0

SHA256
58e28d4defb46364dd0057354a4a89f8cb726d3b696c632de04b1a707803be18

SHA512
89ac70f36ec3117b631a56d43700b4d034d6d269d4632933fdaa8cd9675c57af1df95f15271d0b45b796f56b4f89ec3d6bd4c9114d7cdd24e3a25d30e24e7ca0

Download Submit
/data/data/com.kingdee.zhihuiji/files/lldt/hst.db-journal
Filesize
512B

MD5
a29cb83895cba2c6a4a99165800f548c

SHA1
b72c774328d92a2b6ab51d116ad03c27aeac85d9

SHA256
38a4e7cfb3fe3c0e932972f122d82534c9001fb3d092b8892723a9fc07cc91d2

SHA512
574b620efd2f1f8a09f1bf494a067579e9ca0d51aa0b3842068fb68222fbb65856dab3835a92391d8171a6d4becb60201d81d86b2e32eda8a8e8177d46389f57

Download Submit
/data/data/com.kingdee.zhihuiji/files/ofld/ofl_location.db-journal
Filesize
512B

MD5
1b67355e61929074be82fa5546d34253

SHA1
fa6793307e29846393c1eef60a82a0bba1fa939f

SHA256
11db8b553daac05a89da18fae3972c4b68f43face1deaeedd40a5c0c6d19faf3

SHA512
8c57968f3689343ea00acdbcad171b72ec92b26871b5c277adbaf505c50fb22e52b68b734a286af6afdb2794b3029ae58888973f1fdde6a515eae2ea4de53b90

Download Submit
/data/data/com.kingdee.zhihuiji/files/ofld/ofl_location.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kingdee.zhihuiji/files/ofld/ofl_location.db-wal
Filesize
48KB

MD5
8165ba1e13fb4eaffd9390d065c14825

SHA1
97cb3b617ad4a660d4af95ece8755878466439e0

SHA256
8e6e78edb12196ac0ece7b9d0c649b536c7d133d72a0649541d31f154828343a

SHA512
72e3bd18fadf86c3ba00ca8bc5c6c610085ff2a445c72da57d0ffdb66c3f4c6b235a32eccdf7980d7e44bd2efb770e2523559e8f933f7485bed86349a1c8641d

Download Submit
/data/data/com.kingdee.zhihuiji/files/ofld/ofl_statistics.db-journal
Filesize
512B

MD5
cbc63513c8c6d19ae9e3a09acb7ee4f2

SHA1
74b6202a388a5ac42cc6f19c1358e746645efa8f

SHA256
65c2e8852fc346168215f3718a48216459ace3ae998d4f057ce77ed9428443ac

SHA512
f9cc4f0fc476f96a65a848d9295fdc32e2d043efcba3c9cf8668b05262335379264e007f48aaf1a86044c2016405c6e647434590876a9703476b1bf7ded5c42c

Download Submit
/data/data/com.kingdee.zhihuiji/files/ofld/ofl_statistics.db-wal
Filesize
156KB

MD5
a6b9e1beeab06d24ddba4b6673bd59e5

SHA1
e581352444970a57025f4f8e7a109650864fb51c

SHA256
474034d4a29ebbbb935088228be323b97cbd20cf5aa4297191e3e984f67e5a3a

SHA512
c88ed0277afaca84783b533cbac23eabc127df1db43966d8699c38462164efbb14ea8fc3306fcdfd6e61028529b660956f593b87ea0d4525786e4ed4f6951025

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
32KB

MD5
1c56df0a0870ed1c3273c17e476a6f03

SHA1
865db3b9119dd6dc82187d525c8b6be494484a99

SHA256
7c6359bd9670bf186ea39c6e8f08f4120d033077a6167ce7d1e76f3dca6bca5c

SHA512
f07447e0c243df2dcf050b93609f339a1d5cb61cd7a240b5bcc02a2bfd160a5783e1a69ada604c72ac6fded56a9607c4624f92794a052e9f2cabbf2c334cc246

Download Submit
/storage/emulated/0/360/.iddata
Filesize
52KB

MD5
ae99660bb01a88a126476cca3441a910

SHA1
1f7bd034dd17e589eae814aedd4b16fb5395c672

SHA256
3a1da681f173d187b69f1f0d1b8194c0c764edc008487f6ed543e57bc895c5ee

SHA512
f0b9f874a7374201f2fe95f3e1169797c6da61b848fa791283d1db75428476f8e41c8df8dc5165b05387459eb9eb5b36aff742a0c7140e09c9b0e6a4a99a18d8

Download Submit
/storage/emulated/0/Android/data/com.kingdee.zhihuiji/files/tbslog/tbslog.txt
Filesize
1KB

MD5
b28824025aa7d9a7aa50f27a228b1986

SHA1
02661409fe8ad166724fec9e5650ef45f9d73a63

SHA256
f029cd87dc363e878b9031396ca84719767a2b27a6673d7354158afdcb766445

SHA512
dc79e917b685bcd014649e3bbe12c4261aad8f07933c3007a3277c7ee03d75fcdb52f6e873048d2e5d16b3033e3bafc042278b420d7e1f063231b4b3217ccbff

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat
Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat
Filesize
157B

MD5
84c2c0757045864df185fb5c18efe372

SHA1
b2cae9724e1d1a1256a6e40c97129849220d4d17

SHA256
6b8643e0560b1acd352aafb10791f2e3b609610a1375a1c411a13fb1be827caf

SHA512
1fada34309e1f358d549a00ba373e84ea850a4876b992e0e526cb29b241ab3b420aa748bb7da9e13fae67a2913af24fce913df2f44cc8fcd7c1a72043b4d0850

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat
Filesize
96B

MD5
e4e0fde96fe225d983b0d9d950ce2faa

SHA1
050c0d110a5fd9c928df5e5433aefb2e207b22b4

SHA256
e8cfc9c46120a4fb4e030570935f000e4579cbd6f89c68da30d4aa3669c5ec85

SHA512
f2a6ff1146c8e886cac10674913075d23330cb5837acd3af95d5e71b29c1234816cf8304657f14e25414c1163f2af09a6b9b0872f50e1bf002a269e23424661c

Download Submit