Malware Analysis Report

2025-01-19 07:02

Sample ID 240523-pbf7jsgc4s
Target pda-hn.apk
SHA256 7c6b6d356979365474a699a5e451e0f30466fd1fa851c4c47c56e53de1e08a77
Tags
discovery evasion impact persistence collection credential_access
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7c6b6d356979365474a699a5e451e0f30466fd1fa851c4c47c56e53de1e08a77

Threat Level: Shows suspicious behavior

The file pda-hn.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence collection credential_access

Loads dropped Dex/Jar

Checks memory information

Checks CPU information

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Obtains sensitive information copied to the device clipboard

Checks if the internet connection is available

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-23 12:09

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-23 12:09

Reported

2024-05-23 12:42

Platform

android-x86-arm-20240514-en

Max time kernel

125s

Max time network

133s

Command Line

plus.H58EF5770

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

plus.H58EF5770

stat -c "%x" /data/data

stat -c "%x" /data/data

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 ac1.dcloud.net.cn udp
CN 123.207.204.152:443 ac1.dcloud.net.cn tcp
CN 122.51.117.144:443 ac1.dcloud.net.cn tcp
US 1.1.1.1:53 s1.dcloud.net.cn udp
CN 118.89.133.90:443 s1.dcloud.net.cn tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
N/A 192.168.220.200:7000 tcp
GB 142.250.187.238:443 android.apis.google.com tcp
N/A 192.168.220.200:7000 tcp
US 1.1.1.1:53 ac2.dcloud.net.cn udp
CN 150.158.175.11:443 ac2.dcloud.net.cn tcp
CN 124.221.14.222:443 s1.dcloud.net.cn tcp
CN 42.192.51.127:443 ac2.dcloud.net.cn tcp
CN 121.40.119.209:443 s1.dcloud.net.cn tcp
CN 49.234.20.60:443 ac2.dcloud.net.cn tcp
US 1.1.1.1:53 s2.dcloud.net.cn udp
CN 49.234.20.60:443 s2.dcloud.net.cn tcp
US 1.1.1.1:53 bac1.dcloud.net.cn udp
CN 122.51.57.179:443 bac1.dcloud.net.cn tcp
CN 42.192.51.127:443 s2.dcloud.net.cn tcp
US 1.1.1.1:53 er.dcloud.net.cn udp
CN 118.89.168.191:443 er.dcloud.net.cn tcp
CN 150.158.175.11:443 s2.dcloud.net.cn tcp
CN 43.142.57.168:443 er.dcloud.net.cn tcp
US 1.1.1.1:53 bs1.dcloud.net.cn udp
CN 122.51.57.179:443 bs1.dcloud.net.cn tcp
CN 43.142.62.113:443 er.dcloud.net.cn tcp
CN 43.142.131.213:443 er.dcloud.net.cn tcp
CN 123.207.204.152:443 ac1.dcloud.net.cn tcp
CN 122.51.117.144:443 ac1.dcloud.net.cn tcp
CN 150.158.175.11:443 s2.dcloud.net.cn tcp
CN 42.192.51.127:443 s2.dcloud.net.cn tcp
CN 49.234.20.60:443 s2.dcloud.net.cn tcp
CN 122.51.57.179:443 bs1.dcloud.net.cn tcp

Files

/data/data/plus.H58EF5770/files/.DC4278477faeb9.txt

MD5 412fed3b026db696e80c98ce97a09e0b
SHA1 bca0bfa9c54d4e5d01144a86630d52fd582dcd0a
SHA256 b81a5b2a8c93f00dc9d58db10c836423ad54fcfa134d0388d378abcc038ff5f9
SHA512 fb38bfab6a435cb3dba54efbb592fd732f58a2cf3fd32de48d514b797ddef38a5797383b7f7ce3188124cb8d93227e4193eefd5067006dea6053b0758ce6dff6

/data/data/plus.H58EF5770/files/cnc3ejE6/eje3cnc

MD5 762298b93820a5cd8b6d8ec469078f7f
SHA1 d5b02a2ff3b235cd2b61ceff53a1d88b8984477d
SHA256 dc3f98a33c26c2796dc294b354831fd5ca9796295f4cb38479c80b145d4807db
SHA512 70f864211ce16679d0538abf9b7071d27c2d22ae458e32409d20065032c762dd186307ef33ede90abd9ac794a4ced8b163404e9799c05f0c515337249684311e

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/css/horn.app.css

MD5 39a4827fe734b74c53209ba1f9d3f4b8
SHA1 0d6eb39289ba7736339cbb80598be7ec4b490232
SHA256 c290cfd06e568b52a6179b9799e2d710299b5082ccc566082dfacc133e4ee881
SHA512 f05507e120266dc8a9b316484033286f4bfbeff9f0ac67ad05ed07d0625e7f47e881bc9e43af3ae87ee2524fd18a8bbfed81bd298315d19ac79087121a5c77be

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/css/iconfont.css

MD5 bbb3ec646999b30aa2c80431441de316
SHA1 0fd41813ce499ac96689716c68fe6889ae53584b
SHA256 79119d22b98a1e110ffcf8db50e74b500e2be6df815661fbd4308dc06f4040d5
SHA512 30a8a1045aa33565c2c5f4cb838125d37f7a775f422fbfba3aa1216f8761d509a7bc341badc443fdd0b5c68f3d33b8cbfaf7024120355de83392a26a2ae802c3

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/css/jquery.dataTables.css

MD5 e15066a8d7a9c01e113f639cad9d356d
SHA1 8883ab2a9aca27e0eaca5192b728b2ebce4547d6
SHA256 ddcdf1bdb6db588c79b14a72c39b60b422f64f5c631aa1fbfe788029100ae61f
SHA512 600e190bd19e604da4741044d77f06120ff1e83f800c6f51ddace4f25dac7c96d4104f13db4de70cd3d095cbaad2989149f00a4b353485f47176d6d1d05c0c6f

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/css/mui.css

MD5 5836f3f57e3a06a6aebf0475a81d6b16
SHA1 668b1b1d96f9c914b8a546bb6abd03242b082cd4
SHA256 bd7c4f0a849da629ee5ec336e69f9e19d490893c3653630ec7eaac73877a4fd5
SHA512 75c123d8d88f08698325e1486ee3a968ef9fa43c0437cd0738313343187e1d553f662dd96b60cf9c593ef719232a958b2b8c3c05fd71b67f21ceacd0edf367a0

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/css/mui.min.css

MD5 3ae39756b0c6e5a8bf9f7f297d4bdf23
SHA1 09aabd7e2c807f81e5a384d98d02669310f63996
SHA256 d76f633aed9520f7970796ac29faeb767e5f79b2869907aa1dbcfc7bbcfdb3e2
SHA512 43803f0d6358498847d1702993a21d9838736ad6b61b6829b00f38afb4c603f08a51ab5032c46f5f1fba9771779bb974eb925dd3395557756b11a29a3928f8d4

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/css/mui.picker.css

MD5 d4e0f601944f00f63c8a8709d5132005
SHA1 2c5062c122bf2cb2cdc1912f4a136da895a0679e
SHA256 d3d8693144929eafecf0adf50ed0e22c126ab3f3def0ee194678f77421ad7951
SHA512 acf83bf6931dd4e69951d0cd7b19edd7939696004651b197e4d45ed728614e70c173f25bbe5fa20d7ba688730c971103ead4189ccbf871ba2340745a359b75f5

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/css/mui.poppicker.css

MD5 8986825478a283ede35ab1a3093ca1cf
SHA1 401c99664d466840263479bc8213b9ee777be2ea
SHA256 e2199909e67d2185bbe27bcc3fae8abd4ec4dbe3cdc8cd02d381eb10d40b1252
SHA512 3911ee47d8432d6f641bc3af2bfed9fde7423939af01e84a1eebf4e27cc276f9e560f3c928f6907ab4468192ecf558a8d0f0b9ae5598bc5398b62bb3a094dd39

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/fonts/iconfont.ttf

MD5 269c694b50f4cbad843a16b0f01708fd
SHA1 93ab16da88d7eeb8f096015258433b0e0d18b611
SHA256 f05cd6d093b94ad9e60e60a498c4d6a5091bcbc8e94aa1969c073d7df7985611
SHA512 60dc1b7ed4985aa8ccb944a1b43315b1f3d1fc53f5f6e3ddc541313231d8f257aa264a3d3d89baf812ea91cd6fe54169ddefd81f660c3b7296cd511db482d9a4

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/fonts/mui.ttf

MD5 8820b7f6582a3c45b7527ae6b183dd2f
SHA1 653442b2b482c577d07a631859ef5a76896d53e1
SHA256 b327c8e38b68245dac1fb9a8b5bf7f19fee0b2c656219b8dfeb3c906c1514ea0
SHA512 758a17a3881de1b8caa7fcbacec7279518909b4c667e3e12a498d29bec3b833c3279f69da07caebc25c4b940545aa1240cce1cce618e5ab939841b8bdb7c2564

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/images/0.png

MD5 231a688f422ee52a8eae2039a84f7ba5
SHA1 048179403c6721ba84fbcdcb9a3973c7ffc16801
SHA256 84a96043f24c794ac83c2a5bc1ff4dec5874cee859e4d35c4a68f6600c4628e0
SHA512 3292ded47da1c018765d1ea315b6773240898ab0c00a8b5403b83acdc2418e5115656a2aac420ccb1bd1b883868d6f02ebcff10804c0a4e17d5427a0e31fa5af

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/images/1.png

MD5 932f099d1caca3803bedc7b6dffcf3f6
SHA1 fe17a8f85537432fed7c7081cbbcb15136709b44
SHA256 d3a0a49d718d872b83d97414807dedf0b6231b7b4fbae22d945d9cbb1105a080
SHA512 6230d3e9d62ee98e51f02f0cdcdf22369a0da0c33720e8d686930d335c3dc38eb785e6d66a8d2f8b075cf76bd4904562dede34e1c7c89ece36f7bf72eb31f1b3

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/images/3.png

MD5 8efa6d4b3ca15f1389cde03dbbf805fe
SHA1 d03e01520c2859f6b515d712bae1a346aeebccbc
SHA256 88a4fbcc6c3fbe1c286fc00d869048b14854a1765a3d1e80bee9ff8fe0f1d7b9
SHA512 d4ab67e0c7ba0abbdef73f855a83825e2ccdec920cfe0f3630d49d0f963c791d4abc0bb37fe9373073fc67867b598be4ebed79fcf87d25a4e3aa04e229fbbb87

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/images/APP-startpage.png

MD5 7933a081600c45001688550339b3b646
SHA1 fe8cb857e90b0fed5592e916e9cb2b5fc9f0f8c4
SHA256 32e5570f559dbd7f25a7797dea34403505e9515bf6d9d878475f3de323096105
SHA512 7beaecbc129ceb09dc7415886a43ba01ad6391e86c99992e7c681abedb5977e523c16bddb14bd27014058b297d249f2f8c337081ffa60fe3a26619eb2d315f69

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/images/home-bg.png

MD5 bd08f469b59a839f4d21b3e7e30d7388
SHA1 176688ba513e42efa8f2be6d90680ac2c23b000b
SHA256 896883a20e757b616f7db2f388b9c5dc6c8da4d15f8656feb6159bc1adeacbb8
SHA512 e01b5d5dfd26776170b399d6248013dff8c9df172b12098d4fb5c9e63744fa570d3a8bf8f49130da0a5f81a0a07951a3ea2c6092de7c608429539252e71c5da8

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/index.html

MD5 3c46dec252ed51321ca16d99cd667109
SHA1 948efd70bd1e2bf76185d2e4f9ce923d45ca73bc
SHA256 cd518861b24042aa6dacd50aef11fd48c91420a962cddd729a633baee6e3facc
SHA512 5ba660d37385e8212f5f121af7264320df883d70f3e17d82255f306901bd435d2c55f8a33088de7b8cd5d77f1c1cb9cfa22371c82c30c079efb63d9a834193dc

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/js/jquery.dataTables.js

MD5 7f5cd6b9c6681190aba4bd63f2742d67
SHA1 e00ad6afc8671bd335fe918974b604e795ae2d53
SHA256 5623556e883f70af025fd2fc11c7726ae7d9f008110690f8291463fbb263cea1
SHA512 4f5a7e24a25091aee7a2ffa42a52de1ad23790e46932d0a1248ec62ca8492d9f29d927e26d3adc365823f4cc55e326f4a207ceac6fe2e4edd24e3e584f637286

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/js/jquery.min.js

MD5 91cc3b6309b63c1aeef33513d06f2ad1
SHA1 fb6a8e9e34f2ae00df682a9b8050287d5d0cb1f5
SHA256 a0e405cbc2cb17d67bc0e67b248ff15340df3ff2ee5516ae9a70fd3f6887c363
SHA512 67f70868e66a8183608cd497bf613d5a2c5b96bae6ed8b2d0acda77a3dccf581c3c700323d1add876d3a89bd9549f79b95075e03eb31902222a1dde08e58eb42

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/js/mui.js

MD5 e0e87339768fe3272600b66ce641b07e
SHA1 e3e7310ab409e1d20e28b7552933979ed5f3d91a
SHA256 57c0d35408afd62475aa889ab6d56adf5431a0d98276a7405f5551c2eb64d5ac
SHA512 9450f6db095dd51515a54e9c0faa5bf3066b99d7f3416c23eec38a2c6e3abe3eac31456d934981277e5fbe0f8e0b812dbd0b1c6c2a4646514e66ae903028b09b

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/js/mui.min.js

MD5 a7809980709ff1b270b27a39941421b2
SHA1 a8a0e5ba079c6200db0c21e226fab35d6277a3f8
SHA256 52ad62101ff628db5e1c87bdb6eabd5e3eda7f53c26a737693165d064a5f9d61
SHA512 eda7141fe4ac53e54d53f3f6b3b8ba5529e0b411803dc4d6b5c0f94b2c5c992a65b5d6d36b8c6066c1e426b720a55fe79f66adb07a573cc76223031e772dc024

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/js/mui.picker.js

MD5 81933de9951cedc9c3f1b9bb292f9beb
SHA1 b322280ec932e2879b859803f3027992125f9f3b
SHA256 e25ca3040739dadcfbe8bbd7c8260f0534c60f37f4bbc02b090d426782af53bd
SHA512 f66540ceec49f852c1dcfa86bbcd4e2a52a0d2b01f90af7a3faa2b97e59715fb5dbbe8596911e0082494b5e00f31140b284de6b2ab26996d909a52298e7bb3d7

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/js/mui.poppicker.js

MD5 bffdd65098158478eea76fbec10bf850
SHA1 cd7a180a544252e844ec5bd6a492b322140517bb
SHA256 9e4ca2479040f0721f93f875adabdd58d518f9a2665ea2749b6d6264f7c12e98
SHA512 6bfcf0c3673554d7041b9e0d2297291d28148017f94b5bfef1aed3595ac8303463edf220f230ed30198c52f65bc899678dc6e6d5ad1f96d48ef1afc250610805

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/login.html

MD5 8d7fcb4eb40d3435302438e173460547
SHA1 ffa5890b5aec1e7f84db1bfb51d39a19c11a502e
SHA256 4891087f3cfa9f02916dc7119a9a05a113401305b0284b23ffc7bd63866e0171
SHA512 bd7ced806bd11c18d4c9970b8973e9c871fe9240a5a100f63c2a8241fa1261f80147ffbd6a82568c9d3989f72294d2babdda6eec5ef82c09a1379ce79830e124

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/manifest.json

MD5 898d5bd8ae81f22e125064fffb15bd2f
SHA1 dea5cf3cefca1187da67cd7cf742ddbcd148c56b
SHA256 4f93dc2dc50217884a22fd690276f2dd8130f76287a862f6605e2d898ab0eb8b
SHA512 a1a4d1b15a33895d8e839da04489df772b9baceb5e4fa8b3d45c8e4dabe3ca0d549695688084b821c2ee92e8aeb44eab915be71d9c90c0c3a87432011463b689

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/DCJRWQD/index.html

MD5 d228c5103955f1bf69235c813d7bec63
SHA1 a4925ea944eaf44f21bef2289a3c64617491d7ee
SHA256 462e4d3fb34820aa51992a2e2cf81941cc298711a858b035913271fe737a019d
SHA512 890ece571b565d02c088f11d0539d60e600fc5c760004fcbbfaf32877e538f4e16a71f253bf53db8a97226f2df5ac969843acd668980198986f733b78d285170

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/DJQKWBD/index.html

MD5 d232dc841e9866a72ef72e8212f0e085
SHA1 682abc343ecd10bd5e5d84ea839a4460ee6827da
SHA256 491e7a1fa82788a394e37f5b2de658ee14b252afc0be6b4a52425226d9f9b717
SHA512 8e058a7763a7d3ff2c76229aa73d2e13e0c42f0b1ffbb0574d80ed56d63c4466e56666a041d13883e9c0c490ef270ca632c22d89e0261283c110170b66f35746

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/FLSH/SHQR.html

MD5 398131e909d31fe0102b37e152d167c3
SHA1 58b17b6fd969d74584e88df6419e8c60dbfffe6a
SHA256 14710dfbdac00d6ab0784d748f659c2eb6dbc5748c074547ce9080464408b602
SHA512 feb25c1b74016d2a890eaf3d21bc159aabe5621c9b292262e11ea3cea22425341b0d2b4d472d280fb6324b1197a35a357306eea6669faae4990d0c83b64f5a21

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/FLSH/index.html

MD5 9874828ce395771624a19977b3b0325d
SHA1 c7e45d86fd25835aa798e316b976f26a881225fc
SHA256 7c01f493344a7d0f168bb21ca1082f972466796288d5a6a5901f100e3ba8fb75
SHA512 6cd9c228511f972a767162b425f4422608f39543196e014dc46f99451611c4cbcc7eb1fc1dd0a9d02a07c14f4fd695174aa8a0155d5c2cc144de4604eb0db466

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/HQTM/index.html

MD5 9a4bcc4602b2a79454fa34a83f0e23a5
SHA1 0f3754fbd25be76a6d40a378b6c088c276164372
SHA256 4a24834c881d6642c511976bb0ffc4763d993e0dc475227527fd6218ff614216
SHA512 97dd3f82cb47079df2125c6a86fa6bf02a2b31e31a0ab5229b02b0cac6857f470e0bfd9c4be0ae669d3d6cce1a4de415d89fa71f8e28c49b22db855aff6ba1fb

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/SHDFH/index.html

MD5 303657800689842e21993392c56c9bb1
SHA1 f7a23acb3ca7aee27239779dc8613c2717e74054
SHA256 2e3fd42b93da4f23cd5da7bdbd560ef469f4c788f34a250b6454fbbf06d32095
SHA512 0d47bdb46c324c13fc7000cfea175bd74ca7a62b6bbe3455fdf677717ce93a93f27cf34bc8768b0c4dc60149ec92075713359ac3be399ef98cdae3dfd7ea111b

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/SHSH/SHQR.html

MD5 11d520c078d70af6dd56aa4cfdbab860
SHA1 1469d03a014fb66f764d764e02ac038d4355f0ff
SHA256 5660a1fed4230a3cde3dbdfeeeaa1e80e2baea6f1e1cd77d26977aeb356add5a
SHA512 e168b85960992bf25a6d4b4be37179526982c4c3e1d83b5d2b62f27fcf02091c52a0351d7f8c1db04daf6fe17835a81442a313320a0f304842ef5d2fdc764a11

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/SHSH/index-bg.html

MD5 9befce71c8cec497600ad3e386e3f1ed
SHA1 524a54028dded4d6e32eeccfe1d270d1ff231ea6
SHA256 b53e82888cd18af78384f81eacb538597e8decec4ee456669e983c4ef2035158
SHA512 56dfaa9332e860d9de8c2f9ac3cc49628f9eae370e7a6497b2395e7c1e438d0ba15dfd42721c83df31b299268d45df630ef797cf14efe75885b0dbae5b429cf8

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/SHSH/index.html

MD5 259da9d71b7af92b1293a881117643e0
SHA1 d55dcf31cb6d5d548829ab71f5e6f71246301ddd
SHA256 53767f6b0c4de02cd21c6a4fce38aee6fe7b5db48a2daea2038640af31517d41
SHA512 450cb937981697be2ddbf67b5acce005f812a8f2e5c955955adfffee44b394c7ef029e56a9aed5b103f6f70263403547b01cda50c68b7b43a1073d07f20f7a7b

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/WWCSHQD/index.html

MD5 be25b606d99c4cdad23f2d33d4c71b50
SHA1 47672b56b21e96a0e005e805616d9246d2e16932
SHA256 9d044bbb626ab7eb150bc6fc85a61ac1858c04e275afac3e9cfdd791c7865f2f
SHA512 c0b89f22d32c7cc8610e7c9f7e49934b742bc70f362f3afc9d7ff9447a71c9165b2f604768cb901bcdc628b8ee7ccd1cb43ef86d51b32020a54ec03e91ac054f

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/ZXJBRWQD/index.html

MD5 e41d5c987a9b8c016dc546f484697b53
SHA1 763744661a5a0a5d2a00b49e32d505ce51fc20a3
SHA256 d51965c11ec74c4c4047f8679d594e65a21dbc42dd340602fa7077751df3b9cd
SHA512 fcd4b9da9d5498f3f757e4e4a096beaf70197c93520496fd60e5c1462a99a004c55eed830cc85b106b9e1a7cf9570295327967deb7cd73dd150081ec870f2416

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/tab-webview-1.html

MD5 6afbbee379b0bf6c5c362bd1f794a96f
SHA1 c747fc679ad619d6edb033d25460dae7418f86cb
SHA256 7d0853d716a62ed031df0ba756667d9df2e15a36c0faf2f41860438b72ffc0b3
SHA512 b076ca2fb9f8e6b909f9f2e77a7b3b9e3992ff211271857c2f66a050e2edd3bdab6731dc2438d1e30525b56338bfd11972f522007e66d21ce6ba1eaae7006a38

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/tab-webview-2.html

MD5 e1b6c5843a5b5ee1f570ef51956f476e
SHA1 fea58b4f92a67dda6c4a1da6fe7d2b28043f2675
SHA256 16d91c69b298d1e99edce25fd7c07ec95a873fe524a538d1238d4f3955ab2206
SHA512 321b3ef2b37918938074e126a409bde4413c122e763bcf81ddf77fb5c77902027654e349a5b80c3d2107e0f4f4fb4abfb44ab62ea93aa8b35f072c254f827865

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-23 12:09

Reported

2024-05-23 12:21

Platform

android-x64-20240514-en

Max time kernel

94s

Max time network

188s

Command Line

plus.H58EF5770

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/plus.H58EF5770/[email protected] N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

plus.H58EF5770

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.api.oaid.wocloud.cn udp
US 1.1.1.1:53 ac1.dcloud.net.cn udp
CN 123.207.204.152:443 ac1.dcloud.net.cn tcp
CN 122.51.117.144:443 ac1.dcloud.net.cn tcp
US 1.1.1.1:53 cdn.dcloud.net.cn udp
CN 124.221.241.116:443 cdn.dcloud.net.cn tcp
CN 124.221.241.116:443 cdn.dcloud.net.cn tcp
US 1.1.1.1:53 s1.dcloud.net.cn udp
CN 118.89.133.90:443 s1.dcloud.net.cn tcp
N/A 192.168.220.200:7000 tcp
N/A 192.168.220.200:7000 tcp
CN 121.40.119.209:443 s1.dcloud.net.cn tcp
GB 142.250.200.46:443 tcp
GB 142.250.187.194:443 tcp
CN 124.221.14.222:443 s1.dcloud.net.cn tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
CN 124.220.203.60:443 cdn.dcloud.net.cn tcp
CN 124.220.203.60:443 cdn.dcloud.net.cn tcp

Files

/data/data/plus.H58EF5770/.00000000000/39285EFA.dex

MD5 75a8168e7080b90fc2956592c268371f
SHA1 3702da56d31f381525473364f031dc884e37076d
SHA256 0b9c032080788add7f5989d0ce145e66a4686ff3a43b0e48dec60bf18bf75701
SHA512 33536573c834fffab7236dd96c22cbc3d075ab70b622ff7787381e5c7c262ab62e0252f0d07313c9227ccc8308cd93cd96373e57fa55a066691d5b5cfb55f5d3

/data/data/plus.H58EF5770/.00000000000/39285EFA.dex

MD5 02f69eb4fe05ebc6c9f736d83e5f7e26
SHA1 777d75e14a73f5721fc4ae34f49a9a4b82311373
SHA256 13502356b7d3f910107aeff131e9c4a2b892744a125a2d1a2a206b219dc36042
SHA512 7c1f5d68d40bf37aef2e59aa9a4f96d1ef642a8db7e53295953b0b5fa3a63cd7546c5cf8ad3fc17f6b84a795a08e13024d8dcb3db828ca3fad634964cba69bcc

/data/data/plus.H58EF5770/files/.DC4278477faeb9.txt

MD5 974cb6baa4e69f54dc7cbc454277220e
SHA1 f80faac45d23af81573d839dfdfebf3b4c390d2f
SHA256 a48cfe78de783855eb8bada4ea28663274dd16a1330b39cf8199ee4661152ddc
SHA512 92262d2b2c201b5e8bf4a064ba38884219f2db0c091ace058b7caad831cbe0ef3b1b28e5527ac171893614d81e3ebaac69bc94b609767757b87753662cd415b0

/data/data/plus.H58EF5770/files/cnc3ejE6/eje3cnc

MD5 762298b93820a5cd8b6d8ec469078f7f
SHA1 d5b02a2ff3b235cd2b61ceff53a1d88b8984477d
SHA256 dc3f98a33c26c2796dc294b354831fd5ca9796295f4cb38479c80b145d4807db
SHA512 70f864211ce16679d0538abf9b7071d27c2d22ae458e32409d20065032c762dd186307ef33ede90abd9ac794a4ced8b163404e9799c05f0c515337249684311e

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/css/horn.app.css

MD5 39a4827fe734b74c53209ba1f9d3f4b8
SHA1 0d6eb39289ba7736339cbb80598be7ec4b490232
SHA256 c290cfd06e568b52a6179b9799e2d710299b5082ccc566082dfacc133e4ee881
SHA512 f05507e120266dc8a9b316484033286f4bfbeff9f0ac67ad05ed07d0625e7f47e881bc9e43af3ae87ee2524fd18a8bbfed81bd298315d19ac79087121a5c77be

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/css/iconfont.css

MD5 bbb3ec646999b30aa2c80431441de316
SHA1 0fd41813ce499ac96689716c68fe6889ae53584b
SHA256 79119d22b98a1e110ffcf8db50e74b500e2be6df815661fbd4308dc06f4040d5
SHA512 30a8a1045aa33565c2c5f4cb838125d37f7a775f422fbfba3aa1216f8761d509a7bc341badc443fdd0b5c68f3d33b8cbfaf7024120355de83392a26a2ae802c3

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/css/jquery.dataTables.css

MD5 e15066a8d7a9c01e113f639cad9d356d
SHA1 8883ab2a9aca27e0eaca5192b728b2ebce4547d6
SHA256 ddcdf1bdb6db588c79b14a72c39b60b422f64f5c631aa1fbfe788029100ae61f
SHA512 600e190bd19e604da4741044d77f06120ff1e83f800c6f51ddace4f25dac7c96d4104f13db4de70cd3d095cbaad2989149f00a4b353485f47176d6d1d05c0c6f

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/css/mui.css

MD5 5836f3f57e3a06a6aebf0475a81d6b16
SHA1 668b1b1d96f9c914b8a546bb6abd03242b082cd4
SHA256 bd7c4f0a849da629ee5ec336e69f9e19d490893c3653630ec7eaac73877a4fd5
SHA512 75c123d8d88f08698325e1486ee3a968ef9fa43c0437cd0738313343187e1d553f662dd96b60cf9c593ef719232a958b2b8c3c05fd71b67f21ceacd0edf367a0

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/css/mui.min.css

MD5 3ae39756b0c6e5a8bf9f7f297d4bdf23
SHA1 09aabd7e2c807f81e5a384d98d02669310f63996
SHA256 d76f633aed9520f7970796ac29faeb767e5f79b2869907aa1dbcfc7bbcfdb3e2
SHA512 43803f0d6358498847d1702993a21d9838736ad6b61b6829b00f38afb4c603f08a51ab5032c46f5f1fba9771779bb974eb925dd3395557756b11a29a3928f8d4

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/css/mui.picker.css

MD5 d4e0f601944f00f63c8a8709d5132005
SHA1 2c5062c122bf2cb2cdc1912f4a136da895a0679e
SHA256 d3d8693144929eafecf0adf50ed0e22c126ab3f3def0ee194678f77421ad7951
SHA512 acf83bf6931dd4e69951d0cd7b19edd7939696004651b197e4d45ed728614e70c173f25bbe5fa20d7ba688730c971103ead4189ccbf871ba2340745a359b75f5

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/css/mui.poppicker.css

MD5 8986825478a283ede35ab1a3093ca1cf
SHA1 401c99664d466840263479bc8213b9ee777be2ea
SHA256 e2199909e67d2185bbe27bcc3fae8abd4ec4dbe3cdc8cd02d381eb10d40b1252
SHA512 3911ee47d8432d6f641bc3af2bfed9fde7423939af01e84a1eebf4e27cc276f9e560f3c928f6907ab4468192ecf558a8d0f0b9ae5598bc5398b62bb3a094dd39

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/fonts/iconfont.ttf

MD5 269c694b50f4cbad843a16b0f01708fd
SHA1 93ab16da88d7eeb8f096015258433b0e0d18b611
SHA256 f05cd6d093b94ad9e60e60a498c4d6a5091bcbc8e94aa1969c073d7df7985611
SHA512 60dc1b7ed4985aa8ccb944a1b43315b1f3d1fc53f5f6e3ddc541313231d8f257aa264a3d3d89baf812ea91cd6fe54169ddefd81f660c3b7296cd511db482d9a4

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/fonts/mui.ttf

MD5 8820b7f6582a3c45b7527ae6b183dd2f
SHA1 653442b2b482c577d07a631859ef5a76896d53e1
SHA256 b327c8e38b68245dac1fb9a8b5bf7f19fee0b2c656219b8dfeb3c906c1514ea0
SHA512 758a17a3881de1b8caa7fcbacec7279518909b4c667e3e12a498d29bec3b833c3279f69da07caebc25c4b940545aa1240cce1cce618e5ab939841b8bdb7c2564

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/images/0.png

MD5 231a688f422ee52a8eae2039a84f7ba5
SHA1 048179403c6721ba84fbcdcb9a3973c7ffc16801
SHA256 84a96043f24c794ac83c2a5bc1ff4dec5874cee859e4d35c4a68f6600c4628e0
SHA512 3292ded47da1c018765d1ea315b6773240898ab0c00a8b5403b83acdc2418e5115656a2aac420ccb1bd1b883868d6f02ebcff10804c0a4e17d5427a0e31fa5af

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/images/1.png

MD5 932f099d1caca3803bedc7b6dffcf3f6
SHA1 fe17a8f85537432fed7c7081cbbcb15136709b44
SHA256 d3a0a49d718d872b83d97414807dedf0b6231b7b4fbae22d945d9cbb1105a080
SHA512 6230d3e9d62ee98e51f02f0cdcdf22369a0da0c33720e8d686930d335c3dc38eb785e6d66a8d2f8b075cf76bd4904562dede34e1c7c89ece36f7bf72eb31f1b3

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/images/3.png

MD5 8efa6d4b3ca15f1389cde03dbbf805fe
SHA1 d03e01520c2859f6b515d712bae1a346aeebccbc
SHA256 88a4fbcc6c3fbe1c286fc00d869048b14854a1765a3d1e80bee9ff8fe0f1d7b9
SHA512 d4ab67e0c7ba0abbdef73f855a83825e2ccdec920cfe0f3630d49d0f963c791d4abc0bb37fe9373073fc67867b598be4ebed79fcf87d25a4e3aa04e229fbbb87

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/images/APP-startpage.png

MD5 7933a081600c45001688550339b3b646
SHA1 fe8cb857e90b0fed5592e916e9cb2b5fc9f0f8c4
SHA256 32e5570f559dbd7f25a7797dea34403505e9515bf6d9d878475f3de323096105
SHA512 7beaecbc129ceb09dc7415886a43ba01ad6391e86c99992e7c681abedb5977e523c16bddb14bd27014058b297d249f2f8c337081ffa60fe3a26619eb2d315f69

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/images/home-bg.png

MD5 bd08f469b59a839f4d21b3e7e30d7388
SHA1 176688ba513e42efa8f2be6d90680ac2c23b000b
SHA256 896883a20e757b616f7db2f388b9c5dc6c8da4d15f8656feb6159bc1adeacbb8
SHA512 e01b5d5dfd26776170b399d6248013dff8c9df172b12098d4fb5c9e63744fa570d3a8bf8f49130da0a5f81a0a07951a3ea2c6092de7c608429539252e71c5da8

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/index.html

MD5 3c46dec252ed51321ca16d99cd667109
SHA1 948efd70bd1e2bf76185d2e4f9ce923d45ca73bc
SHA256 cd518861b24042aa6dacd50aef11fd48c91420a962cddd729a633baee6e3facc
SHA512 5ba660d37385e8212f5f121af7264320df883d70f3e17d82255f306901bd435d2c55f8a33088de7b8cd5d77f1c1cb9cfa22371c82c30c079efb63d9a834193dc

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/js/jquery.dataTables.js

MD5 7f5cd6b9c6681190aba4bd63f2742d67
SHA1 e00ad6afc8671bd335fe918974b604e795ae2d53
SHA256 5623556e883f70af025fd2fc11c7726ae7d9f008110690f8291463fbb263cea1
SHA512 4f5a7e24a25091aee7a2ffa42a52de1ad23790e46932d0a1248ec62ca8492d9f29d927e26d3adc365823f4cc55e326f4a207ceac6fe2e4edd24e3e584f637286

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/js/jquery.min.js

MD5 91cc3b6309b63c1aeef33513d06f2ad1
SHA1 fb6a8e9e34f2ae00df682a9b8050287d5d0cb1f5
SHA256 a0e405cbc2cb17d67bc0e67b248ff15340df3ff2ee5516ae9a70fd3f6887c363
SHA512 67f70868e66a8183608cd497bf613d5a2c5b96bae6ed8b2d0acda77a3dccf581c3c700323d1add876d3a89bd9549f79b95075e03eb31902222a1dde08e58eb42

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/js/mui.js

MD5 e0e87339768fe3272600b66ce641b07e
SHA1 e3e7310ab409e1d20e28b7552933979ed5f3d91a
SHA256 57c0d35408afd62475aa889ab6d56adf5431a0d98276a7405f5551c2eb64d5ac
SHA512 9450f6db095dd51515a54e9c0faa5bf3066b99d7f3416c23eec38a2c6e3abe3eac31456d934981277e5fbe0f8e0b812dbd0b1c6c2a4646514e66ae903028b09b

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/js/mui.min.js

MD5 a7809980709ff1b270b27a39941421b2
SHA1 a8a0e5ba079c6200db0c21e226fab35d6277a3f8
SHA256 52ad62101ff628db5e1c87bdb6eabd5e3eda7f53c26a737693165d064a5f9d61
SHA512 eda7141fe4ac53e54d53f3f6b3b8ba5529e0b411803dc4d6b5c0f94b2c5c992a65b5d6d36b8c6066c1e426b720a55fe79f66adb07a573cc76223031e772dc024

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/js/mui.picker.js

MD5 81933de9951cedc9c3f1b9bb292f9beb
SHA1 b322280ec932e2879b859803f3027992125f9f3b
SHA256 e25ca3040739dadcfbe8bbd7c8260f0534c60f37f4bbc02b090d426782af53bd
SHA512 f66540ceec49f852c1dcfa86bbcd4e2a52a0d2b01f90af7a3faa2b97e59715fb5dbbe8596911e0082494b5e00f31140b284de6b2ab26996d909a52298e7bb3d7

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/js/mui.poppicker.js

MD5 bffdd65098158478eea76fbec10bf850
SHA1 cd7a180a544252e844ec5bd6a492b322140517bb
SHA256 9e4ca2479040f0721f93f875adabdd58d518f9a2665ea2749b6d6264f7c12e98
SHA512 6bfcf0c3673554d7041b9e0d2297291d28148017f94b5bfef1aed3595ac8303463edf220f230ed30198c52f65bc899678dc6e6d5ad1f96d48ef1afc250610805

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/login.html

MD5 8d7fcb4eb40d3435302438e173460547
SHA1 ffa5890b5aec1e7f84db1bfb51d39a19c11a502e
SHA256 4891087f3cfa9f02916dc7119a9a05a113401305b0284b23ffc7bd63866e0171
SHA512 bd7ced806bd11c18d4c9970b8973e9c871fe9240a5a100f63c2a8241fa1261f80147ffbd6a82568c9d3989f72294d2babdda6eec5ef82c09a1379ce79830e124

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/manifest.json

MD5 898d5bd8ae81f22e125064fffb15bd2f
SHA1 dea5cf3cefca1187da67cd7cf742ddbcd148c56b
SHA256 4f93dc2dc50217884a22fd690276f2dd8130f76287a862f6605e2d898ab0eb8b
SHA512 a1a4d1b15a33895d8e839da04489df772b9baceb5e4fa8b3d45c8e4dabe3ca0d549695688084b821c2ee92e8aeb44eab915be71d9c90c0c3a87432011463b689

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/DCJRWQD/index.html

MD5 d228c5103955f1bf69235c813d7bec63
SHA1 a4925ea944eaf44f21bef2289a3c64617491d7ee
SHA256 462e4d3fb34820aa51992a2e2cf81941cc298711a858b035913271fe737a019d
SHA512 890ece571b565d02c088f11d0539d60e600fc5c760004fcbbfaf32877e538f4e16a71f253bf53db8a97226f2df5ac969843acd668980198986f733b78d285170

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/DJQKWBD/index.html

MD5 d232dc841e9866a72ef72e8212f0e085
SHA1 682abc343ecd10bd5e5d84ea839a4460ee6827da
SHA256 491e7a1fa82788a394e37f5b2de658ee14b252afc0be6b4a52425226d9f9b717
SHA512 8e058a7763a7d3ff2c76229aa73d2e13e0c42f0b1ffbb0574d80ed56d63c4466e56666a041d13883e9c0c490ef270ca632c22d89e0261283c110170b66f35746

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/FLSH/SHQR.html

MD5 398131e909d31fe0102b37e152d167c3
SHA1 58b17b6fd969d74584e88df6419e8c60dbfffe6a
SHA256 14710dfbdac00d6ab0784d748f659c2eb6dbc5748c074547ce9080464408b602
SHA512 feb25c1b74016d2a890eaf3d21bc159aabe5621c9b292262e11ea3cea22425341b0d2b4d472d280fb6324b1197a35a357306eea6669faae4990d0c83b64f5a21

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/FLSH/index.html

MD5 9874828ce395771624a19977b3b0325d
SHA1 c7e45d86fd25835aa798e316b976f26a881225fc
SHA256 7c01f493344a7d0f168bb21ca1082f972466796288d5a6a5901f100e3ba8fb75
SHA512 6cd9c228511f972a767162b425f4422608f39543196e014dc46f99451611c4cbcc7eb1fc1dd0a9d02a07c14f4fd695174aa8a0155d5c2cc144de4604eb0db466

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/HQTM/index.html

MD5 9a4bcc4602b2a79454fa34a83f0e23a5
SHA1 0f3754fbd25be76a6d40a378b6c088c276164372
SHA256 4a24834c881d6642c511976bb0ffc4763d993e0dc475227527fd6218ff614216
SHA512 97dd3f82cb47079df2125c6a86fa6bf02a2b31e31a0ab5229b02b0cac6857f470e0bfd9c4be0ae669d3d6cce1a4de415d89fa71f8e28c49b22db855aff6ba1fb

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/SHDFH/index.html

MD5 303657800689842e21993392c56c9bb1
SHA1 f7a23acb3ca7aee27239779dc8613c2717e74054
SHA256 2e3fd42b93da4f23cd5da7bdbd560ef469f4c788f34a250b6454fbbf06d32095
SHA512 0d47bdb46c324c13fc7000cfea175bd74ca7a62b6bbe3455fdf677717ce93a93f27cf34bc8768b0c4dc60149ec92075713359ac3be399ef98cdae3dfd7ea111b

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/SHSH/SHQR.html

MD5 11d520c078d70af6dd56aa4cfdbab860
SHA1 1469d03a014fb66f764d764e02ac038d4355f0ff
SHA256 5660a1fed4230a3cde3dbdfeeeaa1e80e2baea6f1e1cd77d26977aeb356add5a
SHA512 e168b85960992bf25a6d4b4be37179526982c4c3e1d83b5d2b62f27fcf02091c52a0351d7f8c1db04daf6fe17835a81442a313320a0f304842ef5d2fdc764a11

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/SHSH/index-bg.html

MD5 9befce71c8cec497600ad3e386e3f1ed
SHA1 524a54028dded4d6e32eeccfe1d270d1ff231ea6
SHA256 b53e82888cd18af78384f81eacb538597e8decec4ee456669e983c4ef2035158
SHA512 56dfaa9332e860d9de8c2f9ac3cc49628f9eae370e7a6497b2395e7c1e438d0ba15dfd42721c83df31b299268d45df630ef797cf14efe75885b0dbae5b429cf8

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/SHSH/index.html

MD5 259da9d71b7af92b1293a881117643e0
SHA1 d55dcf31cb6d5d548829ab71f5e6f71246301ddd
SHA256 53767f6b0c4de02cd21c6a4fce38aee6fe7b5db48a2daea2038640af31517d41
SHA512 450cb937981697be2ddbf67b5acce005f812a8f2e5c955955adfffee44b394c7ef029e56a9aed5b103f6f70263403547b01cda50c68b7b43a1073d07f20f7a7b

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/WWCSHQD/index.html

MD5 be25b606d99c4cdad23f2d33d4c71b50
SHA1 47672b56b21e96a0e005e805616d9246d2e16932
SHA256 9d044bbb626ab7eb150bc6fc85a61ac1858c04e275afac3e9cfdd791c7865f2f
SHA512 c0b89f22d32c7cc8610e7c9f7e49934b742bc70f362f3afc9d7ff9447a71c9165b2f604768cb901bcdc628b8ee7ccd1cb43ef86d51b32020a54ec03e91ac054f

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/modules/ZXJBRWQD/index.html

MD5 e41d5c987a9b8c016dc546f484697b53
SHA1 763744661a5a0a5d2a00b49e32d505ce51fc20a3
SHA256 d51965c11ec74c4c4047f8679d594e65a21dbc42dd340602fa7077751df3b9cd
SHA512 fcd4b9da9d5498f3f757e4e4a096beaf70197c93520496fd60e5c1462a99a004c55eed830cc85b106b9e1a7cf9570295327967deb7cd73dd150081ec870f2416

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/tab-webview-1.html

MD5 6afbbee379b0bf6c5c362bd1f794a96f
SHA1 c747fc679ad619d6edb033d25460dae7418f86cb
SHA256 7d0853d716a62ed031df0ba756667d9df2e15a36c0faf2f41860438b72ffc0b3
SHA512 b076ca2fb9f8e6b909f9f2e77a7b3b9e3992ff211271857c2f66a050e2edd3bdab6731dc2438d1e30525b56338bfd11972f522007e66d21ce6ba1eaae7006a38

/data/data/plus.H58EF5770/files/apps/H58EF5770/www/tab-webview-2.html

MD5 e1b6c5843a5b5ee1f570ef51956f476e
SHA1 fea58b4f92a67dda6c4a1da6fe7d2b28043f2675
SHA256 16d91c69b298d1e99edce25fd7c07ec95a873fe524a538d1238d4f3955ab2206
SHA512 321b3ef2b37918938074e126a409bde4413c122e763bcf81ddf77fb5c77902027654e349a5b80c3d2107e0f4f4fb4abfb44ab62ea93aa8b35f072c254f827865

/data/data/plus.H58EF5770/app_A0C44AEE2F919E2F88ADB4D84309C7CB/97282B278E5D51866F8E57204E4820E5

MD5 33f069c72ae093b009ec01cf7ce181ba
SHA1 6217605f343429a1e2a2881f6cb8f20f1ba21252
SHA256 dbbc14a712a18cf12c402687d308b75a643b4c6f27f6196eef813e0132dc3032
SHA512 c3fa722503dd97878b6b808a48788c66f05643de86952eda23e5726b1127172c8db71251e512d180223feea8505164da53b17d2276864c903a31865334276624

/data/data/plus.H58EF5770/app_A0C44AEE2F919E2F88ADB4D84309C7CB/48781BFA96C701DD12BC2B4C3ACB9415

MD5 8eee75a64ac1db2bc656a78c858345df
SHA1 b8d7ed646f5d262f3677f20723b291c65555be6b
SHA256 b4c5aa137874b46b22d640c668734f6945f7075d8b2d676dd326122ec8a2ad73
SHA512 d9611fee39ddf8427b682176eb7cb1b3a7286540f24b32e8a6c47e328b8ed55baf9285b6ea9fb8d3f2a473df77dd4b6a75d0e1011bff361fbdf0be81e2a9ab18

/data/data/plus.H58EF5770/app_A0C44AEE2F919E2F88ADB4D84309C7CB/E0ABA531044C06F9BF70DF99519D9636

MD5 d0adb7bef88c5f9f7cc25c532cae393a
SHA1 a066d9f4d24da632c4d56686c3fefaf6443c9c5b
SHA256 40686f819a867276fed2576da4d06d57a2a8fac06217be852a558266a7639c3a
SHA512 9805629f25c3fa6ffbfa1b21de4be8bd53b313528217ed686819c1d4a65905e5d8d33691c365fb38e6621095db86b0492609919f507752a7d1eefa21ef882707

/storage/emulated/0/Android/data/plus.H58EF5770/cache/AdEnable.dat

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99