34dd1e75b25484dc412335f9bbce647fe61f182f6563da3cf04e7ff75d33b022

Analysis

max time kernel
139s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f9269999b5d2b841741567dca74a3cc_JaffaCakes118.apk
Size

17.0MB
MD5

6f9269999b5d2b841741567dca74a3cc
SHA1

1969c59136036b1d7c8db487e3705fe7d0c3827d
SHA256

34dd1e75b25484dc412335f9bbce647fe61f182f6563da3cf04e7ff75d33b022
SHA512

0bbfc9930b7fb63e03d4b868a242a3cf323b49cef79b769f625aaf086e91a1e0d4520de97456a762256b50a6c9baaa571804de932275542b543263b17396f6fa
SSDEEP

393216:lunDqHEFwwT2JaLG1qUKuB+O2PO2lO238MTcW2W/QeL8fybWF66+N:lunDqfwTAoG1qUmlwe45FM

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

System Information Discovery

T1426

Processes:

/system/bin/sh -c type suio.dcloud.H5FFB5AE0:remote/system/bin/sh -c type suio.dcloud.H5FFB5AE0

ioc	process
/sbin/su	/system/bin/sh -c type su
/system/app/Superuser.apk	io.dcloud.H5FFB5AE0:remote
/sbin/su	/system/bin/sh -c type su
/system/app/Superuser.apk	io.dcloud.H5FFB5AE0

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

Processes:

io.dcloud.H5FFB5AE0:remoteio.dcloud.H5FFB5AE0

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	io.dcloud.H5FFB5AE0:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	io.dcloud.H5FFB5AE0

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

io.dcloud.H5FFB5AE0

description ioc process

File opened for read /proc/cpuinfo io.dcloud.H5FFB5AE0
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

io.dcloud.H5FFB5AE0io.dcloud.H5FFB5AE0:remote

description ioc process

File opened for read /proc/meminfo io.dcloud.H5FFB5AE0
File opened for read /proc/meminfo io.dcloud.H5FFB5AE0:remote

description	ioc	process
File opened for read	/proc/cpuinfo	io.dcloud.H5FFB5AE0

description	ioc	process
File opened for read	/proc/meminfo	io.dcloud.H5FFB5AE0
File opened for read	/proc/meminfo	io.dcloud.H5FFB5AE0:remote

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

io.dcloud.H5FFB5AE0io.dcloud.H5FFB5AE0:remote

ioc	pid	process
/data/data/io.dcloud.H5FFB5AE0/mix.dex	4257	io.dcloud.H5FFB5AE0
/data/data/io.dcloud.H5FFB5AE0/mix.dex	4257	io.dcloud.H5FFB5AE0
/data/data/io.dcloud.H5FFB5AE0/mix.dex	4553	io.dcloud.H5FFB5AE0:remote
/data/data/io.dcloud.H5FFB5AE0/mix.dex	4553	io.dcloud.H5FFB5AE0:remote

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

io.dcloud.H5FFB5AE0:remote

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses io.dcloud.H5FFB5AE0:remote

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.dcloud.H5FFB5AE0:remote

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

io.dcloud.H5FFB5AE0:remoteio.dcloud.H5FFB5AE0

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.dcloud.H5FFB5AE0:remote
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.dcloud.H5FFB5AE0

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

Processes:

io.dcloud.H5FFB5AE0io.dcloud.H5FFB5AE0:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	io.dcloud.H5FFB5AE0
Framework service call	android.net.wifi.IWifiManager.getScanResults	io.dcloud.H5FFB5AE0:remote

Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

io.dcloud.H5FFB5AE0

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone io.dcloud.H5FFB5AE0

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	io.dcloud.H5FFB5AE0

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

io.dcloud.H5FFB5AE0io.dcloud.H5FFB5AE0:remote

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.H5FFB5AE0
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.H5FFB5AE0:remote

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

io.dcloud.H5FFB5AE0:remoteio.dcloud.H5FFB5AE0

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.H5FFB5AE0:remote
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.H5FFB5AE0

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

io.dcloud.H5FFB5AE0:remote

description ioc process

Framework API call android.hardware.SensorManager.registerListener io.dcloud.H5FFB5AE0:remote

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	io.dcloud.H5FFB5AE0:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

io.dcloud.H5FFB5AE0io.dcloud.H5FFB5AE0:remote

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.H5FFB5AE0
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.H5FFB5AE0:remote

io.dcloud.H5FFB5AE0
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4257

/system/bin/sh -c getprop ro.board.platform
2⤵
PID:4286

sh -c getprop ro.yunos.version
2⤵
PID:4307

getprop ro.board.platform
2⤵
PID:4286

getprop ro.yunos.version
2⤵
PID:4307

/system/bin/sh -c type su
2⤵
- Checks if the Android device is rooted.
PID:4338

logcat -d -v threadtime
2⤵
PID:4489

io.dcloud.H5FFB5AE0:remote
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4553

/system/bin/sh -c getprop ro.board.platform
2⤵
PID:4587

sh -c getprop ro.yunos.version
2⤵
PID:4608

getprop ro.board.platform
2⤵
PID:4587

getprop ro.yunos.version
2⤵
PID:4608

/system/bin/sh -c type su
2⤵
- Checks if the Android device is rooted.
PID:4639

logcat -d -v threadtime
2⤵
PID:4689

/system/bin/sh -c getprop ro.miui.ui.version.name
2⤵
PID:4711

getprop ro.miui.ui.version.name
2⤵
PID:4711

/system/bin/sh -c getprop ro.build.version.emui
2⤵
PID:4737

getprop ro.build.version.emui
2⤵
PID:4737

/system/bin/sh -c getprop ro.lenovo.series
2⤵
PID:4762

getprop ro.lenovo.series
2⤵
PID:4762

/system/bin/sh -c getprop ro.build.nubia.rom.name
2⤵
PID:4787

getprop ro.build.nubia.rom.name
2⤵
PID:4787

/system/bin/sh -c getprop ro.meizu.product.model
2⤵
PID:4814

getprop ro.meizu.product.model
2⤵
PID:4814

/system/bin/sh -c getprop ro.build.version.opporom
2⤵
PID:4841

getprop ro.build.version.opporom
2⤵
PID:4841

/system/bin/sh -c getprop ro.vivo.os.build.display.id
2⤵
PID:4867

getprop ro.vivo.os.build.display.id
2⤵
PID:4867

/system/bin/sh -c getprop ro.aa.romver
2⤵
PID:4892

getprop ro.aa.romver
2⤵
PID:4892

/system/bin/sh -c getprop ro.lewa.version
2⤵
PID:4917

getprop ro.lewa.version
2⤵
PID:4917

/system/bin/sh -c getprop ro.gn.gnromvernumber
2⤵
PID:4941

getprop ro.gn.gnromvernumber
2⤵
PID:4941

/system/bin/sh -c getprop ro.build.tyd.kbstyle_version
2⤵
PID:4965

getprop ro.build.tyd.kbstyle_version
2⤵
PID:4965

/system/bin/sh -c getprop ro.build.fingerprint
2⤵
PID:4990

getprop ro.build.fingerprint
2⤵
PID:4990

/system/bin/sh -c getprop ro.build.rom.id
2⤵
PID:5014

getprop ro.build.rom.id
2⤵
PID:5014

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.dcloud.H5FFB5AE0/databases/bugly_db_legu

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/io.dcloud.H5FFB5AE0/databases/bugly_db_legu-journal

Filesize
189KB

MD5
c0ab8bbb529cbb7496dc2f58f81344e0

SHA1
5f7293bc0df27aef7dda7be84fd204cf12055e26

SHA256
7e8038023f3fb59cbfec1d1a589c05b5b8d9e1c4d55ad49a292ffc9e35730643

SHA512
43912df09ba9a705d3916b9d9212b79d449511693895efdc979d08ca03d09851b652c8af5166fb70866bdefc4850515185bfec49d01d818bb08f4b37e15fd955

Download Submit
/data/data/io.dcloud.H5FFB5AE0/databases/bugly_db_legu-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/io.dcloud.H5FFB5AE0/databases/bugly_db_legu-wal

Filesize
92KB

MD5
37945b9453528808ad50acd6d27ae7af

SHA1
8fd2dac155d3804cbf52e9454d2627e91230bd8a

SHA256
9f88e7ef02e95e1421fb4a2fdb0706f8b77e9f60dbe8937f2c5093f7d0f4e10c

SHA512
3fc53ce0ba9d99e3ee7cc174b0fc8583930cff869590fab68903256c226be8b5abc27736cb03d30680e95124c5fa679bfe86e81f53bff797184c14707c285f7f

Download Submit
/data/data/io.dcloud.H5FFB5AE0/files/libcuid.so

Filesize
32KB

MD5
db309efb9ad8470a698ab19f4b985734

SHA1
acf175ddc4622217e288bf6dbf9021fb338568a0

SHA256
6d5bf956317b4225a12af80d9034bcb3a1a71cef675e7565e4a92199f86422ce

SHA512
d21b175949cb05c9cb7d5b8c0999ecd761b74f8a2b158843dd29fdb6f9f37b7e243e33000c566ef3be9f9eee2c89b549b02323a1e3e7b4bcc161bb3424336f00

Download Submit
/data/data/io.dcloud.H5FFB5AE0/files/lldt/firll.dat

Filesize
76B

MD5
24ed3fb4c5e98247487648c20911864f

SHA1
d82b946619bde63f033c2ab89a7ac45c98ce9938

SHA256
bdf4581a79d4b060b8a9d10837645cea2e25971fdadade65562d781d38dc36a9

SHA512
e4d7211a6f80d80796536e8637a7b2f69c03cccdd8543417f827c1d36d172d018c078e8179ef068271c1afc76ef8ceb80568297a2f9dcc16ad0cdd92863d44cb

Download Submit
/data/data/io.dcloud.H5FFB5AE0/files/lldt/gal.db

Filesize
20KB

MD5
0267085075e43f90f8dfda78b24d88a5

SHA1
aa630edd5e46f1fdeea6952873a864cc23455602

SHA256
5138d1a254124cec2c569c602afbf5c319959a176454841a54cbc69365eb8ae9

SHA512
46024bffb40a095a24a00a88adfbfc7c3c740fa152eff93a3f5bf029f8234735f4f543129038df7002e1a919ab55677fcbf9eb85a9d64b801c7b6879b137cf5a

Download Submit
/data/data/io.dcloud.H5FFB5AE0/files/lldt/gal.db-journal

Filesize
512B

MD5
e6e0622050af0c44ea9fa032692a286d

SHA1
21896b02fbb2036f78424bf945b68ee1190d3303

SHA256
0214c6482186bf14a258b6c8e178d4dc18b1542dffd4efca3c4d3bd50cf50b59

SHA512
b8db1e658f4df74de071b1ca39ccccd52cef6a28aed72cdb01e496bbf067c880b94fbebbc6d09ad74c30316f2e10b6470fc9db8fad5ac6638cf03b8df89ef09c

Download Submit
/data/data/io.dcloud.H5FFB5AE0/files/lldt/gal.db-wal

Filesize
36KB

MD5
6c04b7e9f8d4e1a10d60e4a04e9dc570

SHA1
c8805c95623e5917789cb3930d24052cfa4eff3e

SHA256
be7d33e3a67c12d10583a82c9d37b85b76df1f73d8940c11d0e05aaea9f217b0

SHA512
84a6c77ba0af3921212b8ebe83ece1ca380fe7a3ef5d0470247410bdec0a0166c431f8228e80ca90d414289f007cf26a28877d62fd3fac6aeb903511c81f60db

Download Submit
/data/data/io.dcloud.H5FFB5AE0/files/lldt/hst.db

Filesize
20KB

MD5
af757be229945be283974841139afbae

SHA1
7effab66dfda5890e9c65b2538fb073a71502670

SHA256
9e63d4d76760ce8968ff4cd4ea3450981d377876b31a1c651b26cf4ab7282100

SHA512
e164c3f219121ec48481653693fff175db6ccdb5e9d66b63d4ddbb21d42069579837375ebf1c0525e697a7183bcb9a0b46a86707467269cbe5a55c7b7266bee2

Download Submit
/data/data/io.dcloud.H5FFB5AE0/files/lldt/hst.db-journal

Filesize
512B

MD5
177fe7878417c19d19ba50e8075204e6

SHA1
fb742f70d60b4e3e4b030c51143b8060c8b1fb93

SHA256
6c830204e438014d4dfa70db1692e2b12ceb34b46a6cc99a5c372fec015518e4

SHA512
1fe99b783f88e92e006227d1ef40be663a85bc3cc2ef7f70d9af813bfa3c460039bbac58110e46272a37c54fc1069f72c4a30132120db869e3a1264ebb83ed77

Download Submit
/data/data/io.dcloud.H5FFB5AE0/files/lldt/hst.db-wal

Filesize
36KB

MD5
703603909f72bcbc240ec7103158e46a

SHA1
34bb3a2dda64ed6ffd314948f4e3205c1cdd74ff

SHA256
5adf95ec0173a6776218493754583ee4bf805b190e9b5bac12e1427ae377ff54

SHA512
7cbee80e85fb4ffad1d79e30e3577ff79bc8c42d0821c1eaf0d39a970ada8fd429cc32697c09a66595f3afc0c80ea820b416ab8ff5605eaaa1b57c971dbe2b7a

Download Submit
/data/data/io.dcloud.H5FFB5AE0/files/ofld/ofl_location.db-journal

Filesize
512B

MD5
57638c61859efb94cf6eee227b760b4d

SHA1
d2b68080f5cc6983c6121134dad6a817d6500c9e

SHA256
12dfa98f16837f91ffae45972480c07fe6682d6af9ca8ecc7b1f226b61f1f6b4

SHA512
f68404af9f72e6a0235ae47308b67f5b20faa63d3a518e848b81eae20c3d68846cdd838ffe0989c672fcefde9691f9dd40e44e53f5aa89af7ac6f1e3bbaf05f3

Download Submit
/data/data/io.dcloud.H5FFB5AE0/files/ofld/ofl_location.db-wal

Filesize
48KB

MD5
d55edcbc8056f767bd433a8fb4405a5e

SHA1
cd628f1ae91c6ea28376ea9be252bb5657a41ca3

SHA256
f8dd2e0f49747cff18bf20b223e3bf2126e26cbbc83178ec5d51e1baa0b49e1f

SHA512
36e1c49d37c898f9d1da66eff6621166d5ce4f9f9020ae7ae714265b2408c94d57b3598dcab372e5d262eb0f0f24225089678a8a4bbf164620c3f52adfe4a804

Download Submit
/data/data/io.dcloud.H5FFB5AE0/files/ofld/ofl_statistics.db-journal

Filesize
512B

MD5
460aaa05906a16f836087bedf6a071b2

SHA1
54a3d3d313997f341a1a30bce50922d2a3e29e4a

SHA256
f391ae185ce0279c623677a493c56e4b76d07d52597b8209971fa80a08604d65

SHA512
2be39bc27961f882f55cc6b1f5edf13747ca776fddc24bc68b7e3b172c6e8a8d124fa26d3fdaf5a44e53124987e9d8016e99148793b7dac50c4223bf2121d04e

Download Submit
/data/data/io.dcloud.H5FFB5AE0/files/ofld/ofl_statistics.db-wal

Filesize
156KB

MD5
2c5baaa7d04db9af6cae4bd85cc99f8a

SHA1
447ed14e7d9d9133467e62614b19e2d2209ef00c

SHA256
ed4c8cf769a3a41a3006791a1f4b72157ec228445e79013c3e7e445775a65668

SHA512
6b624abd4bb331ac1f3736f720647290bbe9b98a91094dffa4f7108ea95a170a27223e405edeeaa97669210c2abd86cc13d225146f6872486b41a7c8f9aeca6b

Download Submit
/data/data/io.dcloud.H5FFB5AE0/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid

Filesize
512B

MD5
9ac9a66a411d643a6bcc00ba1670d7be

SHA1
1fcb46c1c70cd31d3ab428244c7a76a12ca86c25

SHA256
c6c2712d6b11ee84d5774d278cec7f718786d0c86f6625d79aea388448c81749

SHA512
14bf49e26b5de501abe1f7d565644f9316f52ac1516c2e5fef3e63d311cd0c5fc410711db84515fc3df52ab6ff47e1084e0b2d7adb8f7bea1b5e885b24061fc1

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2

Filesize
129B

MD5
5f4930cf980b8490f2dfc7aa72fa210c

SHA1
60a941e9d0c761fd1d0c72900540f3489d8fb417

SHA256
5556217ee39227995aacc0cbf18675e6f953614a3426a244d2064943f1ae5901

SHA512
583832261b7487442313f5c0193ca7af30f843b208317244b1c76b6b127ca97ad2f8cf766a93035355bf31915caa87e1c4e543d1e9dee65f1c4af5fa84181cde

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat

Filesize
156B

MD5
d4518c172dca609d28033eacfa83405d

SHA1
c7c6919abcb5c39e8483b26d0eb6f891b0f76488

SHA256
6b38cd3dabb9ad5923283a5db4e575ae7258e0943eb1f2e703834c67a745086a

SHA512
f6dbdd31bb15a8b68fae61d67958e5d7ba3f91637b81cbc3d324626c9ec14758bfa1159c3d8a3f16cd5d194a8358142f0db5c67a7fcd60adb5f24ea9e5f75390

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
7a5ad2df238497bae580fdfb8fb16fbc

SHA1
f45df2c167badf8eab2606a9d9b2215d83c893da

SHA256
ed3c5f21b745f072f7d5a2784a24a915f5aa94621ebd79c5ff640bdd835a8740

SHA512
324304172a7a847e9d283723b3695c1ed225c87304d0b302ae32866dcfe137d31dc766b8abc237500ea3d29307e2a8b67a3a48db4d21f12d669e11fde2a12ef9

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
55ca7adb3245ff3305fd65d184d58f89

SHA1
6ea42c3b532ca5637d51bc5481fb88452edcfa72

SHA256
d3c7bb702c7e4831a4357fea209dcdf95ce6f4731e5b1f411c5ef405038fc6c5

SHA512
caa31c3d632549b9dbf99649e823b507eaf6ed88a509a6889537955242be0d1638bfad2a7d575d8e3f1d718d91716b36e8d3a6df504cb178bb8e5c3760d38c4f

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-wal

Filesize
52KB

MD5
0886ef4ebd0041a973445d43b1c764aa

SHA1
370fe4923d121236d2b84d5ae34f2b345d70b741

SHA256
8139213cabed792aed871232bd77cbc364f3d9aeaaeef3c4f72dc13395bf6eb1

SHA512
c386ee084ff5124cdfece525b11ac2b579b679a86e66b4274f3fbb800cb282b6d8de556414b22a1717afbda5928e37766e653acb1a6503175acff7c52bf28da6

Download Submit
/storage/emulated/0/baidu/tempdata/yoh.dat

Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/baidu/tempdata/yoh.dat

Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit