Malware Analysis Report

2024-10-19 11:54

Sample ID 240612-mfczksvcpr
Target a04f111d7bf1aae4f631a46bfa07b7ac_JaffaCakes118
SHA256 d72ae1fd0e29933d696e3fdd0e7e80ed07e181b754534cc7e04a51c54edec8bc
Tags
discovery impact persistence collection evasion execution
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d72ae1fd0e29933d696e3fdd0e7e80ed07e181b754534cc7e04a51c54edec8bc

Threat Level: Likely malicious

The file a04f111d7bf1aae4f631a46bfa07b7ac_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery impact persistence collection evasion execution

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Requests cell location

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Requests dangerous framework permissions

Queries information about active data network

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 10:24

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 10:24

Reported

2024-06-12 10:34

Platform

android-x86-arm-20240611.1-en

Max time kernel

4s

Max time network

130s

Command Line

com.vod.infantis

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.vod.infantis

ls /sys/class/thermal

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

/data/data/com.vod.infantis/databases/MessageStore.db-journal

MD5 9f4df133dc91fa65a9928ae1585a5dfb
SHA1 d52425b9f131341ed14b50e7ecf432d20ed80ce0
SHA256 91b178ffef055512eb98d875a477cb3fb03ffd5bb85c8f61c32762a3e0348b44
SHA512 2b1818cbeafd25f9ff0a1930d6a27bb9910214885667a049842e5475f182ccbab757c3accdf46c1b5408cab0ad29728c01744c27060a95f5a6b62e7c7333f664

/data/data/com.vod.infantis/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.vod.infantis/databases/MessageStore.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.vod.infantis/databases/MessageStore.db-wal

MD5 d8168460e0f4d8778047f13249ad3b4a
SHA1 ea1bb43e19edd6fbd1d5509ab3f19edcfcf8e778
SHA256 8a921bc125a98ff036b3876cd166900651ba1959956a391ead687d2fcdb69d65
SHA512 1c67e2d8c2603f53817764303cfcefff31b85ca642d009ec76fbe0d308379ddde90f593ae51904954af1b4aa6b216db32c20d1ad40b24761026a8062ab0d9f4d

/data/data/com.vod.infantis/databases/MsgLogStore.db-journal

MD5 0ed5a68e86d77027de3aa2c27202bd08
SHA1 304443c2c6189f9b29f7ef84eaf4cedb77cd7c22
SHA256 190cf4126d3c75f3cc8c33f00ebd900ab2df0bbfb4581c036af40d11b4413db4
SHA512 f926ad6b16c2578a634090ec66990eaf640b2a3c80f6e57512a70895c55615e45af546fd91110b123dba84609717365fb0551c83d14c438ad0503f5f9db42297

/data/data/com.vod.infantis/databases/MsgLogStore.db-wal

MD5 700fd771e3028ca0ac52782c8887c4de
SHA1 bd29310aac58107f7eedbe786f1f8e5b7870bb8c
SHA256 baf5c3089d3180382bd7d8e4b5f2a534236f666bccf56611dc57eb52d9661ec2
SHA512 9ab3da1e93a444fac096f30bfa1b085e1b2bd35b75108c3975bb6911beae70eec0709dd290a30b023b882a22797a83a2953d21b3dce24197c99d635480781c9f

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9ab0c3b4971c38ee07394e4fbc4ac0c4
SHA1 4ec3d90fd3510521c090acb51d3b33e73cdb3d9f
SHA256 0677f8b565d1de584f8d10b2ff8a76cec3aa8eaece81a0a44b34a9b5bf23784a
SHA512 d119b052f0d1a3769244673dd54b68dd38df172618ba259ded4562bd61a95b1d05d5a947b6d89c630dc5b6451c0b758be9d4ae2f15fafaf1155fb48256b97be2

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 4f85cf4359c0091037ed0d49951acfd2
SHA1 ebeb4ba6085f16711677eab0ed519cedf8d498d2
SHA256 ba52f6aef1525525604d2826d01b718b0777f281bd84ef16b761b020fee4f27d
SHA512 f46cd9b886bd064fa7f9b1485f0e78eb1a0f9c6658b7ad30268472ca105bfaa4dcdacea4f730e45bbca99c6a8e401815bf2d30ecf4f583e0dfac697d167695b0

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 0ff4b6bc9ae8587dc6dc6716a9e519ef
SHA1 c2181e1bd0c15602a3ad7c5c0493bc5eeda8154a
SHA256 5c91f0458c02a08457a6cbca4cf5df65ee68380fd812e99a51fb8b7025b1c376
SHA512 3aaf1ec4b98481f7bb5dcd5b95c5ba601ea58dafdd39bbd3c020a6b6b9a87b2256d590c25c0432bae27a05f52ed55eba71cac2023f3d5b754b2037dcc0cb5ea0

/data/data/com.vod.infantis/databases/accs.db-journal

MD5 730027228a7f65617568e5962dd699e5
SHA1 0aa3c47d9c11efcfbf7320edaebe5f81b909f367
SHA256 ee3ec61cfe91b99e285d7bd83c58eea9df532d2b18bad46192e722f377c25621
SHA512 7cfed4a497d30877ebd64c1840484e3983cc86c9b32612d088707663d05026f726194132fdb4dde264261232fdcc8205cecadc221cd0cff411afc6b469401d75

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 10:24

Reported

2024-06-12 10:27

Platform

android-x64-arm64-20240611.1-en

Max time kernel

165s

Max time network

187s

Command Line

com.vod.infantis

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.vod.infantis/app_SGLib/app_1718187852/libsgmain_312768000000.zip N/A N/A
N/A /data/user/0/com.vod.infantis/app_SGLib/app_1718187852/libsgmain_312768000000.zip N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.vod.infantis

com.vod.infantis:channel

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 apkh.utrsed.com udp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
US 172.67.211.101:80 apkh.utrsed.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 ipip.yy.com udp
CN 59.36.238.16:443 ipip.yy.com tcp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 umengacs.m.taobao.com udp
US 1.1.1.1:53 dcs.puedcs.com udp
US 104.18.20.183:443 dcs.puedcs.com tcp
CN 110.253.188.241:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
US 1.1.1.1:53 dcs.putwbe.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
GB 143.204.194.98:443 dcs.putwbe.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.176:443 ulogs.umeng.com tcp
N/A 192.168.10.101:80 tcp
US 1.1.1.1:53 xak.ppdfvdz.com udp
CA 162.221.206.86:8000 xak.ppdfvdz.com tcp
US 1.1.1.1:53 akd1.pudisdz.com udp
US 172.67.131.197:80 akd1.pudisdz.com tcp
CN 203.107.1.97:443 203.107.1.97 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 172.67.211.101:80 apkh.utrsed.com tcp
CN 59.36.238.16:443 ipip.yy.com tcp
US 172.67.211.101:80 apkh.utrsed.com tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 110.253.189.208:443 umengjmacs.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 106.11.61.135:80 tcp
CN 106.11.61.135:80 tcp
GB 216.58.212.227:443 tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 110.253.189.208:443 umengjmacs.m.taobao.com tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 36.143.252.48:80 umengjmacs.m.taobao.com tcp
CN 36.143.252.48:80 umengjmacs.m.taobao.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp

Files

/data/user/0/com.vod.infantis/databases/MessageStore.db-journal

MD5 c9c0e49c01c13d82ef15a33839ec86bd
SHA1 460cdae05e012b53c9af7c3dece5bbba4f7ad1d0
SHA256 27645fef680dca12b94f746bb79f164d71ff2ab9705eb388be4bc49a073532c3
SHA512 44b92e46315b9aaf3061bb9a525672f839e732702e5c9d0cd11f5a91237d56f3cb09b4e66dc50bbb581b39b1b8fd979e7b50334d8ce86c16dbb423b051a74c41

/data/user/0/com.vod.infantis/databases/MessageStore.db

MD5 f3c0a042ce481e16b7272e33f3c5e1fe
SHA1 0f43b94fb1399c577e49acbbcdafda50eee1a56f
SHA256 2f1ebd494ac88342932fad54042e34856688af8849f0719c6833946875a5184c
SHA512 d110d6ae9feaa702249e2bf66337bdbe47dd3c881c2d14d06ef37d975502c090a30c2895a794876e2dab7fad51ba16ea71252d26c398cf71fa7be49643ad0525

/data/user/0/com.vod.infantis/databases/MessageStore.db-journal

MD5 6617ea659e091875ed0988641e27037a
SHA1 7388b6c1be7c86bf6926ec4417bbefc91643e305
SHA256 6e41adfbf8643f987d17b3b5c2e8a4c493517bdb280482905dc0fac9fea94277
SHA512 4a91c3f2bebc4376054336e637f11012bae571c257df638692b85817a3e193d4791482c879e471d2426a2405114d5596e40603578d9259095b750b0c3f49515c

/data/user/0/com.vod.infantis/databases/MessageStore.db-journal

MD5 b75cac05279cab38d6efb533996ccb61
SHA1 c71bfe9bb9bc8fdf16fb2fe28ac357863bba3186
SHA256 16b25f7296f0f6102380cc7dad7070246cb2b140d67539a42e9c25a8d4005542
SHA512 e31c6d676f96a44eedc0f11a8d94425dea582992209197ac2af4608c004447eeb37d0a6dc3031ff65ef35b3f860051d5bbe181724c74a4ce898bd2049e1d8800

/data/user/0/com.vod.infantis/databases/MsgLogStore.db-journal

MD5 21cb0ee1b6fcfe449223c1431239a77d
SHA1 d48529d8c7d3843de4f024b00ba75fea0bb4afe9
SHA256 13864f969acbb2a986f40f1cf93b68ad945bd16a83a6fa12ad51dbf15c87b936
SHA512 db0036974bd9e06559265e2fd97b292c27c8b259493962bb3367050061f65edd8c131701e119e53c450b8493770f65a82caf75aaefd20da858f5329ed2dcf04f

/data/user/0/com.vod.infantis/databases/MsgLogStore.db

MD5 0959e74e2817acfdabfdb68d85529179
SHA1 8f5c41874cdeaa88cfbf6639ee6629ea21b8ef88
SHA256 d72e232383167362c542ead685ab9ced49c41b857c4fe305f76779ce54634d0e
SHA512 b8cdb34e868b97fd09dc5c906217281b3059d2f15ee967693d77e51039726a6337def14a317a78c7bc8fb5c9b9414798de74a924ddfd995fc8bd3cfa5a1bf080

/data/user/0/com.vod.infantis/databases/MsgLogStore.db-journal

MD5 f7a790a9d0a14093eed5b1acd5953c96
SHA1 058a6d734f4cddbf4933d62ffd4290ec9dd6c5f4
SHA256 a8300dea9fbd362ef788f4274a162bf8d173b70503ed3cedd4f4d56ac2a4d5be
SHA512 e7d4b02ae578a144fefe730f071642966fc46bb26a7a38be99a74f62a322bb044f7fd56445b8dbe6e365cfe96e7ee0abee525e06ee58542d8eeed352c57cc3a3

/data/user/0/com.vod.infantis/databases/MsgLogStore.db-journal

MD5 7c0b5c6d1120bf3635cb815eb5e29f28
SHA1 cbb58092e164d3d098e750a608f3833f85a06476
SHA256 f2434b69ad5ddbdeb3796b9e34fa428cf6fc31bf987dee42c12816e3632a128b
SHA512 151d69445e8311fc78f40b5781e2e1f1d631e879e87a08d1076ac69d7ad5bbb8ee017fa4d5be934f9eaf1cd3a0aea87c40be405c2a601a845820d73705ec7a36

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 83b0ed934118455b55b3cac5e913540c
SHA1 9981be3486896d604c25f6db86cb2da95d39224c
SHA256 69f3915bf7cd8eb8dfa5fdac9b935829e0e308cb96ede118f76d82c36f2759d0
SHA512 652469d12af4d0d6c8b80d99207a216c0e47db17acfe2831867f707df409cb2297d592ccc0abdd6e3cb5c762983e03089fbe1f23bb9a82bb87bd81f8568cd6a6

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 8773907c826431616cee482bf1a7a7ed
SHA1 7d89c21021bb64e88bc39c35ea7b126bcac6a626
SHA256 96fa74f4a98c8a9576d4993b25b102c2107519020fc1fac3a90fe29f1678052c
SHA512 e9de4ca5b6382b331f6a1c4dcca6905594765013977e3fe19137631dbc294f6c9508f92772d0e70a78504d27afb34f4c6ad1c777e2bb77789c5bc3ea5ff7751f

/data/user/0/com.vod.infantis/databases/MessageStore.db-journal

MD5 d54f13ab64428d4c7fa3b2b3f5cdaab8
SHA1 968e8eeda3f38a8d49e4a036addc887de4eb6356
SHA256 3a775e74de0a61affe59936fe0eb5066977780b48d0cdff8878b52f81e982713
SHA512 a8614efee3f260981ef67e31e388b1ecebedfacec43d186414f6f8dac608b1b667f188d166fab01d1726243b8fa63a2dab4231d4a139c1119dcb9b6040acbda6

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 3dd16ee325f23f025656a6c39278ff1a
SHA1 49539848a8989659af4dd89598e28647b5b79a26
SHA256 e0e5530e88f58ad1b1dedb53af7a5ae2c32049ce27a1d1586065e9c0dec5cf66
SHA512 b207b1745c852e8521558c1d5f790b405e5e3f8c35562ecb9c0cf3184ff1094a76f5e953ccb5da9cdb4d5220b58de3257e7cd160efb2546920940e728aedb4c1

/data/user/0/com.vod.infantis/databases/accs.db-journal

MD5 950a90fa0b4465b1f9d93cdb4aed7906
SHA1 d1561eb9b53cd4b0eb02ecb11e568ad8a74855b0
SHA256 06d1689c123b422af80815754e0797ee2e03380a4eaefc7c5a686f084ac13460
SHA512 cbd756d6e7508073b0a7405ff67648479159147c8a8824d063e1d7f50638aacc965e91e7efc0335229c5b9c1e3463b77684f9dd5785abf3caed9fbf1b09f353e

/data/user/0/com.vod.infantis/app_SGLib/app_1718187852/libsgmain_312768000000.zip.tmp.4450

MD5 392c9f24cf741835f03e992783c99707
SHA1 688f7f070da4e8324ccbe45f02c6756047dc3053
SHA256 68f360f5597645bd4b906b1b28617d08ea8a267d79ef57da4000f4404452fefc
SHA512 540a8f6d15c97ed7e43c8a359f39a9195290129e19c3715e713866559d058dfbcf0492eaf765f7558dadaf8a9a4f1c80355a5ac580f05df59c62885cf09b8221

/data/user/0/com.vod.infantis/databases/accs.db

MD5 064201502ce25754236b3b5c12e24c65
SHA1 e2c89961dcf8306440bc99f7b058ef4680eacf0d
SHA256 b4ef8a71919ac4b6ef9a895a991b527f5c3316fd6204eb815366c9614dc71f00
SHA512 3f5af9d3e7fbca1c0a3f9ad5a8d8d8e1d3b3e3c79cfda89b6baef007aeafb4ec5738626fca1f682b73b0305a94a4e2bf17c0bdd4fc7fbacb80ed02c7affa44a1

/data/user/0/com.vod.infantis/databases/accs.db-journal

MD5 502458c9b59f471353544edb02d3deca
SHA1 a96e97604599d558d132439b4b88f77e6156775d
SHA256 0bfb6d61d0d512744db2cac1817bbd6cf236a3d39b3dc2375c0d7af164091452
SHA512 15ee16d362dff8c4ee3a78e0b1b9a33fd9e5bdb772eacf4bd9f45ef39eb935ea8d3dac6836bd85cda77fc75e9191b3363ff61de1a778c657d67f22014c463608

/data/user/0/com.vod.infantis/databases/accs.db-journal

MD5 fb4697f40395242c0c06893537e3d7fd
SHA1 b0770a5380ecf86eb67fd18fa681239dd86d37d5
SHA256 6cf5f6e46f6b3419911f6767ccec9239c18cb5f71111c84660b018a347886ec2
SHA512 df1ec1bd18b9f031a507ec939973281d5f8a57c6ddcb129a69a350fd986af665ab47f7ec469746a1d1e0bf4275ef3f4dbe77403f26a226319027b8859ad43ae0

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 743ec9c9390b80818f4f7c0c8df45c20
SHA1 2bb4dd23d06185a50bc7bbd38079726ea9cc2855
SHA256 416abb00eaac05c38fe14a47b4e3f1b11f78bc0a8b2cc418976ffabd11cc4136
SHA512 3bf5504af41038622e9f1cdd3c5f7069e7178cca1e5121262a2e1d561220316bb5173f3bb12d9296c3aac7b9ff1dc2c07278a5014ba6992b978199958d876594

/data/user/0/com.vod.infantis/app_SGLib/app_1718187852/libsgmain_312768000000.zip

MD5 c5bbb46c9d8827d1e4e00cd117a67cf5
SHA1 7491b3191670420fee58d60d6480066c07ce7d5c
SHA256 8a7bdd15bed9839a642b029044e42897d9060925c7598d02f954eb5572573081
SHA512 c6cc7c71fb7924a09f966aba49523672215b79e64cc1adedf505828862cab10ba0c033a4965a4724911f689512967e31146a02694db1d164bb383223a8c1f1dd

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 188a26ad38b0d06cf7a803514cf38dc7
SHA1 08615ed51747273850071f5abe640eac67b776c3
SHA256 8780903a381eb4baa120b4d9c323459b11b05d6afdc6b9bf4513cf04b93c7351
SHA512 7324c87b5c6b258a03862d6a73a99bb86e4274bc545e9db9ba42092a8c78e5e34ec66fc7a379f30c7ef3c8c3fb2374544a47566af997c14a076b005d7cf72874

/data/user/0/com.vod.infantis/files/umeng_it.cache

MD5 c608e4655bc3a83c83764c390ddcf6a2
SHA1 33150c5902a8347b5c54a2ab7c5f382e36eaf6b6
SHA256 bdd5b7b52a2bc87fce3e70cea92a183b26db2bb87ffa49513637bc73efb353f1
SHA512 692298507a5acbf922c68769f4edcf85c70e97da13d2f056df8ee96a6f1d1e0de7680137e48071098eeb5d3d1c9bfe6b12588fcfd5a6ef39860c25bdc049185f

/data/user/0/com.vod.infantis/files/umeng_it.cache

MD5 d8843fb4411d36b103d59f18d4be1d9d
SHA1 32977e4e097a031ae67a30866cc35d9736016aa5
SHA256 7648afa950715f16e661683f05f2a3274556189e1efaef57990eec2a6d1a4539
SHA512 1642b9dc4a3b5968adf86dc908bd69d34ca1dc6fe5aafedf277cbc3150092fe89b9959b239f741131113b4cc525a3319d7f05745989c5cc7409dce047d5ed910

/data/user/0/com.vod.infantis/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MTg3ODYxNjAx

MD5 a4e086a76c722d02bdf3532f3111fd2b
SHA1 7c55069c8f29da2745783bff80e1e85ae995de50
SHA256 329687c4e5364ca82adce23a74f0ac0a26ed536d1540263a0337be0decb56f20
SHA512 6f9a19b88df150f1c5e6c564942dc183e2e8c24febe8a26a31fa2372494a5a36ce919fd0f02f7b0d49d4688532abc04d6b02bd1ffe71c53059feadd637a16e4e

/data/user/0/com.vod.infantis/files/.umeng/exchangeIdentity.json

MD5 803834851b0444c3cc1df6ae3dfc771c
SHA1 1de165a2fa52ac7d07d7fe280338b6e6ef41fdd8
SHA256 fc9ca17eba68e8606186c59700b68df9c06228a05b01bd39ad5040aec62c0a03
SHA512 1e422335cc2c1461b12e4a6259017bf24ef1c097bbdd860d1f64bbdaddc131132ec48f530460436f037996bf749c5c7628197d7c4ea230c83918e4f24e180a6a

/data/user/0/com.vod.infantis/files/exid.dat

MD5 bd89c2fe52ece95323f633dbbf143b44
SHA1 ff829b2a6f944819f6c67a12fb0979d43e171577
SHA256 f6c9421750a425a4a989c84c6cc5a19a096dc0470000acccae8a6b539e3e2504
SHA512 b8c906729457445541dd29c9cbf8fc25d9a359bf8436b18b9c843047cea0d91143a08d5129916653bf398d4996be13a0eda291fc1bf2c278606eee805f16cc2f

/data/user/0/com.vod.infantis/files/.envelope/i==1.2.0&&5.13.6_1718187862502_envelope.log

MD5 26bc1fa725654e30f125a41d286151f8
SHA1 bdfe904fd6639a6e6c7dae58c0741e70c26e7f9a
SHA256 9227450a947bb70c90fa7c926ad2cb3f54c2ae4e1d8c2bd169565b60d8850396
SHA512 d517849067d6f658999152e477f65ad0289c8ad5ec7b765358b7fba784b93c6717b91bd3d18bfb8c7a7e285dc7dbd490b80ae167a379545961d870eebd05cd9b