Analysis
-
max time kernel
179s -
max time network
179s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
12-06-2024 12:08
Static task
static1
Behavioral task
behavioral1
Sample
a09ddf8bdf8c22ce34d50706caabb271_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
mimo_asset.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral3
Sample
mimo_asset.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral4
Sample
mimo_asset.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a09ddf8bdf8c22ce34d50706caabb271_JaffaCakes118.apk
-
Size
26.5MB
-
MD5
a09ddf8bdf8c22ce34d50706caabb271
-
SHA1
725839ff19112ed1f3bb07f57b07dc1311c59c0e
-
SHA256
54e486320d2716328fb40f7748bf7bb08385961162f90f9ae01ff47630f0d18a
-
SHA512
824b108505039121bf750c2f0ea0c1456ea469dca016bf5d61e33f0ab0a87569cbec58d1c6c88886cc35cdac2d4f79714371b7c8e659cdb3a0bd84ee46c9ac79
-
SSDEEP
786432:fbDQL3fVGuXe9RQ37Rhq03LpidNQIqACaNB:fbDuYWeA7/vlcQIMa
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.lywx.qsjsj.mi/system/bin/sh -c type suioc process /system/app/Superuser.apk com.lywx.qsjsj.mi /sbin/su /system/bin/sh -c type su -
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
Processes:
com.lywx.qsjsj.midescription ioc process Accessed system property key: ro.product.device com.lywx.qsjsj.mi -
Loads dropped Dex/Jar 1 TTPs 6 IoCs
Runs executable file dropped to the device during analysis.
Processes:
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_GDTAds.apk --output-vdex-fd=67 --oat-fd=68 --oat-location=/data/user/0/com.lywx.qsjsj.mi/files/oat/x86/lygame_plugin_GDTAds.odex --compiler-filter=quicken --class-loader-context=&com.lywx.qsjsj.mi/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_TouTiaoAds.apk --output-vdex-fd=69 --oat-fd=70 --oat-location=/data/user/0/com.lywx.qsjsj.mi/files/oat/x86/lygame_plugin_TouTiaoAds.odex --compiler-filter=quicken --class-loader-context=&/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_OnewayAds.apk --output-vdex-fd=69 --oat-fd=71 --oat-location=/data/user/0/com.lywx.qsjsj.mi/files/oat/x86/lygame_plugin_OnewayAds.odex --compiler-filter=quicken --class-loader-context=&ioc pid process /data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_GDTAds.apk 4413 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_GDTAds.apk --output-vdex-fd=67 --oat-fd=68 --oat-location=/data/user/0/com.lywx.qsjsj.mi/files/oat/x86/lygame_plugin_GDTAds.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_GDTAds.apk 4316 com.lywx.qsjsj.mi /data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_TouTiaoAds.apk 4436 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_TouTiaoAds.apk --output-vdex-fd=69 --oat-fd=70 --oat-location=/data/user/0/com.lywx.qsjsj.mi/files/oat/x86/lygame_plugin_TouTiaoAds.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_TouTiaoAds.apk 4316 com.lywx.qsjsj.mi /data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_OnewayAds.apk 4463 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_OnewayAds.apk --output-vdex-fd=69 --oat-fd=71 --oat-location=/data/user/0/com.lywx.qsjsj.mi/files/oat/x86/lygame_plugin_OnewayAds.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_OnewayAds.apk 4316 com.lywx.qsjsj.mi -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.lywx.qsjsj.mi:daemoncom.lywx.qsjsj.midescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.lywx.qsjsj.mi:daemon Framework service call android.app.IActivityManager.getRunningAppProcesses com.lywx.qsjsj.mi -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.lywx.qsjsj.midescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.lywx.qsjsj.mi -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.lywx.qsjsj.midescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.lywx.qsjsj.mi -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.lywx.qsjsj.midescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lywx.qsjsj.mi -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Requests dangerous framework permissions 15 IoCs
Processes:
description ioc Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.lywx.qsjsj.midescription ioc process Framework API call android.hardware.SensorManager.registerListener com.lywx.qsjsj.mi -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.lywx.qsjsj.midescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.lywx.qsjsj.mi -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.lywx.qsjsj.mi:daemoncom.lywx.qsjsj.midescription ioc process Framework API call javax.crypto.Cipher.doFinal com.lywx.qsjsj.mi:daemon Framework API call javax.crypto.Cipher.doFinal com.lywx.qsjsj.mi -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.lywx.qsjsj.midescription ioc process File opened for read /proc/cpuinfo com.lywx.qsjsj.mi -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.lywx.qsjsj.midescription ioc process File opened for read /proc/meminfo com.lywx.qsjsj.mi
Processes
-
com.lywx.qsjsj.mi1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4316 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_GDTAds.apk --output-vdex-fd=67 --oat-fd=68 --oat-location=/data/user/0/com.lywx.qsjsj.mi/files/oat/x86/lygame_plugin_GDTAds.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4413 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_TouTiaoAds.apk --output-vdex-fd=69 --oat-fd=70 --oat-location=/data/user/0/com.lywx.qsjsj.mi/files/oat/x86/lygame_plugin_TouTiaoAds.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4436 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_OnewayAds.apk --output-vdex-fd=69 --oat-fd=71 --oat-location=/data/user/0/com.lywx.qsjsj.mi/files/oat/x86/lygame_plugin_OnewayAds.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4463 -
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
PID:4623
-
com.lywx.qsjsj.mi:daemon1⤵
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
PID:4342 -
getprop ro.product.cpu.abi2⤵PID:4373
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
3System Checks
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
226B
MD5ed1123adb4f5899c9dea5e47717c2312
SHA1897763f972351fa24b3cbcf7639cf9a7e73ff3c4
SHA256e37f48f269bb295be8c743981be33bfd8f5031e78414c938f764a3959eea2e83
SHA5120d0a9228f9616d7addfb2a81b9f740049afe4c7e4cf83cc2795797a53e7ff4c7c05aa865eab0aab4f4abe9a74af81f8792a00ea59e5ec9fd504fdd582b895cbd
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5389b4f2a6450dc1c89a0bf0cade84ff6
SHA107e29c067f8fc44aace950d3ccf4212ad7ad9e2a
SHA2563a99966a4628f5138ffa891497532aafdc60129ae90042a58a8ecf6dac5406ff
SHA512a7a7d786c89262d90a50f009e59210a66a21cf97e29965337e6b6701c46b8e6c866b1efd3bca9e22ea8c6e3d9c3fcf0e1d1cb35e9f67a09a5348deadb65a7e81
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
84KB
MD5c3dd59a1d360d431b7e63f31cbe7260a
SHA17f78d4db73bbd2e86a64fc66abe84931abb4c0f8
SHA256727cab672f795994cb4983fded224def03e7bc3e51abaef7710f8c0f575e7fae
SHA512802f60a38b490c3762c67dc87efacc7ee34a9d5e3603955125aa62225c5136e5d0095dc147d618b32aea9eb3097b27ef43da05e8a3c5f4edfbe992c3369757e8
-
Filesize
512B
MD5bbacc69410571606a6573f65f800a430
SHA1c0c32cd9163005015b90b7f987fd24c3074af912
SHA2567e64d2cf5858bb06abdac154e9ef2c4e8c4c3c8e9f7db126e490d181566453ba
SHA51247f78474b4aaf99b456ef668d4c99b05949a10c21fccfb20daeb1a85ffe3992c6840edbde3f03e15f701b4e1d98466c7cb495959c3f3305ecb3c2f0713c5d4b3
-
Filesize
32KB
MD55d00b547580e5524a611baa261559b45
SHA10275fc7d5a4690c5861058ebbc54d49adc6d6714
SHA2560514e59503489606648030755680986a5d289164d2ce1856ba9e488ccb2fc945
SHA512976cc65f36a13a255b6338a41e0cd9fa2a1932fbe28421750b0debac0ba15e0a7d3c9a7bde7aa27f535577f97a9f3e01e736ef03d9a6e605d2bf3d325110fe83
-
Filesize
512B
MD535bb54457f28dbf080c91e590d805541
SHA16e9a4e068573ebde6e1bd37f7abd583f92da391e
SHA2563e38e55eee9c75f4cc6b2147ae2142199673a8a1ac378d2a36db22728c38c635
SHA5124741a3bc6ffa657dc1a94192092077b1a8ea08ae518b76eeb8b4a4f5094fbb3daba53a5520bef573d64a7deb96d44f5b51ef476c0f50297f80e2f51df4015140
-
Filesize
28KB
MD5643072142ad81dcdc4ae7592192f50a3
SHA1cfe83d9441180a7c9029d13a4599169745caac24
SHA256169d62c329a8c8a442b5445d048469eeb6a4f032ac58e55ec350046c4f871766
SHA5125636be87b9863a84d39399101002db9e76824010baa3ef34d3f88a9a4a15f84ba94cee098daaf5a863cdab4e3250ecef4546b54c6b55ddf5d832dfd00f5a9673
-
Filesize
12.3MB
MD5781164d8a7483ef7e77050ef4dfbb92d
SHA1e377565f63019b5531762e1227756d43210b1a0a
SHA256055e70519c769a7e6ad1c81f5420d277af418a25db9ba1b457b030c1b7f20bf9
SHA512fc0bb76e21df757832a60de193494a473fda041ba8614633641efce74c2b5ee04c01f285f9092b55e4771989a630a92d2cac422c1f10276190dd405989a4adfc
-
Filesize
709KB
MD5931ce07e6451ba502b082a4693ca3acb
SHA156dff3ecc65f2a38b7c1ba35565f416a75a34455
SHA256ac149872e6738ab39c5610f061b0574cab51b498dd787c2c552c084b69f627ba
SHA512d2083116bcf23d512704f9e6bbb0570109171018a33c06bee1dd4d580a903df2580ee74318bdd25e6cf2aaf741b074680ae635313c235e6b62f4ecfa21c1a6ff
-
Filesize
94KB
MD50ef2f2342d10cd754b330e08648595b5
SHA1bbc5ae813e805aed1f586b6d47e975ef080f8792
SHA256764bae0b061e0125ae2f2e128516e4e52ee027e30a23348eef4d9b394d19a778
SHA512b84222ae93f2ae02629bf39325afd8594681af7a2ca83a123d91753ab544cc51b3b2c094aa859b8d82a7003a6a8abbd2f89f13cdddd888cf4eb6130bc7ae13d6
-
Filesize
510KB
MD5aa3b7a6d2c79e179f728f024a97a9311
SHA1468b76473a7d065c7b7dfd0537ffa45a22d008b1
SHA2561e662710f4f782b33ed0f99c266fed49981cba6d99aadc6dd575f502bb5b8e55
SHA5121a707c5399a9d5b43118ea2cec89a26f0f33f32c359f9f3fcee23b1f7582a2c6389e0d96d11e8dfc3b7c28479a5680fe66a8b29484460ede40ee68628f96311f
-
Filesize
705KB
MD572cd841ac4e99b3dadf21b5141e158ec
SHA1a03ef7c7cd2cd854e5fc1e4a888fc175bbec82ab
SHA256cf6d07c32c23a870adaa2878b7ebcaebf8ac3e831acf2e3bae8f24c62749639a
SHA5121ef90984864c80497c819c8a2b4884095e392f59f318d4aa93a84a3523512195553cd1d894a087f18b7703428565367d8ab5ad8f5bbc4c9016500fae7cc08a5f
-
Filesize
94KB
MD568cf11a6c1354dab3a008b1c51b7ece1
SHA1def6cabac9819a805c44ae2a4a96f5c70d6afae3
SHA256e7968cb4113d020605548d5b140a838bcdefc71ff82dc84de0dccc06c516028d
SHA512e61c1b2cfdf50967df1b858a8f6666dde978f9ad6d63533e5cd8c723f874183bd03a71eae353a28043bce1f7fd5dbd0335af8fb72593669bab22577a7fe344d8
-
Filesize
486KB
MD50a661884c3b4d2a54886fca6cd889c6d
SHA16adad9d9f1abb99bd8ed926641c4f630f7adcd79
SHA25640b021c7a3ece35e9ef8e0ef1c06ccb8e3461dc72a15f98afeb59eecdfbf01e2
SHA512e3595a90e6b0aae72f1935efee04c1272e61d3fee9f8aecfb1498d85316fb7a5eb79d6902f15c2df893455ff15cb1bf73463c9fb81f6ef714d74605dff8bd1b6
-
Filesize
50B
MD572f76cbc8a7eb87e773aad7038b922d0
SHA16f3ebf00f3d9fe43bf89dcc25f6d76040dff1cd1
SHA256529c35cee259772a7faa92c62661ad3807432fc481665b91effffc0178f6a09b
SHA512af0f659d9a379ff1b0b78d6f396070857e970022f779c1f49e0132052e5920aca31848344029bb4a7b9e9a70a77bbc2ce140c78b40dae5cffd8d46ffa67f203a
-
Filesize
112B
MD5292dbcd416ed3bf813315e96392cdded
SHA1a8c1f9c3280a0846a726a163d9b87aff5e6def2d
SHA256c13013432c0917a05e1814f670904988bafa80a3f17460a4d31ed9fde9ef3653
SHA51233ce0fad42bef33f86d3ae81e83f29ded5f12739f82e5d0877e17f229664366df5d1d4cbfd526f69b1640e2c0467da6dcaa4381f79233120f357fffb90eebe33
-
Filesize
48B
MD5340611b379e362128c71623c5e8da1b4
SHA10673cee3ec93948c5474f182f9bc0bf0dbc0076e
SHA256ecbb19ea2633933cda78f7ff1d954581fb582f04a4ef3104c28b20c9afe65f69
SHA5127f6aa02295b963c4f3b1f93118e5a5230d163b54faafd0efb2ce3d5a8af9f1d8327f612013332388a6e10fb851496e147e300acc4f8d79389ffbb04ca2dd7555
-
Filesize
2KB
MD5dda544c5b28d7efd7b62d6e38a4ce716
SHA1b45c049f0641573414a1fc28bc931c37b0956726
SHA256c8a4bc52ac2d639af2869987b707bd553b42980960ac7712ccd81ce016c771b9
SHA5120c9d487e2cd5fe38a828b62f98303a40582442d4d81bb3c2faa678f804b444b13509e8377526cacc19758702de226f8eea9f7017865e1b539b9c904ee39f27d9
-
/data/data/com.lywx.qsjsj.mi/files/res_raw-assets_25_2532633e-1164-4a10-b7a0-0c13c348a30a.4de95.mp3 (deleted)
Filesize349KB
MD54de95f934ce7808b1c40f5d5e1af4172
SHA1a1def3318929cc0cdba8a81c79801d6a1ba7d967
SHA256fe6ed4264bdec5eaf3bb220afd896dcf8a3785ea7f39e6aedc42050ad40fe3d3
SHA512200175b4d972a492699abe125e6c890dd9f278fd2a76b79776d240818ba5a4913c27fcb24ada6ebf2646c7202c15ce2e558ad01d606b735e03ee999dd8387ebc
-
/data/data/com.lywx.qsjsj.mi/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MTk0MTY1ODkw
Filesize1KB
MD54d7667c112f47a56f7e60faf3d216683
SHA1aea19708db5024a8b7c2fc4076801575d46d0b61
SHA256d0d967f20c215879f737de2db4611665edbe47f833df4671ac513576ea98e44a
SHA512577d95b90145ed243f671364fda04936d862bb0d2b12232070b88280491c752684c51c4fbdb522167c639914a2dad66eb9420236db9f742d0b28a8d5f09ad150
-
/data/data/com.lywx.qsjsj.mi/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MTk0MTk2NDY2
Filesize1KB
MD55504cd448000699bd4199d82c0e59e7e
SHA12ce476bb81ada8060e21e84e8331a9fcb7c26500
SHA25667f95780907833cc0ab58b02c659ba4206d6491520632df2bea42e12a20aaf86
SHA51293f5a53152911ec666c6d99652b49f5b8e29449d8da012b6ed88f33e8a9b763ad2e526cc8f92dbefb77a593ff9ca508e6a80c8e92e9bde3bc87e550597f082f9
-
Filesize
498B
MD5516bb7e095c24a0fd811decdde3e3ae8
SHA102dae1148b2fb45120dd8b5b2a0b09f1649c51ee
SHA25697f25ed0c1797e6316a67d3b6d8faf516a85759dfa280586c29cd2db87f0284f
SHA512355df2c1f0fe8490b05b1c16cb0afbd9c319250b89118ad11adf90e85c701aa85e87f94fc953a2ffc5c02cc8e5fa0c8955584a5cf9dd868225e90d09584c7017
-
Filesize
241KB
MD57000f79fca68c3980ec3683c2dda6757
SHA10383b5f67f43870afff749b5b013f0d3133b9bdf
SHA256755b0e572110247efcd9d6e81e49c76177c28fad1e5e50eca56ead086e1b19ae
SHA5127c6015508fa55960db7a2e8e5b5e4593ced567652b28bf4e9f6134881bd5dbd87e4f38db1db429ca4e58a4daebf44d17e222efea844df48539abbe1399512148
-
Filesize
241KB
MD5cdb7e97870091947b53730a9a079c993
SHA1b10ff45cd2ddaa341776adfed03b9563b8859549
SHA256e9c03afa896ef90ab686580e464b287577126ad76d8db00040dd41dec8bd83c3
SHA512a880bbd8f30bd5a35e870d399866f895baa335a17cd55777478b1d49f3afc386ed2fa9aaef7c6a04ca6ec308d1c85aa8d29eb43fcf862e838eeb5ed0799a154f
-
Filesize
258KB
MD5d7df6e3388edfaea86f66b443f6b16fd
SHA11cc0eee49642249ffcd3dad71d068f01db85d3c3
SHA2560c34f43e07c29ac370204e3af78f21a8880689eece19bd9ed5ee48a4a7707b01
SHA512598d37dd79bcbc2fb1b3ff0ddbb5832ab38d97aa1b62adabe671f7b17bf1a5f85bf74427b2989b594cf41bbef4f9da39b1eaf7b02862261579ae3098e4b295aa
-
Filesize
258KB
MD53a7f63054694ff5134471b61bba60edf
SHA12f6fec05957acd8f5fbfa38386680ebc1361776a
SHA256ed80f106565504aa6e114ee19f8bc59a269ad7e5f31863a57dfe84faca188d2c
SHA5129b8847ac09d9a21edf4eb86d2d1224a9ee0b94cc856f0dce8614d1468030f755b98bf185bba511b4b6116c4efad5001dd1a4d00b99c4c7f02cc5b6e17614c641
-
Filesize
1.2MB
MD56a73d1ebb18df7a60d771c76edefcd53
SHA1e9c8570a3fa10c21ba84429040de98cdc0a03390
SHA256e29adf2f04beaa4f93582cc14bd6709dfac413eaf337ebace0862f7c6892c781
SHA51212e13e89b5d1a541f6cc3b636bff32340f5a19796e34918a9786a37c94633a31129f7c5ae149b4b21d2a28623f3cd9041b7e72703392282eef81e491e7f76e6b
-
Filesize
1.2MB
MD5c15e4e2d41f5a90e1e96e181dc639d92
SHA15cc5dfa12f78b74be82f5ad0c4343fef2a80f45d
SHA256e92f1c488c493e973e350405e09dd2ab57a6ba03ab839a41f7bf0e3aecb2aec5
SHA5120376075fda7f8efecd9ad034be7b911b3917df43ea51ef60761a7e4954f0ea56ea3ac77503c16cabb17547156c7fa65654160c59a35d6e54f491ef6dfa6793a8
-
Filesize
111B
MD5d09dc3ada84cb47d71c3034e26e8e3a3
SHA17fd48a91f4b31857ee7f878904c916ea6d7dd61b
SHA2566eb031a0d02ed6cfe8a0ca54901e1f2c54a7690b086f46b195630d62e7ed69c6
SHA5122c256fcbe1f6507c6c6b77321c9be4ebbdf13726aa7c1110d2759ad98933e392dfa8eb577efdad207329e9c0693231ae0103ad68b868b5e458c8d78013390f62
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD54b42ed7647f1b266a380ce3788ef2a5d
SHA18154587479f49ae264ea8e8e85d18c890b1aa0c2
SHA256178a14521e2c9c0f333d75958605a0ee12a4da00ebc07ff87746bb4e5fdc9b27
SHA512f178eaf265fcc695a6fba8fb1336e944124bb2298b079daf3b4699f0a2bd09fd9df3b96c0d7f76b936a0fedfa4cf0a820dcbd08a3abcbd1945d1c7c1d3eb2295
-
Filesize
167B
MD5a00492f7b559c62a6bbca07fdf94bff9
SHA10196093213415bf2d11875e969f096d286b4c52f
SHA256d3032b84f9ee35af524fe88df9a02378e7318c8d4d3c473bf346c3aca6ca590f
SHA5121c16967a65934c3eed50b81d93be23b24f49b773ab1883934d5b15678714c79171b1686ff8563b0b2d0a23fa7af0a4e6df186f13ba39a1d108d6e99eadded86b
-
Filesize
13KB
MD5f6fcd4a9f86bc526131b12ad6ccbdf47
SHA19078920c022ff846b57daff474656746062c60c6
SHA256c915043e0f676f483f9fe4abc7a5d867582690bc73697a1ea787aee9fb24608d
SHA5124f8a368270346764ef53323acdc9e450dd00d46a28b03f5eb750aa8b632ec6db7b82ccbdae897da2f25a4b29f52033a7941e951b24f696f49475981dc1345738
-
Filesize
162B
MD5a09511465a9e21b9ac574330a1379c2c
SHA1e0a84c3b5c684ecd3df8461507fb357c69f09a85
SHA2569ef59324545452975fc2cb610764cebde9893807ae08ccd15956eef74ae291af
SHA51231f4d37457458c31689538a8e3a6e7d065db9f68de420da2ddc4ddafbefa436d4f42aa02510eb1a7ca466ca1dc0481fb99bdcca96fa35732a66da41f5a7fc66a