62609ec9f573dc48bb7b603f04775297e0e626b4f03436e68ebd42c83050b11c

Analysis

max time kernel
160s
max time network
185s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14-06-2024 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7459f38ce11c72b0c0549bd0deda330_JaffaCakes118.apk
Size

20.2MB
MD5

a7459f38ce11c72b0c0549bd0deda330
SHA1

42aa064f3df6eff4db1f0a26e4abc941d03a7b42
SHA256

62609ec9f573dc48bb7b603f04775297e0e626b4f03436e68ebd42c83050b11c
SHA512

671c12b51c348970fd9bd29c01d7e5cc9f8ae28cedd7aeb31ac5fec9a02131aa78b6feb93a7c1e74305e59934d95e8372f1f187e13ccac8cc11ebcd47be674d5
SSDEEP

393216:SjQmNvrE1OM6m/LQuUpPH4tBlRn2Oe7Yg2WpfbyO7PRceX4UnBlpotn:SjQm1rE1N6m/UDpPH4tBXo7YgvDyESUi

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
evasion

T1633.001

Processes:

com.cdd.cddmall

ioc process

/system/bin/qemu-props com.cdd.cddmall
/system/lib/libc_malloc_debug_qemu.so com.cdd.cddmall
/sys/qemu_trace com.cdd.cddmall

ioc	process
/system/bin/qemu-props	com.cdd.cddmall
/system/lib/libc_malloc_debug_qemu.so	com.cdd.cddmall
/sys/qemu_trace	com.cdd.cddmall

Loads dropped Dex/Jar 1 TTPs 31 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.cdd.cddmall/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.cdd.cddmall/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.cdd.cddmall/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&com.cdd.cddmall:ipcio.rong.pushcom.cdd.cddmall:pushcorecom.cdd.cddmall:ipc

ioc	pid	process
/data/data/com.cdd.cddmall/.jiagu/classes.dex	4268	com.cdd.cddmall
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes2.dex	4268	com.cdd.cddmall
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes3.dex	4268	com.cdd.cddmall
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes4.dex	4268	com.cdd.cddmall
/data/data/com.cdd.cddmall/.jiagu/tmp.dex	4268	com.cdd.cddmall
/data/data/com.cdd.cddmall/.jiagu/tmp.dex	4342	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.cdd.cddmall/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.cdd.cddmall/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.cdd.cddmall/.jiagu/tmp.dex	4268	com.cdd.cddmall
/data/data/com.cdd.cddmall/.jiagu/classes.dex	4445	com.cdd.cddmall:ipc
/data/data/com.cdd.cddmall/.jiagu/classes.dex	4472	io.rong.push
/data/data/com.cdd.cddmall/.jiagu/classes.dex	4522	com.cdd.cddmall:pushcore
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes2.dex	4445	com.cdd.cddmall:ipc
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes2.dex	4472	io.rong.push
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes3.dex	4445	com.cdd.cddmall:ipc
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes2.dex	4522	com.cdd.cddmall:pushcore
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes4.dex	4445	com.cdd.cddmall:ipc
/data/data/com.cdd.cddmall/.jiagu/tmp.dex	4445	com.cdd.cddmall:ipc
/data/data/com.cdd.cddmall/.jiagu/tmp.dex	4445	com.cdd.cddmall:ipc
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes3.dex	4472	io.rong.push
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes4.dex	4472	io.rong.push
/data/data/com.cdd.cddmall/.jiagu/tmp.dex	4472	io.rong.push
/data/data/com.cdd.cddmall/.jiagu/tmp.dex	4472	io.rong.push
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes3.dex	4522	com.cdd.cddmall:pushcore
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes4.dex	4522	com.cdd.cddmall:pushcore
/data/data/com.cdd.cddmall/.jiagu/tmp.dex	4522	com.cdd.cddmall:pushcore
/data/data/com.cdd.cddmall/.jiagu/tmp.dex	4522	com.cdd.cddmall:pushcore
/data/data/com.cdd.cddmall/.jiagu/classes.dex	4911	com.cdd.cddmall:ipc
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes2.dex	4911	com.cdd.cddmall:ipc
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes3.dex	4911	com.cdd.cddmall:ipc
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes4.dex	4911	com.cdd.cddmall:ipc
/data/data/com.cdd.cddmall/.jiagu/tmp.dex	4911	com.cdd.cddmall:ipc
/data/data/com.cdd.cddmall/.jiagu/tmp.dex	4911	com.cdd.cddmall:ipc

Queries information about running processes on the device 1 TTPs 5 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.cdd.cddmall:pushcorecom.cdd.cddmall:ipccom.cdd.cddmallcom.cdd.cddmall:ipcio.rong.push

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cdd.cddmall:pushcore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cdd.cddmall:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cdd.cddmall
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cdd.cddmall:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.rong.push

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

20 alog.umeng.com

flow	ioc
20	alog.umeng.com

Queries information about active data network 1 TTPs 5 IoCs

discovery

T1421

Processes:

com.cdd.cddmallcom.cdd.cddmall:ipcio.rong.pushcom.cdd.cddmall:pushcorecom.cdd.cddmall:ipc

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cdd.cddmall
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cdd.cddmall:ipc
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.rong.push
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cdd.cddmall:pushcore
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cdd.cddmall:ipc

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.cdd.cddmall

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cdd.cddmall
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.cdd.cddmall

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.cdd.cddmall
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cdd.cddmall

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.cdd.cddmall

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 5 IoCs

persistence

T1624.001

Processes:

io.rong.pushcom.cdd.cddmall:pushcorecom.cdd.cddmall:ipccom.cdd.cddmallcom.cdd.cddmall:ipc

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	io.rong.push
Framework service call	android.app.IActivityManager.registerReceiver	com.cdd.cddmall:pushcore
Framework service call	android.app.IActivityManager.registerReceiver	com.cdd.cddmall:ipc
Framework service call	android.app.IActivityManager.registerReceiver	com.cdd.cddmall
Framework service call	android.app.IActivityManager.registerReceiver	com.cdd.cddmall:ipc

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 5 IoCs

impact

T1471

Processes:

com.cdd.cddmallcom.cdd.cddmall:ipcio.rong.pushcom.cdd.cddmall:pushcorecom.cdd.cddmall:ipc

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.cdd.cddmall
Framework API call	javax.crypto.Cipher.doFinal	com.cdd.cddmall:ipc
Framework API call	javax.crypto.Cipher.doFinal	io.rong.push
Framework API call	javax.crypto.Cipher.doFinal	com.cdd.cddmall:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.cdd.cddmall:ipc

Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.cdd.cddmall

description ioc process

File opened for read /proc/cpuinfo com.cdd.cddmall
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.cdd.cddmall

description ioc process

File opened for read /proc/meminfo com.cdd.cddmall

description	ioc	process
File opened for read	/proc/cpuinfo	com.cdd.cddmall

description	ioc	process
File opened for read	/proc/meminfo	com.cdd.cddmall

com.cdd.cddmall
1⤵
- Checks known Qemu files.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4268

chmod 755 /data/data/com.cdd.cddmall/.jiagu/libjiagu.so
2⤵
PID:4294

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.cdd.cddmall/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.cdd.cddmall/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4342

com.cdd.cddmall:ipc
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4445

io.rong.push
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4472

com.cdd.cddmall:pushcore
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4522

com.cdd.cddmall:ipc
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4911

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cdd.cddmall/.jiagu/classes.dex
Filesize
12.2MB

MD5
295ec01d15e31ca5126b7b3f5fa2e061

SHA1
f941a9cc22094decc567243188186ff68829183e

SHA256
18d9724c55a42c8491778ab1458984410c8aea51859127e714a1003cce30301a

SHA512
4883e9923c90d6d3023c25eeac9eb25abc71739885881f89cded9018f1d49d17860fb7dd651b3bf4198940e3d02af5570cb013f603a0e6540f9234a7cd897742

Download Submit
/data/data/com.cdd.cddmall/.jiagu/classes.dex
Filesize
6.8MB

MD5
f968a8775ceef03b71c990157743ea20

SHA1
f9648c3cf43c835b70305f4cf70e31ed09487f94

SHA256
4f2dd6f769961bf0dc49e0c11efa2cb34146d10202bd4a4047d2406adc288ea2

SHA512
b3a99a9e4fd9e59270cbf847ae6d7180da3780a5fe5b955e6bc978d257c3b3ee2f0295f48e811c52f886d0bf0b88c6459efa7af5ecfdd3bc7bb0f4c453a6ae0f

Download Submit
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes2.dex
Filesize
6.5MB

MD5
c7faf91561694724d0a064e724af91b5

SHA1
4585a7dc596b430af47deb719368f5387fdd8aea

SHA256
6ef7b3abd6f78c3b3fc31ea2619e8a50b3b965248b04501bea2f7663b6f38849

SHA512
7bb9decfab662c7fda95d4489cef89286e4c227aeb25856f7f4f1b0459c00d6e640977fcccce5d058a3935451e7c08d25a4413344ecbbd01259402796a018ca0

Download Submit
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes3.dex
Filesize
6.9MB

MD5
ed9a8864f82e747f93da8ec4a31d4742

SHA1
221a4c122def71a23b50d8a302350c98086abf5b

SHA256
1298499bdd88d29678134d679ea1cf8e37703e2a6ed1c29de2780607a9bfd5b3

SHA512
7b6ef1165255e5c6e76eb35c3ab982e1f1b96139431f0678fc90194231316235e742066871ba295fa6eed27e9552b47b2b6d61830e10e18415a1521087c1d690

Download Submit
/data/data/com.cdd.cddmall/.jiagu/classes.dex!classes4.dex
Filesize
1.8MB

MD5
ab5b7ec406c0d0ae108e27823b4726aa

SHA1
34f60e6fa358cd5b131bea3d2a85db29632007b4

SHA256
7123110a9f120bcf33e5f2823ecc770e6427ea8fefd608fd2a13f244bad9e069

SHA512
91594d329fcbb3144044f8daa699088584681bb3bcf6665e872452adbacdac8b6cc3d6018e511d3a18c5f95b1dc65f9aa64b80cfb58175d777221fb901ce33f1

Download Submit
/data/data/com.cdd.cddmall/.jiagu/libjiagu.so
Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.cdd.cddmall/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.cdd.cddmall/cache/image/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.cdd.cddmall/databases/cc/cc.db
Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.cdd.cddmall/databases/cc/cc.db
Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.cdd.cddmall/databases/cc/cc.db-journal
Filesize
512B

MD5
744a7a35fe700508e07b09a04176466e

SHA1
2dba35403b76df5e8c8fc118a591b30f817f9d43

SHA256
23e128b061e30ebaa151584050eb9658fe819e827a485cccf763f1a97ed33692

SHA512
74b4f4895bdb13ef8708535de4053dd1842e43b728f9fdc3623719baa7c940e594c51d2064b39f3125fd723617d3eeac021e16520ede37046b5dcfaf8c4b02c4

Download Submit
/data/data/com.cdd.cddmall/databases/cc/cc.db-wal
Filesize
48KB

MD5
bc7e7b2540f3576db75c054a7a476bed

SHA1
a558e2509db23f09dc0f22a9035506de98c4934a

SHA256
9643d1d7b5c672f1c4b120a4c24edf707d83ba996416d494d00742eef95602d4

SHA512
e64b28a07f945907ba7214ebfd45138dbdf0ad559be6f6e058e0df0cd787cf1603bf2347b4ff2ab62c55a90eb95bd66597fe2a3b28f4e8998813b7697d4d66d7

Download Submit
/data/data/com.cdd.cddmall/databases/cc/cc.db-wal
Filesize
16KB

MD5
15c2c017649b68efcbc2c07e2bbdec32

SHA1
acb7b28666da99599207ec4f264ccfeaa11c5685

SHA256
41fd217b665e4d660d08587504c41953646a5f0a3596012f1c5753c04e6767d3

SHA512
fbe7ecc862146db3a7e37f619384e6215cb6f62db1db16553a0babaa117232c5900894f4b9a01544470f455120982655a67037668e8ebd5aa6d17c92cda6fdcb

Download Submit
/data/data/com.cdd.cddmall/databases/kf_10257_ISME9754_guest1854131731314814072618543396835322144
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.cdd.cddmall/databases/kf_10257_ISME9754_guest1854131731314814072618543396835322144-journal
Filesize
512B

MD5
300f7777ec10455223f531ef57ccc8a5

SHA1
2bee0b6690a915f24c6d1b5f16bd7779e62be3a1

SHA256
ac5df12685a3a70f9965dd5338c47f6f782599397abc4b7c6e62751409e8fd1b

SHA512
139b040ac6c51555601dfd6821e0c33ee7dc8a5dff69f9ad400c5bc1d87aaf12959d0cfd05659321a06dee486745391594c097a43e15fc261d0cc120c3201ca2

Download Submit
/data/data/com.cdd.cddmall/databases/kf_10257_ISME9754_guest1854131731314814072618543396835322144-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.cdd.cddmall/databases/kf_10257_ISME9754_guest1854131731314814072618543396835322144-wal
Filesize
48KB

MD5
412048d17e52d552a20c80505787d0f8

SHA1
fe0007823bc10233932624ad4c7fdf86dc7f7a9f

SHA256
993f9f2fa07f948543badc2f3d8acd430e47a0108d1333f646ae0cb3607cdb80

SHA512
1531db452cc3990760cd8e8bb432c6fc8072dc49ad5391ed547def2db76256e149f2227221e84a999097a727a05e8e3f4cf5966acd950a81ec01f32edc8b24ff

Download Submit
/data/data/com.cdd.cddmall/databases/ua.db
Filesize
32KB

MD5
2a150b97b5c6491940a47a187fd06051

SHA1
7dbcaea509df6bd27c6f1ee82b63595ca1be4703

SHA256
666ef0e0cc971c9337dbde7b3061b037454e261eae12f3b9feeb637c5556ab51

SHA512
9cb2e00ec82f5b95b05feca652cc4ada16aad1f13ce09f55c0186e1668115a4c4a777e6aa727ffb7f27ea4dd164bcf3b40fa0b51ec1a66847b7a88a5e8ece816

Download Submit
/data/data/com.cdd.cddmall/databases/ua.db
Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.cdd.cddmall/databases/ua.db-journal
Filesize
512B

MD5
dee28e062951c491f36391c750da14d7

SHA1
077fb2e07f765c7b3dbf816865d186377e97fce6

SHA256
0c45b726478baa1e4bee678e2c9cfa25bfdc971ad7bcd7a8a8ad14403633b914

SHA512
c57b5dca2840b5d83b091e17aa3102b5c982b17f950b001c2e5ad801c599720b6fdc287dd721ac248dc5dc11edec8dbf5b6a3490de032fbf9f9f8dc21b209135

Download Submit
/data/data/com.cdd.cddmall/databases/ua.db-wal
Filesize
56KB

MD5
15d2b5cdb362bf32f301898c41b9dbae

SHA1
446a56dc9c226734470dcbcb07f01e2476cf7505

SHA256
4a88754fb2aafb8d7b86160aaab7651bf74cadfe37698e8fb433603aeb053899

SHA512
d8068737e7b520dc669d1367a3af78313ba28067ea96c67f4dd40081ca357abde1eb9cda82df8f1b66d3aedb7cf5fa27da9046f59372ee428a54c1df3f253c59

Download Submit
/data/data/com.cdd.cddmall/databases/ua.db-wal
Filesize
8KB

MD5
74b9300a120ce0191953d323ab87736a

SHA1
b10d0425024f542e792834b50ca18f3c0a77fb88

SHA256
59066dbec27f74f654432324abde0b5d83ce592153e139f2969793837a9a43a3

SHA512
6decaa955204642c081756e20983bf0edbb3b4c76d08ab6e4a534f232939d59824eb99e98fb989a536ddf3d8dc2afa7973c616d26b26382993e0a8f73d507078

Download Submit
/data/data/com.cdd.cddmall/files/.jglogs/.jg.ac
Filesize
32B

MD5
0e119dbc2c4f5636ca57018a7b25897f

SHA1
34f112f19e118dbc6593800182c864ac2d037b2a

SHA256
b065dd33aa0e4f47fc64cfdb466d3b71410af4fe18853e696261db8c75c81204

SHA512
8b143a13963340e871589c0cab0876cd9e72fafb848ce8855b71a7fdfb0df2b55f4c6e832103d02f2eb478f8c23780ab1a215874f06f247985b8c7c4d7c0069f

Download Submit
/data/data/com.cdd.cddmall/files/.jglogs/.jg.di
Filesize
340B

MD5
f6bbc828d7a3f63317213cd5c8af2c3a

SHA1
1b0aff376656fa94fa76cb21afa8c50eb781abe4

SHA256
c61221d0dd12beaa8d63d21712e9aaa7725ef00edd90d19dca22cc604f88f099

SHA512
c7d8a6f7c15384f090579cad870782ade8d94ec93c4c63383693330831504280ee83eba6f3da01c1e58846d250a952ecefb553b7ff3ad7c503fea6f2cbfd8f09

Download Submit
/data/data/com.cdd.cddmall/files/.jglogs/.jg.ic
Filesize
32B

MD5
67805850cb8409c0ddf4b9bf8f35c9f7

SHA1
96f774c18f6bfe5e6ec3175bf2ffd28af4bc2831

SHA256
067d5f3f2b187d8ef781078129d11f172c4736e2c2575522a56c695835807640

SHA512
952d53cee64bf71b54139876fc142316859ee61eaf70ad62a3ffc2b10680ff35ae0532fd02f2012f71b9c845f7333a68f09b46342764f7ef8e8672f41c9b3155

Download Submit
/data/data/com.cdd.cddmall/files/.jglogs/.jg.ri
Filesize
314B

MD5
03849ef9bbd3645214745e3798b3a272

SHA1
fb57b2f5e18d6bf336121a5ef9c0387464743e37

SHA256
561729f04b4b1ab0c755ad5686d0342f2391a9b3f0900761d8698e865f3ed55f

SHA512
b0e80fb3c81d591a313ed9e128b2312a33ceddf14f98345600e8361715dfbae6c2e6f98e206a6badef200831c705d93796d89aff81ef27cc3010fe04f21e36d9

Download Submit
/data/data/com.cdd.cddmall/files/.jiagu.lock
Filesize
27B

MD5
3822cf9a8b34bac18cf0d953e8695aab

SHA1
2ea156c2102135c9e4a4a350f21a22a915cf33b1

SHA256
a2a12a757e1683d38c2c1e45f14dc65a5a90a8768df40e4257aca05fbd6259ed

SHA512
b816e12a6b78181a76e8e941d70124e50bd0a0d5ec7ef6fd027f81f641c9896ba66642d86e166679eda297a8ed484332c6e47e9031fc1ed2c26e4268790f0809

Download Submit
/data/data/com.cdd.cddmall/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
43e5aa01b302bedb00a32d734bf516f2

SHA1
fcea6e1b30f67a657b822b8b6ed412f68ec61dc9

SHA256
ac487ca4d6187fe7f9117a8dcf39d4e3d06cff47c81d29c0aa3c16c90591be3f

SHA512
752168306ea3b7bb6e348ccb6cbc493b18adadc4b5c046811c58e45b7eed0677375a4616fdadcf649332a4879909872251a0bf789cd5e13489b313412f699f64

Download Submit
/data/data/com.cdd.cddmall/files/exid.dat
Filesize
55B

MD5
48c6dd80a7de7f340b0fc35d299ad3d2

SHA1
332d98162afc7c1c9ea329b42b2998ad153dfdea

SHA256
b688928d493c5d952a10122d52070fc1f6794e0cfc641f3dc047c02331a0b20e

SHA512
202b00b014128f6f8a38b877143b272e5436de6529d5c4fcbd282b9109ea9fa044e4d9f0f146bd4fa99ec2b6fdd0769fd3e5c1a5529782c6f12d199702a3ae63

Download Submit
/data/data/com.cdd.cddmall/files/jpush_stat_cache.json
Filesize
130B

MD5
6a6721185c5b4bb227b4753961749fb2

SHA1
a7b0b23c8d7ded5188d521b4c68338f6d473747b

SHA256
6e6860050b2d14d49769be21467e9d2f9337e32f708ae0ba646cb38269dbc709

SHA512
9e6f71b9f6d0ac3df1ccec865c31eef491b155a267f552bd0dc94c3e0074f5bfa49b391d7f3022c612974e3d81f5ce00cb5bd4e5c57eba43a78ae068b7c99377

Download Submit
/data/data/com.cdd.cddmall/files/umeng_it.cache
Filesize
496B

MD5
b01f84746a99558ed4ca96c9a43f2ebd

SHA1
a68c074b58fcdccd35ae23105e5a6416c7811a3c

SHA256
0c5c5fd8bf9c049c6e58552c2d7ee876d79567583db8993364eda5a64cd969fe

SHA512
9e88e477f851fa4096fc92fd18af52fd99893cb1a982879dff424c438c436e7e828ffd27fbad61365ea78c5df76d16b20225de1c58601db2e3072ded92e7e364

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
2c251b18c93d2f59c9b05b7b44877123

SHA1
fd9f567955bd2377163f96b6ff29959f1a08eae8

SHA256
5c3352b669b10b8647a618ef14260fd6989240ac61f0b9c6e7097a6b42a57bce

SHA512
26f4bac1ee64c1acf774f500b474c0107e07e253aa7253335c5067762d5b75ae15024a21ed5d817b2437d616bee340727b65ea63356fe1a6ea44b3332e4a36e8

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
338e2c4336cf4339dfdc0a466a002668

SHA1
8e3ee379a6e0344a2d917348f8dc94487b382cc9

SHA256
f61c9b2e13e845ab7f949b03ca85bddfebf74312116db8bfd1300c70ca534f07

SHA512
94a426f65b23c14a5d3b4916b488183366c37942e71f61ef7b4072b83676c73b6a293efcf6af8005708c7990abe2cf0987b5db4831ae10b8f8d8560c83a57e41

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
e4b761157508a79c6f698f298f217bef

SHA1
0c4745f309facbfd26ec314fcaea687743a58339

SHA256
f652977d8a729d32e16e0b99bbfb3f4aca8b4932062ecd1dcffa9842925bb339

SHA512
4997f8ff4d9e97fd3278619306e7dc3aea36ebfc7d1a97bb0840516f39aead6ec2df3dd9ae3bcd0fbc3986082c47f7974d7ad050b036c7afe1468cb2387350e0

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
20a05b5a6e58e6114b2d1ce5769ba93c

SHA1
c09608c53c9ae2a9c6510507336323cff3d7363d

SHA256
8eba589fd2bb6e03338cc029f7c5b788307167253fff73d487b08ef60ee9e4e2

SHA512
752c9c675b7f40f960b04e3c8d796cbab0e7c6c6fe552a1b5c52b6ad5511c4627ce7f69868321526592009899fc3d6ae2d88fcb1d49e4ab528931e1e6f925f3d

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
74522d73ea4f462a0a75c3e372500375

SHA1
da54c94646b5c79d5d2ee7e959adc21dd4d263ed

SHA256
cd740ed5e6c94ff39637092874acdfb874dad7f959b3491d4595861568732473

SHA512
98c89e51bf30672b15168532623fcd681cd4c4d6d3b78023249a82c73cafa1cd2efc785bc2709295f3cb1e31310fae98dc3a2b6923807aeb7908189bfb5e2809

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
32B

MD5
50a4479259607b28b12822a740571f77

SHA1
090fbe2590b48727c37b71bf51949594625aae8e

SHA256
d62c052d5a7946e43dc74c9b5f478d48500d82631bff4267d29c38febb3eb775

SHA512
d4d5c54a5489d591dfd5eb34f4a6c38edcd1124e1df1fd2b052525446d6ed41a09d4872a29a31001843b3a152ed5e100ae0b4709e56cd67f92d6cc0279b7a575

Download Submit