Analysis

  • max time kernel
    168s
  • max time network
    183s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    15-06-2024 07:09

General

  • Target

    ad442a7e4059b7d0d545118cf8d1ccb3_JaffaCakes118.apk

  • Size

    29.6MB

  • MD5

    ad442a7e4059b7d0d545118cf8d1ccb3

  • SHA1

    e018975b60f35fe287f2a25cebd7871efc720be2

  • SHA256

    b95a7cbc72e3f16a4cbb64a6c7c3b25cd5e8d548a4013e42f3c436cf20c36283

  • SHA512

    66b6a3eb462539eff6dc6469376dbef0b485739d67be3d115010e25533ba7558e975288041a736a38f12c9505ed5384e075fbe2b8f39ae831053eafcb3c3dbb8

  • SSDEEP

    786432:XntIDFqD9b7haC/kYCACnT+wfkcnv3lmUYlSOTr71e:dIDED9RF/9PCCwccESOZe

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
  • Checks CPU information 2 TTPs 2 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.zyhd.voice
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5032
  • com.zyhd.voice:channel
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:5464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.zyhd.voice/.jiagu/classes.dex
    Filesize

    6.1MB

    MD5

    b68508e8d5354412e25718f1afa809e7

    SHA1

    45c5d9becc1b3ae0b880e93b53cf09e8ab834236

    SHA256

    148a9114a426fae8a967b0b007e75820a85b992a2d4681b9d30aba2d6ba593f8

    SHA512

    75a510ca4a2ef38bdecbb682c515f1315e0b3a00c15a5847a5a0f8b2ea6978bff4da61d7c499f2886876eee7f1175bc18f92cfd3d474dc5c6cf060210ca0c431

  • /data/data/com.zyhd.voice/.jiagu/classes.dex!classes2.dex
    Filesize

    4.8MB

    MD5

    a096cbb6d37fc388fc3107503e63bf46

    SHA1

    eba7f2f9329ab74d0c57fd5628029bab3e602c7d

    SHA256

    ae96c172ac0760491ed6361a9e37a42bba60a1055ea5d0c8d3ab063fd7c91fb4

    SHA512

    fffee95d217cc22c0f666c9d093652f58fc68c70e364a3ca5b25813042c8d460ae1f8017f310b8acd9bdef73212d0aa473b45327b9bac93dc9d2a48b86b5ce9a

  • /data/data/com.zyhd.voice/.jiagu/libjiagu.so
    Filesize

    558KB

    MD5

    98736de515958ae37ae93a0a0e997098

    SHA1

    72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

    SHA256

    335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

    SHA512

    cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

  • /data/data/com.zyhd.voice/.jiagu/libjiagu_64.so
    Filesize

    569KB

    MD5

    faee3e2700558d7b5439f45321f2843c

    SHA1

    1ef44475fe13c66d968966b12525a1f483cac18a

    SHA256

    77a310eaa0f39540793eef60f151118269059a9881a4d94ae35229fb541d90e6

    SHA512

    bc6bd1dc479d9d77462608bc60f0960c22c8e98ff91f2c6d36cb19b6d2cee1bf50b7a93a903f5e3610b8a7b6982c85807cf07d2274117eea25557cd02d3c8f96

  • /data/data/com.zyhd.voice/.oabugaij/.fsgkea
    Filesize

    1B

    MD5

    01abfc750a0c942167651c40d088531d

    SHA1

    d08f88df745fa7950b104e4a707a31cfce7b5841

    SHA256

    334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b

    SHA512

    d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236

  • /data/data/com.zyhd.voice/databases/MessageStore.db
    Filesize

    36KB

    MD5

    15669eb47bb19111cb64fa7508b227d7

    SHA1

    c7585424afeb0fc7051697b771eb3d81e0e3aae3

    SHA256

    ecb0e8c93a782292a1dfe20a90e204d1c1c804e2773f1831c9ca34826aa62071

    SHA512

    13c2cb45912090ba0b670b36050eab5954e22d57b79e141d2236035dc1ea2000960d93ebc544fc4dee48765335a3d52baeb5d31c8a40407224c624fffebbc11b

  • /data/data/com.zyhd.voice/databases/MessageStore.db-journal
    Filesize

    512B

    MD5

    a5fd9a6d9de71960bd32846644fed640

    SHA1

    320ae68a44da1abd0de8d6d2e3d333bba6323ad2

    SHA256

    0c8208ef27d44068223c257c68e80eb0b1d360953150b45af36c03799d583963

    SHA512

    373f4f1e23acde53318a9d14dee0b5e0d1d1e0f408aa5d4b46c6f2cd76a3f6280541ac5d6ae4040f50f7c3f279cff36781b9396ac9f581c9192b1ecf7b9e5513

  • /data/data/com.zyhd.voice/databases/MessageStore.db-journal
    Filesize

    8KB

    MD5

    d9fe8101193e6cb9a803683efde488e9

    SHA1

    1a22fe2b0df8122e42becd0c44db122f04f6990e

    SHA256

    5b92c9da4959bf7638fe787229bc01a3e31b7a779ba984e6e57e9de6d0710e46

    SHA512

    3d302f9116e805bb46936135ddfe88fd4cc7782e83be72c8d2b399a46a90bc93aa2383048357b1b10dbf23555ead1f4fea984b09b0f470f2091309afb494e9c8

  • /data/data/com.zyhd.voice/databases/MessageStore.db-journal
    Filesize

    8KB

    MD5

    4d04d6715b112c6b8a8f71184fd08f06

    SHA1

    b66709ebe426cf9ab443eeddcf2b390388f79d06

    SHA256

    805dab0418a5e464246d7f87ba3adbaa6c13494786e4a4de65aa6d30c31d67b2

    SHA512

    614dce1990b95d6ce160736bf10c5e01f855778364955f9504aaa498f848f89152757b33a4bd0117bec0628b7d103f6ac114f064b97055cc56d62019983f47c8

  • /data/data/com.zyhd.voice/databases/MsgLogStore.db
    Filesize

    56KB

    MD5

    9cec591e3ef91ae568f4cb6e7c2a8745

    SHA1

    ccf756b6b465ad9ad7ff6bfbeb4e8345ba3f6ff7

    SHA256

    05be88f05e9bfd4d6496caab584a704e7956fb87036529a0c8028f1e2bda309c

    SHA512

    f824b3268338787275c184bb740d152d53c1d8e57a044f587530735ef04d021a2671cc2aebb17ae3b497a0ad171060da484a565bfa62d32ed334ae5ffb538f51

  • /data/data/com.zyhd.voice/databases/MsgLogStore.db-journal
    Filesize

    512B

    MD5

    09bcca537480ba084d912d61e607f406

    SHA1

    a7f15b08381a54e5bec5b47bc98de1d5bc957b16

    SHA256

    c497961348f86f5a0c6342ca991980f4096fc8005bd9f56f8bec002f9e7137a5

    SHA512

    e58e3a5737f781a5a8099c0ccfd1051d2da403138e44c8ac16ee4454d91a8b2ffccc348d86b7927295f1eae08a9e9abed8cbcac1228f4016426317e633538e1f

  • /data/data/com.zyhd.voice/databases/MsgLogStore.db-journal
    Filesize

    8KB

    MD5

    1d7a533e4c84e48aaf93dc73ab53d379

    SHA1

    5da1d20e412c9ae947ad27a2767b874f4523cd1f

    SHA256

    1405b52ef220ff11f62d4e9638ce1c3ba2dcbd410d230b8d6d96316223fe2018

    SHA512

    064e108cf3df555c9e7aa9f0de1b185ed569961f13ff6d30633cca315667f86561985a756fa59e349fb9f67f5cb3557a4d9c5a3749a98efb9509369c8caac311

  • /data/data/com.zyhd.voice/databases/MsgLogStore.db-journal
    Filesize

    8KB

    MD5

    e1d5aac7c9e33542a80d2bc17a99590e

    SHA1

    befdb153dbcd540549d55e7140cc86e9c763f4a6

    SHA256

    a7420b964ae3c191df7e7862f0a13175a1e28455bf4ba2dd9c04406c92303ea1

    SHA512

    52bc9e2d2d01202f2a5bee8071748f74d1aeb4dd50abab0779a73e1ead5bf0086ca3b7df104090458400bd3dc7af4e85a1b284f3af779e9380033619da10b39f

  • /data/data/com.zyhd.voice/databases/accs.db
    Filesize

    20KB

    MD5

    d95e1280cc553509d7b5b7851398db12

    SHA1

    121eb76ea37f3407d0f3b56392f6f67893fbe649

    SHA256

    58e0eeb309805e54342d5ccb3f9006751543d5a1306898dad2c09048b294153c

    SHA512

    f52c432894144ad581d36d447ed61ac50485dbc931ddd9b2ba5ce399642dcb361502e6492f28e05dc7cdbd5f19126bbc6cc09e62586b73bf449da950a6de1284

  • /data/data/com.zyhd.voice/databases/accs.db-journal
    Filesize

    512B

    MD5

    4ccf4febe7497ac93b66a3588941130e

    SHA1

    f45ab349d119a645a6a0c33722b509501ae90b26

    SHA256

    7110e8ea033d876d3e7f6087d84859056e95ae687cd42932fc4106935e8262c2

    SHA512

    d1704216123fd5a22e5580d1bf1957bac49c12fb228b200801ce387006f67ce7ddb3075e97a930fd8711dc48d05279ab8ca5b75b0320eda49b21491ea00fab1c

  • /data/data/com.zyhd.voice/databases/accs.db-journal
    Filesize

    8KB

    MD5

    0eea055579876a0c3c57c037cb5e3882

    SHA1

    04c50ae5da2b4cddbc7d9add01faf5312cfac869

    SHA256

    a5917810c41befa73be4fc3322cf087c49eed03f0e91bc6bd9c16bcd9552fc79

    SHA512

    e5feb29ed546ca880542f0f3a55ad4c50567d08fb39f3aacbe348a99dc1268880598653fdc6c8528b96afcd17b8df1c2777d90fc271ce1d4d7600b6c65ff658e

  • /data/data/com.zyhd.voice/databases/accs.db-journal
    Filesize

    8KB

    MD5

    8008dd5beec329ad4afc78931632b28c

    SHA1

    7ef71cdb333ddaa2c8a62c44f374c007d8fc3305

    SHA256

    d15dc5e2a9e7a52e73f375c77678ea9234ecb31bceec97e417a250b650e8ade6

    SHA512

    accf6c8008651f5cf8a917184a059cb3b120170c2fe267be7816ebec6c7714ed1a6dadab1c6c4fb50cd3271ee37499badd7393ca1918138b283ea5165a2ba312

  • /data/data/com.zyhd.voice/databases/message_accs_db-journal
    Filesize

    512B

    MD5

    6115b9e639fe9a69d3e93218e12711b8

    SHA1

    2d5e8b75fa775b09891f4e97477813fbee6a9109

    SHA256

    011756fde9fe88e884f793993d62f862ab3aba695e60126e2cfde7914e499456

    SHA512

    41f71f132c1074edfb0e47c1d2e9ceea82cf84676d5558d4c49aa5ed5b177eb80ea43a0cea942d2d9779aa6fe64a2d6b531b2a98dc2724fba8e76ccdd81a9ee0

  • /data/data/com.zyhd.voice/databases/recode_file.db
    Filesize

    28KB

    MD5

    3bfc58f3624f0cbdf8f806f9a6e3539c

    SHA1

    cea569d62ec6097ffda8d361607276f6f7579701

    SHA256

    14acc69ebbc53ff4bf52604a47c8eb395dff2a1fc8a1fa05fa9690edee6fcae3

    SHA512

    c52e577ba8d6750b87d5cc366b32a184c506564f5eb5e26357905193372a604f7e12bdf790d806a8852be4b827a08c9b394d6d0aec74ad65d406d12f1163d791

  • /data/data/com.zyhd.voice/databases/recode_file.db-journal
    Filesize

    512B

    MD5

    1b39af346bbe75da398c11148cdc9159

    SHA1

    3dedde40e1128914a4e8725c8ceac5aabf05551d

    SHA256

    c62c3b19b4f3a807c387f7dd9c6a2f4ef0d290c5a56ed5bede0c20f7bdd44fe8

    SHA512

    cc5106e7b30d3fb95a5e121c07de4a78f1aa401e6364637d7e9fb0bafb038e2bc5de4d022acbbdff32c77459bb515224af113c1409da8067082c828071f4d66f

  • /data/data/com.zyhd.voice/databases/recode_file.db-journal
    Filesize

    8KB

    MD5

    60111a4a4be1838423464987bead34e4

    SHA1

    187810d5892334b35080b7525af61a731469f8ac

    SHA256

    c5c37b50f193a5034d7559bca48566c618dcea40a34a3bb02df82b061b409e7d

    SHA512

    53d7befa4d55fe692f92104b5772639f8500ddedc61f9ff55a43d7b917b41d538a2f33c5e4ba0e920128faa214adceef5bd4467f12afde2f5a1aeb40a712e003

  • /data/data/com.zyhd.voice/databases/recode_file.db-journal
    Filesize

    8KB

    MD5

    4b13011a5486ae79babd8420c9170d3a

    SHA1

    7831a14ddac90d8aff7246db7c52ff02aba75958

    SHA256

    11dc9d6d7bbe99d26fe3d469eeeb3cff183285a79081963ef9fd38862b489da4

    SHA512

    ad70818e18d272ce8a3adc44099b95e8b4818ceb67e05a8900380bab3aac3cb7ce6628a8d4e036992ce0061a3c6141300070eed1e39d6db6a8dc347878fbb9e4

  • /data/data/com.zyhd.voice/databases/ua.db
    Filesize

    40KB

    MD5

    a342af56ea950c9380be27c3d7367861

    SHA1

    135ebdd4d3f0bc23534e3d01dea5451924246474

    SHA256

    11a75167d37d8639f826800a09d15d24a5649f2f268acb4fb9ca5af44ea45bd2

    SHA512

    a5984169c9c0f5baaf01b4da27cb5db4de4021b296b3d709a5c27548b0dd14e56278338020fb9788a0170c034f61086be8599f8d1c96f46352644885c84bd378

  • /data/data/com.zyhd.voice/databases/ua.db
    Filesize

    24KB

    MD5

    7cbe2c019442d2258fcbe7c915cd3bf1

    SHA1

    74b71ce9dc06e34bb89754c85c51d7bb1a032491

    SHA256

    9d026c5dc056f9b3c6da8a0319a9094e7320e35f20b656ba2a378a6329cb11f1

    SHA512

    9a66de71591502b0937c19e861b29540c4a22346530d3868922c0890660ace2311ea6da0ad8fb1238edd3f2dc0f83a1d400724ddfe66f0b876a16b7f0fe21dbb

  • /data/data/com.zyhd.voice/databases/ua.db
    Filesize

    32KB

    MD5

    f48249cbe32e6601cad815ba0fd0efdd

    SHA1

    7ceeae8bb3cd83e5d4925dd516bb196bb403d4cc

    SHA256

    f300dbeb37195858223d2d7d5df2646f210b5b643b30ed07860eeb7b6f42bd06

    SHA512

    4c3239fc594d26de490626dd7b3332a1e912594869289fad24571de5a1ab4ae6e21c7aa75d93bd16e9779aacf3d982092b146080b655ab0401d95af3b2582b49

  • /data/data/com.zyhd.voice/databases/ua.db
    Filesize

    32KB

    MD5

    2cc0571b3bf90b13167829416c74791b

    SHA1

    6f03c4f1c289b9eaeb0e568164d81a932a465960

    SHA256

    cb1bf09a181a532733bf1511dce0ceb43fabb11641a54b92faaecd54c855156a

    SHA512

    e8a37ac4426f473467d31ce5e1bd63dff421be1a5467a5ea612b82e646e75ffbcb16b3c474c5d267e40e25d3f4b69ed41a3e4f9b86365f379fca1b200cf51e46

  • /data/data/com.zyhd.voice/databases/ua.db
    Filesize

    16KB

    MD5

    7a92f3a7ddebced7ab21e49a6db81160

    SHA1

    6919665ef4e3c0a306c28e954a5355e934472f22

    SHA256

    017c58f4c9a7aca4254271e219b0914b05078ffd8610882d8c0592456b67f387

    SHA512

    2f121d14b295b7dedbe9ba98298ae3dfea065a16817b0394e75ead7409b63ed3f32d9961408f1fdeef406489e87c35899c456770f00ec28987d8fa5830f95c48

  • /data/data/com.zyhd.voice/databases/ua.db-journal
    Filesize

    512B

    MD5

    509deb8a9623162049efbe61bf4197ca

    SHA1

    87d5090afa116c43ef571ae9d41318b9df5a8406

    SHA256

    7a44d3b5679cb7d2238baa13244c5374cc13eb9c536b2b5225bf23139e411bf3

    SHA512

    75bce9ba8cfa20f7e0e3810c3c227e091298c460becd5a44ee3771b2f9ca058391bd43d15ec650859869391c07db9e01e10dd6e992a7f0ab47ee2fdc5e957765

  • /data/data/com.zyhd.voice/databases/ua.db-journal
    Filesize

    8KB

    MD5

    e905a5a499fc5512951d67ffb852dcee

    SHA1

    da871f0a334e48edc9291b395cffb953f4b7508c

    SHA256

    2232f1b824082b250f66ffe861636f72cb654ee23879dad159251505e4a9f317

    SHA512

    bf2aa813b9cb198dbfb3de3371537443f62ecff2cc1d202f266fc77518878a2219f927fb8d20143533a9ece6a2729d8cf730dce73cd9bd65d2f145fb23c64551

  • /data/data/com.zyhd.voice/databases/ua.db-journal
    Filesize

    8KB

    MD5

    51fc97df1ada600b8908842e4eb98188

    SHA1

    5acb7d9834c04f825e0abbabf9771b4a40c178f7

    SHA256

    6ac399d5353d698f589886391137567309f9958ed6737f80cc4be450d0c9a6f4

    SHA512

    42403734a535157bdec0b505c2cf035e61883b02a3b1047a0f4779c064a63f4105156493b6c8d5aae4166d1f266a0076cc2fb9cdab99b111766f7f2df965e0f2

  • /data/data/com.zyhd.voice/databases/ua.db-journal
    Filesize

    16KB

    MD5

    80c7e9529cd75439d777ba1fb2554034

    SHA1

    aa79d2bc2ffef0f6c757ebae5dc8aa2daf6d501c

    SHA256

    68a0abdde62ebd9c2d0bfa7ea312ec4e8a7f2fb3b71580ff1d91652b5df8232a

    SHA512

    e4311a876e5adc9964629515295bf27afba8d1982e1a64c0508d017da25a518d61983db9dd7ab2db7683131eb1a48436e649bc66b7e5416c80fe513491a5c732

  • /data/data/com.zyhd.voice/databases/ua.db-journal
    Filesize

    16KB

    MD5

    16a433c21de4fb4f150f33888bc47b2f

    SHA1

    aff0d692851d454160b73be6b2adfd5fdca21a2a

    SHA256

    046524caf2fcd1ba4f995bcd584c43aa3f536dff7e0db5b659432b8be0808682

    SHA512

    a414e48212baeb9dc2ae22f3bf992f3a851780be7598e07926abd0e6c055901558df2673df9f6fed080f7a5fc5a7fbcca8f97468afe23ddd0638505843d0fdd9

  • /data/data/com.zyhd.voice/databases/ua.db-journal
    Filesize

    12KB

    MD5

    b81069f24156ad54327d62278a88faca

    SHA1

    66f83ca09bf8d859d587484389306ca473ff6436

    SHA256

    4287b68f79551ed9311465e011fbd5157a009f1f30df8dab6ae0031f141fde94

    SHA512

    9aa536e72a77d1c321bea688357cdd55b764588604ded264fde27b2f32307869580dea7ced0480cac3f2fffc2820814b070d155f858a6be22fb917317f287b56

  • /data/data/com.zyhd.voice/files/.envelope/i==1.2.0&&1.8.0_1718435374964_envelope.log
    Filesize

    2KB

    MD5

    ab2234eb93b957c251e3ee450cac2e4f

    SHA1

    44c6a368f52e6cb21161d58ee6097d274f42bea0

    SHA256

    66da7c70a84056aa759cd46d88812c273e8395d493ca21b6ceb565b63ae2165f

    SHA512

    43f29a20619f2d337af0d7885074577657ea83912dc354d7a07b7af009f45c15f14f450112cdc6f17c05ee596ba3f54f43e49c56dbf2050070b587b6b55a7e67

  • /data/data/com.zyhd.voice/files/.envelope/t==8.0.0&&1.8.0_1718435378813_envelope.log
    Filesize

    1KB

    MD5

    1fddce97c35bb85750aa55579bd2c9b6

    SHA1

    d5ea530927c74ea0ba379aec0bd4fcf65469db98

    SHA256

    ac3d247a435a2830c14251d4700c5032a4aa395c2b35d4c2c37b66d662245e37

    SHA512

    63982f766bc2f49b6ed3808264d5223c3eb032a7afa7913d663a981ceb861bb9f75f2fa23a41bf68b841917a74fad06d7842be0a1c773f774d3b45c086684e9f

  • /data/data/com.zyhd.voice/files/.jglogs/.jg.ac
    Filesize

    32B

    MD5

    7c15d88a444af3070c9d8082586e59c8

    SHA1

    75bc6f93cf49706003346d092eba083937fbbcac

    SHA256

    f5d30c231d178ee585b401b39460573359f370c8657ee5f195d8364214abc512

    SHA512

    60e197bed745424f5dd230a00196b0d74a9990cc1e468fc110ab4890aa60f64de1ea742a12e64c179db175a1a91af2e54583f8d8f12acb411ceb9a9ed47564f4

  • /data/data/com.zyhd.voice/files/.jglogs/.jg.ic
    Filesize

    32B

    MD5

    078779e948e31ecba04f83d3eae766c9

    SHA1

    bf5e5a10832a4593fd18395ac3dff69463f56550

    SHA256

    d347b822db6823d07ea6560ccc6d9dcab0a22c4725109e0b235a383f8672da86

    SHA512

    dff944950d4095fc66495c494c9231449fedc487fe1adb912911f6f0f601e08fd60494bf0f56fcdced88d337c4226b27348fc64f875a6ceba8cba098cae15e47

  • /data/data/com.zyhd.voice/files/.jglogs/.jg.pk
    Filesize

    8KB

    MD5

    7991fad2445fe48d361c4483db91f388

    SHA1

    82fd568cd601d133d959fc65c4ec3c1b1e99afd6

    SHA256

    32fbc636cdd79ff895ec178c1890ba8a537425e9fcb7e38eb8b5973a9c90823e

    SHA512

    d6fb947b541763d6138043c28ff2e8978e4e6a4b6514d947c97c29313e9c14b463231af94ab7c7b6f6336cd8a12ffa1862d3926e65251f8b017cc60229bde1bb

  • /data/data/com.zyhd.voice/files/.jglogs/.jg.pk.h
    Filesize

    8KB

    MD5

    2d733f6f69b9efc9b6bc185229d54e7e

    SHA1

    78753e3a8a4de26d11e22bb38f187a8db58ca0bd

    SHA256

    472436b1235c032f509a6baed7d4cbf40320186d3f7fe886fe41edc3bb3e5068

    SHA512

    4b8d9b1aa65811df4f7514fd00f09707abdc9302e92a79bbaee17698ffd50ba0c0c59be54c9d53e8400d72eb23fb71e9ddc1a9520f0397724bd0efe0c37f5998

  • /data/data/com.zyhd.voice/files/.jglogs/.jg.rd
    Filesize

    32B

    MD5

    9798b9ed22d38222b4e343696a3a3148

    SHA1

    39b09fc823c44b178806e1aa7b0b39b30c402dd4

    SHA256

    421a4bdc75164bcc8621835c715cfeffde449379cf113b4e4fc7169ee3b15b65

    SHA512

    33071ed18f9d452effa94aa866231bd8b53b7086fa941db8d9e55291f9cde5e2bef6b5dcfa8cb5f957a0e4e4d474a4135a3e030c91b2caaba790165933a1e9b1

  • /data/data/com.zyhd.voice/files/.jglogs/.jg.ri
    Filesize

    307B

    MD5

    920d5749062a43f2c7d3467121bc2179

    SHA1

    6f82f9d7b0f5dfe4225b28c6ae9fe78514d8d417

    SHA256

    058ebac92ad296ca61115e32b0901195a8d182d01f81d718c24c1fa58cccb69e

    SHA512

    1faf6191211a86f2232d877905f063f087f13500807b2b3e6063dd62d81dc55e64a99bb97a56541cb72e08af4781bbf2cd1768cb065828a512bed5f191394e33

  • /data/data/com.zyhd.voice/files/.jglogs/.jg.ri
    Filesize

    314B

    MD5

    46a5b1ea73986cb92337dd21de7ffb80

    SHA1

    d8e788fe011858b0b4ea6c9a9955c9d5696ee7ea

    SHA256

    847c8625ccf842944bdb982d8c4a78b0ad623217167ddf612e487eab44583502

    SHA512

    95ee3aa8af35816c13588e755511edccb4bc21be59e5bd0a28708897fb014b53d470bf077dc0d7ec4ffdd655b32250a3538038134d2b9b8da4d5190869e9293a

  • /data/data/com.zyhd.voice/files/.jglogs/.jg.store.report_pid
    Filesize

    36KB

    MD5

    50f3d63f4b9241e212be8ec20bf3e374

    SHA1

    10353f506f0aa9dfab398275482eb42da167232a

    SHA256

    be9049dfc1751c212273b6e4d07202e47cc7de289dd84d388a27675609056653

    SHA512

    dfc6dc641041edc77b5b77bda43ebbfd0eb6c0f4d55d05a7a914f77c58f2f465e8d29aa7e2c9773ec93a257154a6c779a6b165b8765a214aa154976887d8ff7c

  • /data/data/com.zyhd.voice/files/.jiagu.lock
    Filesize

    27B

    MD5

    d274a387e476002a902c57b923dd952e

    SHA1

    3a03cdfa7a2a06dde1d752090142723eb90026a4

    SHA256

    2626b924fe8ade141b79e23fbebcdcba088b9f5c847289c29badf175235e60cc

    SHA512

    977ec80553661e7754e09c60f03a93868a1e7e46c8d743c5b5c92fa536e501107a7505617dd3d8a69567c0ef9497f9b14e6f6b95deccbfc71e4b5fb198a39b34

  • /data/data/com.zyhd.voice/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    74cb8ccee65cab8d43e93bc9d7f207cc

    SHA1

    e5fb62de46de587a172083fae28e18aaa548adf9

    SHA256

    d75deae94bf730bcd8360e33605c4e46a0c20daec8a14b6cd47e3585aa37951c

    SHA512

    bcf8b66b7965bdf194cf091be2b0d082fa526a7ec93087304484764f21e8ea9746a107c0a8cb76951fd48e2b05a42c8be1a57c5da0277550f08fbd2cc2d8b4d3

  • /data/data/com.zyhd.voice/files/exid.dat
    Filesize

    56B

    MD5

    ca26a729ee4529a8b5f7190e803522ac

    SHA1

    43674568533b11815b1b2f43e988517adc0ec798

    SHA256

    6aa68c5fe9db8dc8d4fc044738ea9eb43df26f6b747f28a3378d2a7402aa567f

    SHA512

    ac4f737fcf8e39438c29ae02ffa0f5d050df1051ab5e1963870688f21c6e163aa89f53a1a2e915976ad273397f236fc666fe379c5f448d55c015276e9479bebd

  • /data/data/com.zyhd.voice/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4NDM1MzcyNzA3
    Filesize

    1KB

    MD5

    fdd55cd9c700121f9e934241c476cd95

    SHA1

    1936dbb0d1f8d9816965006f5ad4e93ca35f6f9c

    SHA256

    1715e4ba352572774ac20b89f904217207bd20abcb0410d0baf4669448e96464

    SHA512

    6fdbdd80c81d4038e1a71abf64e6819fc7d0acb0836a481747cd2326d4af57270eec58000585535e14507b6c616e866dbb0191abfb5b9a1dc8d3bfd175dcab69

  • /data/data/com.zyhd.voice/files/umeng_it.cache
    Filesize

    433B

    MD5

    aeb7dbda8af97ee07c6a91309d469f39

    SHA1

    6285a1c7baf942e530a09f02af46fe5ac8f0a851

    SHA256

    a65b31538022050be8268407f8b77092d9e7ea81e6bde2ecf13b87235d41dab0

    SHA512

    be63f2fc93763f7399af8b432029573079a1df14cc742416f306f3cdb433dd92531c8e87a704fb39e8aeb02eac91147472368f6aabfee61f56976d76a04c3ebf

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    111B

    MD5

    d2ca39a542200527df18dc8009f15100

    SHA1

    5951adc242799d66fa65faf4f7a76e55c0075cfe

    SHA256

    0e5941570fa51a37a3609d12420a4bd4e539591016ccc29bf0a54e46d16067e5

    SHA512

    d5aa6e9e1387bfc5380438bcca9823513e703101ee82cf84f4b78207b0e56137a37ff1b15e96e7f4acad755f9c8b7be9d261334abd836a8d6964ee4579eef109

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    213B

    MD5

    3dc9d4ca45681a37048e835bd73781cd

    SHA1

    c29ee292e5fcb915c60cd93b02dd4ece0ed13285

    SHA256

    66e2c0ac76cd2086170b4847fcd9d34d3ee8971961012509fc9f0316dbe7f48c

    SHA512

    773945df1f01a94509a292bfb8989df3f0212634cc4dd8a51da2574a818031d88ae672505a59c0d2d5044740a648fe9128673d5087f5e073d1253c70fc2abffe

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    111B

    MD5

    5bcbf6664b81c78578299afecd3d3882

    SHA1

    b786e35714e20f0cc3f34c4b3661a41ac47bf36e

    SHA256

    65389f429143213333e042d571f5e283137ddf744fe9ad37d10bce5ca3719788

    SHA512

    d7c75fb577a6e6fa959a86404308c79883698518d78e4c17e50e321849ed19be5604c692024470a33fc9709a2f433df50d934557990303989af70ec4ef8a0a00

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    167B

    MD5

    d57b26bf569bf9e580c40d0b708c21a3

    SHA1

    31f1aab076c8245a12207d9e0bff9a6d11aa9689

    SHA256

    d65c73ca27d61fc401058e84b3ac27ebefbe0dcb2b7270f2f201a9ba58e52594

    SHA512

    244a613b31f678d4da1de31559f118bb733e0803c2c4ef6aafc7093385d517222e8f36c2cd924222af5cd24d4c415991ae8a1b75cc720e0771bb33790598d438