Malware Analysis Report

2025-08-11 06:36

Sample ID 241015-3c5heswgmp
Target 4a77aff65c0f6ec4e961a1bb6285ca31_JaffaCakes118
SHA256 56892ea3d02282d0b4c7a48b19ccd5ddb2ed4165ac742f34c444e754cb7d7e34
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

56892ea3d02282d0b4c7a48b19ccd5ddb2ed4165ac742f34c444e754cb7d7e34

Threat Level: Shows suspicious behavior

The file 4a77aff65c0f6ec4e961a1bb6285ca31_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current nearby Wi-Fi networks

Requests cell location

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about the current Wi-Fi connection

Queries information about active data network

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-15 23:23

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-15 23:23

Reported

2024-10-15 23:25

Platform

android-x86-arm-20240624-en

Max time kernel

9s

Max time network

152s

Command Line

com.spider.film

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.spider.film

com.spider.film:remote

com.spider.film:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 180.76.11.136:80 loc.map.baidu.com tcp
US 1.1.1.1:53 film.spider.com.cn udp
US 1.1.1.1:53 tracking.spider.com.cn udp
US 1.1.1.1:53 alog.umeng.com udp
US 1.1.1.1:53 s.jpush.cn udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 123.60.31.166:19000 s.jpush.cn udp
US 1.1.1.1:53 xdrig.com udp
US 1.1.1.1:53 redirect.networkbench.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
CN 154.8.188.31:443 redirect.networkbench.com tcp
HK 180.76.11.136:80 loc.map.baidu.com tcp
HK 180.76.11.136:80 loc.map.baidu.com tcp
US 1.1.1.1:53 api.skyhookwireless.com udp
HK 180.76.11.136:80 loc.map.baidu.com tcp
FR 15.236.31.206:443 api.skyhookwireless.com tcp
CN 123.60.31.166:80 s.jpush.cn udp
HK 180.76.11.136:80 loc.map.baidu.com tcp
CN 123.60.31.166:19000 s.jpush.cn udp
HK 180.76.11.136:80 loc.map.baidu.com tcp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp
FR 15.236.31.206:443 api.skyhookwireless.com tcp
HK 180.76.11.136:80 loc.map.baidu.com tcp
CN 123.60.31.166:80 s.jpush.cn udp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
CN 123.60.89.60:80 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 124.70.128.38:80 sis.jpush.io udp
US 113.31.17.108:19000 udp
US 113.31.17.108:80 udp
US 113.31.17.106:3000 tcp
CN 123.60.31.166:19000 sis.jpush.io udp
CN 123.60.31.166:80 sis.jpush.io udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:80 easytomessage.com udp
CN 124.70.128.38:19000 sis.jpush.io udp
CN 124.70.128.38:80 sis.jpush.io udp
US 113.31.17.108:19000 udp
US 113.31.17.108:80 udp
US 113.31.17.106:3000 tcp
CN 123.60.31.166:19000 sis.jpush.io udp
CN 123.60.31.166:80 sis.jpush.io udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:80 easytomessage.com udp
CN 124.70.128.38:19000 sis.jpush.io udp
CN 124.70.128.38:80 sis.jpush.io udp
US 113.31.17.108:19000 udp
US 113.31.17.108:80 udp
US 113.31.17.106:3000 tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 123.60.89.60:19000 s.jpush.cn udp
CN 123.60.89.60:80 s.jpush.cn udp
CN 123.60.89.60:19000 s.jpush.cn udp
CN 123.60.89.60:80 s.jpush.cn udp
CN 124.70.128.38:19000 sis.jpush.io udp
CN 124.70.128.38:80 sis.jpush.io udp
US 113.31.17.108:19000 udp
US 113.31.17.108:80 udp
US 113.31.17.106:3000 tcp

Files

/storage/emulated/0/baidu/.cuid

MD5 bcb11d609bb699d46a9dd7b0896c2e05
SHA1 8f4648c8bceba1bb94e0018c921017f58d8f5118
SHA256 6b713642fdd4c639b3b98510dadfbc01d0bdc9cb4815f13df064177a50434b99
SHA512 4f5c96c230e400ac60d1797b7d80f9cb33c857c25c1d48dec9d000d4febe274b35a037c0b1952d81243dc6d22db50a803ee751cd16d34f51a918ad12e06bcf26

/data/data/com.spider.film/files/umeng_it.cache

MD5 a19a495bd87eee7b91f22ecc610704d2
SHA1 82417485f752b63b5700d54bcb39f8e2ee7ded96
SHA256 0ed8467bc41c9600bc034bab1ac5f00d5329c1b086eedc23e3b88f4bcaabe8e2
SHA512 677673874e982c780dc14b35f37046990a008763e83cac92fa17e8ae92b6f9bdb2f115c82e288c90dbad4e74641352137b951e823703bd0cc19ffac2832caa9d

/data/data/com.spider.film/databases/rep.db-journal

MD5 f39111265bac6847e02170e132f8ea6d
SHA1 2e725a78022596f3066c34e5136da04ac3e7ee24
SHA256 032c0940938c2ed883c5d91998d86bd8384e4adeb623b89ef27001f89868cc7a
SHA512 2ca560fe43a3bc03fd73efcbbd874141e9a666724d554ab38d697d7fd6a258e413730e84f7462656963c03ddb83ba13e2eed82b434dcadd3bd86158bb03480be

/data/data/com.spider.film/databases/rep.db

MD5 fec5763c96457d4b5263bb45b3ceaf15
SHA1 742b29ca6db4e43491c813008703c00693ede103
SHA256 137f7ea44ae9be01afc9f8b98f61945fcf44f3bb31473737c8d6003d2896f79f
SHA512 3ea01707a864ae31a7bd267928f00f03d1c600a4c544a91f45f90cdd14fddc37d78232cee89dcd24de04a2f29e51d8f7f325d316d55259690b30af147bc75ac8

/data/data/com.spider.film/databases/rep.db-shm

MD5 021f6dc7c331907623bc9065fbbb1136
SHA1 2ab8176531d1e341a2e663f8386ca136e61e70a8
SHA256 d96dd6afd4bf8bfabb3283ada418a20b2d4f532f3fd8eaf8eb87f7c00598865b
SHA512 d9f5c13db3b12e8d93c32d4c0fca7ed6be8d7fd205b16e08936bd56574820ec528d87db21de0aebf651f9bef3e8cc54f3024d131dac6b7722bce7c376d31dfb3

/data/data/com.spider.film/databases/rep.db-wal

MD5 8dc66eeb615a16d1fcc2168a3ebf4e3d
SHA1 29c3dfdf888c4a031fe4c4a361353ee018ffc1c1
SHA256 7abce0985434ff75c8ccca950761477c67f08ed7b2e790e52a527a031e0d68c5
SHA512 d6b74cf7f175d257b44368e2a06910c61806c2eaafd100260e7111bd3ff674295708f8b93b7e4a3c8f8d3256fa62d83c9561ae2e4ca834f51c566085ee7bf3b4

/storage/emulated/0/Android/data/com.spider.film/cache/Log/2024-10-15.log

MD5 0a342222ba434b44a2ee2b712d12f604
SHA1 7a0d8628eae66197868097a69d5d3fcd708e1657
SHA256 03bac30080a83ff1bc7d84f16c33f626939fad8339eef93aa59e12419a33086b
SHA512 6618e12974915173d4dd7c3562385de8f84538aa4e9962c68b17c2d25b25addabd949e6632cf297c592e3646550b4a49a3e3239b9a168a34beea2e87a7b1098a

/storage/emulated/0/Android/data/com.spider.film/cache/Log/2024-10-15.log

MD5 064e92bce7ecb5d4e584470af1c64bbe
SHA1 49fc4dd4505cec37a66dc394e9e8db5d7f3a5f60
SHA256 e1d63f839ddba60bc4f874d87da2bb085946cc227721876baadacfcf664611fc
SHA512 102845916b4748d5676f4d5af91f3138c99a88f1d512448847e529d2c439ccc7b97365b53d92cde8dca1eac7bcb6c5c8e51bf2d8aac71120869db5ddc3c50dbb

/storage/emulated/0/Android/data/com.spider.film/cache/Log/2024-10-15.log

MD5 36932b17c63442427497bb9cc1184bbd
SHA1 d2ffd8fbdec9befb3eb8f8130e88a2be8d8e9b5e
SHA256 4e47f261cafe992ca502c0990453024f6645e51bff405fae6c1d9a192e71298a
SHA512 013a5dbf567d5b652112e62086f288bc0de4242d8a6fbcf2f9bda5e76f80b11b8f1636c3a57d324f38efa39e43fd2c5ca9993158515b0a69bf0f9d69bfca229e

/storage/emulated/0/Android/data/com.spider.film/cache/Log/2024-10-15.log

MD5 9c22460b244f2c08f498521df4e21e24
SHA1 5eedc60141a7121ee041947e74c1710c946a7077
SHA256 3cba2fe37375ee4c52f1468e5eb1a782f309cec91d1f24509f1e3d77c73f2064
SHA512 72b0e21407b1525e32d49ffae05118ea7d363d8d025fc55d079912df4ca9555a6c854c661c82efd8fa9e6b247cc5cd6127b45ffe34b91e0c00a82fb7b8531657

/storage/emulated/0/Android/data/com.spider.film/cache/Log/2024-10-15.log

MD5 0d7ff158072e881c3a7ed13587cf09b1
SHA1 7c8d789eff288de7eb1cc04675ea8b86852cee77
SHA256 1cabe022943f332ebb1ab2ca3c5670db00b494b8d8a7f1f646d8314d3a17df68
SHA512 276b0124301e5061843a66f43b3ee0e5e3836f1e231bf8137851728c9e73823a274155dc135fec96c1acbb81def135064cb90dbab3672cbf84522e5070f4c696

/storage/emulated/0/Android/data/com.spider.film/cache/Log/2024-10-15.log

MD5 9cd0cb6a665e7a0670567b99133bfae4
SHA1 ade2c0d0a33f1dab0e4b924fe27675e2c60d02bc
SHA256 6e734da75274bf859a7d5af6bc5828469c59b67a9a62cacbf20dfe69f42de193
SHA512 5a0d1bfd7fc223e7e4b73485a5d552ed7a74ca69893f5d4f4da3dea5b364f27f22379ffa7e8cff8cc70ebddea1f47f4aa2cc40ecdf7297cb57aefb266fdaf8c0

/storage/emulated/0/baidu/tempdata/yoh.dat

MD5 1681ffc6e046c7af98c9e6c232a3fe0a
SHA1 d3399b7262fb56cb9ed053d68db9291c410839c4
SHA256 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA512 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

/storage/emulated/0/baidu/tempdata/yom.dat

MD5 a936690571e9104e1922dda4a0ba5bd1
SHA1 65f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256 f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA512 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-15 23:23

Reported

2024-10-15 23:25

Platform

android-x64-20240624-en

Max time kernel

138s

Max time network

157s

Command Line

com.spider.film

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.spider.film

com.spider.film:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 180.76.11.136:80 loc.map.baidu.com tcp
US 1.1.1.1:53 film.spider.com.cn udp
US 1.1.1.1:53 tracking.spider.com.cn udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 s.jpush.cn udp
US 1.1.1.1:53 alog.umeng.com udp
CN 110.41.53.90:19000 s.jpush.cn udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 xdrig.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 redirect.networkbench.com udp
GB 216.58.212.228:443 www.google.com tcp
CN 123.206.5.129:443 redirect.networkbench.com tcp
HK 180.76.11.136:80 loc.map.baidu.com tcp
HK 180.76.11.136:80 loc.map.baidu.com tcp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 api.skyhookwireless.com udp
HK 180.76.11.136:80 loc.map.baidu.com tcp
FR 15.236.15.186:443 api.skyhookwireless.com tcp
CN 110.41.53.90:80 s.jpush.cn udp
CN 154.8.188.31:443 redirect.networkbench.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:80 easytomessage.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.94.9.210:19000 sis.jpush.io udp
CN 1.94.9.210:80 sis.jpush.io udp
US 113.31.17.108:19000 udp
CN 223.109.148.178:80 alog.umeng.com tcp
US 113.31.17.108:80 udp
US 113.31.17.106:3000 tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 110.41.53.90:19000 sis.jpush.io udp
CN 110.41.53.90:80 sis.jpush.io udp
CN 123.60.89.60:19000 sis.jpush.io udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 123.60.89.60:80 sis.jpush.io udp
US 1.1.1.1:53 sis.jpush.io udp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
CN 123.60.31.166:19000 sis.jpush.io udp
CN 123.60.31.166:80 sis.jpush.io udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 113.31.17.108:19000 udp
US 113.31.17.108:80 udp
US 113.31.17.106:3000 tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 123.206.5.129:443 redirect.networkbench.com tcp
CN 154.8.188.31:443 redirect.networkbench.com tcp
CN 110.41.53.90:19000 sis.jpush.io udp
CN 110.41.53.90:80 sis.jpush.io udp
CN 123.60.89.60:19000 sis.jpush.io udp
CN 123.60.89.60:80 sis.jpush.io udp
CN 123.60.31.166:19000 sis.jpush.io udp
CN 123.60.31.166:80 sis.jpush.io udp
US 113.31.17.108:19000 udp
US 113.31.17.108:80 udp
US 113.31.17.106:3000 tcp
CN 110.41.53.90:19000 sis.jpush.io udp
CN 110.41.53.90:80 sis.jpush.io udp
CN 123.60.89.60:19000 sis.jpush.io udp
CN 123.60.89.60:80 sis.jpush.io udp
CN 123.60.31.166:19000 sis.jpush.io udp
CN 123.206.5.129:443 redirect.networkbench.com tcp
CN 123.60.31.166:80 sis.jpush.io udp
CN 154.8.188.31:443 redirect.networkbench.com tcp
US 113.31.17.108:19000 udp
US 113.31.17.108:80 udp
US 113.31.17.106:3000 tcp

Files

/data/data/com.spider.film/files/umeng_it.cache

MD5 706f1c9e0d3acb7fd9fb1bc29bddc9a6
SHA1 08c4dee0b63172608e200219bd9eb9822cd85539
SHA256 6949b3524d7c33813433a2979771da86a033d7c431610743954f1635217b1f47
SHA512 d504d3ceaef2afa50a43889dec24440b8f65e9c47a95938aefdc0dcc37a251f3d2cec24b8226e4417f5cb689d73fbf2df4291c316e4520821e5a3cc8a7cd64e4

/data/data/com.spider.film/databases/rep.db-journal

MD5 2cd47ada17ad7a4e3d5e2717cb2762c6
SHA1 7cb844672cec4a3bce75c8cf81e80e8ad7cc49e5
SHA256 5f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279
SHA512 c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae

/data/data/com.spider.film/databases/rep.db

MD5 72815a237407ad685f5fb7ab00d2516a
SHA1 5307e0f3e27d2533864deb31051226dc0cff2c14
SHA256 59b189afa75918a4c199cc256aa1419d88f2f6c68264efe22b4630426ac03d75
SHA512 2f53634498b75f2e51e1eef7b1b878349c519c5ddc4d6bdcfb7ca193bcf32a0c9919518592c080d8ed31769b5a1b605ffb925d769baa6e781dde7e714d4b2936

/data/data/com.spider.film/databases/rep.db-journal

MD5 550525b2bae27ac6f6e21252d48ea341
SHA1 7d5dc4dc2ca736bc2e4a3055bfd568393cc8a472
SHA256 19b74893ed0d7ffce272683f7fb85566136cb73e3456849c8f4ae011184b0453
SHA512 6d780d35539692faafe601dd1e06b2c24fc7073debb8694b174e8a727985c738a91cd6336acc60c55dcef21c608b3b6e7816dd4848e6415d22eddab1d77e483e

/data/data/com.spider.film/databases/rep.db-journal

MD5 d04524242e3432e10c8a143b1d607895
SHA1 f61b6e641bc1d2274f5f7060ce66fb75fc9b1969
SHA256 13d167011b552b6da67ef1790929e5531ccbbeeea035f03015e1c1cbf2f145d2
SHA512 cf4eaeeb5d4eeb964b353764cc8e91306e01f83d5d8b6b718c007b8a295048504fbd48bdb3e7a195451754e09667ab5247f96d26cccba5da55ef11cd9256c0c4

/storage/emulated/0/Android/data/com.spider.film/cache/Log/2024-10-15.log

MD5 0b762f8c93a58c13de1c16fcddefeebf
SHA1 71e0ea4cdf5b1a96d516f80895590af0eb145db4
SHA256 c06c655a77b4b5c683ae1d2688b1d7d8e6e61957ef3809bf74046e903c66eb42
SHA512 9b4396daafd56aa98743510fd961036556e33553fb211616653e5ed7b66930d506eaf1d409655dcfa07f0792afff9c001b85a0e16e3f1b2050ff7770a414f0a3

/storage/emulated/0/Android/data/com.spider.film/cache/Log/2024-10-15.log

MD5 ae70da98e5ac4900f1994c824b31ec95
SHA1 0d90a169b75ab596f67f2f5afe3f0baeacb67574
SHA256 1295702feec88e48082ca39225bb21c4aef9a45ed45280f0badb427dad8ef248
SHA512 8785fa2dfa8d6464cfe1bef92acbcf2a60cd259a599348bb8760926211ac0d608fc3daf796ab4495f2b472c80afe6f965ea262f2642dd5456600b1dad047c09f

/storage/emulated/0/Android/data/com.spider.film/cache/Log/2024-10-15.log

MD5 efea7a61735c1edca11acdb972f3cab9
SHA1 275d66aad0717ca7318e6d4fb29858d00838d3e2
SHA256 47787a90961259ef7c224e47abea51e572c5c67de04d17d3b3af5fecfcb92ca1
SHA512 f547b86aefe3413b6c2789f77600cde9f6a3ba40e7af4abe8c84c83c534065b9d36f2d8fb4005e3651bda8dc561e2510125ca54a7c35088330a44e008c9959a7

/storage/emulated/0/Android/data/com.spider.film/cache/Log/2024-10-15.log

MD5 8c23c8d703f96f07c5bf1fc3f69fbfcb
SHA1 1b14b1c2fc937119b2efa43bc17ee234fb1b2d1b
SHA256 c13498d876e9d3f2c5ce1fd7b858d9e775aa39c672a1612fcd6110241e9907ba
SHA512 76601f6ed614fc50ea92b082f7751f756510fefb7d9506d9ebc4945e8d1ad02f91cdd467cdebadfb7f73d5b81a33b96879cf5fb0bc80fa8770e80f1ca93ef9ed

/storage/emulated/0/Android/data/com.spider.film/cache/Log/2024-10-15.log

MD5 7eb6f18934950e535b91e8e78afcde79
SHA1 be7b37693c3fd99266486675c5a453a9695102e5
SHA256 cbd6a5c142c8cea001121568d2c5ab1058ca46d20e7cca683415fedf5e08701e
SHA512 a4d5234a85fd074b88d653f7c16a468cfab4e0d9a70a960baeee1eb399c9d05c05d71401564661c8827598e91de0e56d32111de3e96d7916fdc9e15d9143636e

/storage/emulated/0/Android/data/com.spider.film/cache/Log/2024-10-15.log

MD5 d884a9bd711c4187a9b2fac04f7f1b78
SHA1 334b10ef88819ed61307e12da6831af5266fb4ea
SHA256 07d11913cfb1e212d315966721a3ce35ada54edfa10298c6fc30ca9118564014
SHA512 1371658687e18e9e8c34e8db34211db8d2947ffc9a3d4ced7fafac31feb32760f6368daf0dbc365753458f4663c6118dffc90256ce1de1473c4a88421c1edc3c

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 ddc1816a56a0ae97b0691e9eba756d87
SHA1 99856e456e562a4afdfaa21a8382177f1a1f6505
SHA256 d43de04eaf7da53c0b38594b6474c7a96a1f9b3d74e3b40c151a0a0464845576
SHA512 932b9ad1a7dde7b8093d246e5b2554fb5d64923fb85162ed645a05db5e45dd5afe9255ee3669f1e9d9c5e85194c02ebe6061ece3c4ee784dc71390fed245d080

/storage/emulated/0/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/baidu/tempdata/conlts.dat

MD5 bcefc81629a40f837239e09e476fd377
SHA1 73d209db018aa3df28efc8b4ec95afac7c22c1c2
SHA256 686b946ee0d3fda9bea74807f20d8d1d28a34a295d4bdab6c9c3c6d9a404d8f1
SHA512 c4ddb4860b171910480e6b49824598a6f08738d6ba17b36a848e16af69ec3512b8199ecdc869d80fa93317c1d51e11b4541e27ed5d723eb0037b590250dc0383

/storage/emulated/0/baidu/tempdata/yoh.dat

MD5 a936690571e9104e1922dda4a0ba5bd1
SHA1 65f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256 f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA512 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

/storage/emulated/0/baidu/tempdata/yoh.dat

MD5 1681ffc6e046c7af98c9e6c232a3fe0a
SHA1 d3399b7262fb56cb9ed053d68db9291c410839c4
SHA256 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA512 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5