Malware Analysis Report

2025-08-06 02:51

Sample ID 241015-z8s8gssbkq
Target 4a124f29f5b9c878a4b5567ffaa2b97b_JaffaCakes118
SHA256 9b5ac1f58b6e5e6b3afdeae483260790ce667b78a64f322941ef45f9bb9607d7
Tags
banker collection credential_access discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

9b5ac1f58b6e5e6b3afdeae483260790ce667b78a64f322941ef45f9bb9607d7

Threat Level: Likely malicious

The file 4a124f29f5b9c878a4b5567ffaa2b97b_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection credential_access discovery evasion impact persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Reads the content of photos stored on the user's device.

Makes use of the framework's Accessibility service

Requests cell location

Queries information about the current Wi-Fi connection

Queries information about active data network

Reads information about phone network operator.

Declares services with permission to bind to the system

Makes use of the framework's foreground persistence service

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-15 21:23

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-15 21:23

Reported

2024-10-15 21:26

Platform

android-x86-arm-20240624-en

Max time kernel

149s

Max time network

154s

Command Line

com.baidu.appsearch

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.baidu.appsearch

com.baidu.appsearch:locationservice

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

com.baidu.appsearch:bdservice_v1

su -v

su

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 wappass.bdimg.com udp
CN 121.14.156.36:80 wappass.bdimg.com tcp
US 1.1.1.1:53 wap.baidu.com udp
US 1.1.1.1:53 m.baidu.com udp
HK 103.235.46.84:80 m.baidu.com tcp
HK 103.235.46.84:80 m.baidu.com tcp
HK 103.235.46.84:80 m.baidu.com tcp
HK 103.235.46.84:80 m.baidu.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 180.76.11.229:80 loc.map.baidu.com tcp
HK 103.235.46.84:80 m.baidu.com tcp
HK 180.76.11.229:80 loc.map.baidu.com tcp
HK 103.235.46.84:80 m.baidu.com tcp
HK 103.235.46.84:80 m.baidu.com tcp
HK 103.235.46.84:80 m.baidu.com tcp
US 1.1.1.1:53 m.baidu.com udp
HK 103.235.46.65:80 m.baidu.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
CN 183.61.177.36:80 wappass.bdimg.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
US 1.1.1.1:53 lc.ops.baidu.com udp
CN 182.61.244.241:80 lc.ops.baidu.com tcp
US 1.1.1.1:53 hmma.baidu.com udp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.195:80 hmma.baidu.com tcp
US 1.1.1.1:53 api.tuisong.baidu.com udp
HK 45.113.194.87:80 api.tuisong.baidu.com tcp
HK 45.113.194.87:80 api.tuisong.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
US 1.1.1.1:53 udc.safe.baidu.com udp
CN 106.12.1.64:80 udc.safe.baidu.com tcp
US 1.1.1.1:53 sa.tuisong.baidu.com udp
US 1.1.1.1:53 tcp
CN 111.206.208.104:5287 tcp
CN 125.74.1.36:80 wappass.bdimg.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
CN 182.61.244.241:80 lc.ops.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
US 1.1.1.1:53 m.baidu.com udp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
CN 150.138.188.36:80 wappass.bdimg.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
HK 103.235.46.65:80 m.baidu.com tcp
CN 180.97.107.238:80 lc.ops.baidu.com tcp
CN 171.214.23.36:80 wappass.bdimg.com tcp
CN 180.97.107.238:80 lc.ops.baidu.com tcp
CN 175.4.51.36:80 wappass.bdimg.com tcp
CN 36.155.169.204:80 lc.ops.baidu.com tcp
CN 182.106.158.36:80 wappass.bdimg.com tcp
CN 36.155.169.204:80 lc.ops.baidu.com tcp
CN 182.140.225.36:80 wappass.bdimg.com tcp
CN 153.3.237.195:80 lc.ops.baidu.com tcp
CN 123.235.31.36:80 wappass.bdimg.com tcp
CN 153.3.237.195:80 lc.ops.baidu.com tcp
CN 220.169.152.36:80 wappass.bdimg.com tcp

Files

/data/data/com.baidu.appsearch/databases/myappstatus.db-journal

MD5 6c603b0f3de29c3889d997877205f1f1
SHA1 0471904bac3677a787d2a222a4b460943227a9bb
SHA256 b005f6535a7afa7b23d038b3f000b8dc892b7bbb168370dccea8a2af2e0fdba8
SHA512 150245150b5522d392996e641c1273af2ac3010f15a084a020561ed98d6035bce2ab0b63dc9cc6af747ad9f0cddc6cdb5172d544f728d23422a8050dfd0650d7

/data/data/com.baidu.appsearch/databases/myappstatus.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.baidu.appsearch/databases/myappstatus.db-shm

MD5 42805051ed37583c8f7130e4f1929870
SHA1 c517236ba3012c39ea72d12cda2e3095f88570fc
SHA256 52e1010818170e694678c53076d07792ccc227e54d7418db3e2162b10348d8aa
SHA512 aea605299d88e03c49cd75f7d6a523c659bbab9027815e7471a20eee311974cb596738688a4005701342a57360106835e744346816245912b653a97913f66218

/data/data/com.baidu.appsearch/databases/myappstatus.db-wal

MD5 a3fc0112b8291527434a379378beb0fd
SHA1 9605b11e13d531737226d3cb066f124f0b84fcad
SHA256 f73d358197f6e80dc75b632fda4bb09d6b45512cd90c5aa5d01830d9f85474a9
SHA512 dc781b73ed4c6843ac50e4467bbff88dd39f36521d7aae40881b86e7debfddc4da75d83a6f9a9599b9c88663238280364cfd53c963e0d68006f4ceccaed71dc4

/data/data/com.baidu.appsearch/databases/server_config.db-journal

MD5 c695611b4a31aa6a7d5ac2f05cfc2f8b
SHA1 2d1382ed782d6a41cc066f8f6d4c7871202b9927
SHA256 8da18f8e34a29ec781fa1cc0c3f76007808a52a8a7a7b2dd18592bd40b67f370
SHA512 7c17873766740c36e291d70db6781f0458b9416254f550c898bf312ea597fde008231e3dcb6715d7287214b3c4b2ea3bc9b367d296356646a8df3d407cd0144b

/data/data/com.baidu.appsearch/databases/server_config.db

MD5 2777a5f8411bde993f803a2185755251
SHA1 36940d46bd90520f9f66865e6bd842d17ba422f1
SHA256 0a144b44e570ff580ff5e073e08beeee789d392f6542655898d73e81baee9a68
SHA512 4802200d18e873716a1384096f630e177f87f35b6e32623807b825b2b41b6d900b60463fea79cb0c1beadca306f7a028fc0e819820ee636ef5a15dc16c4976df

/data/data/com.baidu.appsearch/databases/server_config.db-shm

MD5 4b3a89f2a11e11399c3b6416db6f96aa
SHA1 ca2ebc7e178794b5e1c8c237c64c72378fc9f58d
SHA256 7d8cb481fa05440a3ee2a555fbe5b6c900c5b46cef256d17f5d88d070ce6eb4a
SHA512 4d2cf87df28c7ea1e84b66f0a331bdd2ed924358cd3d1ef8b870758211fa1364251d42db55cb16292569d16997e49e033ac97fc493f7ff540dcd8e1c6b6a8faa

/data/data/com.baidu.appsearch/databases/server_config.db-wal

MD5 bf7c831ff5378b762451d82889eac67f
SHA1 2a1b4b741d5fa9dfc505b4bfc2cdcd56ed41eecd
SHA256 3516bbba51007d0d9801994b7b284af2fe79369178a325fbff1f32f7a91e0455
SHA512 2c6f04c1243f46e9e09bbb233648305ce6940a44b471d113f11078ef5dc130f0eaea638d2fedb80bf6c212380f08a1567c4234f66e9b6d3e016788ed1bbafcf5

/storage/emulated/0/baidu/.cuid

MD5 2ea6ca757b8239d54b1a6d98464d2b8c
SHA1 949cc30475dfa70442aae60f00a5cd669a4ffbf0
SHA256 2d31d44a4a7ef9e18503df4486b9d4cf8d683e61995639c0b861cfef2393f4ae
SHA512 a49a5c60789630d3ae9acc904719b477e4f26d3b91c455ad2e2973c391309f476551aa03a098feb22c078bf7dcacd2b2097e53d6da9d7a28889a4be79343fa43

/data/data/com.baidu.appsearch/databases/downloads.db-journal

MD5 b6701513175d9981d69dd95c2b96828a
SHA1 f942c47de679ece2a98afb47e514a8d51e670bac
SHA256 35bbb8f02d555cc16a373c09b6798f25e4c251654581e5c46f7d42a88446aab2
SHA512 1b29e1aea1d4aded3915b1ce0003d6fae20b417e1c609fb8d3b160ad3a97bc6f172a0006b4586dd4a153d2c1efc2166933405dd1c317e539da46a4a1645486ff

/data/data/com.baidu.appsearch/databases/downloads.db

MD5 de0a177f4eb10b6a813c2f47320cc3e0
SHA1 7f8ecbf982114da77571d5f7fa610e34c418d23e
SHA256 eaa8e1a8da2b9c37a09bcd07b0783d504e1c38e61decdb7e5cd3f6a86182f9b9
SHA512 fadee46091ecb7bcd0d0d1b5626a6e58f8e80250aac922b9026d3bcc5ca9fd39749284017d278125bfa7d73136b1cd015e2b61ec338346c2afcc07e5ff028b72

/data/data/com.baidu.appsearch/databases/downloads.db-shm

MD5 e1caec098df4d8830b1257af6951a1f4
SHA1 53431f5b2f054c9460bdd2ccba65453090aca8af
SHA256 9099cfc123c9a3386a10735206302b9350cee281b61e38d2b493392f7feeb5f9
SHA512 45038eff856237d3f344dff91dfa9ab510a7fcc99ff874c3892c68e5947af3f4331f612d62b40c8488303d9281030fb179ecd26faf6055c10398a9049bd11637

/data/data/com.baidu.appsearch/databases/downloads.db-wal

MD5 e1e20e602c08f7d26df9185a3daaa9ea
SHA1 188b546433b01d5faefd956e6d35f1a8910193d7
SHA256 9c44def790869b51badeaf8aab581182fbeb592588fc53f9254edf25a09b734f
SHA512 b7a0f0123d90a6224bc53a2a9a9fe7eeba45eb76c67835d19d0d225cf0df9dd17e0eea0eafd3b69ce49fde974f30fe7ed71a74219775478db7feae0a156d85c8

/data/data/com.baidu.appsearch/databases/bddownloads.db-journal

MD5 0f4b78ffc632a27c1ba90e62a84c41af
SHA1 79b361234cf766100ab7a993d236f91c0e614b4b
SHA256 d016d689398cdcfe194a913a2fef8f166dddbf30109ca30b9be3c06395746f53
SHA512 6e95ac8ff6d7854cc9be295f2b41a9dcb75d49ff2fc79eabc8e195c94f7b7063be7b75553b8171cf43783abede2ffdacc453d97b47cea1cbe5f823dab516f7dc

/data/data/com.baidu.appsearch/databases/bddownloads.db

MD5 cd780f1263f45045046508f134dcced6
SHA1 b4e221342aa54f42c21b221f77b87e1219ded088
SHA256 dd8d813c308a95dce8bae2034de1ccdb75cbe60c8ecb2adb171307df0f5fa0d5
SHA512 26cf273f752bea09add20dcbfa2f74fc599881e4139130d5da2c3500523fa8af06d0527336f246ddda2c4767e46512893db6736ba15a73ea9517f694b87436c7

/data/data/com.baidu.appsearch/databases/bddownloads.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.baidu.appsearch/databases/bddownloads.db-wal

MD5 1c994ef8aef0caa6682b9d126fabcab5
SHA1 78f5e399634009b5ea108561f5f2f9cc9e5774aa
SHA256 67ff7bfbe76a79a07ab845dc38d7a5ee7d888f0b7b2defff6c937b7411e5c55d
SHA512 eb7bc9d466768a2b6c75357fdb97f16c24f8d702f0390be0ba7d68e0d22c55b2b31775f0e88532b9bf81374d9d00075fc0f820ac2fc96b6ff6f0fbf390fbcdc5

/data/data/com.baidu.appsearch/databases/appsearch.db-journal

MD5 9fbde5a50bf7a3b7af72b1da39e1d396
SHA1 c602875e992e0e02ccb1acdcbbbfa36a560f3f44
SHA256 559e6fbe538f4f2eb73c5c42dd4ff14208eb0e4f8eef28720eb42e2acf5dc808
SHA512 e45fd2317c0f6a084ea5bed531c6ff44ffbac4cff4057f4db55bb683e408be38ec8a34eebba97a779f0f6363e3a42c7a18f0b64404f014e6c4cc20c0c401d707

/data/data/com.baidu.appsearch/databases/appsearch.db

MD5 f26c4664ce76edb7431ae801209025b6
SHA1 9c7b529341560d32e01935cbde85d23eec191dc4
SHA256 57ec899a1270ca6dee52d76568128fef3ecef71174663bbd5bdb4d997d5efe96
SHA512 63afd36e5978e87bc7e46a979fcd694f74f519e8e0b914a24dadb1f3fbfc73e3d1943edcfdc6d501a768d5b33dc60fd68abbe5ba6e7946e81b32b9d00d7dc2a4

/data/data/com.baidu.appsearch/databases/appsearch.db-wal

MD5 0e8c76e0b21ab8200dae565e939b2eca
SHA1 c94ecc3d523de2d8e7340205f053e3502e74e1eb
SHA256 78f147af6f778d8b2cefdf6ad41b101c9349d9665a2b84a59fce7fa35f0fae5c
SHA512 381f09eb44a2ef06d45f4a44c9529281339f186cbd2ffc058d2fd9dcf7167cf71496c3b131f0d97ba8efc2ac6b77297367273120d47d6b4d4fbfb50db2e7d17f

/storage/emulated/0/backups/.SystemConfig/.cuid

MD5 986a08ab6a38c270da13505099af2fd7
SHA1 ba197d731335528b13f79b9a7ab07aa8abba46c8
SHA256 09473b34093e05318a290d906d06004da4a741e93da049934d52ec80d7b72924
SHA512 99fe1b49f1986228cdcfd948bdbcddeda35ae710a9658e4b31cee43becefda203bf8dc10897af4e45b357c6ce8d357db981d9f296a23e8ef2180b9b8e4c54fe2

/data/data/com.baidu.appsearch/databases/plugapp.db-journal

MD5 fd1d8c7a0fc0e22f407273083262e829
SHA1 19b64275dceadb71c41c546513d9b36311203b28
SHA256 ed7d2fe0291eef01d74d46b2c6e66cb7d92f6cd07aa6c0429d86181277435997
SHA512 5b9a2ce209e80fb94b2a674c36a3a16343436a9c9afff3d578b261f5919190963f969f459740030dc10ea10f72f980008bd61c9c0cbd65328a05576437484ffb

/data/data/com.baidu.appsearch/databases/plugapp.db-wal

MD5 85e3336fa6695b7d8838708ec35aebb0
SHA1 0c0e74423d6fcf43887ce1fee8237368df17250e
SHA256 baf2e9ddd7198da0671839e7e50f5d1684384020c7978c51f90c33c612eb52fc
SHA512 4313eb16a692a1c9d4b8a5a9cef1c046ff55b84d86adb0b424dab46c04339cd126ed872ff37dcbdfb8f404cc7fc4819cf62ce77cc31d65dd980eccb2ea6e79ca

/storage/emulated/0/baidu/pushservice/files/.info

MD5 fe52d5882ae20c97740bfbcfdb64b3b0
SHA1 03e2e2967cb8e1a0cfe586d27405462cd2ab0593
SHA256 f516f88b49a3bd0be29702c7f5fa2330e531d76e72ba8fd5109f44ad055ccf9d
SHA512 0806f4465474f482c47e4a5a5fc5271a06a2df217be680b5f61fece3afd7a49f9c7faf301e1c4642fdb0376814cb2b72017fe63cf8f95411ff3fec154f8a3aff

/data/data/com.baidu.appsearch/databases/netflow_monitor.db-journal

MD5 bc8f679cb4701e8ea85412f24d9bfd1e
SHA1 2106586044183a70199532ac08386547abfeb4ce
SHA256 8df7a66043a96d2edca90f12ecd76fd60ef28598d551cd7d71ff7acbcf3b2b8f
SHA512 bdd184625b7670425a228eb37b4c56f3093d110a3f1a52bc4c41a593342c85bb710251091076486c2a71fbf49067815d36a20f2ecb41e6bc49a36a0bb223baf6

/data/data/com.baidu.appsearch/databases/netflow_monitor.db-wal

MD5 b118dc6a7bd2f340f73e6187f79d24ba
SHA1 cbe42661e3d4a2bd209692740f185c550fe9dfea
SHA256 0c01a8f9130814da7d609ba7252a2cca50034727a288183531ac829a3e8a875d
SHA512 a168d515c0fed739ca858e06d069b542b1e32d307e6f03bf325bc9bb480f535f8fa2b06712414628f5058aab9841d955a6ff2e832359998ff74933292f4a252a

/data/data/com.baidu.appsearch/files/libprocmox_v1_5.so

MD5 43c5217651372a37db368d96fde6b34e
SHA1 37c83eacf170376111abd63777df294037b9d025
SHA256 7c3a5087335525e948545711628985deb818a5da3a62748d564208f9ffbb1dcc
SHA512 268b851261962e8146f4ffc9f61baeb7f81c02b7ca8035438f910a0bb8ed33e76c43f1df16e15cf4ae571b9566472d3d1b84d2b02c2076df07977dde44a036ca

/data/data/com.baidu.appsearch/databases/batteryusage.db-journal

MD5 ec42c5380688b53c31a46867f5c00cbb
SHA1 f9f6dba86c24f7a0dc7b5e67ed00eb5c8addf912
SHA256 6b814ab683b6a0070c4622cbc67eb95ec07525f91219c0e90d407eaf0e5d8da7
SHA512 24db4137bfe4fdeabbb6e86375723da10ad8105940713597c46344e3539fe23f088a9087c983ac7a5c902ccaffc35971498aa650edf54e9a1c16c9715368cb54

/data/data/com.baidu.appsearch/databases/batteryusage.db-wal

MD5 035cd170c3eff975a4eb771a2246601c
SHA1 e298809ca3105c5ef9de487223f80f48ad3963de
SHA256 520886f3c732c46fc8edfa71d771a368cc4190ca95a7e2da6face49482ddaa28
SHA512 64d3fd4045427c45b5ae66fdbebcb63be3372f5fc0cf44ecbffb90fc978a5ce6ece187308cdd0d90b322210c0616c69c15b55e856697864a7d429e3bed97a500

/data/data/com.baidu.appsearch/files/__local_stat_cache.json

MD5 2d805b13f2f28dc3ca9bbcc000f49bb5
SHA1 9eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256 c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA512 5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

/data/data/com.baidu.appsearch/files/__local_ap_info_cache.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/storage/emulated/0/baidu/pushservice/files/.info

MD5 b4f40c20e67e2db6c782196e849c5f00
SHA1 d7c0e86e9f28c0c071b7efbd66eac2c0bc5eb470
SHA256 32331e32d464c749a68186dc0c12a5638d7c41266c07bc5e7dd5edcbde7079a7
SHA512 fcdc2f5a6b9a5b7e7b1fd11c8eb601897cbcbffdb2c1c74133f0ce1c1f126a540db7059f73568fa65e689bbf7910b5db08e1922f4ff3951896c73be06582d62a

/data/data/com.baidu.appsearch/databases/root_unfinish_transaction.db-journal

MD5 e50a9c8f47188c72f2b5bd9e5ee677b9
SHA1 6c891da813559bb14e7ebcb1070baf124f1acde8
SHA256 92b7c0a393be57932dfd7e7adfdeee25a92f076296623dc6abe99d2ee0f78225
SHA512 8fc84262cc471f4e53d3c27d50c4d930d7a87d0719ffcb206ca7f2d21ae32e7fb087cfd089fdbcd91c551441ea8513470f18d300edd419f21d8309d87db6aa94

/data/data/com.baidu.appsearch/databases/root_unfinish_transaction.db-wal

MD5 4527001f2ff6deeaaa75b577113c5abc
SHA1 4f59bf647290266e6e4b243f833336ce791790d7
SHA256 4376bd287b4a301ca6ac90d4a4fd0e75010d999bff87c9959c6bc2c88fbf38b1
SHA512 30a755a0a17083fec541d179636407711c047d8648dbc4c726fb8b26929ce77a658011ab5b86c6025e8a6ead00bd4a3a9780f30cefbff8b00e6fcb6ca6f4ab64

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_4.5.6.db

MD5 f2fbb635bdc8b3b38e5c696289610193
SHA1 bedf750f0b00791d6d045764f484df935ac1d8dd
SHA256 ca50ecbbecbfd01130a70dd8db3b59888707a2b8741c1458f2b0056951b5fdf2
SHA512 bb19c27702cb7e35fd8b977765752dd9a2a448fdd125dc0045feca20f6e32120cb7126c7b5e421c256f72ce740a65674eeac80b7522d3343911448696ed64298