Malware Analysis Report

2025-08-05 19:10

Sample ID 240518-wlqbjagc84
Target 5611fad7482b8df338d6604dac75db9a_JaffaCakes118
SHA256 ce5e83dbb771050f19c4f04c6c511e3b9fa424d34537c60365ae1e74c90c4488
Tags
banker collection discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ce5e83dbb771050f19c4f04c6c511e3b9fa424d34537c60365ae1e74c90c4488

Threat Level: Likely malicious

The file 5611fad7482b8df338d6604dac75db9a_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Queries information about the current nearby Wi-Fi networks

Registers a broadcast receiver at runtime (usually for listening for system events)

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

Checks if the internet connection is available

Reads information about phone network operator.

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 18:00

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 18:00

Reported

2024-05-18 18:04

Platform

android-x86-arm-20240514-en

Max time kernel

163s

Max time network

188s

Command Line

com.yiqiao.ecarallrun

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

com.yiqiao.ecarallrun

com.yiqiao.ecarallrun:pushservice

com.yiqiao.ecarallrun:remote

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.map.baidu.com udp
US 1.1.1.1:53 app.ecarsx.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 199.59.242.150:80 app.ecarsx.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 dns.map.baidu.com udp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
US 1.1.1.1:53 dns.map.baidu.com udp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
GB 142.250.178.3:80 tcp
GB 172.217.16.228:443 tcp
GB 216.58.212.227:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.187.195:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.187.195:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 dns.map.baidu.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp

Files

/data/data/com.yiqiao.ecarallrun/databases/pushsdk.db-journal

MD5 b34307ad0b533c3d3c5deb23632b1ab8
SHA1 f4bd2bf66f3d7cf2aa831754a5aaf91045c65ef1
SHA256 3495596b9ba1e52e596a463d843ea12c3d05bdb419a6a9a4871aa3c73bd26941
SHA512 99dffcb5372d42a7fbeac9f331760dc1d38dd9c71086bbe6b285f0a6e2bb752b9666084ed91587d30b939e488cf6afe5cf8006466ce68a9b9dc335c154939280

/data/data/com.yiqiao.ecarallrun/databases/pushsdk.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.yiqiao.ecarallrun/databases/pushsdk.db-shm

MD5 cddbe6afe5c22f7d1b73632f67928539
SHA1 442afc9f70241d4c28d35e31506a557aaeb008cd
SHA256 cf403602634b57b8624b440b395a310fb86977c1de7f64ca8d851090ae0b4702
SHA512 b17da34a7612d78ca0d9d10c176aa885c3e3852cbfc86e6b7359ba5506c5851dc3ac801bd6adcbb8d2d9bb27dc5d448eab0392a7146d5796998be5b37c153dc0

/data/data/com.yiqiao.ecarallrun/databases/pushsdk.db-wal

MD5 5b64134d29d8185ca273b2f877b8797b
SHA1 11060be4062aad6a9daa9cdd0ea4e8b49c68b583
SHA256 260842a3ab82476bd5b38852014e5f9fc3fe10786a8e67adc6154107dc0ad96d
SHA512 c2c637658c0322b40506600793b9eccb74f51d38e5013f3cf9eeff095b4b487a43cecf16bf31192a2d17041ef0b70fc5debfd237614e31b8bcc4ed89f3d4677b

/storage/emulated/0/baidu/tempdata/ls.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_location.db-journal

MD5 f999d249d711510ca1c609cb9d07f7d3
SHA1 04cee1210c26ad4dc1b50629e855166fe758aeed
SHA256 1ed60115068aea041d0702ef275286441656b56fa41b3aa583e321fae41f472a
SHA512 4d18ae3bde5afce14040d08ed19f3b1bf2a04270606fe539a2cc2f2b50c267de6f2807218cddb3f135ac971e4b6a57b97197f08413c9397a15e1feea4738f9bc

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_location.db-wal

MD5 0e3c6d7ebf28736913e19e4c7ae3d134
SHA1 f12905f44c7271993898c47d8827cc8b8a84edf3
SHA256 228f13154133b70bdc2c50e4ad3ea4d1095de3f1c199c6599b51f5d41cdbf048
SHA512 08aabc415b0801bde2d717db99ce78394d5ff985a4bd4aabc3ef8fa72897fada9c28a8ae485c32ce45820edb06edf8dc58fee83ace1f248c9f4a2b27d830484d

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-journal

MD5 b9fc679b3d380b735ff4c49f0457b44f
SHA1 7367fa4d77b7e95288218d980f166043fbc8cc59
SHA256 3eae87e4acc4f4c3ecdd1085151a60b351545d4928689a58a3c2c8640eac42f6
SHA512 16add62640ab91dc2bd46b2aa3eb6d047184b0082d91267f0982d05a30ec5e1c9e901401456877277f06c41bdf18eea5080e6a2c7ae84e4dc21c08f67c9e3389

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-wal

MD5 7ee8cf8ee577a5fc32f62130f34b8e14
SHA1 3820bc7bda85bda905cd2e22482cc2c2c51fd332
SHA256 d46a8e85ee4c64942cfe3ef0f2759cdc3ea7be2a7f82bf484ce183f3cd0a3c70
SHA512 675ff9df158f50db0613973215f5b84fb69d9e39f0c460b7144e2555d0d04dda2443730cebba7df5fa459742fc8ce6a9e593bebba031fcb492cde1d9fff8af0d

/data/data/com.yiqiao.ecarallrun/files/lldt/firll.dat

MD5 48a77f941e29a43252ecb57db5e054a8
SHA1 6c7f0a271136602b817ece919a21a7ad8be0523a
SHA256 c9c7b07317a817d80298a1ef8d03248c16c341107c973c5ae1d8be8ed654605d
SHA512 b90bec41530cd8f0d0786f87328b7b47bc600caf365647f0fcd608d257cf32c0e74f431e5eb873172964a181442d43fb590a608c22e9986429df84fdd694dd4a

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 631e125a91e5357a4c425f78c29e0e0f
SHA1 b54032aa86c628e9b8e9c49ad0f894ba50d13aad
SHA256 84d2d70939cddfb565c5b967084ee425382474bf6def04549fe1e54a1c7f1e51
SHA512 e8ebb7eb2c4eee6ea813ed2deaa259349ceeb4c4e3b5d98b82ea86a07cb57b04bf6a8f4246f2404f04d1d681c27160f92bdd4025aa2f8497c86df40ec3d309a7

/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat

MD5 161557b06b4a4d3ce095528dea370eb7
SHA1 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256 f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA512 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat

MD5 fa2d00681934d0d864bcaf5e55dc5134
SHA1 f83e1523e352b7c3ee34d0dd2e8742c709adc702
SHA256 d3a48df460b1b61b22e1541581eced84417e3fe66b73f991e3a4fa31c7886504
SHA512 8de4cc9d653b99d5d3a5b21857f88e3610e0586d57fe3b2d1840c4ab72c6ae1e4f9d328d18db2d118dc27dfd3a3b1ca4cba8d789a969103be2ff9950fec75a21

/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat

MD5 3ebb332147250c693bef8057f70681bb
SHA1 9882380913cc3744ef6594b33d353484eb0dba5e
SHA256 7dafa96dfca8a66c24dd181d07918d5aa4fa23ff9b451494a43e4e2968866163
SHA512 072a079ef26070a22eec3d4f85006aa9d61fdce280280799c14bf662cbd139c33817875ce5ea0445933b0a1f4e8eebedea3d53abb742d34b608d33ebbb95038a

/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/conlts.dat

MD5 1a8050a6d7b64227b059dc20a07cefcb
SHA1 0d31e95754ac49a4ea6b8cff60b70978ace5e6b2
SHA256 d556330fa5c3e985d1012f4be1adfa855d116469f1b43f93e637f4f77332a57a
SHA512 48b96efa7f92944ff1f8eac9cb4bb39e5a43fe5f2a0321ce07da3297f3e4be172c1823576743352da87f9ed1a117f5a55fccdfa9e01e0a78d35746e0c337e720

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl.config

MD5 f926e395b049a197ce8ab91a055ed1d3
SHA1 4ee2720e1caa8d77bcd429a424970ca9ab8b1874
SHA256 40021f4ed83a02edb1d48a7e2b91c3ef80325f2d0909d227780046d96a5df8e3
SHA512 b92e2e72bd851a5ce1069caf09375c7be6984d81fa774a7c1a404dc477c0efc5ea18acb490bf0672fb9378772be9b2d16c363ae8e28ffb8a472af1126c8796a4

/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat

MD5 233ac02ac6671f2c5f3a31a9d7c3848e
SHA1 c04394845e168e67f5b34dc8a19a5c0bd032abf8
SHA256 742cdffe76fffa0f5151978c00f490d9a0e159ebd8e10505c7a4401d47b726c6
SHA512 123e523985c9cb5ab25b783ca3ce7afb6f47875cd04bcc7a24a94e32396c1c0918321dc38799e6a07eb47babbfe4919075255d7eeb4f132cca4a21a3d281f669

/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat

MD5 1eb391cc8bf2dbfdd1ba9bc2b1318106
SHA1 d3f24f70e2b79b00aaba39b3075c8f3e616355bf
SHA256 1bdb06e77ed9a9ae7cf46aded3c37386fb3c7961be0edd4872c2becfc967ab4a
SHA512 f22bbcb8d4f2334f0325a51797faaacf0eefd9bf6989f4f80ee7c9f123e38d20069adbac40c4b972f940e67678bdeff4367aa1db3143df8848eb821b5963f5d8

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 18:00

Reported

2024-05-18 18:04

Platform

android-x64-20240514-en

Max time kernel

179s

Max time network

186s

Command Line

com.yiqiao.ecarallrun

Signatures

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Processes

com.yiqiao.ecarallrun

com.yiqiao.ecarallrun:remote

com.yiqiao.ecarallrun:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 app.ecarsx.com udp
US 199.59.242.150:80 app.ecarsx.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 dns.map.baidu.com udp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 172.217.169.42:443 semanticlocation-pa.googleapis.com tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
GB 172.217.169.42:443 semanticlocation-pa.googleapis.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.37.161.112:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 52.47.37.2:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp

Files

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 838d2437799681c0770bd16b6245de5c
SHA1 0190a98ce014134ee9473e61fbea5ef2371571c7
SHA256 3b5b1bf8a7c1cac7279565a47316891399bb958d72cd14db055ce79cc838b065
SHA512 f3d1c0190a3a692a124351bd3895a493ea3baf5b1d76cb4a5be88bb93e95e72fd38954b9adfc4b49800277ce8b0267bd8aa98ab8e99a7b91353493e9b95c8bcc

/storage/emulated/0/baidu/tempdata/ls.db

MD5 c8e78adeb5d02a5bb107419e01fb4c7e
SHA1 cde0542d0ee86ff949717c60010c73f202d2ac24
SHA256 763987c3d069b7d505010e1acae7539668e7daf5eb5343ca1cf98cdbd4a21ad3
SHA512 d5135caf761e43bba7272e3503bbed9b24ade0f1f31a2044d17240a1b51c6d3dfaac98d5d533060152328f23177a4635010f908d47587a0cf08e640a7a805beb

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 7e07fbc78d2c96f9de2f0030e2af49de
SHA1 7cf590ce1979145778d5c11f5b2209e1e6d15a09
SHA256 db81ad39cd8885cd368ffe3a9ddf513a4412ce4e1b6cfc7b9c964191e782c1bd
SHA512 665664093ecf2ba40b0913f02112926541d5e218e9419b15241f25f0b3cbc6b5ac8d5f909699bf871f355eb5805fadf9f3c4eda47d236d1a6f04ee943ee7b2af

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 f73c18bf1a911a4057ab804031b4fac1
SHA1 077357e5a29cf714eab0f985be262c7bb843bfba
SHA256 ed46638ca33089d76d342591504638c9f9b83a7c3be4ddd175fe847c02169f33
SHA512 24a10f6444fa2a58f885aeae6d96ce69df24c4f707b0b6e4a6e5b6e3d8e372b2dc11128f5c35defc7b596e4901972dde553fe8854600f728db16c7241727722c

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 539f47f91bc93fa6bdb4b2285e502529
SHA1 50a00b5779cbb5ac0da85dc7f7305efe597f84c2
SHA256 2d4f2558460f4019b0d83197c343b683870b836db017ae94ac98659a7603c95e
SHA512 6d864ed7a95209889f48b7792f8e66bf7385d5bedfd3610820a3a3ab08acdd5d1a9fe6c0cbc6b9091bd278f23ac302d4f4723926e470e3620254b6e0eb0ecf6d

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 3e9baa5e895c24b9caf52347407ea8a7
SHA1 237683c316217953f4ccfc1edaf65862efd52d5b
SHA256 d1e1b1b49344c796a4e33203b08e9aa789e1b55d9a6a493c3a1e3da89adac98d
SHA512 65407d372d6f970c1c8542959f47037b58bfd98d3c22ba59c5be30e7bf9fd5ea76d0543c90af6ff5d558514d168911e7834c8cfa5f0cb3ee6f3deba77b8e1817

/data/data/com.yiqiao.ecarallrun/databases/pushsdk.db

MD5 0808e95af0b478317d0290584590d0ea
SHA1 65d7b3518eda3c636cbf656716924af614fcb6b4
SHA256 79359bc24502f90cc6c999d02026235246e6e4234edfb69bb629e8764ef79d2a
SHA512 b4880d1bf1bcf113a3a6f8a5fcd9817d0cb199e06adf078d73258d13432104f31d0825eba08d9a4bf7512edfd39cd0e66608d7f7afcb9dca33756477d7e04e47

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_location.db-journal

MD5 467049ef518d249caab56f31e5937809
SHA1 f0530661193355190d69ce0a6d88a11880e2354f
SHA256 7420940d403fec6e3d5c6e60df1e08efaaba29303376ace224f7b5e45b508a17
SHA512 2f3df6d74f0a50faf7a4ebb4eeb655c5553257e05e37b3c6a2c62e4010e3d42898e71410bd7beacf87a9034244e32c14894aa04fca0fccc89c14a70c919aaac6

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_location.db

MD5 49eefa442e55be8652c7c3c5f28d912e
SHA1 941ef7e65d47d38dd5f47084663f4fd7f57fbbc9
SHA256 63d7b59dcdc791b5d1380a1d06b9e199f6136965dc21a887efdd0cfac9d0a1b7
SHA512 b6c9d8a985a865c43348e34d94f149e4b552359d9afc7f5db660535ea107fbbdcedee542b9bfa018f1881c6c021b1e9bd331debe9562dcdffe2f8b3655d2d3c7

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_location.db-journal

MD5 6e7d3e85a73c38acdc07e760c57df61f
SHA1 be186da2b51e2f6c92c75062a5cf8650843f516f
SHA256 be11716ac6aa64246e0047f587592a0406862925c0397c67d9e37188f73fc1db
SHA512 f91dbd495c8501dd7d1049c0c55191e1a63af9b5ce3243145d3a65c85f4f11ee78521f62c06c14dbad78a51a54bd9c8ba891c86de9140442c941549c52d43b00

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_location.db-journal

MD5 c6d0c78672114f276d642abb1929bdb8
SHA1 9d196c2c44f5dda541dce37772eeb370d2b15169
SHA256 4d8b01d750b69f4c0510bf85330d15af19623d4066e1bc3daa6d2a6ea279d832
SHA512 26331cef6c8085d863074206cd938cb0a71e7b834a941e3ee216dbcc8af0ff4f029891082b42850fde0e813f1b05681220cd60780c3179a0ce0a6defe3a1252d

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_location.db-journal

MD5 529c45d16bd787af86195de84b73e11a
SHA1 4acb93b6d3b082ac8b14ce0292269f92795f331c
SHA256 0424ac60c430605164c8ce2b7ee908b619e7c0f97d45566dae92e9fa857cbf0d
SHA512 6b6b3118edc251a14f796aa63a49a7a8024766c9405ad351ba4666ae79ea2aaa414de42295723c653c374875bb03b7350310733647ddc039cf06fcb592a8fd2f

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-journal

MD5 eb80ef85429b491dfe2b2b131bd2c058
SHA1 7a92aec8f57361e80ca427c9babbc0a9883b6180
SHA256 9ff501db5656f6dd639cd85f4254058f53d06cd7c6cee989224bdd295d814e51
SHA512 d0620c730130d09d0b5214895ba7af4b1e3ac17b0fd7100f3d66ed2b009c44f96ad1a0ed02bb1a4a3f798454db08525aaefe5019d96c30ba1294f85c0fccdb58

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db

MD5 744ba4d6f58e22f8f82d56a50e4b5373
SHA1 535e389f9b7f2e0d14e550fdd00011dfc255e0b6
SHA256 8b47d5b310d68b6911dbcfd7ecda4d7131351f66365f81db82f2979ae2f53592
SHA512 e888ccb7fc6722eaf8fb6bb8370c55f9eaab299be08db7c57038efaf945569b62b7b6b2dde5169044c5d60a4a9a9051ee7a7c2146153aa7d22d8b7c8f3310055

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-journal

MD5 b159e730989dffd111a7de8bd019176b
SHA1 0c0c644d0f1335ee3953a064ab2e74ba2daa0a13
SHA256 2e9e5ced1a36fe40805e64b3391afd27e1b5c315ee32dadec3e5fe4808d3e340
SHA512 5e1cd80ec7f0d3bad7e4c907499d688a909e12846b9e47afbeb6cd83749b512599ce33f4249758ade29f82539d098659bc90fdd40b50ee5dcf4d8f917cd41bf4

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-journal

MD5 410208c080b9dab7c92159e290813d9e
SHA1 141b8f09a29f7ee96d188d77bd1785d5f9ce9540
SHA256 4638e9602672765dc338c627ed4bc6ab1ecc11ce219ef1a5ece5268c9e6156c2
SHA512 5c264a496c5369c532ca3795074ae2b4c65860ddd16a05afede50962520f6e36e94d55e05bfa80e83bd4e11f8497ad7b5678aaef2fca3da4142452d14ab4dd6d

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-journal

MD5 f0d9de030c37b11fa2f45b0b4a07de7d
SHA1 9810da62bce96b085b08f229d348cd77095daa64
SHA256 d74b206f11b4d21776c62a3cb2f3c95330d6a329224f8875673b624b738c2095
SHA512 ebb3183efaad83f50ee8181158b69f6f99732c36cb92428767238e30f4583f108ebaaf8254195b2cc229f7cc8785f85dab4cdf3c4e70734e2e9f3e86598294f1

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-journal

MD5 d6206699430493dc383a129e4f49d98e
SHA1 4268d94d6b525db7acd6faa9e22cd9d3f6ea3e37
SHA256 cb2686bcd31ffdbd3defb3184feafb8606315d8fcf303ea3d25b7f606034bd5d
SHA512 7db48a4d9548a38985dcb91eeab4ebd0987a0119d559673bf425c3651c58fb7ba5ef06e9b537b8ea5bd97d86c302f4670c37e45c9d692ce8945588856f7616f1

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-journal

MD5 7df64f2eeb775182a032d4f24fd43e5b
SHA1 476b60d851c03044786485bfaacac20ab4e514c6
SHA256 1a3d234a40a6470388bc31387fbba4f54a7807e00613b78e6df4683fd5cd297e
SHA512 72a31920a1052d2e3cc1a53fe98f9ea92aca07e0fb1903ed047c0e71fc371bc4c79d85efb9ff04d61c2e6a346ffc2d6977c0d97f8f572c3f29526a739afb7542

/data/data/com.yiqiao.ecarallrun/files/ofld/ofl.config

MD5 04258903fef500dcc3dac4ff1f750dcf
SHA1 39b6e74226088bc0633ff19ac3159543f90390f0
SHA256 4539114dad6754a5c6325b66cf7c84e84795c7d96531c64d44168ddd5049cb2f
SHA512 8b714afdaebf4493c85b086ef331e74b3aad6f606494fb2477805969e9f861e9151ab5f62bd302cc9d80cb7f9f3f51f0ca1390d75ea4418bb07f74dedbcaf14f

/data/data/com.yiqiao.ecarallrun/files/lldt/firll.dat

MD5 8485374136b63f7cc2e0979dd3db3ec7
SHA1 179a25cc94ecfbcfebc336fb6d8b1bf6bd830477
SHA256 9b2ed5daeee54c38d192cf041b48b34e8a645cbe925bb76ae81131dd5c8587f2
SHA512 f2fdea187ee427a7fc641055f4dc9323b01a39baec2ba329c1664bc7ebb2718b4ea407819f9e4e3b190aa191c49ee4275429b39850a96a86adb08bfd8ac769b3

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 96c4e85d90c5a15f2d587eae59786ad6
SHA1 d08bad774be05b501e1388b5019c73cb8d066fd1
SHA256 0d188fe11d08abe6ff90bd57e11e436513dbf511f9745946337c879da5083e62
SHA512 d5943b20975722c9de8597e18573eebc079eac310034a7ded7ee384ffa818993ec47350c2baf69aaf62e82a346e13de5163f0e28a4ce2dc8419e3de7db30473c

/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat

MD5 161557b06b4a4d3ce095528dea370eb7
SHA1 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256 f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA512 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat

MD5 b9c9a594e085de96f100885582e6f88d
SHA1 cbcf8f70f7dd5cfd616bc9be78c8d78820d2af4d
SHA256 62921fb55ffa71d497f7a100d7f43e4aff0c75d742a4607499340739e3e1661d
SHA512 2b5d1c6a97c35b5a954dab79a559d2c5b3ccd07019897369820bae95d42f445590979daff7d2e29719bb6a19373b43cf0e88b4a0cfc560800ca003d1fc2f8721

/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat

MD5 2c844c8c9a3a4a39975422b861076ff1
SHA1 ce221eb25c3db0ba5ca8035e9391185c351bf40f
SHA256 3319c53df81e9846926dcb0d1212b9aa0ad3df925cb5820f2a7861a8d94aadff
SHA512 afda65b17e93c258fbcaa8b30257153feb56a56eb80831907eacf571ee1b9e78b105d0772b9770629076eafd307620ce5f909686fd01e71b88febb7156dbd8fa

/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/conlts.dat

MD5 1a8050a6d7b64227b059dc20a07cefcb
SHA1 0d31e95754ac49a4ea6b8cff60b70978ace5e6b2
SHA256 d556330fa5c3e985d1012f4be1adfa855d116469f1b43f93e637f4f77332a57a
SHA512 48b96efa7f92944ff1f8eac9cb4bb39e5a43fe5f2a0321ce07da3297f3e4be172c1823576743352da87f9ed1a117f5a55fccdfa9e01e0a78d35746e0c337e720

/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat

MD5 0906b9850ec320a14c2b7a76a3208895
SHA1 4dfe2f8f828841f80b9e8523469ba0e581e95eb9
SHA256 7f9a7b9d57d59c034aaa6e8c9dc775d3395dfb4ef987f8c92e161e3dda85f95c
SHA512 f25b3783070492c831415dcccc4754105b386d88aca49cff2d458c265fc1cf1c9340cbaed9538527691c4f5979784a084f0a6c6014f2f49703e49dd99ab8e652

/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat

MD5 be06e36d67ed8f39ea39389c668c777c
SHA1 928307603437e3f00fe7b82be7f13360750d4f23
SHA256 6fcf7930d866c805e16fcbc853a5430400dcb55be49bc82296e1a5215cbd18d3
SHA512 a206839feba8ae37d976d08579c2ffb37a1503699e743346f02a505d06e380172d6e919d5e109981bb6e768aed6270ea28202a24d7aceb90e8ab42d4ee93c5a2