Analysis Overview
SHA256
ce5e83dbb771050f19c4f04c6c511e3b9fa424d34537c60365ae1e74c90c4488
Threat Level: Likely malicious
The file 5611fad7482b8df338d6604dac75db9a_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
Queries information about running processes on the device
Queries information about the current Wi-Fi connection
Queries information about the current nearby Wi-Fi networks
Registers a broadcast receiver at runtime (usually for listening for system events)
Acquires the wake lock
Queries the unique device ID (IMEI, MEID, IMSI)
Checks if the internet connection is available
Reads information about phone network operator.
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-18 18:00
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 18:00
Reported
2024-05-18 18:04
Platform
android-x86-arm-20240514-en
Max time kernel
163s
Max time network
188s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Processes
com.yiqiao.ecarallrun
com.yiqiao.ecarallrun:pushservice
com.yiqiao.ecarallrun:remote
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.195:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | api.map.baidu.com | udp |
| US | 1.1.1.1:53 | app.ecarsx.com | udp |
| HK | 103.235.46.245:443 | api.map.baidu.com | tcp |
| US | 199.59.242.150:80 | app.ecarsx.com | tcp |
| HK | 103.235.46.245:443 | api.map.baidu.com | tcp |
| HK | 103.235.46.245:443 | api.map.baidu.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | loc.map.baidu.com | udp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | dns.map.baidu.com | udp |
| US | 1.1.1.1:53 | sapi.skyhookwireless.com | udp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| US | 1.1.1.1:53 | sdk.open.talk.igexin.com | udp |
| CN | 183.134.98.112:5224 | sdk.open.talk.igexin.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| GB | 172.217.16.234:443 | semanticlocation-pa.googleapis.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.igexin.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.igexin.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | sdk.open.talk.getui.net | udp |
| CN | 183.134.98.76:5224 | sdk.open.talk.getui.net | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | sapi.skyhookwireless.com | udp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| CN | 183.134.98.76:5224 | sdk.open.talk.getui.net | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.getui.net | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| US | 1.1.1.1:53 | dns.map.baidu.com | udp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | sdk.open.talk.gepush.com | udp |
| CN | 183.134.98.112:5224 | sdk.open.talk.gepush.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | sapi.skyhookwireless.com | udp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.gepush.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| GB | 142.250.178.3:80 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 216.58.212.227:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | api.map.baidu.com | udp |
| HK | 103.235.46.245:443 | api.map.baidu.com | tcp |
| HK | 103.235.46.245:443 | api.map.baidu.com | tcp |
| HK | 103.235.46.245:443 | api.map.baidu.com | tcp |
| US | 1.1.1.1:53 | dns.map.baidu.com | udp |
| US | 1.1.1.1:53 | loc.map.baidu.com | udp |
| US | 1.1.1.1:53 | sapi.skyhookwireless.com | udp |
| US | 1.1.1.1:53 | sdk.open.talk.igexin.com | udp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.igexin.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
Files
/data/data/com.yiqiao.ecarallrun/databases/pushsdk.db-journal
| MD5 | b34307ad0b533c3d3c5deb23632b1ab8 |
| SHA1 | f4bd2bf66f3d7cf2aa831754a5aaf91045c65ef1 |
| SHA256 | 3495596b9ba1e52e596a463d843ea12c3d05bdb419a6a9a4871aa3c73bd26941 |
| SHA512 | 99dffcb5372d42a7fbeac9f331760dc1d38dd9c71086bbe6b285f0a6e2bb752b9666084ed91587d30b939e488cf6afe5cf8006466ce68a9b9dc335c154939280 |
/data/data/com.yiqiao.ecarallrun/databases/pushsdk.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.yiqiao.ecarallrun/databases/pushsdk.db-shm
| MD5 | cddbe6afe5c22f7d1b73632f67928539 |
| SHA1 | 442afc9f70241d4c28d35e31506a557aaeb008cd |
| SHA256 | cf403602634b57b8624b440b395a310fb86977c1de7f64ca8d851090ae0b4702 |
| SHA512 | b17da34a7612d78ca0d9d10c176aa885c3e3852cbfc86e6b7359ba5506c5851dc3ac801bd6adcbb8d2d9bb27dc5d448eab0392a7146d5796998be5b37c153dc0 |
/data/data/com.yiqiao.ecarallrun/databases/pushsdk.db-wal
| MD5 | 5b64134d29d8185ca273b2f877b8797b |
| SHA1 | 11060be4062aad6a9daa9cdd0ea4e8b49c68b583 |
| SHA256 | 260842a3ab82476bd5b38852014e5f9fc3fe10786a8e67adc6154107dc0ad96d |
| SHA512 | c2c637658c0322b40506600793b9eccb74f51d38e5013f3cf9eeff095b4b487a43cecf16bf31192a2d17041ef0b70fc5debfd237614e31b8bcc4ed89f3d4677b |
/storage/emulated/0/baidu/tempdata/ls.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_location.db-journal
| MD5 | f999d249d711510ca1c609cb9d07f7d3 |
| SHA1 | 04cee1210c26ad4dc1b50629e855166fe758aeed |
| SHA256 | 1ed60115068aea041d0702ef275286441656b56fa41b3aa583e321fae41f472a |
| SHA512 | 4d18ae3bde5afce14040d08ed19f3b1bf2a04270606fe539a2cc2f2b50c267de6f2807218cddb3f135ac971e4b6a57b97197f08413c9397a15e1feea4738f9bc |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_location.db-wal
| MD5 | 0e3c6d7ebf28736913e19e4c7ae3d134 |
| SHA1 | f12905f44c7271993898c47d8827cc8b8a84edf3 |
| SHA256 | 228f13154133b70bdc2c50e4ad3ea4d1095de3f1c199c6599b51f5d41cdbf048 |
| SHA512 | 08aabc415b0801bde2d717db99ce78394d5ff985a4bd4aabc3ef8fa72897fada9c28a8ae485c32ce45820edb06edf8dc58fee83ace1f248c9f4a2b27d830484d |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-journal
| MD5 | b9fc679b3d380b735ff4c49f0457b44f |
| SHA1 | 7367fa4d77b7e95288218d980f166043fbc8cc59 |
| SHA256 | 3eae87e4acc4f4c3ecdd1085151a60b351545d4928689a58a3c2c8640eac42f6 |
| SHA512 | 16add62640ab91dc2bd46b2aa3eb6d047184b0082d91267f0982d05a30ec5e1c9e901401456877277f06c41bdf18eea5080e6a2c7ae84e4dc21c08f67c9e3389 |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-wal
| MD5 | 7ee8cf8ee577a5fc32f62130f34b8e14 |
| SHA1 | 3820bc7bda85bda905cd2e22482cc2c2c51fd332 |
| SHA256 | d46a8e85ee4c64942cfe3ef0f2759cdc3ea7be2a7f82bf484ce183f3cd0a3c70 |
| SHA512 | 675ff9df158f50db0613973215f5b84fb69d9e39f0c460b7144e2555d0d04dda2443730cebba7df5fa459742fc8ce6a9e593bebba031fcb492cde1d9fff8af0d |
/data/data/com.yiqiao.ecarallrun/files/lldt/firll.dat
| MD5 | 48a77f941e29a43252ecb57db5e054a8 |
| SHA1 | 6c7f0a271136602b817ece919a21a7ad8be0523a |
| SHA256 | c9c7b07317a817d80298a1ef8d03248c16c341107c973c5ae1d8be8ed654605d |
| SHA512 | b90bec41530cd8f0d0786f87328b7b47bc600caf365647f0fcd608d257cf32c0e74f431e5eb873172964a181442d43fb590a608c22e9986429df84fdd694dd4a |
/storage/emulated/0/baidu/tempdata/lcvif.dat
| MD5 | 631e125a91e5357a4c425f78c29e0e0f |
| SHA1 | b54032aa86c628e9b8e9c49ad0f894ba50d13aad |
| SHA256 | 84d2d70939cddfb565c5b967084ee425382474bf6def04549fe1e54a1c7f1e51 |
| SHA512 | e8ebb7eb2c4eee6ea813ed2deaa259349ceeb4c4e3b5d98b82ea86a07cb57b04bf6a8f4246f2404f04d1d681c27160f92bdd4025aa2f8497c86df40ec3d309a7 |
/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat
| MD5 | 161557b06b4a4d3ce095528dea370eb7 |
| SHA1 | 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f |
| SHA256 | f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4 |
| SHA512 | 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449 |
/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat
| MD5 | fa2d00681934d0d864bcaf5e55dc5134 |
| SHA1 | f83e1523e352b7c3ee34d0dd2e8742c709adc702 |
| SHA256 | d3a48df460b1b61b22e1541581eced84417e3fe66b73f991e3a4fa31c7886504 |
| SHA512 | 8de4cc9d653b99d5d3a5b21857f88e3610e0586d57fe3b2d1840c4ab72c6ae1e4f9d328d18db2d118dc27dfd3a3b1ca4cba8d789a969103be2ff9950fec75a21 |
/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat
| MD5 | 3ebb332147250c693bef8057f70681bb |
| SHA1 | 9882380913cc3744ef6594b33d353484eb0dba5e |
| SHA256 | 7dafa96dfca8a66c24dd181d07918d5aa4fa23ff9b451494a43e4e2968866163 |
| SHA512 | 072a079ef26070a22eec3d4f85006aa9d61fdce280280799c14bf662cbd139c33817875ce5ea0445933b0a1f4e8eebedea3d53abb742d34b608d33ebbb95038a |
/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/conlts.dat
| MD5 | 8d80bc8ea90e9cac010d3ddf97bda5f5 |
| SHA1 | f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07 |
| SHA256 | f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93 |
| SHA512 | 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7 |
/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/conlts.dat
| MD5 | 1a8050a6d7b64227b059dc20a07cefcb |
| SHA1 | 0d31e95754ac49a4ea6b8cff60b70978ace5e6b2 |
| SHA256 | d556330fa5c3e985d1012f4be1adfa855d116469f1b43f93e637f4f77332a57a |
| SHA512 | 48b96efa7f92944ff1f8eac9cb4bb39e5a43fe5f2a0321ce07da3297f3e4be172c1823576743352da87f9ed1a117f5a55fccdfa9e01e0a78d35746e0c337e720 |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl.config
| MD5 | f926e395b049a197ce8ab91a055ed1d3 |
| SHA1 | 4ee2720e1caa8d77bcd429a424970ca9ab8b1874 |
| SHA256 | 40021f4ed83a02edb1d48a7e2b91c3ef80325f2d0909d227780046d96a5df8e3 |
| SHA512 | b92e2e72bd851a5ce1069caf09375c7be6984d81fa774a7c1a404dc477c0efc5ea18acb490bf0672fb9378772be9b2d16c363ae8e28ffb8a472af1126c8796a4 |
/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat
| MD5 | 233ac02ac6671f2c5f3a31a9d7c3848e |
| SHA1 | c04394845e168e67f5b34dc8a19a5c0bd032abf8 |
| SHA256 | 742cdffe76fffa0f5151978c00f490d9a0e159ebd8e10505c7a4401d47b726c6 |
| SHA512 | 123e523985c9cb5ab25b783ca3ce7afb6f47875cd04bcc7a24a94e32396c1c0918321dc38799e6a07eb47babbfe4919075255d7eeb4f132cca4a21a3d281f669 |
/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat
| MD5 | 1eb391cc8bf2dbfdd1ba9bc2b1318106 |
| SHA1 | d3f24f70e2b79b00aaba39b3075c8f3e616355bf |
| SHA256 | 1bdb06e77ed9a9ae7cf46aded3c37386fb3c7961be0edd4872c2becfc967ab4a |
| SHA512 | f22bbcb8d4f2334f0325a51797faaacf0eefd9bf6989f4f80ee7c9f123e38d20069adbac40c4b972f940e67678bdeff4367aa1db3143df8848eb821b5963f5d8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-18 18:00
Reported
2024-05-18 18:04
Platform
android-x64-20240514-en
Max time kernel
179s
Max time network
186s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Processes
com.yiqiao.ecarallrun
com.yiqiao.ecarallrun:remote
com.yiqiao.ecarallrun:pushservice
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | api.map.baidu.com | udp |
| HK | 103.235.46.245:443 | api.map.baidu.com | tcp |
| US | 1.1.1.1:53 | app.ecarsx.com | udp |
| US | 199.59.242.150:80 | app.ecarsx.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| HK | 103.235.46.245:443 | api.map.baidu.com | tcp |
| HK | 103.235.46.245:443 | api.map.baidu.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | loc.map.baidu.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | sdk.open.talk.igexin.com | udp |
| CN | 183.134.98.102:5224 | sdk.open.talk.igexin.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | sapi.skyhookwireless.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | dns.map.baidu.com | udp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.igexin.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.igexin.com | tcp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 172.217.169.42:443 | semanticlocation-pa.googleapis.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| GB | 172.217.169.42:443 | semanticlocation-pa.googleapis.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| US | 1.1.1.1:53 | sdk.open.talk.getui.net | udp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| US | 1.1.1.1:53 | sapi.skyhookwireless.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| US | 1.1.1.1:53 | loc.map.baidu.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | sdk.open.talk.gepush.com | udp |
| CN | 183.134.98.102:5224 | sdk.open.talk.gepush.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 13.37.161.112:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | sapi.skyhookwireless.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.gepush.com | tcp |
| US | 1.1.1.1:53 | sapi.skyhookwireless.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.gepush.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.37.2:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
Files
/storage/emulated/0/baidu/tempdata/ls.db-journal
| MD5 | 838d2437799681c0770bd16b6245de5c |
| SHA1 | 0190a98ce014134ee9473e61fbea5ef2371571c7 |
| SHA256 | 3b5b1bf8a7c1cac7279565a47316891399bb958d72cd14db055ce79cc838b065 |
| SHA512 | f3d1c0190a3a692a124351bd3895a493ea3baf5b1d76cb4a5be88bb93e95e72fd38954b9adfc4b49800277ce8b0267bd8aa98ab8e99a7b91353493e9b95c8bcc |
/storage/emulated/0/baidu/tempdata/ls.db
| MD5 | c8e78adeb5d02a5bb107419e01fb4c7e |
| SHA1 | cde0542d0ee86ff949717c60010c73f202d2ac24 |
| SHA256 | 763987c3d069b7d505010e1acae7539668e7daf5eb5343ca1cf98cdbd4a21ad3 |
| SHA512 | d5135caf761e43bba7272e3503bbed9b24ade0f1f31a2044d17240a1b51c6d3dfaac98d5d533060152328f23177a4635010f908d47587a0cf08e640a7a805beb |
/storage/emulated/0/baidu/tempdata/ls.db-journal
| MD5 | 7e07fbc78d2c96f9de2f0030e2af49de |
| SHA1 | 7cf590ce1979145778d5c11f5b2209e1e6d15a09 |
| SHA256 | db81ad39cd8885cd368ffe3a9ddf513a4412ce4e1b6cfc7b9c964191e782c1bd |
| SHA512 | 665664093ecf2ba40b0913f02112926541d5e218e9419b15241f25f0b3cbc6b5ac8d5f909699bf871f355eb5805fadf9f3c4eda47d236d1a6f04ee943ee7b2af |
/storage/emulated/0/baidu/tempdata/ls.db-journal
| MD5 | f73c18bf1a911a4057ab804031b4fac1 |
| SHA1 | 077357e5a29cf714eab0f985be262c7bb843bfba |
| SHA256 | ed46638ca33089d76d342591504638c9f9b83a7c3be4ddd175fe847c02169f33 |
| SHA512 | 24a10f6444fa2a58f885aeae6d96ce69df24c4f707b0b6e4a6e5b6e3d8e372b2dc11128f5c35defc7b596e4901972dde553fe8854600f728db16c7241727722c |
/storage/emulated/0/baidu/tempdata/ls.db-journal
| MD5 | 539f47f91bc93fa6bdb4b2285e502529 |
| SHA1 | 50a00b5779cbb5ac0da85dc7f7305efe597f84c2 |
| SHA256 | 2d4f2558460f4019b0d83197c343b683870b836db017ae94ac98659a7603c95e |
| SHA512 | 6d864ed7a95209889f48b7792f8e66bf7385d5bedfd3610820a3a3ab08acdd5d1a9fe6c0cbc6b9091bd278f23ac302d4f4723926e470e3620254b6e0eb0ecf6d |
/storage/emulated/0/baidu/tempdata/ls.db-journal
| MD5 | 3e9baa5e895c24b9caf52347407ea8a7 |
| SHA1 | 237683c316217953f4ccfc1edaf65862efd52d5b |
| SHA256 | d1e1b1b49344c796a4e33203b08e9aa789e1b55d9a6a493c3a1e3da89adac98d |
| SHA512 | 65407d372d6f970c1c8542959f47037b58bfd98d3c22ba59c5be30e7bf9fd5ea76d0543c90af6ff5d558514d168911e7834c8cfa5f0cb3ee6f3deba77b8e1817 |
/data/data/com.yiqiao.ecarallrun/databases/pushsdk.db
| MD5 | 0808e95af0b478317d0290584590d0ea |
| SHA1 | 65d7b3518eda3c636cbf656716924af614fcb6b4 |
| SHA256 | 79359bc24502f90cc6c999d02026235246e6e4234edfb69bb629e8764ef79d2a |
| SHA512 | b4880d1bf1bcf113a3a6f8a5fcd9817d0cb199e06adf078d73258d13432104f31d0825eba08d9a4bf7512edfd39cd0e66608d7f7afcb9dca33756477d7e04e47 |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_location.db-journal
| MD5 | 467049ef518d249caab56f31e5937809 |
| SHA1 | f0530661193355190d69ce0a6d88a11880e2354f |
| SHA256 | 7420940d403fec6e3d5c6e60df1e08efaaba29303376ace224f7b5e45b508a17 |
| SHA512 | 2f3df6d74f0a50faf7a4ebb4eeb655c5553257e05e37b3c6a2c62e4010e3d42898e71410bd7beacf87a9034244e32c14894aa04fca0fccc89c14a70c919aaac6 |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_location.db
| MD5 | 49eefa442e55be8652c7c3c5f28d912e |
| SHA1 | 941ef7e65d47d38dd5f47084663f4fd7f57fbbc9 |
| SHA256 | 63d7b59dcdc791b5d1380a1d06b9e199f6136965dc21a887efdd0cfac9d0a1b7 |
| SHA512 | b6c9d8a985a865c43348e34d94f149e4b552359d9afc7f5db660535ea107fbbdcedee542b9bfa018f1881c6c021b1e9bd331debe9562dcdffe2f8b3655d2d3c7 |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_location.db-journal
| MD5 | 6e7d3e85a73c38acdc07e760c57df61f |
| SHA1 | be186da2b51e2f6c92c75062a5cf8650843f516f |
| SHA256 | be11716ac6aa64246e0047f587592a0406862925c0397c67d9e37188f73fc1db |
| SHA512 | f91dbd495c8501dd7d1049c0c55191e1a63af9b5ce3243145d3a65c85f4f11ee78521f62c06c14dbad78a51a54bd9c8ba891c86de9140442c941549c52d43b00 |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_location.db-journal
| MD5 | c6d0c78672114f276d642abb1929bdb8 |
| SHA1 | 9d196c2c44f5dda541dce37772eeb370d2b15169 |
| SHA256 | 4d8b01d750b69f4c0510bf85330d15af19623d4066e1bc3daa6d2a6ea279d832 |
| SHA512 | 26331cef6c8085d863074206cd938cb0a71e7b834a941e3ee216dbcc8af0ff4f029891082b42850fde0e813f1b05681220cd60780c3179a0ce0a6defe3a1252d |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_location.db-journal
| MD5 | 529c45d16bd787af86195de84b73e11a |
| SHA1 | 4acb93b6d3b082ac8b14ce0292269f92795f331c |
| SHA256 | 0424ac60c430605164c8ce2b7ee908b619e7c0f97d45566dae92e9fa857cbf0d |
| SHA512 | 6b6b3118edc251a14f796aa63a49a7a8024766c9405ad351ba4666ae79ea2aaa414de42295723c653c374875bb03b7350310733647ddc039cf06fcb592a8fd2f |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-journal
| MD5 | eb80ef85429b491dfe2b2b131bd2c058 |
| SHA1 | 7a92aec8f57361e80ca427c9babbc0a9883b6180 |
| SHA256 | 9ff501db5656f6dd639cd85f4254058f53d06cd7c6cee989224bdd295d814e51 |
| SHA512 | d0620c730130d09d0b5214895ba7af4b1e3ac17b0fd7100f3d66ed2b009c44f96ad1a0ed02bb1a4a3f798454db08525aaefe5019d96c30ba1294f85c0fccdb58 |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db
| MD5 | 744ba4d6f58e22f8f82d56a50e4b5373 |
| SHA1 | 535e389f9b7f2e0d14e550fdd00011dfc255e0b6 |
| SHA256 | 8b47d5b310d68b6911dbcfd7ecda4d7131351f66365f81db82f2979ae2f53592 |
| SHA512 | e888ccb7fc6722eaf8fb6bb8370c55f9eaab299be08db7c57038efaf945569b62b7b6b2dde5169044c5d60a4a9a9051ee7a7c2146153aa7d22d8b7c8f3310055 |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-journal
| MD5 | b159e730989dffd111a7de8bd019176b |
| SHA1 | 0c0c644d0f1335ee3953a064ab2e74ba2daa0a13 |
| SHA256 | 2e9e5ced1a36fe40805e64b3391afd27e1b5c315ee32dadec3e5fe4808d3e340 |
| SHA512 | 5e1cd80ec7f0d3bad7e4c907499d688a909e12846b9e47afbeb6cd83749b512599ce33f4249758ade29f82539d098659bc90fdd40b50ee5dcf4d8f917cd41bf4 |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-journal
| MD5 | 410208c080b9dab7c92159e290813d9e |
| SHA1 | 141b8f09a29f7ee96d188d77bd1785d5f9ce9540 |
| SHA256 | 4638e9602672765dc338c627ed4bc6ab1ecc11ce219ef1a5ece5268c9e6156c2 |
| SHA512 | 5c264a496c5369c532ca3795074ae2b4c65860ddd16a05afede50962520f6e36e94d55e05bfa80e83bd4e11f8497ad7b5678aaef2fca3da4142452d14ab4dd6d |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-journal
| MD5 | f0d9de030c37b11fa2f45b0b4a07de7d |
| SHA1 | 9810da62bce96b085b08f229d348cd77095daa64 |
| SHA256 | d74b206f11b4d21776c62a3cb2f3c95330d6a329224f8875673b624b738c2095 |
| SHA512 | ebb3183efaad83f50ee8181158b69f6f99732c36cb92428767238e30f4583f108ebaaf8254195b2cc229f7cc8785f85dab4cdf3c4e70734e2e9f3e86598294f1 |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-journal
| MD5 | d6206699430493dc383a129e4f49d98e |
| SHA1 | 4268d94d6b525db7acd6faa9e22cd9d3f6ea3e37 |
| SHA256 | cb2686bcd31ffdbd3defb3184feafb8606315d8fcf303ea3d25b7f606034bd5d |
| SHA512 | 7db48a4d9548a38985dcb91eeab4ebd0987a0119d559673bf425c3651c58fb7ba5ef06e9b537b8ea5bd97d86c302f4670c37e45c9d692ce8945588856f7616f1 |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl_statistics.db-journal
| MD5 | 7df64f2eeb775182a032d4f24fd43e5b |
| SHA1 | 476b60d851c03044786485bfaacac20ab4e514c6 |
| SHA256 | 1a3d234a40a6470388bc31387fbba4f54a7807e00613b78e6df4683fd5cd297e |
| SHA512 | 72a31920a1052d2e3cc1a53fe98f9ea92aca07e0fb1903ed047c0e71fc371bc4c79d85efb9ff04d61c2e6a346ffc2d6977c0d97f8f572c3f29526a739afb7542 |
/data/data/com.yiqiao.ecarallrun/files/ofld/ofl.config
| MD5 | 04258903fef500dcc3dac4ff1f750dcf |
| SHA1 | 39b6e74226088bc0633ff19ac3159543f90390f0 |
| SHA256 | 4539114dad6754a5c6325b66cf7c84e84795c7d96531c64d44168ddd5049cb2f |
| SHA512 | 8b714afdaebf4493c85b086ef331e74b3aad6f606494fb2477805969e9f861e9151ab5f62bd302cc9d80cb7f9f3f51f0ca1390d75ea4418bb07f74dedbcaf14f |
/data/data/com.yiqiao.ecarallrun/files/lldt/firll.dat
| MD5 | 8485374136b63f7cc2e0979dd3db3ec7 |
| SHA1 | 179a25cc94ecfbcfebc336fb6d8b1bf6bd830477 |
| SHA256 | 9b2ed5daeee54c38d192cf041b48b34e8a645cbe925bb76ae81131dd5c8587f2 |
| SHA512 | f2fdea187ee427a7fc641055f4dc9323b01a39baec2ba329c1664bc7ebb2718b4ea407819f9e4e3b190aa191c49ee4275429b39850a96a86adb08bfd8ac769b3 |
/storage/emulated/0/baidu/tempdata/lcvif.dat
| MD5 | 96c4e85d90c5a15f2d587eae59786ad6 |
| SHA1 | d08bad774be05b501e1388b5019c73cb8d066fd1 |
| SHA256 | 0d188fe11d08abe6ff90bd57e11e436513dbf511f9745946337c879da5083e62 |
| SHA512 | d5943b20975722c9de8597e18573eebc079eac310034a7ded7ee384ffa818993ec47350c2baf69aaf62e82a346e13de5163f0e28a4ce2dc8419e3de7db30473c |
/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat
| MD5 | 161557b06b4a4d3ce095528dea370eb7 |
| SHA1 | 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f |
| SHA256 | f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4 |
| SHA512 | 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449 |
/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat
| MD5 | b9c9a594e085de96f100885582e6f88d |
| SHA1 | cbcf8f70f7dd5cfd616bc9be78c8d78820d2af4d |
| SHA256 | 62921fb55ffa71d497f7a100d7f43e4aff0c75d742a4607499340739e3e1661d |
| SHA512 | 2b5d1c6a97c35b5a954dab79a559d2c5b3ccd07019897369820bae95d42f445590979daff7d2e29719bb6a19373b43cf0e88b4a0cfc560800ca003d1fc2f8721 |
/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat
| MD5 | 2c844c8c9a3a4a39975422b861076ff1 |
| SHA1 | ce221eb25c3db0ba5ca8035e9391185c351bf40f |
| SHA256 | 3319c53df81e9846926dcb0d1212b9aa0ad3df925cb5820f2a7861a8d94aadff |
| SHA512 | afda65b17e93c258fbcaa8b30257153feb56a56eb80831907eacf571ee1b9e78b105d0772b9770629076eafd307620ce5f909686fd01e71b88febb7156dbd8fa |
/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/conlts.dat
| MD5 | 8d80bc8ea90e9cac010d3ddf97bda5f5 |
| SHA1 | f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07 |
| SHA256 | f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93 |
| SHA512 | 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7 |
/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/conlts.dat
| MD5 | 1a8050a6d7b64227b059dc20a07cefcb |
| SHA1 | 0d31e95754ac49a4ea6b8cff60b70978ace5e6b2 |
| SHA256 | d556330fa5c3e985d1012f4be1adfa855d116469f1b43f93e637f4f77332a57a |
| SHA512 | 48b96efa7f92944ff1f8eac9cb4bb39e5a43fe5f2a0321ce07da3297f3e4be172c1823576743352da87f9ed1a117f5a55fccdfa9e01e0a78d35746e0c337e720 |
/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat
| MD5 | 0906b9850ec320a14c2b7a76a3208895 |
| SHA1 | 4dfe2f8f828841f80b9e8523469ba0e581e95eb9 |
| SHA256 | 7f9a7b9d57d59c034aaa6e8c9dc775d3395dfb4ef987f8c92e161e3dda85f95c |
| SHA512 | f25b3783070492c831415dcccc4754105b386d88aca49cff2d458c265fc1cf1c9340cbaed9538527691c4f5979784a084f0a6c6014f2f49703e49dd99ab8e652 |
/storage/emulated/0/Android/data/com.yiqiao.ecarallrun/files/baidu/tempdata/llg.dat
| MD5 | be06e36d67ed8f39ea39389c668c777c |
| SHA1 | 928307603437e3f00fe7b82be7f13360750d4f23 |
| SHA256 | 6fcf7930d866c805e16fcbc853a5430400dcb55be49bc82296e1a5215cbd18d3 |
| SHA512 | a206839feba8ae37d976d08579c2ffb37a1503699e743346f02a505d06e380172d6e919d5e109981bb6e768aed6270ea28202a24d7aceb90e8ab42d4ee93c5a2 |