Malware Analysis Report

2025-01-19 07:01

Sample ID 240522-vlkklshh64
Target 67f970ca675155ef32b991ec4dfe05ab_JaffaCakes118
SHA256 b88c39332d613ffd26bab2956b3a3d62e849dade997a6fc8150e9abcc38e9101
Tags
collection credential_access discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b88c39332d613ffd26bab2956b3a3d62e849dade997a6fc8150e9abcc38e9101

Threat Level: Likely malicious

The file 67f970ca675155ef32b991ec4dfe05ab_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection credential_access discovery evasion impact persistence

Requests cell location

Obtains sensitive information copied to the device clipboard

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Queries information about the current nearby Wi-Fi networks

Queries information about running processes on the device

Queries the mobile country code (MCC)

Checks memory information

Requests dangerous framework permissions

Reads information about phone network operator.

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 17:04

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 17:04

Reported

2024-05-22 17:07

Platform

android-x64-20240514-en

Max time kernel

167s

Max time network

133s

Command Line

com.iyuba.music

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.iyuba.music

com.iyuba.music:push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 app.iyuba.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 api.iyuba.com udp
US 1.1.1.1:53 apps.iyuba.com udp
US 1.1.1.1:53 gorgon.youdao.com udp
HK 103.129.255.152:80 gorgon.youdao.com tcp
US 1.1.1.1:53 api.m.taobao.com udp
US 1.1.1.1:53 app.iyuba.com udp
CN 106.11.52.98:80 api.m.taobao.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 api.iyuba.com udp
US 1.1.1.1:53 apps.iyuba.com udp
US 1.1.1.1:53 app.iyuba.com udp
US 1.1.1.1:53 app.iyuba.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
GB 216.58.213.14:443 tcp
GB 142.250.200.2:443 tcp
US 1.1.1.1:53 app.iyuba.com udp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.169.46:443 www.youtube.com udp
GB 172.217.169.46:443 www.youtube.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/data/com.iyuba.music/databases/music.sqlite

MD5 11ee939a16eff5437ee4c2513c5eb6f8
SHA1 3f369f0ee942ed6220f16071f541c4a35eee80bd
SHA256 e967867005227baed2e2fdcdd87a1a3230b6c3bbe396fef058271b43906f2f8b
SHA512 429d3982a57d61f8d145cfcb05ead6f569c4274c9ca48db708927361dd4aed2d58b9f33ef2c91b652be53a851ffb1bc13ea250b35007ddb82c6c549f4a36c4eb

/data/data/com.iyuba.music/databases/UmengLocalNotificationStore.db-journal

MD5 d9a6459deda295cc7643baae62e3ee64
SHA1 d70ba3e55881ad3fd5d6a9571046016cb825cb1a
SHA256 d28938ad86382dfbb294576652df5970c920d242db1779af3a9d86bce04bdf2b
SHA512 ed4dd85886cebde06c9146b0c1f08d4bac5a2dd0f8f65dd3b2809008e5c61a81f9f9af3f3330ccb07a29b811c28fdb2bf2fe7b262f4806023e2c2ce674e296f2

/data/data/com.iyuba.music/databases/UmengLocalNotificationStore.db

MD5 04a8ed516f52959448be8041698aceea
SHA1 5e7faa4e7a81b0203431fecf2acd3e54a5dbc75d
SHA256 0db2003af40f81ceeb29f92cce88fc2bef961f5e3b5630da1d38b882a1bc95a2
SHA512 607071bc76db4e6986321181ad4e55a421e7e830e65bca7adba953445f5d0e97c484c980adaa179006a9f94b38fe64b7a2ba752e78cbaebc7da736b1b35da878

/data/data/com.iyuba.music/databases/UmengLocalNotificationStore.db-journal

MD5 854ab8bf753ffa463e2328f5e29f0b2e
SHA1 4b69a159034f56ca65cf8a0f6b5b2032d2f37c68
SHA256 a23985df5dc67a480a90d9b2a7ca6c31695770d5098eedc82259a1766bbcdb17
SHA512 00675106065c04a7fe4fe59a979a367ac40bc05baf53801781cd81ffc8afc70682f66ac1d2ba93701057b74a27fa61294c11159a0c8ab8f34eced3b49754ea12

/data/data/com.iyuba.music/databases/UmengLocalNotificationStore.db-journal

MD5 6a61576647b9cbaab8230c9c3fb839b4
SHA1 4a93ceb1ef03dc0a15b9dd627729d339db633a26
SHA256 6a5218b36575c952a738abe24b8779ed4af381bec2ae6b10500fe242efcc476d
SHA512 468a5bbc70b8f9221c0073149eaa9b30422a2c4c59d6d31a4e158802c00b3f71407b52f52fcb03eea91a7adc9ae31290e0a1d23766b4d89293ff5c2d573b1dcd

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 60b88e2a6aa88bb868d99ad1b35076b9
SHA1 62b685e3ebd170333dc47613e48d63d527cd0e9c
SHA256 03483f600f78a6ffb9bf14fbeed4ca5e74b564f55556ff85a8707c2b466935e3
SHA512 ce33dd393d0630479a25337f54274bff3f60136eb5e250f12c14058e07f7aa3dce46b9e071a190ce62affcc4a160e2da7cf33f72eba9d83af26a261a5139a9fc

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 b60322b2826893e6ccc90de8cec688fe
SHA1 6d7d047cacd35e053fa6aabde1bacae0be1274df
SHA256 112848784c557be9d601287040a032916bb3c8bc14a0f1dcd57250c9c0354c6d
SHA512 2da94df5b875dfb2748243e655c9f09cfcd1af7597ffb98ed9c9fbd5b8a02d091f4d465849ad3be356d0f8b9c2b8251b772ae0f5a61c1befb5994384607b3e57

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 34db274e06fdd594a8809b6d1cd541da
SHA1 ce56217bee5a037f3f5fbdfe5dbd07f7351233e1
SHA256 c5ae1386a52fada17376245d8e1fa58b65cdd55450a03b36f240d2382150dc18
SHA512 9e03749c7285961457901f8aec77928d8aa5327012e9a0f7c65b8ef668845ce234abe2cf8f2a7bd3fb7ffe6f5eb384e7d605e2c42fc0fb08bab0686e7deacab3

/data/data/com.iyuba.music/databases/music.sqlite-journal

MD5 f6fe33fc75dfcfe97b60a5f68c7dbccd
SHA1 faa3e8791cf0f31a143b69b039835844017a5ccf
SHA256 0eec7dad2e2d4b087c22eeb3cc0d35a1bfede58d78cadd209ae88f29c89379cc
SHA512 f9c16c4547a0754b1c3c3e144b415e1f098368b7b63fab67cab1dbfdbe0fa5d6614f1219957be28022a54102b3899e3c48457a2ae40daf62c0e23a9a1da9cde6

/data/data/com.iyuba.music/databases/music.sqlite

MD5 4c1af77ac30f9cda66d2fb9294f4b097
SHA1 7ccb32a7178c5e3f42d3bb1df653ddefd902626f
SHA256 272af800b029917687ef7622ea2c791d494cb9ab0a1fbc23eb362743ce6077eb
SHA512 1fd319ca4d4ab0fc4f0528571c0f4a751c9cd980c64cf0eac418780be3c4464482d9c99b2b533ba98a4e0e9bd9093ef36686da55757fe6555c011e9bdf92e255

/data/data/com.iyuba.music/databases/music.sqlite-journal

MD5 3537d55356561400bdfc3d980911c01a
SHA1 295cae6cddf0914085b5f0b983b449ecf8905a78
SHA256 7769f03578d14e2f4274db69385297b8a4fff332c43b30546356b903e96a9367
SHA512 45ee3b802be0a4b3a86f701f0d51e55bbbf3bd6edbc8a1913e2f51c99a29b6480a639febe81710e80688ff5dd5546b07963ea87b5abe25f22ee73c0feb1c8536

/data/data/com.iyuba.music/databases/music.sqlite-journal

MD5 7e629b41673940b356f04f89896afbad
SHA1 ee0375adb8abe461bd0c7cd5edb3f7540ea56dd1
SHA256 7ab68b09c107373f271f6f3aa65105e1524472c54150685dc2e570b74afc9398
SHA512 b733dd2631ac3659e0c26015fc98753f811e32478ac58fa68beeb57795bfb373ac9805afce1c41571aae7322e46c33586414c5ddf22e9a5a5b9954855a8519fb

/data/data/com.iyuba.music/databases/cc/cc.db-journal

MD5 399951864fb5be560fbab2f03e02ddef
SHA1 a371883e809c12211c0eba9a531fd60211b9cc5e
SHA256 b57e7d0c6774ab84676f9cdde6b97c851a12ed70402e90f7ab50e4e12ebc9114
SHA512 78b6d33880777057f47b23294176a25555e4c2cea6322a9273ace98558b3de774250bdcbf19e9b56be5f7f78a9edfb2e9d979fedf42ebad342a6d62da5602b91

/data/data/com.iyuba.music/databases/cc/cc.db

MD5 e51faf65073879786ff4e279cdc496a5
SHA1 63cce265af4ffd9f7ae8a7bf4d43008211ced6d2
SHA256 8fb017c5b854da81a85ee2f24a41c7fa86010feef1008704eb922949de366f20
SHA512 6a15b98ade0dbf01a75b1f5a4022c44f8fd48aa111ba4a53596c8e2835792197a34f0851fede5ff9c75299acd42386ec3cc72faa0a49d08c0d41f7d2de715b77

/data/data/com.iyuba.music/databases/cc/cc.db-journal

MD5 5e52cbdd34a1905e828361d5e0b5cc59
SHA1 2096d2908fb0a1531467a0ddd6710f1f23f37711
SHA256 dbce44add3c6bf2f70b1f5f881d8687a68cdcb23b4123bc5dcfad39bb0f9d2e1
SHA512 52237f991ddbde5adc2c5dec2dfecbd55fa3c0895f973f5ee370289ca251c0f466c88cbf08d4a2935f305a0affbed3adda278087d4853bb9312c701a81715878

/data/data/com.iyuba.music/databases/cc/cc.db-journal

MD5 a103eb8f57f4e0138ebe33f2887a4be9
SHA1 80142c5636f242b7735beb7ae21749ecd06bc034
SHA256 df40768cf23c14f43a3d1e57a34090d057bd8baade8aa3201c30a6cf453868a0
SHA512 2d2d855bb585461974459cb68980128cd6deeea641de549ee485553111c2d4902eb757625d0f60ed59f936942bc34170e1fd0c580b013c12da632efdf4fecfc9

/data/data/com.iyuba.music/files/umeng_it.cache

MD5 5c18ef580f0a83cf1e1225637a050b81
SHA1 eb287fafdeccaeab0795bfadedfe43156fccc1ea
SHA256 a66e233b92bcac7828090dc6877c91e89fddfadf3425a0423aa82a90ef7a2855
SHA512 3164659ff7fa7e13bdad6b1918800dbc592104c42be272a8fe46f098a6cf3e010fb1e0577e47d315908ba95bc51a2177bf62d9ea45aa1c2292b2bf6d437b4d52

/data/data/com.iyuba.music/files/.umeng/exchangeIdentity.json

MD5 9175711a01db6d43fd527dd486c2c8ea
SHA1 523bcc2c27160fa27b11b6331e3cd4ee47203d85
SHA256 f03dc27cdebfde84b3860841ae1e030a8fe01b375685ac157b25fc83c07e21ca
SHA512 3308879350db75d0dfeefa164e2d022f75f77c98ca5f857eb6ca7ddfad330740d8f86e7b8da00ee175b00879f4714a125236ef2fe422d804d6800822cebb0a44

/data/data/com.iyuba.music/databases/cc/cc.db-journal

MD5 5a63e3d0892cfa423edd0f7bb767059f
SHA1 446377613d7bc38b2b78c1b0846355f24bcecb16
SHA256 50f7a2605813a3d24c4812e3f1cd87f2a6ca928202cee2d9780d5353af6894c5
SHA512 09fd5b6a1ba55f16fedc1caa93e897a73cda2b2a14b9437eed4b8c0fc9f7edce09ef9871859944653db90d353d77d31ec6c0be438660a53e73e70a7fb87722e7

/data/data/com.iyuba.music/databases/cc/cc.db

MD5 67c12933d1e0e63d9801a6aa43092ce7
SHA1 b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256 abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512 db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

/data/data/com.iyuba.music/databases/cc/cc.db-journal

MD5 3593f651ba314361d567a904821cf4f5
SHA1 977e0f313c690468b851eedf09e72d59245d3f1c
SHA256 c98838139a3154643d0442f271c69845023e560de6cc313e78a6206482dd018f
SHA512 9f0bde09ac0affd7be3d7799f676fb0a793c63f52effaaad4450c9760cfeeeec781b3bf1440c154a391d619b28093fae5b3db1bc91b1c3a055e88e595ceaee85

/data/data/com.iyuba.music/databases/cc/cc.db-journal

MD5 d321294d028f674d6c0e503309b84e0b
SHA1 bf1673d2ad2a355e2e7bcac7aeb3a82bc1393832
SHA256 e0262e95ef2e63703f6e4b5b93ac7d3d00494499ecaa2f74be200c0221f1f5d7
SHA512 561d9e6b6abe450cd02bf5b0dbd71288275cb98bd44ec53a0bbc30387f312bae8597af4eec2153a2fe8955178234960471622b8a7c822ac65a01c9be38bcc2a0

/data/data/com.iyuba.music/files/.um/um_cache_1716397561592.env

MD5 66904a5d1780025f54b1e2181968e694
SHA1 536fa775d04d78d68c03945778ed3069763ffc40
SHA256 23ca4b76078602cc60e60691fa01fb6d17d2ed3f12639cc90c18926b0246d737
SHA512 5be44fa4cc794e8d768267909cb0ca78794a7b9e82ecbd7ea8225643005a10fb7fbc67d2e0bd279615dc2576d7967c91ed02a62c31c41e237019f32df78148ab

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 17:04

Reported

2024-05-22 17:07

Platform

android-x86-arm-20240514-en

Max time kernel

166s

Max time network

131s

Command Line

com.iyuba.music

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.iyuba.music

com.iyuba.music:push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 app.iyuba.com udp
GB 216.58.212.227:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 api.iyuba.com udp
US 1.1.1.1:53 apps.iyuba.com udp
US 1.1.1.1:53 gorgon.youdao.com udp
HK 103.129.255.152:80 gorgon.youdao.com tcp
US 1.1.1.1:53 api.m.taobao.com udp
CN 140.205.160.4:80 api.m.taobao.com tcp
US 1.1.1.1:53 app.iyuba.com udp
US 1.1.1.1:53 app.iyuba.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 api.iyuba.com udp
US 1.1.1.1:53 apps.iyuba.com udp
US 1.1.1.1:53 app.iyuba.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.180.2:443 tcp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/data/com.iyuba.music/databases/music.sqlite

MD5 10501a83c351d31d6e21c961cb5dd97a
SHA1 3ecd80f91cceebbce2015d870767aebae3f2abae
SHA256 42a3e3718bdc3f8d0dd1b94dc130e93ad2b5e4b7abf68d74371e6f2a62c520ea
SHA512 ecd4e73e1031c9615bec168ceaf9636650f224cb2541806e991b9fbc62cd3c21da8ddad17370e144d95c8ae0171c3894574e2b23b57dc7985e7e25d2992e7d82

/data/data/com.iyuba.music/databases/UmengLocalNotificationStore.db-journal

MD5 a128df77d46a8e4a3cd3c03e5e7b9442
SHA1 52bc09c0e502d3de7147fc09a35b24576172d172
SHA256 b65394524e0f8785407b2a7640db689ed2d7a106191fb2de2dffb5792c41b71c
SHA512 a7225e91f89d9df2e8dbe9463461a8cdcc7018fc60403fd4c0a4d5038e9ae480ff9b3c95f33b02a06fec61b94471b0300b1e1506af93e73b031b31dcbeea600b

/data/data/com.iyuba.music/databases/UmengLocalNotificationStore.db

MD5 43b964295b803eea1fab45ea2f9d4d7b
SHA1 0fd2682cc8c05553b0082d45cc08376892b99822
SHA256 7489864918646ab265510f789bcbe7ec005c4007c4aeadf9a3e6d9749abe0944
SHA512 ea42aef595f0e46d7f998593461e6b86a0b8b51b72e9b0b95808c243a5d9bba5c330ba7ef64c0bdeb753bd22cd174eee5b4f19eaf8c851830aad66169921499e

/data/data/com.iyuba.music/databases/UmengLocalNotificationStore.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.iyuba.music/databases/UmengLocalNotificationStore.db-wal

MD5 01f93c5d2f6f29c68199e014f9b7d31b
SHA1 e49bfa524c0396bdf26b188e5372ede24d0e5f86
SHA256 b332ffbc1ee57e214e68f7c71d0580bea181540860b909902b00ab8ca220a89a
SHA512 9b4abf2c87493a17b7fe1a85de6b4986813e1e78e75c3847b7901096e163dc6ff17a24dc989e55fae144b1f4f3cbe26a3773a7728ad07b06107c1ee6bcd52e0a

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 36e30a34576a62d66adf37756008c484
SHA1 ed36e4237e3d6307aba3cf3f2c44ccfaa3785f15
SHA256 6b0b37e660fde11da33feb4da5a62b2a1f69757a249683108fe68d56cf82e8c7
SHA512 3d73f0849e23198db7de0b1da85542fa30e82410cf928fbf85e3195ca2d8e761ea51ddd16d7f527b6bc71e9ed1890823e5fb2c5178eacde6ddc4fec220accbf3

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 93e42c37f0015d615853e0ed0a2456f7
SHA1 bc0f7ad38063e0519c18330c6e1285c8519b7d9d
SHA256 06de0a158096d969a6374d8cf19964177d384a3f590856e9dfb43861a9402bfa
SHA512 ad7cc7a6fcd1c420e53b436a94952eee85c356b56437a2334c9379a3caf6c391aa66c68eb3253fc18d12c1f0846f5bb2ef5ba59d68f8821bb275426f7ba137f0

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 2ff21f229b0e82c245395657d9bf616e
SHA1 2c350f477d7a48de103d52230805452ce6cde724
SHA256 d15bad5c94fa604ca25dd95ec6f10e1a686ac1380ba9a5a917697c6633087d5b
SHA512 3549abcb648f993ad6d278a2dbc20dd73a5034325df442d05a6b98fbd9167d3e9863c888a726642880182087aa8f14fcd9902deae71c5ac7e39fd9bf0837bab0

/data/data/com.iyuba.music/databases/music.sqlite-journal

MD5 2ee4bb1a8d44a8a615e59b3b1d669491
SHA1 7e7ea193a592e02ba33aecc34a33a6a0a6609c24
SHA256 d34cf06c8e8662f9309aa8883d9065b1d3dd7f3f9bbfd71a4a99f0df6e72c42a
SHA512 9d668bbc165ee7c71ca068e7cff972b316c1e37319b8775732abfa39283cf54260609cdbc4e54d677bdb2567879bbeb862d54dfa443ccd0e0adb4a550efd317c

/data/data/com.iyuba.music/databases/music.sqlite

MD5 4bde9fef07c193b26c44ee9209e319bc
SHA1 727fe269fc8a69763f4b565feb8634698f7d86d6
SHA256 478151dbbdc2d47c4c6d561db679133a7fdb8841de842a4725a899d8703dd185
SHA512 88f4918e9f12cedb29f3ad62a143e4c25af94a702780e0f48a13ee9bfb3ce116b75927fba8a4391420818f00b117fc1eba7de6553e96ae63f7e9c996be0ecce4

/data/data/com.iyuba.music/databases/music.sqlite-wal

MD5 f53cf9ecf28526ab51fd7a1f7e7406c1
SHA1 95812f2fd5a2f73ee6bd925f182119b6ee21ecfd
SHA256 88ca90f096795189c51eab15da37025cae7ff0c11a306244d7a8fab638ce6b25
SHA512 016937a823a41e9bed9a2e1ffb7cc7bea8c3cf458bfd899219caa7768ed83c0bc6f195277d77b1aea631e5d849f2201700fe96a93a4df9f73581742a85eac4a0

/data/data/com.iyuba.music/databases/cc/cc.db-journal

MD5 6ecfd04e75872b40359e0adb2e04ef5a
SHA1 93f33b07845371ba4342837251b2d3b35c27fb91
SHA256 77b44a44cc1a34ef86290e88ddd6710f0b1cd4889b509c515c059ad438d628f6
SHA512 0b063bff8d5abfc1fb84514cdfd2446c35e4672ebe6139ba409907eecac98d007551c63a25002d92378762035b25335777e1e6d7225cbe0614c58a5b55729569

/data/data/com.iyuba.music/databases/cc/cc.db

MD5 985cd72dcd0123e16de3591ed5b86b35
SHA1 815d6f3e9e5b58922eb57578a29cce4a471e2c93
SHA256 029fbe6ccea0e6d7676f5cc9c5ce7e1be127884a4cc705a2cd4d6a59b3092821
SHA512 d9fb29aee81f7bde7084ea27b3c0a5f767a3e219dc3b25136e7ab27534c86049ab6fa561ff82a1c7887ec58cb7e6232fdcee444a706b6949d1e9a383a29c9457

/data/data/com.iyuba.music/databases/cc/cc.db-wal

MD5 0f9322086768c607762bfdcd75807407
SHA1 4ea1f68ee783c985624925449cb44584b01b3b3b
SHA256 6a7cb9f9c25bfd975f7f5460e80516b029168e152438512db43af88486df376a
SHA512 7548714586e5c473ee4ffafa01dac4d685077b1fed8ff882a9b19f3d32e7078f885b181eadeed6f231f101ff6bb96ec0878607ec8a4484de15ed33e863ce57bd

/data/data/com.iyuba.music/files/umeng_it.cache

MD5 73b3a7ba255e13aae28f501c960fbe8a
SHA1 910d41beeda9ab1e192485bdfe26c62f4e1ed3ff
SHA256 2a1fb1e3fc5c4cc44baaf5c9c4563d39da6af863aac203e1ea115b62919b33b6
SHA512 d1cb1934df3e358e389b384927272e81b6e9704eff2d570b42ce345e03c456d8f06cb412ca9f0ad77f710d3066742d5b3d8008d61fd243650767c6955d5a0c70

/data/data/com.iyuba.music/files/.umeng/exchangeIdentity.json

MD5 fa1d58fae621c3e0cb5e0b65086beada
SHA1 ba5decd176e0bb92a65735200008a4dc732832da
SHA256 211fcfdcba686ea6eba79440cf8f71755e1f1b0aaede2191c1c307344c3e8fcc
SHA512 85e5f264253801e045f6350ca73192deef9cad2996eae83411ce7a6ec3edfc94d1660d1992ff86537ce12defbe3c70640839cf8c10ecfcf17a704ae0c37a0b02

/data/data/com.iyuba.music/databases/cc/cc.db-wal

MD5 cda627281817997f197b63d1cc8ac8bd
SHA1 7bc1eedf56c139fa06b7c2fa70ba28b6b22364e0
SHA256 54a060091a34e79bdd5511b5b75387ec48f9ba229e3ffdb8a9258dad6f7afb3a
SHA512 fd29af4c7d63f2f2e161583769c73fd476018f4a2e90f92a14859e0fbcd124f461d1866d625211393bc8c6dadbaf39ba79f2343ca7af52ce1dad42aa862b49d3

/data/data/com.iyuba.music/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.iyuba.music/files/.um/um_cache_1716397559927.env

MD5 5a38cf6b1e6a6b0a982db7656e7fce76
SHA1 43509a3f369de16ce01256ef60b9709910fd4c0b
SHA256 d7c7d3e209a08a8016969bba51576174518dbb0832eecfe695e740b5bfa0c7bf
SHA512 dea0b0c99e0157dbb921687a29914bb233545d3d22457867e8cfca80ff3efff6df92aa1193210c2e48cf92548adc8cfb022453c886380adf23e920ec23cd21fc