Malware Analysis Report

2024-11-16 10:46

Sample ID 240603-kpgm1shd7t
Target 912b8d9404c90161b43e3f7172630047_JaffaCakes118
SHA256 cc89cb15619530b86f12b1354514b236fd3fc64800ec8661571320ed9f6ae0d5
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

cc89cb15619530b86f12b1354514b236fd3fc64800ec8661571320ed9f6ae0d5

Threat Level: Likely malicious

The file 912b8d9404c90161b43e3f7172630047_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Checks if the internet connection is available

Reads information about phone network operator.

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:46

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:46

Reported

2024-06-03 08:49

Platform

android-x64-arm64-20240514-en

Max time kernel

70s

Max time network

176s

Command Line

com.sinyee.babybus.recommendapp

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.sinyee.babybus.recommendapp

com.sinyee.babybus.recommendapp:push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 papp-api.babybus.org udp
US 1.1.1.1:53 papp-api-ex.babybus.org udp
US 1.1.1.1:53 openapi.iqiyi.com udp
HK 45.249.244.139:80 papp-api-ex.babybus.org tcp
US 1.1.1.1:53 norns.babybus.org udp
HK 45.249.244.139:80 papp-api-ex.babybus.org tcp
HK 45.249.244.139:80 papp-api-ex.babybus.org tcp
HK 45.249.244.139:80 papp-api-ex.babybus.org tcp
HK 45.249.244.139:80 papp-api-ex.babybus.org tcp
CN 123.125.111.69:443 openapi.iqiyi.com tcp
CN 117.27.152.114:80 norns.babybus.org tcp
US 1.1.1.1:53 api.m.taobao.com udp
CN 140.205.162.6:80 api.m.taobao.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
HK 45.249.244.139:80 papp-api-ex.babybus.org tcp
CN 117.27.152.114:80 norns.babybus.org tcp
CN 117.27.152.114:80 norns.babybus.org tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 117.27.152.114:80 norns.babybus.org tcp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.187.194:443 tcp
GB 172.217.169.78:443 tcp

Files

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 138cc80fe9cf150957462b13d254dd56
SHA1 a1b47a819ff50dd3f74d32ac414a76315dcf07cf
SHA256 f13d8aa29d780f3173c43002efaf135fc8f8a7a59efdf3bd06431b9739db739e
SHA512 5e433d6686251a169b0c7dc57b6122806a3e62d34a57a52cd0bf63ef28232e55fb0a40b862a12fdc84583a4013f9ef3a57b67b1b3142fbf4701815f77316da2f

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 2f28d2c5e870896134e8d6ca071de959
SHA1 5852c13f1ff8c69fd8835362eb8211f3baeaf217
SHA256 444d68c45e58c55c0c48817ac48b9100d0fc01b4a43a7738f461d0723958c8e2
SHA512 2545fb4b48fd66e15907b075291df634b1b79cf3302af036a87b1395bb2d9324ab82f4788f838d4cef93d75d8326e81a91d6cf2aa3ddb38cd8ff9a3b835cac19

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 f7284522fca4ae069e5e5dfe3aca3ef5
SHA1 e864859dfd1137b96969bcafdfbfad40936d9dec
SHA256 ac9698613b22f657da05f9f8984d1a461d138b8e101588c570ee9b13acc40df3
SHA512 f429de24c84eb513076b0788aaf93433983d995d7787786f79e43aee80b58feee2515ee519e52f9a6d50754c58b485899806ab312a15f64d9da4a6809e5b3ba5

/data/user/0/com.sinyee.babybus.recommendapp/databases/RecommendApp.db-journal

MD5 00ada22c4bc19ff326d99b4e6ad83b93
SHA1 4de25cd5371d2b4e45209798a098bd44608d95ef
SHA256 31cd17cfe9d5ecc7eb98780d888c1ca7f8977d06ab721ce8c359571dc5465816
SHA512 d7a91893a8a8e240813ed9f256dd14dde5887df3af3af87734129fe7365f5656378e500474326ea350f4ff9045e5b955b8f18e758672416cbeeae299e49de015

/data/user/0/com.sinyee.babybus.recommendapp/databases/RecommendApp.db

MD5 a7e64191500ebcff6b3a2b323c1c96a5
SHA1 aa884da653c994c866458ed248fe192942052994
SHA256 efa83c4f08cdd5c4d9bdc9c28946e557e883e6b7e3ad2e004b75880234f98ab5
SHA512 a501a233185c6eef7bd896c36b277a22d54d273b332bc878d68cc171c91c601c7b9dd124ca7f19ec1cce08d2d81b0dac6e1d632323862b826620e233d35ca9b0

/data/user/0/com.sinyee.babybus.recommendapp/databases/RecommendApp.db-journal

MD5 3972f469946c8be8ef887b343366c6d6
SHA1 5684b5ebadcd050771813ac70d0bb502816273c9
SHA256 4a6e83a1e46f01edcf782a5dff74988082116c14685dac11ffe660c45dd3fe91
SHA512 b58ea8af13ba4e941a1d1a7c0a3e2d1b525bee5f989ded4adcc338dc54ab373ec347baad112b7e0f731ff5c7ab643576e276151eabb8b55e22a4b7ed6a56b130

/data/user/0/com.sinyee.babybus.recommendapp/databases/RecommendApp.db-journal

MD5 5af05fe4cae912e7f51abb0a5776be26
SHA1 5cc7fb6b773425ad2be71e37ae8c647b027caf67
SHA256 1b9db0bdc8b47b7879fc3e4fd98398830f89384e9101c6c0f74191235a30e9c1
SHA512 4b1142bec4411434b3408a771b9144a7ba0edc8305470e94b489dfc52a4be2341f527f3489b1be515349a5080a6aa3de3136024761d0f15682e712348faf81f4

/data/user/0/com.sinyee.babybus.recommendapp/databases/xUtils.db-journal

MD5 81f1d285bbf575c9a1db6184ef8cd60e
SHA1 778be3756576dc426dafa189a1b11b09b3b467d9
SHA256 2666993789124f18d71ff69d5e25635ece71f96f92b0407b40af448ff30592fb
SHA512 b593c38212b1181f06d7a742d0b604971137fb5dd266d3b87c2f30ac04f3b9522b38b77806a1fa8382c5c230ba986a635cc58f14280ab699618bf7fe25d7f908

/data/user/0/com.sinyee.babybus.recommendapp/databases/xUtils.db

MD5 2e8d2b7e3b1a8758ee427d301314b7ef
SHA1 32bcf7c03fd4934e1224feaf2114df2ae56d0551
SHA256 67b1e827a498e60301f0b57d15e0e342027c49266e8be14c7441dc7f774c299d
SHA512 2a7acd5dff858b159ad5ddd05f8392dda9a0d2185dd5b2b4b20ab660d8946bd3686cdaaaeff7317d717a23a2da1d86e5e42e0221e20e55cc020a2d9a16b0869f

/data/user/0/com.sinyee.babybus.recommendapp/databases/xUtils.db-journal

MD5 9c639e297498222f78c4b0f3aa1cd1ca
SHA1 8d65f02ba9eb9328bb174d6ac3ac8cea2ea5b382
SHA256 b506d59e93b72f8b22860efb34541007a58746431494e20293332b98fbf15172
SHA512 c28e44155913ee79989cf4a06717f3c3c8b1d1df8550e90f5a45a133a542c29042ed06a8369fc22f2e4cd19444bccb67893a631508c1deaa7aa0bfc920a85e5b

/data/user/0/com.sinyee.babybus.recommendapp/databases/xUtils.db-journal

MD5 010ec2c95fe4164b06b3f530c7f50ce4
SHA1 39acdfcf4d878b7a76164a370bd146d3a948e02e
SHA256 2ff07fb756f88f33b3b6f98590f47ae449d9596054218edb5d045e15ad0d044c
SHA512 187aeef666bc27f515215cd105d280fc2d73b159b90efef9a4a8efa4c9a5d487cb83c93a5f1bbf9caef96be31d1ba62165464bfaea3b95276d88511aa24bd7ac

/data/user/0/com.sinyee.babybus.recommendapp/files/TDtcagent.db-journal

MD5 fa4889af292167be625180f5da3bf931
SHA1 796cf04a2372b4a082ebe0c10d185c3cb5fdd381
SHA256 70920616e9beb56ea44341d56774923bfba4ccc499be4fb34ac10b5e8fca26b5
SHA512 192b5750e3bf42f36df98f24ebc15e5eec588bf37795289f32e7e5f6634f67bc383d6981ec15849a3f540595c21b60fce0f8ee485c8c6c4add4b98409a1d1480

/data/user/0/com.sinyee.babybus.recommendapp/files/TDtcagent.db

MD5 d710d1d5c3360dabdbf10310ae7f67d6
SHA1 5255a96e4df23d99e1110f19f3bc89392f09f66f
SHA256 4e596e1c353c0a4168ec5a393fd881e3b539b33d584adac18146c331b92db9a9
SHA512 3f0c67c8990b95655e1668974ac8958b75c18b6a4cc47751c5a2edeb21514f7caf865d5a08449897614e931f6585d5e33257a60ec57ca48058aab2db22d8b2a7

/data/user/0/com.sinyee.babybus.recommendapp/files/TDtcagent.db-journal

MD5 f0f5a03af6050c364accefcce672a0f6
SHA1 06ba73315b5f42c629d7318573a7658777554a0b
SHA256 fc7bf5cc024ad7b7a0cc79bb9737ceb5deddc6aa913f487a434a6b1bf802a090
SHA512 64a03d09d04bf0d3c4e087d1375cec935db01115ea748081f8bd2aea8e0f318c2eb602b3ab0b3b2b11612cc9f6ade80446f9b140eb22e0d6d7e26da356e43ad2

/data/user/0/com.sinyee.babybus.recommendapp/files/TDtcagent.db-journal

MD5 a83a64cbcb1560cd6712961188f59794
SHA1 c0d0ecee23ca1c71377de005a6e330199eff587e
SHA256 9f3be5e5c7c18fedf991378c73cb9c902fdc744dc5aa7ce1a83fd8566250143c
SHA512 e004b3a4d080a6f7cb7cc9dc1e40f8f2e31ddefb57b0bb6880e247005198c43410745fddb2bf7db9dcbb378d7433c535d1fe726b165ce2539c22475b48cf5669

/data/user/0/com.sinyee.babybus.recommendapp/databases/UmengLocalNotificationStore.db-journal

MD5 f07965658546b5a9b1b7187744dc16bd
SHA1 84ecaec36d26df56173d86f9757ffb9cfad341f5
SHA256 0c9bfb843c30c41ac6f6dbf22d626db9935665d83c0ceafbefe61f1f1ac1bd8d
SHA512 3f8e08fd42997a6d2ce60f9f582ec0b7fd4a0fef726a6ec8bba9582d31f2add3c56c10801595e0a382669428090a1c386c6b760586b5ede7236b567f5d8687d2

/data/user/0/com.sinyee.babybus.recommendapp/files/TDtcagent.db-journal

MD5 0f5603494531509dfeea5fdd07939df7
SHA1 f3f519a8576477c171a8c1676b6093e7ce311df8
SHA256 17a807c1f44061183899d452b8dbba425f8ef63a01642fe0d895ff07dd1a3f78
SHA512 b84577f02e1af18b99c78da5c7a7fe89a480416959510cf51e78f14a011aa7a8d7e9dab5a807e753ead17894567a0023a1c817ffe43c65d95d36d7764a4cec95

/data/user/0/com.sinyee.babybus.recommendapp/databases/UmengLocalNotificationStore.db

MD5 10f8ef8c6cd206127ddc67b48854a613
SHA1 8624b3791b3a4129f33cb5990d343b40c8a3c32c
SHA256 dedc5a592efd506995d3d076f80943561b24d5657ac1563ac78206137a25de84
SHA512 e0a74999bab1c92110af7ee84733c620679fe55c2dc8bd0d154f28886221b3c64bef1a5738f29bea3f07ac163dc3c7133037a0ab1252efd7155788c3b0dda143

/data/user/0/com.sinyee.babybus.recommendapp/databases/UmengLocalNotificationStore.db-journal

MD5 829035e03a0134ddf9ed77a19f04d116
SHA1 3be4fb1e5f970c7071eaddfb7c8fc8ae8e85d62e
SHA256 31f342e07ca2955f6f21d0ecc20c2ab381a59c06409bac3400069b6e2a81202e
SHA512 4bbc2849fc91bfa6b414e749dacac5545842e018b3b4d60911268c7cc684f020641a5c4f5bdcc6aea9a3ad6e4399cbe9bc08f4b749d1847f6715e76bb0ec7e6d

/data/user/0/com.sinyee.babybus.recommendapp/files/TDtcagent.db-journal

MD5 88b2b10df8caa627a61f913f0c9a49da
SHA1 2a287f763c5479fa5c1f6d8fb7bd1ed88e5bc5d8
SHA256 3f1ca7b8443a1271769c4ea086980536876ab37a9ad53ec737c55358b0c5c8d4
SHA512 81b7c82a59d2cb2af73c437b511c3b77cf30c407c682d5c0c412668bb16ba079b90c4f39414536c6c32eab4557a4222803637a933ce1102a1191769ed3e90b9c

/data/user/0/com.sinyee.babybus.recommendapp/databases/UmengLocalNotificationStore.db-journal

MD5 aed968272bcb0d97587efbd2086edbc9
SHA1 e74e84cd7a76a9223627d17fe982f6a76e2a29f8
SHA256 bbebbe62ed10d78ac55f0b31a468a6bbc66e622f46c06147c4ee0c0afbe78de2
SHA512 e2f99ff2163ba851175b0d1df6e96e721caad2342e29f98164ac0288842a19e2d047b423e5746f80c49359cc9f5f7f3bf099148c63d8c9e098bdd033b331d9e4

/data/user/0/com.sinyee.babybus.recommendapp/files/TDtcagent.db-journal

MD5 a0f75a5d05b3e86e284f5bc9d48ed377
SHA1 9c4e16cb9822eb3413121774fd6d57339238d813
SHA256 7ec57b7b547e862c4c16038a16f748115bf26077e7eae9fcda8f63ff8403b79a
SHA512 33cd09f767d0976182bb69ca7c76f887dc5da024d52a416d134f5774cd47ef3d59a5903ecaeb0cb00c6e6830ce1289c0308936ff14b54124727be7969149c31b

/data/data/com.sinyee.babybus.recommendapp/databases/cc/cc.db-journal

MD5 456f9ba99ff7ac823e550bc06455c89d
SHA1 61c6eb961c71f3e450cbe81cb11d3a904f36fda0
SHA256 eb99d08295ee5af1dafcd64f8c8f22582c35579135d59edb61a1a0b7e47a4c72
SHA512 8ad7666a06b986e0719c02612624edbcf018a61df9bdab485e6935a7e6987ef714c0cfee2898968c9dd4e9f4d21622074b3c62f566fdff3ec85d03ae5745d6ad

/data/data/com.sinyee.babybus.recommendapp/databases/cc/cc.db

MD5 4cfe777c9f6e7859f5efe2197401d8e5
SHA1 bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256 c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA512 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

/data/data/com.sinyee.babybus.recommendapp/databases/cc/cc.db-journal

MD5 b28fd5d6ee639bd0b2c9b59d749f2c67
SHA1 24ffd5b4157637e2990ddbe4da30916a2be18168
SHA256 84095333a0925b919ebd3f19dc9f90ee648f0e1cd19b248a79813a8abf59d2b2
SHA512 0b43887b28ca4bf89fe49e31836d7668b80f861cbfb3141156a7edcd76ea301c595b1c81958eff57e2a6ffd54e73e9c4dc65a6116922ef74db8bbaa160967d03

/data/user/0/com.sinyee.babybus.recommendapp/files/TDtcagent.db

MD5 ecf5a3846496ebf39a588a49344ff65d
SHA1 c07e2d2946a9a8872266cb1bef68e0071211563e
SHA256 b02022dd0d9bb53543bb462961be15c04a86a704b1d9efdfcfb0c9d171ca1706
SHA512 3d9f96e1c44644ac12404eeb2ef9b4ee31ff8b1461b71bb8a6fe31b178b8c964fd16c98cdc8ea7756db71c90b4951037ab0a21c5ef332edddba2be0dbc79f982

/data/data/com.sinyee.babybus.recommendapp/databases/cc/cc.db-journal

MD5 40f9d801d99f5a076fc863723ccd15ba
SHA1 a756b56e223cc9d1f16ebfcfa4b353cd710932bd
SHA256 2fb785ffff55b43ffe970ff34fc67bd15e6f55e32732cce6f32b27048b255ead
SHA512 97e3e47130635ae8fad28a19b53a304a7a9278eb97cf8e8f7f490cb676c3d05614c5242acab3599bc8b23f320545c3bc7a6c737987670661abebf2dfc6876265

/data/user/0/com.sinyee.babybus.recommendapp/databases/okgo_cache.db-journal

MD5 261179c41ba49dc657f2b775eab73e10
SHA1 6f5fade72f75078352de90e4006f92d7d58769fe
SHA256 0afd878ad1c79439381cfdfb4122371f1e54acc11cfedd491ef21ba5df02932a
SHA512 827488b7f3c1db172093ec5f1b6a3730b17ce0b3350b6fa62d7d04d7105caf7eab4df2ad855fabf1994d8a9fd028c7ad6151945ad71871946ed949928cad6b9e

/data/user/0/com.sinyee.babybus.recommendapp/databases/okgo_cache.db

MD5 b110412564728498bb1612f2c3d54dab
SHA1 ff630280da80b8919ae60f593d703a5db1efd709
SHA256 197ae88100eafa1d23278b83b699c4a56c7ae30eed8843babca07642449d2bda
SHA512 0d79e56721b4799158219f5e7b960a922e5fabf184199766fff06da058cd661f45e4e3e07918c4f19c132a03a3f8af420d894bf3ed847870aaf5083cd4229592

/data/user/0/com.sinyee.babybus.recommendapp/databases/okgo_cache.db-journal

MD5 908e5e00e9bb6e377c56929d714e8a78
SHA1 e3b46896ff9e914347c22a5f10397031d80f2131
SHA256 602e67497f61ab5017b203580b5a9c8719b393b48ca72efae527f6060f8f87d6
SHA512 c5538baeee1038319423d2083046712a46b19ceb1b8954d078543f780f8d54d8edadbb269ef7666bde9ce9f05f108b90e25ec00651803246a587b1a65b08a367

/data/user/0/com.sinyee.babybus.recommendapp/files/TDtcagent.db

MD5 7888b9c3d3f14a303d6c3696704c158d
SHA1 c4d38df268892462d729b499282f2437ae6beda5
SHA256 d26cfd4eafca58afa01d711e2b8f4ab5a37333b25b8ca94daae458f50c7fce32
SHA512 ae9efba6b70ddcbe9901322702a16082b614c4e067b8fb687af9fb90c62c1175e1c9de76af6480d6d7d56ad253c9df67494df9942870ab1644fc68519eb7d81b

/data/user/0/com.sinyee.babybus.recommendapp/databases/okgo_cache.db-journal

MD5 eddb539cc15f68a10ab4660e0544a4f4
SHA1 9df60362a6402c096b3c3866e2cc111a30bae3da
SHA256 47783e81da8578bd431a36eaec749b1af2a10806f9c2186f00c7c59d5abb451e
SHA512 49bd0c9f20aec8fb9f98fe7ec0d07ee2e16084f9280a1e0741dc0c9c15bb3d116af85edca2ed0536eda86539b85b99fe9d62f544db7ab2bd84d062ad0dc59c8b

/data/user/0/com.sinyee.babybus.recommendapp/databases/RecommendApp.db-journal

MD5 6495bbcdab68d3b8c95d0d749505bb99
SHA1 d8433ce5fe25d73e26fa9361b20b724ad90a7332
SHA256 a198bb101c935775b11182f94b1bff9104623f056b681defe9f097d7c4a47e38
SHA512 488ca871efb362ffdc9b8ce36a39693b13a6a37260921f9ff37bcf2b8e02f2a94598813bea9174ae7c0a96ffc687f63e498d6c1fe8f4fe3bf08752d97191d89c

/data/user/0/com.sinyee.babybus.recommendapp/databases/RecommendApp.db-journal

MD5 ee1f89563d8431396fa5797a724d9aa1
SHA1 c30d9d1a7aff2980b63b36f8f6d30f802002eefe
SHA256 4bb5d2c1f68b8b427e0dfff0f7706ae8cb8e823668b4848f1ee7e2f82f3b4aae
SHA512 44c9dc0d58f8da8968419c77ddcfcaddabd7726951e99492695a6f6c7528f68157fbab56f869d0abc745692b25d4b27a4311a3db01d816dac2d3b1b40ebf4519

/data/user/0/com.sinyee.babybus.recommendapp/databases/RecommendApp.db-journal

MD5 4037762a37cf6c38c465e5767d2c3818
SHA1 46d7df6a5079839f3215d9b56e1892da88f02653
SHA256 28365df77f83e80b1dff0c376da09b43f973667fc536ecb5f966543da9c49140
SHA512 5535d98c7ac5714bd224d91298231f73f9636b85d7a4dbd6af1c559b54b2dcde89b5cbf0d237ac69dbc79d9d28fcecc73f28ecdc2c3ecbe7ea77ba4369a4dff6

/data/user/0/com.sinyee.babybus.recommendapp/files/umeng_it.cache

MD5 1bcb8c0f83571a792b10707949983b8c
SHA1 9fb384c10484e112909345e3e81e00a620bc2889
SHA256 cfee91cdaf3f6e96548a5e370055ded9a66ef88e165ec5230b64543216e3e575
SHA512 01434a8dcff2b3094e4c0a84daf577bb08af47a660136e466b97946be587999dcabcac73c9bb8bea91616aec64a001232ac4ae42556e75b03a9274202234baf0

/data/user/0/com.sinyee.babybus.recommendapp/files/TDtcagent.db

MD5 72efc7a93af9b7f889d5a12fe5925e6a
SHA1 ab3cea416e4fd14a3b3c5d872273a3c182261d8c
SHA256 98e0145c4c7cd6fe38535e8e3f3e7e556446db628aea10283c83ef18813d4bc0
SHA512 32ae5c4003cb376522dd484a71651d686ba5c43b8e38e7b4ea7b9eaa88eae182de25873a5f965d3132476691ae7117a1e52293aa1dd511753d83916c03c54217

/data/user/0/com.sinyee.babybus.recommendapp/files/.umeng/exchangeIdentity.json

MD5 c50526397d3fba81abcb24d38f8dc312
SHA1 794f7eee0d95669dd7ffb501db75c149f1ff5235
SHA256 731fb0dca87d0bf8d052129de09831ff455dc4eb0e5c94727d0e4f2e69d2abf7
SHA512 0dcc866fdf82f5e7e575db0810fe938dcc085ce8032aa9703a01fc1e1bba6af917051228c111a739823c4706251d574218baecebff55675da717fd0a1f49e8aa

/data/data/com.sinyee.babybus.recommendapp/databases/cc/cc.db-journal

MD5 05c15a7ec78e92fe340e7c33eb9ac0f2
SHA1 19fdba44032974f9f5cd78f557626d350519a23f
SHA256 96331ea44ce33430ffc18aa29a41d81ace56517c2e69342941db7887cc993980
SHA512 7f07439d55130ec0f2c4f6ae9815401393f57745190cdd7881446223e778a447ede84d30dca09708f8ca3838b70de97c54e1f7a2629452c5a03b3e85dfc7c7c3

/data/data/com.sinyee.babybus.recommendapp/databases/cc/cc.db

MD5 86752a4be6564d8370f2f0e403995003
SHA1 29f7d50675f6e59f3b808eb6dcc8619384412115
SHA256 50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c
SHA512 79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

/data/data/com.sinyee.babybus.recommendapp/databases/cc/cc.db-journal

MD5 75a71888578b08efd9dd38d049155d2b
SHA1 ea15c52572e6e7fc54c6e4f109c76d9ba83ee186
SHA256 9a561e09f9ce2652b674cda0b703773ea594fc380ae331c7aba09a667891edd4
SHA512 baab26516b72656274f6dc9bf2814c135e5a65ef261415f33d9d863a831b1e9fcacba2963c76069b1d2cc41d4df18ef6c4d0358500e0769237fe96bfdf79476f

/data/user/0/com.sinyee.babybus.recommendapp/files/TDtcagent.db

MD5 f84f76f21c0f35a4c0d969a52b0f82a6
SHA1 bef9839c6436a3e6e45a4f41cccafb584d520e41
SHA256 1ce164da46ce16fa5466281a1276b849856f88d550595b46c7cabdae86b9fe88
SHA512 dd1eac0c5974b8adfcd29be64248cb3b2a959024a5cb5f4c20e1932dfac7b183e5c88d94062fa50d74baf417459d519edfe85851b296740ca9c36ce6cccb292e

/data/data/com.sinyee.babybus.recommendapp/databases/cc/cc.db-journal

MD5 cc08a95a1412f0bffd01b004ed628296
SHA1 33a14c57f7e977c0ea2d95efef8dc24774506fb4
SHA256 1d8227937b93e731b6c3d844546829bc1615fb2a11839c5e182982ac20a8d58e
SHA512 f621048a822c3c98791edf70801e7e3f910670895f6423cc03d66ef5ba6ec880a7ef08b09c2504a212e9d113e4c5ce0857ea0859d2cd1ce3d39623e9774003bc

/data/user/0/com.sinyee.babybus.recommendapp/files/TDtcagent.db

MD5 cdc3864f3f54bd99220460c158427361
SHA1 f5684537b495a1c71bbe0a861a00d4064fa18a8d
SHA256 f5ce41443a3e7797eb05f8e2a0989fab420a2cd64fa8c05daff170fdb48322db
SHA512 fb433a0c8eec9f91420732415dd0890c80e43389a7a3829f17d0b4c8e09b3fbf09b356860d3be381b6ebd162ee710cce0a30a82056c2a26dd645967c2fc82ac0

/data/user/0/com.sinyee.babybus.recommendapp/files/.um/um_cache_1717404463259.env

MD5 6e9c0bac9e3f1f268fb8b4e3804a7b1e
SHA1 abbd9966c483148febb2238e00aa2216b4ef57ce
SHA256 7edffe2ce4371ac662545f6ebebb65f48ccfb40fb961eae779df7eb18ce39995
SHA512 0ee6a829d51f9e247683254b6581c8115c5f55964989e856b8887237549eaeffbd6590b4b96cd55eca113c96a7c4ba1f0d9ccc7ed4d0458c22536c752658bf2b

/data/user/0/com.sinyee.babybus.recommendapp/files/mobclick_agent_cached_com.sinyee.babybus.recommendapp331

MD5 bad366d2d8c5250d23268438cf4f14d4
SHA1 6b161e5d1252458e8eb7f6b747c8b8f04391a49c
SHA256 b8167d2b38e800a657d7cb731b602874f5d21dffc2a013768a01cfa99bdd2f07
SHA512 e7680c6595ff8b1cb31c1dfac3d9bff4a05160cfec3d88d41baa1d2c177bc12f2a660dc5ecd7c2c5f2e4a13f3295e49c6c0b4b3cd3e900ded4e3d510cb74b196

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:46

Reported

2024-06-03 08:49

Platform

android-x86-arm-20240514-en

Max time kernel

71s

Max time network

131s

Command Line

com.sinyee.babybus.recommendapp

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.sinyee.babybus.recommendapp

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

com.sinyee.babybus.recommendapp:push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.3:443 tcp
US 1.1.1.1:53 papp-api.babybus.org udp
US 1.1.1.1:53 papp-api-ex.babybus.org udp
HK 45.249.244.139:80 papp-api-ex.babybus.org tcp
US 1.1.1.1:53 openapi.iqiyi.com udp
HK 45.249.244.139:80 papp-api-ex.babybus.org tcp
HK 45.249.244.139:80 papp-api-ex.babybus.org tcp
HK 45.249.244.139:80 papp-api-ex.babybus.org tcp
HK 45.249.244.139:80 papp-api-ex.babybus.org tcp
US 1.1.1.1:53 norns.babybus.org udp
CN 117.27.152.114:80 norns.babybus.org tcp
CN 123.125.111.69:443 openapi.iqiyi.com tcp
US 1.1.1.1:53 api.m.taobao.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 140.205.162.6:80 api.m.taobao.com tcp
HK 45.249.244.139:80 papp-api-ex.babybus.org tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
CN 117.27.152.114:80 norns.babybus.org tcp
CN 117.27.152.114:80 norns.babybus.org tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 117.27.152.114:80 norns.babybus.org tcp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 142.250.187.206:443 tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
GB 216.58.212.202:443 tcp

Files

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 248968ad44dd95a37278b569894fe323
SHA1 f78ae9064d121d6de90844d6c8a60955bf2d205c
SHA256 bb42819e34eb3bbc590941cccf4fdeaf14b53101e7dbc517cb7486c9ac7c62fb
SHA512 bd64514e1a29ddb169a75447640c4de7e91904fa89eb5768c7441ef05050561dca53133c1b3fb76b772da33310d40005903d3cd3027255263e51e0f61bffeda2

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 7ad7c0d298cc8dcd176f3028110f5f09
SHA1 902b3cb5633b80438ba5bedcf9bafd1e4dfa494d
SHA256 a087f50ab04981b87172ca54b494c567ad98c7339ed699f6b3f67851b5e51c22
SHA512 56a56157df306aa0eefd56aa37a7c0aef66b03590847c1225e8f159b934005fbe0a407a7da3f95dd113e1dc05e68afdba405a6daba5277dbc903b4948ab2179c

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 20e3449f6415e389106e60d43577d86a
SHA1 c2d94c0cfef5f03d88f5e6d93769c017cce81bcf
SHA256 ce273f5db6c9d1045546f1c2fab69c6e046cd5a0a827f59b14312a688385831c
SHA512 b8174acb5a7fe77f860d0621f44e246ddfd8d38cc2dbf02f6a985f7b2874a80df41d431812774df094f17cd45ac86f68b95504dad1338a802c43956c25b84bcd

/data/data/com.sinyee.babybus.recommendapp/databases/RecommendApp.db-journal

MD5 66f4f54a5fd12648cb058437acc542b9
SHA1 30499c6e0feb7c4c0c6aeab36f77db9a27dc8c41
SHA256 1a9ba972463eca26c7f929a78e780c92b82df44da33fca31683fb8bb9ef4a542
SHA512 e3cf50243f9b192ecdbac4c5bb3bc8906a68e09cc7b29a61d5d0ed43b60a79c3efc517fb195e37bb651a06a72ecb3a920cc82a3b38000433f3ac52db10d00e04

/data/data/com.sinyee.babybus.recommendapp/databases/RecommendApp.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.sinyee.babybus.recommendapp/databases/RecommendApp.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.sinyee.babybus.recommendapp/databases/RecommendApp.db-wal

MD5 6ec5414bedde0276297621a338c94c45
SHA1 08e1fc0431722ce7cac19f4f73793f00bf211077
SHA256 74b99403006adc367ecdfb4472142b22aa643ef9ab27a1bc63c28883a4e8df9d
SHA512 c36a8afdcbba0828ea56823e37a2bafecf8477dfd7ed0c6a42e11d4ce7947f3c3067fb27317986cf72745007e22b433641683e60fe60ee30c0f6c0934e1f3d91

/data/data/com.sinyee.babybus.recommendapp/databases/xUtils.db-journal

MD5 ca6e47893ea4cd4cca428f5a9dbb9e72
SHA1 4bd1852e7e9c5be96a82e17b6c9841cbc7d9b531
SHA256 639f581871d86ad613b1b6ada1a4a5cedb88d24e0510026b96bd3cbc73808238
SHA512 6cd5b2f757340f8161974567f5347a7d2766188eed40aa28d212864cdcd537dae385c66afe0db8b2d0c947a828a17ab93febb1d6cea7aea2c099e2d145298eb8

/data/data/com.sinyee.babybus.recommendapp/databases/xUtils.db-wal

MD5 7388fd6a8be536e738c8430c8be57cce
SHA1 4532a51347b877dcf2cc066f85d9bdcc80ddcaf8
SHA256 91bccf52239ad7554797fb1c49dd7b32f912268ad21e31c0fa527b4f822451e8
SHA512 0bff97b84feebf3afe27bb4d395e0fec2f3acf70ca8c347abda45a5533a2c2fc7e399f6a7fd76bf8aaf13eaa4671d6ade1bea78e2ddab2229a202f4e0d64b909

/data/data/com.sinyee.babybus.recommendapp/files/TDtcagent.db-journal

MD5 6d3dfd5b52330ad628c795c697b776c5
SHA1 864570636b4ed3b70c8eb36e331e2604a86fd299
SHA256 960f3e83d2ee4bd3dbe5f8d6bdf48b9cd7d8cd6d0041df463ae361fbf8313f9e
SHA512 1cc0330227a928baca0eed80cf6d475d7e7ef82260b15025fb242e713c9a70b78361d9b843987ef702ce784043018ba8559a6554cce236fb54e91b8a8f15aefc

/data/data/com.sinyee.babybus.recommendapp/databases/UmengLocalNotificationStore.db-journal

MD5 e34b361e4bf840124380bc7dce45122e
SHA1 dfa2720566509a34abba143360d985bc2ac00f5f
SHA256 58adc0d43d51299e3d41e5de9e3771bd011e806f8c7aba9e0adedcf62e05d070
SHA512 48d7ebad4253fc7fcf701a2deda5ac279a78a93ec6b2d699199878f2bfff3dfc2e7ea189c23f1203b73a6c1de42b2f88751b3345d9e3b266782bed00586dfdb2

/data/data/com.sinyee.babybus.recommendapp/files/TDtcagent.db

MD5 0fcb31920c258bcb52a89d3acddf2d4a
SHA1 dd764d611e087ef4e43f0a5cd3f3be85e062eb17
SHA256 b455bb6d9ca4b802054f6f1e72d66184b37897ba60a1e5b5de456454ddd07828
SHA512 009f5d30aedf58e5c88835cee9a6b87a073660627beda8a09070eeb9139be05f78d11677ce31152f57a988ff132a469d9231140fea3f4c7cb078d39fa55509a3

/data/data/com.sinyee.babybus.recommendapp/databases/UmengLocalNotificationStore.db-wal

MD5 d67457137d94689397e43394ecde8acb
SHA1 13bfbef16e8e167f29edc27dedeba576118d49de
SHA256 6fccba3bd849c30fdb32e02e56c4251cc89933bedd7e16ba0560ae60cafda65e
SHA512 31ddb3c7bb425379a35238eb3f43a04eece218645242e8ad234f3b893141aaa6750c93060d84c6ea58f15697bb5b519bab0f8d9ac83a6ed2c0d9940881991293

/data/data/com.sinyee.babybus.recommendapp/files/TDtcagent.db-wal

MD5 4f3e6255470c690fef7556c3056ff449
SHA1 01f7c207d153e17e3d49c5b7985aa2e8f98f1d6c
SHA256 73341206c172fef6b8c7c9a3bbebf5040da0341a7c168cdaf9309a455ff284b9
SHA512 30f70a4f3b0caefa1f7e8c556c71fa6ceaefedc3faa4c2d994bb5db165309693bad89a420a4e5e500a5989b10d805adec733abf10edb6c5cf596bf962eaa23f9

/data/data/com.sinyee.babybus.recommendapp/databases/cc/cc.db-journal

MD5 306a1cd618f58686c2e7df219258aad5
SHA1 55cf50330e7ce56d93168c93b7dfac937eac1fa8
SHA256 9a87a66dfae6acae1d5f11596e634e028c75b5250f7825e4891a7454c5843042
SHA512 d62c6539dfff3e114f29977d7eb5800df1fc68b01c3257f30fdca3f7827edb32b96f9f514d09b9ff4cd4bc654dee2146911a07bbd5e83c77c01e476c1f4bbe6c

/data/data/com.sinyee.babybus.recommendapp/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.sinyee.babybus.recommendapp/databases/cc/cc.db-wal

MD5 ac37d27c433cc9e7ffdefc93cae1bcb6
SHA1 f80351f0aee8f650de03cc8f0f5a9651eee797ed
SHA256 e546d43d9f5d528604a29b2a373a6f544e4dc87dcbae1ee28079b3faabdae676
SHA512 95172e5a074a6ccde17c93944306cf091876a7bce3508914a274d2aea9cce7e263fc2421e6cf717296b6ac886d5237d86404667b28e090de90ef153daa6cb8e7

/data/data/com.sinyee.babybus.recommendapp/files/TDtcagent.db-wal

MD5 c3913f8c861994e195691b8888b4f35a
SHA1 230a1b74ade344f1e214d8d23e856d8686baa20f
SHA256 22e4a38b570da4c4edb88bc2a0ce8662fb67f6e12744ba400f969d616b891f92
SHA512 7330bc24c1c221bff856a0ae7381db8747bea75f0c98ed757313f1e6ac1a959e8f153a62da4a78d60739b9a7b36a96b7745d86198ec7930111f136b5159e39d0

/data/data/com.sinyee.babybus.recommendapp/files/TDtcagent.db

MD5 20d375596471555efecc02bc64039f8e
SHA1 a3c36822657d21825175dda8959241659726641c
SHA256 ad03901970eb4178fa2ee0a7f683e13312518d0dd888ac909ac742134530c3a3
SHA512 cfd09c84abfeab94261b2fb9a837ce9cd4e5a1b1f6e85f9b6f283e11578f5825867a67106a7bb2aa56d20cf57070bc1146fab6bebfa0aa845c4f50e299e7408a

/data/data/com.sinyee.babybus.recommendapp/files/TDtcagent.db-wal

MD5 1ccf83dcde8b06c79c254de73874766c
SHA1 9063b63ff7713e6b4604a4398f065529f71d4af2
SHA256 179abef12f97bd4b4438a0d258dfb96625e864c15fa425ec607c6a453100d301
SHA512 fbc8f205ce5083d902db4907be29dfcb1ebf7cad0b015655769532db9e559cb02cd666d47e0b6a98fab78537e147db6311f149f45de34a3143e42eee9aaa7a00

/data/data/com.sinyee.babybus.recommendapp/files/TDtcagent.db

MD5 af772beaf2d202a9b6caaf2b86ba2e42
SHA1 91f9304b650c0f7628c117a3e7e32555fbe40c35
SHA256 924a81c982529fccbe1c505de55a66d6186442610492e9d7633a3061687c1e30
SHA512 7ac9c9ac8aaff2de6d2b67b7899e1212b7fcbfb0af8d3c433512b15502b65d23cc5b631b41a48879cd0c48140bd2a851cce4e8d1d6b8556caa3a5d825953941b

/data/data/com.sinyee.babybus.recommendapp/databases/okgo_cache.db-journal

MD5 66ca2b6d95b63198b80c35efc3ac3390
SHA1 94fb674427f48ceb27c878766726ce561b4e9714
SHA256 35a0448fee277585d11cbec11958e47cdc06a9f06f9cd4462048d9e8bd2e9c81
SHA512 5fd521dde58451e1c5d82be82061b017b412aa6cd928018c5100092fa07837b1bac763107239d1eafba8bc14fd801d564145a8470f51219ab220c1456ad253fa

/data/data/com.sinyee.babybus.recommendapp/databases/okgo_cache.db

MD5 406ff9ea400432901f2da83a56637bac
SHA1 20b129c04ae642a637dd596e938ff5fac0f4b82d
SHA256 7abc04088e008647e17eda7ea16cd27201b5fb3813ec5b350f478aaebc17e9a9
SHA512 6a1c095db2f814387e9cc0905143902c639e58f4897c08016c8b46978cd873d063230389853e6319c5d8f46bdcf25f8d43160c7f204f9db66a3c103884d4f299

/data/data/com.sinyee.babybus.recommendapp/databases/okgo_cache.db-wal

MD5 1a78c290ccc3bf36b96a0c730e044c2a
SHA1 351a6b0ac9f58e0b0c5610d1c0273bbb688dac44
SHA256 33d2acd551d9fb5c6210a1d0c52e9b2ce4f0284925d723d0b1ba077c1a75d6e3
SHA512 ac6700dfebb158584ffde494c0a92dddf1e7f99fc82d2cd7f21d0c7dec3fde963334d640ac52bbf608d74e9e405db14e5d2e5227257538be5cc25cf03a4d9746

/data/data/com.sinyee.babybus.recommendapp/files/umeng_it.cache

MD5 528cd9cc2f1b44ec2a6c544dc68242e9
SHA1 d9e08340e9d67128174a2c46ff3e660dbb37f252
SHA256 3e83e9f6321bbe50f6af84a265f0fb1d47526d681dff592f898790a80aa3c1c5
SHA512 4964c44090f19658441d10ed268e4882772d6e95c250fcbdb2a17227fe1ee3b2b25f6ef6fc5d94f48eeb7efdc94b6888f77e801eede4b4159aa5e85888dcc62e

/data/data/com.sinyee.babybus.recommendapp/files/.umeng/exchangeIdentity.json

MD5 e5716106de1a3c7a1c1819fc44a0deee
SHA1 55d1935be032a4591fbc4d5e3714952d5c105b14
SHA256 2a0ce830488c9ff98a13e2867c4822ceb898efbc577e539872cf820b7afc79e4
SHA512 56971b391d63851c25ccce282be3748e83efd65061879094ba8844aaa11341f4c4c54034afb196f48149c5e72cd9a691ace96af4f1d8f1fb7f965d036cd8fd55

/data/data/com.sinyee.babybus.recommendapp/databases/cc/cc.db-wal

MD5 1d626f2ddc7e72574cd21c665f765ef7
SHA1 b25d1e6f2bd382fffca0334b68eaa82fa84bc03d
SHA256 e0865b360d061480337788ccaafe2a2a82a8b763c89d5c14bb2048d7dcfd918b
SHA512 ac4b6a1863178ad444b2f7f326bd4d5d878862fd517bf409f469bf11c0c8dbc996e0d8ef78836ee2ba4b4bf1eb207bf8caca31cde64e5178dc03016b01b6fe8c

/data/data/com.sinyee.babybus.recommendapp/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.sinyee.babybus.recommendapp/files/TDtcagent.db-wal

MD5 ced6f568431d55825784e004136334e1
SHA1 555486cdbcdc4a733073a9bdcecac47c425c28e8
SHA256 db0048402355c00c141e335c0f6da5aead7e1ee4ff3d71f0464662bd4ee4bed3
SHA512 c647b2a3756112c0979a50138cdbc0f80db051aeb8aae12b066d7305c49113a148bfea2be03d95b1cb3b28965b262271015c24b36ebd734cba1495898267aee5

/data/data/com.sinyee.babybus.recommendapp/files/TDtcagent.db

MD5 6c79326de9a4c3ae2687a9db1af97de1
SHA1 6aa3c230366786debc753fc739ea4c980ff48ca4
SHA256 bf1db0849ecf588a56200833fa4c7fc0aee2dfe8f2540482062c37a58160c3b0
SHA512 be66d67c1a8b221c8556421fc5a6395019ac473b49a42606adf96e5bfb3b380a03146671239ceb9e841de8fa00613751467a3cb4ed939f853ae9dafd6a86bf00

/data/data/com.sinyee.babybus.recommendapp/files/TDtcagent.db-wal

MD5 3ef0921c47d7ccb0763151a41a5475c1
SHA1 20de0ce40978e21582d987612ae7f6a2f9a8c658
SHA256 5b7f008b012b31f8ad36d22982c603a0b69764c421ac18252225c082896be395
SHA512 53f0448ffc0a121d1c64227086f2926333d16b2ad2c78fc80c164e37c5b40b011118b9ff83aa62ecb27aa204ce59ca17de4d6a7e159eeacde0782dd2d8becf9e

/data/data/com.sinyee.babybus.recommendapp/files/TDtcagent.db

MD5 4dff460753c975833bb2a6ec28c427fe
SHA1 4497a46c90b4ff9dbb296da9a2aa9507592b3521
SHA256 6d6f4a2e374c5a889defb1452c9942a43d2270fc33cb3e7d07aab6b7351e58ad
SHA512 17f84bf7a59393f4605a314d80deea3774a520dd64d3df70edcb2b89c8714a3aa4cd18a45a387b8f12a66a6498db2db6b5ee60bbe831d490af1cfdb1bfe6cb20

/data/data/com.sinyee.babybus.recommendapp/files/TDtcagent.db-wal

MD5 18442603211ac97c8acab76eb0d227a0
SHA1 9b8da7bb24f1f703343df57becf1facc6561f077
SHA256 56d3bb0292b9019ca95abb4431447c8572c2e41b5ceec693b877c4e0c349b1d2
SHA512 410689d3c55580c935e47ea1bc8fe1d7e6cd963d8ead3ab7bec6c0eca2054890215a3dfd308f10dc5bac6d5ea92c292001b8d866ffc4fa4e9c754675e4b3a096

/data/data/com.sinyee.babybus.recommendapp/files/TDtcagent.db

MD5 5662bc21e479d0af8982215b04402a3c
SHA1 dbf02862c7004fe450340791fcc15868426eb3c5
SHA256 00e332cf8ea513b11130f94e1719a8119e416be96416b25beae1a0f28ce60146
SHA512 a543335580fe9f3bc65665c8a359a51e84b4f14381c862b911d00c0f618bbae3ebd1b015e449c32a190ce1f1576202100b5f08c00f961fb89078beb85778481c

/data/data/com.sinyee.babybus.recommendapp/files/.um/um_cache_1717404466119.env

MD5 d6e634de8b806a947bdd4f4b0972ced0
SHA1 d58a0c2edbd7f66762eec3599a143c98f57a282c
SHA256 6defb70984309abb910f4c7980371986dc6fc0fd0aaa80090de4abebd5289f8a
SHA512 10d3e76989b9291c38689d2cf5068446b6c44a9e99af77074d6d83847ce38f9ce5c3d1454dc3acbc3fbf75680ec85428c9f848bd7454937a90e63c48c2cf89be

/data/data/com.sinyee.babybus.recommendapp/files/mobclick_agent_cached_com.sinyee.babybus.recommendapp331

MD5 7a66cb67bdaf919bfac27f1d81995c7b
SHA1 39933ccb0d5f8aac2b5058ca5bba9596d87818f9
SHA256 0d01cef1d142f0fdd14b92dd9cdfe5c3548af7d05238b2b4a15df9b2174ac965
SHA512 131f4f609af2c9474ae343bf4913cd5c9d437f560022b42d2538534590408b9e40c13d44782b4ba99d818fb9948b2ef4ffb8774eb4d919c53e58dbe95803ffae