Malware Analysis Report

2025-01-19 08:07

Sample ID 240605-vgsqesdc87
Target 98b09f1db7095fbebebba9a9ac7bea1a_JaffaCakes118
SHA256 1fb042dba160e40ddc3e3afeb9f13c11a35cc147f9385cdf461c5ff652384fa0
Tags
discovery impact persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

1fb042dba160e40ddc3e3afeb9f13c11a35cc147f9385cdf461c5ff652384fa0

Threat Level: Shows suspicious behavior

The file 98b09f1db7095fbebebba9a9ac7bea1a_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery impact persistence

Queries information about active data network

Declares services with permission to bind to the system

Requests dangerous framework permissions

Reads information about phone network operator.

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 16:58

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to access data from sensors that the user uses to measure what is happening inside their body, such as heart rate. android.permission.BODY_SENSORS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to receive WAP push messages. android.permission.RECEIVE_WAP_PUSH N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to use SIP service. android.permission.USE_SIP N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to add voicemails into the system. com.android.voicemail.permission.ADD_VOICEMAIL N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 16:58

Reported

2024-06-05 17:01

Platform

android-x86-arm-20240603-en

Max time kernel

65s

Max time network

131s

Command Line

com.gamebox_idtkown

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.gamebox_idtkown

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.box.6071.com udp
CN 61.147.70.232:80 api.box.6071.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 61.147.70.232:80 api.box.6071.com tcp
CN 61.147.70.232:80 api.box.6071.com tcp
CN 61.147.70.232:80 api.box.6071.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/data/com.gamebox_idtkown/databases/com.gamebox_idtkown_6071box-db-journal

MD5 e88633049ba84c8b60a48ab62b9b5ea6
SHA1 6f90b7e30d3f2b507e4818538b3931b65d7468f4
SHA256 bec919555ef3f34d99bc18265eddbc55176abdffb28370e5342167e9c54afc02
SHA512 93d1431a73648ce48a8fc1a6a82011358389b32edfa607632b7cf78fa3e0cd295b26f5f641199182ad52d529d7a07de3a9f7c9cd08bd475129a33fbf7fbd4c01

/data/data/com.gamebox_idtkown/databases/com.gamebox_idtkown_6071box-db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.gamebox_idtkown/databases/com.gamebox_idtkown_6071box-db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.gamebox_idtkown/databases/com.gamebox_idtkown_6071box-db-wal

MD5 e2eb795ca8629c73b6d293be45898bd8
SHA1 07f54af31c03afc0a421d422582a09d4f062443d
SHA256 4b8e29ba1ff26cedd693c8c036918cf8ea4f4b4748423d939e730172b76469c1
SHA512 3e07f67e5aa5c9f18a25cac7303839535b54758d03293946df0b55d35c950ca13f1c2b856948273b22e291f94a743bf35d2b8694f5268ff24b949b6044cd6702

/data/data/com.gamebox_idtkown/databases/cc/cc.db-journal

MD5 bd82fb6c967ced623517cf13244f967d
SHA1 58d269ccfacf56799658ae636ad80f20a43b7f98
SHA256 41b8e44180416c56caf44aa5ac4d53d75ae5e2277eef8f41276cf4251d23d35a
SHA512 9f0211a63358a396df475d12b4c74172f0ea540250a1ef4886b9f013b0be4581708824f3a476544ed5d9b84ba900796fdcff25c3d01e0e2b583efd0dc121dcac

/data/data/com.gamebox_idtkown/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.gamebox_idtkown/databases/cc/cc.db-wal

MD5 86be5b8a054efa2d388aee36afcbfe43
SHA1 9479cf5e6cd957fcf83f49017f6e1b7a875f060f
SHA256 e0012deac84063ea3fc466b9ddfefd9696b98d6a1559b675d2e555a04a83b6ac
SHA512 434b3d13d79d7963913ae6010a930f9b55a96a54c2466443cb31d5bc5ab296279c6a6fd397b1057b8059afbb81d9211436112b3107b3976f1dadda71b83848ce

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 1e9468bac5a2ec29ccbb8dfe2bc46383
SHA1 80061b84f9f9cf2134f33c69e965f80faba9e183
SHA256 94b20251cfeb36da3f626bab2c388ae68eb9836efe885cd316cc473f9593c50b
SHA512 45108f0aa518917f999e292cdc352013c75185cdfeb64092d766bb58346b6142da314ef5fedb5857b28a41f282e02062202155777a087da84a8f5bbeede4bdae

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 0a71dd9daac87282141d86be6c312763
SHA1 3e57eecddbbec7e450bfe5c036527167caed5d85
SHA256 fea3e5153f1226f5eb26772f27c89e7183f702d9687039c8e56fd859f6fdd25c
SHA512 2db60ea03bdd219c2694d9b8c97ffcd0880bae49b853622f0db081db8f85c0c637473f17468c7f6c4e1a9e6d27bded1359c7e7ae0e1465a4110bf96f02d08415

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 45cbde1ce779382cf8d41f9656c0f4ae
SHA1 c042e68d204f5c3c8219c1d2d10fbb7c842e6316
SHA256 975110ef1568cbb8b921768dda2a302f3ad67455bd11efaa0149bc9fae3d9395
SHA512 1057aad35add38a34c882839b5e5172e05bf0403b8f2baf6b64f9206bd513e4508f43467fc9bf9dbb010e08da507afeae31b7abae2619f58dfefb2374eadca5f

/data/data/com.gamebox_idtkown/files/umeng_it.cache

MD5 930f2d5403b18ad5dc2a6a6f74d0cd1f
SHA1 742e3773f1a5619358bc851f3733f5c7504680c9
SHA256 2ee0ef58d419c2be89bec35a0a73a795a740659ac7db7d7e5ebd4feddcfb141d
SHA512 0a61a98504c023e1d8da928163942d7fdded5e76fa15522e49edfc5475e60202c7ffc2816e22511012f81140efc1555ea76eae7b0dfbbe894c37d7aba2f54c34

/data/data/com.gamebox_idtkown/files/.umeng/exchangeIdentity.json

MD5 0436d2b073310a63702c70fecf0fa239
SHA1 5ae7dbc6283fcaeb2535379d24917821d524aeb8
SHA256 5b959e36daa11017a7f6f65dd5f82f174b581ff267fff57988a8d9b2d8d8cfe1
SHA512 651fe92389790cc50705bc5d529d5ebc6e7a7774658d576aa6806a484ce55d1eaacd07fb05fa4c76fab8373006e8e994fcc7412cf9329f398337e912f5b4390f

/data/data/com.gamebox_idtkown/databases/cc/cc.db-wal

MD5 4beac0d6f91d92d885c04d945772308c
SHA1 eb9b09633c5ca638ca6dabf56bec1b00367ab621
SHA256 1a34cdc91da8c46ba58333c383673ae160fd3a1d493d834472f72c2b86a8146e
SHA512 764dc1643c4ce5c4c8ebe21bc4ba479ca98de4c4a570807effb6784814acd6c7ab16ef44d48e6d0771eeb98652778ce4607197b0496a7dd0d9d6a4cfae379835

/data/data/com.gamebox_idtkown/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.gamebox_idtkown/files/jpush_stat_cache.json

MD5 f25af4c36c6af2244d09e243fd166d22
SHA1 baa71c62f22b0907b118d6acbd18bbf6aa325a45
SHA256 18c5b3c76df45ce0d6ada38ff3b4ede8915c736f6047e4a646b167d25ddce1f2
SHA512 1f48c495e8b8bbbd5b0a5a0f26acc24dc8e01210a0ab83e1e6c7dfbfe5db745be9206870e69077fd85889444252e64d56b34b0e94441f6cc81ceb1a75a48d052

/data/data/com.gamebox_idtkown/files/.um/um_cache_1717606758659.env

MD5 3673bec5bfc0e0d4c405997cce6234d8
SHA1 09ad541341623f03b89cf9cf1500528a9fe0cd59
SHA256 be9fbc111dc3b5e34af482d560dc4edddde166e7652ad47b250e4dae12def9a7
SHA512 c9efdf1d098ce1cae2453fa9861b31dffbcee9a56bdfa714ab5a0d7d83cbe7f0819586826898dcb55442e488e8ff0379ee18fccbf186ae873835d1d3aa4ce306

/data/data/com.gamebox_idtkown/files/mobclick_agent_cached_com.gamebox_idtkown114

MD5 d3c5230a81e2da0b28cd2e791ca1c309
SHA1 a100625b352de9618f8dc3a0f65895a199d705bb
SHA256 f8843897a413ac88cbf589ef49bce694ccfa04b30ef44ef0a1c8ae78d0be924d
SHA512 ce10693a12789f473b7207db31c70c75583ea5c671e69003cf8a5e6a0579fdefa5651bb56f632dea6376b73b5c31ca382d358c065b3be9d35fa129309db785e5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 16:58

Reported

2024-06-05 17:01

Platform

android-33-x64-arm64-20240603-en

Max time kernel

68s

Max time network

170s

Command Line

com.gamebox_idtkown

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.gamebox_idtkown

Network

Country Destination Domain Proto
GB 216.58.212.196:443 udp
N/A 224.0.0.251:5353 udp
GB 216.58.212.196:443 udp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 api.box.6071.com udp
CN 61.147.70.232:80 api.box.6071.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 61.147.70.232:80 api.box.6071.com tcp
CN 61.147.70.232:80 api.box.6071.com tcp
CN 61.147.70.232:80 api.box.6071.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
GB 216.58.212.196:443 udp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
GB 142.250.187.227:443 tcp
US 162.159.61.3:443 udp
GB 142.250.187.227:443 udp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
GB 142.250.180.4:443 tcp

Files

/data/user/0/com.gamebox_idtkown/databases/com.gamebox_idtkown_6071box-db-journal

MD5 a184f74563becd93ba3e7b8ed117a664
SHA1 ca3d428fcf5bec7b236d4d9ed42da60a86b466f7
SHA256 96f35ee8c65114984c64c39e1d3025501b8640d53a353bc1ce1bdd75f1e3c49d
SHA512 2ab76fc61c772ab661e9a7f581192a9dcd7f4d86a340c4f4cdb8c346554dd81a6ff1ab5ac643d20703fc9d2533438be1380848bca6fccb03d22e5f2ed53178a4

/data/user/0/com.gamebox_idtkown/databases/com.gamebox_idtkown_6071box-db

MD5 3aa471fb2cd200b8c01af96853e3ad7b
SHA1 726cbb4789c0ab4ac783fc2f95defdf2c178432b
SHA256 708c9d6d08210a383c8ddbde8f778da488e7922839145d65183894f3538cdddd
SHA512 5156849acdc5c991c650ba54fe542947e285c8c1eb7cbf2009fdbb6a67d86740ce94b75ad5f8ef110e288dba76825397c26b35ce836fb056eba5f1da853fd9e3

/data/user/0/com.gamebox_idtkown/databases/com.gamebox_idtkown_6071box-db-journal

MD5 e51b654cad0e7c7e36315a44fe131575
SHA1 a61de02195d87f56eca455cc419a3d367e92750a
SHA256 2a3bf2b50e23be9cddf831562f95296ff7e928d17cd1c8d970f741e7b20679de
SHA512 3fad9379497754f9c2fc5184a299c309ddcb187f3cb8d88d948998e81d8b9b62587ced326c6cf6e43ad2d25b1aa661e754e2b986adb2af2d0c59f072d27e1f5e

/data/user/0/com.gamebox_idtkown/databases/com.gamebox_idtkown_6071box-db-journal

MD5 cdac29ced2d74132530908de9bc9230d
SHA1 64353ff3676bf1778006e4767260f60c306b6752
SHA256 1bcf0de810c22aa5c1e99ee81373b59c9bd9b43189b99cad5d8139d81ba12af3
SHA512 abf5acc5c95a876de021d8ef1c0331a9765f301e133d67b329b9e6168b0691841c2c54fe1219ececd60a79c889bec1198e200f8ee6e9eef30d6207a53f24bf35

/data/data/com.gamebox_idtkown/databases/cc/cc.db-journal

MD5 7f561fc6c9a4c6b2f6c2aca713db916e
SHA1 5b18930cf9ea3fafda98ecb9acf7c2d787606406
SHA256 675fe5a943ab3a1fb02a9ca8d2ec7c6ff997de67bdffbf2511d4e236752bfa75
SHA512 773dd0f0d9874bcedb973463bfe3c7f82573d8fe05653f6fe8ae7b907fbf3fc71acf31fa2d7e51740332c58e805ec22f52822288957459a737e3937ab78ddcef

/data/data/com.gamebox_idtkown/databases/cc/cc.db

MD5 b986a138e325f9ed31653e246087baa6
SHA1 1cda06c101efbf7c89305f44b552e38282225064
SHA256 6945d75275af161fa082eab8b348f4cdccbab03854963f5e861fde210447e058
SHA512 5894180006885af44962dcd92c6f33a640d6080060a51a38ee4e348ee2dafe9abdcf2a931cfad4c395ebe20e08b96f810ca54b5b1f584fa232cdabc76be0740d

/data/data/com.gamebox_idtkown/databases/cc/cc.db-journal

MD5 94ea075802404a92b4633b5a5d7759bf
SHA1 98548f9cd724d1e3207da2b28eb1d9e56a8774d7
SHA256 0a73ffec2091d9a0da1e07c515ae449cc72f406dae21225100b075a9c33bfc99
SHA512 8f973fc42b24314aed05540bcf105137229790c6a8efad88ec4afc24dbe864346f3c057dbaafec679cdf56e04eb3b020976f20acc4fb400728373438e54fcd63

/data/data/com.gamebox_idtkown/databases/cc/cc.db-journal

MD5 60438e4d6df814c0696a57976b67c470
SHA1 98d60c2a1530462df89d14837a21c8751064588b
SHA256 62af3e28ccae2d6cb01ae9405c12ac0237a4243d5bc7762f8694882b13e3dbc3
SHA512 bdc8f94358d2b5f7aae79f5d28212f1f3c51beed969eef033ed5053420fab060cddacf1938b8d65b5d0763a17a81a5580cc4b70a6ef5040e50f58938776ddd86

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 646d2141153ff7ddbfe002f70fdc71ef
SHA1 9a13f37fc69c4418ce26c5ec1521e3ae5cd3d37f
SHA256 33e2b0f1e0b6edf6c698d4c8a8410f63881fa9af711c4648ba2ccaf535f1c4af
SHA512 9cba53fc1f248af048328f375ad2838784ab14ef8657662b16485086c0357b1a15257da2ed7c6c3164752c143a8ef52fa43cece230833da7c4fe5a24e7b49ca4

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 2c5538e45e28a5eb5c5a42c38156af08
SHA1 c9370da26a469c71790f6ec2db3d317686c3f94c
SHA256 c57309d7539e27de5673ebb24d6df1f9494fc358c802a20605ec06e95bb62341
SHA512 59be1260c736cbd8cbd55415d914fb410649a43727238c1056f9a3d45555a070569b69723b79a9eb6c39b75ca8fd8199591f74ef4465d291dbf4e6c57e4f91bb

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 b41844e64a48d707a57653edbf252e56
SHA1 7146f1d512dc5cac3ca6fb71f0731794b6d4e2a1
SHA256 6c9864e979375921ff3a33d0db58fc5ab6ec176b2adda1bb55ad918ef2d10c87
SHA512 96685ba115b296f01250be386f1306725acff37d6febf41bfce4c9dcc846c4755dc1cb9631e67b3912e54626fa4d957c793d7294d66a79cf7921f1f2be1ed5c7

/data/user/0/com.gamebox_idtkown/files/umeng_it.cache

MD5 6b53724206903abe5c8e28d293705b5e
SHA1 7dd8d3a9ad73842a2ab977b49f432b90e08fa5b0
SHA256 1a6ab84420129b45639cea995704756e2f85f54c6e3bf1131fe4b3ea929ec33d
SHA512 5788a5eb0b614f60f8e2416efb0df8e0ae55ca5153829bc865e6df14deb62685b9227354fa1479081fd6404e832e3af774cc780058d1a5b8f5ab7317ed730c01

/data/user/0/com.gamebox_idtkown/files/.umeng/exchangeIdentity.json

MD5 a9494d2b4cf593ca1d2e562ad52d5295
SHA1 b588d3db5b24cd648544402235881535160c484b
SHA256 acb5e15de1779019fcc5c29d6882990f70ee9d3d99e8ccef1cb9e8eb27ba9720
SHA512 dd77d5606d5cea3a8bf2907e45cba3892392cfff4821bb50b22a53f9838504b1d2ba3317b391263f8903b49b51ad0c8b6700dde4793b04feb2cafc302529dc45

/data/data/com.gamebox_idtkown/databases/cc/cc.db-journal

MD5 0fc5c25470b26c6db5c0f89ffaf2da6c
SHA1 a479ba3c55b3ab004803f0d5654526f783f853a5
SHA256 7c407b0d662784d63586dd63c89564b1257b7a27d95529d019eae5845033838b
SHA512 afd8ab6abca6f9d2557b80678862530be0f4d6f7c58e5c175039b08128ae5c2c6bb7be98ca05229dbebbd3dc0f4022f2f7afe114633cf9ad494c6d97b58d8680

/data/data/com.gamebox_idtkown/databases/cc/cc.db

MD5 1b77217d803a7c04af9466680b92d104
SHA1 0cb959f4773c6730e8aed5746706c0f3ecb35c1f
SHA256 66c83ae35e997c33eaffe9c0557d98ee31931c18b99585a64eb6cc8f63d303e3
SHA512 39ea189895ca93855bb71b4a5447815e9373ffd39b50611ac172ae321ee7716fd4af5f86c1fd0d17e12b771f4016a86184620a7c5d07f57b88f017c4ce8312ec

/data/data/com.gamebox_idtkown/databases/cc/cc.db-journal

MD5 02d26212bcfe9abfe79ec284a2f2c069
SHA1 39d45b4e766ea427db0e23621fd676a0279600ac
SHA256 6ba829211930cb708160c2b1d821aeea4a0cc65d68d5e3af9b1e7b0d00d9b40f
SHA512 34f304af9ec0868c027ba9de7ac594e28cc4ad8200e8748473300cde0d84cd474f602bf1a45deda5f7f75f77baa2aa2e9d9b37cdaf64ca53ee3d8d8434fe0acb

/data/data/com.gamebox_idtkown/databases/cc/cc.db-journal

MD5 09828e139e285f4aae837875598e2748
SHA1 0607aba068a7d8384895391a4cf25e321015eb65
SHA256 c101281752353576ef61bcd858abf781e1032227250e83ea24c72919b6e779b6
SHA512 54d63bf6dd5a1dfcfe3d5cca0dc45c05d1ef4baef5c9c70b77899df5e6931a9f1de661754d6416db98f6f0f3a62c9a14d399751236a45e6e2a015d2748b4caca

/data/user/0/com.gamebox_idtkown/files/jpush_stat_cache.json

MD5 040a1a91f87342ca85b69c59cb38d1fd
SHA1 706e41bb0199d7636247d3f49e358660781dd984
SHA256 84f9259a15e81a3c632c4181f0f09cfaea51bb2ef33fe8d0e9187965ab1d258b
SHA512 7fc85b0cb6a9cf3b96d143b964f97775bc9c0e7a923df58f42649176a2bd5fc7a32300b40ee55f4ed6c4c420328cb9a199cad351741f7a2a1b9fb41935a05f27

/data/user/0/com.gamebox_idtkown/files/.um/um_cache_1717606761609.env

MD5 93648ebe202946cf5371f9678535f3ab
SHA1 cf7dfc48b7eef670f15f6d3985308d28d5af602a
SHA256 3a2a229d63b7e112c57645778d2fcb9cd7a0d7eba864df836ed5d3fabc6d9099
SHA512 ab95a3b53b202dafe59f538f709a6f8b161e62ba5e3d1e633ed2211b68b9c4caffaf787959af5478460efc8837041c6a1e45007ca2ebbf2c229324fc31c2ab7d

/data/user/0/com.gamebox_idtkown/files/mobclick_agent_cached_com.gamebox_idtkown114

MD5 72649cfeccaa8821f606e2152fa57969
SHA1 9a2f3e7ee7c6de483ffdc358cbb7de387d2ad243
SHA256 997755223cfd4428ce879cc37fd21cecd0a32c6e52c27bc0bd2644ba224dc603
SHA512 bfe7aade959044899a46a1cfb7cd1ecd362b252dea041e51699461f39f9b3b2a788becd3b5115649eec14cc20ecfd4e2fd459c22a0bf3d280b3dc4e0b739f074