Malware Analysis Report

2025-01-19 05:03

Sample ID 240605-ygtjhagf82
Target 990fd13ea91c5896709df62b5979d3c3_JaffaCakes118
SHA256 e83a31ff7a02f5780277e6164e2fd649718275ffe1522e1a4b88f7ee152a5b7a
Tags
collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e83a31ff7a02f5780277e6164e2fd649718275ffe1522e1a4b88f7ee152a5b7a

Threat Level: Shows suspicious behavior

The file 990fd13ea91c5896709df62b5979d3c3_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery evasion impact persistence

Requests cell location

Queries information about running processes on the device

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries the mobile country code (MCC)

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 19:45

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 19:45

Reported

2024-06-05 19:52

Platform

android-x86-arm-20240603-en

Max time kernel

172s

Max time network

185s

Command Line

com.drcuiyutao.babyhealth

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.drcuiyutao.babyhealth

com.drcuiyutao.babyhealth:pushservice

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

com.drcuiyutao.babyhealth:push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 1.cn.pool.ntp.org udp
US 1.1.1.1:53 id1.cn udp
US 1.1.1.1:53 www.easemob.com udp
US 1.1.1.1:53 pg.xdrig.com udp
GB 79.133.176.222:80 www.easemob.com tcp
US 1.1.1.1:53 api.drcuiyutao.com udp
GB 79.133.176.222:443 www.easemob.com tcp
CN 39.102.152.162:443 api.drcuiyutao.com tcp
US 1.1.1.1:53 register.xmpush.xiaomi.com udp
US 1.1.1.1:53 app.xdrig.com udp
US 1.1.1.1:53 a1.easemob.com udp
NL 20.47.97.231:443 register.xmpush.xiaomi.com tcp
CN 116.198.14.21:443 app.xdrig.com tcp
US 1.1.1.1:53 log.umsns.com udp
CN 47.95.246.247:80 a1.easemob.com tcp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 push.hicloud.com udp
CN 118.194.34.26:443 push.hicloud.com tcp
CN 39.102.152.162:443 api.drcuiyutao.com tcp
US 1.1.1.1:53 jic.talkingdata.com udp
CN 114.67.241.135:443 jic.talkingdata.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 api.m.taobao.com udp
CN 140.205.162.6:80 api.m.taobao.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 101.201.233.110:80 a1.easemob.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 118.194.34.26:443 push.hicloud.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 54.222.193.169:443 tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 118.194.34.26:5222 push.hicloud.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 118.194.34.26:5222 push.hicloud.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 59.82.31.154:443 log.umsns.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp

Files

/storage/emulated/0/Android/data/com.drcuiyutao.babyhealth/cache/uil-images/journal.tmp

MD5 fe21807e154adf3bf9a363858a378aca
SHA1 c0d3c87cb5ede3765883ebc2e054a6cdee19f76b
SHA256 67c8391e256468e62d2655c58f8084902964313b9910bad8d7de0925a02f59fd
SHA512 9a17fdcdb7f3bd9c58a7efb9ab58dc90544e0511e2d00e3282428b967baf22c1cbce3cc4afbe90502b2e4b5709d5fbac478c3d7e8544e91bfc13c1d005be3b20

/data/data/com.drcuiyutao.babyhealth/databases/setting.db-journal

MD5 ba97e7d07800cbca8bd7064f5bd7a453
SHA1 5cd3569ca00ffb2e1903bc52dddf53150112c15b
SHA256 3836832de50dfea3646fb28d96d10881c88bd33e8974c3807e9e7b71cb58606b
SHA512 7a0597271219d3d8b47595067d852fd39cd01bad1b7367f53af4d6c05651661229114e6e2618faf6ecc652e492b1c938643e53adbceb1bbfbfad8b28af6b9127

/data/data/com.drcuiyutao.babyhealth/databases/setting.db

MD5 1c4274aa7a9a5cac8c6d1df71e4588c6
SHA1 abaecd685e01cc68801292e3dc7085654a22feba
SHA256 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA512 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

/data/data/com.drcuiyutao.babyhealth/databases/setting.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.drcuiyutao.babyhealth/databases/setting.db-wal

MD5 7142f6a1964310e5599912b6dccffe4c
SHA1 a685e57c1cbd06892b711839d985f49dab9aa146
SHA256 b502e7eae9edc0fbe019fc2484da588717ead136eaecafacdb448c1b7b157c37
SHA512 d3cb9289e9419435522daa047739632063c4a4a11c137f6cb75cbeef5c765f46328bb3d7362e8dfce83f6c387ed718d665dfae008f8e34da63d4046e83518e9e

/data/data/com.drcuiyutao.babyhealth/files/TDtcagent.db-journal

MD5 c1e01eca8b5348d986ed08d72680e7c8
SHA1 d9de5ed6cbe21a04b3c359c4cb30a186f0b60545
SHA256 45bf04ed2c73d9c1f728dd8e29800cf46db6f19ecebda2613374df4ac1e959b7
SHA512 13d645ce3de2e114db31c1d7823f986d480f29ec0870bfe2d788f2d246e52581c801190c223d3ee934ddfa49ba97e6abe1df5012d7563adf9bad95ac93d709f3

/data/data/com.drcuiyutao.babyhealth/databases/mpush_app.db-journal

MD5 8edc113eaa058c3dc31815f57519b332
SHA1 01e45993781847d884db73d1b2b31dbf29ffacf9
SHA256 455bbc85514762321c94d0d9b5147257e3b15e25a2a6ee0195527a3a607d7b3d
SHA512 6d98cf5421d0fd5c118310b814e0e6d788e43c3fac32c4bb7d0e806cdbec2d55ec59a6f25905c069f6df95d354dca0e81d547c1fd3735b65ccf59cace6d47a90

/data/data/com.drcuiyutao.babyhealth/files/TDtcagent.db

MD5 a64ed0db240d3914f2690223fd92d8ad
SHA1 05611a85274356de18c74747de7f30df7f286ba1
SHA256 a0a6b263087fa8fb9d8d85ace11c0391b7cf399da8b4471c62c8b05cab975813
SHA512 2ea50db3f02da45df15f983b0edc5ff060468f250293d09bd1bd9cb5ea37cf282a57cb69cbb6638dfbf5a161dcb002438895449364b636fa7849e5cfc883da13

/data/data/com.drcuiyutao.babyhealth/databases/mpush_app.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.drcuiyutao.babyhealth/files/TDtcagent.db-wal

MD5 756e47efa37987d91b735844268fd990
SHA1 c85997bbf4248628ec6ee4cba428bab0e6cf3ba6
SHA256 47b0a0ac49ccb329a974b1fc53be853520647fd8d54027bcd6ecaaed7921fe05
SHA512 e0bafaea9b253110a80a6a0d2865a7b7a4388c6b58854deb31e94010bc0a5165369b16264102aece48038599b44fc12bcd165295515f4fa7c9e1448af0ca8f91

/data/data/com.drcuiyutao.babyhealth/databases/mpush_app.db-wal

MD5 abf162dab855af584e7c968995f323cc
SHA1 36fcd25d414fdde6632694e7ee27d120614a6bd9
SHA256 42b5fc3919a78e6b3c06b2a30cc3f04d357939507e03d17917fdbd40fd23aefc
SHA512 06a8b944327938c05a04196ee73e13b5f166ca76bb14e16a929c80b753289549543405e08b49c5f976e3baadd68ca61c7ef7e7fccae2a7e2801b1ca57da3c115

/storage/emulated/0/.tcookieid

MD5 9ad623959d15ca19366e51c03ce5475d
SHA1 a905791b6e3748539ca8bc625a72e7913f8379cc
SHA256 1bc78c2b8700c871884206559e498338bab492ae73cd3343ed628ef8be0ef325
SHA512 e0270bdfe23a25b7514c69ce6021d32c3bef4ec631131a3fcd7975b075fd0e412e89fdcccef86c880dede62630fc7d03178ee0068977a852bf84b11bc58af11d

/storage/emulated/0/Android/data/com.drcuiyutao.babyhealth/518#yuxueyuan/log/20240605/000.html

MD5 cbe59e71e5af8ce7e56dfc860ecbf81d
SHA1 0615ba015de6a5b8aeb01a7d53b20c811ca240fc
SHA256 573e5851d83390770a8b5488a270e04b126ec9625555e2cdd1578fee0ccaac58
SHA512 564e4dd7a81074f41cb0a4d5c86e270ad47cb458e429dd7d037a8baee68395c2c39b8a18db6ee90de28705d642af00f1903018c42f2a81539f91715804a2adf3

/data/data/com.drcuiyutao.babyhealth/files/mpush_version_preferences_file

MD5 4e732ced3463d06de0ca9a15b6153677
SHA1 887309d048beef83ad3eabf2a79a64a389ab1c9f
SHA256 5f9c4ab08cac7457e9111a30e4664920607ea2c115a1433d7be98e97e64244ca
SHA512 e053886e1b797bc5a80f932302f0201265a599d82e2502d41941d6e652614ef88fa058e009094d26655f880200df12c2100f690254fd1e5bae75d7441763cd33

/data/data/com.drcuiyutao.babyhealth/files/mpush_gateway_preferences_file

MD5 6ed7f19572d045a5b7ef8c079e36c0d6
SHA1 a3e9e52106de281203fbabc33131fef7b1fbc602
SHA256 081b605597dadd810d53492bdc096c28002883214e6bdd0ba0fcdf5a9bc02d37
SHA512 1a6b137be6ff21b7894657146eac757f63c4f8ee7881aeb2dfec15ea416cbb8a0313add31bd110651acaee205a25f7afa725ac7e9a69676ccb0624bdfb9ca62a

/storage/emulated/0/Android/data/com.drcuiyutao.babyhealth/518#yuxueyuan/log/20240605/000.html

MD5 8295cafa862bdea0758ea3eadcc638e0
SHA1 51d0f46ecc083c57ce5a56704a48ec26d0cf6f43
SHA256 863dc424b4389c697ab536fc044f249ec533dabd01f9805115485e2936f179e6
SHA512 0d9a024225c328b0a060b6c22b6aa579c196ab00c708cf623f118b6ae5312718fa0da4cad2e4e77ac5397d7e37c0154589a0803193a2082388de41772c1875ce

/storage/emulated/0/Android/data/com.drcuiyutao.babyhealth/518#yuxueyuan/log/20240605/000.html

MD5 89ec8c54b8e635e02d7711d5c96d333b
SHA1 3901a24d3a976ffc427e5a42cdaf001c5895ad2d
SHA256 10177b1c1ae1b347bc95f3035d5573085fff3dde2ced90ef7a158943f77029c8
SHA512 13d6558a98d7c968997a54ce28a953dff4a40fe62e2c5d836ea2741939a5e3e3dac5d0e147a4a4fd77f140ca434221876aa9eb71defcf7a3c498508e549dc38a

/storage/emulated/0/Android/data/com.drcuiyutao.babyhealth/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/Android/data/com.drcuiyutao.babyhealth/518#yuxueyuan/log/20240605/000.html

MD5 6ac9bfba8ec8cbf9d01c4c1a37ca6a2e
SHA1 711aa1054f5b9cdcf7792070a68f769b3505e638
SHA256 7c9711a4500ef7711d3c72e6c5809ffd37bf8bf6f5ee26c85310f6db7642319c
SHA512 7a4fc421a76023789d5fd82c40ddd82907ab85467ab9c210cbee5da9929d9a2f9b80f34f831bdd8e8c85428a10f8e22d1b4a0f114554edb7c007558420240195

/storage/emulated/0/Android/data/com.drcuiyutao.babyhealth/518#yuxueyuan/log/20240605/000.html

MD5 6586bc48c8487707908131a68b67f9d1
SHA1 cf9dd340a4a3f49072c2ae615c47d3106803a5d2
SHA256 8a851b2ba096fd925690150e3219184ed162e6ae048a0c0602fe85884144d75a
SHA512 8ef22ae99d3ab0e6ad4e6bf3f2cfaea0af64c4e661d7d6820b4548b7d8d56e74b603d9d919251688d9b7879cd1b2f6ca9b9a29775a58cb3b12bc85bb40accbac

/data/data/com.drcuiyutao.babyhealth/files/init_c1.pid

MD5 6438dc03e50c62fdbb5bf9a272058626
SHA1 629ec581690f588422fef5dc254bea22d75e6b47
SHA256 a1184c4d13225668fba6f208d6c35e6ab15845c6d8b4a02d53d6118faab35cbb
SHA512 b1e2e84d5017a8e8d3776cf2d85af6a47b747bfd12724b88428aab6a8004a4f9c9ecfb4365ca3bd1f14bd1a9758e10f34206451cd4b274412edd66b316c0f738

/data/data/com.drcuiyutao.babyhealth/databases/pushsdk.db-journal

MD5 43a2ab739c71e4d30f4833c3a40f8704
SHA1 26580b25b4e9b3423a152a33ebb21d1964848811
SHA256 998fcdda5e81abce04c8eeda2e2736b26cd226e757cd3dfe648c6275bd89a63a
SHA512 036cd4bdec98466ac3b1f542e5343dec5479bf2331b5245c7fa4d4d6b9976e1d57e3f4e9d6871a8702842871a97161fc40ba89271289211ec5a74576ab9e4b52

/data/data/com.drcuiyutao.babyhealth/databases/pushsdk.db-wal

MD5 c1ed0c5b1df0cbdbc7fa85e2e0d42ec8
SHA1 e54be017749ba0f3f6fb2014cf888d4e886c7278
SHA256 91ed22e7d90194417fe95e64070e47faf8e071ddbc2662614985622ed59f100c
SHA512 e95f3531b006146135829f0e25895b85503229eabf7bf5be343e55678b59de545fb2dcaf2372ae4d5af2a0d24d1f2e9e6c346b4a6cf5e68d2158df9ce2597532

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 da7ca2adf9fc21a3cbb653c13dde36d7
SHA1 b7b112ac5e0c0589249e7babb8bb1b2da60dc6c2
SHA256 7fd803fab24397f568f9ae3eca38ffca575fe3ad3eaa03b98a13beaf671fa038
SHA512 a36928c7fb5c7c4f5a5129d061a75e4cf23500586e0448d1eb56678a55e4dc1d5c3cf432888b8b97806757e7960e30379ae7e783721bce5dee318b5d341b192b

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 ba03f7edc4a268978ebbf09f9d095b46
SHA1 ffd2529a31ec63aece63a98ddb2a930d4fc98c5b
SHA256 22672e77591bd56b0155b01a67589021e04ccc1a71bb8d72438959437b8fd93b
SHA512 4fd447da3cca30e4c9027b0a9babb07f4dd8c55b25f747521b707726b6aa716632073a5077dfebfc639c839c2423fd96fb0199f1439843c58e5e732884347149

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 e3190596cf3bfd94ef1df2d7772394bf
SHA1 3e7361c7cb667597e5e53e65443faab12d0750fd
SHA256 16e417b761db9d987abd37e0baf87814752796f52856a70e58270f97b0c91961
SHA512 72c162874d35497a711c4baca355d2e0d49689f6d91d2d259affae8adc09dc7b8a9d92d008e0bf8e6316ffc146fd3426d3b593db1aa11655c1df1475bcf23781

/data/data/com.drcuiyutao.babyhealth/databases/UmengLocalNotificationStore.db-journal

MD5 15595f45376b9f6d260fe49d201f8dd3
SHA1 97fc7627e4e378bd9a79656d6f6792c0ab7cde67
SHA256 4ac8dd95a5278a2411870c923a4b5a4c7752b36490026bf10d9253e5d96dbad7
SHA512 47afa2fa97133b7e7dd27b6f23223df3e11f09b836e270a1a73cf1db78310c9e875dd3ec3a92551ada6df1d18269eab825f4828c71b5a24eba0449471a3d9b12

/data/data/com.drcuiyutao.babyhealth/databases/UmengLocalNotificationStore.db-wal

MD5 d1aa3760ae7a1d82d1009e90e883df79
SHA1 191f101f67460a7b142393f00c2f0caff4caba81
SHA256 9a95d3cd0c34111b07b7b5c7b6ec9810e42a5bf1c1d6b987001871fe564e5997
SHA512 64409fac0720748b85ee399727c1c7d12b12f20d182623e02591de583e204ba0c0dd6f99eccf1a981fc82ed066979648b3cf166654837c8d8d4b8ddebd7f2a5a

/data/data/com.drcuiyutao.babyhealth/databases/cc/cc.db-journal

MD5 c8d6eb17154a938fff5deba082654106
SHA1 f0c43baf466dbd10edd51f7fe475a0a0c4a753e6
SHA256 e4768ee8dc64b7732bef1f01cb99a28e6fba32c5ca6710280c1ff5ac25e26243
SHA512 70f09df24e8730b857c1f4b6074fb71a83be0828bbd3ee61eefce2bba91f12c9f97ab1a7f3afbf44f47d1cfb1bd0f5d0c57be7347fa47822a9745598829a16f3

/data/data/com.drcuiyutao.babyhealth/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.drcuiyutao.babyhealth/databases/cc/cc.db-wal

MD5 a5749e38ffe211fa08be2d0516184a00
SHA1 aa9862a5c473b9c65c97f3eaea86f2bf345c6310
SHA256 2c4a8f1682f5d85967e3549a09b5e7cedef574fd47154ffbd4b561b42024080b
SHA512 7331ef2ee87826fb1de3f7eb08818f576a3edfd882bc420e1bad9ead8771addeda03e4db64e2f130ec73dc435008c063a6300d3f426aaf54f66d0f099b78cec3

/data/data/com.drcuiyutao.babyhealth/files/TDtcagent.db-wal

MD5 85a2068900491b26ef57018db0827f55
SHA1 a0110cba444e1743dc775d62cd3d52d15a5b0b2f
SHA256 e54424db3b6781842d95d9fd9f2aa0fe5b3818db72a14864ef20fecac4bb4911
SHA512 85f32ada533f9f2acb9856d9150a6782c7c52223ffb6aa39c310c7479f1bc3bbb78080a8993f8128146af2c90761dc0fc7982e2fd03690763eda72111081c638

/data/data/com.drcuiyutao.babyhealth/files/TDtcagent.db

MD5 ca73c9f4f8dc3cac67f5a19bb1cd90be
SHA1 27a183ae0213a6780107127de0c3cf3872bbf05e
SHA256 bc68356ebf926994de2dec32f9bfb22d766d44ddf5174b3986c795245a026c46
SHA512 796d9b27702a666f7e746baafb91dad126465f93ef06d2a9775a39805b26ae93df3d56267449c4909db1619f6fffaa938d4db85cd15d5a16548c9fc8397a6ed8

/data/data/com.drcuiyutao.babyhealth/files/TDtcagent.db-wal

MD5 5f8a2fcc17d89160242b2390e3c77c77
SHA1 9dc404b15a54cbe76d935426c99f122e6ec0c560
SHA256 41a554dcbc369fdd9374c7d573e6449005824f333bddbede4176b1e26195fe27
SHA512 1e5750ee1484eb5d1b4ee838d41a826f8a6349e9bf956222d3dc1f9c9f0a0edab07ae1911e205061f0d22e18405e606c2620d8c366c5a944acd1cb3df5490477

/data/data/com.drcuiyutao.babyhealth/files/TDtcagent.db

MD5 442caeb7106942c118659777bdd0122e
SHA1 16c94057459ea69008a6e360f9a71c38745c7103
SHA256 9f3ff22468a2cde85a16bc4a0f6c126573747c38a2bcdaaf62e3b797310bdc70
SHA512 dfdc95046fba9f0af0c295ffbe2ca04f0706653ee0804c82dbdd87dd25182e83802a0874f09e8b7a6f66f671842959eb1c0d0c8224713f73ed3131935fce6369

/data/data/com.drcuiyutao.babyhealth/files/TDtcagent.db-wal

MD5 c65c9b2bf88015cc2e47b8f1728fd6d1
SHA1 e4463dc0cdd90615e8387d8c23617108b50b1ae8
SHA256 9b37249d15717ee9b8bc265f24d4c70a9cf4a09c4b50826eb9f01298b1741dba
SHA512 4fe67eaee11cc3a10f2a0a7a63edf8c36a36807bf3384749cd5e19db1892c2c39e1fb3f9d53af279fadc904ce06aaa7fa641bc7aed36824942066278245dd4cf

/data/data/com.drcuiyutao.babyhealth/files/TDtcagent.db

MD5 09875b3ea5cc6623163f38845c694426
SHA1 8b2ca26fb66adde2187c9aafd1972bfe882d0b1c
SHA256 561ea5ce0392a7fe2c592b1f5f628b7af7dd5de20b49baccd12ee103f79d164b
SHA512 9e27b0911e7e51c36659a87110dd7f31f37e602169c6ae6281063cce0c84d599e291f54beec97bec80448367b51a69b9fd118e20986c21a0b536872b7ee34b64

/data/data/com.drcuiyutao.babyhealth/files/umeng_it.cache

MD5 5435e4c4cd29ea770c75a5664f4acc26
SHA1 b27e631b744070a444440e094b458c863e883f27
SHA256 70f47502ff8db48d41b36c43ba898ee31b9a1d68a225e4e6f8bc03f0bf28415e
SHA512 711f86df4058b95c8e98919ec82682f89f0d627f725507c3aacf6c0e1e04b00e59acd860c7c61f0366eb9434c80482dc8eff1d533e030fbd029f83e9ed1d6dbf

/data/data/com.drcuiyutao.babyhealth/files/TDtcagent.db-wal

MD5 50f049724e05388e45c2f211a4bce225
SHA1 4593d271c47fcf0ce9dee8405ba830957d9e3a74
SHA256 e7d3f03335a79fabd4f485d61a8488093bbf39cd875fa4f0bb1c8f11fb4755df
SHA512 d5bf019a0dff70726781ecca47ee00a17973cfe6f60e2e810b928b5feed23ada12c4cd31dbe5d70dbf5a30969047e421d066c84c974612b5df91ff1c8b46b141

/data/data/com.drcuiyutao.babyhealth/files/TDtcagent.db

MD5 d8ec162c9d5018def674f0e3da16b71a
SHA1 865bac878bd5ea7c08fdb67fd5d319923aef87b6
SHA256 b410f61d29359be449be9b8b90de8426d17d62c6cd58f9d72744ab648827d657
SHA512 114d88822686a6e01bf6a0235f4497359b3ed24225910ad1e7383938f9bff531434aea597f85b7e0326a219972e3e27ea66294df718b63167af7900b8df1162c

/storage/emulated/0/Android/data/com.drcuiyutao.babyhealth/cache/uil-images/journal

MD5 61694248ffbe4fdcd6645a1304d19213
SHA1 97ca1eeef38d6b347628c473a71fc7a8c95fc3bc
SHA256 7080627b6b5f3cdf8899e1361e265a19c52e85dde9acb398fff7ef8b9b8e4362
SHA512 66c3a18ad1d56d9229be210209b12c44e478aca66d2dcca6aa0f59e53a5d9bae7391e5ce9053fcf626a307888b72696df1c6b5bda42c873b9566da42ffeaf834

/storage/emulated/0/Android/data/com.drcuiyutao.babyhealth/cache/uil-images/2hq81sgkorhmalrqs0fc63i0t.0.tmp

MD5 6de3ca63fee50743354883bb3979bb65
SHA1 751a3fbcd62f8937a7d345f014ed85bad9dfe70e
SHA256 bff05e7cfbca918afe2cd7629d64eb07cb7a0c413fba58b302081a85146b337c
SHA512 891ae7d7343302c9e4f09daa1f9c1284e54e9e8185eac291bf1f30f454bbc22ed5056467e52b862e3dee24bebbfa1707f2ee69eebe7fc9c60f985ba4a003c2be

/data/data/com.drcuiyutao.babyhealth/files/.umeng/exchangeIdentity.json

MD5 f3758139b643dcb21f832d15501e4697
SHA1 e7d8fedc4bbff9e751249a6504eebac7eb3e5732
SHA256 cfcea0efce596334c2ba4b5e8231efb20baef627f92dd1b0034a2ee89e132f92
SHA512 f61aa8db618c90c799103659ac3d4a2a033b7e394b94d99be45777d7c2536d49279ea261579fc57748b06a460914cd01828ac3743e5e6201b36bf1ca0cd8fdc7

/data/data/com.drcuiyutao.babyhealth/files/exid.dat

MD5 0343147b5a401bac645dffcef7013d5b
SHA1 f3efbc7ea0d89fd879799aa0b087f99ae6b68c08
SHA256 44d82f72102dad07ebe0a9c5dc3619a09e556d49ea265b1ad8b127c89ae7ef35
SHA512 f14b0f49b8c0bf59f1c72abe4f9020496481b917eab2ccdd38aff6c88d8cdf4c342794c218979c02e3beb4700efaf3ce03e5477cf4a4c0e92bd0060af52f22ee

/storage/emulated/0/Android/data/com.drcuiyutao.babyhealth/cache/uil-images/2sislat9hmcn936u3qfnh78f.0.tmp

MD5 2c8f174af6b852c86f44e8e37f5ef214
SHA1 a3490add8d9e6441ec5ab4e3028c9f7efa8276bb
SHA256 df1e09c7cf3a0a97b7746a7712fadf8b0a9250ded7b379736eaf2cb293d2600f
SHA512 75e20064a4269a6519480c13bfc569d2ce9863d36dbb6c079ad86bdf04f5ed37835329adcfc170f6a3e01e4317fa3d74569c5a101f1876244c0bffeff30d1db4

/data/data/com.drcuiyutao.babyhealth/databases/cc/cc.db-wal

MD5 bbaf3ff1a321a9f3459a567cb9923d04
SHA1 59f0cd938a87e3f971f0e60da7c63ba41e171c21
SHA256 a2ce2168dcc2135412eec5da69707e991a2ade8bd1ec422fad48a59e827a52b9
SHA512 378ec5da64dfaf715d94ce7e725aba08658d6a6d7ab9dcbb7eac4b4f3c84476c215dcce284addecebe278ef23572ddfa2da24df8eaaa242a0d16405ed94fd528

/data/data/com.drcuiyutao.babyhealth/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.drcuiyutao.babyhealth/files/TDtcagent.db-wal

MD5 c9c234098d5914a346797d286f72681b
SHA1 1643c2a69d3dd0c1f86387ad5769d0853016becb
SHA256 d253fb3d4cf19bcf58fef7571f97860f65efd6c5d3da17c5e5d60e5674e12f6f
SHA512 64d01e8cd0cb9bbf1d92df0954b9bc4e2743ca3bf77f7c22bde3c9534129c6757703a1695ea0a263a9de87c1467f4edff34148fda42fdd9c74705e76d478e355

/data/data/com.drcuiyutao.babyhealth/files/TDtcagent.db

MD5 ea41412b11cf261402439f1f6542b86a
SHA1 c844c1b467cdeb71ab30063da2973c2883b60e58
SHA256 41d23c84fdb92474bd150efe3deb681a9d574b90b1d032f414e6739aa9491b33
SHA512 0a3fd6d178e591ad320e64ad350da54775d72d81748e8d703fb600b2711388d7902ce7b8edc9aa057427809af27faee4d191625416180a47ecff972006eea4f7

/data/data/com.drcuiyutao.babyhealth/files/.imprint

MD5 80fc67ba301216e43e7bec18fd8336b4
SHA1 d9bebb0327bd7ae0c06b82d807fd8509d9881b1a
SHA256 c0b0a4642a75e6ccb33e40bde36de556dc7c77784ed2e3d589d0bca3ea520e66
SHA512 1971c778ed687bcefb46d3230d2beef4cb158b377a90562e718a7856c3df16e37d103bb1faabdbd68c24480e5e6ff7ce4b8fa1d310ddb2bd823d191dc559f648

/data/data/com.drcuiyutao.babyhealth/files/umeng_it.cache

MD5 b0ce8750d7bdd285fa69320682ca83f0
SHA1 aaace63901d487d73425126d5de1c895be3e4089
SHA256 d56dbefbc624b9f644e3c41be52678cc119280c736889db93c6a1eb2f529a72e
SHA512 3b3dd7bc7be8243619a833d3b93d838a9c7bad4b963d8a255edc2e7d1e14dbb89d2bada48ae090448252d60b262c121b4ec38620f5f42f65fb7ad45f7e0741bf

/data/data/com.drcuiyutao.babyhealth/files/mobclick_agent_cached_com.drcuiyutao.babyhealth2500

MD5 c02834e294dd00408f6e2f9810d3d853
SHA1 04901b11c83e3fc0ac09a8f3d1f76761a23f9317
SHA256 c212155de150c17f04a26e951a403b87c5682597d21a9b5f7a2fa0e6a1a50ccb
SHA512 1fb32d8ab30e6f1da5632cb826521a70a6939943c0cfc7442c6c2357cb9256fda0cc9f439828214fdd2b44feffba81d7cef3d5044f185b7847d63ee5cb86de58