Malware Analysis Report

2025-01-19 08:06

Sample ID 240606-c5dmasfa2x
Target 99d2c029c018e5bb8ca76a7c01692b92_JaffaCakes118
SHA256 50506cf771853f33a540bc6dd947f494409f656d8e10363562b0b9fd2c01e791
Tags
discovery impact persistence evasion
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

50506cf771853f33a540bc6dd947f494409f656d8e10363562b0b9fd2c01e791

Threat Level: Likely malicious

The file 99d2c029c018e5bb8ca76a7c01692b92_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery impact persistence evasion

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about the current Wi-Fi connection

Queries information about active data network

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-06 02:39

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 02:39

Reported

2024-06-06 02:42

Platform

android-x86-arm-20240603-en

Max time kernel

127s

Max time network

180s

Command Line

com.netease.ic

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.netease.ic

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
CN 119.29.128.145:8080 tcp
CN 119.29.128.145:8080 tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 119.29.128.145:8080 tcp
CN 119.29.128.145:8080 tcp
CN 119.29.128.145:8080 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp

Files

/data/data/com.netease.ic/databases/bugly_db_-journal

MD5 a2b7b107aa21ab95b1557cd143117bf8
SHA1 27fba1b202c3e56d48163f2ed8d3a43048854631
SHA256 b8732641def97d71b35633b591a55b61159d71eb66c1244c32d7ee6a61880a08
SHA512 8ae3c464bed3e207752e3048df67b357c1a1b693ebff183eb31d52e71f51c0269a2c3b0f6eb0d859bd1c41095c8ab3fdac6af5d8a9dd7492fa15f5ccf3371363

/data/data/com.netease.ic/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.netease.ic/app_crashrecord/1004

MD5 8234efa2f38416937ffd834f9d2b518c
SHA1 5cb0aad243e6212fe89242544133a59de58c5c16
SHA256 079c0f45e2ae3163677198737c56a0d5232c7412f17b93d3b57e67d666f66506
SHA512 8e9c7faa4cfe5286a1b0e70e83ea133456e1175be84091b1949c693206381e8c1ac07fe57d6db5db1f40899ee5858c2d02ac52f51741bcb501c7c801e306026d

/data/data/com.netease.ic/databases/bugly_db_-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.netease.ic/databases/bugly_db_-wal

MD5 9cf09b10fd8633a8504dc9f1ae96cd83
SHA1 e9ff7bbbd4db9e4a2d3c853c5fcc1dd16f6da835
SHA256 5e6a99834a8450aec103778fc66f5948a4cc548e229f5c50da72931532ea9472
SHA512 ebd72f311230c29b1cc7563a4c52964b01d703e58ac48ec7e33807594e7450809d57c0d4d5e31af53918c144909657840d3b15f57fe9e582477ff1fb0fa56ae8

/data/data/com.netease.ic/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.netease.ic/app_crashrecord/1002

MD5 d13e19ff50b16db6112a203e1117a066
SHA1 460253571714be0dda41b31c91b3f80cf8d5e08e
SHA256 6cf245969b37c6b64b3f51c5a149cd86d2e8c447b59795478c33ddb36e573a7c
SHA512 9e448d15c368a85df9d9d92a4ca9b6024f001ab967cad1e57196a59ddb4793b98e0c3d5bc515c59d0e910c4f5fb910f95d362a92113c9bcbad04424d2920c4d4

/data/data/com.netease.ic/databases/cc/cc.db-journal

MD5 8c6326e73725ac8fa85b0290b2c7d6b0
SHA1 ab927d7a94bafb84aebbd7b104a7cb7100a2edda
SHA256 7919b39c19e04c52e5f12cb47a66828917a01c5febd3d16c65cb71e67395cdb2
SHA512 de942938a5acb1df140a10789e03557ef4048b3155a26dc68949e43d7df50cc836847e33d3a10595006835b5d60713a7191d472bd48ee10e3ba5663c22df56cf

/data/data/com.netease.ic/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.netease.ic/databases/cc/cc.db-wal

MD5 07bcf9a4965b28de734346a3d979945c
SHA1 0f4254e2b18294a4c7a46ea9d7cda992c4815e8b
SHA256 ddac73902f1cbee3fc86054564077b794cbd219bf7bb53238acbc40ec56dc533
SHA512 04bcef5ced6f2fe1a45940e8251e0c733ab113e616926d9a8b54cfec57b34897a3434eb0b85a66758f8334cf0bfe157ab7f6083bd684669ccaee958e65797439

/data/data/com.netease.ic/databases/ua.db-journal

MD5 adf9e114749916823800c09532b78bf0
SHA1 99bb0712c27fd5ddbe1d5a54017b654f05e9b858
SHA256 98160469757824ffee68ff0d57494942c6fa433e3b82aac56d7a779d03a502a8
SHA512 7572fa6c2f356d76f469e2ad318a8a81daa01e2fa3c1698584bc907b0e6d9ec94cf8a6339b88ec7b3d078f8c39b9ac8eff08d4528255985907b69dff1a954329

/data/data/com.netease.ic/databases/ua.db

MD5 bf224f1cf27a9747c829d7197d0aef2f
SHA1 86d88d8c0e5e70d5ba7c37de77d283c99296c03f
SHA256 54f943cc972942a3f8fc661a1d30f13cbfffbab494314a7df5080ae27059aa62
SHA512 c6894578a281a6042d67ad001444e7980829b542dae6d47abf9dcfeeebf74b3d2db786c443b26ba4677df0099258ec9d95cfdd6bf59c688c836d0d0786ef5c57

/data/data/com.netease.ic/databases/ua.db-wal

MD5 e25b8c32d3ac72c3815bfd88bfecf209
SHA1 9f29d927378160f62dc1a1e27c92ff21ca9c6e35
SHA256 94c764a1c70cbd063109b51190387e8077b5eb0cfd63746cec961c7e6081cfc2
SHA512 0769c439d7180fb2669c2cff26a77b38414d29bea246c585513a0677b5ffc54837db46f11551bb8134788f8cfedf4ca5189ee4c82b5777ef2c9be63d97918f06

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 ef568104805377d0e18d6fa0378472a6
SHA1 5ae15ad7c9e1f917e10cd983e9e6e7d37445c8b6
SHA256 a17596a511c7490918204d362ee0a57ce12f53d447036fdfe676bfb1401fd9cc
SHA512 ee278711237389a6a080109de7088695144e3240aece8ed7976925e25431ba8d315f71ac9519a90af6b21e92342afba51f95d6e1ef874814cf18e08d513d294e

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 a47db71cebff60b2b7f09fb540925755
SHA1 912348cddbba052d0be36ff48e89cf6f5a332f87
SHA256 45d0922769b8c3eaaf4c4044c019984959d7b396db9fb1c9d5c2e92ee46eb68d
SHA512 1b4af3fdab91120dc328d6abd563a81ad09000b6c270d29867a94114152fbcd384db0c53cdbb581264c475c5d7e5ebbc183c7381e0528c8a857edb8cf9603cf3

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 8cc4ec9f41a590fe8ff7c09f73690e46
SHA1 740277b0ffefeb1f353c67bf2faec210756806ff
SHA256 8e76ce58e7ca8e2e3de2dbea1f8c4faa10d54bd661790cf1ef0ae496421df8c8
SHA512 a7757931c441028d387597852ae38c6e04d910143eeaf4614985fd610e09815533d81e3568befc22f970e41f38901a0978ae9172b2e3f622ad5aba124a64bb80

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 0f149b3b0db03a56d06aea66c47686db
SHA1 521a368a56d339d5036bb7f1e2e46508dc9b3f11
SHA256 227ffdb0db22ab87078496a8729b7a7c8dc1861ec9ba05226f4e38ac9b14ea28
SHA512 c94b2519e8dc7dbfd6a7632724b449221d7d2a9c8ccdd93f92dcefb85568b1ae0f692ac4b275fc129f0ff409f87069f1ed9e983103456b6594a399e899de97d3

/data/data/com.netease.ic/files/umeng_it.cache

MD5 9b4d1cb54e9b355171b8ade0889a1057
SHA1 3889aac09a281b6b9181516c1abf459da56d0adb
SHA256 d1ccd3e66acff4c72b92de1a4e3a854207b54ed0e342a65c34530b27709af7fc
SHA512 8bc841bffc88723e9382f2ebec9b0d52c4a162359e27eb80220c2c72ec0dc86ca60ee453e06c035e2dfac5f37baf8b09c708687c7efae0505b446a9862a85e07

/data/data/com.netease.ic/files/.umeng/exchangeIdentity.json

MD5 2d0b89494244ac080a9463d934ba5637
SHA1 905643a168b44ce0fb0e85d8d5418c0c6302cd77
SHA256 3fae20b693c2d66811d220f46b0b04c2bb2c9ff0564485b31c69d177ab7cf891
SHA512 468760a512e334f38bfab639509306995eca70e06ede813c01104c6a6f5d8f97e25bb3de83df95f2c7586f34204b8e479f7a3fbc2416bb47244418a0dcc921f9

/data/data/com.netease.ic/files/exid.dat

MD5 41bbc0164d1b3c2e2b523e15c5113558
SHA1 9f3a78ba3d1d60319c31c670fdd876c43970b485
SHA256 eac351a9e2a5d08e17294ba4e4961fd38cb264a773efa95753a5dd2bcbb47313
SHA512 830ba9e35bfb5f9622c5ba7800a0d101586aef2a90e2e8ea36a8098dbfcf60d97b6c861cc6449e831cb7eff461a63ca905e6dae96b02ddb1255e27675e6db59e

/data/data/com.netease.ic/databases/ua.db-wal

MD5 88991eed020296dcc101ba3493305af1
SHA1 54520b4157d3fd759e8607c21e736ac0aa1b4ba1
SHA256 d06c8af1f05b012c757fa6303f460c29e7c8dac4b6bee25f2e11ee2c002ed369
SHA512 562f944d9268fac9ccb284565471e9d3ecfd60d10e79e6bb9a63789dea79680ef8f2c1c6864ff42f610b8e323c29c6405721e675fdc0ba2ea55d99cdfc0da24a

/data/data/com.netease.ic/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.netease.ic/databases/cc/cc.db-wal

MD5 92db12cf0c1faba5792ad47d9bbdc78f
SHA1 e4d3777a561c94ddbd49755b021b140a6073c735
SHA256 277bed6c737bef817d5d9cc3fbfd555bec33bdb801473feb9964221dd1a2764b
SHA512 533331c4d7c8a744d28a1547c9822903736668d4b5d138772be7a3dd7e907c596ce50157273c56ff1ba6469d29fefd89df051820a5a0f5f6823ac117c5712c0d

/data/data/com.netease.ic/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.netease.ic/databases/ua.db-wal

MD5 ca098c144d0e82ca54084eef097f2244
SHA1 a2e8f27124d63914d951c13f364dcd8eefd5ac70
SHA256 ecb40e927d59ff0931e0b44ad877b6549878f5444683a5b41bf7cbd816441acf
SHA512 2295375fdfa16b6a053bff0ae6fddcad811e082754036225e7dd792e613370f96bf68b005f55175d078fc04b4cb0d2b237ee78ae04177186d45416591c7afccf

/data/data/com.netease.ic/databases/ua.db

MD5 c1face5a59622698a50f1abc0eaca913
SHA1 263a71eaab22e716f2d1261c8b25de18fb3d03c8
SHA256 3a3673600ec2f7e472e8a046ab953b8b765252f4f32fe4351e5c1cba6536737b
SHA512 4b0d19bfa2797ca7b93bbdc6861c0cff687a34512ff1c500b19ca53a5a93fd99abbbf0372b5423c41dd7d9fc424fcc7f4919745007df4d0f999ccfa605f9c75d

/data/data/com.netease.ic/files/.imprint

MD5 116ead44a9bf29401bae7e4e247f632e
SHA1 d9daa3118ee59211f495a7ab11a0ea989be0084e
SHA256 8803300ee9f422c316e548c354e48e5a4b6afdeec676f52634501850c82555a1
SHA512 dfb182cbf9664257517f7286b23481118d4e6b97a2c72a989ffee32a94bbd36f8ca42dfa22ba2c39e142529c284cd9e6f59f62601ac6babc5ea5332e14b2d83d

/data/data/com.netease.ic/files/umeng_it.cache

MD5 b7ba7189734f673aeaee2fe02c5a04ae
SHA1 b0b1370e98e03db3cac214ca53f1c44f166ab823
SHA256 d8995ef096ef026a3a15b377442de782835126df5165038d01457b2985520eaf
SHA512 8dc41c3da17b1f6805ef7807676eb1cf95a5b2e437717ba93157e23170813e9a519dc68e4fdb3b773ba2e15233d71fc17ccbf2b6d4f74fc1a266a15bcbe6f3a0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-06 02:39

Reported

2024-06-06 02:42

Platform

android-x64-20240603-en

Max time kernel

129s

Max time network

184s

Command Line

com.netease.ic

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.netease.ic

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
CN 119.29.128.145:8080 tcp
CN 119.29.128.145:8080 tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 119.29.128.145:8080 tcp
CN 119.29.128.145:8080 tcp
CN 119.29.128.145:8080 tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 142.250.179.238:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
GB 216.58.212.206:443 tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
SG 47.246.109.109:80 alog.umengcloud.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp

Files

/data/data/com.netease.ic/app_crashrecord/1004

MD5 fc9d5e702530d0deb077413af6946aec
SHA1 73710c915207e891c63cd24c36f20b119ea71a00
SHA256 a18fdf94f14c4f2ce9ab8d2032f1fcb7c4a4e2b9d7b1c4f71cd3ce1934fe4a9f
SHA512 6ca490c6235d186e142471141e97df192fc5603654d0704f1e0103056a2dd441af8808a80a58d9940d510a7d8845b3929004d127d543034d575e1b2d170ef14f

/data/data/com.netease.ic/databases/bugly_db_-journal

MD5 4a8bc9ff585faa7f52efb655b1e48d83
SHA1 efe42d75b5de08d4d9a3f139992bf06b3364d88c
SHA256 03939c4d6225a249f1625b59bb1e179d150dd506784c6be5d234da6c89ec6208
SHA512 58de9393f673a8774f026671a86727b64f7bd9b5625639acb998f43852c46aa1255b5e6f0e5794e2785a4be834135a555bb3ff819ca897549b532da5a79a600c

/data/data/com.netease.ic/databases/bugly_db_

MD5 c0affdfebc250f6e1ca4fe14a979041e
SHA1 2fc7425b8fb89a87ade9a76c6b47dfd7a3d1e5f2
SHA256 f01cf2d37321bd4d0fbce700bb1ed5afe702a2e67ef502b5b714827ea322c4a7
SHA512 656d8c30f59414032b052a3e5949c57fb6c9751e0ed5f9c7586a80e047f79c7e3f08915e7d71b5ba8f93519149741cb6722375d0b67c6792e37d06a60a8fa586

/data/data/com.netease.ic/databases/bugly_db_-journal

MD5 4c98e3f2a074420cc3ad56cbd44ddaa8
SHA1 cfe1a9763f5b658c8981c91287c2e142fac3afd0
SHA256 8fe6b0429a535a10335d85879e53c6cef15aacb8faf6b2c379bb8144d96b80a9
SHA512 609fd63422c8ba995c9973314d43d97aa3ddeb4ed46429c6f9840ed3a96b844f6e7405b9d720aa7050c8a99765005e5a2f11bf8a711a7917a13e2b1f39358bdc

/data/data/com.netease.ic/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.netease.ic/databases/bugly_db_-journal

MD5 10c24303dded875965ed04e736516a9f
SHA1 60b2fa1f39b6e0a302c820721bb1ad0a50ee407f
SHA256 5ff708d6e257c7375f8c692309aea0f872366e02864e4dd8e2cced910691e67d
SHA512 61d57e2b9e826c8bb7384e0d0b49bf8490d06535e23779cf3a169857597505d7c8418009c492625898674c122450c500e3f8db236f00d8e2390cd19bc35a0dab

/data/data/com.netease.ic/app_crashrecord/1002

MD5 a24f1cc303c49b39a940b78a330a29be
SHA1 7e4701573989cb3a33a8508431d289368ca292a3
SHA256 48b5a43cd4389edcccdcf4361b7e4d6700113c1da83c6f7453c3a7bacfd0b503
SHA512 1614338fbb190dd9db56c970ebeea5f15ab43143bc0c7103631eb0b822f8323f3c5d1819ce488e7bc652e4a7bae1e0d53a78b9098f313f805be30c7b9d1ba16e

/data/data/com.netease.ic/databases/bugly_db_-journal

MD5 a5f13f6bc6d75a685257af697ed9fb8b
SHA1 9fefb3591e4fe5c2f99cd3144da0591e4c1f9711
SHA256 44497dfbcf02600156793b66a27579be95276f46d791181ba59743d062b9e543
SHA512 d6453eb34c408d048c0fbe366b94542aa5c610fabd9af2485e862cfae62b348cacead9c30b4ae0826944a779f0e9f1f128fb694a6534607a5f4b0b935740fa9e

/data/data/com.netease.ic/databases/bugly_db_-journal

MD5 a21da4497ad49073874a7f25105d2625
SHA1 f2052739f2d34f6d3393bd6eb5dbaa207903c4b9
SHA256 cbedd441fbf5ef712e7a2e4107816e422d46f42df95df9086068a49a86685d02
SHA512 8734b26eaef8ea1e89de1c39fd471564ebf6df023225b9409ada00588270efedcaa4ce8dbef33ba96484a3e1a6b4662c28cae6b5292eb520413b3c7bf9ae62d5

/data/data/com.netease.ic/databases/bugly_db_-journal

MD5 2ff5c391bab40c6d5cff6f5bba2440ef
SHA1 ac8f56b2f0af5e993d0b34a54a028858f19d7647
SHA256 4a4f826d2f93ca4c48adc181b4f163a58f2fcf0b20e8abcbbe080581f54eb488
SHA512 1aa26cbc2d69373e63cf315155027f205b6c1bb003e81b4ba046b2cd20c0303dd9611113235eba4bdcc23f394b434b28485df4d4a81b36871be5dd28fedd732b

/data/data/com.netease.ic/databases/cc/cc.db-journal

MD5 bd5ebb8870f15da0c70b2cd429d6f2b2
SHA1 972f3094e92e5da747a419edfbe009bb5acc5ebe
SHA256 77dfe2c038e084da2d17920960cf975f25fbab5334a5c419cdb79c5509194a6d
SHA512 66415e9d60adb1bc1c3175a0f892f55beab7fa70114cc085075a018577c2038dc9fdf524efa1187dbd3fb55d3744976440c6d822c132c6078f9da7c23ed6e9c7

/data/data/com.netease.ic/databases/cc/cc.db

MD5 0908e924aa236931dc7166fef6e00862
SHA1 7782648d6d8f6e835bd47058d4852932c096a467
SHA256 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA512 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

/data/data/com.netease.ic/databases/cc/cc.db-journal

MD5 22794a4700c9d25506e8e21802e4d11b
SHA1 915e19f9abba9cdec63add69de34ab5509d1af38
SHA256 00ee9c4372dae808070b03ca577086b1b2fdf8bae40c7ed15a8356bc48e802f7
SHA512 8f44acdfb9435239d668cb492ace8d8ab06194fba78d5e345c154133daf45096f03f8ce345a7d2ae2df08c50d61840014fbd9d6e68e644dd8a3baa122c3b2f93

/data/data/com.netease.ic/databases/cc/cc.db-journal

MD5 8acb9fd18fd7ab5e3800d531940fb2ef
SHA1 01a241835f29be256cc453e3b372009f48413cc8
SHA256 b2fbf41dc03bc99db3fb5d54f5e608ec023de43a902badb8116891d0b4ee38c9
SHA512 b28eb03f8808333a5e6ceae31ebbfe1531e40b6739123f9e392f517441f2c361019b8fe30d7a3be2b576c0280151938f683c8b10b3d566ebb9817427cd3049dc

/data/data/com.netease.ic/databases/ua.db-journal

MD5 3074fe4e61be5a92d427f325d1cb74c5
SHA1 2161572f3e0d5912a45f09e4835317d8597db84e
SHA256 e7082147f4270849e3f2564a45da9e1fadf0920471e0de69825e14ed471b8c3c
SHA512 ca5a1609fbcd95f5f2fc839ce1d4db4ef1ed68356202a0373528593fe1c33223d4132bfddc8a3dee68d7b0746e1c09c023452b2bce8e949f9f6c4e307fd2cc29

/data/data/com.netease.ic/databases/ua.db

MD5 8643476a608fa8133f678d43527aa8fd
SHA1 4ac41ac15951160161b2ee2c252fba1f784f4253
SHA256 a5480790c4a570651e76977506dd05dca5b6aaa51f407845df64891f95d23d84
SHA512 d69f7dcdc712cf97e5d190826e534cb55f8b527681fc7c6063a64950859f8acc1e6b1258bfb1c8662af99de0a0d6edb2f0f2e050391ad270f339dc21d35ec15f

/data/data/com.netease.ic/databases/ua.db-journal

MD5 ea015f6f9420e947af35e94604c6bb1b
SHA1 598848adb2dc1abc6612a33e27743a19f4b12588
SHA256 a91daed9654b009d1b2d1b5c389ee339c06039183aebd793f65afbbee4f0bd19
SHA512 950d1f3f1cbd464da9a4ce609bab8dd0c426277fc7980dbcb7e08ba1b1f65796a25a496fc08074047e9376d1fe949182010da1e4820e15912cae3a6d7f4b0ff1

/data/data/com.netease.ic/databases/ua.db-journal

MD5 df108bb8e7eb727948038e1b6b3b4b01
SHA1 5d4c09095105977ecce74ac469e3211d9aafed07
SHA256 1996db587e61cd898fe6c1ddc280d0c0dbd58c0401c6b03de9b3215de01a41ca
SHA512 d97d0a7084aa25891837b61a6db2114d478e7077e264ed9bbe9dacf4ea7a4aa30dd35e504dea4473e2d55d622f8548a8c9b16e06eeb8c35ffc295f820043e06c

/data/data/com.netease.ic/databases/ua.db-journal

MD5 8076f6b320d7a78b2b03a197f685b378
SHA1 f984b7a84e67bb7f9a759617f06df0f357d49639
SHA256 664032c8473517e2a4e830c72379cfbbbff0d81f7eceaddf341b7f0b720cafad
SHA512 ac3f711f64f9becbcc3878c270113b8ea8d78ffc64e8d3d1f72d878d5731fead9d31437541e3d659bbcc05e161ec67b59327a29cae1256c62c3de99cef94463c

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 d561d447315b28e246eefb77bfb32a38
SHA1 1c445a68d19018ca55c5240f18b701fd30e89b50
SHA256 f50f66cff8f232423472fc46a83c3d7be6bfe47833715117450fd0f4fe7c9b92
SHA512 10e79ea2337536aa68efdec63ce0d17e1d72b23120e9ef57bfe7aff4a0b96f5869aeb41fe0b871194c9c22fbcb5d8973021f6dc04c4051e4a80a0aebd3e6ab46

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 135c96429f1cda07299fb2879c6a2e7b
SHA1 e32d9f27bd4abf0b1c6a8d697fdfa1827c63a111
SHA256 776310903decab129ca9027931d23c46514b1ca3dfc7ac61d58ae31e9901551c
SHA512 943e12f7e99411136daa130ebd376342d9087b5f25690a14ddc7204d4cb75d6cd0e276f4c822bb32d46725393c647c00769a78200587acf90094c4815560e472

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 911431f4d9cfabcaa1397c5f1c346765
SHA1 78baaf7ffe88dfe4b9c1384d83d9f8e76aee25e6
SHA256 74e73a0d3cec90b789f9426b2b3f9a3426c99425b12a7f1c5e8a4989a623d623
SHA512 ba92613e764ee1176dc7db262e781b29ce9edaebab54c09554c458ab53e2ebd33c7b99092e4507c306d1dcdff1424921e463028acedbb3f81a39d25e31f247da

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 e3edf3ab9af730a3071798d3477370e5
SHA1 c116393d6a3dab4b59d6fc7d5ae40b0ff59c5248
SHA256 3b0284d3cfff1d6f3ce9fe080e9810eec30a2e26882f5653bdd7ea1d631f27d0
SHA512 9be6bc9e1cf3d007617501851ac85b2d0ddd1bcf096c0ec6142bea100b9349e542e456f3a55b54c7d10d26c88016e9177991732670dcbb181f80d249af0d34a6

/data/data/com.netease.ic/files/umeng_it.cache

MD5 cbc1ea2eb480defe5393283eca08285f
SHA1 47cbd5682ae837f74ccc61f5a6f67f5e296f0fcf
SHA256 818a7969ba62626e5f2dc160c0b59988b1679cf59e8ec69781c756accf4ca203
SHA512 282874e8a93455a4a824ff7ee957afe3625cefc638f9ca6222152d6b9b4237e9a772bf01962b9ebcc593ba2ffe408fa593309ad74499badd56f1c4fe16497167

/data/data/com.netease.ic/files/.umeng/exchangeIdentity.json

MD5 825b3fb1fc63ec4eff767ae7b076ca65
SHA1 07c8b3ef274a1baf0844d3d281ca920a85f67a5f
SHA256 962c5eb2eccadd23aa69b38d363e5b1b8b2244e0ca20dd9c93068b71b1b7e35f
SHA512 a0859b990fad00b874960d984f3520e0c87c396c0ad9d2517c326b3d6a08e74edf435f093ce5a97d4193333fb6d152c091271c15df76e49a7a2c8867b7229e3a

/data/data/com.netease.ic/files/exid.dat

MD5 41bbc0164d1b3c2e2b523e15c5113558
SHA1 9f3a78ba3d1d60319c31c670fdd876c43970b485
SHA256 eac351a9e2a5d08e17294ba4e4961fd38cb264a773efa95753a5dd2bcbb47313
SHA512 830ba9e35bfb5f9622c5ba7800a0d101586aef2a90e2e8ea36a8098dbfcf60d97b6c861cc6449e831cb7eff461a63ca905e6dae96b02ddb1255e27675e6db59e

/data/data/com.netease.ic/databases/ua.db-journal

MD5 5d6706c68fc980bac751d1f6e88232ae
SHA1 a035cb30cfb9ed23c2a3f42b20a7518ab1557b93
SHA256 db3e239157011b8f35a8e7d9f0ed1b789850133c304a38a7c1c6366fdcdac7e3
SHA512 5f4d40fd682ad2211814ef43c222655de0422c361eac9cb14e1e9069508ab8f0bb120fb881ad9775be4e930c8e3b642ed1cd98a841750ffc56641d3a7d280c94

/data/data/com.netease.ic/databases/ua.db

MD5 38564ad4c73e5619bc2264b0c44997a5
SHA1 e55f6fe1b20347ad4cd58d77af0b0feb149f63d0
SHA256 1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8
SHA512 30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d

/data/data/com.netease.ic/databases/cc/cc.db-journal

MD5 54f02c96555628dd2ae0ad53fe066e65
SHA1 bef63501b21c788de64bc5d820c8087547c64e64
SHA256 07ef03d3459c53716c977ad6defb25429a522544a97aedfadee2554ae8e94214
SHA512 4ee17ffc3dfe1b9b7246ea12f0f33f2edab8c3f01c94fc23445b4483c9e99d29316c4cb64bca7b421a01df00b5c694bee89e8c0f35ab2f9802c8b6f06052f4dd

/data/data/com.netease.ic/databases/cc/cc.db

MD5 67c12933d1e0e63d9801a6aa43092ce7
SHA1 b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256 abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512 db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

/data/data/com.netease.ic/databases/cc/cc.db-journal

MD5 209a2cfa08ed09c971b421d59dfb86fe
SHA1 2a231a7d9739625d2126d27a1758bd1fdfb4909f
SHA256 abd00d4d4564f938cc47060310776a6d7d91035b670e6de712270aae415bc96f
SHA512 047a319dd496f70e62f51145ab863eeec942cb8dd700d904f5ba9fed507ada0df0488b7061f73b70ed2a885fb5a7f34b214b4546cf87dea84b42a212feaf2578

/data/data/com.netease.ic/databases/cc/cc.db-journal

MD5 821b74fc55ac10e7344815b14bab46e6
SHA1 79f311be4d4ef66f029812747c65a8727f9ae379
SHA256 f6a34407429a498b71ea5271b48d8c9a41c28d1970329bb4fe4db48d43ef6f0c
SHA512 8aa221f451cbec42bf2038404b81ee3c689ebc60145a031f3dd673ba2e67e6e4061c6660abefe8bd170fe716907104890ad1ac838f60cb91d98c3a3de23a1a67

/data/data/com.netease.ic/databases/ua.db-journal

MD5 e2abe6809ccc2708e96eb27a98f8b68d
SHA1 4bcba3043d11e067028602822167d4c9bf6521f1
SHA256 c0bf87e3943be2180a1283d3c8f46cbcb83262e168a75941d9be8a400c3482f8
SHA512 fbf13b4d7825bc088d2293c5c1682706bd3c124fbfa5a8fbd9f9780ccb141a01bc9563e91a20ca5e63ffb5bc1169449babb6a9e96bb76c6266b4216c037b5d2e

/data/data/com.netease.ic/databases/ua.db

MD5 212af7b762eedf10380b906328a11193
SHA1 6ac74dff3f850c67eeff8e33abea665e5d54f039
SHA256 0d6b9c399bae2beb9f27a704ea59ce4fac031a41de2e59498101866326d61cbb
SHA512 61258f38f7164fea60cd8f4213ed79cc96b152c958aac628f145cdd2adf845fb356c605671fbc575fa448dee43166372c1dca190ccd24e95b7218ddcf6be7350

/data/data/com.netease.ic/files/.imprint

MD5 8207ad80f63e35e035bc0bc8544a2466
SHA1 e3bab4e7c2994e81bd3fa58bb67e3849dff50cbc
SHA256 623fff635768f8f9d3a1eb549ed7996c0d48e0afe1a19f018f7a3f503375bf16
SHA512 38f417fb6977d1f49ea96f54bd44f7f1ad75278183fa4faf28df9c6d7d18cc344c7c3469c41082bb57ddba81bc7b942b1d3e1917eff53c740f3bfd991e0a2096

/data/data/com.netease.ic/files/umeng_it.cache

MD5 45ba9252862d2706a6bccd0073048929
SHA1 4289bb0f5f7490398bc9909211f91a89db215738
SHA256 17e5658e716eca1664daba77b371dadc0a58ef7c465d4c4de993dbdbc6efa558
SHA512 0339a405a60e88b2e812aaa7fc59a461e674c9c68becec3d3e75049d00ffed2706f44926a9979dad718f24e131d14432a05317fe903dcf48750104f1467a1662

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-06 02:39

Reported

2024-06-06 02:42

Platform

android-x64-arm64-20240603-en

Max time kernel

126s

Max time network

180s

Command Line

com.netease.ic

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.netease.ic

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.10:443 tcp
GB 142.250.200.10:443 tcp
CN 119.29.128.145:8080 tcp
CN 119.29.128.145:8080 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 119.29.128.145:8080 tcp
CN 119.29.128.145:8080 tcp
CN 119.29.128.145:8080 tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp

Files

/data/user/0/com.netease.ic/app_crashrecord/1004

MD5 4d791b08bb0637a6a966969f7080e17a
SHA1 be0a087b66ac2010aec7f83e8618b6b41d449044
SHA256 31635c9ba5ff1d77cbb0df3f678b9fb4f625200649beb0efffe1c847d8a72e86
SHA512 6b363c1ed911619ec57bf6611a550ceba1c356d5c14261312e098a368e6ef9446dee679e3f4ab53345b811a43e816851684ad357a7c39066f64909b67e87da28

/data/user/0/com.netease.ic/databases/bugly_db_-journal

MD5 1bbd66d92d2c25e5030f66204be0cb90
SHA1 5a3480f53188e2350273b42ea6d44b64a7266a09
SHA256 54c308a8a2ba080069924a0734604635dc5d1bb3c56dc8640dfff30ac7faa71c
SHA512 f98878cf9b220327daf4786110301e5a8eaef4b224dc69f6825e09ea7d21c0b9c0796eb30a62ce6f19f6ceeb8d7d5accc077fba9583578ededadff1100f68db1

/data/user/0/com.netease.ic/databases/bugly_db_

MD5 013d184948d089fe609b7a3f6f6223c0
SHA1 b78612403f64dd3b1c44cee151bdfb5d0111428b
SHA256 4e933855518c7f68ef4cc75d34dfb266e2e33feb56cfeb508cd89af78a1dbc1f
SHA512 72aab99d88cb391f95101a32e07642f24b4cec42a3924e4f72647fcfbe49f1dd4cd01bb6c702c8150168ebfd4f117954760c54c432303a4621612b7ff93c2fab

/data/user/0/com.netease.ic/databases/bugly_db_-journal

MD5 efc3421caf3b58e238fc8001fa65af9f
SHA1 0fbafc5dd1b097520db148496a2ded226e5456e8
SHA256 d5bc965f527ed3c7a5aeff3ddc5d1d554ed54c51a66dee7032557f4558aef222
SHA512 7cb56840cf32c0770d0734fcd55e967bc6c0f1b220d95f0f46da8e715ef829cab7ebe31dcd8ef853c80a569330e40fb22437a3588d8b0d6dfabbc15a008ebd0e

/data/user/0/com.netease.ic/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/com.netease.ic/databases/bugly_db_-journal

MD5 1ed284910a73c07609542b19449f7fff
SHA1 137104f8135460c1a2320bff8307369c5d348535
SHA256 bc3b85cd0de46fc6ce796307036409c6b571cc1c57b314629ced099452ca9b34
SHA512 77e815378b58cce57e35d066cb652230ace7987022e6c7e14f623aa9fa4b893e4bad2de2b9b519821ec80bf762c35283791945f20e7f18a0f9efb58c8c5e41d2

/data/user/0/com.netease.ic/app_crashrecord/1002

MD5 6468d445fb3d674005164028ed6a41e9
SHA1 182de36fe7011a74597b11632858aa45c7d38ca7
SHA256 0d6002284270274bef018aadff252901b55c6348f3abc0fc57ec013b1b86328a
SHA512 f8cbe125bf19148bfba31c7fc6935f3edc8b209d9d8d86194b3a50a38892cf433bdc15858e11f3d2bd16f16bec05a87b1030e16f7b17e916657024d788bbd96d

/data/user/0/com.netease.ic/databases/bugly_db_-journal

MD5 d042338168c0e658aecd6cea5861c23a
SHA1 e202a119ffd4581af6c491bf089cb41c75d2ca68
SHA256 00c3f59d3f70f278916cef2c2567e3be53a99e3517bc5398146d3a85dc482229
SHA512 0abbfb87a856f6247e2fbcd9a50a37eb92c235c438fc2ef5b0326043fd39bfa6ad1aac12d8eaffded22712b3e94cef6c6a904d6753eb738cfcaaeda35f4392ca

/data/user/0/com.netease.ic/databases/bugly_db_-journal

MD5 dbce135487da0c17d2fbc5d4dcf6cf55
SHA1 9f4a9b1deb85c22374f74109955e4a25f82ae9b4
SHA256 c6a4d327464199d90b13ac6507899c8dad0e1bc137ed34fdb204074fd6be039e
SHA512 e971094308ad2eeb995e4c0b5a6b48a71052b98f0646ea2d365f7b9b3bd0ac683bf2568d98b30b2980fade59c7efbc1bd254e6cc138bad59851c379122f5302f

/data/user/0/com.netease.ic/databases/bugly_db_-journal

MD5 0ba9b70696bec641eafcca685d5521a2
SHA1 0dc5d2b7c5283b0693f59f06b38bfd2d7ba49202
SHA256 48b73462f02f4d70b164721a34fdb9fd18ffee0231ebc19d8d460c5ca09d10c2
SHA512 db80f4f149106d11278b3639f3893e46eaec9cc4195c98535ea9681eb87b8edab6e4cfcb4b6978946bcc560ffde12e92a2d5f704d36ac7d0f4d545e2d1cb5db7

/data/data/com.netease.ic/databases/cc/cc.db-journal

MD5 6a3e31b3686323bf2e73a2f0de04b4e6
SHA1 94a4721cee31e86b4df170eecf478b5e9b93472c
SHA256 7c196453a2f818d23533bf468f938fbfdddc508821a66a2c30e8c43c7dd0d558
SHA512 27ff85aef47ade6f760130ec3f4959d473edeb26755fb564e13120b1c1225c58ca4b5aa7a8523111b6e4e50119090d10a4ac534be171333d2960e9fb27eead85

/data/data/com.netease.ic/databases/cc/cc.db

MD5 4cfe777c9f6e7859f5efe2197401d8e5
SHA1 bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256 c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA512 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

/data/data/com.netease.ic/databases/cc/cc.db-journal

MD5 7700ddddebf68b9bde5ed1b087f30f61
SHA1 9bf01f268aa685b63cfd2cffbf62c9ee86d519aa
SHA256 093502287dcdf9c56d2b3086514693ae31bca13af19f80ada409561f975b15a7
SHA512 87915ffe2c60e315424676f83e526808a4ac359e048c7f820ac9ee8ccf9becc073d374bbff4230d26527a735f690bd4c110b7c6829c68c64f504e382d7354476

/data/data/com.netease.ic/databases/cc/cc.db-journal

MD5 944fe872aadfd559204bc44f6cfe13d3
SHA1 080a77250d6cc3147dc944d3e35867d9bb0a5922
SHA256 0b8961bb7235309ffa011ccf29f70c28bb99e3066195d0403a01c2d04e7b8ebb
SHA512 8b829d83d36b72b6111cc030269c91d158681cbb6aa3992e4bd73e4a6c18514bd28ca5fc1bc831f1d58887c193dead250be77b24f640f5ad1bbf42ea05ceb5e8

/data/data/com.netease.ic/databases/ua.db-journal

MD5 79b40a445f57610c54699be0d8107bde
SHA1 7ea38f44bb0b6f86c957b78ab78946ac20fd5d40
SHA256 41e2d310e9f55de559c1f839322a3cd01a77f82fdb3345fff83eaea7292c08e8
SHA512 6beb1b21d59c68c36d04f5d1758bf144e1309e33fd0b172d02ab906477cbdc8327cf0a9c28aab8ee98933a0c75c30c2bebb0a3f2e177ac5f47acc86253c334ba

/data/data/com.netease.ic/databases/ua.db

MD5 9ead698f5dd4e6515a1d13e86fc049dc
SHA1 92346c01904c1c2c1f6d2a01ec8148c27def2d99
SHA256 ec0214918bef4f6b0a920844bdc3c66056a5d2b669a90cbac3b0a31d975a3daa
SHA512 25fe8ba8a6f77c964ca361ee326312d802d77baccf87bbcac2b88da081ba1c6ecd92bb88b95023b5fa6dbadfd512ed42625445d0744ddb059ea6b5115b37b993

/data/data/com.netease.ic/databases/ua.db-journal

MD5 06decca3f3fc8b8799d89c349c46e949
SHA1 25f3a1b8641340b3184a56c394007c5648203d5a
SHA256 e06c96de40347a998bc9586f9f3a9d7eb54fa10fdae707cb69a69f3eea96d569
SHA512 fb0a9d0ab964c609ffce1fc55d8b28e9af2f3aca4ca4f3b4bc819db9a11f67db733aa1fa2db03f497e792e619cd60a612b50a80895fd9635dcf0689f6188e8b2

/data/data/com.netease.ic/databases/ua.db-journal

MD5 66ecf390ad43580cf8b782a0ca1de496
SHA1 b910bf0bfd41d26c37144d86965dc0ed16443beb
SHA256 4ea3f10af525a99c59b4cdb07f67c69fd394b17f9ec4c84202869c2d6f59ea3c
SHA512 534d755ae1fd4c5dd45d37fb7fe0d3d1911587159b30a08e58a220d438e373ccb104ed56a67fa31405df29e15cf94be8e97c88e43516bb463b9df01a26522e9e

/data/data/com.netease.ic/databases/ua.db-journal

MD5 dc64857612c228f5eb8f6ca4b5d894f0
SHA1 ac09ca54e3fa890a69383f355cfb1f1348c9cd48
SHA256 fbb6da60958331103bf4dabd9287b16538ef64855e607604af4aa2e5ff926f5a
SHA512 a57b9f83ef110bd67546ee45ada8ef0607cb9d7ced913d35d73d81fb6702223840786c025953b2a126f3d7559e2648fbf250f792e3fcba80b010155c4a208d79

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 8364daf9e8b2b994abf6cd8b9adcaafd
SHA1 d6ba16c7228300093299101fad6a0404b06aeca5
SHA256 91a3b688bb202ac8a70badde92a86c8b83ad48163e379fee19a5ae2cbea9d406
SHA512 36da2e55fd3db6b3abbd11a207190a3abcdd3c4304d6daeebff5b38fe671718ed377d122b8329cd0fc7aa44718ebeb9e4de9b5f2473ec06d57903a795135a12a

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 e752fba7e2823c261817f29a3430b6d5
SHA1 cbd43e57b13dc9578afe9c53bac992088fdb603f
SHA256 7686749e577895872f5c28463cf6ab71e479ca5a65ca4d5afb17805d7bc3e274
SHA512 240054d7997f0ae824385e3941217753fb40afd250db899c833947cbf34b73e02502abf68f8db191c017d409bf16d877662809d7332ec9c7b7bfce9c4cda2493

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 b139ae4d8e8298d0dd7cca4b69544306
SHA1 1804a28c4a0817a26002191f1adca4bc63c01b52
SHA256 8241e1c3f492d9731f69f8359591f50ac18d513a87242875950c059d41e1c16d
SHA512 4ea5607724ce6b69b77fe1af3f05327b436a44a54a613ea09c267c2f3f63961fb2745643d548482c5b00d518c4564f8451f14a82251151d3453ac3c264912d21

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 d91f967b35c7585eb0c77666e29097e1
SHA1 25ac3a50cb44f64b487a8f7da3518a9b5b6297e5
SHA256 bf55a9dd3862b2fdb674e2e44c6171320280c1773370065131f837146d573b1c
SHA512 b0c9cefdbcee827ea91eef793739cf0f882b69bacc95eea68ecc41ac91f1997d3c488de9cbec7390e40ce5d421377a1494a36cfe98b06395cab9c71492372343

/data/user/0/com.netease.ic/files/umeng_it.cache

MD5 712a91e4f6251d8978f4ffd4bda4c430
SHA1 f38b8dd658e1de2a798f526798121d410f7f6cd5
SHA256 bd285ee7c6d288c21d5535f03da922a88170f4584c05adbef2ad558c021cf1ac
SHA512 6ac89e438a4ec6ef0b400a42dab1132365fd175d805e288feebb5ad8f2732cc4ae673571ea2c761691e98f5b8f38f8ea8ac4d02b699840be92d294934426aedb

/data/user/0/com.netease.ic/files/.umeng/exchangeIdentity.json

MD5 b5e6836e8d65c8cc28cf6dfda06259c0
SHA1 18d70067cba8ed09e6a5eb2565b56ffde7d28a7d
SHA256 0e089e9662f12cffe3b6f7e350899ef6ca9cf9133d2008effd3075b18d2be187
SHA512 25678045359995edc8b9191cc7d7b4b215a50985dda8f98d9d231e3abd1c98c914e1bf6f59cd4537bc1898cb1cbcbcfd1448782bd89ae6eb4e0f38a0077cc001

/data/user/0/com.netease.ic/files/exid.dat

MD5 41bbc0164d1b3c2e2b523e15c5113558
SHA1 9f3a78ba3d1d60319c31c670fdd876c43970b485
SHA256 eac351a9e2a5d08e17294ba4e4961fd38cb264a773efa95753a5dd2bcbb47313
SHA512 830ba9e35bfb5f9622c5ba7800a0d101586aef2a90e2e8ea36a8098dbfcf60d97b6c861cc6449e831cb7eff461a63ca905e6dae96b02ddb1255e27675e6db59e

/data/data/com.netease.ic/databases/ua.db-journal

MD5 5b5a051843481049d5bd60eac7b59405
SHA1 c531788985fda7f431571ded7d85d76c834fe180
SHA256 72737675c0c3343104b6512b6d4326a3624719a31ead8ee0ef04ec2e2503f0af
SHA512 1596096b78ac38671402a1a5662060557ed914755004c2e12732badba89ad72c4936c8674a43aa98a1775ee1c1c9baa8ea636fc61e45b3ece68df885e7374433

/data/data/com.netease.ic/databases/ua.db

MD5 4cac7d31fb94d5c9581893537f64c5ed
SHA1 96bef3288546196ac3058b5eeddbe9da1d999fe5
SHA256 d1b111041f8aab3269f3da846b2ea199498d99f6905174a9d641f0faedca41c5
SHA512 0ab95e51a640148ac007d47afd5b9fd03ae5a3b9053e5e19a4f0b8089e17e41e311790ee9fe486b6752926799577bee041ed67b64d8772794e9d2329a96ce747

/data/data/com.netease.ic/databases/cc/cc.db-journal

MD5 8cf627fa33646e1f11b7fed0b401eec1
SHA1 1393d4266e65e98e0d0f0af56c05d54a0b886173
SHA256 6aba83b53faf1fc4f81066dd543920b580ba49be5b94949a32b8c8c28c06952f
SHA512 28ff6e86188747132623bb6d8fbb76f25861cb51df8f867e22424f9e38906177f1c942fa137cc0f51844cf52d9bebc78c73c205e56c0834b8eefdd492543973c

/data/data/com.netease.ic/databases/cc/cc.db

MD5 86752a4be6564d8370f2f0e403995003
SHA1 29f7d50675f6e59f3b808eb6dcc8619384412115
SHA256 50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c
SHA512 79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

/data/data/com.netease.ic/databases/cc/cc.db-journal

MD5 44cc2b82f39c94fed8d278f81a44bd83
SHA1 2c7f363ecda2c2d400fc38830c50f0b407c05d74
SHA256 aedb7318421b9fa1500f053a639e4e73de24db6fcab94d57781a9d87ae613381
SHA512 dc1e06f72d106be8d84c4a6ef70d6db934ccf0983ead9c05f96a48dd3651ad77b9de6d58e051b11fb347d5872ce97f68120bebd217a222da0b8f353ad88013c9

/data/data/com.netease.ic/databases/cc/cc.db-journal

MD5 9a4e3b8adcf857cf6c75bfb55177f8ce
SHA1 1f7e595fa9928bcf005d9a5d6d9978ef7486ef3d
SHA256 8671240a7173aba5fb4f5e8c595f75945f53517d27fd766de04d0af35ad4301c
SHA512 0fe271f5f8dc62073b888d80022b5baee0616246b5289159ded079f21d0eea6554969b9982c0dc9e1566dd43c6b5add063e02a6184f2e4ef03f34d90187cf738

/data/data/com.netease.ic/databases/ua.db-journal

MD5 617c2a369230c6d84b8e7a31f87eea66
SHA1 cbc936c1c7a80a9780c79adb056f276e90e2bb14
SHA256 a04afca7a6125e08491a7bbf741911c36d1c2f37420710efa43211df34516cc3
SHA512 29cb244697104e55a11a95e443e6f6dd5f92b82de25a97b9fab8d0a0035f9648ff814523e94a0c1b611cd74f70f792ea7a13c9026f075c9656c7a5cfb7708e3c

/data/data/com.netease.ic/databases/ua.db

MD5 01ba2ce29dc181a278cac02d77102107
SHA1 d2308004953e43d503b407f4a7d2913b1cfab480
SHA256 44e632bd42513fa9a827123bb089c18d747c91d9ca47b300272972146ff06efd
SHA512 ecd4a1900714818bf8c9218453717c0dc31554c56b47cbe919da9cbcba9928e70caf8b39b47216048112287d3c9f6e88c1d25c385035aade3e5d465817f81081

/data/user/0/com.netease.ic/files/.imprint

MD5 daf500e0e8c07041e11476b9f259d738
SHA1 cdb2f9f316bb9789def3372c89854c33a784a375
SHA256 abc2c180333dbe62a6db801a5d65e31c0fa1a0795a874ff3eb6fd8c5bf143e83
SHA512 db75659c31076b9d02ca5a51cd66c8d49ca7368f93c8fce870540e5486147107de3be1bfa5b81e03415fe93ff0d8b6a2bca7cae52414c13044f801b0d8e9e8b7

/data/user/0/com.netease.ic/files/umeng_it.cache

MD5 ee78dd04b6c8eec552ab5908abc15953
SHA1 24b3514080181aac8217bc4cff979104ab267a00
SHA256 fd83c5c92f04c50622de173b704373b3136e324f4ac03524ffc6fa37093f6f9a
SHA512 aee9f9fc8ce6554450a5e104d3b090cbff7c2e806a615f1f8d5e90658a4b19c3496f9d163e2418d67d1ac93f5976b03ef44bc6b62ec0c5836d7b8fa69388762a