Analysis Overview
SHA256
79aa2d0ffcf0b77557a6257558c0e4de9ab8a634cf3ada50be72bf9b3b872795
Threat Level: Likely malicious
The file a5624fc40ceea54e9224a803be3e7152_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests dangerous framework permissions
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Queries the unique device ID (IMEI, MEID, IMSI)
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 11:50
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 11:50
Reported
2024-06-13 11:53
Platform
android-x64-arm64-20240611.1-en
Max time kernel
158s
Max time network
184s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.ddumu.bdqwqs
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | app.wapx.cn | udp |
| US | 1.1.1.1:53 | api.exc.mob.com | udp |
| CN | 180.188.25.46:80 | api.exc.mob.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | appx.91.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | api.share.mob.com | udp |
| CN | 180.188.25.42:80 | api.share.mob.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | ads.waps.cn | udp |
| US | 1.1.1.1:53 | view.ddumu.com | udp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
| US | 1.1.1.1:53 | devs.data.mob.com | udp |
| CN | 180.188.25.17:80 | devs.data.mob.com | tcp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
Files
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal
| MD5 | 225b310ca09e97c928250823a64da711 |
| SHA1 | da7da5d56c09952b7d428807b990ef171a074cb5 |
| SHA256 | d3fe4c6d68cfdda5416f3c077701186c508e83941a3b7b37b01ee19269faed07 |
| SHA512 | 8f61c950489ffbce83e5a702359c0366ddea5810c74cc8063e03addf6c2c2d9feb5fd54c43ca60808150d6dd076aa27d66461f3558f39949ea488f6774646d61 |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db
| MD5 | 4cfe777c9f6e7859f5efe2197401d8e5 |
| SHA1 | bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a |
| SHA256 | c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231 |
| SHA512 | 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal
| MD5 | 255146e40c9734756827f617d11806a0 |
| SHA1 | 53387e7b3a18d119900563b9e935299d0684ec68 |
| SHA256 | bacc64bfc41bc1b6855d7523030fdb3ff4c489efa50d903feafba031c7da69d7 |
| SHA512 | 5cf252b3c31a56365931f5525130054906ed7d38cb226871c571fcfdf0ec78c23aeda0e17896d71a0d590470fb10632eef113b7a81d8f7048721a9defffe1d23 |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal
| MD5 | f6037db0cc8441c4171c248e849c2f84 |
| SHA1 | a62348e1f3f9fe34d1b648e6f06a229b820139da |
| SHA256 | f44660123317d0fa859eaec0ad63c1bf4fc8f11b92059a1777f807cba14210d3 |
| SHA512 | 54e719f9a8a9d60574a4942d1a2ee09b6033dee8205660ade36d927366c907466d7f90002638ed1e0073a088ba99d7f911d655653cdbfd4ad4aff1a11a6c9b7b |
/data/user/0/com.ddumu.bdqwqs/files/.mrecord
| MD5 | 6c8c98b90fb43073b8820c209ba0fc86 |
| SHA1 | 487be5ca2f4781dd4eab5c186f84c3f85126c57d |
| SHA256 | f969bf7662daf137f22cc10afee7c004271e5bd96e1de59100c8ed7c584e9848 |
| SHA512 | 139af0c65fd4027047a0a3da88f6b7cd0842a54559579688e0765011f66cb944fb055b8ed016bcc3d2aad5ddcfd9ddf0da84a693942d52ad0d6910c13137de9b |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 2c6f52ac753a332a0e51e1636d9373d4 |
| SHA1 | b0397bbf042ec48e7d8a11ecb80230822ab80f6e |
| SHA256 | 84227333a8283139ae090e621dbb17dfff0b654de01eaf4a16790e18bc86ac65 |
| SHA512 | 8f87af32b52620144f8dddd333511c9f1a634499c92d0c7e98b86d0fd1b7641fa26879bed26880b53a207c481b5f29316ea68546087d604483bfb7038bacc961 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | dc0b28acfb5ddeca20a14c3648beb69f |
| SHA1 | 46c48d9271b5f9a4caf01b9b19e50d6880ecaad6 |
| SHA256 | ac3d4d99939cf51cb2588e71aa3747208952ceeb6e3b5c2ce498a2eb2a28ed1e |
| SHA512 | ea96bfe1d2a2407547bdbdcc5c82bdcd9370a03e5128159447a5830d88f45ae7700900eb58cdc23680778fac3a31b3f59f214d9dc4ad272595a50840ed71cf65 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 25cfbcd701e553739fae0071b710cb7a |
| SHA1 | 4443a38c614cf4383ddbb8a9cb19c82dd1c8a5e0 |
| SHA256 | 2e332d14fbcaa31f42827f639a1d90f90eb6d89e03430044fa5ef8504e6b1b1a |
| SHA512 | a44c7eb78fe24ed8eedf49631d84607f8c81a10303f00cb90ae099428d275fc342cef45fc65841ef791ebfe12c76ce15f590e9668e79a5cd9d97f3f3b5b93f02 |
/data/user/0/com.ddumu.bdqwqs/files/umeng_it.cache
| MD5 | f8b454cfda56f0bf4dc11371c40ce0ea |
| SHA1 | 8da14773060c45877b9bb5c0b203d5a8e94ad1e4 |
| SHA256 | 420fad5bda52b535aad94af6e143c9f69235fdcaaf6b049b0fde055dfcb95c92 |
| SHA512 | 04ec9c6b92d0caba94ff85c18fe29375351f5ac0edc1c63c2c13e3f14f3411ae4e0a0f3c5a41604429f3492b56b89b6bd44d2cd13713e2b6eac7bf8d7a0e835b |
/data/user/0/com.ddumu.bdqwqs/files/.umeng/exchangeIdentity.json
| MD5 | 3425b72c009c34064cf0d29923ffac7e |
| SHA1 | 3c12fa2b2dde6da4c8e990d1600bebdbb4c2b767 |
| SHA256 | 6052fdf764cb3a4a6d19fa2ece18e9d8f30d35604aa6314da4aa09156d82799e |
| SHA512 | 8b4133ed10c24501bbd0da718f5f318c7b3441ef0514ee5341b77cae1e328caff4d6ae1d2243acc5079c93c28f1a9b142613ae61b049c4ba7c56652c5ed792a7 |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal
| MD5 | 481b4dcb49122c56da32481e9b7b72ca |
| SHA1 | 940c5fd3f730f62c644ea7c8533ca818dc615c86 |
| SHA256 | f5203ad56b06dd606d45674108e2ad6f18a4f46660122a72f60e72c229e933fe |
| SHA512 | 2f05ad6738d2f371192c14d1f7993e9a0e2e086a2dff059ed20e81423d8d785c6df2cee05686e3098249f307a311a5456bcf268d01685d557ba7525d1bfc033d |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db
| MD5 | 86752a4be6564d8370f2f0e403995003 |
| SHA1 | 29f7d50675f6e59f3b808eb6dcc8619384412115 |
| SHA256 | 50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c |
| SHA512 | 79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal
| MD5 | a09b520501f14816893a009e3338a581 |
| SHA1 | 5df055f3ad6040fb039d3df0ef06e3fd3cf99d0d |
| SHA256 | be1c9b4e16af42c025bddae750f0b37fb0c2efa8bac63dc8bb45ebcc881fd4c4 |
| SHA512 | 0c29bf743776c0577542216667322a869dd61a51f00fb19a7ef8acb665a901b2ab0b44186ac686a1ef36440e3501acc47c5709f07c1bde25b95c5b33a0c9907d |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal
| MD5 | ab709b0fddf1b85b741f722090044631 |
| SHA1 | f95d03805d279e900792af790433c926f564db66 |
| SHA256 | 0928c8cc91d458db180e0882e57c48db69d53dd2e766687d13d6756d33af7702 |
| SHA512 | b04f0408d0fbbe1fb432d77c48c77af9330e1932e2a5acbc476a897e952b9736889f8efc6ada4204d65170b57d2794a700a38c732a2717f8d5c588c9b7cd9a32 |
/data/user/0/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal
| MD5 | bac055c51697aba3271f4df584327f33 |
| SHA1 | b4fa2190e8b6b36e17212cfbe6c9dfe656916ffe |
| SHA256 | f45221ccc5625ed3210ce38f6c490210e48622bfae5d359ee0ed91b64d49785c |
| SHA512 | 348e6339f4034d7942a40b96a250b2e02bf607cc54ebe0cd9fb46561c26c7a118749dffc3ddfd72248091128c87c12f922ab2eb3fda18462e97e7086b50792d8 |
/data/user/0/com.ddumu.bdqwqs/databases/ThrowalbeLog.db
| MD5 | e7e80f5a59ec9f22baa8fdb4ae5cc91e |
| SHA1 | 4ce97e8e0532d86342b66ab8f260ab61c2d1abed |
| SHA256 | e26fe3d63fac22110efcd071e7808b575413970bd8dbdaa1c36a49e4ced0fb85 |
| SHA512 | a3bd3bbaa9dabe9bcaa3c2ea9db47b693f0004edb03d8be0355431928255cbfe0fcfc3570fce3a5dbc40eeb9ced4c1f288b98edd979bdf1562ca4c5d812729c3 |
/data/user/0/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal
| MD5 | 0b5544aef6688bc2cd52d0810219ccf3 |
| SHA1 | 73f1847fa7832b179fefc10c18eb29de0445c6da |
| SHA256 | 6414f043c915d4b3fab5d9ec8c2abd6f55d1bffbff60ba9192208c83b48486c0 |
| SHA512 | afde7fbcd43d6db757d88edff83a9513ea3ce058276e1c09f46c4eaf581f3ec68a5746ab079118874a0345d21de9f40752b4c39bf549f7141876790e3c44363d |
/data/user/0/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal
| MD5 | 248c24a4cf411f7e4e4b212c4c6125be |
| SHA1 | 2a1ba7aed5754f51dffa0ec7bbe67207205331d8 |
| SHA256 | 2444d92dfd56e7a645c4eeca957b32f57bd795847b2d8da09431f59eaaa91b49 |
| SHA512 | 68825d324608b07d88407b282134a2d99fdb96d45f2aeab1e8e137a5b7eb3ef3ad882ce172c72851e4350d1ef27d73574a40f917e4389687d68915741542f4ab |
/data/user/0/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal
| MD5 | 55b2e601d639e70bf7a68480b93bd141 |
| SHA1 | 178b550607ee3bf530e7a37456ad0ba248e9c9a8 |
| SHA256 | 10ab474c9d450e168e0c534969debf6cb5fdfa44315a10b934b50e2ae261290c |
| SHA512 | e72237a519e07ff7609cb4b7609a9858e1c5be2adad7ae4d3fdf4d11bcf66d261ce38cac10e448a5f4fa3749ca0847466e84d5f89d42bae7791be7cd8c70514d |
/data/user/0/com.ddumu.bdqwqs/files/.um/um_cache_1718279479228.env
| MD5 | 041098ed94b365751517d7d4f2b33208 |
| SHA1 | 5de9315ec33c9a26285ceeb097d9b0200c610370 |
| SHA256 | 9d12788af224d69ee5fd82aba830ff34c6e3a8dab3ce662bee5aa0f3a3da2ec9 |
| SHA512 | 91c557dd96b84a9850f7788334d9d4e3195a4608b09ed4739fc7add2f308c70ee91e3a3a5e806cd463ce09a2370be45ac141b548db2259e8df9a00c5584885b2 |
/data/user/0/com.ddumu.bdqwqs/files/mobclick_agent_cached_com.ddumu.bdqwqs1
| MD5 | 366c3e2caeef4148133a6b9a639ea803 |
| SHA1 | 8185fa5a26dcdb2ac5ac605ef7bfc8f27b51bd18 |
| SHA256 | f3fd246e594b90c244d7f7eb585f583437f45b516ba3bbdb8231fdaae7bce09e |
| SHA512 | a837f7912fd9c69628dd6ce4a4b34dd096b38398bad9e1221ca8dc5f7c4de62c16e79500957d66e6282d01bd76412e774d45ba5860de634923af4d89aeb45fcb |
/data/user/0/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal
| MD5 | d3f8a2b33d6cd66256527a6c28d2abea |
| SHA1 | f1f73afb78ae371df3dce9f4cf0709ef1c42c1ae |
| SHA256 | 6c6b1ba17e2a48f9c101feadae78b5663d38830dd87917dcef362c816326852e |
| SHA512 | d901b7175b775c8daca76ba398f8ae8d622f55519de943285867b95b5e17379f54b250efec7e7c4d87caefe643a4bd55b1020303d277f7a956af3975002d9ab7 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 11:50
Reported
2024-06-13 11:53
Platform
android-x86-arm-20240611.1-en
Max time kernel
160s
Max time network
182s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.ddumu.bdqwqs
cat /sys/class/net/wlan0/address
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | app.wapx.cn | udp |
| US | 1.1.1.1:53 | api.exc.mob.com | udp |
| CN | 180.188.25.46:80 | api.exc.mob.com | tcp |
| US | 1.1.1.1:53 | appx.91.com | udp |
| US | 1.1.1.1:53 | app.waps.cn | udp |
| US | 1.1.1.1:53 | api.share.mob.com | udp |
| CN | 180.188.25.42:80 | api.share.mob.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | ads.waps.cn | udp |
| US | 1.1.1.1:53 | view.ddumu.com | udp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | devs.data.mob.com | udp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
| CN | 180.188.25.17:80 | devs.data.mob.com | tcp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
Files
/storage/emulated/0/Android/data/cache/CacheTime.dat
| MD5 | 42e3908e65e05bf3681dd22356f79d71 |
| SHA1 | b27aa5ccf200dae2f80d5945f0dc10544374b32f |
| SHA256 | d669dd41a3c44df211570d84835db1febe4205f4648b5a48108aea4bb73090ea |
| SHA512 | 2b6086f8705807fa07be7ab7f82bf14d87eee83d97a435a29031be3d0fcffc1e617eb0d7e92ed08e65b36b408d43213bef93b3ada3123c89af7af1b7721ad50e |
/storage/emulated/0/Android/data/.class/android
| MD5 | 3d01a0cc7abc4fc30bb3e60da34f59ef |
| SHA1 | a77628ffc105519271a9bdfc24bc0ada1aadd20d |
| SHA256 | 687bd1f19832d515445c688a6acdaf9212540c0b08796179b9a1b27497f45e29 |
| SHA512 | 6d3fffcd24d6a65a48a89313861896434f7dcf4dee695dc84f3b55d6c19e457a7a68dd6f5e464acb007d16922b44192f994e24064d69062c36481f2cf80636fc |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal
| MD5 | 488c66a48275c9c15fc6c60d7b6faf60 |
| SHA1 | 643e85ce7e35fc5dd627fd8b273d9cdc6d1c9434 |
| SHA256 | 406d7632666ece2d3ef644f6f87560ee440e4a5a213c2968f044202088203bf9 |
| SHA512 | ea0bff1c0290def8e35ef718f5168626341bfbaf5762f878b86ed9f88f10623016a50557cfe4ae5f5804dc7eca2410d9449a5f29755042f2e9ee560574818554 |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db
| MD5 | 5d7ea1a23af19b4340cc8d90f28297d5 |
| SHA1 | 4cfe95b23a9e98378d69c4290af81b51fbe76aea |
| SHA256 | 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da |
| SHA512 | 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-wal
| MD5 | 43fd17f91e55798c69a7a5004c3b41f4 |
| SHA1 | 6c1f89f59f7c4ad2e3095838618f638bf2fb6aa2 |
| SHA256 | cd7524adc90285a7c5816a0c72bc4cf75fe3bc7b74e12e0bd7361a066a8b131c |
| SHA512 | fee3df4721b25e7e46c76895cd3f04cd93ace3e211c08ef8894f45720643570ef7737d2d099e09e7d707881702e21c1b954e0155c567d81efaee24112673fb1d |
/storage/emulated/0/Android/data/cache/AppPackage.dat
| MD5 | 1bac15a859d81ed59c974ca4d6af027e |
| SHA1 | fe95d88b34c8a89dbba9e5c7f5db08727a9706c6 |
| SHA256 | a202798647c851b263e1216bdd8f85ff321ad2832f5c3b67187d0883f9b9cde3 |
| SHA512 | 219a903380f6f34bc818969d1dad324a88949d8a14692d84032b8a9de6c6e404967b5739a7cd0a358b1fcf492891f31e22874918dc3716c272f00f381994cdba |
/storage/emulated/0/Android/data/cache/UnPackage.dat
| MD5 | 90c3dbbdecb99ccd3ab165fc44599651 |
| SHA1 | 2d57f6a47d79f3db5db2db2140ce749fe74bd5ce |
| SHA256 | b84ac5fcdb2b9d9ddf137304dfd8b9cf9ba75cb02a2fa3d532fc833271dde1aa |
| SHA512 | 51beb79c6dc187440cfc457d4ca92a098d45c0b8b14b415064ba4358f62df699f969538346049492b71429b5643a3740948f466ec231936c180d07ce166736de |
/data/data/com.ddumu.bdqwqs/files/.mrecord
| MD5 | 6c8c98b90fb43073b8820c209ba0fc86 |
| SHA1 | 487be5ca2f4781dd4eab5c186f84c3f85126c57d |
| SHA256 | f969bf7662daf137f22cc10afee7c004271e5bd96e1de59100c8ed7c584e9848 |
| SHA512 | 139af0c65fd4027047a0a3da88f6b7cd0842a54559579688e0765011f66cb944fb055b8ed016bcc3d2aad5ddcfd9ddf0da84a693942d52ad0d6910c13137de9b |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | e24c3db33def1abb652bf5e6cedcbd82 |
| SHA1 | 8f9deb6972ccde0cd909d0e16d857eb910d7e940 |
| SHA256 | fedaddf39774f33d5d218c394bb7f3ea850f1328231a36921f0d2e653a5a463f |
| SHA512 | fd7cbfe1aa6b93c0599e700b6dc41c14f18e045c749ad47693febec54eeb6001da2ad2834c8594388494f4faaf948c307ed96798316b393d4032fa2a68d2acf1 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | dcce663e87aadd5010a8d47cc5f799a5 |
| SHA1 | 9cba8c5785821de991cf6d74d63632e1145e7551 |
| SHA256 | 092bcf7eba7bcd103b884b4d9d6eb318b373076131ab5a8003b81114f3faddd9 |
| SHA512 | 5fa342edd54c7b7e205673e17393255fa5f5dc2cb0ffdfd2bb3bc753bbd34594d256c0648ffc4d73d9008d258c5fded366942fd73ed477b945d720b54c11b4a8 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 6749b8d72b5b56eae2197c8850815724 |
| SHA1 | 511ffe5a3066f17fd99b024a05148706be3986fe |
| SHA256 | 18cef5da7eb86c3ded3f543ba51e9c3db127bad5da97fdc57ed668c3965dfee5 |
| SHA512 | 95c3f3f8975e76fb3cdbec81c2077a116aa5d8b0122e0b40fb0a290f4b6d146a249680b5c075154fbcadc9d3dcb2abf0fa7f2dbe8cbfc0a31398a5b6227eceea |
/data/data/com.ddumu.bdqwqs/files/umeng_it.cache
| MD5 | c8348751ed6957b7720f765cf37bc453 |
| SHA1 | 3c386454ae0b6b83d8dc0145a5c9cd1109f1fc0a |
| SHA256 | 0f69cfb7e4e4c483381667ec88cd70fcee69c19df587834f045210f17fad26ad |
| SHA512 | 675362549e0076953d2d1b08d70755d9387190d692cad62f928aa01233aa84c490d607b86abf08bc57f2cfb29a74005dfba24d409d2a5a4474f7a20e008a4716 |
/data/data/com.ddumu.bdqwqs/files/.umeng/exchangeIdentity.json
| MD5 | 3f375d79098ae8bdcc4a0975c60821ac |
| SHA1 | e96aa67be209d957e2905af9e16e8ac9437e5eb4 |
| SHA256 | 130bd6aa8b96b5aaad9954436af8a4836d6a6a0c204f7c161f862cf79fdd2b9b |
| SHA512 | a629921750e8b67da579d3ac3da10aa47a7ce295d837db0a84d82cc25c2d13351a39e92239e125ee8522551407b82fc18dc267ae373e4f0314b5c20a6e64dcb6 |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-wal
| MD5 | 6ba18e17cc85ff2b207f00df0ab25584 |
| SHA1 | 5457d11a5a6413cd7a80ceaaa1a56341e1879487 |
| SHA256 | 6645a9c649e3afea177adc4c08b52a6b5f5f3fd8082a9ecb687f8ae296a4e34f |
| SHA512 | 4a367f9816e31f11553054a2ca204519f52e3d7073a8476feea76660a5fec69124bbd53b43f90711c106bbc56bc54ecb8c9c872d2d9d2358262be61163fb8ac5 |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db
| MD5 | ce6135aa1b1fe4f2c2db2a546d2a5558 |
| SHA1 | 79b59582154017aadab783dc266fcb158c252940 |
| SHA256 | 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c |
| SHA512 | 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4 |
/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal
| MD5 | 2efa9c2a1d50f575c1ca24e15ede41b0 |
| SHA1 | ed4c4c0613689ce00121d47923b628d81bc9609b |
| SHA256 | f4115421624113bdd3d9e8b93b8b72c74997e3508aac405dfc7499ca1a560e71 |
| SHA512 | 62847272f769bf040d53b6a2e1cfd8e96e00f9992351be47ecc4d64e75168e099c16666b8712f9d68cb9588e91ce2447670646314cd51023d0deb9be2d9a2d2d |
/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-wal
| MD5 | 311db0f4d7202c3b9491e1181746841a |
| SHA1 | 1607d09eed8997402f73afd0b77cdf39b387b7f5 |
| SHA256 | 3f1d6201e5ab5f49f153d16ab35b4760a30923721f8aeb45ca445bf60a363a9a |
| SHA512 | 327220907e1febb12a68f52436b9dab198a91b214ed6cb938c30baa9b421aac1148f9067193af78fae4b2a42b224db470991772bcceed15e1e9807d67d967e5e |
/data/data/com.ddumu.bdqwqs/files/.um/um_cache_1718279480260.env
| MD5 | 8a01f6d8cb11c30500aebd2e5d03f20a |
| SHA1 | 509cd94d0896da518ac67b43053a3b3c867af498 |
| SHA256 | 32071d70b10f4fa6a5c8ecdafef5cd6589de0876df733cd15fb5876585e229bc |
| SHA512 | 0a9e5d3ed59eae130a64288debdbccad8f54c4158691a7e7500198dcf995c5bd0b41a5bd4b494cd1c2ca1af40bc2f6b31cd7e50f641a461e91b87fddd0978c98 |
/data/data/com.ddumu.bdqwqs/files/mobclick_agent_cached_com.ddumu.bdqwqs1
| MD5 | bb15d307dea905dddb86f67beea7d81a |
| SHA1 | a194156fb506d12177c7143344d8ae2b2da84bd7 |
| SHA256 | ccdac19e577543917a282ac3c5601448f74b710cd7becb9ceb311363771aa383 |
| SHA512 | da70850e0634e17c876852fe3c2d31d8d8bde9b7d405a304499abfbea697b4fa6ac4704e0928cff54b2a6ae8ed9001432f8cfed968523356f8bb8d8beb35bd2a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 11:50
Reported
2024-06-13 11:53
Platform
android-x64-20240611.1-en
Max time kernel
160s
Max time network
185s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.ddumu.bdqwqs
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | app.wapx.cn | udp |
| US | 1.1.1.1:53 | api.exc.mob.com | udp |
| CN | 180.188.25.46:80 | api.exc.mob.com | tcp |
| US | 1.1.1.1:53 | appx.91.com | udp |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | api.share.mob.com | udp |
| US | 1.1.1.1:53 | app.waps.cn | udp |
| CN | 180.188.25.42:80 | api.share.mob.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | ads.waps.cn | udp |
| US | 1.1.1.1:53 | view.ddumu.com | udp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| US | 1.1.1.1:53 | devs.data.mob.com | udp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
| CN | 180.188.25.17:80 | devs.data.mob.com | tcp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
Files
/storage/emulated/0/Android/data/cache/CacheTime.dat
| MD5 | d71fc13b81ed5072a485fc22583b41ba |
| SHA1 | 66ecb8929ad72a733754226e60efb8bcb7c87c9d |
| SHA256 | 4d5b69c775dd01880934210c2d9851929c9e82e56e37aa3e33daad6125bddfc8 |
| SHA512 | bae8aa86f50641b240a770737f7e02fffc7d6a6beac010e47d8f89d3521b22a7250cfb4962bc0e124af5c7f902233f2557a813e646a0e7ff7f3e0704d6d22cd9 |
/storage/emulated/0/Android/data/.class/android
| MD5 | 0f44edbc45401773c96dd5e2a39ba212 |
| SHA1 | 116c913e3b6f4f77f9549426bf6e4a4d279396d5 |
| SHA256 | 745fd71594e73895acc4a7b052c1c08184aa5239f3edf22c152826c49953fa28 |
| SHA512 | b9ebcb18204d3b6a6e18cf1f140eda5bf40026e893415488d5d69c7288002512955ba6d9b2811609d48e1d3352f7c58fea88188d1b47747eeb6339dbd4a3b471 |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal
| MD5 | 816d7ffe7d577cf166ae4ef617230abb |
| SHA1 | c56eed232d53b6278889e9d07ce79130fb6366d0 |
| SHA256 | cced3abff40596b48edf08a12b8917dab24ce2f20766b52316229e2a86e16b92 |
| SHA512 | 8dbc98b307a015a63f71e6c01284ec1aa04d02eafc78ed4004759b5cf9c69bbe1f12ae06d0b6ba543c7f5fbb7fb015be19795ac9afab38610ed0172962e87fa5 |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db
| MD5 | 0908e924aa236931dc7166fef6e00862 |
| SHA1 | 7782648d6d8f6e835bd47058d4852932c096a467 |
| SHA256 | 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f |
| SHA512 | 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal
| MD5 | edc088885565320dfeaee693a024b847 |
| SHA1 | 0d125fdd6f741ffac967920587bdadf2faf49f33 |
| SHA256 | 34efd6a40f5d5144651dca2763afc572007d6bbd320bc3151f55d56999eab699 |
| SHA512 | 0f2612e1673ac5b4a01d98fe87b14e5cd11eca12d1baddb7038375bcd8a4269ad7e152724f77fddc19f7287c5cbce1ab081fcd7f92b99ef1ac9b8ee1ce564495 |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal
| MD5 | 0a950e398a4953dc375bc6bb35155255 |
| SHA1 | 69048e83a5ac13f3b342c8f3303b5c49b88a4136 |
| SHA256 | faaa26be002fce0107d952c8a810d4601d2ac57fc23a4f7aee281fe1ccf2273e |
| SHA512 | 811378f38de0d1c7d7649fd0f569a4cacaf8919ba48a9f3a7fc7a7735ba8e0bc95b81070b56b177bbde84a68c2b3f3f85363165dee280d190e783281e45db65b |
/storage/emulated/0/Android/data/cache/AppPackage.dat
| MD5 | 1bac15a859d81ed59c974ca4d6af027e |
| SHA1 | fe95d88b34c8a89dbba9e5c7f5db08727a9706c6 |
| SHA256 | a202798647c851b263e1216bdd8f85ff321ad2832f5c3b67187d0883f9b9cde3 |
| SHA512 | 219a903380f6f34bc818969d1dad324a88949d8a14692d84032b8a9de6c6e404967b5739a7cd0a358b1fcf492891f31e22874918dc3716c272f00f381994cdba |
/data/data/com.ddumu.bdqwqs/files/.mrecord
| MD5 | 6c8c98b90fb43073b8820c209ba0fc86 |
| SHA1 | 487be5ca2f4781dd4eab5c186f84c3f85126c57d |
| SHA256 | f969bf7662daf137f22cc10afee7c004271e5bd96e1de59100c8ed7c584e9848 |
| SHA512 | 139af0c65fd4027047a0a3da88f6b7cd0842a54559579688e0765011f66cb944fb055b8ed016bcc3d2aad5ddcfd9ddf0da84a693942d52ad0d6910c13137de9b |
/storage/emulated/0/Android/data/cache/UnPackage.dat
| MD5 | 90c3dbbdecb99ccd3ab165fc44599651 |
| SHA1 | 2d57f6a47d79f3db5db2db2140ce749fe74bd5ce |
| SHA256 | b84ac5fcdb2b9d9ddf137304dfd8b9cf9ba75cb02a2fa3d532fc833271dde1aa |
| SHA512 | 51beb79c6dc187440cfc457d4ca92a098d45c0b8b14b415064ba4358f62df699f969538346049492b71429b5643a3740948f466ec231936c180d07ce166736de |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 428e0df9f14d997636d432da53cc8265 |
| SHA1 | ca27e3502ae1ca07eadf1a4c80f7431cac39fd09 |
| SHA256 | a7c7fa5df6429005b69aae049a6be2d30868574083f5d6b9f922e10d14eb1be3 |
| SHA512 | 4e3365d582dafd471ad368b62775bd0b1664fc4f5415ec0a59283c5fd7c3005023501dd247b76db4b5eed4d163e692961f83e0a500f70f896cd9b1e0e0fd9881 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 20527cbbcb8e6bceea57c0f628d1c8de |
| SHA1 | e6c18953058fe0a1a969e1e325ade39dc1e6e6e5 |
| SHA256 | 4b163526cbe4e20b6603dc033de90dd687e0e28f2398aae52233c49cce143b4e |
| SHA512 | afd9514c0a7c7663a1171835842eda9e98fc962b56ac771261ed7fb9e3699b2ab94a4e76fb4381f406c693ddfeb3468aa86c16444fbc695fc61ae8598d518200 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 307a7f4dae982b87825ff6814dccf27c |
| SHA1 | 7fa37879a85f2955079b24626ab43daae7572188 |
| SHA256 | ba501f6ee2206d4ae3c6606d7c3bee5efbab315daac14b2e3384902dcae8810a |
| SHA512 | b15fe3c1435b8baaa22aef714e09146962e26cdb5819e147d2c7974f99ac2cc324af5a9e87c4fa02271e86d08503cf04fad04cd6eff4581c778535ce0b2c09a9 |
/data/data/com.ddumu.bdqwqs/files/umeng_it.cache
| MD5 | 4f6b400a4ab035876b18fd6eb7832b7f |
| SHA1 | 56e2dacaa91671c11278291a8daebe0034f89322 |
| SHA256 | 6b3c536bf48a45a6e5d7db84326991b76fd97b9b77cc39c1ab82d65baf9441c7 |
| SHA512 | a9877000b721d72a07db889894b5e4280e93264def7efc0a9842de2cc2754c213d7e040bb530385e93988c9c4dfca391c95674283363ce4332f1b735a3c88677 |
/data/data/com.ddumu.bdqwqs/files/.umeng/exchangeIdentity.json
| MD5 | 40ee514047b6d1aeccac9b0e6a456f26 |
| SHA1 | 919ed755770f4e28a6538adaa573678c3d06c7b8 |
| SHA256 | 9df7ac6a061cdec950b7572aae501a8326eacb1f05152b2a7d094b3939ae194f |
| SHA512 | 83c1d243963f0aa3a0e048583d5daf70070e429cf2d76fc6ebc683e6a3c79fbcda63e17cbae72e474fe4a1f3fec4120e96e7949e9c4c31735b942cfee72682d1 |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal
| MD5 | 15d178c70b67dc0ff58760045f4720ed |
| SHA1 | 26e1b01b2c7c88cb57e2bd2b6701865fe218bba2 |
| SHA256 | afd0e82cc7b1a6f4b14e5129ffc9ced5f95ffa6da349e09aca87b27c8b2d73c6 |
| SHA512 | 4d8b288afdbeed61814f19c1de40ed85b81c91c982cb5feacba1994004903de79338c98e8d4adf396772c93e72c17c24d897ec33f9ed089f21014e6a5dbeb3b8 |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db
| MD5 | 67c12933d1e0e63d9801a6aa43092ce7 |
| SHA1 | b6936908554e4a1986b8eb08289e2d3545e8ff74 |
| SHA256 | abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40 |
| SHA512 | db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal
| MD5 | 1b9127b4314e0a4d832b56a2a76317e4 |
| SHA1 | 5ff5258f08b93fba15582ed100333759cc0dd6fc |
| SHA256 | 916a978803675938f2f61c4f49c7b05f7338c878ada3af7a88f48cd3d64c5d56 |
| SHA512 | 0b7da745e9c83ef42539e3cd13ac5c0defb18fe35066e62934b33a69e39195679e69157f771b204efea7821f68b768927673e2feed1202375cb2ad43bb84dd6c |
/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal
| MD5 | c4b1570403277e7d6c1cffbdc8b0f25d |
| SHA1 | f781bdf4937b2e26ada3d6fb938200921fa55ed5 |
| SHA256 | 81f2877e61cf910259909fe23f8e0a0bd2abcace6953bee79e50d744db33fdb0 |
| SHA512 | 2e8aee2f86919afcdbd840c75fd8110d69211d083c88d4003f21183eafa63fa9b4b0a90947c22a0497a0d3074dc4c0cfdd07512edc6042ac15ba69320e13f2ec |
/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal
| MD5 | f4285af7bddcd09e3d1824b33f09612d |
| SHA1 | d702d43fa0d075592371c0c2048a17d8c50529fc |
| SHA256 | 38e5bf25135796547256a661b074ca41bf26c07640414017ded96adc8661cde5 |
| SHA512 | 3868175028c7bcf06474b9622aef69fdbf71dade36470f5bf52df537cf29241917c9cbd886dbe432ff13adb15bfbd286bd53915081f7afee588c49ed2f363716 |
/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db
| MD5 | 4e96c0e862a1bb82698299769251a445 |
| SHA1 | 0318e7506f120e156d50ac1f0cd95cfb4d10bc85 |
| SHA256 | 9f45e979b76fcd32ddea3fc102b2f65b79777e99597ed546ec61807d2fe24995 |
| SHA512 | 9d1ac9760268153791e0a751bcac713ffa1d2670d48e82607e08ff94e149aa76a474122546b4412d3eef5b54f0fc2078c97a4b196a8b2c342168690822eda697 |
/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal
| MD5 | 2b8fcf624bb1e76be8b37bbe5bc06f52 |
| SHA1 | 5eaab0e35e3d72e65776d82033c0ebbb77ea63c7 |
| SHA256 | 36322f4254349892b2ee935c34fdde89179ee425530be4845088fb6eee976e4e |
| SHA512 | 91c7bde149d7f4ece3e1c29a18ac617dd6284309bdf2897be44dce77fcbf80e54eef3f41355a50960c5c9f6b20e6a38f0522272608cfa710d6cc2d4cfdf4ee8e |
/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal
| MD5 | dc53b0ea30d20e823408333b6481ee42 |
| SHA1 | 04790d180240973507fb4d728c1c1e56d191a6b1 |
| SHA256 | a08d0c419770776e344c547451d480ab318cacb4dbd578acaf7a447912cad500 |
| SHA512 | 67d5bb1f073fb008ce3af51cba0b9f4e27bb931315291c61285423d495532fa8e2916a9c523d535f783acea4deae08c2d469b76a7e1e1ba8d6885ba27e89a3d1 |
/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal
| MD5 | 9374b5647c85cce2a18a384809815982 |
| SHA1 | 4d8bc28c18ba10d3ca4d8655d20daaf2d468efce |
| SHA256 | 69875d7cf2dd3a893f445700e0ffbb8908699eb62a501b08dab407f259a751bc |
| SHA512 | f00bac9f73a031fc3c8720957506b9fe20d8440f958a482faba20dacfd330119ae1ad2d1d7f39ac34cadbe7a99eb8036e3bd4692ceaec10f63c0965332a7680a |
/data/data/com.ddumu.bdqwqs/files/.um/um_cache_1718279479779.env
| MD5 | 249efc346ce42cf13821a2e47a819bb7 |
| SHA1 | 1eaf0db36c9f56741552b6edf8a3476bd5a35f55 |
| SHA256 | beb18a65157b6af7dad89c993e73d21be26a9a599e41c35e2a1fa6612f172cda |
| SHA512 | 7597832ebd8caab03bdb244fa3aea538759b17a67de8945384c546ff22591875aaa035ea2b5d33656e300267013622b520005f1b8de2ec0dccb757417d5497ad |
/data/data/com.ddumu.bdqwqs/files/mobclick_agent_cached_com.ddumu.bdqwqs1
| MD5 | 572afec0ffd2841754173290a5419778 |
| SHA1 | 5f14d9562f60d875e4359a08aa924566159f3338 |
| SHA256 | 978972d2824aefce8454fde637aead4fe7152e8292c41f7ee30dd9f4b4569537 |
| SHA512 | db1be432ea9cec5799011f8cc682fd3d643fc8f85a1404370e4dc4559f26e1757fa5c064208ffc15851622d8432ae8fe209382f8ea9cffd8f321f56f7b9b53c1 |
/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal
| MD5 | c98555cbc3856a592775ee54c392adb6 |
| SHA1 | e5d810f171a3bbf4a73e769edf8e166b11d22961 |
| SHA256 | 65f2e407eb689251425f99e2ad68ad0792eedfd90266d53b300b97e3308160a4 |
| SHA512 | fd91a55d730e525de168804ee9b59447c3fdf198c33e5461578ff384bbb2dc993b007e0a1e42fddfa050892d6cfc0a96b7ee519684be405e29593c84faca1ca6 |