Malware Analysis Report

2024-09-09 12:57

Sample ID 240614-nljvrayeng
Target a96f98dd11fa9e2ce4878c17a55f83f4_JaffaCakes118
SHA256 9309bf7534acfa1eaea0c9832c155e9b555c85e52c4c2ef48df0fd333c1b9cfa
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9309bf7534acfa1eaea0c9832c155e9b555c85e52c4c2ef48df0fd333c1b9cfa

Threat Level: Shows suspicious behavior

The file a96f98dd11fa9e2ce4878c17a55f83f4_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Requests cell location

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Queries information about the current nearby Wi-Fi networks

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Acquires the wake lock

Reads information about phone network operator.

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 11:29

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 11:29

Reported

2024-06-14 11:32

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

188s

Command Line

com.kidswant.ss

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.kidswant.ss

com.kidswant.ss:pushservice

com.kidswant.ss:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 sapi.map.baidu.com udp
HK 103.235.46.245:443 sapi.map.baidu.com tcp
US 1.1.1.1:53 msg.haiziwang.com udp
US 1.1.1.1:53 cms.haiziwang.com udp
US 1.1.1.1:53 buy.haiziwang.com udp
US 1.1.1.1:53 address.haiziwang.com udp
US 1.1.1.1:53 alog.umeng.com udp
SG 47.246.109.108:80 alog.umeng.com tcp
CN 42.177.83.82:80 cms.haiziwang.com tcp
CN 42.177.83.82:80 cms.haiziwang.com tcp
CN 42.177.83.111:80 cms.haiziwang.com tcp
CN 58.144.235.61:80 address.haiziwang.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 116.153.64.182:80 address.haiziwang.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 dns.map.baidu.com udp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 116.153.46.40:80 cms.haiziwang.com tcp
CN 42.177.83.214:80 cms.haiziwang.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
CN 211.97.81.229:80 cms.haiziwang.com tcp
CN 211.97.81.229:80 cms.haiziwang.com tcp
CN 60.13.97.138:80 cms.haiziwang.com tcp
CN 220.194.123.111:80 address.haiziwang.com tcp
CN 60.13.97.138:80 cms.haiziwang.com tcp
CN 1.56.98.101:80 address.haiziwang.com tcp
CN 42.177.83.82:80 cms.haiziwang.com tcp
CN 42.177.83.82:80 cms.haiziwang.com tcp
N/A 10.0.0.172:80 tcp
CN 211.97.81.229:80 cms.haiziwang.com tcp
CN 211.97.81.229:80 cms.haiziwang.com tcp
CN 42.177.83.224:80 cms.haiziwang.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 42.177.83.224:80 cms.haiziwang.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 42.177.83.115:80 cms.haiziwang.com tcp
CN 42.177.83.115:80 cms.haiziwang.com tcp
CN 42.177.83.115:80 cms.haiziwang.com tcp
CN 14.205.47.136:80 cms.haiziwang.com tcp
CN 14.205.47.136:80 cms.haiziwang.com tcp
CN 42.177.83.87:80 cms.haiziwang.com tcp
CN 112.84.131.82:80 address.haiziwang.com tcp
CN 42.177.83.87:80 cms.haiziwang.com tcp
CN 42.177.83.87:80 cms.haiziwang.com tcp
CN 122.188.38.123:80 address.haiziwang.com tcp
CN 14.205.47.136:80 cms.haiziwang.com tcp
CN 14.205.47.136:80 cms.haiziwang.com tcp
CN 14.205.47.136:80 cms.haiziwang.com tcp
CN 42.177.83.225:80 cms.haiziwang.com tcp
CN 42.177.83.225:80 cms.haiziwang.com tcp
CN 42.177.83.225:80 cms.haiziwang.com tcp
CN 42.177.83.111:80 cms.haiziwang.com tcp
CN 42.177.83.111:80 cms.haiziwang.com tcp
CN 42.177.83.111:80 cms.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 42.177.83.115:80 cms.haiziwang.com tcp
CN 42.177.83.115:80 cms.haiziwang.com tcp
CN 116.177.225.247:80 address.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 116.153.46.40:80 cms.haiziwang.com tcp
CN 116.153.46.40:80 cms.haiziwang.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 220.194.123.111:80 address.haiziwang.com tcp
CN 116.153.46.40:80 cms.haiziwang.com tcp
CN 42.177.83.214:80 cms.haiziwang.com tcp
CN 42.177.83.214:80 cms.haiziwang.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 42.177.83.214:80 cms.haiziwang.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
CN 60.13.97.138:80 cms.haiziwang.com tcp
CN 42.177.83.111:80 cms.haiziwang.com tcp
CN 60.13.97.138:80 cms.haiziwang.com tcp
CN 42.177.83.82:80 cms.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 116.153.64.182:80 address.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 42.177.83.82:80 cms.haiziwang.com tcp
CN 211.97.81.229:80 cms.haiziwang.com tcp
CN 112.84.131.82:80 address.haiziwang.com tcp
CN 116.153.46.40:80 cms.haiziwang.com tcp
CN 211.97.81.229:80 cms.haiziwang.com tcp
CN 42.177.83.224:80 cms.haiziwang.com tcp
N/A 10.0.0.172:80 tcp
CN 42.177.83.214:80 cms.haiziwang.com tcp
CN 42.177.83.224:80 cms.haiziwang.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
CN 42.177.83.115:80 cms.haiziwang.com tcp
CN 42.177.83.111:80 cms.haiziwang.com tcp
CN 60.13.97.138:80 cms.haiziwang.com tcp
CN 42.177.83.87:80 cms.haiziwang.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 42.177.83.82:80 cms.haiziwang.com tcp
CN 58.251.62.192:80 address.haiziwang.com tcp
CN 14.205.47.136:80 cms.haiziwang.com tcp
CN 58.251.62.191:80 address.haiziwang.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 116.153.46.40:80 cms.haiziwang.com tcp
CN 211.97.81.229:80 cms.haiziwang.com tcp
CN 42.177.83.225:80 cms.haiziwang.com tcp
CN 42.177.83.214:80 cms.haiziwang.com tcp
CN 42.177.83.224:80 cms.haiziwang.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
CN 42.177.83.115:80 cms.haiziwang.com tcp
CN 42.177.83.111:80 cms.haiziwang.com tcp
CN 60.13.97.138:80 cms.haiziwang.com tcp
CN 42.177.83.87:80 cms.haiziwang.com tcp
CN 42.177.83.225:80 cms.haiziwang.com tcp
CN 42.177.83.225:80 cms.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 42.177.83.82:80 cms.haiziwang.com tcp
CN 14.205.47.136:80 cms.haiziwang.com tcp
CN 211.97.95.244:80 address.haiziwang.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 58.251.62.110:80 address.haiziwang.com tcp
CN 116.153.46.40:80 cms.haiziwang.com tcp
CN 211.97.81.229:80 cms.haiziwang.com tcp
CN 42.177.83.225:80 cms.haiziwang.com tcp
CN 42.177.83.214:80 cms.haiziwang.com tcp
CN 42.177.83.224:80 cms.haiziwang.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
CN 42.177.83.115:80 cms.haiziwang.com tcp
US 1.1.1.1:53 msg.haiziwang.com udp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 61.241.148.88:80 address.haiziwang.com tcp
CN 211.97.95.244:80 address.haiziwang.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
N/A 10.0.0.172:80 tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 112.84.131.83:80 address.haiziwang.com tcp
CN 58.251.62.189:80 address.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 122.188.38.123:80 address.haiziwang.com tcp
CN 58.251.62.192:80 address.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 58.251.62.110:80 address.haiziwang.com tcp
CN 116.177.225.247:80 address.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
N/A 10.0.0.172:80 tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 1.56.98.101:80 address.haiziwang.com tcp
CN 61.241.148.88:80 address.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 58.251.62.191:80 address.haiziwang.com tcp
CN 58.144.235.61:80 address.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 58.251.62.189:80 address.haiziwang.com tcp
CN 221.204.43.242:80 address.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
N/A 10.0.0.172:80 tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
US 1.1.1.1:53 msg.haiziwang.com udp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 221.204.43.242:80 address.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 112.84.131.83:80 address.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
N/A 10.0.0.172:80 tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp

Files

/storage/emulated/0/Android/data/com.kidswant.ss/cache/uil-images/journal.tmp

MD5 7055f774688e119031fffc0785c733f6
SHA1 6c829edfdded8de291517f215c9cd2bf4c6c9906
SHA256 655c2af5f594b6dd56d63abe196d39738c21326ca7c7c81fdd58031077c98402
SHA512 1740638cb0c499aac3cdfd926f70347acc6c226fab46905021c5d8d0bae921dd42b38660710d99e62d54f8407f1a4957b56352615ae1ec2749f2a78910303ac3

/storage/emulated/0/baidu/.cuid

MD5 ff4db0eb7f9a326fd146584988a1c9cb
SHA1 9a4aab11ec6355602fa7f9b1643218a0a1068e28
SHA256 3e3b6c4a9f87293ee92288ffd7f56d064ae5f4ecc53901ef384bedaa1b991cbd
SHA512 14f5bd05392924595906d2b096e8921b5f889412ae349a23c6a4d7bb2d771c61b9a952467548da0f6edeec26474d73de93a23d0bf9e4d65579eb839a6481dab6

/data/data/com.kidswant.ss/databases/beacon-db-journal

MD5 a1889e5d31dfcfedd42cf392f4d161b0
SHA1 982263bb10afa93b785474f8d067982ae7aada34
SHA256 4262684dfe4452000b63cfb8c515f739a4c950c6b29b603e0e7a796a50885d92
SHA512 acf1701156d4a81f41acf1ef6fdb94d60bc8fa3eb107f130686b7d358a82c53a3abf7d778e7f885944e2d1974750bcd62183087119a7c436928c6ab59251cded

/data/data/com.kidswant.ss/databases/beacon-db

MD5 1c4274aa7a9a5cac8c6d1df71e4588c6
SHA1 abaecd685e01cc68801292e3dc7085654a22feba
SHA256 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA512 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

/data/data/com.kidswant.ss/databases/beacon-db-wal

MD5 076bcc4d53b57aae193fbeb6579fb7c7
SHA1 6859ba59ce9fd5343fdeb97c38a9ee13a5ec9861
SHA256 31a28ee66c5e4cab996de879bec1cca430b97f8b086fe08e9ab962a587ab282f
SHA512 b6bd69585e2c50b3fc4229aadf2ac07c10b790097fdfbb2b90e45329d909a93fbfa011a2265fa704b821c16bf9a682bdb41cabfe9a61bf15e975878a455e06cf

/data/data/com.kidswant.ss/files/umeng_it.cache

MD5 a30df463b1df01b825e1880cc62896a2
SHA1 24e5222f7e21126a4ea9bbbcc1db51272145d31e
SHA256 f5ab14e90d79c97e0186f94aa0701889db861c2986ee382fb8f532ae9947b3fb
SHA512 1c8555a7d627fcec6f2b203600d97e3d33a09e9d5e5d11e495806caff0f6176226dca18829863761f51e3ae38cdb77d754b2281dd2be29469380e4694433ec59

/data/data/com.kidswant.ss/files/.umeng/exchangeIdentity.json

MD5 a21bf2c809b470a1c647f3e12bd87109
SHA1 f929004b8d03af7d74487685d11f4576e4572ef3
SHA256 c75abe83b082ed8a6c09e092b09dc9358958832fd74b32c4b328c30fb8f2c897
SHA512 c8bd834a0807ba2a2570e3d41965faa3e57bd87777086d084d8659d7ed1d70d9f40cc5800de85cb94a03f2cef195c1c9d7f04fe119ceaa7864d01f45267fa5e4

/data/data/com.kidswant.ss/databases/pushsdk.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.kidswant.ss/databases/pushsdk.db-wal

MD5 6bf82d87089ea6bf7eb6abc2f37c34c0
SHA1 aa8b27477dbcd44e585f0a041e4cb07364e84eb1
SHA256 70673b72527303e74518a6cb204e0491885bde565eb1bd4887b56596da37e567
SHA512 e9bce9c820b55960d294f167d2f7d70c69c9a8a06ed047cf9adcc5d62a769dba55f3d4d5ade1db4adde17cea60dfef55e8fb738e60ec1bb0d6c18024945ca3c2

/data/data/com.kidswant.ss/files/.imprint

MD5 bc01be6d8d8a73ebb1ab51f12cfe0a4a
SHA1 683002337d82220d83ceb3274ef68630754ef616
SHA256 ac6b34ac930a866183bd10c906abe3a445b4cd57d50febadc9dc4bfd6e83bb46
SHA512 b165e7fbfc5068aff3ab645a17542afe0e055fbf9ac6cece42f688d91877159b4dd01d1ec712fb17b68a4ddc1cb01b1c91b63b7e4773b2ad55b467addf5f0635

/data/data/com.kidswant.ss/files/umeng_it.cache

MD5 846d3f5ce7a44f2838e95129231fa7fd
SHA1 ad6911ff02fbb4311779f5148b3a1495dd2acda4
SHA256 49e1ab00fb96c70019eb0250116cc6f0b1f8f379a14ed3c3b0e4bad9e995328a
SHA512 cdb2c240a412bf783ad19b28eb43c8e314df5a8c3fe320699070cbd3e1415c82e721975587d01c24dfa3671ffb77e81164661e147201bae1b1837d83427f5174

/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-wal

MD5 f6856e1d197c345e639372e39a843e7c
SHA1 b1444e76b5652bf09008b29e42a156a291fa4717
SHA256 c63a7a9eaf034a52f968afdfb982ca2c15b65a95abca382b1110c404643bf47a
SHA512 127b3c8fd3e421636b715c8f1aff0733109abe77d28bd3bf6b55a07d8f4dc190316ade81ce8ad53ea6e161e31cd1352ad4df724bdd051353cc825fe20a06811c

/data/data/com.kidswant.ss/files/lldt/firll.dat

MD5 de35bfd4c09fb826f3a745c10f555d73
SHA1 f437fd6d418bdb90319926dfaaa138a1438db64c
SHA256 1ded58801fe37d1b45e500e0b42140e68fc92b1390834635aa7eb56ea11c5b46
SHA512 3c3258af9a736544a07a9ad0fd39c1b670d6516617b8925716524a2a05751735ee9158ac6b997eae5d5cd82b975119e79e9f17237a9a58e891acfeeed3f19f1b

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 4602a90836ea1e0fa7e8cfc8c75a9f53
SHA1 e7eae241d44b146064680b5f44e9f4252d422e30
SHA256 24d3194b1a57ebbaceae862e76b10fbbd1695dc2e1d3f9e5080ac34c865a7237
SHA512 9b0c23eee383e9711d8fb7b0d2417bfbeb3d1588ebc4d76192d5302a688ff8e7d971d80bc0bd2091b281316fa58e30aae9796b803024917365ace0a1afdb1993

/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.dat

MD5 161557b06b4a4d3ce095528dea370eb7
SHA1 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256 f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA512 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.dat

MD5 c797c6aeba3b9fdd0b03db086289106b
SHA1 6f4b6fa1ead6af7f5db3d992dc460d14f985935f
SHA256 5506f1e215d271b03254b40585d9de050bc5f92a59a27cf91c9f690f2ba24115
SHA512 f0fe1a611b7068e0657b34fb487af874375fa4304d50440e809b23ec6871c238b72e6f662f8b6e8638400754a66f7137196e1861e1e3be19a8e919b39be579e9

/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/conlts.dat

MD5 8d36fc98dfb7c03549777a4957dff7a8
SHA1 f4f2129b540c8fee376cc6ded0286a0fd925ec77
SHA256 47767076c716756575ff7ed13178b462c8e74eecd63839d903ae5c3b0fc643f9
SHA512 bb0199cc1da2f95b90d0d7c5d6db8fd9d3dc0a4c40b57a7d844fa0277aff41d7c5d7d6bdcc07371c272606855ed1ef9b6256827c95bf5a6cfacf2c0e7c0e27da

/data/data/com.kidswant.ss/files/ofld/ofl.config

MD5 907cfc5aa267d414e32e7e9b75f9287c
SHA1 a63faf84228ecc0f706c3169b0272cbe7f175125
SHA256 37b5ae22894e8f529a26b9b7f5d644c8c6cbdb1cdd73f7e480c6120c3dc648dc
SHA512 13705b09ad584ec5be1178c900237abeabf40e5cf8f97817a9847b26bd9c38d9c50f5a3f096334dc391143e9a3390c467d24ad790b16c3cbae4f5c1cb686c75e

/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.dat

MD5 883592a9f0829f3b7123a2411a1734c2
SHA1 2074918453a401563d7628befb6629a459166561
SHA256 ac30d4abb84c02a1adb78bdd5e79544f3111563f6562355b0ef5f29fc9046814
SHA512 29ed690a057fd42bf8442a75a58037ad4fef6e860884d113480875a486033827e1284cd6777e6fd351f4cec31f71bba62d1d41a0bae90e4a02b8740edbb58d28

/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.dat

MD5 e5269e0a9d7ae987b54c60822bbd8ebc
SHA1 3f7f2049da8a03a7ead84f2e95f234187f5dd84f
SHA256 c3eebd8af0f232a6a607601e809c950695731112bc0133d152c6b351ebbac3c6
SHA512 72d642fdaa1cf8a5c22021d06a0e7e9e9ab54eb0e6ec4fccaabc6ab3c0ef236014fdc5cca99c872f169c38aeebaf1dce6ae9e77bd992825c96cdadf210b1d432

/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.dat

MD5 65627d7f23b931dce0686f51d7adced3
SHA1 6ae6124f50d1f10bcab20e2d7524a7a338e280a9
SHA256 497fb7e54364d6c01170472c07879ea760fae80c5b8f9c06dd62ad8d28c93071
SHA512 76788671e64e8edbd7076e918a50c8e5264570cbb4485dadc2b18c8a9a8d5a26972dc4b93b6d8d7c09da4e0aa8d38de36efeb63493c5a5819cf5a574e1ed85f2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 11:29

Reported

2024-06-14 11:32

Platform

android-x64-20240611.1-en

Max time kernel

176s

Max time network

191s

Command Line

com.kidswant.ss

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.kidswant.ss

com.kidswant.ss:pushservice

com.kidswant.ss:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 sapi.map.baidu.com udp
HK 103.235.46.245:443 sapi.map.baidu.com tcp
US 1.1.1.1:53 msg.haiziwang.com udp
US 1.1.1.1:53 address.haiziwang.com udp
US 1.1.1.1:53 buy.haiziwang.com udp
CN 58.144.235.61:80 buy.haiziwang.com tcp
US 1.1.1.1:53 cms.haiziwang.com udp
CN 220.194.123.111:80 buy.haiziwang.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 14.205.47.136:80 cms.haiziwang.com tcp
CN 14.205.47.136:80 cms.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
GB 142.250.200.46:443 tcp
CN 42.177.83.82:80 cms.haiziwang.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
US 1.1.1.1:53 dns.map.baidu.com udp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 42.177.83.225:80 cms.haiziwang.com tcp
CN 116.153.46.40:80 cms.haiziwang.com tcp
CN 42.177.83.224:80 cms.haiziwang.com tcp
CN 42.177.83.224:80 cms.haiziwang.com tcp
CN 220.194.123.111:80 buy.haiziwang.com tcp
CN 116.153.64.182:80 buy.haiziwang.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 42.177.83.214:80 cms.haiziwang.com tcp
CN 42.177.83.214:80 cms.haiziwang.com tcp
CN 14.205.47.136:80 cms.haiziwang.com tcp
CN 14.205.47.136:80 cms.haiziwang.com tcp
CN 42.177.83.214:80 cms.haiziwang.com tcp
CN 42.177.83.214:80 cms.haiziwang.com tcp
CN 42.177.83.111:80 cms.haiziwang.com tcp
N/A 10.0.0.172:80 tcp
CN 42.177.83.111:80 cms.haiziwang.com tcp
CN 42.177.83.115:80 cms.haiziwang.com tcp
CN 42.177.83.115:80 cms.haiziwang.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 211.97.81.229:80 cms.haiziwang.com tcp
CN 211.97.81.229:80 cms.haiziwang.com tcp
CN 211.97.81.229:80 cms.haiziwang.com tcp
CN 58.251.62.189:80 buy.haiziwang.com tcp
CN 122.188.38.123:80 buy.haiziwang.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 42.177.83.224:80 cms.haiziwang.com tcp
CN 42.177.83.224:80 cms.haiziwang.com tcp
CN 42.177.83.87:80 cms.haiziwang.com tcp
CN 42.177.83.87:80 cms.haiziwang.com tcp
CN 42.177.83.87:80 cms.haiziwang.com tcp
CN 60.13.97.138:80 cms.haiziwang.com tcp
CN 60.13.97.138:80 cms.haiziwang.com tcp
CN 60.13.97.138:80 cms.haiziwang.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 42.177.83.82:80 cms.haiziwang.com tcp
CN 42.177.83.82:80 cms.haiziwang.com tcp
CN 116.177.225.247:80 buy.haiziwang.com tcp
CN 116.177.225.247:80 buy.haiziwang.com tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp
CN 42.177.83.87:80 cms.haiziwang.com tcp
CN 42.177.83.87:80 cms.haiziwang.com tcp
CN 42.177.83.82:80 cms.haiziwang.com tcp
CN 42.177.83.225:80 cms.haiziwang.com tcp
CN 42.177.83.225:80 cms.haiziwang.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 42.177.83.225:80 cms.haiziwang.com tcp
CN 116.153.46.40:80 cms.haiziwang.com tcp
CN 116.153.46.40:80 cms.haiziwang.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 116.153.46.40:80 cms.haiziwang.com tcp
CN 42.177.83.224:80 cms.haiziwang.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
CN 42.177.83.224:80 cms.haiziwang.com tcp
CN 14.205.47.136:80 cms.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 14.205.47.136:80 cms.haiziwang.com tcp
CN 42.177.83.214:80 cms.haiziwang.com tcp
CN 221.204.43.242:80 buy.haiziwang.com tcp
CN 58.251.62.189:80 buy.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 42.177.83.82:80 cms.haiziwang.com tcp
CN 42.177.83.214:80 cms.haiziwang.com tcp
CN 42.177.83.111:80 cms.haiziwang.com tcp
CN 42.177.83.225:80 cms.haiziwang.com tcp
CN 42.177.83.111:80 cms.haiziwang.com tcp
CN 42.177.83.115:80 cms.haiziwang.com tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 116.153.46.40:80 cms.haiziwang.com tcp
CN 42.177.83.115:80 cms.haiziwang.com tcp
CN 42.177.83.224:80 cms.haiziwang.com tcp
CN 211.97.81.229:80 cms.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 14.205.47.136:80 cms.haiziwang.com tcp
CN 42.177.83.87:80 cms.haiziwang.com tcp
CN 58.251.62.192:80 buy.haiziwang.com tcp
CN 58.251.62.192:80 buy.haiziwang.com tcp
CN 60.13.97.138:80 cms.haiziwang.com tcp
CN 60.13.97.138:80 cms.haiziwang.com tcp
CN 42.177.83.82:80 cms.haiziwang.com tcp
CN 42.177.83.214:80 cms.haiziwang.com tcp
CN 60.13.97.138:80 cms.haiziwang.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 42.177.83.225:80 cms.haiziwang.com tcp
CN 42.177.83.111:80 cms.haiziwang.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
CN 116.153.46.40:80 cms.haiziwang.com tcp
CN 42.177.83.115:80 cms.haiziwang.com tcp
CN 42.177.83.224:80 cms.haiziwang.com tcp
CN 211.97.81.229:80 cms.haiziwang.com tcp
CN 42.177.83.134:80 cms.haiziwang.com tcp
CN 14.205.47.136:80 cms.haiziwang.com tcp
CN 42.177.83.87:80 cms.haiziwang.com tcp
CN 211.97.95.244:80 buy.haiziwang.com tcp
CN 1.56.98.101:80 buy.haiziwang.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
CN 42.177.83.82:80 cms.haiziwang.com tcp
CN 42.177.83.214:80 cms.haiziwang.com tcp
CN 60.13.97.138:80 cms.haiziwang.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 42.177.83.225:80 cms.haiziwang.com tcp
CN 42.177.83.111:80 cms.haiziwang.com tcp
CN 42.177.83.78:80 cms.haiziwang.com tcp
CN 116.153.46.40:80 cms.haiziwang.com tcp
CN 42.177.83.115:80 cms.haiziwang.com tcp
CN 42.177.83.224:80 cms.haiziwang.com tcp
CN 211.97.81.229:80 cms.haiziwang.com tcp
US 1.1.1.1:53 msg.haiziwang.com udp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 61.241.148.88:80 buy.haiziwang.com tcp
CN 61.241.148.88:80 buy.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
N/A 10.0.0.172:80 tcp
US 1.1.1.1:53 dns.map.baidu.com udp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 112.84.131.83:80 buy.haiziwang.com tcp
CN 211.97.95.244:80 buy.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 122.188.38.123:80 buy.haiziwang.com tcp
CN 112.84.131.82:80 buy.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 58.251.62.110:80 buy.haiziwang.com tcp
CN 58.251.62.110:80 buy.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 1.56.98.101:80 buy.haiziwang.com tcp
CN 112.84.131.83:80 buy.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 58.251.62.191:80 buy.haiziwang.com tcp
CN 58.251.62.191:80 buy.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 dns.map.baidu.com udp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 58.144.235.61:80 buy.haiziwang.com tcp
CN 112.84.131.82:80 buy.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
US 1.1.1.1:53 msg.haiziwang.com udp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 221.204.43.242:80 buy.haiziwang.com tcp
CN 116.153.64.182:80 buy.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp
CN 42.177.83.111:80 msg.haiziwang.com tcp
CN 42.177.83.214:80 msg.haiziwang.com tcp
CN 42.177.83.87:80 msg.haiziwang.com tcp
CN 211.97.81.229:80 msg.haiziwang.com tcp
CN 42.177.83.115:80 msg.haiziwang.com tcp
CN 14.205.47.136:80 msg.haiziwang.com tcp
CN 116.153.46.40:80 msg.haiziwang.com tcp
CN 60.13.97.138:80 msg.haiziwang.com tcp
CN 42.177.83.134:80 msg.haiziwang.com tcp
CN 42.177.83.224:80 msg.haiziwang.com tcp
CN 42.177.83.82:80 msg.haiziwang.com tcp
CN 42.177.83.78:80 msg.haiziwang.com tcp
CN 42.177.83.225:80 msg.haiziwang.com tcp

Files

/storage/emulated/0/Android/data/com.kidswant.ss/cache/uil-images/journal.tmp

MD5 15266aa8a747d4d801445fc5442cda9c
SHA1 48a59412dd3616d5b8ef502fc480bcbf66039974
SHA256 0ec818a3ba13df50f6fe41f625d2474690d7c6e732b130885be4b1aa08345ddb
SHA512 ea0bec8adb0fdd0eca692fb747fa61b9b382490542348c89e87c93e114e771a2be3f48b57b0f14232b21a4b9d59d559711cc2be7ee7e823f4ce04a8ed711fb20

/data/data/com.kidswant.ss/databases/beacon-db-journal

MD5 3c115d9845f99b48f977bb19b368c9bd
SHA1 ea24b61040e79b217180e3c1640308e70b2db553
SHA256 e7cbfaedc9f1851e5002eeb7d06d2b38dba2d3d51b355a057c40acde61518790
SHA512 09d74a70649ae5895e07d743bef0b7995c27e623b1629b8caed77fb559be886522c63d337522610d89746c43f1b5edbee843b2d6a9b1160cc98864bbca511587

/data/data/com.kidswant.ss/databases/beacon-db

MD5 fd168f394c695f0805b86ce719f7054e
SHA1 566774a8698a7372fb2f72c42bc8f7d1e90c98ee
SHA256 88c32c722cc185eb1ddb011e9d648d89e99978469d555e3603545136b6cb5fbb
SHA512 7c4514667ff39d5961177cda7c34d38d8642c3299b2c0a6bb85b4832c566fc03a481e1a1117618659385e2b933268dcaee201e83a936d4959148df6a732293c1

/data/data/com.kidswant.ss/databases/beacon-db-journal

MD5 6434fba63e40c37c189b0071af3ee76d
SHA1 387b002a216179457607b8a489194f2542b5222d
SHA256 663af74ac0a01f991d341a0d472eb4b97951f1911fa190d6bacf5acaac8b58b2
SHA512 f68cd6a03f08b1e5764888c426a5f9758dd000c61996d5c00d9a8a6a624fe152b1302421812e4e57bd5b43172d797e14b1e8fd420087d5e3d414e3a0afb44429

/data/data/com.kidswant.ss/databases/beacon-db-journal

MD5 e737c7d44b0a3b01e3f184a2385e9ca6
SHA1 3395e116a2ee7858592a2c0b1efac4d09626af45
SHA256 77a7f65b5873eccadf26aaff32a73f138a00514a539778148d97cdf4be67bad6
SHA512 f32a4edccab758db1555ef14f0ee1eb821783bf3fc693926d57caacc97f637e53e41d56e6614a20486638ba95d7f51f23e179330ca61645f2645f2b34d2274f2

/data/data/com.kidswant.ss/files/umeng_it.cache

MD5 c915cec1e7df8553f5b6860d2a25de8d
SHA1 51b1e710ce7e63b214c31ab07b3deaa8c846d475
SHA256 8d5052bf0cc499dbb23dbe51fb2238088e6f7e0ac13cbceec6aa2e9f952e3ef7
SHA512 bb13097fdc7dee26eef78bfa7c5733f1054188ba924fa7f3b12059e4aa28db162bd1762981c8f6570690ebe87936cbc11fefd482e4f16ebe12d3fbffa09b7e8c

/data/data/com.kidswant.ss/files/.umeng/exchangeIdentity.json

MD5 e44b5d21dd5a51bfa452339a58eacd74
SHA1 9fd3eaa5b783b23742acb443562063e9a3d9c3bc
SHA256 a2f955323157a4e6647ae2f1be36824053480711380c98db44cca34ebbee1a3c
SHA512 0afeb309131711839130195d7cbc6aa99105438779f86af229b93052c9523d19c4990ae73f88053bf4dbc99ccf922ad99f6b44f614745dfe1b390f61bde2323e

/data/data/com.kidswant.ss/databases/pushsdk.db

MD5 8031e7932f4d03ecc8ce35d52b228fce
SHA1 cff205bdc906abe6ed0a10cc95d677b79bcb6744
SHA256 a5c37b370406dd25d1f0e714d4a248f8cefb8955dc983aa2ca946a2f7858d4c3
SHA512 6ebcf9c71aa8592f09ca570bfa28cd591d3e0482cd19799de3f8539b48f9b07e7191486d14c4fddfd3e462146e3c59a8306e05ec9104c7cabf1727383a4cc459

/data/data/com.kidswant.ss/databases/pushsdk.db-journal

MD5 2cd47ada17ad7a4e3d5e2717cb2762c6
SHA1 7cb844672cec4a3bce75c8cf81e80e8ad7cc49e5
SHA256 5f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279
SHA512 c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae

/data/data/com.kidswant.ss/files/ofld/ofl_location.db

MD5 19bd1f5aa63bc981766e8c15ccb69cb5
SHA1 eef2419338fdda9d0b5c3066d90488f74ae8e192
SHA256 2c89601a78321761c44575c6e740109b0ef9b3b1f49b17ee827a0981a73f048a
SHA512 8518a7b2f99be4648fd3e0bd5d4c89c69ae9392cfa3313d8c2e19618dfca2243a2d1797b94d29ae336582cd5d07c7f9613057c6032e66f5c56b42a2700ecff28

/data/data/com.kidswant.ss/files/ofld/ofl_location.db-journal

MD5 5dcb0c577ba4a5e8a3b3f9aa8ce48545
SHA1 7ebffe3d8b2657c7ce0908946de7a6f68e48ab94
SHA256 0aadc556ab88b326dcb0e7534517bc27619658971b3587c170d95a2087cba52a
SHA512 aaf9d9a42aa80e4c76de1b117d7519dd599bf3620a62de334c5a7048ca054aa24d58c448c65082577f5c0e62e84ab0df97302ef813e50ae2bd2f6e9867ad0df0

/data/data/com.kidswant.ss/files/ofld/ofl_location.db-journal

MD5 eeaf3b8f6d0ba1d4a362ad7ddf8eb699
SHA1 b536ae5349111343f3b6c160575c8b2358b4acd7
SHA256 246f3fa4a5445defabdd6afc6aa1dacdbb9f1d26937d310059e42be1f4cc7a50
SHA512 d68a61c9ac0b70b332c2da547d05cb92e2c1a2cd547ad91a94864fbd84902c3c0884fa3e921c3aa5081452a7caf878af7fd5c7d1b0b595ffb58f623d40f337e5

/data/data/com.kidswant.ss/files/ofld/ofl_location.db-journal

MD5 0c245951f43f6fb1c19448ff6c8b1ddc
SHA1 8e2d663e17b9ef8d9b62b49a2b877cb658a7dd3a
SHA256 ceb9416a7525e30cd18ebb7d518acc639a5f877354cc6d25cfb93c01934d1507
SHA512 e8c2f12f1ba4cbd48ef584d980d15a67a92c0ad01c2f19ccd70790b02685ae9a70f77a9f42bce4c3f185cdace328cd0708758abba82defd5f54ec99cdf276219

/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journal

MD5 dc79db8cec4ed39c529f074ab0e4028a
SHA1 80e42c44f16d2c7db8ce59d7201251449e178ceb
SHA256 4072e775927ea32714df552a3f15bc5bbb7f5fd85730d552637403d8e7cd86b7
SHA512 a9b660b6138392faf72395df2a1db3a652466d8b9c9e0595358fb7bbd4a2256e329544874fe0e9722cdb57d60f174da565e2251e7df4060464da5e741618fad7

/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db

MD5 744ba4d6f58e22f8f82d56a50e4b5373
SHA1 535e389f9b7f2e0d14e550fdd00011dfc255e0b6
SHA256 8b47d5b310d68b6911dbcfd7ecda4d7131351f66365f81db82f2979ae2f53592
SHA512 e888ccb7fc6722eaf8fb6bb8370c55f9eaab299be08db7c57038efaf945569b62b7b6b2dde5169044c5d60a4a9a9051ee7a7c2146153aa7d22d8b7c8f3310055

/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journal

MD5 60172c59f274fcbc1143b90434fff57e
SHA1 7139dca4c924650eb8409b4ca4eb7de1f5540ebc
SHA256 aa57f1e143583b858df358a3326d974170257be40ce2e5f6bea53116eb779614
SHA512 863de0fc15f94669aa416a6d695b410f515d529be2aec8345c1429883cffe0edc7e58ee0bd2c6e769127690bdf57788502b716f18223ed2187a7881a4a9f5f5a

/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journal

MD5 67a3e12aac2043f605e73d29995f4428
SHA1 f86f465592c367e8a45fdcb1e13fb883ee020647
SHA256 b5622259c9b235b956304351648f619f6a5dd8f9cb2a22658043ae6888ffc4f4
SHA512 afecd3c334324e9ce84ebac42f7422c993a0a47922aed59140667e20addba9cf7a741d92a40c90e331518dd38ddf6c196297cfcaff8d553ed192388155c6b288

/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journal

MD5 36305a1117f557420112cbc12938d51b
SHA1 e2aef225de93566c5ed1131cc3482d1e84b35cb2
SHA256 245b7ee71af41a3a11834cf0012c7610af56219ab5441f3bbe766b795db7f98d
SHA512 5d68b464fe5a662e79e6d2b1bee1330e5722b96921d41dc729e2efb0c5061febc4dd1c51443d5ae7d74089ffd8112be5c4479bf215dc5dc3c82a399144c290e3

/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journal

MD5 15cf6c884bfb49a61234830ac4430069
SHA1 e6b43135295ae8de2c811bca457fae776f951220
SHA256 aa093f8b27f77eed05e59be07effc9662f979aac8d8cb5837d1debb3512c0383
SHA512 d8f6e7055ec6234547040819cda3d38caa73a0ad076fe766a12da7bd1cf62b6416f75498091da619fe92a8fa682d55b366370c25a57afca5140a3d145cd7bf4e

/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journal

MD5 710689e23db1d50ecef0c7ca96fc2dd5
SHA1 55e5a69ce9339bf195be851f32c0da8f9a032c99
SHA256 452bc9d3e3972d1d97a5565eb53507b1ffffd3b71ab50da1838d7e06f574dc34
SHA512 38c26266798402efe5796f71d5e3a471ee51e34dbd71990c8a28bebfd0c857070448d75ac0f82cdf7c29185d33dd7f11912d263d09298359d4c29dccf949ec74

/data/data/com.kidswant.ss/files/lldt/firll.dat

MD5 496e0b7cb9f1bd755af234891c9442b6
SHA1 0ba354db7adb8bb8760a1680bec2c22e6ee1dbae
SHA256 66762ef8883e2c6b8f841b7a07f64a90519f4ab86445d13d1133625d160f1d9b
SHA512 97eab8ffc4ea7bc0ed23308cfc2c7a3aa4a58b3ef6f5652ac73dd93a6c57709ae81d439f623972c14e931a8f02516f669f80855d28fa8be629032640eb2bade7

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 a411b3ae19c92e5eddc22aaa5aa96220
SHA1 fc85e6eed9df85915de67dd77bd7e528d71c5500
SHA256 65d7ffdbb538fadb6c7d74f55ca5b2c33c200373fc9330b6127136864ff49b43
SHA512 decd895f0126309a7b0688455e36b3e731dd8afe96615ffa9eb54ebeb1efcb7e2996b68dcbb491121c51ffa4f989d3749009016e5a39532e0386fc24141c02e7

/data/data/com.kidswant.ss/files/ofld/ofl.config

MD5 f0375f9300fd8a6ca3e6c317771304ef
SHA1 4acffc6827591783c9d86b1e4ba0e53e7ee1615c
SHA256 adeaa8b028dbe2c4f9f6556b5cdc2d8446b996f845c31d64f390422545878c04
SHA512 8978753410895e8bd4dcaa4fb823b0b0bdf8e0c7734369910f84a3b4f7ab6d07978715e3d3ea3a8a318a93daaa572f47adf95a375925626d0dea00a56d6183bc

/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.dat

MD5 161557b06b4a4d3ce095528dea370eb7
SHA1 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256 f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA512 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.dat

MD5 ce16bcfb70910ff3b1c83511db068668
SHA1 2083f30075bdb440c88bd8869407f1d1e60a5c11
SHA256 8a74abc89762e1aadebe54c76124fd3fb21a99e8af297bb6a55050699f4928d5
SHA512 dd6f64b48c3eed009acc5f318e7cd072fb1727933b7ef04b1744bf3266c02528fc66644bddb7ac4d88e3deb0c2dd233d9470564b4ad74833bcfb37d155e8c6cc

/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/conlts.dat

MD5 8d36fc98dfb7c03549777a4957dff7a8
SHA1 f4f2129b540c8fee376cc6ded0286a0fd925ec77
SHA256 47767076c716756575ff7ed13178b462c8e74eecd63839d903ae5c3b0fc643f9
SHA512 bb0199cc1da2f95b90d0d7c5d6db8fd9d3dc0a4c40b57a7d844fa0277aff41d7c5d7d6bdcc07371c272606855ed1ef9b6256827c95bf5a6cfacf2c0e7c0e27da

/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.dat

MD5 8d19d579e7b81902508ecb809d07cc49
SHA1 ebc5686e9a3e64023a3b0a6ad7e5460af994c352
SHA256 564d9431b608baff20c7353b7d4f7552e986e99c53766940e17d209a03bdb2a4
SHA512 afa22151ca4fef1dbbf4cc15b96de5a97b5faadca139156076e82aa36f3fe30d70b32b5f3307254804b60e913949a936b446a54f23bef85e34ab841aec965e12

/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.dat

MD5 0b2bab650dcebb2a88f409a7776daa33
SHA1 2b037d0b158b65f8db55396b893a511f5c331743
SHA256 95f7e57ba46a4c2526f06eb25e121cb66a26cb314a4ccb1d8d9a3eadc336496c
SHA512 552ad1e3284b7d5d3239cd8b523c0f7e019e9fe64db80eb32754ea4140edafd97874d4d0b9846d5edfdf1891161110df43b3a872d2a9fd1d2f4ee6c651797296

/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.dat

MD5 1a88ef2bcf0a5823b2de0abfdfb4dd16
SHA1 d5966fe5c7f2b74110472c3a7fa9de5a45c1537a
SHA256 2220e8ec003528da7677d2aa412fd51f1e4ba55e27dab4dd2a4bb7b6513f7c78
SHA512 c386ecb400f6bc7ad0ddc1c5b5cb726ec6ccc485b16c42cd7be541d939a771822386e3ea0f4175e7d00a13976e0c19dcb5c8e9406b7c6c93ccc3712e31fbb039