Malware Analysis Report

2025-01-19 08:02

Sample ID 240616-s364tsyfjf
Target b446e85fb241af42680d602e82a4aa34_JaffaCakes118
SHA256 bee08d4200ad022acbe843e2d33ff41d6d8f790ace301dea67d2796178c79573
Tags
discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

bee08d4200ad022acbe843e2d33ff41d6d8f790ace301dea67d2796178c79573

Threat Level: Shows suspicious behavior

The file b446e85fb241af42680d602e82a4aa34_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence

Queries information about running processes on the device

Loads dropped Dex/Jar

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Makes use of the framework's foreground persistence service

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Queries information about active data network

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 15:40

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 15:40

Reported

2024-06-16 15:43

Platform

android-x86-arm-20240611.1-en

Max time kernel

163s

Max time network

190s

Command Line

app.daogou.a15715

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/app.daogou.a15715/files/hotfix/rocoo.dex N/A N/A
N/A /data/user/0/app.daogou.a15715/files/hotfix/rocoo.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

app.daogou.a15715

app.daogou.a15715:channel

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
CN 140.205.160.76:443 tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 140.205.160.76:443 tcp
CN 140.205.163.87:80 tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 140.205.163.87:443 tcp
CN 140.205.160.76:443 tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 140.205.160.63:80 tcp
CN 140.205.160.76:443 tcp
CN 140.205.163.87:80 tcp
CN 59.82.29.248:443 log.umsns.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
US 1.1.1.1:53 amdc.m.taobao.com udp
CN 140.205.160.76:443 tcp
HK 47.246.103.10:80 amdc.m.taobao.com tcp
CN 140.205.163.87:443 tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 140.205.160.76:443 tcp
CN 140.205.160.63:80 tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 140.205.160.76:443 tcp
US 1.1.1.1:53 amdc.m.taobao.com udp
HK 47.246.103.10:80 amdc.m.taobao.com tcp
CN 59.82.60.44:443 log.umsns.com tcp
CN 140.205.160.76:443 tcp
CN 59.82.112.112:443 log.umsns.com tcp
CN 140.205.160.76:443 tcp

Files

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9496d76a076b2896f1aa638cf0d2c814
SHA1 2b09e3cfd2092a0fc6c766b70d8e598c5055e221
SHA256 7c69d43ad00731a98098209abf88dc96bc3f9494eefedac4a2a2daf81d7e11c5
SHA512 d44a0efb55e72f56fbe9f6014323e8c5e8cb5070014ec4b3ed4a8ca52168a8fabf7b2c942158e27485568a06cd72c1f7fb9d161ad4d47e974985226676b5bc95

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 e3d1e89ee89d9894240a5d5104fff749
SHA1 1268fcd649addbd9bcd8aa032a19bd2568f76034
SHA256 9481cfe6a4fee494eddc3ff6ce19fc68441328a667a940ad540d5824f1345092
SHA512 a8c3ecf98f0ef4e6d800b425eeed886aa730851507096b61bc05d6c16ca54dfb11b470505e5943221e4d256e26e49c3b2daddad6bbe96405ddab49b8e97aed08

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 924cf29489e5839cf5fb0abeb7955eb0
SHA1 3b701f3da3c4b014e7dceb4d5206ac8ec646650f
SHA256 c32502d2c93ae556f5ef6e00c25732174fa37db75472d828390af1c14a3faabb
SHA512 98e36b634b824eb40249ea0ff02143e5eb331e4521d1fc2f735c622f45deef3836d9339f672498f59ef3bfadb714844bea8675ae8e6b6d7818ea69d04d42f254

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9ff3b1cc965fe6d8d214b50c64a02775
SHA1 91e923e06e8b564b4be16e1fac6b577549db0fca
SHA256 31bd280d0b548113f437b20a0d56e4527db13b812880b1ef21b1e255b0e52497
SHA512 388eed3550c9291168a145258e95d6c39a51d6cc42f28f5a16665d4b0dc1e62a645cd4cf95c0b6ceb77a13b5c14906e392f1126e1554738507995cc3e8df3190

/storage/emulated/0/app.daogou.a15715/asdklog_s

MD5 e71c0c2e23f212652a85283b92583d21
SHA1 b10d72d391983ff662e64a6e827ef62966d732c0
SHA256 4b59e91be59a17f2957ba90e75482fc2421b9c5da14bbea5b830dc0b85aa121c
SHA512 d434356ad74fd0fbbed74c9b3fc001e317dc0672c061e5d9732f12854839b921b9e0c0f6bfbec3dcd6eb9e62570733eb63b32595f0edfca2751a13302263dea4

/data/data/app.daogou.a15715/files/libsecuritysdkx-3.1.27.so.tmp

MD5 e6c1181c66c5d50da919dd1f0945ed92
SHA1 9dbd929e52664dcd14c52f1cf8d27dfea8ba6d58
SHA256 c34c6d290b75283ab2ef58226e27c364c02ef29ec03d1e3a9a06be0fe4732490
SHA512 48a4458f61190a770d5a297180a77ba4314dc790c171d2a26badfb9e75ab89891ae7f1683c198e6f7d160c3f038ab0dcb35986fa5fd532bfdfd3a4bf20f396b1

/data/data/app.daogou.a15715/files/hotfix/rocoo.dex

MD5 23c7317eeaae9f5242352287de943c66
SHA1 3f8e988d5ea30ab56af5539c7f2b97bf6a024855
SHA256 c5907bdfa427148868d97ffa702226edfb15f26812ca62407786ea83e9d9f9e7
SHA512 31e9c90438b900c6997d4bb3d09409872ef16e29a8f5535d462b6a6b632352e4a6df328e045af420d41fab221ef45a691232b2aec2e95c7373c96ef353a2d6e5

/data/data/app.daogou.a15715/databases/minishop.db-journal

MD5 cd1aae5ab3d7d49caf43f961810a94e1
SHA1 ae776100ecd5c6889e527e81d97c0d80f3fd3769
SHA256 4ba2ba776d11099492e0f22567a3ecb12e19ff6e83399f1739ae2d24cdb2862a
SHA512 d97eac3c968b0f9bbfd80ef823cc089f85d5c9080e24ec742ac240fff1f726d38458f0c4c9ed8fdc5b7ce3101192b0273583b918c96b223b3ba62ae8c0c1f556

/data/data/app.daogou.a15715/databases/minishop.db

MD5 0fc619ab6ee2c1558e4205acbf019bb4
SHA1 10abbc722458924f7daa013e0e236a530b0be5d7
SHA256 786f92e48019041d400cf8d695614de412baaa87ba6c52ce4b90787739403d26
SHA512 902b590ce56845e79f998f0822dcfb68a23e292c569d478b5b81b105e56f0c19b44ca504e3f76d3ad05f1195cb6d1b2e2359b37876837769ec2dbefc9173ab27

/data/data/app.daogou.a15715/databases/minishop.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/app.daogou.a15715/databases/minishop.db-wal

MD5 914bc7a5e134943ded606ab3fc3bb443
SHA1 e63978f4fb6bef64697e51224b50bf45e5cf1b60
SHA256 bc9acebbc31f050d6435f095e060ac69b4d6ee610ec56c83fa7302c865e64bc8
SHA512 285d45413301a9ec418d8dab2386fbabfe67cb759ebc152a7b0a0bcfd86239f10deb547380b03769eb2962f88697bf9ac6d0bd680885f58877a0ba50c1391097

/data/data/app.daogou.a15715/databases/MessageStore.db-journal

MD5 43d8c80ae356b8b4263c346f5df36998
SHA1 7c4b48df47f4f12a252a3eabdda6b7051035cac7
SHA256 f39bb9ccc4164c5c59fe36a62c9b58068d3a73cacd82dc55fe07dd619c66fa4a
SHA512 f26279820f3972ed2f0d502435fd8f1df51b84aa4f8ea78653027fdcd5a0d2f09e3e01cdf0dce82655a5abd25dcceae2d55e117edd69e3fa849f8e1c573ebc56

/data/data/app.daogou.a15715/databases/accs.db-journal

MD5 ccd75175a0757fdac1018209d848aae0
SHA1 4362d098a43d44830ed3c5012b768659f8fefa53
SHA256 df5dc9a593fb0c5e8c5fc17b2fbf81935067d1a3e8673c4d0529660c6807e501
SHA512 0f122b6350c2db98003453772e0d52761855a25e2970ac89deff68da7c8e265453e53e42dc16cc2b080c067cb3547fc4c981d229169321d8f82d98e48e229f81

/data/data/app.daogou.a15715/databases/accs.db-shm

MD5 7c52abb64954b5508bd05ddeb5835dc2
SHA1 9dfbf06aed3db8bf1a4f69914c7891e8eb07fe3a
SHA256 303d80b4c363f62d52ea8cfacc63d75d5cc5b96a66ec9a2cd725f53c9d870737
SHA512 9f78caf6f997762fb99cde50451e2cf834967dcfbd2614b23ea49ecea741990f44d1875009200abb4bbbe1eeff8b6bcc9aec29af8dc6a892ef9f36d594c157de

/data/data/app.daogou.a15715/databases/accs.db-wal

MD5 486e2bac2b3e9e1cb411d2838a4854bd
SHA1 81dd0a7537f4af319b830ae834908986be85da8b
SHA256 5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512 c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

/storage/emulated/0/Android/data/app.daogou.a15715/files/tnetlogs/inapp_20240616.log

MD5 a8026114797e80b12e3df3ed113a2d2e
SHA1 d66cce2ef80ef461c1fb178498d8e7ac16073a82
SHA256 c5632b501f6cfa1b286fb63c8e747068986a06c86c7db5f1d9242718d12fbb25
SHA512 3aa7b6254a8d3ace3d22be0d7865c8481fa154442f35f73fc4143b5e96f7afb9200c068e61caef1178f87903fb808e1db68d428e2bc39fd319248bd0a10a6f8e

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 2cc1fc5d8d987316924282df1e47148c
SHA1 e5fb3033a9fd431880505a846023255b52ff3c7f
SHA256 2c782c9f7f55b18488affb92475815d0d03c0a5ace571655f1f58a95a46e58ce
SHA512 c0f96db962e8ad188ea29f9d5d79c1dc114f6be09be646f4caba8b40b013fa556627cec300fe7fdfd5b74786ff0a950118ea09025a0039dd455a05b1a1a00568

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 d787ea16cf5647b44dfe6f7b07dcdf04
SHA1 bc28ddabaf3b93471655fda873f405880af6500e
SHA256 dab824a962f9b49aa22bf1d25212089ed8e9d10d8833dbc636c60a4a76d02762
SHA512 323f45264e31a1b23aeb17d9b12ad67b36e0fece01324dde1bce773e68df1fc8e65ae7819a2b1f20828a089eb30fa4e2cbb0094e43fa9508a02d8714bd5d70ea

/data/data/app.daogou.a15715/files/libsecuritysdkx-3.1.27.so.tmp

MD5 4b97df244d8027c60fee624355e1c59c
SHA1 565d81dccc3c53ad6ec3a63abcbd57b63beb4248
SHA256 e428013ebd9d991a22b459c4900e59856f713b09119c68d9d0a1428ed66ec44c
SHA512 b193a46ec6a0d2184b6bffeff2c5e01e86d0e9ec201ce8da9f3fdb716e9330f084e9dddf583282d4bfafac3e058619eb748dc891f52dd6f3750a5c5cec50e27b

/data/data/app.daogou.a15715/databases/cc/cc.db-journal

MD5 92aea2667d24fcbb32b4199c761ae780
SHA1 5ada7566a46db3661cbe399503876658aa29fc4e
SHA256 7420104e6b27d538305c8759de385db71d854d7d6cfbb519841aca972e95c5ae
SHA512 bff002d3108da7b487b4917623f271f889f132fb6ee872b9857bcfb66418513b5a0829494f6b0562906a06a43f880a0ca49de44ccf95219f586d87f010a77f3f

/data/data/app.daogou.a15715/databases/cc/cc.db

MD5 3b8550f648a7bdb87299ec5959a69655
SHA1 5f4b433aced4bab65a0bd8342425ef1f2c967be8
SHA256 e0f48aee76f9207858f16b425f264b9c59c8db46f07883c63f67578024b3ef37
SHA512 0523c55c28e8d5c81c57bf7d56eb12286958c45b44f4719990fa9d5eea9ae36cba8c2e4f2c0b7c555b23efef30f17374b9ed2e09c17c1e04f7b0ae1caec405fb

/data/data/app.daogou.a15715/databases/cc/cc.db-wal

MD5 c1e21fd137e3f92094e4209bb58f29e7
SHA1 d31238026c824cf6a578a80ef27772371384e0ec
SHA256 d97471b2a1dd5b7c84431b65a46d85e7e0a2b0e525b0b0c5ae7481b56a2fc9a6
SHA512 6780559d12042409ff0e5e24cab10b80c30304a0f574bcce1eccaeecaa12f024c3472c7230b7000f41adb02e0e13d95f2621d884e7172e14644e63f1be7a8c1a

/data/data/app.daogou.a15715/databases/.ua/ua.db-journal

MD5 e590ddd222e4ab4fe68d0176c7e3e829
SHA1 ce7d96886782fddc91e3acb4882da42f833fb4a1
SHA256 ee59439d683d294ecc0809774663584a92f6528d8f1c3de37d2264974dc85240
SHA512 601ac6574f5324982e5a9fbd02ac73cc616c3275b8161c14c4182bc4a3749ff4c934564017231d17c019911c2090b8e3e7d5b25d004e59a24a84b840a3bf4475

/data/data/app.daogou.a15715/databases/.ua/ua.db

MD5 5e23d1bdc23149321b7b6eddfb8139bb
SHA1 ab47fcd08e35ff14c9b6229242dd0a1d16713686
SHA256 02dbc1d3d61f200a612c2bf9aa1fa46220b8c4ec12b3eabb12e45382dc1f40ee
SHA512 5f04a3669ae89412a9e45936f0cd302c914d382629b0c9641a94ea11a141da7192f951dbaf4ce1c77ebbe33852e0258bcf9fbdaf89d7d5e58f0eb3a8d4aacaad

/data/data/app.daogou.a15715/databases/.ua/ua.db-wal

MD5 a5ae1b21d81cf83f5103011add6f811d
SHA1 568f1b752a198eb5ba6691005b440bff6763dec6
SHA256 07faafef706f013f3ddf1d886309812a4a855a2189978233a6305da404fc2dc6
SHA512 219fd8c7d53f6f69a8957c1a8542b1bd6b0241ca656ccdb0742350b482f50aa1a1cfefe8312ce7e1c09420170c1106523749b9eafba84ab1f99c21a00f4fa01c

/data/data/app.daogou.a15715/files/WXOPENIM/openim/06-16_15_40_app.daogou.a15715_4184

MD5 652ae7414184b6d4de5557c7a536c5ca
SHA1 7fcaea47dcc52ef02ab5b8974f0709388d35835e
SHA256 150621d2d3dcd07ce966777932d938e7fcb921b064cdb69098c2d189a957f0ff
SHA512 8c55c8589da4fb3ae2670a097c9b80f9b9af7731daa0b2591ab0b41ee4c1030f1cfe9b7d5ad21f9c285896d2076ae5ada26130666b77ec85cbc30cb8331628ff

/data/data/app.daogou.a15715/files/umeng_it.cache

MD5 d1742d443ff7a1133a9c63d851be7dda
SHA1 6985f6e372d616d03d01860c707ad39ad81d8f24
SHA256 f4a028249d899d574b54a4fa1e6ec9c2be412dec2fed1a85e35dac199d9f20c9
SHA512 6de29123acf6d76bb871ebea9734b85e429729de3cf0e7345831c85316e47be3a6c68cde8fbd9c088a5bbeb8a4cf4b89378b74d8b13e5036de3cb1586970a664

/data/data/app.daogou.a15715/files/.umeng/exchangeIdentity.json

MD5 e5539f64bde966d5774b3044a271a63d
SHA1 727c130bb6c2a5b271697b7cf87ad30c3258ff6d
SHA256 f5da3b3e5c5c663d6fff3bb76450b92b1f13bab4f0076089662e07d937eed192
SHA512 9584d20987b40d3960560b0cc315ed3cf35bf595de68fbb801743da549ed335ea224c2769dbcf9bddcee434084535832d1c66cceb0e5c6872d525bd1cadae237

/data/data/app.daogou.a15715/files/exid.dat

MD5 036634a6a1b58fa7d012f90d053c9ed1
SHA1 1e2a8d9075d0da179e3d212c1714d70b9b4d5cb7
SHA256 2af0428f8ff45319f4764049060cfcc7f6cd82a9ca170d7d085b491198956d83
SHA512 c6a6fb9495fdcd936701fb722b09db23d028bf60bff70ccf15df322f4e6d189ef7ebdb43b03c1d9aa3a3cf7c6a47c9729d7a28b69b5a96dab583d11104e623bb

/data/data/app.daogou.a15715/databases/.ua/ua.db-wal

MD5 8320711a1ce27660debc5e6ef09ebbac
SHA1 0eeafc2179f1519d2a63cd47b591c5dde73b20ad
SHA256 5f80ea156e6a7833c16bb413bcaec62b6a3b23842e25582598f619395a77d0e5
SHA512 9e86aca0448098e16ce52fc57989108b12a89c870107cfc5394bc69f0e33279455cc701167f138356204434c9c5d376b4f3c099af4b8fda2fbc7ab992b4091b4

/data/data/app.daogou.a15715/databases/.ua/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/app.daogou.a15715/databases/cc/cc.db-wal

MD5 41431106f92b134c3f11e623bdcd25a8
SHA1 a16f54f1a2a2e84844e83f00092f404c8c8649e5
SHA256 6e9514980d57e6123c3b0d0aaa621695f53e4a63074a1f200f573ca4424fd25b
SHA512 331c80f7edd3c29e54813d1a6c867fd7e3a742ad56b8e6f2f5a86d79cf78709030d761c29b41f786911a0844ccc7073b11484a7f0a224cbb85f3d0d13736dde3

/data/data/app.daogou.a15715/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/app.daogou.a15715/databases/.ua/ua.db-wal

MD5 c19dffc8902e5391ff70e648c8437f14
SHA1 07be46940cf0fb9623e4c2e974baf0f0168cbf92
SHA256 ac60faddbf148c14a7045c3cbce68d6fe27a9f6fac364470cee9d25897f86100
SHA512 bf78587dcf6a6a9e5746f7f982af00c9a31f37b6e468918fbc5c8d6807e10c316f71604abd6b82789042893ca6f952c58da70ccf1d7f92e2374937d5ec6b18b1

/data/data/app.daogou.a15715/databases/.ua/ua.db

MD5 d22888063396676bc1a1558694513115
SHA1 7862eab21ed0f9e8329af41fa96fe7e536ede71c
SHA256 53d4f5a9055efd448c2dc0d027a3e4d7b86ed485af9209fb2c90f6b8886cbc6a
SHA512 53d3e18e182034f93bfc29c0e1a386956a3a85a2be6d5423f47dff07177728564e7e57e462a7d3d89e88727d534677cbe070e738833bcd2455ef6de7e15aca33

/data/data/app.daogou.a15715/databases/.ua/ua.db-wal

MD5 ad2eb63f6ae19c1cf3776ffa5b8fc122
SHA1 e3255f346b93fab1ed0c4b0211822737a6b88234
SHA256 de4cca2e19fe01de047d50a047ac84dadcd7d2141d1782b21dae903e23c1680e
SHA512 a2f5160c66a6b65c9be2a8c48634409616d8c6c48da6ba4474fb15bf685130d626900a9e597c6d14386a657faa6c5a3c4e536e890d7fec655406c867f490836a

/data/data/app.daogou.a15715/databases/.ua/ua.db

MD5 354e30ccf935f2d209630a99724170a3
SHA1 3f707a274cfaeef828d596cd6a309aeb487bbe4e
SHA256 e9520dcf8a89c05c439cd24f7e489ac2d466e2e7328e401415e3d2ad092a20eb
SHA512 302740c7660290c804583191a6fee90456ea53992c9fa07c68e39a1873e6606a843bf57477cb4a5036b7686326807afd387901bb2d2fc5050557cf0fead0fc72

/data/data/app.daogou.a15715/databases/.ua/ua.db-wal

MD5 f0ca70aeec123ce0873fa4d892596de9
SHA1 176ae2c3ee2e07cb5fd7e334731b2667c614586b
SHA256 7fd6160cb19833ddc8bd10366bc9f1e37f860945fffabdfa3c4a48a2935ef20b
SHA512 7b5d7f887ffb77be9db5723d858f7f5c04be11b7b93ea47408030b5199529fbd5151b82e9c392d6b8517da2dae8c5c9d6de36fceb97e139e70220fb8b1cea1ba

/data/data/app.daogou.a15715/databases/.ua/ua.db

MD5 c7dad92cad10f82e53855996b4375afc
SHA1 a21e3a05085bd09f0560a5950e69921e695d4f4e
SHA256 c78ebd3bd08f124e255bb63a7822f27323aa1de481b806361be854b53876df5b
SHA512 e5c8ab84937c0b04739e273cc0f6d4e17cd05edf62760786487cfe790821e3376333515d90efba2bbb147d98b2a9de65316a2d2d9f2ba77e71d22e3b5e376a6c

/storage/emulated/0/Android/data/app.daogou.a15715/cache/99ffff3cd540479d9768799174a67376

MD5 eb989d6571047c366f8aae83b88308cd
SHA1 60b0a60e236a304d4d20a34ba3bc67f26485e836
SHA256 7291506e08a7c4abb37dacdfda51c17402184566c717d29bead4952845e3c186
SHA512 3df396cf54bd2a6931a6fb185601004ff34b051f8cb8df41d3357981909a52ed8ae29f73580dd4a24eb67653904b83f5c15f2ba365b7c82060cbe02e501706dd

/storage/emulated/0/Android/data/app.daogou.a15715/cache/02d49a09258146a1a21b416af39e0484

MD5 be6a4a69f150e4109280e82f023b62b3
SHA1 9f46d31db6bbba02f30b34f1a21f89e70adbf068
SHA256 2dc0f88f7f6ee06de2bfe53ce5396954bfc3792daed83d11a912bc9a5f2f4d18
SHA512 d1a25e884996a94f9363634487fb0e3e962da4c41cd599171fee562639863476dcd330f621a650d7997cd8d7ae4c4449840c11d51becd5e914c5d96527e3b492

/data/data/app.daogou.a15715/files/.um/um_cache_1718552557356.env

MD5 96871e87de892b6eb523680a2ac03a6c
SHA1 669617a7037f48dfe7449a7d5225d6ce4e27e619
SHA256 93768b216b30eeed1323af1334281b79a570c0c8ba3606388d5a3487abefd006
SHA512 4604ad86159f80c33e2854f7c6d4f795f81b101098f0dedef436f05064dbad62d58a24838ed9be9122e3b30b30860961a0dae80f29cccc10e5c8719433aaf8d8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 15:40

Reported

2024-06-16 15:43

Platform

android-x64-20240611.1-en

Max time kernel

140s

Max time network

186s

Command Line

app.daogou.a15715

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/app.daogou.a15715/files/hotfix/rocoo.dex N/A N/A
N/A /data/user/0/app.daogou.a15715/files/hotfix/rocoo.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

app.daogou.a15715

app.daogou.a15715:channel

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
GB 142.250.200.10:443 tcp
CN 140.205.163.87:80 tcp
US 1.1.1.1:53 alog.umeng.com udp
US 1.1.1.1:53 log.umsns.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 59.82.60.44:443 log.umsns.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 msg.umengcloud.com udp
CN 110.253.188.231:443 msg.umengcloud.com tcp
CN 140.205.163.87:443 tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp
CN 59.82.29.163:443 log.umsns.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
CN 140.205.160.63:80 tcp
CN 140.205.163.87:80 tcp
US 1.1.1.1:53 amdc.m.taobao.com udp
HK 47.246.103.10:80 amdc.m.taobao.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 140.205.163.87:443 tcp
CN 140.205.160.63:80 tcp
CN 59.82.29.162:443 log.umsns.com tcp
HK 47.246.103.10:80 amdc.m.taobao.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
US 1.1.1.1:53 msg.umengcloud.com udp
CN 111.63.206.4:443 msg.umengcloud.com tcp
CN 59.82.31.160:443 log.umsns.com tcp

Files

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 40cf7fa16398fe953c834cea757805a2
SHA1 1bfec6183d8292e4e0ad5adc272204711fb5e99f
SHA256 057846fb021f719b7e5cf51b40b258af07bc48c1953fe3516fab9a2d734967e5
SHA512 13b7fce6559e6be810c499facf3d002f930b19110a702b319687af3e018f815f7b3ea12a928a13c2147d0c967da3512ff9e5fb6daff47d254849fbe021b6fded

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 81f5f21152157624ba3d9aaf4e6e19b0
SHA1 feb34d980250636a5c3a0c3f73004796da210d4d
SHA256 fb4006c5a8d965b3eff0b94cd23212bfd0095f2e6bd70df34d5216db4249e58b
SHA512 60c29d308fadceec58b9097e6220b6731a629f2816c5f3bff4e54bbc6b0d097733e60e9943b7b6631723cd99b176cdd74839ad51fad1ad93ea2427656c8adaae

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 fe943db92ef7d4878f651d1ef8dbfd2f
SHA1 1d633ee2388ab48ac2d868f98aace57a841ac613
SHA256 37261acfeb9cefc2cb79e79066f6095e846fced5355ddcb12e7251434a8afb14
SHA512 2cf3c479062422da273068b129bc226805c5ea1c17bb41740da46c5ac9ef9841490acfbb7c8bf755d3bdc4d6cbda4f935489a9bc8798a0f25517b565ddb876ae

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 152caae39d93a6a5f147c7c24572d9e3
SHA1 607c9cc4b08c7951f7e06a949ecec3efb667c795
SHA256 fbe65be30981f7fa33e9018e9277e9f7adab0e2c1eeae1a3d9b9c6699a08fa29
SHA512 eefdaa46b437a39cf985fec46063f4dc50cbc02cc4b35fdc935b1ae31f01d60757dca7c6bfc4a255abb2b610a1f4123ba617fb76567be226bac8880d133e130c

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 3fbc639386e9423779f033f112b9ae50
SHA1 8db6dd8a5268cf8c9ea41a37c52f640351e35279
SHA256 5044083ceff2f70fed6ec57dc65a053d276d6ea16b3e83548b314b58075e7271
SHA512 1209bb3cc72a733ca03ed34dd33ed54d795ce2bc5120c129c1bd559b7e166ffbaa23835f053520eae16260f6f6da0f5922a3b85ae3268dfcd2c6a9dc8cead447

/storage/emulated/0/app.daogou.a15715/asdklog_s

MD5 fcf80d912bc8ba044109c9faafe62985
SHA1 9f9506d3ed8966f090e1bb74a9cc8d5f4560a0b5
SHA256 1fa416951aa17c03a00c16a54d8cd44e2933200cbe665025354245ec78548c01
SHA512 819d47190a4f4779430ed67a5c3b18211f8dc2b1433d120ef2c0efd196f19626aa343cef254b4a67e9812c039f7e7299e4c720ff175bbb162637b671839ab172

/data/data/app.daogou.a15715/files/libtnet-3.1.7bk1.so

MD5 0549c52a643d03f97e2aa48320db96ef
SHA1 7a6abcc753f542461fee47e69208703415171ef7
SHA256 d4ab9319618f92e17ac9e3664c470ea9ba3df089955d319eb3cff402f328aba0
SHA512 bd6546f39a9197608ce95f119d0146ef970188ef4fa67e6d90435f15eb833ee9d9b09abde84b101642fc58d705d7dd830c1de3788df320e0762f781aa4c76156

/data/data/app.daogou.a15715/files/hotfix/rocoo.dex

MD5 68ed65a5cfdd203201dd9178dff2342f
SHA1 206f41b3614ead4ec5ba0dae6567bc420ffac6ee
SHA256 f505e40d47e442d74b70199dbed5a6554c747ae911b045c91b80825c70bcc596
SHA512 abb1c049fa5da3b91f5e3c6dd7535f35964403df30fc1dad95db8daa5f7312ea13e95e2d4d5774443d57f302a2bfb787cd2cd717ad59ff16b632886b692572c6

/data/user/0/app.daogou.a15715/files/hotfix/rocoo.dex

MD5 23c7317eeaae9f5242352287de943c66
SHA1 3f8e988d5ea30ab56af5539c7f2b97bf6a024855
SHA256 c5907bdfa427148868d97ffa702226edfb15f26812ca62407786ea83e9d9f9e7
SHA512 31e9c90438b900c6997d4bb3d09409872ef16e29a8f5535d462b6a6b632352e4a6df328e045af420d41fab221ef45a691232b2aec2e95c7373c96ef353a2d6e5

/data/data/app.daogou.a15715/databases/minishop.db-journal

MD5 7e34a58a47473a882a01987455dd9a1e
SHA1 3f100be860984bbb945b6b5d5a4ecdfb5a30d9e2
SHA256 cb53fdb5b7efc5995ef5a9f109006d23cb54bc56bedd96b8ae5ca297e5f09645
SHA512 4c06c838b38a3b8bebcfc3519beaf6af3f67a0345d123081979cdbae9475c5b7834ce5dcd04de2975ae205509a28f0e0934a748ab46c72e5c0b08a1d8de6c268

/data/data/app.daogou.a15715/databases/minishop.db

MD5 7b943c9256108e51fea1f834f63f2824
SHA1 23edf409cc8d3641f336af8aaf09a77768c6e363
SHA256 7bad14f0d007194d4561e1f349a8d5a0dd63d16afde3270a860a0d174b1fa92b
SHA512 1083883781cac4c91457a0dadc6315dd28f0b678563c155398e6955f1c6246b6bab4a2ad9cef966a249c0911f2a7bef5dca6ffef4dcc6fbc0dd4be6c97a9d2bb

/data/data/app.daogou.a15715/files/libtnet-3.1.7bk1.so

MD5 90208c32c63fcf0acd187ba84a1e70cb
SHA1 7d25a7fa31236729bd51127e7eedb854c02f9e90
SHA256 4c59010d394c397f8647687a575bac1255a39caa41390f70b1f98e04fc1c87f0
SHA512 0c4e6118fc73cab57656b18f477511c8bdc5bce7987f56c9ba2f0b3b4b3437dca69e34dfec06300b5d20709158ee9a2fe235d8cc1698d441b4d736bcd5e87f16

/data/data/app.daogou.a15715/databases/minishop.db-journal

MD5 082c5d1f5a9cb3a9c44c610ae8c1a321
SHA1 c12da46495566fccb3ee53ec9a64e7a119d849e4
SHA256 c44de9fc9b6e48d6198c232fadf44e1f37dcc73ba9cbfab1a26129f1f2f4b42b
SHA512 4658c6d4f17524f55dcc2146b5bd853cabbc0842a3cf6da5203b07ea0f7246658aebecb8c6e7297fa80de44cf34831dbd93d216855f7cce8a12edc8a8a271cfd

/data/data/app.daogou.a15715/databases/minishop.db-journal

MD5 7377c6a1f3074e8b9fe91c536946e93b
SHA1 91c3bfd80733a53b539e319c9f39713e2adeded6
SHA256 cb312dc593d6cbc510d3469f0d987c297ee54819287ed12e856af3e0e4036229
SHA512 701ac95127f50c7b3d12c51cbd51e1b059279f1b8816bb7ee15f5e2cf896be39629dbac69237e6eae6a924b7e732088c743312612bdefff5b9baab30dc54a665

/data/data/app.daogou.a15715/databases/accs.db-journal

MD5 f3ac02de9dab50e74414383e86a4f9c3
SHA1 dea1b910cbd557002eee17a5b32c5128ca431cd5
SHA256 b6cfaee51b0fc8e04a9454b2c7f8189a5627889ec131eaa32f8773bfdf70c351
SHA512 3bf9ed5b34b832b5f2e5e6d1a44c417dfe800fe0bdad02d480c007110d2ea86777894c375ffbff9ad5235a59e274a17370ae12f0b99e2e6de169351e4e0f4542

/data/data/app.daogou.a15715/databases/accs.db

MD5 d95e1280cc553509d7b5b7851398db12
SHA1 121eb76ea37f3407d0f3b56392f6f67893fbe649
SHA256 58e0eeb309805e54342d5ccb3f9006751543d5a1306898dad2c09048b294153c
SHA512 f52c432894144ad581d36d447ed61ac50485dbc931ddd9b2ba5ce399642dcb361502e6492f28e05dc7cdbd5f19126bbc6cc09e62586b73bf449da950a6de1284

/data/data/app.daogou.a15715/databases/accs.db-journal

MD5 50f3d63f4b9241e212be8ec20bf3e374
SHA1 10353f506f0aa9dfab398275482eb42da167232a
SHA256 be9049dfc1751c212273b6e4d07202e47cc7de289dd84d388a27675609056653
SHA512 dfc6dc641041edc77b5b77bda43ebbfd0eb6c0f4d55d05a7a914f77c58f2f465e8d29aa7e2c9773ec93a257154a6c779a6b165b8765a214aa154976887d8ff7c

/data/data/app.daogou.a15715/databases/MessageStore.db-journal

MD5 fa3edaebb7726bdb88b0c43720a71ced
SHA1 5e31358250f0592aa226cf2ed6d3865655121160
SHA256 3ad9c8117dcd2fc7f0da1991dcee55cf6a518cf3c909919f15a2c99982dc6396
SHA512 49ee82775abbf786ee53517f7a11b027605ec0a9b1ec1d46db43684d9992ef512e5f74f53cab98cb25621a590829374d35ee8d72d91ecfe73f7f6f8960cac0a5

/data/data/app.daogou.a15715/databases/MessageStore.db

MD5 73f2e9159e16d319ae692cc498fc831e
SHA1 f9ae67728696bf018e0a992ccf0859b0e1333a70
SHA256 bf0ab38b45ddc6ba3a78cd09f4b0a1e1e045ec7c80f8e2bfa61d4e8a5444feb7
SHA512 eee0d628db7b8d1593259bd3d4ac19095a9b2172d61d325aa528d015de80398bd30c6b1d1108adc84e0b46d183df41fdcc6d4fb51b40c4b6f3c09149c9c29cc4

/data/data/app.daogou.a15715/databases/accs.db-journal

MD5 5b325f74183d9c35556ea90bf5b4abff
SHA1 5f725792989d24415602c6c2bc0c4df34893e0a9
SHA256 ea889606b4e4f48251b01c9f6289a47fb0a9e74c76882adc35783f6285c99da6
SHA512 053994377c4ec4755f422478754a6e26542d0989e0dc6965bb1f398dd2940297faf92998ae268e8afcb8f187e5d46b34c869989dbcdaf526d4544a2e382db239

/data/data/app.daogou.a15715/databases/cc/cc.db-journal

MD5 29e83432f5cd1ba385df2da418354594
SHA1 eb7fc5274647ebdd46818507dc23cea052177740
SHA256 0b4b08372c8a986cd7ea06676456a1ddc8a2eb014716f974a7e49db81b717060
SHA512 369be9307b6732c39dfa16ff6b646206e96e8bdd10b16452cae48dec6742395f1ca0046039a2523bafff0611b35188f182b1286e7bca80c25c2c2b05ffe45d2e

/data/data/app.daogou.a15715/databases/cc/cc.db

MD5 c889f808164eb60cc6dc1b007bcdc44f
SHA1 027d078fa4352d994e74588563126ad3183ce297
SHA256 6a00ecc0e739709fa6910805a00ec6a4e1083289b6b08cf9e2c2ff779f35417e
SHA512 4a3c696888fbb743bd3861a3b831d4805bfb108c75ab722116a69f4e74643daa53231cde90db27aebec42a9339761559f4aebd321c9e549c9b465dfd2b146d8c

/data/data/app.daogou.a15715/databases/cc/cc.db-journal

MD5 190c1c32e5b5d7bba2dcb2306905ceba
SHA1 5da2b6244b8991e5cb5f58d184ea62c2751bc408
SHA256 30468b2c713f00dfa15419331694e15fac6119d5a8f657f25c5786ad30e99dfe
SHA512 d6ecfbcd8b7d90c57aabb67bcc09564c11ed0759836b30b07f7a6abb8dc562c5929b2d6643059520e9e2b833225c6a7577e7a81df17536bbac92b1cee12ab040

/data/data/app.daogou.a15715/databases/cc/cc.db-journal

MD5 52ecb9d68d21ef8056dd70b02c35563f
SHA1 a7f96b851668dc382142dd627a4d2dd269f5a5f6
SHA256 732fee8210a591ea91d229dd53c3c06b4c5e407956b1d73e74068453f924b930
SHA512 3e0d31c1079e743123cd50423d513702002f637caf6be449b6d27740e9033ad6e94c7335d930092973c12b73e7f860248d1d167596491fd681e69619e3e8fd4b

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 986218aa92b6a3577dc54e04855bf8d6
SHA1 15b3f181f34aaa110c15aa2f7afce7b4ea1f60ed
SHA256 c10b5f7304652ba121df47934fd1a5c5a950230264e3cd3a3e9eca79d5cfe424
SHA512 1df538ef8a2d599fe85ddb15a9015701188cecfb25524851d431e570357e20bed6befbd5203ba3367338a3c5df7a54fd5e60799ccab828c7a34ec869bdd1a6b3

/data/data/app.daogou.a15715/databases/.ua/ua.db-journal

MD5 26df41d34a465933faf1e00f3989a4db
SHA1 40dcc367ef7780cf61339d425a062fce701ef625
SHA256 ff12b41fadc9853a7221bd51f15cd07e1d13ca58b8d2441d749793031b24d446
SHA512 ac65074a7750aea4ca2932c351e190e2fb3449eca586f1128c5bd1b6cb67702aa2b2714014b288e5f653faab64c53ac7bd3888c97d72faabb30a88abd3657ca1

/data/data/app.daogou.a15715/databases/.ua/ua.db

MD5 0344e5303fa6ca241a5d772222671eb4
SHA1 ccaa061a09236c575c8b48ba62290659e336d1c5
SHA256 6cf56b92ab63725c52af1c659b4cc271461b719f679771ad4ccad65bcab3ac09
SHA512 bc4a540ed4e5071bf6ffba426b325373c0e805e99d29a7b98453e5919b91c7d213b83734ed3cd7367cf27a3d0048d5e3d36ab5380438595b00f7a05afab4a8ee

/data/data/app.daogou.a15715/databases/.ua/ua.db-journal

MD5 da3dc35ffffaaa75e674a9e7965923ea
SHA1 f656ba552918d00820c141bdc993b99ae8e0a6cc
SHA256 4aceff6bcc1519eda63b4b8b245cb46ab715eb6cec949b3282b771533b37abc2
SHA512 50626167f1061398eaab170caa92f5c34c0bdb2523855af86a7df60b434f2bd1f4f38e77c49f7caf245c53a43cb5141535c1f3ae799f37840d4f70f1ed80f76d

/data/data/app.daogou.a15715/databases/.ua/ua.db-journal

MD5 5b8059a76c34a0fbaf2e90f7b639d376
SHA1 494c1133ae7e73724025dd218cdccf3db61e82e4
SHA256 9b654db7301a4ba22d34121b2d16962f7578ef225f46cca1cad7344a9ca3e4c2
SHA512 9c4c0ee1f87c00db0ab0f4e2467084d01c7f46f343e0d0ff08784f8bdf4a1141ede0ea3d89ad00815b89927fd5e0d7f3ed160d5bcc518972411bfab569d357f4

/data/data/app.daogou.a15715/databases/.ua/ua.db-journal

MD5 420a4303c5c07aa741aa6983cc9369dd
SHA1 e301a07c0e7c4c400d3bb86004d40f7c5dfaeb6a
SHA256 207166004bd24235f2d54a384b1498216dd47f74c3ac4bc22fdbfc2c5ce3f092
SHA512 223ff45a7252db35592ae7deb4c08a5c0876d9ce57ad7702ca78f9b44b335bee4061bb464de3e036564f3dc81d084da040c57ceae3dbc601363177fef0eb84a3

/data/data/app.daogou.a15715/files/WXOPENIM/openim/06-16_15_40_app.daogou.a15715_5190

MD5 1cf4ee80906960fe675f92ff0ff78b86
SHA1 c93c361f3b966d7dd876fc297489280bcd1b2729
SHA256 de0c7d1f33670dfce05930c6a5149464f585c070c4e198bf85fe10f167fc32b1
SHA512 7a4b8ed3d568d152b0151a425cc07693fada807bae19d64de854bb4fec8c182a64bc6d64845ff0b7b2a70209b6625376af6a00ece6477c58b7641bc898c4cd37

/data/data/app.daogou.a15715/files/umeng_it.cache

MD5 68b7c738193280660c0b3a9edb46e1ac
SHA1 844fc1ee16ea9c57e77c02b1ccbfaf99153ffa25
SHA256 c6b8f24d1e2abc8485ea872d186d64c6894be1242e0454703eb07b6463addb2d
SHA512 365fcec9d5d803f148a8babdf5fc174c0232477b93185d611e11344372837fea8e1d03b12fdf60a636b345a4b5d10560eb0673e77658dc5a238fab5d03117bf4

/data/data/app.daogou.a15715/files/.umeng/exchangeIdentity.json

MD5 02340c6a0cdac5428edc0986abed8cc6
SHA1 5d32da472dbb692c2965ac2c0b41d1a78adfb7b6
SHA256 09837b6fbf64afc5a6584aff48bd3f867ff01cd9041ce273025be9de30163ea7
SHA512 65c70928352d9ef939ec7d8bb39c38390921367dbba9c906f3df70777cfe94b64329121263941b10cc5d9a393078b5681ae7cdf571a135df9b971fe5b49089d9

/data/data/app.daogou.a15715/files/exid.dat

MD5 036634a6a1b58fa7d012f90d053c9ed1
SHA1 1e2a8d9075d0da179e3d212c1714d70b9b4d5cb7
SHA256 2af0428f8ff45319f4764049060cfcc7f6cd82a9ca170d7d085b491198956d83
SHA512 c6a6fb9495fdcd936701fb722b09db23d028bf60bff70ccf15df322f4e6d189ef7ebdb43b03c1d9aa3a3cf7c6a47c9729d7a28b69b5a96dab583d11104e623bb

/data/data/app.daogou.a15715/databases/.ua/ua.db-journal

MD5 ef7e1306ac10a27882533011f93ee629
SHA1 560ff7212df97024aec6fe90bf5a2379ed19640b
SHA256 2fd86561dad7b231c262c90593c91d81c66b7243e094d60fdabe8c7dc71a3ee3
SHA512 81a1d521c57a2418325ac43123a5c5a55ddccb956c84955cb027230a2b87458e07ff43be95ab5686dc3f580df2e5a1e529db961da58f9bac85e4118911f3cada

/data/data/app.daogou.a15715/databases/.ua/ua.db

MD5 38564ad4c73e5619bc2264b0c44997a5
SHA1 e55f6fe1b20347ad4cd58d77af0b0feb149f63d0
SHA256 1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8
SHA512 30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d

/data/data/app.daogou.a15715/databases/cc/cc.db-journal

MD5 e488aaf555448e43588f6c411f90286e
SHA1 88238df6873ec9ac32813d16cb7d2dd69a569709
SHA256 9c83271a11b5d6d147a06e8b25defd276e13893adc41743f72783de1dc1db1f5
SHA512 279acf3df938ea5a473a5f6b77cb0bdc68ada20d454a308cf4187f19c11e6f30684e5404b7d9b67eecaa31fe391717a5f0979deccacf7266e8e9611ec18b4914

/data/data/app.daogou.a15715/databases/cc/cc.db

MD5 67c12933d1e0e63d9801a6aa43092ce7
SHA1 b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256 abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512 db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

/data/data/app.daogou.a15715/databases/cc/cc.db-journal

MD5 bb083fc415a63a3d09e9a93f6942e4fb
SHA1 57c6a918a27e4fa096f3d6af2c1aebf5710fdd32
SHA256 62ec9b9ee7099f66f4f46d1495a932ae01ad00c849e9274c8462926cd40f01ca
SHA512 e0e31c4279bceeeda463ec19b59156fc627566690a9fbb76b2374931958f9eac5bbe60d3218a3a9cc359f46296b4c6c1bc69f1f977ec4391f66f39f91a110ad6

/data/data/app.daogou.a15715/databases/cc/cc.db-journal

MD5 51d89b8bacb93453c87d71d6b0376cfd
SHA1 bad669eab5c4862bf9b53f62ff353baaf374e4ac
SHA256 b25d2f9cffd9a10372db676517e76340d872337976579c2b97ea11bd5166e860
SHA512 47fd3fc14e6a057315ffdceb659aa48ecf5b6e12820e910e3e04a1f01eea36e0d8b2fb1cc16390fddcb49c23842bcdd377d081e79ef0be44ebb5e4160465b3e2

/data/data/app.daogou.a15715/files/.imprint

MD5 0d73cf559bdc3b33521529c679916936
SHA1 e74a0cc23cbcae825c22abf0e8d7cfb57e3eef03
SHA256 88f6a91884aff0784efcf2d5637b0b582eeae4b647f3349e519780ca1adff2b3
SHA512 8837c48e6c2f312c81c12e0743d6fda2fcfbafb409aafe52631b3917f0765a3ce80252463d608df7798136b21d945ed546c08115f68f5d7a6427370af1dbff7d

/data/data/app.daogou.a15715/files/umeng_it.cache

MD5 08ac457064f02410ed99eae16a6c7846
SHA1 3e9472d243b6045c80d7a01845b65044c3fc5ac5
SHA256 684d9576b07ccb08cea2dcca6e4a324ecace045bbf0753dd908f3eda29dd9033
SHA512 fc3e40e8b1fba40526e08466706239992ed14aed9907114b0b018b089a4d499f14bf781a5456ab9a7c7f88a431bbe875691e2ace8a75d22c98ceac76394fc366

/data/data/app.daogou.a15715/databases/.ua/ua.db-journal

MD5 6cea8f620de3042ea105f122f4cce4b0
SHA1 f321b8920e24c25483cb24dc6ce716f919cc515e
SHA256 e5cf3cde1f7d7a2f69d5405c88ba15f06b8683ac5f8b0035f8e22ad20cec7df7
SHA512 402969ea91e8db3e13b24c76ca0ea13142081e6c8f7eec4170f33a483399b299543f52b0e6b8b7c8380d3a389de979e76a4d51618ea478a2e093bf9eebd7a35f

/data/data/app.daogou.a15715/databases/.ua/ua.db

MD5 ca864df95eae2625c36abf09886f5b60
SHA1 2e361a2272417710198c3fe1834150bb2748d6cc
SHA256 2a21c061c79a37d717e87ec1bacd367c47e9e013c218f1e7eed324ba32a689df
SHA512 4e689523b2b638a36fb86c76434f6652745396b0683a236345d0232b5988123721e6ad2ceed97333716fe51a4cc4566cdfb011a5a7d3c764d69b4394cc33b7bf

/data/data/app.daogou.a15715/databases/.ua/ua.db

MD5 df6953d206aaaf96497b804389097b3a
SHA1 0917533f93262e6ba9b7a2bbb7d1c6cf57d34306
SHA256 398b1b14b74f843837da4b429351ddff7efc8f04bf974308b77c735febba528d
SHA512 9850a27a39d8384b439b5e62c81eee61e728e689d3257bcb1a9abe9aac153ac4557c390b9bb7f9d457af51c8928e5fe8d92071e7d45d90b523d43a4a91416f1d

/data/data/app.daogou.a15715/databases/.ua/ua.db

MD5 8fe50ca9739885db712bc1e443ae873d
SHA1 9f0c2f1d644e3c485a883ff32caacce782f27f27
SHA256 41aa3fcaebcc8b5f0c110a3fb2e938cd366d3b516255b801bbffca6f81e08365
SHA512 e320e133846d02cdd17d93ea523205aeddd920e98b0a77637b3c0e90740bb774ae2f496a7f64fbcb15d0b66ba683e012836929f6a32c0abd299d370dfb3ae8ba

/storage/emulated/0/Android/data/app.daogou.a15715/cache/f4fb8da1d56145b3bd08b9306ed4ef6d

MD5 4c5ae375bf77756d68dd189ac7b53247
SHA1 063bb52a56ba50e54765935ab7afdfa04f255eb9
SHA256 2c7d12eed5731486928ed0933bc227df60a1b80cff4a8a07bb470d26255a598f
SHA512 cc08aa830532ff5bb147153c52f9499c9ed03fd2642b87a55e435897d2968699ea6249025af19f7f54a4ef986b3e54ffea8211b608361a512309f8900ab622c5

/storage/emulated/0/Android/data/app.daogou.a15715/cache/d5063edf6469456bb7e14f51127f2237

MD5 be6a4a69f150e4109280e82f023b62b3
SHA1 9f46d31db6bbba02f30b34f1a21f89e70adbf068
SHA256 2dc0f88f7f6ee06de2bfe53ce5396954bfc3792daed83d11a912bc9a5f2f4d18
SHA512 d1a25e884996a94f9363634487fb0e3e962da4c41cd599171fee562639863476dcd330f621a650d7997cd8d7ae4c4449840c11d51becd5e914c5d96527e3b492