Analysis Overview
SHA256
bee08d4200ad022acbe843e2d33ff41d6d8f790ace301dea67d2796178c79573
Threat Level: Shows suspicious behavior
The file b446e85fb241af42680d602e82a4aa34_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Loads dropped Dex/Jar
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Makes use of the framework's foreground persistence service
Queries the unique device ID (IMEI, MEID, IMSI)
Requests dangerous framework permissions
Queries information about active data network
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 15:40
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 15:40
Reported
2024-06-16 15:43
Platform
android-x86-arm-20240611.1-en
Max time kernel
163s
Max time network
190s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/app.daogou.a15715/files/hotfix/rocoo.dex | N/A | N/A |
| N/A | /data/user/0/app.daogou.a15715/files/hotfix/rocoo.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
app.daogou.a15715
app.daogou.a15715:channel
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 140.205.160.76:443 | tcp | |
| US | 1.1.1.1:53 | log.umsns.com | udp |
| CN | 59.82.29.162:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 140.205.160.76:443 | tcp | |
| CN | 140.205.163.87:80 | tcp | |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 59.82.29.163:443 | log.umsns.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 140.205.163.87:443 | tcp | |
| CN | 140.205.160.76:443 | tcp | |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 140.205.160.63:80 | tcp | |
| CN | 140.205.160.76:443 | tcp | |
| CN | 140.205.163.87:80 | tcp | |
| CN | 59.82.29.248:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| US | 1.1.1.1:53 | amdc.m.taobao.com | udp |
| CN | 140.205.160.76:443 | tcp | |
| HK | 47.246.103.10:80 | amdc.m.taobao.com | tcp |
| CN | 140.205.163.87:443 | tcp | |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| CN | 59.82.29.249:443 | log.umsns.com | tcp |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 140.205.160.76:443 | tcp | |
| CN | 140.205.160.63:80 | tcp | |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
| CN | 140.205.160.76:443 | tcp | |
| US | 1.1.1.1:53 | amdc.m.taobao.com | udp |
| HK | 47.246.103.10:80 | amdc.m.taobao.com | tcp |
| CN | 59.82.60.44:443 | log.umsns.com | tcp |
| CN | 140.205.160.76:443 | tcp | |
| CN | 59.82.112.112:443 | log.umsns.com | tcp |
| CN | 140.205.160.76:443 | tcp |
Files
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9496d76a076b2896f1aa638cf0d2c814 |
| SHA1 | 2b09e3cfd2092a0fc6c766b70d8e598c5055e221 |
| SHA256 | 7c69d43ad00731a98098209abf88dc96bc3f9494eefedac4a2a2daf81d7e11c5 |
| SHA512 | d44a0efb55e72f56fbe9f6014323e8c5e8cb5070014ec4b3ed4a8ca52168a8fabf7b2c942158e27485568a06cd72c1f7fb9d161ad4d47e974985226676b5bc95 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | e3d1e89ee89d9894240a5d5104fff749 |
| SHA1 | 1268fcd649addbd9bcd8aa032a19bd2568f76034 |
| SHA256 | 9481cfe6a4fee494eddc3ff6ce19fc68441328a667a940ad540d5824f1345092 |
| SHA512 | a8c3ecf98f0ef4e6d800b425eeed886aa730851507096b61bc05d6c16ca54dfb11b470505e5943221e4d256e26e49c3b2daddad6bbe96405ddab49b8e97aed08 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 924cf29489e5839cf5fb0abeb7955eb0 |
| SHA1 | 3b701f3da3c4b014e7dceb4d5206ac8ec646650f |
| SHA256 | c32502d2c93ae556f5ef6e00c25732174fa37db75472d828390af1c14a3faabb |
| SHA512 | 98e36b634b824eb40249ea0ff02143e5eb331e4521d1fc2f735c622f45deef3836d9339f672498f59ef3bfadb714844bea8675ae8e6b6d7818ea69d04d42f254 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9ff3b1cc965fe6d8d214b50c64a02775 |
| SHA1 | 91e923e06e8b564b4be16e1fac6b577549db0fca |
| SHA256 | 31bd280d0b548113f437b20a0d56e4527db13b812880b1ef21b1e255b0e52497 |
| SHA512 | 388eed3550c9291168a145258e95d6c39a51d6cc42f28f5a16665d4b0dc1e62a645cd4cf95c0b6ceb77a13b5c14906e392f1126e1554738507995cc3e8df3190 |
/storage/emulated/0/app.daogou.a15715/asdklog_s
| MD5 | e71c0c2e23f212652a85283b92583d21 |
| SHA1 | b10d72d391983ff662e64a6e827ef62966d732c0 |
| SHA256 | 4b59e91be59a17f2957ba90e75482fc2421b9c5da14bbea5b830dc0b85aa121c |
| SHA512 | d434356ad74fd0fbbed74c9b3fc001e317dc0672c061e5d9732f12854839b921b9e0c0f6bfbec3dcd6eb9e62570733eb63b32595f0edfca2751a13302263dea4 |
/data/data/app.daogou.a15715/files/libsecuritysdkx-3.1.27.so.tmp
| MD5 | e6c1181c66c5d50da919dd1f0945ed92 |
| SHA1 | 9dbd929e52664dcd14c52f1cf8d27dfea8ba6d58 |
| SHA256 | c34c6d290b75283ab2ef58226e27c364c02ef29ec03d1e3a9a06be0fe4732490 |
| SHA512 | 48a4458f61190a770d5a297180a77ba4314dc790c171d2a26badfb9e75ab89891ae7f1683c198e6f7d160c3f038ab0dcb35986fa5fd532bfdfd3a4bf20f396b1 |
/data/data/app.daogou.a15715/files/hotfix/rocoo.dex
| MD5 | 23c7317eeaae9f5242352287de943c66 |
| SHA1 | 3f8e988d5ea30ab56af5539c7f2b97bf6a024855 |
| SHA256 | c5907bdfa427148868d97ffa702226edfb15f26812ca62407786ea83e9d9f9e7 |
| SHA512 | 31e9c90438b900c6997d4bb3d09409872ef16e29a8f5535d462b6a6b632352e4a6df328e045af420d41fab221ef45a691232b2aec2e95c7373c96ef353a2d6e5 |
/data/data/app.daogou.a15715/databases/minishop.db-journal
| MD5 | cd1aae5ab3d7d49caf43f961810a94e1 |
| SHA1 | ae776100ecd5c6889e527e81d97c0d80f3fd3769 |
| SHA256 | 4ba2ba776d11099492e0f22567a3ecb12e19ff6e83399f1739ae2d24cdb2862a |
| SHA512 | d97eac3c968b0f9bbfd80ef823cc089f85d5c9080e24ec742ac240fff1f726d38458f0c4c9ed8fdc5b7ce3101192b0273583b918c96b223b3ba62ae8c0c1f556 |
/data/data/app.daogou.a15715/databases/minishop.db
| MD5 | 0fc619ab6ee2c1558e4205acbf019bb4 |
| SHA1 | 10abbc722458924f7daa013e0e236a530b0be5d7 |
| SHA256 | 786f92e48019041d400cf8d695614de412baaa87ba6c52ce4b90787739403d26 |
| SHA512 | 902b590ce56845e79f998f0822dcfb68a23e292c569d478b5b81b105e56f0c19b44ca504e3f76d3ad05f1195cb6d1b2e2359b37876837769ec2dbefc9173ab27 |
/data/data/app.daogou.a15715/databases/minishop.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/app.daogou.a15715/databases/minishop.db-wal
| MD5 | 914bc7a5e134943ded606ab3fc3bb443 |
| SHA1 | e63978f4fb6bef64697e51224b50bf45e5cf1b60 |
| SHA256 | bc9acebbc31f050d6435f095e060ac69b4d6ee610ec56c83fa7302c865e64bc8 |
| SHA512 | 285d45413301a9ec418d8dab2386fbabfe67cb759ebc152a7b0a0bcfd86239f10deb547380b03769eb2962f88697bf9ac6d0bd680885f58877a0ba50c1391097 |
/data/data/app.daogou.a15715/databases/MessageStore.db-journal
| MD5 | 43d8c80ae356b8b4263c346f5df36998 |
| SHA1 | 7c4b48df47f4f12a252a3eabdda6b7051035cac7 |
| SHA256 | f39bb9ccc4164c5c59fe36a62c9b58068d3a73cacd82dc55fe07dd619c66fa4a |
| SHA512 | f26279820f3972ed2f0d502435fd8f1df51b84aa4f8ea78653027fdcd5a0d2f09e3e01cdf0dce82655a5abd25dcceae2d55e117edd69e3fa849f8e1c573ebc56 |
/data/data/app.daogou.a15715/databases/accs.db-journal
| MD5 | ccd75175a0757fdac1018209d848aae0 |
| SHA1 | 4362d098a43d44830ed3c5012b768659f8fefa53 |
| SHA256 | df5dc9a593fb0c5e8c5fc17b2fbf81935067d1a3e8673c4d0529660c6807e501 |
| SHA512 | 0f122b6350c2db98003453772e0d52761855a25e2970ac89deff68da7c8e265453e53e42dc16cc2b080c067cb3547fc4c981d229169321d8f82d98e48e229f81 |
/data/data/app.daogou.a15715/databases/accs.db-shm
| MD5 | 7c52abb64954b5508bd05ddeb5835dc2 |
| SHA1 | 9dfbf06aed3db8bf1a4f69914c7891e8eb07fe3a |
| SHA256 | 303d80b4c363f62d52ea8cfacc63d75d5cc5b96a66ec9a2cd725f53c9d870737 |
| SHA512 | 9f78caf6f997762fb99cde50451e2cf834967dcfbd2614b23ea49ecea741990f44d1875009200abb4bbbe1eeff8b6bcc9aec29af8dc6a892ef9f36d594c157de |
/data/data/app.daogou.a15715/databases/accs.db-wal
| MD5 | 486e2bac2b3e9e1cb411d2838a4854bd |
| SHA1 | 81dd0a7537f4af319b830ae834908986be85da8b |
| SHA256 | 5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57 |
| SHA512 | c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681 |
/storage/emulated/0/Android/data/app.daogou.a15715/files/tnetlogs/inapp_20240616.log
| MD5 | a8026114797e80b12e3df3ed113a2d2e |
| SHA1 | d66cce2ef80ef461c1fb178498d8e7ac16073a82 |
| SHA256 | c5632b501f6cfa1b286fb63c8e747068986a06c86c7db5f1d9242718d12fbb25 |
| SHA512 | 3aa7b6254a8d3ace3d22be0d7865c8481fa154442f35f73fc4143b5e96f7afb9200c068e61caef1178f87903fb808e1db68d428e2bc39fd319248bd0a10a6f8e |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 2cc1fc5d8d987316924282df1e47148c |
| SHA1 | e5fb3033a9fd431880505a846023255b52ff3c7f |
| SHA256 | 2c782c9f7f55b18488affb92475815d0d03c0a5ace571655f1f58a95a46e58ce |
| SHA512 | c0f96db962e8ad188ea29f9d5d79c1dc114f6be09be646f4caba8b40b013fa556627cec300fe7fdfd5b74786ff0a950118ea09025a0039dd455a05b1a1a00568 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | d787ea16cf5647b44dfe6f7b07dcdf04 |
| SHA1 | bc28ddabaf3b93471655fda873f405880af6500e |
| SHA256 | dab824a962f9b49aa22bf1d25212089ed8e9d10d8833dbc636c60a4a76d02762 |
| SHA512 | 323f45264e31a1b23aeb17d9b12ad67b36e0fece01324dde1bce773e68df1fc8e65ae7819a2b1f20828a089eb30fa4e2cbb0094e43fa9508a02d8714bd5d70ea |
/data/data/app.daogou.a15715/files/libsecuritysdkx-3.1.27.so.tmp
| MD5 | 4b97df244d8027c60fee624355e1c59c |
| SHA1 | 565d81dccc3c53ad6ec3a63abcbd57b63beb4248 |
| SHA256 | e428013ebd9d991a22b459c4900e59856f713b09119c68d9d0a1428ed66ec44c |
| SHA512 | b193a46ec6a0d2184b6bffeff2c5e01e86d0e9ec201ce8da9f3fdb716e9330f084e9dddf583282d4bfafac3e058619eb748dc891f52dd6f3750a5c5cec50e27b |
/data/data/app.daogou.a15715/databases/cc/cc.db-journal
| MD5 | 92aea2667d24fcbb32b4199c761ae780 |
| SHA1 | 5ada7566a46db3661cbe399503876658aa29fc4e |
| SHA256 | 7420104e6b27d538305c8759de385db71d854d7d6cfbb519841aca972e95c5ae |
| SHA512 | bff002d3108da7b487b4917623f271f889f132fb6ee872b9857bcfb66418513b5a0829494f6b0562906a06a43f880a0ca49de44ccf95219f586d87f010a77f3f |
/data/data/app.daogou.a15715/databases/cc/cc.db
| MD5 | 3b8550f648a7bdb87299ec5959a69655 |
| SHA1 | 5f4b433aced4bab65a0bd8342425ef1f2c967be8 |
| SHA256 | e0f48aee76f9207858f16b425f264b9c59c8db46f07883c63f67578024b3ef37 |
| SHA512 | 0523c55c28e8d5c81c57bf7d56eb12286958c45b44f4719990fa9d5eea9ae36cba8c2e4f2c0b7c555b23efef30f17374b9ed2e09c17c1e04f7b0ae1caec405fb |
/data/data/app.daogou.a15715/databases/cc/cc.db-wal
| MD5 | c1e21fd137e3f92094e4209bb58f29e7 |
| SHA1 | d31238026c824cf6a578a80ef27772371384e0ec |
| SHA256 | d97471b2a1dd5b7c84431b65a46d85e7e0a2b0e525b0b0c5ae7481b56a2fc9a6 |
| SHA512 | 6780559d12042409ff0e5e24cab10b80c30304a0f574bcce1eccaeecaa12f024c3472c7230b7000f41adb02e0e13d95f2621d884e7172e14644e63f1be7a8c1a |
/data/data/app.daogou.a15715/databases/.ua/ua.db-journal
| MD5 | e590ddd222e4ab4fe68d0176c7e3e829 |
| SHA1 | ce7d96886782fddc91e3acb4882da42f833fb4a1 |
| SHA256 | ee59439d683d294ecc0809774663584a92f6528d8f1c3de37d2264974dc85240 |
| SHA512 | 601ac6574f5324982e5a9fbd02ac73cc616c3275b8161c14c4182bc4a3749ff4c934564017231d17c019911c2090b8e3e7d5b25d004e59a24a84b840a3bf4475 |
/data/data/app.daogou.a15715/databases/.ua/ua.db
| MD5 | 5e23d1bdc23149321b7b6eddfb8139bb |
| SHA1 | ab47fcd08e35ff14c9b6229242dd0a1d16713686 |
| SHA256 | 02dbc1d3d61f200a612c2bf9aa1fa46220b8c4ec12b3eabb12e45382dc1f40ee |
| SHA512 | 5f04a3669ae89412a9e45936f0cd302c914d382629b0c9641a94ea11a141da7192f951dbaf4ce1c77ebbe33852e0258bcf9fbdaf89d7d5e58f0eb3a8d4aacaad |
/data/data/app.daogou.a15715/databases/.ua/ua.db-wal
| MD5 | a5ae1b21d81cf83f5103011add6f811d |
| SHA1 | 568f1b752a198eb5ba6691005b440bff6763dec6 |
| SHA256 | 07faafef706f013f3ddf1d886309812a4a855a2189978233a6305da404fc2dc6 |
| SHA512 | 219fd8c7d53f6f69a8957c1a8542b1bd6b0241ca656ccdb0742350b482f50aa1a1cfefe8312ce7e1c09420170c1106523749b9eafba84ab1f99c21a00f4fa01c |
/data/data/app.daogou.a15715/files/WXOPENIM/openim/06-16_15_40_app.daogou.a15715_4184
| MD5 | 652ae7414184b6d4de5557c7a536c5ca |
| SHA1 | 7fcaea47dcc52ef02ab5b8974f0709388d35835e |
| SHA256 | 150621d2d3dcd07ce966777932d938e7fcb921b064cdb69098c2d189a957f0ff |
| SHA512 | 8c55c8589da4fb3ae2670a097c9b80f9b9af7731daa0b2591ab0b41ee4c1030f1cfe9b7d5ad21f9c285896d2076ae5ada26130666b77ec85cbc30cb8331628ff |
/data/data/app.daogou.a15715/files/umeng_it.cache
| MD5 | d1742d443ff7a1133a9c63d851be7dda |
| SHA1 | 6985f6e372d616d03d01860c707ad39ad81d8f24 |
| SHA256 | f4a028249d899d574b54a4fa1e6ec9c2be412dec2fed1a85e35dac199d9f20c9 |
| SHA512 | 6de29123acf6d76bb871ebea9734b85e429729de3cf0e7345831c85316e47be3a6c68cde8fbd9c088a5bbeb8a4cf4b89378b74d8b13e5036de3cb1586970a664 |
/data/data/app.daogou.a15715/files/.umeng/exchangeIdentity.json
| MD5 | e5539f64bde966d5774b3044a271a63d |
| SHA1 | 727c130bb6c2a5b271697b7cf87ad30c3258ff6d |
| SHA256 | f5da3b3e5c5c663d6fff3bb76450b92b1f13bab4f0076089662e07d937eed192 |
| SHA512 | 9584d20987b40d3960560b0cc315ed3cf35bf595de68fbb801743da549ed335ea224c2769dbcf9bddcee434084535832d1c66cceb0e5c6872d525bd1cadae237 |
/data/data/app.daogou.a15715/files/exid.dat
| MD5 | 036634a6a1b58fa7d012f90d053c9ed1 |
| SHA1 | 1e2a8d9075d0da179e3d212c1714d70b9b4d5cb7 |
| SHA256 | 2af0428f8ff45319f4764049060cfcc7f6cd82a9ca170d7d085b491198956d83 |
| SHA512 | c6a6fb9495fdcd936701fb722b09db23d028bf60bff70ccf15df322f4e6d189ef7ebdb43b03c1d9aa3a3cf7c6a47c9729d7a28b69b5a96dab583d11104e623bb |
/data/data/app.daogou.a15715/databases/.ua/ua.db-wal
| MD5 | 8320711a1ce27660debc5e6ef09ebbac |
| SHA1 | 0eeafc2179f1519d2a63cd47b591c5dde73b20ad |
| SHA256 | 5f80ea156e6a7833c16bb413bcaec62b6a3b23842e25582598f619395a77d0e5 |
| SHA512 | 9e86aca0448098e16ce52fc57989108b12a89c870107cfc5394bc69f0e33279455cc701167f138356204434c9c5d376b4f3c099af4b8fda2fbc7ab992b4091b4 |
/data/data/app.daogou.a15715/databases/.ua/ua.db
| MD5 | d604a3bf1f8d992cc320ea5b1f7609bd |
| SHA1 | 247f88df0b55c7d523ea5398637711a0e4a483a4 |
| SHA256 | 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17 |
| SHA512 | 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab |
/data/data/app.daogou.a15715/databases/cc/cc.db-wal
| MD5 | 41431106f92b134c3f11e623bdcd25a8 |
| SHA1 | a16f54f1a2a2e84844e83f00092f404c8c8649e5 |
| SHA256 | 6e9514980d57e6123c3b0d0aaa621695f53e4a63074a1f200f573ca4424fd25b |
| SHA512 | 331c80f7edd3c29e54813d1a6c867fd7e3a742ad56b8e6f2f5a86d79cf78709030d761c29b41f786911a0844ccc7073b11484a7f0a224cbb85f3d0d13736dde3 |
/data/data/app.daogou.a15715/databases/cc/cc.db
| MD5 | ce6135aa1b1fe4f2c2db2a546d2a5558 |
| SHA1 | 79b59582154017aadab783dc266fcb158c252940 |
| SHA256 | 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c |
| SHA512 | 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4 |
/data/data/app.daogou.a15715/databases/.ua/ua.db-wal
| MD5 | c19dffc8902e5391ff70e648c8437f14 |
| SHA1 | 07be46940cf0fb9623e4c2e974baf0f0168cbf92 |
| SHA256 | ac60faddbf148c14a7045c3cbce68d6fe27a9f6fac364470cee9d25897f86100 |
| SHA512 | bf78587dcf6a6a9e5746f7f982af00c9a31f37b6e468918fbc5c8d6807e10c316f71604abd6b82789042893ca6f952c58da70ccf1d7f92e2374937d5ec6b18b1 |
/data/data/app.daogou.a15715/databases/.ua/ua.db
| MD5 | d22888063396676bc1a1558694513115 |
| SHA1 | 7862eab21ed0f9e8329af41fa96fe7e536ede71c |
| SHA256 | 53d4f5a9055efd448c2dc0d027a3e4d7b86ed485af9209fb2c90f6b8886cbc6a |
| SHA512 | 53d3e18e182034f93bfc29c0e1a386956a3a85a2be6d5423f47dff07177728564e7e57e462a7d3d89e88727d534677cbe070e738833bcd2455ef6de7e15aca33 |
/data/data/app.daogou.a15715/databases/.ua/ua.db-wal
| MD5 | ad2eb63f6ae19c1cf3776ffa5b8fc122 |
| SHA1 | e3255f346b93fab1ed0c4b0211822737a6b88234 |
| SHA256 | de4cca2e19fe01de047d50a047ac84dadcd7d2141d1782b21dae903e23c1680e |
| SHA512 | a2f5160c66a6b65c9be2a8c48634409616d8c6c48da6ba4474fb15bf685130d626900a9e597c6d14386a657faa6c5a3c4e536e890d7fec655406c867f490836a |
/data/data/app.daogou.a15715/databases/.ua/ua.db
| MD5 | 354e30ccf935f2d209630a99724170a3 |
| SHA1 | 3f707a274cfaeef828d596cd6a309aeb487bbe4e |
| SHA256 | e9520dcf8a89c05c439cd24f7e489ac2d466e2e7328e401415e3d2ad092a20eb |
| SHA512 | 302740c7660290c804583191a6fee90456ea53992c9fa07c68e39a1873e6606a843bf57477cb4a5036b7686326807afd387901bb2d2fc5050557cf0fead0fc72 |
/data/data/app.daogou.a15715/databases/.ua/ua.db-wal
| MD5 | f0ca70aeec123ce0873fa4d892596de9 |
| SHA1 | 176ae2c3ee2e07cb5fd7e334731b2667c614586b |
| SHA256 | 7fd6160cb19833ddc8bd10366bc9f1e37f860945fffabdfa3c4a48a2935ef20b |
| SHA512 | 7b5d7f887ffb77be9db5723d858f7f5c04be11b7b93ea47408030b5199529fbd5151b82e9c392d6b8517da2dae8c5c9d6de36fceb97e139e70220fb8b1cea1ba |
/data/data/app.daogou.a15715/databases/.ua/ua.db
| MD5 | c7dad92cad10f82e53855996b4375afc |
| SHA1 | a21e3a05085bd09f0560a5950e69921e695d4f4e |
| SHA256 | c78ebd3bd08f124e255bb63a7822f27323aa1de481b806361be854b53876df5b |
| SHA512 | e5c8ab84937c0b04739e273cc0f6d4e17cd05edf62760786487cfe790821e3376333515d90efba2bbb147d98b2a9de65316a2d2d9f2ba77e71d22e3b5e376a6c |
/storage/emulated/0/Android/data/app.daogou.a15715/cache/99ffff3cd540479d9768799174a67376
| MD5 | eb989d6571047c366f8aae83b88308cd |
| SHA1 | 60b0a60e236a304d4d20a34ba3bc67f26485e836 |
| SHA256 | 7291506e08a7c4abb37dacdfda51c17402184566c717d29bead4952845e3c186 |
| SHA512 | 3df396cf54bd2a6931a6fb185601004ff34b051f8cb8df41d3357981909a52ed8ae29f73580dd4a24eb67653904b83f5c15f2ba365b7c82060cbe02e501706dd |
/storage/emulated/0/Android/data/app.daogou.a15715/cache/02d49a09258146a1a21b416af39e0484
| MD5 | be6a4a69f150e4109280e82f023b62b3 |
| SHA1 | 9f46d31db6bbba02f30b34f1a21f89e70adbf068 |
| SHA256 | 2dc0f88f7f6ee06de2bfe53ce5396954bfc3792daed83d11a912bc9a5f2f4d18 |
| SHA512 | d1a25e884996a94f9363634487fb0e3e962da4c41cd599171fee562639863476dcd330f621a650d7997cd8d7ae4c4449840c11d51becd5e914c5d96527e3b492 |
/data/data/app.daogou.a15715/files/.um/um_cache_1718552557356.env
| MD5 | 96871e87de892b6eb523680a2ac03a6c |
| SHA1 | 669617a7037f48dfe7449a7d5225d6ce4e27e619 |
| SHA256 | 93768b216b30eeed1323af1334281b79a570c0c8ba3606388d5a3487abefd006 |
| SHA512 | 4604ad86159f80c33e2854f7c6d4f795f81b101098f0dedef436f05064dbad62d58a24838ed9be9122e3b30b30860961a0dae80f29cccc10e5c8719433aaf8d8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 15:40
Reported
2024-06-16 15:43
Platform
android-x64-20240611.1-en
Max time kernel
140s
Max time network
186s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/app.daogou.a15715/files/hotfix/rocoo.dex | N/A | N/A |
| N/A | /data/user/0/app.daogou.a15715/files/hotfix/rocoo.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
app.daogou.a15715
app.daogou.a15715:channel
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.10:443 | tcp | |
| CN | 140.205.163.87:80 | tcp | |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| US | 1.1.1.1:53 | log.umsns.com | udp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 59.82.60.44:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | msg.umengcloud.com | udp |
| CN | 110.253.188.231:443 | msg.umengcloud.com | tcp |
| CN | 140.205.163.87:443 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| CN | 59.82.29.163:443 | log.umsns.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| CN | 140.205.160.63:80 | tcp | |
| CN | 140.205.163.87:80 | tcp | |
| US | 1.1.1.1:53 | amdc.m.taobao.com | udp |
| HK | 47.246.103.10:80 | amdc.m.taobao.com | tcp |
| CN | 59.82.29.248:443 | log.umsns.com | tcp |
| CN | 140.205.163.87:443 | tcp | |
| CN | 140.205.160.63:80 | tcp | |
| CN | 59.82.29.162:443 | log.umsns.com | tcp |
| HK | 47.246.103.10:80 | amdc.m.taobao.com | tcp |
| CN | 59.82.31.154:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | msg.umengcloud.com | udp |
| CN | 111.63.206.4:443 | msg.umengcloud.com | tcp |
| CN | 59.82.31.160:443 | log.umsns.com | tcp |
Files
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 40cf7fa16398fe953c834cea757805a2 |
| SHA1 | 1bfec6183d8292e4e0ad5adc272204711fb5e99f |
| SHA256 | 057846fb021f719b7e5cf51b40b258af07bc48c1953fe3516fab9a2d734967e5 |
| SHA512 | 13b7fce6559e6be810c499facf3d002f930b19110a702b319687af3e018f815f7b3ea12a928a13c2147d0c967da3512ff9e5fb6daff47d254849fbe021b6fded |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 81f5f21152157624ba3d9aaf4e6e19b0 |
| SHA1 | feb34d980250636a5c3a0c3f73004796da210d4d |
| SHA256 | fb4006c5a8d965b3eff0b94cd23212bfd0095f2e6bd70df34d5216db4249e58b |
| SHA512 | 60c29d308fadceec58b9097e6220b6731a629f2816c5f3bff4e54bbc6b0d097733e60e9943b7b6631723cd99b176cdd74839ad51fad1ad93ea2427656c8adaae |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | fe943db92ef7d4878f651d1ef8dbfd2f |
| SHA1 | 1d633ee2388ab48ac2d868f98aace57a841ac613 |
| SHA256 | 37261acfeb9cefc2cb79e79066f6095e846fced5355ddcb12e7251434a8afb14 |
| SHA512 | 2cf3c479062422da273068b129bc226805c5ea1c17bb41740da46c5ac9ef9841490acfbb7c8bf755d3bdc4d6cbda4f935489a9bc8798a0f25517b565ddb876ae |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 152caae39d93a6a5f147c7c24572d9e3 |
| SHA1 | 607c9cc4b08c7951f7e06a949ecec3efb667c795 |
| SHA256 | fbe65be30981f7fa33e9018e9277e9f7adab0e2c1eeae1a3d9b9c6699a08fa29 |
| SHA512 | eefdaa46b437a39cf985fec46063f4dc50cbc02cc4b35fdc935b1ae31f01d60757dca7c6bfc4a255abb2b610a1f4123ba617fb76567be226bac8880d133e130c |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 3fbc639386e9423779f033f112b9ae50 |
| SHA1 | 8db6dd8a5268cf8c9ea41a37c52f640351e35279 |
| SHA256 | 5044083ceff2f70fed6ec57dc65a053d276d6ea16b3e83548b314b58075e7271 |
| SHA512 | 1209bb3cc72a733ca03ed34dd33ed54d795ce2bc5120c129c1bd559b7e166ffbaa23835f053520eae16260f6f6da0f5922a3b85ae3268dfcd2c6a9dc8cead447 |
/storage/emulated/0/app.daogou.a15715/asdklog_s
| MD5 | fcf80d912bc8ba044109c9faafe62985 |
| SHA1 | 9f9506d3ed8966f090e1bb74a9cc8d5f4560a0b5 |
| SHA256 | 1fa416951aa17c03a00c16a54d8cd44e2933200cbe665025354245ec78548c01 |
| SHA512 | 819d47190a4f4779430ed67a5c3b18211f8dc2b1433d120ef2c0efd196f19626aa343cef254b4a67e9812c039f7e7299e4c720ff175bbb162637b671839ab172 |
/data/data/app.daogou.a15715/files/libtnet-3.1.7bk1.so
| MD5 | 0549c52a643d03f97e2aa48320db96ef |
| SHA1 | 7a6abcc753f542461fee47e69208703415171ef7 |
| SHA256 | d4ab9319618f92e17ac9e3664c470ea9ba3df089955d319eb3cff402f328aba0 |
| SHA512 | bd6546f39a9197608ce95f119d0146ef970188ef4fa67e6d90435f15eb833ee9d9b09abde84b101642fc58d705d7dd830c1de3788df320e0762f781aa4c76156 |
/data/data/app.daogou.a15715/files/hotfix/rocoo.dex
| MD5 | 68ed65a5cfdd203201dd9178dff2342f |
| SHA1 | 206f41b3614ead4ec5ba0dae6567bc420ffac6ee |
| SHA256 | f505e40d47e442d74b70199dbed5a6554c747ae911b045c91b80825c70bcc596 |
| SHA512 | abb1c049fa5da3b91f5e3c6dd7535f35964403df30fc1dad95db8daa5f7312ea13e95e2d4d5774443d57f302a2bfb787cd2cd717ad59ff16b632886b692572c6 |
/data/user/0/app.daogou.a15715/files/hotfix/rocoo.dex
| MD5 | 23c7317eeaae9f5242352287de943c66 |
| SHA1 | 3f8e988d5ea30ab56af5539c7f2b97bf6a024855 |
| SHA256 | c5907bdfa427148868d97ffa702226edfb15f26812ca62407786ea83e9d9f9e7 |
| SHA512 | 31e9c90438b900c6997d4bb3d09409872ef16e29a8f5535d462b6a6b632352e4a6df328e045af420d41fab221ef45a691232b2aec2e95c7373c96ef353a2d6e5 |
/data/data/app.daogou.a15715/databases/minishop.db-journal
| MD5 | 7e34a58a47473a882a01987455dd9a1e |
| SHA1 | 3f100be860984bbb945b6b5d5a4ecdfb5a30d9e2 |
| SHA256 | cb53fdb5b7efc5995ef5a9f109006d23cb54bc56bedd96b8ae5ca297e5f09645 |
| SHA512 | 4c06c838b38a3b8bebcfc3519beaf6af3f67a0345d123081979cdbae9475c5b7834ce5dcd04de2975ae205509a28f0e0934a748ab46c72e5c0b08a1d8de6c268 |
/data/data/app.daogou.a15715/databases/minishop.db
| MD5 | 7b943c9256108e51fea1f834f63f2824 |
| SHA1 | 23edf409cc8d3641f336af8aaf09a77768c6e363 |
| SHA256 | 7bad14f0d007194d4561e1f349a8d5a0dd63d16afde3270a860a0d174b1fa92b |
| SHA512 | 1083883781cac4c91457a0dadc6315dd28f0b678563c155398e6955f1c6246b6bab4a2ad9cef966a249c0911f2a7bef5dca6ffef4dcc6fbc0dd4be6c97a9d2bb |
/data/data/app.daogou.a15715/files/libtnet-3.1.7bk1.so
| MD5 | 90208c32c63fcf0acd187ba84a1e70cb |
| SHA1 | 7d25a7fa31236729bd51127e7eedb854c02f9e90 |
| SHA256 | 4c59010d394c397f8647687a575bac1255a39caa41390f70b1f98e04fc1c87f0 |
| SHA512 | 0c4e6118fc73cab57656b18f477511c8bdc5bce7987f56c9ba2f0b3b4b3437dca69e34dfec06300b5d20709158ee9a2fe235d8cc1698d441b4d736bcd5e87f16 |
/data/data/app.daogou.a15715/databases/minishop.db-journal
| MD5 | 082c5d1f5a9cb3a9c44c610ae8c1a321 |
| SHA1 | c12da46495566fccb3ee53ec9a64e7a119d849e4 |
| SHA256 | c44de9fc9b6e48d6198c232fadf44e1f37dcc73ba9cbfab1a26129f1f2f4b42b |
| SHA512 | 4658c6d4f17524f55dcc2146b5bd853cabbc0842a3cf6da5203b07ea0f7246658aebecb8c6e7297fa80de44cf34831dbd93d216855f7cce8a12edc8a8a271cfd |
/data/data/app.daogou.a15715/databases/minishop.db-journal
| MD5 | 7377c6a1f3074e8b9fe91c536946e93b |
| SHA1 | 91c3bfd80733a53b539e319c9f39713e2adeded6 |
| SHA256 | cb312dc593d6cbc510d3469f0d987c297ee54819287ed12e856af3e0e4036229 |
| SHA512 | 701ac95127f50c7b3d12c51cbd51e1b059279f1b8816bb7ee15f5e2cf896be39629dbac69237e6eae6a924b7e732088c743312612bdefff5b9baab30dc54a665 |
/data/data/app.daogou.a15715/databases/accs.db-journal
| MD5 | f3ac02de9dab50e74414383e86a4f9c3 |
| SHA1 | dea1b910cbd557002eee17a5b32c5128ca431cd5 |
| SHA256 | b6cfaee51b0fc8e04a9454b2c7f8189a5627889ec131eaa32f8773bfdf70c351 |
| SHA512 | 3bf9ed5b34b832b5f2e5e6d1a44c417dfe800fe0bdad02d480c007110d2ea86777894c375ffbff9ad5235a59e274a17370ae12f0b99e2e6de169351e4e0f4542 |
/data/data/app.daogou.a15715/databases/accs.db
| MD5 | d95e1280cc553509d7b5b7851398db12 |
| SHA1 | 121eb76ea37f3407d0f3b56392f6f67893fbe649 |
| SHA256 | 58e0eeb309805e54342d5ccb3f9006751543d5a1306898dad2c09048b294153c |
| SHA512 | f52c432894144ad581d36d447ed61ac50485dbc931ddd9b2ba5ce399642dcb361502e6492f28e05dc7cdbd5f19126bbc6cc09e62586b73bf449da950a6de1284 |
/data/data/app.daogou.a15715/databases/accs.db-journal
| MD5 | 50f3d63f4b9241e212be8ec20bf3e374 |
| SHA1 | 10353f506f0aa9dfab398275482eb42da167232a |
| SHA256 | be9049dfc1751c212273b6e4d07202e47cc7de289dd84d388a27675609056653 |
| SHA512 | dfc6dc641041edc77b5b77bda43ebbfd0eb6c0f4d55d05a7a914f77c58f2f465e8d29aa7e2c9773ec93a257154a6c779a6b165b8765a214aa154976887d8ff7c |
/data/data/app.daogou.a15715/databases/MessageStore.db-journal
| MD5 | fa3edaebb7726bdb88b0c43720a71ced |
| SHA1 | 5e31358250f0592aa226cf2ed6d3865655121160 |
| SHA256 | 3ad9c8117dcd2fc7f0da1991dcee55cf6a518cf3c909919f15a2c99982dc6396 |
| SHA512 | 49ee82775abbf786ee53517f7a11b027605ec0a9b1ec1d46db43684d9992ef512e5f74f53cab98cb25621a590829374d35ee8d72d91ecfe73f7f6f8960cac0a5 |
/data/data/app.daogou.a15715/databases/MessageStore.db
| MD5 | 73f2e9159e16d319ae692cc498fc831e |
| SHA1 | f9ae67728696bf018e0a992ccf0859b0e1333a70 |
| SHA256 | bf0ab38b45ddc6ba3a78cd09f4b0a1e1e045ec7c80f8e2bfa61d4e8a5444feb7 |
| SHA512 | eee0d628db7b8d1593259bd3d4ac19095a9b2172d61d325aa528d015de80398bd30c6b1d1108adc84e0b46d183df41fdcc6d4fb51b40c4b6f3c09149c9c29cc4 |
/data/data/app.daogou.a15715/databases/accs.db-journal
| MD5 | 5b325f74183d9c35556ea90bf5b4abff |
| SHA1 | 5f725792989d24415602c6c2bc0c4df34893e0a9 |
| SHA256 | ea889606b4e4f48251b01c9f6289a47fb0a9e74c76882adc35783f6285c99da6 |
| SHA512 | 053994377c4ec4755f422478754a6e26542d0989e0dc6965bb1f398dd2940297faf92998ae268e8afcb8f187e5d46b34c869989dbcdaf526d4544a2e382db239 |
/data/data/app.daogou.a15715/databases/cc/cc.db-journal
| MD5 | 29e83432f5cd1ba385df2da418354594 |
| SHA1 | eb7fc5274647ebdd46818507dc23cea052177740 |
| SHA256 | 0b4b08372c8a986cd7ea06676456a1ddc8a2eb014716f974a7e49db81b717060 |
| SHA512 | 369be9307b6732c39dfa16ff6b646206e96e8bdd10b16452cae48dec6742395f1ca0046039a2523bafff0611b35188f182b1286e7bca80c25c2c2b05ffe45d2e |
/data/data/app.daogou.a15715/databases/cc/cc.db
| MD5 | c889f808164eb60cc6dc1b007bcdc44f |
| SHA1 | 027d078fa4352d994e74588563126ad3183ce297 |
| SHA256 | 6a00ecc0e739709fa6910805a00ec6a4e1083289b6b08cf9e2c2ff779f35417e |
| SHA512 | 4a3c696888fbb743bd3861a3b831d4805bfb108c75ab722116a69f4e74643daa53231cde90db27aebec42a9339761559f4aebd321c9e549c9b465dfd2b146d8c |
/data/data/app.daogou.a15715/databases/cc/cc.db-journal
| MD5 | 190c1c32e5b5d7bba2dcb2306905ceba |
| SHA1 | 5da2b6244b8991e5cb5f58d184ea62c2751bc408 |
| SHA256 | 30468b2c713f00dfa15419331694e15fac6119d5a8f657f25c5786ad30e99dfe |
| SHA512 | d6ecfbcd8b7d90c57aabb67bcc09564c11ed0759836b30b07f7a6abb8dc562c5929b2d6643059520e9e2b833225c6a7577e7a81df17536bbac92b1cee12ab040 |
/data/data/app.daogou.a15715/databases/cc/cc.db-journal
| MD5 | 52ecb9d68d21ef8056dd70b02c35563f |
| SHA1 | a7f96b851668dc382142dd627a4d2dd269f5a5f6 |
| SHA256 | 732fee8210a591ea91d229dd53c3c06b4c5e407956b1d73e74068453f924b930 |
| SHA512 | 3e0d31c1079e743123cd50423d513702002f637caf6be449b6d27740e9033ad6e94c7335d930092973c12b73e7f860248d1d167596491fd681e69619e3e8fd4b |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 986218aa92b6a3577dc54e04855bf8d6 |
| SHA1 | 15b3f181f34aaa110c15aa2f7afce7b4ea1f60ed |
| SHA256 | c10b5f7304652ba121df47934fd1a5c5a950230264e3cd3a3e9eca79d5cfe424 |
| SHA512 | 1df538ef8a2d599fe85ddb15a9015701188cecfb25524851d431e570357e20bed6befbd5203ba3367338a3c5df7a54fd5e60799ccab828c7a34ec869bdd1a6b3 |
/data/data/app.daogou.a15715/databases/.ua/ua.db-journal
| MD5 | 26df41d34a465933faf1e00f3989a4db |
| SHA1 | 40dcc367ef7780cf61339d425a062fce701ef625 |
| SHA256 | ff12b41fadc9853a7221bd51f15cd07e1d13ca58b8d2441d749793031b24d446 |
| SHA512 | ac65074a7750aea4ca2932c351e190e2fb3449eca586f1128c5bd1b6cb67702aa2b2714014b288e5f653faab64c53ac7bd3888c97d72faabb30a88abd3657ca1 |
/data/data/app.daogou.a15715/databases/.ua/ua.db
| MD5 | 0344e5303fa6ca241a5d772222671eb4 |
| SHA1 | ccaa061a09236c575c8b48ba62290659e336d1c5 |
| SHA256 | 6cf56b92ab63725c52af1c659b4cc271461b719f679771ad4ccad65bcab3ac09 |
| SHA512 | bc4a540ed4e5071bf6ffba426b325373c0e805e99d29a7b98453e5919b91c7d213b83734ed3cd7367cf27a3d0048d5e3d36ab5380438595b00f7a05afab4a8ee |
/data/data/app.daogou.a15715/databases/.ua/ua.db-journal
| MD5 | da3dc35ffffaaa75e674a9e7965923ea |
| SHA1 | f656ba552918d00820c141bdc993b99ae8e0a6cc |
| SHA256 | 4aceff6bcc1519eda63b4b8b245cb46ab715eb6cec949b3282b771533b37abc2 |
| SHA512 | 50626167f1061398eaab170caa92f5c34c0bdb2523855af86a7df60b434f2bd1f4f38e77c49f7caf245c53a43cb5141535c1f3ae799f37840d4f70f1ed80f76d |
/data/data/app.daogou.a15715/databases/.ua/ua.db-journal
| MD5 | 5b8059a76c34a0fbaf2e90f7b639d376 |
| SHA1 | 494c1133ae7e73724025dd218cdccf3db61e82e4 |
| SHA256 | 9b654db7301a4ba22d34121b2d16962f7578ef225f46cca1cad7344a9ca3e4c2 |
| SHA512 | 9c4c0ee1f87c00db0ab0f4e2467084d01c7f46f343e0d0ff08784f8bdf4a1141ede0ea3d89ad00815b89927fd5e0d7f3ed160d5bcc518972411bfab569d357f4 |
/data/data/app.daogou.a15715/databases/.ua/ua.db-journal
| MD5 | 420a4303c5c07aa741aa6983cc9369dd |
| SHA1 | e301a07c0e7c4c400d3bb86004d40f7c5dfaeb6a |
| SHA256 | 207166004bd24235f2d54a384b1498216dd47f74c3ac4bc22fdbfc2c5ce3f092 |
| SHA512 | 223ff45a7252db35592ae7deb4c08a5c0876d9ce57ad7702ca78f9b44b335bee4061bb464de3e036564f3dc81d084da040c57ceae3dbc601363177fef0eb84a3 |
/data/data/app.daogou.a15715/files/WXOPENIM/openim/06-16_15_40_app.daogou.a15715_5190
| MD5 | 1cf4ee80906960fe675f92ff0ff78b86 |
| SHA1 | c93c361f3b966d7dd876fc297489280bcd1b2729 |
| SHA256 | de0c7d1f33670dfce05930c6a5149464f585c070c4e198bf85fe10f167fc32b1 |
| SHA512 | 7a4b8ed3d568d152b0151a425cc07693fada807bae19d64de854bb4fec8c182a64bc6d64845ff0b7b2a70209b6625376af6a00ece6477c58b7641bc898c4cd37 |
/data/data/app.daogou.a15715/files/umeng_it.cache
| MD5 | 68b7c738193280660c0b3a9edb46e1ac |
| SHA1 | 844fc1ee16ea9c57e77c02b1ccbfaf99153ffa25 |
| SHA256 | c6b8f24d1e2abc8485ea872d186d64c6894be1242e0454703eb07b6463addb2d |
| SHA512 | 365fcec9d5d803f148a8babdf5fc174c0232477b93185d611e11344372837fea8e1d03b12fdf60a636b345a4b5d10560eb0673e77658dc5a238fab5d03117bf4 |
/data/data/app.daogou.a15715/files/.umeng/exchangeIdentity.json
| MD5 | 02340c6a0cdac5428edc0986abed8cc6 |
| SHA1 | 5d32da472dbb692c2965ac2c0b41d1a78adfb7b6 |
| SHA256 | 09837b6fbf64afc5a6584aff48bd3f867ff01cd9041ce273025be9de30163ea7 |
| SHA512 | 65c70928352d9ef939ec7d8bb39c38390921367dbba9c906f3df70777cfe94b64329121263941b10cc5d9a393078b5681ae7cdf571a135df9b971fe5b49089d9 |
/data/data/app.daogou.a15715/files/exid.dat
| MD5 | 036634a6a1b58fa7d012f90d053c9ed1 |
| SHA1 | 1e2a8d9075d0da179e3d212c1714d70b9b4d5cb7 |
| SHA256 | 2af0428f8ff45319f4764049060cfcc7f6cd82a9ca170d7d085b491198956d83 |
| SHA512 | c6a6fb9495fdcd936701fb722b09db23d028bf60bff70ccf15df322f4e6d189ef7ebdb43b03c1d9aa3a3cf7c6a47c9729d7a28b69b5a96dab583d11104e623bb |
/data/data/app.daogou.a15715/databases/.ua/ua.db-journal
| MD5 | ef7e1306ac10a27882533011f93ee629 |
| SHA1 | 560ff7212df97024aec6fe90bf5a2379ed19640b |
| SHA256 | 2fd86561dad7b231c262c90593c91d81c66b7243e094d60fdabe8c7dc71a3ee3 |
| SHA512 | 81a1d521c57a2418325ac43123a5c5a55ddccb956c84955cb027230a2b87458e07ff43be95ab5686dc3f580df2e5a1e529db961da58f9bac85e4118911f3cada |
/data/data/app.daogou.a15715/databases/.ua/ua.db
| MD5 | 38564ad4c73e5619bc2264b0c44997a5 |
| SHA1 | e55f6fe1b20347ad4cd58d77af0b0feb149f63d0 |
| SHA256 | 1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8 |
| SHA512 | 30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d |
/data/data/app.daogou.a15715/databases/cc/cc.db-journal
| MD5 | e488aaf555448e43588f6c411f90286e |
| SHA1 | 88238df6873ec9ac32813d16cb7d2dd69a569709 |
| SHA256 | 9c83271a11b5d6d147a06e8b25defd276e13893adc41743f72783de1dc1db1f5 |
| SHA512 | 279acf3df938ea5a473a5f6b77cb0bdc68ada20d454a308cf4187f19c11e6f30684e5404b7d9b67eecaa31fe391717a5f0979deccacf7266e8e9611ec18b4914 |
/data/data/app.daogou.a15715/databases/cc/cc.db
| MD5 | 67c12933d1e0e63d9801a6aa43092ce7 |
| SHA1 | b6936908554e4a1986b8eb08289e2d3545e8ff74 |
| SHA256 | abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40 |
| SHA512 | db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd |
/data/data/app.daogou.a15715/databases/cc/cc.db-journal
| MD5 | bb083fc415a63a3d09e9a93f6942e4fb |
| SHA1 | 57c6a918a27e4fa096f3d6af2c1aebf5710fdd32 |
| SHA256 | 62ec9b9ee7099f66f4f46d1495a932ae01ad00c849e9274c8462926cd40f01ca |
| SHA512 | e0e31c4279bceeeda463ec19b59156fc627566690a9fbb76b2374931958f9eac5bbe60d3218a3a9cc359f46296b4c6c1bc69f1f977ec4391f66f39f91a110ad6 |
/data/data/app.daogou.a15715/databases/cc/cc.db-journal
| MD5 | 51d89b8bacb93453c87d71d6b0376cfd |
| SHA1 | bad669eab5c4862bf9b53f62ff353baaf374e4ac |
| SHA256 | b25d2f9cffd9a10372db676517e76340d872337976579c2b97ea11bd5166e860 |
| SHA512 | 47fd3fc14e6a057315ffdceb659aa48ecf5b6e12820e910e3e04a1f01eea36e0d8b2fb1cc16390fddcb49c23842bcdd377d081e79ef0be44ebb5e4160465b3e2 |
/data/data/app.daogou.a15715/files/.imprint
| MD5 | 0d73cf559bdc3b33521529c679916936 |
| SHA1 | e74a0cc23cbcae825c22abf0e8d7cfb57e3eef03 |
| SHA256 | 88f6a91884aff0784efcf2d5637b0b582eeae4b647f3349e519780ca1adff2b3 |
| SHA512 | 8837c48e6c2f312c81c12e0743d6fda2fcfbafb409aafe52631b3917f0765a3ce80252463d608df7798136b21d945ed546c08115f68f5d7a6427370af1dbff7d |
/data/data/app.daogou.a15715/files/umeng_it.cache
| MD5 | 08ac457064f02410ed99eae16a6c7846 |
| SHA1 | 3e9472d243b6045c80d7a01845b65044c3fc5ac5 |
| SHA256 | 684d9576b07ccb08cea2dcca6e4a324ecace045bbf0753dd908f3eda29dd9033 |
| SHA512 | fc3e40e8b1fba40526e08466706239992ed14aed9907114b0b018b089a4d499f14bf781a5456ab9a7c7f88a431bbe875691e2ace8a75d22c98ceac76394fc366 |
/data/data/app.daogou.a15715/databases/.ua/ua.db-journal
| MD5 | 6cea8f620de3042ea105f122f4cce4b0 |
| SHA1 | f321b8920e24c25483cb24dc6ce716f919cc515e |
| SHA256 | e5cf3cde1f7d7a2f69d5405c88ba15f06b8683ac5f8b0035f8e22ad20cec7df7 |
| SHA512 | 402969ea91e8db3e13b24c76ca0ea13142081e6c8f7eec4170f33a483399b299543f52b0e6b8b7c8380d3a389de979e76a4d51618ea478a2e093bf9eebd7a35f |
/data/data/app.daogou.a15715/databases/.ua/ua.db
| MD5 | ca864df95eae2625c36abf09886f5b60 |
| SHA1 | 2e361a2272417710198c3fe1834150bb2748d6cc |
| SHA256 | 2a21c061c79a37d717e87ec1bacd367c47e9e013c218f1e7eed324ba32a689df |
| SHA512 | 4e689523b2b638a36fb86c76434f6652745396b0683a236345d0232b5988123721e6ad2ceed97333716fe51a4cc4566cdfb011a5a7d3c764d69b4394cc33b7bf |
/data/data/app.daogou.a15715/databases/.ua/ua.db
| MD5 | df6953d206aaaf96497b804389097b3a |
| SHA1 | 0917533f93262e6ba9b7a2bbb7d1c6cf57d34306 |
| SHA256 | 398b1b14b74f843837da4b429351ddff7efc8f04bf974308b77c735febba528d |
| SHA512 | 9850a27a39d8384b439b5e62c81eee61e728e689d3257bcb1a9abe9aac153ac4557c390b9bb7f9d457af51c8928e5fe8d92071e7d45d90b523d43a4a91416f1d |
/data/data/app.daogou.a15715/databases/.ua/ua.db
| MD5 | 8fe50ca9739885db712bc1e443ae873d |
| SHA1 | 9f0c2f1d644e3c485a883ff32caacce782f27f27 |
| SHA256 | 41aa3fcaebcc8b5f0c110a3fb2e938cd366d3b516255b801bbffca6f81e08365 |
| SHA512 | e320e133846d02cdd17d93ea523205aeddd920e98b0a77637b3c0e90740bb774ae2f496a7f64fbcb15d0b66ba683e012836929f6a32c0abd299d370dfb3ae8ba |
/storage/emulated/0/Android/data/app.daogou.a15715/cache/f4fb8da1d56145b3bd08b9306ed4ef6d
| MD5 | 4c5ae375bf77756d68dd189ac7b53247 |
| SHA1 | 063bb52a56ba50e54765935ab7afdfa04f255eb9 |
| SHA256 | 2c7d12eed5731486928ed0933bc227df60a1b80cff4a8a07bb470d26255a598f |
| SHA512 | cc08aa830532ff5bb147153c52f9499c9ed03fd2642b87a55e435897d2968699ea6249025af19f7f54a4ef986b3e54ffea8211b608361a512309f8900ab622c5 |
/storage/emulated/0/Android/data/app.daogou.a15715/cache/d5063edf6469456bb7e14f51127f2237
| MD5 | be6a4a69f150e4109280e82f023b62b3 |
| SHA1 | 9f46d31db6bbba02f30b34f1a21f89e70adbf068 |
| SHA256 | 2dc0f88f7f6ee06de2bfe53ce5396954bfc3792daed83d11a912bc9a5f2f4d18 |
| SHA512 | d1a25e884996a94f9363634487fb0e3e962da4c41cd599171fee562639863476dcd330f621a650d7997cd8d7ae4c4449840c11d51becd5e914c5d96527e3b492 |