Malware Analysis Report

2025-01-19 04:50

Sample ID 240617-v8ctaa1hmj
Target b9311b6c1b7a3f8708fceabd8511f53d_JaffaCakes118
SHA256 da7cf926ee4c9581f1321a9b1189edaa25b88af7aaae40ef8f290ee04570d897
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

da7cf926ee4c9581f1321a9b1189edaa25b88af7aaae40ef8f290ee04570d897

Threat Level: Shows suspicious behavior

The file b9311b6c1b7a3f8708fceabd8511f53d_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Requests cell location

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 17:39

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 17:39

Reported

2024-06-17 17:42

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

189s

Command Line

com.lch.siyun

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.lch.siyun/app_libs/ymdex.jar N/A N/A
N/A /data/user/0/com.lch.siyun/app_AdServer/AdServer_asset.apk N/A N/A
N/A /data/user/0/com.lch.siyun/app_analytics/analytics_asset.apk N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.lch.siyun

com.lch.siyun:remote

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 sapi.map.baidu.com udp
HK 103.235.46.245:443 sapi.map.baidu.com tcp
US 1.1.1.1:53 7013.ndktxt.ymapp.com udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.245:443 sapi.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 alog.umeng.com udp
US 1.1.1.1:53 sdkconfig.ad.xiaomi.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
US 1.1.1.1:53 dns.map.baidu.com udp
CN 182.61.62.50:80 dns.map.baidu.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
US 1.1.1.1:53 dns.map.baidu.com udp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
N/A 10.0.0.172:80 tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
N/A 10.0.0.172:80 tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp

Files

/data/data/com.lch.siyun/files/ver.dat

MD5 0d3e99204c6401ea499fe9e6d9855497
SHA1 09829f00ca458eab7374d5079393a2cd69a2348a
SHA256 63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca
SHA512 8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

/data/data/com.lch.siyun/files/cfg/a/ResPack.rs

MD5 4e107bf4a532202a20830019b6411310
SHA1 22afaca5f575e2e2a5f9f6f35f2b95e78aa75812
SHA256 4757ccf9a5ef0b1bbcf74f134d797a8b2f0f5edfefc3daea8e85c46a914ce7e7
SHA512 0488f65d5ebc2820aa13a9abbffca16a2c507f00101b468aa526a404ee136a930a5fd06995287a8c70202e11652474508e2a99cac72af86c86660476e2e769bb

/data/data/com.lch.siyun/files/cfg/h/DVHotcity.cfg

MD5 eebb0f87771db012462b6bf8453983ae
SHA1 dfeca66026b99875f8e4ffd6a4b631dfd2d33074
SHA256 4428f63a2e4b857d33c7abf194dbf30c13708befca0d3666c3c0ba2600d7770e
SHA512 af0135205af566f71f90fa97ae00c03b4dbd58fe844b0e6c5dd1d7124b4c6709325f99997456dd9e23d3717d0c5e76e07de684a6b3e9acac5c6625fa2bbd408e

/data/data/com.lch.siyun/files/cfg/l/DVHotcity.cfg

MD5 6bb427a4f42905bcde2caf748c27cb14
SHA1 94d6855b2b0e044cb19b31325d2350efee218363
SHA256 c3dc26f1bf29d074c664ede614803a814e3434a15571a88d8b80757df144255c
SHA512 04f40c284c2d69b2f930a2a7987da67b6b8316bded35cff100afcdf10f5fc9d078ed596297d8d5204cd6e14c5a1d47d8c6bb739933b0b90625b0d920912741ae

/data/data/com.lch.siyun/files/cfg/h/DVHotMap.cfg

MD5 c16f5ca1517683c46e02a6b71aab3c00
SHA1 2d09a048d1b8d556d89d4d723947e9e234b5e59b
SHA256 13d4fbc0d1cb7c2761641a3632c440f6f1d919dce731b8c32cb35e652b0b39f9
SHA512 a692b79382747548fd8be8ed94c06198b143c167be1e96f60d8ea7ee9432a0eb1a0cd73d0704523e487d59443bf7ad13eb36e47b67864e227917d33225e3e62b

/data/data/com.lch.siyun/files/cfg/l/DVHotMap.cfg

MD5 f9ba3af78f0cccf3154e61f48d8e5acf
SHA1 5aa59a3602d4452ed0cbca87b166b65baaf9ce60
SHA256 75bf6364a9c370d41c764cd2fa644bd6fdc00debf57d1e29dd0915c1edcd8c38
SHA512 10230915c78b628fad1cfa7047c9538945b47d5fff9f303550c4edcb07f85b8140c1c79105b32b5e7897b9eb331bf6952f96cb328dd603726118f6d1cb15550a

/data/data/com.lch.siyun/files/cfg/l/DVDirectory.cfg

MD5 3a48469c38a3f84b50d88bab5ccb71d1
SHA1 c7c7adf1f98c0c9205de43c7cd6ddcba1b6c9322
SHA256 d706764e664d4c993d58cf4d78a852b8fe6d2a2893b62c764cb5655f879dab24
SHA512 2f2feca1765fd19e6dd07f5f079ce1b37a2627ed2caadce3dab8ab0b4bcbfea23aeb04b3e38ce8d1c19943d0574a89d419574c83ff47c821d965f4a302fa6ded

/data/data/com.lch.siyun/files/cfg/l/DVVersion.cfg

MD5 fe8f1c934be4549dfb77a9bcb47aa73c
SHA1 8759132c172bb21a0e008465339ed154a3144454
SHA256 6869032e2b2ae124ec4d47c7892f0965d5315f72ae7ab7346baea4f1d4332666
SHA512 3607a64be00811d9dea1b4f4f40c5c4dee87aeb9e356d16f41d0bd54807cbdfae2f5451e6c32041fe9cdcc8f76fd660b9ade5b898beaebc6ac37c539fc9b4f7a

/data/data/com.lch.siyun/files/cfg/h/DVDirectory.cfg

MD5 da13fa56f5cb9e5a066003ec5340858b
SHA1 99c4f81f1ecc159382b9ded5642eed0321adc330
SHA256 35c9b5570ed3340b94bb44a0d0c018c29bf8ac3e5f34da30938599c1c9e4d461
SHA512 9d497446a9683104dd95884cd9cf767d41d153d5349535b7a62c53d7741b8af6b7dd2715127872cfcc2d329181e6cc256381b6412493932ec4a08b48a6bc6daa

/data/data/com.lch.siyun/files/cfg/h/DVVersion.cfg

MD5 c1e36afe1df8251fc728c29daa73e2b4
SHA1 16095dd084e835a85abc4eb31c79b1e06f99aca1
SHA256 2931f739e4c2021114d4f80dff658838ec107c98c2149298599e81bb2736cf9c
SHA512 55590806bbb84348c851eb50e1cd2a891f520f882f8a1681b6becca3bddc463032b09a86a97863ffa7bafe34670f780fa01541151bfd983cd7d3e25a5afa1741

/data/data/com.lch.siyun/files/cfg/a/mapstyle.sty

MD5 46a9f9a5221dbe4ff71bfcd2ee045c5c
SHA1 915cb3bc2f0096dede38afc1cd7f09c8782360a9
SHA256 ad3067eb308a9420b727b4f24dc5134bc75b36bdda7a7a7c5651090698dd10a9
SHA512 185530752b639d743f99e28369f75626900420dccf598a639065ecb08c562ff98c4a1f6abbec9724d1684ed053774d60402cd2f20e3586a534c8715e7cec2ac2

/data/data/com.lch.siyun/files/cfg/a/satellitestyle.sty

MD5 321c71c51fb267aee7197c59c0b0b568
SHA1 5c7e6e8ba18ccd952e7389713e3e93499b9edffd
SHA256 41842f13a942b4955823b7ccc2a82cdc135f89e90f8b32b63429f211da72948f
SHA512 686ab9e41761c81e91747aae04b3b1b8bcb4111ba6e452f9452ce2eb5ba99e57affe1b4bcb712681251545f83f1e02acbb8c6a0675d1ee3a9cba4299f9db31e9

/data/data/com.lch.siyun/files/cfg/a/trafficstyle.sty

MD5 24ce2ac1b8772f8e22b8a2114c7abb49
SHA1 ea89c433b50d1911ac974f99a904233aa87ad746
SHA256 cd38c082df65de045fae51fa8f2e4f6e4410695cc4b8195d75d71cc4c439ce3a
SHA512 7671b9346cd1ac83b6d1923664de0472f31657125d568220a93eb77376c1adf6f0aecefe82d2deb94d4c7de87492e23af46fec65f70c568b76b7a2045caa67ce

/data/data/com.lch.siyun/app_libs/ymdex.jar.new

MD5 d52bde525a1ae70ebbef5d28c1964f8e
SHA1 2bbacc85337324f0a1abcbf091c55a00b870e260
SHA256 a102b73c112f51d7b90797bc5de94e9752c735f4740520ac82e23ce21c375e7c
SHA512 7314bf538f9ab5501a3e5704174962f1701c8209c9ed4b007e5bf4428284d48ac4d7961a515b99198d521bd8e3420d2e033d4d7b9debcb120f424c0d4fc4b62e

/data/user/0/com.lch.siyun/app_libs/ymdex.jar

MD5 270f1117a0f71566be6445028d8110e3
SHA1 d143b713f959aa12f40b9ad5ab0f7e8e4564de6a
SHA256 57c396a148eec347510af2f33a24d594ba6a1433624541edaca2cd1324cc0eee
SHA512 ea4553990675e7ecb54438ce918c3eb1a15b72749dac7123c606cddfa2c8a1e079ae3936af89943cc72fecd92458e7b388f6e3d137bc170370aed3f4baaccb80

/data/data/com.lch.siyun/app_AdServer/AdServer_asset.apk

MD5 d51f93d131f5b51a4e03ceae06960f47
SHA1 27911d73dd9950708620406b1ec3c6a274d4e8f8
SHA256 adfdfa5bd5e2982dc87f7cbd2ca6ffa3cce5b883d4c5e7c0d2eda2a70dec0922
SHA512 4bfce1fc3d468dc858d42abd53153519a42230118983b0bca1d03ad98a220164030ca972ef8e911a41916c148dbc240ed88031e25c4b57fe240539fc7fd6f12a

/data/user/0/com.lch.siyun/app_AdServer/AdServer_asset.apk

MD5 e7d2682528b51e8ae1cb1d91a7913c57
SHA1 cc326d43d258599ba87d3d2f8875b457321c9be1
SHA256 359436d5adbd63d39cae14794d286029b2748b9d5374f5dc534a1979e50b25d4
SHA512 ad02c9eb94cef33d5cda815f9ddb14f60045c95d68d3a882754206250eec1232dd0672b0f325508116788129d6fa7a2825c717b6feae80d690b78c9b38818197

/data/data/com.lch.siyun/app_analytics/analytics_asset.apk

MD5 d2e90bb505f20fc73baf25805b0273aa
SHA1 240fbbfda194a65761baed6f3546bc4c744a1850
SHA256 77060ad812f5e6e9e896c39bc548f8295238eaa9941e1986e8e024e7d2114309
SHA512 c2ef3f79b6cfb171b0904ff8138238cbf985344d91d6d9ec35472d14233d1b108cc0234259e8286cbb099747cc8d9d2f74c8c7394ab3a6dcfc2cc95e168c8c85

/data/data/com.lch.siyun/app_analytics/asset_lib/libanalytics.so

MD5 cd1cdef06a5e2a33c5c9e7d4a6cb915f
SHA1 8df09fd32c4fa6b821d9dee89a4fcbf7d32b9b02
SHA256 929c2b04d1495dd1a8b8b72552daedb5d8c385526fac224f5e3c466f748467bf
SHA512 8518002482356e5caad64d33f74172f13fdf3150a05d3dd20662bac8e3ff3e95986a5a7331fc60753d6db8eb5aa3e0779127946505d1fbd03e197359203f88f1

/data/data/com.lch.siyun/databases/f548aadccd8ac704507ad80aa398a12e-journal

MD5 87847c75cd251c9c55769e46d0fef203
SHA1 d29b89dabff1c4fb49bb7199db48dd917120a59c
SHA256 734db8848c0f8c757d78bb8da5564fbdf1333d157de2c4e9def03537f1172674
SHA512 16c479976cb7a807cc13d2a7810257e56e9e4c49b8707cd1250a5aecbee201b2923ee5344a7f11738f35f434413db6f9d50125e6e35676bee406ab8b1d03fe09

/data/data/com.lch.siyun/databases/wsUL1uCdKvjD-journal

MD5 50722255f8267bf68b97be76e36f4049
SHA1 320a386544cc983a91275ce2d0c5d98482890a0a
SHA256 fcc80882ea6af56e46768e42d6e2baaeba63d50fae2811907c65f7168e1af8fb
SHA512 88ca5c6788a56d7f4f3fa6e5859b8adfec3443954b689ca6b5bdae2a528e9f45fcfec191a39095f9005afec23fe10ad228f023738e5370e7a7f2de1ff250823f

/data/data/com.lch.siyun/databases/f548aadccd8ac704507ad80aa398a12e

MD5 6c217ed0bac8d2f91b30b79d439f229a
SHA1 9ba63c2aff1bb2c70250a9dec1f4893d2ecf827d
SHA256 344d6a8d8632f380bc914af9dc9f0296429a0e9fc273e68e57870032bded5720
SHA512 fa9386f1a267171f8c80095633baa7aaad145986608f9bdf15c6708b2b50ed19359f98f9b9ff395ad26e361a85cc9e26495b23ccbc1befcdb03aacaf167d58f6

/data/data/com.lch.siyun/databases/wsUL1uCdKvjD

MD5 59413190ea19211285b5c0fed44c19c8
SHA1 ee67b7590047c3c17309f6e6eed48556aabe4c92
SHA256 3511c95f09883c65de19c3be645faa921aa3baa92d21b5c284133da349158e2d
SHA512 6a65fc51ea3e163ed1da558c2f4e911857ab4d3b15bc27135a4639e8fed9022fd6d89b4dd39a39b3bcc69060d7565f68ef23bcde4e622a2dd823e9fd217d314e

/storage/emulated/0/Android/data/.dataycache/i42d45df023jnkdd93la483f9xGFKXI

MD5 3c33e392d0bcb15294b1ad95f8c63ebb
SHA1 c421f448ddb928f9dc78f160cfb642b12cca03dd
SHA256 ec795dcf5ce8a6cbccc2078f0a90725cc74b4aaabca0a9535e99d752235d0e81
SHA512 1790a4d4303d805dfa8a6a3a5eaace03abe0cee255fc62b603c283901e46fedb36bc3fe466fb34f0cb181d4221043133a061e498b8c433513f315791e51d121e

/data/data/com.lch.siyun/databases/wsUL1uCdKvjD-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.lch.siyun/databases/f548aadccd8ac704507ad80aa398a12e-wal

MD5 ae50ea50986ab99e0ea7bf8e62c41330
SHA1 9ae687bdf89fc8dd005f34c6d1dfc906e3e1009a
SHA256 f54e854d0db42b01c6fb294ff5121bc8a5676884b47ef44509c89907f0a8a420
SHA512 a89f3921d9d4b9f873ebfd47fe5e559c2cae28dd5c4a3fcb03cdce0f2e4cce2f0e614642361621cc87bca0650e69151b34e4c889c53f9c7cf1daa47cb660dc22

/data/data/com.lch.siyun/databases/wsUL1uCdKvjD-wal

MD5 7a2565f0840a7192632cb485798a5dfc
SHA1 0f84719d7b1ed99c728543011090a29bb7575d5c
SHA256 9fbbd7b5c25475cb5a66ff2090d83b43e18a5eb6134f2d3953a801010799e4b8
SHA512 953e1c1f912172be61f94163dd76b421065b108f09984e875b79ebfdf995a1b9df7b5aab0068d1cc9d438086f357a6bc92f9c6acffc83e3004ef5eab314a2621

/storage/emulated/0/Android/data/.dataycache/s92TjjdfoP2n3o9dfji2l9s1olkjf0p

MD5 95058d3fa3076e4fdbc058e18d566e0d
SHA1 f6082f93a9c0ce4565c1228e61099d1b3b4f1c6b
SHA256 a079ab1b81730bd46de6049424ff404e37db84d47c48c5dae619911c9647f299
SHA512 2bee197091f0e83989094b48f1fbcda3d9af8f9f5bdeb2716f3d659f99e97167e3863d1cd2e4b5e1537b866860ba016f4d7f9005e03e3f2d0c1dc3b2a0b264bf

/data/data/com.lch.siyun/databases/jqIqJYOT3JpT-journal

MD5 fce45d2b8edfcdab983100040c5d2d48
SHA1 db70c2a7950141f316ba2178e24dd621838ef9bd
SHA256 3af17f2afa870373c5d04b362fb02da0c2c992e864aa63f734d65e7e6cb148a9
SHA512 ff28bd0a5c61261ace2efdd4be2f6c39df6442101a8d0a48f306d1088c89970b53cba28bfb6a3f39fce81e1e9113e894ee29407d9ad9116edc098e4b578dde0f

/data/user/0/com.lch.siyun/app_analytics/analytics_asset.apk

MD5 6d363f8778efe0e54f37ccce23d16fbc
SHA1 11d186169520c633d09a1a775747ed0fe5181c55
SHA256 b1b9b928f020d1ecd232211f2733dd1fc640f5101db35794ef43dca96766aa55
SHA512 e375c9d975e4c44d7424c43f7c01cdb5db474a71c4658ca1a021a5cd3265a8e5027f671f3d04ddee962a34f65ae4eeba5c45c36c286a8016277993a1d6931cb9

/data/data/com.lch.siyun/databases/jqIqJYOT3JpT

MD5 9c37108c041a67252d4fb5059436eb9f
SHA1 f65bdd652f9b2a098993d2aca0be2578e8eed20a
SHA256 f4a3fc85419d0e98a0312af88fdeadf75bd9969460820043559d6ee45e7ace55
SHA512 d7b92b0b4900439a28552339cf7e80e2937887c7de796e10df0bec393d136bdcdeae47991133a5c144547ac2ffe484b9c99e60280246858f6ae9b8529c5d8548

/data/data/com.lch.siyun/databases/jqIqJYOT3JpT-wal

MD5 ca83a8bd018ed4e06bbac8ff63490779
SHA1 ca30e6c7608b2fb57ea8c00b72984be89847fd8d
SHA256 d2857b70b680fd2b83c54ca86b8e5de4e32529e6243d9bb2a4b995d3978279ab
SHA512 04bbf1dd363d8a323e561a0213d8ccb01888de565a1814446321ab8b460eaa954f7b429d449378389870e309782f4e72a6e297eb5146ceac75fad2a4f31d0d96

/data/data/com.lch.siyun/files/umeng_it.cache

MD5 297d6efca2f86e0e274d41593cb9544e
SHA1 ccad00ba927ec99153d57628fa1c342e7f5298a2
SHA256 ecc2c684968ae35657d4b1d248994a32b5b9a93304150888cf34889d560e76e4
SHA512 0d99cd05489245e83b723c67ca026eda2888c579da3c02b57f0e09a0fef8f51d4796db6154c5403f5615575f2dc0a5b64b2e15f2760de94676388166706db2cf

/data/data/com.lch.siyun/databases/analytics.db-journal

MD5 7e33af2002c956225e867093bdd54ee6
SHA1 e90f2f495ae2de21b3a8071a822b77ac3f645002
SHA256 852f2324bdb47977a91a815baa594b48fb00a1feb52a116614c61895273a4175
SHA512 ad0ee88b4e0cd9d3751311e04bbf15f75d43086a5c0f228449afbf9f4f8d9c551049f959983ffe1b863f518dd8094bed72c3aabd9a7b1b449b1419824340116d

/data/data/com.lch.siyun/databases/requests.db-journal

MD5 b1fb06eb27f004acf9d7481e949a1bf7
SHA1 1cb75db27222bf449474ce7465a5e3011102b894
SHA256 7e6cf4831dfb718094d67081aadb210bb1678e7a151dcbe5b245c997e1d87e56
SHA512 dd4a483446b1f1cb0340734d0aa2c42d3beefd15e49039fbe5d4d985ae78d68d680336cc9c3e8ec0128984e455bce77a5a9d857c8f1bef218af8c868f5c0c271

/data/data/com.lch.siyun/databases/requests.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.lch.siyun/databases/T1oX0rhhuXWt-journal

MD5 8de27d12cd9f910d8d23838454ec5ae4
SHA1 d4a8f71abe28468e3cb63cc809626d35cfc1589e
SHA256 d07803bab3b1811275988a17febd66cdb9be4a8f2e6141583d8497d05e893873
SHA512 b641c346b8aacef301d1ed95e1ed5a31b1ea7db56be97b0d986cfa0d691c084270f3a97c79254cbb17d1374a61f665a514fcd60d0181b9fff0eb879bbb38a844

/data/data/com.lch.siyun/databases/analytics.db-wal

MD5 79bd45b3149f6fac8b6ef3dd2867a5b6
SHA1 a9e1043f6483afe3d3b8bb63d03555c175416bf4
SHA256 11e567dbdad04a22965e26b33780b7ed9f25db42187178af8522b6a9a03c68aa
SHA512 b711eecc2b970800ad7763700a54b6fbcf5ad47ee36194cddc21ec8b05d2e61f76f0e7df46ddec0808f4d68a9275a6fb6772bbedca3262f597639921eafdcb4f

/data/data/com.lch.siyun/databases/requests.db-wal

MD5 f825e22f1a17f2efc27e434f94e18e73
SHA1 384413487477cd2e22d1a3168221a2026615a236
SHA256 fd4c080e66982ce8d533330cd3b281fa0627c1609564a85ed43763af710a7974
SHA512 941e16c29b85f974d62707058c9d29b52fff28bf8d63efd2c9f64641d861c12c28487f20fdea2633aac1320e40629c1c20f32b2357e5d4d31a08cfe31a7b64a2

/data/data/com.lch.siyun/databases/T1oX0rhhuXWt-wal

MD5 acc120610407ed0d611cfed390419e67
SHA1 47d2b02e831a08336094b436065324ae785b2636
SHA256 cd8fcf2decea47d7681ca94bc6709528b2107a8481bc15fc6ae2955212b3f97e
SHA512 d200d484da8c57820d61b3a9a51f5db27397b81aa58265c48994df877e254c0eb216a9af989d1ae73825d9100e09b8496aae3ba0138a7129a4b5e97204076dd5

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 d98919897526266a817e8f4e1b2ddea6
SHA1 52aeb96a309006d9e762fa9f71612de76bca145b
SHA256 24af6b5319a6f4c6f107cfbaf94de70cd50317072bbd739ae9035fe223730b36
SHA512 045e100f504892168b81d360b02c7b248cee4d5176420cd64051fe084bd6fcb506067b807e9c3a4608df806dbff57ef3e764440561cd60e175e14846e2845b8e

/storage/emulated/0/baidu/tempdata/ls.db-wal

MD5 f110b75872eca3106d5de1199ca4b161
SHA1 4b3aebc5a6078bf6cf353f8ee5aa22e368d0f25f
SHA256 559de10679565a3842051f534f993244286fb2ce350468e0434b3425b2a288cc
SHA512 e3689648134ce67d98015ea139d87595958fe747900bf7c5d22d39453b565ec7b48a3f564a3d863ae3bd1d86bec319a687aaff9cf07e3e546617574510e490f7

/data/data/com.lch.siyun/files/mobclick_agent_cached_com.lch.siyun33

MD5 0618ce7f553480381310a8f6bf02e124
SHA1 126bc5488d9008a79dbd49eb0b3cff50f0902913
SHA256 0c6c32f37c506ee8dbaee2ab4e56012a4847ecb1fa39f4080ad83f049de3d3a9
SHA512 c65ecb14a16b0fc083d4903b55993c6920f44e3587ff51c8f8ada11310ce34e21592089a9ebcf07bfc969f5194c53bb8ee3ed60341adb6b1bb1235248f037193

/data/data/com.lch.siyun/files/ofld/ofl_location.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.lch.siyun/files/ofld/ofl_statistics.db-journal

MD5 8b949637455b864398cbc05dd77648a4
SHA1 bac3c534d1fd4b7143e20e74bd367ba1245f0ab5
SHA256 70b2b415a7fce6dc814f90de52736ed8dacde163a2e79ddd7a7d3f66c9cd2bd3
SHA512 113f3891c16b5d0e7d0dbab9bbc5a7e9e52ff5cfdbec1b50506604edbaaec2b5665ded27b202ce6abddd347c868adac7407a46b2e9276eff013883a18405adc0

/data/data/com.lch.siyun/files/ofld/ofl_statistics.db-wal

MD5 167277037507664ba5abd905ee63376e
SHA1 a5d4e253241721cfe2f893dca6957999ff348d9f
SHA256 07ad2452a06523377a25d6133a27adf073186cff769ecb8eed2f8bd6de4d0416
SHA512 fdd97f81035d61fc5b3f3a39caa9c59d3590f8892ddf3756200c24011c4b4876bdab8ce853a7751070457479a66462789609b8cce0e8d05406d7a989f894fe9f

/storage/emulated/0/Android/data/com.lch.siyun/files/baidu/tempdata/llg.dat

MD5 aa9ed28f589efa8e539fb7e52d17a432
SHA1 275fddbf80da50d2e1705224a75aa3eef0b21376
SHA256 d8749320bd475619b2980239d63215a21c00312c4c6af313e65131595e888c52
SHA512 b7f09ce2828477de7ae9a7061d9e6d1c0f654a4604ca7a013bf21ef06f3e3dd34c58fc1b68c347cb96b965961ec8e62b32639a0bc5c31b225cab0364a86bdaa5

/storage/emulated/0/Android/data/com.lch.siyun/files/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/Android/data/com.lch.siyun/files/baidu/tempdata/llg.dat

MD5 f2355890aacb29bff44bb3be2e08e92f
SHA1 f6849a6f38ac8ae61f08c41a84e5d91d0e0dcc57
SHA256 f9a6869f4ca8819d4684aecd58fc1a66641cb8dbcf0ac8e9cfd25b3451a44009
SHA512 5f5d4b746010dc1648e6064adfcd0cbae4df2067ac927d1984198369bab75156b66e0ceac7a77cba48945e0c0ae2032cd39c12c17b97679688e7797ef2bf5311

/storage/emulated/0/Android/data/com.lch.siyun/files/baidu/tempdata/llg.dat

MD5 b2665f877f90620c26c3a5fca1d43632
SHA1 90ff58492083fcc01d45d1e4efaeb1fbafcc67fa
SHA256 9db5526982ba4b731f9743b73e845bc6765271a469523cc8250118b3f8e02a72
SHA512 15074ca676ab71540a06c12bab3e147d336d7c4931426153dd50eb02a4b005999917056ffe0ec39fc9fa8ab46926085c0c61681168ee64da581326cba230d6f1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 17:39

Reported

2024-06-17 17:42

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

40s

Max time network

133s

Command Line

com.lch.siyun

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.lch.siyun/app_libs/ymdex.jar N/A N/A
N/A /data/user/0/com.lch.siyun/app_AdServer/AdServer_asset.apk N/A N/A
N/A /data/user/0/com.lch.siyun/app_analytics/analytics_asset.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.lch.siyun

com.lch.siyun:remote

Network

Country Destination Domain Proto
GB 172.217.169.36:443 udp
GB 172.217.169.36:443 tcp
BE 173.194.76.188:5228 tcp
GB 172.217.16.228:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 udp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 sapi.map.baidu.com udp
HK 103.235.46.245:443 sapi.map.baidu.com tcp
US 1.1.1.1:53 oc.umeng.com udp
N/A 233.6.6.6:53 5068.backup.ndktxt.ymapp.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.245:443 sapi.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
US 1.1.1.1:53 dns.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
N/A 10.0.0.172:80 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
GB 216.58.204.67:443 tcp
US 162.159.61.3:443 udp
CN 182.61.62.50:80 dns.map.baidu.com tcp
GB 216.58.204.67:443 udp
GB 172.217.169.36:443 udp
GB 142.250.179.228:443 udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.212.195:443 tcp

Files

/data/user/0/com.lch.siyun/files/ver.dat

MD5 b1d85c60093886a9b345e4ce47be2ef9
SHA1 bd935edd40aab2900a047ebbb1abaa9059a1d925
SHA256 2f28a4f70824c46001a252923298ec2479c83533e8503ca6a2c40be1e4fda8f8
SHA512 dcf89985f9c8ae6517836e705fc34b3f653507db1c52fb6e0dbc3f95cdea14dcf9cad2f32129c42612ad998990977b015203f7b72a61bce422aa6d13f846ad3a

/data/user/0/com.lch.siyun/files/cfg/a/ResPack.rs

MD5 46bff655507d694eb7c912e391b250fb
SHA1 3e650439f2a0b619cc3bf2804912ef88cd13347f
SHA256 b1d20c5fa20a2c2a3d9e3cd5366fecd56fff8e50824572ff6474337eec384616
SHA512 067c0ed67525d237ebabbcf08541ac6f9fb131cea60949e8e08329d6417aac4a14769ef9c928752c276a7a341a3ec7ec61607f6058859e3889dd6ad784bb1676

/data/user/0/com.lch.siyun/files/cfg/h/DVHotcity.cfg

MD5 5977a474d62ad2852c1f4c00c7aefab2
SHA1 6a1782a80202f17b3932ce01dd4ed98a3e326fde
SHA256 cee7eae9be01772846f0e8c52ae6ff65b12409b0d4166272a7636b10cfa0f251
SHA512 2e9354a2fcee5a35cee2c175dfd803f907dbd71784f1f188d4027513428268b06553e8dc7c819d4cc7b88faf9227db346abb07456764797c88637e10fe88da86

/data/user/0/com.lch.siyun/files/cfg/l/DVHotcity.cfg

MD5 1c6abcbbd253448057930ad1cc59ac75
SHA1 a5845d1c4bc87b8b4785b456d76edcb8309eda4e
SHA256 a46b498ba6586aaa2f246bb34e47f4290ac60273cb86ff662475b0def7172136
SHA512 71aba5b2a1020d1925b3844c861cbe595de3b21d665eedb13f1ef0d80477fc091663e0625b09c5f49d4f9d0770970dd0d188b84635e9c75c1bdba9f2a7171631

/data/user/0/com.lch.siyun/files/cfg/h/DVHotMap.cfg

MD5 4a5738275ba2210055579a5cb2b8f245
SHA1 8684e24b58caa38f49e0e3dc58722d542517020f
SHA256 16969d55c6f0e55c63c8e9a0c98011387ea74d1deb141cae8d781ef910a74eef
SHA512 768e58b37fb90f36df11e66494ad15f059bb7e0bbf7e76e17471babd8bf97d07b6c7974628a944e2f564bfb9dbb188a6192a3c03f32547eb48ea67edf2b95488

/data/user/0/com.lch.siyun/files/cfg/l/DVHotMap.cfg

MD5 ca84da517fddbf30bb5c055627ae0258
SHA1 21c39a25a60326b2c9a164cc648ffe7278163404
SHA256 e275781c663e6550e2006b8a121c41ba76571a7ad3fcd7f920685f5273eed76c
SHA512 384a5ab561c5acca40058411cd21e23f7ca96de7101296991e0fe2b124d4d2f137145a8a976391a59c2bff7360bc3285bda8388d893630d5fa8b5fe0801ed9eb

/data/user/0/com.lch.siyun/files/cfg/l/DVDirectory.cfg

MD5 65685a117c72fe8fbf5a92b07073c99e
SHA1 b115b527f74e4c291edcaab19b316a446aca8f5b
SHA256 19bcea79613a5c3bb71dfe6b311241fcbf3534b538f0b147c7e849b58b24b2b8
SHA512 e5821a5212f0790db33ec7274f018b08f499557ff7f2f118021a7905573e8dd66e716fb02144919d96eeec7da9db921c756a88cf0a050f65a9f8de3894dcc253

/data/user/0/com.lch.siyun/files/cfg/l/DVVersion.cfg

MD5 cf2cea7e9b08ffeccdad60248f536765
SHA1 61f97840aaf57a7d1c9ce994a5176ccfcdd7188c
SHA256 b761bcedaf9a60a17270a5e5b5ac7fb2d333d66a7023a105e9c07c50eae55be1
SHA512 c24815df7cd1dba14a84805b4684e43d6d20fbbaadcdaf8e85ac533941ff1331ff78e697c240f401e4e0386495b6f311200c28d112064efeb9785b72edc79009

/data/user/0/com.lch.siyun/files/cfg/h/DVDirectory.cfg

MD5 d61077316b3fd7823c54d3bfedc14bde
SHA1 6b81915754a6373d9ef8b9f61d23375c8e9df42b
SHA256 8b402faaa6b4961fb1a4d6ce3f36bae00d414068d029086a0377928fdf1b6523
SHA512 f9721f7196528d1f35bd8a0f766a262b19c5cc3ff321ce81be031308fc632cb06ba5cb61cdc8989e8d9148d46ef2713ff0026a23eeff401cf276ef9e0801f053

/data/user/0/com.lch.siyun/files/cfg/h/DVVersion.cfg

MD5 3719fe757eee02fac008b1d0344c66dd
SHA1 c4f61c17fced3ff9591e65216ae2058ae0048405
SHA256 5c33c61d8c50a1ae38cb8ac9fa806ac89fe13adacaab73a2212146f2eae44435
SHA512 0c86363224f7f7808722d9907de56374f561d5c418d373b041a8437504a0f41fb5e93e86e390d921ef24ffad920dae56d693eec1258fcfb1f6bfa0aa9f44fb13

/data/user/0/com.lch.siyun/files/cfg/a/mapstyle.sty

MD5 46a9f9a5221dbe4ff71bfcd2ee045c5c
SHA1 915cb3bc2f0096dede38afc1cd7f09c8782360a9
SHA256 ad3067eb308a9420b727b4f24dc5134bc75b36bdda7a7a7c5651090698dd10a9
SHA512 185530752b639d743f99e28369f75626900420dccf598a639065ecb08c562ff98c4a1f6abbec9724d1684ed053774d60402cd2f20e3586a534c8715e7cec2ac2

/data/user/0/com.lch.siyun/files/cfg/a/satellitestyle.sty

MD5 3f1348cd6165c9a66a9892565c917ca1
SHA1 96f0c939438c494cf3fd89246d458e92c0c7203b
SHA256 5fbe3817e4047e14c40b567be4955d7579c8bf7b7824bf8370f5e194ebf9767a
SHA512 405c3d1d5f4899cf723509f8e293f2ca1d95a79f7892e93401309372335a6a286f2eae9ee9312f69af10c5bcabd091cd90608898a129542b0abe0617c500d023

/data/user/0/com.lch.siyun/files/cfg/a/trafficstyle.sty

MD5 6a86f30539dfc9332cd235fc48fcb62c
SHA1 5c202003f6346edb85175b8df7c460793f5512c6
SHA256 34bfd1e28c3625f50a23240c4b08ac50a90fd35c5e5f88aed1cf36fa8fe5e18f
SHA512 f63edb8270e6cd35e5c6896e2b9153144af0d29303e367a4fa81941b1b2bb0de57fa484badb7ec7f05ebdfa67d77b00c3651572c5f05e9314389887f5546d235

/data/user/0/com.lch.siyun/app_libs/ymdex.jar.new

MD5 d72501ccb27bdd962f54cb05f9c87239
SHA1 eb755314cad1fba86ad78e7469615c1429bdcc9e
SHA256 c3eb0bcc40084f8426f719c7afe50cf708f40660639b9312dccd3e7c83020aa6
SHA512 8df224df8063e44b1bb25fa53e514a36a525b7ee1db8487aeb5bd647b49bbc65923f5daa4f49c7679e45a97095371b4cfa4f97e15f2e9ee0d1df5248c59f1526

/data/user/0/com.lch.siyun/app_libs/ymdex.jar

MD5 270f1117a0f71566be6445028d8110e3
SHA1 d143b713f959aa12f40b9ad5ab0f7e8e4564de6a
SHA256 57c396a148eec347510af2f33a24d594ba6a1433624541edaca2cd1324cc0eee
SHA512 ea4553990675e7ecb54438ce918c3eb1a15b72749dac7123c606cddfa2c8a1e079ae3936af89943cc72fecd92458e7b388f6e3d137bc170370aed3f4baaccb80

/data/user/0/com.lch.siyun/app_AdServer/AdServer_asset.apk

MD5 b45923886b05bbd79a8e292e62d329fb
SHA1 744de7ed8e4194e01d51a5040820ace707cfc279
SHA256 9a41999047647e3ad911ac4c70693563407951addc3f06bd412db04a1f418577
SHA512 bb8c7a41efe0128602fd922ded19fe4c0723a183aa5807e15f7416fabbbb64096b986eae8c8bc363542462a24201349bde6dd6401d1d9382658f75fdea24922c

/data/user/0/com.lch.siyun/app_AdServer/AdServer_asset.apk

MD5 e7d2682528b51e8ae1cb1d91a7913c57
SHA1 cc326d43d258599ba87d3d2f8875b457321c9be1
SHA256 359436d5adbd63d39cae14794d286029b2748b9d5374f5dc534a1979e50b25d4
SHA512 ad02c9eb94cef33d5cda815f9ddb14f60045c95d68d3a882754206250eec1232dd0672b0f325508116788129d6fa7a2825c717b6feae80d690b78c9b38818197

/data/user/0/com.lch.siyun/databases/wsUL1uCdKvjD-journal

MD5 5e572d7ba246ba0ea8e66e196612ecc2
SHA1 d93f0ca998a6ac6b77fe6f535dcf51f3695103cd
SHA256 c0c62a46279e7cfd1949b13106ab911c3ad7671f4a6a3ba55a3bdb64654b1546
SHA512 ba8f7acd5fa829adb189d38e0d7099a3a41dad0a6dd9a5c65a7b11a0145a59ad0c290a56668e1c4d11fe9b676da55e703ce2e4f22b95e4587dd0b24ba8ae6609

/data/user/0/com.lch.siyun/databases/f548aadccd8ac704507ad80aa398a12e-journal

MD5 2ebdc7be902b9bf7820e87be066675aa
SHA1 4d891dc99e60f5f1800305abfea7d0131961384a
SHA256 49db17c2ca7105074f460133ac81a566594310e21cc866ef692786c021fcaed8
SHA512 4356b0e6983d64c782adc0eae578bd0b431404db2ec61c083007c75c4eb8b50e78a1bd2e77e0cda88e0798098123540a7c0f8003672a23d7f13d3362ef493254

/data/user/0/com.lch.siyun/databases/wsUL1uCdKvjD

MD5 159dc40900c7ac6c47f61a109b57d99b
SHA1 1747944dcb78d4fb19456a959949a94a33e1ba2d
SHA256 35ef1c0c9f78d821d04c2f855824179c39b1eb8294df27798285d382b7f95905
SHA512 f6f3d3227f24f4a97622892b29a67854b76ed768e47ca33d74875ced624c06b6145f735d95e23bbc9b2c32deb9391c969ba07720d575db003c8cb43783f9a06f

/data/user/0/com.lch.siyun/databases/f548aadccd8ac704507ad80aa398a12e

MD5 b74d7c00e6f002df1d33242fac49cec8
SHA1 c02888a4d5a406ba81f92ad7518a0a69213fc69f
SHA256 f070f1b5adf6c7de0887f2507f1182cad95c8e8871beed1d8263ce7f40f18d82
SHA512 3e8b6b2cd1bf677d3376bfcef8e6345d231071608283870eec4eb731e45890468a5eea74f1b413eb62b26702459cc1464746ebf4061ad9fdf4ad5cc9f44e03d4

/data/user/0/com.lch.siyun/databases/wsUL1uCdKvjD-journal

MD5 d9b8967d6fe491294faa11907d000e7e
SHA1 e2405d7cb3ed0a905d87733a2191278c4811c698
SHA256 46c0a77764822dc2df81fc2271e5f159f0debc1e483e558c0d0eef2dd8265a3f
SHA512 2289e7b5e1362c70314a47288e781974419807a360caff0e9ccd37439fae1611f8496de374366521665c0ecee182d4899572fc9b8fcb92e3a7935b303f25ec6e

/data/user/0/com.lch.siyun/databases/f548aadccd8ac704507ad80aa398a12e-journal

MD5 f29e8670a658a303f311057b2c8093ba
SHA1 2985c4070520e299b6eb606ad00bdcb6a731be59
SHA256 228ab0ba3d9ab1d7b89b6bf0ad1b7059fd5013ec84eaadec2b6aa3c5185aa05a
SHA512 c1f3ed41819d4afec834043c9af142392d785ae4c978cbddf6da0f60ca81b7d227345bdde1544707e3ace72100f88b667ebf493f8b919ea6811a6b00cc7331f4

/data/user/0/com.lch.siyun/databases/wsUL1uCdKvjD-journal

MD5 668e33aec3c20322743e5b714df9068f
SHA1 f6aac7010af0343ef0987e17425173781baefafa
SHA256 da209c4209675d11743b3e180b15d0018b9a44c73949b92a97d32969bbf95cd4
SHA512 791fb9938210fbf912cc5fc2752c3fac5f6a7bbfa10740d5fcaba7fa96c5618f849f40eaea18dd96f267d2088b4998218e2b05b71d1d8aaa15de28b72a84a897

/data/user/0/com.lch.siyun/databases/f548aadccd8ac704507ad80aa398a12e-journal

MD5 edb1c64ec44d90e53fe0aaae6966d2c6
SHA1 a61b3c9fdc77c4cbc7b06a573ff6a67198e886ad
SHA256 290730e5d9b628eb38e97a0bf50785c8e56721cd887ea5623abfe779008258ab
SHA512 fb01e7b260fdde42422cd00b96986cda57227c31637fc16ca2239e3ffedc1d5ccc5799049a6c3654be451d2d385b99342e6e66a84e6153cea2a4ab67abb408b4

/data/user/0/com.lch.siyun/app_analytics/analytics_asset.apk

MD5 d2e90bb505f20fc73baf25805b0273aa
SHA1 240fbbfda194a65761baed6f3546bc4c744a1850
SHA256 77060ad812f5e6e9e896c39bc548f8295238eaa9941e1986e8e024e7d2114309
SHA512 c2ef3f79b6cfb171b0904ff8138238cbf985344d91d6d9ec35472d14233d1b108cc0234259e8286cbb099747cc8d9d2f74c8c7394ab3a6dcfc2cc95e168c8c85

/data/user/0/com.lch.siyun/databases/jqIqJYOT3JpT-journal

MD5 a274cb26ae12164e6abdef0bfb0dbc24
SHA1 ab214137db1714e86aaf50341dbbe62e9fc48130
SHA256 fbfaf309195a42e1ef51ecf47316e144867a6d8a35bfe428664be68a68d95fe2
SHA512 9691caef96adf19d353ac8221b50fbf8f7de00a6cc7e295e53d7ffae5e2af19b94d9c2e771999de0bdee3b76e1545c91e8b3c6085b9b82e86845f6e33395d230

/data/user/0/com.lch.siyun/databases/jqIqJYOT3JpT

MD5 64440e36bc984c0eb1ce98554169ac95
SHA1 01ffbe7b65bb4339df4db2d856b7aa0653c85ab1
SHA256 8f13783eebd0d8fabadff93aa04278357ae952975f818e5356fbf8e108a6666c
SHA512 cb1dfd9ed700c309b7910054b3f4ee6857533888a9226c042e02dc0453b437db4468902c5cfc09e4922c492c60ae5996150ab95e92782fdbfaec272814d0ba00

/data/user/0/com.lch.siyun/app_analytics/asset_lib/libanalytics.so

MD5 cd1cdef06a5e2a33c5c9e7d4a6cb915f
SHA1 8df09fd32c4fa6b821d9dee89a4fcbf7d32b9b02
SHA256 929c2b04d1495dd1a8b8b72552daedb5d8c385526fac224f5e3c466f748467bf
SHA512 8518002482356e5caad64d33f74172f13fdf3150a05d3dd20662bac8e3ff3e95986a5a7331fc60753d6db8eb5aa3e0779127946505d1fbd03e197359203f88f1

/data/user/0/com.lch.siyun/databases/jqIqJYOT3JpT-journal

MD5 48434ab98ce1b06a971491cc7af06c99
SHA1 da52d2ea37ca63e4459ac99742cacdb11a1fcaa7
SHA256 f81958557146a4099ea3ca484b9d1ce6d367d28ec148d5ef5a6df21e045627cb
SHA512 94a33494824ae351d2075f8f628ba3a10c9dd20cbc2ade2e14a3e8f6573f3f686e5035aaab928eeec6d847ab2653aad18039659629780904ecd1d12853ba6f3a

/data/user/0/com.lch.siyun/databases/jqIqJYOT3JpT-journal

MD5 29f08bf74d85653f3bf83010cc77cc38
SHA1 9326b52c17b57f29522a4b9a31bdb95f87b8fdfa
SHA256 8976253af214fccff267606a366370ccf8535fe9f0aea1b4e721c22c8f0e305e
SHA512 2aafd5f30f6a1008ea3b5e55bf4f4745f51453456da3236b790772cfca831b93e87752cc4cd8b5be3a79c05271196b0c031032ca780bb02a1f05126bb609409f

/data/user/0/com.lch.siyun/files/umeng_it.cache

MD5 c1dccdca487c94bfe447b967bc8b8400
SHA1 7b6bde6c843ceaf0d3adf640dc1f5b95048371de
SHA256 65cd6e05d8c49a67b1f38a5e2e6f4cebccbefaa8dea143fb24899656cd9a5894
SHA512 f5c6a41cae42e246df05ba3c91b0a6e57fc0093aa684e832355f0b143e0241d3e81439046a87f7001406aa2de22937cd890e0daa43122c45779844b073085bd8

/data/user/0/com.lch.siyun/databases/T1oX0rhhuXWt-journal

MD5 586c986e6482beeacb48d8f7b8656b1c
SHA1 ddaae3f0821aaf24341c34091fb50993612280b4
SHA256 af5f62532aae06c0d548bc268aaf75c6f8c994aacc7992244fdb30081a5ee2e7
SHA512 397760cb30e6ce65f1c559f10248ec62237310dbff3fb91c79da0e51d7a8af25a4e61b854a84a1f7a406437e3f66ce24c0f8dd62e46dfc537542ac84fdfd41e4

/data/user/0/com.lch.siyun/databases/T1oX0rhhuXWt

MD5 f3836d7571deef28be7d560c5e1a3743
SHA1 cf36da92e2bea87e1e2eb67972d062832be0e280
SHA256 7bec694dfb4f71dad5f185e62f70adf498d3248fac766499ad5454d5aa733390
SHA512 72fb650899e16f18bc777c06db7c0cd4ba93f6e8ee623a9e81a58bc9b6081011883049a7134a6cc17d8970144328b4e2047bf032786353993eace583d7f5c368

/data/user/0/com.lch.siyun/databases/T1oX0rhhuXWt-journal

MD5 f100703bd864b93bfa41e36b53997c75
SHA1 34be2c150c1fcb5751211db90d77d1c09e3568b6
SHA256 fc668a7e7142dee2c85846c7646fa20ee6dc989826d004ea39e74e03603d3042
SHA512 409a35988561a0e7ff4968d71d500d4c48a56532631d6f626a11aa9d4d18ba38a53db323567ea7ca1b9e18bce73f9ec741042ca538413cdb2fe310ad804c62db

/data/user/0/com.lch.siyun/databases/T1oX0rhhuXWt-journal

MD5 0a41b119a4d361c75bbd271c11629772
SHA1 5765d585eb323d0e3e25f6ebb8b14cab532a33b0
SHA256 e2229587fa64af48981a2365b00b34e8efdcf5c2ff0f7373df19ea439e2e035e
SHA512 60f7b70ee108ced355722974f2b8e06097fa34e2b6d80758904f519dc83712f1e17d72d9a440c2497389177c877cc3986799f19ffd5b580186bf13b38cc5d3c2

/data/user/0/com.lch.siyun/databases/P15pKIjsm64m-journal

MD5 a11d7108d1e449418aeb879690c01173
SHA1 e8c0e1a957962cf0952f736b93f7a94772efa077
SHA256 d5a8b96b9edbe86b4a265e3d08a70c3ea894c4df4ef4bcc3e3c732396b102e5f
SHA512 66d5695f7c4b7feaa6cd2c868b0fe799a1ba499fb1c7665393ce1b372545118065500cd5cd58a60b8d620d1a11b6aaf2aa81798221ea75f1b49783eadcd35596

/data/user/0/com.lch.siyun/databases/P15pKIjsm64m

MD5 40f50263e53d3fadf106b941aee1177b
SHA1 7406c97e978057e87a97b243392d9588b1846d6c
SHA256 26157cb9c84f09e685d3513bb4acc19fcf658dc7205463abb71e27f89211885a
SHA512 e87e2a11f367ae5f4a5c8d9f521f19b3e2a36392fae05c76392271ce9bc53c90dcfc181970113a7fa47e68e5c920ff94be37404fd935c4fb653b823a2a0505e1

/storage/emulated/0/baidu/tempdata/ls.db

MD5 f8df032b186b8daec21b955238836997
SHA1 6670b787d78d0391ca067ee9d89c1fc99ab248b8
SHA256 0eb2691193d5b1af9ae73ce1110ea204d7895f5a39d8d5155f6de13dd3d1d283
SHA512 97472fd05b640d30f6e8d2a722e57a1d670e77391506c54b8e55ddb6109a21acee6a74af8c5098467317fd9292460e54ddfcdcf46e44684ebe7798f7890bbfe8

/data/user/0/com.lch.siyun/app_analytics/analytics_asset.apk

MD5 6d363f8778efe0e54f37ccce23d16fbc
SHA1 11d186169520c633d09a1a775747ed0fe5181c55
SHA256 b1b9b928f020d1ecd232211f2733dd1fc640f5101db35794ef43dca96766aa55
SHA512 e375c9d975e4c44d7424c43f7c01cdb5db474a71c4658ca1a021a5cd3265a8e5027f671f3d04ddee962a34f65ae4eeba5c45c36c286a8016277993a1d6931cb9

/data/user/0/com.lch.siyun/databases/P15pKIjsm64m-journal

MD5 c791b98f7dade2f61fb692f65839f31e
SHA1 9fb0a67d7f2a78dc94bb6803b3fa8cef9a9d2b42
SHA256 3f15ca92968611a76b5c6ae359fa55ef30989ab1d329e5feb2d81f16a8ed1e09
SHA512 c331950ee8e16779123b1f577769f1b9dc81d86b577907e65981cc4e048949aad8515eb7f76845b796d8f0aabe1cde5d24f59b7c3ffa88e04567f22ad2b61b86

/data/user/0/com.lch.siyun/databases/P15pKIjsm64m-journal

MD5 790ae95e61b2b50f67ab21df193f8ad7
SHA1 323899a6ecaa1cd55263d474ed2693c898f842f4
SHA256 218931bec72a59e6680e9d35e9806f79db8fa19f0fb8d0cc459f96ab05c8d368
SHA512 ba904af28c0f1e14edf504dd3dffbcb66b21be082f74671c09bdc09cf9e3d3b921582f410b0201c3b35d808a90f7cfbbf0cc72f543130a7157ebb5cc56512a0a

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 5ac6580fcc6aea89a613a24e59aff1e3
SHA1 a57820b5f891aa8ab90343ec9ecd3c60ab58a066
SHA256 c77ea5d64e74a0c364dfc51f333bb6acf5bdf7e1fe5988ec1af6050265ad5c7e
SHA512 7e224a45c3a8bae25397280605261133d50a2583225d0b3c2269d39aba4f1e31d7c75d3c68bff851cf901a1515fa227e19d868b8dc5a3582bc4aaf8abd745793

/data/user/0/com.lch.siyun/databases/XKwVoK0huy3R-journal

MD5 288077ea6b4a280ff556868ea20a0b25
SHA1 ddf7ecf8629971ccf19304a73c24b098eeb8b0cc
SHA256 6f1b9b9eb1d8ff81995032180a0adfab823ba8b0f087ed5162ecf18d48ce3a62
SHA512 64b082eb3a8222d4d0ef575b10ce9fd6bde8428330706033c633b5da11094863aa98b8ffe8af5dff69ea7b29cbe872af98ce9d33f95f6d0491c24ee0c9152d0e

/data/user/0/com.lch.siyun/databases/XKwVoK0huy3R

MD5 edb655088d1ed9f33f9d0d499b7a3ef5
SHA1 565c4f4e43179dbfc285cd6331dc8ac75a901af8
SHA256 bb9e45aad35b43e895393e7a66e4ead6a5f728f90b7627e3c741d391bf65d4f9
SHA512 98cbf923880de82921c38973fbc6d711dc39884428d1eb4ead33658a5a7f163734e5121823d5b043ca44554d19c5b6f966674ac7291513944a94cec97d5be599

/data/user/0/com.lch.siyun/databases/XKwVoK0huy3R-journal

MD5 819e7a0c0b88d7f9745eb2f452666300
SHA1 a8b57f346f84e6b67aa572973fa4bda0f3af16f6
SHA256 318020a0548589ad40da6152b300b5cbce504c861a523106ee6ed196403e72be
SHA512 562560ecc7aa2334353e18e01c74a1d2a948b11eb0cc5edcf1ed699ab3d22a4822e74ac4981d470301b6879334fd80c728a957084e49d7b928346b2df3f72a1d

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 7cf6e6a5de9e5c567f4008a949956f30
SHA1 0309b094750902759b7dbb5b2cede547fa3fc59e
SHA256 c999b6e8e313522c830fd04c1900349862c16356ef50bb6cd9f82e0df0e42f1b
SHA512 b59ef2e3e8c14d56ecac825d3217bd485cc90306ea0751dc060dda9fa847f13cd68a03ec72eab2a0c30120c99b23ea2c632b6e128c329f15b50a69dc8e2e7912

/data/user/0/com.lch.siyun/databases/XKwVoK0huy3R-journal

MD5 83e89147afaad562fa5725a50d808e80
SHA1 94cd33e53270a3200f885109e74a46d43c47e4e8
SHA256 56d5df832032d7f6c4500a1a596e44d3e95bd169e0781808d6f58c82455f32bc
SHA512 7420a55df049f362edc98a07740595f510b192040eba4fcac5fd6828bd2082fc0ed2a5001b06e0873e0cae85b2914b8021a13b949646b6d48327151aaff72249

/data/user/0/com.lch.siyun/files/mobclick_agent_cached_com.lch.siyun33

MD5 3ec4a768b58ab0e24b88d5f67e23e44a
SHA1 f2a903e6213165f4c80a49c58513732baf0c92db
SHA256 40aeec94260fd2a6d07c2e62490536b576b09fe8e4014d4518b1ce759163ece7
SHA512 ad3525b774a03c26e97fc03cf41241b5cf012ad0b9b9bfb956c9f250e129d11cb2c7acc046e68b9f6ed154a801c1745df2513fbccb27dbfe8979054ebfd24d06

/data/user/0/com.lch.siyun/files/ofld/ofl_location.db-journal

MD5 b93cd57f2fea4fd915cce9334ecfb510
SHA1 b747412efed253318ab829c9f189589fdc63cb72
SHA256 9fbfb70c9db4d1d2ff04e91dd1c68fe0da8b1cf60a73ea7478f365bf8109f641
SHA512 38f304e7ab2064ba679eb0d218357e010ace2317ddd76a8c8500be3a37817b484ed6aa6a3dc538c68d2d0448a60e3cf7632a6e1b2cf976ed65b01b6c43f8c3b5

/data/user/0/com.lch.siyun/files/ofld/ofl_location.db-journal

MD5 9e9acb1fb89b7e1e7d73c3312273c195
SHA1 5863be8b04ed0acf0af521e25df21e462a2277c3
SHA256 fff8ef8820a3303d3af2f18d789045b27ec2a25d3010f69b61aec65770aa6b57
SHA512 4896ea63b80054473b05ca39c44e4132cee9058d43e58fda79305e10bc3d008ea5411c4b145762663c1dd960fd34bd2914d8cd9e64c4161f17a558c13560db46

/data/user/0/com.lch.siyun/files/ofld/ofl_location.db-journal

MD5 ff77455ee83d50fa5ba79ed508750224
SHA1 b68ed9c92f8c6dec37c35ba9f04d634d8e68e7ba
SHA256 71fd0c9426e370a9f381f480af8d5f446e25f6513737d08806717b07cc281856
SHA512 68f8e14515e0416315ab351fa8fc25d8c6531a3d76e7840fc7d7cd1accab8996683f6f4a4bc200ecb693027788d08dc850c1c0b1b3f10dce95f6e04b98a1e96b

/data/user/0/com.lch.siyun/files/ofld/ofl_statistics.db-journal

MD5 df8d57c41aeb46763d82ae4f125e9842
SHA1 a88d335ff9f84593d23c118456ecfc07a091db08
SHA256 eaf16824f608b292e9fd2a13b20a072668d32f222a75424af8bc0ed343565455
SHA512 518f119bd11f36e6156b872a07de8f93b33533c9a0ffd334940d7192e9d08236be81c631ff749a2853bb8d4e89082627198f218d8cc8664c3caf08afff57f844

/data/user/0/com.lch.siyun/files/ofld/ofl_statistics.db-journal

MD5 afa1f7c08566a8abb4379956378ee1a7
SHA1 ae1adfbb611cc7396727e95db48f60e06520616a
SHA256 9eed9ce506fdffa98b9bda81e0178fca07f44e47b6f707a302832c7e2f4fb882
SHA512 cb1de979a9b46443489377078c0b8d05537112a50e7e8530ba4491b69df8e1cf023144e51e3f3f53531e8f708f63e91a5b73cb7e5f033675282a041205db75d6

/data/user/0/com.lch.siyun/files/ofld/ofl_statistics.db-journal

MD5 bb82dcb349f85f18abc7ab606705e818
SHA1 a6fce7dc7aaa6a18c66925fa60960281f4e21432
SHA256 5042ed4ab339b4c414f0e1134572cae2f215e5691c54d385461d85c94718e49c
SHA512 ee82b2bde0c9fcf71954307a18a79448e4e6bd5f6bfc233ff666fe03ef569e5cf899f680238e84756af99c5106143669bba62fb3d630c908c22f3e5e2f48338b

/data/user/0/com.lch.siyun/files/ofld/ofl_statistics.db-journal

MD5 46e6e4d042f11811f10802334cea3401
SHA1 8441cf877f66e89b31dad032fcaded503372c08a
SHA256 6d3f9f7699a0345288b5201be4edd6ab61f3e3a09042bd936bd742019578c726
SHA512 3472ef0bbd1c3b2d4284c86ea8a7e150cfccdb581622687c7e4dfa8ca75664055d32a6e895f01a5f134d5eac918608a9f116ecdccc81eb43acc144f2d951a5ca

/data/user/0/com.lch.siyun/files/ofld/ofl.config

MD5 3d364884fa85ebd7e471dbb17a1a8c9f
SHA1 56fb708fe8b469cb33ebec01a89f42f33da5d7c2
SHA256 6e9404c369fd559438e4eac4b51674cd84834fd2746fa7c09f10ec2be1b4b370
SHA512 e774e5dba97bddf6e67f229f6c298a9dd0412e6945c36b3da149a5675b122ec47c34f6198cec3eafb2637a283beefd6e1b33e38854658235f20a3e949646f0aa

/data/user/0/com.lch.siyun/files/lldt/firll.dat

MD5 e1156ccc4f6f1e27f08cb0b48a67a7d1
SHA1 0f32e0b9c82093d4a814b551c51343e7b796a354
SHA256 2faf9676f79a390be1786606fe4157edd7e22ca57c9c1639668d78120e1f5682
SHA512 6bc4669a52cd5bb2327317a44563db46f5283c09d799acac424201e0d1e5f214560c321ea88f04a7ed5e57b29243d916f14744ce8c48e2f2b8fc4fb93f0e95e1

/storage/emulated/0/Android/data/com.lch.siyun/files/baidu/tempdata/llg.dat

MD5 96e1615293a15f2b84930ba0db83f847
SHA1 abb6b3c931e4d98aa2af765f333202df0c5f7d1d
SHA256 3185fc6eba7f1e9c0aec3c48ec734432126507a9ac2d99e161f4db3dfe00879f
SHA512 f81a765cd5d32827dffd539b08a8d0c4e0fdbe8cb4fd8e262f2f5374f0051d3dd78fa70a5552d62bc6a91e876ad1f3a7d71990d6c4a38e23ab332b0d1ebc0889

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-17 17:39

Reported

2024-06-17 17:39

Platform

android-x86-arm-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-17 17:39

Reported

2024-06-17 17:42

Platform

android-x86-arm-20240611.1-en

Max time network

157s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp

Files

N/A