Malware Analysis Report

2025-01-19 04:55

Sample ID 240617-xesczszcpc
Target b977d441304766d20c92f0fd38d03c26_JaffaCakes118
SHA256 45be476f498df09d9070bf51ee2852ac3e807c6cfd7b54b680614e7a13f1af89
Tags
collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

45be476f498df09d9070bf51ee2852ac3e807c6cfd7b54b680614e7a13f1af89

Threat Level: Shows suspicious behavior

The file b977d441304766d20c92f0fd38d03c26_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery evasion impact persistence

Requests cell location

Requests cell location

Loads dropped Dex/Jar

Queries information about the current nearby Wi-Fi networks

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Reads information about phone network operator.

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 18:46

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-17 18:46

Reported

2024-06-17 18:46

Platform

android-x86-arm-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-17 18:46

Reported

2024-06-17 18:46

Platform

android-x64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-17 18:46

Reported

2024-06-17 18:46

Platform

android-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 18:46

Reported

2024-06-17 18:49

Platform

android-x86-arm-20240611.1-en

Max time kernel

134s

Max time network

175s

Command Line

com.yundu.YaLiMaino1449oApp

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.yundu.YaLiMaino1449oApp

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&

com.yundu.YaLiMaino1449oApp:bdservice_v1

com.yundu.YaLiMaino1449oApp:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 a176b6.xinpear.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
CN 121.201.11.121:80 a176b6.xinpear.com tcp
CN 121.201.11.121:80 a176b6.xinpear.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 dns.map.baidu.com udp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
N/A 10.0.0.172:80 tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:80 api.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
GB 142.250.187.194:443 tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 a176b6.xinpear.com udp
CN 121.201.11.121:80 a176b6.xinpear.com tcp

Files

/data/data/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar

MD5 e70723b8f6c4c7c09a6019733022cf53
SHA1 e3ca32166c65e4dc73c21347ab22d54a7b5a9a83
SHA256 32d35cd80b0302e3fcdd7349b4ff9a7b689ce080435109607ff79a834ff710d5
SHA512 461c0499193c5ef5aa4e2e5d358031e7d28c98c8e1e38d22b710271bf3b561c28232bfaadbc2c275357e31b7b0ad6bca798008328ac3cff3701c1c9cca2ddddd

/data/data/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.key

MD5 1ea8459a688352c3573a8e80727c2644
SHA1 9b47864e96eed98798a6da2b8860c8f8a68f089e
SHA256 be2c0f9e472138a78d35f29013fc43dfeae991806dfebbc5be5c8dc86b8a1093
SHA512 99a26c03e760fdac91546a47e18e58851996b7e38e93812a6be23f1eee64370323ac492c4c224bd419d91566356fcb8eca3989ff4f2ce41db3d16301fa9dd75f

/data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar

MD5 bdfa71feb08b80b649fddcd7488b03b4
SHA1 bcacf11199fd2c353034a7271b5dbfe2dd4cbddb
SHA256 f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d
SHA512 37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

/data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar

MD5 5597a541eabd3fb792c581587550dc4a
SHA1 6500b0ff20c75717e1cb67dcee76b4641a4e8a35
SHA256 473b02216f8d2b5ffb26571e51ff322e3ce04ba45418408452bea103576ee8e2
SHA512 39b4acd82f67f11140cd1b0b4291e656a4a46ba63064509977f3f1de24a931dce83964f031e16ccab95cf0540ac5f613ca87d7665ce99f1c1ee4a0778e2c19e2

/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db-journal

MD5 9ec82a4ca15f5ad07cff28b2807b60ce
SHA1 a6e8911a586945065077a4db85e14e25c784c4b7
SHA256 18cbaa314db8727e36dc4d0d120c5291edce750363a451df27df62b8405116b6
SHA512 7f27b482e096a729e02d3c42c52aac13b373f99eb8f5bd7f2772bc2365d50efa24fee946b2492676cc120324d32bc2774c85dbd183d95f60ccc767cf67e0361b

/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db

MD5 f26c53cb972680bd57103488e067696e
SHA1 6c2b35331bdbd46782b33bdc2cd83bc5a4e94c0b
SHA256 906ca0ee78406d8e2ed9eeae5e6b78e445cf443be8c3a8fa9f9f5ac2406615ca
SHA512 9bed4903db2253ea518f187b8d1a7cfa4448918b8397d7173f916dc68dd9a896c3c87a0682c1468ed5889adce76420965a4128e79bcbb478f31a4d60879d2f23

/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db-shm

MD5 86324c186feb2dcf9ceceba915b65cbd
SHA1 9894bae1354ac9c13c19ae88c06e0d006eb9d235
SHA256 df7d86c5a7d06572b9c4481a1680174233751ffb480d10746086e73f11ec1b90
SHA512 7777f57eed14fccf4e08aac9c85d6d99449b28cd6759fb91cadc2f1db8a6abba4ab807d8baac58206d583c50871d93faa23d9c75e38e6b806bfd2684019501c9

/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db-wal

MD5 ac7ef5946af863ded02566027f9377b5
SHA1 fe8dcae6f052f7e062c587a22c194313c60ddc46
SHA256 d8c9920f39fde6ee1933e8b82f8e8b0e556e4729f2caa8039d5de8dbae2a1b6e
SHA512 4ad43e5a8f753eb74cc6a930fee13007bf89ff7211a70fc932dada59a282a76d87c804a24d0892ba8cad34f16c005819957d834643568e7c6a5b46b2285f615c

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 06d4e3a96abff9fa6e0d3e7ed1b5efb8
SHA1 3392ba490bb1b9e8eb10cb97b07ff07ccf29c5ec
SHA256 0c37ac9ca4f65956adc21a86d37a6876b26cc26e34eb929387ffb4199dc086e5
SHA512 f8cfe5e9cbaeffcdfd3f4f5cddea7686d6ca0df54af451dcc8c915380bc1ba90026a8808cb09edfade642250eaa5ae758afaf9a6f5d9e6f511bd75ce0aa35986

/storage/emulated/0/baidu/tempdata/ls.db

MD5 0d3e99204c6401ea499fe9e6d9855497
SHA1 09829f00ca458eab7374d5079393a2cd69a2348a
SHA256 63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca
SHA512 8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

/storage/emulated/0/baidu/tempdata/ls.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/storage/emulated/0/baidu/tempdata/ls.db-wal

MD5 d5535ca9977ab033010c48375deb19ca
SHA1 8e1afa492d84b12dcfc7df13f7205361fb390a1b
SHA256 6883d67e7d175882d59c0059a05ad5c748394ef5a0659e576c24d58b85ba5ec9
SHA512 fc4c473f351b270333257d3079ab0400fec027f8afe295f9daf4cb2c759b795a752be5f3a8cd325a43c191faf2a53a8c2184cbaa44b165127e0a9678a224122d

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_location.db-shm

MD5 e374a6d8b783e872598644bb5f12d167
SHA1 53aa66aac59dde6744cacc83babce3179df2ac88
SHA256 56d813a597993d37d3ec6fe346293274110307914e49625dd8cd21295b0098f8
SHA512 93e0a27b9cdf1ac30c8a1c8b23ce5b73aa7f3ad4404c2660c0460c2ec50079138fe1e8662b84bd9af872d18fb5ed50292d8e0fb795eb0a7b4744c27ea1fe7fbb

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-journal

MD5 15408cb28eb0bcd1a5dd49fc9c3c932c
SHA1 b5b0106741b6a5f359e39ae7d96b21b0fd44a895
SHA256 2e91186b6e9939d5bc67c2e3096334754f81be29681650e7f35ada4fa7338aea
SHA512 a3b9d7599cf02766bd859dd297a921a4206eb129e21dc6622f0c05dfcaa4034b999196250a184caa7ed426e2ffc94a9153108f7bba52c7803f4f2b4ba981f319

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-wal

MD5 cc4510e5a5c04b0b4dd71451613d1404
SHA1 1116681fa9acc1cbf217b4b11535d6f5c11bfa6f
SHA256 aeab619e14b48b6dbe9d0446e85363312ab0862b8ccb6e6950dfb63ce0622722
SHA512 0973af796d38e0272ec52d31b727572c7312d07418cfce5ce4d37bea55dd38f1a330213d1222984d333599ef23c5ba0f1d24ab7cb6ecf3790c9a63aafdf4b67f

/data/data/com.yundu.YaLiMaino1449oApp/files/lldt/firll.dat

MD5 f4040d80844404ac192743603454bb1d
SHA1 3dacb32d20123f53dc0b13a39e4e2c0d5b1263c6
SHA256 a15415a0171f418c85b973872679f9e12c2eebfcc959a0f2a7a6abc5210056ca
SHA512 7d8cbae2b181e3dfcf8802ee09b4bd4aa6b9ea15b583bb6bfd8603121487d29d0cccd2192bdaebcbeb683adfa697468114ec78bd4b8fc631c54d913952a04600

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 ad56fb59eb120484a127b3280ecd06bd
SHA1 4c290f131ef47a4d28fc6890c88266f164f55188
SHA256 b25c51464dd0439aa03e4323403bdad4705b82892ca112f162ce1e7a302a9e68
SHA512 e10fc22dfb9b4e573b7f045129812452b2aa5ac7b16faf94eb3cc6141caf1f6cf8d7f34a7b56f62cee70c1b661ba11a84a3dbaed94a122fc0a02245f9201d306

/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/llg.dat

MD5 161557b06b4a4d3ce095528dea370eb7
SHA1 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256 f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA512 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/llg.dat

MD5 8199b75e895e303d5276523669a28612
SHA1 c81379b9b219b7f6b79e69dc034490257f64bad7
SHA256 e344f05d0d84f05977741932c1ff531b2f0cd2d6d93040ffdcb10c1c2547f17a
SHA512 abfe78635e911a63ceb5467bfe4d7401cf592f9823a676928805758961698fa1cd9941a696d9bd33d6c4f18e214ad4c4da21d224886b7053b7953abd9440d887

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 c8d5c70bd501d119fcdc0c487bd3522f
SHA1 9344f70c5f73c95562af5eb367a3c9817fd9c7a4
SHA256 3ae3428895b3eb5332dcd96856fd333c54ff3f3727bf64bf0a26cc103fb55b53
SHA512 a16672c8b2f1ba1ee28edc2f2a6e32af11fbde0679b02f6621a307750fb49b7f37f2227f863daee50953ad378ce0850457499c3c97ada20f8beb07047c34f6b7

/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/yoh.dat

MD5 a936690571e9104e1922dda4a0ba5bd1
SHA1 65f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256 f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA512 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/yoh.dat

MD5 1681ffc6e046c7af98c9e6c232a3fe0a
SHA1 d3399b7262fb56cb9ed053d68db9291c410839c4
SHA256 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA512 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 18:46

Reported

2024-06-17 18:49

Platform

android-x64-20240611.1-en

Max time kernel

136s

Max time network

188s

Command Line

com.yundu.YaLiMaino1449oApp

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.yundu.YaLiMaino1449oApp

com.yundu.YaLiMaino1449oApp:bdservice_v1

com.yundu.YaLiMaino1449oApp:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 a176b6.xinpear.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 121.201.11.121:80 a176b6.xinpear.com tcp
CN 121.201.11.121:80 a176b6.xinpear.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 dns.map.baidu.com udp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 35.181.105.100:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
N/A 10.0.0.172:80 tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:80 api.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 216.58.213.14:443 tcp
US 1.1.1.1:53 a176b6.xinpear.com udp
CN 121.201.11.121:80 a176b6.xinpear.com tcp

Files

/data/data/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar

MD5 e70723b8f6c4c7c09a6019733022cf53
SHA1 e3ca32166c65e4dc73c21347ab22d54a7b5a9a83
SHA256 32d35cd80b0302e3fcdd7349b4ff9a7b689ce080435109607ff79a834ff710d5
SHA512 461c0499193c5ef5aa4e2e5d358031e7d28c98c8e1e38d22b710271bf3b561c28232bfaadbc2c275357e31b7b0ad6bca798008328ac3cff3701c1c9cca2ddddd

/data/data/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.key

MD5 77bfa04a368af0ed7c6459578920a8db
SHA1 950430053cffcb49345941a744070ec19fa7d4d8
SHA256 686bcdab766f2f29ae251c4c22a2ba447e5d619e9ed6c6ee110b0429ff308fb2
SHA512 1252fd499d4e1eca79d2fbcacd7c7cf4efc9405d4be086713ac785a1695d268ebb644e48da9f8d59cd73885dca9a36356577c7a7cdf07a87562cb286a7314e7d

/data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar

MD5 bdfa71feb08b80b649fddcd7488b03b4
SHA1 bcacf11199fd2c353034a7271b5dbfe2dd4cbddb
SHA256 f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d
SHA512 37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db-journal

MD5 dc5875706cd53c74f22c04ede8015e44
SHA1 a5f8a3b419f153883d9f2f19e58a4d5523f52055
SHA256 20089da5bb745793d8617eddd25b71e943594fd84ea2eea9178e94d8d5f9786c
SHA512 0223258e147f21d4ceebde326feb311cbb516697f7de1decebf6463faf354e4a062f9b8f0b3cc39fbd8448fcb7353388728302002fd322f3d67bc80a6dd765fa

/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db

MD5 16f6e03c6b1a1a4e4305ef7c73eccc48
SHA1 83a3be2035e97db368c980b34f458b362cc70037
SHA256 a7ba5c5bde254612fc3e85dac706ce0d1a07f8439c890ae36515c5398a736cfe
SHA512 76fa309a18d53725d991914022622cb77b48649db8f22fc8e92a4d0305b56739da772e24c09377e7b840bc15e26fdbf0f47f5b0e47e929cb52a845fbd1a86e77

/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db-journal

MD5 a868a86985939dfea45164959aea012a
SHA1 0d08af31d800e698fc123442d64ab4edff837a43
SHA256 81638fd9eeaafa43d276464d19c7958f73b3a691e8380240f4ac5bc95611d8e8
SHA512 13fb985e673dfce592fb6401e054096ec964c6711f5cc7b47836f27a87eb2b4d8f148e5c075462f172a839edea9652496bafd336b7766e1e518bacb1a25a510b

/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db-journal

MD5 db7a5b9c6dec606bb978cea18943a31f
SHA1 a8d21c90e012b56a8f2ee3487a0e340ce0cb810c
SHA256 7bd2197d212dfed1c4f3a1f6fad7cdf0bb3a3b01287ef2426c037c9645282d57
SHA512 4913f3415a2c47c39f3509f20043028a9a9d4d52a95d93bc3e034efa4bd3a0ef5aed69950202b87cdfb8bfcad6ad433f467ef517eaa1d2115cc35ddf75129b58

/storage/emulated/0/baidu/tempdata/ls.db

MD5 2cd47ada17ad7a4e3d5e2717cb2762c6
SHA1 7cb844672cec4a3bce75c8cf81e80e8ad7cc49e5
SHA256 5f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279
SHA512 c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_location.db-journal

MD5 799a03c18ab059fe12034531a861cd15
SHA1 d8e1caddaab916cd81de2053e1df1da2aff144d3
SHA256 c999a44218afe84a4e9e841f709e52954391691f5d1d01e557097006f68d4c73
SHA512 af874df27a78381b86cbaa8a5868723a2a7a66b33270e17395d4b04315e2e6e21be23c2a1cfa6cf8f2eccfcce54aa166c7b8bf106a2c6dffe7b666976ed2e716

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_location.db

MD5 49eefa442e55be8652c7c3c5f28d912e
SHA1 941ef7e65d47d38dd5f47084663f4fd7f57fbbc9
SHA256 63d7b59dcdc791b5d1380a1d06b9e199f6136965dc21a887efdd0cfac9d0a1b7
SHA512 b6c9d8a985a865c43348e34d94f149e4b552359d9afc7f5db660535ea107fbbdcedee542b9bfa018f1881c6c021b1e9bd331debe9562dcdffe2f8b3655d2d3c7

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_location.db-journal

MD5 b610249c50d6bcf6b125f1359b28378e
SHA1 1e29f21942a4845afa64f686b1c30fd107b58ef8
SHA256 b6c7f4adc1929659e51b7251dd04e354cc2292871f290f2f20943596af03f4b8
SHA512 b161519fdf01a99c3bd2aecccc25717b937182647205ad4d329b7b9baeabd36fcea1d61677c26954a16588999725055476c8d06cc26724cf1c3ed11bbe822929

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_location.db-journal

MD5 f01b9e29a58c71fb364b90adb8a5d0c3
SHA1 074bf314e03954f50f2c9dd432ca9dc952c12be4
SHA256 8fc1152cf1fb14a21b72b5f94fad4b193e72aa9f89e70c888aa0305856ca60f2
SHA512 a6af4e9139cf1f0f5107120be530295c0cefd5cb865bdfd48185bb0d40a18d7e0d5c8b60b2e93dc9ebbbbeb829d404eb10678797d648bcb87e0ad5dc3be71785

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_location.db-journal

MD5 bcb8d92139d7f874d9a11eb1cb7315a2
SHA1 17bb8497f51c861761abf5c1daba8c868799699f
SHA256 d16b939fd1a59c768cf93e797d6254d34eb01588c870d445a84a4ed187ca0ba1
SHA512 4bb810417d097a2db423ffcb5a3332e62d33d1a80c277d90ee9eb6f4759ba7d8e912413023665f7df4ee8c167bd562bbca7a3b75e14ae11e326b854e30d15f86

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-journal

MD5 1c2afa8ac8d682e3ded0256c98f2b710
SHA1 c1402af4f3de673b0e44500cadbde5edd5822790
SHA256 cce20105efca480a1956198c7f064013a3989373aedd39ee06bf03767d5c7e0a
SHA512 fda4c41a1ecc46ba890949ebe2a1b8ae95cfdf5fd774a3404647ff9e8c4ebb77848e91fdfd50d5deebe256951be26c4cb9960f8ca8e6da4ff2ab2d18bd3b7ecb

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db

MD5 744ba4d6f58e22f8f82d56a50e4b5373
SHA1 535e389f9b7f2e0d14e550fdd00011dfc255e0b6
SHA256 8b47d5b310d68b6911dbcfd7ecda4d7131351f66365f81db82f2979ae2f53592
SHA512 e888ccb7fc6722eaf8fb6bb8370c55f9eaab299be08db7c57038efaf945569b62b7b6b2dde5169044c5d60a4a9a9051ee7a7c2146153aa7d22d8b7c8f3310055

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-journal

MD5 82436a7f2047ef76c82448357cccced4
SHA1 8d27771de1bbc741946ae4740f753e1edd7948b4
SHA256 d3c3ca04509fed36cac5f1e62242cf30352fe3173f30af863d3d3c2e78b0a6aa
SHA512 c9e7731633fc7ee27836ab245829be90ced8a94622c1fd67567822f8b21984df7cf2d7244d2ff27e611e4cac25a3fd9cf2cb5ae7c954fa01960c65184a8dad26

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-journal

MD5 ccec4129b7a3d3f62b6488750f120c61
SHA1 823404738fa48354cad3aaa0dceb8f4b0c579db7
SHA256 746a0667df4b549b408d941829e4d4c0961882b8fde83f5861fd929846f9ee86
SHA512 8a1c73dbe095be00a3df1654cd82ae07ebdd0ecdd95013fe0478c93c778299fc3173ba738a58f4e1140b58317cdbb597fe010ccefa5db036725ac62dce17cd66

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-journal

MD5 cbea407a28c58a63e36cb09c7ed31788
SHA1 c1907bf0f8f207387f8c4c48498f18c719cc3ed5
SHA256 5d73888292216e9e0175e4a0a1fe7cd8f338ee71cce7c5b53cb8b75a59933a7c
SHA512 e1295e09ff39bf568bcb43209b2d67f7f6f7178726897954a2ee557a2eda14b27bd510266b1717e9e0e47d8d419b537dfeb999db7a62a25f12f3f6b38e750bfd

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-journal

MD5 ccef0e8130ff1b6bb707b888a4b3c716
SHA1 e9329ce42571b4134d39a89aadc67e9ae48ff7fa
SHA256 db16f8a7096b2214cc4b39d7ca0aa65707cd5a33eabc1981aa362006c2836bf7
SHA512 f2a6e48c1d1e323e991c1aba3d42089b68c44d4c525e96c406585220cc4d67746941c97acdffba4a3d9cc1e7064391a5441f0050690b34cfb385657a1303df81

/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-journal

MD5 d65a17d9c0bea9bea2920cddd82b8c8e
SHA1 96be059dd0b6d51db5e74a6116c4b387544086d9
SHA256 32d74c026c113b2fbaed590a7addc872a9c5ed30dc6c46887911f51624792aa0
SHA512 44fc02571f24a09c6b54ef685948c067b69c8fae6177563758ab5421053d7d37901aea696c738310ac62055226377cace54719e67551569a34549f3b6f99c5f0

/data/data/com.yundu.YaLiMaino1449oApp/files/lldt/firll.dat

MD5 bafa9f46b305ba8a70fc56c17763a695
SHA1 48a38884a9d219e29ce539d6391de6fb00a3357f
SHA256 eddc370fe6045cd17a400493e972f906fcfe2971953d9621b1ea9dfe439a75d0
SHA512 20ffc680aa39fb6fc07e0b390fd0162b6e94bb404825df413af864eaab897abce796fa1cb5c1dedfb6521b7304605a1bb2a6481734747f0fea8f09915e9c853b

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 d9e9ca458e2521ae84f2478cb6897b99
SHA1 4bf92b1a2a4422e22a72677f389f123bcfae0030
SHA256 1dda439880411784c52abbdc6f04e602e478d3f654b376024a0253480d9a0826
SHA512 a4350ff61c45628b794216fb27f0da0a5914dd03400db20440fc60ae4469fe17abd0067d7e73bcaffd1fcbfa565c77efc49716182615210186c25ab7a7ef5957

/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/llg.dat

MD5 161557b06b4a4d3ce095528dea370eb7
SHA1 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256 f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA512 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/llg.dat

MD5 8199b75e895e303d5276523669a28612
SHA1 c81379b9b219b7f6b79e69dc034490257f64bad7
SHA256 e344f05d0d84f05977741932c1ff531b2f0cd2d6d93040ffdcb10c1c2547f17a
SHA512 abfe78635e911a63ceb5467bfe4d7401cf592f9823a676928805758961698fa1cd9941a696d9bd33d6c4f18e214ad4c4da21d224886b7053b7953abd9440d887

/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/llg.dat

MD5 34d7125107f092b2e561258daa857dec
SHA1 52961c3c1d812598850ae4639ed6a2669ac46c82
SHA256 54348c39101c9f07ed006b98bdaed691f72afd7da225d91323296eeefae5fcf1
SHA512 d86cc9c67a8747ae70b9c970ccc1f4e2bda45161a7bdc377333fb53cdbccbd6c2b3201933b210ac5b9007056c0a12b413408c95b4a8396f80fb8e3a394455303

/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/llg.dat

MD5 31c168cabd8d89a5de2717a4165f820a
SHA1 623990c0a5ece4ba084c65a73e0bb9bebad79ced
SHA256 b6d08fb556edba36da58ad5d9092cacf5246bf35f991195e88a8fe16a92dac33
SHA512 f8c403a5048c57f466c0eb72db5a269a8e1bc7a7e4caa671bfa4038c7c3a4b35b3224c8325deb543af3dbd38b591822690fbff4ba9ac6ec2626a5e6989da8ec3

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 df811cdf642a0c87b311615546b03106
SHA1 b17d666bdaedf79a59e70c13bc3cd85c336ea742
SHA256 2451ff2030074f239eb60a7c56792bbee56a62effc47349d87ac77348598baa5
SHA512 4f23cb27b698238f7ab3e2631d2f853ab2588aa9d085a5bc79c3efaf392f6ea840c94d347b22bd8ce36d19f17a02c8c7042a7f0dc5c80e5ecac22169fd1e651d

/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/yoh.dat

MD5 a936690571e9104e1922dda4a0ba5bd1
SHA1 65f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256 f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA512 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/yoh.dat

MD5 1681ffc6e046c7af98c9e6c232a3fe0a
SHA1 d3399b7262fb56cb9ed053d68db9291c410839c4
SHA256 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA512 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5