Malware Analysis Report

2025-01-19 04:54

Sample ID 240617-yg5a1awbkl
Target b9b556d543eb8448c38a45f7f930783b_JaffaCakes118
SHA256 b68b41cc317f010651d47ff8ab92f978f99f3522b3615dd33abef6bfb6203e8a
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b68b41cc317f010651d47ff8ab92f978f99f3522b3615dd33abef6bfb6203e8a

Threat Level: Likely malicious

The file b9b556d543eb8448c38a45f7f930783b_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current nearby Wi-Fi networks

Requests cell location

Reads information about phone network operator.

Acquires the wake lock

Queries information about active data network

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Checks the presence of a debugger

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 19:46

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 19:46

Reported

2024-06-17 19:49

Platform

android-x86-arm-20240611.1-en

Max time kernel

164s

Max time network

179s

Command Line

com.ttyongche

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ttyongche

/system/bin/sh -c getprop ro.board.platform

getprop ro.board.platform

com.ttyongche:ipc

com.ttyongche:pushservice

getprop ro.product.cpu.abi

com.ttyongche:remote

io.rong.push

com.ttyongche:ipc

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 cn.pool.ntp.org udp
US 1.1.1.1:53 sapi.map.baidu.com udp
HK 103.235.46.245:443 sapi.map.baidu.com tcp
US 1.1.1.1:53 xdrig.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 api.ttyongche.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 collect.ttyongche.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
US 1.1.1.1:53 dns.map.baidu.com udp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 nav.cn.ronghub.com udp
GB 8.208.8.123:80 nav.cn.ronghub.com tcp
US 1.1.1.1:53 rqd.uu.qq.com udp
HK 43.135.106.42:80 rqd.uu.qq.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 13.39.65.24:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 8.208.8.123:80 nav.cn.ronghub.com tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
GB 142.250.200.14:443 tcp
GB 142.250.178.2:443 tcp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.169.10:443 semanticlocation-pa.googleapis.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp

Files

/data/data/com.ttyongche/files/.Fabric/com.crashlytics.sdk.android:crashlytics/6670929D01EF-0001-10A2-7203A6C4C716BeginSession.cls_temp

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ttyongche/files/.Fabric/com.crashlytics.sdk.android:crashlytics/6670929D01EF-0001-10A2-7203A6C4C716SessionApp.cls_temp

MD5 309a3a7b24e31df571e959dcbfdec425
SHA1 84627a3ef0d35a203182dc4fda86ed75b1fe08e8
SHA256 55e1e323d3efc41ad5c434c51d91c8bb084fc8410560fdee4f95c1d48630be5d
SHA512 58b03fa32f8417b71f9ca25ccbb7f0097cf60c1a7c217249f9b433883428bd73dee01f9720914e3e5934e8740ba3a75bb2e015daed8cd2a8d24d5ef5077df071

/data/data/com.ttyongche/files/.Fabric/com.crashlytics.sdk.android:crashlytics/6670929D01EF-0001-10A2-7203A6C4C716SessionOS.cls_temp

MD5 b4e53901d116af9f0de6140d899c5fd2
SHA1 d65431eb33a62aba2daca6401e412f9911e1eea9
SHA256 94556589cc240ded4fdcfe994e3aa5299eb8348592945ac1fd7e243dcdc26d96
SHA512 6d17ac4f7e722c894798f5c418ac2f3928dc0a0f7132bc5c699c2f078be7740224089fba9053e8c9bcd892e87f8f70746fe449e7d1c6845895b7fe4f2ca2df9e

/data/data/com.ttyongche/databases/bugly_db_-journal

MD5 2e88845a605286ba60e4a76c4a20bf04
SHA1 280b3085ca1a9f33cc7b982210b8e42869b5739e
SHA256 fa45b823d632fb805174b1d03125f0450c2db2020ca6a930a0cb34e9428473b8
SHA512 b5edd82d1f5b349920851d5d44e324ae951ccfbaecd67ca597d65bf6b236c866a7baacd43b902d4fd4c091ae0d0ea0ce1db879a82fbd9842def89553d756bac7

/data/data/com.ttyongche/databases/bugly_db_

MD5 1c4274aa7a9a5cac8c6d1df71e4588c6
SHA1 abaecd685e01cc68801292e3dc7085654a22feba
SHA256 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA512 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

/data/data/com.ttyongche/databases/bugly_db_-wal

MD5 a8a65b0b1050c00f055784d3ee025d6a
SHA1 7751e1b18aed5ee65ddd8ee0070b3591e13e3325
SHA256 ce269359c672361fe093bfc7c08bc970d4be6564b962616bfc0a3b24a5181879
SHA512 fa093a7eb0097e082d1c26491dffce789b70041bdb1baa6bbbd0b64924d6bb925ede8ffbdbb9c8e764c48f9d78c96e4adb4e292367fbf5c55b25dd1d393c0fde

/data/data/com.ttyongche/files/.Fabric/com.crashlytics.sdk.android:crashlytics/6670929D01EF-0001-10A2-7203A6C4C716SessionDevice.cls_temp

MD5 839308ddd5d3705e1be02617e7970a9f
SHA1 a6b3d2b551ea15ec8df74e1ed7cbdffdd7a6eaa7
SHA256 4a81a680720aa3583ebd8dd6f0b752911be74369e5f977a48f5c8f5088143dd7
SHA512 b10303475b1dc7187085b0085f9097415194750ad4c1cd3f01161d1c4a208fd555e897941f552e13fe36085b74fcb4337cd58fe09fdd330eb284ff76b41bd9e5

/data/data/com.ttyongche/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 69a857fb2bb61243319475a32add030d
SHA1 acb54e5dc2ae2ad3764a2da2b4ef26c2661f87f5
SHA256 5f2072349160d19b06ea644a8382bf6d879e9a2dbcae441b51e6375b819422f2
SHA512 2e9e140235b3f73df03f55359409973e634eb1fe37a6b2b4ee176c10b9eedb9feac20172c6f4009a7e13c8742ffc05022bd428d085b00cfb4997353f3e85ad83

/data/data/com.ttyongche/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 309c4277c4f6bfca2a36d3a9796a43f5
SHA1 a16dbf5ef666b050e5fcd912a7bad71f7c601c47
SHA256 f61d01836140c7c184d57fa607615b6bcac73fc1eb1aae7498feefa96b35fb2a
SHA512 a3e9bfc6daf434051111363517fa26696091c666f5d76d29ac7d0709a1554ef81028ab886c8f755efd2b541c7497e07237cffa7cc2b43e748d40b273da9fe13f

/data/data/com.ttyongche/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_8fd8b1ef-f762-486b-908d-cb102d42c991_1718653598853.tap

MD5 aec79825de0c18dc4058d266df9ebe25
SHA1 f719274d9eff84a679cd1c53d50ee3d35c5073fa
SHA256 b6be1cb20e0c89908d72588860bc584da7b86139136058ace17b0e67b72e7d34
SHA512 5f8363ab6ba6c5b581e49df5e6e036d36e49f238a4f298dd95fdc30fe6872eefbb03f24ca897ba3dd8e82af0e56b869ba87e03344982ff243735813bd29164c5

/data/data/com.ttyongche/files/TDtcagent.db-journal

MD5 bca43391d8549aea58ac4585f3e57c1d
SHA1 48ecdac2969df0d36bcc98b9afba61bfe659610a
SHA256 df4bf3ddd36cf07b62d3fc1e943c8de45a9ec882844bf4c8eb06bf638102b168
SHA512 c68e250788a33b9c0ecf55dc3bcfc15b278b67c65832b51a17821aefd4c2646af35788fbcb29ed8571c90e76c0513772be0f19ead500e02ea3548495e36409be

/data/data/com.ttyongche/files/TDtcagent.db

MD5 ee72454a1cdb67a85f7670088ce5c369
SHA1 619626c770aaf7c80dbd25f086ada9b3fea52fde
SHA256 425af3f6bfa9a0c69f7f17a1ecf97b461ed2ce7035478a7dbf877f1fa47f964c
SHA512 c6b5cc2424a806d472d1c404a64b0f695d9f15f767cda0784f9dc1bc8c2faba6c5ed5ab660ae7fda9c7c2c73c59014f911fe55646d5927e3e181c9ba3728cac9

/data/data/com.ttyongche/files/TDtcagent.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.ttyongche/files/TDtcagent.db-wal

MD5 aee0b3ba6bf9fc206a3d569a451ca856
SHA1 4acaa36df66ffdcad0f08cde19729b0977eabf4b
SHA256 17841415ce6c4d3ca477e7a1f964a5aea785ab2cc0efed0602992fdd6c2e925c
SHA512 4144f4a0ff47067933180974bd044d5ae51c116e73a9e7c0a3dfc98ce48f64149f5adcb6858f03d1e86d3ce68b77c196261de68fc658944363d46adc26006e7f

/data/data/com.ttyongche/files/ver.dat

MD5 8e31aa8d6b61e8b044ac3346e87098d6
SHA1 70e4050667039f00eb5231bd731b9f3cb5daf00b
SHA256 d2a616114953901b1bbbb79a9be694acc0aafdabc1df94f46002bcd6b75b3a4b
SHA512 2935b5e37639b7c631aac8d5073a200d56471b1a06858c0e3dac03e03a89758743b023cedd1ad703e8f775114b39ee0ca808165188c74359d6b1e47fa7e171d6

/data/data/com.ttyongche/files/cfg/a/ResPack.rs

MD5 004ac4d487469d86c514c76ff1ff3447
SHA1 46b4e8ac1b5f088a6580f0fef37e074708b6626f
SHA256 b8027e475f25f91c1a4c6b7737f7f3d378782e48d41cf56424617a58fcf2dc1e
SHA512 4dc927e600b81d0721e0a1aa56c17b2c1d2ca8f84a70a19d0d0dc99cde8e59c338ba51e9c30edabc7441f3593a9243f78e2c1bd0b3587cbecd9fd94973cb465a

/data/data/com.ttyongche/files/cfg/h/DVHotcity.cfg

MD5 883c30365d5d377966125dd0c079debd
SHA1 d296ec1e3f4badb6e3e6166c1473fb55d4265761
SHA256 50112e7ed210b33224fbe1cce568c8e95a14fb47f7d39ec905369e2feb9668aa
SHA512 00b1604e206a5d929071aa1cac99d83320eacdbb064d517973a5a36757a8a9eb8a103452c98f24e7c8d29adb4b2843e804bfdcb32902da7e364a0c30f8609b7f

/data/data/com.ttyongche/files/cfg/l/DVHotcity.cfg

MD5 bee8d66b0f46dd5ea1671212b29fa16b
SHA1 bfd80470020e434451215188d8b1d90a63a46e88
SHA256 ed4c7dcf481eb6104f962ad68522a02e478b9f632c911beccc00310f27ac80dc
SHA512 791b916d309b8c3842b44e0ec8658dd5e6a31e0b9fb7b71bcaeaa9ca5b955600477a178f0c5c2379503ab918bc97628e403137feab2dcc820e80a022cfe37cce

/data/data/com.ttyongche/files/cfg/h/DVHotMap.cfg

MD5 75cedee1803d0736f87231f61ae55674
SHA1 e81ca553a5af709307acfa2b9daab5df898e81aa
SHA256 449f298726530ed93f5a6c25d673a57c84e9b39504d0b690daeb3913621c64d7
SHA512 6ae24a97ba544d58b16c5d238b67c4b37ae9c334694578f064d51a387f5583e8de5bf9d9bbf1d86c552803c34fa364a8bd42d0d7192e09186423460532db1c97

/data/data/com.ttyongche/files/cfg/l/DVHotMap.cfg

MD5 3f44ca873593ee15b867334e0fae3c9c
SHA1 5571e2f35ec8204cbe35d975d9f611533380a99b
SHA256 43415b419e6349c5ce4f4f35bc884ccb2548c0a33ecfbb73d62b5d9149cf0e95
SHA512 9e7f6bbc907e79e636074652cb353dfec9c9fd981e5813b6d586d8a5fbbf88d5182cb0cef37eb93428ad3a7748a7d0679e879e8db81bdc2c39afc9e752cfc937

/data/data/com.ttyongche/files/cfg/l/DVDirectory.cfg

MD5 65685a117c72fe8fbf5a92b07073c99e
SHA1 b115b527f74e4c291edcaab19b316a446aca8f5b
SHA256 19bcea79613a5c3bb71dfe6b311241fcbf3534b538f0b147c7e849b58b24b2b8
SHA512 e5821a5212f0790db33ec7274f018b08f499557ff7f2f118021a7905573e8dd66e716fb02144919d96eeec7da9db921c756a88cf0a050f65a9f8de3894dcc253

/data/data/com.ttyongche/files/cfg/l/DVVersion.cfg

MD5 f966fc1bb228591a2dcdad350c976c85
SHA1 b8cbf9b0532e83bb33e10bba314de47c9b4c8d5c
SHA256 8ac4b86eec713ce1da36eefbe1e303bce41c36455cd1d00bbb8bd8d0cd4b3728
SHA512 03dc27bdb26afcd2c0e31043c1e7d44fb6d25177996d018c2744d7ac7fb33767abea8cefce41faa5489ba74b83e42b628c208b2063cf0fce6aa92a9b4105128f

/data/data/com.ttyongche/files/cfg/h/DVDirectory.cfg

MD5 5fba492e8c1a1137373cedfc3a0960f0
SHA1 78825d3a76be66a809b80c755e28c390db1d980d
SHA256 072903b6d7afb7d5f4e778f7d434c7cc0324130471c02ac1e0358a4582beac55
SHA512 080f7b1107fedad1208a24146baf24ad3adc4c962d549f8fbf2232e8b91d26c5a22c55a79356c641524d216540f684f429835fa4f1994becd21132999bd73a3c

/data/data/com.ttyongche/files/cfg/h/DVVersion.cfg

MD5 66f9898bb873ad89a10f9b8af0798d7c
SHA1 d16611230bfd48a3e8fb4a9237fc91edf756835a
SHA256 acbed8985d937af497ccdfdb46f3eea2f04b8b525564a4d994886412534ea0b1
SHA512 5858533e58573509f95e4968b385c8645b526e98304047e389b1e5a7981e957d4a9a1a32525f408cd103b96e80c93e33a4769f8451ff263d31d8b0858e1134b2

/data/data/com.ttyongche/files/cfg/a/mapstyle.sty

MD5 21dab9f4379799aeb965defbd6276ee1
SHA1 106250802fef6bccf2c7812372c4dd976cc8df3a
SHA256 a7cffbc9aacd56fa00a3a442feefcf95532c7a6be99b94be270fa21fa247ca9d
SHA512 d5afa2987ac8c43f12226efc66bd9350ffdbe2792442bf8081311f016704fb6744b7e3e866f890f4b780187e1d31fecdb8cf143d4a77eded093ba890f4e16371

/data/data/com.ttyongche/files/cfg/a/satellitestyle.sty

MD5 ea16af7ca44f0e1bf7d904b6eff8332c
SHA1 c8d068d01ab5daa489b25f85577eea386679afd5
SHA256 95c09dfaaa44b339e55d98533a4918f2657aa83b127bfca17a9d497856d04861
SHA512 fbe8ef75659deea2b8f489af4dbe38825085a0c35f27a440e4e8e59bccb2e81da725a67f136d81c0069c3aea8258a4771a34711786ab0c559f25e0713da64223

/data/data/com.ttyongche/files/cfg/a/trafficstyle.sty

MD5 344b8aa7a31e42d4646ad005eab54305
SHA1 78cf294387f2f9d66de92a0a22f69a7334cf7c94
SHA256 479579eeb0e9e118014b2063903f15482a7f34a3dcce5acf793da297e07f6cad
SHA512 52ab0942c0f3d3965a7b93bd8bb2c77779f43d6bf046f0364532e0412a1f41d0a243028b31596cc0fa35f325881e892eb75d94f0f696654dd5b2cf8d903386ad

/storage/emulated/0/baidu/.cuid

MD5 b0792aba5f7a59550f074252eb9bec02
SHA1 3f89b538cbaf30a0c5cdf0369126fb3320ea74fc
SHA256 4179fc36b2cb072bb30c3c8ce22eedefaf4e740d2f989c00513b1ce726b09fe2
SHA512 7348ab0fc27f05fb8ff81f73fffc5d5abc45962ff91b9b7a784020139a899ad789a29b98b897dfaaee181f99ad2c5bca06964a3defcfd9ac908a224609bb2069

/storage/emulated/0/Android/data/com.ttyongche/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/Android/data/com.ttyongche/cache/kit/journal.tmp

MD5 8c8bcb7d36cb5a71729c00c4e7f2d330
SHA1 a352667c61dc45f43cae74a7102fa692fba98d3e
SHA256 fddce724f39edc9ae1df4f8920e512cfd0fe3a9017b32031f1ca0e9ec06a1150
SHA512 4589f9c835a12ddaa04617822b93aba809aa85b392dc8596d47368a31648c542a0eb96643ca3a8d21d31aa1a790580a3258afdc3d202d31c5a324a4b591ccb62

/data/data/com.ttyongche/databases/rong_version-journal

MD5 ab46f16aa9445159228fd2dca915068b
SHA1 b3302d61ec33b9ccc75c8ca271c55868f4df4a9f
SHA256 5b84d6db6cb8f441b6820dc0a78952f3d7c7781a4842bb37c7007b2f1f82e052
SHA512 bb2a0c7e0c47709a31e5f7f37237cd559d31d0f0d9e13531610f58e161b00e170a535b217d3d75edc58221836913732e9f4288eec0e10af5b88a22da98166b7c

/data/data/com.ttyongche/databases/rong_version-wal

MD5 9e8a3156bf459343706c58f609cb2a05
SHA1 0afcfa1be5a92b243d9cd1517686e7b0a5389c02
SHA256 6e236d573f8c07d34b5878f92e3d0c993a2f0c02e9a2abb15eda338bf07b8227
SHA512 f9f227a8787418bb8f187a981392dcb6bb4e306fba4c3be05fb85440aa2813dc28392f22a1e5ce3c5591f065e094f2e1e63908eeddb495b01ba2d30fd7cf083c

/data/data/com.ttyongche/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-cba20575-0deb-4e49-b302-7f865484a8f2.temp.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.ttyongche/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-cba20575-0deb-4e49-b302-7f865484a8f2.temp (deleted)

MD5 ada68710abc7f6e005dceb17f794372d
SHA1 f186fc2376b165949374e8923ba70b7c272f8378
SHA256 d29f98d1b65bad81abae657a76d88d3f5d8901dde385b8e9b15e6599a1ac458d
SHA512 660c05e44eb8b2e09382bd13c76da6749715873f963d01586b6f6fbce400c93bb4f5557a68e179ddab154af12284dae91ffa64dbc2ed7a4e00fbbfdfb9f0fb8f

/data/data/com.ttyongche/files/.ttycid

MD5 2513f94c25b81c3944f5e0f6e4f963f5
SHA1 2dc7d5c5f843b12bd8527950cdfe9e35fa0387cc
SHA256 a2099fcd2149b65957fabec85e835f81a2b8897ff6b0fa842774c31b01519d24
SHA512 3340afffec79555bb853f1aec0ff5ddabe41cf34a007d5d6530026bf989d584442b3b91c6da98f3b05d7016e189ffbe54de09f47915b2302fe6133a738c547b0

/data/data/com.ttyongche/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 e93fbac6a0e4da5d46f094cdf3721ceb
SHA1 b5d4e56452dbd38ac877909ec0c3db5abf9eee74
SHA256 1b93c9d727b1bca0774fbfaa8eb2a44e4d46e1591be9b97480e4817ba41ad73f
SHA512 855c3ca37f3354d2afab5ec847ed7ee117aacf9c7ebf96991534251dc012b4d743b126f37db83c6f73ae60206313bfa1f2cbab6d211f88acd59b4411d6c93ab4

/data/data/com.ttyongche/files/TDtcagent.db-wal

MD5 68d26259d1c1d25aea128d3e40c55ad7
SHA1 7e0dfc2ba27c49f513d374e2ad156ce8748dd0a4
SHA256 6239727d33ceee95c58acf54209f740834df6b659558c1df0759a6c1aa690480
SHA512 32cd323c400776eb10e9c68069543627e917b2a2835754bd530e540bb5461b0a7523fd9ae4ba1bea473c37463eacffba7240eb5b65730796483d0b5ae7f4ee1e

/data/data/com.ttyongche/files/TDtcagent.db

MD5 50bc903983d27abcf85c43795783b9cd
SHA1 a8c082c0ca9ebbba9902e2f8d4e13dbd6311c6e6
SHA256 ef8bc33977f02843eebc115d6fa17943681f441e5bb5f8c3097f823f02f72986
SHA512 82fa973bf417d6ac96fcf153408f3aeda6dcf908e9675bd2bb30daaa75645546218fa3f35a9b58f73dd91bbe41adbcdbc95db8e3e31f6e58f0b3fd70eacbcb96

/data/data/com.ttyongche/files/TDtcagent.db-wal

MD5 15c9a54ffc64874bbd6b3885f9f64940
SHA1 d17b59b29bc9c36c955d023ee34a5a9834eb0145
SHA256 738354a90b421895bd20e1f1d3530286da8445040a49f20500f4b3b913390b60
SHA512 f8df33fab8ae75cc7ce920f208a5fb8bcf26921974a780c7f6f1d4c816c2055533a9ba64ff927f1f5287fa629838f448927c4c2cbf47bcb58ec804ab01f5f744

/data/data/com.ttyongche/files/TDtcagent.db

MD5 96af79875e98f10bd3b53ada29b52446
SHA1 8a6f402123343a8a7040ef2080465dc7ac51a905
SHA256 c216d96ad6441d26c7f610d147e2fe2834e8851c297b3565ddd57f087221e85a
SHA512 e932bc10eb351d5fbd672bc179ad8f88c163c728829e3be826f88d91a043db71c15f21ed3591e15077d1054156a842e625b213bddcbe15a1009a6e6df5ca0444

/data/data/com.ttyongche/files/ofld/ofl_statistics.db-wal

MD5 09a696fc5958ee583504572a84efb83c
SHA1 a2298959f4d2d31d9ae7ceaa73120fc40a074e36
SHA256 3bc142f7251db224299382a5c4ab1392639f70f838ee02973e043a28e0d9ad22
SHA512 aa3e3d348e2476ab1e0a21a8da0742cde6090abfbcf64fe5902c39bb175eea7aca20fa7a0633fb085ea032139ad8f3c92308947f8f06867ae2aa92c8d668da7a

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 7342d0d989f755c05ae75469b5ac5f6f
SHA1 bcb076b1392de19e3aa41c317e576142103d808c
SHA256 7d462554e1b2e229a395a570a75499866282c1368410ea652d4e76bb1a29f1b4
SHA512 cb821510b8093ea396929dcf1542ec467f7e084fefa186353f1d1643e05f13fe95c4b0db1e7ba71709c32ed364f8206b7f2339e3548020c66df800ddc6e0d76c

/storage/emulated/0/Android/data/com.ttyongche/files/baidu/tempdata/llg.dat

MD5 161557b06b4a4d3ce095528dea370eb7
SHA1 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256 f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA512 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 65825c10fd24549674ded4d32c1a2055
SHA1 80433d71aff99899b5355894fd974b2f077afffc
SHA256 347a2aa945ac95210799491509367714622170566e04c0cb1559e2a33da8df18
SHA512 279e0d09fe668bc535c422723b176d2181584823690b24691a2db7dc34cbfd03a74b2c30741c680cdf1c800b570352b5bbb95046263be0eca2133b80c1fbdb0d

/storage/emulated/0/Android/data/com.ttyongche/files/baidu/tempdata/conlts.dat

MD5 e9300a545a116092dcaad0502e68c602
SHA1 34675bbbdfc69a107dae8e45328a9d9cfcf89139
SHA256 3777f4500486fdbb0ba0ee2c06c02459efa70a545ed997d2bed2b0843db0f0ba
SHA512 5b5d637c9200a7a6080294e3b74864981d596f42719eb60032d25172518cca1d3e022b14831f1e502d4de79c9ba8ce316f5ede130d776ac5d0c6c5b86f0cbd6b

/storage/emulated/0/Android/data/com.ttyongche/files/baidu/tempdata/yoh.dat

MD5 1681ffc6e046c7af98c9e6c232a3fe0a
SHA1 d3399b7262fb56cb9ed053d68db9291c410839c4
SHA256 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA512 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

/storage/emulated/0/Android/data/com.ttyongche/files/baidu/tempdata/yom.dat

MD5 a936690571e9104e1922dda4a0ba5bd1
SHA1 65f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256 f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA512 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

/storage/emulated/0/Android/data/com.ttyongche/files/baidu/tempdata/yom.dat

MD5 441018525208457705bf09a8ee3c1093
SHA1 6768033e216468247bd031a0a2d9876d79818f8f
SHA256 de47c9b27eb8d300dbb5f2c353e632c393262cf06340c4fa7f1b40c4cbd36f90
SHA512 d296b892b3a7964bd0cc882fc7c0be948b6bbd8eb1eff8c13942fcaabf1f38772dd56ba4d8ecd0b626ff5cef1cd045a1b0a76910396f3c7430b215a85950e9c3

/storage/emulated/0/Android/data/com.ttyongche/files/baidu/tempdata/llg.dat

MD5 16b003431395415d5a7b56dbc18ff0b3
SHA1 943e45ab43d6063c4722850e071ce295354feda3
SHA256 cdbc4a9cf53ea6e71068fc162b9256951724223480175853f2898194a6e4ce39
SHA512 68c93619ababf98ac22561ca9f3eeb686798b015423debbf3801cd931ec7f930c3133189b7921d97ab8c72788c7b692ad27e93a455d18cc1ed8d34c914203445