Malware Analysis Report

2024-10-19 13:10

Sample ID 240618-j2hkeavbpf
Target baa841800fa26c4af7e096caca24cfc1_JaffaCakes118
SHA256 30a422ab8bcc35c95151e392e758055ae5fe2ea69135e9d2e68df801111e6521
Tags
collection credential_access discovery impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

30a422ab8bcc35c95151e392e758055ae5fe2ea69135e9d2e68df801111e6521

Threat Level: Shows suspicious behavior

The file baa841800fa26c4af7e096caca24cfc1_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access discovery impact persistence

Obtains sensitive information copied to the device clipboard

Reads the content of photos stored on the user's device.

Queries information about running processes on the device

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 08:09

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 08:09

Reported

2024-06-18 08:13

Platform

android-x86-arm-20240611.1-en

Max time kernel

161s

Max time network

178s

Command Line

com.sogou.translator

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.sogou.translator

com.sogou.translator:channel

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 hxqd.openspeech.cn udp
US 1.1.1.1:53 data.openspeech.cn udp
US 1.1.1.1:53 umengacs.m.taobao.com udp
CN 114.118.64.119:80 hxqd.openspeech.cn tcp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
CN 117.48.148.47:80 data.openspeech.cn tcp
US 1.1.1.1:53 plus.sogou.com udp
SG 119.28.109.132:443 plus.sogou.com tcp
US 1.1.1.1:53 fanyi.sogou.com udp
CN 81.69.138.210:80 fanyi.sogou.com tcp
SG 119.28.109.132:443 plus.sogou.com tcp
CN 81.69.138.210:80 fanyi.sogou.com tcp
US 1.1.1.1:53 pb.sogou.com udp
CN 39.156.165.107:80 pb.sogou.com tcp
SG 119.28.109.132:443 plus.sogou.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
SG 119.28.109.132:443 plus.sogou.com tcp
SG 119.28.109.132:443 plus.sogou.com tcp
SG 119.28.109.132:443 plus.sogou.com tcp
SG 119.28.109.132:443 plus.sogou.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
SG 119.28.109.132:443 plus.sogou.com tcp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 amdc.m.taobao.com udp
HK 47.246.103.9:443 amdc.m.taobao.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 110.253.188.241:443 umengjmacs.m.taobao.com tcp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
HK 47.246.103.9:443 amdc.m.taobao.com tcp
HK 47.246.103.9:443 amdc.m.taobao.com tcp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
CN 81.69.138.198:80 fanyi.sogou.com tcp
CN 81.69.138.198:80 fanyi.sogou.com tcp
CN 39.156.165.106:80 pb.sogou.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
CN 110.253.188.241:443 umengjmacs.m.taobao.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
GB 142.250.200.14:443 tcp
GB 142.250.178.2:443 tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 110.253.188.241:80 umengjmacs.m.taobao.com tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 110.253.188.241:80 umengjmacs.m.taobao.com tcp
HK 47.246.103.10:80 amdc.m.taobao.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp

Files

/data/data/com.sogou.translator/databases/MessageStore.db-journal

MD5 5f94d999014227b24df5b47f1f8fdb0a
SHA1 15a167e172b0e283f27eda9378422e5811a4684e
SHA256 7e9efc08c8ed9e78125bb1c40845a1e3c9f0c086804b621060f73971647afc29
SHA512 957b5d17fde4cf0700cb2e309f8cb617fe5c55190bfcbb817a4e715d0fe1da20c9f335f66b3a75087463f1737f286c748caf0fedf1ff07de9ef87f55df2a0cf7

/data/data/com.sogou.translator/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.sogou.translator/databases/MessageStore.db-shm

MD5 cc9c4d7a5761986e207855c24009e5c2
SHA1 829cf57881eaa00821add7a06e912ffbfd28a22f
SHA256 94892388917f03f735776504dc2ee5d7dc14b0fac0353b14aa4cab7d5f1b6899
SHA512 62c9d2acd5e127f4715a425d49028ced00f0ac05123b87c498f26da71f976cfcbbb18e9e5c49366c59cc6b1f062c04964519eff0ed48d1d28cd730108a78b3bb

/data/data/com.sogou.translator/databases/MessageStore.db-wal

MD5 8edb2ece2ad898af903f6c6bcaae8eeb
SHA1 a5ffe957801d50168558a7c99a2359251ff3f26d
SHA256 36921a6b08f2180a1f627cd7a05c1c8fc5a0af8b13ca4163ead37dcabaadae41
SHA512 e449204e453b442ae10f4bbe2759142c2ae1c50aedebe0e5f42ded96b1c2e781d9df45b45b3654f5b419e5aca1a28ac40cb64527945d3e1cffecaa91c8e02bbe

/data/data/com.sogou.translator/databases/MsgLogStore.db-journal

MD5 9130e1a49ef25c7378f537e63d2292bd
SHA1 76c6f2be9ada2459fa06e86427dbab475dd8bd71
SHA256 e877db5e802cc53a5347cc4b5d5fe58c4a8f5e992e5c47ad015ea7510577844b
SHA512 df7db605170232919fd94c509350fb1017b75f35db5688948e7a5affbd39480a9f289c614a774d4768e2dd407a399e54790a57f41fc605f2427f46090c6de45e

/data/data/com.sogou.translator/databases/MsgLogStore.db

MD5 46dfe51667c6eaf51a22acb50a9b2d02
SHA1 262461d6cf52d70e27b5ce7c32d95ef59e3c67e8
SHA256 eb23b3cdf7c2e60de99cdaef098a95fc6f7abec3e6cd78f555baf7c7bcf5be61
SHA512 d9eb4e6bd0340d70110f493b2c047c3557524f1a53dcaeccf3f133cbdb624ed2e7f2ed0f8407bb4b0aa627ce2075d20f02cc88c0158acba0d93a64a369ea9cb3

/data/data/com.sogou.translator/databases/MsgLogStore.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.sogou.translator/databases/MsgLogStore.db-wal

MD5 4254981fc4eb3552b8a1c53a6daeaa12
SHA1 1a6fd2c4c237594fc84da36b1f65bfc14e14e7bc
SHA256 822c621cc2514de03f0bbe65cf9a583a4069bb1c7b8a187bef5a1eb7a59d824f
SHA512 4a9851e9a4577cc964fa8c5ebb77711f2b5b04858ff1397d0f765e165965500a66313ddb12e943164c654e8f6160efae6d5a60b193b10472c9df40d5be76ae24

/data/data/com.sogou.translator/databases/accs.db-journal

MD5 8af7ed5a9273f274ce31026c200bf872
SHA1 7c582cea8d84cad58500b43c36b06a0cf20942ea
SHA256 7f932d3eb3f0186f90500e4832dd833be437400cf9e2c5bb06329c538c0de50c
SHA512 3803ef198a3288a5c482a8d574969280bde32c601e2858a860057204d36dfa1750e4bd1f151b518430440aae6066739b6cd1495b3a6dbb343c000c6f8726ca8d

/data/data/com.sogou.translator/databases/accs.db

MD5 486e2bac2b3e9e1cb411d2838a4854bd
SHA1 81dd0a7537f4af319b830ae834908986be85da8b
SHA256 5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512 c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

/data/data/com.sogou.translator/databases/accs.db-wal

MD5 4c7a366f6003883c4b78999888c8c02c
SHA1 f647808db8593f6dc5df29cfdf99edbf1d5261c9
SHA256 a2d47bfca84befee3f15deeb2542c6a819bd0eed9655ce14e59c77af81b70119
SHA512 3694c416a1e61ba69e6664cf860a768e60052fd2172a4fa018c88492e987b09960bf7c84e7711f48921b3ebcc211db9018eee30e5c3ff18bf9f75d9e1e6f6fd1

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 7e053b9ff60cae27ae8ad21d21632932
SHA1 674652aeea091ccc87e35cbe782b4c597c5e305f
SHA256 9573c317dab83c2c53eb65fe9b054b7888c116aa35f487ab26746e3ec383c9b3
SHA512 75dafacaf80780cb0140f5320234af957ed75a3af837069b52b1dbc44e67bb2e08f14dfafe1c3ca276e75b228c47b39f62a5d482fbdfb943d99f7e22ce5f4c8e

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 42bd0953a45402ed57b34df8d0006ba5
SHA1 8c14c1df3af6ef94cbd7d4b60f8968a52c44297f
SHA256 c227a2a8dc30f0fe82aa6dee8a57b362664c3f589fa648975e4940de6c3c0332
SHA512 b35c79c4b94b3812be5da64c9165dd2ea107c883dfb049c5ad995f66b91ec508f7d063222a4b691ce12f4950b9d902792bbcb259dba8d21667c6bdc8537d0c6f

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 ef6ae5056679e2405b2bd75bc5e80023
SHA1 46d2519edb79df6833a31e28c0d58efb9bb14cee
SHA256 f8c8b0cb222f42b05ab193417c9f835a928f843a2bfa5285cbd0391842a611c5
SHA512 7c3d4d562b5715c2f1e2dd309fb3b27c16512affb5493db12e6d1b04e4c11f576deaf60868a56875e9449f86a7b03eded1cd83555035ee6a1c3afd8a4723dc38

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 2ba72298a8633eb45b8cfc5d06f2fe6b
SHA1 5bacf13d9dd6377c389dfbf585f59c983f7cf995
SHA256 a2d5c2d92f79013dbf1c0be089fdf41879b78cb20cf304c85da5b591cbad4248
SHA512 0c0bc3dceaaf23ad5024a02246844d01dc6f92fb242c4f7b60efc678864e36d264feacd9ce8b300b5d3c15eb8353c0983bacc981a17ad7951266632218bbfcea

/storage/emulated/0/SogouSearch/imgCache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/Android/data/com.sogou.translator/files/tnetlogs/inapp_20240618.log

MD5 51c85d6ec6c057cfb684ebd588325595
SHA1 e69b45f7b5bcc5548210e123bb28ef75f6fa008f
SHA256 1da4bc8125b07a08850b78bb51866d24eee42069558d20bc7c591f6fa8c3a7d3
SHA512 43777263b7c6a6de25fac846be17a79cb1765f107c47f471abf8c56bbf10198d996bc33b30008c831536de566790ae807685efbd419878c75b030a93ed8ddabf

/data/data/com.sogou.translator/databases/cc/cc.db-journal

MD5 801d886cb7a60b75c70c1d68b9e33f19
SHA1 144937a8646e5f25259c638e5be14b78ceaba718
SHA256 c3ef84c0e4a50e090ba5c841320fba36261e790cc63e6de4ee4a862d902e8517
SHA512 cf39a36fe4e936ce9ed62f6c9d7ea28479432733f727319fb4c1e471992168e091427239867eaa23bd93d2b2804a3f842f6d510124db28b0f537f85ad5e65d2f

/data/data/com.sogou.translator/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.sogou.translator/databases/cc/cc.db-wal

MD5 de2243ba4eb3882c18a65f5f4ac45433
SHA1 9970760994d6300c0ac51fd92198aba6777724a4
SHA256 70b481c72c053f7d4e1362fbfd6dff6dd6797df382f5e20b49d8bda39e788307
SHA512 7f58ecbfbd7d24fde6e06640e64b705fb9eb1885f658dfbd87fda6ada56ba3d4e15496840bd5104adf3da70ebfbc5d40e45b28f6aa697b572179ff2227cf8ae9

/data/data/com.sogou.translator/files/rt_event_cache/sce_1718698206165.dat

MD5 ce5832c905cfb3946f1d1b61463c7adb
SHA1 7165fb643eb54f5ba3a49a2b0a4f98ab63039099
SHA256 1e0423e8afc33b08199369997c3083e1dddb443c3a10f3b77b2b8215e8672371
SHA512 50bf63756f5b92c619e5eff7435bdc93aee1d0cc63de29df8fd44ce91a35a6a0a75589d9865b965e14d655fcb35a0f6781addbfb119d6ccf88e99baf3cac4266

/data/data/com.sogou.translator/databases/.ua/ua.db-journal

MD5 a2386109babc6f3673f7f28e6a32b948
SHA1 f4446eeb6639f4e5a77344a54c7a65b71d6959f5
SHA256 716804007c80722a6ff1f1e05d02326bd3e0c8494a430c9563888366c97fb90e
SHA512 d30ef3e3e93114b9363a6b4deeef8e0d7fc1a62b1a3c371b107c8700ced8a8e9793fccc6f70631fe01c876a17b2fc24771cc38e7c7fbd5e65348f33f1c3c5db1

/data/data/com.sogou.translator/databases/.ua/ua.db

MD5 308c52571f8ccec5f4a166c99060a9d8
SHA1 e77ee4bc958085bdb5f86e9f3b5ffaf8c97702b3
SHA256 e6d4ded18bed81210bd905030eb3d88494282b1b2b605d6e791cd62b9d91a2ab
SHA512 1bad329ad532c97be1d34c079b62e8a3a03f8aa3dec623cf7958e2dd40a81f14759dc3950198dd82735a9b073639886170896e6158be2609c954d55d590fa4fb

/data/data/com.sogou.translator/databases/.ua/ua.db-wal

MD5 7b33af7a607117f3dc0f7c75dbe323b7
SHA1 73eef7657df1895ac6e886bcaba1b4c8c27d0655
SHA256 95289b36b87d953dfe7e0f9ec2d9d29c86b6e7ef13f47973a67b13ceda930917
SHA512 983b96b316a4d060ffe5b92718eeb94ff5357534c74dfddaf53500c4268969d7990697177219dbe5f94eb13e174a3bd6d89607517994a524b316e6080e2cc2de

/data/data/com.sogou.translator/files/umeng_it.cache

MD5 2b4de5f64422cde77c7a39f15163b9e4
SHA1 f41b409ff7a9f2b75b66a1471aee909f87e97089
SHA256 9b3f1bebe3db052199e76b4c9ad23fe2877c7eb56ef1eff6fdb83fa6f35e0a31
SHA512 0c25945fe6a7b0bfd1aea55399495db707c0aaf9f0781d6421cfb94b42aa8a5cd7a353bfd254af93b0b2f935d8769a753bfc12099682151d01a70e6fcb6c34b6

/data/data/com.sogou.translator/files/event_cache/sce_1718698207615.dat

MD5 2672c8a1b1ece8c17d46df677aee7aa9
SHA1 a17d4d4f8011e0e21e714a55c7e2ccf0bb770ea9
SHA256 bbee9accfbe467d15287f809a081056a4906aa7a63ee7a4302d917e995ea47c5
SHA512 02f28d77a40b3e7826a0eb6734677e7662d474e00e9ce599641f22082090759b788ff23b9d2249d1966894f48bf72c8d111bb4af7784a2abc0e6489c3a6c4795

/data/data/com.sogou.translator/files/.umeng/exchangeIdentity.json

MD5 3632666cd1e370d7024be924ac8044a4
SHA1 9db71e2a24024181e185a66dfd366d6db1ccd545
SHA256 bf99d3a1851ba6c39efef90b6182bd7385a504efa527c8f34f85e51cbad5664f
SHA512 01f5509363259a9d7af07972a73dcada49f009bbf8ed26b3b63990066739ef2f37f168cf2f7bd45087db88a98db7053c79c761002ef7d96b4570021694e41c9a

/data/data/com.sogou.translator/files/exid.dat

MD5 778ee2a5601663bc54e0fff4b35d8477
SHA1 ab85b08528ad2c21f8a106dfdff973b0f5df42cc
SHA256 dfb4d37cfc522d9fccf0da42c839cee948e35be78cfbad142164d63a08cc815a
SHA512 3201f834647a4cf4a795569444aed14e19ccca0607db74f9bba09286e4e37628e9be721cf1ab91c669679c21f9f55b1f6c92e85311a7d49f711771d5223a8220

/data/data/com.sogou.translator/databases/.ua/ua.db-wal

MD5 1e14cc7882ec68d5513c67ffb35da49a
SHA1 7fbf5374196d83880ed122ae661f846276a26737
SHA256 97cb796fa0531a5e318fc9596097244fd017e48eaae4cd17196b2f175aec71b0
SHA512 96b68cdf6f83f4a99ed7c189addccf8b54650400f43b7947dc3438caac34f976f40c52922f49aaeb0ea75a26ead862208f68ed3b5475304368b2a6f13ca54047

/data/data/com.sogou.translator/databases/.ua/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.sogou.translator/databases/cc/cc.db-wal

MD5 11219756b6327698cb3a023e20a2f96f
SHA1 da959bff353e158c00b798a654b94edf8c5b44e1
SHA256 b84286b4507611c0760f4142fe3c5cee367af4cceaed5f745d46abe57b333587
SHA512 65b6d75400d150b7eba1b1f4feac4add853e1330690e6a92776bc32982809fdc80f774e4513aa45dd80633c9a0d3ef6ffeba68bbd11925632578aee88e23e8ff

/data/data/com.sogou.translator/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.sogou.translator/files/rt_event_cache/sce_1718698208867.dat

MD5 c5c7d1b255eae813d899fac2204c5e9d
SHA1 ea26e55106605e9801a32565ed922f0827afd4ef
SHA256 c8fb83858d38a1cfb5c3b2c18e95bba019bfb0cfcbda1e18c884ab15c8c3a8f9
SHA512 574a81ac3d45464a15e497ae517f59b11f63c3df8484722918fa73ade324455048c4f5ff57569accfe3676fb9157cdf6115ec67fdd4d0897d6038f643fe375a5

/data/data/com.sogou.translator/files/rt_event_cache/sce_1718698211291.dat

MD5 14ac9ac1d65edd0d1a8918eef9a9a999
SHA1 7e99ed4dc4d3160f41697ef0f1bf2956bffe40d9
SHA256 8eb9361d7d4f0aec2d041cc2e71806a91f2c17438f99de5720c36468f330b159
SHA512 4f80929f3a6284a8c3e4b04c4e5f8a409dd28d64d7974d6dc97d6fc088ab5f915a9625a979c16e740c1eef63e14ef62a91b6507120a37daa5687169291ec983c

/storage/emulated/0/Android/data/com.sogou.translator/cache/b443100aae9743408ed5f5643d4ae130

MD5 e0f1e43d1de725657d7d0d543f1b00f8
SHA1 bb31880c2641622d1054c10610d917f5cc0a626a
SHA256 d21e18ca4076db61ba972eaa7516523804ff2fd8bb8fe65fc0456183cc2a1d7d
SHA512 32fe9b4240e6f686fc40c83d47778ddf2f59a5ff748f2c02572671fdab1ee9c9832712bae9dbb2649775b5f2bfe4ece0a9144d0ddc6c4320bc8710cceeac2f3b

/storage/emulated/0/Android/data/com.sogou.translator/cache/4867b8b1c8394d68bcb6f5c6dfd63fcc

MD5 4013f922d6e2b5127df7532c533abfa3
SHA1 d2c113e1b1527a8525d50ac571499d2cfb04eb1e
SHA256 8592bbbcb58d5d04cd7358acbda5fe0488fcb60a101ca6a36e9f7f0f2f0ec00e
SHA512 99103ad0ed45dceae56810e570ffc612d69a7713fbd85208301fdd0cca77dcb12e4d61699b9431836e6cc239375eb22d5499fcd16802e60d2ac0c49c168709d4

/storage/emulated/0/Android/data/com.sogou.translator/files/sogou_translate_offline.log

MD5 a05676a5178f86b3a4378a696655b1a4
SHA1 8dd4306bebdf92f6af6e05051dbaebf5e11bbc62
SHA256 efa634efdde21ba7a147139acb765ea5f280fa3a09f89e51bb7187de4994d08a
SHA512 bb1c01b1e05d8c388f08d7a053c339b3c95a85950a511a9c1a2db6f8c1e3b49f9af54b7daafea695edd67f707d7a1982deb68973a2e1c2aacf3d83038dc26e20

/data/data/com.sogou.translator/files/.um/um_cache_1718698328726.env

MD5 debb39244fced7c1ce9f6fb844dd7500
SHA1 370a1bfe0a285045fa06812022f7388663ee7e2f
SHA256 dd285a5a12e02e0e7cd24b0f676b1de335a706b41f05c784a92e958cb624197c
SHA512 a40be06690938f39786973e18f38c23604347c6126a6d78a9cf2f923136f48fd0897a1d8e0705e97d8496e7b923398b7d42ae9cadd5a8502fa000cb85b51dd66

/data/data/com.sogou.translator/files/.imprint

MD5 93f5fbe7bde8616724707cd22cae6cc3
SHA1 407c4fda78d3191d14b5aa2fd01b589d6d959f87
SHA256 58ef2cf6e8a4ace1e5cfed081ac9d18e6202dde5c84153322e191e7b35425368
SHA512 1dfd19ab7820acaa2dca411f1b30eb2ee94bc6832e44583f7ac625f53dcb2775bda2add6897fc1f74d9e10e44db98faedecfd3f269e938463a1325f0330789ea