Malware Analysis Report

2025-01-19 04:52

Sample ID 240618-lnbaaaxgrb
Target bb4468daf2835386a333a10c85ee3aaa_JaffaCakes118
SHA256 aa6cb27d6f4f7f510fc0a9713686f601ba6aae467b0eb8898b3dddc411213010
Tags
collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

aa6cb27d6f4f7f510fc0a9713686f601ba6aae467b0eb8898b3dddc411213010

Threat Level: Shows suspicious behavior

The file bb4468daf2835386a333a10c85ee3aaa_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery evasion impact persistence

Requests cell location

Queries information about the current nearby Wi-Fi networks

Queries information about running processes on the device

Reads information about phone network operator.

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about the current Wi-Fi connection

Queries information about active data network

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 09:40

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 09:40

Reported

2024-06-18 09:43

Platform

android-x86-arm-20240611.1-en

Max time kernel

160s

Max time network

131s

Command Line

com.gualala.me

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.gualala.me

io.rong.push

com.gualala.me:ipc

com.gualala.me:push

com.gualala.me:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stats.cn.ronghub.com udp
US 1.1.1.1:53 au.umeng.com udp
GB 8.208.8.123:80 stats.cn.ronghub.com tcp
US 1.1.1.1:53 au.umeng.co udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 sapi.map.baidu.com udp
HK 103.235.46.245:443 sapi.map.baidu.com tcp
US 1.1.1.1:53 www.ai-by.com udp
DE 3.64.163.50:80 www.ai-by.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 adash.m.taobao.com udp
US 1.1.1.1:53 utop.umengcloud.com udp
US 47.246.137.207:80 adash.m.taobao.com tcp
US 1.1.1.1:53 nav.cn.ronghub.com udp
CN 140.205.160.70:80 utop.umengcloud.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 8.208.102.120:80 nav.cn.ronghub.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
DE 3.64.163.50:80 www.ai-by.com tcp
US 47.246.137.207:80 adash.m.taobao.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 47.246.137.207:80 adash.m.taobao.com tcp

Files

/storage/emulated/0/Android/data/com.gualala.me/cache/kit/journal.tmp

MD5 f5ae32aa1d107b065c2b758b7d8cc54e
SHA1 6f4c6201365aab1b4d6c1a1669213db716eaa1c1
SHA256 d96bd17a72f054221436b1e049350c1a11ad752a4e2dda89019394efd248979a
SHA512 35f7148afc30d4766733709af5daafe22c32039f358d2ef24cb9a1462e960141153ae95905b0516a15eb04c6f380445a52c381a0883e8f591f0711f3b7c6a6ea

/data/data/com.gualala.me/files/ver.dat

MD5 55ab1d1e436e073bd6f7b21db35eaa36
SHA1 e39c9baa0d41520426a9b2e71eb112ff7e6cd989
SHA256 6cbca130459b4c245c9a54be226a1013ded1fe4f2f82eb495cfe6df0163ff041
SHA512 67228b2977fd344e1a69d99acde9170c365540795215b3c168106f7ec2d02a46894011cb9487970f34a3a6bcfe1fff6927505fb72701cad453ce37b4c5992fc8

/data/data/com.gualala.me/files/cfg/a/ResPack.rs

MD5 0357e8edde36315c0e0a4f5385de625f
SHA1 2e6c6f15010e88dac5078f34e31a8ddf5e032f2f
SHA256 44764ad74b21113fb17b21899bd0d4c81740544e868eaad680553b3bd0cb016d
SHA512 497385b4e3b512f6a4365486d40bf1ed298422087f23a352ed2cec96331b9b012814ffba9c3ba83af5f777df16b53bbe1bf3ab8313902db49011f01a3024cf93

/data/data/com.gualala.me/files/cfg/h/DVHotcity.cfg

MD5 883c30365d5d377966125dd0c079debd
SHA1 d296ec1e3f4badb6e3e6166c1473fb55d4265761
SHA256 50112e7ed210b33224fbe1cce568c8e95a14fb47f7d39ec905369e2feb9668aa
SHA512 00b1604e206a5d929071aa1cac99d83320eacdbb064d517973a5a36757a8a9eb8a103452c98f24e7c8d29adb4b2843e804bfdcb32902da7e364a0c30f8609b7f

/data/data/com.gualala.me/files/cfg/l/DVHotcity.cfg

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.gualala.me/files/cfg/h/DVHotMap.cfg

MD5 c16f5ca1517683c46e02a6b71aab3c00
SHA1 2d09a048d1b8d556d89d4d723947e9e234b5e59b
SHA256 13d4fbc0d1cb7c2761641a3632c440f6f1d919dce731b8c32cb35e652b0b39f9
SHA512 a692b79382747548fd8be8ed94c06198b143c167be1e96f60d8ea7ee9432a0eb1a0cd73d0704523e487d59443bf7ad13eb36e47b67864e227917d33225e3e62b

/data/data/com.gualala.me/files/cfg/l/DVHotMap.cfg

MD5 89a7429dac6030d016f75b8766bb4209
SHA1 af7cd6e93bed8cc2cc7147a58cdf46177a963fd7
SHA256 82acb0fa13cf41b516bd5536519f8122f463247fd2aa3138a44cc71181b0eded
SHA512 fd167d38070572f310af90f43f4e849078b36c633d78ca93cd5194660d5ebdedf432eb454f9894888f4d00688675a4dc7e7935534362a20e69d2ded5c4748250

/data/data/com.gualala.me/files/cfg/l/DVDirectory.cfg

MD5 8a2c79efb207a11c881711c482131b0c
SHA1 5ec4483a92792ea82e5ab6d7e79623f5dbf342c6
SHA256 ed97f0e94d639722484d7deab4a57465af5b346e8ddc942684b48999e5fa4808
SHA512 4e38d752fd5b45259f7555953e7d5fa8bb6013f328f0dcaca863d4f6e8fe8f28519bea19ab0c6980e13222f0fb85859f021bc2ca52592ee001ba60697bee52a1

/data/data/com.gualala.me/files/cfg/l/DVVersion.cfg

MD5 d54b7b380a5ff46c78283013a07d8e0f
SHA1 f697c5f7028ba2679a96d6bc5291c38ff96d7982
SHA256 c7ad837b097687d92e0d944815fc70adcb0e1cdc82db28f728d13e8a48d7532c
SHA512 ade792589c33179c51305f201bfb6db28c05b2ea098d12bfefc1a5cf9bd3014d53830ce2e71f027719ee1b83b2394c7654b5ddf4fdc7f678840869d2a2787ef4

/data/data/com.gualala.me/files/cfg/h/DVDirectory.cfg

MD5 4e9eab735928758b860e48b2f9befd7b
SHA1 7223dfdd00f8059d3b83c28c6f7d78d2dcaa0569
SHA256 1a5650bc57e525ff23c7f0cd058d4574142e772c51a89867a13f89e13b93d6b4
SHA512 c7465fab9518be687ee63cbe044f28a4d5c60f1c043fab0ec66a856b2b542c9d99d9ef5812c7eb2033f797805ba37b821572b83eeeebdaac4854a4bf53977599

/data/data/com.gualala.me/files/cfg/h/DVVersion.cfg

MD5 e473f2520893b5788c515d49ff4bd48c
SHA1 2d596a2a34ecd35b91c16cd5734e497ef7111fa5
SHA256 aa33cbb479d7ec9d8ed3fd57b82bea4ec1b70a99bf1984ff08f6c6663fc79aa6
SHA512 400bd3557a88857552d80fb0c9437d4352ad9adba06d7cb1666402b3861aec4d1f35d9c5339bd69064867b65af7706461ae4c412b3986c39179e346718b27d97

/data/data/com.gualala.me/files/cfg/a/mapstyle.sty

MD5 35c037ded99b38e48421119e88d783b0
SHA1 4eb140ebb74eb1b9ae15439b4b94e2bdb0996107
SHA256 d0a5a3c6549ea81de24863d14edc2331ddd27a6d7e1a17c500a7db9ae7904796
SHA512 2606068291d5a7f8e434fbdabd28ce447e4e435bbbcc700cb16c182667cf29d76c18042f0ea018dc4ef11dd4a769977093ce291fbe11164cb1f1098b41120bbf

/data/data/com.gualala.me/files/cfg/a/satellitestyle.sty

MD5 3f1348cd6165c9a66a9892565c917ca1
SHA1 96f0c939438c494cf3fd89246d458e92c0c7203b
SHA256 5fbe3817e4047e14c40b567be4955d7579c8bf7b7824bf8370f5e194ebf9767a
SHA512 405c3d1d5f4899cf723509f8e293f2ca1d95a79f7892e93401309372335a6a286f2eae9ee9312f69af10c5bcabd091cd90608898a129542b0abe0617c500d023

/data/data/com.gualala.me/files/cfg/a/trafficstyle.sty

MD5 6a86f30539dfc9332cd235fc48fcb62c
SHA1 5c202003f6346edb85175b8df7c460793f5512c6
SHA256 34bfd1e28c3625f50a23240c4b08ac50a90fd35c5e5f88aed1cf36fa8fe5e18f
SHA512 f63edb8270e6cd35e5c6896e2b9153144af0d29303e367a4fa81941b1b2bb0de57fa484badb7ec7f05ebdfa67d77b00c3651572c5f05e9314389887f5546d235

/data/data/com.gualala.me/files/umeng_it.cache

MD5 029b4505583bf9af52748c320f9bbad0
SHA1 c0e4c2299d9d266c5781477d247dfada41c7dbc5
SHA256 b36b83f28e1cc8af0b0a9bce60b95a5309dac5f09eaf53566f6b49a639843846
SHA512 767045b3194d07ba57844019938f1c993421e99eca6a849fd92c72cc3235a7130918b3cb4f7019fde74db3c5cbff184c9304bb88caa134150b240728cda9d9d0

/storage/emulated/0/baidu/.cuid

MD5 7b8296176f8f75cf0f8617692e090558
SHA1 53f448776a9d2571fd946939a404677e9a394468
SHA256 c6654736cfe071a4e8e22b3abda4a88edcaf756d27cb38c36954aea5f1bacb4d
SHA512 38661b6d87f3ba30b0f028bec8b0a4a6360318021a1a854c0e103707cb7ee6aa83b958c0bcc0773fe2c9d7057c20987a9190235f222724ca2e61cfdf313c672d

/data/data/com.gualala.me/files/.umeng/exchangeIdentity.json

MD5 db2cce3a91cc738a539f42201a9f49c8
SHA1 7a6a216f11b29841fbe8631fac7b4749f4ce1b75
SHA256 05d13d62c92eccbee58e5320c610d58e9a0ac597920b770d8b6b9745930a8a49
SHA512 be23eb06d5be6e22f3eb476342d32df505d242542a1073f6c4d253750e17719072cd4e2d1f42b7a23a7f70d3e29ae7d360c00c2c39af9684734842b2cd00f424

/data/data/com.gualala.me/databases/UmengLocalNotificationStore.db-journal

MD5 8da5821d4f0fe0cdbd404fd3b0156f59
SHA1 b330b5a1548f68513112075cc7920b172a5db850
SHA256 306f61d9d8ee986bf6d183a9a0bed0ce299ccfeef3832b3c79b254bacaabf581
SHA512 20f82fddaa03949e9e390d174880091253f0e43dc5c1af5ccb74ba50fee4068c2b65804a04cbd34b035df5fbea257d3c10ae05d989f2eb0795caa6e03510536a

/data/data/com.gualala.me/databases/UmengLocalNotificationStore.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.gualala.me/databases/UmengLocalNotificationStore.db-wal

MD5 ee2c481b4aefd28c940319bad12995ad
SHA1 f93cbd378eef61c3c27cdab7b6803d2f61032f58
SHA256 30cd0ddbaa331abb58e9eb0b539eabf08e7a385aa3ca6a8eb08ae5f7f9aa87a7
SHA512 f9e83ae13da711233c3f0e996965e2561a88cc1d27aed4ba61ae87d9735bc0a4e2b4d66cafdf6a55009867175e3e5c2f745967b3e4a3aaa2e3e059e61b11ef1d

/data/data/com.gualala.me/databases/rong_version-journal

MD5 99c92de405216c966b952acedf074388
SHA1 6b2b3d0d347ed70807e578afa9425c3907cdf24c
SHA256 4bcd8c52a24f657652e1fc75d3859a386d5f340993e3909fd88b09732114584e
SHA512 e5996ad6796af1ac31e591eaa5bb900b59361d55bbb6981e082999697bde430b5a9fe7f6cc9043c131a1f33009a5f6e5eaa60d9c222a381b47146a9f6273f098

/data/data/com.gualala.me/databases/rong_version-wal

MD5 58f5791d25488655463b64cb79314723
SHA1 4785e1868f463589c89aa1f80e58c8acf5f8b2b1
SHA256 2959bf4f4bcea9349089360e12d33064dccacc690fea7b63ff924d1ffa446455
SHA512 2da4f2d3eb356de1405accadada8756f704d2f37f7a584556db18bd73df35a3bf7ebddc98340af734a9fa4036e3e2df0e9e93b3a3c7c2ca52e87e873b8ffb907

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 66478214ef89f0170b4d4f2bef235d77
SHA1 0ffd9cab8bd652e814134ef7bba609af71aa7515
SHA256 a65ced3d8b15832eeb80fbc702f1d9705fe3f35df0ac76da6bd0e828bee79902
SHA512 44cad934e3077473340c9e25b3554ab51a9230d512a3660c5b35e3bb471b1fcd4fa86d4c2af17847d4d586071ba139bd72902d4c0a68e3f897ecdd137106c2a2

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 c90ea076cbe57807bb54e971d1647f6f
SHA1 3f376bf2a9dafe96bae2a2a960b3606e0bde6de2
SHA256 2ab3f17f3eef6e061d9e9fd672ddbb8247e8630057037aaaefc8d81aed1e2e5e
SHA512 2b47f168aef128294a66f8a18fa65d24e46dd881b8c0bebc1563edbe8b5bfac67e146d33f27e38bd812ac946f3a6379b91509f97f2ed5bb729cd7a8e10524472

/data/data/com.gualala.me/files/ofld/ofl_location.db-journal

MD5 d26a173e0a2bfe41dd225a9c6e7f3d09
SHA1 c3efeb02d80fc8441798418884bb6f336e7dcdfe
SHA256 edad14a6f7754bf4cb41398c8dc0fb37d5e74475682609be09ffaeeaffbf724e
SHA512 3abc97e558a22b06c85b878a18d32ccba0a1f3c02c1f5316abe1dbbc24261be1c300fabe940694225a8242db2b7c840089c665c9e799104bd726d21a75181d2a

/data/data/com.gualala.me/files/ofld/ofl_location.db-wal

MD5 2e8f0b570190bb97d6ec9f7677017721
SHA1 5034ada56715a1b8efae7608b70f0eda3ba12e69
SHA256 aabcd455fb21f840323d0f804a11f20c57b0d8093efb78162181a9bf33e5dcd8
SHA512 334bd96308f484f46a9715fc93c15181083314d99e27f036f1b6a7f1d1c2ffd7f4f06b536c946161f76eff4996341f4dac1d7708623dce3b136c9860c6d1e810

/data/data/com.gualala.me/databases/aby_data.db-journal

MD5 d9478933509284cfa0bf5d8d0e733050
SHA1 2c50f83e03185cebb3c6fdb88d1eef56b6db92f2
SHA256 6944dfc0046c9eb22fd0743089e21b87ee133964a1bd909a075648faf1c6d344
SHA512 8dcf18e75d0b8bc26f9bb9ee5ec6f113b8eb0847f6784c086454553e376625e0cc22757656a0d16269df0b3ea43db5ab12613d74b2d938bef16c0d7c8c45049f

/data/data/com.gualala.me/databases/aby_data.db

MD5 60acc5ed9b5201fe1e0738321b505844
SHA1 de2f131311f01a1fb65ce49071c96530d8b95806
SHA256 d1ce374282bcd9b5ea29019580b65fe4bdf4a682699bf7febe338aa33334e6e5
SHA512 befd4c08a3c383ea4edcba58d3587ad3871ee903518e45ff4dc773e142442a74049224c67da0a31825fee770002586ce46e0be77bfd6cf5e279e1a60970165f7

/data/data/com.gualala.me/databases/aby_data.db-wal

MD5 59b7d1d17b0f637e2826cbe2c3362c8f
SHA1 363f1789ea2616d0b9df6e6aa234ffd2cb3b07ea
SHA256 1f7465f8505148c2cfeb0c0f988e8a44ea7f65c3b78df4423c40854f41464c52
SHA512 d3a7bf3f894bfc0afd6611b933066d5255300ebacbe39c6c4dc1873d42341492d4d34cdc97a93eeaa05f5002ebc2e85fc4a8be6e4ee289ee0e088d24b4e64d4f

/data/data/com.gualala.me/files/lldt/firll.dat

MD5 b6dc59027da5acb97826a82a3691ec07
SHA1 7973051f15940595469f5c0f84a740307c9d338e
SHA256 08202d2a4815a0a737e832bd35468d897c5962b75d2bda30da414b1e259c1c23
SHA512 f4f07484ab1cb47a4f53c80461c9599af0b76205ba9d41dfbcfa65182d87751d5a7a1ef91844332b195ec850794c4e6955d87be68f1e9484c98f96e97cd01a87

/storage/emulated/0/Android/data/com.gualala.me/files/baidu/tempdata/yoh.dat

MD5 a936690571e9104e1922dda4a0ba5bd1
SHA1 65f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256 f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA512 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

/storage/emulated/0/Android/data/com.gualala.me/files/baidu/tempdata/yom.dat

MD5 1681ffc6e046c7af98c9e6c232a3fe0a
SHA1 d3399b7262fb56cb9ed053d68db9291c410839c4
SHA256 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA512 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

/data/data/com.gualala.me/files/.imprint

MD5 d1ee67cba7a0f10f6ff5c9e032b239f2
SHA1 5adea2de0249d23452cbbbca4795c17b559a4500
SHA256 5aba1bfa19e07316f5dc99dd8b808cd4f5daaf3129f1999e7aceea3ead67926f
SHA512 4b5ea959be0db893a8a40a4963b653d5a8f8314ecef9aca30cf8b898651290a2bfab35eb6983199b2f45e8753cd9631bd4bc919ffd8c2dbfd561b13e2d8f7754

/data/data/com.gualala.me/files/umeng_it.cache

MD5 3d5abc43c89f6723cc27a92f1dfd9a46
SHA1 acf50d1bb0b59e78bacf9e1ac143b072df3e2f46
SHA256 fa67d30f6ffe35849bd8daf177231a93e1812d8ea20341e02f24fc561b9458d5
SHA512 9bac95de2cd3e574c813ff00b3a9c187bfe7a6911540c773723107d91263b3423f4daa5690104469b34ba44153ed2736f31ba32613bb8e83c7b6cbb27905d9e0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 09:40

Reported

2024-06-18 09:43

Platform

android-x64-20240611.1-en

Max time kernel

161s

Max time network

131s

Command Line

com.gualala.me

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.gualala.me

com.gualala.me:ipc

io.rong.push

com.gualala.me:push

com.gualala.me:remote

com.gualala.me:ipc

com.gualala.me:ipc

com.gualala.me:ipc

com.gualala.me:ipc

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 stats.cn.ronghub.com udp
GB 8.208.8.123:80 stats.cn.ronghub.com tcp
US 1.1.1.1:53 au.umeng.com udp
US 1.1.1.1:53 alog.umeng.com udp
US 1.1.1.1:53 au.umeng.co udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 sapi.map.baidu.com udp
US 1.1.1.1:53 www.ai-by.com udp
HK 103.235.46.245:443 sapi.map.baidu.com tcp
DE 3.64.163.50:80 www.ai-by.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 adash.m.taobao.com udp
US 47.246.137.207:80 adash.m.taobao.com tcp
US 1.1.1.1:53 utop.umengcloud.com udp
CN 140.205.163.73:80 utop.umengcloud.com tcp
DE 3.64.163.50:80 www.ai-by.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 nav.cn.ronghub.com udp
GB 8.208.8.123:80 nav.cn.ronghub.com tcp
US 47.246.137.207:80 adash.m.taobao.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp
GB 142.250.200.46:443 tcp
US 47.246.137.207:80 adash.m.taobao.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp

Files

/storage/emulated/0/Android/data/com.gualala.me/cache/kit/journal.tmp

MD5 45158cf820404564f5f2270ec99f8f9c
SHA1 ad9f02014cf46f267d38be12ceca84e04f5ac609
SHA256 123fd51f609f58143797c88c2af959be92070d2db210274eeb77e1ba0a03e107
SHA512 6b21aaf476e2ada203a59476e473fcc99cd40603a84d06ab5a1dfdb7c8203535dbd48a9782fefb02da5c11951a953b257fcd0df864dbfdd755984ef66bb504bb

/data/data/com.gualala.me/files/ver.dat

MD5 42a65845071ef6e138602ef7fb12063b
SHA1 7329cf03c5bc3191829be7ca38d2a4405ddec472
SHA256 089dc3d5a3ad1cff409b1d62f7075ccd636c403e1931b8c31dcd75119a52c1c7
SHA512 e9bf19f3b1ff755d2fb22c7e34b4f29d1e7d3d2e78a441ef5ef1a671e88e5d721c0f073e19403a214abf6382c697437a5f9c9ecf1c889454e5dc54b1a44b1c30

/data/data/com.gualala.me/files/cfg/a/ResPack.rs

MD5 99502b2b17cbd51645bf5d563eda8396
SHA1 191e0aeb9ec0f6be73b0ed3cb992804a71c44665
SHA256 015b88c298af9f66e86edb3b5d8facc50a93f6e7d2b2cde7bcb0324d7983df67
SHA512 a0b4a7314710934de03687ed4e06f906a28e76d1b6d7ca8f1418dfd44ed0b444ff40eb27ca267db513ac8f8b630686f7afea42b113f32cbe3741c468d62f7020

/data/data/com.gualala.me/files/cfg/h/DVHotcity.cfg

MD5 c80f926895e7130becc27980e515fcc8
SHA1 208c527d79a49235a9b216cb97e2ba6b8d569d6f
SHA256 b25eef0f9bceb551ecfcb63becb4e99535e6143429013cb2a4a74a9a7a374a84
SHA512 39394531d36b1b869f117e160bcf48653b2f1f535f7a3ee4d8401d2b9ae4b0bc2a8ab64a51cc242fec706096675dccff7ec0d7bf58b00c3a66d756a321150f53

/data/data/com.gualala.me/files/cfg/l/DVHotcity.cfg

MD5 10fe7c23a7ae8a4b13da6a3009494f24
SHA1 43c8b8a5d4f0bdf8656bc4a52097ee0b2c6069d5
SHA256 6d0837665afc6ce7bea8d5d7dbe2f321bfa661374c822763fe8be393aba0380e
SHA512 b5d99b1c6bcf50a27426ee455bb3de5e461daf48c3fd49ab2e71e74af3c6cbdd3e5644dbf441acf0a163b74a7dafe26464443618fa20f26f9ba51e6ba68ead55

/data/data/com.gualala.me/files/cfg/h/DVHotMap.cfg

MD5 a8704426c752f88effde75df32a16bb5
SHA1 defd0733ed832c90734ba85d512f30f637e226b2
SHA256 2282e4a3c362363c6116b0a3221b4ea1b18e401ef0c6774de6a0e132dbfbb5ce
SHA512 eb99342132d93e67fd16780c2acf1bcd528cd0bf87a192435345438208cae56402318b2993ae52aeb95b7a17a8c898393dd170f71d0ec55a39b0d48cff133201

/data/data/com.gualala.me/files/cfg/l/DVHotMap.cfg

MD5 5c546d6332ecd1af22233ea44e796b10
SHA1 7f4ded6d0943cbea0bb946077a6b667cac7fb9d8
SHA256 b92b37cab131a4f3962376c4ef5220302b02b51bc471ec13e423e2fb22adccfc
SHA512 cf9b91549271451635c2cc0097ff4530ebc2c042d7797e3faa900963638c11d578489b1768dfe17118ec65803fee6ef65837d87f8ab7dde734f3cec56821b600

/data/data/com.gualala.me/files/cfg/l/DVDirectory.cfg

MD5 d7212515b479fa8e2612705435d94749
SHA1 26a804d64ca409d1af5742566cde13c731c8f80a
SHA256 3c7e40941e152cc4a64c779695dbe790eeecf6e0cf5d89a046053b8342d93bf9
SHA512 12c627234fc81d69584df4cb688157d5d38b3f59729e63b06c5e97cb7c8d2723500c2c91bdd287ba27747226be2f06e6cd41f2792045fc65617ad001777e2df4

/data/data/com.gualala.me/files/cfg/l/DVVersion.cfg

MD5 1373f7f2fcdf7a20bd263d6821181e73
SHA1 be6f94639c1a78e07fab9b7331ea70d2dbed05b2
SHA256 d860bda320ac0fdcfaaf3033f977a75d2a2f66d2b694bce6c635d889e4b6ce66
SHA512 71fa17ada416326b8848ba059e46a5f2f491fd77b4afe5b3f4d8ddcd52ea5cb415986b486c00f1457d8c663b99fe8cf99965a53bc37ead4c3ce471db58a830a7

/data/data/com.gualala.me/files/cfg/h/DVDirectory.cfg

MD5 8f50d3f0e2a734e9a5fefc68137520f4
SHA1 35a7e694c5907315959b9e45da0bdbca608b17a8
SHA256 d0aae21c2150e95a513a28856edbc83c95d3d0d35cdb4bdf4ae0bbeec9851b3f
SHA512 7ea67fb4e9adf1e1d60de101298e0c826ea298a043f72581a87cd09069e397e053842147d47b03dfc1bd716e5587dd1648ecdf32651e18d9357cbba6b6249da9

/data/data/com.gualala.me/files/cfg/h/DVVersion.cfg

MD5 298924848d2517a508f43ff0cc51bd3b
SHA1 b9fcde7b86653ead6deb57280a6049cf87745710
SHA256 0b6eb1f518059d8c472bab90091bb26d9ab877f6c70fac375412ff1582b8ca3b
SHA512 63b88c5b9b971ec52a5f724485d9998bfedb073e84ed63bcf0337e726923510d97a8ddf87371b5620f89ba788af01db58300638fff5031856c77dec8e18b4342

/data/data/com.gualala.me/files/cfg/a/mapstyle.sty

MD5 46a9f9a5221dbe4ff71bfcd2ee045c5c
SHA1 915cb3bc2f0096dede38afc1cd7f09c8782360a9
SHA256 ad3067eb308a9420b727b4f24dc5134bc75b36bdda7a7a7c5651090698dd10a9
SHA512 185530752b639d743f99e28369f75626900420dccf598a639065ecb08c562ff98c4a1f6abbec9724d1684ed053774d60402cd2f20e3586a534c8715e7cec2ac2

/data/data/com.gualala.me/files/cfg/a/satellitestyle.sty

MD5 6a4423fab398792d88ff508525aa7401
SHA1 16b89c9d1009bd48d810073a6d777c65f07688be
SHA256 3fd14c4ec117f89b272473772a3d71e6603b5e6d58217e0a2775ed17386db1b0
SHA512 053acc55f50dea07451e6d5a96bdf4a1317b727f07a9e4be6700c5f2fb4ce11d177d418dde259115f6460479490259654750c62d89c1afaebf0aebaade63aa18

/data/data/com.gualala.me/files/cfg/a/trafficstyle.sty

MD5 9bd44d405d13067a0c32b274ecad3c2e
SHA1 0d404c5470f011dd9ba44e1fab20d8769acca202
SHA256 ccbbfa23edb0b8b25a0a0114f2bc626a33f830c4326ec6d30652b310d8907ddd
SHA512 dfbd97afc12c82a9e7dfb03a174d467f5e2f08e810b3ef6705731c54b92aad64240910ecb3b049191cc0088aec6bc3d1c93db4388c72791f1065879505cbf1c3

/data/data/com.gualala.me/files/umeng_it.cache

MD5 46a3770700551713e66d3eedaf902375
SHA1 daff28d4e55a16f134623d6da7193ce9848f73a4
SHA256 40f4473c02dce04daf5f3a24262c74762c470625b9d775c49903dd049d4227bd
SHA512 0b287076c042eb5ae81487654b05e3639542bfcfd13afbd6f23f0f5bcde5fd32a1fe1f247569644176d7bdaf81da7d69f1db66b7934b8a21af19e3c83126f25f

/data/data/com.gualala.me/files/.umeng/exchangeIdentity.json

MD5 1f0b1ed13fa9e38773917a2885b2ed7a
SHA1 600f87c69ed654a16d91d46ba9400ebe465fcf64
SHA256 174b021def677f9145fb67f8d6fd153505179b394196a23b1a10887f2d92c978
SHA512 5a33892db062058d081422ebe66e70fcdbb96616b3e4b5f608b8d8da8454bfe883833763c733c08f4548b6c709ec7f1327d39c72bfbaeb1b3d6d127933db2525

/data/data/com.gualala.me/databases/UmengLocalNotificationStore.db-journal

MD5 16961e300cf669fde7aafe089e2cfaa8
SHA1 e7b7675f1954dc74f31d7bb755b46f059a9cc83e
SHA256 674efa7d3d2411fd970b44cfc1cb0b4640940c8d7a2b2c598dc8566a7ad24a9b
SHA512 8ebad74402ebd47741dee913e0301ddfcf66b18964a1e59709371d1517e297526602568966b046996231a0fa99dd69b61cedbf6d5d641791ea1ac5c525b16b77

/data/data/com.gualala.me/databases/UmengLocalNotificationStore.db

MD5 78c57609e3292f23ff94a8c7ae6a4e0d
SHA1 324393549ae2f394711a41afdb40509170432824
SHA256 7c370df88ec003adea2e520a4e370732024976c4e3b745a7030f776ab7ecc305
SHA512 1e38bd23aadd6b16c32898226258257b7c934f2c3e8c9129559b5bef7d04ce4709c2bee5c7bd81c31554005fed3f514fd4c0a718b2e2291d6301858fb448abac

/data/data/com.gualala.me/databases/UmengLocalNotificationStore.db-journal

MD5 d76b22ba3170ea7f65b22104d6a34978
SHA1 1df4724e905dba608d8a62a0daf70021baac9eef
SHA256 099f91718e147087e0d9b5a0a4195a93f1d37f6e027a43048212e53cde5341b6
SHA512 35788c3bc50b2649fab09b21bc572d441d748c3b89c2412c5316e03c1c7e80a8a9bd596a8ddbfcfc7ae3a0c1fd10b755eefdafb0353993636a15b67c0c307a86

/data/data/com.gualala.me/databases/UmengLocalNotificationStore.db-journal

MD5 4868a6c8c74b631ab077c7d470606b17
SHA1 3eb9dcb5b2d3e8e33bda109a5f0b1b63256db36e
SHA256 40ca5750d665314d41afe4a615e452686f30de97c0c44e2f30847b4c8d2592d8
SHA512 bcb81cbd43a66fd8f9a53ece0ace20760f2e2209c66493a5767ba4a710a7b3e49b584259080f0dec40d5322ed4704341a3155424ae0432f781d7c530b08bba15

/data/data/com.gualala.me/databases/rong_version-journal

MD5 0023db8fb786effa28fcb38ae7db7bf3
SHA1 cad41577765782d06937a1bfae071b7dfe9076f7
SHA256 a0fe78b892732ca41dd3827dc62264ceff46bf86e75dbfb8c0490a5a930ef1ff
SHA512 a9cfceff292aa5bf942387250b0e1227c9709e1880835a04482648bcf2f11101f3a27054bc3275bc8d0107c21bee17d503fb7e761663f69ec99413b1f9622d8d

/data/data/com.gualala.me/databases/rong_version-journal

MD5 525878a680eb6feb68a57f7f9fab1fb5
SHA1 8cfb4ca88fc769f196f870d1e7aeb3c4db7424b8
SHA256 ae566badd8d8144def213a035005de6dce351f440296475f7ad63ec7bbcc134b
SHA512 f006e918a7d3f140abab8228472b6aea14fad3ffb27926555a46035efd59d63800b967961debc1078f9bb20577123743d82fc3d4879e13f2796a07f97cc847d6

/data/data/com.gualala.me/databases/rong_version-journal

MD5 2cd47ada17ad7a4e3d5e2717cb2762c6
SHA1 7cb844672cec4a3bce75c8cf81e80e8ad7cc49e5
SHA256 5f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279
SHA512 c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 24f742d9ffef6298a409c9c8474af091
SHA1 2375a91cbb168dcce2bff955197504dc561460a7
SHA256 1ae88fdc79593e2469c0d7c48e8d5a089d195254b4069be9e594fc5350b3b1cb
SHA512 d3a477ee32a786626706d5f98471a52aafc13d351038f03e68c0fc1d86418fd40f0d5a7ac6985892a570a7c249ee18cefbf06bb95c2374ca2a7de51913f9aee6

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 eba971dfb193ebb1ba0735f7d7ffc0ff
SHA1 451b6c6122a667c2ba6ebad15c7b723deb8f74c1
SHA256 b623a0df7888cd02e7ef09617c4bf4dd2ffc7d5f3973c7dda035b0b611607a57
SHA512 8daf40d4ec673510f8a9acf99419ad8819ee1f467efaf59255ca1cd318cb0833aaf74fa636d0ad8f937c520f1b924d71f72d08c0815f97fab6f473328ccf1385

/data/data/com.gualala.me/databases/aby_data.db-journal

MD5 27c79c04be22f9c79d77c8261b75bf51
SHA1 a6404fcb266cc4a183629dd1ebcf3538e964ac20
SHA256 e3668de7fe63db0437562546f8bb3280c74dc2b6a6579d647569ab89490364e1
SHA512 f1dd16a4e4937badef1dffa4a247378935e9be386ab7c6328eed73ba30087073391b2e1f2a6cfc6f4cdd772421212a06ca58f31c5f2b9b221c884db55085bd46

/data/data/com.gualala.me/databases/aby_data.db

MD5 e92dc3f71a6165a121aa7d743ecc6af7
SHA1 46cc1c9ada53d31a917d9ca9e4a9711e7021b3c3
SHA256 9f9541f8bcecc1b621c2f04eafbe4e3fd12467b5646eb4754014744de177c415
SHA512 7c4bdda8b3fb4c2e30e63fea5c0b29e0459ed554cab9dd5657d3b63c3c36dbe08e52a7a7d32fd214818853a9e7f202256de91b5b8737c7af1b0e7c812b3a18de

/data/data/com.gualala.me/databases/aby_data.db-journal

MD5 76b6515d0dd49e75adac1bb5495192e4
SHA1 5de9c659ab9ec4b9cadaae0f7794738be273d828
SHA256 3aec66f69d750e35ba6c780427094c6dc578937283251f7bb769143348943d06
SHA512 a7bf0a818a8f7d14d04b775930ed61d4cf8919bd552078b5c609e4eff850bf758f916c5e86afe3578f34129a0dad2d594a08bf6301150a5a3af43bc7b630124a

/data/data/com.gualala.me/databases/aby_data.db-journal

MD5 4a7fd3e728a79b237d6d1e1bafce89c5
SHA1 8060618bfc0221e9760338e7369987ee5c2fed58
SHA256 3e4f3606514eebb1ae3f9769da84774f2bc22fe1e6ae4342fcc6d23d58c9be1e
SHA512 986dad7655284f26e2f8daec1c82f09851b53f000198373587953be062ffc35e4d1534c4cd85d1c1b49b20ec7bccfe1f823bdca4e7be7e8c770efe765f556e61

/data/data/com.gualala.me/files/ofld/ofl_location.db-journal

MD5 012768925bd4dd195358368a6617602b
SHA1 ff3b09e2d60d4f09ffad3eccd04066db31af26cf
SHA256 42259c0a83f6ef1431311cbd9dad729c4df1d36c81f52888e11dafea207acd8d
SHA512 65f958a4ae37be2a605aa0f32e148cb71384957e78b07fedc2db5b4098c7293b93fa0ab8199bb598a516c5e8af2f10e3ae3de01674778264d0490fbdd32b177a

/data/data/com.gualala.me/files/ofld/ofl_statistics.db

MD5 744ba4d6f58e22f8f82d56a50e4b5373
SHA1 535e389f9b7f2e0d14e550fdd00011dfc255e0b6
SHA256 8b47d5b310d68b6911dbcfd7ecda4d7131351f66365f81db82f2979ae2f53592
SHA512 e888ccb7fc6722eaf8fb6bb8370c55f9eaab299be08db7c57038efaf945569b62b7b6b2dde5169044c5d60a4a9a9051ee7a7c2146153aa7d22d8b7c8f3310055

/data/data/com.gualala.me/files/ofld/ofl_statistics.db-journal

MD5 18b77ad7ba3a82b43e0badc260c2800e
SHA1 d976722dd3c660ce82a658379489c7b1669eaaae
SHA256 83b3aad6904f7440b7b41a5f71070f8ca9356321bd043bfd99b4172c59a0af65
SHA512 6bec03a64967dd0c597a841c76b4f95c96b3f5bce3e222408f0feef01d017f0db19441a6559dd48b0cb409ab86016fce88889348cc3b8e8d71cb729a4ff5ff80

/data/data/com.gualala.me/files/ofld/ofl_statistics.db-journal

MD5 582fd297e7998cf6b7ef1fc46e995033
SHA1 69aba4f5b10674e115dbbbdc3d8ccf6c72922cf6
SHA256 4ab7ef799923ded6b56d255f2a0e6a2dbd1cd63ad91b37c590b5daac06591f38
SHA512 1680b30a97e4cae16d859f1352022714f25a69239124bf7ba5a3ebe000010d7aa4cb99dd04a994d446d6f054ed3f7157ccaab285e15579428626283da8ac195b

/data/data/com.gualala.me/files/ofld/ofl_statistics.db-journal

MD5 0ea26c4e747c2566ad7bf5fdfe912d2d
SHA1 fda8965e1db71ad80b5e289673c22569c640dd13
SHA256 5c16dbdaa61b5f7207ebcdae904e658fb2a86fde21b8c25768082aa9a0772403
SHA512 7858c615455f0fbf14263dff522577dac270bf0c0bb5a3f754920a091d8ad8271c8772f3f93f92299f1fb15b6e60a7735ffd8b83f8852f49731485ad353d834e

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 87e306a2ca755bafb0775e3967c34670
SHA1 280354ad0c6826108b906578b7f0b2db6d92adfb
SHA256 8e5617a4af6e7e620c49c7cbf112b172b154dc6138b8b8b53a1ff2133e0ecb99
SHA512 918c7b5590ab768c29815483812041990e906de579ad1fea91027609dd49ef29bf822fa0c197648345400d335d1d75a76dac0bec312a523c153d47a985be151e

/storage/emulated/0/Android/data/com.gualala.me/files/baidu/tempdata/yoh.dat

MD5 a936690571e9104e1922dda4a0ba5bd1
SHA1 65f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256 f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA512 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

/data/data/com.gualala.me/files/.imprint

MD5 01c1fc159b9be41c736f18df0c5b3c41
SHA1 5e9b0fbf33416161aa311d1d511d841d0c43fc0a
SHA256 05639087ea006317c286d50a4bbcdbb66ffb7cf1b13269bc2867eb126eb432e6
SHA512 b6ac3852ac622969144ee492aa17d16a92638c2f1664dcbcbf9bfba7bdc79732c79c6717461324f548668435d681b63a2b994b3cbffe30bc9eb818c9e14de186

/data/data/com.gualala.me/files/umeng_it.cache

MD5 15d3e6acc1e40881d9ccd855ecc7252a
SHA1 fb6c05b166613a12e03a530ff28816c1929ae580
SHA256 939f7fcd9e30bff866fe61262f27eb6b72f8ea746c7f82678a0233e762107156
SHA512 74a730acf57f3d188f1f8bf444518dc7862555fb78af95fce331bfe40840d9ecf3e7925e7ca8578f402da37e259c75014cea6ebea42eeef4465b7ca7698e517f