Malware Analysis Report

2025-08-05 11:54

Sample ID 241015-3qpzwsshne
Target 4a864138295774262f5075a9afb8c1a3_JaffaCakes118
SHA256 c5e0fa3a4fb92d9875f30b137abd841ac546127fc22098c1fec8481415a0deb4
Tags
banker collection credential_access discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c5e0fa3a4fb92d9875f30b137abd841ac546127fc22098c1fec8481415a0deb4

Threat Level: Shows suspicious behavior

The file 4a864138295774262f5075a9afb8c1a3_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection credential_access discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-15 23:43

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-15 23:43

Reported

2024-10-15 23:46

Platform

android-x64-arm64-20240624-en

Max time kernel

144s

Max time network

143s

Command Line

com.baidu.eddw.tencent

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.baidu.eddw.tencent/files/.ca/jnzPLoJZce.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.baidu.eddw.tencent

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 h6.tt-hongkong.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/user/0/com.baidu.eddw.tencent/files/.ca/jnzPLoJZce.jar

MD5 ada2ce821b8e511f8f6add01283da13e
SHA1 cb40774aca66e6aab0cf599ad385043cedb4b3f7
SHA256 b5e870d67328f1d1026a294a8925eaecb6bbc71891176cd638f09f320f0b3251
SHA512 864701c7cd5f335f25ab71a734fc6a13499e7e772044baf8b8dd391095e4cddb048fb0760f729df8f5cdf1a1d38c1c5dff70d0588dc1a4bcbb3beed99b93ac27

/data/user/0/com.baidu.eddw.tencent/files/.ca/jnzPLoJZce.jar

MD5 4390d216408575cdc9ed228decd7b7a9
SHA1 de6c0a98808f1d0d22e6c5fb674799eb84666711
SHA256 5d75cc5a1349c7205e168a3f77eb36862e872420de05dcdcf50bf36d551c2fd0
SHA512 d2a4df330e0beb72e1483caf683fa104cdb0c92894c8757b068fd34720d062532cfe47512c805ac682cb8b9af8c1104c27950e7b7ffc83d5c54dac9b9865470a

/storage/emulated/0/Download/channel_conf

MD5 cac029e0ca8add40d4d2aebd45308572
SHA1 58620a1744a6814de3441b4b379883c24c3eb145
SHA256 d22f06e7707d70996e4c3e407358faf5b57f9eb359a33913befe74239393abbd
SHA512 293b62180db178e80f947acdf96a1da42a33ecacd789b75185c4e79d7d615d284dc48b19d435c0863c6fca3627ae66933dd7f130e0cebd1b0e3010b139dc5955

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-journal

MD5 7cef16c15b1798b1c4aa78a5a1b44003
SHA1 0130de0652f8684e81f62cdb10a7cc5989591d28
SHA256 f333b2f378398814c5b8832f2a0af806559f146a7fdc28ae37fd5501710673a4
SHA512 ca54350b4ec5122a5a0ce7d5a4ab3fcd407afaf3930ab8b27824f16c9881757b23a5a42e1412d4ef6a64ed4fd6771289d239139e20bb9fd6afda59c5439166fc

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db

MD5 4cfe777c9f6e7859f5efe2197401d8e5
SHA1 bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256 c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA512 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-journal

MD5 109d26012b959eb22d1b4e32041e0cc7
SHA1 dfa2f28953d99e222392ea74ba78fbf99a919f61
SHA256 ae292437efd8ab19145c473f893a9c2017fd684b8f59500474c30c96af16ea39
SHA512 583fa08a5daf7423eb8b61e74dbb0b9467f603ba38b0668517d188b124974d2e7c0a5aea247bc3741a7f4f65a4ef290288ef0f7615412a78f921afdeeb9f442f

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-journal

MD5 f0a6a966c3b73731eaef554fc5540479
SHA1 ccf417ed9f7b6dc45832b5889660c3548b10781d
SHA256 c59e77173fa4c2a45d676790c5d96713c02718c3d8cb5a7418e1df45e0da3655
SHA512 c992b777008c297c500d3337191aa60109383dd0e45f46013cee61cf59e0091e2ed5ae832c2fd2ddb03604a531c9b1b2451dbc22c7c4d4b10f411ea4e8be16de

/data/user/0/com.baidu.eddw.tencent/files/umeng_it.cache

MD5 682cd01c19fe72dc5041d4c1f375d93e
SHA1 cd45bacb0ca44c37ff66826502dd6c526351614f
SHA256 03e0035367e7d0898945cb4377f16e36ac5223a109416b1fe936b02cfb2b4805
SHA512 e95358943275d640bd796f36d4190db5ff34e01cc3f5c8fca176df44d0f26a31d1b155a85ca345a538512630bb9f50e8992d48e28a2f484cd3a947621bd27e5b

/data/user/0/com.baidu.eddw.tencent/files/.umeng/exchangeIdentity.json

MD5 10b16aa098da8c0b5e2e7ef4c73cd205
SHA1 7c3e863df9b6ea48124cbdc00552fb62e6890677
SHA256 38e472e6f1af643d784e5609d4c9bf9c6f8e997143d582898d19a498d34d3423
SHA512 29dfc98ea2c16bd71085cc1268afb4a089e5e550ce4799c1286abc611e4c14d48609557d1709838f86c548a1312b5fd10ce94949b038d36f63aa828144c94a73

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-journal

MD5 c4fa8b7527c5873a36cf7d9132d71fd7
SHA1 dbac2301f922fb1add70bcf0055e64e5b7907977
SHA256 62f609c8bc556b4d0de87a2d329f20e4ff3b2aa5c859f7f368b96337032e92b6
SHA512 03fac918fefe8463b239d7fe1daea8e6133df27870036bc9dc49da077d1a1dc2ae3f86431778cb7774faa401c086a95dda4eb2f7963861614302ee6cac9d110b

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db

MD5 86752a4be6564d8370f2f0e403995003
SHA1 29f7d50675f6e59f3b808eb6dcc8619384412115
SHA256 50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c
SHA512 79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-journal

MD5 02dc5d5415ac692ee7e75552ba53dfe1
SHA1 8ef4faebcde17e7f03e507c57fad2c8caa8d9c68
SHA256 6397125cc58fe8e1cba96d3887747fcaabfb45c466bb680aa15f3126154fd53e
SHA512 b44fdfef82677bba8c4171444f48eb1b7b929ac001da97c3042e671895234d3ba70d9cd868a369bbe67c70f08eb4572726582e5a0b42183f397228ab1688da87

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-journal

MD5 62b10287740c913aaf4ab50a4ab50009
SHA1 c3785c2c4c4e7f8e40edbcf3febdea616bd1d5bb
SHA256 fd99f1f1a3bf553dcc421dfabb3da9813ad2831103e5b17c64b2615d744d67a0
SHA512 cb03ec5962c1fb90e7dfd140c8ec82d40f1f45581603ca711ad98a0df9cf57c8e10fbfb46223e66245bc126110b4d3147be59e0a8b4c2cfffb8802ea51cb4c71

/data/user/0/com.baidu.eddw.tencent/files/.um/um_cache_1729035872739.env

MD5 dc27ee4855185e623f28200b40b42891
SHA1 deab050ddfc766384dacb90625149890f230d4a2
SHA256 39b5897cd124e021467bb0b59cb42937f0883a16f3333b371604333c29c63fe9
SHA512 85c66af9d6ffce49e6d7986562aebe9e32b25795647cc9549e245204d82f2d59d7685cbe2826f62b4b6da754f5e61e0dde2714d248eec7f6b4d9d89d8ea8876c

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-15 23:43

Reported

2024-10-15 23:45

Platform

android-x86-arm-20240624-en

Max time kernel

34s

Max time network

131s

Command Line

com.baidu.eddw.tencent

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.baidu.eddw.tencent/files/.ca/jnzPLoJZce.jar N/A N/A
N/A /data/user/0/com.baidu.eddw.tencent/files/.ca/jnzPLoJZce.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.baidu.eddw.tencent

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.baidu.eddw.tencent/files/.ca/jnzPLoJZce.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.baidu.eddw.tencent/files/.ca/oat/x86/jnzPLoJZce.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 h6.tt-hongkong.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp

Files

/data/data/com.baidu.eddw.tencent/files/.ca/jnzPLoJZce.jar

MD5 ada2ce821b8e511f8f6add01283da13e
SHA1 cb40774aca66e6aab0cf599ad385043cedb4b3f7
SHA256 b5e870d67328f1d1026a294a8925eaecb6bbc71891176cd638f09f320f0b3251
SHA512 864701c7cd5f335f25ab71a734fc6a13499e7e772044baf8b8dd391095e4cddb048fb0760f729df8f5cdf1a1d38c1c5dff70d0588dc1a4bcbb3beed99b93ac27

/data/user/0/com.baidu.eddw.tencent/files/.ca/jnzPLoJZce.jar

MD5 4390d216408575cdc9ed228decd7b7a9
SHA1 de6c0a98808f1d0d22e6c5fb674799eb84666711
SHA256 5d75cc5a1349c7205e168a3f77eb36862e872420de05dcdcf50bf36d551c2fd0
SHA512 d2a4df330e0beb72e1483caf683fa104cdb0c92894c8757b068fd34720d062532cfe47512c805ac682cb8b9af8c1104c27950e7b7ffc83d5c54dac9b9865470a

/data/user/0/com.baidu.eddw.tencent/files/.ca/jnzPLoJZce.jar

MD5 8bcbba192b129aa8c13ecb053e3e3e0c
SHA1 300c858c314e2235d207cde047ab68c27e9c111e
SHA256 4312eca50dba77a2010da09d742bf94950650b13639c3a8e68e42bb1080ca097
SHA512 aea3d312f04831f4972e428c71302682e8165458c2dec107f1eee98ccf6294dd4f9b4fd7552def1ce7e8b8af3ef192e8a254da6b042fae7d085b03efc400c744

/storage/emulated/0/Download/channel_conf

MD5 cac029e0ca8add40d4d2aebd45308572
SHA1 58620a1744a6814de3441b4b379883c24c3eb145
SHA256 d22f06e7707d70996e4c3e407358faf5b57f9eb359a33913befe74239393abbd
SHA512 293b62180db178e80f947acdf96a1da42a33ecacd789b75185c4e79d7d615d284dc48b19d435c0863c6fca3627ae66933dd7f130e0cebd1b0e3010b139dc5955

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-journal

MD5 5861c80b1b02507ee1e0c4db1a28570d
SHA1 ada177696044516a835db1a7b4ceddb7d2232ace
SHA256 2465c460f783c11849e9e3ff553f40c6db3846a7106ceacac454f194a9173c69
SHA512 b0ef4bc90289dc7f775ac6e50718afcd722332e98140c27b7478b7a456e338a275a869e5f27de0cc4258b79a314ef2a01220bb7e3a995e4f9702f9009c0ea71d

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-wal

MD5 b52a48731cce2f221aff8e874074e1f6
SHA1 8d373ed9d58b9ed15ec830025715a33131bbe95d
SHA256 7d356452a72439904b397cf4e9186144dd97077dd9dfe6e39c313686d3e72f9e
SHA512 6d2b093492229345bb73039ca77fca829ff5b61f4e1ebad9b97ccf39ac8e56d50755bd7182a89e1d1401099cd224601a70eb59bec2795a14cf22d67687c22af7

/data/data/com.baidu.eddw.tencent/files/umeng_it.cache

MD5 088f88eba1899005c1814329eeec486e
SHA1 b716e22f626ff0bb159ad8a4ac27cef3da7b0c3c
SHA256 d734595dfd6ddafd16b4a4ec226af960674a3de1d858b1703d10124970ce9f8e
SHA512 35049a56477dfa07df198fcd5bd73d54037b1d4e6ab8587fd01c731817e6ae710816fb623eb534dd3c10e93c372c89b3cd17020dae18eb98373cf36a67d58ffa

/data/data/com.baidu.eddw.tencent/files/.umeng/exchangeIdentity.json

MD5 cc1e6d33df54166fe728d897a4260eae
SHA1 485fc5f41c83ddfd9e5b44c18fb1fdcf69d2bb5a
SHA256 3fbe53d9ff83f4db6a8aeb1ca3d5da88e009ee9f7c8a5e71270035d9f8d122a9
SHA512 76465b9408ce146ffac9be9997f1b870c04dfa856e2e7c7323d0ae455b6c97e463f5ba4a308d36a4eab2d4cefec2d9ae90096f8d31d8e46115672ed75c174977

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-wal

MD5 ea64a66b6c2868588ff0a8d046012653
SHA1 2b0ecdc0d9c618644611ffc8e9cae21d740ac852
SHA256 d9c77751e03ad01957d56c059bb48ede9620c94c0888f5feb592bfe1450d0b97
SHA512 74f027c3024813fc932d859d0273118ee1758f87f115270c19c72b3fa7062bcb2be5c5b3492fe6b07421da8f03ec84934bf6e1df9b3fe2b9255a2dc14ddf5125

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-15 23:43

Reported

2024-10-15 23:45

Platform

android-x64-20240624-en

Max time kernel

144s

Max time network

156s

Command Line

com.baidu.eddw.tencent

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.baidu.eddw.tencent/files/.ca/jnzPLoJZce.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.baidu.eddw.tencent

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 h6.tt-hongkong.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/data/com.baidu.eddw.tencent/files/.ca/jnzPLoJZce.jar

MD5 ada2ce821b8e511f8f6add01283da13e
SHA1 cb40774aca66e6aab0cf599ad385043cedb4b3f7
SHA256 b5e870d67328f1d1026a294a8925eaecb6bbc71891176cd638f09f320f0b3251
SHA512 864701c7cd5f335f25ab71a734fc6a13499e7e772044baf8b8dd391095e4cddb048fb0760f729df8f5cdf1a1d38c1c5dff70d0588dc1a4bcbb3beed99b93ac27

/data/user/0/com.baidu.eddw.tencent/files/.ca/jnzPLoJZce.jar

MD5 4390d216408575cdc9ed228decd7b7a9
SHA1 de6c0a98808f1d0d22e6c5fb674799eb84666711
SHA256 5d75cc5a1349c7205e168a3f77eb36862e872420de05dcdcf50bf36d551c2fd0
SHA512 d2a4df330e0beb72e1483caf683fa104cdb0c92894c8757b068fd34720d062532cfe47512c805ac682cb8b9af8c1104c27950e7b7ffc83d5c54dac9b9865470a

/storage/emulated/0/Download/channel_conf

MD5 cac029e0ca8add40d4d2aebd45308572
SHA1 58620a1744a6814de3441b4b379883c24c3eb145
SHA256 d22f06e7707d70996e4c3e407358faf5b57f9eb359a33913befe74239393abbd
SHA512 293b62180db178e80f947acdf96a1da42a33ecacd789b75185c4e79d7d615d284dc48b19d435c0863c6fca3627ae66933dd7f130e0cebd1b0e3010b139dc5955

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-journal

MD5 0f7f14d9b7e930f52c4989484ba1b03c
SHA1 c98e17e1f0945e92a8d7087127d88fe8d1663a4f
SHA256 0c33ef3a1e53bbe0aaf2337d162ee8ab5c1e752bda2706b6a39254faef67749b
SHA512 94441c20cef0a9068f208e3bc0a9c45231bc79e791567785f139e014f46117e0672394fb03ccf1ecffe744cefe62ea486da9bd5675cfbf648d24cbaa384ed1e7

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db

MD5 0908e924aa236931dc7166fef6e00862
SHA1 7782648d6d8f6e835bd47058d4852932c096a467
SHA256 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA512 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-journal

MD5 d67e7466084397b9964cf75142678e0b
SHA1 ff978417239324dc3d781f9684939b23d16e1f01
SHA256 ca3be4ff9a2d067a5f8ae1ef2b6a65dbf5ab7b168f77ee1af506248d0f58fc03
SHA512 46cc4526655f395f018b84d2f2424fe9e3b7f6294abf10f2286eed475356e01ef96e383d346dd5868d4bc4b951e9788f8f78116ccb9b3f0bd0f81e27658faa70

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-journal

MD5 85e8717e4e5e5b4b1e4f77e222e92355
SHA1 1a5fb5922f8881e30ffce04c0f4ad468d85ee6f2
SHA256 192ee1ed778a21151ebf4ac67b968fdd984dab616f8463a1848760d691fa24a5
SHA512 3770e45e432ae55a4438c166922a72b3023a4153747510afa00c00fe40d74b19ff05ac041f1924468823905ff53cdad52c919fdd9af8775c1553898a579aca3b

/data/data/com.baidu.eddw.tencent/files/umeng_it.cache

MD5 da6898a7e193189405129f32227d128a
SHA1 cde9a89efa381562030da709e8eaa2e067b7afd2
SHA256 d9c7aa4fc1edd73403a3578717805744a28bb1c902952f2103c930a5ffdb3740
SHA512 ce6e0a6ec74ada82621bb2a1a88929bb6c732d140a23cbcc6fa54401d66105cdcbd1d7650e27364caa316443c643e3be7da705b99209705a4e10c1512c316ef1

/data/data/com.baidu.eddw.tencent/files/.umeng/exchangeIdentity.json

MD5 ad52fdb4f8003473c1cc8d4fbab51828
SHA1 1f2fa17eb284f5f69b525a5f294d0c160bf62e59
SHA256 e79c7b0110aeab00da4a00bce418e8b64359ba749b4f95f280f84851cbb229b6
SHA512 566bf04db651130db009ae53e7875dfe3609a7e561b6075af7ebe6fde984a68e20697c8b63a6202dacad8897c7811c386a3e8b5225bbc30dfe2b964e75229006

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-journal

MD5 ab41e62288ed77a08a495bfd937b9f4a
SHA1 a05844e4dfbd6bbc06a825d425330b4e46eff6cf
SHA256 38458f4b3fcd1461b1728f5b59d899a885c93e1a3d2f8ef830bb4e59ec42f796
SHA512 e4c3d3b94370b64cabd1314f8f35f3e498d6f4b6483154ff7ad451eb8abcb3216821c406c991afab8d65e943cd897f251b5a3747a27e8033aaafe17f5e4818d7

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db

MD5 67c12933d1e0e63d9801a6aa43092ce7
SHA1 b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256 abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512 db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-journal

MD5 3d74cb168f8fb8af0d5dc58ac184da9f
SHA1 3b0b1fb5404d25ec3d91e9c18e7344c0e2b48974
SHA256 8284aa75006fa073156d3ee83da4f37cd53eea8bddc3c8321f5b7d9755c1de55
SHA512 610096709a03743419e567113f5d3630a3d866ac92e74d72c33afc39b0af530a8c021f31378b93228aec5dfd196cc695514e7b204cded5ff9713f5025876d9c9

/data/data/com.baidu.eddw.tencent/databases/cc/cc.db-journal

MD5 de99550b2f79a058756b0c831d9d9580
SHA1 15e5d16ad200566abd3fb58a87570d8328a416d9
SHA256 168ed828db70686984e05c0b1af421acd3413d03a71bb371b8b736c543ca4d2e
SHA512 bc63e09470b9081296cf0ff5b4a7f434a0851d65905d5f7d0697995850b4404cdc308fef414aa56a0648b31365218d3512157d49700c656bb6f591d728674653

/data/data/com.baidu.eddw.tencent/files/.um/um_cache_1729035870257.env

MD5 5b2dbcfaa2789745b8de37e0c61cdd09
SHA1 bc5b0fe021073f8fc0ee6fce6efee104fdfa4f23
SHA256 8dbf043dca0a2c9e0c5afa22d7d2b51b04eae058489a126ca5c35bcc1ef3a795
SHA512 4a23489f22d4e614896e8ae62631536ce276646f16e03127d565fedd4adaf4f5cd48b2503d1c50d35f92ae8b7c1cec2c05b9f5fb8132dfa516c7826f3c521be8