Analysis Overview
SHA256
cb5e7148d142bdac750c820699703e34001c7af419f048235f154416a2bcf420
Threat Level: Likely malicious
The file 58824f303341985caf4d6f78feebfc50_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Loads dropped Dex/Jar
Checks CPU information
Checks memory information
Registers a broadcast receiver at runtime (usually for listening for system events)
Queries information about running processes on the device
Queries information about the current Wi-Fi connection
Queries the unique device ID (IMEI, MEID, IMSI)
Requests dangerous framework permissions
Reads information about phone network operator.
Checks if the internet connection is available
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-19 04:19
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-19 04:19
Reported
2024-05-19 04:22
Platform
android-x86-arm-20240514-en
Max time kernel
178s
Max time network
184s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.xgbuy.xg/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.xgbuy.xg/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.xgbuy.xg/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.xgbuy.xg/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/user/0/com.xgbuy.xg/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.xgbuy.xg/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.xgbuy.xg/.jiagu/tmp.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.xgbuy.xg
chmod 755 /data/user/0/com.xgbuy.xg/.jiagu/libjiagu.so
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=46 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
com.xgbuy.xg:pushcore
/system/bin/dex2oat --instruction-set=x86 --dex-file=/data/user/0/com.xgbuy.xg/.jiagu/classes.dex --dex-file=/data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex --oat-file=/data/user/0/com.xgbuy.xg/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
sh -c ps
ps
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.212.227:443 | tcp | |
| US | 1.1.1.1:53 | api.exc.mob.com | udp |
| CN | 180.188.25.46:80 | api.exc.mob.com | tcp |
| US | 1.1.1.1:53 | api.sobot.com | udp |
| CN | 203.107.41.32:443 | api.sobot.com | tcp |
| US | 1.1.1.1:53 | log.reyun.com | udp |
| CN | 52.81.118.135:80 | log.reyun.com | tcp |
| US | 1.1.1.1:53 | a.xgbuy.cc | udp |
| CN | 120.55.96.240:80 | a.xgbuy.cc | tcp |
| CN | 203.107.41.32:443 | api.sobot.com | tcp |
| US | 1.1.1.1:53 | s.jpush.cn | udp |
| CN | 123.60.89.60:19000 | s.jpush.cn | udp |
| CN | 52.81.118.135:80 | log.reyun.com | tcp |
| US | 1.1.1.1:53 | t.gdt.qq.com | udp |
| CN | 112.60.14.125:80 | t.gdt.qq.com | tcp |
| CN | 52.80.199.120:80 | log.reyun.com | tcp |
| CN | 180.188.25.46:80 | api.exc.mob.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| CN | 120.55.96.240:80 | a.xgbuy.cc | tcp |
| US | 1.1.1.1:53 | update.sdk.jiguang.cn | udp |
| CN | 123.60.89.60:19000 | s.jpush.cn | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | sis.jpush.io | udp |
| CN | 123.60.92.210:19000 | sis.jpush.io | udp |
| CN | 120.55.96.240:80 | a.xgbuy.cc | tcp |
| CN | 120.55.96.240:80 | a.xgbuy.cc | tcp |
| CN | 120.55.96.240:80 | a.xgbuy.cc | tcp |
| CN | 52.80.199.120:80 | log.reyun.com | tcp |
| CN | 120.55.96.240:80 | a.xgbuy.cc | tcp |
| CN | 120.55.96.240:80 | a.xgbuy.cc | tcp |
| CN | 120.55.96.240:80 | a.xgbuy.cc | tcp |
| CN | 112.60.14.21:80 | t.gdt.qq.com | tcp |
| CN | 123.60.92.210:19000 | sis.jpush.io | udp |
| US | 1.1.1.1:53 | easytomessage.com | udp |
| CN | 52.81.118.135:80 | log.reyun.com | tcp |
| CN | 120.55.96.240:80 | a.xgbuy.cc | tcp |
| CN | 112.60.15.47:80 | t.gdt.qq.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 52.80.199.120:80 | log.reyun.com | tcp |
| CN | 113.31.17.108:19000 | udp | |
| CN | 120.55.96.240:80 | a.xgbuy.cc | tcp |
| CN | 112.60.14.125:80 | t.gdt.qq.com | tcp |
| US | 1.1.1.1:53 | s.appjiagu.com | udp |
| US | 104.192.110.60:80 | s.appjiagu.com | tcp |
| CN | 52.81.118.135:80 | log.reyun.com | tcp |
| CN | 113.31.17.108:19000 | udp | |
| CN | 112.60.14.21:80 | t.gdt.qq.com | tcp |
| US | 1.1.1.1:53 | tcp | |
| US | 1.1.1.1:53 | 119.3.188.193 | udp |
| US | 1.1.1.1:53 | 139.9.138.15 | udp |
| US | 1.1.1.1:53 | im64.jpush.cn | udp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | 139.9.135.156 | udp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 52.80.199.120:80 | log.reyun.com | tcp |
| CN | 112.60.15.47:80 | t.gdt.qq.com | tcp |
| US | 1.1.1.1:53 | tcp | |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| CN | 52.81.118.135:80 | log.reyun.com | tcp |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 112.60.14.125:80 | t.gdt.qq.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 52.80.199.120:80 | log.reyun.com | tcp |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 112.60.14.21:80 | t.gdt.qq.com | tcp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 52.81.118.135:80 | log.reyun.com | tcp |
| CN | 112.60.15.47:80 | t.gdt.qq.com | tcp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 123.60.92.210:19000 | easytomessage.com | udp |
| CN | 52.80.199.120:80 | log.reyun.com | tcp |
| CN | 112.60.14.125:80 | t.gdt.qq.com | tcp |
| US | 1.1.1.1:53 | b.appjiagu.com | udp |
| CN | 123.60.92.210:19000 | easytomessage.com | udp |
| CN | 180.163.249.208:80 | b.appjiagu.com | tcp |
| CN | 52.81.118.135:80 | log.reyun.com | tcp |
| CN | 112.60.14.21:80 | t.gdt.qq.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 106.63.25.33:80 | b.appjiagu.com | tcp |
| CN | 52.80.199.120:80 | log.reyun.com | tcp |
| CN | 113.31.17.108:19000 | udp | |
| CN | 112.60.15.47:80 | t.gdt.qq.com | tcp |
| CN | 113.31.17.108:19000 | udp | |
| US | 1.1.1.1:53 | log.reyun.com | udp |
| CN | 52.81.118.135:80 | log.reyun.com | tcp |
| US | 1.1.1.1:53 | _im64._tcp.jpush.cn | tcp |
| CN | 112.60.14.125:80 | t.gdt.qq.com | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 52.80.199.120:80 | log.reyun.com | tcp |
| US | 1.1.1.1:53 | tcp | |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| CN | 112.60.14.21:80 | t.gdt.qq.com | tcp |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 52.81.118.135:80 | log.reyun.com | tcp |
| CN | 112.60.15.47:80 | t.gdt.qq.com | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 52.80.199.120:80 | log.reyun.com | tcp |
| CN | 112.60.14.125:80 | t.gdt.qq.com | tcp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 52.81.118.135:80 | log.reyun.com | tcp |
| CN | 112.60.14.21:80 | t.gdt.qq.com | tcp |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.60.92.210:19000 | easytomessage.com | udp |
| CN | 52.80.199.120:80 | log.reyun.com | tcp |
| CN | 112.60.15.47:80 | t.gdt.qq.com | tcp |
| CN | 123.60.92.210:19000 | easytomessage.com | udp |
| CN | 52.81.118.135:80 | log.reyun.com | tcp |
| CN | 112.60.14.125:80 | t.gdt.qq.com | tcp |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 52.80.199.120:80 | log.reyun.com | tcp |
| CN | 112.60.14.21:80 | t.gdt.qq.com | tcp |
| CN | 113.31.17.108:19000 | udp | |
| CN | 52.81.118.135:80 | log.reyun.com | tcp |
| CN | 112.60.15.47:80 | t.gdt.qq.com | tcp |
| CN | 113.31.17.108:19000 | udp | |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| US | 1.1.1.1:53 | _im64._tcp.jpush.cn | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 52.80.199.120:80 | log.reyun.com | tcp |
| CN | 112.60.14.125:80 | t.gdt.qq.com | tcp |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | _im64._tcp.jpush.cn | tcp |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| CN | 112.60.14.21:80 | t.gdt.qq.com | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 112.60.15.47:80 | t.gdt.qq.com | tcp |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 112.60.14.125:80 | t.gdt.qq.com | tcp |
| CN | 112.60.14.21:80 | t.gdt.qq.com | tcp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 112.60.15.47:80 | t.gdt.qq.com | tcp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.60.92.210:19000 | easytomessage.com | udp |
| CN | 112.60.14.125:80 | t.gdt.qq.com | tcp |
| CN | 123.60.92.210:19000 | easytomessage.com | udp |
| US | 1.1.1.1:53 | easytomessage.com | udp |
| CN | 112.60.14.21:80 | t.gdt.qq.com | tcp |
| CN | 113.31.17.108:19000 | udp | |
| CN | 112.60.15.47:80 | t.gdt.qq.com | tcp |
| CN | 113.31.17.108:19000 | udp | |
| CN | 112.60.14.125:80 | t.gdt.qq.com | tcp |
| US | 1.1.1.1:53 | tcp | |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | tcp | |
| CN | 112.60.14.21:80 | t.gdt.qq.com | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 112.60.15.47:80 | t.gdt.qq.com | tcp |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
Files
/data/data/com.xgbuy.xg/.jiagu/libjiagu.so
| MD5 | 0e2958fb6d7b2ff1d1930d98eecc2362 |
| SHA1 | 02d543831b4c4b9307aeed15a8bb2bc063a26a4a |
| SHA256 | d578b74fca77f54b0f8c33dc68e91937fdf57d50b5bae4a2411819289732f2b7 |
| SHA512 | 952765ba1c306d7da6830dfd1b09adc4d610bbab383a154728a123bc0a1d8f0d576fd007f9ea4a809e3f318867c8cb0a9d43b63f31c1e3624b6a6929842b4551 |
/data/data/com.xgbuy.xg/.jiagu/classes.dex
| MD5 | 1965e1bb38c289850e4b52fed42d7972 |
| SHA1 | 9d2c75b400801b402e446ab0e762458114d56d58 |
| SHA256 | e833d7742813edd2c6aef2e3b6b623b20a8a50b21ed82e0b77b9ab56ae311d30 |
| SHA512 | 8af03946a4a3679db4b7aad6b62778c60eb84091495ea4011f77b6e0ea47ddd937ccb62be7e549f4cccfdfc19fc06e403c9733e98a8e5ae51a0d27c70c6d0d44 |
/data/user/0/com.xgbuy.xg/.jiagu/classes.dex
| MD5 | 63fc865b7765f587895d81d6a80fac9b |
| SHA1 | 9321b3cfdafe0530a00d99f112bd9714d6036632 |
| SHA256 | b9e199751c6bb19a66ec161748b56085a9119dc7fa432c0e911f0672cd64152e |
| SHA512 | e7236e95d4de7d3dab93ea34d4f421b3aa6196d4e2646a289fa2db361d9a53f05664688fb4a627266ce2e382533737c8e4480a38c67aabdbff8b04eac83f1950 |
/data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex
| MD5 | 34f231874b58dc18c8c8dc5c5aacf41c |
| SHA1 | cdd5b680bca4760310c17505ba709c1fdc482264 |
| SHA256 | ea5d90d35e04d8d09a363bed5bf525fb3eef47cc335ee56537b484c899e9375c |
| SHA512 | c47ab48d2fe484c2e7b9a3781bd551418a031cdb08ae927256218d84e8261db864a4d9f1188776f7553bfab62f13e8239cadd9dc0111dbeaae37728997ab73e8 |
/data/data/com.xgbuy.xg/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri
| MD5 | 9592490881b1f0fdfe2630b50b706904 |
| SHA1 | b30edba0482954f552e00070870dc2a7c220be3d |
| SHA256 | 57376f9d256a002e13baec36475a0097c6986d82bd11d0e2e48cbc747319d5ea |
| SHA512 | 521b57d2fba075ef1289376a0de150ddcdf95e955404a6bac33e689738e796b7c1cf87b71001f7a29781bd1f7191c7e4c3373641a092953959ce6b0bd0ddfc9f |
/data/data/com.xgbuy.xg/files/.jiagu.lock
| MD5 | 7c94c38aad4d044e1e40715b2215d7b9 |
| SHA1 | d3958178345020d05f967b05911503a500bfae68 |
| SHA256 | 826594ce4a89903548de640bad988369e4baeaf944c930f591ae2fde67428bd9 |
| SHA512 | 928582468f60b81af7d85b5faa5842ba83c1de71304f706b9d699f6486ce7045de54800ebdd4096afcc2df1afedeb8000378fd5cebd42908e90b0af832f83e33 |
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac
| MD5 | 3911ad10a2d9a4f7ef7a09639a1b8cf3 |
| SHA1 | d8d5dae863fe04bef8d987202e25e065efce1e1f |
| SHA256 | 0ae3380b0712c9bcbb362bcdf7b72504b9e495fe2987cfc20aec121977dba19d |
| SHA512 | d58dc5e805e0e2d11a79c725285dbb3f75d351d456c87ce79439af68c3a6c2506f5814bc16f09fbf16462c93f5c781437a5bbadc4d48977782899ce9d741dec8 |
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ic
| MD5 | 1bd86b90e1b355f123e5ce8c93c3de53 |
| SHA1 | bee5683d6124650c8be0b3740ad66e771f29b178 |
| SHA256 | 3ba28c4fe20d74ea96f6ced27333f04a01e03c50092717eed1b6e30152a8d152 |
| SHA512 | 6ba3d7ac2b9da3bb2f7ca50488782bfb9f12a38bf17debc4f2853a161551a932885bedaedace0ecd3da9777e1cddbb407ca2360c13512b1b804bd6242e767abe |
/data/data/com.xgbuy.xg/files/.jglogs/.jg.di
| MD5 | 6859b220added791ce44b039ca704a4d |
| SHA1 | 7ade402f6deea8245930ba7833f3d816920bec30 |
| SHA256 | f1834bc8c9d1f4093bfb2bb6d2bc7def5db0fbab67af2ade47f8be1815881b65 |
| SHA512 | 73e4794704d62880b4d7a7f9a2e6b6ba88abffdff4278bc5e3bb1e3601501d6f1bbba9b676678f86cfcc0015e7cbd1651c17d005ad8580c744bdbe34954accc0 |
/storage/emulated/0/360/.iddata
| MD5 | 5bf85148841d8383d6d7b986208f4e57 |
| SHA1 | 3ae0cec3700200310342e6fe027dbf002e8dbb87 |
| SHA256 | 5c84aa5fca03441f84293fdc45f10fe0873daebdee032eb82ffee4ce4bf8654c |
| SHA512 | 900486ef249d3e04f5cc092b1203a3a447a80ac84a870cd749fa428e850e13e2290d00262f99ebfc5be55cbd771c9b18eb0e4133cc668b6086fe525ceb1c96fc |
/storage/emulated/0/360/.deviceId
| MD5 | 1d8d16c4e3b19ebf18988530d9b9a757 |
| SHA1 | bc94c1cce05cd848a53271ecb9c5311e27ffebf5 |
| SHA256 | abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7 |
| SHA512 | 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82 |
/storage/emulated/0/Mob/comm/.di
| MD5 | 70a42cba408700f9a6c01c7941a8829e |
| SHA1 | eab01cc2c0671538795fb0b1146017dc099d0984 |
| SHA256 | 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f |
| SHA512 | 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c |
/data/data/com.xgbuy.xg/files/sobot_chat_log/sobot_chat_20240519_log.txt
| MD5 | 863498ff2426991dd7a260372fd881b1 |
| SHA1 | 9b992aea1e6f032a8151dbfec905a0e0b2a224e1 |
| SHA256 | 4ef5f3057ac9ff7254c0e30b08f5a00f321866f291fb453d8249d901e75640b5 |
| SHA512 | fbeee3c1b45bc22afc3093b7a4aa2f02055f8c4dc2f7aa7d1b9fe3b0b661f679f8a0658357b23313238bb8fd50e0f9ba125fb10b1556abbd58f74fd1bb94851f |
/data/data/com.xgbuy.xg/databases/xinggou-journal
| MD5 | cb80fb6758db242ce6e9bd234750146e |
| SHA1 | aa38b1c493df506412a5489126de77440da89790 |
| SHA256 | be7c48917db9aed33b32363f25be6d9e85a3549e663f3a11fbc876328849afba |
| SHA512 | cee06a8693ae298e02d1620c55fdea3822da1209ba92cd4631b762f3b9583babcc8fb472f59d7e28baa19c35d3c8ff8146c75aaa8dc4e95164f9850a6b97d39f |
/data/data/com.xgbuy.xg/databases/xinggou
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.xgbuy.xg/databases/xinggou-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.xgbuy.xg/databases/xinggou-wal
| MD5 | 355ff1860e4887740e5f9d064e05f64c |
| SHA1 | d8c6af3027d3c7e5a5eeed28665eb79b96ea8e3b |
| SHA256 | 9dc93413191c3a9df246d177cee2ce34b31459aafb88d75566643d1334241615 |
| SHA512 | a516ae25258aee593c5e94edc6508ed1955c63ce21f6c0b12948b37cc728012d0dfad0aed926762ba328f6a4b0023ce2048034b72be8055dd5c44378feccece7 |
/storage/emulated/0/data/.push_deviceid
| MD5 | d87628dcaa6ac0f7711d164d4d866c71 |
| SHA1 | 6d17e08cd33c59b2288f84ac8072ab4c1b7977e0 |
| SHA256 | 2533aae57051950b934ff4bb4c49df9b5265f8e2b3296c802bb7abf67f16ca46 |
| SHA512 | 9434bd006ee0fe1d00b732b6532d1aa0315d355fa4db970482f8c6c2d34f83747a1f95fd5f443911a623c2ab9a72e2bdc1d4b1b1f4ddba675e53ef5ceb4e43f1 |
/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/data/data/com.xgbuy.xg/databases/ua.db-journal
| MD5 | c89af4b8239b7705b81fa6bba269b77b |
| SHA1 | 93464c1356ddad3e2a0a6086242006d67e88e582 |
| SHA256 | dbaa6bd8d150155851ed35f17d6467578b352950f3406be28222b1b1a370ecf2 |
| SHA512 | 8ec8b7c5d01f4a80a56aa07b97210a0ae2feccf46fac892e545c1ebb0635d04791d3dce222ee2a3d1dd524a079f864178491dbf788191d2753076a71215285b8 |
/data/data/com.xgbuy.xg/databases/ua.db
| MD5 | 049cf5357645e90700822a4557b6af09 |
| SHA1 | c7bd952f49ff8ff62b840945064e762b91371da2 |
| SHA256 | 88beeb14e858d7eecd199638eacf672863bebb1aaefa9fa6336fc936fa57bcda |
| SHA512 | 60cab8e33d93470b52da052f75b2b434081187db5f70b64c3b42a7e1ac333ce2ea594e58f55cd66d5a0f1a7ebff738b7ab0a9b5489330f6500dae3302bb0478a |
/data/data/com.xgbuy.xg/databases/ua.db-wal
| MD5 | eda7b041c68412e02f0bdd7757e7c83d |
| SHA1 | dc9a181faaa32ca5d20d9ca8be75c0fb9d1002c1 |
| SHA256 | 44bb14c50d14377833e5d09139b786b72b4f31dffdc18493690dad8eca3003cf |
| SHA512 | 66e19f5cb4eb701af01cf0a0a90ee9bf57955c6ec678da4b6eb79356d21c63e4936ce099185da95129471a3325b6665a98ec6c6ba13568c02647e0065c3b6e72 |
/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/journal
| MD5 | 0bc1eb3f0b3703cd86492f3149ffcef1 |
| SHA1 | df528ffaf5021d7ed7d223c488c4eeef8548c861 |
| SHA256 | 3682aa482bfd7dd9c22e98c300033c6f26d5de8988c3a35cca34308f30de1a24 |
| SHA512 | a5055bc5d4a4a67d73027ede327a1a3f02126f192e9670dc366e6ede78a8195c8c73545b6c7982d543fe57da46ac0b148a0614677aa1be9de705f70d9ec68d6d |
/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/331608c17f28442e8b7d10f85593e090d1c8b4d3f562b3115ff626e74ce985cd.0.tmp
| MD5 | 3ccf674803e2bcca74d940a369b98a1f |
| SHA1 | b82beb53b74476af3563d05f4b49b4628611c19f |
| SHA256 | 897e90108102b4d93eed118fbc62f4bd208a2651c52da15431f3ece36f4ff274 |
| SHA512 | b98a53d48cee9d8d4fae804736e7b66c28beb429d4e84cad49f4f3e92f5a226c99eebe093fabee98d657d41729eab74fdf6081cc29b693e076b213e0e8e60a5f |
/data/data/com.xgbuy.xg/databases/cc/cc.db-journal
| MD5 | a15bd8b9de5694aaef8e8a320b0d1e5d |
| SHA1 | fb2ed34e69f913ad98fd7bf6212a8de77ff6c9a5 |
| SHA256 | 7994c3dbf55591ed200ecc97f6eddc358b3607867da553304439d0893bcb53fb |
| SHA512 | aaf9bc87e1591bb1d57c9a76586a2ea8a44c6cabdea95355305ca6256e04ccef1aacc4495c296bcd612c75d5c017787a9b04f9da62c06a41c08d1bf1e104cfd3 |
/data/data/com.xgbuy.xg/databases/cc/cc.db
| MD5 | 5d7ea1a23af19b4340cc8d90f28297d5 |
| SHA1 | 4cfe95b23a9e98378d69c4290af81b51fbe76aea |
| SHA256 | 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da |
| SHA512 | 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b |
/data/data/com.xgbuy.xg/databases/cc/cc.db-wal
| MD5 | fe0faf581d33b4b60c78a4243b8f1b33 |
| SHA1 | f6d508d54bb9ee769e4aa9016a10efe49cd37008 |
| SHA256 | f929364fb455e94c68cd2211ad600c231cd655b99f0e5edd33361241441f8154 |
| SHA512 | 9c4a3fc509b07bc9e263e428b6dd8dfba6e1b3a60a87383df8958e7141906814c136e8bdf6270ad00038ef33d4919a107da9606db6c720dc7015b8176b9a58d1 |
/data/data/com.xgbuy.xg/databases/Reyun.db-journal
| MD5 | f969171ec9983b2abdb0646cc37fe796 |
| SHA1 | 37b22588357459c16e686f1e534e7c7491685bdb |
| SHA256 | 07a8cf084ce111072c68c38a1eb67a91de446ed5dc5a1ff1de44394054203305 |
| SHA512 | 8b9e58775f736c0e56b9e8532ded7afb1da63fd1d16ce4cfbab7b2ecf00e59cb394fde8e4de487abf6d33466b123d61a7f483b01f7fe25b41e412de6dbc85579 |
/data/data/com.xgbuy.xg/databases/Reyun.db
| MD5 | 203a845b72c9cc4c93d665d7bb9e312d |
| SHA1 | 9046a83de3f28f53ce9c55d1102819c946f7a362 |
| SHA256 | 23b13cd1126bb00044c652d650374b94cc1640b22dffc4e1d3059fa0d3182b7f |
| SHA512 | 078e7a36cc8816fc02bb9ec3dd2f9b17e6731edc2a4f7ad49ec789754def8f278f99c1f75fce544d1c3b1340c9e40cf73fdbf5104fe9cbe33ab1a3f0f19c0c29 |
/data/data/com.xgbuy.xg/databases/Reyun.db-wal
| MD5 | 1940e7a6baceadbfaceffa77ccae30b9 |
| SHA1 | 6f6fcebebcf5067e1718f50c6d86f5f5346ddffb |
| SHA256 | 7b1aeaf657cb58c769e8079fce710c3c69fc7259c2320942d8bba393bf137758 |
| SHA512 | 5457e38d1e9359d620d6e279ab7bf0d2d080ec5093e13c4a01460a70090240e4ae795ab498082180cdb521e1d6617ad5daaf458d201ce6a1d7d707bda086b83c |
/data/data/com.xgbuy.xg/databases/ua.db-wal
| MD5 | 38eea2c98cc9cdc25feca7710df5ce97 |
| SHA1 | fa29adf17b5ade53833f422806c68b0b7ad6878f |
| SHA256 | fbb67f106ddee54cf8571703f5ca8170151586085d5e3aa5967e4f610d40471e |
| SHA512 | a6fa5daf3676479f1b0e27a82439045877bb45aaea32cced78c98c4808423ebf3f3880f84595dab253f4366ca5c4ce81d1734553f890751f0eec8eee28829d9e |
/data/data/com.xgbuy.xg/databases/ua.db
| MD5 | 5aba5120d097f5ab09f8571f2e746fbc |
| SHA1 | 719b58ea8ae065bdbc4d48003fe8a6a699a75654 |
| SHA256 | 12ecb462bacf9c71f71b842d18bbdd2768e09485bbaa2cc8ebafea68f2eff05c |
| SHA512 | 3785a120bd40506c2db1e09563f4bc799793965e2877e0fc537fd59ff543ad702fb3fcc0e420494a932d9d1cd41e86824b021ec611a770ae232374e2f3a3747c |
/data/data/com.xgbuy.xg/files/jpush_stat_cache.json
| MD5 | c9f7eebbea6531e6ea0c68d8267bfb9d |
| SHA1 | 20623b7951279e74dfa23039f0228c7744d14ef7 |
| SHA256 | d24f55406d27335a13ad9f07063b6b6e5c9e2c241b8a6c45f8177749a081e333 |
| SHA512 | 0044b0d2199de8e345f74fc3b96178a1d637f56f9c538461898747417cf6c5c58e4620f4fe9f34c8a179f21adb03baf0efd4202711a004f516e034f374b84357 |
/data/data/com.xgbuy.xg/databases/ua.db-wal
| MD5 | 3935acc29a274412a77594592f9d75f1 |
| SHA1 | 0c762a1ee3cca60aa371d0919404d5b8f981e628 |
| SHA256 | 55b82fcee251d43ff28b65257ba198aa0007674af8c22568d73539c2db4b2ad1 |
| SHA512 | caca412bdae9e5d13ae3df2324ada4569eabeaab69af3f6e6d9488a99a423e8eb08b241fdab7cb525e7632021177136790c7d3804e0cfe4f81118fa6da41ccc4 |
/data/data/com.xgbuy.xg/databases/ua.db
| MD5 | cfd0cb145ef63694bc8dff41653d7bfb |
| SHA1 | 6a14cd095972e28b08f223f71f457c19a9bcd453 |
| SHA256 | e026ee7419ea5f928cfd66610ef0c21eb0201ec1b96fa4e5392cd306870bae99 |
| SHA512 | 27ed11245631292ff651f44794ceceabb57d59927e08acaf0de60ef220e2c2e530ba264a54d5c0902669fb90c70d596ffc8a375452d4cfb7fe8d291b58a09318 |
/data/data/com.xgbuy.xg/files/umeng_it.cache
| MD5 | de0e942f276005b3f4e0e5c00908acfb |
| SHA1 | a63a97884d7abf60e568179454ac9cf40a28f0fc |
| SHA256 | 5550a166e4c6a8138919be121479dad1bd7cb03403c22599545d1e3648d1ba2d |
| SHA512 | f45581956478b528b27d3f7cead3c3cc755b7ef04870fdc347f9a98869a31ddea14a0c9eb5c7fbe739b8de6dc8b9d3da3d99427efe3761330a5c87983e99bcc3 |
/data/data/com.xgbuy.xg/files/.umeng/exchangeIdentity.json
| MD5 | b37138364ae1e6ab46b14591db427afc |
| SHA1 | 76bd28ac9ad0349c149eec93b23725e7b13de7d5 |
| SHA256 | aa4bcd083a47239e5849cbd964b666e1ffa7abc905357a6a1672c4775392a6b2 |
| SHA512 | db0546f742868322a0e15fe5bff8a842d9c1cad573370d7881fd407c627248d71c8f2ae51fb5295a6ac65ea53fee33e456facb5144683205530eaf38c7a20fbd |
/data/data/com.xgbuy.xg/files/exid.dat
| MD5 | cbfff07dc2c5cbada569b7e1f0421f1e |
| SHA1 | b5769017a7b9a82ed706f4a9aacec7f709abc1ae |
| SHA256 | 8ef66971e15808f6653be5549e7adaff4d5101241c95862d652ae16244557104 |
| SHA512 | dba9aaa1506d6bf21dd3dceed1c944f0c8c555b3e33b6ad7bf3fe1317b285a6db5dad924fe7db4ccbae77bc9b8dea9f17acc67167dad10f729e70d11820f2d18 |
/data/data/com.xgbuy.xg/databases/ua.db-wal
| MD5 | 1a8dade2a28b1bb463188cff3b6b490b |
| SHA1 | a8cf5edd3f4cefe55241bfeee282f57a5a3d9733 |
| SHA256 | bdb587d3d3aab71de6979df086fc3ee2059b7f971e1796768d87e648486f4278 |
| SHA512 | af949ba68f11a0b130ca6dbbc604085bbff22fae71ed2dd4e3dac92d6b009342ccb3300ed5a8fdfa4d40a5f22966fba8087f7d9054fde9e012efe6e4181cafb3 |
/data/data/com.xgbuy.xg/databases/ua.db
| MD5 | d604a3bf1f8d992cc320ea5b1f7609bd |
| SHA1 | 247f88df0b55c7d523ea5398637711a0e4a483a4 |
| SHA256 | 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17 |
| SHA512 | 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab |
/data/data/com.xgbuy.xg/databases/cc/cc.db-wal
| MD5 | 676cd87e6a55fe9dc6d29d89e793e7c6 |
| SHA1 | ca649a83a2f919f7400b76fdb63aeec436944238 |
| SHA256 | 0be281648e5749a2a34fa9f681448a4509b079d48b011f31c87e899598c373b4 |
| SHA512 | e0b36b9b4f3c6291e2af7411aab7d98b06bea9441ca04d644560fe79c25158e861dcafc46b3f4078f6943157398b02b39ba0690348c4fd06f7ec1c1513faa301 |
/data/data/com.xgbuy.xg/databases/cc/cc.db
| MD5 | ce6135aa1b1fe4f2c2db2a546d2a5558 |
| SHA1 | 79b59582154017aadab783dc266fcb158c252940 |
| SHA256 | 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c |
| SHA512 | 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4 |
/data/data/com.xgbuy.xg/files/jpush_stat_cache.json
| MD5 | 5a9af4294eb69ab71aa0ada6daa5f182 |
| SHA1 | 4b81e9c2b790594940c4d379fa7b85f6d636c459 |
| SHA256 | 85601310d824d659876606d2fac678c1cc9b5bb3b7dd36428828a17e26d5cc8d |
| SHA512 | 1be302ba921476d2e4538b4ed30ca2fe3a3f44465fd8b8e0227325d68e19a5f0acc6a2881310f43a989b652a25059b812378aaf2c61d5b8b34706bb8f85e538a |
/data/data/com.xgbuy.xg/databases/ua.db-wal
| MD5 | bf92e6854ffd883f4a62eb2f74081917 |
| SHA1 | 170684b3e8102ac4438c997c55923d3348ca189c |
| SHA256 | 1ea4f073302e2f497f40d72e620a5abb7b48648eaf114fcdc2dd7882f46f3282 |
| SHA512 | 4f6b5d7045ae1aafbce8b1b9116f8fa6dbcb69783815a2d9aea2d08ae9498aa1e1f6d4587be848daf0a7db9f589c637c7bb37e8ffb2029bff19e1e912076250b |
/data/data/com.xgbuy.xg/databases/ua.db
| MD5 | 3af1e346d0d9606242ec8ac41d1fdf16 |
| SHA1 | 61b10276b2547e66810be2b4ab3e9afbbaaa1553 |
| SHA256 | 623dca21b109a8b86a5d487e261afe1a63b089f65d265a8791fc87647efa6120 |
| SHA512 | 4bb3814aba7d9e70f48afe16585d41641761c7a00799ea1124a3d6880821c59ce275d4a71337dc359f1b7dd2146913a68bcdbe7c637541089a74e951b9def28e |
/data/data/com.xgbuy.xg/databases/Reyun.db-wal
| MD5 | c2584ff860ef80ec0a8f2460b1ac6e43 |
| SHA1 | d6fc0a56235ca24373e4fa15ade69ea29e6c4e22 |
| SHA256 | abbb583a86da4d1eed9cb5fe0e78d7bc4fdad72ac6e10c6a29b6512703a4a55a |
| SHA512 | bd16cbfe847f26293b1c77009e0ec3d380522961bb1a4f369d093ee554da1f78c70a8b509808114e3cdd2cd25af6c8c60a003e7e5fa5498f1debddb6b2d0539d |
/data/data/com.xgbuy.xg/databases/ua.db-wal
| MD5 | 6e329eda1e0e960d36fc653d349ad66c |
| SHA1 | d7f5f59f03939b839a7937c07349ca3a7f57cfbf |
| SHA256 | 5a17dc320c9819ae80382b217f95050ca60b264264ef7c9db76ffcea54b0755a |
| SHA512 | 2b63fa10c645c16773adbd48b372d37d6ec2cb4b4a0c578c54e65df9946ffe796dfe8801ef6cf92abedb6c01cb09fc402bcdcf4e797b3d43a42e8d9e90796893 |
/data/data/com.xgbuy.xg/databases/Reyun.db
| MD5 | 362604ec3a088db9d08714af52269c5a |
| SHA1 | 6716b0987535f14399ebfb88c77590cc7e926107 |
| SHA256 | 165d95746dfc9bba1f1bcd045c5bc350798f4ea215dac4ff01b48e3dc67b79f1 |
| SHA512 | c9635b6545178ed468de6e360d42dcfe16374bf5e409e77d33c3dc531e3f8b40ceeae9619da3a4f347b1bf0760a5d110def208078da45d5a39509a5d8ffea9a4 |
/data/data/com.xgbuy.xg/databases/ua.db
| MD5 | f0c12da4358a9146310b1941c0e44739 |
| SHA1 | 2ac8f35b555ff815d2fad13cd927dc192761efcc |
| SHA256 | 5ebd009a877a3e0c8d745f3e821df8f9291e96cc5500a1c6a21ee5dcdf457ed2 |
| SHA512 | a8ad8baad557ab6cb89e3a9ab2a36add17bc0e9c71c78d47e13f522df3146f1d8ed361312ce23d62ab2bc77ae8f8942e3abb1d26b864a2749acdb868348ae19d |
/data/data/com.xgbuy.xg/databases/Reyun.db-wal
| MD5 | 98a75e31357f79ec2c3bd96351e888cd |
| SHA1 | a0b4b940ccf7a9e539fcad8771676fbea20fe242 |
| SHA256 | 12daaa610030f9c7ebcfe47291f32d957617e99595f8cd174ef103c6cbf8fb75 |
| SHA512 | e41d24ecd17f3f1fea2f72b3dfaae75a22645c1dc6bea3e449327944e8566a888d90788a16ccc0bd409a5d6e34aa485b65aec29b662b95be0a09964509e609ec |
/data/data/com.xgbuy.xg/databases/Reyun.db
| MD5 | 44073829b141420894401b6bf26aac9c |
| SHA1 | b9974517358d1097cab26fe418a1c84f160a8094 |
| SHA256 | b1c39f145d7fa8a5bae3ab4043157abb2e9e9ba7e86812147fb17a8a8db5a4f3 |
| SHA512 | 6864e272f0f2aa1313bc662de13197faa2b237bcdcfb613577093d07aae55ff6696e5f9c2e61449e6a65ca240b20a975082440dc579e7983ec3ea3397945ac21 |
/data/data/com.xgbuy.xg/databases/Reyun.db-wal
| MD5 | 7f6dddb134792ab2d96fe8f7e786c32d |
| SHA1 | 194e343714dd1bf15717e6eb9657f9dea47d17f7 |
| SHA256 | cc703d420935d1feca573bddbb68dd8594535832663fad2a2decfbdbfdefc03b |
| SHA512 | 20ae7637962e9796bbd35d697781573e3ca4834c6a08129ecc682e869bb83a636203d1fa923128da6f79ed83f00c4a25ba1df73fd530cb3df298d9ce383b1ee1 |
/data/data/com.xgbuy.xg/databases/Reyun.db
| MD5 | e4896858ac071738ecd96ff23838a298 |
| SHA1 | fcda19331884aeacb6a0d5b31a9511f77a6f69c9 |
| SHA256 | 633cbf1a48d0a0f6e72253dfa9bdc67f8adc6deb3326277cbefa23bf54325799 |
| SHA512 | bcb06d2be4020316de39ef741dd220e22609465c44ff5252f7a0476ebc252191c605d8d1054a5fd208b194d6a1f0a81a5f811057f5b6d9e543a7146e97d10b0d |
/data/data/com.xgbuy.xg/databases/Reyun.db-wal
| MD5 | 7835a587252a95d1e97a12fad1ef573e |
| SHA1 | 5dadc1fbe3df2be35f9b28526349f5f8d30719f4 |
| SHA256 | 7011290d5e66216b4147f998731e6cc63841e2a77d32afce9711da5752a93e4c |
| SHA512 | 2d17911f8e4e91fb91ae1d8f165cb3d39b352070791fae9ff64be30839355fc5cb8ac2be02acdebc8b01b1a03cffecff417d11e64f3e6209db3dfb6146339397 |
/data/data/com.xgbuy.xg/databases/Reyun.db
| MD5 | db6501031119863bdb13be8005805846 |
| SHA1 | 479a02fccfabd302d0a12e4a6e08088dffd33652 |
| SHA256 | 2ff5cc8dcefd4a9984632b8a9168be15a70b687954062f4fbfc73770425da529 |
| SHA512 | 72cfb90a3d263962bea5c33721bf2fdb1a2709d5fe363719e793b049f992c07f471d3d4af3a3208145bc3847c6c93c5c95c05469d16bd8cb8906b14a90eba723 |
/data/data/com.xgbuy.xg/databases/Reyun.db-wal
| MD5 | 7b98c67c6ab0997689e94c439362c2d7 |
| SHA1 | 9e9c8daa33d556d191d952402877c073f6f9e887 |
| SHA256 | 67433c35f4388f8debea656da28307a9a8c81a1c7e0d009dcfa8e06b5c532603 |
| SHA512 | 4fb99fd2287b8ba20dd5d22d6dfa338e975dd6ee516047c67dc39001d78b4d041d426e70fe6ac8614838c0c6c55942c7fade36b8ae8bd87c7943eb30784826a9 |
/data/data/com.xgbuy.xg/databases/Reyun.db
| MD5 | 6a10ae9c00a600ebc4b62be56522a52c |
| SHA1 | 0a8b8df6efee2dd36ade92b1316a296c90f7fb57 |
| SHA256 | cdce1ca699aae0f2e82a901324fbb896335113a1802a587cadd8f569b8a7fdde |
| SHA512 | 62346bc017429ef3c7a31fb290213fe4fc910f3dd825c4fe256562276a78c2b598594fe72ac582e10db68c9786eeb700964bd69c759b77151e4183e541d9eca0 |
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journal
| MD5 | 26d9ba99bff16360ab1654b105b3908d |
| SHA1 | 663994afbc19749aa78be9b63a25d493aa7816bd |
| SHA256 | a20a3dc94742ce2895c42c5222900f1c53baa07e6b487d7b2291801972576eb3 |
| SHA512 | 2c2e62614f03ee49ff6afd9f902550a1128d6306a80607835ba2649f4589900cec4e43dec27cdea8dbabbffde8a3be6efa02418f04ceb60a6f67920f63ec66e9 |
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-wal
| MD5 | 270803b0e41d1ffa84cb456bc16c30e4 |
| SHA1 | bdabd3a57f3ae263f5b89b698392439fe28e37e8 |
| SHA256 | 0122df88b7af7476c9f623f1cbddd9a22903b0d901bad1ec8456fc6f314f1926 |
| SHA512 | bf0e69ccae7733e65b8b8a9f28e6531940419dae1b43154783d66dabb535081d092429fa53e6ef67c5e6189bfb7de778a7b7e54caf3a719b7fdd368a306db922 |
/data/data/com.xgbuy.xg/files/.jglogs/.jg.di
| MD5 | 015f27b0da49821b3833fe2ccbf21551 |
| SHA1 | 557729275d6be48e279d687e970695c6e0998259 |
| SHA256 | 69d26aaf02ebd2e1eb6e69813ef295dea6326c0fcc915c136eb3733778860f27 |
| SHA512 | ed1988279e318e3e005ce5f0955e7311afcc775c74480461c41a19e7dcc62c43f268b26b1f01d4399e5166c547db646c58fc683c7fa7853208b4b56fbd0ba33d |
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac
| MD5 | 81024874f926b0c0c9e613997c9370b1 |
| SHA1 | a7b4c37570f3e5aa7bd575d0dbcc71ff9079a95c |
| SHA256 | da5ea38fae9a292777936eae50a76aae4d2a589550448aa6970383e44aabe7d6 |
| SHA512 | 8ae3ca2a1a4ea6c514fffeb911f4c42ff173433a7fd82980193d883196e748e458e83ee42051ccbabfa7f49792dabbf1eb8a72fea3db16c2f157e7ada4182830 |
/data/data/com.xgbuy.xg/files/.um/um_cache_1716092497931.env
| MD5 | 386902974877cebbf3de354f0a99beab |
| SHA1 | 488686723c1e8ffe98fab3db3db24d52b39d6ad5 |
| SHA256 | d3d3afbd73d763d86273e01f06a7f92c2a22890bd6089e7b12598b87b36f399c |
| SHA512 | 3b8d097dc53c83aaa227e34ea16f00e8a1e81d53ad0c1136d4801cb52200397e7856579f57bfa38b3efa20f776212d19a0d9ab8cf7d33ed7587fe5d22cccf175 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-19 04:19
Reported
2024-05-19 04:22
Platform
android-x64-20240514-en
Max time kernel
10s
Max time network
139s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.xgbuy.xg/[email protected] | N/A | N/A |
| N/A | /data/user/0/com.xgbuy.xg/[email protected]!classes2.dex | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Processes
com.xgbuy.xg
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 172.217.16.226:443 | tcp |
Files
/data/data/com.xgbuy.xg/.jiagu/libjiagu.so
| MD5 | 0e2958fb6d7b2ff1d1930d98eecc2362 |
| SHA1 | 02d543831b4c4b9307aeed15a8bb2bc063a26a4a |
| SHA256 | d578b74fca77f54b0f8c33dc68e91937fdf57d50b5bae4a2411819289732f2b7 |
| SHA512 | 952765ba1c306d7da6830dfd1b09adc4d610bbab383a154728a123bc0a1d8f0d576fd007f9ea4a809e3f318867c8cb0a9d43b63f31c1e3624b6a6929842b4551 |
/data/data/com.xgbuy.xg/.jiagu/classes.dex
| MD5 | 1965e1bb38c289850e4b52fed42d7972 |
| SHA1 | 9d2c75b400801b402e446ab0e762458114d56d58 |
| SHA256 | e833d7742813edd2c6aef2e3b6b623b20a8a50b21ed82e0b77b9ab56ae311d30 |
| SHA512 | 8af03946a4a3679db4b7aad6b62778c60eb84091495ea4011f77b6e0ea47ddd937ccb62be7e549f4cccfdfc19fc06e403c9733e98a8e5ae51a0d27c70c6d0d44 |
/data/user/0/com.xgbuy.xg/[email protected]
| MD5 | 63fc865b7765f587895d81d6a80fac9b |
| SHA1 | 9321b3cfdafe0530a00d99f112bd9714d6036632 |
| SHA256 | b9e199751c6bb19a66ec161748b56085a9119dc7fa432c0e911f0672cd64152e |
| SHA512 | e7236e95d4de7d3dab93ea34d4f421b3aa6196d4e2646a289fa2db361d9a53f05664688fb4a627266ce2e382533737c8e4480a38c67aabdbff8b04eac83f1950 |
/data/user/0/com.xgbuy.xg/[email protected]!classes2.dex
| MD5 | 34f231874b58dc18c8c8dc5c5aacf41c |
| SHA1 | cdd5b680bca4760310c17505ba709c1fdc482264 |
| SHA256 | ea5d90d35e04d8d09a363bed5bf525fb3eef47cc335ee56537b484c899e9375c |
| SHA512 | c47ab48d2fe484c2e7b9a3781bd551418a031cdb08ae927256218d84e8261db864a4d9f1188776f7553bfab62f13e8239cadd9dc0111dbeaae37728997ab73e8 |
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri
| MD5 | 97e7ce3991e628e52d7d8353e86d4024 |
| SHA1 | 41d67376d71af349634272b50c7abf56ecb56752 |
| SHA256 | 2379e85a1268f916c53b56c9ba0fcd961d290f939fa42b225f49cbf0cf7d71e1 |
| SHA512 | 67fbaab401abab0a7d56741b98a7624677348da9056bad0ebcc382b5d496ceacc1259a0f8d4b9750de22f1d3ae2360f61a4f4912b2b848a6fdc8d9e43b746bfd |
/data/data/com.xgbuy.xg/files/.jiagu.lock
| MD5 | b8371794fb795deeb034034061c9b731 |
| SHA1 | dc433d24aef9fa9e3448d2578046ee5f2d200202 |
| SHA256 | 31200e1eab5fd8d09aa1cfb0eb0f23e2d8865252b217f9019f6f842d1083680a |
| SHA512 | d70af863fd4c48cbeccd6000e86c8e7581ec84a8c487dc65de57fe9da3eb1136cfa6bfe7f57d8f9ed18c4fccd51dd392b63979b42e6a928ce7c6fe4495c72993 |
/data/data/com.xgbuy.xg/files/.jglogs/.jg.di
| MD5 | 28ba4d2c5a7b86a5a6bc2fad7456bcca |
| SHA1 | d5b4e2759b1533a79941ea683214c2f1e529df6f |
| SHA256 | badd64fe5918b9e7adbde63f992347ffa2267f3b144c34a4de259b482d9195de |
| SHA512 | 9f2d1c04a7ed679f949bafa45efee6f21d65b2d5dccd92a34006a6a6f1412d0c272d1bde63d31c52ab4c9d098b7ee412dbe73af8f130380fd126871fd08c6dff |
/storage/emulated/0/360/.iddata
| MD5 | b41b57ba3d1d291c624d1197a6d4c0b9 |
| SHA1 | 3694858f9181aab9f3e80bad7c93d8fe5c77c034 |
| SHA256 | 405fc4ee796121fc004955de4e6f8a1f9d756566a34d7e29342d187e88579408 |
| SHA512 | 301424392477ca91d693df78248f5e5e9a40eb1d1cf621ac07d47440826ccd4d68fccd11aa7b57735ee1c883dde4896063fb0fda2eeaf9bf0bae47d66d9bff67 |
/storage/emulated/0/360/.deviceId
| MD5 | 4c4c5285293d5141f582aefa4e038669 |
| SHA1 | e01852a72e5a8e6f7d63a21426b515118196047b |
| SHA256 | 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731 |
| SHA512 | 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399 |