Malware Analysis Report

2024-11-16 10:44

Sample ID 240603-mcph7scd24
Target 916cb2ab47e60c3ff43a67ef49c99d0e_JaffaCakes118
SHA256 c6e14cfd666835b9237f5ac742566d6cf84982c1a9498aa9c518c5a16f21a7ed
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c6e14cfd666835b9237f5ac742566d6cf84982c1a9498aa9c518c5a16f21a7ed

Threat Level: Likely malicious

The file 916cb2ab47e60c3ff43a67ef49c99d0e_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Requests cell location

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Registers a broadcast receiver at runtime (usually for listening for system events)

Loads dropped Dex/Jar

Queries information about running processes on the device

Checks CPU information

Queries information about the current nearby Wi-Fi networks

Checks memory information

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Checks if the internet connection is available

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 10:19

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 10:19

Reported

2024-06-03 10:22

Platform

android-x86-arm-20240514-en

Max time kernel

171s

Max time network

182s

Command Line

com.xgbuy.xg

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.xgbuy.xg/.jiagu/classes.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/classes.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A s.appjiagu.com N/A N/A
N/A b.appjiagu.com N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.xgbuy.xg

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.xgbuy.xg:pushcore

cat /sys/class/net/wlan0/address

sh -c ps

ps

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.3:443 tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 log.reyun.com udp
CN 54.222.254.29:80 log.reyun.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 139.159.137.254:19000 s.jpush.cn udp
US 1.1.1.1:53 a.xgbuy.cc udp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
US 1.1.1.1:53 downt.ntalker.com udp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 182.92.245.193:80 downt.ntalker.com tcp
CN 54.222.254.29:80 log.reyun.com tcp
CN 54.222.166.108:80 log.reyun.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 t.gdt.qq.com udp
NL 43.152.42.165:80 t.gdt.qq.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
CN 139.159.137.254:19000 s.jpush.cn udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 123.60.92.210:19000 sis.jpush.io udp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 54.222.166.108:80 log.reyun.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 123.60.92.210:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 54.222.254.29:80 log.reyun.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 easytomessage.com udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 downt.ntalker.com udp
CN 54.222.166.108:80 log.reyun.com tcp
CN 182.92.245.193:80 downt.ntalker.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
GB 142.250.187.206:443 tcp
CN 113.31.17.108:19000 udp
CN 54.222.254.29:80 log.reyun.com tcp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 139.9.135.156 udp
US 1.1.1.1:53 139.9.138.15 udp
US 1.1.1.1:53 119.3.188.193 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 54.222.166.108:80 log.reyun.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.75:443 plbslog.umeng.com tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 54.222.254.29:80 log.reyun.com tcp
CN 113.31.17.106:7000 tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 139.159.137.254:19000 easytomessage.com udp
CN 113.31.17.106:7000 tcp
CN 54.222.166.108:80 log.reyun.com tcp
US 1.1.1.1:53 downt.ntalker.com udp
CN 182.92.245.193:80 downt.ntalker.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 139.159.137.254:19000 easytomessage.com udp
CN 123.60.92.210:19000 easytomessage.com udp
CN 54.222.254.29:80 log.reyun.com tcp
CN 123.60.92.210:19000 easytomessage.com udp
US 1.1.1.1:53 b.appjiagu.com udp
CN 180.163.249.208:80 b.appjiagu.com tcp
CN 54.222.166.108:80 log.reyun.com tcp
CN 106.63.25.33:80 b.appjiagu.com tcp
CN 54.222.254.29:80 log.reyun.com tcp
CN 113.31.17.108:19000 udp
CN 54.222.166.108:80 log.reyun.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
US 1.1.1.1:53 log.reyun.com udp
CN 139.9.135.156:7002 im64.jpush.cn tcp
US 1.1.1.1:53 downt.ntalker.com udp
CN 182.92.245.193:80 downt.ntalker.com tcp
CN 54.222.166.108:80 log.reyun.com tcp
US 1.1.1.1:53 tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 54.222.254.29:80 log.reyun.com tcp
CN 113.31.17.106:7000 tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 54.222.166.108:80 log.reyun.com tcp
CN 113.31.17.106:7000 tcp
CN 139.159.137.254:19000 easytomessage.com udp
CN 54.222.254.29:80 log.reyun.com tcp
CN 139.159.137.254:19000 easytomessage.com udp
CN 123.60.92.210:19000 easytomessage.com udp
CN 54.222.166.108:80 log.reyun.com tcp
CN 123.60.92.210:19000 easytomessage.com udp
CN 54.222.254.29:80 log.reyun.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 113.31.17.108:19000 udp
CN 54.222.166.108:80 log.reyun.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 54.222.254.29:80 log.reyun.com tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
US 1.1.1.1:53 tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 139.159.137.254:19000 easytomessage.com udp
CN 139.159.137.254:19000 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 120.46.131.222:19000 sis.jpush.io udp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 120.46.131.222:19000 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 113.31.17.106:7000 tcp

Files

/data/data/com.xgbuy.xg/.jiagu/libjiagu.so

MD5 015df5724b50b4fbc6dd0caf7ccb817c
SHA1 980780e98c9958aec97ab7a0de8d28a4c5fd9429
SHA256 183990718a96d742bc6f1bb04c313e04db6dc62d445ecb294a7f15babd3281c6
SHA512 fda8f5343cac8102aade5f1aeac7c5b028ea5d8c92e3d12de92e1ffce30bab47a446f215c9cff7dd1e1bb88980ee0d27b5241e856719fcc1f6a5c25e062e9d40

/data/data/com.xgbuy.xg/.jiagu/classes.dex

MD5 bc7b7cec4c2313b65f6d767a77164dd0
SHA1 f0a2fb5db284bc60f424c2084984c830cf4d2ca1
SHA256 84906c5a9b057b44e0df1fb8030d13110748ba30ef7a8017abdd3157ef349ffb
SHA512 379bec4a7a82a83c32e93cb3d5d0e0622d78ec79a5e17861f9600069283ffeac13340003fd2323c884a114bd45102034b3e5e609b3390ce099db6ef71a144432

/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex

MD5 f1e1513c1caa393fe8e9a3f9fff03e7c
SHA1 db053d40d0ead70c10b229d129359601a8b5debd
SHA256 4e81f36348e9d21ea9121450a9c68817efadedf40bf365af9d54a6033b363934
SHA512 e9c0cb206d14c55f3bf375fddd0d1edcf2e4540c24ac5df6e1c4884e87be9861a87b4fa5a49162fd054bafac7ed223e6f79686ffd71224f64f7336173298c03b

/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex

MD5 e0cdaf1a37a325beb335128a913ce71e
SHA1 1b4f9eda9ff72406032655f7a7f97e361d90bb2f
SHA256 444121cbd8f09a2461d84bcdecea5c61c0a5bc7b0fd3671d6a1ba5a91281cbba
SHA512 2f24d69d48c4cf889db9b6d2d5c867b8ea758663e0e83ce1e7ecf650a6b5850669d35d46df3355a643bb2732b590d4609eabbe4aa74d4a4b076c3bb8e8a17d8b

/data/data/com.xgbuy.xg/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri

MD5 da1ee384869b18f8741df2fea7d300c9
SHA1 3d89f96be9958b1baa535bae15ae07ed683f4dcd
SHA256 081ff7debb9d7675708bf72c6c4b758669ddcd63c808a677e04aba10f32b12e7
SHA512 ab39a0ea58a24def8670aad24ecbb49df3e3c0a00d1a9f3c5ca0bff60c437ab508b82bcfaf8444d96f73a0b602db1dca8bbc49a5fad6b4a0949d6d3f95855824

/data/data/com.xgbuy.xg/files/.jiagu.lock

MD5 fcae1d15d3f5d972f42b1952c4e1a68b
SHA1 4929e835d5079d0e7ee0e20f149787dde60c1d1a
SHA256 42df170a6944c543fedebcece8a26f43c9e986fc4c2cd74a86343579e88dcfd0
SHA512 d7d826ee96b68341e86a8647aec75a24a1c08440bbfa863b786be9bdf1bcfd5135411a6f363734429dd439f30d57b9f9aa881e649c295451744fe36cae00e140

/data/data/com.xgbuy.xg/files/.jglogs/.jg.rd

MD5 7cef4bf7b995564773e94229541dfd48
SHA1 4270195392562f55dabae96238b59d535f5d35f5
SHA256 b599c40c0ae5855d3ebfb7b876a0390274d0432e41e5d58b4f347e941f2bbb1f
SHA512 74c9fdcf8183f798bfc0eaff0bf1b0950a72bce6689e2c00ecba8e98d975a4e0e872f8ea406f400de8f6941fcd56bf75820e044585ddb52df1d9b851cdedceb3

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac

MD5 3911ad10a2d9a4f7ef7a09639a1b8cf3
SHA1 d8d5dae863fe04bef8d987202e25e065efce1e1f
SHA256 0ae3380b0712c9bcbb362bcdf7b72504b9e495fe2987cfc20aec121977dba19d
SHA512 d58dc5e805e0e2d11a79c725285dbb3f75d351d456c87ce79439af68c3a6c2506f5814bc16f09fbf16462c93f5c781437a5bbadc4d48977782899ce9d741dec8

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ic

MD5 46c7a3c0004f15ed66fae7917cf02459
SHA1 8b9e502e201cb9a38680406b53e6b9d563d161b0
SHA256 62ded4545adbc4d2227296ccc92293830f9bbb2b00adda3734ce5879c9192517
SHA512 cbf444b650193ede5f99717ee5e01d9785f9c2bfd4df669d3a4c47969a7f2d447e5083e11ed932793f613d4b808f428437fa6a2be7e302601bb773077a3c9fc2

/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

MD5 aa41c465aad17300ae4088aad2109e61
SHA1 f313f99fcd78c7d28d13e84a1f79fe617eb44d71
SHA256 3526976bf7f0b38ac3304c05638c892da74f2cb9ad8f3435d2048a0d4b424102
SHA512 c6dcac9be3ba2e6194b657bd38738380033d5809c0f4f487eb4ac2ccad70a6eb5985ad40cf49e2aa5da70fd526a14c4f66655fef851b8ff3f450d49637c3dbcf

/storage/emulated/0/360/.iddata

MD5 5bf85148841d8383d6d7b986208f4e57
SHA1 3ae0cec3700200310342e6fe027dbf002e8dbb87
SHA256 5c84aa5fca03441f84293fdc45f10fe0873daebdee032eb82ffee4ce4bf8654c
SHA512 900486ef249d3e04f5cc092b1203a3a447a80ac84a870cd749fa428e850e13e2290d00262f99ebfc5be55cbd771c9b18eb0e4133cc668b6086fe525ceb1c96fc

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/storage/emulated/0/Mob/comm/.di

MD5 acc2a2f5cb76c41d2e97e0d409b53bdd
SHA1 ed06f22ff10e0912f50d53bc775ed2ae70f85d5a
SHA256 12ee2ab25175281fd1efab755eb5a5b442e91d263646c52118e6b1e97856f448
SHA512 faed72411dfb1546a82a302b6aadf921bf66a09aa4641a6d1d523e5b58c063d5210089ca2d7dec8aadbe1efec4748a8abb36ab9fe1ab18539a92b76730b85419

/data/data/com.xgbuy.xg/files/.jglogs/.jg.li

MD5 94851c29f2c9c53834cc76234c7e1252
SHA1 b116d2a9aa614305bc29d50935795dc8d26d72b8
SHA256 bbcab80618b51ddb1c14fcdaa78d331d37702eb12e10dba445b25771661fd4c5
SHA512 a7953f979f4e0035581aab7eda228157baed9fc34fe9e6573682e4ce67cc817421b3eaea3509e6c5aaafb8078edf006fbc880f7a39d942badf4f291e6a42c607

/storage/emulated/0/Mob/.slw

MD5 19402718bfb1c685a726b4e1d846ad98
SHA1 02a7e30044a67085f2f1da24e16e4ecfede65b72
SHA256 079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0
SHA512 25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

/data/data/com.xgbuy.xg/databases/xinggou-journal

MD5 b01be4fca1ab221be2fb0e68545644cc
SHA1 fa904c5b9df93723bd3e83131a9186c10780a14b
SHA256 cd660f7b6bcda0f7cdd5aed9d6bb36df5d66dbc2f68e404a6dcb12c30a8aefa0
SHA512 05238e236d31f8716d39dc0c76f09f9787badd8a365e277970153648a2f4fd6579bb12e3cc5163076c49736b6fd77554c29153adcbf9b8113837fcd94c438aec

/data/data/com.xgbuy.xg/databases/xinggou

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.xgbuy.xg/databases/xinggou-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.xgbuy.xg/databases/xinggou-wal

MD5 3d18fce26a306b45efc160c225b5113c
SHA1 4e27e7158267ba1a42c87d80ca2d9fe47c0f2b36
SHA256 7ef983fcbe31888c588626b87d8ea7f6448f7bdded04abdc5e66a3411f5368aa
SHA512 4d43f2f628a006732f76e87a0e583fa4f084a16394bb86c39ef63b25595f7cbbb513a1f993b86c55fd7270455e49e7e5d040f7bd7c5c4e45c3a726f1b6138a4a

/storage/emulated/0/data/.push_deviceid

MD5 dc6bead3f51f99d3fa11560e8ae37950
SHA1 4a71449362c2f928b2326061518d8c826a7c65e7
SHA256 3aefd5bebb16447f33cc05cf49d46e55fe9db3011b7c7fe68ce37794ec388d8d
SHA512 1a4359b370536c57b67f3a8c6fad00985ae0890ed56ba5963492b1b3acf71d5a8b3c762e179881aa5351f34dd6cb4c337d7d4fffd35eb597bee0c0916bb44986

/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.xgbuy.xg/files/umeng_it.cache

MD5 321524811d8fdf42fa90ab72c7c1d3a4
SHA1 5b5ea3eab351ff8d0cb7decbd0ce707a2e90f757
SHA256 c0ff456bf89c7afc6aa4b8137eaad6cc45edaaad23683856bac865a0ee04a9fe
SHA512 ea4e1bb71075c1df7644a5b7cb9da389367258b9b93b214f53db9266ee353621ccf84cd66453a98f9af76f8d77a166d82b7bd1a2e75381bc6cfe81b51698f3b6

/data/data/com.xgbuy.xg/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NDA5OTg1MTI0

MD5 05db3af91090e3df03b29b8d316b10e2
SHA1 64e6f845b2b3f75dd1ba85811c342f1c566e9d77
SHA256 0769db7b51cd2843e43064492e7c69fc9f5679e9785151f4b553253bbc9a2b4a
SHA512 16f76cca6a241451452d63792f552781dc167e331913d5800a863c616888fdd80c18f68fca7501979037c1405d61eef2ab0a68c25751c64e8e8cc57de91b6c88

/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/journal

MD5 37063fe243e9f0c0f014f25134b1fc00
SHA1 21d2f46acd1389325f9d3802807689f712f28a10
SHA256 a45f75c5ecf2ad7f9c8c66b70a6a719abdeb7ec73e80550f9e313bda34c305c9
SHA512 371dcd1f2d607836de0c7d6155bfd8188a292dbad5f4091edd34c81059f2f3bc2547f9ed73f77227f2e6e88ca133a9d51a2b50ea85da02514153592cf73dabe0

/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/1b980bbc765294097260c5501e33520cf79efb2e8ca5547693e262f223514bf9.0.tmp

MD5 66c0c680753df4ee0641951b8cb1d613
SHA1 9573fb478fdd97f871e9019c3b88f27adb879a29
SHA256 97d7cb4c347498221f9b273a11449ce621cfc8c6b2770f4d57a8b3dfed67188b
SHA512 0c169a3f5dbec49a8e14d3381e4e71aab60b454365e84879f1892335ba0294be71950eb9bd0de528cfaa51f702384a66361972875dad163d46b7ab05c23881c0

/data/data/com.xgbuy.xg/files/jpush_stat_cache.json

MD5 c34c6a488a892fff4d7e4251fac1e677
SHA1 36a44cbcdfcc5e7575ee9b585b673f6c49239d4b
SHA256 3f59c37546fbfed36526c308a6aff087fe8467486553eb07525714cf5ec0dc77
SHA512 12291757b5abf4533f7450aef77966abd9ca12b9baf61abcbf82dcda4eb09060e9a76a95ddf1436e4e900c2c26cb12444e8adf50d28372329be37121f675d033

/data/data/com.xgbuy.xg/databases/je_1000_ISME9754_guest45676496311916982778320515625189199630-journal

MD5 56d57e850f29f48f6141064e194c4b71
SHA1 8f261773985a1c83a99b4352631bff1086776051
SHA256 200acba1bb1f6a04b0499161b542b5b831dfda74902d7cec45f2a1ab3b398f0d
SHA512 11dd2d40d473c8f5910b6b6eafbc88e6db5af7e0ec92ff96402bb738b10589164234b4ffb6d79305de87d7eafe8b1246bff476f9b1d0cfbe391a49ee75f428ee

/data/data/com.xgbuy.xg/databases/je_1000_ISME9754_guest45676496311916982778320515625189199630-wal

MD5 0b491d800ac7a516ddb9ec8d37f8a575
SHA1 006a2d54ac2b55b7a23b2394f6c1cca4f38bff42
SHA256 182a7c465211c1d1e721bd396e61faaf8b2e8ab9c51120f253f2a270bb23940c
SHA512 4a8c346fe278802b58db9aa5ea937ea917e94a92ff0f809a1428e17628a3a4415022b3efb6777e60aafe6810aa23a343d278e73b905849b8b4cccda7b1fcc04c

/data/data/com.xgbuy.xg/databases/Reyun.db-journal

MD5 d8a4dd69857f8252b9f7e8f4300aef96
SHA1 e3bbb7963cb87824eea3e5dee75feed19d6ae163
SHA256 a0ef1b9b79def6769ec8a0b08e2cee18015d0adab82988a8a655784970e3c7a7
SHA512 58d16a032d3faecda1129b0dbe3e0b9deed14353f5141d7b48d0f260cc88869d0c33e0da5f7c527a4fd64d5017978e05f500a2f8ed352887b3242d0a61fed75c

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 b4c439c593c26e5ac8061901e6ef6f58
SHA1 9854ec11606f32cd33464bcbb950424ee49e7b27
SHA256 045a0978f4c7fab9a1a96fb6fda8bf2fc5896093936bb325c8539927a21945cf
SHA512 33a8854ff119cbc7199ae026374dd241773c6e54e621c408249c15a76eaa9a70f2e76febdd5d9278e0c8d06ad0bf63aa05f7341557795414c104b81b70daca11

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 027813d2b1d5f3aca3e5db9c7472d6dd
SHA1 d56cf3dc7db8105fd0b50ccc8576589b080c24c6
SHA256 a006219c8ca994e74652093d1adcceebb44c26ca4ebf46edf9cc6d62baf63fbd
SHA512 340cf58df2a1255ba2b508abca7401480bdcbb1c48f747f0c4b81b02aee697f4bc2e8a3cfff5bd868088fbd4462288d9b3e0f78aa682e623cb82210936935aa7

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 af2bbdfe1e2bfe5b10e098d2b5bf11b4
SHA1 941e286a4cbdc79cf8506a03a46e7049af08e01a
SHA256 fed4438bda19384b2020d992c5e32215f5aada55bf1384222c1b1c77e2faa66c
SHA512 6c5a972b1f31a171a8a93f4923a766bf7e905299119a532dbe68b4291f01c51e4e13654901707ddb579218bada17b059d3c3a8ddb124cbeeb3adaf3e3920323b

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 1fe18ea75be1cabd6a77e01525b7516f
SHA1 60e993992a5ca07f281bc77398db6bfe05c68a5b
SHA256 23fd3dce57d8413256e5ac1aba4eac6996a5ff718d0cfb605af7f1463d0a847e
SHA512 89538d03b70c844a3313ae7cc1eddc0551b61ead01e51c2bf48137d8da24d756d2594d2dbb5bd0e3ce308ae66cbfde10209306349f8cd78124cade12826f6b90

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 a96150a3ca80e87268152eece6312590
SHA1 4158ed5e5ac06068c7d4cbe29c5d38d6f2bd9642
SHA256 7a665f79636e3440bd2431819e4d9a89f1ea67bf9dcd7f4b5d53981feb561fdd
SHA512 8e57873059c7bec15f125db5c067dabc6c5b552bf2547523845b53e4e7ac3fe03300e2af2434f47712b8088a3753cb69a71e24a2f494012837db8c1219100a1e

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 6eb2f8d13bcd4adc4c6c16ec206aebca
SHA1 d3868453107a365de812e74ebb033aa2c99eca3d
SHA256 9c182d69b509e1cc191c284c6fba42bf310fa14b56d7f291f7acaecdb5c49ecd
SHA512 ae0490ed231c747d7fb7afda55d9a6447888b534b3309b769cdd7316a1884dc31fc83b6ff963f2fae90f328ea7c141f6f3d4f240226fc244416324e96d83d2aa

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 a59f4037c378c5e31bbb7ba9125af97c
SHA1 2baf69cfc6f2aea4e35c45214676866f742be704
SHA256 8932e4036bcab3f76901a47e9e93448c34fb477a1360c95d2fccc581456405c6
SHA512 b6aec8c811d9ee7ab1fcb49852ed56a59417961dcdb78dae98c635d0555b60f7ce527631e6757024641f2d5b9f238610f5dbed15ddf738fb3efbe84fd7bb1e10

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 442b629877ac8ae34d28e8c5fc83c11a
SHA1 52d82d5bafc1363417d6b8d662428c34c5f7a87b
SHA256 71a3976d8316cff2fc7f064e2f266893775b42409d501e1821253985b4474a64
SHA512 2c3e57bbf423cd74eae6dc266960ba50dd372357ee59ae2927a84a9af8d8588ed1960ab1524a595fdc7a94e64803d6fee4348b8e4aa6c33a9ae4d3e049258702

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 ddae606cd3efbeaabafccd78236296f5
SHA1 2f0c7c5368ec8923feea31e305742b9b29432f72
SHA256 9d3aa1b5978addc6ea90ef1fc7e3797330c9bee0de53da8b970bff0d5ba3543f
SHA512 9a779b30ec9181ae9effc4c558691ff454f4b8400abdd7dd31ab0b4389d7fa8299a95cfdc8363d4872b9d15055a36e59ec12b0f8379956571068476d7da18352

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 0b478ff77266a56aff346ea52ad29994
SHA1 8d492438961591a9a8b393285522669a1d4d1aa1
SHA256 20805245256a86b9820765d2f2adad79ebdb7b6f0aae1c2159f00e4372ea9470
SHA512 b80820ced48204839de8f347e257de23c847c47887a339e08b116535964d7a2df7a5ff913bbd40f9a00b529768aeab59af9bf15e28a06a9f5db24d42b1e899fa

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 fdc41ab0d737dcab6eedbc15abc5cc92
SHA1 bf8bb7d0fa8319c636a56b673211be7a31ece128
SHA256 e74abf5714c19abda65261726fdb38afdada46e680c23b993051d487bc25c9c9
SHA512 bd1cd0341db8fa9b0816fc2797c4362634ad6481080e27b0bc88af4387d39114e6bbef310d37da23fea685db86ef986e59207680c4c113a4be174d032f534a39

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 6459b6c0d8f2e34fbc2a1cb7d1bdd17f
SHA1 b925c24c59309ff7358f2ef7d9a832dc62e7c90a
SHA256 e2ec2084173a63f311bafc410bb706ab63a9116699718a65893c0930a9613439
SHA512 4b0891a99cade17af4921f6f06c687796eb1bd49fc68cf809ce9d976670bc4880a95ca4b6038f4aa5f54f77b3c4b006c20d031f0568319783e3812fc3cb37439

/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journal

MD5 602d6fa4079c3ef2f04f5288b973c11a
SHA1 134a2f8fead88251998a0513e3fc15aa3e140129
SHA256 9b69109c86ea608be6c5c40968bc8e983c20ddb0fc9db852fab8182a05accc71
SHA512 f5ad3cd1318ac8905be469de268b2f141cba5f519d20b801963b4bb61b9f0f183b7de3976aaa56ed15cbb7f9117a3b5f82a505d4d4b9fd16aa2e843cb15333f1

/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-wal

MD5 8773bf4df9b6dcb599578c4ddfee4e13
SHA1 2864649265e62b184df6540e37c14397bf169d86
SHA256 bb92a9d77c249181732aa2377fbf5b5f48168913784a886d5868cadd6e9029fd
SHA512 8f963ad7e39944480e2e87f6bcd9d248dae735b6e3763e68706d65bd7d2b656861bb6e7adbfd6f56baa5abb59ca89081a8d23495a569ff328878bfc1aed902a3

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 8e24e79baab91c4d0604eaa9006a0cb3
SHA1 e427afc94a4b957a7096f73e395a10ea404c076b
SHA256 65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d
SHA512 45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

/data/data/com.xgbuy.xg/files/.umeng/exchangeIdentity.json

MD5 a45666c4beb68a071f0067ea619df637
SHA1 52618f0c8f961d27ffb1a89019c08c87a09d3386
SHA256 f22a581db6a50879005693e5cbbf9701d0595d5684beac19b47cf069579bfc64
SHA512 93c6dad6f25db559ff661fc42b815be1936774ec9d952110a21be84ce845c7b2e21c075a4d2afdbb1df915e1f07dfe780aa6100409ae3d31ddb00fc697aa5b90

/data/data/com.xgbuy.xg/files/exid.dat

MD5 0ed3d3c63deb5f472aeb817511216376
SHA1 d66661a80871d87419a68efb3e4721029264b60c
SHA256 dcb4ae6b59499ba1157e9ebd439e7f28cafd0fb91b8593638a253e4e4ee32b99
SHA512 f92cca74ad695ee05c68d718ad07c19196425a7284862ef647a0fe8612fac7f827c81c5b23762f33972ad6d9f8c4d8fbccca9a71af6b4de33505384f20d656bd

/data/data/com.xgbuy.xg/files/.envelope/i==1.2.0&&2.5.3_1717409993724_envelope.log

MD5 877d8a6b153c02829df3b1c5efc36c93
SHA1 2afdd004e22daff07c5aaca93ca6b6fca256313a
SHA256 7888b73ff9c52c00ae9016d1013cf9f77bf4fafe126bd9a11917e8d12ce9a370
SHA512 5b79d2169bb5aff0fbd834eaffb9e778a2b10e830bdcb0394e2c4d220738ce2086e6b300577dffb7ba8557945e0a873ee16128f7fd4f92c07aa91c2a8fafc318

/data/data/com.xgbuy.xg/databases/ua.db-journal

MD5 e20447cafddec67684810a9e60f286ca
SHA1 71e0a54f45b293bdeedff4d2da27616cc6b25dd9
SHA256 e4d7c475a01f314e149a1ee942e61f07fbf8413c3a45667517f1adc2d727a4b0
SHA512 e616ad6501add1cef4fcbac41777e2b2ffba6d9b3f3c3fe9f56d63ca9eeaa7ff97da97856ba33d1b6675c27c6c121ec19307696ba07f318338dd6cb70e67f59b

/data/data/com.xgbuy.xg/databases/ua.db

MD5 0adda9c85a5e4808f5b1b74c0a8591a5
SHA1 5048107883ab1e345af9cf2e6849ce46e0e612bf
SHA256 1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1
SHA512 646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 1fcafb542c39c675681eb2ade52b7d49
SHA1 c15a4a4f03514b77d31e02632cc4f03458958066
SHA256 f5c90101491d8495afa9786b3c448b6c82c40b8424f931197fac75cc2f7af196
SHA512 c2920ee77e09770c5cf54443ae28fc677574174eb37730b5de042d6922a83099ac5377bd5b94e9bbc120199260d5ba22f5f552b2548197da70d2d7303c59d2a3

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 261f053d7d2852d94a2e255c6fba6b84
SHA1 21e6afeff789b077dea11f17566f3bd62bdcab81
SHA256 3e04b4410ce1ba7cff4ad024f9b84bedfef54866827f7d555bd855ec245aa6fa
SHA512 6335436e4731024bebdcdb24b24b537d082ed3514919bec79dd2969d36dcaf1c23b084e86fdee7780b20a699d99948a4c3ee55a9d3af6faeb831bd366e03680e

/data/data/com.xgbuy.xg/databases/ua.db

MD5 034da429c2837509918d82f179caf1dd
SHA1 899e96f3f4ff8743bfcd20f7a2d09665411c0a52
SHA256 7adf9558b4321a344a78e7475cf761641373a9b2ce622398c2228d25d8d816d8
SHA512 03cadaac626d344fe0b4d698b76c1e4f1720361a836fef75ec080233ed84bc7b8f8c84e6e93be360054ee412dde41e8dbac4819b86f58eb62229316c1d3e5f47

/data/data/com.xgbuy.xg/files/.envelope/a==7.5.3&&2.5.3_1717409995979_envelope.log

MD5 9de407a0d4e11dae335c5df6254a3a51
SHA1 1782b3cd1771f9724f09bc6544f0a8e14e45916c
SHA256 786446472184b4309f5c5c9296a8fb4e3b23dfa965f3c58a1598da2c106d2661
SHA512 d2c071ead26f67c06b1bda02da6a30a87ae754018106adcadf27983ac3fbf5efb9e0227e135f1831346e9b9b9bb8969d90fffbf9a0ca52f4e92013cdab0cda66

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 7174b594c0b520a3b8540826412690ae
SHA1 d7905a87766202999b686dadca080c587891cd1e
SHA256 14860252561dee9dbc249bce4b86fa569b038c0de350f510c37e60ec9d6e494b
SHA512 1c7dfb760dad2b90fb75d9f3f1376d87addd16cff06e1f3a248134fbf01f74c90316dae4a7ebc322f93a5e34ca636312543eef58166a3edcb9cc75d8b40c6613

/data/data/com.xgbuy.xg/databases/ua.db

MD5 1838f4d835fd01f3b67e3508a49a7bf2
SHA1 7e8331fb713f9bc51604de36001349f88b1ba45d
SHA256 4fc25f4c6bfba8d461092ff2ff7dfcf19eab4b5abd084677447a02f393a921c9
SHA512 7362673a5971edeae7bbdf80b023f1c5a4666109722a169e565e3a31e2af8bff482102ee478cdc59c445fa592215cfce086a4a097eb063ffbf3077e5608e7bfd

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 29f18322f68b1f89a4d2701bbbae64c9
SHA1 a0d6aafe69cbad56be357b0fd99fedc47ae66e2e
SHA256 823dce3586532f8d232fdb67723a106855b86650d798e3c04520cf205d3f07dd
SHA512 7f1bd9633f8865eebab5530ecf46db715b7c0098a89f12cec1152cd24fdf69d645c575d7725688169260b40eb405a48c18692346cd5fe846089e0c6f5bfbc3e8

/data/data/com.xgbuy.xg/databases/ua.db

MD5 90f8d79af4ca863e37b7c866b0961c47
SHA1 3d476c95cc39ad5ffd8b1d51a696e0fad188c8c6
SHA256 3d978653addd5094306f01ad120bad5e261e9db0fad58a8b9dd6303c4f72417e
SHA512 2e2daf8e26b936b9e6d782c868a83bb3e352e509d1f7df3d4e37210cefa41553090c7faddaa95b250e0d2dba74893cc3e270123ed685e67a61d35075c4a7afa5

/data/data/com.xgbuy.xg/files/jpush_stat_cache.json

MD5 a0454dce06bf70ee993fa0f5715a22f0
SHA1 a5cafcf28b57b6a1ae4bfa47536a8f6b8e9c797f
SHA256 4c48482b727fb20980262373a93511eac5e33f3cf8cef966774c13b0134710b0
SHA512 d9e08f64d6f6d497b9ed4284baf23d43a0c4eedc6398cfeb7b60e74ab6db67d7c71d9ef9252d4c0b59546a8992f03c140bbf7dce89b56a07f4599b8235dcf08f

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 547033afc8b23be544f83cf71d321818
SHA1 4d5b5818cdd5cfcb58c29ca77480571aebf5f51a
SHA256 a71ced06965023494a3e560e9c16c12970d6baa7a7acb140d72b8db8e438c967
SHA512 e53b315f11184bf56e21d5dc6687a9b721f197592b7f634f222cec3b347b74a77512ed3068102fb89d14a64a388a78e34b382817082354e7e0175acfc120946f

/data/data/com.xgbuy.xg/databases/ua.db

MD5 c5aa3817edc8dadf8931e3f02238b6ad
SHA1 7006aabd0ea0cb2520b043772b01013c48971896
SHA256 afc29f8be302b2dc85693ecc1744c62ac083cd9e47053b4eaa10fc730aa47f6c
SHA512 1a957f5c9671808c1afbd4d528ed99863da63c55d2a15631d39ca84e2296eeaec5e8e58285ca1242fb628247d36309783d6477f344ec3af7c5a92d673fd1a690

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 eb76a809c3edf608f36c109630f96474
SHA1 a3f31b8e47ee59ab6838e88b74540999a1b7b73d
SHA256 a1c6be046dee62807f6de3cdc058823872c67f97e373fd6d69910bd2b27f6bb2
SHA512 3fb0541b0b3addce9cc7ba24b2e646e4844c413234f7257aff6a2f7f28a93d931edc0766c79033323ebbde7134988f2fdce3d954bf2e9411cfbdc967450cf5ad

/data/data/com.xgbuy.xg/databases/ua.db

MD5 7b7067983d9f5cebdd7de671898f5b43
SHA1 92e511ac4a12a2370a59b0c7f212e9d0c6c7f822
SHA256 a300c000c967b2be1d1b3236384b947b35d37ab783dd34ca6d11de7939a5b988
SHA512 bffe8359cf35fc751cda237dd904f2c7b14c7e81688bbc2f0f6bbd232c2a4b6c8e62cd63716e66254a5644d6fcbb004e6ca7cc692ed87fc6ba5e7b190dfe4543

/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

MD5 22c9e8c138c85f13432f51b7e87318cb
SHA1 c813d48e91c64e4d7fbb92f653ced4e29dcae2c0
SHA256 e13410ddace5b4febcb02ded1d76d5e6a82806c634c606ae8f8e034767f7a556
SHA512 0f25e0e16cde052971cd4c61faae58fc05e4932f222976dbf72dbf4d9b882624c2da40de051a0391a875c0963347d4b71e1a78eb4d47d6c30e53b646b0f30b73

/data/data/com.xgbuy.xg/files/Mob/mob_commons_1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 f7a9c0cf3017560a73fe0bb5456c79a4
SHA1 3186e9077ae62a90c8ef39fbd0addfebe1a6b164
SHA256 631a32f6c8c45784bb6a527c4b2393f99350d94322ebd8c4556af8e2198ed29d
SHA512 366aa14ba91b584e395f9c58d5bf1a803e36b5cbaeb66d25a268f20137048f3bdd0164002354eee3dc7e3b6ec519c14c5a636466188a60bd414a93ead6ed7cc7

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 24a57199ba920d1b1b8adf7dc7acf8de
SHA1 bb642a760488bf86738eae7bab0ff0ef352188a1
SHA256 bb499bd6875e7139a2bc85b09f5b23905fcf6128f4e7ceab2df2e2071ec7d469
SHA512 2e5040d901c8b98caf52f80596e9b79b6b6de7b8ae62e5569b4cce8605bad7a7bac02bcd785790f2bf1c4cc6a7bd83513f52c2247439c2f53a22a86e868aec78

/data/data/com.xgbuy.xg/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NDEwMDE1NDgx

MD5 082c9cc53ea2ce97aef7e18d7e19286c
SHA1 99aad7c65cef9083c2c82f2c48695433718e3ec5
SHA256 5ef7e8c74dfdb7db1d462d76a3849149cd8aa8752a29dc13aeadfb3d8273518c
SHA512 a0b9d22b6fe661cfa576e5c48f684e7ff2c47036bae4a9ebb5cdd4da26c0b15a0c032cc7a699222c171b6daec7317d037d0f82125edd7988aa3416dc7424929d

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac

MD5 81024874f926b0c0c9e613997c9370b1
SHA1 a7b4c37570f3e5aa7bd575d0dbcc71ff9079a95c
SHA256 da5ea38fae9a292777936eae50a76aae4d2a589550448aa6970383e44aabe7d6
SHA512 8ae3ca2a1a4ea6c514fffeb911f4c42ff173433a7fd82980193d883196e748e458e83ee42051ccbabfa7f49792dabbf1eb8a72fea3db16c2f157e7ada4182830

/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-wal

MD5 bfe9e25af42ebe6b6b831eac9976712e
SHA1 2a714a1b6c656fb8f15253f9be7ffb0e00e25efa
SHA256 473c5395e4a68011ac554a0260da164c562eac5f555a742d9283d5ec9a36b1cc
SHA512 07955e10a82eb738f8483dcd402df4f48c6fa89ccfde454684b4dc2b2fc148c12ea9d83066ac13d8bff27355957a971b9829c2567091d9dd19f45bfc365ceb2d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 10:19

Reported

2024-06-03 10:19

Platform

android-33-x64-arm64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.228:443 udp

Files

N/A