Malware Analysis Report

2024-09-09 16:25

Sample ID 240610-pelw7sba76
Target 9aa0e786e3917e9c97bf68246c042a6f_JaffaCakes118
SHA256 db06ed5e6637ff22be77e5fff45ed82fb0869f687da61672705d9b89112e3ed8
Tags
banker collection discovery evasion impact persistence credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

db06ed5e6637ff22be77e5fff45ed82fb0869f687da61672705d9b89112e3ed8

Threat Level: Likely malicious

The file 9aa0e786e3917e9c97bf68246c042a6f_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence credential_access

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current nearby Wi-Fi networks

Requests cell location

Requests cell location

Obtains sensitive information copied to the device clipboard

Queries the phone number (MSISDN for GSM devices)

Queries the mobile country code (MCC)

Reads information about phone network operator.

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries information about active data network

Acquires the wake lock

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 12:14

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 12:14

Reported

2024-06-10 12:17

Platform

android-x86-arm-20240603-en

Max time kernel

176s

Max time network

185s

Command Line

com.jiuxianapk.ui

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.jiuxianapk.ui

/system/bin/sh -c getprop ro.board.platform

getprop ro.board.platform

com.jiuxianapk.ui:pushservice

/system/bin/sh -c getprop ro.board.platform

getprop ro.board.platform

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stats.magicwindow.cn udp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.106.211:80 log.tbs.qq.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
US 1.1.1.1:53 downtjx.jxwmanage.com udp
US 1.1.1.1:53 apphome.jiuxian.com udp
CN 101.36.158.56:80 downtjx.jxwmanage.com tcp
US 1.1.1.1:53 community.jiuxian.com udp
CN 101.36.158.20:80 community.jiuxian.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 101.36.158.20:80 community.jiuxian.com tcp
CN 101.36.158.20:80 community.jiuxian.com tcp
CN 101.36.158.20:80 community.jiuxian.com tcp
US 1.1.1.1:53 m.api.baifendian.com udp
CN 101.36.158.20:80 community.jiuxian.com tcp
CN 120.133.14.75:80 m.api.baifendian.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 120.133.14.75:80 m.api.baifendian.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp

Files

/storage/emulated/0/Android/data/com.jiuxianapk.ui/files/tbslog/tbslog.txt

MD5 47e2ac523efbef44321f0d272f10132d
SHA1 77bf4fc85fa12d873664faec0d22f69322879b49
SHA256 ad6c4b37db3328b6759d73c992d61ccccd8efd7d4797b3456a1e38713f483900
SHA512 621ea0947262705a6621cebe098879583ae31494ccbe02c9840838c532036b83cbd3052b407122f0270d97d3078269ddfc57f1b445b4e228cf4ff0bb560dc5b8

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 6790c4c55ecd3ad10a428afa8abd839d
SHA1 75698bb926f3b7048c7b48b150c1e3080a382430
SHA256 d991aa6dfa6b9dd30a05462ad12ff1639fc4e45ea55f172bfea0a9f2832cdfde
SHA512 d8bdf75d5201f60fbaf6e506dac775287520448646816bc8f5a09e16d963d84319b3ad09131e7ea507f73757326395202f0f957abeeb9ada17e939cca2ba1022

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 926b5cf5ea510c507ab3c8ae8d0cefa3
SHA1 915264ec2d4cb0f3d08509119fd760226134a63d
SHA256 4895cfd94855156795ca09f91b2a5ad65242fb55374447e8e87233944cf7b594
SHA512 419eb61c664fa24cf64fb6a4410ad6e914300c1e80ad904aa54469ed5eaac28dc65e25b39a55c98cb410bf090a0808b4496034e9f63ec42e752aed2cb6b0ef94

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 413d4b731e628bceb771686ae4552de5
SHA1 5137d86dbc1e7e29816254c6395e43a067096952
SHA256 71b7c9b2ef0518f06afa3961b11ff9ef9f202bd70f27f4e011081867d38bc2d6
SHA512 498c7f66501ae40c6fdedb100089bce95b121a40427ebf815b8649f189911883dc4cef7790e6a590bcbc17c24f2c2933b273d332273a9c824743d896af2d906d

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 fbd563302c6cd90ed58679a347905643
SHA1 0d0e1382a875dbd1cde36af53316c1ece35a447e
SHA256 0b747c30994b66fad63093bf26e6bb5e182765dd51e1ea8757afd13f742004fc
SHA512 bf6c6abf9f5b497b2254bf0b648308b10a6be39a9474123cdaf56f20c7848694c65b5a0ff1998765b4abcd9caa1414f2078ebb6fc6abd902fe7b6fe2f136daef

/data/data/com.jiuxianapk.ui/databases/bugly_db_-journal

MD5 71504d821a340b0a630b762fddba16af
SHA1 0d6607652ee2bcdde214b7f497ced40b6c048a42
SHA256 93907f6049df6ead735f97c8ef95f9ae47aab5997a15be209c8ee0197aec414e
SHA512 9c19f13f66d858be9fff9e29d7ec546066a0ea9d9b9cdb8f8c3c99be9622147bd49dc1c26d41f31ffeedc266722c8b8d2eb18cc0eda970bffb0b0b78517030ab

/data/data/com.jiuxianapk.ui/databases/bugly_db_-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jiuxianapk.ui/databases/bugly_db_-wal

MD5 089eda632d82b0280c440902d9200586
SHA1 19d287414d4eddf7458e69d88ba010acd90902c4
SHA256 04a00b8b50b3f61a9cb6a68561f2977d13aad38fc9c9532a9efd5479bc8c4ace
SHA512 a23e7ca9634506b3236a7dbeb7745fcba9d7444f763f3fe0268fa734487859e83460f83514a3ee0b193a787cf3d7c7954d1d7e7b0ee7a3c8b7b930abc6aa67a8

/data/data/com.jiuxianapk.ui/databases/kf_9288_ISME9754_guest7513302256509357-journal

MD5 e541b980479d0fded13e48e00e0435f0
SHA1 fdeec8325bec023e4eb15721033170e7432c0796
SHA256 95f7c8ab687d517f86c2164dd8180f1bd0566c2c57890a7e47802c328134ce71
SHA512 f35341677669e62839a09d292d84142dade4c08542419c656f7b26b14e4d0df21690d94dd75f9f16cf492a72f4d53ecfb35c86462e0b23383a1904c57e905dcd

/data/data/com.jiuxianapk.ui/databases/kf_9288_ISME9754_guest7513302256509357-wal

MD5 ebf8c6559bb54c75a40e829203294c46
SHA1 ee21bc055f324300a97d4092d54f470994ee0e4f
SHA256 80b3faaa1730d8894d8b0b70cdc3b37da54fb75dfa8d0ba62f1a057811163e68
SHA512 21966eb272e7f492dff50d17dfcd2d9daa0c2c4e639cc9abdb1ddd5438192aac2d3e37eeb843bab3be57d1707d6bf9e64123866b3a482eac6160dd11208bf336

/data/data/com.jiuxianapk.ui/databases/mwsdk_analytics.db-journal

MD5 df525ff36ae3ab6b2e774b7b121c2163
SHA1 7b9530acf1fe3f1f1eeff1277470bd2ba4991fb0
SHA256 b9c20aaaec505a90759fa084b3603696548f3165a2c397acce208b9469c71263
SHA512 53127b8a226012718c0c6f812037867b0ac28ed7ffac6571f5326c777dd300e358871531c3d7aa547bc89bb4f356d040fba43da86ce4657c17990f71a93007a3

/data/data/com.jiuxianapk.ui/databases/mwsdk_analytics.db-wal

MD5 81d075552bdaf213f191af61226f8598
SHA1 9dd04d6e5dcd7378da8637d718fba38a274764e2
SHA256 2dbc8201112b1652e205f9697377cfdb1cd2d8c6f47d22f117d9c162f519a072
SHA512 485760a25205e4671ec3a7000ac1b5abe12a4c5abb57b609a76154bc42a26c30f8ad119a8e6df99aeb4c143e97ace88c9c56ae2b02dc6780a93188e9398585de

/storage/emulated/0/baidu/.cuid

MD5 e2da7e998f3c11330c7ba7bcbe1c026d
SHA1 80a10962d8a7c55f5e720b3c588eb9581a29fec3
SHA256 b3453342e8b86070ead847aafb37be16029a1f6a570f53c57ca051c9eb9588e8
SHA512 d33c95e67df53d57fb8678f2893730ec06de2f12e95f6d89fc233f2cc458b9f96f998b7de6741e66c4b935fcc8c5eae32f1d9ca487b3e2a9b8f9b9c109570a9f

/data/data/com.jiuxianapk.ui/databases/UmengLocalNotificationStore.db-journal

MD5 5074c7b234a3a53aabae0cb8249c498b
SHA1 c7d58b94107ad01bea8626dc6ccc699d87d4e5ff
SHA256 d7441805b89f1fcab41559fe7aea0850526bedd6f8d8ce1aeff2d42ff497fb37
SHA512 7c909a850941566823db8a26750ae72c254f9f17866e71f717ee2249f69812326b56421ba44988c63cabe96d22efe90456e8861334ffe50c769eea7ca2936a13

/data/data/com.jiuxianapk.ui/databases/UmengLocalNotificationStore.db-wal

MD5 42950927e08915a262566d84a2659276
SHA1 304537725e6aed359ca4e6c1c9936729f19c871d
SHA256 41a5aa88b9f00348fdc77cecb3f2db651023dc9c4899ad7e09effd7c35d19aaa
SHA512 43f425c20a85946e3579131bf196d13333ff84ddf66222044b6c63d6b4c183b189a4649dfc029ee9a2af62f30fc669e5e246f1df93794a0d37e12bc69e73c19c

/data/data/com.jiuxianapk.ui/files/bfd_cached_com.jiuxianapk.ui

MD5 85efeeb73408d68e2ded93206fd675f0
SHA1 9c9fb28a44143dde18025be78f0cf0c8ee8cb76f
SHA256 c2acb236ad45f6e9bc6368809e088224b73f2593bdf907e20365350481da20fb
SHA512 b4f4d4fbaadd1a149ca49a5f18a238eee41fc57328bdfe488453522389317695aff54e82596a1e7246a60c54a58e1260900d1fe45b169a99273aed4590d71183

/data/data/com.jiuxianapk.ui/databases/bugly_db_-wal

MD5 922b86dbdb6bf9544c3a9654f656d458
SHA1 c69e7f4ccce9aa7be68c89cb75cb7e3ea5731640
SHA256 da98129db93b010111a02524268bdf807756b919b061a324ea41e55114a83831
SHA512 3a68a23176e1cea0acd0c6c630538c903e55c56c2c654b9114e5c6db408e2cc2da78f03c5b71022ec931fee81ec205d4a3b2a0287b66265552c90e8731ec631e

/data/data/com.jiuxianapk.ui/files/bfd_cached_com.jiuxianapk.ui

MD5 d98810b8a1a240ff40a49df0337220fc
SHA1 848487bc7e297473eb95e301f64a9af80a965257
SHA256 ee03e01360bd68b2b8721b8e7f6e770b9256f79b86e31f4c66eea25055a507db
SHA512 ab8343396bd579258d432435070cf7567584abe37ab93099fd2c4093307141c65b445ffdf02deba7a34fed01b63259d4fbaf5949c2c3a8ab91986476ce1de030

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 12:14

Reported

2024-06-10 12:17

Platform

android-x64-arm64-20240603-en

Max time kernel

179s

Max time network

189s

Command Line

com.jiuxianapk.ui

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.jiuxianapk.ui

com.jiuxianapk.ui:pushservice

com.jiuxianapk.ui:location

com.jiuxianapk.ui:push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
GB 142.250.200.42:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 stats.magicwindow.cn udp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.106.211:80 log.tbs.qq.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 downtjx.jxwmanage.com udp
US 1.1.1.1:53 apphome.jiuxian.com udp
US 1.1.1.1:53 community.jiuxian.com udp
CN 101.36.158.56:80 downtjx.jxwmanage.com tcp
CN 101.36.158.20:80 community.jiuxian.com tcp
CN 101.36.158.20:80 community.jiuxian.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 101.36.158.20:80 community.jiuxian.com tcp
CN 101.36.158.20:80 community.jiuxian.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
US 1.1.1.1:53 m.api.baifendian.com udp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 101.36.158.20:80 community.jiuxian.com tcp
CN 120.133.14.75:80 m.api.baifendian.com tcp
HK 129.226.106.211:80 log.tbs.qq.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 m.jiuxian.com udp
GB 174.35.118.62:80 m.jiuxian.com tcp
HK 129.226.106.211:80 log.tbs.qq.com tcp
GB 174.35.118.62:443 m.jiuxian.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
HK 129.226.106.211:80 log.tbs.qq.com tcp
HK 129.226.106.211:80 log.tbs.qq.com tcp
GB 174.35.118.62:443 m.jiuxian.com tcp
GB 174.35.118.62:443 m.jiuxian.com tcp
GB 174.35.118.62:443 m.jiuxian.com tcp
GB 174.35.118.62:443 m.jiuxian.com tcp
GB 174.35.118.62:443 m.jiuxian.com tcp
US 1.1.1.1:53 v1.cnzz.com udp
US 1.1.1.1:53 res.wx.qq.com udp
US 1.1.1.1:53 api.m.taobao.com udp
CN 140.205.160.4:80 api.m.taobao.com tcp
CN 220.185.168.234:443 v1.cnzz.com tcp
GB 43.132.64.190:443 res.wx.qq.com tcp
CN 120.133.14.75:80 m.api.baifendian.com tcp
CN 220.185.168.234:443 v1.cnzz.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
US 1.1.1.1:53 dns.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 120.133.14.75:80 m.api.baifendian.com tcp
US 1.1.1.1:53 appproduct.jiuxian.com udp
CN 101.36.158.20:80 appproduct.jiuxian.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 101.36.158.20:80 appproduct.jiuxian.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 shu.jiuxian.com udp
CN 101.36.158.20:80 shu.jiuxian.com tcp
CN 101.36.158.20:80 shu.jiuxian.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 120.133.14.75:80 m.api.baifendian.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
CN 120.133.14.75:80 m.api.baifendian.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 120.133.14.75:80 m.api.baifendian.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 101.36.158.20:80 shu.jiuxian.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 101.36.158.20:80 shu.jiuxian.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
US 1.1.1.1:53 appoms.jiuxian.com udp
CN 101.36.158.20:80 appoms.jiuxian.com tcp
CN 101.36.158.20:80 appoms.jiuxian.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 120.133.14.75:80 m.api.baifendian.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 101.36.158.20:80 appoms.jiuxian.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 101.36.158.20:80 appoms.jiuxian.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
N/A 10.0.0.172:80 tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 dns.map.baidu.com udp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 alog.umeng.co udp
GB 142.250.187.194:443 tcp
GB 172.217.169.78:443 tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 101.36.158.20:80 appoms.jiuxian.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
FR 15.236.235.216:443 sapi.skyhookwireless.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
FR 15.236.235.216:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 m.jiuxian.com udp
GB 163.171.146.42:443 m.jiuxian.com tcp
FR 15.236.235.216:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
FR 15.236.235.216:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
FR 15.236.235.216:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 15.236.235.216:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 15.236.235.216:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
N/A 10.0.0.172:80 tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 15.236.235.216:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 15.236.235.216:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
N/A 10.0.0.172:80 tcp
N/A 10.0.0.172:80 tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp

Files

/storage/emulated/0/Android/data/com.jiuxianapk.ui/files/tbslog/tbslog.txt (deleted)

MD5 3cffaa22338d0653ed66252d8b9d1b7f
SHA1 02c16b8b9e7abe3b17ecf577b3439d8d2bffa9e2
SHA256 5fd255665b9f62cd1fa009a692ec9c50ca4db5266c3662826dd4f44d661bbbbf
SHA512 7b62c1b2f19ae097d9effc71a5f3b379a107bc4a3c83b512bbb5c121702695686a160d2ae257388b20dcbca70a96cc9580829ac66a1cad4bb60f45065dc6e39e

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 b62bb1cb5c45a423d4c28063bb2c31fc
SHA1 baca2aa5d922249f89c832647a81c07337a9db7c
SHA256 9116459a1943358d45367fe2e5edf9369798b95078151d031e8fe48028ab3a14
SHA512 2fe2c8254a8ddc12faece62bf0a1835094cc903fd5b9bd178a9d3043a36303273a94c97183c622c6d7526b029ff1e73b8f4ef8d7cb7e41eababb5580df78f7fc

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 2b243b8633184c7ab39a7af4aaa8b236
SHA1 417b9e2e459a9f3d480a1d6be8c1af565606271f
SHA256 f1bd36d8ebf6aa7d30cf2c10f35dc9a88bea156e4a84854c1921ccbb9accd1c8
SHA512 89995122df615a35921ec9ed55e08bd638911ba534cc68ce215cde01cb772b5686cc4743f3ad9db3986c450769f14ca3a2d345608e52a6afb3532e59ae756aca

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 f713e4ba04d4abc790c6994270acaf6b
SHA1 7878e1a5403ba0063969479ebc2ff132cd0abbbd
SHA256 7324d232d02b7217e46d3cccb705851ecdfaff3fd48eeb8cdb4dba692d420a1c
SHA512 97fd88dc9ffcbeeb5317cd5b2977d5da1f170eb7f0c9c7d462a69df1dfb11731926e2a268901a99aad5e38dfd875a9410344b1f5a4f5dc6ffe25167c45d8324a

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 729b7cff95a06a0fd21f3df625b4bea7
SHA1 fdde543a7f36670e1b9ee7931948bb4222117704
SHA256 fa3eaabf153a2b59643033837e50e7b58bf154af55842c83c4167e1588384831
SHA512 6def2411a1575af7d19081acf59d982ee77bbff166804f3e45bb3932d0d284a5ddb0adfc3ecbb5eab3e893c2a17d9cac55f97adb7b0dbe8f4c30096becbeb3a8

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 1947d8bc0c7e44c4abda2011311100c5
SHA1 675a23009efaa22fe925ca1b5afbd4ca5561206d
SHA256 4997fd83162539dd1620fb435f6673454d123a8fb4f65177772c388d932d4805
SHA512 dffd353a098b404d512a22917a6b4305245c7baf83d347ae3698280124c041acbcee1b6d8b34e9d5d9ef1e12bb70fcf4f16272deff2f4e8165d740ed4e63173e

/data/user/0/com.jiuxianapk.ui/databases/bugly_db_-journal

MD5 399bae2974d73a5c4bbdce844f7fa210
SHA1 744632edc653948892a2d06944a16601107feb2c
SHA256 fcf2af3ba0948b172e205e710fc9236d2f49eba7a20f730d63174fde3bea8dba
SHA512 55b024c0771ea56afd3933abec02c71b9cfe41abad8403af259c1e7c4fd4f73529e2576bf67ab4c2056d1b24056c031013b2de8d745fcc91bff5568307656cb6

/data/user/0/com.jiuxianapk.ui/databases/bugly_db_

MD5 e4049891b9709e01770b107689ffd521
SHA1 7b05fc80a02ad7fb5b35f56155a760f933bf1fbe
SHA256 dd097a3f6e51207be7cb4123f59893f8201cd3ebd929d120a27b03e2fed777a2
SHA512 123b3ddea04f79589d1909f434f5fd1c7336a9567e5b6ce2a0a887b91216a50ef1f33fc74a9d5db08baa27ab3a9d6cd5095b4b4d2b0206715a01abf2b2e49a51

/data/user/0/com.jiuxianapk.ui/databases/bugly_db_-journal

MD5 58787b2585c7596ad1a628fe8e351773
SHA1 04c07fc46caa143c38ae2669e281f0e6d63439fe
SHA256 a34d86ca516bdae30a97c608afe6b3bdd686fd5fbaa1f338221e0cbe66b773e3
SHA512 4dc0c4ef46c08d3e461fc2e8a1c737812b0f4532a4d6172f4ec0f09a5811c17afaabb8fbfe0ea606e10a1b94d42585601966dc7e3c8f42c9a4ce7a600eff6296

/data/user/0/com.jiuxianapk.ui/databases/bugly_db_-journal

MD5 5551c4ba6931b601a67b5b4df19b3df5
SHA1 02be950a83d67a1defbf730bd854829acb08fec1
SHA256 1286d93633fbde9c1517bd162c56754baf4abb660dc62fd9a097c9b4af3ea4fd
SHA512 73a17b8071dbf196ec90d9bfb13bb41ae673d80949291b51bffa037ed659bc9d797a6b2b99e62124b353d29c9bf7c6a5a1f8c4740f53aa51c5b4c4cf7a698dc4

/data/user/0/com.jiuxianapk.ui/databases/bugly_db_-journal

MD5 ccbc301cb947438b3a63420b8e41f045
SHA1 1ea832b1674d9815c8773da0f3c8f5dfaa49a373
SHA256 7d0e8e6bfb8b332c3a9593c49822ad8b93390bb2cfbb63f767f36a3f2954dc31
SHA512 8eff0d3c648c4090e5bfd75f3ec2672ad3ee4d2eefc0d960446c29393d1463fa4b9d2ad98c71ce33e82cdce739db96a57b4303f6068bdd6a3730b3e1d092d57b

/data/user/0/com.jiuxianapk.ui/databases/bugly_db_-journal

MD5 80dd4036cf4ad4de6ad96c054b02e54f
SHA1 7572bc0688c9bc1af324b9e3353b6bcc771e7989
SHA256 3924f4401c05580f69438ee098fef26736581c774b79e6bbd67a3f05ddb8787c
SHA512 cfd78b40c77e64351b20bfe8309f0c08fab8b66718b332bb4e9d0c19280c2fe3aa02ccb7f9d00a8284fd375880f14a39767e8b2848d319230c8b4f9d71764a7a

/data/user/0/com.jiuxianapk.ui/databases/bugly_db_-journal

MD5 99f25bd4e38ac1262538c9520d18b5cf
SHA1 a562b7a8709d0e2bddfdbda147c8fedb15bfd073
SHA256 120b7d1dc4f4bf2a4fe67fd1a655b0244c72432bd0be63dd3d79d08ae062fc27
SHA512 9eabbac899896ff9c085cedfa6b5baa5febee7c28eeb8af61db16142dafc28fa68a79dd9a8793c08bf05689df7b3ca770e90b21672633c093a985469f4eaaa37

/data/user/0/com.jiuxianapk.ui/databases/kf_9288_ISME9754_guest4587364718896065-journal

MD5 340b4458757d4d7cec484e93f4cd013d
SHA1 4a535c200599ee0049bb4f9adca5fb45937541b5
SHA256 76160de04c316b8a37b31a4b9dd33d873fb66275a0b20938476c669b0e48e861
SHA512 4d84a5d03f5fc11f954306aef24f4e593e4b066248fa27d53b3ac94a3be009b8d7dd898f7050299094c9ca594b9e08aa5fe36a694de3475fe1ee870ad0ab1ca9

/data/user/0/com.jiuxianapk.ui/databases/kf_9288_ISME9754_guest4587364718896065

MD5 0f1d016b72965660817257279fe6db8a
SHA1 c6df5e5df595298450460b93783f47d41de93da6
SHA256 28c646a98fca3b32bb3bff6b16e1804300bd374395fb345c4d3135f827143ebd
SHA512 c6200160aa333f7383ef48b3a8f0b94ec2e7fbb08ae8fa6df872a6e29b95457efae0ff9a0624e336369c69ecb91d0266ecdef94fb8d037ce94f99ba362a13773

/data/user/0/com.jiuxianapk.ui/databases/kf_9288_ISME9754_guest4587364718896065-journal

MD5 1594c31a151c5fa9f5116a15cbb86140
SHA1 b7ba6f87f79eb8f332447977184fc792e3c819d4
SHA256 d27314f058b467ffbec11ec2b0f60a98e3e7b10ca5bb03a11210160bf6120fe9
SHA512 67ad556faeb8664f4b020aa4ce8e88bd068658634f186d310a8844bbec2908a3799efff530e9caed81b99210b071a6f57c47b55ce4983db63c1cff955bc1f9ea

/data/user/0/com.jiuxianapk.ui/databases/kf_9288_ISME9754_guest4587364718896065-journal

MD5 aa3757f9b97c587c053b9ea1f87712fa
SHA1 f3308b24ff3acbe317135bfcf938172b449969e7
SHA256 c84cea3cf054580ef491fed1ed1315f1d26346ef695f1a56431d1a04fa6c39bf
SHA512 9bb327f64c56e5775c7ae1b935463e45130bca455efc71448688316621792f5a32cf91e267ea6ec6bf3e3f104458df5b0c25a03b4795f60a0f60ed21c3173df7

/data/user/0/com.jiuxianapk.ui/databases/kf_9288_ISME9754_guest4587364718896065-journal

MD5 13a9fd4649adc7ac815a6bfccbd539c3
SHA1 b8c7f29a875d081bc39ca0a7eacc7b58037af4ea
SHA256 3b3b5a886c0a7f7cfb19e418aed91bf176cdec2a3c7f69933d68a2a50efd9942
SHA512 ef1ca6eea72f0b3967f4b3705db92c27617fbb5a4a57b20bea8f2786a50d719dd1c8f74f50640ea2660e7fd5d96c6762752478ed9c93362c9dce6c6034da4932

/data/user/0/com.jiuxianapk.ui/databases/kf_9288_ISME9754_guest4587364718896065-journal

MD5 d0da97afd3fd85c8c1f54ac131905921
SHA1 25e9cb58d8fc036ceff1ee811372cc6dead9d171
SHA256 0921d789271c6671ba04bcd609d69e33c13e935ddc48b1360d39e984b5ba9258
SHA512 cdb4c7be6c635f4581c6a1a4b596a72d9997fd6baa8095cfa412d44bd8c3629492eae1c0f036e6a8b1dac085980b878b3461d33d40a0f3e1348d2511de8a244e

/data/user/0/com.jiuxianapk.ui/databases/mwsdk_analytics.db-journal

MD5 f8dc7229061e11bc1ed4de92a02808e2
SHA1 4a884b1aad1867ae81678545a3dd97882436cdd6
SHA256 ae6d7b6d168875f36ef0bc914f82f7454e9e2adbad2b9dbfad1316c04dd6500b
SHA512 0e4a87e52cf545a39a96de88f2b112cda5220bc7f38da1c6e7228dcfeda61e4639f78cb70c6d065d0e5f3c50753a0fa61a605c922cb673007f52cc55547b08d1

/data/user/0/com.jiuxianapk.ui/databases/mwsdk_analytics.db

MD5 fc8de83b763292ac1892497df0dcf7db
SHA1 630efb100bbfb7b926a1838b144233e423a66e19
SHA256 020a0c8095ef0fd775e16773a78206f9a5acbb7ac2e199a3eba100de78d01e12
SHA512 5b8d3af6627f7646880d0a8f57dd77d8069d0e6995cad04162bf556847927dd3222085b8f811d1225f95125810e7d4f948e65700a455ddd78877c69d3f855925

/data/user/0/com.jiuxianapk.ui/databases/mwsdk_analytics.db-journal

MD5 567e42ae49fea53cb74fda684b7eed43
SHA1 af09f8a79feb54966f9ffee2fc1068ff6681ef67
SHA256 8e16b3648367d1a9d2f48a2026c616e23464513dbd3542b68f68fe8e194e809f
SHA512 9924906b1230b14eee791e53120f18fb1cd9af251d0220a412e88938e8ed8e0b336205e41ee5c8e331f049cc21eed6ececb152dbfbb422b0e9cc349c10b221e0

/data/user/0/com.jiuxianapk.ui/databases/mwsdk_analytics.db-journal

MD5 c4e21644b7e86e6351818f4a6e5a201c
SHA1 79bc5a018e8be0d43e12952806a66c918c20e970
SHA256 327adbf854d0654f36eb398faeaadb8fc14f0e06fe8a433b7308321088cde180
SHA512 df80df3161382e18498bbdf7efbc4dbe8f7aa81f1aac925e9aeddacc019f2b806e6b0dd7d8400562322ee73f59d5c673101636cabe1eddce72f2311f201dc397

/data/user/0/com.jiuxianapk.ui/databases/UmengLocalNotificationStore.db-journal

MD5 5f03de503b901f1d0139871e8b81baa1
SHA1 6989d326475e546f874d016fc084ebc5c43e718c
SHA256 36bc8ade5c1d9387a283b19a29d57cf203ba6b30a283d98b7b4d74e9097ca7ab
SHA512 b320c856cc8c8b447831cd277db08010771f5532ecc400078a0432a62831e44e9b4d43818484482e26135fe2056fc7773fa59795c86be874762a6350beb8ceb0

/data/user/0/com.jiuxianapk.ui/databases/UmengLocalNotificationStore.db

MD5 4fbb0c0ff998fb29fa62a00ba7f32590
SHA1 24e8273e8b0cc04cc0b1a482d8cd1266382706f2
SHA256 ac5d93f9889e8ff9de10ef7776012a36354f99f2389f47dc65fcfae20e7102d7
SHA512 20756e208c2c813713cdb57b11cd83671080304023189824970b365d2db32dd87fa2758bdd53f03384956175d2ab29f4b3bd088b56fa1068c3c9f0ba16e15544

/data/user/0/com.jiuxianapk.ui/databases/UmengLocalNotificationStore.db-journal

MD5 bb77848238e3a77d43ad1d79ff6e662a
SHA1 a260a385dd970c0eabd847d8db2fa16d52c80970
SHA256 c34adf71fee7e3dccbb7e332baf1e5ea02042c5a26fee073e9bf0ce425854619
SHA512 370a6832c4c0ce2e3663c1e2142b6f754e52b252759d02b7edf5edf0df560767e6c71e3f58b0ce4542766e1c9f82efc627ef7dcee7aecfcb0ed180852b0aa9e1

/data/user/0/com.jiuxianapk.ui/databases/UmengLocalNotificationStore.db-journal

MD5 ebdb6cbfd0c4b7615d496a4b7acc2ac2
SHA1 e892e6fd4a47438a9659902efcfa35347c7a0ab5
SHA256 9785a9b9d830a7e229e190b4cf63c544891223e1918f7e82a188474a58298ea2
SHA512 d34f8fb486008f67b0940303ed348de92eaa1359d5e934dbe165941c8c7a4b4ac030ef77e1b466f50ac01f288c5e818d0c8f9168a4bea5d0bdfd96a22ab69e6d

/data/user/0/com.jiuxianapk.ui/files/bfd_cached_com.jiuxianapk.ui

MD5 fe849b7b8be3ba4f3b537a9af74c706b
SHA1 ce100c613ff2e9d407eff9a23f0b08e784a96659
SHA256 21048f315a54a96c64f62204a50b9fb1ebe3470ca8de81816a31e3fef34a3957
SHA512 1ba582951de717883ee00952b2e7b6cd84bda713822e6b0a7f2582c3495c8d61948b7fd64a9725bcb10f05b1b2c720233aea279145d053e8dabb95d1de75a608

/data/user/0/com.jiuxianapk.ui/databases/bugly_db_-journal

MD5 281f71dd05168f4ada7f4ed72726fa3f
SHA1 e7b1a25cf223e90443567d63f45bb8196ec55108
SHA256 9b19da8d6087dfbc07047667b4df538532bab138f23c06dddfd9afa47797ca79
SHA512 ac8ffb4ad45ea266837a2e80d7302c7b15370af945604ae4fd4d3c7f62cab083539860cdc5d2c1fc014675de51a654d04c219697b402c712503f67a7d76f3c43

/data/user/0/com.jiuxianapk.ui/files/umeng_it.cache

MD5 fb72081097ec0572cc8a6a2189c41376
SHA1 3ccb6290977d6cbe0dbcc128c712f6a8237caef3
SHA256 5ba895d5b90d1dd22d4e7cacaf235d1f9e569c69a668bfa71bad2b1da3c3d6e7
SHA512 9ca0c21896cb4e9386e66b1166d8237db987e9d8d3fc2b6bcb4722ae5e43b8584d6ee769b56acb2a05f19e1893d51a83dd1c107464bcdfdc5759e80081869477

/data/user/0/com.jiuxianapk.ui/files/.umeng/exchangeIdentity.json

MD5 55b5ab9c5b61d36766e0b0fd7d70fcc5
SHA1 25eae8a194462d9e70359af44a9b3c3bd5841150
SHA256 6376a3acb8211274f629df66a0b7a204d611d4b6a2f20200cfe8cf1dcb70f30c
SHA512 4a1cdb68bb38a902735dcbeaec8fb4c5cfe07af95d000d1195233b4e410cdb76f2c64315a21a0d08ccbb8768481a35580f15ffa40b3f19012a6a0b7d31b35dab

/data/user/0/com.jiuxianapk.ui/databases/bugly_db_

MD5 1f4f0cf5e846341a0476f6ec8a05f2a8
SHA1 9b4d6176d2077ad1e60ebb54605ed3e671d2c18f
SHA256 5552007c8316b80c507c2700ce5a193b01dc7646b76931f5378b9995e4271234
SHA512 a645343b98d1b4f597f6d68739b5103d2d3ce0e28ac1fe5a6d255bb7f7e79542845c2e4af4d5e9e13b9aede0c53a0571860a1fb70118090e79403b3abf4f96bf

/data/user/0/com.jiuxianapk.ui/app_tbs/core_private/debug.conf

MD5 8f3efde1eebc2686e19de11fc11ccbe2
SHA1 6e7ebaee470ac23a1986dbe844ba5f4c4bba17c4
SHA256 a4133610a57d903bf31dfc81071d179dace6d1256418cb208df306bc7995b77b
SHA512 c7fb659f9991a9019b07604bb17070dcf05aa5dcf23f946bd54d521900ecb72ec1c1cb0fb597abd534d96f4f627785c7b2fe84a3da9084644e14ee29016465e3

/data/user/0/com.jiuxianapk.ui/databases/pushsdk.db-journal

MD5 0cecd888bff3b09dacf5eea6acb0efb2
SHA1 c2c60739c2b3c987537514c9e310e4e7590db8cd
SHA256 9e9cb6b2b08ebb66fd7c53003a73f3f0eb7350160d0eab2d9b62cc039e948819
SHA512 1282f8f271972bc50caf5c6f25e198cb037dcd92eda84a7e72f894c565bc4da289bd5f0052510a000cd23920331011ff87b7fca5ea8fdc8413504ccfbe5c5d01

/data/user/0/com.jiuxianapk.ui/files/bfd_cached_com.jiuxianapk.ui

MD5 1e9bcc8a4ea9ed343382344ebfc396f1
SHA1 bf00085d4699dda7df72d4790bd67fc3c641fe31
SHA256 94efc92728c1662b2e77f77f700490a834955be1583b60296b10b8d2324a42fc
SHA512 a2be958cf1769d0d2a77ee7d25c38a8b5ca05d16eed60b3002364aaae568858fa5d8347295bc90184db1a6801021b09ea32e38ae44b4dd177751ecb0f7c4604e

/data/user/0/com.jiuxianapk.ui/files/ofld/ofl_statistics.db

MD5 81a416795ad85900b4f6aaa10976fd8d
SHA1 01bfab1088f1b17a617cbde4aa68fbc71d513eff
SHA256 b6415756ec91cd098832b08baffbef01a9294312027318e92c765ffd13f0ab76
SHA512 0ada7b344840c4c3c98b063bd3d03570f14af7724301cb0abdff3a59ddea2bcb3a2e28f385a877857259c1acff34d063ff5947668588fa80d93b66897271a340

/storage/emulated/0/Android/data/com.jiuxianapk.ui/files/baidu/tempdata/conlts.dat

MD5 bd4b8e864ce1e18180087a9f1c5b6425
SHA1 6c36326649a8120c9c4bea1faa5b52bbed797be9
SHA256 7ed13a1cec4702c67e2d0e0c39ada9d0a07caf0aba2b9b850e2c2ced5de74e96
SHA512 96f33d91e9f8ca0b4f43c383887f406e9d2bab5fc41f42ef35f0c26ff83fbff9f9a0f9162c99e5db8f294b407e5c8a2ce620e97a42060be01a1fae3579b19dea

/storage/emulated/0/Android/data/com.jiuxianapk.ui/files/baidu/tempdata/conlts.dat

MD5 123a8df5eed8d764160b51eaba64cb56
SHA1 31650cf506d12173a4a13ba266387224f131717c
SHA256 a0a364f6635c2913684b18f6e2dde8ddb74eb4db78fbea391119c9d22d69e523
SHA512 c92b2171cc9665b8827bcf66447dafa87fc19cced8985bea8fbc4d5cf75274e81d1170a47c0ec0d434b30787a1f7a342015fd238e8dee8f0ab9e7c6dce8b26d7

/storage/emulated/0/Android/data/com.jiuxianapk.ui/files/baidu/tempdata/llg.dat

MD5 b52fa8e6d94edb651ac2c0b0e9039762
SHA1 099f79da374590125c9c70ea51a765de97d590d3
SHA256 24ebd873c9e607fbd94cdbc95720d4132fee481ded6ea2100b9c36fe582f388c
SHA512 f152ec16e67407faa6ab4e1a2b646258fbf59e95a39648fbaea78e0605436db60b75f8a9a01a0a7ec843967e1a5cad8924e47ce460dfd6c5a093837f0436d35b

/data/user/0/com.jiuxianapk.ui/files/bfd_cached_com.jiuxianapk.ui

MD5 d090c35e3f4f6e82d1e2acbb8d13e134
SHA1 a08da7c06604be782e9d81492d7c914c3556046f
SHA256 609a6026eb97bd5f56e25f7726837033b6001b7490435099272b296f98ae282a
SHA512 dcfd525370f1dcf920784d50188340264a44c949befeda7c04b08e1ce596cd092256925131d6dd4806a9e9aa5af0e80354bf099dfda3c6edd31284a77864f396

/storage/emulated/0/Android/data/com.jiuxianapk.ui/files/baidu/tempdata/llg.dat

MD5 55b8d257e127338f738087f48307cdfa
SHA1 0adede2dc408178dd2c73f0b5ad50d66d9015247
SHA256 1aff7d6dc52e758724df41b758783ec502bcd3bed9de797b1bb64c3388e630f8
SHA512 6683cac3b642aa9c37e650005395fe42a3494fcf21742c32eaaa82c6c3aba17f13715df7d7cc0e1a456040381fa83f291a55466a57957451525fb06527438292

/storage/emulated/0/Android/data/com.jiuxianapk.ui/files/baidu/tempdata/llg.dat

MD5 d644d32c648cbc05c5eb9a86f309bc21
SHA1 d374ddf716bb2bac29c7d2945829407074ea8f45
SHA256 71f9d656442c648dae949a66a8532025ee67ab2e97d67fb23f2d8bd10b6f4334
SHA512 c97858acd177accbbc03d2194a127b1237938062dc032d64f7c1f329f63d92216af1f0f46315908f26699f7bcf8397d8216bcb13a0325985954ee075704b950a

/storage/emulated/0/Android/data/com.jiuxianapk.ui/files/baidu/tempdata/llg.dat

MD5 94022e33b85d6d12dccea3e58abb4d50
SHA1 a9bc7c3cf502e5e8ab6f74f8191ce285d448fb20
SHA256 ae41798268902c9fc868c67db11841ff237fc9d372559c0e470cb85b9c6bac18
SHA512 81cf2ad6b6aef714958889d2c2a9032b718b2736fbe32d3c02e696c7d95955c47a03e0d9e1f83d371032a3d54c49a2d2deb70c1f8f50358ebc880b47aee0be10

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-10 12:14

Reported

2024-06-10 12:17

Platform

android-x86-arm-20240603-en

Max time kernel

7s

Max time network

164s

Command Line

com.unionpay.uppay

Signatures

N/A

Processes

com.unionpay.uppay

mount

mount

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.201.110:443 tcp
GB 142.250.187.194:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-10 12:14

Reported

2024-06-10 12:17

Platform

android-x64-arm64-20240603-en

Max time kernel

7s

Max time network

132s

Command Line

com.unionpay.uppay

Signatures

N/A

Processes

com.unionpay.uppay

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp

Files

N/A