Malware Analysis Report

2025-01-19 08:05

Sample ID 240610-q36f7axhla
Target 9adf4d4c019954b1ccced98c8c5b8d7a_JaffaCakes118
SHA256 36115cf9ad195a3624b382421b888c05ea7cf0930adc46b19f354f8b8146ffe5
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

36115cf9ad195a3624b382421b888c05ea7cf0930adc46b19f354f8b8146ffe5

Threat Level: Likely malicious

The file 9adf4d4c019954b1ccced98c8c5b8d7a_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Reads information about phone network operator.

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 13:48

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 13:48

Reported

2024-06-10 13:51

Platform

android-x86-arm-20240603-en

Max time kernel

178s

Max time network

185s

Command Line

com.xgbuy.xg

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A b.appjiagu.com N/A N/A
N/A alog.umeng.com N/A N/A
N/A s.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.xgbuy.xg

chmod 755 /data/user/0/com.xgbuy.xg/.jiagu/libjiagu.so

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.xgbuy.xg:pushcore

sh -c ps

ps

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 api.sobot.com udp
CN 203.107.41.32:443 api.sobot.com tcp
US 1.1.1.1:53 m.data.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 log.reyun.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
US 1.1.1.1:53 a.xgbuy.cc udp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 203.107.41.32:443 api.sobot.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 1.92.77.21:19000 s.jpush.cn udp
CN 54.223.95.86:80 log.reyun.com tcp
US 1.1.1.1:53 t.gdt.qq.com udp
NL 43.152.42.165:80 t.gdt.qq.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
CN 120.55.96.240:80 a.xgbuy.cc tcp
GB 216.58.204.78:443 android.apis.google.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
SG 47.246.109.108:80 alog.umeng.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
CN 1.92.77.21:19000 s.jpush.cn udp
US 1.1.1.1:53 downt.ntalker.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 119.3.253.130:19000 sis.jpush.io udp
CN 182.92.245.193:80 downt.ntalker.com tcp
CN 54.223.175.26:80 log.reyun.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 119.3.253.130:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 116.205.165.66:19000 easytomessage.com udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 116.205.165.66:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 downt.ntalker.com udp
US 1.1.1.1:53 s.appjiagu.com udp
CN 182.92.245.193:80 downt.ntalker.com tcp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
US 1.1.1.1:53 139.9.135.156 udp
US 1.1.1.1:53 139.9.138.15 udp
US 1.1.1.1:53 119.3.188.193 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 113.31.17.106:7000 tcp
CN 1.92.77.21:19000 easytomessage.com udp
US 1.1.1.1:53 downt.ntalker.com udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 182.92.245.193:80 downt.ntalker.com tcp
GB 142.250.187.206:443 tcp
GB 216.58.213.2:443 tcp
CN 1.92.77.21:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 54.223.175.26:80 log.reyun.com tcp
US 1.1.1.1:53 b.appjiagu.com udp
CN 180.163.249.208:80 b.appjiagu.com tcp
CN 119.3.253.130:19000 easytomessage.com udp
CN 116.205.165.66:19000 easytomessage.com udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 106.63.25.33:80 b.appjiagu.com tcp
CN 116.205.165.66:19000 easytomessage.com udp
CN 54.223.175.26:80 log.reyun.com tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 log.reyun.com udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
US 1.1.1.1:53 downt.ntalker.com udp
CN 54.223.175.26:80 log.reyun.com tcp
CN 182.92.245.193:80 downt.ntalker.com tcp
US 1.1.1.1:53 tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 113.31.17.106:7000 tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 113.31.17.106:7000 tcp
CN 1.92.77.21:19000 easytomessage.com udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 1.92.77.21:19000 easytomessage.com udp
CN 54.223.175.26:80 log.reyun.com tcp
CN 119.3.253.130:19000 easytomessage.com udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 119.3.253.130:19000 easytomessage.com udp
CN 116.205.165.66:19000 easytomessage.com udp
CN 54.223.175.26:80 log.reyun.com tcp
CN 116.205.165.66:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 113.31.17.106:7000 tcp
CN 1.92.77.21:19000 easytomessage.com udp
CN 1.92.77.21:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 116.205.165.66:19000 easytomessage.com udp
CN 116.205.165.66:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp

Files

/data/data/com.xgbuy.xg/.jiagu/libjiagu.so

MD5 aa01dd97609092ce310e17bf791069ce
SHA1 f000840a8f68ea7beb2e29ea466088daf55609db
SHA256 e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2
SHA512 766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

/data/data/com.xgbuy.xg/.jiagu/classes.dex

MD5 64c6ecf9ad2618447604468b5818d7e4
SHA1 ffcc10199c4bc4c07c8fcce8fcf5b06c7ac235d8
SHA256 5a5f2611cac7a618bbe568a9cf319d5c7d39b6e59d105c05c7b76e6adae87d9a
SHA512 437f42b2f28d87e92f9c2ff3a75c6358fe28b599fd1601cf206b7d01046a2aa7a11cfee03d8fc0919d427183574f74bf2b8c6b17093cd8ad19d141de395c5068

/data/user/0/com.xgbuy.xg/.jiagu/classes.dex

MD5 51bdf60bc56301b14cc8771141257b1e
SHA1 33cd9d12adde0345a80d9fb40c74f6e6b2f2e327
SHA256 bc88cead2b4c929767ace9af602c0390b7f7551ac863e57e2cb097f64a17fab8
SHA512 38a8874a0db440be9c0c6439d846b39ec31de562713f8199bbd435cfd1a7ec837a55dcefe76bff08cf5e6db1ce04340e155f09063b0a11355467046bc8f6f838

/data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex

MD5 db2029e66f93faaa3018c344ddcc99b0
SHA1 3ba6574832ee32ecaf977f3395098b5acc6840f6
SHA256 dce1f5a1bd8d52abe797a05cca2005a4481599015e635fc6c8176e56af91a6d9
SHA512 47ed031bb893a5df5fc2520abe707afede1e2701941b1d8afeb2e225b92919d14cfada1b5100dbcd71dea0e64e2a56e77f3160d501b563537fcf32225c415eea

/data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex

MD5 c4b84653e2425d79e3056c6680789ef6
SHA1 fa9e8c09531a193da7181d849ca642c744f5de03
SHA256 b373569b990b874085e62dc8a2136902204c9e5c9143a5737e6a0d47ef29ff18
SHA512 a7764c7856588a1e3e3bb262aae1c16fea6dcdaa56ae3c3cd76574bd2b32f1d48d33fe40111ede483374ae690f44617238862e8854945595223da39c18446cd6

/data/data/com.xgbuy.xg/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri

MD5 6e1eadfb30d739708fb69b7f5b7c7edb
SHA1 458664b634a1d91c0544c37d42a271fdf19551ff
SHA256 6bfb58f93b63c662c972eed747a4caaae0ab8933c5967b1c7328c9ece1786ef7
SHA512 4d3a9d37342f5023f85ffa6646e11f2063e0204ce27e830d6ba54df971487999afcc3d34fd9a0540b1b05cb353cf62e6eda1f5c3250ca385f8a31829230d6daf

/data/data/com.xgbuy.xg/files/.jiagu.lock

MD5 f18f788c31dd8d5997b707f882a063c2
SHA1 4e355b1c91d0693f7a016169dfbebb2dc648a405
SHA256 8428f5f52fbd6fa489788ea882b3928bef3b959425ba4cb038a9686150fdb993
SHA512 9d386cb24df0b67bae969061b1b11c0146f2e0cf5b60fdb5e286fb46d92841cf5a39d8dbd27b9426cc4197ef8c9bea583fe16a6296d83aee13381af8bf44e983

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac

MD5 3911ad10a2d9a4f7ef7a09639a1b8cf3
SHA1 d8d5dae863fe04bef8d987202e25e065efce1e1f
SHA256 0ae3380b0712c9bcbb362bcdf7b72504b9e495fe2987cfc20aec121977dba19d
SHA512 d58dc5e805e0e2d11a79c725285dbb3f75d351d456c87ce79439af68c3a6c2506f5814bc16f09fbf16462c93f5c781437a5bbadc4d48977782899ce9d741dec8

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ic

MD5 1bd86b90e1b355f123e5ce8c93c3de53
SHA1 bee5683d6124650c8be0b3740ad66e771f29b178
SHA256 3ba28c4fe20d74ea96f6ced27333f04a01e03c50092717eed1b6e30152a8d152
SHA512 6ba3d7ac2b9da3bb2f7ca50488782bfb9f12a38bf17debc4f2853a161551a932885bedaedace0ecd3da9777e1cddbb407ca2360c13512b1b804bd6242e767abe

/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

MD5 89a42f93994cd79a17a33be64058c4b6
SHA1 77b879088048c7214c652fac36a440859149e5b0
SHA256 384381dfd98ea1b560c7ff6dcf6fdbe19b6b1137f39e46f1d4c3bd8f2b430feb
SHA512 e350efa21bb39577b251c2b9a1a109244bc64b76ebb413f32feafb53ada6e66db52ff57066b8491853953fbaa41c004dfe65f72c0e0a65b3482a9fcdd5e8aefb

/storage/emulated/0/360/.iddata

MD5 bfeaeb9c0ba3840366be76f51bd079bf
SHA1 064abc709bcdc168164d0df508a1da8cb2ad880d
SHA256 5cfd9e7da611e83f17fb91fe0286eecb7acba0d9c6c6d1b97decd7fc3a72044f
SHA512 b615ac13ba7ef97b2e0181189834968bd05b48d3d1f498e8dc598e8a5df0d23a64ff4b89b927701a0a8458812a06a99c6e0432141a412151e24f420552732385

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/storage/emulated/0/Mob/comm/.di

MD5 70a42cba408700f9a6c01c7941a8829e
SHA1 eab01cc2c0671538795fb0b1146017dc099d0984
SHA256 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA512 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

/data/data/com.xgbuy.xg/files/sobot_chat_log/sobot_chat_20240610_log.txt

MD5 10413b382b83cf01bf9ae7318cf5dadf
SHA1 6475712565fbd2da2d84663c6794755210341ead
SHA256 cd51b1efb228bb7da63987d467477904b196b0e3786e63b928ce2c0b6fd40d6b
SHA512 4a451604f2c3f57fc2a95aa783e19f547705c215ba729cdd6c4cb62e2da139ed350b769f7fe3b8761974715a0dc073215c15ba0409a74644a2e116ee885c2a82

/storage/emulated/0/Mob/.slw

MD5 19402718bfb1c685a726b4e1d846ad98
SHA1 02a7e30044a67085f2f1da24e16e4ecfede65b72
SHA256 079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0
SHA512 25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

/data/data/com.xgbuy.xg/databases/xinggou-journal

MD5 1a88c5d946dd2c9c0a56373332644978
SHA1 c8a9dd82c9455ff23e6f1806603430f651145eab
SHA256 eb3475f6ff647a4bf89663d94eb23b71f032fcfad47c65ccc84a9408b73a1eda
SHA512 5aae298c793d043693f861c07572d07933b4725afc41ef9f6cb6c6b854b3c9355cf213b9000d7554b6f581f5475dcd4081a93e5a759cfd035f836ec130a9bef9

/data/data/com.xgbuy.xg/databases/xinggou

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.xgbuy.xg/databases/xinggou-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.xgbuy.xg/databases/xinggou-wal

MD5 bed6afb885d7081c2ce170cb664ea410
SHA1 1d2d58d25cc898ae37e81114a2beaa6cba3699e3
SHA256 a06a879675cbb1bed9f808f849952515e390078659208bbd52981f691fde203a
SHA512 131b05bef54522af1c58786a5f3c16e66cfdcc385d9dec9f44ad518ddaee20a3176fea10ecb68ed9911b7b722e823cedb8a4db94911fda84faf9d82dd7fb5a62

/data/data/com.xgbuy.xg/databases/ua.db-journal

MD5 31756e14284ea21026153a86d03975c5
SHA1 44f306a1fdc102cb3dcce2a49b8906d5ad171667
SHA256 82e259aef3b8300497f301039c79ae5bb4d745723d84a8e5439e6b45d725b3c9
SHA512 8b239af5c4fba91cbf466b6c0eb7310c554d5635780f2cc8de6df659f812016b2d302673fd05525678d2708a1510e972e612ca51a1b7189f81b70471a5a5874e

/data/data/com.xgbuy.xg/databases/ua.db

MD5 2ae9a56aeb2e2a5d1ffdc6150f8227fa
SHA1 bf791523938264c0e1fc5e7bf3f9ab37cb93c695
SHA256 3c2f9bf8574b615e047f5780e269ffdb148b97d242487ab233c46074b4ad1666
SHA512 dd39f50c0c1f6d49aa00904c19e34210aa20a0e4beb35d12b9012715464dd86d34b6bf56c2f1934fb0d99ff8ce87911789ea669906fdfb4f9228e70bcec7d426

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 31f562de2287ee6244a773cd66a00a29
SHA1 0d3bb6dde428ef08c599f54ed146c9774dc3ea47
SHA256 c2cd144c27ac741e04e2e70e672c9e758fdbd9d63d7ba55efc2d184b5bc37a01
SHA512 c1fdb8fcb80c99441ee8dfe237511c9c5cb35bef18c4e3421d27b0285256b09fdf41a205fd04698f801cd787c7ee3aece617aa86d0827db7169de10f6b517a6d

/storage/emulated/0/data/.push_deviceid

MD5 51a6e6aea7eb1084be69b667910f2d1c
SHA1 7185a4dd86c912476e398ea7c2b4dd53c2321af3
SHA256 b05423d1074deb3e4379e047757ade60678d47913f168e3ed8f4a9c56548c0d3
SHA512 dd6d77c41efa757de104eb961b1a8330b60d40253107a0b2733551e8d7e1373d3f73ec7eeef4a390baeb54fadc23f2a627141841860b2680b23043c7054e3b69

/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/journal

MD5 bb63497e3aa8a441d10d16570b4b7a61
SHA1 ce69ee0d94332b871eb02f78a6858d1a62ee5a53
SHA256 91c41826e69fc61295dcabdbbcb3b2c64621034ffab03f3eac5c90258a266ab2
SHA512 33c3c081b0c747d226768bcd696102e5c42c6270ec38b9a62a7d4d9c1b7d5446950f2b5c8b80975cc8b1c8fd22072c31fc9c393af5dd849588f7ed7eea3c44a2

/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/55af5d11eb82e27ef22ab82a376bf21b83ba87d781d0b8e1956cc4f18c5812b9.0.tmp

MD5 3ccf674803e2bcca74d940a369b98a1f
SHA1 b82beb53b74476af3563d05f4b49b4628611c19f
SHA256 897e90108102b4d93eed118fbc62f4bd208a2651c52da15431f3ece36f4ff274
SHA512 b98a53d48cee9d8d4fae804736e7b66c28beb429d4e84cad49f4f3e92f5a226c99eebe093fabee98d657d41729eab74fdf6081cc29b693e076b213e0e8e60a5f

/data/data/com.xgbuy.xg/databases/cc/cc.db-journal

MD5 c90c10351833638f24878898d8770bab
SHA1 15e88251843c3577ce2414bd24f12c219601981b
SHA256 b85f78cca244edaf59603355a2e90d544752208795bfc69900c87463f6e4030a
SHA512 ce01cf8ea4bc0976798512a6add3388316d2ea871eca3b14f40186b05bcb5aa1c4c2a8805fbf9f5001fd0d85725dbae3c0db09f7ac96794656c1fae65ee373d0

/data/data/com.xgbuy.xg/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.xgbuy.xg/databases/cc/cc.db-wal

MD5 3ba40b1d45141b7628bd71ef346c585e
SHA1 7d67c41e304346a1ba9fb4fd73ce5fdd99cce7a3
SHA256 c48225534d1892d055f26265318724b18e78513009b2304a4cbde7db564e2d0f
SHA512 42a0c2160bd2e7177aa4dffe8174237a50446107da188abffbdf570a099ef87ec5838f6c9f93ac5d862ccf67edde1b4e3ab46173cce37ba43404510cc59d60e5

/data/data/com.xgbuy.xg/files/jpush_stat_cache.json

MD5 50805140f34bb14d3e0d1e875e47d820
SHA1 b8199d7ed5c9202a4c06d6c45be5fad859d27754
SHA256 0584b97681d97a1d4ae2514e86d474805cd9f25c7957eb0a2f51aa2d290b753d
SHA512 ac584c576c498ed68104fe9d569a14dcdafdf4012bfefbd695f58be69e5b7e55cde867760862fb7b1ccd0676d40b5f3fd6223149e863916b3f28479d07873c0b

/data/data/com.xgbuy.xg/databases/Reyun.db-journal

MD5 12ed57e5a1f5f8668e4f5017cabcd93e
SHA1 45e6605f1d06583afaa0481fa540f0d7c9c181af
SHA256 548bb8ec4f8a2f21e0cb2d9f4d7b08a077e72bed6a63f40b54a8e00d16d728e0
SHA512 5b1a39b738fbeefb87de2848be549a99660acb7411271356ec6f94afa5712a776888aee75e7498dceb9c03917a322a29d0b97d36360a3167430f8e6c830df550

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 c9f0a8c59f9f858082aa234c3cd8c8d1
SHA1 6633659506a2819af81a5125c0300b560c293c03
SHA256 536be8eb40c970b02054a19148d0e8e1d152567ff0ba84e973934dcb9e9c93c2
SHA512 638fadb14c62be0b901a6e472d995585bfc554b60598301248cd2211065b206370aa7b6e8907de1962fc7d01bca681a0535ce3ddd94094ac74e3d0bb5ed82033

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 2a65406a59ea1764a846d7b8330ff800
SHA1 acbd590aae848f6518c93861e0beabaf49bec938
SHA256 7afd5749775d1e33bda7e54dd21205285858f8bdf5b09f651e665ef8381e41ae
SHA512 917a7657cd201356f348d46201d36d8cf9ac287229808a038a13585419871c45c63d4098b9ad5a23a2b915128f1386a61292d34e49bbee05a1f46b8be99b3874

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 4e18de9a75d9ade0a26b7f7e6fb1ff42
SHA1 0f030e14a728d62ccc1887f8312e785344e2eac5
SHA256 500ae809684529657a34671239ba4af0f0f6d6d7b37d20dd20d53a9bd404b9db
SHA512 753d00b9575b47ff502cd8ac58414ff5a6eb0b7d13468442783038a94443628efc1260ea8a0e6e9926bac2216ae09d683d40c8056f368d3faea28edf388ab322

/data/data/com.xgbuy.xg/databases/ua.db

MD5 f53d35e42461c0ebb4c53f240a79afa4
SHA1 e4849a3baa95e159c0e4a19f4d6f1098fe59d520
SHA256 e0cd26e9bcaec0e010c103f5e51be6b7ff059db453c5e0a477ef6093ad41a2ca
SHA512 7b3f83383591e1dac002fa34628491e0da67bb90cd6c1fd44e7700241110a02c11ac052a1372c0de446375934be4c3dc630f36288b6d84ce70a21d8c5ec30961

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 3c389238dea70d807224fbb650f00583
SHA1 515a6fc2128c71afaa3ade053ef32accbad93acf
SHA256 b4db1dfad67f084b7da1cbc921a39677255ed23603a61b2e441c780a3c73f38a
SHA512 c554a636cbd5bf55511a0483f83657320e935fd1ff93f2646ca0898fbf0c324cc352fa30c71c4413a745d1180ee0d1728aa0be0d10a5e5365a87864529ad3df6

/data/data/com.xgbuy.xg/databases/ua.db

MD5 e70d1d261531db3535a9cc1e2caed1fd
SHA1 598b279cb1d5213a2e47c519293596827360c190
SHA256 b6818fa8f0d426e8928998c09b675d4565e68184c027cc6f4da08135f0bfb29c
SHA512 25a482e460ce1ff9a5cccd14e5ab339e4b8212e54e8793254a296ac87d9d11d006435307e507d1e5bcf43ade0c06d92472ee5c35967397c6d8c5e07cb09b558a

/data/data/com.xgbuy.xg/files/umeng_it.cache

MD5 da1ed245bce96833d8948fb2f6123909
SHA1 3e9b567e930188dc820335b22985c21486bc1c75
SHA256 0f4097b1f793a8505f3fb725b3b7167f2acd4d3abe2cc863ccd7f824cf81144c
SHA512 e1c341635ee119427c4070f4c11198f12276ee1d8a7527450b95ec0a4738bd1a7204aa791f5ff0d7eeff33485ced9a6b29e34c228cbe1c46bc52cddd1c8039a2

/data/data/com.xgbuy.xg/files/.umeng/exchangeIdentity.json

MD5 891dfbfbfed3b5658a5b37f9efcbceb9
SHA1 c9c71d02b3ce6079221ab0edd53dcfd08bc25680
SHA256 09b6b4f9ce0a7e7f38969980f1b4b31e34317889df0d4efe27232421233e5082
SHA512 645fadf853830872ae8daad4f8f68f1cf5ba6fd0df21b9f01e62e580979e3030bb472d9323a47fab978cba587863f295cd053bc853bb8e3d3c796a32ed69bda1

/data/data/com.xgbuy.xg/files/exid.dat

MD5 953db69dca6a21514b59eb6902be4ed7
SHA1 5c8e372f3103b3361c25c18be35529568bd1af1d
SHA256 66f38479828d5b317db5221365f07d8ad5f410295fedabe76e87b45b012ceca2
SHA512 555d82b169f6bc89848a25355e84b1537ebb2fa1155b0d406292e3ed449a94f67602201c1ff1802b2a4b201bcc404c60d42a14144f6ff4a1aa1755c51fc9e62a

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 6131bdb48b5340d0d68d4d8d8a7e508c
SHA1 7d42d1003a6ba5d3a8bc41d04770d60a0f69bfca
SHA256 30f8741481ccac7f4d1d29b055842a121ab9a3aae180d8449329b591162cb101
SHA512 8a05a069e3e3120b0cad16081e3bdbf3431aa0817d2e6a205996e7bf223233e07a9f8b8986c9f2dc4f3a20e69114917599cbc6582174790368d3f82d937fdf7d

/data/data/com.xgbuy.xg/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.xgbuy.xg/databases/cc/cc.db-wal

MD5 51bb223dcf7cdfcdf7a785f0beab5487
SHA1 8d2f65a1261864d0dcb7f447499f37e8feb0026a
SHA256 6e461d3a64b7520a886076d72cef11923c31df0634b4e469b1ef0f99f5a1afaa
SHA512 77522990a02f709f2830e655eee89def3d97c004d84ad029c52f3e19f52b3d9234bfd128b0a7bd9427388344261900d776ed1b12d2938116df26978570074619

/data/data/com.xgbuy.xg/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.xgbuy.xg/files/jpush_stat_cache.json

MD5 ee679a5cc3a4f8c2916829db6447fc6a
SHA1 b6675a196ae3036c11502652d96de6eba921fbb7
SHA256 b402c42b09915193241357871716f6c200d05f88972e573ed984ca51d35f60c6
SHA512 f84ce3c5da360329e4842eb710f784ca57682ba05675ca01f890d8105fe827354fc4f6c55e48ef5f77cfbf54b1b27432cd121be8ea9466ae243fbf92b9985d61

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 8a8d5bc1fd2ce7fab6e318fdad39a3e7
SHA1 02dd8a386d05d7ac719ba4dead14654e0a149868
SHA256 26f4f83cac9141243b2d3817ba0953a91e24dd88d3ba3cfd8ff76c8da5c7c57b
SHA512 8f5df087165439027d134ff8a34026676d93aba08eb109522df6795a2cb27490b8e0235e67eaa88b564bd486729577b32ab43f5356e78f527446a26b2ebf5c6c

/data/data/com.xgbuy.xg/databases/ua.db

MD5 64192f6e34faea014860687b06cf52f6
SHA1 17d68c8adf27fe6bcfa6358328f805ec763de58f
SHA256 03717a6d602106d374b31292b88da77e3080468cffd3eae556f4d5a0cf7b6242
SHA512 525a94c9709453b06540d9efd866f2b06239f0d32ec64a2dbfc87d4d7d079f53abc5ee188616c916046317b85928b5962c8a5d7ab3ab7fe6fd58ab4cb5550c1d

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 4f8b8cd65d2a5ed710c4fd5be3d52d6c
SHA1 8e1a89d20b1b4c57e98f08eac20c662b899dc67c
SHA256 5a0563544b4dd6f0abeaccc23a5a30839dc392118c748f7837cf63634faba5c3
SHA512 5782d530cb11847c3f5b2a70e2edbf2eae8e32390d85112d737f2fcb39cb2739833735701854d5d9cad1a857e1ce3ff6d91b52f41d20c53248a76454ace91479

/data/data/com.xgbuy.xg/databases/ua.db

MD5 ad2f1476fc2e94fbda7d05fbc2967acd
SHA1 55281a947446b073ef6f00c46d382faeed6e4ca5
SHA256 dfa9d3689e8f35bc17fba4744d077332fa0ce05e846acf1283e3b8c9f36f969e
SHA512 ad3ef80dd04f2a0a436531b8957fd1817295505c1f6110707c9edf4adb054b37d36b44d1da66a3bf834d32dd37fb58416f269af99f3912f83972743ac526e154

/data/data/com.xgbuy.xg/databases/je_1000_ISME9754_guest10351366452344722845741932913213295005-journal

MD5 a937bd82068e2d4b0c687c9d1a84cc47
SHA1 f3fa0953c63818a8d2033d4b08639178ee560886
SHA256 aa03780d3d9abd01d7da080b5517e5c2faa82104ee4a15ea2476992cb950d612
SHA512 18d0db527f1ea8869fd004a7941eae41213dcafd66ea92fa50ed4c8dfbf7927d65e4f0278cc3c38833b9aafacbb4dea3ed8e24b024959a6412b2496fd01daa75

/data/data/com.xgbuy.xg/databases/je_1000_ISME9754_guest10351366452344722845741932913213295005-wal

MD5 81452adc57a47670d69b9c384dfa392f
SHA1 15c484fa3273bbb62f8f4985d18cc0936b9129be
SHA256 9d3c96953050792952781d32a7d8461c23c38f5aa412ebc4bdf199191eb998fa
SHA512 4d8701428c77a08e70a38f7cc6ee6580b8a3ac46aa3ad87c2a1b8ecee113cb8aed8924c6754f3b7b0dc822c42c55014b182401e8988819747f4cfd9835d98d00

/data/data/com.xgbuy.xg/files/.imprint

MD5 9212b417f1c592354975df593e74a8c2
SHA1 992572dc1e8d3a0c70d7491f42c94ad2ca0a2d4e
SHA256 c5da1f065c5c423745721430e0f9e49c50c80d522348c6a1111499ed38fad271
SHA512 4a356c191020160dc23aa7a607c9763d848d373139bed6269f46607eb9fbfcc324d6bc55a86fe87c0559cf0cc9702ebef489d4854adf7df5ffae95ad4d8834f0

/data/data/com.xgbuy.xg/files/umeng_it.cache

MD5 7d7d44ffd28d1c37beab8e02f6ae84c9
SHA1 b4c25d95efd6bd34a44bd4ec1a38fa3e416ea219
SHA256 ac2fff2c501f3e9c79f3b9af063a52876b043f5daabf0eced6e4e08acabf5e50
SHA512 3bd6ccc024bc8f1430142363a061034833b0eda7c830fac34d6352cfdf93aa4dc14d5b46d00bff1759f6786c716d808ac7554ec3b3eac46fe112c14c53f7f827

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 8ba4905b773380ce450da6768789de62
SHA1 9a9e2d108cfec2699c173adf6a2d5be83b2303e7
SHA256 84a6b44db6c1624e567c350782ab2e291f10fd4ab19d261e6b87f1d0068395c7
SHA512 db86a16f2ab967b9b102d1c28ceeff3ec450bf2258c5c47e1718bea25b84fdf6bd07d8f9e5987ff43a9fdd75d290ac85ecd46b2f217848f51244e1721b476234

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 ba4391d39fc01b24c32a2981d28aaa5c
SHA1 9c93c84d56f558b44a545b1f39a2947c5ac9c6bb
SHA256 1bcd74df3a69a1bad3771751cf23180984cc0eceb24d191968316188f7e7fab6
SHA512 db6cd4785e04c89375e9e9276653fdc5869c0fb3b168e4739de0c273eff74232a2d3c85c56f1a72f8755581e7a116970b35265d864844ccfc312d0ecf4f62e3d

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 7010cc85a491edd9abcace755a052ccd
SHA1 077703cc39e1a10ab46e2593d723e2c86e0bbfa9
SHA256 ba97885e18219fe6a8dcfee8729e9e10d4e8c40baacc943e26c621423f84733b
SHA512 3c804e1ae4e393eb07838c24e7abec98c4163be67c9a2db79c3a0946ec39d9c63acc90f27557de17a24bcae831c3e0bfb17696e9b3815271cb26239f3307dbf4

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 1d9d6c21d65dc99190dd2dd59aed74a7
SHA1 a58afd0eac806970f74daaf464c188b2ab19d572
SHA256 7c3ec9f76c1023b127e7655c5fee994ab9cc2c5c8c7ac8ff1c78792099a05c89
SHA512 875a0774ac85020c883daaabe7283857b83b883c9b5f89521765f78b8ac4d49dae9015b5ecc54970afde936ef91ef730dcb95fd59e9dc7bfc872209ad12553aa

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 f9a14cce3f841c973774ea5971432a20
SHA1 79b1d5070281a07e333cf047041291eefdd26836
SHA256 7acb6b415fd7c20d1f28f3832acb69c255d7ccab9c759a9b412ef0e5955f11b9
SHA512 0d085893897cefa98fcf2cefd73f9480b98b5e9cc75e092992fc1f8c3f7187425a236df9a71aa94bed3f75de3e3adc2a84e19f436945bc5c592a981ff57ce99d

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 3ac7f1938973ed5f94bb2086a685a3b7
SHA1 b4e4053b197264574a85e1e4901c81ee471959a6
SHA256 eb02aa21b5da4634ab84d33c2320d1e1c2c82353882b25e94b69db158f796a96
SHA512 9ed7bf6d81bebec9baac2fe1cae0be817240961ba98a17c2d13a834315637adf314a7b25691099cfd9424c97bc13938fc6d2b433fc9a57815f052701b402cffe

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 042730dc76894bc53795b95b5474b72b
SHA1 dcad44549f2a25e14abea8c189c692299fd6ce45
SHA256 5c624583422efd48f0011344b8c79336ec807f8b8afec7ed30519a508010a27a
SHA512 6c480b0127154ba9ddd893927c71586919a3c30d2fd79519644ea8461a11b86414368e64792558d4b5b4716dc5cc58def54f3264e9c89146f2c3c406cce7c9f4

/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journal

MD5 8199bc5f9cbd5a7a5318d04ecf7cc061
SHA1 6e4925ba07a7671352095ed4d174533511726593
SHA256 5d6690519c680299e88c62cbbef55a05f06eb414dd44f5628aa34a3330413d45
SHA512 d7400b974b6040f5a7389c2db33313ca2b8add2353fb12c85d13eea4e96150e1b4724f1c33a45f10a92e1b10c49fec07e17ddca0ac4ecbe61dbcf78d035df2ee

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 600a731e7251fccfc889710595193241
SHA1 add54011da9b72a41db58614480257848c38ac9e
SHA256 4792fe86a913e3b70ea425095fa22845673668dc72976aa80aa17faebf49e07f
SHA512 d516432829179a90a9d7b242eda634de64b52d809cf599da1587f909ba6571e1aa3dec853ca8dbb40c57bda5bb91e3738446cf817eab5270d51052a5249cb32d

/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-wal

MD5 1b2230311600c0aac33d9cb41b9ddc02
SHA1 797acd2494b0eb19670b8b4a6ea3e053c06068c3
SHA256 d42c20557217f0c1f5e7c617729585a260dcf3ee1d10748d4780e692dc750f99
SHA512 d4d0a5e6b307ea343e7ae70df5bc253be29fece8f3a8577194a80e5924d59decfd93b20327cc577401ccbc1c9650358b3ebbfad1fcd16f0c2e88373388864cf7

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 fa10695e43e9a78a9766958176701ef4
SHA1 5dcf2baeb5825e5aec91ebfcc04d4b8ad991c953
SHA256 272a22c0dbf1c681723660d614f5f810b32e14451510d192066032c1fe2d3a9f
SHA512 837a06a0053f1225326353d2e31e0190f25403184dc132fbc69abf4ea4653b0ea892d52067188bd69d6b57dff0604b598e4907b46442bc9fb6ee6affb7457781

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 f612baacb2276e4feadde4769758deaf
SHA1 b0b6592c26ec190555d9ae73378aba9f2b543a41
SHA256 152bb7a6fc67e6329d940ad8b9fc1269083b7e8059b243c9961d6720515008c5
SHA512 0fcd31232c7e76f3b4105e17332fd1a450010eddfc57e9680e372b67de2ce24236233dd4aa2abf40342956c0d14522233817524ae0b7f998875c1f0270a80a1d

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 8e24e79baab91c4d0604eaa9006a0cb3
SHA1 e427afc94a4b957a7096f73e395a10ea404c076b
SHA256 65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d
SHA512 45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

MD5 de80f22f6f2b7cd727d524b1e993997a
SHA1 b8d388960bb83c441a1574c05eeb672c5b8f4978
SHA256 92788f830892774dc32281950b71a1fb6f1480142af3eb5ed4d8c5a66a05e04f
SHA512 c26f13b504ac3efafe140e8e17fc4ff78c325501a6948e414e1f752cf6d4c1ccee9d9f9f36fa20be7eaa71cc855cbeceadbaa28bd1ba24af59a35a2c73f774c5

/data/data/com.xgbuy.xg/files/Mob/mob_commons_1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 1ae9941e691f604736b717d1a7b6b16e
SHA1 b97a4d66da529920246578350b4fb64e942b76c4
SHA256 e8e85158b1da73164ff06e13e9be9a85b48f5ceebc56df6f57c64774936da53c
SHA512 860d707cacd30e2dfa957453e2b34bc895b87a8dd70b651b0a476d33b8ef46e2b6ef60a9f325bb2ad69ef3d8f1358234e9fee29db68b354eb272472e88ebd67b

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 ad6303cbd1a69798a0cb7af2254d96eb
SHA1 bb3019930e84062429208d390321009117c8e9d8
SHA256 044e87c8d0b97acbd4ca07e022c984e6d08914c3cfd81ed8a3685fca9de1d756
SHA512 5bbc659360c151f75f62617f1d921c1153674a0b9bcdeb475c26e5893ccd7ff978e9f01cb23753743cd0bc6968750349a5306efadfde0745ef509d0b4866dcde

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac

MD5 81024874f926b0c0c9e613997c9370b1
SHA1 a7b4c37570f3e5aa7bd575d0dbcc71ff9079a95c
SHA256 da5ea38fae9a292777936eae50a76aae4d2a589550448aa6970383e44aabe7d6
SHA512 8ae3ca2a1a4ea6c514fffeb911f4c42ff173433a7fd82980193d883196e748e458e83ee42051ccbabfa7f49792dabbf1eb8a72fea3db16c2f157e7ada4182830

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 13:48

Reported

2024-06-10 13:51

Platform

android-x64-20240603-en

Max time kernel

10s

Max time network

131s

Command Line

com.xgbuy.xg

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.xgbuy.xg/[email protected] N/A N/A
N/A /data/user/0/com.xgbuy.xg/[email protected]!classes2.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/[email protected]!classes3.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.xgbuy.xg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 172.217.169.46:443 tcp
GB 216.58.201.98:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 142.250.200.46:443 tcp

Files

/data/data/com.xgbuy.xg/.jiagu/libjiagu.so

MD5 aa01dd97609092ce310e17bf791069ce
SHA1 f000840a8f68ea7beb2e29ea466088daf55609db
SHA256 e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2
SHA512 766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

/data/data/com.xgbuy.xg/.jiagu/classes.dex

MD5 64c6ecf9ad2618447604468b5818d7e4
SHA1 ffcc10199c4bc4c07c8fcce8fcf5b06c7ac235d8
SHA256 5a5f2611cac7a618bbe568a9cf319d5c7d39b6e59d105c05c7b76e6adae87d9a
SHA512 437f42b2f28d87e92f9c2ff3a75c6358fe28b599fd1601cf206b7d01046a2aa7a11cfee03d8fc0919d427183574f74bf2b8c6b17093cd8ad19d141de395c5068

/data/user/0/com.xgbuy.xg/[email protected]

MD5 51bdf60bc56301b14cc8771141257b1e
SHA1 33cd9d12adde0345a80d9fb40c74f6e6b2f2e327
SHA256 bc88cead2b4c929767ace9af602c0390b7f7551ac863e57e2cb097f64a17fab8
SHA512 38a8874a0db440be9c0c6439d846b39ec31de562713f8199bbd435cfd1a7ec837a55dcefe76bff08cf5e6db1ce04340e155f09063b0a11355467046bc8f6f838

/data/user/0/com.xgbuy.xg/[email protected]!classes2.dex

MD5 db2029e66f93faaa3018c344ddcc99b0
SHA1 3ba6574832ee32ecaf977f3395098b5acc6840f6
SHA256 dce1f5a1bd8d52abe797a05cca2005a4481599015e635fc6c8176e56af91a6d9
SHA512 47ed031bb893a5df5fc2520abe707afede1e2701941b1d8afeb2e225b92919d14cfada1b5100dbcd71dea0e64e2a56e77f3160d501b563537fcf32225c415eea

/data/user/0/com.xgbuy.xg/[email protected]!classes3.dex

MD5 c4b84653e2425d79e3056c6680789ef6
SHA1 fa9e8c09531a193da7181d849ca642c744f5de03
SHA256 b373569b990b874085e62dc8a2136902204c9e5c9143a5737e6a0d47ef29ff18
SHA512 a7764c7856588a1e3e3bb262aae1c16fea6dcdaa56ae3c3cd76574bd2b32f1d48d33fe40111ede483374ae690f44617238862e8854945595223da39c18446cd6

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri

MD5 4b8260394f301d41dbcbfdb04cbd8385
SHA1 6290d15f62f10e06680ac21b4f244bc50cf423ea
SHA256 240d021e8754ecc870b097dd0e5749170dbef343c67f3158cce134d16b2d7be9
SHA512 7d4d5cf1391bb84d7a35cb08dbecfee4a197e78caf3985cd27bb223b4f8044d28fa3be1b12939114b256f43a43384298fe6fb77b963b5ff5dcadce6c358b40b0

/data/data/com.xgbuy.xg/files/.jiagu.lock

MD5 f6e7e44f3f47fb627a2756a560220136
SHA1 8ca467cf8a8b45fe03f71c0750c33d2d06db2056
SHA256 1914cd86a66e5a35f937920a45047e1dd54c249ae68f1f2c576a5aa9a66f48a8
SHA512 d2bff2ebf9eedb42537c279dd475a88a9fd48d5a3174b5adfe17e26e38d2efcc2979efba2528ffcdef3b11813deb13760d291d2fd8c27d7b727d9f8991568fa0

/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

MD5 51c5aa906f06c067a08870a9a8016aab
SHA1 2af362a3bd68788f993c23b2739612a7d13e9ff2
SHA256 bdc1ba3dcfc79be5a2f0eac2fe82a3639afd77e4ac3776dacca777c93c3b83ae
SHA512 4fcb27b8d5863fc549a6cc452c4b84ae62828b2c7f6523130f9ed371f4263d043eeeb34764c89412a8f2b45cf5fec2d0304e5bbfe6ec756d42e46c78619a5dc8

/storage/emulated/0/360/.iddata

MD5 30dc560c6dad9d99a6d4c1e9454e5f92
SHA1 523196fe667f8c6f298044874f0f3563740b748c
SHA256 653c2eea9cff111d5c1d272851d0f5af70913d2c4b85d739b553e90b52b3af73
SHA512 9937b8f4e331ad9bee5f550b9ca0924377ea9e7fe7851fba5235e93e3718469ab39b04236f582bc9c932631baff5b3bcfffc252e4a2d873543c317ff8dcebdd2

/storage/emulated/0/360/.deviceId

MD5 4c4c5285293d5141f582aefa4e038669
SHA1 e01852a72e5a8e6f7d63a21426b515118196047b
SHA256 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399