Analysis Overview
SHA256
1035700cc5cac3d8b7322aeb09f0b82d92a1943c75f1e439a126641c57143c54
Threat Level: Likely malicious
The file 9b95f0e77e856d287c7e714cbb9e0637_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about running processes on the device
Loads dropped Dex/Jar
Checks known Qemu pipes.
Checks known Qemu files.
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Requests dangerous framework permissions
Queries information about active data network
Uses Crypto APIs (Might try to encrypt user data)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 18:15
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 18:15
Reported
2024-06-10 18:19
Platform
android-x86-arm-20240603-en
Max time kernel
170s
Max time network
184s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /data/local/xbin/su | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
| N/A | /data/local/su | N/A | N/A |
| N/A | /data/local/bin/su | N/A | N/A |
Checks known Qemu files.
| Description | Indicator | Process | Target |
| N/A | /system/lib/libc_malloc_debug_qemu.so | N/A | N/A |
| N/A | /sys/qemu_trace | N/A | N/A |
| N/A | /system/bin/qemu-props | N/A | N/A |
Checks known Qemu pipes.
| Description | Indicator | Process | Target |
| N/A | /dev/socket/qemud | N/A | N/A |
| N/A | /dev/qemu_pipe | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.huixiaoer.huixiaoerapp001/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.huixiaoer.huixiaoerapp001/.jiagu/classes.dex!classes2.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | s.appjiagu.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.huixiaoer.huixiaoerapp001
sh -c ps
ps
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.10:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | api.map.baidu.com | udp |
| HK | 103.235.46.245:443 | api.map.baidu.com | tcp |
| US | 1.1.1.1:53 | redirect.networkbench.com | udp |
| CN | 123.206.5.129:443 | redirect.networkbench.com | tcp |
| US | 1.1.1.1:53 | beacon-api.aliyuncs.com | udp |
| US | 1.1.1.1:53 | adashxgc.ut.taobao.com | udp |
| US | 1.1.1.1:53 | mpush-api.aliyun.com | udp |
| CN | 59.82.33.251:443 | adashxgc.ut.taobao.com | tcp |
| US | 1.1.1.1:53 | app001api.huixiaoer.com | udp |
| US | 1.1.1.1:53 | d.huixiaoer.net | udp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 154.8.188.31:443 | redirect.networkbench.com | tcp |
| CN | 123.56.81.53:443 | app001api.huixiaoer.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | adashbc.ut.taobao.com | udp |
| CN | 59.82.39.255:443 | adashbc.ut.taobao.com | tcp |
| CN | 101.200.79.168:443 | app001api.huixiaoer.com | tcp |
| US | 1.1.1.1:53 | s.appjiagu.com | udp |
| US | 104.192.110.60:80 | s.appjiagu.com | tcp |
| CN | 59.82.33.251:443 | adashxgc.ut.taobao.com | tcp |
| CN | 59.82.39.255:443 | adashbc.ut.taobao.com | tcp |
| CN | 59.82.39.255:443 | adashbc.ut.taobao.com | tcp |
| CN | 59.82.33.251:443 | adashxgc.ut.taobao.com | tcp |
| CN | 123.206.5.129:443 | redirect.networkbench.com | tcp |
| CN | 59.82.33.251:443 | adashxgc.ut.taobao.com | tcp |
| US | 1.1.1.1:53 | mpush-api.aliyun.com | udp |
| CN | 154.8.188.31:443 | redirect.networkbench.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 216.58.213.2:443 | tcp | |
| CN | 59.82.39.255:443 | adashbc.ut.taobao.com | tcp |
| CN | 59.82.33.251:443 | adashxgc.ut.taobao.com | tcp |
| US | 1.1.1.1:53 | adashbc.ut.taobao.com | udp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 59.82.33.251:443 | adashxgc.ut.taobao.com | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 123.206.5.129:443 | redirect.networkbench.com | tcp |
| CN | 59.82.33.251:443 | adashxgc.ut.taobao.com | tcp |
| CN | 154.8.188.31:443 | redirect.networkbench.com | tcp |
| CN | 59.82.33.251:443 | adashxgc.ut.taobao.com | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
Files
/data/data/com.huixiaoer.huixiaoerapp001/.jiagu/libjiagu.so
| MD5 | e102893683a16d223c852ac584155d58 |
| SHA1 | 5560d79d71fb1951d6ab0a464af87429a4933c2b |
| SHA256 | 41c76fbc6aabf843f22a1cf49a457bb99a7579b7260e46b2841c30afd82523c8 |
| SHA512 | 3129498f917661361bc9a0eaba6b7b6490c2216e19dd7cc802b1f2f22fc16ae43b86a7ca97273cd2e2504a7e7e08a173daac34f5085a21ffd4ac1d84e76cb8ab |
/data/data/com.huixiaoer.huixiaoerapp001/.jiagu/classes.dex
| MD5 | ba78ae9905c41020c37d197cff8271ec |
| SHA1 | a093dd98d5a0ece515d1ada8f634a9f9dffb8281 |
| SHA256 | 41893785125a8b611b8bc7248c478c1f6a1382fced03a36b01a923ca5ac9549b |
| SHA512 | 8d910979d448b27f4a985c3d6d25313b06b169b44f54341de9f0e2a88a4436fe7a1450d8be9e8b41df4f129ad02b1a64982d6ede9480f60c8c5650ef05a4d793 |
/data/data/com.huixiaoer.huixiaoerapp001/.jiagu/classes.dex!classes2.dex
| MD5 | 1c4468e3567130a6c5e77411116e45e4 |
| SHA1 | 55f1f53bb77174bc84a11f608f3131f35472267a |
| SHA256 | c325a91ea6ec0f4612ecd7bdaf50c450dac4e97d58cce1afe376197ccf5429a6 |
| SHA512 | e8e35fc80771eee284a9b88d2a36f0b3843f4f1e4a7a32df5bfbad2be54a9143eeb65f3cf851316659476c2474e333e9b2b1feae03b2db1e7a2700355aa4f077 |
/data/data/com.huixiaoer.huixiaoerapp001/files/.jglogs/.jg.ri
| MD5 | 0fad82b16db621e2ba0bc31f2c62a04c |
| SHA1 | 389e691b6fa4576cea1078d4e37d470d4e2f5581 |
| SHA256 | aa86d4b0936b8001f77880d4ace0d586ad704fde21c4812f22d5fb51be469e8d |
| SHA512 | 882dc44a85406d89b91694bbd941d3f89e8be8e81ec0fe027e632d41d4b0fe16883d5735f936bf35188256fcd4a16e89462135449f33879642dc6bb44ea35415 |
/data/data/com.huixiaoer.huixiaoerapp001/files/.jiagu.lock
| MD5 | 5c950f6b80180094d0d8e9b52e963522 |
| SHA1 | 398a79ff7218ae3d9060b8b1664dc08ff7faa16b |
| SHA256 | 9cee5937830d9f73243d676352b23f74370961ab202410f0ddc4c6c952317504 |
| SHA512 | 6ce5276f4947cf1e0d252f466b94f434951f886b1b9b7636bc5071972fd3f87f89f6f12cdfffbcc50d908746f794f1e71a311f76f677b2c5b1d482ca204c8ef0 |
/data/data/com.huixiaoer.huixiaoerapp001/files/.jglogs/.jg.rd
| MD5 | fb103bb3f3a1d2d22fa0d0c0b10c2bcf |
| SHA1 | 5a39699713fb16e4811d0113abb03f4d5c67d460 |
| SHA256 | 24feb1c5b6b3c580565e728f07f0460f81a1e433e234d290832964c52ce21ff3 |
| SHA512 | 533f5c0f581e95aff5a39023ebcf8bc50a60aceea12dd5a4613c10b2b73e52ba55f24700530968537b98a670f12f3c7b91bc7e291bd6142344f36ffeff50de4d |
/data/data/com.huixiaoer.huixiaoerapp001/files/.jglogs/.jg.ac
| MD5 | bb05a6f2e6e1f34fe9d96e873b3c4842 |
| SHA1 | bb17cc27dc79328ae1ecf288097cd93aae398b7a |
| SHA256 | 107793b8e23c19b082d27ae3e66b2a33a8b4f0fe8577e31917d486d4bac3cfcd |
| SHA512 | 38e2f165b8167e1e3cbd36430c4f0c016d1605a3a2bbe32be1a1b41df3e14b70071828e06c389f97127b255048601a64bcc4e05f9d2c1ceac3948507af29ab3b |
/data/data/com.huixiaoer.huixiaoerapp001/files/.jglogs/.jg.ic
| MD5 | b510e6deaf2a7810348ac7cc34098b72 |
| SHA1 | 1b0292f979590241ac1c3c19a46ba5b71ed0bea7 |
| SHA256 | 611c46994550dc9128e5ea0eda487a63af220cc4ea6ff7746ab1a07827249196 |
| SHA512 | e2ca6ac3b73e72ce89d1c65f50e96c22cb9a6227d62f962a6b3eb856b8b9fba2020272673b07ae8fbb832feaeb01d4e26092964826dfa158c68d9a9b944e08d1 |
/data/data/com.huixiaoer.huixiaoerapp001/files/.jglogs/.jg.di
| MD5 | 5e3e8fbbb7ece8441535cc01ca63e0ce |
| SHA1 | 7ea4f6ef72bf8144f197b5cf3e76a176cf8921cb |
| SHA256 | ea7f7dbeb32648c4cde4e3f3e1dbf911e7f09c45aaa0bddb58f740ce8b262499 |
| SHA512 | 68d37217fb650628e94509ad6eece5bf499d77498f0b621f653bb336514dd77ea97dff0883dee514c43aa52251f2a242d1d575e2fcf798476fbe1692b8625d87 |
/storage/emulated/0/360/.iddata
| MD5 | 0715a3b336658070ebf75be2d2225ceb |
| SHA1 | 8339c0986264c547044dcb87165fff0dbdfc1d40 |
| SHA256 | 8bda4483c0481793282e90abe6b5cf507bac1e3d5e8516b6e946fe3bf2600e7a |
| SHA512 | f13f13650a53ebc96f3467ac85205953434c5fe1ec033c65d78ca00488e9d32712b1371117ecd650df19382862c1a00003da6651fc01c5f858da6801e7081992 |
/storage/emulated/0/360/.deviceId
| MD5 | 1d8d16c4e3b19ebf18988530d9b9a757 |
| SHA1 | bc94c1cce05cd848a53271ecb9c5311e27ffebf5 |
| SHA256 | abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7 |
| SHA512 | 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82 |
/data/data/com.huixiaoer.huixiaoerapp001/files/libcuid.so
| MD5 | 627d899978496bb16230fee3e92708f1 |
| SHA1 | 8c640fbb810f9a0c6b05f3ea1928a4e68d1ab406 |
| SHA256 | b19b44f6b69fd1c68ba4975b99632f034f42bc4dc989fe859f8d6fc233f1d6f2 |
| SHA512 | 705c26452702a54157afbbda30a4411c668fe11f504977a1695231b55093ec6cf90fbf838d4b84c09e9088a2e6000247815fb65cf0dbcf05b58a8a27426deb3e |
/data/data/com.huixiaoer.huixiaoerapp001/files/com_alibaba_aliyun_crash_defend_sdk_info
| MD5 | 9e70d6a6038d0644982812d466a851a9 |
| SHA1 | 90c9f22d8dda95f92ea68e23066d29e8522c1f42 |
| SHA256 | b8dbae4d07807fc2d1ef295071f73b0a9757b5c85e2db7dd14aafe9344eba62b |
| SHA512 | f175bef841401812cdd81e97c1b90cc75da4707c9e7a8e670fcf52538ffe77f1960a0986c37335f42aecf27f11bedf332be65c90862a5295ec040f83f9abfe87 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 4295181f63894a0036e1c8e3bb9b121a |
| SHA1 | 338bb86e14368d6abd8573db0bac4fcdbb44c204 |
| SHA256 | 1adad3f1e51f84d66daef5726d04dae2539a288b936251177e3c501d320cf64c |
| SHA512 | 58d3f11c2816eace4b375906c12abc650d83eab6e5779b788a161e6f2e5f00876be0029505e68a2cc08123f24deed62234134e1683dc60568db3964615392974 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 9aa938bfb9202e35edb2359ebeac65dc |
| SHA1 | 7f8f425385e3365c8c8f09276455aea728bba059 |
| SHA256 | 950c16ddcfa0a2100eab63218df870b181463b0e0f00e89f7ef569507c22253e |
| SHA512 | 7b91487dc2ad4644ab16f3c6db52e3231a8873b192134ce0ca7bc7d6fbe6b74206d1410cddc0ae8bb54bf2b9105703363574ef3edf852b139ab329b438f85ecf |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 3e2d37e3fea24e8fa9d5339b80baa3d7 |
| SHA1 | 76d459958edd809f311c8e1908145fa428bd12bb |
| SHA256 | b4e465140a3f343eb066735143b7a5ed03987d528279e2ec61d2987808017e21 |
| SHA512 | cae79708b1a46f06e60fe9152d431228e8e3c13fecfa3d8acc358c8e654b4eb0d894883c92116c6601f7a54078547ca7ece95b88fecd12548b930e701732a82f |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | d5047a060bdfb1b03a32942adcdcc145 |
| SHA1 | 49db9778b6f271d61f9a8daa51235eb0fae511f1 |
| SHA256 | 8582a69ca48bc7b81369abe3e48fbf91d00837b4505517c96fee89e3b0ea56cc |
| SHA512 | 8918880c85b236053dc6e86103cadd3423eace3d28e78d344f845e4b3fed3b81366524210b7ce67cfd49c0b54287d13c9d0066662e80f1a2b12b000739d41c68 |
/data/data/com.huixiaoer.huixiaoerapp001/databases/ut.db-journal
| MD5 | 037c447858e8aea80d86f33950e01d1f |
| SHA1 | d32b2c34dc8d65f1d1810b461d74de697aeb7b32 |
| SHA256 | dacaba59b4e6d2a909fbd5fb7ba0ceff9d6a31340d1f7b0f2e5936107bbbaf9f |
| SHA512 | bbc9b11c52f58cbdc0d06680d49bb13c4b3189f8e040f6a9aacee98b92eb20bd5555f8d46ea14afb09ab70174f8a6ba04ce171af6df2f6af8582bb3fcd14bb40 |
/data/data/com.huixiaoer.huixiaoerapp001/databases/ut.db
| MD5 | 38616785cca0600a03205f84fe330b4b |
| SHA1 | 6ac41a6bdcae297d56dac5fdde70be5faccf0832 |
| SHA256 | b05c698d5827005da5e04b4fbdcac53cfc83405247353f8e9e145969a820a4e8 |
| SHA512 | 7ff2901c032607f5fa1f24a48056ae85fe8d67b6c5649233fdad7b66950d359b2fb933344bf1e2fe6255a00c593de7bcf959d201fe8b6ad214249bb31f855a08 |
/data/data/com.huixiaoer.huixiaoerapp001/app_crashrecord/1004
| MD5 | 8603662de2178ce14715d659e342b882 |
| SHA1 | 8deb1fa7249b1368297df5300d9f11d8668ce542 |
| SHA256 | 7c2d6249f916046262f6b6dd70b1ae04327c286bbb79451a53b31fd9c1238768 |
| SHA512 | c3e3d76bf64268604becddb6ce8cddc1eeee8963037de4da386b5b5ed4414b18559060ca54055d478e33e0d97a64ae3d39a52ee01bb159519a22f4b894bd8e9f |
/data/data/com.huixiaoer.huixiaoerapp001/databases/ut.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.huixiaoer.huixiaoerapp001/databases/ut.db-wal
| MD5 | 075044fd2b9a0ba84dbaef5bf7250a02 |
| SHA1 | bdb13ce099ea78e942bfc8f0e821af49bf856cdd |
| SHA256 | bc6e9aee7e8dcaf9023260eb0e1aed9b17657ed2be5186b63ef6d9ad38469bf2 |
| SHA512 | a7b73f59e0b13ca341a2874254528b4e5e839d5a36cd315e6e813f47cd792b16ef815c39e8b9c82c1e59425fc3ab9dee884df2100e0e9ed2e79598b33cd21ab6 |
/data/data/com.huixiaoer.huixiaoerapp001/databases/bugly_db_-journal
| MD5 | 83691ef59128277e248bb2100703ad6c |
| SHA1 | e82ef758c9ce66a05c5e29a2aaf4800aa05326d9 |
| SHA256 | 18fa5914e46f0bb9c30e73ce656187bf7f6da8cd4e3b3e135b4d24f66277b614 |
| SHA512 | ed62fe6ea0673c5c51978f31d4c7d90c5c5287806a531234f1188af15c3fa866c06d83f3aa45377362becf091fe0d88f23eb2969263dd8c58231705e4f7d4694 |
/data/data/com.huixiaoer.huixiaoerapp001/databases/bugly_db_
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.huixiaoer.huixiaoerapp001/databases/bugly_db_-wal
| MD5 | 83564a363faf941ccfb7a971032b01d5 |
| SHA1 | b23b7977dd278d509b81d376dc0bdee2840f6218 |
| SHA256 | ef8d43f112aff1428f852fdc5dbadf7e249285cb9a7c49b20e6d48d427a74000 |
| SHA512 | 8ad4a1adfc1df5deb03fc6e24740efce644e906bea1346432f719f316ae02d5638d12fedea06933aeac8ecf6a1e7182c17ea553da509ed02fd70513461c93d59 |
/data/data/com.huixiaoer.huixiaoerapp001/app_crashrecord/1004
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/com.huixiaoer.huixiaoerapp001/app_crashrecord/1002
| MD5 | f78f91c502e266cc9f270e14b778f243 |
| SHA1 | 73f4cefa4c93ad3a4f653ea121b7764dedc4ef80 |
| SHA256 | 136a8c352440e0b512d466638854ba003ec3f6745062b1aa95f70c7da2bf6be6 |
| SHA512 | 16528ddcbee64ca2eed018de84ba13e23f18ddda0dede0eba4c39a709f3531a24719c44412f28b5fe80a9bb91068bb7b8b2adf5d7c0651a338593376f8831875 |
/data/data/com.huixiaoer.huixiaoerapp001/databases/com.huixiaoer.huixiaoerapp001-journal
| MD5 | 39c5fcff6e3d21cf7f22b565bb3d8a72 |
| SHA1 | 92db73d2fe03958c8ac34c5b69ec534058924121 |
| SHA256 | 102ca2ef704ee5c2201cd76b752dcab02aec5b349f90bc6c9de2b2033b71bb86 |
| SHA512 | a58b8f3207b46bb64cac753261d1a2c4442979b5560264abcfc5e8eee32e37fd3e2e96ab8939fcdcccd8117fd9fdd874d6fe4e12c3abbf3667026aed19ed26c6 |
/data/data/com.huixiaoer.huixiaoerapp001/databases/com.huixiaoer.huixiaoerapp001-wal
| MD5 | 31b8514e787d69eaaa80d9f032ab8818 |
| SHA1 | f5d9db3528ac8f9910ce45276970eb4afe94eff5 |
| SHA256 | edbb13cabd0bfa7794595bbaf1aeaae5be92c0edf07c5ee8837f5a304e4b5a1c |
| SHA512 | ca8c07fe0be2ee4f1751685bf3891f6a9c4fd35fd9eaceade9a47d803cf39f30c168e0a6dffe9b70170fa63f687db02dd31abab519b77bc0d38f5a4e335c9e6d |
/data/data/com.huixiaoer.huixiaoerapp001/files/.jglogs/.jg.li
| MD5 | 34ae560c6e29745c9eaa9776c8fceb8e |
| SHA1 | 356cf4931c675b4f790306a33cf5b0dfc8f21287 |
| SHA256 | f0ac0a1d2ac2496cf6763c49d6b74c2b7de0899f1dd46d44c1b47647e8e6b322 |
| SHA512 | 5a32ec32ff2f208f6ec234c9dfb57e6b9f4795bac36a70c42a52529cd7d8ab13de14a676d1444bee8f6346cd2ebd0f369f293cfc5816b90dfc9b5814f55241bc |
/data/data/com.huixiaoer.huixiaoerapp001/files/com_alibaba_aliyun_crash_defend_sdk_info
| MD5 | 9752f30ef73e433076646ca80d89d1ce |
| SHA1 | e5a207e12724c86cf36fcb932fa90ce982e527ca |
| SHA256 | 70fc98b3f0f0521527ff244360116da6ba4e97e700972c136b9957406457199b |
| SHA512 | b6afbd3c3dc8b17f7dd36b15afb1e080bd123c2098d7370f597aee67e6d9c91932ccd796e777b53d08ec0b4571cd8da9b2c7c10cd08b11630296ef70d54498e7 |
/data/data/com.huixiaoer.huixiaoerapp001/databases/ut.db-wal
| MD5 | 06510fe20d084fa9032a83e6846fa6a2 |
| SHA1 | e25d2fba7480caccabab4a8c23867949826c7c39 |
| SHA256 | 461d7ff442415ce7052a8f9908c777e04a5f843c018101a7387b21049c5484d6 |
| SHA512 | 7566da5a925e3d5eb132f6f9f82a08a176a58e6871195c62c076e94925358a4492801d3b6002e5aa3be36f3caa5d4ec084de1ef002c8586d8b1dc3ff414c2a0a |
/data/data/com.huixiaoer.huixiaoerapp001/databases/ut.db
| MD5 | 724eb77e8f799e97d0ce910b05211390 |
| SHA1 | ae074f0d3c3eb2e75cc57142b18691dcc2587286 |
| SHA256 | 5e4b9d881c2ede6be040811c18079e8920965ba16b272054ee5fc5183909626d |
| SHA512 | 679ef7ff590b184ffcf324548bf4cd2ef2ce91eb0d2bf4cc2bedbd903ec382979f3765515adafd023b225a444ddd641b9789f5372dd064f4eb73d84aa63e9ee8 |
/data/data/com.huixiaoer.huixiaoerapp001/files/.jglogs/.jg.di
| MD5 | 32a808dd2b8202574c9cbfee3df04af9 |
| SHA1 | 1ac4553a362dd73e5ddf8bf336976834c8f94e89 |
| SHA256 | e98e64d03f4669d3409712c146bbc20e1cd6664a2489579293688b934ed5e5a3 |
| SHA512 | 222cdcac50cb36e507e3cc18373aed21049361d5c055d5fd71ba060f6a58dc8efb5839d6e0f5696fdcb9414a2d1432d0d23a9d08d91ee41bc3d1cf72830ac5fe |
/data/data/com.huixiaoer.huixiaoerapp001/databases/ut.db-wal
| MD5 | 9172041ca910685b68bf402a3436e1a6 |
| SHA1 | 76440753f6ef06cbfe0e0e087914cf7a7c6a8b09 |
| SHA256 | 5def8579c4247ff1a94978e177a3e089e6bd0385c343e85651b651ec80c47a82 |
| SHA512 | 4aa445e3385493c9a24d476dce3e4e7fcfdb470143d78dec86bc938d83f1bea092f2580832288254aacf542ee355a441c41ac47c04dd1457c264aff3a81979e5 |
/data/data/com.huixiaoer.huixiaoerapp001/databases/ut.db
| MD5 | 818238aabf6853d98b729042bf9dd5ff |
| SHA1 | d06f84309db1ab8ab561a4149bf9109d1c17c649 |
| SHA256 | dfc9821e3e1a195d13395603d846ec543b273ffe3deec08b4a926c1fed6a7e6f |
| SHA512 | 509da9cbf5ffff21ecc2443a48654e1ef5b283d0fafdc4b7e5a436dc0c61bdfbff56f17a637cface552c5caf9dbc21d4084391c9fbcc8458aacb64f2d6414b5f |
/data/data/com.huixiaoer.huixiaoerapp001/files/.jglogs/.jg.ac
| MD5 | 9f6aff9826e7a0bc46fb22bcaa6ae314 |
| SHA1 | 5d77d8051ebf8145f1dc5ea03f6b9dabfc611ba2 |
| SHA256 | 0d6570aa9d8387e41da6bb8bfff6595f5aed0ef9a25ede169a8021475a35b666 |
| SHA512 | c6e367797b427e744b47f7415ba6b73f7b9fd57a6823543d0d5e8753f7ddb8c55c1eab028ed5d6b1d6aae294a049a643c8f138afdb7ade426ed7c9985737bca9 |
/data/data/com.huixiaoer.huixiaoerapp001/databases/ut.db-wal
| MD5 | ba0c1bf797134496fcee754524bb2fbf |
| SHA1 | 0d2eaa8d8209458d4888466a7a7a6271af32c4e1 |
| SHA256 | c34f73d9ebe532c02def8312612ceb39955cff75e72fa6bb5ebfed3dbcfb6d60 |
| SHA512 | a98a5220882d20f2500a25f9b4d72c6c8ae2c1f59e888211d2557d0c63a36c3e32a610d4c37874c3930feac1ecf1ecc70c89b7c4200a495382d61cad3bb92007 |
/data/data/com.huixiaoer.huixiaoerapp001/databases/ut.db
| MD5 | 16515a461abf8394707d1404ceff2d7f |
| SHA1 | 0c43a936509c3fde0f58d641a605fbcf2ff8e07e |
| SHA256 | e4e24cd2d37282862935bf20b5dfbe5ab0a0cf23ae8119f2d2bcbf6523962b06 |
| SHA512 | ea4b8d90eb95e9048aee53ba2b266ba7d7fc520578a3983894bae0469c9995f4c159163166eaf71424803d54b00f1a7919b9e823b9b40e2bbfb36488ffa01f45 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 18:15
Reported
2024-06-10 18:19
Platform
android-33-x64-arm64-20240603-en
Max time kernel
173s
Max time network
185s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /sbin/su | N/A | N/A |
| N/A | /data/local/xbin/su | N/A | N/A |
| N/A | /data/local/bin/su | N/A | N/A |
| N/A | /data/local/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
| N/A | /system/bin/su | N/A | N/A |
Checks known Qemu files.
| Description | Indicator | Process | Target |
| N/A | /system/lib/libc_malloc_debug_qemu.so | N/A | N/A |
| N/A | /sys/qemu_trace | N/A | N/A |
| N/A | /system/bin/qemu-props | N/A | N/A |
Checks known Qemu pipes.
| Description | Indicator | Process | Target |
| N/A | /dev/socket/qemud | N/A | N/A |
| N/A | /dev/qemu_pipe | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.huixiaoer.huixiaoerapp001/[email protected] | N/A | N/A |
| N/A | /data/user/0/com.huixiaoer.huixiaoerapp001/[email protected]!classes2.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | s.appjiagu.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.huixiaoer.huixiaoerapp001
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.212.196:443 | udp | |
| GB | 216.58.212.196:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.67:443 | tcp | |
| US | 1.1.1.1:53 | api.map.baidu.com | udp |
| HK | 103.235.46.245:443 | api.map.baidu.com | tcp |
| US | 1.1.1.1:53 | redirect.networkbench.com | udp |
| CN | 123.206.5.129:443 | redirect.networkbench.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | beacon-api.aliyuncs.com | udp |
| US | 1.1.1.1:53 | adashxgc.ut.taobao.com | udp |
| US | 1.1.1.1:53 | mpush-api.aliyun.com | udp |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| US | 1.1.1.1:53 | app001api.huixiaoer.com | udp |
| US | 1.1.1.1:53 | d.huixiaoer.net | udp |
| CN | 123.56.81.53:443 | app001api.huixiaoer.com | tcp |
| CN | 154.8.188.31:443 | redirect.networkbench.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| US | 1.1.1.1:53 | mpush-api.aliyun.com | udp |
| GB | 216.58.212.196:443 | udp | |
| GB | 142.250.180.4:443 | udp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| US | 1.1.1.1:53 | s.appjiagu.com | udp |
| US | 104.192.110.60:80 | s.appjiagu.com | tcp |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 216.58.212.202:443 | remoteprovisioning.googleapis.com | tcp |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | udp | |
| GB | 142.250.187.227:443 | tcp | |
| GB | 142.250.187.227:443 | udp | |
| US | 1.1.1.1:53 | adashbc.ut.taobao.com | udp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 123.206.5.129:443 | redirect.networkbench.com | tcp |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| US | 1.1.1.1:53 | mpush-api.aliyun.com | udp |
| CN | 154.8.188.31:443 | redirect.networkbench.com | tcp |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 123.206.5.129:443 | redirect.networkbench.com | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| CN | 154.8.188.31:443 | redirect.networkbench.com | tcp |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
Files
/data/user/0/com.huixiaoer.huixiaoerapp001/.jiagu/libjiagu.so
| MD5 | e102893683a16d223c852ac584155d58 |
| SHA1 | 5560d79d71fb1951d6ab0a464af87429a4933c2b |
| SHA256 | 41c76fbc6aabf843f22a1cf49a457bb99a7579b7260e46b2841c30afd82523c8 |
| SHA512 | 3129498f917661361bc9a0eaba6b7b6490c2216e19dd7cc802b1f2f22fc16ae43b86a7ca97273cd2e2504a7e7e08a173daac34f5085a21ffd4ac1d84e76cb8ab |
/data/user/0/com.huixiaoer.huixiaoerapp001/.jiagu/libjiagu_64.so
| MD5 | b1863e639e6fdf0a1e36fc5a3bda35bf |
| SHA1 | b0809bff74eb482bfe687c026e4595c9ad210a20 |
| SHA256 | 82c2dbfdf2dcc3364d1616185d218f6471100f9f1feaa74420a2bce852981650 |
| SHA512 | a29de350e977ae51aa57bec536335631a4857e7ec75c82ab1e2a4a8de605569a8bc892b2dce272c723ae46c1de02c7e9f6a8d8808b4f990e513ca8140a0a69a1 |
/data/user/0/com.huixiaoer.huixiaoerapp001/[email protected]
| MD5 | ba78ae9905c41020c37d197cff8271ec |
| SHA1 | a093dd98d5a0ece515d1ada8f634a9f9dffb8281 |
| SHA256 | 41893785125a8b611b8bc7248c478c1f6a1382fced03a36b01a923ca5ac9549b |
| SHA512 | 8d910979d448b27f4a985c3d6d25313b06b169b44f54341de9f0e2a88a4436fe7a1450d8be9e8b41df4f129ad02b1a64982d6ede9480f60c8c5650ef05a4d793 |
/data/user/0/com.huixiaoer.huixiaoerapp001/[email protected]!classes2.dex
| MD5 | 1c4468e3567130a6c5e77411116e45e4 |
| SHA1 | 55f1f53bb77174bc84a11f608f3131f35472267a |
| SHA256 | c325a91ea6ec0f4612ecd7bdaf50c450dac4e97d58cce1afe376197ccf5429a6 |
| SHA512 | e8e35fc80771eee284a9b88d2a36f0b3843f4f1e4a7a32df5bfbad2be54a9143eeb65f3cf851316659476c2474e333e9b2b1feae03b2db1e7a2700355aa4f077 |
/data/user/0/com.huixiaoer.huixiaoerapp001/files/.jglogs/.jg.ri
| MD5 | 6d9d7501bd446e5bc8c52b221c51d08d |
| SHA1 | a88bf2cc7e5d7bf1ab804b0605603ad050329fbb |
| SHA256 | 6028fd77b3312fc8fe85079da312b249a29b45bfb4fe874f3c2b349b36fbf383 |
| SHA512 | 23a852bef6a5e08dc340d86bbaa7adb6c5cd1fd278d70394bbc82739605a8d42254288a43db0518d87c69c413b30c20ca533a97ed2865d1e3dc6c8b1173b9624 |
/data/user/0/com.huixiaoer.huixiaoerapp001/files/.jiagu.lock
| MD5 | 59d24e568cf65b64451780e9f848b475 |
| SHA1 | aba04c3d23f1db0a2a753e37db4e084b4ad60aae |
| SHA256 | 098835c38878f364a09ee83405704514530971270355067aa346123a551a98db |
| SHA512 | 583441b14d15bf59849feaec868bd6e56f99ebf3a20ca42662365adb90ce84cabd539fb323a2aa32223ef8e5bd28ac60ce050e474bc886593d3f733664de9ad4 |
/data/user/0/com.huixiaoer.huixiaoerapp001/files/.jglogs/.jg.rd
| MD5 | c2db330fe6f584adaa6d2b6c84ff9685 |
| SHA1 | 48954da8ab6bf454241bd7ce3c0a6d531f19c6c5 |
| SHA256 | 5a94ecd188b3001edc6dd85443326ac65d61324c3e43d7b453cd6120a8381016 |
| SHA512 | d28c8949d5aa4f914049a2bb510771f710a7259d25711a422153578f0b8489f504a9b634bba20b4290d1412fb343cb79d767f7ce7bbfac4642a9ebfee29b3201 |
/data/user/0/com.huixiaoer.huixiaoerapp001/files/.jglogs/.jg.ac
| MD5 | bb05a6f2e6e1f34fe9d96e873b3c4842 |
| SHA1 | bb17cc27dc79328ae1ecf288097cd93aae398b7a |
| SHA256 | 107793b8e23c19b082d27ae3e66b2a33a8b4f0fe8577e31917d486d4bac3cfcd |
| SHA512 | 38e2f165b8167e1e3cbd36430c4f0c016d1605a3a2bbe32be1a1b41df3e14b70071828e06c389f97127b255048601a64bcc4e05f9d2c1ceac3948507af29ab3b |
/data/user/0/com.huixiaoer.huixiaoerapp001/files/.jglogs/.jg.ic
| MD5 | b510e6deaf2a7810348ac7cc34098b72 |
| SHA1 | 1b0292f979590241ac1c3c19a46ba5b71ed0bea7 |
| SHA256 | 611c46994550dc9128e5ea0eda487a63af220cc4ea6ff7746ab1a07827249196 |
| SHA512 | e2ca6ac3b73e72ce89d1c65f50e96c22cb9a6227d62f962a6b3eb856b8b9fba2020272673b07ae8fbb832feaeb01d4e26092964826dfa158c68d9a9b944e08d1 |
/data/user/0/com.huixiaoer.huixiaoerapp001/files/.jglogs/.jg.di
| MD5 | 2e5bc50bdf4967d0db210f9fa64ffad8 |
| SHA1 | 469d9b7dfa1b6cb977b9c88355c59b1061383888 |
| SHA256 | a90e8e102829fcd5ee7567f440545556023b069468142a6c7aea29d3e61a125d |
| SHA512 | 866d9ce3c30c6e9b2975df4a89fa51f54b814b7a1b09b9def433adc11e280f265be5e7abf8b09f54e2040df4d699849f8b0f194f303a73e4919bc178ad8256c5 |
/storage/emulated/0/360/.iddata
| MD5 | fa10454893eace1e0e129ea21008e95b |
| SHA1 | c0437083f7b27c4fe66d26c79c32c14ef43b549f |
| SHA256 | 6c93f65b9298d9b60cec2b2bd5243bb39b91fa04091b696b36c08ee11efb9c24 |
| SHA512 | a495adcd561d3406d57cb6157acf6515ab6f28cc2b6bea10334de7d35bbaa644b7bc697dd0c0a2a20dd6c9b89811409bd5303b9ca006b91ceb406f6a8ac0c404 |
/storage/emulated/0/360/.deviceId
| MD5 | 4c4c5285293d5141f582aefa4e038669 |
| SHA1 | e01852a72e5a8e6f7d63a21426b515118196047b |
| SHA256 | 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731 |
| SHA512 | 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399 |
/data/user/0/com.huixiaoer.huixiaoerapp001/files/libcuid.so
| MD5 | f317691f0e4e973d7ac5458f4e1d8412 |
| SHA1 | c5a4371bc992b91d19d7ef5f4fa1d9c1d3b0e932 |
| SHA256 | 88fbea8aef293f886f0bd39f6c00f82168e890cb1dbe11ba2053b51d9fd3f697 |
| SHA512 | ba7c83b94f1a007495af7aef4b2d5fce370021e149a078180a91fd2afd103b8acd2ae53a955b2ed3a4a0c3c433403e6f35f1dfce45b1c036b5d81727b2aa59c2 |
/data/user/0/com.huixiaoer.huixiaoerapp001/files/com_alibaba_aliyun_crash_defend_sdk_info
| MD5 | 9e70d6a6038d0644982812d466a851a9 |
| SHA1 | 90c9f22d8dda95f92ea68e23066d29e8522c1f42 |
| SHA256 | b8dbae4d07807fc2d1ef295071f73b0a9757b5c85e2db7dd14aafe9344eba62b |
| SHA512 | f175bef841401812cdd81e97c1b90cc75da4707c9e7a8e670fcf52538ffe77f1960a0986c37335f42aecf27f11bedf332be65c90862a5295ec040f83f9abfe87 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/ut.db-journal
| MD5 | 5a747676f34c04e4df5fc973deaabb4b |
| SHA1 | c1371b3183cff0fa1421e415ab4194d38a789c7e |
| SHA256 | a0285e1893f545fb8b87868db28f4a477fb8b75c5c203c6da9e7a85a4f0cce73 |
| SHA512 | 3d7512ee1acd5636005123c9e26bdc68d9c66dc3cedac0cd60cbad7135df4dd8e5f6bd3101e92674cea83984d17df03a4443a63ebd607ee0aa232b171e1e2a04 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/ut.db
| MD5 | b6bdf1d2af13cc93c53ceb49006a8789 |
| SHA1 | 0f0605c78e09ada17c6eb127792ef847d52e0f45 |
| SHA256 | bb25848f56eb166519451b5c50e2b84a35f8f93c807225f16f38b5ff4a711fae |
| SHA512 | 68337131e267f13d29b1d5ab8cf16a4667b9529a0e1e8afe304565a5c0e9401b8650f5707acaa94803fe2f23622253ef58d7b2c88e7b7cb347b05e878370f15a |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 639d4ccc1075a893da5eebddbcb75d3a |
| SHA1 | 5dd889c47c4e6698b6b9ac6637c50e590f9d06a9 |
| SHA256 | f5cfc636fe13bae8f2f7c01fad775a24da3f230142adca0a99b151bc10b3eb7f |
| SHA512 | 23b13c4dc33ce8cf062b6c74fd29e53d08ed6c541545d14593d6ffb23e18c73d0627917c28dc1941e3eaeae00a729c459bb7986a34e3c2536611f0a3ad4ccf1c |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/ut.db-journal
| MD5 | 85a61c7442c32e2c9678e41c1e3cad43 |
| SHA1 | fa77e469d01befe31b1921ac0c888c09e4378694 |
| SHA256 | c3d560bf9e3b92b669b7c9bdff00f58f9ccd896d927a55e12c28e009724841e7 |
| SHA512 | 84841217ffcae492168a733f88b5b8eed719f3c9cae5248564638293bf97ef0abe750162bef86f0e824f8171d60e8c3945172580aa36da5b11db19491ab78aa5 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/ut.db-journal
| MD5 | d4e8b83ff2c6953488da88f3f15c7ef6 |
| SHA1 | c41010aedf59afa5173a1ba9b848715ebb8042ac |
| SHA256 | 62707f14496a9c6930b8fc8039db30c263d2d7a8451ecbf631402cbeb2f2cdcf |
| SHA512 | 4ad435188e0d73462f7d182e6cb0adff5c9964d4140e7b5d5ff49971386e916cce44d8b014859640de9be021aefbf9b5fbcb44b714244a9d1f593497a11f6cc5 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 18a8628dd2939e3ff768a0e64ec6d21f |
| SHA1 | 5514e7d0980bee0b7b79760465faa845bd90b0f4 |
| SHA256 | c8d5e74b630ceb45fb6753c94466660ae5509bddd43748247b8c94866d56a63a |
| SHA512 | d7863af65d7fe63a5b9b0913b85591a6a2e23aea57a76c8caf3b9ff7f2b3c0c7d6c5b612cf29567a04edcfdcfbdf20f1dd476bb91d9723a03a51702be0c09fdf |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | f6c2efa48c1640a26e3cc7cb0c38d8bf |
| SHA1 | 26ff2cb85a8a01692181dcf168e2e4fdd75fe374 |
| SHA256 | cab8f2837f196d1c13f1c5d0266669a42355dde2ebdbe9e747f4ef5ebe833e0b |
| SHA512 | 10643646ff318fdf871dd1880469da423a35b633c4923d45c5d7398cdf82e4632a2c1af8f5568160585a4c7b4f48e20004faa486931abba9d83490abb41ce22f |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 1bfda7cbdbaa91508e2887d59fb1f631 |
| SHA1 | 503a643d75e3f82ea1fbbfd2c3023d605a4e3748 |
| SHA256 | abc4a18d1122bc621756c86dfc99e697b2ae8a510becd2ab6c7bf0fd3d43cbb4 |
| SHA512 | a07e7429db92b7db9ae1b30a82f7599a2c65e58f6eb221ae733cfcdfee076446e33f4c08cdbc5370388611db80b8b8108dbac7e8d9883186be73f7b5bfdac80e |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/bugly_db_-journal
| MD5 | f48b30f3193a83a720269f66f8875b77 |
| SHA1 | 2692c02f3423133480f485c0afb03e4480f09e48 |
| SHA256 | 81d3196d3c552f012e0ec3f6d0b9a9ac0a48809971f8caa6edda51c23629e949 |
| SHA512 | a45c81eaf7799a3b34c9f25a6e5080983c04c6da59788ef97602aec434af00a65d373f14ca83fa0e14b62c2e0e65396a8c10215925f64050d94e54f664ac1d39 |
/data/user/0/com.huixiaoer.huixiaoerapp001/app_crashrecord/1004
| MD5 | 046012ca22fe1d35c38801deea7a9453 |
| SHA1 | a9990206b680de9276e08eb6fafe29261f43a2d6 |
| SHA256 | fcf4d8f30c6cd3dca303041868352debe5c53d7bbfeb2f62acd96d47b4869f4b |
| SHA512 | 547b3d8fa7bf4fea610043de4d33364dc44a246a92474bcab6ef15fe60a4b778a9f226e611f77a90c7f8d3592b3bb5a25fb94f3be0c19b83e4d2d4d81254b6b4 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/bugly_db_
| MD5 | 32bd929cc259268aeea490453374c02f |
| SHA1 | ae99f035a66f64101f866396d7d797454e2cfacd |
| SHA256 | e0516c99270a8ce3d866a382b2e455dfee39b26e10e4db19cc3f61b4d87190d6 |
| SHA512 | 3006e68c4ac7489b3d96b369a59fa246cc9dd5319341f0ca126a4dc2c7205aecb4e6e5ea412514129d57bc9ae5712a0c8f4a8aacb52a94bdc5f4dbde794a2d45 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/bugly_db_-journal
| MD5 | af4fec042c887d2f6eb375a8e617e565 |
| SHA1 | bb8515a0c1128d1886b2b573bc8673b5991bcfe7 |
| SHA256 | 45567e572b88cf74e7c0d284a36a9a3c988bc302e1fbc401bfee948141a7f393 |
| SHA512 | e323ea3b1327e30aeb083c71eb756db05b1840eabeb899d43cd041788f722e64425097cef7c574e60471974b4ce79cd87494235f5e08548e89e69601853736c1 |
/data/user/0/com.huixiaoer.huixiaoerapp001/app_crashrecord/1004
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/bugly_db_-journal
| MD5 | a6ebc572de696bed347f1f6bc6063f26 |
| SHA1 | d6928862c279c50dcce42b854a25d69cbfb76eb2 |
| SHA256 | 045e52adde03cc815cff82524bcb8d8d831b0b042a26490627770d3b9350177a |
| SHA512 | 2b10748d88ff4cb28fdf827329b64676c911f5c21ea4cec7981ec7c004d32c9ff72146c1fa5d412828a571a088882e7ce36147bda1fc571ca7379d8186fc50d9 |
/data/user/0/com.huixiaoer.huixiaoerapp001/app_crashrecord/1002
| MD5 | ddad4d835f2a123eb0e7b0bc74ad4ddc |
| SHA1 | 68219e5a2b932b15e36f1f46d4f0690fb8ed3317 |
| SHA256 | 880f47600fed7e067c34450822e9401bcdd0a5041a4a6130210dfac32cfa5f9d |
| SHA512 | bb28276aeaa350df362ae52aad4a3dd10366162fa106b14cf29f28ea7a255338d38c2ae6ae43c2f055665f4a53df4ea5aae28f983004f10f3fc3622901ee1f56 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/bugly_db_-journal
| MD5 | e0eb66f3415d378ef9192f8776da4218 |
| SHA1 | 07446ce83f310cc0a7d38745c0dff8627456960e |
| SHA256 | 287fc5b9a38b761d5ce8bd1866a83ea27c7c2a536ddfde2b1403137ae06cafa4 |
| SHA512 | ada14446dc5c9589eb2b3d689a26dab82f195043a45f5a151b0d5e200bae18929c01ba47fa740208b58e9c71716a161497a7f053d601cba5f5a3b14c5b3cce2a |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/bugly_db_-journal
| MD5 | 504cb485892ab82d868efa66f3d5783f |
| SHA1 | 5f034772c67cb2eb08b5ebb4af73a4f46ae03038 |
| SHA256 | 78a23bde00a9ccc33504f14d7b53e2b3a4e23e6650719637bbb35eadfad85e0f |
| SHA512 | 059a26ce8a48c4ed2cce8aff36c0e56931d7a3dfc0ce7e19364ac47496575e009baa78cd02c202d3520bedd261d69752a241e5f8b01654660fa3500116a27949 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/com.huixiaoer.huixiaoerapp001-journal
| MD5 | e6c51e29da0d58e0a2d93e8d0154d267 |
| SHA1 | 6191fb60e9952163f8efc5bb1015cf5b47e6abf7 |
| SHA256 | 7854a0521dbc83a9adbf1f6dfb175517b5530f628fa9be5df0c8181abc020e84 |
| SHA512 | 1e00d54fa86a55abda4369f8f951698981293f8adf7561ceacea26815a494b608a2b491d8b3bdc94212d6a9d6fd868354bcac54254d8eb825c225243feb955b4 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/com.huixiaoer.huixiaoerapp001
| MD5 | 90ae58f53d22bfeca0c6712293166a21 |
| SHA1 | 471b0163d56d15f5ec9ddb2432d7c4a1224d9eb9 |
| SHA256 | 39877dd6cbc8b754a55d6f351f7a1b87fb8684894b0467ec839b75a2d689b25a |
| SHA512 | f3127369055188c8376392994f257b9a8aa963668c3c6cdc6d15fc00e5771ba534ce62e405c8f7463b894c3f487099db34c116ad1b1239bc592adffb75c15f8a |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/com.huixiaoer.huixiaoerapp001-journal
| MD5 | 40bb769bc0b5c50d7dee4d9187286e6f |
| SHA1 | 9a63d76f77581c9fbf81f37b63f24ac562827928 |
| SHA256 | 7a6e59906db02e515bff20f0768f2ccf91e126faed7db1dacec1a702e7975904 |
| SHA512 | 9433a7c482a0317fe07da0ee11c062a399eb13c62ba15d908bbbb3b713c5dc321e6200efb4ab2a6cab842b3956ef3a355811afbc68d1b9567b6e19ae744c2dcd |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/com.huixiaoer.huixiaoerapp001-journal
| MD5 | 59e5900b11c8c9c30206b4bbaf50d10f |
| SHA1 | e732c9c620408e1ff7a1883718fc2ea18c19fe36 |
| SHA256 | e24788d510e2a4e5d523ba1828f1e7d7b4b428ca1e7e36311cfb314e8d2aeb83 |
| SHA512 | a65d55d1d76316af08c51d8687aabcd7cb93c67a078fef46afdb1d11bee174408be5eed9ffe22cd6b21a2f5769d46966cec3488514456a64d01cf98c65ada542 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/com.huixiaoer.huixiaoerapp001-journal
| MD5 | 31e7bdf3c2385fb380a5caa39c4d3b17 |
| SHA1 | c94adc0c6643cd2bd4d5b4bf8bfec8dbfb8128c9 |
| SHA256 | 0b7ff68df7f2aa401c31dfaf9f3ec10e59a08a9eaaa88bf1ed4d132602d5f2cc |
| SHA512 | 80011ee2db46a404022ad7d3708f6677a94fa8858593de6d6969f2bebb2e7419900a46965b4c6dac8dbafa3f2cb9bb5182dc6c9277a87bd800ff687b9016ac51 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/com.huixiaoer.huixiaoerapp001-journal
| MD5 | bc58a5f21bf52c034afc2c70d7f28cb5 |
| SHA1 | a551bd898c98e50ac06fe733dcff130feb2cfc04 |
| SHA256 | 6a6221abf207a40047c77d0bed608da6ba0d16ea3486e5db22641ebff595e8a5 |
| SHA512 | fd75df1804ea14fac33aea6a0963f737a5240a359b04ef2f8d4ef5f0c610c471e0572108534d295d4065b6f5243bc0099d6fc77ed3c692fa54bfa2e2e1278c83 |
/data/user/0/com.huixiaoer.huixiaoerapp001/files/com_alibaba_aliyun_crash_defend_sdk_info
| MD5 | 9752f30ef73e433076646ca80d89d1ce |
| SHA1 | e5a207e12724c86cf36fcb932fa90ce982e527ca |
| SHA256 | 70fc98b3f0f0521527ff244360116da6ba4e97e700972c136b9957406457199b |
| SHA512 | b6afbd3c3dc8b17f7dd36b15afb1e080bd123c2098d7370f597aee67e6d9c91932ccd796e777b53d08ec0b4571cd8da9b2c7c10cd08b11630296ef70d54498e7 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/ut.db-journal
| MD5 | 598542ab7968d3e33536cfa2d46784d9 |
| SHA1 | bb71bd0f5aaf93335f3c8ee59448b9976e1b85b3 |
| SHA256 | 57240d00262cbc642887a4a6079cd4f08a5e3958e045e013bf0b85443763f235 |
| SHA512 | 72a462d0f0d9f076962bab370931de43fad03efb7c705be2e59a928cccd0a8c8f7f89e40902fd27bcc0eba1c3a14c7af2c857f7f32659601fe3696686235bf73 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/ut.db
| MD5 | cd0cca7107b5071b633faa1ee6ca9977 |
| SHA1 | 70f52cbc74b7b2d3f918eec7d010039a4136381f |
| SHA256 | 1766875795dc60ffa45643013780e2c9ac13bcefc50a308d97d7f8e82b66de80 |
| SHA512 | 4c05807eb14728330b2326ec22fb204aea1d1ec4b04d8f9967ad628100c64e936c9a40ca3b4a1226fb24dad47b553da99067fd40c1339ab4fbebb2ef9dbeb7fd |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/bugly_db_-journal
| MD5 | 0853e9ed75969d06e103cacd9984ad31 |
| SHA1 | e39f3f850f2b23aa46acd08105af90c57159deeb |
| SHA256 | dd1226b1e5c7035b317fb35bffa3633701af894a6efa3c2d5bb8a36ec86374a1 |
| SHA512 | 151b33735c6d4086f030eb67afdb4860aa2085965efb761c1192a496ca592a5c99241524902b911b8cb4822e9fc7b0e448f00aa328444aa37a2df5d807ba1deb |
/data/user/0/com.huixiaoer.huixiaoerapp001/files/.jglogs/.jg.di
| MD5 | 6cdb4e330a5e6063ef7c193cbb1e4f14 |
| SHA1 | b8e715099d23e4e153db706d01e8f72306b63938 |
| SHA256 | ebd0692ae43270fb1fe4e67826a6ed602843eb36b54748ee48f88f571013e6ee |
| SHA512 | 79e5f8a02cc496bb5d8d4982bc98226f172d66272f1a054dab1f71462760a0546b77d4a8cde21662555cfb234fee50e6a8099683acf0b1b0c6a18e1bc5b741f5 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/ut.db-journal
| MD5 | 5d186bb51591bdd15a05bfe107907330 |
| SHA1 | d706a78fd3071dd0ae485d13dfbc111d62c6eeb8 |
| SHA256 | 0aafd8b779bf6a7299b1131f14095ebe29ac9ee524f36d9902905f36f1ff69b6 |
| SHA512 | 90e9890a3e8e67eecdb0d4f114f05cb5ad292f3ab9e5f4ae8867d6a14382b258f727a4c164d5b19f36d267e2aed8ea343aa9c89e860e50c9a9fd8581620c6e98 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/ut.db
| MD5 | 6def4bde70f00490fc1c7a6e7e1a7c25 |
| SHA1 | 78e12628bd8f36caffe53dce4d1e4760aae1d42f |
| SHA256 | c92d3c7200db2563c6d168416411a8a8632d5cfd3543b804d33c87d96f7653c0 |
| SHA512 | d6dc37b9f2393d5816d2aeb784f418b15e246eb6d4b64060cbadfc3430f389eb34c6d0dd6ebffa59d6fe0107145d8cd66ab2491245477fed1f50a8bf0956891e |
/data/user/0/com.huixiaoer.huixiaoerapp001/files/.jglogs/.jg.ac
| MD5 | 9f6aff9826e7a0bc46fb22bcaa6ae314 |
| SHA1 | 5d77d8051ebf8145f1dc5ea03f6b9dabfc611ba2 |
| SHA256 | 0d6570aa9d8387e41da6bb8bfff6595f5aed0ef9a25ede169a8021475a35b666 |
| SHA512 | c6e367797b427e744b47f7415ba6b73f7b9fd57a6823543d0d5e8753f7ddb8c55c1eab028ed5d6b1d6aae294a049a643c8f138afdb7ade426ed7c9985737bca9 |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/com.huixiaoer.huixiaoerapp001-journal
| MD5 | 8c0957afbcf61385a393089b05be8c79 |
| SHA1 | 6c91ccc52c9111256dd0f0404a97e840562ecc5d |
| SHA256 | f233e445f27ba88d87fc620059d4d418085c49f2246afe24aa8ba7bc5d1cfc87 |
| SHA512 | 6a06912058ba513ae9b0ad5b3c9c07444878c9c47f60616ef6ae916f569de80b7b2186547c56af5135e938eda1febaa1ab65add8ff1a7e1132c6767e029acafb |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/ut.db-journal
| MD5 | 7b1224c060d36dc16129953606521235 |
| SHA1 | 302a29fca161f774e54fe37b1e2e138b7a6cd92e |
| SHA256 | cc5d33913602f42239fe8aced145471f41c4a5e00411d68c11b84062338adad8 |
| SHA512 | 30ec9d62b1f451e6caf2744e577b3c1a4ced8c3d789b87f82bff0805318b30abbc7d5bc5a6833546c0e2816f9df88487807f905a6b7428e7b44b2294645fb14b |
/data/user/0/com.huixiaoer.huixiaoerapp001/databases/ut.db
| MD5 | 4838bdc255e2483e8a89c1b03b06b89d |
| SHA1 | 07103407fc4eda144b6377fb4043f5793233ec81 |
| SHA256 | a58da55368e4c345c67b275f0743ecca189ee75b335cf315d129c17404472c81 |
| SHA512 | 6e60fff96ac376f1062221ac3764f09be9a0034b594faafdae3ddebba4f472080963a6b223d532355330becb80354c78a3889c89684c72d8e922c5e88003628d |