Malware Analysis Report

2024-09-09 16:18

Sample ID 240611-w3tehswhlk
Target 9f236e0d39f042b69f4e493b86061ee1_JaffaCakes118
SHA256 85040f1ca529f8e8b40f465bb9246524c468d9847a2d615944530107d80cbb66
Tags
discovery evasion impact persistence collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

85040f1ca529f8e8b40f465bb9246524c468d9847a2d615944530107d80cbb66

Threat Level: Likely malicious

The file 9f236e0d39f042b69f4e493b86061ee1_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence collection credential_access

Checks if the Android device is rooted.

Queries information about the current nearby Wi-Fi networks

Loads dropped Dex/Jar

Checks known Qemu pipes.

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Checks known Qemu files.

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about active data network

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 18:27

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 18:27

Reported

2024-06-11 18:30

Platform

android-x86-arm-20240611-en

Max time kernel

12s

Max time network

146s

Command Line

com.biquge.book.noverls

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.biquge.book.noverls/.jiagu/classes.dex N/A N/A
N/A /data/data/com.biquge.book.noverls/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.biquge.book.noverls/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.biquge.book.noverls/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.biquge.book.noverls/.jiagu/tmp.dex N/A N/A
N/A Anonymous-DexFile@0xcc83a000-0xcc849e88 N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.biquge.book.noverls

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.biquge.book.noverls/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.biquge.book.noverls/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 142.250.187.202:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 beacon-api.aliyuncs.com udp
CN 8.132.237.161:80 beacon-api.aliyuncs.com tcp
US 1.1.1.1:53 adashxgc.ut.taobao.com udp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:443 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 dig.bdurl.net udp
CN 8.133.123.139:443 dig.bdurl.net tcp
US 1.1.1.1:53 log.umsns.com udp
US 1.1.1.1:53 pp.tuxiansheng.top udp
US 1.1.1.1:53 sk.qingchen.art udp
CN 101.71.150.37:3000 tcp
CN 101.71.150.37:3000 tcp
US 1.1.1.1:53 dm.toutiao.com udp
CN 59.82.29.162:80 log.umsns.com tcp
GB 79.133.176.166:443 dm.toutiao.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 oc.umeng.co udp
US 1.1.1.1:53 dm.bytedance.com udp
CN 8.133.123.144:443 dig.bdurl.net tcp
US 163.181.154.236:443 dm.bytedance.com tcp
US 1.1.1.1:53 pangolin.snssdk.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
CN 114.80.179.241:443 pangolin.snssdk.com tcp
US 1.1.1.1:53 dm.pstatp.com udp
US 163.181.154.236:443 dm.pstatp.com tcp
US 1.1.1.1:53 adashbc.ut.taobao.com udp
CN 59.82.39.0:443 adashbc.ut.taobao.com tcp
CN 8.133.123.137:443 dig.bdurl.net tcp
CN 47.116.84.225:80 beacon-api.aliyuncs.com tcp
CN 114.80.179.240:443 pangolin.snssdk.com tcp

Files

/data/data/com.biquge.book.noverls/.jiagu/libjiagu.so

MD5 98736de515958ae37ae93a0a0e997098
SHA1 72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9
SHA256 335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421
SHA512 cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

/data/data/com.biquge.book.noverls/.jiagu/classes.dex

MD5 a72d48bc8cf681f0292876a04f65cb5c
SHA1 45f2a6ba73846cfec59b0729d9061cd5d28876e1
SHA256 355cd559da64a3490374b1283af1e486f7c68b61c8136ff9c592d98a560d8f4a
SHA512 6868b085bec16b6f6db6d73c7801c815e8cdb455432f956c7b66aedd0b4ba494575458ecaf96e39a74e095e25fde88803f3f945459bfe3d9cd6a6cca4f5949c3

/data/data/com.biquge.book.noverls/.jiagu/classes.dex!classes2.dex

MD5 e3e6b819aeeba9f228827945c5bbd4b6
SHA1 647cfd1a6f4e1ab6c8c378f79b80afacd97b28c4
SHA256 6ac6b69f1b8d8a9d7668a1689ff40248500149bb8841356b3f15eb4102c00de8
SHA512 9c31599e904ab3cbbf711af04e46f48cb578229b3643e3bfe7d1a1f7d8f295dd85a0a1d4cf6808cab6129fa4d26c441d60b90b8796905de02145f8e557d8ec1a

/data/data/com.biquge.book.noverls/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.biquge.book.noverls/files/.jglogs/.jg.ri

MD5 bef54b5dd3b670e1da74fb207f82ef54
SHA1 3d13db9f0dd5e8ebfd73c9535c3fdfca3fb47d8a
SHA256 a0b5a2df4aa7b356f1794a74e6534d449857626e4521e9814c343366c62bf4d6
SHA512 e2bc27b6edc06b2e36ca6a7045d1e41e1c953faeaaaa94e9c115b6dc9ed5e9cba6e4726b1aa635f53a5aefaf053adb24bbccb044a336e44e337306bad5a48dfc

/data/data/com.biquge.book.noverls/files/.jglogs/.jg.ri

MD5 1039913d44a70ed43cfa00af50078b3f
SHA1 9632778e345350f117f401f2bf1a0f240bed27ba
SHA256 cc09e072a6396f483cd7e483473dc10b61662bbb664af4a5f689ba23f3e27f15
SHA512 00f344ebdfaf50662ba5f2f8d3387cca86043c01cba1be9b8627365a2d25d6eeb33a4aaf2bf6ee2bbc1e807f487f838f5f5269221958e84e038a880b0c3f5953

/data/data/com.biquge.book.noverls/files/.jiagu.lock

MD5 1e5f8fe5ca4f21b394ce7557f2a19b21
SHA1 02c961553af4337536c5328c6a060a50c6ce15b8
SHA256 7ffc685f1cf2f25175fd1c013c29b0675a55b4b70a6433c20fcc5f8ffd0644c8
SHA512 c7c80cd92cb584f0de20496ed4959e83048b3f8c0ab2532a63d633bd1104dddaceefd4e4dfbd555e6d30034360c042eb2f48f7a5171fd04fd530eeac1a6561f5

/data/data/com.biquge.book.noverls/files/.jglogs/.jg.rd

MD5 309645c3acd89c23986608cbefc6fc2e
SHA1 ac72d130bdbca6a9b66d207f3e2ac1727399c197
SHA256 84470c48068cce14dc1e3db6f8b8b9a37a356b0c1decefc770572d0d58909d7b
SHA512 27f6615422c683f37ca08a3f84f29cda9b119bf8ebb3b773da0f3310f4f0df9f6685d114f9bd4d89e886887d435aad6c8ade25d3dfdf3b5ac86c9761a629cc82

/data/data/com.biquge.book.noverls/files/.jglogs/.jg.store.report_cf

MD5 d01765cb87b6382cc3b9c4e7dbd52415
SHA1 08a1a2041d14ae387a8c38642037da358745f216
SHA256 ee2c9a986f022b7078a7662e947f1d117e6f64e17956708878d5a4495c93ef62
SHA512 1e5e0c560a25ced84ea6ce15bd8198c53194ee297088f3c267c6a87b9cc7f016e4088937217b1c3b605f9890b51e53f75dd9ca7af4808b7fdc13e5ecb6375470

/data/data/com.biquge.book.noverls/files/.jglogs/.jg.store.report_pid

MD5 2603f62e5b9bdac7c1130daf84c09cbe
SHA1 a420c898417b7e88ec90e09cefeaea61e78475fa
SHA256 7971c79d9da81b94bd65b9c27b9aff1b498b31b0533df2c45e6bb78c5ac91d39
SHA512 157251503c070acf5966d796692e9c352bfd363c95a967f215a4d28fdb6dfac2ef7de81e853118300117b6386c83621c3afceaee165c98914b93b5fd25e794a5

/data/data/com.biquge.book.noverls/files/.jglogs/.jg.ri

MD5 8dc5eb0b7943b645978389c6c7915a13
SHA1 dd47f6fb466442976c59ac1397e864e40decb7fc
SHA256 907398fa581d139b788a855984531f164b73b2abd12497f0c84c490c207b20a8
SHA512 e8cb130c93f669cc27fbd996c19316121b7ac239ddac12358cc112e4f46c16883748da57721807c2be850277bc9ec01d2e9639cc0303b5dd48d42e7ec9dcc22e

/data/data/com.biquge.book.noverls/files/.jglogs/.jg.pk.h

MD5 b11a68dcbfd6f916b8384a40bc487eff
SHA1 c94c3419884bdbe37dae2146f1b12179d89f6221
SHA256 76af2985a0aab0b03ce5c36dea6b371cae0eaa7a94f24202ebf85469fcae8c4e
SHA512 c9b369f259147eb19351d3d366931218ebd51313703da8e53c3c7991b5c3dadf7b5b1052c42a57498679c01ebe6a0db6c0f4a093e249fa92bc48cbe11729cdd7

/data/data/com.biquge.book.noverls/files/.jglogs/.jg.pk

MD5 65a52c40b03ddc80a44e3443e3a59cc7
SHA1 643b489988990f2014b20a84141ec3f0b034b356
SHA256 1cae044281a83245e8b95ac821f9da7edff520f0f378fc126dca7736a2c2c221
SHA512 408f0a56a1d7a6fcdea61bb8f815dc04147ba5ecea6829ab3d84bf7bfa77c4939874173358c2a1038246d268ab12c4d05e89979ed8878234c3c6ded52c3789b0

/data/data/com.biquge.book.noverls/files/.jglogs/.jg.ac

MD5 29a95ff4bac131d3cc3b16214f78072b
SHA1 d720f80022455de110b1cae8bfdc0cad154af0fc
SHA256 5aa2cbb989e2a50a932c15f4253dcb2d62df4a5254818b86d2fc86a84571f789
SHA512 d5ce2e0dad1db153a98014f3c97b135aad070ae4d1c67fd0dbf105041b943c9fbcbc44184e319b06395235a0958e8a6e9d3065a00f89ac3e6604af70d2217372

/data/data/com.biquge.book.noverls/files/.jglogs/.jg.ic

MD5 6d978f8ddde91ad8df297d900242337a
SHA1 38c90f9c396912301105632cfdc76855dd34b9c4
SHA256 3ba16280c0f2dc67f47f584766b15fa261744cbcbaa9969efb1111cc46808969
SHA512 40f7bded1b675e51c1eea5984abcf185ab7395d152e9953f59a330ca1884a430ac54ed20a911c9d027236027bc8461c1cc0726d52756bd0317f1cf4986d17bea

/data/data/com.biquge.book.noverls/.00000000000/A3AEECD8.dex

MD5 ed73a80eb949bacc52428b8d5a087fa5
SHA1 07e973549a2cee61ffeeb6439abc419cd8a489a9
SHA256 f0ead1ad60e0cc310c1a40685c28fc7a69aa346604552816c51dd3c1718a1e76
SHA512 4bc26c18ca3a2edfe38ca1e14ad1e1415268b4a69cdff3c0f8e2b8fa910c67c2e4bc4f32c21274e586e8e139122ea3dbde7ec507c4722b4a9a778ee2598090b8

/data/data/com.biquge.book.noverls/.00000000000/A3AEECD8.dex

MD5 5061e4948844f7d366972ac8005e9f13
SHA1 a2b79a1c79afb095ddebf0f16a1f9db64482bcaf
SHA256 3aa6caecfcd101531539147e01382bc530b4fdc61e98937d63cc4648793c6a45
SHA512 223d18ce248912df18cdea3c8e864ea5e6ec058ca42cc5fde738188c54abcd260d7f24ac53d4987d3e32f4ae3e1e40e01354054d035bb100eef51b2d695f5299

/storage/emulated/0/Android/data/com.biquge.book.noverls/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.biquge.book.noverls/app_crashrecord/1004

MD5 7184c394333157b2a86da0ad821602df
SHA1 687365504b0775bfd50987b075ae1acd5ec3e8de
SHA256 eb0ce83263f124d1cbc3a7d26c0c0cc57ad34a55b8a23c3ea11b668e3d2ed4ae
SHA512 95b7a217eb85b8152e88924464596a762727331d630964b385fc063b2b2ed94287315b77b587d0ef97e507ab3a8e276affed6e744f3f1a25b721dbfa3486cf39

/data/data/com.biquge.book.noverls/databases/bugly_db_-journal

MD5 e17b7065daf79bf1a7c486af88340ca9
SHA1 06c60c91ba0b77c53e2a42b9695153b94c2c5478
SHA256 40f90f8709e402db7f8263b444dffb98a856ef0178b1f2b0bedc1b630fb85037
SHA512 2cad26c971852ab384fe83260f0b7c06be1e491d3d262c0e3057aa148f31c8bba4a21b66ea5ae6e1857e0e23522bac764a87e8736b8455cf654fb4746ad7bab4

/data/data/com.biquge.book.noverls/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.biquge.book.noverls/databases/bugly_db_-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.biquge.book.noverls/databases/bugly_db_-wal

MD5 8b45870e6f2b5592ec2f37b81c61d35f
SHA1 3d1b8de99b7ac31e4a5597a49153bd4f9a23565e
SHA256 7bb4904e0883d0c6ef6307b3d3e5a1c7d3f1aaa04c8946c690daa3ce60f82946
SHA512 d4fb87ad75b80c5bf57d009e00533bda9dfa8855fc39f5e4f019809531039abb17b09212ece4143f5a9ea6afdcd96a0d34603e2fada77ffb58aaa9849bba7666

/data/data/com.biquge.book.noverls/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.biquge.book.noverls/app_crashrecord/1002

MD5 019fca57eaadad566355b1066443b432
SHA1 591e894fbc490e5e998c90dc54d56184cd84fac6
SHA256 cf2f3a5e8b68678658850036a4b991a9144b366bce214267714c7793dde28bdc
SHA512 c95a32ab61eb59da187360b7f4b3e1b53bdbddef51d0e3f01b7582d3a799130049cae2f509b7415de6e14339ede6268f7e4aae759c099660700151dc1f59f6a4

/data/data/com.biquge.book.noverls/files/com_alibaba_aliyun_crash_defend_sdk_info

MD5 e47f2223470f5fec847d8a556c5b84ab
SHA1 78d8dfd61e8a08800eef8010e7665645ceb6f3cd
SHA256 3f4fb3ab6324150b7049289120c6dd02b087fa80627253e4d9da1332307fa271
SHA512 72ad028bcb91d2dc5ee5fd657fb2d992293a86299769dc670243b1fd0882b611350a7f8950c02c95300893ea431c3e60091186b235f11957018a57fbf93d87e3

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 ffd2b3fb021d83347bdccf4cf20196af
SHA1 77fee3d16d79cb82799c4e58c692b4c247bd9733
SHA256 9f649dded95adcb5a26dd5a098ebd85bd2c8129b8b0661665606c9cdaebb4a6f
SHA512 7b7b244f2a07cc83778ebb2fc6e46264e76a39598dbbeb1f6b6f8bffa02dba810759b0b81e3d3b151740ccf4d629a5f65f4a368562e561d6cc2ed3b5e350d2f9

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 b91adeade59a27d5a841164aba96de2c
SHA1 0cc79c67e2115072e25c9f3812307be542d197e9
SHA256 f9596ad8e1c4e45e72ccc5b19dbf85e20b4c83477a09d487042c07fade308c22
SHA512 213ee13ef26f4605fc89b029b069c4f21f933596027ac43b6db28c57f83124b26dc5aaabc77979995d46ce9a8fc7c50d61864e9f8d91bb4bb3631003ebca6a73

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 1055353d4e776b74d00ca3dbb93704f9
SHA1 ff924c6bafa2f5fce27214dca72230db199d431a
SHA256 fb79e383e1a31543dd4105464fec0e09b47933bd5dc2312c6e4d125483e2a030
SHA512 2bf4748957c5751fa6f5e3091dedce195995795ff6adb53e1581f2d16c1796837c2644949b959007eaf809a10b64f8a07be859b3e2d0a293a67332015fbe27bf

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 24e7cd1491f1b0ce678e7f38d2e5462d
SHA1 4b0649dca4ec3b3389beb59ebdb2011e3091057d
SHA256 17e83efa7e04e288cf3cb0b6cefb828600458c7b3cea3f8ff9f5ddeadb3d70c8
SHA512 ad736583a8beb1fbcd48831a9617418003bb2b778d7638c29e180afe209683524b76671b9fd41b553a98c5197a12ac5ac61c47400db5a43225f36f39cb34a0bb

/data/data/com.biquge.book.noverls/databases/ut.db-journal

MD5 19084d9d32d0f9e902e31d9522865196
SHA1 967209aa49e7749a307f1006c3813438e572e893
SHA256 41e1a6b938eb317632f8935b7f56540678189c77f2ae546275e05fe2817f9809
SHA512 90b27fe8abc2866d88b180c6feb7eea9498573d2b5562338624a4abdee626757ddc42bf2ca7441cb80b00cd919a87114f04ebca6f6e23c39560f688836589d6f

/data/data/com.biquge.book.noverls/databases/npth_log.db-journal

MD5 421c6211a0e24f99a120e3172076dea7
SHA1 fa144a4eb1fe0714d7c6ecea2d384b8a4f87a637
SHA256 dcd9644a5950bdaf6cb9b1e373db8ea318ff042245ea57d85ae55196d51e1ea9
SHA512 6bd6676e78cc05fd75e6e301fe666afc934f403d8bb803c1be44ab9e2c211901029d2754f31eb67d62cac4f98dafe527160ec269a0fd343df4c387dc1b6d81ea

/data/data/com.biquge.book.noverls/databases/ut.db-wal

MD5 21faad36219301c68ebaaa0d184c546d
SHA1 3bf30f0d0ef269bdf4156c429b95731a571873b9
SHA256 c61ec48ae6cb7808c26fea7291e3bbd74e9b8adad91888492469a009f84b3695
SHA512 63b676a3de776ffb05a7c02fffcfcd540c703717ad0da62e1da5e5ae3a1bfb84eff3536f18bf00ca8dfd594ceddde4c3fcde1ebb818b4d42d8849308941881e0

/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat

MD5 2e0ebf43ca5b6b5cf209863260362e6d
SHA1 d49f363fad573846fa793bca1cedec800127844f
SHA256 4dd77ba3c721d3f3a216116e1532f19809758784186cd60b733f45e6c287530c
SHA512 c8d6633b190d28bc8b366ddc9fe1ce9a7a2e798ead7bb036af129b58222bf423d6d392d17e63abb689cb6ed031ed865d6f3907d3ed72e05efe51b2db91dd6ac7

/data/data/com.biquge.book.noverls/databases/npth_log.db-wal

MD5 5b5d2ffd3db3bec6c19b2f889f9f9779
SHA1 a905c53535e01b44d57ab7aef2a8bb83fa724c30
SHA256 40208a78d01e9115b76a80dc5d1bec420b63a36a93636ad4e845ab267e256e4c
SHA512 e74c7f860702628bb7ec1067711c816f3ae94ac83c07af5f32825ca8526e94729f247b4633e328232c9066c3751c8369bf82b9045a7a50b7a37d0c317dd3e2f7

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 18:27

Reported

2024-06-11 18:30

Platform

android-x64-arm64-20240611-en

Max time kernel

172s

Max time network

188s

Command Line

com.biquge.book.noverls

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /system/xbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.biquge.book.noverls/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.biquge.book.noverls/.jiagu/classes.dex!classes2.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.biquge.book.noverls

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 beacon-api.aliyuncs.com udp
US 1.1.1.1:53 adashxgc.ut.taobao.com udp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 8.132.237.161:80 beacon-api.aliyuncs.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 59.82.40.77:443 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 sf3-ttcdn-tos.pstatp.com udp
US 163.181.154.236:443 sf3-ttcdn-tos.pstatp.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 adashbc.ut.taobao.com udp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp
US 1.1.1.1:53 dig.bdurl.net udp
CN 8.133.123.141:443 dig.bdurl.net tcp
US 1.1.1.1:53 pp.tuxiansheng.top udp
US 1.1.1.1:53 sk.qingchen.art udp
CN 101.71.150.37:3000 tcp
CN 101.71.150.37:3000 tcp
US 1.1.1.1:53 dm.toutiao.com udp
US 1.1.1.1:53 log.umsns.com udp
US 1.1.1.1:53 sf3-fe-tos.pglstatp-toutiao.com udp
GB 79.133.176.224:443 dm.toutiao.com tcp
US 163.181.154.238:443 sf3-fe-tos.pglstatp-toutiao.com tcp
CN 59.82.29.162:80 log.umsns.com tcp
US 1.1.1.1:53 oc.umeng.co udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 8.133.123.137:443 dig.bdurl.net tcp
US 1.1.1.1:53 pangolin.snssdk.com udp
CN 27.185.235.162:443 pangolin.snssdk.com tcp
US 1.1.1.1:53 dm.bytedance.com udp
CN 47.116.84.225:80 beacon-api.aliyuncs.com tcp
US 163.181.154.231:443 dm.bytedance.com tcp
CN 8.133.123.139:443 dig.bdurl.net tcp
US 1.1.1.1:53 dm.pstatp.com udp
CN 36.143.236.50:443 pangolin.snssdk.com tcp
US 163.181.154.232:443 dm.pstatp.com tcp
CN 8.133.123.142:443 dig.bdurl.net tcp
CN 221.195.241.101:443 pangolin.snssdk.com tcp
CN 8.133.123.138:443 dig.bdurl.net tcp
CN 101.71.150.37:3000 tcp
CN 101.71.150.37:3000 tcp
CN 106.116.191.122:443 pangolin.snssdk.com tcp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 8.133.123.144:443 dig.bdurl.net tcp
CN 111.62.185.157:443 pangolin.snssdk.com tcp
CN 59.82.40.77:443 adash.man.aliyuncs.com tcp
CN 106.15.83.128:80 beacon-api.aliyuncs.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 8.133.123.143:443 dig.bdurl.net tcp
CN 121.17.255.229:443 pangolin.snssdk.com tcp
CN 8.133.123.140:443 dig.bdurl.net tcp
CN 60.6.2.229:443 pangolin.snssdk.com tcp
US 1.1.1.1:53 dig.bdurl.net udp
CN 8.133.123.140:443 dig.bdurl.net tcp
CN 27.128.148.229:443 pangolin.snssdk.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 27.185.235.162:443 pangolin.snssdk.com tcp
CN 139.196.135.6:80 beacon-api.aliyuncs.com tcp
CN 8.133.123.142:443 dig.bdurl.net tcp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 36.143.236.50:443 pangolin.snssdk.com tcp
CN 8.133.123.141:443 dig.bdurl.net tcp
CN 59.82.29.163:80 log.umsns.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 221.195.241.101:443 pangolin.snssdk.com tcp
CN 8.132.215.224:80 beacon-api.aliyuncs.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 8.133.123.138:443 dig.bdurl.net tcp
CN 106.116.191.122:443 pangolin.snssdk.com tcp
CN 59.82.40.77:443 adash.man.aliyuncs.com tcp
CN 8.133.123.137:443 dig.bdurl.net tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 111.62.185.157:443 pangolin.snssdk.com tcp
CN 8.133.123.143:443 dig.bdurl.net tcp
GB 142.250.187.195:443 tcp
CN 121.17.255.229:443 pangolin.snssdk.com tcp
CN 8.133.123.144:443 dig.bdurl.net tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 60.6.2.229:443 pangolin.snssdk.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 8.133.123.139:443 dig.bdurl.net tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 27.128.148.229:443 pangolin.snssdk.com tcp
CN 59.82.29.248:80 log.umsns.com tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp
CN 59.82.40.77:443 adash.man.aliyuncs.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
US 1.1.1.1:53 ebjvu.cn udp
CN 112.65.70.244:80 ebjvu.cn tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 59.82.31.154:80 log.umsns.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:443 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 adashxgc.ut.taobao.com udp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp
GB 142.250.187.228:443 www.google.com tcp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 59.82.31.160:80 log.umsns.com tcp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp

Files

/data/user/0/com.biquge.book.noverls/.jiagu/libjiagu.so

MD5 98736de515958ae37ae93a0a0e997098
SHA1 72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9
SHA256 335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421
SHA512 cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

/data/user/0/com.biquge.book.noverls/.jiagu/libjiagu_64.so

MD5 64f0958be2a8e6862b90faacb40129e0
SHA1 389c618137db70dbf84adffcdc3c5d4850a5ff24
SHA256 4f38bee50f32a8c64f4f9c671b7cece34d4a1cb926087fec8ef505327d4edfaa
SHA512 793cb7104013b7841c38e4aa14f4d9246aefa61aa9803160e6398c4115a2df5c6af304bad045c687467547deaab3bb77272a675b0d673f81f2df3dee2d1fe94d

/data/user/0/com.biquge.book.noverls/.jiagu/classes.dex

MD5 a72d48bc8cf681f0292876a04f65cb5c
SHA1 45f2a6ba73846cfec59b0729d9061cd5d28876e1
SHA256 355cd559da64a3490374b1283af1e486f7c68b61c8136ff9c592d98a560d8f4a
SHA512 6868b085bec16b6f6db6d73c7801c815e8cdb455432f956c7b66aedd0b4ba494575458ecaf96e39a74e095e25fde88803f3f945459bfe3d9cd6a6cca4f5949c3

/data/user/0/com.biquge.book.noverls/.jiagu/classes.dex!classes2.dex

MD5 e3e6b819aeeba9f228827945c5bbd4b6
SHA1 647cfd1a6f4e1ab6c8c378f79b80afacd97b28c4
SHA256 6ac6b69f1b8d8a9d7668a1689ff40248500149bb8841356b3f15eb4102c00de8
SHA512 9c31599e904ab3cbbf711af04e46f48cb578229b3643e3bfe7d1a1f7d8f295dd85a0a1d4cf6808cab6129fa4d26c441d60b90b8796905de02145f8e557d8ec1a

/data/user/0/com.biquge.book.noverls/files/.jglogs/.jg.ri

MD5 bef54b5dd3b670e1da74fb207f82ef54
SHA1 3d13db9f0dd5e8ebfd73c9535c3fdfca3fb47d8a
SHA256 a0b5a2df4aa7b356f1794a74e6534d449857626e4521e9814c343366c62bf4d6
SHA512 e2bc27b6edc06b2e36ca6a7045d1e41e1c953faeaaaa94e9c115b6dc9ed5e9cba6e4726b1aa635f53a5aefaf053adb24bbccb044a336e44e337306bad5a48dfc

/data/user/0/com.biquge.book.noverls/files/.jglogs/.jg.ri

MD5 bb45681e9f12075c11e540e53a8221bb
SHA1 2eeb1744ba0ec5149fa8c9db780fe2c0760b5d69
SHA256 92ef7ff56b3493748c5e53f2f5825e51f30b18b1a7b8dbe6d3f16feca6bbd13e
SHA512 11544949ea526c1447715552926793a6aec4e30ca75f547ff2e6d54e501ab87d3e3630bda368d759f6a128254c31a73e29debc08183138da004d91b83abf21a8

/data/user/0/com.biquge.book.noverls/files/.jiagu.lock

MD5 f299833dae0634648de2d9de4672382d
SHA1 e41000bcca9b48afe7a2e6de0802da31efbd3a8d
SHA256 f4b02b911fcfe8a29a169c9ccd2cd91b20213107aa7bcbbcffa3c72de7085513
SHA512 d78162270ec16efa47f2a5f6800daa639732c9f2dede957e92bb19d65c39d744d6aaf10a89883da635f180f180ed26b79ad09d9142ea47972d45d7ba576a62e7

/data/user/0/com.biquge.book.noverls/files/.jglogs/.jg.rd

MD5 309645c3acd89c23986608cbefc6fc2e
SHA1 ac72d130bdbca6a9b66d207f3e2ac1727399c197
SHA256 84470c48068cce14dc1e3db6f8b8b9a37a356b0c1decefc770572d0d58909d7b
SHA512 27f6615422c683f37ca08a3f84f29cda9b119bf8ebb3b773da0f3310f4f0df9f6685d114f9bd4d89e886887d435aad6c8ade25d3dfdf3b5ac86c9761a629cc82

/data/user/0/com.biquge.book.noverls/files/.jglogs/.jg.store.report_pid

MD5 2603f62e5b9bdac7c1130daf84c09cbe
SHA1 a420c898417b7e88ec90e09cefeaea61e78475fa
SHA256 7971c79d9da81b94bd65b9c27b9aff1b498b31b0533df2c45e6bb78c5ac91d39
SHA512 157251503c070acf5966d796692e9c352bfd363c95a967f215a4d28fdb6dfac2ef7de81e853118300117b6386c83621c3afceaee165c98914b93b5fd25e794a5

/data/user/0/com.biquge.book.noverls/files/.jglogs/.jg.pk.h

MD5 b11a68dcbfd6f916b8384a40bc487eff
SHA1 c94c3419884bdbe37dae2146f1b12179d89f6221
SHA256 76af2985a0aab0b03ce5c36dea6b371cae0eaa7a94f24202ebf85469fcae8c4e
SHA512 c9b369f259147eb19351d3d366931218ebd51313703da8e53c3c7991b5c3dadf7b5b1052c42a57498679c01ebe6a0db6c0f4a093e249fa92bc48cbe11729cdd7

/data/user/0/com.biquge.book.noverls/files/.jglogs/.jg.pk

MD5 65a52c40b03ddc80a44e3443e3a59cc7
SHA1 643b489988990f2014b20a84141ec3f0b034b356
SHA256 1cae044281a83245e8b95ac821f9da7edff520f0f378fc126dca7736a2c2c221
SHA512 408f0a56a1d7a6fcdea61bb8f815dc04147ba5ecea6829ab3d84bf7bfa77c4939874173358c2a1038246d268ab12c4d05e89979ed8878234c3c6ded52c3789b0

/data/user/0/com.biquge.book.noverls/files/.jglogs/.jg.ac

MD5 29a95ff4bac131d3cc3b16214f78072b
SHA1 d720f80022455de110b1cae8bfdc0cad154af0fc
SHA256 5aa2cbb989e2a50a932c15f4253dcb2d62df4a5254818b86d2fc86a84571f789
SHA512 d5ce2e0dad1db153a98014f3c97b135aad070ae4d1c67fd0dbf105041b943c9fbcbc44184e319b06395235a0958e8a6e9d3065a00f89ac3e6604af70d2217372

/data/user/0/com.biquge.book.noverls/files/.jglogs/.jg.ic

MD5 6d978f8ddde91ad8df297d900242337a
SHA1 38c90f9c396912301105632cfdc76855dd34b9c4
SHA256 3ba16280c0f2dc67f47f584766b15fa261744cbcbaa9969efb1111cc46808969
SHA512 40f7bded1b675e51c1eea5984abcf185ab7395d152e9953f59a330ca1884a430ac54ed20a911c9d027236027bc8461c1cc0726d52756bd0317f1cf4986d17bea

/storage/emulated/0/Android/data/com.biquge.book.noverls/cache/uil-images/journal.tmp (deleted)

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/user/0/com.biquge.book.noverls/app_crashrecord/1004

MD5 3e39a1fcdaa27f722214b1d868e3fb79
SHA1 95c7863bde36a0a39ac704a2ff27df4161b6aff7
SHA256 081af726e75ac57b3aaef4766c06dd0994558410c63ea3d344cb84f895f7c419
SHA512 a5b1c8686ec74a8319f25c89526c90ff65d47946845a682da7179b4b1fb743e9f4aec3fcd1f5be1d3eb76ab84b0c2ff1795e9876d5cc7b3e2e72f2409a08e105

/data/user/0/com.biquge.book.noverls/databases/bugly_db_-journal

MD5 56dee4f7fc0e1a9e59ff07d83e7be8c3
SHA1 388e761c14c139f7e337e73ec8c13025f6a6278e
SHA256 1a2931ed6718dc5099e26ed106c279a24bc3d7c8e2b244701ee9acd41ab67eaf
SHA512 efb8820ffee135d5529b3f71da6336f2c6f6b0cf1ac01e47d71efffffa5aaebe9d703d29212778e5c65f288d46251622de4868afb001c0ee7abefcc05b6c2a38

/data/user/0/com.biquge.book.noverls/databases/bugly_db_

MD5 2f7a0ec402c0d918f73a72c1deff684d
SHA1 97ed9c80304aca02900368bf169640a409a84067
SHA256 68b301406842991b7bc6facbc57172fe420c10bf5be2ef86912e2984be6e1c5f
SHA512 04960e1139999958c6d09141ee5d7f8b442369edcfb8ca4f86db7bbd76a92b49d5ccc749fff1a1a632bbf4423232cecccd488445f42f10d4aa150bf41a93de2b

/data/user/0/com.biquge.book.noverls/databases/bugly_db_-journal

MD5 9366af1220d5e5de2e4690d7a5204fc4
SHA1 2057e12f8c1548aa5c80e629111729240c7dbdb1
SHA256 4a6cf61fe8595ae732c5e45a071fc78db0cf8fb61044f21242fa4b3006dc3eea
SHA512 e99a070dbae869992a5fd0fc3db33ff687e1c7a246663c588891a130da15a1ad3629c84f59a0621432e5e70e39d2feb392f3d65e36301163b1dac55b4ac86959

/data/user/0/com.biquge.book.noverls/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/com.biquge.book.noverls/databases/bugly_db_-journal

MD5 3178bae02e22aa2170f391bf37c50228
SHA1 5b2f4f4c2e1520382b2006f4bd9116efed351507
SHA256 3033a4b057a1af203eac8d4bde9fba51b418d93f0e23b2ce61de3d0b5bcbc22a
SHA512 32de5a5dcfd83850ae433865bd89118ea43a2a318c401637b189061138cd7431f49510b53155a30c6ec522b080cdf88f0c0b0d39883b7484558384e016e6907a

/data/user/0/com.biquge.book.noverls/app_crashrecord/1002

MD5 841d68ae1b9ad225810c106ce357dc3d
SHA1 2c5f30b013fb6b75815593608cd08cab294e1526
SHA256 b8d5d78c6917ee47eade4570263eac2fecd1ab0b75633d816c47760695a5c5d7
SHA512 a45049fc4d4d8d5cdb1a2b6671eb2ec954769a3404361d6b6c6afec2626012c7e199a1195af9a694c6b5ef55f2728b11bbfb70a7d8845f54f4f5457614fe62ce

/data/user/0/com.biquge.book.noverls/databases/bugly_db_-journal

MD5 47d5d8fda788e75f8e3daf55e0056dfe
SHA1 676823663dad1ac9011f771ade2cfa248dcef8c6
SHA256 791aafa77ebe3881a40aeb7a2e82efb9cbca890622acccc2ee7971d3c8f768a3
SHA512 f2f3cc2d33eac7a97fe4eb1333bf34d6ec0571e93f9dc054cbc2a3a431a005842b16b0f17fca2af4352281e5448d4913d54e423e8f0e3513d1e3b227a80f3bca

/data/user/0/com.biquge.book.noverls/files/com_alibaba_aliyun_crash_defend_sdk_info

MD5 e47f2223470f5fec847d8a556c5b84ab
SHA1 78d8dfd61e8a08800eef8010e7665645ceb6f3cd
SHA256 3f4fb3ab6324150b7049289120c6dd02b087fa80627253e4d9da1332307fa271
SHA512 72ad028bcb91d2dc5ee5fd657fb2d992293a86299769dc670243b1fd0882b611350a7f8950c02c95300893ea431c3e60091186b235f11957018a57fbf93d87e3

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 14f8f21dc60f70f2721cfeaa6b74c79e
SHA1 95c5a91fd0acc7466f69e08a801896fd107dfc92
SHA256 5d3c20f3d7103c8f2147301672bc1fc33264a32f5d6d7bac2522daadf35654eb
SHA512 7e809c5363ba2ba9897beb9a7fcec45945a3e70945ca911d7cbcfbc87b7014e7c9c8ba32c75377471f2f6a0a40c0de50a555a1580c0b587c9f1b342d032929a7

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 a0bc389af200c365d27570d825326354
SHA1 0764bcb8ec053c07a9dbd34838e7a3acc2cca6ce
SHA256 861975e75280b6fa9b249ea611fa19a6659cae43f9b1fdde4e40319c95991886
SHA512 3a0f43779b878a1af68f3a427ed34fb28f4ba9b1acc4b095a212256c01dd26bd947bf0222f9efef1859dfaf7c28c60feeccd9cfbf7f658ac6f14ee6e25371fe6

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 f31164b27423ccb25c709c09e531ef47
SHA1 1e1c0c8f94000d6882317488d4ebab29961b4016
SHA256 8bf7d09dea9e73cf557e14a216291dbb7df65a2dc16df77b86bd86dfd3dfb944
SHA512 5f8ef20076fbd15b58c623d7bdb00b272d253468482d64ca36f20e706d7539f72b9e5d3a6df7d66ff07fb1f3d4791db912811db08bc1249895ab263f76e392b7

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 f49828df1eecd652f983125fc35979c1
SHA1 89b28333e98b2a7662fddf99bfe402eb43cd5f8c
SHA256 3186a93daebb440d7ef612422762975b81e07843de2414c143027efadd64c5fe
SHA512 0f7420052ea8fc4fcf5550b566beba2e53566e6ee22ca4c8fe69898c08a175a63dc838ccb78b02dbe441bd698e3b42ad5beb430e00d9d4cd71ae0f1109ce7991

/data/user/0/com.biquge.book.noverls/databases/ut.db-journal

MD5 53c6f5e2dab8b4a3269fbc5e2fd1f0be
SHA1 9eb63c0a2f13878af0f14ad2d09f55c7df658b31
SHA256 a41498ec3199aa622afe8b91bd929e01816781e035d5d1d58472a3a210fd8518
SHA512 0f09276772afeaa12526bb23bd5c51bb3f306aa79eac128a0378dbb9ca43ff689674cd23a8f5b6937818b900f0ebd57bb4c72a104cadc738f2cb045080c09885

/data/user/0/com.biquge.book.noverls/databases/ut.db

MD5 75694e403dbc728c85b85d55d972d357
SHA1 346ce6fb424f486cc32f7f46649649470cd57225
SHA256 ad9862b2cfa8b250817df299b073d617bba35aa05292f7f0c6cadcefd47cfaf9
SHA512 591d814f3bdba7180588ec333b554f946a977374df798bf69a352b4f1f0b43a412b5998622a059cfb3ad94eefb56d6ae62c6fe7dfefcb9ec5d47b98971bac6ad

/data/user/0/com.biquge.book.noverls/databases/ut.db-journal

MD5 5dc30656bf96f37b4efc5dd818efee0f
SHA1 864b6fc8e83fd26b4d659ace560db6d9a9b38c44
SHA256 3c88f49b6d6a8590099a6c472010470012fdc35204c4fe11d112e44d87f7224e
SHA512 eb92dbf44cf29235cbdc5a21e239fef31a60240b7ba8c361b6bdf0ef2f058d26d1d0838cb265c793ed9c7b0b3114247e1b118bc30c76cd0f96f9ced4e047267f

/data/user/0/com.biquge.book.noverls/databases/ut.db-journal

MD5 0a5885a66f0c75478ddfe341da607895
SHA1 ea3953effdc88f7ad04287d1f414c2e85944a572
SHA256 fc3d28c05222cd1ce82725b086f3ff4418c2dd3cf15e6a6c90d15c6dadd07988
SHA512 1fc5480d89ee536fd8c2266606053c0ba37f012666bda37a2cec34ea2036f891b2a398c716318725ae57552806cb50eeff3e53022aa1ace6508cf7cc7b053b6e

/data/user/0/com.biquge.book.noverls/databases/npth_log.db-journal

MD5 1ae8574336eac042a3175b180600da6a
SHA1 381dbd0b0af9d7d576eea59be996b358d898cad9
SHA256 c886b49afa208e5900c778b4363075ab418cc63dc94bf8934aa6e7cb04d22338
SHA512 f43aa53d9dcd4ce6743eb3fc74ccb4c2284cf15413eff09504ce80c2a58af685025b5867dce48cf408613647a095f0ce1a93f2f2f81f13fb7515558acfbbf8a8

/data/user/0/com.biquge.book.noverls/databases/npth_log.db

MD5 8dc03e147a44099e46adcc75eb340610
SHA1 4e087fa92230d55aba4de0ea71719afaa66ec108
SHA256 e7a10f4213b91e5144fc5e5d61ea6b81484ec79506ad7f7db35ca992a9634a7e
SHA512 d823aac6b0f8ecd90106e1b10b8fc5399798dfc09e63729b88b525a8a43ea301fdbc3977eed3a1fd21723c0e1f4c78585db9f9fb3402787eead6c724087d790f

/data/user/0/com.biquge.book.noverls/databases/npth_log.db-journal

MD5 3cf1f95cc026c0773f717d7ed4356b6f
SHA1 04b15bc7bffa0b2e6c10791eb7656daf164fa1dd
SHA256 da815d4c2ff577d6f51f28262aa4aee7816cfba158e025f48ad6ab7107c3a56c
SHA512 bd0f069b0ae977920b2213130036adddd3c3ae741f6dbb84d73046b0f5460db51fdb762725d48876ba2a62368013739ea3de65a334731f0557636da2615a19ef

/data/user/0/com.biquge.book.noverls/databases/npth_log.db-journal

MD5 c9b16257dbeb060d3a1a59140734a3a7
SHA1 8ce037d23098170c69bd11ec13b7363b7a6d0f8d
SHA256 3f0821bf6d9a78b9819de5161179796301ea4d135925e06b580c05370b2ed27b
SHA512 4ff00f67437063add9f537196af15e899db979bb13bbc296eecbba5b39d27d13d271c88914e856a3d6ac805c0dfbf5df32039288366e6080d9b42d1fb44fa4f5

/data/user/0/com.biquge.book.noverls/databases/downloader.db-journal

MD5 9893c850fdae0c5c03aa8b6efd973cd5
SHA1 22fad652ad3d4022c2e26e6f55e037d17c4f6c9a
SHA256 2773409f1821a8f7a7071c7d628e4c56ff3f3c82bb51037fa334df10e286ef1a
SHA512 92f3be7a68e077cac64b8f2a5478d44349daaf1d8359cd1930a1e2c38dc036056ba8694ae3bb5d8ad35b15118218a0ed5b6bdd9613ef761960036d04226abce9

/data/user/0/com.biquge.book.noverls/databases/downloader.db

MD5 e90765d0ac3f2df32dde37bc312cf0d7
SHA1 29766d680442a2142364bcbb909b03c01519cdd1
SHA256 125f46bc2a78d410701559bbd2858aa0cbb9c5b22fd13006514de47fe2e9218c
SHA512 0fd52e6693c9c606a3836bd1caf8aa109547e77affb725c04780ae0123497f297bc2d2303d43d76beab066669bb48dfc8ecc04e9d110947b8008de52ee429bc5

/data/user/0/com.biquge.book.noverls/databases/ttopensdk.db-journal

MD5 970afd0e0328956381711b1584c925fc
SHA1 4cc9f6585ebcad35583a90bee6c9b7ffe6afd66b
SHA256 ec64712270f7110805aff20bb179c1d54ce74585c6ec42e6588b48ef2cba12a1
SHA512 dcba18df59cf5ba65014ebbb73f644956684fef834c5ec258f5ba1ee376deb2c0c66a1677002b0f9ee882f9cba40b1487102766cec16224cfffe51056358d579

/data/user/0/com.biquge.book.noverls/databases/ttopensdk.db

MD5 8a86a19a1ca231ab7a6dc004c817c8fc
SHA1 56b88350a7fea73de2150b2b499167e15cf35c69
SHA256 d489e8fab49b8fa2decba4663e5018c6cf365cb2c124f5d66a986a6c035cf149
SHA512 b50e7cbf9f0a9a224d3f93c959171ab9e5f9c68d2bf1da0a65772e9af96aeca32993ea9f0ac9584d0bc27b80c210f810f1f4eabd1cad7e8e48b226a22430db49

/data/user/0/com.biquge.book.noverls/databases/downloader.db-journal

MD5 55ec6236d59deb07d912e219fdd6a3e6
SHA1 7a45de92ee2a55a46ddd2d8b45d421b60569105a
SHA256 ff1337e0341dbae76f6eb8cca48a5ff72a3096c4005a1437a9546be304f23114
SHA512 53a3045460ce604a5424dd997f887ec8cf02b78cc701f3f09c1f37bd6ee53197c56aa6ec985b68488f5bb4a80b63a0646859881c10cf3da656826b42e55f4d00

/data/user/0/com.biquge.book.noverls/databases/ttopensdk.db-journal

MD5 5c312a10d88afe783d707b66b2cf9f15
SHA1 2338d9383ab1f338597d6ab498ee710c6b6547ee
SHA256 79d3adc5fa4a9f0da13d561080fa2af34f78ffbb41016689320b635c16c64b4b
SHA512 8a7ce647f02db5ec5574f1f89d39be15f4b50f8d7a64b9c6aff0281e25d370f4867809f1d0ae6ac594fa46839aef6b10a752c699365c06a489933c65873cd35e

/data/user/0/com.biquge.book.noverls/databases/downloader.db-journal

MD5 7203c8feeb24f769fa43c0682a9be52c
SHA1 070c0eb45a88124db720ae3aee7af55e5d6c48a5
SHA256 d7b05bc452fe1f087979c02f7f2c7248257081ddefc0eda00cf4fa051209d37d
SHA512 c299dd6b43af9e61f5ca8b0408e5849e5dfe0ec878a72aa274a01f1dbe7e85b0d582623acd028e84c68198f1f4d0f06203f6750af870b36cf0b6eacde3f362bb

/data/user/0/com.biquge.book.noverls/databases/ttopensdk.db-journal

MD5 75b11189008e0dbc3f0edd98a8240b4b
SHA1 71dbe2df1d8becb34072cfd185e883b1a29fa3a0
SHA256 75fa4838bce0c78d874f273c71d7034a5f7ae96469b3f83fa5b5ecd6f09606f4
SHA512 8069afa69d8b7a1efd73cef48080111bfca8897731c85fb42eeaf5b78d2150bb2519aec8b7cad9fe4de464d47fbad0beea03d499a4f899dedbb4689f0836e5ab

/data/user/0/com.biquge.book.noverls/databases/ut.db-journal

MD5 0a94fd129d514f7d827018add1a46097
SHA1 c9353478f9f2061c722681495186689a24c45d08
SHA256 d3d9f8e76d2d90fbe9aac5a8c7331b003e94c3ce0dbcedbf52ed9ac9ad3c52de
SHA512 fba886b26c53e75494e6e198a3127da44f338d7b94a97ad38ea1d2a15ecc861786ec9402e0806c9fe1a6db22bed6614836ba5549bd1fbbd36aa5c66c6b62ef29

/data/user/0/com.biquge.book.noverls/databases/ut.db

MD5 3c1ffc7ba04cad9348aae68e7543cd0e
SHA1 165b0d75cc82e8b10de31b3bb7fa43ca0294047f
SHA256 ce5079d45b266aed1caa7ab200c14028c8e95d24d2ff3b4a49bc8808afd76756
SHA512 e9afc70b20212304b119aa7f3addc349c5f1613c90417706e3b7411067fb4682b149eca38be67d7baa18a37bd6098eee96b38fcb24de967a13bd399ef20c4e27

/data/user/0/com.biquge.book.noverls/databases/bugly_db_-journal

MD5 e96885cf2b5f797f918c7e3820122dfb
SHA1 459001f11a2a99f9b7fe7ec9b9ebf695018f2afc
SHA256 0fee8d8a79159107126e80591568ef4fc6a92921b3819ffc11abc011c357e083
SHA512 2023b83d9acffc2ba7e216ce1084433ca391c4aaecc5fcba5614353be9c4f52917166fa504610c7a7915f2b62d56adab5993b00051eeb57020458f8eb01f8174

/data/user/0/com.biquge.book.noverls/files/com_alibaba_aliyun_crash_defend_sdk_info

MD5 7544d336658eca9aa13bb9e2846a67ab
SHA1 b06d6372277daa8a97a4361fbc231b26dc039395
SHA256 b05da41072a0be409460b7701791efaac6e31f863c0eb1bfc096a7a692955632
SHA512 e6549fd6965a730fb83639b189d2c62f58a605896cb533706cfdacafa06a2de718efa42d41b5014a17814848c66697fb9fb50c777674f98aeb0d327643368bd5

/data/user/0/com.biquge.book.noverls/app_webview_com.biquge.book.noverls/webview_data.lock

MD5 9a7d7e1e430982609111930f63586eeb
SHA1 7c8beec416b3dade6c71bb6010e12d5446f39ee8
SHA256 3ca0066d59436cfe24fd231f027590bcd6e326c320da156c5c5f4dc342ef3b8c
SHA512 8811f94e74840e76d180bc66e2031306fc5340fad6b21128cb5e1df9d7f586f916e393c933a4c271ba9fad21cefd509bf8dcb5f31d4b3b4f8d577916cba519f8

/data/user/0/com.biquge.book.noverls/app_webview_com.biquge.book.noverls/Default/Web Data-journal

MD5 50dd23711a4301ae354eacccc47a2de2
SHA1 f910ac1670156781c6893bc2e6ea511e7ccb709a
SHA256 cedf0f3326dc1862677a4a72f6fd281b2ca5668c06702ddcb6b0194a0d427aca
SHA512 1274f72eccc035e6dad378f5b5ae077a2c657c6b136748a2881832c81e9215b4e7d49a14e0ba9478075495958fb461525a5e2222f3bb5b15727f25019069a985

/data/user/0/com.biquge.book.noverls/cache/webview_com.biquge.book.noverls/Default/HTTP Cache/Code Cache/wasm/index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

/data/user/0/com.biquge.book.noverls/app_webview_com.biquge.book.noverls/Default/Web Data

MD5 536e58581641e767a8bf8eca3b8cde9e
SHA1 750a88189322e36147068f1c585f02163ff3a388
SHA256 3ba04fa6622801be4e625176b175ff75caf19c8966c13418bf1433433eefa1a0
SHA512 498da0911c702bc683cf153ce9b66044642378eafb79bffe0afd7f7460bd12a4c9bb424e1606550d8bbfb25dede34b5ad6ad1f7ee698c8d5ff67208625612319

/data/user/0/com.biquge.book.noverls/app_webview_com.biquge.book.noverls/Default/GPUCache/index-dir/temp-index

MD5 d88e74a732fdfe2d6f0d482f9528b663
SHA1 ae33226c82ead710b501966f29baf301b60bfac0
SHA256 d9eb8426866ac25e5cd683818827d1a9f0ba37f3d44851fd0e2a028010974782
SHA512 72d1d7729170d76bb56fb8eb2505eb5cd947888fddab95e222230cce2a5c1b0ce0fa443fcc37d5467f1260dc5185b3e5e6f3fdffcf5257f00b8c67f23dd99e7d

/data/user/0/com.biquge.book.noverls/cache/webview_com.biquge.book.noverls/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 42a8ec7c0b0ef8571778a736e209bfdb
SHA1 f7bc93969c56edf7a3cdf7fe30683fdde6328053
SHA256 c7211bdfe0ac48062ee76d4def379c8585c1f90c444ff5329dd6b479d4690d61
SHA512 d68435551038760db00d70450fe5c57d81ec6640f97a9c722a7ea2f5d6fc82703029e3fe94f4c5024080ddef82f6f0424af17788c2d78d4928c686c8b8f24a84

/data/user/0/com.biquge.book.noverls/databases/bugly_db_-journal

MD5 6d46cbc9add3efc230aa98e2c8298d5f
SHA1 7a98e6c16d91afa8930826a100b78d77f13877b6
SHA256 d22fd4ec050a5433a5f5ca1ea576bf2ef186ae02f344582042b0b7dd05396981
SHA512 5a5ab42488d6b4e5fd9ff2a10a09795b0c5bfdd4125b64dab387518d83930aef6514c9bde7b72a020ad7dc59bf4fde75ddb29d0235b73c6712f649d282326b36

/data/user/0/com.biquge.book.noverls/cache/webview_com.biquge.book.noverls/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 1cfca67ea4db8ef39c06c533aeec237e
SHA1 9aa67b64d46ae9ce31ed82dee1ddd20a729b3560
SHA256 11fd9cfda836360899130be4b81ad7e707171d0ffeb95610aeda6ef0eea5b2f2
SHA512 e9c61efc1620f08610c3a7fe1a0b76fd8e1bb1ea710bc6ad22eb7f9c17b36bdf7219a26e985e135a07c92cb2239e2351b1834fc44daa822a76c267fbffba59dd

/data/user/0/com.biquge.book.noverls/files/umeng_it.cache

MD5 6cfa70396f6c3f0a373abdb83f2a51cb
SHA1 23814f3ac1809149cbed7673b819203e2adbd466
SHA256 2f0194de649bc735091ef01437fc22686f8047ba3a4c4c7a0f67a158048bbe27
SHA512 26833fce29d0e49f116b47c8bec59793d477f6e6da547e5d6fecc54a6187f458d876304174b1253807e1eb763832648ebf8f1d727c9e44095cab8c0b976e0298

/storage/emulated/0/Android/data/com.biquge.book.noverls/cache/tt_tmpl_pkg/template/b3c7b290efa296bd34365e2948d7b934.tmp (deleted)

MD5 3635d1f849075ef333f78d609509cfc7
SHA1 f37e20477927df34fbd2f353d520f1abae5d81f2
SHA256 f1480555d3bd1cfc47f13714fc39eb74d98ed5632ffa040f63d39dfeecc85f93
SHA512 f23f37239b8ce3b56ac42713aff571b53829eaa1ea0d6b2c060f2aaa2b77edadc34ce655b439d4e4ee71eccdea341484eb13a060aa910c6be7ace64e7597ff8b

/data/user/0/com.biquge.book.noverls/cache/webview_com.biquge.book.noverls/font_unique_name_table.pb

MD5 9147f3c70cd68eca82079554128543fa
SHA1 3fac96cb4b59ac89a9ff4ef4b91d9570342d66db
SHA256 fd0e0c4e89444a88d27118b6eadbf01cdc5debc762d9b6ba8b51022558702736
SHA512 ba6c2ec755c4e49b5f31fd4acc4d19318352608b87b1e1ea90cd7c30c7d41fae4437a6a6bf39df31d862b2b193f43924abc22ab0998045d12e380999e43ddf98

/data/user/0/com.biquge.book.noverls/app_webview_com.biquge.book.noverls/Default/Session Storage/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/data/user/0/com.biquge.book.noverls/app_webview_com.biquge.book.noverls/Default/Session Storage/000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/data/user/0/com.biquge.book.noverls/app_webview_com.biquge.book.noverls/Default/Session Storage/LOG

MD5 9a29542ed11e7b72bd37afc49f35c489
SHA1 1166bfe3f4cca8b56769a8806a200e622a0c81f0
SHA256 6f759bd8e13e855e4fc2e409cf96c87dedfa62787961259581afb0efe582a95e
SHA512 ec9cf3c733df61d2ffb0cedfa68ef1d45cebd48958951a32d89a724172bcf4555111888239fbcfc4ddddc13c234c70a910dd1e283de654095b30fd644011d529

/data/user/0/com.biquge.book.noverls/app_webview_com.biquge.book.noverls/Default/Session Storage/000003.log

MD5 ba92e5bbca79ea378c3376187ae43eae
SHA1 f0947098577f6d0fe07422acbe3d71510289e2fc
SHA256 ccf4c13cd2433fe8a7add616c7d8e6b384cf441e4d948de5c6fc73e9315c619f
SHA512 aa1d8b7eb9add6c5ed5635295f501f950914affc3fa9aa1ee58167ed110f99a1760b05e4efb779df8e432eab1b2a0fc9cf9d67a05b2d5432ff8f82c620a38a62

/storage/emulated/0/Android/data/com.biquge.book.noverls/cache/tt_tmpl_pkg/template/a6a5b5b6c7a6425d8847671531c736f9.tmp (deleted)

MD5 3610043095edfae0fde800376f4f63b0
SHA1 c58f32ab313bc9c8b0a2a9d2ee7f445972973c8c
SHA256 b37b20aef8aedef7f952401b48d8d2da271ab65c8acbc1c6a296b244875ed088
SHA512 d9440d22eb1886705a8936d16585a9c0f439a04303a432818b61ec608aec9fb21785f2098fff0607c23a2f6ae1727c4103b350d82591d0c5bf470ac5d17555b7

/storage/emulated/0/Android/data/com.biquge.book.noverls/cache/tt_tmpl_pkg/template/497c338886e619460537c8c4b99e37ad.tmp (deleted)

MD5 3cb18addbd563508da9d8b24af3e9bad
SHA1 9b6ce986414cf209e720bf0f7515688df1101062
SHA256 9614a250c3921ab426426cf2df2a3f5d5741449de032a053e40ff056bba9d8d3
SHA512 afad51a9747680a5160defd977ddd4c75c7a05f851688c56b6acad284cf06077ea99eefbec9770f5c111d8d544af9ab43572ace5ac7310c350f77b22c7cf5379

/data/user/0/com.biquge.book.noverls/app_webview_com.biquge.book.noverls/.com.google.Chrome.7gKX4v

MD5 51d91ce89648410ee1a52335c6ed4d6f
SHA1 834c98f4516213af163ca12222d6e7e6a7848ddb
SHA256 2a70fd1a81887d121536ee3725e0d448037e4208377653cbc48590772c298c6a
SHA512 bd03c9d11a3ab08acd59d69bd126b5d8eb67b75a71d58e9813f73dab047ca0618169414c70711642322c58e79723e4dfdd20066fd8fd3c9763c15145b0a526f6

/storage/emulated/0/Android/data/com.biquge.book.noverls/cache/tt_tmpl_pkg/template/temp_pkg_info.json.tmp (deleted)

MD5 545f5078ffc8d5078cd82ac9f80c890d
SHA1 51e06018f231cb5727a83fd1c50a50969c95949f
SHA256 6c8aafd80921560abd25be12186193ac6c2640f342ed980b47e3269621c1f312
SHA512 c520a8a81f13b133408ccdce91d654d2fec90c84d2ed10574c91e6fed61cdb3b5c8e2ae252ee83543015d0524967897f81fa39275d6056f6d293d847af222791

/data/data/com.biquge.book.noverls/.oabugaij/.fsgkea

MD5 01abfc750a0c942167651c40d088531d
SHA1 d08f88df745fa7950b104e4a707a31cfce7b5841
SHA256 334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b
SHA512 d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236

/data/user/0/com.biquge.book.noverls/files/mobclick_agent_sealed_com.biquge.book.noverls

MD5 bc4cb969f53e6705ae5def390f6c18d0
SHA1 cb7e1671024e622ef5318b39bf30d29068e7c68e
SHA256 20bb3465d54535ff9990d011f42b8d0c0660b96d4cc02c4614b6d630a540606d
SHA512 31b1696be4deb3f8edebf5c7833290b181d056cd45a129d1fcd1fe63a82df4bfcfd262d14a5523a37fe0744d5a3c0c9478a2cef6b9da2b095b11d2f449e6417f

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 18:27

Reported

2024-06-11 18:27

Platform

android-x86-arm-20240611-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.195:443 tcp

Files

N/A