Malware Analysis Report

2024-09-09 16:21

Sample ID 240611-yv3z4azdnd
Target 9f622739b9e1b7d97683568027263e0d_JaffaCakes118
SHA256 8632d5c1219c52fd544ac6f4a17f08eb10753cbdc3cf16934b8e2c6bf6e4f3d5
Tags
collection discovery evasion impact persistence credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

8632d5c1219c52fd544ac6f4a17f08eb10753cbdc3cf16934b8e2c6bf6e4f3d5

Threat Level: Likely malicious

The file 9f622739b9e1b7d97683568027263e0d_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence credential_access

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Loads dropped Dex/Jar

Checks Android system properties for emulator presence.

Queries information about running processes on the device

Reads the content of photos stored on the user's device.

Checks Qemu related system properties.

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Queries information about active data network

Acquires the wake lock

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 20:07

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 20:07

Reported

2024-06-11 20:10

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

138s

Command Line

com.rcplatform.nx

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.rcplatform.nx/cache/1582435991586.jar N/A N/A
N/A /data/user/0/com.rcplatform.nx/cache/1582435991586.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.rcplatform.nx

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rcplatform.nx/cache/1582435991586.jar --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/user/0/com.rcplatform.nx/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 internal.faceunity.com udp
US 1.1.1.1:53 internal.faceunity.com udp
US 47.254.56.66:6443 internal.faceunity.com tcp
US 1.1.1.1:53 bridge.dloadstar.cn udp
HK 114.134.189.160:80 bridge.dloadstar.cn tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 t.appsflyer.com udp
GB 216.137.44.95:443 t.appsflyer.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.65:80 data.flurry.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 bestmeapi.rcplatformhk.com udp
US 45.56.65.189:80 bestmeapi.rcplatformhk.com tcp
US 45.56.65.189:80 bestmeapi.rcplatformhk.com tcp
US 45.56.65.189:80 bestmeapi.rcplatformhk.com tcp
US 1.1.1.1:53 ip-45-56-65-189.cloudezapp.io udp
US 45.56.65.189:80 ip-45-56-65-189.cloudezapp.io tcp
US 45.56.65.189:80 ip-45-56-65-189.cloudezapp.io tcp
US 45.56.65.189:80 ip-45-56-65-189.cloudezapp.io tcp
US 45.56.65.189:80 ip-45-56-65-189.cloudezapp.io tcp
US 45.56.65.189:80 ip-45-56-65-189.cloudezapp.io tcp
US 1.1.1.1:53 www.googletagservices.com udp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 s0.2mdn.net udp
GB 216.58.201.102:443 s0.2mdn.net tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 216.58.201.98:443 www.googletagservices.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp

Files

/storage/emulated/0/selfie/share_image.jpg

MD5 c6064e7853fea1ce1daf718628dadae0
SHA1 a02c91e75b6e208299f15757924e7f3f282201e1
SHA256 47810cc7dc65f8a347fd5a6ad433107a277efb8bd6cfb2d4c6008fc3f28037e3
SHA512 cd4fef340fc0570754048de27fef899fa3f78a758f5273e539315869e685fc64f2aa0d7527ceb923eb9a1650b0b4e5b2d17d1967e186c683ee41280c86d6a755

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/43/Z72

MD5 df5d086274ebe43eb8c8ed9dbb826d75
SHA1 b7d4a5b4a2252fdcd1484cbef50934a4ca1e993e
SHA256 748f6a5ab5c390dd03799565f28382b082fbc53c24b9ac048189cd48044edfe1
SHA512 44adeba7ae8c7b5e842c7abbdda058fda759515960d4e60953eaa0872541b1526a92d2e599c1ecfa8bd70a74c15c3563b8afeef4dfecc066caff0c0eddb35f4d

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/43/com_rcplatform_filter_fragment_shader_lookupfilter

MD5 45dd0cdb7a053aaa3f7ff318df2413bc
SHA1 74a5e7c82d5856c6aadbbf9865ac48837badc111
SHA256 210adc5553ca1e6f0811aa68000e1add11f440c7532bdf64f23762af811ace6d
SHA512 a7e9ce6465fe7eec5021fa865a56632ba6d91d6cd93b4516393b4a6db60db8b5a28ee811f62c0015e7d7a9fe1be5bb80abcd06763876a613f1dd44fd777e402d

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/43/com_rcplatform_filter_vertext_shader_no_filter

MD5 53a6c9598b429ab5fc6a6408e58bccce
SHA1 ac49da930f8324b7534e708c130ed7f5baced52b
SHA256 09eecb60cecc5a21681696dfcf0750f01bf6894057bb830c79f2bab77a88c0ac
SHA512 2de1929d975cbf0123637f09e2298b7631d776de7a61423da0f20e1c8010b0806d156c7146d5a2b2e2727532131030f5a01820f7e15476649011924fa37df6e5

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/43/config.cfg

MD5 912795c99416a8b6dfd4a1c35c0f65d8
SHA1 e6ac38c9dbb016521d228ece4e1a4723e8b4f55a
SHA256 92c3e8c2102ddda1c718ebe9992ff0d80ab6f0aa40b4596c4623baa3f7b4fe62
SHA512 44bd69b090039f50c028caea23fa2ea3d5b59508aeb53c196173f59b7d16cc5cc9777d0d21907447339a47d4308fa3bc4174b09870d1c336446fecd892f4c2a9

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/43/preview.jpg

MD5 8cc9501fd27c06677c03a60957a20298
SHA1 10bd4003ace1a3cad723581fa9fa3a08d9bffd12
SHA256 92a4a8c8328614426482f8f7fc76406be46a46de1ae4385cc2b4147d99c8345c
SHA512 0245b41b50378c85c53367541302be60784b955ddaeca62867c438fc8ec9890ee57b52541a97f93aa12cb4aa617ea7971f691b81f943078ee4652d73203a28d3

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/43/vignette8

MD5 a1143c81d2e64d8947fb057a7381d6b0
SHA1 7b182d3a94862705818cfc452f8ce84f3c0e5280
SHA256 a6c96d730bbbedbd621bc0be31a3b1af75f29eea373dd17e053fac248573789a
SHA512 206cf7ce627e61b9980d112898731fe29a7322ea616968a975674f783e4e44e2ce11edc22a6ddc1887ed5203662d0a7ba3bb81bca03bd606a92fdeb887bdcfb1

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/44/Z74

MD5 e47f0dce877fd1d07584bb7c2abeb635
SHA1 9cfc6df08a8b6f267a6649c32f8b293fbf89e29c
SHA256 d950a88e532c783563bef13406c3ead4e7ac0a5f339cb538a3961c75dfcc5f1f
SHA512 f359b7fff601daa412138a9116f7b033f7d3bc970e518b9cb9489cdcf09abd692630893b7b0f664dd4fe51415e652229d56789939fe55f2de4e131f55bf15631

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/44/config.cfg

MD5 238422b5a88049b5761449d6b20664ea
SHA1 14c7945f06e70c9c6cf1efac3f3cd7245c1905b9
SHA256 92080f7bd36c40809080c4c54e9c1640c78b91d0338a510890cfdba090c0af02
SHA512 e82160e370c3549a5e8c59a2986f9613bf67eabf28bc8065c1a2c86b21394dd2a05a2bfc41dcf8aecc3455adcb61446bcc2de6ead8c505442e7acb22a5cd2728

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/44/preview.jpg

MD5 c4d9c782dc15e40b7f82cb60e0634919
SHA1 8f1f6ecc361e8e65ff75edf8e1c847f1e8f3f76e
SHA256 1806a8e31c400b9fcb0901e31e0580d7babe577241d2178e03944ef0e7764e8c
SHA512 0e48c804e41f55bf0d3be340377a898a7e065090745d4309d8ab56dd617f22a5b7b8f5a06ec2558e62422972e05b304652d8b8fd333be9db43e7b3dc2868cf91

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/44/vignette11

MD5 fe2498fb6b4c0a8f7b53ed13d5361db2
SHA1 cb19a2ff15a0a5af0cd29ac83a7ccef4400c2136
SHA256 c002fe9442435abb579f8e16f78babbe0a22d10376b4ca651906d271b165b085
SHA512 c12c99c052acb2f3202bc3d80a62f63821ef3024a014304f6ca943378307ff87b7fa4cab7b9a8124ce3afa5ecd0a1bf11f58b4e9baadebcaa25eb11b4e71ac63

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/6/Z10

MD5 2af7f9dc875988d2cfa38bbdadbfa596
SHA1 4eb315d5ddf3507f16d1af156640ba519fb58e92
SHA256 3b7c6f583db4829c7e3c7cb7373e7c192f0fe19464ba6f1cbbff2e87759e6d5f
SHA512 705b2fc4708f180e1d4720b74e984a833f7ad9060c116c3d0a4f119c17a021fced504995df0fde6537782a1f775ef05cfae67a4e02eeedc1786fb8da447ea447

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/6/config.cfg

MD5 d8de8ce80d4bf9ebddaa8e2c596e5072
SHA1 db849ba190ae4b7cd47e5e4696b7f060a60f8a28
SHA256 7b05f0f28ca8d30d2ab7a83ac9341fcfdc6558c6443d918d26ed5a73dda811b0
SHA512 597bd02a11f6512f7cd5d92c6bc1b7ef77689126397de040dc83b81d0ab950ff6738cb5298b388589b0db9b817d73449e56ac3042bee838b43c450acb34a63b0

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/6/preview.jpg

MD5 ce50bdc3787b32a4cfdf81b4b21201ab
SHA1 7152724827970240a94e1d750ecdedb729a2a175
SHA256 c3cb1560914dba905d15abe05f63d906aa0cbb6e53c37edbc2962291a4253cf5
SHA512 c4f0309c8b0c4616efc3f0cf99296e6ca6a85866e701b3c464ffc8484e7de584d7d5cd7fea9c84df2ac010b32e00db0ffeb8b0420d6aa268adda399d6c739306

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/6/vignette14

MD5 19e0b77e54bf3a44d8cfcc7d7c79e54b
SHA1 036a3f6e78d93db2e2dc5df6cc8d2c4a93d1b482
SHA256 b276dff3989de53784a8c6ac5d34ddce2f657a2b56b190ba143052d973ba1dbc
SHA512 07fb507d40db5056e8619a053bced6a5ae7ec9c0e8def210d3d6c56e0e3f9def1e1ae89919bb947b50c906cf6e93d6a4701eee548b09be46a3e8861cbd81dce3

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/B12/config.cfg

MD5 169530324f1f5b157a7da21455e97bc8
SHA1 8687390d1e8fdad49c107916a279505518a55a92
SHA256 c0de9cc54d7566f30f2bb3906e73f934c04d8fb95dc497501db7a991bcd337c1
SHA512 ec18dbe6036ee41ad216188c9f385c870eafaf1d5ca3c8bd31299825ba35cafce591259a675c8af3217d3fb374f0d15eef13e275a70cd771f488e7e30b2b42b3

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/B12/lookup

MD5 22d494dd2ca2ff2759538297d063e0d9
SHA1 d4732b797528e4c0f5ffab4f911a3968f4a32b30
SHA256 6ff2c647c0285219d02c8d0252096b679c1460837258de16442401b4485fbc96
SHA512 52c07e678270a04ae6d446ae9b9b6c33d615f30d0743efce63a08e866215fa6e61efdd80edb2c72b9d833f526c29a233a1ba8e865fef664ceff8b80913b991ab

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/B12/preview.jpg

MD5 762eba9a67bb616ed3cb4062dc862361
SHA1 6bafa4d1a9378d02f99e353be98b47ad6a004bb6
SHA256 1e9b9152fd106a5d26d0a341bdf88a79b1d376bb8d4060d15fbd1a8caf02d383
SHA512 fac23ccaa6f43eea845ffb44d8390101bf138a60b38a4a1e37c8caebc173ce96b5588ed4852a7acc0e2f09aea03b87d4df73fff797675db1f5252657f57da4a0

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/RF12/config.cfg

MD5 bd8168fb7d0fa1fa7f661d3f407172b1
SHA1 70e58a1ee600da5c7efdadcc3143f314469ecff9
SHA256 b860d81eddf3f348bd1b00da8ad1b23b5210cf9b423eae16d4838c2e1d608ebf
SHA512 3ddb20bb5d2b98619a9a4f9c3adcacfa643a24d0bb93174d4ec0631ad6ea2bf2d299745d9ca99228575ad9fa06fb7ac6235718867c1d34336cf20d2acfc17bed

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/RF12/lookup

MD5 f63a9eef1feea9655f011220bbd19522
SHA1 d4b5b975daab20393bb5b77b0deb85e48e6e6ddd
SHA256 762494a0fcd20c0ac9feb4dc3b420e450a048abb20d2b86d05afd3ae17f49226
SHA512 89f01683e746a57c602817e7aa80133ed76c20c4acfa3209824ad4059800c2c7717c3e45e8180a16673591e18682b9274fd6df10650a966b322d58321789fcdf

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/RF12/preview.jpg

MD5 c43d08b67b822ea9c011fcd6d862eadc
SHA1 41c87d82ed695f065b6848019e41bb7fb162bc79
SHA256 48a05d9e2d37b4cf8a9ab81605577298b10da776cf0fcfef4401ff6e7f1c0f64
SHA512 e8b375b52cb458d63edffaeee91009d54a8a9c1aeb1923463c22a527f168727a811915369975f8197858f7cf2313f8d8f4f4804c05e9bbd33ffd53aa30f30605

/storage/emulated/0/Android/data/com.rcplatform.nx/files/normalFilter/com_rcplatform_filter_fragment_shader_no_filter

MD5 785396b2743eb721532390a5e9f54f86
SHA1 0489ea25368abfe3909df380988e46f0e16db71e
SHA256 97f0ad3d3efa9e2b7950e4fb90a8b0bb222e4b1ea6773f93cfd8e30fafce6165
SHA512 60d739f0582cd5af444820367dba98999ec0f751541af0ebc1e74e39479c4eaafd84e5067afd59737be397e87872ed971924d7dbdd8e5745d21893229d160a85

/storage/emulated/0/Android/data/com.rcplatform.nx/files/normalFilter/config.cfg

MD5 4f2d5102a8b331b0728a193f019d2047
SHA1 c5f18ac398c089d64db286a49878787a1eff91f3
SHA256 faf50609f5163525846bf1237da16fc9b9028659c1116bc1a4a1f00c406e7f31
SHA512 b009392762fef582a7eb58c8d454f8d8d15821085d82dd6087e47e2e30015c269e94dc7af6f89aebf8bea6bc50e52dba38d0a314ef7d6ecfa7f67bbd64db0584

/storage/emulated/0/Android/data/com.rcplatform.nx/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.rcplatform.nx/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.rcplatform.nx/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/com.rcplatform.nx/cache/1582435991586.jar

MD5 2048eb6124a452540ee51dae4145aadf
SHA1 d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451
SHA256 105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864
SHA512 bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db-journal

MD5 5e613e7a68956954e9a96535376b810d
SHA1 ccbad4c0ba712ac37c5169a27cb36865f489aec6
SHA256 441f747b607ee4be4d132747cceeda88474d9dc2f3292685db41fff26bc8abf3
SHA512 b4ae14722364e85e800fc8acc8291a58130ec9ce1489697acae9edc027f65a13016dca97c37149985ed39095e93214fec55639419dac6528d49b303e71e44f4e

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db

MD5 cdabc9e5593ea0540c4f74fdd0df92b1
SHA1 b3de08a21e9d2c2697f967e130fd477bc026e9bb
SHA256 460665c321bd35294ee316498a3361a57380eccac64e677d032bec6ad95ce394
SHA512 84309e76cd03ba89dc60395cbbe3c601126d1f2bec50f51f5bd69d8c115333a914e860cab7df6a8b21542e6775aa467604ade08540cf6a753af99615237333e8

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db-wal

MD5 bcfb09a69608079ff04bafdc7770e77d
SHA1 08a4706b5cfb00e472b139de2949309df5cb8954
SHA256 358dc75564c5cbc9d7178ab0c49eede5bb69b10a5df33bf91ef38af7a66d480b
SHA512 ffa150689e06f92879dbd9e4c01ea0867a710b7da28ecd43d559d19667ce9c34b02d18ecf57457fdbd76dc3a76b08c19eb220181892b776d3ae0fa217b10ba2b

/data/data/com.rcplatform.nx/files/.flurryagent.-3869e607

MD5 60b256b39771d1ecd23e6a21bb39af57
SHA1 03fcaeac9133e5ed7d5b1c5a671c51399031983b
SHA256 aabc142d0b3440b6b51882fa205394a79ec5682b602b36de494fa4b572a4a3d6
SHA512 4ec78da7529e2d168671d243d9b473398453b37eb9bc96011203362e76a70027bc96d64b4cdc40b51c672dd0724746c3498671bd5d4773325e6022e82693939d

/data/data/com.rcplatform.nx/files/.flurrydatasenderblock.75ef8e9f-1a47-4ae3-aabd-6a1856c2d7d5

MD5 088652ccc9d23cf58473a73a909bba66
SHA1 86e4a15bba245f3d631e592565e5ec0bf5a624e3
SHA256 742dc5228024ef2bef43649876bf1962b8dafdbcb8b9fa5aade2291624b8894a
SHA512 42c627904c6cf552121712568b0fb5cfeabec19a0652772753a0697fee5f32fbb29a028683e481a05f2de9ffea1ed24ac214f64c6a37d9c7f7ee014c894813b1

/data/data/com.rcplatform.nx/files/.FlurrySenderIndex.info.AnalyticsData_KB97GZMYPP296QFH2JP9_158

MD5 810d377da23f0138732ed05f0492e706
SHA1 17e062d5811a4bba5b575e51d2128831bd50e172
SHA256 d76cb1c80493046e57cd50928cdf1338aefa47f62896ae5125ed81afdca8f2ac
SHA512 06bc26b27ef5d3e16b1c72cac0f35d9865dc89b23a0251e74d999f5696d98e40f21033fcac9af434696a0076c93cd4da80ac62e26ec7308db5849231d18a3ac9

/data/data/com.rcplatform.nx/files/.FlurrySenderIndex.info.AnalyticsMain

MD5 7ef2423cb0165a1a3f9d8ed96de0e768
SHA1 dda43704817cb762882e41f653083a4a27326336
SHA256 5f78d247a15e6c12baa34812a79b88a1bc8846c287ce167529f3b3b65980b768
SHA512 a991baa38e9a188f9789c38ba22f348bd766b164e5366f919d70adb2d5de77478d3f9ca7e58ee79783898a00d9d003d9c5df841171c5068e0762a6393be09fb6

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db-wal

MD5 c0b6149ef5e83a66f7ae914063d26973
SHA1 039a9e48be48296066eef331865e3acb248be9cf
SHA256 97a25663ce2da2e7850c78a2946215ae3c5f62077e7465bf7623298c08ffa0b6
SHA512 2fc170b0b77145f1f59ea916237438e02c1ae278bde4e3a3db90f2994da23fbbdd184d4f215f8510cff8c291b9a92cc9e9f7bb21e06333d8453f9e941725ab75

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db

MD5 c56a43118a35531fd0832429275d63d2
SHA1 16cac1fc65245bd3663384a4c8feeb804be8c1c4
SHA256 24b1d4b3d42d0b37ef94abaa072af30ba6d44b5760d6808b16ff0ec0a14d5c4b
SHA512 9d4371d35b9d556178eb1c84f8fd9d8ed8a97c5c745c93dbda7b21e6bbef0cac5051e49ef9e8e5da509aff49fc661c9604a2552d518325245d8bb481c3470c8a

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db-wal

MD5 5c48576db3e113588a11fb215a45ce7a
SHA1 eec85ea695e8e997f60c6f70f9afbff1243befcf
SHA256 2c8e1adffa3965cc3e71b8b0ea3f20c6463af5c8f485bbba43e1b489bfbd943d
SHA512 34d3316311e066d2fa42d3e348022c4d3519ed02a65ab8d154381922aacff09e15c8fd83a4111fbf33f59857c53ed11ea8dd8310f1e247a665de5e53b140d7cc

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db

MD5 3dff517f48098013004f1da0aef114fa
SHA1 5937b20b0ece4497450df74b8faef6c781caee47
SHA256 cee1c09af8112319ed9b52958f4314280d8d32990430e2227a9f969a3fe8654e
SHA512 a069aa347cf413d273638d3b419930a3156a242a668d0a57c2acd00fa9968f9fe437752370a21c9b1273a50fdb54c68aeeb34119e31b1e230c800c5546d1a106

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db-wal

MD5 9a52afada01849749515dd0d1004bd11
SHA1 f8404e6fd9ef26a778c2e51ee78fc478a39a3f94
SHA256 e3b57d9abbbab1dd50187b3bccd12b5ad65937c48575d5f5cfc5f2cf473615a4
SHA512 1c6bac199864344ede02de82bafa8fcd28029c218ea1e321edf321ee19b8ac1a996abd5e2a979efe8c62e338946d32ec885164050138492d8fa547ee0a9e7f3d

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db

MD5 253a3e89fe371bb80233f84ca8752da6
SHA1 dbbcb2705315af4d30f97f6fabd96f83d7264e8e
SHA256 1e93224aa7525fbef5e21546c800ce20a51336c7f6ab1464efc8305e54c398ef
SHA512 120f6355c0527145c227db36fffa09897cd9225d589061f61774c86e21d093a459e58ef76ea19bdd451f0f02d2f5c4a4ae2c974a194f4fc03af8a3e00248cfa6

/data/data/com.rcplatform.nx/files/umeng_it.cache

MD5 e1c890e37fdddff91062a85347378c1e
SHA1 15c55a7673aec30e6b6469b42fc8fc8271b711bb
SHA256 3aa714fdf66ee5925123ef94de244efb5cd386bc4377f8729c28aed67962de68
SHA512 5127508d8abf1ed5223cdac0458799fa7d7c261fc19f0a6f297511e794c5e94b483d144e639f65a1c8545d2d8e135f0d748149c00728d0712410eeee4f9f68f0

/data/data/com.rcplatform.nx/files/.umeng/exchangeIdentity.json

MD5 e483a6beaf75954d8e51d1a16e1ef019
SHA1 4c5683b44becc121b060257e96c2ef02afdc4eb1
SHA256 b61b7e7cb389d05dfdbf55b00268b5d190d3829d9aa23eb4e34886886f0de225
SHA512 a848a2c316153c8a985d352e003f6d6c55b0893a96d3d22dbbf252af827ca62971d501149862dcb8861d49af4400de799f941a2074d6b437a73086e1ac0da2f9

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db-wal

MD5 db9c6812e032323667695d9fe25a8165
SHA1 bc8fe4377350edd8f7d87929f49c701cc035fee4
SHA256 056a5cbcba260375ea6a29906f5d6b4caaada5d862da7fa581179fe9851d46e1
SHA512 d5fedf75bda7f4149fa286229e9228ae8d75fcfaa095e7fb189ca49efe30d14cce9ed4882b9f665d9a2c9040eb8763a06061f3f95d4f4bf1f58849f1ccdd2b64

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db

MD5 7f9b56bbe5c613dcf5d3e3a00270839f
SHA1 0f30f7329647c765424e8cae5713ee91ea2759ed
SHA256 70673c2acb8894010ad8bb6bbddc99ed34956b4b32cdbfce613e8eca93580c5e
SHA512 cb8edfd7dc29d53d4da5be5dbcb4f0b6a39c363a51cd7a14b07e194e8369df51b73df23efa0e018dce027ae5a6b75e1be4aa823f15b94d10902b7c794ffef2fe

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db-wal

MD5 f9e76c749a8c78ee12ac3842cce9b0cd
SHA1 e4afec14612368dd3a529d541e852b788f4e40c0
SHA256 705f15fb60abe76dbd87a6255cc39da79e2cd5a497ed7935683828ac1ab011db
SHA512 813dcc0ab81a3418daef4bdd4f41a53c6cbe8827546579cde118abaaa897462c610f15146aec797df23f33b239a1f07c0cdd7fc97a29cc00c6ad4b68bee5bf5a

/data/data/com.rcplatform.nx/files/.imprint

MD5 c3105d4e6702e19776477bc91aed8a32
SHA1 5ecda3b8915a3e757352f64f1f58fa8d1650355e
SHA256 0e37e85954a059e8dea2981f87e1fe4f56dcc37415183f1a0c09636c51ea9ec2
SHA512 4757e8d69042f12dd095da591d0dec73df77650fc6dcb268d8b46748eaeec8de36558c082a62c779640f744f346e703a7822100bd4b558804d6210346e494079

/data/data/com.rcplatform.nx/files/umeng_it.cache

MD5 bb9f15af888f93b5bba798f6c3c2f9e9
SHA1 2bce1ed3ad2350ef1dfa08fedfe4aa621ded9be9
SHA256 3e774b850f41dcab7946a15d5a1a29956a6186f9f58731586fe564e6fc9988ac
SHA512 4cf17bedd0b296a616eaa0713aa18051ee3b92480192b316e62ded2f18a2ec9d4b420525165e3afb3d6ffc866783dba653ea2fe0fdd8cd9f03b93c70600fb441

/data/data/com.rcplatform.nx/cache/oat/1582435991586.jar.cur.prof

MD5 a3b78d197d786c13687c3f0f89703bd8
SHA1 9967f0726b6b1ed3f198904547b81920f8329621
SHA256 c5e6754556dbe01b055066f23c28ddaaf5fe67cee4baed00d59dc993335b3d97
SHA512 9a47c9bb977edec9d29d22f280e0078ca931a722eaecc2b085c6b5aaf6246d17a6ad07c9faca45070bb5b89a3ee6cf896f5e2c7e73fb033e3ac57471df70a8b1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 20:07

Reported

2024-06-11 20:10

Platform

android-x64-20240611.1-en

Max time kernel

179s

Max time network

150s

Command Line

com.rcplatform.nx

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Checks Qemu related system properties.

evasion
Description Indicator Process Target
Accessed system property key: ro.kernel.qemu N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.rcplatform.nx/cache/1582435991586.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.rcplatform.nx

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 internal.faceunity.com udp
US 1.1.1.1:53 internal.faceunity.com udp
US 47.254.56.66:6443 internal.faceunity.com tcp
US 1.1.1.1:53 bridge.dloadstar.cn udp
HK 114.134.189.160:80 bridge.dloadstar.cn tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 t.appsflyer.com udp
GB 216.137.44.95:443 t.appsflyer.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.65:80 data.flurry.com tcp
US 1.1.1.1:53 bestmeapi.rcplatformhk.com udp
US 1.1.1.1:53 alog.umeng.com udp
US 45.56.65.189:80 bestmeapi.rcplatformhk.com tcp
US 45.56.65.189:80 bestmeapi.rcplatformhk.com tcp
US 45.56.65.189:80 bestmeapi.rcplatformhk.com tcp
US 45.56.65.189:80 bestmeapi.rcplatformhk.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 ip-45-56-65-189.cloudezapp.io udp
US 45.56.65.189:80 ip-45-56-65-189.cloudezapp.io tcp
US 45.56.65.189:80 ip-45-56-65-189.cloudezapp.io tcp
US 45.56.65.189:80 ip-45-56-65-189.cloudezapp.io tcp
US 45.56.65.189:80 ip-45-56-65-189.cloudezapp.io tcp
US 1.1.1.1:53 www.googletagservices.com udp
GB 172.217.169.34:443 www.googletagservices.com tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 216.58.213.1:443 tpc.googlesyndication.com tcp
GB 216.58.213.1:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 s0.2mdn.net udp
GB 216.58.201.102:443 s0.2mdn.net tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 216.58.213.14:443 tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp

Files

/storage/emulated/0/selfie/share_image.jpg

MD5 c6064e7853fea1ce1daf718628dadae0
SHA1 a02c91e75b6e208299f15757924e7f3f282201e1
SHA256 47810cc7dc65f8a347fd5a6ad433107a277efb8bd6cfb2d4c6008fc3f28037e3
SHA512 cd4fef340fc0570754048de27fef899fa3f78a758f5273e539315869e685fc64f2aa0d7527ceb923eb9a1650b0b4e5b2d17d1967e186c683ee41280c86d6a755

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/43/Z72

MD5 df5d086274ebe43eb8c8ed9dbb826d75
SHA1 b7d4a5b4a2252fdcd1484cbef50934a4ca1e993e
SHA256 748f6a5ab5c390dd03799565f28382b082fbc53c24b9ac048189cd48044edfe1
SHA512 44adeba7ae8c7b5e842c7abbdda058fda759515960d4e60953eaa0872541b1526a92d2e599c1ecfa8bd70a74c15c3563b8afeef4dfecc066caff0c0eddb35f4d

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/43/com_rcplatform_filter_fragment_shader_lookupfilter

MD5 45dd0cdb7a053aaa3f7ff318df2413bc
SHA1 74a5e7c82d5856c6aadbbf9865ac48837badc111
SHA256 210adc5553ca1e6f0811aa68000e1add11f440c7532bdf64f23762af811ace6d
SHA512 a7e9ce6465fe7eec5021fa865a56632ba6d91d6cd93b4516393b4a6db60db8b5a28ee811f62c0015e7d7a9fe1be5bb80abcd06763876a613f1dd44fd777e402d

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/43/com_rcplatform_filter_vertext_shader_no_filter

MD5 53a6c9598b429ab5fc6a6408e58bccce
SHA1 ac49da930f8324b7534e708c130ed7f5baced52b
SHA256 09eecb60cecc5a21681696dfcf0750f01bf6894057bb830c79f2bab77a88c0ac
SHA512 2de1929d975cbf0123637f09e2298b7631d776de7a61423da0f20e1c8010b0806d156c7146d5a2b2e2727532131030f5a01820f7e15476649011924fa37df6e5

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/43/config.cfg

MD5 912795c99416a8b6dfd4a1c35c0f65d8
SHA1 e6ac38c9dbb016521d228ece4e1a4723e8b4f55a
SHA256 92c3e8c2102ddda1c718ebe9992ff0d80ab6f0aa40b4596c4623baa3f7b4fe62
SHA512 44bd69b090039f50c028caea23fa2ea3d5b59508aeb53c196173f59b7d16cc5cc9777d0d21907447339a47d4308fa3bc4174b09870d1c336446fecd892f4c2a9

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/43/preview.jpg

MD5 8cc9501fd27c06677c03a60957a20298
SHA1 10bd4003ace1a3cad723581fa9fa3a08d9bffd12
SHA256 92a4a8c8328614426482f8f7fc76406be46a46de1ae4385cc2b4147d99c8345c
SHA512 0245b41b50378c85c53367541302be60784b955ddaeca62867c438fc8ec9890ee57b52541a97f93aa12cb4aa617ea7971f691b81f943078ee4652d73203a28d3

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/43/vignette8

MD5 a1143c81d2e64d8947fb057a7381d6b0
SHA1 7b182d3a94862705818cfc452f8ce84f3c0e5280
SHA256 a6c96d730bbbedbd621bc0be31a3b1af75f29eea373dd17e053fac248573789a
SHA512 206cf7ce627e61b9980d112898731fe29a7322ea616968a975674f783e4e44e2ce11edc22a6ddc1887ed5203662d0a7ba3bb81bca03bd606a92fdeb887bdcfb1

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/44/Z74

MD5 e47f0dce877fd1d07584bb7c2abeb635
SHA1 9cfc6df08a8b6f267a6649c32f8b293fbf89e29c
SHA256 d950a88e532c783563bef13406c3ead4e7ac0a5f339cb538a3961c75dfcc5f1f
SHA512 f359b7fff601daa412138a9116f7b033f7d3bc970e518b9cb9489cdcf09abd692630893b7b0f664dd4fe51415e652229d56789939fe55f2de4e131f55bf15631

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/44/config.cfg

MD5 238422b5a88049b5761449d6b20664ea
SHA1 14c7945f06e70c9c6cf1efac3f3cd7245c1905b9
SHA256 92080f7bd36c40809080c4c54e9c1640c78b91d0338a510890cfdba090c0af02
SHA512 e82160e370c3549a5e8c59a2986f9613bf67eabf28bc8065c1a2c86b21394dd2a05a2bfc41dcf8aecc3455adcb61446bcc2de6ead8c505442e7acb22a5cd2728

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/44/preview.jpg

MD5 c4d9c782dc15e40b7f82cb60e0634919
SHA1 8f1f6ecc361e8e65ff75edf8e1c847f1e8f3f76e
SHA256 1806a8e31c400b9fcb0901e31e0580d7babe577241d2178e03944ef0e7764e8c
SHA512 0e48c804e41f55bf0d3be340377a898a7e065090745d4309d8ab56dd617f22a5b7b8f5a06ec2558e62422972e05b304652d8b8fd333be9db43e7b3dc2868cf91

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/44/vignette11

MD5 fe2498fb6b4c0a8f7b53ed13d5361db2
SHA1 cb19a2ff15a0a5af0cd29ac83a7ccef4400c2136
SHA256 c002fe9442435abb579f8e16f78babbe0a22d10376b4ca651906d271b165b085
SHA512 c12c99c052acb2f3202bc3d80a62f63821ef3024a014304f6ca943378307ff87b7fa4cab7b9a8124ce3afa5ecd0a1bf11f58b4e9baadebcaa25eb11b4e71ac63

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/6/Z10

MD5 2af7f9dc875988d2cfa38bbdadbfa596
SHA1 4eb315d5ddf3507f16d1af156640ba519fb58e92
SHA256 3b7c6f583db4829c7e3c7cb7373e7c192f0fe19464ba6f1cbbff2e87759e6d5f
SHA512 705b2fc4708f180e1d4720b74e984a833f7ad9060c116c3d0a4f119c17a021fced504995df0fde6537782a1f775ef05cfae67a4e02eeedc1786fb8da447ea447

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/6/config.cfg

MD5 d8de8ce80d4bf9ebddaa8e2c596e5072
SHA1 db849ba190ae4b7cd47e5e4696b7f060a60f8a28
SHA256 7b05f0f28ca8d30d2ab7a83ac9341fcfdc6558c6443d918d26ed5a73dda811b0
SHA512 597bd02a11f6512f7cd5d92c6bc1b7ef77689126397de040dc83b81d0ab950ff6738cb5298b388589b0db9b817d73449e56ac3042bee838b43c450acb34a63b0

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/6/preview.jpg

MD5 ce50bdc3787b32a4cfdf81b4b21201ab
SHA1 7152724827970240a94e1d750ecdedb729a2a175
SHA256 c3cb1560914dba905d15abe05f63d906aa0cbb6e53c37edbc2962291a4253cf5
SHA512 c4f0309c8b0c4616efc3f0cf99296e6ca6a85866e701b3c464ffc8484e7de584d7d5cd7fea9c84df2ac010b32e00db0ffeb8b0420d6aa268adda399d6c739306

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/6/vignette14

MD5 19e0b77e54bf3a44d8cfcc7d7c79e54b
SHA1 036a3f6e78d93db2e2dc5df6cc8d2c4a93d1b482
SHA256 b276dff3989de53784a8c6ac5d34ddce2f657a2b56b190ba143052d973ba1dbc
SHA512 07fb507d40db5056e8619a053bced6a5ae7ec9c0e8def210d3d6c56e0e3f9def1e1ae89919bb947b50c906cf6e93d6a4701eee548b09be46a3e8861cbd81dce3

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/B12/config.cfg

MD5 169530324f1f5b157a7da21455e97bc8
SHA1 8687390d1e8fdad49c107916a279505518a55a92
SHA256 c0de9cc54d7566f30f2bb3906e73f934c04d8fb95dc497501db7a991bcd337c1
SHA512 ec18dbe6036ee41ad216188c9f385c870eafaf1d5ca3c8bd31299825ba35cafce591259a675c8af3217d3fb374f0d15eef13e275a70cd771f488e7e30b2b42b3

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/B12/lookup

MD5 22d494dd2ca2ff2759538297d063e0d9
SHA1 d4732b797528e4c0f5ffab4f911a3968f4a32b30
SHA256 6ff2c647c0285219d02c8d0252096b679c1460837258de16442401b4485fbc96
SHA512 52c07e678270a04ae6d446ae9b9b6c33d615f30d0743efce63a08e866215fa6e61efdd80edb2c72b9d833f526c29a233a1ba8e865fef664ceff8b80913b991ab

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/B12/preview.jpg

MD5 762eba9a67bb616ed3cb4062dc862361
SHA1 6bafa4d1a9378d02f99e353be98b47ad6a004bb6
SHA256 1e9b9152fd106a5d26d0a341bdf88a79b1d376bb8d4060d15fbd1a8caf02d383
SHA512 fac23ccaa6f43eea845ffb44d8390101bf138a60b38a4a1e37c8caebc173ce96b5588ed4852a7acc0e2f09aea03b87d4df73fff797675db1f5252657f57da4a0

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/RF12/config.cfg

MD5 bd8168fb7d0fa1fa7f661d3f407172b1
SHA1 70e58a1ee600da5c7efdadcc3143f314469ecff9
SHA256 b860d81eddf3f348bd1b00da8ad1b23b5210cf9b423eae16d4838c2e1d608ebf
SHA512 3ddb20bb5d2b98619a9a4f9c3adcacfa643a24d0bb93174d4ec0631ad6ea2bf2d299745d9ca99228575ad9fa06fb7ac6235718867c1d34336cf20d2acfc17bed

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/RF12/lookup

MD5 f63a9eef1feea9655f011220bbd19522
SHA1 d4b5b975daab20393bb5b77b0deb85e48e6e6ddd
SHA256 762494a0fcd20c0ac9feb4dc3b420e450a048abb20d2b86d05afd3ae17f49226
SHA512 89f01683e746a57c602817e7aa80133ed76c20c4acfa3209824ad4059800c2c7717c3e45e8180a16673591e18682b9274fd6df10650a966b322d58321789fcdf

/storage/emulated/0/Android/data/com.rcplatform.nx/files/assets/filters/RF12/preview.jpg

MD5 c43d08b67b822ea9c011fcd6d862eadc
SHA1 41c87d82ed695f065b6848019e41bb7fb162bc79
SHA256 48a05d9e2d37b4cf8a9ab81605577298b10da776cf0fcfef4401ff6e7f1c0f64
SHA512 e8b375b52cb458d63edffaeee91009d54a8a9c1aeb1923463c22a527f168727a811915369975f8197858f7cf2313f8d8f4f4804c05e9bbd33ffd53aa30f30605

/storage/emulated/0/Android/data/com.rcplatform.nx/files/normalFilter/com_rcplatform_filter_fragment_shader_no_filter

MD5 785396b2743eb721532390a5e9f54f86
SHA1 0489ea25368abfe3909df380988e46f0e16db71e
SHA256 97f0ad3d3efa9e2b7950e4fb90a8b0bb222e4b1ea6773f93cfd8e30fafce6165
SHA512 60d739f0582cd5af444820367dba98999ec0f751541af0ebc1e74e39479c4eaafd84e5067afd59737be397e87872ed971924d7dbdd8e5745d21893229d160a85

/storage/emulated/0/Android/data/com.rcplatform.nx/files/normalFilter/config.cfg

MD5 4f2d5102a8b331b0728a193f019d2047
SHA1 c5f18ac398c089d64db286a49878787a1eff91f3
SHA256 faf50609f5163525846bf1237da16fc9b9028659c1116bc1a4a1f00c406e7f31
SHA512 b009392762fef582a7eb58c8d454f8d8d15821085d82dd6087e47e2e30015c269e94dc7af6f89aebf8bea6bc50e52dba38d0a314ef7d6ecfa7f67bbd64db0584

/storage/emulated/0/Android/data/com.rcplatform.nx/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.rcplatform.nx/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.rcplatform.nx/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db-journal

MD5 460a03efde8073c38862b66ee29101bc
SHA1 c1ad55fe076f329052a7bd35bba02837cb596163
SHA256 80ae9195fb7644d043a2e907746a2063948518dfbad224bc2fae27e8a67bc4cc
SHA512 64892694aa400d17765ac45695937266c7200c0292d1aa12e2291bdf2329811daf424c2a2c2b2cb781718ca9bbf612b48932b386925b6020b7b029cba7bcd7a1

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db

MD5 0c9313a2f53edb8234965e3985dd2d1d
SHA1 4a3aff794aa52ec43d44e5074b19353b9ac523bb
SHA256 e5da4b90a24521a364363955b404e64341aa851bc9086dce13cbc0ee2f8080ca
SHA512 878f3e4a8dfbfe1c31a45e51b27ddaf00bde1b8a07bc7fa30d0ba3b5440bc77d8f454767b9e44616ffc1964d4ba725d6cd04d8d4d26fd42e4dc113cbb215a8ad

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db-journal

MD5 24ec97ca8c2d572b6bcacf38cc870f7c
SHA1 03177823ca43466a578a9ac4de98138f51f17e14
SHA256 ed1fec411b0150623e8be36bd34ff68a48f1ce517433b97a75db7fe2fe48c532
SHA512 460a136da0ab0eb4195ed6557fad04b3560be37313e112e0ca277d52cbec73a958cab2cd23a26aa860ff8bb526d4a2130e311d5f7c6fe319f4040024c940c509

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db-journal

MD5 fbde36973a6b443334688cc0238f5a91
SHA1 5400c071428ff19bdc564f4b3923a9eee8bb27fb
SHA256 0284bb5a8321f381e8d321d152eb1372111621860ecbe6b4a552c021b4c57494
SHA512 6e1c598c9c85d8db1c5d5bfb4e89a981085b1efd592c266b0b17469f2ad6c098976b8f3946119a5317a544a9c7df72380c8573b0c07b92b4a64e7615cbe11024

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db-journal

MD5 646e2d53af6eb5b43cd08d70f15a32a0
SHA1 85aaea01fded3eb0b48a31f7817f622619107f33
SHA256 99c96896b3c4ed966832dc1feab872c9c2aab1e4f07ad0334e01cb576c34adff
SHA512 b00b99444511d0322f363ed5797980002328027790bf4661c11d7ba46ec849ca0570a42b53d7d69927f87540612c5e93bfc1d554729d12c63493acb3f7a302c7

/data/data/com.rcplatform.nx/files/.flurryagent.-3869e607

MD5 8edaeeb8c674a1aa85bc5e28e4ca240e
SHA1 8f0a10426b40238965bcb6efd1d5c964f6621cc0
SHA256 3cfa13c18fb84c3ed22436a1d27f53b9ae013e1c1f83404bb170ef027275e49b
SHA512 804e77f9a2983ad6cae221823f3d49f989d2d5995e71e2c28047d2a6a925493455dd1c4b0b3346776c3f3e5459f3873c59a7686f94a962c34f90661a6c476c66

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db-journal

MD5 3ff356de5ae53715f6f6e661de3b7024
SHA1 8cc56a979c3eeb60503be04c7c3ccfe998958df9
SHA256 f8b770c1112c640fcc4bf0a2f9a9357e3455a916815d001ab16c9e2d2a3b50b7
SHA512 d90c03def97e4094fb45efdace747fc82710dffb0fca841f02417ebd347f5cd50b777544c8b0631098b2d5292f95f4983934a8727f312df39e5552300216bb82

/data/data/com.rcplatform.nx/files/.flurrydatasenderblock.171d080a-4499-476c-b416-d00a23da71e5

MD5 52142fc6675febccfa8725853a944a5e
SHA1 367e509d360a63629e52d36d0067932510814071
SHA256 2232b767c411c850698b5b67814e018b2bb986a42d611e83d6edf3c6f6a6c85f
SHA512 76e3016856a66615aead66b4e3f5afd4d866a5fc2f168b548503aa8f7346beae4be23389311ecf313d1d2dbe961ee72f08b9c300c95adfe280fc5bfcf680b40f

/data/data/com.rcplatform.nx/files/.FlurrySenderIndex.info.AnalyticsData_KB97GZMYPP296QFH2JP9_158

MD5 c1fd076eb1586f5c303dfb0f71056715
SHA1 70a69096f45eb4cd1e35285853f19567f002a455
SHA256 e8305d8ad9213b125e4bcddc0a4b31186468a118c729bfdf4c4aee8904cf5613
SHA512 cebdac7446868ebe8e871719a5e24a403658132ed1ab3c7f4861684e9ab492ec670d41beab9ba41b1e692fb038fecae5c2aa731aaf9234b68389bfc646e0c9a7

/data/data/com.rcplatform.nx/files/.FlurrySenderIndex.info.AnalyticsMain

MD5 7ef2423cb0165a1a3f9d8ed96de0e768
SHA1 dda43704817cb762882e41f653083a4a27326336
SHA256 5f78d247a15e6c12baa34812a79b88a1bc8846c287ce167529f3b3b65980b768
SHA512 a991baa38e9a188f9789c38ba22f348bd766b164e5366f919d70adb2d5de77478d3f9ca7e58ee79783898a00d9d003d9c5df841171c5068e0762a6393be09fb6

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db-journal

MD5 fbe0ae090b948c4b4525e296953b3804
SHA1 d9bad9fc0a112cf5450d33c4071fa08e564bc4fa
SHA256 ff464ec58c652ad2e6cfb79850413116319c7f9a49d7895de08c2a4ceed18787
SHA512 104cce58648667542237db18030e2a14ad61062da192d94e7f4f8eb6309222fdc6558fdde6ff9fbdf445d8c6c595f6ea47266fa9d3763e7f6e628d721f96f1ca

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db

MD5 f006d46289945a4e4e2da7f502d8d106
SHA1 3342b736ca2a2a6b356371eacda387c5aaf48d8f
SHA256 eb95379c67288f14714ff7fcecd62c69005f97a78a1aa2133033c3425aa08cab
SHA512 f14263fb90e77cd8f644f55d993aba8324a4ab18aec551ffa540a456cb2b2a806b756fb35db09de196da52f7bdb34f2ea658764f6543415fd6c0dc1d53eb3985

/data/data/com.rcplatform.nx/files/umeng_it.cache

MD5 49c3b6c82aa97b6efece2d8188da73d1
SHA1 9077cf432f36afc6deab4dd303628cd61d90713b
SHA256 023ed99637bfb4d8c553d975dfed741cf17a02e9d8c2813611d2104ee5d3c88b
SHA512 27927c10fab4bde5954cfafdd55a7c05cf079bb84a65c94b066b17a76a6bac1433ec7f13bc18f3ed567625a7d2179ded7184603bbf16dbf3b4b3f9a1b41669d7

/data/data/com.rcplatform.nx/files/.umeng/exchangeIdentity.json

MD5 f9220f77e26cf52fccf876ebe400c673
SHA1 48e9bb518c15636acad250215fb80ddf4eed8c0f
SHA256 8485fd713fa7f456c9bfc097b74a65b57cdc7d02f0789e20ece8a98cb155e4c7
SHA512 90d42180dad36322237a617b69a889a0938cd62c07e3b0c7bef07b39168d00753aa9cb764ddca3cf0b81724f46ae36046da225f3047dbf073f537153162696a7

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db

MD5 0402bc8402db39a8a792309656b00f34
SHA1 38e5dff19b274e6fae20fda1636b802988466cf7
SHA256 9707deaec03ee56cfcb26df2c4eb71c5e82f506a0642c9b7e36944f7f12cfd90
SHA512 d45f4feeb4416dc06b9b811894698ef9629832d9e5eaebb6b385a0db936cc100e8f23c0dce817d27fad641aa3362643a8010778e8d7ad1e4937b88abdd71d2c1

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db

MD5 14f95bc5dc264c4357d2ee5254b56d4e
SHA1 44c8b75f95a67087a67d9e0b1b10def1c05d66a7
SHA256 cffd251c7ddd091c28fba383355a333c3ab0634e29144fc0b1fbcd857a90e7c2
SHA512 f9032e160e99172479e137ae56e490549f7b5c3fb204f907ea14e56eee7f3b6c1d4599891ea1b54d08005146f18ddc1543d395672d14f1f7e29daa8ee0c06362

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db

MD5 b44bf2f0b9188be7a549980b26814c8a
SHA1 9f23831a779e17932eef35bd9a9de0d03a019c41
SHA256 6a05a831df0b343ab3762320969d22db064b75b007ca784d37a37e031cba42d4
SHA512 c65328287e1713a59c99c9e8c99fdac84f800c1c78735df890bc5b4871091d9236b56b87f20753f2bee6ca090ba15d8106bbf4cd45be5979e7436e0340eed935

/data/data/com.rcplatform.nx/databases/google_app_measurement_local.db

MD5 7bb388d5aa56264a6056f23a7e5b476e
SHA1 d8fc437f255fb30b08861d9a991d75c478d80899
SHA256 08c9994063fb85888ce6e59f3feaa1bb3c728bc3858b08e58f1a58ac1895347d
SHA512 64c68f5e2f173e4b0851cb5dd8b9f882b8b3e3b727105b62afa373179bf894d6191796a14541bad423fe5c124fa3c5a025d5d43136812e4dfe3aaaf4cc5f5d88

/data/data/com.rcplatform.nx/cache/oat/1582435991586.jar.cur.prof

MD5 942159d62a6e5ec257e3d84c5da93252
SHA1 59f0263d5f68473ad0d5af2e44317b4cfe2e1c9a
SHA256 3a14792a953df11877b239425a7138ac871bff18d74f2cd3f475768ba824d41d
SHA512 6cb45264993b6bd3adbe45c1a484d7a3ccaaad33350c5258643622e6ce6e1ecbce34d27ae612ee4d67ff6abc57a0675dc5930ecb78916f354aed46b1212860ca

/data/data/com.rcplatform.nx/files/.imprint

MD5 16a97fd56a1e8fb3ee76058e8b292257
SHA1 18c8c50d4cbb1e1cbbe9dcf3aa0b9f3373f1a5d9
SHA256 1235f2a9b0d391183d93dac659ebe8bb3e42c83dbebfe2d038ba6802dd7fa0b6
SHA512 e04cd56df5c6888d7f4be03a2dd950410d70608780e6caed762958fa90ec4ed6be0ec96bbf2079abe7168b6ba39e54b0c09de161317bfde15c2f711c7e6e5c11

/data/data/com.rcplatform.nx/files/umeng_it.cache

MD5 2bb9fd210cab536e77270c314f9733c7
SHA1 a0fba76f5441ffd5121ce063e7d0ed340aad9aa2
SHA256 bfcbc08d42330425f4db632bdb1b7f9c836375bfbb0b2c4297be251acefce7ee
SHA512 62f639f9e56c32a13a50e0fa052f570ac213cd5a3c9257f0c2e0899038ee8d4f17ecfaf2c07e96f15078544b57a03762c168149590d51c9b5672e69b417c1213