Malware Analysis Report

2024-09-09 12:47

Sample ID 240613-16dwfssdpb
Target a6d611c9ee6053b52df98e9fe668d515_JaffaCakes118
SHA256 49c8c3fc8b1d7cd448ec6d18fcb9ff10a0927e3bc14dac5cf3d042f61722d84f
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

49c8c3fc8b1d7cd448ec6d18fcb9ff10a0927e3bc14dac5cf3d042f61722d84f

Threat Level: Shows suspicious behavior

The file a6d611c9ee6053b52df98e9fe668d515_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Reads the contacts stored on the device.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Requests cell location

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Queries information about active data network

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 22:15

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 22:15

Reported

2024-06-13 22:19

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

184s

Command Line

com.xinanseefang

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/contacts N/A N/A
URI accessed for read content://com.android.contacts/contacts N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.xinanseefang

com.xinanseefang:remote

Network

Country Destination Domain Proto
GB 216.58.204.67:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 sapi.map.baidu.com udp
US 1.1.1.1:53 api.exc.mob.com udp
US 1.1.1.1:53 hmma.baidu.com udp
US 1.1.1.1:53 s.jpush.cn udp
US 1.1.1.1:53 sdk.sms.mob.com udp
CN 120.46.84.108:19000 s.jpush.cn udp
US 1.1.1.1:53 run.xafc.com udp
US 1.1.1.1:53 house.xafc.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 121.43.233.9:80 house.xafc.com tcp
CN 121.43.233.9:80 house.xafc.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 120.46.84.108:80 s.jpush.cn udp
CN 180.188.25.46:80 api.exc.mob.com tcp
HK 103.235.47.161:80 hmma.baidu.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
US 1.1.1.1:53 sapi.map.baidu.com udp
US 1.1.1.1:53 sapi.map.baidu.com udp
HK 103.235.46.245:443 sapi.map.baidu.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 119.3.253.130:80 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.94.119.240:19000 sis.jpush.io udp
CN 1.94.119.240:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:80 udp
CN 113.31.17.106:3000 tcp
CN 120.46.84.108:19000 easytomessage.com udp
CN 120.46.84.108:80 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 119.3.253.130:80 easytomessage.com udp
CN 1.94.119.240:19000 sis.jpush.io udp
CN 1.94.119.240:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:80 udp
CN 113.31.17.106:3000 tcp
CN 120.46.84.108:19000 easytomessage.com udp
CN 120.46.84.108:80 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 119.3.253.130:80 easytomessage.com udp
CN 1.94.119.240:19000 sis.jpush.io udp
CN 1.94.119.240:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:80 udp
CN 113.31.17.106:3000 tcp
CN 120.46.84.108:19000 easytomessage.com udp
CN 120.46.84.108:80 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 119.3.253.130:80 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.94.9.210:19000 sis.jpush.io udp
CN 1.94.9.210:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:80 udp
CN 113.31.17.106:3000 tcp
CN 120.46.84.108:19000 easytomessage.com udp
CN 120.46.84.108:80 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 119.3.253.130:80 easytomessage.com udp
CN 1.94.9.210:19000 sis.jpush.io udp
CN 1.94.9.210:80 sis.jpush.io udp

Files

/storage/emulated/0/baidu/.cuid

MD5 221708d13eef763da8f1c943541584ec
SHA1 a8253e3e33d2ba539065d9c79efb0df88bac2b98
SHA256 9c06291954f589607cc6a45439a83fd078ff642b18b487cf153af198d72baeb1
SHA512 224f2f090488c3d6a273b83b03019b2bc76468d65e9cfcd40a235f1484558a32c2d2c779db414498c3ed2e4c48bdba7ba4e46c807ebf6a6591e1956c3eb65d18

/data/data/com.xinanseefang/files/ver.dat

MD5 8e31aa8d6b61e8b044ac3346e87098d6
SHA1 70e4050667039f00eb5231bd731b9f3cb5daf00b
SHA256 d2a616114953901b1bbbb79a9be694acc0aafdabc1df94f46002bcd6b75b3a4b
SHA512 2935b5e37639b7c631aac8d5073a200d56471b1a06858c0e3dac03e03a89758743b023cedd1ad703e8f775114b39ee0ca808165188c74359d6b1e47fa7e171d6

/data/data/com.xinanseefang/files/cfg/a/ResPack.rs

MD5 0357e8edde36315c0e0a4f5385de625f
SHA1 2e6c6f15010e88dac5078f34e31a8ddf5e032f2f
SHA256 44764ad74b21113fb17b21899bd0d4c81740544e868eaad680553b3bd0cb016d
SHA512 497385b4e3b512f6a4365486d40bf1ed298422087f23a352ed2cec96331b9b012814ffba9c3ba83af5f777df16b53bbe1bf3ab8313902db49011f01a3024cf93

/data/data/com.xinanseefang/files/cfg/h/DVHotcity.cfg

MD5 0d3e99204c6401ea499fe9e6d9855497
SHA1 09829f00ca458eab7374d5079393a2cd69a2348a
SHA256 63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca
SHA512 8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

/data/data/com.xinanseefang/files/cfg/l/DVHotcity.cfg

MD5 4c147c14af4c145352bd8b29fe31432e
SHA1 42924c6c6f9d10234a9053bcf1fc88403bd042f9
SHA256 2f56b1ff49f5bafcfc5ef931f2949f45d4303d139c99d43165fd0e645a9c6909
SHA512 3b194de38f2fd00aac8be66566d0891817e4507b821367bda7a47acac42410d5a7ecd0adafe1bd9dd9f38387732eac48b4272f0bd205c975dc61f910d03f4604

/data/data/com.xinanseefang/files/cfg/h/DVHotMap.cfg

MD5 c16f5ca1517683c46e02a6b71aab3c00
SHA1 2d09a048d1b8d556d89d4d723947e9e234b5e59b
SHA256 13d4fbc0d1cb7c2761641a3632c440f6f1d919dce731b8c32cb35e652b0b39f9
SHA512 a692b79382747548fd8be8ed94c06198b143c167be1e96f60d8ea7ee9432a0eb1a0cd73d0704523e487d59443bf7ad13eb36e47b67864e227917d33225e3e62b

/data/data/com.xinanseefang/files/cfg/l/DVHotMap.cfg

MD5 cc3fad9057e0940ad4d4c7ad27922023
SHA1 403cbbcd7b819733b5caf49ed2a58d654441e99d
SHA256 f6d90bd8621889ab994374b4f51a1c3f9b028aab1a2129b8b3b0e1d7c5c37864
SHA512 ebaf2b8c56bc15826ef38b36e72ae41765fc723470c6dcc40bf9f31118f252777072ad39a535a79f53b6aa29811b4b21cebbc9810c47e34ef9400246d789ab21

/data/data/com.xinanseefang/files/cfg/l/DVDirectory.cfg

MD5 4e4c0c143d31977e55ccf433768c1fc3
SHA1 133300cc7fc747e87ed11bac9723b6fdd99d10ef
SHA256 da0e065b0b5e7f3b9d9c5c81f563899a18d77ead7220db8a0a5b75883d3b308f
SHA512 027d7ca57026e9d79fb803eba4f57077931cabe0b381e3b92a66a1bb9b2e378688d5e1ac169a27f22357b1c3ad8ec313483c08b3282fd00889400bde9d04bd3a

/data/data/com.xinanseefang/files/cfg/l/DVVersion.cfg

MD5 d54b7b380a5ff46c78283013a07d8e0f
SHA1 f697c5f7028ba2679a96d6bc5291c38ff96d7982
SHA256 c7ad837b097687d92e0d944815fc70adcb0e1cdc82db28f728d13e8a48d7532c
SHA512 ade792589c33179c51305f201bfb6db28c05b2ea098d12bfefc1a5cf9bd3014d53830ce2e71f027719ee1b83b2394c7654b5ddf4fdc7f678840869d2a2787ef4

/data/data/com.xinanseefang/files/cfg/h/DVDirectory.cfg

MD5 559d00b248f240aed54b1f2e9a667b05
SHA1 4e52ea33350358a754e60a63b84d0fde49538d52
SHA256 f569f76cbf7d7570db61f0c1319603811837f3f3d2759a843d9d45b2d514075a
SHA512 d133ba266171c11a6241314688bd9e7cbe9b4833ced128961123a3591f73c5f6041c098cd5d39224c2d8a040df420632d37f06aeb905748e8ac556fdea36d7ab

/data/data/com.xinanseefang/files/cfg/h/DVVersion.cfg

MD5 d783f5b9d76ec2c039be642717407cf8
SHA1 dc7e66199d13f7dc2cf982ee943c1064cc807759
SHA256 55b83afee10463b21c76c6c6a2ff4447f3cb3c5c33492ff986fbd40e3d54fdd5
SHA512 2034c62b80f81e728b92dcb2673e33dd6f9b61d9d6d74a5de8fb35aed3403913ff7ec4a711027028c83a9179aeddd1bed950fcf383b8d3665a8460798f94bd0b

/data/data/com.xinanseefang/files/cfg/a/mapstyle.sty

MD5 46a9f9a5221dbe4ff71bfcd2ee045c5c
SHA1 915cb3bc2f0096dede38afc1cd7f09c8782360a9
SHA256 ad3067eb308a9420b727b4f24dc5134bc75b36bdda7a7a7c5651090698dd10a9
SHA512 185530752b639d743f99e28369f75626900420dccf598a639065ecb08c562ff98c4a1f6abbec9724d1684ed053774d60402cd2f20e3586a534c8715e7cec2ac2

/data/data/com.xinanseefang/files/cfg/a/satellitestyle.sty

MD5 3f1348cd6165c9a66a9892565c917ca1
SHA1 96f0c939438c494cf3fd89246d458e92c0c7203b
SHA256 5fbe3817e4047e14c40b567be4955d7579c8bf7b7824bf8370f5e194ebf9767a
SHA512 405c3d1d5f4899cf723509f8e293f2ca1d95a79f7892e93401309372335a6a286f2eae9ee9312f69af10c5bcabd091cd90608898a129542b0abe0617c500d023

/data/data/com.xinanseefang/files/cfg/a/trafficstyle.sty

MD5 6a86f30539dfc9332cd235fc48fcb62c
SHA1 5c202003f6346edb85175b8df7c460793f5512c6
SHA256 34bfd1e28c3625f50a23240c4b08ac50a90fd35c5e5f88aed1cf36fa8fe5e18f
SHA512 f63edb8270e6cd35e5c6896e2b9153144af0d29303e367a4fa81941b1b2bb0de57fa484badb7ec7f05ebdfa67d77b00c3651572c5f05e9314389887f5546d235

/data/data/com.xinanseefang/databases/smssdk.db-journal

MD5 d111f4d5c9f313f68b4e6a6178018491
SHA1 e11c724240a68f65173a6ae523a10cbe14073319
SHA256 1821c17a11f010254822c880c42a4a9d70f95841f71e1ad34400534df8298021
SHA512 66f7fb93f1775653c96f3d4994d9509d6021ea369e056621cdfffba58c68b98713c11b9115e4007a066f271a75cbdf21f429ea6e80774ecb5b6f38047964216d

/data/data/com.xinanseefang/databases/smssdk.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.xinanseefang/databases/smssdk.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.xinanseefang/databases/smssdk.db-wal

MD5 478d8889de3641f2fd4892b6f9d30018
SHA1 6bc4d350c1af9519984badd9e2d915ad23362832
SHA256 da748bac2c1afd07144b1ae0241596a0266484d0ddd58d61ac2d155f0516fb9e
SHA512 24b65502f81e5626291baf2afd9a43bdb1fc326fabbe25835cf8aaf6af48dca7084eef521ad113f149eb2cf4a02d6ba7dba9f4ba0c15d26560cdc9e01e64cdfb

/storage/emulated/0/SMSSDK/com.xinanseefang/cache/.ba

MD5 277d21fa1b8fa77f5f5b5339cd3c24ff
SHA1 051e484b0afd8bfe731887a11b683d76cdbf4cde
SHA256 801a4f27320c2949dfaad7b5607c48c1ab9fb5b06b44568b8644356a059b509c
SHA512 83220a5de8c5672816429014eb296dbdf805a9e4d7b6298967006ea6eef5efd03ed3491ccd64d1b97239d84812d06a8452fc81b579ffbede4803ab2a888cede8

/storage/emulated/0/SMSSDK/com.xinanseefang/cache/.ba

MD5 6371a3162317053a389226e9e5c069fe
SHA1 a3ef3f1db3cf75c9bd41122f73af0c725a8012f4
SHA256 4ba4fad3e2bc59d7a5c8e192fdb60a8c3940adcddb29ab48b81f02b1ffd49b80
SHA512 0530a95725ed38e55af9e1c7606de2171563362db4917f8e0ef144d0ddaebf96557170500d0ee8a37209c494e0579f9cb6308b97a35e6c3be684c029b38b81f0

/data/data/com.xinanseefang/databases/rep.db-journal

MD5 89f4e05b86a5a5bfed31f15a53f55588
SHA1 4834c85b45acb7b12c4d657764b49ca00034bcd2
SHA256 558460fbf6e10ef53db17baa31fbc93a3f8399d8a458895817ef5e9b5f64597b
SHA512 3bd4655a212dcd03c380dc76523dec39d0228dd9b965c167a358d9cb24c4b3265de1fdd7cc0416a947fefeaab6e5af3cc04ae1faf8f708a2fd33b5f26d817078

/data/data/com.xinanseefang/databases/rep.db-wal

MD5 4a2f5ac1f3a33d75e928677b37505dae
SHA1 b39709a1f245602c61bc9dfb9baeb1a092270c1a
SHA256 dac1f092615e6a4b95eea0e25e72b903fe9020901fdbdd378112f491d0e1744a
SHA512 cf180f5e2409c8efb26ad9b4234549e6d6a44f236ae3d0855c8efbd8ad0dce7155fb7e715684b90624cc776ddea151b9aed8e703ed6de0d433baa1bd7148e6c8

/data/data/com.xinanseefang/databases/smssdk.db-wal

MD5 90e26526e088676234b57fb0e2325460
SHA1 0e4f08841c399b9ea051b0eac6d92cd4b35e7cb1
SHA256 dccac25261b5bcfe1a25606ab032ed3e934415d2c2ed7ad4e5aeec63581bdc0a
SHA512 91970cd3e8efb81bd9de49c6dde4c9b83c01a8522ce48139310f3ebae7b8791d78e132463151536cfb8e53fda1d555b19b7a2a1c2d1e9fa7d210dcffb2eff057

/data/data/com.xinanseefang/files/__local_last_session.json

MD5 a7a4ad3e4a14cc4e5b28c1199a76efb0
SHA1 8d42b29542d1777afdcbe3af879851c751ede647
SHA256 d24c87e0c5ab5b4628361cbd14d30141d25ecbdf87c7b955f740062408a75f23
SHA512 9438ef4e73699b6fa665338d4a2254740353097eaffd8a70f6cf16690c92d94fadbdfc0820b125e598f773f27bbe986a1064bdc150de568a31bcd84f30087f6c

/data/data/com.xinanseefang/files/jpush_stat_cache.json

MD5 92c55f189afc3e5034c25fba7199b2d8
SHA1 43c1991facaef619fdeb7990bf43a1672076e6a5
SHA256 21208a1ea75871d6c4916661da45134edd2575e16ebfc86ccd7242eb66381a3d
SHA512 4a9cb3bbd29675b2a6aa86f579624c6d0d235755d6fa3855aed2f7f314136a596f8fc8e11e94b33f8a4553606fba06e8f5880bfb4b5cc99bf2d1fafc2273f16e

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 25f79ec323bbe2f65c0aac967faf95d5
SHA1 2313911fea3c2914c8959c821cae0bcbb6a4a849
SHA256 3f7e553f22889b259c064b1119ce0f534071f01c93d45b4f085bc530d443ffe0
SHA512 6068fccc04aa9b5e4a08a0ba4bf92eba454e82a0621342cb203e1346ef0f277569ccabcc208470e8f413a190a4d34d751726f60ed60a3a4cc1c247c40568a346

/storage/emulated/0/baidu/tempdata/ls.db-wal

MD5 4c876badfb458eadc63f7f09a2b26574
SHA1 af9b14aa4692800cbf4c10b70ba816449b0f6bc0
SHA256 91bdf711425a1638c195ef801c685aef2d92e305a2dc9de38a3619e23d2694f7
SHA512 1a0c667f3435724aa8282f69f2332afd659b963956a07610bb385dac3b487fb794ed929fbee5bbbe4e7463886ade3fcf084f97a2bc8df59d9a6be6575b01f7b2

/data/data/com.xinanseefang/files/lldt/firll.dat

MD5 39eea580d06562caa78c7e3918084fa6
SHA1 28d3099a199f05b5cb54a60cfe7d4ceb10acf0ed
SHA256 16c024ccc88492c10da7a2f0a96978f0d996c241bc7dd3fbb49eadc41f2e7ef9
SHA512 461bba4b62dc1ff66064e4bd45e46869ba316faeea188e5bec0188ff57fe5396011ce580aea887d74397f920e7dbdfb52bdb589cac9f9bf6536e1cc4c6e825aa

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 eba63998b6e5d112dbc34b3054f11873
SHA1 9f1d421dc1afa6ca68518c1448cfc96016ab6d57
SHA256 99688c355be7a1c9302e335c9c751c50aec1d01dff820746cef327e96c17f9eb
SHA512 9eb6c8c8db2e63ee44ea596dba221d0f4e516a268328f9d78aea48fefc5f508637aab8765d4baef6ed7edffc7fd6e5c8a5d8f5e119fd0e50828397d910e0dc3e

/storage/emulated/0/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 4b38264196c65e9717848802f2b698f8
SHA1 26067e22151e69f54eb5976f93a888bcb40065cd
SHA256 6fba0805783f43207caa3878fb35de06249eb1763fdf9df1a0d49ef71a969986
SHA512 33ea3dea39b7867760b7621de14cbdc7ed341310f99a435784f3e2fa918ff457a8ce08da84e0c8a6530e6ef31170308bfe270bfdf5d771c45dc07eef8c6b9b0a

/storage/emulated/0/baidu/tempdata/yoh.dat

MD5 a936690571e9104e1922dda4a0ba5bd1
SHA1 65f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256 f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA512 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

/storage/emulated/0/baidu/tempdata/yom.dat

MD5 1681ffc6e046c7af98c9e6c232a3fe0a
SHA1 d3399b7262fb56cb9ed053d68db9291c410839c4
SHA256 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA512 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

/data/data/com.xinanseefang/files/__local_stat_cache.json

MD5 2d805b13f2f28dc3ca9bbcc000f49bb5
SHA1 9eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256 c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA512 5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

/data/data/com.xinanseefang/files/__local_ap_info_cache.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/data/com.xinanseefang/databases/ThrowalbeLog.db-journal

MD5 35bf5018efbd2c09743e497d17cc88e2
SHA1 15438c491515f338c32009aa6a61b7c007750d7a
SHA256 a14fa193bfafec23d5baf01ca4de146a22e0ad6c74d097daaab3c769f9df023a
SHA512 fd2d08192fc0d7c9916ef0e9a084c42ed6521866200a7614868fcb00abba87fc5f1659f7ec99063c94e6609de0ba0bc467d9726546562099ff1bd22ac895479b

/data/data/com.xinanseefang/databases/ThrowalbeLog.db-wal

MD5 6b5b6d4b4155dbf81a66d295967254c6
SHA1 9b630e460c97ea0fbb7e76254fd41e382bcea76f
SHA256 ecd93bd3557134d332326b6b394e7f92bbe79ee79760570bc36e26fa294bd842
SHA512 1e696e2fb2dc3a14896f1a6bca23094ddac8bb7144b559f73c97c34a892588fb4408306702c66c70d0ae6d0181938194dc166f123c36802f440ccbc7ebf4e57f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 22:15

Reported

2024-06-13 22:19

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

179s

Max time network

188s

Command Line

com.xinanseefang

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/contacts N/A N/A
URI accessed for read content://com.android.contacts/contacts N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.xinanseefang

com.xinanseefang:remote

Network

Country Destination Domain Proto
GB 172.217.16.228:443 udp
GB 172.217.16.228:443 udp
GB 216.58.212.196:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 sapi.map.baidu.com udp
US 1.1.1.1:53 api.exc.mob.com udp
HK 103.235.46.245:443 sapi.map.baidu.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 hmma.baidu.com udp
HK 103.235.47.161:80 hmma.baidu.com tcp
US 1.1.1.1:53 s.jpush.cn udp
HK 103.235.46.245:443 sapi.map.baidu.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 sdk.sms.mob.com udp
US 1.1.1.1:53 run.xafc.com udp
US 1.1.1.1:53 house.xafc.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 119.3.253.130:80 s.jpush.cn udp
CN 121.43.233.9:80 house.xafc.com tcp
CN 121.43.233.9:80 house.xafc.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 120.46.84.108:80 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 110.41.53.90:19000 sis.jpush.io udp
CN 110.41.53.90:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
GB 172.217.16.228:443 udp
GB 172.217.16.228:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 udp
US 34.104.35.123:80 tcp
CN 113.31.17.108:80 udp
CN 113.31.17.106:3000 tcp
CN 119.3.253.130:19000 easytomessage.com udp
CN 119.3.253.130:80 easytomessage.com udp
CN 120.46.84.108:19000 easytomessage.com udp
CN 120.46.84.108:80 easytomessage.com udp
CN 110.41.53.90:19000 sis.jpush.io udp
CN 110.41.53.90:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:80 udp
CN 113.31.17.106:3000 tcp
CN 119.3.253.130:19000 easytomessage.com udp
CN 119.3.253.130:80 easytomessage.com udp
CN 120.46.84.108:19000 easytomessage.com udp
CN 120.46.84.108:80 easytomessage.com udp
CN 110.41.53.90:19000 sis.jpush.io udp
CN 110.41.53.90:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:80 udp
CN 113.31.17.106:3000 tcp
GB 142.250.179.228:443 tcp
CN 119.3.253.130:19000 easytomessage.com udp
CN 119.3.253.130:80 easytomessage.com udp
CN 120.46.84.108:19000 easytomessage.com udp
CN 120.46.84.108:80 easytomessage.com udp
CN 110.41.53.90:19000 sis.jpush.io udp
CN 110.41.53.90:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:80 udp
CN 113.31.17.106:3000 tcp
CN 119.3.253.130:19000 easytomessage.com udp
CN 119.3.253.130:80 easytomessage.com udp
CN 120.46.84.108:19000 easytomessage.com udp
CN 120.46.84.108:80 easytomessage.com udp

Files

/data/user/0/com.xinanseefang/files/ver.dat

MD5 63c099a982535e10af17014d74c217b4
SHA1 b135744c810e68d1a262a4355070afd2faa3829e
SHA256 0e406008f819c721d1964fefc854c647eb16720db4e85858c20e10498d34d454
SHA512 74681b0b622ecec4b9f9c1a246b40e84dc20e1cfd31e2429eaaae1f063e9820c79165a178a55fc32cb3b2987f8959a2d4462902a2b58704be04deef6c0643fa2

/data/user/0/com.xinanseefang/files/cfg/a/ResPack.rs

MD5 0357e8edde36315c0e0a4f5385de625f
SHA1 2e6c6f15010e88dac5078f34e31a8ddf5e032f2f
SHA256 44764ad74b21113fb17b21899bd0d4c81740544e868eaad680553b3bd0cb016d
SHA512 497385b4e3b512f6a4365486d40bf1ed298422087f23a352ed2cec96331b9b012814ffba9c3ba83af5f777df16b53bbe1bf3ab8313902db49011f01a3024cf93

/data/user/0/com.xinanseefang/files/cfg/h/DVHotcity.cfg

MD5 6b853feef9fafffdaf098f6dacbd19a9
SHA1 63242ce47347e9bce8b2ff9afc4938caf98fa9fa
SHA256 98b9421a1bb202549afc2bbf103a5bd393d8a958407711102f9c155c7ff5d376
SHA512 3f15bd8e41afad79d21786a98fa38aea38d4f3a2fc2ff4e9cca51a2cc20453d2b1b75c8aa29a2f50d48544e9ccd5deb09a131484b210e108867fca8d418ddc70

/data/user/0/com.xinanseefang/files/cfg/l/DVHotcity.cfg

MD5 63b0ea4cb04b62db9b2ed6796529463a
SHA1 07fa7c5e7c0709787749ba1bc320bbe29a56b497
SHA256 24ca0502688e07346d33965db89a1ff445232c0a28c849b4ecd57c17141f46f5
SHA512 7b6a3f6e8dd4dbd28ea7bacd444d59388c3a5d16ae3f0c8969b7fa928fa3dbece3c4b21c6ac85b4e15b4b16fe6da1306cb65aadb2f9b70bb2127bf477c725483

/data/user/0/com.xinanseefang/files/cfg/h/DVHotMap.cfg

MD5 a3a99cca79b18795bcc48fed8510a5fa
SHA1 da42eb1c7c71ae30f1aa9ae3f19f8d5166db021d
SHA256 4d025e5c63ecca7107a85e1da9175db3efc56dcb2f3296ada88672c74c5af11b
SHA512 909e844e3347f48011fb1d4efd3fb57bf008c00909b98397a80aa427580734042d89102463adda755dca7311f5b4ed3403c3a9cef6cc655491df9667853cbcff

/data/user/0/com.xinanseefang/files/cfg/l/DVHotMap.cfg

MD5 cc3fad9057e0940ad4d4c7ad27922023
SHA1 403cbbcd7b819733b5caf49ed2a58d654441e99d
SHA256 f6d90bd8621889ab994374b4f51a1c3f9b028aab1a2129b8b3b0e1d7c5c37864
SHA512 ebaf2b8c56bc15826ef38b36e72ae41765fc723470c6dcc40bf9f31118f252777072ad39a535a79f53b6aa29811b4b21cebbc9810c47e34ef9400246d789ab21

/data/user/0/com.xinanseefang/files/cfg/l/DVDirectory.cfg

MD5 5ce812200c357bb064dedf09f8f36ff2
SHA1 27d5513cb969bbb3ba72db187026612c946a827a
SHA256 0417e8aeff0f9eb322ba23673cd94292e199d578d642c80f88d2cf9004f82f82
SHA512 ead2bfe160dd34a600dbb4a370a59aad3ff5aa16e33b81a603c9a6e2726b439e6b2ee66de04b2b9023bd5362d69860363fadcd2af41820b6d78f1d4d6339680f

/data/user/0/com.xinanseefang/files/cfg/l/DVVersion.cfg

MD5 063c6fd1479c4c4e59d83b8e553354ef
SHA1 85f17cd549c54d29cfc7c263551283840f6cd722
SHA256 f7b9d7664e183e1d774ddc64116f1c974e1d4d7432465fa54649772c65defca7
SHA512 920bfb5d0623996e1b16874800ff6e0871f504e743582ce178ddb78ed9d6c75734ce1d94bf797b74f5103e87d2807c48b5e0ebc3ec0894067679e39a4f7d2065

/data/user/0/com.xinanseefang/files/cfg/h/DVDirectory.cfg

MD5 2e57790b5d5c701feb30a6b54df05d73
SHA1 82c6f9af5d8944db05100d208828f4cb73598d49
SHA256 80f191bbd06306010496dd03b0b58be1e7d1d07b03d7fc7c94e0fcce2570f2e7
SHA512 e5caee2eb06a7d4b5dcdac204776f2dfe25dfcd26f54020742ef9e535ce51b06deaffaf62a95310ad7fb60005d4e261fb1edbaedd65243c77169516ffd98a135

/data/user/0/com.xinanseefang/files/cfg/h/DVVersion.cfg

MD5 d783f5b9d76ec2c039be642717407cf8
SHA1 dc7e66199d13f7dc2cf982ee943c1064cc807759
SHA256 55b83afee10463b21c76c6c6a2ff4447f3cb3c5c33492ff986fbd40e3d54fdd5
SHA512 2034c62b80f81e728b92dcb2673e33dd6f9b61d9d6d74a5de8fb35aed3403913ff7ec4a711027028c83a9179aeddd1bed950fcf383b8d3665a8460798f94bd0b

/data/user/0/com.xinanseefang/files/cfg/a/mapstyle.sty

MD5 46a9f9a5221dbe4ff71bfcd2ee045c5c
SHA1 915cb3bc2f0096dede38afc1cd7f09c8782360a9
SHA256 ad3067eb308a9420b727b4f24dc5134bc75b36bdda7a7a7c5651090698dd10a9
SHA512 185530752b639d743f99e28369f75626900420dccf598a639065ecb08c562ff98c4a1f6abbec9724d1684ed053774d60402cd2f20e3586a534c8715e7cec2ac2

/data/user/0/com.xinanseefang/files/cfg/a/satellitestyle.sty

MD5 6a4423fab398792d88ff508525aa7401
SHA1 16b89c9d1009bd48d810073a6d777c65f07688be
SHA256 3fd14c4ec117f89b272473772a3d71e6603b5e6d58217e0a2775ed17386db1b0
SHA512 053acc55f50dea07451e6d5a96bdf4a1317b727f07a9e4be6700c5f2fb4ce11d177d418dde259115f6460479490259654750c62d89c1afaebf0aebaade63aa18

/data/user/0/com.xinanseefang/files/cfg/a/trafficstyle.sty

MD5 9bd44d405d13067a0c32b274ecad3c2e
SHA1 0d404c5470f011dd9ba44e1fab20d8769acca202
SHA256 ccbbfa23edb0b8b25a0a0114f2bc626a33f830c4326ec6d30652b310d8907ddd
SHA512 dfbd97afc12c82a9e7dfb03a174d467f5e2f08e810b3ef6705731c54b92aad64240910ecb3b049191cc0088aec6bc3d1c93db4388c72791f1065879505cbf1c3

/data/user/0/com.xinanseefang/databases/smssdk.db-journal

MD5 8468f4e33bb5700fda2a4882117c66fa
SHA1 84278948535c51e151ca1e15ac781b6c3d4287a6
SHA256 9e47133c26b16692c3c06fb94ea635b1e9797aca9a47c89cd81d3f0321cf75ea
SHA512 c3455ecd976f9d6c43a9a3e1ed76c3533d703ec30d3716e7942434d67765cca63c5687484669f17205398e67ecd6c673fdff4bb62b6d0b6fa1ef211cf851c8d3

/data/user/0/com.xinanseefang/databases/smssdk.db

MD5 ca929f9ea48a2300f0342f2a122339a6
SHA1 77c651e7853614eeafe7f9bad8f069a8fb211c39
SHA256 4503ee15f9ef446de801efd81781cfdd5c773246fc30b0e196053260b608e7d8
SHA512 642e5cbb40e3845fdf99faef1e5238b34197d494de6ac568be016414b9ff9c058edc4620d56087b3a5dec3d42940424916209068f889d01bedb7a56114ac83ac

/data/user/0/com.xinanseefang/databases/smssdk.db-journal

MD5 f9302bf1343134f9cb27888b0756dbba
SHA1 b4fe597068fd2d951a21b6362469e14ddee46d83
SHA256 7a3c926d7b55d0ca414c50a385a969083f17e4d985b1d8e029e28c2ef4c41a12
SHA512 c2fa39969df715e16ed1e7be32dfd9aee624aacaf120a497e1f603b1bd61cac2ce143fbf678bf609251422925502013d7226f3281995eadbbfe4191834d2b684

/data/user/0/com.xinanseefang/databases/smssdk.db-journal

MD5 812f2248346a888d593a15d98286ec9b
SHA1 de532001b775ff82a8558c4d09e0ef021c7aaf13
SHA256 0a3711ddbf88f4b7301bda36a2dbebcdaf58d002484f93ec0232f048d6594dbe
SHA512 72fe0cb463bdc68e921a355da4ebccd62dd494ca5b9607519e3181527a441036e67e597d4051988198de2a106488899b5ecf08e0b7849c1ed476167ada8cab68

/data/user/0/com.xinanseefang/databases/smssdk.db-journal

MD5 134833252f6617d46c45349cb5c6c100
SHA1 5afba33e07332f384494a6f2e874f6afbb20cfd5
SHA256 edd26b4af41eef7ca87bef9f5772f313d06c4fccd9b3576ceb360df682e92a88
SHA512 bf66dee10a14f979f5fa700214f34d99504c704e290e1f738e1aeba417d9d59881a5b3104660a58c260a6b72dd970b6bd63c6a380338b9d88efcecc7a16b6326

/storage/emulated/0/SMSSDK/com.xinanseefang/cache/.ba

MD5 277d21fa1b8fa77f5f5b5339cd3c24ff
SHA1 051e484b0afd8bfe731887a11b683d76cdbf4cde
SHA256 801a4f27320c2949dfaad7b5607c48c1ab9fb5b06b44568b8644356a059b509c
SHA512 83220a5de8c5672816429014eb296dbdf805a9e4d7b6298967006ea6eef5efd03ed3491ccd64d1b97239d84812d06a8452fc81b579ffbede4803ab2a888cede8

/storage/emulated/0/SMSSDK/com.xinanseefang/cache/.ba

MD5 e068b507ca16feb4fd5444fa5ebfbf69
SHA1 81cabed127426cc2429ac7b3cafc9b9332887914
SHA256 f4ea6f3eb373c3e25f7285dc2d73d3573da76bf38923b865566b1c0e6f97c7a1
SHA512 c01705bdb36ed4e5aa720560a5f664289c09e70f203a8b22eb241c51668e35733bae6b0be9f4f5ee99a896c91bd189d46a029be282e450ead2eb7eb831f1d8a4

/data/user/0/com.xinanseefang/databases/rep.db-journal

MD5 ac296644bcb70d761cf08030c6dd292b
SHA1 53da7856d4fc7d54c9c75c81f992c6a02184880d
SHA256 3f6101ee4d8f495825c7de1cf953f4e8aa12b8510759e3f2122970a5d01e5085
SHA512 843834ecbe2484ff1a33cafa10a55aeaa6ad05b3a262cbf8acbb6c00db8ae353b5311ae8aa1f108854bb9093b467443908b3b083dfa3bd55cc6e9be8a7e2f808

/data/user/0/com.xinanseefang/databases/rep.db

MD5 9c6c05b150611ffce829e41a4707b796
SHA1 76f0a7b714622d62f687c4bb2d5d0f17ff92f2af
SHA256 9c6869feb1d744dd73e65d987d064a0b91a13553687a90877966758778763dcd
SHA512 d8ef6d794db2b528201de94b2009bfa8751a43c0598a31cd47c9c98ea056077efe197e2ed7cc22c044bf9b0150629075a22cf5c273bcf2d17e4c94e0e3c870b1

/data/user/0/com.xinanseefang/databases/rep.db-journal

MD5 b1ce4545bd0c563dcac1cb42682c70fc
SHA1 d9a18703cd6c7e9d35423b58ca4e70e41c605e28
SHA256 51428ecee1de2f11957da2c0a2fea704cc309281c02f04a46655e2836ffa9252
SHA512 407aff80ee0b5c3a157a1b4029b064df398b7e5923f81dd3650dee048f3cb463d973aba6047977cac12443fa51334fde32ba128fdc5466cc14aa314c8da61fb9

/data/user/0/com.xinanseefang/databases/rep.db-journal

MD5 e09464b779e9b9d88b9ebd19a53f466e
SHA1 70d63b3a9ca953709ec0bdd035a822b7540913ba
SHA256 8bf95baa8acd87af02f215a959a5e1a26e516225b125e5b8adcb8e360cc9b7ca
SHA512 648dc45cbf237db4341393efedf60f11bef2feab0f88682fbbd969c00f2b3da6fe192d9fe28d976f42117d3c33f13148906308ee62575cf54970eef44b65589c

/data/user/0/com.xinanseefang/files/__local_stat_cache.json

MD5 2d805b13f2f28dc3ca9bbcc000f49bb5
SHA1 9eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256 c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA512 5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

/data/user/0/com.xinanseefang/files/__local_ap_info_cache.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/user/0/com.xinanseefang/databases/smssdk.db

MD5 67925c889a8972b4cf2b690350e2d76d
SHA1 9653dfa64ef43006402ed1f0172475a368b45c76
SHA256 8ac89035bd0af03f0255708bf8f29c8af5a90872846b0c7b87ac455eb3025230
SHA512 230903280efc0564b6b176055456719165a2da4b34869d3c61849703aa60d442776f892b6e644d7bf1bac3a16bfa05e7ff91fa94d91f3afc39942dd8a02d52c7

/data/user/0/com.xinanseefang/files/__local_last_session.json

MD5 b532db61b8bbef3af015aee70d85e1e1
SHA1 eaf300201fcf5a9e285c0e4c7d3344a88acccc5a
SHA256 931c3538f2dfb7585837e27c3e961ed310b2769bbae014b6d6eb7e79d872f620
SHA512 55315a0613e741ed8b3cae1980c159bf73feee4706f5ca78e3082a737d1f932c37d724d4547e500adb3d891721f6c9349f53515c1a7497a2dae165a11e1f7c53

/data/user/0/com.xinanseefang/files/jpush_stat_cache.json

MD5 fbb47988cffe4f5bad0d935356e7011f
SHA1 cf7e8e712d4daa338ce4dd898f7f6e50d55dc704
SHA256 bf03affc5b1b0b40a896a57db7792fa7c8ce2921d5c6bf3e7b5a0a96b943c2c8
SHA512 cba7fc2923c0d3275404e25afb7d6267fef0ca145d7532f143839cd59962e3933b6e03dec4dcc26becb92e7ea368c084192448dd2ef699dee65d07c094fa3e6e

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 131f4d91e7486927a4f6181383272f69
SHA1 24b77eab6e77eb225c6aa1fbfa86c65ccb46e9f5
SHA256 03c66a918525e9978d8515e4778ce9febd59de89578029b954407503327c37ed
SHA512 2932885bd5f9001dc051dc6625ef89cadbdf1beba2723d9f9afe103cecc9ce9a65fef10460518c6b274f0e7596fb6a85bef929998c88b71bef98305024350dde

/storage/emulated/0/baidu/tempdata/ls.db

MD5 f8df032b186b8daec21b955238836997
SHA1 6670b787d78d0391ca067ee9d89c1fc99ab248b8
SHA256 0eb2691193d5b1af9ae73ce1110ea204d7895f5a39d8d5155f6de13dd3d1d283
SHA512 97472fd05b640d30f6e8d2a722e57a1d670e77391506c54b8e55ddb6109a21acee6a74af8c5098467317fd9292460e54ddfcdcf46e44684ebe7798f7890bbfe8

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 42d6bad8413214a3dac5b52b6d09dc7d
SHA1 e1f5afe3608bb7fa929a851d60e1286efbe91980
SHA256 34ba796a3cc98c610946834fd17a837c156119a42bf66c6eef65b1a592cf7db8
SHA512 c3325c71150d4bd6132a5aa9c2fbad1d6c52f6ea83a6eb90ffeb3f22bc3643ecd2a1f7cd7d8b95af3659123e242392d38f457190bd44e8e075b0fcf578d6f34d

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 35ed1d010f899ebe986509c25310fdfa
SHA1 ab0741e9dc7eac9f8c80b7173e64ad2c0d5939a2
SHA256 a8ed5adc5e6bc6e541ac6e43b1f5fbce72d3b4510fb3dc9d1be322101f6d14ca
SHA512 189e16b7c71933814c8a387d54e68dbddee2b6bccc022a778ce929dd464a468af6d68c4d55f8c17e86a202370f951dbdd016115a2211af2dbecc7b2d680ff6f3

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 3ef46a1944cc52c154ae5d67ad43e1da
SHA1 6e9f215701554f9c0c8a5cc2909f5f4cba73989d
SHA256 4c469f69d1673f1c54671402629838c3cbacc197755b8a190602176314b2ddee
SHA512 0e97f2fb5b661162fa52a90cce763c13a7bf166de0b7a1f145108a56cb2bc45a26462195873fa9e273d5624d4c5eeb47c48bfb3af19583ba60c2b1e751ccd54a

/storage/emulated/0/baidu/tempdata/conlts.dat

MD5 e2948d55e9f8bd65cee46964606c9665
SHA1 cc32a6e1daeb792b74fc8c39e3e647b69e99a0dd
SHA256 c24366b6a045e9f74cc5aa19dba3e70fc0e3bd178cd931648aba3beabaf58c5b
SHA512 27d385ab30e888021a651504e463f82902e02af5a59822ed249e4d6b0b03bff10be030d4ef1f6b484e8fbda659f94fcdc4bfc8bb08909d596008937d42aea23b

/storage/emulated/0/baidu/tempdata/yoh.dat

MD5 1681ffc6e046c7af98c9e6c232a3fe0a
SHA1 d3399b7262fb56cb9ed053d68db9291c410839c4
SHA256 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA512 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

/storage/emulated/0/baidu/tempdata/yom.dat

MD5 a936690571e9104e1922dda4a0ba5bd1
SHA1 65f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256 f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA512 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

/data/user/0/com.xinanseefang/databases/ThrowalbeLog.db-journal

MD5 5eb2af0aa430d602896619db6bf76dc8
SHA1 0ac3649ecabed24831037baef8db344f73063982
SHA256 96c9a07c402df6eba9738b72f22e2072c2fa36be6b26c19c58b2546903de969b
SHA512 79887e9ba93f85321945cd0b3d7d3e9552978adf334c0e06304c74fd2df64a31db2d88083a4568770282c1af289ed700073e6ed93cea9441be662bc37e3e316c

/data/user/0/com.xinanseefang/databases/ThrowalbeLog.db

MD5 ca139da9f68677c2c1398a8ac2e2bafd
SHA1 cf27b371ec9c143028f7d5f52ea51d1b23ce78e0
SHA256 aec2d69fbc7ede24c66eea222c076fb1a4569445e5ace7d7219e48336b44aa4f
SHA512 1a097b8e6eb23f71656dc7076578a8a120d3bfcee015634ddcb23daeeac7a10b37d691e24493a6795a17a81b83296a3fd6cfe0fb6f3e4737f342abd942ddda3f

/data/user/0/com.xinanseefang/databases/ThrowalbeLog.db-journal

MD5 3c2eb71a804bfe9e45c65b909fd4fca2
SHA1 d141a7238b5b7acdf5c6ac7fd3f89e68b3b1674b
SHA256 628f5d9c88d532a5ddcecd791e2060ad7300da8080f344a5a755cf4693bff6d7
SHA512 fcfd20af1cac9f97d13120e07b9d76ebcdae302f8f786adf1619ebc81c0772f01ac2cbb65a2eea672b258906aa5126baf34122375137d638918493f6f06f9f02

/data/user/0/com.xinanseefang/databases/ThrowalbeLog.db-journal

MD5 a8fb882da123cd0a5dd6f958e00d6a5d
SHA1 36c70f0b432ba8a0908276d38f7c25ed6408e653
SHA256 d9a19862f50aae1dba892ea62db7833db9efd02f7c68991d0819ddeae2759635
SHA512 3f0b70cf823048758ede2568f69f3fcffe128d72acfcb2f8633df9987acfa76c8093e2ff2ee01df301bd3a49d43a912b090b0c09f000027cc61c2a72ef50e926

/data/user/0/com.xinanseefang/databases/ThrowalbeLog.db-journal

MD5 0734b45c87667e272cb253e098836fa5
SHA1 d53687ac5efca711c1b63ff9f1e6801599eeb02e
SHA256 b7e48a82e049fe75212233ea577e339986986b054bd2b9c40f9bf4607bc9cfa4
SHA512 19fedbdff1d27f101edab4f50f2251aef429c07dd3011b2fb2d88dafe6044007755e8dfca6ce90c77ecbbbd335c46c4e3db0e1bb9be78590dba3c92ca6cbd7a7

/data/user/0/com.xinanseefang/databases/ThrowalbeLog.db-journal

MD5 18a65c81dfbf2264f83bae0036901c23
SHA1 1b281080303bad972a5c5ce7d19ff8a19e40f974
SHA256 6a2587ac7a034361724171ebc1039afbdf7e694f4e0e731a3fa565a3353d0749
SHA512 9ec6258346803cf0b364b63be5f26bbd4e46710fda5711371ab73fedcf8beac5c7ba51e258ea4a2f5e8bb2fa590d1a7cdc4e9e8609140a8e6b69916fb133f742

/data/user/0/com.xinanseefang/databases/ThrowalbeLog.db-journal

MD5 b12b51f5b0ded1383b9e7762138f6b20
SHA1 de48395e4024c1b227f961829a6839e247b6f140
SHA256 b0a349d0353568edbf600be3c99ab3d086c0a36d40c3bf114910577545337b0b
SHA512 54ee2137558287228e87ab368ac25eead00d6bce42ef8005527d6e4001ca6c485da268c1f48494d636c68171e18ec54cc8427b8f120b0a090ac9889484d1ba5f

/data/user/0/com.xinanseefang/databases/smssdk.db-journal

MD5 27dc3a396f93314e82532c8cea6085fe
SHA1 ecaae5dcd78ecf85cb309a566ce2f2f476d77566
SHA256 b5eb7d4c868ddf937a54de44d7487ae4846dbe788542e7ff1c46985946655a9c
SHA512 d402e871e820bbaf0c8c0c592ee62da5fde01429ae60589c42308dba8ae736dba3c8b00c6b7e523c5dd3a7965d9732b9bdde15f7695c51be1faa94b4a459060e