Malware Analysis Report

2024-09-09 17:52

Sample ID 240613-fnve9sverd
Target a3e6dfeffd6d19f618aa468791dfc705_JaffaCakes118
SHA256 cbb85f45f987994c2f1163ff5e86356703d52e29eb5e0c39550d1a8e546d899a
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

cbb85f45f987994c2f1163ff5e86356703d52e29eb5e0c39550d1a8e546d899a

Threat Level: Likely malicious

The file a3e6dfeffd6d19f618aa468791dfc705_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Reads information about phone network operator.

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:01

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:01

Reported

2024-06-13 05:05

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

186s

Command Line

com.xgbuy.xg

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A
N/A s.appjiagu.com N/A N/A
N/A b.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.xgbuy.xg

chmod 755 /data/user/0/com.xgbuy.xg/.jiagu/libjiagu.so

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.xgbuy.xg:pushcore

cat /sys/class/net/wlan0/address

sh -c ps

ps

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 api.sobot.com udp
CN 203.107.41.32:443 api.sobot.com tcp
US 1.1.1.1:53 log.reyun.com udp
US 1.1.1.1:53 a.xgbuy.cc udp
CN 54.223.175.26:80 log.reyun.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 121.36.193.140:19000 s.jpush.cn udp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 203.107.41.32:443 api.sobot.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
CN 54.223.175.26:80 log.reyun.com tcp
US 1.1.1.1:53 t.gdt.qq.com udp
NL 43.152.42.165:80 t.gdt.qq.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 1.94.119.240:19000 sis.jpush.io udp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 m.data.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
CN 121.36.193.140:19000 sis.jpush.io udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 1.92.70.140:19000 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
CN 54.223.175.26:80 log.reyun.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
US 1.1.1.1:53 downt.ntalker.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 182.92.245.193:80 downt.ntalker.com tcp
CN 113.31.17.108:19000 udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 1.92.70.140:19000 easytomessage.com udp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 54.223.175.26:80 log.reyun.com tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 113.31.17.108:19000 udp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 139.9.135.156 udp
US 1.1.1.1:53 139.9.138.15 udp
US 1.1.1.1:53 119.3.188.193 udp
CN 139.9.138.15:7000 im64.jpush.cn tcp
US 1.1.1.1:53 s.appjiagu.com udp
CN 54.223.95.86:80 log.reyun.com tcp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
US 1.1.1.1:53 downt.ntalker.com udp
CN 182.92.245.193:80 downt.ntalker.com tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 113.31.17.106:7000 tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 121.36.193.140:19000 easytomessage.com udp
CN 113.31.17.106:7000 tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 1.94.119.240:19000 easytomessage.com udp
CN 121.36.193.140:19000 easytomessage.com udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 1.92.70.140:19000 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
US 1.1.1.1:53 downt.ntalker.com udp
CN 182.92.245.193:80 downt.ntalker.com tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 113.31.17.108:19000 udp
CN 54.223.95.86:80 log.reyun.com tcp
US 1.1.1.1:53 b.appjiagu.com udp
CN 1.92.70.140:19000 easytomessage.com udp
CN 180.163.249.208:80 b.appjiagu.com tcp
US 1.1.1.1:53 log.reyun.com udp
CN 106.63.25.33:80 b.appjiagu.com tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
US 1.1.1.1:53 tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
US 1.1.1.1:53 downt.ntalker.com udp
CN 182.92.245.193:80 downt.ntalker.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 113.31.17.106:7000 tcp
CN 121.36.193.140:19000 easytomessage.com udp
CN 54.223.175.26:80 log.reyun.com tcp
CN 223.109.148.177:80 alog.umengcloud.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 124.70.128.38:19000 sis.jpush.io udp
CN 121.36.193.140:19000 easytomessage.com udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 1.92.70.140:19000 sis.jpush.io udp
CN 124.70.128.38:19000 sis.jpush.io udp
CN 223.109.148.179:80 alog.umengcloud.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 113.31.17.108:19000 udp
CN 1.92.70.140:19000 sis.jpush.io udp
CN 54.223.175.26:80 log.reyun.com tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
US 1.1.1.1:53 tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 113.31.17.108:19000 udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 124.70.128.38:19000 s.jpush.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.94.9.210:19000 sis.jpush.io udp
CN 124.70.128.38:19000 s.jpush.cn udp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 1.94.9.210:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 113.31.17.108:19000 udp
CN 139.9.138.15:7002 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp

Files

/data/data/com.xgbuy.xg/.jiagu/libjiagu.so

MD5 aa01dd97609092ce310e17bf791069ce
SHA1 f000840a8f68ea7beb2e29ea466088daf55609db
SHA256 e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2
SHA512 766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

/data/data/com.xgbuy.xg/.jiagu/classes.dex

MD5 f9fa3cfb3fcd10a835d60bb6357ca06f
SHA1 b8a8ac4a6fbc03e4cf852a46284b1c573a127f66
SHA256 612bacff2788e79924cc2518cc74fa5060d05f9da1272ed4f86b22be31ce9c17
SHA512 70a942be88a3757141c9098f043bcedb9162a8c6fc89d8a72af2e0466c3e4a655ec0a77af7e51d54da0c52a133f1a1e99c5ebd69f9e3d5c6f5da5b1e26626755

/data/user/0/com.xgbuy.xg/.jiagu/classes.dex

MD5 ecd45794f7d44996ac92b4f0560a14ef
SHA1 7f0429092afd8449f9c178135ed81ba583f22fe7
SHA256 e53bdfb1d488a196b6b63afa582d4a755fab19302a0390f95f5f0328661b4c66
SHA512 b89594a335fecaa3a6057d02ca901d5e55068d83c381144ce71cf61b0b8da615d665bc011b8aba95349b71b5a1b8aec6f28bfc643b4f58c0ada783b2ca783f92

/data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex

MD5 dd4d06ae6948421a6d13c2d77e6b72c5
SHA1 0e905ebd3ae8c5eaee7fd6fbf5ed8e5460a58d78
SHA256 982d97137a41ad82d5e01ed1f0d8fdaa3da572ad090764478e96c386ea01792d
SHA512 dec38aac3fca1e874fc0394b999bf568d5a6d18ef1012a64e6dc2f4a76a04e72898b6398288e49d42ee4341fa3c57a25f6e5f4f7d1038ca5c9998aa933e3c6bf

/data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex

MD5 2883c9593f5962f990c96170acbd6b0e
SHA1 22fc30225a9a7d678e87d8eba2c1a335d59dfaba
SHA256 e37d677cd474aaaa45870679a1b85015a2f4681397e5ccb88f08affed475db2e
SHA512 e57438efecd90026b6746aa52272a9f1e6eb28f02ebe648500ef3409fdf02ee6a8917eef6fde2546eb19f1707e6c01cf190af0b26cc09a77f43d0f2e4bce504f

/data/data/com.xgbuy.xg/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri

MD5 b2d32f4ea6f50276aed89d7edda77714
SHA1 98a010d8fa351196789786afd21dbbc3ad5bfb80
SHA256 5030c04b0631aba12b15f62aaa6f3cedebe4323c1e34b816a7c68f5879bcb982
SHA512 b95ec7ad6e09433b38ea219c3a1dcf5335bbf1bca59256fd4af77dfe0c722f43c9fb8a0c73e2b4f04586be20857d99d7408991342e58766644c736be04df5353

/data/data/com.xgbuy.xg/files/.jiagu.lock

MD5 1d31afc9f61d3b6a6a1599f682d9936f
SHA1 21e2f6b536c79b792f0898645835da78771db79e
SHA256 d560c47d4eb361ad826ac04ea623764398637e1b760857dd8b775fa92b1d02a4
SHA512 f73d2b776f359068f4a7bdcf1618219686aad9e83ccfa682a88413b3a654d3439a3db20878747b4778f2a7fcc165bff5abc47f900a5fa3276761a257bb337c0b

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac

MD5 3911ad10a2d9a4f7ef7a09639a1b8cf3
SHA1 d8d5dae863fe04bef8d987202e25e065efce1e1f
SHA256 0ae3380b0712c9bcbb362bcdf7b72504b9e495fe2987cfc20aec121977dba19d
SHA512 d58dc5e805e0e2d11a79c725285dbb3f75d351d456c87ce79439af68c3a6c2506f5814bc16f09fbf16462c93f5c781437a5bbadc4d48977782899ce9d741dec8

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ic

MD5 1bd86b90e1b355f123e5ce8c93c3de53
SHA1 bee5683d6124650c8be0b3740ad66e771f29b178
SHA256 3ba28c4fe20d74ea96f6ced27333f04a01e03c50092717eed1b6e30152a8d152
SHA512 6ba3d7ac2b9da3bb2f7ca50488782bfb9f12a38bf17debc4f2853a161551a932885bedaedace0ecd3da9777e1cddbb407ca2360c13512b1b804bd6242e767abe

/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

MD5 a21944793cc2b2949b6f37ff11a01d40
SHA1 65e4e8258586d2642c8e8d38676455d4f23055aa
SHA256 e27a2ae138656255a39445ce4aae5e76d27e42543f5426425eecbfbcfc7ed6ee
SHA512 f095419731cf858eed7b158d9c46aefdc6f97f3ad90985036e5bf96777ae92cc76d5c7b679220a3230529482811ca4d478482fd3834d40e86bb9d563f48f65ad

/storage/emulated/0/360/.iddata

MD5 b4cca151107fa115f574a1278f9f315d
SHA1 2081b46887957dde2094e41855c731f69d36634f
SHA256 89b3dee94e9d830ef0c3c437904e4d8b69326c50e417539a97d62eb2f814bd88
SHA512 87bf1699621600f776d73313e708d6ceca780506a5164307685e84823504468c15f0950e61f76f9807ae75e126b23af05219b2fd9e4821062a05eee3101c90fa

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/storage/emulated/0/Mob/comm/.di

MD5 70a42cba408700f9a6c01c7941a8829e
SHA1 eab01cc2c0671538795fb0b1146017dc099d0984
SHA256 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA512 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

/data/data/com.xgbuy.xg/files/sobot_chat_log/sobot_chat_20240613_log.txt

MD5 88101e34afb80e21de0cce71736fa0a9
SHA1 cc28706d8cf53951efe2e428848b1d07c84cc45c
SHA256 581f6eb731f7aa26074dc91a0c2b99f148bded60432476df209dc829a6a3248e
SHA512 db3ddce711f8310eea94767f2867c19b589fad42df38227ef45d471b8fc6dbf177f0a12dd037f22896584d17953cb298ddc62123cc9d25b40db949bd8dfbaebc

/data/data/com.xgbuy.xg/databases/xinggou-journal

MD5 6728d278642939006b9b170db3075c3e
SHA1 e753f7ba390d67e6dc6de1ed39bb28cd7eaa11ec
SHA256 cec85cdefe9f6442c5f63935e8ee97cef9e661b0721f364257de25a1c826280d
SHA512 fb49cec44416ad69ceeb2f6ca56cfc8ef7c4bb777374bc496aeed1ef50ae938aa0d344181ae3ce9e98c1d1f82188dc90dbce2cdf5b5fae3434ccbe991eec26da

/data/data/com.xgbuy.xg/databases/xinggou

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.xgbuy.xg/databases/xinggou-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.xgbuy.xg/databases/xinggou-wal

MD5 d0cf31037bb376f623c9088443fd2260
SHA1 aa429a5a0822f443794f0f4245a3b6a80978b25c
SHA256 e575ecc6c7caae639aa252c76fdd2e98438f2283d757bc6889de4118d8e15723
SHA512 a9f04bb3514a1cc0c1ef63dff58f59977665f0a329a39a4fc15e70b7c25c9814a632c9a9d9844d4614994f8250a901b7c6bfa48cf9a7c9ccff52967e86e01d85

/storage/emulated/0/data/.push_deviceid

MD5 deec9fa052e8f8dcf8fb33e890c37657
SHA1 0432c97759be6e282a0246e14d508d9e509112b9
SHA256 4bf1bf7f5ec13cf3d53d880d57b71784748c478acc981e0c59b30df69c72a2ca
SHA512 5da4892932c922bc21f63200525120d4aaf1e2f9f68e4deb7a2f8058ab0b8a5cd5ff4d5f9f2183559daccc13f848908a9fec57e2b875db345af7811f9c05ac26

/data/data/com.xgbuy.xg/databases/ua.db-journal

MD5 28f82791bd6be536d738f6dfe88d05ad
SHA1 2a4e02ec5babdce518ab3ef1424ef73d23e2f316
SHA256 eed5e7d18e24a40009106b2b720aa552f06c502b78e6c520714a612164c5089e
SHA512 c38d039d7c82e496c50fefd74bbc3acdd52fb846ff886cbd647bf099396cc59f6e201fdd8a4a94da16ed7052dc4fc488633dbeb3038e96513038445791906ba4

/data/data/com.xgbuy.xg/databases/ua.db

MD5 9f8e13694195053ceb1ec9b4cd840686
SHA1 0a19c105a8542186cc11e99c18e9f081ac351d17
SHA256 56fe2a78ba674b124c7a020e40950fc8297d4b8f735a0a46d1faefa3e2fd53a0
SHA512 3896224c23e584ddf0e27943427937a1d070a3f104b2e931c2d30e3c98c076d46f39ce1b990f993684d61ad9ca12e672c04a3daf4532cfba20c368dc6f873a31

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 556a0574acdaef820033a15c5a924f7e
SHA1 9467bc172a8db5cb10c82d69d72790d8fb2bf303
SHA256 56bb55b0b3c89b0baec85e0020448343ff75862a59eca86b7465f4ff99d05ab8
SHA512 afba02c48965a7ec70527647ef137e6a60c003e2e16eb863a261563433003672b04e12881487c07c82c97add06f5ecf372dd4038d184da1566075859a0342f36

/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/journal

MD5 558e7c199f33a5304e4801764cd264ec
SHA1 9e9960d6db26ea7b066101023cb69041c6654ea9
SHA256 3c3af02a5f4e4d2b1334666d91e97bdfab7454f30723623c079f4cd9d0ba81e9
SHA512 fbd1e67831ef14fa6776c1b265eec6670b9be62e77599609cbbfbc6cba254d219392d37a5ec4d796349d954f37610579de457d005af864e2ac36a8cffb0d297a

/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/e0bac8c3c005c727bb9b0b2d00be3d7cf020743113c01c46c33a507d6275519a.0.tmp

MD5 3ccf674803e2bcca74d940a369b98a1f
SHA1 b82beb53b74476af3563d05f4b49b4628611c19f
SHA256 897e90108102b4d93eed118fbc62f4bd208a2651c52da15431f3ece36f4ff274
SHA512 b98a53d48cee9d8d4fae804736e7b66c28beb429d4e84cad49f4f3e92f5a226c99eebe093fabee98d657d41729eab74fdf6081cc29b693e076b213e0e8e60a5f

/data/data/com.xgbuy.xg/databases/cc/cc.db-journal

MD5 8314837d9ef6fe11ff45e6b73525fe2c
SHA1 461c954d15de48ea7bff3d14c0b67c0dc22ad2f7
SHA256 5e25d11e5b51f0098da793c79e058a0fef2afa561dec422d28562ed328db1908
SHA512 fe6aa4f495a2ad556e89d7b45df8ccfeed1df4528805955eab216aa4e03ec5bf32a5bf2c25381b46c27d0b86a099aedbe16f7d72f172b389fe54346f125a6e0d

/data/data/com.xgbuy.xg/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.xgbuy.xg/databases/cc/cc.db-wal

MD5 1a6bf70d513a7d7c55b955a3054ef252
SHA1 0aeeae6a0ff9d083a8c68b41895d37a5349f7e2e
SHA256 bdad7fed356c815dfdf61f2abef793806c58b316523f7f628208de5b5a319b52
SHA512 5bfcc92d75fc5a39643a2e7d521888b0facd7830a322c7ca41a3f1f91329a92555569185b72fc3ff15145eb7994750cdab234c5c6d60e1173cb857d3b945a99d

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 e43c950aefdda697ef68aa79dbf47d89
SHA1 22e9ed6e85f943372ca80f20c4ffb7ea4b918c21
SHA256 c5f54da60a813bb34a06b428fed480a716874fc11697b28efcf4df0d0c97cec8
SHA512 10ba8323061e821baf981217658f936b32a4950860e50b3acdde251334e97b5f1cae4636a4c6c85188bf767a369f8f89dee8ee462b3dda83f6da21f1a71d5380

/data/data/com.xgbuy.xg/databases/ua.db

MD5 904bc635d2e5e85a865476644c24b090
SHA1 7aa2d35b1c48b6b1369ec66525b1c9ca7441c00a
SHA256 f4ee9a5daf20a7fcae92789880c39c4a491ff70fa82c514c14f6b9af7d3d8662
SHA512 84c10e24333aecd024c2a005f93e26f26fd8fb69e2eabf29d6f6ecb4736003a295bda77725e0e33c4610a3b14c8cb042498c26dc02f40d80c22cc4fab508261f

/data/data/com.xgbuy.xg/files/jpush_stat_cache.json

MD5 123b8f6b71889e9a24c85acddb6bb608
SHA1 81d949110321143c5722226b4c3a7c6757154de1
SHA256 386a3a997161aaeaa9424def6251cf305a89343ab6cc108a3cee04b256dbf47a
SHA512 a633ff70726029f0e595ed89819bba47e112db0a8e0fdc08c8be9fa142c9a1e05338fe56cd400115bc35bffcca96a513baecdb90c7368912d0be76ac3119e2af

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 24e4312a1b1bcb87fdecb07a5a5b0cc1
SHA1 cc7406ca871a02231d859dd4cfa1d551cb2cb933
SHA256 6b560771889c95893684988ab367b6d4628873eacd8c10ff6381d4d802ccb334
SHA512 77fc0aea46d19cd9a627ac4755946ccbbae36b9ff9277cbc6a892c4e9c5afa438e347981b087cb2f5c5efdffd850b223961bd8650a6573733016983da4131604

/data/data/com.xgbuy.xg/databases/ua.db

MD5 d6081c778e6ec59d3192e6f69cc53d80
SHA1 f6f64b02beb10830b8c6c729827252f952562a5e
SHA256 84f927ad14c83678f791d670f168ecbdc8175052f9ea1a3492ea471be05110f6
SHA512 791dd912dbe5a653b383ed1066fd203648556423dee8b7e47ffd4a54b8ff9c0de7c6a1d7e7759e6496e2f26b0e46e5908dd6c907fc57903cd409e21eca1bc8d4

/data/data/com.xgbuy.xg/databases/Reyun.db-journal

MD5 7dd6c54ebd185ea16cfd30c31ef98a3a
SHA1 91742ed415810bbd6807ad04ed1a440f0b58e0d5
SHA256 6ee36983d93ef20ca4ccab188f0e68d2ed978a23a202194c54d37bfc825399de
SHA512 a144be0e51595bc35aea2208138d41ee59c2be6a8f25d55a2a6bbaaa8fc136694d9c9567b6f0727a721a33649d6819ae45ccd2b2c031a60b58f74ad679e82a47

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 6e502323f2684110371c7880af48d0bd
SHA1 ade739d32cecc6113bd7307720deff7db7138df2
SHA256 b1a906c49a18422fb34740f1aba7fbf5731df02d9d17b25eab219d902ae9f386
SHA512 c9ddaf8dece69fa0ec1d2a20d38538cfff485a996b4bfc0f46038a24d83199e798bf275e77581db45607070b132de3cb97a1df281c9d268e1262f8d1c2fd58c3

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 55ebd4b839bad3653847735ce70b51ae
SHA1 1e02d7f9e6e6e2ab9cc36cae5888a89aed02da5d
SHA256 974262642ba800aca41965196009c6d6e09ff18363da210aee915bbf965ce591
SHA512 02ffe13bd7b37b41ef8ccedd79f621d16a60ea607427af6e0dada6b7c98fe355c9615a1eb5e5c0a2511a9faeadd6655caa35b1e62df6d4f91ecbd4af6c7dc0e0

/data/data/com.xgbuy.xg/files/umeng_it.cache

MD5 d6368bb623ce21634a9401fdcfe4191d
SHA1 931d1d87862931b73fa8b7ef511d55a5b03bd084
SHA256 6c63241979eb2aebb421fbd235939321bda9855024ae60bfed55143298a796d6
SHA512 3fb9fa51c94d0e58049114172ad7188e413654872ba98fa05a5f6de8ba98cb077ed6084f6a929987a8588bd41d64d6c61df3ac7fb1923f74f64fc246f01ba6f3

/data/data/com.xgbuy.xg/files/.umeng/exchangeIdentity.json

MD5 3cf83e9ba49d9a85576f50cfb8a54526
SHA1 085f997a7916757c321282830ad3d5d1def6d2b8
SHA256 8b63ac83652091f48be71dbbdfed1d504934bbafe02e525c9385fab848b00b1a
SHA512 41b5ceb0a611b81fb7eee646ee20639b8138165c1f8d8bb3992afb750f59b720c18dcbabd20c6eff35d85a2f6e52089d5400260c6a472e1fc3ce26e702e0c04d

/data/data/com.xgbuy.xg/files/exid.dat

MD5 1997704f07a698b1dfa8b2525547624b
SHA1 dea462622e735a7ec0c4c4cce9b5d562ce583867
SHA256 9ad76754c434b94e91b07a3da411a5099bd8bb5bde1e6cdb2a40942286f8d56d
SHA512 a71c57fb009947d2033473ff190024f0da60f3370e1516a690aeb1ad8a641493c638a3a4f2cef22edf41e62feaa389ebde90b72a2d7dadcd0472c79d7c949f9c

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 c15aec7b19ddaedef417666ff7722163
SHA1 d144ccea06879306ec4fd2da33d07eff7398feb2
SHA256 248a6167252462de10045d5dd3b1b7af74bb410278e5b0944bcd32ee12542cee
SHA512 4a309b140dbfedcda20bf636ba1b58b2720dcb40b207d5a6d63784eda15b9fe7f82ee0935313ecb1adcf46e472d40d4fbc2639aeaa782a220798165449855b33

/data/data/com.xgbuy.xg/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.xgbuy.xg/databases/cc/cc.db-wal

MD5 2c9a1285e7c0881265b9bdce5f1fb0c5
SHA1 c65d2d4e6cda55e70acf61172ef542915ba58d33
SHA256 916a4a4b83b3c9bafee9b4a6a6cbb68efe1d8d81f6617981830b1ec9b73ec057
SHA512 4dfccbfd1195f0f9a21c46ef44db62e3bbcd915475f5b5fc1287dd363d56abcdf8cfea574a82c22653cba79a76df415a02cace83ee1473dc785c6d9b077c14a1

/data/data/com.xgbuy.xg/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/storage/emulated/0/Mob/.slw

MD5 19402718bfb1c685a726b4e1d846ad98
SHA1 02a7e30044a67085f2f1da24e16e4ecfede65b72
SHA256 079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0
SHA512 25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journal

MD5 57f62dccb341de9e97d71289745bdf84
SHA1 f76b70f25fe411a0fa7699d5b93858ce07aea5ba
SHA256 7b5cfc9281d86ae0f4710d3e8f464b675fbe16e4348cdf2ec9267851d4c63cfd
SHA512 9730ec8b550e434ac040035dc7f80a478d1802bed6b94e3d5cff087cd0455230768d9b4a6b9f3f3a93a67a8eabaaaf6ab98f14d5651c1caa7cbeeadd366f1da1

/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-wal

MD5 4b331acce24f520380849531d3355474
SHA1 adbd7a57d06fd03029b5ecc314cdda3e96110ae8
SHA256 bd3902a75ae775a03b07aa323d471c7e6bd1efe4b2fc33bbafead69336016684
SHA512 5613e60cbfe0bafa7065ef49c5fda74b02068179645568948ed37299d4b4e6e458231878d49ff39f6f9a52c2b22507601c73acb29f42bc9dc183a1fafdd2e878

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 2d8c5db314eedda1a368f09a2c74bd53
SHA1 23a4bd2d724c57cbaa3544db54c26a8c8242d7f4
SHA256 5cd21e04e070453a2244e3eed5822ed41207c51ea8bd33ec8382ec56f36890c2
SHA512 5a6cd09cda21be42927165d25dcf1936fd570e131a385c0a0fa460be24a0eb9d8f0fe1ffa2ce7a9dbf47edebdcc03c9b30b7d3ccd1d630aaf3b581e2ac708bc6

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 7b788546f38b12e63f8eceb796121820
SHA1 348f35850a26418b30db9572a3f6d0c815fabbe4
SHA256 5516274935cbeedec5db4035b124031943363af06d9e838c22fdb8ff9098d3b5
SHA512 e56680f6bb640919d71d71efbcc9d439d94ec8eb992f19c1a00f2e9d8cba66bce49338ee0326c3108d8d6f2111caddf62bf47431889ba8453b19a72424d7afa9

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 c96a5810f9bbd556739c381db5a28141
SHA1 2cce735c75f4934d61a51b5511ef05ecd168d142
SHA256 e028355b185edba6f850ffa6c8c262fe3fda61680a3f67cd2246750373dcdda9
SHA512 e6b8a026b26401c6f593ee64f0932dd11e72ca7cb117853bca95d343515f431e9a6bf55ae9a6fea7369fe389c8c847ffda1792512b3787822cb2eb6abb71a7ef

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 c6e49fb96f2fdb17bf839f4934689d95
SHA1 ea9d34d78e99ed75d048134a0a78730852176445
SHA256 fca9c9254c618d29fce352e92c32021b6e655cc6c86313129eea1b2dc4a9fae7
SHA512 4be1469d80c00999cc7b53040636aa2969ac6deae0ac9e14597c22042a76730f5cbdf75b5a05dc0c7d4835ae64ac6d6863e57f39d4a0f7e9f9a8d1fdbe6734fc

/data/data/com.xgbuy.xg/files/jpush_stat_cache.json

MD5 257c307a62a75d95a1fba6168a557632
SHA1 e281dcc710f67d6775b2b1aa42c89914382d962b
SHA256 e7f1e0b1c4f56e4691206af9b061b67c971b8ee2e140153b6d1838531fecfef1
SHA512 e8bcd606ba30ada1f6bd75202cb24de215b7bf10c67a332e9b74590e459c00a3ff467f73adaae3adcbe40d164fdd145115f1f24d8e87384104e5c07b93e02215

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 28c158a40e37e17fdb257ed789c501c9
SHA1 52a0d59349c4b4e7b8a807c85932396cb3d8497b
SHA256 1c3321c65f404f4ae9556957020182c47ba2e0f2933c3da92681e096b75d0794
SHA512 91bc04eea6b9a90e3d9729e25ca0ca08e514346ffc3fb17fd48a21442cda79a246be138e31cd51e4d629bf14b930fe37fa12eda54d4e89045ee9668f4fcafa09

/data/data/com.xgbuy.xg/databases/ua.db

MD5 74d2ff1d1294fe30fad3aba833f818b8
SHA1 1cea3cbae56d785500a80ff242fb44c16da7f9fe
SHA256 1471d845ec017c7c7677cea7e407f0fc0aff9e616b938cdf12470951a85f8c94
SHA512 8c7eaf1d8a34825a03ebfae8514915922436a21787decfe3d4ff71435489f622eedfb9e4f48a8e275cf124a103e32e1507c04ab12f99872020a38ca0862c8190

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 1a2e583e5943988e616b8c24b6880566
SHA1 3c799cc573d6ca29dc8e3bef4f7c3829a587c216
SHA256 3f40d4fe3453137bb3353300c8061965f9002cff6b7197573c2b9941175db195
SHA512 a062dee2221b227b4688bb78ae8e8af274be79ef14a8ab12ce194927ae7bdcac6c979d9993652bd4ed07495ab6028ba56cc781d3fddf73ba1d78137100f45532

/data/data/com.xgbuy.xg/databases/ua.db

MD5 14411cdc8e2812963f2e153e29e23658
SHA1 36714dc59e2a97c8edb4ce79382515e80de3ddad
SHA256 07e62f02824843f64822ba6cf793d777d4c91be23420acd9c8725f059cf16bc7
SHA512 bed12fdca8b754af621b579ecd81eac8e4d4aaab44d3267c6740a2c5049857d33a813984217ffce8d3369460d9fc6a3127ebf5cfddfe785267b11ff70b16cdea

/data/data/com.xgbuy.xg/databases/je_1000_ISME9754_guest16725451827759883424348216503022772322-journal

MD5 bc48a7d388ab942d601cec31c2fc5d14
SHA1 b6e217c095e0ab24c8b18dd0a2cf426867daca5c
SHA256 4b8df307e0278c136110cca5022fba25d329625737a37f28461cfd85803dcd67
SHA512 d059360097d4475569686949d7b7407758053ef0105afc7501771f3214b70537663d7045ff5868113c9a0e08523cfe94b79545f465da4ce0feb9e1fbe9f0c0df

/data/data/com.xgbuy.xg/databases/je_1000_ISME9754_guest16725451827759883424348216503022772322-wal

MD5 1a1090e567d6bfe70cdb06c8e09b7a8f
SHA1 db0d7acd10bad1ede1c7ab0ff3be02830aded757
SHA256 8053dba05c29b5231a5449f055f0efc1056b3e573bf7d670a18a5c3c061ae73e
SHA512 6fbaefd912a24215c62afbef910032e74e42beefd234c5547a3639082eba0dcb2b5dd2163ef9f5ff2d9c339b9a62e27177aa9f1507760df74130078b5a36839a

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 b84e013b485154dbb14a9d12d61b5491
SHA1 be9158f4a6f2a46c080d8d488d0804d53a9f4a75
SHA256 e277c57fcc7fc804612b4d701d74d1798376ca0db6220bbbdae50f7aaab17306
SHA512 67d748f4d08329a1b8dc485bfd50e36b8385ff292e39ce61e64d22d257d1a68564c8d1130bc00eea5ec40fe5396c55f1001ae52754fcef83e7499d3c9d56638b

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 8e24e79baab91c4d0604eaa9006a0cb3
SHA1 e427afc94a4b957a7096f73e395a10ea404c076b
SHA256 65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d
SHA512 45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 dbc2713c25c52434c803df429103aa8f
SHA1 1cf874e6d642e83e3bfb2ccbdbbd56c89ce215b8
SHA256 32a020690cd684b5e2fe3b2f742ddfa6c1b267c8873e7e784c089d5a66df1af4
SHA512 ae25e9c453bde5538775c2546246e5d9323bab384fb9e55e0a5688d9a3b2e6b9652b84e44342831b05af08148125a1385d36ac9fb27fd7f61443586eee2233e9

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 1221dfe81c6ed7869d7d18ba4bb1b34d
SHA1 0d2a227f033d0b6aa4f1fa7d4932cfe12d402210
SHA256 7f04e67b57ba75ba36789b4f4784cc912e79a04da2bd35b56d80a0d9a5883b1b
SHA512 c382ae5ebffc26ac274d9b368982445e71b875b5a519f92c43fe0b8b66fdeec1063a7a23467d5807a011727c083a4e8c6f2dcc9d1f0a4378d19b3e1769c135f4

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 40121166e290c9cb23a8831e0147c328
SHA1 193de5c8d3116a94daa7a44eaa38f2f884c7209d
SHA256 4e8e882d868291219a3934784c99c19ef8c181d32b4f260979bd71c7550514aa
SHA512 92f85097324d5e6ac8a9e000f4d1b617a72ebd8ebfe337cbbf61a0a25806620607ab089c221d6bb44f59fc4970c8b0c5a6af07a63028d33c7d5dd67dbfb8c46e

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 2159bf6b07674b22c99d9d63e9588d46
SHA1 5393f207139fd3136ba1a02d7343078e5e725a81
SHA256 8dfd9bde9cf3cd84a0b2eb34c5303b44f360a04ad66cd2efb85976018f94a695
SHA512 1f8136b39c609c5b03208b9b8d7287cdc2fe262e4031bc2e00b8987df747d37b9f65d2c4ba58f201548f6dd55dc8e269fe9f93ad8ceaa4634b491b08f0cf8800

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 fc54aa319a7f80021bd7160a0afbf407
SHA1 bc2585f131233c96cabf11f09e8657c839172c76
SHA256 34fc12d277c0bb7eadcdeae7e8fbc1a2af6e63ee7bb887fd7721f6fe8a326900
SHA512 913c0dec7e3c8aaceb74dcd15483fc8169200c32ddd8326b2bd4c44bc87afff12a6ebf079d5bd29d36bc01f321dde8cef900fac9ff69585bc41672d35a0ba0ea

/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

MD5 b67cc9a984bee4839d5ca34d238b4e2b
SHA1 138f12f8c0d12c7bab96da2a8b08f48442af27fb
SHA256 95fa8a7515521b3202b525b6dfa84408f73d6d0d35c745e6eae61f25d300e710
SHA512 52729cadd78c60abb17775f00fbe18fdf660d888e53874fd70f35d6017c340bebc5d7e1091c99f3e427d0ea923f4b521a58415230d4e85f77dd511d6e0c9520c

/data/data/com.xgbuy.xg/files/Mob/mob_commons_1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 aa8a450ece6851cdf2f6f300a8c3d948
SHA1 c9ba95fff47b042872726d6e506f72e646af9f65
SHA256 9e16d53c2f0cc649f7963686ef7340c7a2ae38df9f19e201537b186044fde397
SHA512 121e7c598dbd03d88d4158e8cda46c341844e632c6a78c93acd6aee71010fdc002c356f6d7206d02d2cb56e4f3bf0455339677171ee0c4929a9e60fceb2c8e98

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 1d5df7c172155481a7d16eac936890e0
SHA1 a3c3de8b584a969be9c514c88bb1da1b1f3bed86
SHA256 9fa8fa838ea4e1286ef5aabf98b317b2ffcf73ba054ad5dba35644c2b2762349
SHA512 e677b6a3eb78225d91ee21c71b885ec7ea6ec87eaabec158f74388366d38ca6f874051c56dd420d53f0f88a90c2f86202decca47654726b5a9ce368fd4fb5259

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac

MD5 81024874f926b0c0c9e613997c9370b1
SHA1 a7b4c37570f3e5aa7bd575d0dbcc71ff9079a95c
SHA256 da5ea38fae9a292777936eae50a76aae4d2a589550448aa6970383e44aabe7d6
SHA512 8ae3ca2a1a4ea6c514fffeb911f4c42ff173433a7fd82980193d883196e748e458e83ee42051ccbabfa7f49792dabbf1eb8a72fea3db16c2f157e7ada4182830

/data/data/com.xgbuy.xg/files/.um/um_cache_1718255076801.env

MD5 67e127d5eb525269b905cf3464ec9eeb
SHA1 40575811124b7fa8d2bd4e9d2ad4414e6d76062c
SHA256 e8db417bd385d8ec35a4d1e8384c772750323bab5e114474559f2ef213c56b3d
SHA512 60d6d4c440c4380c694156025ff5506811e5cc28980a14f861a035a8affdc98dd077b460b027eef5f2b18e619f99d6c697fe776bb92b6ff36f92d9ea1e3f9bd5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:01

Reported

2024-06-13 05:01

Platform

android-33-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.228:443 udp
GB 172.217.16.228:443 tcp
GB 216.58.212.196:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 udp

Files

N/A