Analysis Overview
SHA256
06322cbb3b1d3dccac6048801a0a59bb7bc655b494979f86fafe71a230e47c96
Threat Level: Likely malicious
The file b9d2cefbb3b2286a45a47157a46efa69_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Loads dropped Dex/Jar
Queries information about running processes on the device
Queries the phone number (MSISDN for GSM devices)
Requests cell location
Queries information about active data network
Reads information about phone network operator.
Requests dangerous framework permissions
Queries the unique device ID (IMEI, MEID, IMSI)
Queries information about the current Wi-Fi connection
Listens for changes in the sensor environment (might be used to detect emulation)
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-17 20:12
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 20:11
Reported
2024-06-17 20:15
Platform
android-x86-arm-20240611.1-en
Max time kernel
33s
Max time network
173s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.wp.bookshelfss/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.wp.bookshelfss/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.wp.bookshelfss/.jiagu/classes.dex!classes3.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.wp.bookshelfss
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| US | 1.1.1.1:53 | hotfix-api.aliyuncs.com | udp |
| CN | 59.82.40.77:443 | adash.man.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | mpush-api.aliyun.com | udp |
| CN | 106.11.253.96:80 | mpush-api.aliyun.com | tcp |
| US | 1.1.1.1:53 | beacon-api.aliyuncs.com | udp |
| CN | 47.102.52.8:443 | hotfix-api.aliyuncs.com | tcp |
| CN | 139.196.135.6:80 | beacon-api.aliyuncs.com | tcp |
| CN | 106.15.83.68:443 | hotfix-api.aliyuncs.com | tcp |
| CN | 47.116.84.225:80 | beacon-api.aliyuncs.com | tcp |
| CN | 106.11.248.144:80 | mpush-api.aliyun.com | tcp |
| CN | 140.205.160.128:80 | mpush-api.aliyun.com | tcp |
| CN | 139.196.135.158:443 | hotfix-api.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | adashbc.ut.taobao.com | udp |
| CN | 36.156.202.73:443 | tcp | |
| CN | 59.82.39.0:443 | adashbc.ut.taobao.com | tcp |
| CN | 106.11.253.96:80 | mpush-api.aliyun.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| BE | 173.194.76.188:5228 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 142.250.179.227:80 | connectivitycheck.gstatic.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| US | 1.1.1.1:53 | beacon-api.aliyuncs.com | udp |
| CN | 8.132.237.161:80 | beacon-api.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | api.share.mob.com | udp |
| US | 1.1.1.1:53 | f.gm.mob.com | udp |
| CN | 180.188.25.47:80 | f.gm.mob.com | tcp |
| CN | 180.188.25.42:80 | api.share.mob.com | tcp |
| CN | 180.188.25.42:80 | api.share.mob.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | mdh-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | f.gm.mob.com | udp |
| CN | 180.188.25.46:80 | tcp | |
| CN | 180.188.25.47:80 | f.gm.mob.com | tcp |
| CN | 106.15.83.128:80 | beacon-api.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | api.exc.mob.com | udp |
| CN | 180.188.25.46:80 | api.exc.mob.com | tcp |
Files
/data/data/com.wp.bookshelfss/.jiagu/libjiagu.so
| MD5 | 5aea02f4e4c77fbf2e7a27f7ca9cc06b |
| SHA1 | 522db1748608e9173547b29b7aa82ddc3542c534 |
| SHA256 | 5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2 |
| SHA512 | 5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316 |
/data/data/com.wp.bookshelfss/.jiagu/classes.dex
| MD5 | bb627bb4a0f80f9afa0450dc47329e3d |
| SHA1 | 4799d682391d208d4d98bc601e515921c53c0970 |
| SHA256 | f6188ac072f9b213811f0220d439753b49029daabb9d7053d3a1a3033e3286bd |
| SHA512 | b7378a73f31990c1c8925efa095840a9e423c4a11454f68634f256f06dfde1ca19bc46495c8c54545aa729eb105d6f62bd44635c2e7ac057a692165271f93289 |
/data/data/com.wp.bookshelfss/.jiagu/classes.dex!classes2.dex
| MD5 | d43b5de04d54b750c013069e3305624a |
| SHA1 | 2495ecbd621de7e9a88251c486e63839a6fa8ffe |
| SHA256 | 3903946c2c6e4d478962e331afedf61339a3eff8cb4b80028da152698be9b8a0 |
| SHA512 | 2383c7f85422bd5cc577fdf70af12fe04dfe4fe7bbaee12f5e5970f554a2c2336bc5233337b45e4643204ea181170de0530f40db4453e44029fe9811459c9ab0 |
/data/data/com.wp.bookshelfss/.jiagu/classes.dex!classes3.dex
| MD5 | 6d1ccb46591d34c580af37a690818741 |
| SHA1 | 8f64261ce243cb7624b53831f012765ad5daab04 |
| SHA256 | 940e3fe8ad5a7afff5248d14314398a987465b12f832a4aec0a21517ad21d771 |
| SHA512 | f47aabb28ec711090df32dd30d240f5a49257d238aed6e6a0d7bb17b2ae031cd9a3ae5f0bfa5196dbc0f73aaa897e4386e0c46d8bf272b0c2d96fcdb48c5a6b4 |
/data/data/com.wp.bookshelfss/files/.jglogs/.jg.ri
| MD5 | 57a5020c757b9f6ee521cc42d8fc7904 |
| SHA1 | 8e4d23f6eaf9c5d6d520487948b74106bc34020e |
| SHA256 | 79557bb3199f4aaf89ca7abec4a9eb41bb5a138ff8a34addfab1f72a6513f9ec |
| SHA512 | 372f38f804100ad2431df0073d2414464e62ea5cd3f7a322eca27ff3484f33e5effb4523793375eaf09b370402799cd6e0b45db88923cd783e672ff4afb99d39 |
/data/data/com.wp.bookshelfss/files/.jglogs/.jg.ri
| MD5 | 615c1e27f246e70c4dbd9681fb1d12e1 |
| SHA1 | 5d42dffcd5267c8d657423b0b328faa189185e5e |
| SHA256 | ed0120c63f8bc9689bab0ee57d806796db9a0381a9d6cfd21780d02d54c0c7d1 |
| SHA512 | 6e3bb7086219bd316b779b1d83716175ca4611ced857d1a340d9e84c7e38df0fded49661c70ccd1d13b3be5af1806bf80cbde9938536723a2d9e9871eee52458 |
/data/data/com.wp.bookshelfss/files/.jiagu.lock
| MD5 | fd451ff9e1780a67b568c316205d60fe |
| SHA1 | f3e86b58d4a2770f89db623f76f50ef90c5d250a |
| SHA256 | 4211ac8078899cb36bf25ae0274b36b85866e359fce9dd615c041a41f0bf6130 |
| SHA512 | a53175e20801a4e7625d10a05de0815198de5a1098c1679ae766b0a1ba2a1b0bca4a0371566e252210334fc89996cadd0aef23cb9ddb4926b26c8a3e46db620c |
/data/data/com.wp.bookshelfss/files/.jglogs/.jg.rd
| MD5 | 2f767fcbf1e2ed6f2f7b380ad4ad79de |
| SHA1 | 96fd04681ec560c1aed9b5634cc51fe4285e3fb1 |
| SHA256 | 3db830506b1589b92f8dc518b0f79772cb3905248dbac0a362b8b989e2de07cc |
| SHA512 | 8b955221a77a989f4271d57307fdd37407374df33f3323d5de76d18fb12027a6b26cc2d218a68d12367e13ea579d2e64858725c706914d720067646a4815d4cb |
/data/data/com.wp.bookshelfss/files/.jglogs/.jg.store.report_pid
| MD5 | 142b5807648d74f1e7a4c18ecba0c497 |
| SHA1 | 9b17c4f62497a0267a7e500a7a7d9198f622429d |
| SHA256 | c14dad6ff06986618554180859edbd1f37d0da8c38727e58b3dd57884d6a2f69 |
| SHA512 | d2453e49a932228b35a2a81b94c0068362c9385caa44b0f34a4efd1a76711d49fa5cbb70a109d204640762c8c1be5cc0acbf4e7e4f4bdbc245d303a6e7653e1c |
/data/data/com.wp.bookshelfss/files/.jglogs/.jg.ac
| MD5 | 900f3985d4200a80dc5fdbbbca632d68 |
| SHA1 | 4db398db765362edc1af01ee70719a34df864b8e |
| SHA256 | c0fcaa64fd5e04a66741d9836943040701f1a55baa55e1579a4a7527f9bb5bb5 |
| SHA512 | 28a384b9137d405b86c7a7e20d0d0f74754a09d4919211825989a88d7c8001a9e052ec8d8b0f70ad1f05fc8e514c22914d49e5f9a2449d6d8443b4335d335666 |
/data/data/com.wp.bookshelfss/files/.jglogs/.jg.ic
| MD5 | 34e386f58245ce88fdd9aa29ad64f05b |
| SHA1 | 56b1a87fcacb520aa435b7819e37aae31b09ddac |
| SHA256 | 15ded14ef036a28aff0948ac2367cc0dc1a1b9e1074fc6a34e03f421ece8fd76 |
| SHA512 | a11c381f797d6c56ca853e22a5614fa5f9820de623de6a8ac6a2124aae3d65e08da9a5f3f080ee39e6e06bdcaedbfb2994e13df36b89a9db2bb50da0270f260e |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/data/data/com.wp.bookshelfss/files/com_alibaba_aliyun_crash_defend_sdk_info
| MD5 | 8728d1287220b9b05ad351f7f0db6172 |
| SHA1 | 8b9f067ab9f310c18fc51622646030ca21ed3b27 |
| SHA256 | 493ce31f45fef58379bd7351783fd6995097bbb5a7b22a47a61279ef018261c6 |
| SHA512 | 5a5ec796ebd220e8aaf2c4774db93876769189e3c7281e32e0a159830a3fbac177b9a9a88bba05777e5d458f8aeb53f473f02c112730ffd74b961544ff6cebec |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | c2bbceaf87c13fe3104355db5baf2c1f |
| SHA1 | f96bf818904f075e3d0af0bcacf8eb934bcee62e |
| SHA256 | fe90fd6852c279528f261a1ef6d0218cb501738e893a9b9baf80a7b1496c77ee |
| SHA512 | a4962ac45f86d49dc2a492b87e6c4d473653431bcefbdc88322ee9394986ef0fd7c9d641285592142de561047f66dc50fc10d4e89cf41e74ad77c5244249dfd7 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | a34026d6b37199b5ccd8f52141af8da8 |
| SHA1 | 3a5d06405b1e062cda9245ea3cbe749dea13337b |
| SHA256 | 4c11df7b1cb1537477c75db32ce98df798bea287ee3eed3c47ecc6dc5699ebe0 |
| SHA512 | 3dd66a094b1a82b96df217ce21d9ec08ed79c43007aa40b42dc1b92a517bb0d2e48a0276b4012ffd7a441d35117a61ffe284d220eecf50fd1ce8aef90469500a |
/storage/emulated/0/Mob/comm/.di
| MD5 | 70a42cba408700f9a6c01c7941a8829e |
| SHA1 | eab01cc2c0671538795fb0b1146017dc099d0984 |
| SHA256 | 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f |
| SHA512 | 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c |
/storage/emulated/0/Android/data/.mn_410185822
| MD5 | f321656a466363e5192773d92000e401 |
| SHA1 | 3a6abe9be1a6f4deffaa98fd27f3449c888d3c4a |
| SHA256 | 53efd5207de6ed80429ec3c7865eed2b64023a0ed66e0fd29e7f45b708a1751c |
| SHA512 | fcf6884bf5ce8d10b3a3dd461fad96cb6cf0bc4129e01788de112551230fbc4d8ea6961b04411d1c7816e248437c4560277069d9c544e5450612abc0e2c0171d |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | a1f673291d43e7e54aadb83e12f94247 |
| SHA1 | 656ea2e8ba8ec6a6a36aa9ce324d2b44ca14b069 |
| SHA256 | 4dea2b098bb43d21a13648ec270b0e77bd8b6689e964ac1700f5b3b2d9bb6ac4 |
| SHA512 | ecc7404f634b603bc08bcd331cdf8c38bfa3b4376be02c0238f2607dbc40f27778a3490bfd8529c4c57e7489ca4233768e06c4d4dafafeb27466cf758aef86c5 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | fae6bf82eb4b90e6ad887081520e03df |
| SHA1 | 5264e541f55097d89b805b54be65fc080f234c53 |
| SHA256 | 684a85ffe60e39b53d999a5e0d16b6421fa59aae560bff9fe83c5713ae1df4d2 |
| SHA512 | 5b358da9ebcca8b13e14ed33b0901c8b8906a0c74c8acc13f99baddb3185fea3c70090e4f213f466f9dcfa238d81f21999f1291627a68a71be546e0ace10c953 |
/data/data/com.wp.bookshelfss/databases/ut.db-journal
| MD5 | 13e25b8f60e87527f7e7a30c8e383c20 |
| SHA1 | eacd3b19f906d64723d29b051776b09efec85825 |
| SHA256 | cf32c22c39183c88816ec1d2baa619d827014f96e21130b148809d4bac3d93ca |
| SHA512 | fd365cfe4a3689fb1d81b65f41b3dfcb1c196da096f4f73441781b7f460aea475cef009bb086610211fa1bde231a61f09522ef8a066cd086605b129fb1cc4576 |
/data/data/com.wp.bookshelfss/databases/ut.db
| MD5 | 38616785cca0600a03205f84fe330b4b |
| SHA1 | 6ac41a6bdcae297d56dac5fdde70be5faccf0832 |
| SHA256 | b05c698d5827005da5e04b4fbdcac53cfc83405247353f8e9e145969a820a4e8 |
| SHA512 | 7ff2901c032607f5fa1f24a48056ae85fe8d67b6c5649233fdad7b66950d359b2fb933344bf1e2fe6255a00c593de7bcf959d201fe8b6ad214249bb31f855a08 |
/data/data/com.wp.bookshelfss/databases/ut.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.wp.bookshelfss/databases/ut.db-wal
| MD5 | 483ea01f9a6062adabc31fefc2f4a0d4 |
| SHA1 | 4b085843bfea3dfe7ffb240306067d8dae261512 |
| SHA256 | 4b1bd4500483e453999e2fb20251f9a3c2449f09cdf7e9623cab8e67a05a55a8 |
| SHA512 | dfc2f7b7683b363161a805ead3b4ff5db33f1bf1db94e4e6b2bacdcad639f25e7b620706601a039b51fa1dc6e59325d5e60b3f1e31989212ca6e2a7536d25495 |
/data/data/com.wp.bookshelfss/files/umeng_it.cache
| MD5 | f1257ace15fc11dca423d6680ff11f31 |
| SHA1 | 6aff5b7900f3867161ddd70240caaf940efc236a |
| SHA256 | 54698fcc50ae1a11e9214fc77499ae2e1928b6af89ff9e8864306721ae80e1fe |
| SHA512 | 9398102552b735aa361d33021cbb70e02472082ec5f68e8731719acf4a469695fee760a86856395a1e41e80bebbeb5a13eb2d4aabc7337d1d3d7741560b5a414 |
/data/data/com.wp.bookshelfss/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4NjU1MTQxNzA4
| MD5 | 711e2adf40780dc2d48d61e4dce6f153 |
| SHA1 | c5c266b720ff18ff19ad614713d4cd0bd64aff85 |
| SHA256 | f71058f8ba1578836a5f37a1fd4cc456bd1e500b101a3e030d797358f240a372 |
| SHA512 | 9c02977aa509af12f8b17b83976ab1911d4ec4ff355ee4fe9bc4a4dfd77986f490862e37b326cb27003676dd294634efb905a44951feecd41ad58d6bc7f44a7d |
/data/data/com.wp.bookshelfss/cache/image_manager_disk_cache/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/data/data/com.wp.bookshelfss/cache/image_manager_disk_cache/journal
| MD5 | a59803c282a1c9344742210f3feff30a |
| SHA1 | a81be425eedad0b716dcaec837f69c77b1e2db16 |
| SHA256 | cb2f1c196e114a8699ff68d317d1d604b12953f976929270f44b8155c08f63d4 |
| SHA512 | 1157493fb110ded3b2997e722eadd6d7c108b285383a602c04c264e667246b3ca835f9c85e0200fdee98d5642b5c47b8110cd5ad7d0bf69e8c637a30a7d8eb54 |
/data/data/com.wp.bookshelfss/cache/image_manager_disk_cache/ac201a69e3ce89630e70089c24f8581ea83aeefb9246b3f9ed9ff4e912e440fb.0.tmp
| MD5 | 7537f6ad7be8aecbce2a4e0d59df934a |
| SHA1 | 3aee72e6be404bc10531d3e171fd0fdadd168c6a |
| SHA256 | 355d7720f65e0b7286dbe2142d23bd72effb13ad60155d9eb8216ff12c67db1c |
| SHA512 | 849e3664b2fda5231599b166988407ea727093f4741de70a1830e377248b81be03883be552cc77a0482f0bc6a668d9e93bc3a347d886f27fb78930d063bc6bf1 |
/data/data/com.wp.bookshelfss/cache/image_manager_disk_cache/b5dbe158a9491d8ce8f8ffa6508917b30b8846c884fba27de3524971d4b97f47.0.tmp
| MD5 | 334a24519d36e52bc009374befa819a1 |
| SHA1 | 0f6836cfcfa3b130383ebbc0268d5ce05c98409e |
| SHA256 | 07dbf8399cd755edbf20b90e97abd4d91ad649785ce98c2648ce570100cd81a7 |
| SHA512 | 0f1ca776734ba1f295832037452759207bb8e1f2073fa9f273669afe3dfb9729112af66fbc232defa8933becb38a54f182f06be2e6927a72e3f1fe1e249cfebc |
/data/data/com.wp.bookshelfss/files/com_alibaba_aliyun_crash_defend_sdk_info
| MD5 | 1ef6ace51c3d1b525dfb7fff1a534500 |
| SHA1 | 02d7c362ba1125cb0a9773c48d45e6f6509ec323 |
| SHA256 | b39e479f868dfdf666d1f67750865b3c3cbca1fa9a5438b0413f9fd6c2c05519 |
| SHA512 | 8ff959023df1d07e401ebf0534f8702fb4d03076f688017b83621e476d1c739a228070e42d04ceb7bf7f9622d22530d5d2553100310c510660b8b952c31fc268 |
/data/data/com.wp.bookshelfss/databases/ut.db-wal
| MD5 | a1c433cc7c23170c3685f86bc5580578 |
| SHA1 | 158b89ffaf0e7f15f20f86f3a453f0c0f7543206 |
| SHA256 | d69ee62aff9b87b78ab421d577cf394d2f4e2353ef74452c3971ea0da588d7d1 |
| SHA512 | c6ac346b61b4f78dc7440dd4e91485a99c84a877c5d1293913509cd077dcdc2450d0afe8cc3e60ed621e8842526d4a73824c3f46ad08bde414ebdae6164fc056 |
/data/data/com.wp.bookshelfss/databases/ut.db
| MD5 | cd64c9f30b0354c9d5b92cde6c3a30f4 |
| SHA1 | fb4e6d60cc97e017bf6a7a203523d1681fb685cc |
| SHA256 | f074e427ff4e8cc8dbda3d2693512285cad13d1312d3959d6fb7cc06dcaa0454 |
| SHA512 | 362dcf68182a78081d0167e0cdc90843a6613700ac9ee1253c7a62b971244fd5991eb8ff60f286e1a97b2290d285d6c94c0a5d96cd0aa9800059630cf883f7ed |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-17 20:11
Reported
2024-06-17 20:15
Platform
android-x64-arm64-20240611.1-en
Max time kernel
32s
Max time network
144s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.wp.bookshelfss/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.wp.bookshelfss/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.wp.bookshelfss/.jiagu/classes.dex!classes3.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.wp.bookshelfss
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| US | 1.1.1.1:53 | hotfix-api.aliyuncs.com | udp |
| CN | 59.82.40.77:443 | adash.man.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | mpush-api.aliyun.com | udp |
| CN | 47.102.52.8:443 | hotfix-api.aliyuncs.com | tcp |
| CN | 140.205.160.128:80 | mpush-api.aliyun.com | tcp |
| US | 1.1.1.1:53 | beacon-api.aliyuncs.com | udp |
| CN | 8.132.237.161:80 | beacon-api.aliyuncs.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.75:443 | plbslog.umeng.com | tcp |
| CN | 106.15.83.67:443 | hotfix-api.aliyuncs.com | tcp |
| CN | 106.11.248.144:80 | mpush-api.aliyun.com | tcp |
| US | 1.1.1.1:53 | adashbc.ut.taobao.com | udp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 106.15.83.68:443 | hotfix-api.aliyuncs.com | tcp |
| CN | 47.116.84.225:80 | beacon-api.aliyuncs.com | tcp |
| CN | 106.11.243.160:80 | mpush-api.aliyun.com | tcp |
| CN | 139.196.135.158:443 | hotfix-api.aliyuncs.com | tcp |
| CN | 106.11.253.96:80 | mpush-api.aliyun.com | tcp |
| CN | 59.82.40.77:443 | adash.man.aliyuncs.com | tcp |
| CN | 47.116.84.195:443 | hotfix-api.aliyuncs.com | tcp |
| CN | 106.15.83.128:80 | beacon-api.aliyuncs.com | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| US | 1.1.1.1:53 | mpush-api.aliyun.com | udp |
| CN | 106.11.253.96:80 | mpush-api.aliyun.com | tcp |
| CN | 47.116.84.196:443 | hotfix-api.aliyuncs.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| CN | 180.188.25.42:80 | tcp | |
| US | 1.1.1.1:53 | udp | |
| CN | 180.188.25.47:80 | f.gm.mob.com | tcp |
| CN | 8.132.237.161:80 | beacon-api.aliyuncs.com | tcp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| CN | 180.188.25.42:80 | tcp | |
| CN | 47.116.84.225:80 | beacon-api.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | api.exc.mob.com | udp |
| CN | 180.188.25.46:80 | api.exc.mob.com | tcp |
| CN | 180.188.25.47:80 | f.gm.mob.com | tcp |
| GB | 142.250.180.3:443 | tcp | |
| GB | 142.250.180.14:443 | tcp |
Files
/data/user/0/com.wp.bookshelfss/.jiagu/libjiagu.so
| MD5 | 5aea02f4e4c77fbf2e7a27f7ca9cc06b |
| SHA1 | 522db1748608e9173547b29b7aa82ddc3542c534 |
| SHA256 | 5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2 |
| SHA512 | 5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316 |
/data/user/0/com.wp.bookshelfss/.jiagu/libjiagu_64.so
| MD5 | 289fb443987b114ee4237b4dd97672bc |
| SHA1 | 9b898410845dfaeae3af212b5df41177ba9b8f34 |
| SHA256 | a55e9ee18285b41a4ea1bf375930a5bdb603dbfc530a3dcb224bbded14e68210 |
| SHA512 | debbf2720c9b132b5923eaa9fcb372a72a97d574bce59789d06b645925fa2d6a27473aae4c9f1e4968614d44fd98a8b0fb1eec217a595fb5c80bcfc056705508 |
/data/user/0/com.wp.bookshelfss/.jiagu/classes.dex
| MD5 | 84b3c993023a259d2d2afb777e6f30de |
| SHA1 | f87940e3e19c2bd09404ca4c8fec4912865d9d4b |
| SHA256 | 95cb046f9df86e04709e69723d16df880eea19a646a9a2a38aad43885356dc16 |
| SHA512 | f5b09817588b5fde057d5c59d993f3cb3337dffa8450d7dcd8e453d37cc5f70320b42625570c78ebd16cb49b3b3334f038335993cda9a218cfb0cccd7e41eb62 |
/data/user/0/com.wp.bookshelfss/.jiagu/classes.dex!classes2.dex
| MD5 | 44b7432b8f6afbc8c26ae566d57e6caa |
| SHA1 | a572c9d5e05ead04361cbe9d338459d31f39da0a |
| SHA256 | d5c7b54790dab489ab0fee195d1c40de6c93aac67afaa6374589056619e237c3 |
| SHA512 | 58c4097682232e88d2340c38ff1551f983eae1237b466ca260648c1b9d4d23c1cc018ce51f8946961eeda96f6ab47a9e26b2578549be5e93854350a47d5c41c4 |
/data/user/0/com.wp.bookshelfss/.jiagu/classes.dex!classes3.dex
| MD5 | a476bfcc0629bed383d683edaf58dfa9 |
| SHA1 | f2822fb0ffd10e8e7e5d00d1c846202b9d4a064f |
| SHA256 | 610c7de3000575b8a0167661623de11da59ceb573b75ae5f96b07212c87415fc |
| SHA512 | d248c4ee8ecd2691a39d95092081cc6124380195d1b2a63c6d8d5aef36fd7d3e0ff76f4464ec9cf44288c321cd7fec39cc2cdf194a022a552a05cb6b80725f89 |
/data/user/0/com.wp.bookshelfss/files/.jglogs/.jg.ri
| MD5 | e94818b9fd3ef4dd6ac13b342fe6a973 |
| SHA1 | cb29e02256f1c94e9e0183633a00d4c49e810eda |
| SHA256 | 06948806bd6de09a60d6b5715ea53bed63e8b7a478483a39b922f0c9198d17ef |
| SHA512 | 8d82f52d43bd665f40f7c333fcf76c1af611428932bfcd2d648a5939e8bfe85b56700dfef92b0c45bbab97f9d52135ffa24a8ebe932c705d953828e321c7e221 |
/data/user/0/com.wp.bookshelfss/files/.jglogs/.jg.ri
| MD5 | d593ea0aec4b6cafb6a6c071a95867b0 |
| SHA1 | 1716f74f7a3b6ee212b62cae0194eb3c79cc9fb5 |
| SHA256 | 13f604419614c48a75c7ceb940c516c91a83b3bab4ab5c31abbc7e030704b58e |
| SHA512 | 2b2e16e8d554e6846f54c91a479b3c581e9e55829ccf55ecd70d0f55f163b2b9f0db06751de0ca61ffbada185dbea8a97fd3370cde9dfe1fdc0fd48e1383bfa8 |
/data/user/0/com.wp.bookshelfss/files/.jiagu.lock
| MD5 | 839ff82a80dc002e5be5369cd04bc60e |
| SHA1 | e79267810ec47462bc8f2b0b7aa5b3494061629f |
| SHA256 | edde35ffda399b262f192856fe964c12676dcafcd81bd6705d53d7832fc6bf2c |
| SHA512 | 404d7d47d4e08d990684c189176e8eafa1cdbd5adeb9b09ebe0230dbce92eaa03f60c43d8cb3af0a8d92a0ec81d42b2d6c13a64edf209263d143dd526886d770 |
/data/user/0/com.wp.bookshelfss/files/.jglogs/.jg.rd
| MD5 | 465262c952a3f192f83a436edd31df39 |
| SHA1 | 0e4616bc257b59800b621c8db6435532683ac605 |
| SHA256 | 54e5a350814a2d6db8cc6c2ed4e7a24a524c81752cd4c5dac00d86ffc9dd8bf9 |
| SHA512 | 93e41d62ee0f612094ccb7806e26c224fb4fbb2eb7f032c2a737826db8322a2b415ef9ffa6e8830eaae175f85157f3c18751c30489c373ca09635bf7ab1b2d94 |
/data/user/0/com.wp.bookshelfss/files/.jglogs/.jg.store.report_pid
| MD5 | 142b5807648d74f1e7a4c18ecba0c497 |
| SHA1 | 9b17c4f62497a0267a7e500a7a7d9198f622429d |
| SHA256 | c14dad6ff06986618554180859edbd1f37d0da8c38727e58b3dd57884d6a2f69 |
| SHA512 | d2453e49a932228b35a2a81b94c0068362c9385caa44b0f34a4efd1a76711d49fa5cbb70a109d204640762c8c1be5cc0acbf4e7e4f4bdbc245d303a6e7653e1c |
/data/user/0/com.wp.bookshelfss/files/.jglogs/.jg.ac
| MD5 | 900f3985d4200a80dc5fdbbbca632d68 |
| SHA1 | 4db398db765362edc1af01ee70719a34df864b8e |
| SHA256 | c0fcaa64fd5e04a66741d9836943040701f1a55baa55e1579a4a7527f9bb5bb5 |
| SHA512 | 28a384b9137d405b86c7a7e20d0d0f74754a09d4919211825989a88d7c8001a9e052ec8d8b0f70ad1f05fc8e514c22914d49e5f9a2449d6d8443b4335d335666 |
/data/user/0/com.wp.bookshelfss/files/.jglogs/.jg.ic
| MD5 | 34e386f58245ce88fdd9aa29ad64f05b |
| SHA1 | 56b1a87fcacb520aa435b7819e37aae31b09ddac |
| SHA256 | 15ded14ef036a28aff0948ac2367cc0dc1a1b9e1074fc6a34e03f421ece8fd76 |
| SHA512 | a11c381f797d6c56ca853e22a5614fa5f9820de623de6a8ac6a2124aae3d65e08da9a5f3f080ee39e6e06bdcaedbfb2994e13df36b89a9db2bb50da0270f260e |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 2b6b70ca567443677a4d66627a991ad8 |
| SHA1 | 9d3502c4ad6b750c5582cdd7333abec76a2f3a21 |
| SHA256 | 4ed5441307034aaed7d9699028471d377071c7af451080ef18575c9751be19cf |
| SHA512 | b7ac7c6bf95f5650e52bba8b5c1942422185e8b203f5548cc1d3a9d949ae8f26b44ca6f8f6bd8b3e89a5add2f1763a52aff43e142c03dff83edf5d1392f264b0 |
/data/user/0/com.wp.bookshelfss/files/com_alibaba_aliyun_crash_defend_sdk_info
| MD5 | 8728d1287220b9b05ad351f7f0db6172 |
| SHA1 | 8b9f067ab9f310c18fc51622646030ca21ed3b27 |
| SHA256 | 493ce31f45fef58379bd7351783fd6995097bbb5a7b22a47a61279ef018261c6 |
| SHA512 | 5a5ec796ebd220e8aaf2c4774db93876769189e3c7281e32e0a159830a3fbac177b9a9a88bba05777e5d458f8aeb53f473f02c112730ffd74b961544ff6cebec |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 2b2c990744f2fdae6094ece1051f6661 |
| SHA1 | d8d08b335dd83405c98500243793478b625049e6 |
| SHA256 | 9538df41527fc47152e4f77c08e6164bbc33112d3476dfdea9550c3ae28d30c0 |
| SHA512 | 12a927d81d49e59e496401a49d3e5507b444ba72eba3de92cc70ef4565836e13aa08c6277f880aa40bf0b60f2f1fd3e97e66dc448e50ff2265fb545143c490f6 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 380fa89c0b10b72e04e16ea09af0d61e |
| SHA1 | b9d1c294993db2fd0e9eefa8b43c15f82b85b454 |
| SHA256 | eeca9884ea42641c911b65fae598231b877c71aa923ad70758c6faf4545d1be2 |
| SHA512 | 7bddfc77f5c98e89f94f7951f1a5ad3d26658a370623306ac29f2daf55db89fbb2e373a180a3aba6cda59850a7303b6f05a2d282f546578a70269a41c761939a |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | dbeb18e1fdfc9690e70dfb35c4b58980 |
| SHA1 | ad0da9657a94388f18a456d6934f2c40be817efa |
| SHA256 | fe06f4a1ee102a21b4a4840f7db8aab06a15c024a500c9025187a1e83e172f33 |
| SHA512 | 0438dd7221796e5c20946c6965f4166976ec7f157f4cc80d55c6b50e7ad6e998a08f3010aa98d325737f53373d774cf1f1f2e170e8778bbaca499d26209a84fe |
/data/user/0/com.wp.bookshelfss/databases/ut.db-journal
| MD5 | 229f54f724fc51b7a61ecb54e91da195 |
| SHA1 | fea6bd76b8c137d08a7998b18487cdeff2d17629 |
| SHA256 | 1f474907eededbca10e83a4ef4b5a8ac163cbc831e2fbdd9c9b83550728f91bc |
| SHA512 | 4697badfe939c43dc32e3032501a226b0b6c743bab75fed4418e0c090973ed2a35f75cf0b61c07b8c9fef56d3dc8c96fbc2ba3d4f1af3c972a6fbadb35afdd26 |
/data/user/0/com.wp.bookshelfss/databases/ut.db
| MD5 | 75694e403dbc728c85b85d55d972d357 |
| SHA1 | 346ce6fb424f486cc32f7f46649649470cd57225 |
| SHA256 | ad9862b2cfa8b250817df299b073d617bba35aa05292f7f0c6cadcefd47cfaf9 |
| SHA512 | 591d814f3bdba7180588ec333b554f946a977374df798bf69a352b4f1f0b43a412b5998622a059cfb3ad94eefb56d6ae62c6fe7dfefcb9ec5d47b98971bac6ad |
/data/user/0/com.wp.bookshelfss/databases/ut.db-journal
| MD5 | 068964b6a3c2a7668eca78d1da22781f |
| SHA1 | ef6ee381087a0e0d0afd3871234e44dcf3a37cf6 |
| SHA256 | d968833316d788246e39645de352ad7474f04ba683eb0084aabe43aa15623e7b |
| SHA512 | 42b379a3820c3ec111e04b1ccb457d632be1a4e121a87e4436932d216b680b3a0730d43a464017d843f385a6b4c36562a52e7cf249b6b169c2ee2b8e640ec093 |
/data/user/0/com.wp.bookshelfss/databases/ut.db-journal
| MD5 | ca9c185027c093c3b234f806fcdce05d |
| SHA1 | e2cff1c404d0ab6514bfc6dafd05f34dff19480f |
| SHA256 | e4eacd91351c9327f7e9e2783fcf6ef6fc00a51fe90436e9bcfe7756f504d8a2 |
| SHA512 | ebb6b0e27e23f4f414b5152732f84d719cce513a23c52a913e4081a779d486e50ffcf026a044e2a9279901060a0c061416e7d124ed4c05a220b267b475185efd |
/data/user/0/com.wp.bookshelfss/cache/image_manager_disk_cache/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/data/user/0/com.wp.bookshelfss/cache/image_manager_disk_cache/journal
| MD5 | 2837fa006b5b3de7a6b47dd17f432a91 |
| SHA1 | 341fc077bfccac4858cfd539f882191dad682e73 |
| SHA256 | 2eb223d94df952600a6c73c3fb34f311568677c7d731c532e5979086c0113569 |
| SHA512 | 9f071a9b44797816a1f7ccbe478ea539c950d49f832c76aa921056c09e349beb70989af3a29ec474c6b078bf957702d89241ef4de3e545e831958627dbf1995c |
/data/user/0/com.wp.bookshelfss/cache/image_manager_disk_cache/ac201a69e3ce89630e70089c24f8581ea83aeefb9246b3f9ed9ff4e912e440fb.0.tmp
| MD5 | 37ba8b2b120f838828a412e93efe3892 |
| SHA1 | 9834520686bd3d294e937ea125a80b9dba651491 |
| SHA256 | 7ad3021d5715bd46ef684c23ce973650ae490f3b57602892547ac950510daea2 |
| SHA512 | 51053705f3ead2af86da34d4281b8b8b560077a6151810f63c9590c571ad71377500d4788df12d37c45297258bc5032624a2c945234e1ad53d7f0cc7fa03e7c0 |
/data/user/0/com.wp.bookshelfss/cache/image_manager_disk_cache/b5dbe158a9491d8ce8f8ffa6508917b30b8846c884fba27de3524971d4b97f47.0.tmp
| MD5 | 54a39c805f87bc419b1f4267a98c73a1 |
| SHA1 | e1c543bc42da9a4172c3c1f3b2128c2a2aa94624 |
| SHA256 | 47c029e5157073c6675313921645078dd0a2bc9a549bcf4888b7b9d730085b61 |
| SHA512 | 515279e96ce88b48c606f706f9356b5bf4b8d5b3b16ba305cc087ee38ff3e6af03d812acf10dd676a6686dd2b2952b2ebec727528a8884fe90aeb1cce5bfe694 |
/data/user/0/com.wp.bookshelfss/files/umeng_it.cache
| MD5 | 9d05432840286ed848684c84e0c17e32 |
| SHA1 | a6a6b08a35b585730fe1c5958d9a5f44bd9d0cdf |
| SHA256 | 2e971b653695381670fc89ffe550b86067aa881bb9e3004f590a298a9f703302 |
| SHA512 | a1ce3e7d4fba4e9426f1a1c46e713b7c7ef7b4da92391eda04cb1fdf845a52b8f7e73949ea2d8811bdef01ab1b690f42ba3ed7cd52cdd80f29430e2001d6c5ca |
/data/user/0/com.wp.bookshelfss/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4NjU1MTQzNjYz
| MD5 | dcec8f726aa62bede2008e2d66dfd59c |
| SHA1 | 71efe8fbc5adb592a127da5adfa6bef090fd274b |
| SHA256 | 52c6c4120bf5bb332011ecb8eea8b8682b5fff3ce15bf3f4abc642fcb6c5b60e |
| SHA512 | 0208f887807b69a8d17da3d8d4c4ef4d766eddf5e128713d8f174fd6d5183a9e0d0b8d0194e79c9c5f65ca64f9fd433e68ec4976b8088e22c9c624a28228e14d |
/data/user/0/com.wp.bookshelfss/files/com_alibaba_aliyun_crash_defend_sdk_info
| MD5 | 1ef6ace51c3d1b525dfb7fff1a534500 |
| SHA1 | 02d7c362ba1125cb0a9773c48d45e6f6509ec323 |
| SHA256 | b39e479f868dfdf666d1f67750865b3c3cbca1fa9a5438b0413f9fd6c2c05519 |
| SHA512 | 8ff959023df1d07e401ebf0534f8702fb4d03076f688017b83621e476d1c739a228070e42d04ceb7bf7f9622d22530d5d2553100310c510660b8b952c31fc268 |
/data/user/0/com.wp.bookshelfss/databases/ut.db-journal
| MD5 | 10a8b7eb70b920849f3db5d1d4627f2d |
| SHA1 | 090114e3829a3cfdc945d42a9c8217fee0b817a9 |
| SHA256 | 0ff4d9a587e77e7db836a43bdf113234d19d8ce74c8b980ee46790c879792544 |
| SHA512 | f35fe56d0b16191e7504ef190b98ee33b640dd01a433deb381dcaeca03a94abbad268adfd967605eedbf8c9dcd0b799012bd29ca4a81fa6dfc2b744c327bed95 |
/data/user/0/com.wp.bookshelfss/databases/ut.db
| MD5 | 65fb322f5c0def02410977c39cea771b |
| SHA1 | d6881a615e14580483605bb10e6cff6cbd1133d3 |
| SHA256 | 6fc2d66520e090b937a0f3895391efec6d4e9eac43d704ab4aa37d550924a66f |
| SHA512 | 539927c000064814bcaa5e2c6768376b21c18cba1949d9b65b6371e70ff35184b92762af2e07b061d5a36a65f84b9d8be8db474d34f07c15d32b25e5167c41f5 |