Malware Analysis Report

2024-10-19 13:10

Sample ID 240618-g8y5mavflq
Target bb1ab6ce6f0e4e56baafe4f311b89511_JaffaCakes118
SHA256 c41f292bdad54f5098db9ff52bf194db4359e5961bc7c007eb542de606ed267c
Tags
collection credential_access discovery impact persistence evasion
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c41f292bdad54f5098db9ff52bf194db4359e5961bc7c007eb542de606ed267c

Threat Level: Likely malicious

The file bb1ab6ce6f0e4e56baafe4f311b89511_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection credential_access discovery impact persistence evasion

Checks if the Android device is rooted.

Requests cell location

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Checks Android system properties for emulator presence.

Queries information about running processes on the device

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Declares broadcast receivers with permission to handle system events

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 06:29

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:32

Platform

android-x64-arm64-20240611.1-en

Max time kernel

14s

Max time network

138s

Command Line

com.nd.android.widget.pandahome.flashlight

Signatures

N/A

Processes

com.nd.android.widget.pandahome.flashlight

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:32

Platform

android-x64-20240611.1-en

Max time kernel

138s

Max time network

158s

Command Line

com.nd.hilauncherdev.plugin.browser

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.nd.hilauncherdev.plugin.browser

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 pandahome.ifjing.com udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
CN 60.220.179.148:80 pandahome.ifjing.com tcp
CN 60.220.179.148:80 pandahome.ifjing.com tcp
CN 60.220.179.148:80 pandahome.ifjing.com tcp
CN 211.97.81.63:80 pandahome.ifjing.com tcp
CN 211.97.81.63:80 pandahome.ifjing.com tcp
CN 211.97.81.63:80 pandahome.ifjing.com tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp
CN 221.204.43.57:80 pandahome.ifjing.com tcp
CN 221.204.43.57:80 pandahome.ifjing.com tcp
CN 221.204.43.57:80 pandahome.ifjing.com tcp
CN 116.148.161.142:80 pandahome.ifjing.com tcp
CN 116.148.161.142:80 pandahome.ifjing.com tcp
CN 116.148.161.142:80 pandahome.ifjing.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 60.220.179.176:80 pandahome.ifjing.com tcp
CN 60.220.179.176:80 pandahome.ifjing.com tcp
CN 60.220.179.176:80 pandahome.ifjing.com tcp
CN 59.80.47.66:80 pandahome.ifjing.com tcp
CN 59.80.47.66:80 pandahome.ifjing.com tcp
CN 59.80.47.66:80 pandahome.ifjing.com tcp
CN 60.220.178.254:80 pandahome.ifjing.com tcp
CN 60.220.178.254:80 pandahome.ifjing.com tcp
CN 60.220.178.254:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 221.204.209.105:80 pandahome.ifjing.com tcp
CN 221.204.209.105:80 pandahome.ifjing.com tcp
CN 221.204.209.105:80 pandahome.ifjing.com tcp
CN 211.97.81.139:80 pandahome.ifjing.com tcp
CN 211.97.81.139:80 pandahome.ifjing.com tcp
CN 211.97.81.139:80 pandahome.ifjing.com tcp
CN 113.201.158.118:80 pandahome.ifjing.com tcp
CN 113.201.158.118:80 pandahome.ifjing.com tcp
CN 113.201.158.118:80 pandahome.ifjing.com tcp

Files

/data/data/com.nd.hilauncherdev.plugin.browser/files/browser_recommend_data.txt

MD5 fe37b27eb6d4e39bfd1a8aa2585dd0b4
SHA1 67bd43d83d64e0dcc79e72a62bae61af99a6f277
SHA256 363e018f9500125807101f52da8ca97120f47bb040dd8c77dfe94228c088a8e7
SHA512 7f2b089fff400b32d0f72026b8a47aac2acd625b9aabc688037b5b3f8e1cff557688a7f63747a2a6914dbb08f97f10cfe7cfa54d3970283c51446738545f0adc

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:29

Platform

android-x64-arm64-20240611.1-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:32

Platform

android-x64-20240611.1-en

Max time kernel

44s

Max time network

149s

Command Line

com.nd.android.pandatheme.p_nishiwodexiaoqingge20160517

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.nd.android.pandatheme.p_nishiwodexiaoqingge20160517

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 142.250.200.2:443 tcp

Files

/storage/emulated/0/pandatheme/pandahome2.apk

MD5 d52af404601b33fac02028654cfc88c8
SHA1 b6359994d480201a2cb01b1afb71d4cc0a340ee3
SHA256 68db3de09804f06e2179f97c1c890205efcc6b8999f123f421f3428b3f76b83c
SHA512 d4783c455bc1c5f61ab7d2adb1c00db2259a0f8eb552d4aca9880904e020ea3f98e91b15ea2a1b5b611f06fe6e4a65805e2742c1ff761ad2612c21faad6fb013

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:32

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

200s

Command Line

com.nd.android.pandahome2

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/PandaHome2/myphone/plugin/com.nd.hilauncherdev.plugin.navigation.jar N/A N/A
N/A /storage/emulated/0/PandaHome2/myphone/plugin/com.nd.hilauncherdev.plugin.navigation.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.nd.android.pandahome2

com.nd.android.pandahome2:hilauncherex_start

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/PandaHome2/myphone/plugin/com.nd.hilauncherdev.plugin.navigation.jar --output-vdex-fd=70 --oat-fd=71 --oat-location=/storage/emulated/0/PandaHome2/myphone/plugin/oat/x86/com.nd.hilauncherdev.plugin.navigation.odex --compiler-filter=quicken --class-loader-context=&

com.nd.weather.widget.WidgetService

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stat.ifjing.com udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
CN 103.27.6.115:80 stat.ifjing.com tcp
CN 103.27.6.115:80 stat.ifjing.com tcp
US 1.1.1.1:53 pandahome.ifjing.com udp
CN 221.204.43.57:80 pandahome.ifjing.com tcp
US 1.1.1.1:53 appuse.ifjing.com udp
CN 103.27.6.115:80 appuse.ifjing.com tcp
CN 221.204.43.57:80 pandahome.ifjing.com tcp
CN 116.148.161.142:80 pandahome.ifjing.com tcp
CN 116.148.161.142:80 pandahome.ifjing.com tcp
CN 103.27.6.115:80 appuse.ifjing.com tcp
US 1.1.1.1:53 hltq.91.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:80 www.google.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 60.220.179.148:80 pandahome.ifjing.com tcp
CN 211.97.81.63:80 pandahome.ifjing.com tcp
CN 60.220.179.148:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 211.97.81.63:80 pandahome.ifjing.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 221.204.43.57:80 pandahome.ifjing.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 60.220.178.254:80 pandahome.ifjing.com tcp
CN 116.148.161.142:80 pandahome.ifjing.com tcp
CN 113.201.158.118:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 60.220.179.148:80 pandahome.ifjing.com tcp
CN 221.204.209.105:80 pandahome.ifjing.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 211.97.81.63:80 pandahome.ifjing.com tcp
CN 60.220.179.176:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 59.80.47.66:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 60.220.178.254:80 pandahome.ifjing.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 60.220.178.254:80 pandahome.ifjing.com tcp
CN 211.97.81.139:80 pandahome.ifjing.com tcp
CN 113.201.158.118:80 pandahome.ifjing.com tcp
CN 113.201.158.118:80 pandahome.ifjing.com tcp
CN 221.204.209.105:80 pandahome.ifjing.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 60.220.179.176:80 pandahome.ifjing.com tcp
CN 221.204.209.105:80 pandahome.ifjing.com tcp
CN 59.80.47.66:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 60.220.179.176:80 pandahome.ifjing.com tcp
US 1.1.1.1:53 m.weather.com.cn udp
CN 218.12.76.171:80 m.weather.com.cn tcp
CN 211.97.81.139:80 pandahome.ifjing.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
US 1.1.1.1:53 pandahome.ifjing.com udp
CN 221.204.43.57:80 pandahome.ifjing.com tcp
CN 59.80.47.66:80 pandahome.ifjing.com tcp
CN 120.52.95.238:80 m.weather.com.cn tcp
CN 112.84.131.62:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 211.97.81.139:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 221.204.43.57:80 pandahome.ifjing.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 112.84.131.62:80 pandahome.ifjing.com tcp
CN 113.201.158.118:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 60.220.179.148:80 pandahome.ifjing.com tcp
CN 113.201.158.118:80 pandahome.ifjing.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 60.220.179.148:80 pandahome.ifjing.com tcp
CN 116.148.161.142:80 pandahome.ifjing.com tcp
CN 116.148.161.142:80 pandahome.ifjing.com tcp
CN 103.27.6.115:80 hltq.91.com tcp

Files

/data/data/com.nd.android.pandahome2/files/channel.ini

MD5 63dacc697a51bda21fb52a0306f90b15
SHA1 b7ce39d4a1b13345931311c1d41fcbaf4bc5f217
SHA256 36292109c114dd171fe80554258a6e27490fa36bfcaacf5dea716c4ea89d0cc0
SHA512 fa071884b6511077421e953c73ef26a26be60c53de90012c86d61f4246d0669776e4b6fc66be30e0648a97364b9b31ea06c60eb8c284c7d97be872fe05a5303c

/data/data/com.nd.android.pandahome2/databases/91analytics_v4.db-journal

MD5 391efeafec94a2335a2bfdfdfa0855f8
SHA1 5d77e39a8bf77640f932a6efb3d6e9bd8b0d19d2
SHA256 13daf4f0b80faf637cb0c8355a59eb38464859e9a0cfd9d4e7717f60b0e2ef52
SHA512 3a432789b200ad0da51faf547c834eeac95b7866234356bacf137c4cad5ca747e671656828ee8b50236e003d8fb697e0533f9582ffddd1ac1018f7f3203c7fba

/data/data/com.nd.android.pandahome2/databases/91analytics_v4.db

MD5 20e523680a1cf04b16b2744d43ec4c9c
SHA1 5dda87ec0599338973d2d49ecb82cbaefe90eba2
SHA256 3f37f8dadb9e9a002438d78f64a6df53567cbfc7e9e0384348bf3d8e212b1df5
SHA512 7085d65a99ae3b115d17804d57cd574d84a8144cf18e8bbd3c6c5d39929cf52502a9ddef616814f441e1fe36081b33c660962433a8f65fec872a63d98b4d21e4

/data/data/com.nd.android.pandahome2/databases/91analytics_v4.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.nd.android.pandahome2/databases/91analytics_v4.db-wal

MD5 2b311c276bfc7198a04a4f24b02699a5
SHA1 e7c2247e1093d757932eb56c036b1bb5ba5f6929
SHA256 a4e1c198929b62caaed529932799316e73224e399205aaaf66d7dafbc0efabbb
SHA512 b20d73a2cefc38507dd7983fea13b09d8657966e94a3f4576f343b7e439a966b6439652810a202124442208f589e8cf1d8dadd1e92e69d31d9ab27c8926f5650

/data/data/com.nd.android.pandahome2/databases/trafficmonestats_v4.db-journal

MD5 933e25f7f4a73766ee889b2977f0695d
SHA1 47d67341c746f651b506fe48be54113b6f192922
SHA256 1527bbd80c800659f4a9fea93410b3485b18a598d764874b7f5b90d040b7a41d
SHA512 19bb16b5342a4ef5343316c807e209d6087206b3369e335f43938202ddb86847951af52292d95bca2675a79ccabd11bcb4cfbb3e1ce4f813448dcb275a00e112

/data/data/com.nd.android.pandahome2/databases/trafficmonestats_v4.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.nd.android.pandahome2/databases/trafficmonestats_v4.db-wal

MD5 affff2edcb343563aa5e627643253856
SHA1 0b9177d0682650476ddbb4bba6e66a65237bfee4
SHA256 c472769de5f3e29b884ead10bcef152073672baec070ee6050b56eedf046a03d
SHA512 0297e6ca443b64ef9b9e4a22af96d8a9ab8675c1990df936fb65f71bb08ecd3771a05190607f03e2afbbddc4fb3977d68f4a51f7c929c125e14a6d1b98489a5f

/data/data/com.nd.android.pandahome2/databases/app.db-journal

MD5 8e7ef318f6736e64adbeab7b9540a73a
SHA1 4a947172d4faac41ca69ed515bf892ba835b702f
SHA256 6ae78283bb34352167a64ea80ae69ca64e1fcd609ae294ce767928a841f5b064
SHA512 cd8a4044a1c849c3f06f0267de96e6563348e807d8e87d618cafb7b88be99125a88c0f97b906c45dce2d3302db6403005a6b93168e5662f9c36bff62bc0f0d8d

/data/data/com.nd.android.pandahome2/databases/app.db-wal

MD5 b1863d76d02c425b3860eeb58118dd6b
SHA1 b7c8879c205f9156875fec2d562dcd360130ef6a
SHA256 2c713a58690af567ac5622b6ca7ab3da2a40f24f13cb61f8fa7f52c12e8c7016
SHA512 37b5b255e9a7c250e3f4af34ea7d8e7ef8e17fb349b542dcf9159f71c2be69de300b29966f1c59bcad0b66161040162a5cf0d6b48b9dba6d1cb65845ab375772

/storage/emulated/0/baidu/.cuid

MD5 0b5ec9365010941bad58d6dc6053a370
SHA1 ba3818345c8f6373114333d17e714b84039bafd7
SHA256 2ec2ee9127445faa47e83e239cc96c08dda498fa28e54b47a2db779677ee9622
SHA512 534448a8fd83386e4f98089415afb39c6a64c885232db48d0d0784868891656f9db625d4d2c19ca25188911b56864f80ad5fc672ed7555eb3ac3e47034f787ce

/data/data/com.nd.android.pandahome2/databases/config.db-journal

MD5 721a7addfb3680f7de69cedb5cb91c64
SHA1 77200c1571c0c18a812066f5122a1c05cad69b04
SHA256 301d70bae543026467ad0acad164e1f777fb2c3bd2fb41b5b7e65345c66a3fee
SHA512 d786c204da6fbd8526e57c7edc32300ebc6e9135d48a5159aac5f5a82e32593625a4c2833ccf5f4d8efc68f5df7bd9c078da8e5aaace3a901656781e9628ea9a

/data/data/com.nd.android.pandahome2/databases/config.db-wal

MD5 311a30e2098dd67590f939b6a3a69285
SHA1 038e80ea8e779e60d6b613ae362054ae3fb96f00
SHA256 4728aa5cab141c45aa6f05272165c360a50e52fb129418bd4bd7ffc7767c4288
SHA512 3e2056fade7549b08ad0eaf43a26f67a19af23cec7b35ba92a38ecb894c3ba4189f1bacb4689ec08b7352994d4c99d7ee030375276a4812d0e165fdc1fa10533

/data/data/com.nd.android.pandahome2/databases/scene.db-journal

MD5 2278bb0c63c456a7aa552bc73303bd35
SHA1 8bcadb279e28cad46f2b84d533572c87a314d599
SHA256 8f5785c073a6f52d28db1938e1edfeb2cf43d91e47e5f84fefd1ba91b5a288d0
SHA512 5b09ba8e0868ee9dc1843b0cb78f5e2c30108b99d6773984884a97c69dd1358a4415ea63bd9030d50be1df200a84a5554e01b8a3bc2a09df92da09f3f9649b30

/data/data/com.nd.android.pandahome2/databases/scene.db-wal

MD5 ac64469bd9137e4e8b86add705f30489
SHA1 11c5029e5cfe60b3c6cb2d0c607d74b4f2a39321
SHA256 5e86a31b0641ef64e3a2e8649f7dbbb0b38d6ad8dd78b71c6ba4ae73127ef698
SHA512 ee4de3769a8a0b9a3e8774a32f573eb6f190f626da370d9d58278a5be7b6ccab7a09394dd10cf16cda19bb76491201ffb2cf832de97e8c10ebc21bc907fefa82

/storage/emulated/0/PandaHome2/myphone/wallpaper/Pictures/default_wallpaper.jpg

MD5 f4be5affa886615c77c426a1143a60c1
SHA1 f7a19ec293cfabc849f7d1b3b93a5e29387e5044
SHA256 999b87bd3ce34d27202ac68509ca5a867b8e9fbaa1d7fc9e5f14baec212f268b
SHA512 9805306a5531a7bbaa16df55ed275b41295e092c2d3195cf3c4b13c279ff626cb431b7ab582112988eacedaeddf0d4694976aba16f797fcfebb9221d140a5d52

/data/data/com.nd.android.pandahome2/databases/themes.db-journal

MD5 6b2165445ec0a0e29b105a9399701c76
SHA1 f9b931c747c65e9c2ca670e08abd162a453d1882
SHA256 73c9667a69634924ef136d2256d5dcfd2b695c3df4163e04ccf8118a77fc3e11
SHA512 651223ba1047781e17bd25848eb01cc0264659c27986e1e9747877716bb4681fe28a23d88dc315851f8f485cb843b9bdbad58dfd2e2ecca26561a1ab9caf7e3b

/data/data/com.nd.android.pandahome2/databases/themes.db-wal

MD5 878e3c85322418cc65e90c606173c732
SHA1 04fe1745cb49fde75d2c17df485b44ac59fd4ee1
SHA256 e44758bf4fa5998892732a57cf2f071086b8c415a15abcee9f5be4b98d0d2820
SHA512 2fcc6c45ed9f6f95c389e81b5f2a6d304b82d4b2cf37209ac8a5cd1a8884455437f7e4be807b2b413f6c08dd1ced2ac397ae34ac05c1e9a9983829f3d0f99620

/storage/emulated/0/PandaHome2/myphone/plugin/com.nd.hilauncherdev.plugin.navigation.jar

MD5 a435c9750bcfc45844495839fe48788d
SHA1 1cd299bb6c3de10d88024337bad42a9384ade401
SHA256 48a86092acb220b35bf26a8bce521243470130fc27ed04e8a2441e8f78872545
SHA512 1b18fe3f946d90e1fd03c965d31b210454338ea0fa1d181cceaef027e08837c9be26e897f5ad15aad587e00a4b9b31675388691ef5c806f24898c781b7959f7d

/storage/emulated/0/PandaHome2/myphone/plugin/com.nd.hilauncherdev.plugin.navigation.jar

MD5 e1902765beeb7b0a1d3b15dc797314e6
SHA1 b2ccf423c54cd1ffeee35fd56d9295b9f6ae041f
SHA256 efc7f0d515fa70daf72b1aed69dce1a2e63752e8f17e17fc6f5fd3cc37c6c785
SHA512 de65573207b5d1516378c58e72dc5169ce22200d2aeac577790e96e1730cde9bac27fa8e707670f0065dfa38222e2e782ef3059c2e1b18e2e0e50dbbe6dcd5d7

/storage/emulated/0/PandaHome2/myphone/plugin/com.nd.hilauncherdev.plugin.navigation.jar

MD5 1bccee661ed8e5a0ecc99319544e591b
SHA1 668c99b0ccf3329ac22225f319cde067944e8f78
SHA256 bd8f72b3c99aed7aca67cd2d0a7a23de463d163d45725b5d9c592f608d8de3e1
SHA512 6fb571a89575868cbb97509be8a1fd01b08942f150cbb807c152c31246eecfe06569860a64afe9d1952d158710ceade36adc04a29879288ddc1beacfbac53789

/storage/emulated/0/PandaHome2/crash/crash-2024-06-18-06-29-49-1718692189955.log

MD5 a031dc4443b06768771381e1a69699bd
SHA1 15778db1918aa1f3acd8dcbc5ccc6a3510278c4f
SHA256 c1510a743d01d851bf72052efd1dd992531abaac98ccd334201f74f693e65956
SHA512 ce3e008be56234224398698114ecd0915a65de90dcf14380affa49d12ec158ec910ab7bc777e38fcf4a15fe4cb86a49b8ea5ac8aee319284bc3cd7b68af18b09

/storage/emulated/0/PandaHome2/caches/navigation/navi_card_site.txt

MD5 14adace71e0e91482a993c6bf1698756
SHA1 614e2892a8a77076e935d1813c4b8c9ccf16289e
SHA256 eeec618629b5ea5e946c7b61bd6ce7b9dbaddb92a193376355ccf64663a9aaaf
SHA512 b0d0d65dbded382229556f2de57805e930e6ea2aba7ff374456506c099beab9660b9d5ddd010396789ff49b975d382c0c79c7c511141b9caf6e9964f59d0c7c1

/storage/emulated/0/PandaHome2/caches/navigation/navi_jrtt.txt

MD5 75762b1d4cf1f49bd6b036b4a4d3d6ed
SHA1 65ebf30194b63374e40d81b40839bc694a6c8a91
SHA256 046739d4f217e457aa30598dde39fadf14ccb6e71cc1e8bca6c821682933da43
SHA512 b7fa68b5308e71c3c56f9fe7e6a21e3623aab91827cdbc2453e68e38e93870c0e5416f8365643d7093086d2c742f79f211054632f0bcc77861b47f9a94caeb4b

/storage/emulated/0/PandaHome2/crash/crash-2024-06-18-06-29-50-1718692190626.log

MD5 7858bb5729baffde92c86a4bc3e4be12
SHA1 3c7f2fa76fcabc60fcb3df99b5d6467384108a08
SHA256 f33d71d7f5103451956257641500f26f3adbc168713bc629bc10b6fa5b8211d0
SHA512 f73a383b460166c4a78696b8525c131d9d59341a30827dc32f4b8677ccd70e925fe56652b3b0576db96a776a1606937bb9bac122a799ce0f68d8657bbd2b4a91

/data/data/com.nd.android.pandahome2/databases/launcher.db-journal

MD5 42fdc99c67867b5cc2c000e09700ef8c
SHA1 33c1c05b41d64783e5195dc0c1e97b2240f61a51
SHA256 0c2a6d782ab9eb67f8742cd0246d0bb1b9849ed2fc3c9310bd2846b296675e6b
SHA512 4108e76f9970732e3d3198c95d64f84fd7d0f254e6b1362a83f5ff38cfee17ebc5e06c1174edff79059103be928eee7bdb7dc766f8bbfdd01dcde05d1f6321c0

/data/data/com.nd.android.pandahome2/databases/launcher.db-wal

MD5 3762a6b2ebf8a6dc91e8efd59340a045
SHA1 8437ba4d20d8736f97960da4dbdfd2c703827025
SHA256 cf1dc2f3b74892425fd4c19f1172cbf87ce9fc95b9815a8eb273ff2aa61f9c93
SHA512 748e099b9dc689eb9aa7e03581d4d63349b99343071c88509aaec35464355e7a9db85784e4341413541bbce2c395cb69bf181dfd2af083322ec7a39687de6ed7

/storage/emulated/0/PandaHome2/crash/crash-2024-06-18-06-29-53-1718692193555.log

MD5 c85ae0c6e93d578fe39c722c5e4e2262
SHA1 96216a94393eb532732550d5725c492a2dfd3612
SHA256 86fc638a86091f669422a228adcedd556ff382c023fbfb1be072b1949d41e753
SHA512 fc9f1a57d705e2253af0538d3381f34ed18c91bd4cb913dfa4bffb65668795f5661b5906c085e81e3438373136d4259f0ed6dca598f98b27e6a734c512590dc4

/data/data/com.nd.android.pandahome2/databases/data_center.db-journal

MD5 1bfa3d83e308a2d4af366419aca2f53d
SHA1 fa57717885c9d6ff6f5ccf65d73294beef745618
SHA256 d8d47b0ec2dfba35e5fd842f844532e78fb1aa1259799ef591a3ff30b156efd1
SHA512 79f278e2e77bbd0874858fc74d08f1e7f8513e012ced7ad6ad9cd12860ef5001bd2b031fb59e973ba5cf19b2acb66df3e5112eeb6bacb0551395f949ed2e68b0

/data/data/com.nd.android.pandahome2/databases/data_center.db

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/com.nd.android.pandahome2/databases/data_center.db-wal

MD5 6df3e36a5d8f62147c6cbe28829ba98d
SHA1 71a9df11bdb51650fbbe0e259a00e274bc30346c
SHA256 b84482333bbd9ee7a5b0f66aaf8cd92a474f1af1358356317ed76560f2aa810d
SHA512 7ad6f66b6ea0f664fea5bd8f269826318434b78bb9c897b928add7369c6b84dc7b25b381c3f3c26869e0f01c7282c0381fa4781b0b79bf6dca1e49a4b6651077

/data/data/com.nd.android.pandahome2/databases/User.db-journal

MD5 f218e0b9b7aa9ce32dc97e766fee2192
SHA1 8a748db1fe8aa3b1ee3e55626b94f1629acc659a
SHA256 c7341f68721f30b287a74d1876ff8707403da1fa4f1bae3d4e4dbb0edecb7ea4
SHA512 f7f37ecbce96ac5f98055cbdf67022b547617f31af236a27d24a85e10f7bf9e1569570035513dbc97f39edf2c38ba513bbba9d9fbcb94423ea28bc6a4b172fcc

/data/data/com.nd.android.pandahome2/databases/User.db-wal

MD5 ad0f86c476c0a08c40c5470df8a3e1e5
SHA1 59f249863352b73becdd7425854a9c1ca254fea2
SHA256 c1bedbc917d8236a5af97d9212b33b8e13aec07bcd2526e44ca942097d8fb3ff
SHA512 0121398078024e44a5e139a4c7353d3fe64b6e38a6f6df447239e78fc6fbc2275bcbf6bf22c6dd55edb3ddfb018e4e6b999d4350b409ab2a03885d2f6f1a7c72

/data/data/com.nd.android.pandahome2/databases/mode_db-journal

MD5 b20b9a130951862010b6c5c0b758784d
SHA1 358413f6e3039f4e17d22efc3952c889dbf4e82c
SHA256 51751dbba9c582f3ac05dd286fe50338ab4885452a7008d2a37ab565283809c5
SHA512 199eb36c7ea8fffb492481b3571c9fb82feb4f2a787010d55669e5988df218e5f124987ec06951d4a0a838f3b4266978dae9627f93c0f0573e72cb34945776a7

/storage/emulated/0/PandaHome2/.cache/icons/v7_small/com.google.android.apps.photos_.home.HomeActivity

MD5 4b414b7110310af12dfa98f70ff0bdce
SHA1 b9e3976328142fe3fc7e016f490e94e45b42ac75
SHA256 661276b46e451e3ecb605f1a27d3788babfa3e9b759bc4332ccc9c0618c856de
SHA512 88949cf538855edfc2db880086c0ca2ec43db1b944f843ff5adb8b4374702342d4ab188065c621c3af96c3389bd417d93d03849c31406838b218583a81b492ee

/storage/emulated/0/PandaHome2/.cache/icons/v7_small/com.google.android.videos_com.google.android.youtube.videos.EntryPoint

MD5 e4428df83ced1f8c14fbee13b289e7fe
SHA1 ff784cb1513938d677a76dbfc95ccf0ccd79c51e
SHA256 9e329d3891dfcc91b00a8c1c5688430fd2d3d5309b27487ceb92bc33b19e3216
SHA512 b5f27045a6d08458e91dc86a6a8efd041a3a01fb2f10fd040816609eb5acd0a26f9118e91bdcfd6875a3bbb7f3213c713f510c99d12b4c199814753c2db483af

/data/data/com.nd.android.pandahome2/databases/mode_db-wal

MD5 2f3d2f748a7227a9b93bba5ca20135ec
SHA1 9ecf0e6939fa57d219421bef2e6ce9638463ae13
SHA256 48fb2c1c5611e19ec8fdf5f79ed4956f06d83a55f05c0c68a604011ca6851e19
SHA512 cba230f7989e6acd06441b99b4b1735162eaf98c910577428ea73b18d2f2ce7169a271620147e824e7bf1e7379661bb2f85b4bc1cc0d8eabf1ce1c1b00907c60

/storage/emulated/0/PandaHome2/.cache/icons/v7_small/com.google.android.apps.docs_.app.NewMainProxyActivity

MD5 f21be8d08f7b09daa54ce27fbafbe07a
SHA1 63ee2be5875563f5b382073516a5b52c3e7895f8
SHA256 a08552f6837f132540ea62036a214ed24aed258c68989e20004e6e23429afd98
SHA512 dcd5c92611ed976dcf0f6435b8b94bb3d4fc08dafe3fa2500396a9b9082eba5ece645a5f1006fbcc674865dd845e4ec95931386f777873f557975a6f37dd395d

/storage/emulated/0/PandaHome2/.cache/icons/v7_small/com.google.android.apps.messaging_.ui.ConversationListActivity

MD5 07cb15f04308089fdcf7f7fd0dd9170c
SHA1 715d19eb4ab18c6e7a952e3f7c3e78606ad95dec
SHA256 693d8ed094f9e511fee3e6b1d7527428397fc62ca0d4205a49c62cbacd2eb1a8
SHA512 f57dbbf37f8f68143ca6e8985ea2abaa2ba9f4b69a1fe81e3ffba8e75d9e5aeb64ea8d59c5f4adb1c41333fa21cf18450b9d4adcc7b3b0eb871045ea0071fa84

/storage/emulated/0/PandaHome2/.cache/icons/v7_small/org.chromium.webview_shell_.WebViewBrowserActivity

MD5 c1ce3d8d628e4c42947b4f0831299b35
SHA1 d1b4ab2b3dd15245260fc42610069cbf59547553
SHA256 e28ab2924d3bd71268a145b38a2797a4f6be74399a0c422b80a05e89fe809fbc
SHA512 7cd4605d8d4b91c62eae1530b042b9e5385accfc85f8ad779d1f14f08a004a7a05561a6e4b5d87debe6f3e1a7b9c7f2f8eb3b90d31d496f01b9014b619a44925

/storage/emulated/0/PandaHome2/.cache/icons/v7_small/com.google.android.apps.wallpaper_.picker.CategoryPickerActivity

MD5 db917e5af038cf662e47ba090acc4c56
SHA1 49e2b40bbfc5fb5a2f431c0a268f573326a9eb93
SHA256 4c1802f8ba6b63a4eccddf1b1387240c94dd0b46c876d5155953d9c915208cd5
SHA512 b1bd3429fde18ece2a010b1835867cbd4cc9148f370523ce22c48c3cb9afcbf3d3ba3b72c90f8be1619648ff30579be501274d3d113a19c6d6dae0b309fc45ac

/storage/emulated/0/PandaHome2/.cache/icons/v7_small/com.nd.android.pandahome2_com.nd.hilauncherdev.launcher.Launcher

MD5 b346e773ce8aa1000e7a437480931d62
SHA1 a9beb52eda082f1b04fd1790e3ef904e9f777e1e
SHA256 d2a3a32354cbcbc22ee5207258feabe0aab0e89313ccfca5d99e114e62f0b461
SHA512 8bf63507fe3576e9e23af5f6bf2d1aeda0ca06d3a1de62458ba9618f461d368c344621e4eae0fb0a1686080ecf5e45bf774f352536a425c64fe473bdeab5ea1e

/storage/emulated/0/PandaHome2/.cache/icons/v7_small/com.google.android.dialer_.extensions.GoogleDialtactsActivity

MD5 31ee3d1d5e5681ac38b48f64a591bd88
SHA1 ef0ea7f2bb40547a27e30f57e672c22532c93e18
SHA256 a81b277d1f673d23b6c78198a7ec8a69fb64a6141c566cdefd92ba8f071e102e
SHA512 f31c1274b3c4aa0e54145f70b5710c6b5e1f6725680a9664429b70118cbccb95c6dba95e3c1e48286593316793e87c165e1a9f4278cb96e69e1d298f460b96db

/storage/emulated/0/PandaHome2/.cache/icons/v7_small/com.google.android.youtube_.app.honeycomb.Shell$HomeActivity

MD5 34cecbd6d15a07cca5953b2a25d1a813
SHA1 230c9d4d9c7c7efbd22403858697ca2263c25850
SHA256 6612f96a1dabab17d14ca141e49f61eb4e713ce9ff04d0fd11c9f0bb44fa1b4f
SHA512 9b11b092378dda893bde39b84a0e0c3dd35456035b4d7b490a5d6674c322ec76d7fa779db4ae9b0843c0ea55e5ff3c38949ef354cdc40f44409f617f007c6eca

/storage/emulated/0/PandaHome2/.cache/icons/v7_small/com.android.documentsui_.LauncherActivity

MD5 ffb030886425a18dbc606da9576cf3c6
SHA1 15419d19aef876f7a3a72296d497ab62c1692ea9
SHA256 01b6afd0e04baa43d0c7bbd543ef7434f3b91b11be55c4576647375f7c554a41
SHA512 b78d594f19ad3bc7bff0605a371fba99f3028164e467c76dcee707621ac46c4d1a019d30e8824283f0029edcd60e5163713dd7a61d5491ff5414a78c5d1c663e

/storage/emulated/0/PandaHome2/.cache/icons/v7_small/com.android.chrome_com.google.android.apps.chrome.Main

MD5 cfe05b70af90cd5418a9c03efdcb63db
SHA1 147df5c75ca07979be77127d06813a4d96fa6024
SHA256 c9201a5f45856c83e227140ea0882453e79836a3860ed60f4f85c73c3214b71c
SHA512 e134e6149b1ff313a89e566a0f1ec2208e144c385bb91987ecd5b428a19df220827507ac980f4701523b8e86d7b699f564bcabd9b2c98f8cc9b1fec0baaa0403

/storage/emulated/0/PandaHome2/.cache/icons/v7_small/com.google.android.googlequicksearchbox_.SearchActivity

MD5 c9e529b83590463ea20d4145f97792d8
SHA1 af7d82ff7185682dc040e737fb451268c3e78c28
SHA256 98ab480276d73b0d60964bbfe112bdbed4788f2aa7d3a704655956bc59733789
SHA512 508e428a41f55beded5a0bf9a6594abc27a57d4fb5eb64fba0997d569f9c27bf53fa19bf07ec63ac11c5ed419115d63559634fc04caa0335b181b35b387f6208

/storage/emulated/0/PandaHome2/.cache/icons/v7_small/com.google.android.gm_.ConversationListActivityGmail

MD5 6bb9385ecae9f975daa2bceb50781128
SHA1 864fcc2ff497244c74f8f4b4573070fbaccdde6e
SHA256 cf80d02937bf0a58748e240b83512889ab0a3823560f4df716eddb18618b2306
SHA512 f87a3dceccc24c606e3ef4267bb5e13fb4ce5f370b07d9b423f14cbfa492993919d123cb1d28c578172b1eb458edd3b1e0ba6cb7184dd60cce6788d9ee00a250

/data/data/com.nd.android.pandahome2/databases/91analytics_v4.db-wal

MD5 a2cf1561eeb283d12b3b49cf6689a642
SHA1 0bc711c0c25ebd088aee91767520e1ae01ee986e
SHA256 7c7b06c986809e27c2aebc18f379cc21ea3bf65a4f432b685862d1d12a9bfae9
SHA512 ccd0ceee191e54bcca6051cece65a50b4d4dd0d45545d445e089707aef41d509d76ecd62852402e3ba15600f8d86c7231616d8ba15e1bfb8ced4cd60c0c2f5c0

/data/data/com.nd.android.pandahome2/databases/91analytics_v4.db

MD5 73b849900e9c575869a7b9a780b2bf44
SHA1 fb01fc95aca4b003a6c040a5db522d11f7bd3e03
SHA256 4de062004e26e9a8e1b1ce7feddb283424a2dbcd9161415124fcf4eb459d7009
SHA512 a62da1f6a884aad865d1e73697a5aa2e82875a969fedf13dbb80151cc1e1aa60325e3d9dc9d1bad8dbb50c1e92f04d02e27256e0f6c65319d2cf319e179ca863

/data/data/com.nd.android.pandahome2/databases/myphone.db-journal

MD5 58932e8206d557b4022397e3dbad1e7d
SHA1 33d49b36c13bcb8f4697335fb9bf7e4b67636d03
SHA256 d3a7c3e827c82decdd9355cf23e779645876345409f6025d51d75a29ba7ce2e7
SHA512 49d4e11724f0261e693d3aa447c3bd7fbef348863f7236e94534c199cad58e1fd2486f18465a8fc8e5cce899c6a14237c4f98dfed3d03259e62001d7056a659d

/data/data/com.nd.android.pandahome2/databases/myphone.db-wal

MD5 5bee4f77d2d12c0c978a91da9fa21c5f
SHA1 c8cf699cce67d000db4ad3f5f75dfbb47dc33b51
SHA256 e283c8778dd0d8e9b385af362ecc0f2c0396b4676fa7d11c1d70b1c6d5cfeccd
SHA512 59844f5b8a038a7579592581a922028719a4a7a55db6a4c26daa3aac245aa0e28848b79db9b237507aa92cae11efd3fdbb6a6ff380f1d1478117aaf1629557dd

/data/data/com.nd.android.pandahome2/files/plugin_upgrade_new.json

MD5 c13ee19b795543da172416b90c740868
SHA1 200805b655a4dae631e18e54d1e0ed249b6ee278
SHA256 176020526fc222bafca62e171491100cd3a11afd1d8fd8ee8f5c011d3ea8f6a4
SHA512 205e8c67ebcf577cb89defc94a6445306b494a97b099488a77f86d26479d9fb098c60cf2bf853770dea5b423cc13a81a9a02acf51a7368a16ee71e6af8637310

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:32

Platform

android-x86-arm-20240611.1-en

Max time kernel

138s

Max time network

147s

Command Line

com.nd.hilauncherdev.plugin.browser

Signatures

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.nd.hilauncherdev.plugin.browser

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 pandahome.ifjing.com udp
CN 59.80.47.66:80 pandahome.ifjing.com tcp
CN 59.80.47.66:80 pandahome.ifjing.com tcp
CN 59.80.47.66:80 pandahome.ifjing.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 211.97.81.139:80 pandahome.ifjing.com tcp
CN 211.97.81.139:80 pandahome.ifjing.com tcp
CN 211.97.81.139:80 pandahome.ifjing.com tcp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 60.220.179.176:80 pandahome.ifjing.com tcp
CN 60.220.179.176:80 pandahome.ifjing.com tcp
CN 60.220.179.176:80 pandahome.ifjing.com tcp
CN 116.148.161.142:80 pandahome.ifjing.com tcp
CN 116.148.161.142:80 pandahome.ifjing.com tcp
CN 116.148.161.142:80 pandahome.ifjing.com tcp
CN 113.201.158.118:80 pandahome.ifjing.com tcp
CN 113.201.158.118:80 pandahome.ifjing.com tcp
CN 113.201.158.118:80 pandahome.ifjing.com tcp
CN 211.97.81.63:80 pandahome.ifjing.com tcp
CN 211.97.81.63:80 pandahome.ifjing.com tcp
CN 211.97.81.63:80 pandahome.ifjing.com tcp
CN 60.220.179.148:80 pandahome.ifjing.com tcp
CN 60.220.179.148:80 pandahome.ifjing.com tcp
CN 60.220.179.148:80 pandahome.ifjing.com tcp
CN 221.204.209.105:80 pandahome.ifjing.com tcp
CN 221.204.209.105:80 pandahome.ifjing.com tcp
CN 221.204.209.105:80 pandahome.ifjing.com tcp
CN 60.220.178.254:80 pandahome.ifjing.com tcp
CN 60.220.178.254:80 pandahome.ifjing.com tcp
CN 60.220.178.254:80 pandahome.ifjing.com tcp
CN 221.204.43.57:80 pandahome.ifjing.com tcp
CN 221.204.43.57:80 pandahome.ifjing.com tcp
CN 221.204.43.57:80 pandahome.ifjing.com tcp

Files

/data/data/com.nd.hilauncherdev.plugin.browser/files/browser_recommend_data.txt

MD5 fe37b27eb6d4e39bfd1a8aa2585dd0b4
SHA1 67bd43d83d64e0dcc79e72a62bae61af99a6f277
SHA256 363e018f9500125807101f52da8ca97120f47bb040dd8c77dfe94228c088a8e7
SHA512 7f2b089fff400b32d0f72026b8a47aac2acd625b9aabc688037b5b3f8e1cff557688a7f63747a2a6914dbb08f97f10cfe7cfa54d3970283c51446738545f0adc

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:32

Platform

android-x64-arm64-20240611.1-en

Max time kernel

139s

Max time network

152s

Command Line

com.nd.hilauncherdev.plugin.browser

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.nd.hilauncherdev.plugin.browser

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 pandahome.ifjing.com udp
CN 211.97.81.139:80 pandahome.ifjing.com tcp
CN 211.97.81.139:80 pandahome.ifjing.com tcp
CN 211.97.81.139:80 pandahome.ifjing.com tcp
CN 60.220.178.254:80 pandahome.ifjing.com tcp
CN 60.220.178.254:80 pandahome.ifjing.com tcp
CN 60.220.178.254:80 pandahome.ifjing.com tcp
CN 60.220.179.176:80 pandahome.ifjing.com tcp
CN 60.220.179.176:80 pandahome.ifjing.com tcp
CN 60.220.179.176:80 pandahome.ifjing.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp
CN 113.201.158.118:80 pandahome.ifjing.com tcp
CN 113.201.158.118:80 pandahome.ifjing.com tcp
CN 113.201.158.118:80 pandahome.ifjing.com tcp
CN 221.204.43.57:80 pandahome.ifjing.com tcp
CN 221.204.43.57:80 pandahome.ifjing.com tcp
CN 221.204.43.57:80 pandahome.ifjing.com tcp
CN 221.204.209.105:80 pandahome.ifjing.com tcp
CN 221.204.209.105:80 pandahome.ifjing.com tcp
CN 221.204.209.105:80 pandahome.ifjing.com tcp
CN 59.80.47.66:80 pandahome.ifjing.com tcp
CN 59.80.47.66:80 pandahome.ifjing.com tcp
CN 59.80.47.66:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 60.220.179.148:80 pandahome.ifjing.com tcp
CN 60.220.179.148:80 pandahome.ifjing.com tcp
CN 60.220.179.148:80 pandahome.ifjing.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
CN 116.148.161.142:80 pandahome.ifjing.com tcp
CN 116.148.161.142:80 pandahome.ifjing.com tcp
CN 116.148.161.142:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 211.97.81.63:80 pandahome.ifjing.com tcp
CN 211.97.81.63:80 pandahome.ifjing.com tcp
CN 211.97.81.63:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp

Files

/data/data/com.nd.hilauncherdev.plugin.browser/files/browser_recommend_data.txt

MD5 fe37b27eb6d4e39bfd1a8aa2585dd0b4
SHA1 67bd43d83d64e0dcc79e72a62bae61af99a6f277
SHA256 363e018f9500125807101f52da8ca97120f47bb040dd8c77dfe94228c088a8e7
SHA512 7f2b089fff400b32d0f72026b8a47aac2acd625b9aabc688037b5b3f8e1cff557688a7f63747a2a6914dbb08f97f10cfe7cfa54d3970283c51446738545f0adc

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:32

Platform

android-x86-arm-20240611.1-en

Max time kernel

139s

Max time network

188s

Command Line

com.nd.hilauncherdev.plugin.navigation

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.nd.hilauncherdev.plugin.navigation

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 pandahome.ifjing.com udp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pandahome.ifjing.com tcp
US 1.1.1.1:53 pic.ifjing.com udp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
US 1.1.1.1:53 bbx.pandaapp.com udp
US 199.59.243.226:80 bbx.pandaapp.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp

Files

/storage/emulated/0/PandaHome2/caches/navigation/navi_card_site.txt

MD5 14adace71e0e91482a993c6bf1698756
SHA1 614e2892a8a77076e935d1813c4b8c9ccf16289e
SHA256 eeec618629b5ea5e946c7b61bd6ce7b9dbaddb92a193376355ccf64663a9aaaf
SHA512 b0d0d65dbded382229556f2de57805e930e6ea2aba7ff374456506c099beab9660b9d5ddd010396789ff49b975d382c0c79c7c511141b9caf6e9964f59d0c7c1

/storage/emulated/0/PandaHome2/caches/navigation/navi_jrtt.txt

MD5 75762b1d4cf1f49bd6b036b4a4d3d6ed
SHA1 65ebf30194b63374e40d81b40839bc694a6c8a91
SHA256 046739d4f217e457aa30598dde39fadf14ccb6e71cc1e8bca6c821682933da43
SHA512 b7fa68b5308e71c3c56f9fe7e6a21e3623aab91827cdbc2453e68e38e93870c0e5416f8365643d7093086d2c742f79f211054632f0bcc77861b47f9a94caeb4b

/data/data/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db-journal

MD5 98c20dbeb979a43f6c5313ac646e4586
SHA1 ed60ab0f5341e94b528205a2de4b9b251f3755fb
SHA256 f788bc8d4311fd3d831c5fd0750a0b8c5304da1b3058e3f0f705f03a4581404b
SHA512 c654de48f49419651b64d7eb1fa067c3798d5c407080a6b48a98928982828eb166acfdc0085bfce0b2b8cae8bdfbccf62225f97f62e54a000431589a4dc9fd95

/data/data/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db

MD5 3eaace755f26ecde173968e6d01712a0
SHA1 ca0f5b55c980bdd4a826bcc44bc908a29b062a49
SHA256 8e106e1b973c0ee0455b2a9b2944b52e84c33565e1a65b48cdccc00fa37f0f06
SHA512 e793668d6d7f43939780c031110f11d47d4ed7d8ecf533c5625704bf40484c3efaf5a46bba343bca1ba85acddc1e0a51ccaff0065af1452e21e620cc9103525f

/data/data/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db-wal

MD5 411611d12d95f8217bb4ad9a6e0e07b9
SHA1 c7ac44f386ee10f41db1142f2a395db79eb3e570
SHA256 0143e1a5af3e21138c7cd3e3d49db86754aab9fc2ffccf8c7176f45a3a604cb7
SHA512 ee236b11c8c6068d3a6733ac86a9abb576b420308d417e1a7956bc34849add2e12b6e50591bfdde60b82826deb63c02f6c3ef2320794370faa1985d49a0f191b

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:32

Platform

android-x86-arm-20240611.1-en

Max time kernel

50s

Max time network

147s

Command Line

com.nd.android.pandatheme.p_nishiwodexiaoqingge20160517

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.nd.android.pandatheme.p_nishiwodexiaoqingge20160517

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/storage/emulated/0/pandatheme/pandahome2.apk

MD5 d52af404601b33fac02028654cfc88c8
SHA1 b6359994d480201a2cb01b1afb71d4cc0a340ee3
SHA256 68db3de09804f06e2179f97c1c890205efcc6b8999f123f421f3428b3f76b83c
SHA512 d4783c455bc1c5f61ab7d2adb1c00db2259a0f8eb552d4aca9880904e020ea3f98e91b15ea2a1b5b611f06fe6e4a65805e2742c1ff761ad2612c21faad6fb013

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:32

Platform

android-x86-arm-20240611.1-en

Max time kernel

14s

Max time network

155s

Command Line

com.nd.android.widget.pandahome.flashlight

Signatures

N/A

Processes

com.nd.android.widget.pandahome.flashlight

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:32

Platform

android-x64-20240611.1-en

Max time kernel

16s

Max time network

153s

Command Line

com.nd.android.widget.pandahome.flashlight

Signatures

N/A

Processes

com.nd.android.widget.pandahome.flashlight

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:32

Platform

android-x64-arm64-20240611.1-en

Max time kernel

31s

Max time network

173s

Command Line

com.nd.android.pandatheme.p_nishiwodexiaoqingge20160517

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Processes

com.nd.android.pandatheme.p_nishiwodexiaoqingge20160517

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 142.250.179.238:443 tcp
GB 172.217.169.66:443 tcp

Files

/storage/emulated/0/pandatheme/pandahome2.apk

MD5 d52af404601b33fac02028654cfc88c8
SHA1 b6359994d480201a2cb01b1afb71d4cc0a340ee3
SHA256 68db3de09804f06e2179f97c1c890205efcc6b8999f123f421f3428b3f76b83c
SHA512 d4783c455bc1c5f61ab7d2adb1c00db2259a0f8eb552d4aca9880904e020ea3f98e91b15ea2a1b5b611f06fe6e4a65805e2742c1ff761ad2612c21faad6fb013

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:29

Platform

android-33-x64-arm64-20240611.1-en

Max time network

14s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.204.74:443 tcp
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 tcp
BE 142.251.168.188:5228 tcp
GB 142.250.179.228:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:32

Platform

android-x64-20240611.1-en

Max time kernel

139s

Max time network

195s

Command Line

com.nd.hilauncherdev.plugin.navigation

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.nd.hilauncherdev.plugin.navigation

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 pandahome.ifjing.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
CN 60.220.179.171:80 pandahome.ifjing.com tcp
US 1.1.1.1:53 pic.ifjing.com udp
CN 60.220.179.171:80 pic.ifjing.com tcp
GB 172.217.169.10:443 tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
GB 172.217.169.14:443 tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
GB 172.217.169.78:443 tcp
GB 142.250.179.226:443 tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
US 1.1.1.1:53 bbx.pandaapp.com udp
US 199.59.243.226:80 bbx.pandaapp.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp

Files

/storage/emulated/0/PandaHome2/caches/navigation/navi_card_site.txt

MD5 14adace71e0e91482a993c6bf1698756
SHA1 614e2892a8a77076e935d1813c4b8c9ccf16289e
SHA256 eeec618629b5ea5e946c7b61bd6ce7b9dbaddb92a193376355ccf64663a9aaaf
SHA512 b0d0d65dbded382229556f2de57805e930e6ea2aba7ff374456506c099beab9660b9d5ddd010396789ff49b975d382c0c79c7c511141b9caf6e9964f59d0c7c1

/storage/emulated/0/PandaHome2/caches/navigation/navi_jrtt.txt

MD5 75762b1d4cf1f49bd6b036b4a4d3d6ed
SHA1 65ebf30194b63374e40d81b40839bc694a6c8a91
SHA256 046739d4f217e457aa30598dde39fadf14ccb6e71cc1e8bca6c821682933da43
SHA512 b7fa68b5308e71c3c56f9fe7e6a21e3623aab91827cdbc2453e68e38e93870c0e5416f8365643d7093086d2c742f79f211054632f0bcc77861b47f9a94caeb4b

/data/data/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db-journal

MD5 cb4c447d238bc64e2261a89b640fa2e8
SHA1 eccd10a605ef2f1369ec1e3df1804c804f49b8de
SHA256 6c4f737d651c6c3cd5d700ff02f66029047d1a6c1dc053d1a698fb2e11e8e7bb
SHA512 f014d86333e9f2394c4a9f62f198f196a3a32a7b69238aab5d60ca262d0d20b9aa73205aa495d797c9c904b6a3df6662c84bfd6b804560e1c45c56a1f209d5d8

/data/data/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db

MD5 944de3a2685b0756d2ba9881fb3bb7e1
SHA1 4e5280daee733f93a45b4058c43dde9f15235920
SHA256 d9f25313270e54836bd13a4252b7667a7863dab346824417d98085b0f411d740
SHA512 36aab7c34034401b2e793cddcacff1b80cd2e4c10690c3f99d35f6aed50289836a866dca90051f12de63bf0fe1a8463ff7cb1195d621eaa1a254ff3b18d0d86d

/data/data/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db-journal

MD5 814f4b9196966661ee7ab5fd1fbe13ef
SHA1 5faabb49c10b810948995f6bb92fd0f35372bf4c
SHA256 8f00711d5f6b5cca880e283c728aaed9dd2de093c553cfd4c7678caa186aaec3
SHA512 02b618d0835415529bd2b8d04837ca681d388e586d383db72d32261ab3f9a47e136d3d3843c19071f9f03022ae0fa7ba6ffada94af5e0b9c61ba1df6d72b595b

/data/data/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db-journal

MD5 d1169f45353d2c08dbf3fbf08c15bd92
SHA1 41f228b0e8fd5b5afdf19c3a84a9263458d38000
SHA256 9a72f7f9e4d371e72e24cd0b9e306cd99634dcab83a8f5f25e605eadeb448838
SHA512 d97a4a6e3836016b11a3c3496332a195589333f151cc15e52322a721916ff46be59ce66da59484416427915c2d6daf01d36f6354829ca018813a5cbc060a124f

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:32

Platform

android-x64-arm64-20240611.1-en

Max time kernel

138s

Max time network

194s

Command Line

com.nd.hilauncherdev.plugin.navigation

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.nd.hilauncherdev.plugin.navigation

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 pandahome.ifjing.com udp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
CN 221.204.209.103:80 pandahome.ifjing.com tcp
US 1.1.1.1:53 pic.ifjing.com udp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 60.220.179.176:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
CN 221.204.209.105:80 pic.ifjing.com tcp
CN 211.97.81.139:80 pic.ifjing.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 221.204.43.57:80 pic.ifjing.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 221.204.209.103:80 pic.ifjing.com tcp
CN 116.148.161.142:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 60.220.178.254:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
CN 59.80.47.66:80 pic.ifjing.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 142.250.187.206:443 tcp
GB 142.250.180.2:443 tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 113.201.158.118:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 211.97.81.63:80 pic.ifjing.com tcp
CN 112.84.131.62:80 pandahome.ifjing.com tcp
CN 112.84.131.62:80 pandahome.ifjing.com tcp
CN 112.84.131.62:80 pandahome.ifjing.com tcp
CN 112.84.131.62:80 pandahome.ifjing.com tcp
CN 112.84.131.62:80 pandahome.ifjing.com tcp
CN 112.84.131.62:80 pandahome.ifjing.com tcp
CN 112.84.131.62:80 pandahome.ifjing.com tcp
CN 42.177.83.116:80 pic.ifjing.com tcp
CN 112.84.131.62:80 pandahome.ifjing.com tcp
US 1.1.1.1:53 bbx.pandaapp.com udp
US 199.59.243.226:80 bbx.pandaapp.com tcp
CN 60.220.179.171:80 pic.ifjing.com tcp
CN 60.220.179.148:80 pic.ifjing.com tcp

Files

/storage/emulated/0/PandaHome2/caches/navigation/navi_card_site.txt

MD5 14adace71e0e91482a993c6bf1698756
SHA1 614e2892a8a77076e935d1813c4b8c9ccf16289e
SHA256 eeec618629b5ea5e946c7b61bd6ce7b9dbaddb92a193376355ccf64663a9aaaf
SHA512 b0d0d65dbded382229556f2de57805e930e6ea2aba7ff374456506c099beab9660b9d5ddd010396789ff49b975d382c0c79c7c511141b9caf6e9964f59d0c7c1

/storage/emulated/0/PandaHome2/caches/navigation/navi_jrtt.txt

MD5 75762b1d4cf1f49bd6b036b4a4d3d6ed
SHA1 65ebf30194b63374e40d81b40839bc694a6c8a91
SHA256 046739d4f217e457aa30598dde39fadf14ccb6e71cc1e8bca6c821682933da43
SHA512 b7fa68b5308e71c3c56f9fe7e6a21e3623aab91827cdbc2453e68e38e93870c0e5416f8365643d7093086d2c742f79f211054632f0bcc77861b47f9a94caeb4b

/data/user/0/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db-journal

MD5 81c455682aa720f66652a2249a01a6c6
SHA1 6ece060ec3d5f0c885952e069f9b531718d1af31
SHA256 85391d6a5c4431eba2939438e7a0c816ee4eb6e9a47da2ae7237896a89bcc4f8
SHA512 e05649a54302342d1a0d3ad6731766c75a644ebdd20eac1642467fd6aa981ce33a3266b01e7fb62b6e5e80172a44218d74250a7ddaee355cabdf2e27caff7db5

/data/user/0/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db

MD5 5ce3b1aad6d101c83d53cc3afbec58c8
SHA1 fd6c6c199af6044fec75fd11d4425b7d37e3fda1
SHA256 7eea66e92a7bca023c5e8c9fc213ed2b3f7ee728811c3b87d7588934b360a19d
SHA512 1456e9d3bbe613cfed73e4c8009cb32fc2a80ca031cd3d1747234b86eaaae448d9c853551a9d26aa5e2975e2b332514719ff1ed7f5f091d4f737decae8904eb5

/data/user/0/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db-journal

MD5 348d6d73fc95fe9509f23c15426f4048
SHA1 fd72ce4c486ff49d7fca472e0556c666ee2c9f02
SHA256 c4e324cd0796fdc3a8baa841300bd1920fe1d418ac15853a0ad76ae7cc564ae3
SHA512 1ed048b310f06e2e925f146da5dba03ce6a8db363633d6c49c791b319d11e807c5e759e7149fe6bdbc580c94735012dffddb7ec324e4e0e1cbd75164148c6d74

/data/user/0/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db-journal

MD5 6826e0253b403add806e92b6e1cb079e
SHA1 863e13bc1403346563dfd1ca0cc0c38262d46587
SHA256 e254b9c149ecbe0b5270b267a5c37320e8344523a41157d7c2ea21bf74ffc9f0
SHA512 e126b20fae2fa47991f76a8fd1078eef98b6af8c2785ba94aa766818bf8d4a4590121ca4292959cad2ab8a44f31c9e8125becbd3b42816dec3c6da571e11756d

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:29

Platform

android-x86-arm-20240611.1-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-18 06:29

Reported

2024-06-18 06:29

Platform

android-x64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A