Malware Analysis Report

2025-06-16 06:37

Sample ID 240825-l7hhpsydnf
Target c08227a5edb8585e200ca6bb6330c126_JaffaCakes118
SHA256 c6597211b68d47393bc2686426574ad6167e3a5ee78a51f9c86598eb48d614b1
Tags
banker discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c6597211b68d47393bc2686426574ad6167e3a5ee78a51f9c86598eb48d614b1

Threat Level: Likely malicious

The file c08227a5edb8585e200ca6bb6330c126_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion execution impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Requests dangerous framework permissions

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 10:10

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 10:10

Reported

2024-08-25 10:13

Platform

android-x86-arm-20240624-en

Max time kernel

151s

Max time network

152s

Command Line

com.live.xxlive

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.live.xxlive/cache/gg.dex N/A N/A
N/A /data/user/0/com.live.xxlive/cache/gg.dex N/A N/A
N/A /data/user/0/com.live.xxlive/cache/gg.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.live.xxlive

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.live.xxlive/cache/gg.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.live.xxlive/cache/oat/x86/gg.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 api.78nm.cn udp
US 1.1.1.1:53 app.avohwtpgb.com udp
US 1.1.1.1:53 api.iavbobo.com udp
US 23.170.49.209:80 api.iavbobo.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 sdk.cferw.com udp
US 1.1.1.1:53 anquan.luomi.com udp
GB 216.58.213.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 log.umsns.com udp
US 104.238.128.165:80 tcp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 36.156.202.73:443 plbslog.umeng.com tcp
US 1.1.1.1:53 sdk.cferw.com udp
US 1.1.1.1:53 sdk.cferw.com udp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 1.1.1.1:53 api.hclyz.cn udp
HK 109.206.246.131:81 api.hclyz.cn tcp

Files

/data/data/com.live.xxlive/cache/gg.dex

MD5 45fed4c5a279c6fa22258ef963916cc7
SHA1 bda125976f40b8fdf84580d3e0600b3071c6091e
SHA256 1354684c547ddb91f703160e0111818458b32381da21f1fa103b90b92539e34f
SHA512 798651fc48c856c564d92e48aa4c75e30c2cef08815648d11312b08d366618ac308d0d4e25426d2514cfa74b08e4b87ecc98f17ed24ab01ca7e1f8098c0b1d29

/data/user/0/com.live.xxlive/cache/gg.dex

MD5 8d18eae9199c1931335e8e4b720c098c
SHA1 77d13dca11a7b022633abbbd8f236247183d001f
SHA256 ee3ca8c648ffbb0b6551ca8f6985f1c724cffa593bf1e98c8da107936f48941f
SHA512 086786978fd5ce87453d4f520d19de97efee0da20621e488150b6b87742d57a022024dae88156be2f8ac9afd7921c534c5dff80f5578136ed80067a1711955e6

/data/data/com.live.xxlive/files/umeng_it.cache

MD5 9549f40fe1f3d2bfa17a9125ee7c7b92
SHA1 751817088e88b00871930188f9d3e3a1e1a5bfcf
SHA256 650384a8cafac1e7ba97a08e853da185e86e24d92b2c2717423f3ed7bce519ca
SHA512 a0ed12ecc21404ff8c10fb9ded4a3f02c7c05a4a900c1f9c5cc30ed2b6c3a33371d681d10b3c3c3892928aa9a61285bbe32d7b119bcb62bb1f1d2dfefa3baf05

/data/data/com.live.xxlive/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzI0NTgwNjYwNTIy

MD5 a0c522efe8f266d6da3c24744dcca4b7
SHA1 ca9409c42202d9f1f61896d21e2560f935254123
SHA256 2d21d000d0ff8d50ea8c0ef7cfe10ccd628244c1e8f2746af1339146c5ea449c
SHA512 5229bc6be062e0e5cd9a544930fe8c568003bc3c27bd9f6d701f7b6b582b0937539f404d9de80001349d507cddfb3fd8ad579ac8ac1449a80fa6615bb5f7d204

/data/data/com.live.xxlive/files/.umeng/exchangeIdentity.json

MD5 5da9384629fc59e416dd625f74b3c4ee
SHA1 c1eb268f7cb9b419c4cde96fa30ab767c0c06c52
SHA256 e5b472def159649948b1d3acd1aa83556a064129deb3028d2cc7aef84bff5d9a
SHA512 f461ad12c2e5173123b3d0a009aa2a8a3b7319107deae1a8e930b2a4d4ac9cadbabac98316303dca419ed3f1e90008047666555e6b2dc748a75314df016b3e78

/data/data/com.live.xxlive/files/exid.dat

MD5 7f5b373ceacc275bd9fe6cb9d1dd6dac
SHA1 6a64c15903d39fcf07ca0525ecbff1468e8b549e
SHA256 d443c8dca51c12c563de6811a4500487055d4fdabac330620509be20adb998d7
SHA512 84e34619434180bb9ef70a78876ccce7b01ad24880777af6519bd864949c72b45cd2afc8d62fcd061a0434ae1b0805e7237b3700295af2a862947a4ea305d8c2

/data/data/com.live.xxlive/files/.envelope/i==1.2.0&&2.2_1724580661508_envelope.log

MD5 0b72e1919bee87046d9a9215c963e6a4
SHA1 472e16062ac16343614e6cd4f1f7679e7579fad6
SHA256 00e90811e82a13ec420c38ebf866458048d5ba2e679797d9ddd5c64aa8d764ed
SHA512 29bf161d458a5da646446b0318289b6bd64b7e29f218b0a312b15e852459f1bd7dd81ea07bb1041cfaa28c63dd9727c150c587a88675ffd811e5000d1be92b60

/data/data/com.live.xxlive/databases/ua.db-journal

MD5 adbfaee8fa3e65965ba205b8c6046548
SHA1 4dbad1dd1ee4a7ae74d3a64c4aaa31c819a60857
SHA256 d0dc47202cc73f5af7be1e3550c8cd6b6bf550480860e05bd2ef992751dd4348
SHA512 3d53eb94de11d287846a941d600fdb1a27bda4bcad615d5ffa0d9c66e6330b9720c95bc8338b7a398d65dcbc3394a460aee04dc8009b43b15365640584305cb3

/data/data/com.live.xxlive/databases/ua.db

MD5 0adda9c85a5e4808f5b1b74c0a8591a5
SHA1 5048107883ab1e345af9cf2e6849ce46e0e612bf
SHA256 1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1
SHA512 646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

/data/data/com.live.xxlive/databases/ua.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.live.xxlive/databases/ua.db-wal

MD5 abd225af2923d16a80db0a56ab3a4557
SHA1 1b8c7ff8bf29863c1682a0300419c27f72b10917
SHA256 70247b2e22e9a11a176e98af25ae7a99c74736dfb3d036b15f3ebe926954ca45
SHA512 2b34ac5ae2f3436ac1867affa9c80f6d8009b79b1e266a08f0a0086b813564e9ae47ea766647c8ba99a36513b620b41810e0f1020a9fa7d3fd21a59194ff1568

/data/data/com.live.xxlive/databases/ua.db-wal

MD5 7c9fc0ad4fde4fc92de651943db87e3a
SHA1 7439d922d498dd2df69bc39bd114896f49ccecb3
SHA256 ee47100e32f3d2c869ec87a17a27337823d369d0b643437486f08b0406b5f525
SHA512 5119a4d1a445e2aed8c49d4dc906da8250b0fc1a181a3708a9b45886e86fdcbf1d32199ce8314c7e5dadc8543b028e8e217711eb38902baf2281b323ab10671b

/data/data/com.live.xxlive/databases/ua.db

MD5 df0a5a1d70574c8b8909da23088c3d42
SHA1 c25b272eef28cf562b7baf3b9a2301ce73bb4f89
SHA256 b6581910b9a8cb5f577b783bd222f4507edefe0f5f56472a9bdf25cbafb9e4ff
SHA512 0578ade8016155e3b9f8c61d107fef26581dfa440796fc8a6e7be2e1158f340852e88013c9157de01873f00dc3381d1ce2d6d762a84dd96ddb30e2ccef4017d5

/data/data/com.live.xxlive/databases/share.db-journal

MD5 b0bd0d47f7ba8103b4baea255db1499f
SHA1 e96953d07495ab40801dc71dc572e8a6ede0dcfb
SHA256 0f8a3cf189b5e86f2fda4404fa728cd878784ca46f90db442b3d4e7b006b9502
SHA512 3e6effa0065af99773f7148869a9621596528383602a9003351de768ba8ccffa786953939391ddee1e40e9fe91dd9621e26015b5794a46802f8746d4de6757cf

/data/data/com.live.xxlive/databases/share.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.live.xxlive/databases/share.db-wal

MD5 dc837b578efb4383c23c81881aaca4d9
SHA1 b607b82df7982de95c0d8a8df0102e5d7b693825
SHA256 da7f6336a69cf61a8c02e019e0f0f9dc76ec3bbf4fae4efcd0ebc6569384632a
SHA512 d04f3b2bb86f3b98d1b47fb0a5c3cbb75c2a791509e4be03f015ed81e7683153bbc4ef899a3115d8fe5e011944d667f0bbd5384acda320f5558ba5da5f37b2f8

/data/data/com.live.xxlive/files/.envelope/a==7.5.3&&2.2_1724580663100_envelope.log

MD5 22690495a8f65d5ae079508d71a0498d
SHA1 bc84fc54e2b270e27b8e2d1341eca5178b79ae62
SHA256 1eaa1a8ecd2f12ec0c19455d0d3aa7d87fc59c044c033adaca3c145cc823c1b7
SHA512 bac6ef683e5fca67a809b2a82b4ea7f2f96360b16536e144ac4d5da7f7d5c2e87b94bbd8598f6c60cbbe0ab1112b496146a38047a76c119fa44a04d63263c85c

/data/data/com.live.xxlive/files/stateless/dW1weF9zaGFyZQ== /dW1weF9zaGFyZV8xNzI0NTgwNjYzNDM0

MD5 c2879d13dd0ba08b41f8678c64ac74fa
SHA1 7546a5e16b985c8061a38fa54211495abdd87665
SHA256 6eaa7e13f7294a8c39419eafb173a7f2f5c0249d9e6a30366c4716cfecb71a8a
SHA512 74636af5de4cde2b701baa2e66aa5616d4c0ba69bf0f97d169cde76345abddf40e8d0eac352f19d11fbef270fd681d7f312ef25aa64ab25141791b873035d219

/data/data/com.live.xxlive/files/stateless/dW1weF9zaGFyZQ== /dW1weF9zaGFyZV8xNzI0NTgwNjYzNzQz

MD5 4df658fecb056279603e45b2a7cd3a97
SHA1 e6a7f1ac4c034611a304033b06c7c3792496251e
SHA256 373bf877a2ddd4f241a94324a14e55ca49ba75398b6532bbb869a9d4a453515a
SHA512 779ab20e7900a8f82c689fefa4aeb4fb01addb3361924f1fa37a5b90998969d01e8f2d8cf3fd3640b2787c76e9dbb5e1d9a1df4f6473e13ee5b0fbcb34c531b6

/data/data/com.live.xxlive/files/.imprint

MD5 33ada69b370db0101801364a0158e0b9
SHA1 0b1d08f03dd060758c075c7a16f7ded22de4b7c0
SHA256 b7438df0a28c81448250eb3dbb83883f567db86e5d17eddb0330186df51e3c62
SHA512 90c0d2f67842623d151cae32322b5e9f89321b5e37226db9adfd7f6c8aa22820f5a22c67041becc71da00286843a525c78ec2cd6cec82805764fa1f5fc081fe9

/data/data/com.live.xxlive/files/umeng_it.cache

MD5 224e466c4c7f840b28692e4f3e7cf642
SHA1 803f8adddd6765faaca9361a7af8c61a85385edf
SHA256 e91f45c30a666948683c1c165bd5f2ffbe33ce62a1f539cab988913b2764e433
SHA512 f3abe2aedc0e054ad5c414bddcbd10aa76d0e5915e9d4affad4573c46341233d5455453d5b638f47fa37b5bccce24860ef2d214e2d6b9e7eed1f236a386d51e1

/data/data/com.live.xxlive/files/.imprint

MD5 ba64ea3cdeed3a57d0388aca11ad0f58
SHA1 c140154205b1f762707dcfb2edb636351567f3ec
SHA256 2d1f0bcc797fc198ad9f1e3bb6956371ccd8053939c5ee877cf40d9859b79269
SHA512 cc49c3026efb114d050009cd9159f834e078823b1c79745c4a1c62aedd2094a9a22ad9f3cad79021151c9020a0fc11065b93d5a3e0352a46a848cc0e2be4916c

/data/data/com.live.xxlive/databases/ua.db-wal

MD5 7dbc492e0186efb91fd8286121c01f29
SHA1 6ca871de2d159e45272e7a2a5082b2afaabfcd82
SHA256 192f111f0d059f02c9dff0dd4677e97add13d6bca92a3471f61b2caf50b3dcb4
SHA512 aec1efa4612d76827d4df3b0e310df87bf09c2b7f3513d936758d85f15d70408e2e7b56626ad229cfe1706c3223e00c85643892544f7afa595d424f2dee299e1

/data/data/com.live.xxlive/databases/ua.db

MD5 7969ee1a379b0ba8fc44557da4941cbd
SHA1 72075cbd6138c65ed06270cd9d34dbf6895ed8eb
SHA256 fc84526ac6381bbb6f7b5bd2ba3bffd3f837ea2e064d7c3f20a6fc525d39c180
SHA512 7f22983896bab1e9f61b4a98533a9010e56881d6d638a54f8c00a5dc572d8c5da0715e19dd7b739eb0f4bcd0cebab951a20e3ec4b0634264d34067fdf86ae1e0

/data/data/com.live.xxlive/databases/ua.db-wal

MD5 6a7382ca2bb534c0aba005295e03d08f
SHA1 ac70665bd3fd451cdac26dc9224c653bfcdb2d8e
SHA256 3374aff5e9416a05f149ea480d65b37d9533a70709175ca2d552920cd43c0476
SHA512 a5b620610e6b6953d22e1187f075c4f221ed66434861158cb3c25f46910320ffdc3dac8227ada64eea7d83ef38db5316baa3af464dbd1c99c2545a8ddc16ba1d

/data/data/com.live.xxlive/databases/ua.db

MD5 771a03b6d8187b1c2f8cc70806d57b91
SHA1 c85a7d8731a096c0f94b4381748da88c53d5ec5f
SHA256 157a69297e2cc76bbea1de577a019f49ac10712c6ca464c37d11659fbccf9377
SHA512 100a01b9386f167dbad681ca8e38a285d41e2c45cf5c1f7d6c8780c8beea02aa422177b0c7f02601cb73c8056a436946f33ce9ac8ef076e6fc1cd5f5b899d5e6

/data/data/com.live.xxlive/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.live.xxlive/databases/ua.db-wal

MD5 4b1f897d2705f5bceaf312cc22c5d688
SHA1 ac6c6eafe08d293d1d945b9932091a18e42548dc
SHA256 1e36aaa354e1e1980d0b48303321a5e71ed9685cbc81faf0eb32ece1094bfddf
SHA512 301cd7081a55af0f4d57921a9cf1e97bda4283f8323cec51795bf715faea980ab7e74bafbc400b22bd96df71547ada881ac0463fd3f445b810743697e58a930e

/data/data/com.live.xxlive/databases/ua.db

MD5 6f2fedc16a2f8f4b0f01057b8771419b
SHA1 17005037de2bfc1268847858e1745b8c70633fc0
SHA256 daabb64ac12273678d56df953cf509d8d908635a4d5f2454f14d29e965c3a20e
SHA512 574c458295fe92c12ef752788498ba20b77a3bbe97a1103bf3a5ead3ea760b09048cccd09f29f970ed6b1fbbcbbe8a7cc715ed0a03f6251a8eebb775b0c5b00a

/data/data/com.live.xxlive/cache/image_manager_disk_cache/journal

MD5 5c0cbf042e3c73a98f9f7c9bea44a8b2
SHA1 f65be0fd8e5a2e5476872e6a318cb2b87f872bd8
SHA256 df027d17975ceea8922c57fabb51593012f8302022520d7fa52c2a0c6aa350a4
SHA512 12796137a7948dec90f5a961ddb49f71df9d23994bd50f27eae1407934879c98be68edab2eb9c3abcb9c28a1b613a0fcc44ec45920ea5c6b75cc13b3fd3205f5

/data/data/com.live.xxlive/cache/image_manager_disk_cache/1a63c68bcaec41ac164115209013ddfaf5389b4d21763b4fdbd9059b88cff7f8.0.tmp

MD5 44c3902f8d1a5726ea8533868719e71e
SHA1 fb875d8a486c184d3684d00047dd67282d0ab400
SHA256 a451bb00c03a27c7f46489d84cb733eb492c549b0cba065201f05d4bafef27ba
SHA512 20cb3587db296d8cce3bbe737f4d05e194fee0d8010ce7a93802093ea189de2e4d090c261aee67ba02e8e63da68227c5300aee0c4bae5aaf8a88647beba979ca

/data/data/com.live.xxlive/cache/image_manager_disk_cache/dd40762c624679e4d00997850b9e566b6c83f29c33e00a5d032bed7810ebf7a6.0.tmp

MD5 b873a0a933a8864137127d10f497eaa9
SHA1 b2357789b095bca7b484103b7e0a925934d077b3
SHA256 7f00d005566fed003ec25621210750af19fb236512d7a0e14cdbb5f1b3f1a6d4
SHA512 9f29212dbfd8ecfdc822db4b5e3c9dae7b1245e5dd636368f83ffeb56a5a29f2ab66f650d14f54b7ceb26935db3120339bec3221532a26d0ad2deee85168b533

/data/data/com.live.xxlive/cache/image_manager_disk_cache/afb31af1a661a689b76a95d09f06400c074680400221a858975f97b8894d860d.0.tmp

MD5 6578078da08ed55cadad0b9769a1328f
SHA1 be10279ccbf9ee2fd34d61a1fd3d1a7f48f6c351
SHA256 d7a62ddca22fcb4a8d591c84cd4aa62cc1069b1478009eabe6d5d5163beb1542
SHA512 eaead140a05d72736a7720a7306550fb80d7551dc977e05224dc9d73a4598fc539cceb45c2554fbb057575d010bbd8c1a6d1c66890a5f1fbe5257919f6d43e66

/data/data/com.live.xxlive/cache/image_manager_disk_cache/9080f86f56a8887876ed4fad507cf2199a2b894c113852e87f2bfc35717e1a5f.0.tmp

MD5 8cc53a91707edc8a2506da6f5a1a18a1
SHA1 e332a191de15617c5006a3950cb7086624e37b06
SHA256 7bda784216be14e68c906c39031c42b8be17dc4d0a4467968987cac471e711f9
SHA512 121cd0377dbe4dbb82218f988c8f5a803d88455d0192fa54441dccb9c90c8c16cf77328cb1cf29ca59bef48f45a419c7d8171eae3d4b6a7facb4a03cd9b74134

/data/data/com.live.xxlive/databases/ua.db-wal

MD5 bae65ec46927263434b0b5977554bd63
SHA1 7c7c77079d552d56afd31c076674b110cdb5f0b2
SHA256 b2c1dabf848c160bde135380d4d761f570e19db29033de93aee7a11bf10d78c8
SHA512 03de4295aa4a1880c85138614d55ba989dae974879f69587c8ea93df0d10ec46f6b4de3d7aa375e8063ca2cb8ec8c145130b6ce9a657911cd73548fc7a1a6a31

/data/data/com.live.xxlive/cache/image_manager_disk_cache/50c9224dc5cd8e5f496e9b1f44d1030e35a9e8670a106f09a6d8ab849d7ea5f9.0.tmp

MD5 2a1b201c3b5d2d90a68459a60a9ce671
SHA1 a723842a9f6b2c7eb4ebd6865aca3695ae53eb03
SHA256 74a9d4a207fa3a97d2c160dbcf43c11ec6d5be457f240ea232b9ddab7f83b643
SHA512 24dea8c93349e9fc34eb81a0e77ed938a4f831d313ef0c1ab1d1e25684252996de90326288909d8f3dc1b9b35dfe1987962cc2325024d652cb3ae5a0ec1876a5

/data/data/com.live.xxlive/databases/ua.db

MD5 2bf57792a8ee6e17a88fa88113cbcbc3
SHA1 d0790cba149604a49112e2e25a1a057f165d7840
SHA256 764a538fad9c1ff0402520e9199860d9d88deb96b8beb14610eda4e350e4ed13
SHA512 e160058392998ed828eab797893ab330cd46a0c1101111f6fcc9c9bf65183ee85454149b88901da58cdd2aa550f0a2f80e8e2fee7ae0c0832a20918218587198

/data/data/com.live.xxlive/cache/image_manager_disk_cache/70050b75bcce6efc36dc6e03db67d8a559c1efa04af3ef1ff02b04052b9c70bd.0.tmp

MD5 7d1a8429377f2276af3eb71dedc41b08
SHA1 06385223b02bcd0e7d7b136365217412fc084ec5
SHA256 b966888a3e63cc8318eeb1bbe8d24a3b66bc53dfc8f2b13fe5bdfb643cdec01c
SHA512 5bfb5a1c644f395e18b1fdc2abb90e6b49cb01aa0c1ee4e91a2c98336a8a5fd1c40332b64483cac549cbabad505732045de146077cefb5ca4491b7a0cfbdf9f2

/data/data/com.live.xxlive/cache/image_manager_disk_cache/2413994b1212be5cd69945f46a3ae842a985d3560acc3827de5c395dea67afe2.0.tmp

MD5 1ff046be5445940a6fe0cb71d1ace55b
SHA1 c70ca2ade978aa5efb38c2bb88edc96e658cab68
SHA256 58c62d05819a0fefc4772b718a8f5717676c56c896e6c494a8c7d80ec08ea43e
SHA512 4700e97f879b50ae07477b2d5b78fdec7c735780458a3322cf84f17f8d23af7ef75f3576855c3ce6167349944e8dcbf8de5a98e5a452af7fd15bdcd8732adefa

/data/data/com.live.xxlive/cache/oat/gg.dex.cur.prof

MD5 0a30646199a1000b284c96a6c917cb17
SHA1 78c84066d81c8b116001b42453e240f17e775228
SHA256 e1e93f0af017519eff9977e3f0bc277f6530c1473ed242f1d7349fdfc13b6d7f
SHA512 2543f72273d97b0fe921ea6d4c10675b04a3b038c5a57c8082ba11282c9a551e1cada65c97696e025ba720da8278837251fcd6d2c196d20dbd7d06188b755c9d

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 10:10

Reported

2024-08-25 10:13

Platform

android-x64-arm64-20240624-en

Max time kernel

159s

Max time network

132s

Command Line

com.live.xxlive

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.live.xxlive/cache/gg.dex N/A N/A
N/A /data/user/0/com.live.xxlive/cache/gg.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.live.xxlive

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 api.78nm.cn udp
US 1.1.1.1:53 app.avohwtpgb.com udp
US 1.1.1.1:53 api.iavbobo.com udp
US 23.170.49.209:80 api.iavbobo.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 sdk.cferw.com udp
US 1.1.1.1:53 anquan.luomi.com udp
US 1.1.1.1:53 log.umsns.com udp
US 104.238.128.165:80 tcp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 1.1.1.1:53 api.hclyz.cn udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
HK 109.206.246.131:81 api.hclyz.cn tcp
SG 47.246.109.109:443 ulogs.umeng.com tcp
SG 47.246.109.109:443 ulogs.umeng.com tcp

Files

/data/user/0/com.live.xxlive/cache/gg.dex

MD5 45fed4c5a279c6fa22258ef963916cc7
SHA1 bda125976f40b8fdf84580d3e0600b3071c6091e
SHA256 1354684c547ddb91f703160e0111818458b32381da21f1fa103b90b92539e34f
SHA512 798651fc48c856c564d92e48aa4c75e30c2cef08815648d11312b08d366618ac308d0d4e25426d2514cfa74b08e4b87ecc98f17ed24ab01ca7e1f8098c0b1d29

/data/data/com.live.xxlive/databases/ua.db-journal

MD5 69b97bb5c7a27ceeb34d0605c40870d0
SHA1 a4efb2a824de392a726358c2dbace1b941671dee
SHA256 1236720ffd886fb7dc115a8380ca45054a6825c6c95e34812e47c232093436b0
SHA512 2aeb1c3bf85cd7e78b1f6d0367cc65ae9c9a905527a0b0a6e70354bcee3a368d0d52081a92bc9edb2fce9d46ee958b52a1b47db363aaf154dfc4655ad94352bf

/data/data/com.live.xxlive/databases/ua.db

MD5 4a8120c91e3143b2db43971dbc77cf8d
SHA1 37c5700d35059c4e0a718ced73b3d73ba5d2b277
SHA256 1fa1b6e6bd75bcef64d35785e2fd6f2e73dcdf92dce73c8b2a8fed49746d53bb
SHA512 465cd282927e30a0a894a75ad261feddde5a31869c8cea6b548362afce08fbb7cff7a784bd1d62c3e4c95916ce30e758d3919dd4cdc13176f29d68c2620c185c

/data/data/com.live.xxlive/databases/ua.db-journal

MD5 558128bce6a4649570d20d9359a34315
SHA1 c12f1803e0a8261aa3f4bb7f8d26def1ed2eba3f
SHA256 8a06fb1b85eab0f1cc7d896fbb1d00e7aed9a5fdc9e3d279fc4003a28211800e
SHA512 304998cd070df6846dd60cf41fb850f8c75be2e49042733f5573a94ab89894b2c94ea4913a4677b6bb4733ee37c6ca5c0624818b726f9a8f10ee450608670f77

/data/data/com.live.xxlive/databases/ua.db-journal

MD5 cfb6d7db035e58dcaa2db342bd151098
SHA1 6306903d9c50c325f16daeff50d4f9a56524274c
SHA256 611a3d823565e0dd654d6d9e8058892c7a31c56907690c1098a15821710d955b
SHA512 1e86caad7b98ac005ee72071aecdafd5df5c8fabe11a5515116897ccf3a8d014a05fb054ab0cf3149c5af9e036a6113828dd52ab32f5efecf25f003a98f8ba61

/data/data/com.live.xxlive/databases/ua.db-journal

MD5 4f9d3d9611bb3ed73c6ef84ca9a18428
SHA1 a02749d1261fb035ea09aa350803867d69921fde
SHA256 da1f580b45a76afa41cb7db9a88697e7621814054e7447906dfa0adfae074a6c
SHA512 858e2ed039d13d6081ec5a8963ed355f6a318ef792e714db1f375926acf99a5732e2261cc7b95b6aae7dbb6bf1866148568cddec65f45e99bb98bf0a171fd300

/data/data/com.live.xxlive/databases/ua.db

MD5 730e25303def4d28f8e90f24ee986e9c
SHA1 8efc867fac54df7fe08775738fd7c2c61f10c80d
SHA256 c50d9352885aef24478c86ffbad9475f4c20827166e41617aaf352bef1ac5ddc
SHA512 838271d3a298ebac2b02fdd689d436d3ecc25ef82d93333bd2db501a26d1de90dcc8e5fe5ec9d2e1a32b9bfbf90c3ae8038b6a490984640ff963d39891c96fd9

/data/user/0/com.live.xxlive/databases/share.db-journal

MD5 74b8eb4c618e6003c721a7669ca244e7
SHA1 1ebce8ee42b555da6a5aa9b3bcad0be3768f5c19
SHA256 e47baa0352bf1c59341d1374320ae899ebd97fb46d00872a803bbefbc1e4baf5
SHA512 0f58c16f070cb6681010dfac77df46e74361b867aacc96e7e0d82e44433c1c52f4e36eb9f70b91b4f6048a612ab9b8973b9628603afd5e2947d76cf9220e1909

/data/user/0/com.live.xxlive/databases/share.db

MD5 4d8d2af5e79ba08620d0ce8f8f470958
SHA1 bb8acba370eae0dfc619b5f3e6084adf23b888f4
SHA256 f3129fa04e905e8a600038448690da9e69854eabb7321350a2fba4649108d4ef
SHA512 df9fcfbcfe051751d88db9fbe0925483cf950d451ee915b1cebabd220dc3169b7d2b22f17e2cfaeabbbfdec7076907eac4cacc60491714a4343a4ce4fd75b6ab

/data/user/0/com.live.xxlive/databases/share.db-journal

MD5 a603caf0e4bdccd4be38902fb1b8127a
SHA1 e07eade4bdebd6a0db7c6881b0aaf6d469bd4490
SHA256 36998e5561b1e6ab61cce12a53254dbd48382ea79ef7008aba3193c4f9dc24f2
SHA512 35ad7d38f3504d52c7311ca8187535795715a5027e41618188f18b34045d8a5a7bab15b412f0fa91c42868614b7bec38960fd0d59de97a954b4b6f641584e2ad

/data/user/0/com.live.xxlive/databases/share.db-journal

MD5 fe82b6a35b0055ce3715457ee91e6540
SHA1 7fd2b49489e6dbc5a309ae715f812edbdfe97f7c
SHA256 104d642b6f2bfd22eafabbaa070ca34cb9f85bacb96f14317a2f6f4e4bc171ab
SHA512 c68965733430e3633237adbc26c8ab0a33f200feded118715288eaa8f0d1ffe36c04c07d49c7e6b5a4116c851ca42ae6ff1e89119c8931041d1cc4d0668308dc

/data/user/0/com.live.xxlive/files/umeng_it.cache

MD5 41a54cc2c30b5260dc6f1c4bf8214886
SHA1 49aac086b3123be403f1983a5732bd7e5c6dd199
SHA256 1e82201944fbc6d1ccaa623b0f76006cce9df3bfc60ef2b1f07e549f6d1e1078
SHA512 e4609fc06246cd45a85ddc92d42eb02b4476b5bb8ea97f01a2bc5e6f15b303d3c7b2b751c02a4041e223d8b86b269821acd080243240e15d4c92a8f2a385f089

/data/user/0/com.live.xxlive/databases/share.db-journal

MD5 650d8633d672937e0c367b3be3755662
SHA1 86e51d918dfcd480b5e21d907b45b154d206bf9d
SHA256 c5714a659ec4f6fb2a6bf807f123413dccee91b85b9475d0beabc48c91074e1d
SHA512 7c0c5d9f642c06cd23224ffc8fff03341e3c0f550fbe28a7f31bbb408a4f4bf0efecee1eac603b1b339d02dad5a877465b650cb1a52f21fbcf079e0e3abebace

/data/user/0/com.live.xxlive/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzI0NTgwNjY5OTQw

MD5 caa341c5caf9ee3860199d440f73f9e7
SHA1 6387eddd2d56f6cd14289f04a33177b33e2b574d
SHA256 ecc674735ddbf4f53d4eadcc286aa0304b4b8f190434447395504556b6640c14
SHA512 e16d19db8c3e012e173bba4acc06bf59318675a9def7753a5ba336b514c10d7a325ea2edb99909ac5bcb47c47f9f33fe15edb5a41571773764479a978f94367e

/data/user/0/com.live.xxlive/files/.umeng/exchangeIdentity.json

MD5 f44e9e233700274fcc7fce08165e365b
SHA1 4b10057eb8b0d192ee2465e817cde377a6f2be73
SHA256 b4d3b59aee42cb5aec7df47338938674f09a15b2bceda231e2c6a1f7897e0099
SHA512 7a7fd2307454210ecebf33181af9ff77fe628add4ac6871eaa630afbac86c62e592609e9895edd47c6cd16d4b6a1c2eff2e78273455feb8457607dcd18ed7e0d

/data/user/0/com.live.xxlive/files/exid.dat

MD5 7f5b373ceacc275bd9fe6cb9d1dd6dac
SHA1 6a64c15903d39fcf07ca0525ecbff1468e8b549e
SHA256 d443c8dca51c12c563de6811a4500487055d4fdabac330620509be20adb998d7
SHA512 84e34619434180bb9ef70a78876ccce7b01ad24880777af6519bd864949c72b45cd2afc8d62fcd061a0434ae1b0805e7237b3700295af2a862947a4ea305d8c2

/data/user/0/com.live.xxlive/files/.envelope/a==7.5.3&&2.2_1724580670319_envelope.log

MD5 6d05a9e6c3901fa0f636a187685e675b
SHA1 7e4c233f781de1506f7483a3b9e422ed8cc43bd3
SHA256 82b38fa1271a83f8c4c55de1e15b84a6068f8c9073bc2377d6ff85b6a5caab35
SHA512 c32f460ee2a9654d1bd733e92a9fcf4a2ed7c71a826054e5f51bd3a9934a74f2b82f7778fdb8ffd241c7f50107961c2c7de3b550428aba55f01b42ce52a0a3a7

/data/user/0/com.live.xxlive/files/stateless/dW1weF9zaGFyZQ== /dW1weF9zaGFyZV8xNzI0NTgwNjcwMzYy

MD5 edafb49b3125d050c725f22a0707c31c
SHA1 15b07b588dab189382e62975362693c76876b510
SHA256 2c5bdce55958d698fcb93c2f8c4b0110dd6cd88daf7cda02f4777e5bfdd0881b
SHA512 10b8a9cedb52179f7190a6eab4d3a6117243cad0ba17aa70b6be1e62556bd5e4b54a87a27f68d847f996295f4543485183f5b69f9fb44058fc991c1b777a3785

/data/user/0/com.live.xxlive/databases/share.db-journal

MD5 0d56d03be3581396e30a5fbd909a631d
SHA1 7d55d84745d93281d4ec8aed19c182dc2a942fda
SHA256 ed4037e2dc8b536502d42cf5b56e3176d409f7cc217e84b1c73b8d578d23a7fc
SHA512 428143e4be3e5a6299e740eeda94994a9db7211500c0bce285f846e64b5bcee4bc76326537c9e509401c1bfabe3df08c6c6d22b8d059542dad887e5a1f4bb082

/data/user/0/com.live.xxlive/databases/share.db-journal

MD5 b109dca2bd1e44d87c3f60bb2fe68def
SHA1 c02345cc583df091e499de577e8172ea4327b686
SHA256 c892a70813f40052cd9888fdf0a94839aea2aa3044b4b4819cbf0f52baa1d0e8
SHA512 77e6d935d9ff3d6a4c2ce3578abe13442b072c2aa12fa6e6d035c999d3f69dd438d43785e730addf8352d6647447fc837c0133eaa9be027cdb1cadbe1d112c65

/data/user/0/com.live.xxlive/files/stateless/dW1weF9zaGFyZQ== /dW1weF9zaGFyZV8xNzI0NTgwNjcwNzg2

MD5 446caadabba20c26cde8dd0a6ae76099
SHA1 963b7f8d727cf77e9accdf1404db5acd863f5cd1
SHA256 d3a3640a4a842ba9a1b29f9e5dc3181d59852b8fe0cb59591bfcec82a4b2d7f9
SHA512 a788c714f0088a4589da0e11d22bd49d271c2cfb9c709d1dff08660aa9c52033f5ea467e5abddc9bd707799ef891e754cb7212cb42b2a09de29dd2a834239805

/data/user/0/com.live.xxlive/files/.envelope/i==1.2.0&&2.2_1724580671205_envelope.log

MD5 3e8ca1a7eef23440b13da75d40e535dc
SHA1 f7d77f109b8d612f383ede516eac76bde78d8519
SHA256 32af23a30478247f184a565d25b3b1759df0e829a84f5e3ee8ee88b514006338
SHA512 aadd563490b03ee9c8a7b16ce9e1ac71e16c361f78e398fa0e40a855df4cf8ca79d84ad4e9922eec6fa741486160950b98ec60d337d88c8d011ea82fbcc9aebc

/data/data/com.live.xxlive/databases/ua.db-journal

MD5 ecd62d9f272ed33d0e02255fda86bca4
SHA1 9e7544e3986a480a65cbde50096ff919d6ab56d4
SHA256 00561219e78bce905eb2e4847e04c8812020ad99ef3cdf13a74cb44e56946d75
SHA512 c62dc30ce218de0dc39c1de03538f2269d59d1ae871de06d484f936b74414878f1c1f0d2ed3562e34c27997a2b997864ee4f3da38c9c07f11a7dee4cba980855

/data/data/com.live.xxlive/databases/ua.db

MD5 c4d08a7e6713b987f29c13022d1b951d
SHA1 5ac0c9fbb2448d1614d18de850550b7f42d747bb
SHA256 5400b33b588069511a36d3cefb4a1984061f7851bd748b1f2c2e7f8cfea4076c
SHA512 5ad3a144c2934cd3e2e0cfecac5fcfe3c5f266842ee0b63e7da593fc3fe50d8b84305ebda4e3cc75409fd5bb75c2b1c384093a5fc1367741cd92e9f0987a205c

/data/data/com.live.xxlive/databases/ua.db-journal

MD5 f837d8bc311c4170b5734a840e5d707f
SHA1 7f5b7c631bf9f2bee855afc018fcc588600dd636
SHA256 86f4a12141f540c4ca77565ba898240667bc9d39c32ef2f6d8c6117d9ec99b30
SHA512 b17b445edd87b7d4b95cc9346966591f4c0885ae81db7271fb5960c5a25da19ae64cb857e9f771bce027345db6377f458b634de7f01ca5fd3a05f3f26549976e

/data/data/com.live.xxlive/databases/ua.db

MD5 721ea0acaee0c72818707ee5eb42a6fa
SHA1 f79b3b24882609bac9cc8e38f12ed55c4dbe9e7b
SHA256 15bad8f891adba3050ab36e94d52cf554be29afea4bf4dd0623370fcc4268793
SHA512 750f473dc88397ee13f47a3665ae9d868d197e0cfa7f4cbbf82f98230e2203d04c76b17dc4a1eab34ca98f1c463061dd00f789768fe3a0981b49a1d34bd69622

/data/user/0/com.live.xxlive/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/user/0/com.live.xxlive/cache/image_manager_disk_cache/journal

MD5 b65896c7e6e9564acfadf75ebb6b9aee
SHA1 0175af5aa2b24c5106d77eb1909258bcf7d70cb9
SHA256 4c485d3f6e8d67bc0e7e1ffacd337ed5f1e58d7d154eb7c3d28134ffdd7b6f47
SHA512 e92ed6d6721cdf15c85fb1629b199bd36c567a8146f0bd298f0366b76d012e55db66840885988de26b402ea02e695e47ee2d383db06ace03c0c0a6ccca987829

/data/user/0/com.live.xxlive/cache/image_manager_disk_cache/9080f86f56a8887876ed4fad507cf2199a2b894c113852e87f2bfc35717e1a5f.0.tmp

MD5 189e069aec5f5cb86fe08c108384aefc
SHA1 288509ad7e23ae42cc57d92553d3060e35be91f3
SHA256 010654100d889ee9495d71b99509fd9aad655fe1d476fbc029cec340295bdf64
SHA512 3f93ed8aa90c1e4434ab632cacf06a4e95e86b6435e8922511932ead3b65ccc151388c6e0a65a524dfdfdc6065a36c95d4daf2cf389cf95698f401d0d2f51649

/data/user/0/com.live.xxlive/cache/image_manager_disk_cache/afb31af1a661a689b76a95d09f06400c074680400221a858975f97b8894d860d.0.tmp

MD5 2b943d25eba202d2ce4e5674da234997
SHA1 4597839edef2117c409d676e4ad48491405ffe1c
SHA256 4b5efd5689c8e4ec1ba66b934e55e0c144583418d37a106c5740a46073e3fe1e
SHA512 35dea0f244fe5a3ee7e86775d94937ba3a44ab73abe3a51ce0fb0e8f4eec79d793636a6faf27d5b246e12d1541c11e56730c5c24789f320ef496dfdfb9a709e7

/data/user/0/com.live.xxlive/cache/image_manager_disk_cache/1a63c68bcaec41ac164115209013ddfaf5389b4d21763b4fdbd9059b88cff7f8.0.tmp

MD5 8bc3d52d1e3451da7c072c098afbbb1a
SHA1 33fa661b08835289e6442c17c36da97ae66b8314
SHA256 269044af24942c7a6f591cc1c005557dbd9bf908a5cfcc7eb171ec8b5be30efb
SHA512 48c28d7060a758af7a9f0876262c2ff52273a7a770fb3632f472faac28683ee1fff6ee2c03161ff98e8c82c73bfd5f4728713d202bdfb2d7e322e14d5fdce209

/data/user/0/com.live.xxlive/cache/image_manager_disk_cache/dd40762c624679e4d00997850b9e566b6c83f29c33e00a5d032bed7810ebf7a6.0.tmp

MD5 eb8fb0d44a02db94d9507b8c6ca1a812
SHA1 29162e1fe059b6cc848d72ff656325d687744922
SHA256 21a2a5c58e4b5de54b32f1db1f009f49ec78aeed878383f2f34584572758e724
SHA512 d4b46580bf0f5bdcc71f11e27efbb62c85e64653e2c0702f63d5cb141d5935b2869c299e61574a1005b02577ee2afe5933e7faebf3b475ee757737f5bc6b56af

/data/user/0/com.live.xxlive/cache/image_manager_disk_cache/70050b75bcce6efc36dc6e03db67d8a559c1efa04af3ef1ff02b04052b9c70bd.0.tmp

MD5 ae8222aa8b5f0e0a2483a02999dc4d5f
SHA1 a70207547a6a1b41f924bbe2ddecdd8a0ee9d081
SHA256 da0db1bf885919a160459fc5308f60c63c9ca4f90913785262c354fc8f1c08d7
SHA512 847858ffeae526c9dbb5dc72f8ee70d29f0612a758e556b64106af0376ff459abd935ca4bcbc8696d0b691344b6681247ce91d1b5d703b1e60ed745ccd74a2b9

/data/user/0/com.live.xxlive/cache/image_manager_disk_cache/2413994b1212be5cd69945f46a3ae842a985d3560acc3827de5c395dea67afe2.0.tmp

MD5 f918daa936d009a1b744d1fe09aa659f
SHA1 ad754502f97b28b72970d6fcbef4dd5d7e3350f8
SHA256 3850d105ff6893ead69f2f8c199e32bc987c51c4574052be68593678cfbe7c3e
SHA512 7e05016c4aa34fef7f72f6754943ba69eec59773c62d7106fbf4056824a15d08cda936f6e1ba79eb78ea0a52e245d08b8eda348855aaf05ddf2491bda896cd3a

/data/user/0/com.live.xxlive/cache/image_manager_disk_cache/50c9224dc5cd8e5f496e9b1f44d1030e35a9e8670a106f09a6d8ab849d7ea5f9.0.tmp

MD5 469b41b1cc377a5915f0ac49061a9587
SHA1 071725dd543b8ab27e1120e362103de111a64070
SHA256 cb7c270801cc00eedb3a00a35f6adcc47920111b4aaa287763115cb30b9e498a
SHA512 f8f95da30a112d9a8ae743576aa1651fa80fd5005a1056aeef94c38a9e01215af5da480828ff1bbc15b4c2bf5e29593d560af1471233018ae9650ac7bc74878a

/data/data/com.live.xxlive/databases/ua.db

MD5 3f6e8cb1ff09793cf3f3de24681653b8
SHA1 99ed5163ff526e2f669514eea999b8dfcd20a9ce
SHA256 a7b292a0f571b7d8532c8c15d2cb1bfc1d0fa984e91f267b1f1b4cc1477a9867
SHA512 0f5878e9fb91e905d16d33b62d80ce2679e0cec2d8cb79a574494d54dbd10c6470df36f8121039489ad4b2d1e03bcd963df4626cdee3519b81694fb4265a6450

/data/data/com.live.xxlive/databases/ua.db

MD5 a327e220b7a012bba8fd1f72bc463414
SHA1 55e19921b3be1ee1f353f9317200cf278a844005
SHA256 026361ad3976cba56a27e226871648c9f113be1826e05170eac85ffa776c6c2f
SHA512 c82229853bbb4f3fe7618102a9d6c2cc53d3f3f2884f8a1aee4412e8b07a55b936ec9d237fdb1b892665ff2fa7e967d0194d57fe91e3b127633656281260b26f

/data/user/0/com.live.xxlive/files/.imprint

MD5 c428e881104fcee1e612fbdd8b22bcbf
SHA1 1ae3e8cf82c34e44bdf73284ec4e77d3533870f6
SHA256 c91259ab134b1f0e1fbb44c856f483e301441d3f3bd1310b4e4bd3a1a4120eaa
SHA512 beaec0b97a1e0dca2e3b48a1646cb18e35a797d3a78cc68d7af82a9c023e26eb8dd058b7dbdef4eb3505e81095106f7f99b683750ce860574632b499728833d8

/data/user/0/com.live.xxlive/files/umeng_it.cache

MD5 b8fc4677a5bc1a87bee67a2fd2f9edad
SHA1 ed10fb4eed03fc4129922f842b1dca566774bc1b
SHA256 bc0714c841f0017634f7f0aace16d11d49e060154a2169c6398e0348761844f4
SHA512 32946e5279f3bbb30e4ebf1fd0ac137f4b0d1c9ef446e0ba0b0f80375da306ba2344e422f7f9d59ebd4a46b720034e9cb89be1b958c740001c10bab53a37cf05

/data/user/0/com.live.xxlive/files/.imprint

MD5 5138d855a52bdae81a7f577f6eec1bcb
SHA1 e0e7f98cb552f69ef7eef30c2b145506d96bf692
SHA256 434db45fe58878f468b59bda5d68b3f7acf9bea1cccb7dcc00fb164392eb94ce
SHA512 fcdaa59b3425a530bfaff0bec2eeb4a25e7dea232738e4bc79fdf6207dd7a2c7d3b1e5e0c86bc2219adff4efc5f0355d448d05c4b53dc12b2fc7782e6a273d69