Analysis Overview
SHA256
0b08c1a914dd791f3e6ef369c1103b3b8e6c310d17f36a667189811d8a14f11d
Threat Level: Shows suspicious behavior
The file 499d227e53e2e0df1dc808d2529507ac_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Queries information about active data network
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-15 19:29
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-15 19:29
Reported
2024-10-15 19:32
Platform
android-x86-arm-20240624-en
Max time kernel
143s
Max time network
151s
Command Line
Signatures
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
g.xqbooster
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| CN | 101.37.127.98:80 | tcp | |
| US | 1.1.1.1:53 | adv.xiequ.cn | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 101.200.234.145:80 | tcp | |
| US | 1.1.1.1:53 | adv.xiequ.cn | udp |
| US | 1.1.1.1:53 | adv.xiequ.cn | udp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 101.37.127.98:80 | tcp | |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 115.29.253.178:80 | tcp | |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 115.29.253.178:80 | tcp |
Files
/data/data/g.xqbooster/databases/cc/cc.db-journal
| MD5 | 11a59f6816e0b30f8e045bc61cf81126 |
| SHA1 | 051a2a7456059d16e1e2423dfeb8e0bab3938a75 |
| SHA256 | e64c65c9b0fde2df7d480a8f48976c3f49f7749499b124cc5631faa0f1e19011 |
| SHA512 | ba6760cb045f2e4ed7492778565ccb6b8f8ca1efd89a9dc61d0fc52d5caa0f830bb92a6ce9c2b4385bd2b886ca120f16e7e4836ace5a489cf1164a1199821f4b |
/data/data/g.xqbooster/databases/cc/cc.db
| MD5 | 5d7ea1a23af19b4340cc8d90f28297d5 |
| SHA1 | 4cfe95b23a9e98378d69c4290af81b51fbe76aea |
| SHA256 | 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da |
| SHA512 | 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b |
/data/data/g.xqbooster/databases/cc/cc.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/g.xqbooster/databases/cc/cc.db-wal
| MD5 | f1b632c16686736bd407c47c734da2c5 |
| SHA1 | b3d75815cc390ed52f05fb2524f225cf2ab2d23b |
| SHA256 | 8a6d8fc98200fa512dbe1d9d56e43f8fd99744b46447040e54e189a863ad4a6c |
| SHA512 | b9343b34cb6a2120708adf49406ad6c02c43304b4d40f6360c7e821f5e4d3e87bd931a163039dbfb7017dfff2f82601564ff424d78b9d4d0a4dbe94484fbd1cb |
/data/data/g.xqbooster/databases/.ua/ua.db-journal
| MD5 | 36597136b3fcb09955f0671d86260a7c |
| SHA1 | bf68cb717ebdb9438e1d43d9f7e3e090955e364c |
| SHA256 | b2cf811dfcd852290d1b2fe7197d1a46a871e4cd7677822b0ce8b77c67e03dd3 |
| SHA512 | 2fa62ab617dae5cd6ce47b755f3acf8710485f215e8a3984d4b5523e54dbf2d1254b972faa87bdf60a78512b57a14ddb34eda428e08309c0a4379c434ad84ec8 |
/data/data/g.xqbooster/databases/.ua/ua.db
| MD5 | 91aa51cec48d96b164f7ae5aab395f60 |
| SHA1 | 195df06d36ee6cb07f665f8112eda2eff93a17b6 |
| SHA256 | 0309ba6c36667bc32abb21badf05286f25a13d14cb9f6f25c57cf44ab3554bf9 |
| SHA512 | 6aa7e3ff27a7e690e0d12450bb47f07f7815d9086719d2f9938d9dc27df3eab43b6fdc22741ace6479e0e0dbb6907ecd9c1f28acc4f8b14b8c58e318081f70ea |
/data/data/g.xqbooster/databases/.ua/ua.db-wal
| MD5 | 6882b9969aea12306fe51fa650d8e1d0 |
| SHA1 | a658e4e4c85e58b5d350de691311656dc2f96ada |
| SHA256 | 57502742dcf85bdbfd2dca9dfe2b6b259cc736a3a62e5c45664ae09e453826e0 |
| SHA512 | 8c5d12add5e62636889c74bd10f79ab808fb2843afd3c006532f68a07d77732a7b280e8a7dbc3bc53a0ca097b895c64754449622751e995b3a33c7388626b03b |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | a3e811a6886ba374c8383b9ea98d8170 |
| SHA1 | 84956a177d4f79d396384f9cf347d2803f5d2e42 |
| SHA256 | 1c2d1e618219a9c3be3874208681da072c81f51b9a67370a889311f212de6855 |
| SHA512 | 9dfec61e024c41b423bc91ee02e5b013951ec3b89f52490d6f64b697bd66035936f546cf631d095a121a7b582ff0c88e9a9baab131f73b83e59bb02e8a23d1fc |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 096f95c383a4608c642f8534af25b1a6 |
| SHA1 | d4b2b9bfd4988780acfb0b96bd5ab911702328ab |
| SHA256 | b01dcc38d8483fe3d9ab301e9789f73a3f8b7cb36a6d09f657a095e912eb938e |
| SHA512 | 0bfe8b0910ff9bc72c9cb4de4aedfd768b60e904c03619b25a9ded071a068560d368ba94c86678ebaa91218d7410e59d6ce67237b6647e3ea9ffbc88b1855ce5 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 477cd664f372597ac3952a22c761801e |
| SHA1 | cee6a6b37f3809a2193a49a23941efa0e926ef30 |
| SHA256 | 33505835016136bd374cfcd8d238ab3c5b3ce1070088b9d8be7e299c2e41076b |
| SHA512 | 152acd60f13be5e050707868e1c34beef6c871093df86ecf79b3a6bd6bacce7aaaa5e22fd28fccc6c319828d48dabd8afbee26c99e76bbb1c890a68b97757a84 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | f512e3353368f3b71f1883f027672597 |
| SHA1 | 333788def0c002bfbcefe42cae9a94662dc908e2 |
| SHA256 | d5b064810150bd25f3a0721b8ade1372e28ca2f2b75fb8223f477f614d78c608 |
| SHA512 | e15c648a431c48992cd91763ba2eacd1b0ea500b1546ba0dc2caa40820940d1b53648b97409058f4a02e7c7a16be24bc21861c38fc73d1ee5337851bf2fd5191 |
/data/data/g.xqbooster/files/umeng_it.cache
| MD5 | ea2c8dd4e06b1adae41fae49aea41e95 |
| SHA1 | c8018bc6d88e184aa0bb89605f72d8e4548878a7 |
| SHA256 | 30ef5f8e633d6a7c339dc6630c7b0698f3004177fffe29235dc9642af344a7d5 |
| SHA512 | 78ff030368b67961e292b97fb533dac71396114a2bdf021043228388464d8dac0aa3387230551aa47960e26d4fad913d20c9631e90ac706f872d48eb087f8cf7 |
/data/data/g.xqbooster/files/.umeng/exchangeIdentity.json
| MD5 | f462cd6e8f4009c3e5ee9b008f9594aa |
| SHA1 | 07bb7c8b147c08027ce7d4ef05b1e0d11ca941a1 |
| SHA256 | bf0852f9d7790831d3c444c5f32435d542b0eda0da3116b9463709ce258b1006 |
| SHA512 | 9f93644a83110f8b1c2f7d00e7dcf83cb7e898ee10e3f7c4df64f76f61ff89e16b45a9a4e1b0eee497a6c7273a87888f35e4b4cff14ab8decb40014b9735b005 |
/data/data/g.xqbooster/files/exid.dat
| MD5 | e817597aa9e9c29b4af7f6bead1308c7 |
| SHA1 | 1b5747d90b99072c080add45965d67e6085d4f71 |
| SHA256 | 37818b7e717e6ee471f514a976c5686c2acb6e473c4edd2a3b9880498f9c2822 |
| SHA512 | 08555fd8982b3e8bddddca22717ec10481ea566524b035dff00cba1d52a089699bf383217fc5406f24b9775433becb7fbe27008e748e862201f970829d11e6f5 |
/data/data/g.xqbooster/databases/.ua/ua.db-wal
| MD5 | c41463e0ed8e7ad9e57cf58ebfafd2e8 |
| SHA1 | 1dc3fb3a0957a845c389f6c01d71b08360767da1 |
| SHA256 | c0d8948733e21e7ebff80e7a164085a6a74d0a94357f62b45492de72b3ffcbda |
| SHA512 | 0850dc9c18cde5878fa397069fcfa23c122e1c23f0115fd295e4863496843b371c27441bcddef230892f87cf8810796e2e08cc19da3f0e1b6490d75c628c40a0 |
/data/data/g.xqbooster/databases/.ua/ua.db
| MD5 | d604a3bf1f8d992cc320ea5b1f7609bd |
| SHA1 | 247f88df0b55c7d523ea5398637711a0e4a483a4 |
| SHA256 | 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17 |
| SHA512 | 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab |
/data/data/g.xqbooster/databases/cc/cc.db-wal
| MD5 | 6ea13c1fda12fb41f808f150023216c2 |
| SHA1 | 460329026028bcca9abc7d92df862f3b2a56ed87 |
| SHA256 | 656e5f1d6f77d5306c6a622330819fb5551ce5ef941e16d536ed41c4e5876a65 |
| SHA512 | b4acf98d6d07e0e2b78134634e73c3dd688bc459d54bd7f64ca1bb700dee788c0eda6e8d7f46545bc85f91d67764d064a83954168991224ee59324015233e11b |
/data/data/g.xqbooster/databases/cc/cc.db
| MD5 | ce6135aa1b1fe4f2c2db2a546d2a5558 |
| SHA1 | 79b59582154017aadab783dc266fcb158c252940 |
| SHA256 | 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c |
| SHA512 | 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4 |
/data/data/g.xqbooster/files/.um/um_cache_1729020731803.env
| MD5 | b9e340d5161882a4db6e067533d8a047 |
| SHA1 | a8f9f884dce7ccb1581e52ab6d9361561043d67e |
| SHA256 | 4502a7ccb9994704e730bff6a56f4f74429cd2f8caf3eed9e92f65c23327658a |
| SHA512 | eb047052a2e04f4597ba6fda0485bc9ca105933750077a04edf963e280d520c6aabbfc4d36f2e3f63b6b613a1a1046e51efa40fd79203da2388ab284ef4b5937 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-15 19:29
Reported
2024-10-15 19:32
Platform
android-x64-20240624-en
Max time kernel
143s
Max time network
157s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
g.xqbooster
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 101.37.127.98:80 | tcp | |
| US | 1.1.1.1:53 | adv.xiequ.cn | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| CN | 101.200.234.145:80 | tcp | |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| CN | 101.37.127.98:80 | tcp | |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| GB | 216.58.201.98:443 | tcp | |
| GB | 172.217.169.46:443 | tcp | |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 115.29.253.178:80 | tcp | |
| CN | 115.29.253.178:80 | tcp |
Files
/data/data/g.xqbooster/databases/cc/cc.db-journal
| MD5 | 6c65a8de9f8e216279bd998b4c3e961c |
| SHA1 | 5c35aa16828106b207c66f475a2781d07a67055e |
| SHA256 | 3d2db116b1fb242fbfac883aaa9da589410ed2ecd7c2a4cb67d9ad9b45174999 |
| SHA512 | e64f929e2b221ffbfbd419a978f905b3ffb8eb1522898256ef4fcbb31e947ccaf1a4d801c8fb0415e3e55dc75cdc578d73466a923815cd95795ca0712372e96c |
/data/data/g.xqbooster/databases/cc/cc.db
| MD5 | 0908e924aa236931dc7166fef6e00862 |
| SHA1 | 7782648d6d8f6e835bd47058d4852932c096a467 |
| SHA256 | 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f |
| SHA512 | 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee |
/data/data/g.xqbooster/databases/cc/cc.db-journal
| MD5 | 58eeddaa5c13c1849c48cbfa7bc4cedd |
| SHA1 | d021c80dd71b1665596426dfb60440d90b500879 |
| SHA256 | a3e4fe7b4e81cba92ab2774d0b1e0efcc417e8e81166909c27428745adc45ef5 |
| SHA512 | 191ef4d86b7d02ab8a32a2d1c5409bed04057f46c2ef71888b3b4deb770775a19df7d048135c0b9c2ab496e2eb58110aedc11c5dc096fb1dc0a840c18abc6d0c |
/data/data/g.xqbooster/databases/cc/cc.db-journal
| MD5 | 6958e7cfa4c1b0f3f779d2de0b58dee0 |
| SHA1 | c338cdbaf75ba3051543c85f96241414e14b1762 |
| SHA256 | 2de3d4dfebd4adbe2958a3bf40624b8047a4d5014761a9c0f2a1a6ce1187207e |
| SHA512 | 7e393bac8fe2af52afb4bc6d08d02e2352bab70acde59502e22d502cccbdf0acace52e389b46d554f55bf6837deb0a85dba09fcf4a654ad6d298b363254a7bfb |
/data/data/g.xqbooster/databases/.ua/ua.db-journal
| MD5 | 75a6ba0fc2ed69b20adaa5014dc77248 |
| SHA1 | 5b22b455afbdeea06ea56bc3df6877221c835fe6 |
| SHA256 | 98b2e758a177f773406b4755fda92fc48b669cb4c1fb79dbd6eb190b212825c2 |
| SHA512 | 3caa191dd212b6d187fc7ed6a5987d3483d7bd241cb467de8101db2ab4f37a02e7c3f7eadeddb9ec57e03d28097280e62a003ca369084d4b8fd1888e9dfb0b07 |
/data/data/g.xqbooster/databases/.ua/ua.db
| MD5 | 980e560befd1a01fee13025a03a396fc |
| SHA1 | 570c3ff960efe4ecddfec15d024e8febb66403a0 |
| SHA256 | a876727a5ae1821832849b6e8a4c9c2523888bc52d62744760017ffacd22b5c4 |
| SHA512 | 69f9db1ccfaf2f084d8643fc4e76da84d4241b2cf4155d1f345adfbf6bd0adcc45f53d2a0e89b4bce6d2a0789d71f68bf19abebc1ec396eb13ed12fee9660cf3 |
/data/data/g.xqbooster/databases/.ua/ua.db-journal
| MD5 | 3801fde58b06bd4c14401d88e3c20604 |
| SHA1 | 0f40b68f2ff33375eea813fb93b59ecc9a2df4b4 |
| SHA256 | a8afdaeba76053d770c20f582d93d1844f43f31d8989d500e61d28c8bfde1f24 |
| SHA512 | 0a56f4ccd268cf011b9eb9ab6441c810f6ecdd4d7ebb67172d12dd6d151e13bc23e7a08528cf9a1c0849a362d089be1a2b2e3af77657bfc4c5e96244a82d4802 |
/data/data/g.xqbooster/databases/.ua/ua.db-journal
| MD5 | 73a3de1936fce46f9743f023d9d3a633 |
| SHA1 | 7da689510bc961b360ba1140065ed1c4e57a19c6 |
| SHA256 | 88dd9f03571dcc463c3b8167de5ff6213cf1b655719fc47207b707b47b093fb6 |
| SHA512 | a1dfae48fd1cb94a031446d0fdfe669a170eb65d0d182c2bcf0934836556d60ef4bc6aaeb10e66f28ea0c2959b825da0255a72de2bed4d59aed4ff57ea6ed8bc |
/data/data/g.xqbooster/databases/.ua/ua.db-journal
| MD5 | 980b511153858c9c10eb75632a00f858 |
| SHA1 | 265c9e36bbc81e27dc048ae58ab9507c09ff6bbd |
| SHA256 | 0b84407a42c161e4f5976686753fe3e03fda658215fbabf165d5fc483c480700 |
| SHA512 | 94feb5ad96a22c25db36f24aa4c032aff120a09a7bb1becf59f184a83c3227418627bff8ed7721c588cc2e2b3cf0203c1164ca7b1d89112147b046bc538e9943 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 0df63f381627f43dcbce3c3a301b174e |
| SHA1 | b6f24b1d270268f47b4e97dafa17c2716533e753 |
| SHA256 | 0cb48b9573e9d1c8ec2e8381a412fa6785009eb91fd38c4f9e4eb19c2b1d33be |
| SHA512 | 47fdcf6ae7d8edf064ffb72b03d235c61d9cc116d2da4a029d6b6ec607fe90d661195fd9ecf1948c21d4a7f2da1031195c18aecd0c1d71d4994a63f5644e2346 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 6b671d57925a60542bc6d6a0c1b91b6a |
| SHA1 | f008b4ac8701643ba88daf34860fad2cd34f98fb |
| SHA256 | 6644989a8e988bb6b6db5e1e03d6f18df0b276473ae8e570d94813a53d51ccb8 |
| SHA512 | 6c8769460cebf91749ad2b302956f0164c2ebf94a8edee8022b69890c19865e60a6b401d14206e2bd60f33d04b19fd5155ca3721e1ff96c556b3372a0c8a0e17 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | a18be682db58409e3fa7576c2bda6cff |
| SHA1 | 625f308d4f2d88141ad8590c5c1670e4ef336f73 |
| SHA256 | 319470e6da1135fbaf8806f5a5fed632848942114841850a5d70b1df2380fc4d |
| SHA512 | a4ad92032e0c73b0a941cd4921540a48ad9f4f128826d147135aca13d4b0d2a52ae15f6757266d2736eaff14e637907fd76403a28ece3131211be1f63a03c15c |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 03a2eca7399607e1e31bccbb39f70e12 |
| SHA1 | 8bae38625e610896faa23d9afebfb049e2ac27eb |
| SHA256 | 648e754f6cbc41a2ee6048d0be7ec352af0f9fe3e081854bb8f8be352e29dc28 |
| SHA512 | 3a4c633513f4346eeed31197052d825582a0ebcf327410f46be257864dfa868ab122765fe82649abbef062477dec2007a824dfba16bbb444395a067ed7b9667f |
/data/data/g.xqbooster/files/umeng_it.cache
| MD5 | a3e4d765d9e22a2b327760a6a23c55ba |
| SHA1 | 4a9bf72e9dbf8fef7457b80ee8dcf2ecc0bda9fa |
| SHA256 | e2589f7b15f5b3450186806282234bc65f440102f0d73199f71b45692aacc472 |
| SHA512 | e5ae31c91544407113ad2e81056e786e7828544934473840fadf90f2d2d312bc748ecb00cf6b88aef5df1b64c7e6348d36713b1265ed661cf5b5a75845b07138 |
/data/data/g.xqbooster/files/.umeng/exchangeIdentity.json
| MD5 | c4503dab92b509579a6387779bb43dfc |
| SHA1 | ac007edea707c9a12a746bff62c9c11b2f612884 |
| SHA256 | c375aefde30a4efbeb00272ed3a7c009da89dbcceb09523b977b3501f3643f95 |
| SHA512 | 0597927cb157a21a4bb6193a04d9c91aa639c2349de77a09076007604650a4f8a0091a98053f9f2eab73fe5340b07a486737e70fe7b6f5c8e0148c80b1fefc9c |
/data/data/g.xqbooster/files/exid.dat
| MD5 | e817597aa9e9c29b4af7f6bead1308c7 |
| SHA1 | 1b5747d90b99072c080add45965d67e6085d4f71 |
| SHA256 | 37818b7e717e6ee471f514a976c5686c2acb6e473c4edd2a3b9880498f9c2822 |
| SHA512 | 08555fd8982b3e8bddddca22717ec10481ea566524b035dff00cba1d52a089699bf383217fc5406f24b9775433becb7fbe27008e748e862201f970829d11e6f5 |
/data/data/g.xqbooster/databases/.ua/ua.db-journal
| MD5 | bb939029070eeaea1fffd317f3ac2631 |
| SHA1 | 6c9fc4c90467aaf0d35694ffd0f2fa97592662ef |
| SHA256 | 3f39db6015c7f7fb1b9035bbb9fbfbbc626909a5b8951fc926e3030964add316 |
| SHA512 | 146b169e3f6046c1f759112e10c9e1029b66091534800286601020c8a06cd340e6ff4a163dffb3cf32cd1535bea793a32e916f3b056e7f14e3072831316fe95b |
/data/data/g.xqbooster/databases/.ua/ua.db
| MD5 | 38564ad4c73e5619bc2264b0c44997a5 |
| SHA1 | e55f6fe1b20347ad4cd58d77af0b0feb149f63d0 |
| SHA256 | 1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8 |
| SHA512 | 30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d |
/data/data/g.xqbooster/databases/cc/cc.db-journal
| MD5 | 7eea89272a94aa2841c466582b995187 |
| SHA1 | 587ebb7bc8760f6aabca68365ff006d1d2171210 |
| SHA256 | 6e99837d40ce80e26594bf928b71a901ebc44ac641e93bf2d4682358daf579ac |
| SHA512 | ebfbf731ee49d6adbde9402196a4f9c8a8147e37f08a391fe542cdf141f905fd04d9970f1df2eb775e2f5c8961b21d4c4ce065d9a50c4247309fec96275ca646 |
/data/data/g.xqbooster/databases/cc/cc.db
| MD5 | 67c12933d1e0e63d9801a6aa43092ce7 |
| SHA1 | b6936908554e4a1986b8eb08289e2d3545e8ff74 |
| SHA256 | abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40 |
| SHA512 | db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd |
/data/data/g.xqbooster/databases/cc/cc.db-journal
| MD5 | 6a53fdfcb3b2db6b665dd7fd568911ca |
| SHA1 | 5575d441ee1a3aa332ecbf4041055a3feb8b9ca9 |
| SHA256 | 2d8f3edc5e105bf34eb0c44ed8869fc4a9cba0f43b4a405faa17e8a384a5054c |
| SHA512 | 9e344848e10e99212ea92695f7d3bd9c9e00d6cf8950c18f1375957abf1188baa645e05d4e3d92b3e88d3847b4d44fa2796aa147f98796184a686b772a80546a |
/data/data/g.xqbooster/databases/cc/cc.db-journal
| MD5 | 0c5cae18f877097a06c881240e0541e5 |
| SHA1 | 37e1d8cb9d95defc8d9d7bed695d0d84829362b1 |
| SHA256 | 40f83f3a7b51b4e1d62fe4fbf3a2e574100a9978783323ab26957b401f3d7d31 |
| SHA512 | 6fb0fb9599d2a697adc6a9f4e58ddefc9b889cf87679f400d601cfba93a79db2f46fbb9a63e639d510eb33c26d6fed4c1acd397090de9c73f095c2ef8fd0f251 |
/data/data/g.xqbooster/files/.um/um_cache_1729020722292.env
| MD5 | 03ab41d4b93cdecc35539f711bc04f5f |
| SHA1 | 99f1b2ffec2e7a9ec994e03c5f090d85289dc1fe |
| SHA256 | 97c7c0a038545ea2d6d33ad9eb6bbf441a4abc785e3eab82964a796bcd32c4a7 |
| SHA512 | 02a420e0012f4a61cfd03f662654fe00dc2f8c5f1227081ca3e8e6f380a7ba12fd82389766f766c578eef9b3f6e568e09c4ae493395bd0f08a702205f7f77a5b |
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-15 19:29
Reported
2024-10-15 19:32
Platform
android-x64-arm64-20240624-en
Max time kernel
144s
Max time network
155s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
g.xqbooster
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
| CN | 101.37.127.98:80 | tcp | |
| US | 1.1.1.1:53 | adv.xiequ.cn | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 101.200.234.145:80 | tcp | |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 101.37.127.98:80 | tcp | |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| GB | 216.58.204.66:443 | tcp | |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| CN | 115.29.253.178:80 | tcp | |
| CN | 115.29.253.178:80 | tcp | |
| CN | 115.29.253.178:80 | tcp |
Files
/data/data/g.xqbooster/databases/cc/cc.db-journal
| MD5 | 24afa22537a75dd7b44897a9b41349cf |
| SHA1 | 404677f2949ef631323d255bda4505fdb4378f0b |
| SHA256 | 1ff3a20da732c7c2e5803f80fcb66017bb09e3c573dc7167d54a6db268e0c7cd |
| SHA512 | ed5a2c7c1e347d4c5cf838a1cca16d5993a193804c9fedaafa5a3c088e8a3d7382b933053766fe57a0df7c2e39578f572a68bb011fa25e7ab7f1206a277171e9 |
/data/data/g.xqbooster/databases/cc/cc.db
| MD5 | 4cfe777c9f6e7859f5efe2197401d8e5 |
| SHA1 | bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a |
| SHA256 | c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231 |
| SHA512 | 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de |
/data/data/g.xqbooster/databases/cc/cc.db-journal
| MD5 | dd4d9b0afe8fdb9e5131dd2cb9e03d53 |
| SHA1 | f027907e608c36fcf1b937ba3d31455c321776fc |
| SHA256 | a1e5764b6a3da771c3bf5d5706afbf5dfc81ea5b44afa6514e0192b88e86bec8 |
| SHA512 | c163a43deb35d57fd4298ab05f206a2a3c26ec14e5b7ede50ddae84b7ba76435e2478327b6d9cf7bb6c93bfe820761b63f204f173c12503a23b5d68271e2140c |
/data/data/g.xqbooster/databases/cc/cc.db-journal
| MD5 | c2a83af8837edf01b7ac8f09de4e6568 |
| SHA1 | 8ef0608512179dbf2fda199720423b17940ff119 |
| SHA256 | 4492debafdd44e9ca1ff863b4634dc3c28200b25e3ad08debe641717c7dd717b |
| SHA512 | 8d028dba4052c9ce39d466f93e353b0b1ad6de7360e9e9e55d019f7f1bf6d6e3f6b8ee698b8099c8bc1db7d899a802ae469a0ccae002dc38deb37b7ccfb13b0e |
/data/data/g.xqbooster/databases/.ua/ua.db-journal
| MD5 | dbb49a7e1f0621f0b4bacc19923676f8 |
| SHA1 | 58893453acfbcd367f6478a73bd306e671661e65 |
| SHA256 | 832ea3c0c00bd3feb9d4a8c534e95c7c6e9ab8c0a1e52b2a07db77a5d6f0d3e7 |
| SHA512 | 23d7559f187b4306f269345fdaa8752a34bd3fe23459170bc1578ba4a3d171cc0d79b757c79de1a4fc457e733c82575be2cb502f142ef7b8a910aa942abb5704 |
/data/data/g.xqbooster/databases/.ua/ua.db
| MD5 | bd4bf956fe2d4122742d80bf9669abb3 |
| SHA1 | 86d38865d857c5564df0641172640a79e027f4ee |
| SHA256 | 41d7fb934643cb4d678613a689a9f6c6ee229eb43866a436403a6fbb0b226779 |
| SHA512 | c2940ac597758a01ac954207dcc2356e607682c2f72fc6e6153fce59362dbd2edb2d9cda4496e02d95fc8ab25f928c963991688b22501828d57464a8439fed60 |
/data/data/g.xqbooster/databases/.ua/ua.db-journal
| MD5 | b7669c358c20616436047bb721e779bb |
| SHA1 | 7731277daf1e332ec9846518b2a98a8b6c1e36f0 |
| SHA256 | 702a0188329c94d03379837257bc7f65a9aff24a055b9ab66c80e2e73fee6e14 |
| SHA512 | c85ea72c8ac7e6774dfbf24e0dfc5ea62b715907f90ea8d1dab56d7354ec29c5c75506ae879d53182c11641f12d32250be309e3a7f0955c8e6624d4e50ec5253 |
/data/data/g.xqbooster/databases/.ua/ua.db-journal
| MD5 | 12a8dac0be98f7b92c568462a8c18286 |
| SHA1 | b3ccda2861c3e4c847416ca14b3d1e875953f93e |
| SHA256 | 146892205dc9b7cabff8b611b60852c455ae0124aff9a6078ae9a81de0b69d90 |
| SHA512 | 69f5800588b043096ca9c81dec26c78032e3680efd59cb43e38564035419c9ee138e395d4cb96dda568904a41a18ddf4408431f85415f23f76d02e75c1b7d356 |
/data/data/g.xqbooster/databases/.ua/ua.db-journal
| MD5 | f146f068056f537742763925c45d5faf |
| SHA1 | c8ce11d799b6fa57adef3c0643363fd13aa4ef5b |
| SHA256 | 231ec8d786acdeeee19379f17f09e91929e6b8fe19ca112756e47634bdf4e5c0 |
| SHA512 | 6713d4806d65d959ca6cc491da8b254c8a84cc7ac37cf380cf15b511021c89ff96744be69905c74ce38b995a5fd665dce317a3e8d4299716ac20b16487d6d895 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | acc5601132d8cc0e96bbf81532ead76e |
| SHA1 | ca94dc051c53656ea878505cc86e65a9898d5af3 |
| SHA256 | c0f6cf916809cba95e24ba720d963b14de9e21be0a4f1991ef21b1def2ef231f |
| SHA512 | d4e268f7e66e969fd9a65b4893a70cd4197dd14cf5373fef316cbd36cbd97e8d76eec444838f1e08ae31b7f3907d2b4c769de4cb8e031a28d40d22887e8a2ec0 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | efee9c7d5aacd9a0ae18c14a484b1d67 |
| SHA1 | 0abf6b35593a1ce6cd4980739b6faebab87d5a00 |
| SHA256 | 3923306d360066c76d3e449dcb327184b0741e088a182246407c19b01e2e4dc5 |
| SHA512 | 5694cfdf6fb3d086e96e28aac9833b4d4b8f99978ecc0d58b43e67eaf9ebdfc6e9d498ef64c8f97f08080d446d8877c75e6a7b61b71b0e8c63d96852c97fe1a6 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 1e2da67a7aa0ad3bb2fe4ecb7f19d3b2 |
| SHA1 | 92f4c459f7b86dcaf2411cdafc7dffe3fc9aafed |
| SHA256 | 05384e5580eee6e4bdb0e7e0fafc65d3077b0bdf280e5c52bdbd9f04c46c7bb1 |
| SHA512 | 716be4ba905c59e32aeae22d951c66e6eaa3d303c0a0d6b33e0073924f2637f57fba2d31b97d52833f6f49efb74cbf6eb329c2be3aec395b1edd7243c26b24e2 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | e8332d2742fd831b86c4dc15726be99d |
| SHA1 | fdd4dd58a5ed12f6ea7fe5781dcdfebd2029eb11 |
| SHA256 | 09770d2dc2114e735b705e9371b9e9e85edc7ca121a21fc10390c0c4088e0dcf |
| SHA512 | 2be09ade0d37db38244a5d83383a5ed0fe06781cdec27ea9c065224076574f11f703acf506b32bd5c36c6205ac395266e5b364920cf651a30f4aa489179475de |
/data/user/0/g.xqbooster/files/umeng_it.cache
| MD5 | e6e5aa9fead140bbd47c0cf6d002cd30 |
| SHA1 | 58b5c29fce493a0e41099c54537f7fc28e1b64ca |
| SHA256 | f75f2a581694ae989a7a91de6fec7d9e326ba9b3c5ffb949958c047a7cbecefb |
| SHA512 | fa2f47fd722d7a66474f9f96e124201222a2807782f1ff021c896cfb840cf87e104af9d070f602f1c5a19c954ab83f03c90c69b73b9f551ea1e30e4d92ce950f |
/data/user/0/g.xqbooster/files/.umeng/exchangeIdentity.json
| MD5 | e0e6f1dd185d0e0b79d1d64b6c4b63a3 |
| SHA1 | 2b85d4e1f758734b44606c265ad5b119ddbe52c6 |
| SHA256 | adf9f5002ddc88100039e321ab229fe1b50e70c4cf845fe2c06741ecfe396e66 |
| SHA512 | aa377e422b37225976275ec0d26b0d4c36be7fb8ea773ee49c45fb7aa702682a78df1589183577b46b79b9c8a8c5c6e9ccbf7c4b9260581736378ff6b3e0e3c0 |
/data/user/0/g.xqbooster/files/exid.dat
| MD5 | e817597aa9e9c29b4af7f6bead1308c7 |
| SHA1 | 1b5747d90b99072c080add45965d67e6085d4f71 |
| SHA256 | 37818b7e717e6ee471f514a976c5686c2acb6e473c4edd2a3b9880498f9c2822 |
| SHA512 | 08555fd8982b3e8bddddca22717ec10481ea566524b035dff00cba1d52a089699bf383217fc5406f24b9775433becb7fbe27008e748e862201f970829d11e6f5 |
/data/data/g.xqbooster/databases/.ua/ua.db-journal
| MD5 | 04a423b92e6f81065aa2110e946138d5 |
| SHA1 | ae1c30aaa63e1addc05b3354764a968333e6ba22 |
| SHA256 | eac6cc902b7687f2e941417f6c3d9854c0e72e7d17ca78abe402fb2361816b7f |
| SHA512 | 3638ab2038e360529ad540c8c21ad17e04cfd261a8d4ad6f96913dc7b3a768ecf5f8d369230713c3cd7dc8fbc65ccc804dcc0c7172a98a03eadc55f2af475c25 |
/data/data/g.xqbooster/databases/.ua/ua.db
| MD5 | 4cac7d31fb94d5c9581893537f64c5ed |
| SHA1 | 96bef3288546196ac3058b5eeddbe9da1d999fe5 |
| SHA256 | d1b111041f8aab3269f3da846b2ea199498d99f6905174a9d641f0faedca41c5 |
| SHA512 | 0ab95e51a640148ac007d47afd5b9fd03ae5a3b9053e5e19a4f0b8089e17e41e311790ee9fe486b6752926799577bee041ed67b64d8772794e9d2329a96ce747 |
/data/data/g.xqbooster/databases/cc/cc.db-journal
| MD5 | ea3229c77adf666a0c1153aa31b53ee0 |
| SHA1 | 25c7286388ce2f891a0e891e9fc0867ee28fb1da |
| SHA256 | 831d1193d118f5c3c812e4d56994c780a65ab2469de3fee24652b61be4668269 |
| SHA512 | 61aff3e7d8a4fb518019ba528f3f576be84beffe09c772f4276030ebbcc830a0262948d91dee95c26d8922ccbd4043a9477c0afeea845ca67745be5a59e01ecf |
/data/data/g.xqbooster/databases/cc/cc.db
| MD5 | 86752a4be6564d8370f2f0e403995003 |
| SHA1 | 29f7d50675f6e59f3b808eb6dcc8619384412115 |
| SHA256 | 50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c |
| SHA512 | 79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec |
/data/data/g.xqbooster/databases/cc/cc.db-journal
| MD5 | 5b9758e11e6ef407741f93b79c5ecc54 |
| SHA1 | b27c236991cf91bc9e537d63ad7eecbdab153145 |
| SHA256 | 3c9aa14cad7bbf8da0e78f088add84a1afddea859d5a9eff8fb2cf725fa79dca |
| SHA512 | 909b9aaaaf863286f97d00f663399a25b8713b8bf5522f5a1a32d93bf886248fa8e22c75ce8f954d8ffb486219084d48c92f02fe19cdde1b339c4aa532e140d2 |
/data/data/g.xqbooster/databases/cc/cc.db-journal
| MD5 | e2ab8c591be3897eef8eb68f1be044f7 |
| SHA1 | a788737db1f91adcf1d6c56adf1b6fe63fee6585 |
| SHA256 | bf9d1cbc2a35a9723358028b8e75af9e89b56908e15541dcbd845d96f130360c |
| SHA512 | fb65c71bd0d61f2dff84e7abe99044e89d5b93cf42af648402b48ae24268ea540c99de65a9520671796c44e838ff43e2466cd6fb68b7dbb833968ec257c67ca5 |
/data/user/0/g.xqbooster/files/.um/um_cache_1729020724450.env
| MD5 | 3f5e56a29486f26678c999d1938c58ed |
| SHA1 | a9af830cf446fb009bbde1aa802ae695437ba665 |
| SHA256 | 2f9c86e1808871ba9652eb64cbbeea9747cd0eb4a72fc3887c286b728ee14869 |
| SHA512 | 700625af6ab555b3ce88da604f779359e845473cbb249b3c43eb7858c3d2da91f0f7ba220e716aaf23a935b3ef87eb0f259166d73ea7ccd025b726a2af48a4b0 |