Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    03/11/2024, 05:26

General

  • Target

    89d6c2a127f7c9ddf6a6ec6da574f93f_JaffaCakes118.apk

  • Size

    17.8MB

  • MD5

    89d6c2a127f7c9ddf6a6ec6da574f93f

  • SHA1

    78b984ea653cbcab11d986e4914168c0e3e75e37

  • SHA256

    5c7d3f0cd0b7678fc3f328f2be39d8418875e9d9e77515c67d310fa9a5c51e10

  • SHA512

    06406686fbbc02690eb8844f67a36bb4e10f74b518dc4520545b9cd097b5be1c84a6c57549f6e053ee8a16a29f5f79ac00f55297395b7281056db98570a3179a

  • SSDEEP

    393216:vjnw/vXWKl4JUqnxRkwd1f4elNJMr7OmuK:vjnw//WlU0xRkw7wCJmp

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 7 IoCs
  • Checks Android system properties for emulator presence. 1 TTPs 7 IoCs
  • Checks Qemu related system properties. 1 TTPs 7 IoCs

    Checks for Android system properties related to Qemu for Emulator detection.

  • Loads dropped Dex/Jar 1 TTPs 9 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
  • Checks CPU information 2 TTPs 2 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.libin.wealth
    1⤵
    • Checks if the Android device is rooted.
    • Checks Android system properties for emulator presence.
    • Checks Qemu related system properties.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4217
    • chmod 755 /data/data/com.libin.wealth/.jiagu/libjiagu.so
      2⤵
        PID:4243
      • /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.libin.wealth/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.libin.wealth/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
        2⤵
        • Loads dropped Dex/Jar
        PID:4295
      • /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.libin.wealth/.jiagu/classes.dex --dex-file=/data/data/com.libin.wealth/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.libin.wealth/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
        2⤵
          PID:4489
        • sh -c ps
          2⤵
            PID:4555
          • ps
            2⤵
              PID:4555
            • ps daemonsu
              2⤵
                PID:4582
              • ps | grep su
                2⤵
                  PID:4601
                • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
                  2⤵
                    PID:4725
                  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
                    2⤵
                      PID:4745
                  • com.libin.wealth:channel
                    1⤵
                    • Loads dropped Dex/Jar
                    • Queries information about running processes on the device
                    • Queries information about active data network
                    • Registers a broadcast receiver at runtime (usually for listening for system events)
                    • Uses Crypto APIs (Might try to encrypt user data)
                    • Checks CPU information
                    PID:4467
                    • /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.libin.wealth/.jiagu/classes.dex --dex-file=/data/data/com.libin.wealth/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.libin.wealth/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
                      2⤵
                        PID:4671

                    Network

                          MITRE ATT&CK Mobile v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • /data/data/com.libin.wealth/.jiagu/.jgck

                            Filesize

                            4B

                            MD5

                            d8f407cfb82e67b17212ec79cbffcc9f

                            SHA1

                            28127db66dddf2ec2ba2ee0773d3a970a0d8f32c

                            SHA256

                            a9ec0186cb6f435e973962642c9789d9028be283ad9b9f607386765b03222f8f

                            SHA512

                            455aa8da60cb4692eee86f4d47589f1d45a1c03ff2ef819665c98e568e3a2be091d741f3f7c135b6b195ccfea87aab121a30bcb8c81e16623917199526ad3615

                          • /data/data/com.libin.wealth/.jiagu/classes.dex

                            Filesize

                            5.1MB

                            MD5

                            1844b080ea9012c2fe191ee9e6fc8999

                            SHA1

                            41d76d71bd077c52a595324318d2f5ea88d7077c

                            SHA256

                            ee6eb4571e750887efbf0a5d0941dae8dfc05c8480be2599c68af94d15b28065

                            SHA512

                            7f113112fdbce66d58a8035adbf58d04290bfbc3b5389539b703daf29598c60c43dca43c0da5931fee26cc7bddacad1e59b8ef935d40f543a2ea31b1f49cf345

                          • /data/data/com.libin.wealth/.jiagu/classes.dex

                            Filesize

                            6.7MB

                            MD5

                            da20e18e47e6be0df376f94858bc09e3

                            SHA1

                            9a79cf7d62b7931989c02b5964daa121444764e1

                            SHA256

                            d706e8e1b139b7f3c315d18741aaac09e7cd93e2afc5066bfba014339a624803

                            SHA512

                            1fe24ec55a94f3ece3711bdbe6aebc599640a341fc52bd0688da5992fe6f351f694f880e472b4c125afbb162747d787244bcb891565fcd5a381688df64c55f9d

                          • /data/data/com.libin.wealth/.jiagu/classes.dex!classes2.dex

                            Filesize

                            3.7MB

                            MD5

                            e3a154f700d14b0e2ffa9545d9e85e1b

                            SHA1

                            0e8543fbb086468e6342dff4979f8fc0f45aebd8

                            SHA256

                            470e4dc2dc74405e86d14ccfb547301dfb17eb8572709db9bf9ec6af0ed3fb0c

                            SHA512

                            e77a14a79c25fd9c2c7ece695906320c407d23abbb42ad22f77b874336a96e886fbcb8700d8bb177976d10bdf318bd3fa0ac8000a3f605a50472b3c01d02a2bd

                          • /data/data/com.libin.wealth/.jiagu/libjiagu.so

                            Filesize

                            455KB

                            MD5

                            e5a53000766ebc433b27d6a66ec4f555

                            SHA1

                            2c8f53f1c03aec2005bcad67d731f07261dabde0

                            SHA256

                            78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

                            SHA512

                            370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

                          • /data/data/com.libin.wealth/.jiagu/tmp.dex

                            Filesize

                            284B

                            MD5

                            f1771b68f5f9b168b79ff59ae2daabe4

                            SHA1

                            0df6a835559f5c99670214a12700e7d8c28e5a42

                            SHA256

                            9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

                            SHA512

                            dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

                          • /data/data/com.libin.wealth/app_06851326-179e-4f06-8472-d5e78a1ab259/be7b7b05-7ca6-433e-b4b8-e26585aa3a9b

                            Filesize

                            98B

                            MD5

                            2581ededa4c4cac1428f7c5d0f44c846

                            SHA1

                            f4f8f27bc9e746a060f34a20c1a4e9fe70544c43

                            SHA256

                            2e33363c8f9b3d09fe7057ab73b3f859dcaf63488bf570845b9afc597b66876f

                            SHA512

                            ccbd80bb7b3cbd1a77c82162f9cd6846b004d4b62128d8002df759b8b373d3530a90b5af9ee0ce3e891fe41abf7b2b9c022794bf31ac3bbbca0ecf8a589dec8f

                          • /data/data/com.libin.wealth/databases/MessageStore.db

                            Filesize

                            48KB

                            MD5

                            5336f69e3ef00ec21a1b62ab89f3d4db

                            SHA1

                            a338a36f8eec54c41410dad524993ef369c8b0f8

                            SHA256

                            158c61f8e47697a94c244d1c1e43d0a1d1ef3f3b767ad2f29db193390e54fa23

                            SHA512

                            bea4461759923da95f99510e59529e1e1af40cbf103b8e58ffd2acf0bdd84956acea798c1e65959dd5fe33efdfaf361d072857c10cecb431566219b649120606

                          • /data/data/com.libin.wealth/databases/MessageStore.db-journal

                            Filesize

                            32KB

                            MD5

                            ca3446a2d922c1368d5d9581886289c0

                            SHA1

                            b319b3453433c71689df68cbdff66ba395a10e72

                            SHA256

                            5b1caa63cca647e73af8a4f3ee0eb678b6543258ee59758a4229cb2ed155d34c

                            SHA512

                            cce63874f80c37574579be9908e716abfe802aeabdc5d351f7de10e11d71b3fb42b8673f9397ae7c2f1cef03ad46aed5431dba084b0d278511560af8b41bf9d4

                          • /data/data/com.libin.wealth/databases/MessageStore.db-shm

                            Filesize

                            32KB

                            MD5

                            4b492295253351e159fabef29271146a

                            SHA1

                            6c24f3e577a459b1f094f55a67186a291ed0fcf3

                            SHA256

                            cc8fdeca38c9f0979abca03d1b7d5ace7ca975c717a3f5d36af95aa3a8f3ca61

                            SHA512

                            baca97b5580f0f7d379af04df71098d1f8b8b2d22a308fc23fcc0705684c25ffe68c0cfc8e6d8f2b70d4b92f7194f00d8a939a37d903c9ecdb11bc3583f829a8

                          • /data/data/com.libin.wealth/databases/MessageStore.db-wal

                            Filesize

                            100KB

                            MD5

                            267d34a4a33c3c5320b9ec340f272ed8

                            SHA1

                            243c469e979489af4ef34322824c608f23ad6ad9

                            SHA256

                            aa62df5c2b92ebde033ad609edbf912bd84552ae0d01d8c7553d847ca5d37c43

                            SHA512

                            1bd4056299c7a2deb0d192e9822eb2d9a18fb880a364b845f08706332596c87aabeb9b1b9c8fc9df0bf81603eff2dcfbd66eeb631261de161a27ea4ea623bdac

                          • /data/data/com.libin.wealth/databases/MsgLogStore.db

                            Filesize

                            4KB

                            MD5

                            f2b4b0190b9f384ca885f0c8c9b14700

                            SHA1

                            934ff2646757b5b6e7f20f6a0aa76c7f995d9361

                            SHA256

                            0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

                            SHA512

                            ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

                          • /data/data/com.libin.wealth/databases/MsgLogStore.db-journal

                            Filesize

                            780B

                            MD5

                            7e053b9ff60cae27ae8ad21d21632932

                            SHA1

                            674652aeea091ccc87e35cbe782b4c597c5e305f

                            SHA256

                            9573c317dab83c2c53eb65fe9b054b7888c116aa35f487ab26746e3ec383c9b3

                            SHA512

                            75dafacaf80780cb0140f5320234af957ed75a3af837069b52b1dbc44e67bb2e08f14dfafe1c3ca276e75b228c47b39f62a5d482fbdfb943d99f7e22ce5f4c8e

                          • /data/data/com.libin.wealth/databases/MsgLogStore.db-shm

                            Filesize

                            32KB

                            MD5

                            bb7df04e1b0a2570657527a7e108ae23

                            SHA1

                            5188431849b4613152fd7bdba6a3ff0a4fd6424b

                            SHA256

                            c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

                            SHA512

                            768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

                          • /data/data/com.libin.wealth/databases/MsgLogStore.db-wal

                            Filesize

                            68KB

                            MD5

                            5891e61027243ffaaf3748943889fd8e

                            SHA1

                            663ac8e95bbed03941d3d837082a96fdd8aae5e2

                            SHA256

                            abe025397319046c78156c5ae22c037db8dec3adae3c533bff93003565cfb27a

                            SHA512

                            361453fa0805ae9ee509d692880cafbe537c10b70f915a54bfca905e43b9af00fd750b1f5102f191403c1eea94079d956934889920ae7c714e3a1fb2ffd051d1

                          • /data/data/com.libin.wealth/databases/accs.db-journal

                            Filesize

                            512B

                            MD5

                            32eb5c18551ff9cadc162c1357c95340

                            SHA1

                            ef77d8361009c0d97e0520f6afb099d17c36b944

                            SHA256

                            ee782a44bcb7b2591b683fe0fccdcc5cdc7f8d3a54a3b5bc05eeb0c8692650cc

                            SHA512

                            a48cc51af82001787b198b0660331d22492bad9f096ab061cfa54cba9fc8884ce09543df815e51780df2e84332e833a47e213b9c57f8af6e8edf2e4c55f21ecf

                          • /data/data/com.libin.wealth/databases/accs.db-wal

                            Filesize

                            32KB

                            MD5

                            71bc7ae2d00b5541faa07ead60e29ebf

                            SHA1

                            74034f67128bf221b6696a249b1dd67369016390

                            SHA256

                            d6f8e649bc1b5f6865b9055d4d45f9319776900ae530abeb244cfe6b2ea9fe97

                            SHA512

                            c5600666a7f18e1607fcf77f6e421e3ff700dfe962d7d525e3ee988c4b408b5d29b0e2c853487a1850b0fbc52a8326829e26635c6880502743143a043aa5f245

                          • /data/data/com.libin.wealth/databases/ua.db

                            Filesize

                            36KB

                            MD5

                            0adda9c85a5e4808f5b1b74c0a8591a5

                            SHA1

                            5048107883ab1e345af9cf2e6849ce46e0e612bf

                            SHA256

                            1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1

                            SHA512

                            646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

                          • /data/data/com.libin.wealth/databases/ua.db

                            Filesize

                            24KB

                            MD5

                            1f3f50d977dd32865f07b816a3c53644

                            SHA1

                            c741a0deb7c11ead19e5aa385305d4455daa4489

                            SHA256

                            82c5576e4ccaa74408acaa410b17543e011be51beaee1ca22dc0eaa88fae7efe

                            SHA512

                            2b31d07f66b3fce344822cd880f5b0bee295ee0f00dd97a8d84627d1452a7eaafc146c469231bce5c5fcb0704cf279d4828424cfa0ed048bf10f5bcd15292e37

                          • /data/data/com.libin.wealth/databases/ua.db

                            Filesize

                            16KB

                            MD5

                            8dbab6d779ff78ba834f4c765c711202

                            SHA1

                            867fd7bfa0506d58061102209e7aa7c0c572f20c

                            SHA256

                            5a33bf3023be4aa2254806c58998ea6f60a0f4e3d9a4861c2c5dcc2b7e6eb34f

                            SHA512

                            8cd51e67e5d7f73244e36b879b06e2e4f3e17c70c6c60fec6087359f60e2b53e12af7f5ceab19c25951203e3bcb4e643b196e454e29074737cd1f2e5ca7b7f25

                          • /data/data/com.libin.wealth/databases/ua.db

                            Filesize

                            16KB

                            MD5

                            bd2f87b4a31ca52903420f10a0c89950

                            SHA1

                            24c80606913237d7a686f880d45f517803b9f591

                            SHA256

                            3416dcad7c83896d2f83c5f5a0f96f3cb698cf7081fb767967ff7f97bb31d525

                            SHA512

                            3e55130e89e37ab262ebf83288369241fad3ecd2ab7ed600e030aa285b78cf8dc7e73ca05695d3e43e7c06ced1d5d0996b212bb5cd78a642c3f24f1a4c4b0e6f

                          • /data/data/com.libin.wealth/databases/ua.db-journal

                            Filesize

                            512B

                            MD5

                            6ab4120ae96154001233cd360af23acc

                            SHA1

                            e93d01680b7cdc5a8ddd141e60e24dce30e1109e

                            SHA256

                            cb8bbd00ff9ddcd10465e7a58351321b42a18346bc19e15ea2c4cc2f9301ce2c

                            SHA512

                            35cb38d1ade4c133167f758e1207b26f6e3c3ab1d5f13695a28b818b3241e7c80c89ab3efa837c4bd5857b990235d289b6afba5ad29f3569589da51594607dc5

                          • /data/data/com.libin.wealth/databases/ua.db-wal

                            Filesize

                            48KB

                            MD5

                            e192fc5b20b21cfcbd47efd9dc0a28d3

                            SHA1

                            0f046f50b8aa77c4a4fe18a62a05f5f664598634

                            SHA256

                            21225a3fd34ee2ac3eaf5eb28842c1ee84e459c30a0fd1d3ea2592a3be171ee7

                            SHA512

                            b4548e6cbeb8080ee4987be97208bcf35badc712bc334cf6fe88f50c810c73e0d79dabc67ca2d01a3a48a5f2e75d67b410b73cc712550498bdf226418f22c0fe

                          • /data/data/com.libin.wealth/databases/ua.db-wal

                            Filesize

                            12KB

                            MD5

                            c7250fe08335d2a3923be4655a6a2386

                            SHA1

                            1823454e252d8b131dfb65ad209068e8dae116c3

                            SHA256

                            d3b2b6bcce94a09535662cf595d86d77832aa933b42473e28f6ad1e179543890

                            SHA512

                            03fa48f810fa2bf5541d455c0c5e3368ce3a39fa02749ec8781067bca5a8dd1670439bd4018f437ecb192eb817e598b7892a0bf191922105d7b00daca3390cfe

                          • /data/data/com.libin.wealth/databases/ua.db-wal

                            Filesize

                            4KB

                            MD5

                            2fe9fc4c2d40d2f4eff571fbfeac27d5

                            SHA1

                            09f888f4efc7c82178698d1a55acd6b836c965e2

                            SHA256

                            053d28431f1c01a31b35a0d753c8b51f416fd53411a11328de0b5cb0fb24f478

                            SHA512

                            0945612f3113c70cd751fefe86701a572c963ba5991b88e2b5c9fe1e5c9efa96cff57e02d158a646091a6843fdf48d56bb28f60e08f9b448f3502affe9838f90

                          • /data/data/com.libin.wealth/databases/ua.db-wal

                            Filesize

                            4KB

                            MD5

                            16981040aba86837d38328f12c624ef2

                            SHA1

                            e194cf9863078dfba28d8136a1d9ce77fa049bef

                            SHA256

                            79c69642d46c0ab41714db57e63cfe5d84223dd805fbe0e1e7610a85d26e8e51

                            SHA512

                            d184471852f091ea8f59fbe2cbeda7c17227808b050ccc237c4ccfc3a8d9d99a5fc6c15b03427f717a1549c8df91a3d63f1379f9c008b227e8781567770bde3d

                          • /data/data/com.libin.wealth/files/.envelope/a==7.5.3&&3.2.2_1730611629139_envelope.log

                            Filesize

                            1KB

                            MD5

                            98b7184e3428575b7b68559b5391de1a

                            SHA1

                            d105c769a1e4eb5f2c62165dd0658758f09efa74

                            SHA256

                            134edf5b5370563eefb37ef2faa543fef355b81eee2b66f9b2d758ecffd440b3

                            SHA512

                            e76213c7391832669c91cd3e6c0aa3afceafa96f4b2cff50160ff1953957a784d06500a066193778261387f9fa643a488c7e15cb48b7cbd37fe67d2b0d710753

                          • /data/data/com.libin.wealth/files/.envelope/i==1.2.0&&3.2.2_1730611655849_envelope.log

                            Filesize

                            2KB

                            MD5

                            db8ccb13707c0097ac9f780f75292f5b

                            SHA1

                            4785e986612b514cb605cdc6c1e583a12ca4c5e9

                            SHA256

                            e1bff0cf770a97d801dbba6941adb97fa94e42fdf6346fddc572e4f983d83b74

                            SHA512

                            12413a5171fe9f19452ca9cd69ae761e343dc39e016f8b03f19f77f9ffe3534d14f7616bcfe2f0e478e87ef4f57f7d873a012bb3eb945d26730a826cefee85a2

                          • /data/data/com.libin.wealth/files/.jglogs/.jg.ac

                            Filesize

                            213B

                            MD5

                            a871e9ae9c77a674a33fbf254cf4cef9

                            SHA1

                            8084795e0474ba518adbdc488d53c4fc754b502f

                            SHA256

                            5d0ac44be7b5f99d33f6cb4f60401b09941f9d5efa61e14896736fc1dfd89869

                            SHA512

                            27daa792430d468f4cb0c3e567724610cc7a692d8c6f239be62cf356c0fe33a112cc50127c74dc89968f7822d63d50d4d42c3a806be42b4f26158c92676c2152

                          • /data/data/com.libin.wealth/files/.jglogs/.jg.ac

                            Filesize

                            40B

                            MD5

                            9698ddc962b2f11c875161e6ba974a9f

                            SHA1

                            fb7d596788d38fd1e348c165c750ad448484d224

                            SHA256

                            a57f2c6a5987e4b37334761ef24dbc18a3df9f374f244e39f61054cd2e74ebd3

                            SHA512

                            281d7544d1e3e376ea6d1760ef8e3055985c11b0d4c64e554df63554db7521791d4b1744be5db28f0603100bc77880f12125fbc22aab350d98cd62d11959e235

                          • /data/data/com.libin.wealth/files/.jglogs/.jg.di

                            Filesize

                            340B

                            MD5

                            97312726f7a5c912b7edcf1c2bb9600f

                            SHA1

                            7c132fa0c8162c7080dfeda76b2381caab3ed547

                            SHA256

                            687403a874ae8d19897ec628f569d945f090437381ea469f892da8a3060e1ded

                            SHA512

                            d964ede826ba943982ff200b1b65f0c28d643dde6a56e9547a803d010c8e8934978c25d36e08412cd07913bfb71bc878b86403c915802220add7f5d52e154ed6

                          • /data/data/com.libin.wealth/files/.jglogs/.jg.di

                            Filesize

                            340B

                            MD5

                            bff46f92471f100918f4703ddd14c329

                            SHA1

                            0dda74d026f1225f6fb19411bd0c83d2a0be06a6

                            SHA256

                            433935f8a45bb1d2f481386d1f05d4b7694f26b960af30ade54fdef3640df424

                            SHA512

                            3d9ba101b474fb468892019ed60251b865aa395075ea224f96cdd06fa3f9a6e1daefd7f8ab0178dc0cb35aea1a4017b6fd0bc2e578a2cbcd7f5a8bdcd20310f0

                          • /data/data/com.libin.wealth/files/.jglogs/.jg.ic

                            Filesize

                            40B

                            MD5

                            9f163e36cd5e0106857b9ddb1282cb92

                            SHA1

                            f39c2c8a114a57998108bca2c3e189fe3b91757d

                            SHA256

                            a5ca9dc8a5ffe57d283aa128b9386e05e68d88750f4e6df7ea6e0b5f5d3ae1e1

                            SHA512

                            88cd97f1cff10964ec877816469a89f431e823db2032f3a92c401fce7409dc2d97fc9884beaece982f76883b9cd840eee865f2be27b2ceb3af5b5b5428cbcb5c

                          • /data/data/com.libin.wealth/files/.jglogs/.jg.ri

                            Filesize

                            66KB

                            MD5

                            acbf2728f2cd2b1c30f0b6c0722ea701

                            SHA1

                            18aa099ecdc1962931055b7d152611b873e6d970

                            SHA256

                            3411ee8ca2bb4374ee38b2037e1d7f5e4464d3540d3f27c46a015a6029b9db03

                            SHA512

                            5d8b7cb1664e554bf58c380546c1ba646049ffabd69b69680a584c20c39d998dfde57b5eaadfe1739a0aacf6c91b295c14f28dea880c8e9069dd80dfd5dee5e4

                          • /data/data/com.libin.wealth/files/.jiagu.lock

                            Filesize

                            167B

                            MD5

                            0dabf926bb9007448d68e011420a6676

                            SHA1

                            cd99a9db1222555c21f87cf1bcbd462b38dce129

                            SHA256

                            75e6ed82ecb9d5ec0aa6fa9a4314ab9dca5cd3e7773955d1abc6228a8231790c

                            SHA512

                            77cae6fc3ef6f230c29e7e3840157b80351870538b719cc693f2fb2cd90e31fc6c461f376057518f55e923bbf81dbc6ff0ed6c407b0bffb156d7b3076a8e4ac7

                          • /data/data/com.libin.wealth/files/.umeng/exchangeIdentity.json

                            Filesize

                            162B

                            MD5

                            4ecd7d98ce9512fd307bca03d6633867

                            SHA1

                            d561116ee2c2e98a2e9aab40584f02c0883a14b4

                            SHA256

                            5e1850218a094926844859bbb08690a714c3e383c1a51f9ff43b140ff29570b9

                            SHA512

                            689f5283c276f6ccdf014c61d67224e868bd4fe2ab13005a2cdd2d9dce940cd55c5a1c80ae94ad4c700d10ec98ce3e26a56b484077864c0e126b5445a5f03245

                          • /data/data/com.libin.wealth/files/exid.dat

                            Filesize

                            55B

                            MD5

                            abf5f23e3c9ac7aa191c656a77f7df46

                            SHA1

                            18f0441acc49ea329e69e121ac951e78a4eb96b7

                            SHA256

                            6ee980e67f131dc38e3b0ceee59a6fa905844156b25dc14badddf3b6d97263ed

                            SHA512

                            c6c7123c1b271046348a57a535e56ff3a7adaedfe40f1c2bc79e78cc47df25e48f274f85352f29f02882ef7228c5c0d43ba31876d98aa81f85940ec85b5ee967

                          • /data/data/com.libin.wealth/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzMwNjExNjU0NzI2

                            Filesize

                            1KB

                            MD5

                            2dc92cdaf7bb2bee8286b7173bd83583

                            SHA1

                            a5b200dab264f651f3dc5727a9f34e1fd393d2c2

                            SHA256

                            28bfe85829b883e2156afbcd68bc81bb7aebf88b77668c7597ac6bac65dfcbdd

                            SHA512

                            ca269411afeeaac7fe038e328d0fc8e1b7f22601eb48f30e9ddbeca945980fe5e51333992550b8ec9b6551bea15cd39a2867ac56c0121343ee0367c4e3e63419

                          • /data/data/com.libin.wealth/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzMwNjExNjg1MjQ1

                            Filesize

                            1KB

                            MD5

                            0168395df7cfa11d766b54cf50637919

                            SHA1

                            0b9bfa199a89a375f2b263e517d592888dd65507

                            SHA256

                            3366618825dcbc67b5e8e43f746a268c7735bfa20e40b43530cf0ae8d6961ab2

                            SHA512

                            77b1aebbf845322ac6fe40be48eeafcdc1f56ba242f097c92d0a703009278dfb0dcb1a92b7ce07c00bb06e50cf867dd536243bde7c042325a79d7d7e5616fb26

                          • /data/data/com.libin.wealth/files/umeng_it.cache

                            Filesize

                            498B

                            MD5

                            918cba12e1a21298740d4b41a2458518

                            SHA1

                            1058d0e682df3943b90fa02e861266caa2f20fab

                            SHA256

                            5331de0f34327a9b0ffcbae652a13152d229ed8b0c31b5d3f2d78a9763c6807a

                            SHA512

                            f8f2c5e3f3b424a870c6461afb5941a1163601325906b066fa58f4997e2d7ed3027aa6082891341ccc228e69bbdecc1b45382e3fc965748f10663985f7782f88

                          • /data/data/com.libin.wealth/lib-main/dso_deps

                            Filesize

                            280B

                            MD5

                            0d72aca83fab2508a416cdbeafa1af5f

                            SHA1

                            e24f2b1a720aa97cfb62e1102261b695b53150a6

                            SHA256

                            a45a836711a0165ff51955b58471b0119f23ead5365c319af46c41fbc2531121

                            SHA512

                            0785c25832c26ee7f55b2f87ba4607a48e470aa8636e26099a048a5f15a628c9bbd2293b5412343f4aafb1d51fc71bd937629cb1d04a95d3b3565ed9bbb9f792

                          • /data/data/com.libin.wealth/lib-main/dso_manifest

                            Filesize

                            5B

                            MD5

                            c06857e9ea338f3f3a24bb78f8fbdf6f

                            SHA1

                            c5a0a2529d2deb60fec041b4fbd722a2ebe31702

                            SHA256

                            957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

                            SHA512

                            29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

                          • /data/data/com.libin.wealth/lib-main/dso_state

                            Filesize

                            1B

                            MD5

                            93b885adfe0da089cdf634904fd59f71

                            SHA1

                            5ba93c9db0cff93f52b521d7420e43f6eda2784f

                            SHA256

                            6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

                            SHA512

                            b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

                          • /data/data/com.libin.wealth/lib-main/dso_state

                            Filesize

                            1B

                            MD5

                            55a54008ad1ba589aa210d2629c1df41

                            SHA1

                            bf8b4530d8d246dd74ac53a13471bba17941dff7

                            SHA256

                            4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

                            SHA512

                            7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

                          • /storage/emulated/0/.DataStorage/ContextData.xml

                            Filesize

                            111B

                            MD5

                            bec2fd69727290629c40a0a939bd2abe

                            SHA1

                            5236104865cd73af001cceb48c48cdb3216b9524

                            SHA256

                            6ec93da0f97d7d0eebcff1d805cddc1a23f8978d2f83089ed5e1fae359bff1b3

                            SHA512

                            a985cca670baf4165a8f52df2ae84e3bf507b7a6974260aac8bd598290e0c0ceef8e77238c31ca73cf258ada18ec62fb6a29b22bb0efa3bcc4e95c2cb6a64849

                          • /storage/emulated/0/.DataStorage/ContextData.xml

                            Filesize

                            213B

                            MD5

                            7579f1c4f0fb389a6e3c0077ed76c3e0

                            SHA1

                            a78f60ed31d3be1bc65a27516b1fce947afa0e3b

                            SHA256

                            b5b20df8de4d41ce34e25f3f36feff82c1cee09184865e5c8c142e3031530077

                            SHA512

                            0203a6faf9323414ccecf30de711dbc3f1db4dffdefc272b47f393ca74024d76df7b4ace87e163f498d99cd08cdaeac4e7a54812a898245473bf555872ed94a5

                          • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

                            Filesize

                            65B

                            MD5

                            9781ca003f10f8d0c9c1945b63fdca7f

                            SHA1

                            4156cf5dc8d71dbab734d25e5e1598b37a5456f4

                            SHA256

                            3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

                            SHA512

                            25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

                          • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

                            Filesize

                            111B

                            MD5

                            ddc57b9b63dd98e892390e75697fa1f4

                            SHA1

                            7d1253be84403b13c2b9c5b27e9dd48377ad3127

                            SHA256

                            8072e4bb3352e9668dd305f468ad6b784cdb32553e7ac870b3d63c9699f1114f

                            SHA512

                            c1d5a77178289a91a3f5c285dceb59188070099da2a705b88497e4be0d19a7476ca38eb846af6fae2d3e983084d0e6425ad848829792c38f9cabe0e0e243bbfd

                          • /storage/emulated/0/360/.deviceId

                            Filesize

                            512B

                            MD5

                            5f3482ce029f39afd31d10c5ae9172eb

                            SHA1

                            5da99b586f09827b9828675c6f46cb482b6372c9

                            SHA256

                            aa04a29f4f745988799524faaa6668f6d9be9432b91ebab06b34fcd35a2a31c9

                            SHA512

                            974d92eb64f6f82315a82db96e2657f18c7375544b512f3a9b224a1248cd75193efe5a15ac88f8dbf3634bdd92361c0c27dee64bd21e07cd499576b90df06f33

                          • /storage/emulated/0/360/.iddata

                            Filesize

                            36KB

                            MD5

                            486e2bac2b3e9e1cb411d2838a4854bd

                            SHA1

                            81dd0a7537f4af319b830ae834908986be85da8b

                            SHA256

                            5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

                            SHA512

                            c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

                          • /storage/emulated/0/Android/data/com.libin.wealth/cache/373550dd99ea412cac48e757569381a8

                            Filesize

                            1KB

                            MD5

                            4013f922d6e2b5127df7532c533abfa3

                            SHA1

                            d2c113e1b1527a8525d50ac571499d2cfb04eb1e

                            SHA256

                            8592bbbcb58d5d04cd7358acbda5fe0488fcb60a101ca6a36e9f7f0f2f0ec00e

                            SHA512

                            99103ad0ed45dceae56810e570ffc612d69a7713fbd85208301fdd0cca77dcb12e4d61699b9431836e6cc239375eb22d5499fcd16802e60d2ac0c49c168709d4

                          • /storage/emulated/0/Android/data/com.libin.wealth/cache/9cb50bf92ac044d882ae0fa6d8158211

                            Filesize

                            4KB

                            MD5

                            79aeabdb8c5a444cf36f9f759d358bb0

                            SHA1

                            fd79795fc305cdfd112af9072dc27aeda82b99d1

                            SHA256

                            ecfc53ea43bb4a0a68290291ef740278532fda97aaf3b140d37c6faa968aa223

                            SHA512

                            b56f5dc4218fc39391ba889402f233bfca748f5147c102baf1b335ee67ed41166cf65e9f0dc2ac8e8261e045b8f4320cd37c578c7425c2b920d53fe975f808a4

                          • /storage/emulated/0/Android/data/com.libin.wealth/files/tnetlogs/inapp_20241103.log

                            Filesize

                            62KB

                            MD5

                            7d417cc489b7ac2505ffaf218424bcf1

                            SHA1

                            678f1e6a9c8252da4f640694f70a551e8d33a18a

                            SHA256

                            be6049355cf51df3a2a0564c1085e68b8c5fc70b27a053fad81fbc0d266b156b

                            SHA512

                            61a82cc04a57f6d5ac4abcd4e9f3f58e9a34fe7c08de8e1afb73d28b241eaba715602f96a5ade66064914e5134c0a71bb1cba51692a205e063d3820d935dcda7