Malware Analysis Report

2025-08-05 19:17

Sample ID 240513-mtqslabg94
Target 3f19ee89ec89b348c4170cdded2308ca_JaffaCakes118
SHA256 1744de2c38bdb5b4f93b4b33d17c95af63f765593c3daaf3f3453cfabf2d027a
Tags
discovery evasion impact persistence collection
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1744de2c38bdb5b4f93b4b33d17c95af63f765593c3daaf3f3453cfabf2d027a

Threat Level: Shows suspicious behavior

The file 3f19ee89ec89b348c4170cdded2308ca_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence collection

Loads dropped Dex/Jar

Checks memory information

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Makes use of the framework's foreground persistence service

Checks CPU information

Queries account information for other applications stored on the device

Queries information about the current nearby Wi-Fi networks

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Checks if the internet connection is available

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-13 10:45

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-13 10:45

Reported

2024-05-13 10:48

Platform

android-x86-arm-20240506-en

Max time kernel

16s

Max time network

148s

Command Line

com.jdtz666.taoke

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.jdtz666.taoke/.jiagu/classes.dex N/A N/A
N/A /data/data/com.jdtz666.taoke/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.jdtz666.taoke/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.jdtz666.taoke/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.jdtz666.taoke/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.jdtz666.taoke/.jiagu/classes.dex N/A N/A
N/A /data/data/com.jdtz666.taoke/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.jdtz666.taoke/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.jdtz666.taoke/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.jdtz666.taoke

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jdtz666.taoke/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.jdtz666.taoke/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.jdtz666.taoke:pushservice

Network

Country Destination Domain Proto
GB 172.217.169.35:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 api.jdtz666.com udp
HK 45.207.80.109:80 api.jdtz666.com tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.68:443 plbslog.umeng.com tcp
HK 45.207.80.109:80 api.jdtz666.com tcp
US 1.1.1.1:53 register.xmpush.xiaomi.com udp
NL 20.47.97.231:443 register.xmpush.xiaomi.com tcp
HK 45.207.80.109:80 api.jdtz666.com tcp
CN 59.82.29.162:443 log.umsns.com tcp
CN 36.156.202.68:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.177:443 ulogs.umeng.com tcp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
CN 59.82.112.112:443 log.umsns.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp

Files

/data/data/com.jdtz666.taoke/.jiagu/libjiagu.so

MD5 d280346c134f75655acd484c75745d6b
SHA1 7d1ea0d71824ce214d4769981ed68b0ef86f1b0b
SHA256 344f4d98accbf8ad8a3ab052a649231f9ff1c9e7324374a6ec79d9de89dd9b55
SHA512 11ce3fc3f1a52900f140813a5362cc9bf4b9954139c3447a61fbc6c35c8eb75e454feaffdc043e999a167fb21bfe0ffeedb6b71359a5fe0867dcc44c7e14d16b

/data/data/com.jdtz666.taoke/.jiagu/classes.dex

MD5 733c5237b78da7f7cb6469b2372c771e
SHA1 39bda131c900dc8b68e0e8ffad84bf74a0a6eaf1
SHA256 d7c97a16dc1eaaa1256a5e68eb2d788c285284a4c9ce5b05f136dc44c52a03a5
SHA512 43dafc5e62e3a3b604686ab78c129672bd49be750825c50d7ce54884fc095624786fa306e1be9cc53eade695ee865ff8d11b69b042f032fa3c8327ff615ba4e5

/data/data/com.jdtz666.taoke/.jiagu/classes.dex!classes2.dex

MD5 0a678d9009cc5a4b1dc6024b3933bfe7
SHA1 a3efe031bda5e4148e4e9f2dfa44c2602c7388eb
SHA256 5e82c13a3d82ef5b5c6dc90232e78b5f342715c4babef3c3df8ca9639e5813cd
SHA512 5af5c6225e7a739bc0012bb2180882ff1fbb0ebedb260d251366d0fc91e98b3cfa3459f430f0ccc13ba3e722a2c4df03c56e273d95561f5967fa29965cfeaffc

/data/data/com.jdtz666.taoke/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.ri

MD5 9d71a72018c10bc99db9f380de18f315
SHA1 14478d04d45bfbabdf3831874e5d5b73facc0e15
SHA256 776fbbc038f0ff87fcb0b8eb83e10d34d8dcb81a5efb08d5205696093dc4f4a4
SHA512 a50b581203930d9b04043ed7612d95e31500bfe7f90b3eee221db75def91086418d244cb1c9db18a44dc8e7611a9b08f74546ef63a9d41b9dfb8c716bcab9b8b

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_cf

MD5 1deb6b895a2280f63ea2f3783f0a5ebd
SHA1 c01eee51a200d2007d3972b551e2515fc8f96d95
SHA256 c14b81f1de9ea7414f9ab576df19d63c1d4f22750ab37f0800a7a0ee6a15a70d
SHA512 269affd56d83a323141c44f786128a60d501d4e0ede0c4b7d9b5757a2e40851872c801dc1355c62c0607b95b1e42e2bf0b824d0230e1455655d1bb020c6a45e4

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_pid

MD5 0e5aa38b9d1e87801609c0987e584e13
SHA1 98442a3e1deafe472be4fb3ebd166d06afba31a2
SHA256 daa1420495f69e6d64b68ec04db62fcfdb80b176e87e24b0bdb409cbfd7af4ce
SHA512 90762b6e1f81bd6df0286334afed2b6394f189d9532be5ef0627f0daa7e6397d303844e7fe575b71d06ee1fa172b068c1246cb813727ebe6123eb18187d08a4d

/data/data/com.jdtz666.taoke/databases/xUtils.db-journal

MD5 09e60f639d7bf09d9bf2d4c334fca02c
SHA1 574b84fbc4b5f9f4dd1ad684fe32ca7e79bc2810
SHA256 7ece96500bfca8fe7f3833b67aca418b1b3bbe7a14b2797f807fb674b61490ef
SHA512 08027451292e19979a768dd6039137f664c3b75b8c85f37eb8c47d9a07fa784ae3b8b51e164d86951d4f5f7a2dd7eba8cd316a8d0745ccc6f3205fb6e7648c59

/data/data/com.jdtz666.taoke/databases/xUtils.db

MD5 6bfeb758277a744ad671d013eefa8572
SHA1 e5a9eede9079860b63d71f80db72c8f74e4259c6
SHA256 e0251f3c5dda03535638ddb761286dd8a86700d094168e3aea24c3f4705c3a14
SHA512 a2d4fde4a3903920ee7397d42a7a7fb6f7f6a763bc49619d432b48179406b082eb676bba3c87c6b4ed0bfd51cf199da85e57afc72ffbcf857c4cad158c481768

/data/data/com.jdtz666.taoke/databases/xUtils.db-wal

MD5 986b353ad629b177d5a0be66d9712153
SHA1 562f957c0ecbd452df60f70e58d1c9d1c14ec74b
SHA256 e6ad624a93a041a6b2d36e4f1abac3c4e53ae650ac71c8b9cc7c7215a211819a
SHA512 5b1e0cd27d2210c516fef241982ddad81dcefd44fd348fa14e085cc43b9fd3db700f719cd4a3af7993af1f4fbe1e085ca54ea51853617efb6e7db2630899294b

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_cf

MD5 58b23c83e46055e3b9e40255ef2a6173
SHA1 1973f11d9c96abfd2c64d569101dbec0ae632e90
SHA256 a01b8cef326a94936dc5df140f57865d185df5b9ab8d52175b05e7eb7696fd48
SHA512 a4b2e362397b2b5f2103725659009ff4172cfefe28d29e074db854101c249ac074a60049676130262f28584a2c0ac0cdfa42170d29d5c582e465493817304b52

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.ri

MD5 956c018ed3f42fb2feaf52baede905eb
SHA1 f5a3d9160108b131a4dd059b18c66c160f4285ab
SHA256 ae10a0cd4bf2f9ded0d1f9724d57c8b44ad40d166a621ff2cffc0ac5e42b7c16
SHA512 dbdef375d7313f0095a69691278eb5c6b330c56b1f3fc3ac6ef23b94cf2d067692c6ccb62fad730a2e7c2a19e09efdfd5630e9519847e136afe3b16d1f831378

/data/data/com.jdtz666.taoke/files/.jiagu.lock

MD5 3729a704647aed292b49ddeee824b1f5
SHA1 ab67ccb28cf5b6d604f4868c3013e3529e9f25dc
SHA256 ac96445a7064fba360b3f0bcf6a4d931e06df060d32b939549c3d9b9905e90e8
SHA512 b9420774bf90e426b3d4ef5a82af3b586c8b4a3434ad7877b4acdd1468aa6660fffb67dc1770062be79221ab68820877eb3ae8534eb1e99e74645b9589c30ecb

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.rd

MD5 72f603141a5a1129905d9e6dd8a8315b
SHA1 91d7d7bab760d7833786ff394021884e3110ad4e
SHA256 8041a6e2c5a0fc5372201a2fc569527f7beeb8fdbbee7a730978ef6e72861086
SHA512 6badb0f8ff86208c63de9406ea41ca1b513dbe6a956bcf68d5110b26c9ecab49282f64074231ab2a61c248dff644f376528188eba39079949932517fb35e45d6

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_pid

MD5 30c68ff29af8ff834aed49b3bc31ab88
SHA1 2075242f6297e7062d4c5cdc77ea04eeba738280
SHA256 bf8ff8296cd9b5c6f440bc8da167627b31bc633c6f3f7cbb5b49dbd6186e775e
SHA512 2c39555c9069d146adb9b0b15702f71d48687730a9664af8e704c40aa4b79f4067578cffb0c81eff6b3b8fbdddf11194c8b509f0898a3d69806cfa06f34f959f

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.ac

MD5 af5dd0718f287246fabba00a5765f4c1
SHA1 0f32d9d4a820cc593ecd33c4b102ab10b268c096
SHA256 b1a32b5b4f42125cca581ee104320803a4405197664467e489c5423168797158
SHA512 0df03c9017fd80b780e43f79a4268b879f8490951879c7190b71c5bbd70b75b8deaafa10c65dec3f91be999ad89f295ec067f89b2ad8718acbb4c6a4e5efc00c

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.ic

MD5 090afa7aa165a780d54829a7fcc52ff3
SHA1 94f6e2ed6da0fe24e31bf5e18be3a5d86d3b5901
SHA256 9a1e7b2964cb632030a46567a7593fa052019f92ae26564e306f7cd403f8b940
SHA512 fcead93d457f784c05d39999e4ffed5ea8e584dca26fd1d089a008df3b1ffea4a45a16b963d2d08a1d35fdcf99af5d3e20fd6b456925cc6197b81b8faeef5266

/data/data/com.jdtz666.taoke/databases/xUtils.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-13 10:45

Reported

2024-05-13 10:48

Platform

android-x64-20240506-en

Max time kernel

51s

Max time network

162s

Command Line

com.jdtz666.taoke

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.jdtz666.taoke/.jiagu/classes.dex N/A N/A
N/A /data/data/com.jdtz666.taoke/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.jdtz666.taoke/.jiagu/classes.dex N/A N/A
N/A /data/data/com.jdtz666.taoke/.jiagu/classes.dex!classes2.dex N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccounts N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.jdtz666.taoke

com.jdtz666.taoke:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.jdtz666.com udp
US 1.1.1.1:53 log.umsns.com udp
HK 45.207.80.109:80 api.jdtz666.com tcp
CN 59.82.29.162:443 log.umsns.com tcp
HK 45.207.80.109:80 api.jdtz666.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
HK 45.207.80.109:80 api.jdtz666.com tcp
HK 45.207.80.109:80 api.jdtz666.com tcp
HK 45.207.80.109:80 api.jdtz666.com tcp
HK 45.207.80.109:80 api.jdtz666.com tcp
HK 45.207.80.109:80 api.jdtz666.com tcp
HK 45.207.80.109:80 api.jdtz666.com tcp
HK 45.207.80.109:80 api.jdtz666.com tcp
HK 45.207.80.109:80 api.jdtz666.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.178:443 ulogs.umeng.com tcp
HK 45.207.80.109:80 api.jdtz666.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 register.xmpush.xiaomi.com udp
NL 20.47.97.231:443 register.xmpush.xiaomi.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
GB 142.250.180.14:443 tcp
GB 216.58.201.98:443 tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 ebjvu.cn udp
CN 112.65.70.244:80 ebjvu.cn tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp

Files

/data/data/com.jdtz666.taoke/.jiagu/libjiagu.so

MD5 d280346c134f75655acd484c75745d6b
SHA1 7d1ea0d71824ce214d4769981ed68b0ef86f1b0b
SHA256 344f4d98accbf8ad8a3ab052a649231f9ff1c9e7324374a6ec79d9de89dd9b55
SHA512 11ce3fc3f1a52900f140813a5362cc9bf4b9954139c3447a61fbc6c35c8eb75e454feaffdc043e999a167fb21bfe0ffeedb6b71359a5fe0867dcc44c7e14d16b

/data/data/com.jdtz666.taoke/.jiagu/classes.dex

MD5 733c5237b78da7f7cb6469b2372c771e
SHA1 39bda131c900dc8b68e0e8ffad84bf74a0a6eaf1
SHA256 d7c97a16dc1eaaa1256a5e68eb2d788c285284a4c9ce5b05f136dc44c52a03a5
SHA512 43dafc5e62e3a3b604686ab78c129672bd49be750825c50d7ce54884fc095624786fa306e1be9cc53eade695ee865ff8d11b69b042f032fa3c8327ff615ba4e5

/data/data/com.jdtz666.taoke/.jiagu/classes.dex!classes2.dex

MD5 0a678d9009cc5a4b1dc6024b3933bfe7
SHA1 a3efe031bda5e4148e4e9f2dfa44c2602c7388eb
SHA256 5e82c13a3d82ef5b5c6dc90232e78b5f342715c4babef3c3df8ca9639e5813cd
SHA512 5af5c6225e7a739bc0012bb2180882ff1fbb0ebedb260d251366d0fc91e98b3cfa3459f430f0ccc13ba3e722a2c4df03c56e273d95561f5967fa29965cfeaffc

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.ri

MD5 46818bb9731e2fe506af9372212d1a7d
SHA1 fbf248e26aa1c9be8f57e500ecd331d782f47d29
SHA256 107e24f561d7be9937fddfe70cbfe1a651a0ff6141ea1240965cacb54fe24159
SHA512 dfe1e0294a7c0c8abea79378f0403a87021153c8ed7e38841d9c8a3700aac2388b643fade8141fc6d106229863d3e74c5f04a8205306c823c9d788d9da9a1334

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_cf

MD5 9c46e6657bb393e213e236925a9c4974
SHA1 9f7c02df06135ef05f9871660a142b8d9d5d2b5f
SHA256 f74084334e902fafaf3de70f03c6a8243888d25c9b4c22210bd2b3bce78f91e7
SHA512 29b0a7cb03848ee971eb2a3b301eed6b7b37312872b97f1f7a35dec06d4e4999038694f8a8324a3e2059a75617080bc623828cf937b46495dae5feaabf618a28

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_pid

MD5 cfab1313b6bc4be5c38f024fba1d7195
SHA1 bd3988e3c05d66889d311e06cd577c05a88a4cb6
SHA256 bb849c39f9a2c72b4b34520ff09d1eef151a053e7c9b3874ca80e8d378a12b9c
SHA512 60394e4bb665c2c629bd5ba938858e896355de7850f958b9d9a1bb9beae3b17b281e937cf8868ae252f6dcc46d10985ffe00d2b7bd3adc8a3c30c2052db52099

/data/data/com.jdtz666.taoke/databases/xUtils.db-journal

MD5 3b1b33652791516f4eb66944d9b29d75
SHA1 b558fe414edd66fd59d3da7c3376cad51b4dd3eb
SHA256 c13c7b2d84108a993dc5217bdf19ac8322b8b2c61fbce11227e9f4545830b990
SHA512 2f1cbbbab8cc28614dafcca954f48c53ff061b921fba5c7c9d0837837c9d7c6ef8e2c476bf98a71d1f67fabd962e53607e49f5c7b6ef778ec28b06db7cdfc60c

/data/data/com.jdtz666.taoke/databases/xUtils.db

MD5 23361699380c337bacd078593caf2f13
SHA1 d97be8fdb49efd79514111ba48762218e0311504
SHA256 8cb1e74c80f6350f47204947dc2316a4ea193a14944ea404fe83bbe71132712c
SHA512 eaa313c60cf07b5c15e3cf8eddf3dfb24885465a3d0add7b31b8ef389e4995c91e6f180b3843d4d16b0eded02102adcf2405e9c828a009dd915d4a194784002b

/data/data/com.jdtz666.taoke/databases/xUtils.db-journal

MD5 97304c1c87f8f22a5efaa3cb0849d33f
SHA1 f1dfd43325880556b53d0956d868475254e2f286
SHA256 5598f314a91897f417187c4bf8c361445f009ad0570af0cffef5685e0a8c48e9
SHA512 9ee31089edf283b861632644b0b0b240fa983cb4839e942ac0ee89a19aedb2257a45ddaceb679e567032e231928351a2a19d404d3573d94972eb0022d66dd0f0

/data/data/com.jdtz666.taoke/databases/xUtils.db-journal

MD5 c911ea4fed10eea1cc6ee37c464e59d6
SHA1 975b2cbca9150f958212d4c44134b09314a2600a
SHA256 d1261bc8b858e1f618b985cec5d39195c7bb0131e63abeb85a5f8c1a830568c9
SHA512 822cd35fdc85a2ee5ae9a598751e41ec864aff5edf4cf85ab7a95869176cbeeab44793aa93c3490ce808f1a92f5b33c46d295e4937db6a74aa9a997345542f50

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_cf

MD5 58b23c83e46055e3b9e40255ef2a6173
SHA1 1973f11d9c96abfd2c64d569101dbec0ae632e90
SHA256 a01b8cef326a94936dc5df140f57865d185df5b9ab8d52175b05e7eb7696fd48
SHA512 a4b2e362397b2b5f2103725659009ff4172cfefe28d29e074db854101c249ac074a60049676130262f28584a2c0ac0cdfa42170d29d5c582e465493817304b52

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.ri

MD5 c90455132937a52c2b29f94feb89df80
SHA1 983bb8493ffdda2c0f48173525f11a3fc65932e3
SHA256 29644cb6b4b00e0cfa5391e0b89a9a4719c175d381fc31739bf94321a6fc1384
SHA512 0f5c3fef313187f0a9119a8100cdbc42905ffe7c8d32b3287acc1d61d92f644f2e7a7e07c5fbe985d874a1d083c7276a83c6255681490b166eb138f98b8a9e57

/data/data/com.jdtz666.taoke/files/.jiagu.lock

MD5 1f386d8e1c468f782a29809700099726
SHA1 346bbf2c9a4eb8d7ebdb3d5d170cc9a71fd84baa
SHA256 16c2282d581970d204a57351a68bdb8fbaa313e6ce5d3e13a33b805bbe21c0f0
SHA512 fe4ae9cbef1f3a4e5575870079b3155f877e99a8362a3f43d1c06dcb1d7307df3a7009241103ded6178fdc32092ad0ec1a32479697c4a8b116897a14cbaa483b

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.rd

MD5 4dde756f71c3a6d93e7439063a492b7c
SHA1 252d062c6ee2326f16d8a7b6ba40f4c48544b7f5
SHA256 207d513472b8181d9e3634006b26fda292cd05ab0b8ae89e351842076cc3f851
SHA512 8514fb2afd1fe4c696e3bb23d83c6b6d45557889d9abef94ab9566f6220ea1fefdb3f10f43e437cf46a87e4479908887d7c025f972e15b10e0989b4006a0e51e

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_pid

MD5 30c68ff29af8ff834aed49b3bc31ab88
SHA1 2075242f6297e7062d4c5cdc77ea04eeba738280
SHA256 bf8ff8296cd9b5c6f440bc8da167627b31bc633c6f3f7cbb5b49dbd6186e775e
SHA512 2c39555c9069d146adb9b0b15702f71d48687730a9664af8e704c40aa4b79f4067578cffb0c81eff6b3b8fbdddf11194c8b509f0898a3d69806cfa06f34f959f

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.pk.h

MD5 7285ae4099c70eafa86aa6cedf0b231b
SHA1 fbd5ad7d744795018341c17789134730c7948306
SHA256 021a27a63a6ffdca53c69464069098069752d681fbea912ab8fa7a7e115e9aa1
SHA512 8697c06095dba9e969b01f0c5caad3952723b3ec4514f06bce134f6dd61b8a2a8d4aafa7284c5ae0ac9539c53ae4018b89016993642dff8ec33b57fb1e02bf15

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.pk

MD5 78763a63f2eb8efbbcb02cd794264aa9
SHA1 d6aff6386722ab06e929bb2302ef6ab56f90ba33
SHA256 b2759e4afe58beea338af5a75c209b92b32d76e81dde3883aafc2de964af1486
SHA512 f1ed41ecae486d22f0170bd7389918d85638bec59b7a1ed0e44f3c50f8a40e3dfafed6163c69fb665ad0e628ba02237e356a7042fdcccc20262326442860841c

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.ac

MD5 af5dd0718f287246fabba00a5765f4c1
SHA1 0f32d9d4a820cc593ecd33c4b102ab10b268c096
SHA256 b1a32b5b4f42125cca581ee104320803a4405197664467e489c5423168797158
SHA512 0df03c9017fd80b780e43f79a4268b879f8490951879c7190b71c5bbd70b75b8deaafa10c65dec3f91be999ad89f295ec067f89b2ad8718acbb4c6a4e5efc00c

/data/data/com.jdtz666.taoke/files/.jglogs/.jg.ic

MD5 090afa7aa165a780d54829a7fcc52ff3
SHA1 94f6e2ed6da0fe24e31bf5e18be3a5d86d3b5901
SHA256 9a1e7b2964cb632030a46567a7593fa052019f92ae26564e306f7cd403f8b940
SHA512 fcead93d457f784c05d39999e4ffed5ea8e584dca26fd1d089a008df3b1ffea4a45a16b963d2d08a1d35fdcf99af5d3e20fd6b456925cc6197b81b8faeef5266

/data/data/com.jdtz666.taoke/files/umeng_it.cache

MD5 7cbe98385b85b54da04bf3acab25cbf1
SHA1 94dfc6cace78c431f31bdd389478b226fe0d668f
SHA256 5004723677ab8b5ec59540d4bd9d2f002f1f6eb5117504e37ce520fbf5ee2b90
SHA512 b7c8e5c3f648e51162be6318ac58606a53511618b74c35af96e38dec585192af1a4bc07b7bf122d5aa5da5023a35b5fc9ff4b49c9bcd67d0fb80c624e884fb96

/data/data/com.jdtz666.taoke/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1NTk3MTY0MjY4

MD5 90c8e3e6083b3f65ae7b360c63672b52
SHA1 c72a657b7709581e716e869cef62409abe3d70d0
SHA256 20d40ccf2efc6787a6048d43cde4a086fd10eeae387796b2010f2814bdc49b59
SHA512 61c1010026f282d577dc8a7fd38b4d2091a1f121e680b5cea8b88e6f63d9e023c51dd9848b55ed3371c0a530d9a0144535ec517ca4de19b7f5c2d5fd0711b9ab

/data/data/com.jdtz666.taoke/files/.umeng/exchangeIdentity.json

MD5 8944564ee3f8f7d64fb774950796874a
SHA1 efc3650e6ff177cd22f7db26319f6da10f76a12d
SHA256 c452d55a5fb8f17f148cc5b32d932509eb0e3342933043cb36d65726e4fec535
SHA512 1dd678d17a45ebf7b14f9dfddc45b5190a68f6d904fce01edd491166da1b8356e40e24e119e7848fab4a05c4b48894c4d58b475fa5bbd5094d5c64c3c9f7fd9d

/data/data/com.jdtz666.taoke/files/exid.dat

MD5 d40448b076f2659fb6316ecf44bdcbeb
SHA1 545ae8b651ad38e82e5718c966b4b9073e05ec5f
SHA256 2ce112aa14c3607e59c88826c8b0bd59cf7b31e6707468a887270ae7b88feb6a
SHA512 05e2e532b47bd0d1a48d95056f82b11b8fa529677ca02fe9125ab2f573ee9228e4ac04163c17324b738643547a15783420772c787ef4e9b1bb953423df4c9c03

/data/data/com.jdtz666.taoke/files/.envelope/i==1.2.0&&1.0.0_1715597168606_envelope.log

MD5 0a5dfc230d7c1d3f59c58854c1a0aaed
SHA1 875133303ad30c5e46c7e02095b91c8146490c6d
SHA256 b7287dee1cfb884b95cb588ee001b60975e0d056211851c9258f329183abdbfe
SHA512 8b7f69d277c1f9920d74a05e1b390d5b75fc661a4cc2205d899deee7473df710dc533391326296270971fa09153106754f37441284cb328a9a8819833d612a3a

/data/data/com.jdtz666.taoke/databases/ua.db-journal

MD5 e003327a027c45723bd9af51eb186039
SHA1 0cdabf8468597049a9ff77ed1c34ede423771867
SHA256 82c45e1cb498b5dd0fd7e8dadc29a8245aeabef33b8345bf1b29c316aed65d88
SHA512 20c0336f7ef60c4a5ec0b1f771e4516f3941fc6c3ab1c60d92ddcdff21efdb8527367359beb3c250d48f40e266817f42d455a146025fed43cdea10e2af248485

/data/data/com.jdtz666.taoke/databases/ua.db

MD5 b7036131b84bdf2b66c67fde18d62308
SHA1 18b1e5a358d68c846495cab5cfef7c6679659093
SHA256 c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295
SHA512 256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067

/data/data/com.jdtz666.taoke/databases/ua.db-journal

MD5 8e36bde0ad9bf4e4d46eb01cdd435047
SHA1 bbbe1a2d1af96af3a930246e66085ae5cde5987e
SHA256 3177fa0010982d0f55d12705d0e5aab01f0a4c49411b9fcb9db2dac514a3646f
SHA512 db9d7a7943367686fd5b16242916566017a7a2a9f319c847c5a99ab40238bdb770bc0a75cf7852863a83532b6e00fb622238987a218a75189cb41c56d260b277

/data/data/com.jdtz666.taoke/databases/ua.db-journal

MD5 292e59da2067db4717d961d89436c6f6
SHA1 1eae82121c6615cfab066ceb0363500e2783c11f
SHA256 d03202b00485609696f122a60b52832bc73e3e52257f3513bde1096bde8f3443
SHA512 240953f7085a80826d9cacd6236e4a9821f79a57bfe65876f574e2e283edcc231f4e26091056ffb96c6988f941b2fb418c1afd0d636d1f358348a8a817d9130b

/data/data/com.jdtz666.taoke/databases/ua.db-journal

MD5 19c46f57d50eb4d7d8db51b1a2266dfa
SHA1 3cc9d1ad68355bd5731efcf606d28fc733b73aa5
SHA256 1afc74adc7f83b8d367b3d1af84e234fb5dd33c1556f71a8b44349d371ab1b2d
SHA512 82e480c154c29f46f8d0e9f618baf60edbfed8004a3ef9bf24c27980ea7f35d270f8a7a4eec5361a2d39921983db1f21bf6cb71abc7a76a962c41bdfa2d1dd91

/data/data/com.jdtz666.taoke/databases/ua.db

MD5 8933ae9d7c0c8e0d5943de1c777c168d
SHA1 276a491c2d33d7933e2beef2a705be2de107f409
SHA256 7d2b56821ba8d64f6e7a26a5cafbc1463ca295a64725f3752da509d85c7f1fdf
SHA512 64b572fabed505da541547c62061a9eb0dc4570b5fee0a2375f94993f45f8b4d94f9e4e0d77d3e0c313b37c113adc5a839f8f3cd605c221978d736019397dd30

/data/data/com.jdtz666.taoke/files/.envelope/a==7.5.0&&1.0.0_1715597172121_envelope.log

MD5 5be72e11c8108507e62cf93c81181b56
SHA1 efcba0f6f1dd8c64aa335b6aff0221de8915973e
SHA256 9007d8116f828740a475680ee73b841517980b0ee55b2524397e94a39ffb6c92
SHA512 1a588d711bd28d1a10f244f3686c75307ef4b62383d80392669c0a12bdc1bec7698f0b58e77fd8799ea7498c27a91ee39d90d3bccb7c2c28f483d858093b546d

/storage/emulated/0/mipush/lcfp

MD5 3f221fa745f536bfeff8527efe801775
SHA1 73a040fa221fbcd7c818be0fa893c0a9f8c36637
SHA256 0f7a1c6ff6263afbc6e151d94c2a064df63326bf1d33337aa162f47d41a121c4
SHA512 c1f1f75277f83daaf79e5dd50fb71d1d913ac024b0a354ad71e26314d5c3d6ea2afa4d6d8f1a96d17e1af8c8441668e1379f70018b1f79426cbf0c745e67a5f5

/data/data/com.jdtz666.taoke/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1NTk3MTk1MDQ4

MD5 4746c9ade4fbd4c3b00e384fcf76a42b
SHA1 fa3a6262248b24ba32136c62c0029e5d718a8ea8
SHA256 83d3ade822cbd6f8bdaac65f90353aaaecfc4cd4e8c81a3cc85fcbb3f22f0b03
SHA512 95783f1ef12245b7a3142fcc7d45fb5ccc16d5611558d8d96108f2965b372a2f8cbd43fdf11feab5f2aa601a1f1749ab93adc90197a8e7ad821d523c883cce0a

/storage/emulated/0/mipush/lcfp

MD5 167060e72de30e3653195d6db55a9fa9
SHA1 3f80aaaf3150472fa7cc72ff68b3ca3588e66caf
SHA256 3548845870322913af5d83fc2bc60918dcd309496df4eb5c69d86477fa04f7b3
SHA512 4ef8f31317cf1fb8ed1250d483d2ca1eb971c90ed6903df85a209f9e5688689974dd4cd51714b4f56baea06903cb99a2444c40545d7dc23b9d733ce77af87683