Malware Analysis Report

2025-08-10 23:54

Sample ID 240517-vvlt2aab55
Target 5098a639e2c6440ce16d385dfd2d80c1_JaffaCakes118
SHA256 ad6d518ef4a67b91f3b9bfe0a20a90fde1868cdc4bfc1fb788c309dd451df9de
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ad6d518ef4a67b91f3b9bfe0a20a90fde1868cdc4bfc1fb788c309dd451df9de

Threat Level: Likely malicious

The file 5098a639e2c6440ce16d385dfd2d80c1_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Requests cell location

Loads dropped Dex/Jar

Queries information about running processes on the device

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current nearby Wi-Fi networks

Queries the phone number (MSISDN for GSM devices)

Checks CPU information

Checks memory information

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Checks if the internet connection is available

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-17 17:18

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 17:18

Reported

2024-05-17 17:21

Platform

android-x86-arm-20240514-en

Max time kernel

159s

Max time network

184s

Command Line

com.tiexue.ms

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.tiexue.ms/.jiagu/classes.dex N/A N/A
N/A /data/data/com.tiexue.ms/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.tiexue.ms/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.tiexue.ms/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.tiexue.ms/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tiexue.ms

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.tiexue.ms/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.tiexue.ms/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

sh -c ps -ef

ps -ef

ls /sys/class/thermal

ls /

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 sec.umeng.com udp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.119.169.82:443 sec.umeng.com tcp
US 1.1.1.1:53 android.junpinzhi.cn udp
US 1.1.1.1:53 android.api.tiexue.net udp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.176:443 ulogs.umeng.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 203.119.169.82:443 sec.umeng.com tcp
CN 203.107.1.100:443 tcp
US 1.1.1.1:53 ez4q2.cn udp
CN 112.65.70.244:80 ez4q2.cn tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 httpdns-sc.aliyuncs.com udp
CN 59.82.29.163:443 log.umsns.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 203.119.169.82:443 sec.umeng.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.60.44:443 log.umsns.com tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp

Files

/data/data/com.tiexue.ms/.jiagu/libjiagu.so

MD5 07e17870c523237a6fc7d65ab7407f8a
SHA1 ce8bf3e219791243a14f55ae497a381038f22b07
SHA256 93250202db3277c9d9874c82f93fd9257da32ef8529a5fe64a384dfdb1ecd0cc
SHA512 3ab015eca0c6f5adbb086d0125e3825152b816fb91626fbbe68c318200fe336e5f15d44f4e71fe818e61626519f9cb8182a3c5ed62add3447e0e7112cb3bc73f

/data/data/com.tiexue.ms/.jiagu/classes.dex

MD5 cde1063807e0f849c8c21e62dea0c9d6
SHA1 87194a340b722983eea2705743d13807ff582d13
SHA256 3ebda0c8dba66247b319d4567171c3181767d68435e332f7e7338f9418b434de
SHA512 e44d9da058dc4d1c952d692d1aa0be1ba62763d59f3f05ed053e7b20dc335a75b39b2c3f3ec3f29097e8d2790667b0334ebcc8e88ef9466376b8615118f50793

/data/data/com.tiexue.ms/.jiagu/classes.dex!classes2.dex

MD5 ffd2c8ebfceaf3422cf1c163645be4fc
SHA1 6f7b4ddee1c0350724795b932ed506a04e7b73c9
SHA256 bb56bc9265d02fa1d27051ed8b54acd5eab895534757eca50a412fc4a83bec5b
SHA512 4e69c39a4684ebb12675d3cbb4fd2f6bc0a05ca6e92067605ca37c4fdd7960c3621b122d567caeec2d5045c7ee409a86cb5a2fc41486477d447c02efb6f272a7

/data/data/com.tiexue.ms/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.tiexue.ms/files/.jglogs/.jg.ri

MD5 403bf3acea22208869b7bb453b1ab7d3
SHA1 301f7c07f97ac5d72eb9e72ffa401580c192f012
SHA256 0837b429df29875dce2554b0d121f5f489713f57df5cc884ddf7938dba380bb5
SHA512 45ea73bc158dd18e1e41dc28ef56be7e7e04fdcac3b9fa54b81b10110709e3e1886a1ef9c3dbb8629839c60cb53f3135679341595af69ab5dbb446f1e538b3ce

/data/data/com.tiexue.ms/files/.jglogs/.jg.ri

MD5 10e6ad201018b07aec67dcdc72f7f4c7
SHA1 c5f36060a0ed6071c1fbf37f9bd7a9de86f3fd56
SHA256 70eceb1dfac5fdcad9353049bfbdb8fbb540ee2ef9e0ec55db573a318a15be67
SHA512 881b21e9f9427804202909b830bca90686b923b7f550bf893c04c114cdd698c040634912b9548146a20185df3f998c159ad2347bcd49d6d116067a55be5e71ed

/data/data/com.tiexue.ms/files/.jiagu.lock

MD5 3cc8f96dc786a9f6d22d96164e21af79
SHA1 d10e6a27c056f4699a0c6acc5d50d633e633d797
SHA256 187bb926507bf9e278c4769ad5305a6df255b9b51e307e02e1940528256e8f9f
SHA512 03222f806dfcd9fac9fcebf5af333fdc29567580ab7de51d99a7db0e03c2e203e628e78bb6151563118a586fa0574218104e37d2787e5697889a5165c679f857

/data/data/com.tiexue.ms/files/.jglogs/.jg.rd

MD5 c2e79ac702fea25042ec6813de1e92c3
SHA1 401674b4351176422ff75d782580af26187d7e45
SHA256 7bc4e4e873cc16fed25b4daf475791f3839876b9f700636006ed51e0f10a6681
SHA512 ea7a4ce359b89a8c24b3d8416c65aff91dc25c73397642e83d4747caef968567260c13bc08eeed09de7c8a08b2bf47a26ddee99fda310d7b63038648afe15498

/data/data/com.tiexue.ms/files/.jglogs/.jg.store.report_pid

MD5 a19ccc2f1150578350ec2b78339af599
SHA1 7a1536aadf432da5ad924fd774ec9a8e5ed910f5
SHA256 681695e90a96732c5efbcd997108d66066adbbefa7a56cdd61f6e604fe87c84e
SHA512 ad88dbf2b348dfc6d25c6a3f15e5b717431243c5b0a63dd227f0b02a68403d11bf1e7abc6e91b24af8990440a5d6a0180e192a77afc99ac1830ecf0fae87fa4d

/data/data/com.tiexue.ms/databases/MessageStore.db-journal

MD5 2e3d84292e6ef6a8d5feab7485709be7
SHA1 9267352ee5ba9584e366d2a46552975d8d9b7c1e
SHA256 ae50d8a38ad0f86ec08f517538fc75214364b123321eec5905bbe9f1fc0e4975
SHA512 1457aff6777c3bd437681e7255e4379fef7861b866287fec73121e6f170bed809c6b955837f5df6c77942ac6e05223ccab14069fcdfcf7a6ebb505b7f507be0f

/data/data/com.tiexue.ms/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tiexue.ms/databases/MessageStore.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tiexue.ms/databases/MessageStore.db-wal

MD5 384d0114778dbd307ba1681718d7d145
SHA1 b06910b7bcf672483d3be42667f7e23de9fd513a
SHA256 6e70202904a53c137468544b0fa2588cb22a4f7bf0ff15eb0a7313fe61dcb626
SHA512 a0379030fef94f961f546e1b6f88fde5794eb2d9133c042c5a47baf853095a669253bdedf89a3c9dcb6683a52af3dbdbc4b12f81fe6081e73696a9e99c37a754

/data/data/com.tiexue.ms/databases/MsgLogStore.db-journal

MD5 746d4c357a772fbc9220d624e1669e52
SHA1 e08ea88725c58f5b02e08e49bf57fe49a93d2a10
SHA256 dc64905a34e00d8ce240b56c5bfd821f169e7c8c850a4f15c72c1b609c8ea210
SHA512 f7ef8245f095dae744dce7b92a02e8ddf75fc7bcb6c165a147450e7f4511f3a207571d7aeae06a43b18b180ea884a96b53dc895a712b76f9e5fbcd41b539af85

/data/data/com.tiexue.ms/databases/MsgLogStore.db-wal

MD5 4e4284496c6b47401cbb8d31d9128c22
SHA1 d30c094e1007a91ea0670d7ffee3d09c886ad095
SHA256 52604fb5429310c2b976a994c069f5857cabd4c8e048da15848f2a231e2d826a
SHA512 8e171c95b01b978f34cc031766086768204b402a9e699b6bd18455d21dcd92b922b171c089efb45491c60c5b184d30d2ba7b81b31fd0e7802a190dc5f137a779

/data/data/com.tiexue.ms/files/.jglogs/.jg.ac

MD5 9c0f48a9d9eef8200c36ac5559f31f2d
SHA1 e34c6ac5aebaf5ea1f985aea010bb73bc3241d3b
SHA256 6d219b405efa980ebaa7b6233ecf9abb02045cfc4a896b3c76bfa034f4c97458
SHA512 060515282e06bf6f5abb1df178e11ec02dd9a371ecab5fa194c305d4e5436732311696d70f38e25e16acdd46c212099e41f59c81ccada555a5fd5523c21896af

/data/data/com.tiexue.ms/files/.jglogs/.jg.ic

MD5 8e32e6f18f323380c17c57a139bb11de
SHA1 0999ef34e91363b0fb81b5266103bcf50096b40a
SHA256 3b4af64bfd8377ff9273774955802e1da6b470314dff500952cce4d42c913357
SHA512 8e2d08a6781f9e9bd5f2f94ccd270a8004340f0ce9d9305e5d02555a9937a6238351e425c5e8f1ad80173fd773190cd90228f0ee4579ab4842e4712d7b3bd3cb

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 77c4ee2f992bd02e4bc8a95aef09e79d
SHA1 a400dd45c5010b566523683017998637b1a7832a
SHA256 256a1433f6e9b2fa25d9f8e83e51580a2acef6c8ceef7f46c871c4bd00f0e22c
SHA512 f1ad73c473c2c40228a5fa98aef25aa87e1a17950f93915bb1aae36e2bbf4f0bf3ffb88319f0260155540924cb3cd501e1841f7e07eacb004094d013357f0667

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 fe8c8ae0b68a65144823a6f0436ff015
SHA1 7a97640b47e3717910633de251c5d4e1bff05fa6
SHA256 8fdfc9bd31e831291f4a1d98565cddf2ee62773ee38397c4c5f99239823cdfc8
SHA512 31c758eed160c9ce1e0586bb3cebd3200573cebfdee84904c7a0679c5fe98fd76af99b1b389643f5c87269096527fd1f134c452d33cd334ce3bb5a01dbccd724

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 7883a4de010837c79b457ef4dbf913e7
SHA1 529d7e67d2b5465fc3886262d56532c764780d66
SHA256 1c5c2dbf1d42bb7d8ee046687e0f2183302c12e33e9742879d561dc840557308
SHA512 c5da99e678788fbc1a7dcc1f97475f1b6133218ab63a0e3cd0eeb85d4cc995442c4d4e616abc923049f1c7caf844ca99607cc5f506300eb4288e85f038b3737c

/data/data/com.tiexue.ms/app_06851326-179e-4f06-8472-d5e78a1ab259/be7b7b05-7ca6-433e-b4b8-e26585aa3a9b

MD5 2f615c3148a3d616a4d3c6cc7ffb832a
SHA1 da2260e80e5b5d58553405877262a6bf2790352f
SHA256 4938e50025b5e6b8ea639daa3c13e706003c22bdde1eb5b0faca99849a1ab987
SHA512 8e7709e07bebd2be655be40629f636711d7de67ed5bbac036957387bde9a5966ede6439caee99629c153f302e11e6763e236c25fcf850c0f80570bdf24db6ddb

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 20542e2add024a709fff9646b6b87030
SHA1 28fab9bd79ceb1af8844bc8cd89189730c3ccb71
SHA256 dfd530bb3fc18b0f3748a3938659abffa9a68e6f228a2b50fdbe4876b9f51581
SHA512 b333dd45fd5ec742d5e1d6078532902d052dd06bac24b4c6c6f3aa71bd1de6ba862b3d55c0cbd938f532ccce7188e9fd1d620a7d04be9b01f1a4ee600862165d

/data/data/com.tiexue.ms/databases/ua.db-journal

MD5 9226b12fa17aa37e28cba3d50da719fe
SHA1 0b2038a4bbf615cd72ddaa6045b4769b68678e38
SHA256 d8594f4ee6817b4852016eb58ac137d4bf8d1db7460a3d4c490cbebaf2a50e8b
SHA512 3efc0cccb62f015ebb09f96e4be4972e69ab5afb68509ee68c82c1ba7bb950c3a1bd9ad93f362e5f9ecc3d806a62927f2791d2856ae123a2067d47f9057bc0d5

/data/data/com.tiexue.ms/databases/ua.db

MD5 a2c8ea957c4597e5db4c0a0d8e0c5ed9
SHA1 60e20b2855a3cf0725332849c7717c6d98875e1e
SHA256 c821fbe5f760f9087a3e1618936eab77433afb71558cffc0624ba2999bb33866
SHA512 780de46a7729ff1aad53afb51388c1cea55a8bb2f8a9de6e76c979c4bae0f9d58c83e772c443a2cb8b8e507a9aa399f0ad1400bcdcdb916d17f6c73061172b36

/data/data/com.tiexue.ms/databases/ua.db-wal

MD5 c41cdc73d8fa7ab09ecc62668e8f49be
SHA1 a4785ca2a6cecdbd266e87087ea9699506d0c258
SHA256 60e4cdaef9de343d218d7c95fb489333fd6dd4454af743780af8ed2ffb48a87a
SHA512 13033188d227360da296f40a0af75c47a9f03ffeb45611ae688c7e5d7b012abc4cec2b018d06f9f2b525294fe80637a4a7bbf76b58e3d1d73b78e9416975a6a4

/data/data/com.tiexue.ms/databases/ua.db-wal

MD5 4e5b9062f0fed661fc2a26d8391c39d3
SHA1 c85ed6fce99dba2732d9142a63ff406ea27d75bb
SHA256 d49a0d91ec4fa151ea84854e9d179378623c377e8509eda4a15517a1d05150d3
SHA512 cf679ccd0bb535d3cb39dc762fb4751b4b2ea5a8ea11c7de64afdc290f026b36e22a1dd814322c705ccc3c7ea49e12b7dd0a0fdbd66d812a6874597638da896f

/data/data/com.tiexue.ms/databases/ua.db

MD5 1880e83b948aae158647d42a9925c69a
SHA1 50f893bd302585e29eb00d00544b1822d95b18c7
SHA256 d0545fbbda5b7bca6b5ecd12c9389e46adfb6ab6f4100c2c877325350eaa150c
SHA512 7ed1276b176b83abc549eb7df24f60b2854c3258d89142216015d3b943c2d60b58dcaa4f8a08f4b5d6060c11f07d882fa7117c55ede7ddd1c99e2eb88106683e

/data/data/com.tiexue.ms/databases/ua.db-wal

MD5 a048f20c1b37d335f9ca9700c0ad964a
SHA1 22e4ea4c4e24de0cee71fdd844b74467e40e2ba1
SHA256 b1c7e519c70c1e2432a7c47164c73d8441609010bd42a9c85c1484b2fc9a7af7
SHA512 97885cdf85aeaa24212e5db10b184c766d14b75f355ae8cb76312561f19005282c00e4ca4aff62e07771de522a13fc96d27505ef403c059353ef41bb781ac1e8

/data/data/com.tiexue.ms/databases/ua.db

MD5 f3ae3b23c9af0e3cdf8588518e4ff2df
SHA1 e2458999ca139bf4b8ff25579e6848e689f35605
SHA256 687c06e94e1adf3fcb68747360f32160293991ba173345093c1960a5afe9d323
SHA512 d519f7b6c42f9ddc9bdd6354f8098bf79de26a256fd107f97b93d07bf50cd73b76bd5f527e58836a0a0df32dbcb2c7d2d9f3423044df3acfc077cd030f308b5c

/data/data/com.tiexue.ms/databases/tiexueDB-journal

MD5 9b54ab94addd45c0d0026636efc13ab9
SHA1 62d57420c334bf911c62783205492886a5e213b3
SHA256 436e23c6cfdaeaed48e450f05549eb8953935d485230a801ef41cb89e4acd5c5
SHA512 81f57bc6aec58ebcc7cb404dfc4bca5cc12a1e47a6b253bc652996ddfaa9dc369e4970d8ed5955dd38ea3b85d069f3f2eb3c04a86209e6954a22e9babe24d2e8

/data/data/com.tiexue.ms/databases/tiexueDB

MD5 182e45248c8fbd0d3a29d8556bf70d12
SHA1 c7edbcd068cc019a2233113db28c37b0cdef2e94
SHA256 0ebcd3f9b33232251735e337cfc4905a0df7a164ee6c6130f31031da5b77d03c
SHA512 87394d81727ae9bd7a855388e40483bb86d4ab968ebc4c511ae52e781c0b0ad0370244b190495a1d4481ae21b6c9373aa34b0c9e7cbf6177a4b5216c33c5456d

/data/data/com.tiexue.ms/databases/tiexueDB-wal

MD5 e502c38ffff82b139e05ecf3ad12af22
SHA1 d9f82dce0f39a00055e74b092bbe2f3c3abf7892
SHA256 c4a9f3eaa0e92e6de824def50b7a50893a0c2af771f3c4191578dbb402c83787
SHA512 aece03ed9f06f9d337aec7fe2660b1a4f630218f872ddd96d098fc535950d758a71d82782124a6c78589d2eefc9c81aa89167b48c7b6359f6f2e1553e80fa851

/data/data/com.tiexue.ms/files/umeng_it.cache

MD5 cf0051b78e2d79afab8705bf07e8721e
SHA1 1ed9c489d40c2cb107c972b46156f75b7f6d76e1
SHA256 3f39c5cbbbfa457860662648db940a46f0ab6f3915f9366db8e586b2eca496ce
SHA512 b962005dd81e8bf2dcd717b7cd957f42a5a7a5e3af86113aec8687dbcf3187b880969f6a8d6411a9a3a00bdd37acd1d31e31bd2587d728e2dac7568e8fd52814

/data/data/com.tiexue.ms/files/.umeng/exchangeIdentity.json

MD5 ff3c6344977d4fdec4aafadcade9ad87
SHA1 bf85102be48c6b967d6830f6255790c86867e22d
SHA256 fafc45386d7a1155e1d5500490aa31ef20905b5c40647eb7310e97ad5ae7b3d5
SHA512 c4a18c35b81efd7d2b47f6e0c3e5f5358fb149ad4ba8cc7a9cf86e1958d1d1f0ed0c157cfe9546214dd5607667d96876ae1fa552ef4f7fff3eaf932a8e494b40

/data/data/com.tiexue.ms/files/exid.dat

MD5 76ccc05ba8b4e0c074caa0c2220ce8fa
SHA1 d76e58b85c134273199ed9ed7cd9a94b77a4a0ac
SHA256 354cc18fea6a511bd9ca5b8bf844c4e2def8d0380a35feb8fa9731b95244633a
SHA512 e4a94a8150f11484eb17641d2e31aae39d02292aad445d91bb5798224ffa8d7ff6c08110507b3ba059e43d1b5e2e0dd5d1445b9f5f3a88009302f08ad611a2b1

/data/data/com.tiexue.ms/files/.envelope/t==8.0.2&&2.3.0_1715966343632_envelope.log

MD5 24dd1f803067d642d0681e27ff86de38
SHA1 6f119b73629d56ed9970b6e632102651d8afe5d9
SHA256 9f418f051ea3b6907f5f883d31471c9279aa80cbf42c9f4b596aafa1b79501e7
SHA512 13b8a7ee45149a209a8149311bb3f349c37f8b45f9f1c780bc767355a23bb1ab0244f3f09d5369bf8b81a449207c139016f0d73564072b9d6c2413e202b42417

/data/data/com.tiexue.ms/databases/ua.db-wal

MD5 e6ed358b4ebb8ac7aa3f72b27168fcfa
SHA1 a2ade0f5dd7120bdd3e83af609026c7129f0ffe3
SHA256 2fca90d5795fd761e95c1b7df06d8d4d35db10314ffb1fbe36f58ca2ce8b38dc
SHA512 bb7c0714ca32b3c81c4689901e7cf2119596b417048a2406f37e78895f6beaf02565341cfeb7580fd0991bfbb286ca727690502b06f1c7a5f25727a738bd528f

/data/data/com.tiexue.ms/databases/ua.db

MD5 589e6caedc855e00760d048726bb3879
SHA1 21f7b297354fba5112833f8c859abeae9495a39f
SHA256 7c149911f9d84129179771b5b7e09fd94b8c34f33606e268ec551deac9fd8275
SHA512 6483e960ddcc4fef1754fb17d9dd04f7c652df528b99a1f27fca02dfe0d6b74a223d512b7ba35e7b9e1d863acb4bfcf112f75679a17e75eab00a6607d8ef7286

/data/data/com.tiexue.ms/databases/ua.db-wal

MD5 acd75c0c37d4e58bd2533dfcad102613
SHA1 d9004c49f68b9da945f190a0a415a5193a93eb87
SHA256 9c1e98494a7f6697c78d38a566b16beaacb8d036dd745724829643113b83b6c7
SHA512 2b313a5af66c3c20d8fb4fe67fcbbfd57edc893a46eb66c967f6e31ef91c33d1a263a886e3d4eeb57dc2d50011e17b5815b617dce5956a6bc754e1703b3f538f

/data/data/com.tiexue.ms/databases/ua.db

MD5 46c84a8201da77545e28578836bd5085
SHA1 854e0c4e9b4300798fab79444364e8b10a9ba1a4
SHA256 454937335a86a2ffc8640b5fc66e1ffe5617f209b5c44bd5e5930cb99b2d4d01
SHA512 63716d88eb84d051ccf390c46e73fd159a697a61c55718749a385db83cb526c8ed6824fc967a07c6072fd8f81856c28bb21db46f3bb9f17beba44952765f7187

/data/data/com.tiexue.ms/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1OTY2MzY5OTMx

MD5 c516dbc9319411b9f7e4940cc2199070
SHA1 9ad45d77f2a17796946938b2d610a0d6bb010dbc
SHA256 41943d3cb456cb144f92418ab278e76aec6beabbe0f3231e13c5bb69f47fc00d
SHA512 528d1849237a99debf0668d72e57f02b30ce3691ec0711797879bc26514d653ac5ab6118993bcd6d2818e332b7cd6b51fbdd48cbd28f1770a8e444a03a6f7360

/data/data/com.tiexue.ms/files/.envelope/i==1.2.0&&2.3.0_1715966370987_envelope.log

MD5 318adfbad676891cee0b16a381ff753e
SHA1 0dc93c4158eb4e2a6048da9f0ebe53f9f4be4f38
SHA256 15ed3df9d759361f83577f760b7c2d94df62397e343ea63871e263a983a80762
SHA512 93e65ebe190beeddb122a821305443da4a6a7da7775bf7e77ea9b2cae1fae368738894e14b420ec7d84af06ec70018321becf1ee85a2c9ad02fa631ca229e25a

/data/data/com.tiexue.ms/files/.jglogs/.jg.ac

MD5 260f5a09d1b5664d0045960282089e93
SHA1 ff398b2b564e5fcc2556dc637d94308b3498a074
SHA256 5a6cd6a569b4a371df151de46b9949876361510ae31b9819bf7a0d843c4bfd8e
SHA512 80f8ece592a07933b6ded4a7c8747ed1a67210368910e4846129c7e18cd7fb9dd2f8edaa26ea455f3976e97ccbb7d61e745f875479c5ab7141df567a8fd32a09

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-17 17:18

Reported

2024-05-17 17:21

Platform

android-x64-20240514-en

Max time kernel

159s

Max time network

181s

Command Line

com.tiexue.ms

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.tiexue.ms/.jiagu/classes.dex N/A N/A
N/A /data/data/com.tiexue.ms/.jiagu/classes.dex!classes2.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tiexue.ms

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 sec.umeng.com udp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.119.169.175:443 sec.umeng.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.junpinzhi.cn udp
US 1.1.1.1:53 android.api.tiexue.net udp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 203.119.169.175:443 sec.umeng.com tcp
CN 203.107.1.100:443 tcp
US 1.1.1.1:53 ez4q2.cn udp
CN 112.65.70.244:80 ez4q2.cn tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 httpdns-sc.aliyuncs.com udp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.169.10:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
CN 203.119.169.175:443 sec.umeng.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
US 1.1.1.1:53 www.google.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
GB 172.217.169.36:443 www.google.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.31.160:443 log.umsns.com tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp

Files

/data/data/com.tiexue.ms/.jiagu/libjiagu.so

MD5 07e17870c523237a6fc7d65ab7407f8a
SHA1 ce8bf3e219791243a14f55ae497a381038f22b07
SHA256 93250202db3277c9d9874c82f93fd9257da32ef8529a5fe64a384dfdb1ecd0cc
SHA512 3ab015eca0c6f5adbb086d0125e3825152b816fb91626fbbe68c318200fe336e5f15d44f4e71fe818e61626519f9cb8182a3c5ed62add3447e0e7112cb3bc73f

/data/data/com.tiexue.ms/.jiagu/classes.dex

MD5 cde1063807e0f849c8c21e62dea0c9d6
SHA1 87194a340b722983eea2705743d13807ff582d13
SHA256 3ebda0c8dba66247b319d4567171c3181767d68435e332f7e7338f9418b434de
SHA512 e44d9da058dc4d1c952d692d1aa0be1ba62763d59f3f05ed053e7b20dc335a75b39b2c3f3ec3f29097e8d2790667b0334ebcc8e88ef9466376b8615118f50793

/data/data/com.tiexue.ms/.jiagu/classes.dex!classes2.dex

MD5 ffd2c8ebfceaf3422cf1c163645be4fc
SHA1 6f7b4ddee1c0350724795b932ed506a04e7b73c9
SHA256 bb56bc9265d02fa1d27051ed8b54acd5eab895534757eca50a412fc4a83bec5b
SHA512 4e69c39a4684ebb12675d3cbb4fd2f6bc0a05ca6e92067605ca37c4fdd7960c3621b122d567caeec2d5045c7ee409a86cb5a2fc41486477d447c02efb6f272a7

/data/data/com.tiexue.ms/files/.jglogs/.jg.ri

MD5 403bf3acea22208869b7bb453b1ab7d3
SHA1 301f7c07f97ac5d72eb9e72ffa401580c192f012
SHA256 0837b429df29875dce2554b0d121f5f489713f57df5cc884ddf7938dba380bb5
SHA512 45ea73bc158dd18e1e41dc28ef56be7e7e04fdcac3b9fa54b81b10110709e3e1886a1ef9c3dbb8629839c60cb53f3135679341595af69ab5dbb446f1e538b3ce

/data/data/com.tiexue.ms/files/.jglogs/.jg.ri

MD5 7d47efd8d947c42d6466614fed6ee7d7
SHA1 153615f80206a580d31f3a4e596e90573daf767e
SHA256 37d8a63db6df07c75ce96a8c61b4897b755a660dc64d93ec7aa0853b18d42f51
SHA512 b667153918c8160f19902e15fd48f9044ad42974686eda057831d2b2522cb2f5a2818ab88fe1c2903cc7d1d3e14203a80f29fa0979c2415338ad5f055eb47d59

/data/data/com.tiexue.ms/files/.jiagu.lock

MD5 66cf10f1c9b6ef0a34f88d4045078203
SHA1 c52d950389d85fd3a7ef14c895ed4b4822845ffd
SHA256 39c0b5042252747d43fc8a142d825b8e00d7e00db0bd97d82b7f0880f3bb4991
SHA512 0b1254bf72aec4c7d193c5a11f0bc54a9a4c9ce0ef8f40a478c03f7e6fe8673c9d72c6536cd16bbd84517f3adce30bea70c8fda9465f4b73a6cba093166a8d84

/data/data/com.tiexue.ms/files/.jglogs/.jg.rd

MD5 6c0f45448f2d3fcbb64884a85b1999c6
SHA1 747ab06fd0789696341ddbd97873a497b07db8a9
SHA256 bcb11bc5342abbcecd55d8b46fdfd9c7291fd2eb2300e6541cec5f10633897ce
SHA512 85d508472374a603dcb5f1130e7e8f453a9dabacbc2e1aaa4ef1c380f5f650d6c0cea401cfc649fc1b8c788bb07975e0abde549fdb1344eb3da0d9a515e95926

/data/data/com.tiexue.ms/files/.jglogs/.jg.store.report_pid

MD5 a19ccc2f1150578350ec2b78339af599
SHA1 7a1536aadf432da5ad924fd774ec9a8e5ed910f5
SHA256 681695e90a96732c5efbcd997108d66066adbbefa7a56cdd61f6e604fe87c84e
SHA512 ad88dbf2b348dfc6d25c6a3f15e5b717431243c5b0a63dd227f0b02a68403d11bf1e7abc6e91b24af8990440a5d6a0180e192a77afc99ac1830ecf0fae87fa4d

/data/data/com.tiexue.ms/databases/MessageStore.db-journal

MD5 b82ebf6d56506dfa3b2444a1712631ce
SHA1 6f799398c991bec5bc50c5ff4bee5bad963c80fb
SHA256 ef82108a187f5073c90e98171f555f98c2c08a49c5c99329823baa35f9e489fe
SHA512 26892f1893480fa79dd7b34ac14971df8ef985e75b6c80204f3dc92650330fda0c579e103c38e4e9290f69e227ea0cdc80a40739c4f7f6d4cc50aaa8e196f977

/data/data/com.tiexue.ms/databases/MessageStore.db

MD5 15669eb47bb19111cb64fa7508b227d7
SHA1 c7585424afeb0fc7051697b771eb3d81e0e3aae3
SHA256 ecb0e8c93a782292a1dfe20a90e204d1c1c804e2773f1831c9ca34826aa62071
SHA512 13c2cb45912090ba0b670b36050eab5954e22d57b79e141d2236035dc1ea2000960d93ebc544fc4dee48765335a3d52baeb5d31c8a40407224c624fffebbc11b

/data/data/com.tiexue.ms/databases/MessageStore.db-journal

MD5 6e4eaef0bb70d0f10eede1a987278026
SHA1 995eb00bdde6fec8bea5659681ea4b2caf40d83c
SHA256 48e3bea83da753333117e8abfa905fe4ae735f9a39e879ae59b18f87f8677896
SHA512 4ccb7a3758758c687438c22ebf47130b239f5362b7801898b9966eb09b215b2c27bbf3b21028fd9b8d86883458564ee1cac89afa0ddb379d240497b5a1e72220

/data/data/com.tiexue.ms/databases/MessageStore.db-journal

MD5 745abd0b6c04e22b271552b20c7d7e89
SHA1 c1fd4a9d59b18b872b09fff85e4e723c2f6ea64e
SHA256 bafc0422455c91903e05d92715d17fc5d93915df8b40ba220a2575c368e410e5
SHA512 bbabf6676c697b8db55030dc5d0859d12ffadfd31ba6719406694e325831ac43ef5edc3d8372bf17e1b8b9d2667cda4a6c4e3fa5aeae27d7d9ab202ade431c37

/data/data/com.tiexue.ms/files/.jglogs/.jg.ac

MD5 9c0f48a9d9eef8200c36ac5559f31f2d
SHA1 e34c6ac5aebaf5ea1f985aea010bb73bc3241d3b
SHA256 6d219b405efa980ebaa7b6233ecf9abb02045cfc4a896b3c76bfa034f4c97458
SHA512 060515282e06bf6f5abb1df178e11ec02dd9a371ecab5fa194c305d4e5436732311696d70f38e25e16acdd46c212099e41f59c81ccada555a5fd5523c21896af

/data/data/com.tiexue.ms/files/.jglogs/.jg.ic

MD5 8e32e6f18f323380c17c57a139bb11de
SHA1 0999ef34e91363b0fb81b5266103bcf50096b40a
SHA256 3b4af64bfd8377ff9273774955802e1da6b470314dff500952cce4d42c913357
SHA512 8e2d08a6781f9e9bd5f2f94ccd270a8004340f0ce9d9305e5d02555a9937a6238351e425c5e8f1ad80173fd773190cd90228f0ee4579ab4842e4712d7b3bd3cb

/data/data/com.tiexue.ms/databases/MsgLogStore.db-journal

MD5 adc950e4f239b5192aa219a48c963225
SHA1 684c499c184dc62827459749e2e19742460a75b3
SHA256 533bdfb16c0a73bceecd5ff8861a764ea5ab595c380e1a0e69a6238b87fc47e8
SHA512 3a147983ad460b922748b8cc744a1ed4c7892787eb5532ebbfb51a08b6fd8b0d563ae81e24a9a9d40784a8430d295e0ee18c6f3cba5dfca710db3b160c2f30ee

/data/data/com.tiexue.ms/databases/MsgLogStore.db

MD5 9cec591e3ef91ae568f4cb6e7c2a8745
SHA1 ccf756b6b465ad9ad7ff6bfbeb4e8345ba3f6ff7
SHA256 05be88f05e9bfd4d6496caab584a704e7956fb87036529a0c8028f1e2bda309c
SHA512 f824b3268338787275c184bb740d152d53c1d8e57a044f587530735ef04d021a2671cc2aebb17ae3b497a0ad171060da484a565bfa62d32ed334ae5ffb538f51

/data/data/com.tiexue.ms/databases/MsgLogStore.db-journal

MD5 9a0747c4c44e97b2670cf35684efc01b
SHA1 0137abd0fc9e39d68d66bfd233991eb10cbb37fc
SHA256 a0947a7d184753cbfd92a6e1df0e49f32cadec39e103267596c131b511b596c4
SHA512 2aebb78acac13fc8ab05bcb871a3f673b5d38f72b90b1865a72bc619e8e5198fa487b80f911593195977097fae6bf42f7a2beeecd9f271d8f8023e0dbec77ba7

/data/data/com.tiexue.ms/databases/MsgLogStore.db-journal

MD5 1d16835f44b1e887f490385f0cb98e11
SHA1 a8c41f410fd1da3dbdc0b7bf01bba09db581d8a6
SHA256 bc7081c9f9db9464edad7f500534c974ecc627894a4391e4b4b92b5db24ebc88
SHA512 16dd5d7a6ef9e1b700ca30f67e6725a555a23eea98c4a06de4ff46ccb3bc53c7f68ccdb11ffa2ae8e5f923a35083c9bf99748ac38350bfb6306553729c310819

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 05b792fbec5983ec84dfe3c30346256c
SHA1 27238afb15fa7eef9c2a6e51a56259c9f50ffbf3
SHA256 df718366dd9f2f444eed8be956d0c81810924d71dee269b5dd688510ebc8afea
SHA512 e441747440dd1ff9a408b23b26a0220b06d688db999549bb0d9c0d763da0f11f59327bfe542922241cccb4cf2e2ac858ffc2bb899eb66e591880cc5433455c4f

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 693fe4dc0ad53ab27e7d57f943217cee
SHA1 b642e2250c41f490bd2ec34bfac3fc46571d94d0
SHA256 3bcd5c700c46fa26c18319537fcbf482c83831d052c76810002408340d8e2e25
SHA512 69212c313c5c04c6cf18f658555c46281b845c792c3c09ac859085fba9a94002c472c1ae68915397eb081f84d7b2972fed2905d6faef23ec5260f82baa2bda10

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 af0e1f84360d2255c13389ffb56c6ffa
SHA1 6c38fb005d3de7831da5196ee17574813954129d
SHA256 7f13129dedac98637e842132d6f1b7ac436f0e400c434fa20341f8bfd86f221c
SHA512 d1322c39c6a282f22533c8837db0bc48d21379c50baabb248a57d8f5dc1cbcda65bdc146216e33590e2907da4b2b83b3e4ac716db9b08d752098d29d9dd6a7d8

/data/data/com.tiexue.ms/app_06851326-179e-4f06-8472-d5e78a1ab259/be7b7b05-7ca6-433e-b4b8-e26585aa3a9b

MD5 e9e852b12e2eab2f29e9c441a4402611
SHA1 9f85be6758ca0990748e7f3758dc6d69606a753a
SHA256 d36c838246ea232a0b978b491719b8b77b97e7e3507e08db2198d1603b596569
SHA512 e8020b9d4bca8955c8d5ff7afbef4861deedc976c1e8e0178d30fe8782c929965bbc1512c43fe21fc6a59ca81d4c49a61ae2d1a6f27159bb927e4b9f6db1fe08

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 d4a1ef01e033ebd4c2b72a800d630ef0
SHA1 0d6ead907cb96370d9dbaa44727e2b4c83c7b54c
SHA256 697311a1dd9f566a8811d2169d0a2d91481b28a71942a36319de2b22c805ddb5
SHA512 5540cb0f8461fcc8b4a2e14d4aae66b68cd5fcbc7b572eecf36fab29e5aa768cf22d773b2e8a429054fd9352ae1b3105a5ae10a70ad1761c916dcb8e03be8464

/data/data/com.tiexue.ms/databases/ua.db-journal

MD5 c8c7342315f7a57bbdbefe35e901720a
SHA1 6565eec9f9f25ae7bbcac29b0a5680d1aff11aaf
SHA256 323d033ea536257f8fafd99a28a15d9192bdb9f85a4255efcfa83531d31dd5f1
SHA512 1c7b624071b751ca34331353c2962b6c5b592e1298ee945d31030cafdfec68366e9475e8911ad978acff5757686c37c978a8fedbc9c01886599856cb9180e822

/data/data/com.tiexue.ms/databases/ua.db

MD5 a342af56ea950c9380be27c3d7367861
SHA1 135ebdd4d3f0bc23534e3d01dea5451924246474
SHA256 11a75167d37d8639f826800a09d15d24a5649f2f268acb4fb9ca5af44ea45bd2
SHA512 a5984169c9c0f5baaf01b4da27cb5db4de4021b296b3d709a5c27548b0dd14e56278338020fb9788a0170c034f61086be8599f8d1c96f46352644885c84bd378

/data/data/com.tiexue.ms/databases/ua.db-journal

MD5 a45a262088f2537b335aff3058fe9399
SHA1 6b774292ec7a0814acbac41ba4a49b723f7eb1a7
SHA256 028d19611f3d92931f4dc092aef06013330a045418c8b728d0463d55f36220b1
SHA512 91f48273a0b6fe441e72e4fe1e134c51030f169c715094aea1433a577fc31b7bbb827559182bacc0895f53f20a8954ae8f77f3a28dcf6af27de2acfc9f989805

/data/data/com.tiexue.ms/databases/ua.db-journal

MD5 bb33d1876aaa5492b9c2dca87107543c
SHA1 88ec031b438a599fcd003e247a8719ce82869f90
SHA256 b6c80d64c7d864077ed541d1e5dd9b0b78e6605906ca5bb27d5a84615c6a44f0
SHA512 adbe8855d4a6d0e4b1241104bdb52cf98fe0de999401078411ec90b2702cc38d7b1b423f9dcf81496d015090a79ae6be08fc9cc32dfbd4b4f1e9989c05c51808

/data/data/com.tiexue.ms/databases/ua.db-journal

MD5 45052a29b63e599594f597ee9b685d2c
SHA1 507fa2b2f4c1b2d733638ac871656cf7c7c4ef59
SHA256 581286ec7cfff0771c186b0b9006143b2efaf7b2faef0bba0321afedc3ca81f8
SHA512 cc725e3d1518bd971a3542877e14e566be8c8a6ab79cdb3bb568d827ec71645fddb1842ca007d581bf53e8ab45fb45cf732651b6cff9501533623a4f25c376f5

/data/data/com.tiexue.ms/databases/ua.db

MD5 7c4cdcad38c8336460ed4b8237cdce92
SHA1 9aac9109f2749d5f0744040af145482792de5b27
SHA256 9c64e6ff77dcc6ec6c318b72cd274098011adb50123b2092262dcd8ccdb44cfe
SHA512 fd83be4e4e32e4bbb47e11bf4093460b9c990203fc7deed5826f5d18e9de7a20a8c48e564967b9e4c2d2e7209f53b1fd6e8e78b1dee6f59b9e0bfa181974f9df

/data/data/com.tiexue.ms/databases/ua.db-journal

MD5 345c4216e74b22a8467c8c39933759be
SHA1 2425e2e146039dc382bd56030f59d9e7bd8330ea
SHA256 31ec0f6adfb62b46be714d0d0601a74a8d24e04be217e6cb4a0cde6b034512e1
SHA512 1253b3fdbed9a923d02a0baf7a0fd3804a0c61d286d1a1e71c2d59ca7d34cf2c9a8416014a9e790bbf35787f9f6b0a3c83616d38e06640e66faca5a04bf319c2

/data/data/com.tiexue.ms/databases/ua.db

MD5 7d675bde6d4885c12efd4b2bd2209321
SHA1 ef001f7d4c47034b372d5779041e972ba75f40cb
SHA256 f10bfb93607e4cfce1d4a2dcb6727e45a8ec651ae3d44b6b57d6d4410c5604f5
SHA512 c08e01604a10b243ee3c309e847b0d84b4ce3192faf0dd7ad46a2e7a89f3baace6e95f26288c138243b23f6959aa54b1f6a3fc8ed43baa5516b78c898a4b0dc1

/data/data/com.tiexue.ms/databases/tiexueDB-journal

MD5 605fc394cd9e6d159365d0c4ccf09b3e
SHA1 6c13d782f4ca987b3bf211d827683fb811238d39
SHA256 ba008783fe6a28678df602773ad9e8fe6f5ab5ecb86b6c578a702f67334fbbc5
SHA512 622d58ab4dfb40be1958509ef86249ba8393ea04e10babf775001555cb04152993bf09caf5572a323363e9e2f01b05096aced8ac219e22eacc22e84aa714f833

/data/data/com.tiexue.ms/databases/tiexueDB

MD5 c9e0de999c969963952a18cd7887bb16
SHA1 458fba7b8212c0f1632d1f4183a27210ce580592
SHA256 5301aa7e5c08e053e15b015076b4174d4dbc70a426d0ceaefb146085fb5c7bed
SHA512 73d87448c4f4aafb320f63349ad5289a227d9db5e5789fdada70629ec46e59776fcf91b69160652da36af0136f8bfc61a08320c9157157264a5f853cbc229dbd

/data/data/com.tiexue.ms/databases/tiexueDB-journal

MD5 61a4180d66b1c04009d818af24bfd077
SHA1 a42781411f7c509e336057a2caa3b14b630ede97
SHA256 7d8eae991b966712383d5a4c7c84cd7feff9eecaacff1a8e861741997ba2ab2a
SHA512 42914f7cf3ab90fe2f7e81a003796bb5aa90e35c4098aca43cbdc5f982d09cb1561a3f1e91e05b7d33424553c1c192ab42f146cfc855ee17feb1de9efecb26b6

/data/data/com.tiexue.ms/databases/tiexueDB-journal

MD5 969c21487323c5d4fc6e19045cd65c6a
SHA1 97f791ab6669855b1e5f2f3d2763000f402b3093
SHA256 970de904a217463b64ac9ada056cfd0523c1c001575f32292efda9752386e45b
SHA512 77f9d9efd1679654b1c1867c819d6c752b3e35d45c00ac6dc722863baef54686207a0c4a6a355189dcd9b4c4ffea9c640396bee3626722d8567f81839051dcc8

/data/data/com.tiexue.ms/files/umeng_it.cache

MD5 53acfeb3f95f733530bbc6a7bb58c6ff
SHA1 c145da6b4769ae328e20e62c70c11e4d4633659d
SHA256 b53180d4b90226eaa5d6df7d2ca647f6f1fa1ce7a87151807e34d7d1d178dd38
SHA512 fd8314b240e10db9da8123f6e7d8e9db93f32eccb845292f315e24f965946f6a4090e87553c6bf03e2a8690a9bbe807b3022b442d3de9bcce34485545f21d8ce

/data/data/com.tiexue.ms/files/.umeng/exchangeIdentity.json

MD5 12880067436e4ad1ba809be9a722b83a
SHA1 6e2c29eb8d29f1e1aded17972eaa1ec1dbdb0223
SHA256 1094a7ae3ec2d5869db3f2715e8db71a4bc3516f350b072313f6d7f8e1f491eb
SHA512 703be4df248d75dd1d7a6295364f93d0446ac4b85b4a80fa85973d9152546367583406103f771b16e60a6488842de4627a206d1a8104c72015b6fba7bf5e46a1

/data/data/com.tiexue.ms/files/exid.dat

MD5 76ccc05ba8b4e0c074caa0c2220ce8fa
SHA1 d76e58b85c134273199ed9ed7cd9a94b77a4a0ac
SHA256 354cc18fea6a511bd9ca5b8bf844c4e2def8d0380a35feb8fa9731b95244633a
SHA512 e4a94a8150f11484eb17641d2e31aae39d02292aad445d91bb5798224ffa8d7ff6c08110507b3ba059e43d1b5e2e0dd5d1445b9f5f3a88009302f08ad611a2b1

/data/data/com.tiexue.ms/files/.envelope/t==8.0.2&&2.3.0_1715966343498_envelope.log

MD5 de30d0a67c8fe24965633ec8de1c2144
SHA1 5f854eb0b2ba67a7d3a82182168cfd196d257537
SHA256 cb53b9f8cb4fc83748c2d08765c64569680778819fd58c148b93557412326462
SHA512 c6e549a0446c23b6a6d1b853e28984ce994fbebee32cf0f273d9f2b93339d65f4bdc2db1f0fc5d7950c30fc1259607933c0a2238bc7700213359b7556cff9f7a

/data/data/com.tiexue.ms/databases/ua.db-journal

MD5 6ba284c5171ea4d36ef84097f49799e8
SHA1 c0d026e27f9918b0ba65f4d6a8296ad741946405
SHA256 3fdf9373161b6c92f3bef18f00f232a76dd12514b9c09baa11f539bb2bf5e3db
SHA512 7f46e0ce616ee998e6e10175aefe4578c0f018be326b3bc834e2444170876b7c1293e64850de3bd549b079710def0270f6c05f22b723fbb4151882cccf5b5f26

/data/data/com.tiexue.ms/databases/ua.db

MD5 2cc0571b3bf90b13167829416c74791b
SHA1 6f03c4f1c289b9eaeb0e568164d81a932a465960
SHA256 cb1bf09a181a532733bf1511dce0ceb43fabb11641a54b92faaecd54c855156a
SHA512 e8a37ac4426f473467d31ce5e1bd63dff421be1a5467a5ea612b82e646e75ffbcb16b3c474c5d267e40e25d3f4b69ed41a3e4f9b86365f379fca1b200cf51e46

/data/data/com.tiexue.ms/databases/ua.db

MD5 3c3e618e4983e1c5390e2af8c4fb2c17
SHA1 8da835e393c89cc4be98e9a0d96481b894e79b5e
SHA256 913167b27a9a43d5bdb32844cb4352183f1c1c7afde4dcb34142dcbb6bc923a8
SHA512 08b6b515315c9b6c09ad610a0b0dfb08e0242c51df53d6a8633a58e9ad832ec5110dc1551fdff1e2c84c5a22501ee751bba5066acdb0e77907cd8ca47efc69d6

/data/data/com.tiexue.ms/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1OTY2MzY5NjE1

MD5 6f576dc1439112c2fe74b823652c0f9c
SHA1 9d0702f7bbaaa1b8cffec86b033b4c9a6ce97dc1
SHA256 49135119c6b6ded7ce1d0b1a4e3f2303bf7ad84be7748c5b9edcaaac67823d5c
SHA512 160719018f22d7ad80e64e7087b6db349424a43e8c9843a8c2dcb7d0c80ed24e96f1e65ea940446dd2694325550b1652406887c4438ca86f9c469098156103a8

/data/data/com.tiexue.ms/files/.envelope/i==1.2.0&&2.3.0_1715966370090_envelope.log

MD5 756f427906c52aef127def4d24dd25cc
SHA1 2a4659de6669773fbcaaca75da6d2c190f4dbf39
SHA256 e17bac0a5aa4d019c32ac19e7a29a405aacfbf240f61174237d97d52c454d1fa
SHA512 5613e218eca953e383543d1ff982ce29c85a500c22d8c57fba648af8c5e60495ffcd761c86d87a7177378769c2ce7ef4f4c2d99551e84b04e982d718133d30a4

/data/data/com.tiexue.ms/files/.jglogs/.jg.ac

MD5 260f5a09d1b5664d0045960282089e93
SHA1 ff398b2b564e5fcc2556dc637d94308b3498a074
SHA256 5a6cd6a569b4a371df151de46b9949876361510ae31b9819bf7a0d843c4bfd8e
SHA512 80f8ece592a07933b6ded4a7c8747ed1a67210368910e4846129c7e18cd7fb9dd2f8edaa26ea455f3976e97ccbb7d61e745f875479c5ab7141df567a8fd32a09