Analysis Overview
SHA256
ad6d518ef4a67b91f3b9bfe0a20a90fde1868cdc4bfc1fb788c309dd451df9de
Threat Level: Likely malicious
The file 5098a639e2c6440ce16d385dfd2d80c1_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Requests cell location
Loads dropped Dex/Jar
Queries information about running processes on the device
Registers a broadcast receiver at runtime (usually for listening for system events)
Queries information about the current nearby Wi-Fi networks
Queries the phone number (MSISDN for GSM devices)
Checks CPU information
Checks memory information
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Checks if the internet connection is available
Requests dangerous framework permissions
Queries the unique device ID (IMEI, MEID, IMSI)
Listens for changes in the sensor environment (might be used to detect emulation)
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-17 17:18
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-17 17:18
Reported
2024-05-17 17:21
Platform
android-x86-arm-20240514-en
Max time kernel
159s
Max time network
184s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.tiexue.ms/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.tiexue.ms/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.tiexue.ms/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.tiexue.ms/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.tiexue.ms/.jiagu/tmp.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.tiexue.ms
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.tiexue.ms/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.tiexue.ms/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
sh -c ps -ef
ps -ef
ls /sys/class/thermal
ls /
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.42:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.200.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.200.42:443 | semanticlocation-pa.googleapis.com | tcp |
| CN | 203.107.1.97:443 | tcp | |
| US | 1.1.1.1:53 | log.umsns.com | udp |
| CN | 59.82.29.162:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | sec.umeng.com | udp |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 203.119.169.82:443 | sec.umeng.com | tcp |
| US | 1.1.1.1:53 | android.junpinzhi.cn | udp |
| US | 1.1.1.1:53 | android.api.tiexue.net | udp |
| US | 1.1.1.1:53 | ulogs.umeng.com | udp |
| CN | 223.109.148.176:443 | ulogs.umeng.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| CN | 203.119.169.82:443 | sec.umeng.com | tcp |
| CN | 203.107.1.100:443 | tcp | |
| US | 1.1.1.1:53 | ez4q2.cn | udp |
| CN | 112.65.70.244:80 | ez4q2.cn | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | httpdns-sc.aliyuncs.com | udp |
| CN | 59.82.29.163:443 | log.umsns.com | tcp |
| CN | 203.107.1.100:443 | httpdns-sc.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 223.109.148.179:443 | ulogs.umeng.com | tcp |
| CN | 36.156.202.78:443 | plbslog.umeng.com | tcp |
| CN | 203.119.169.82:443 | sec.umeng.com | tcp |
| CN | 203.107.1.97:443 | httpdns-sc.aliyuncs.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 59.82.60.44:443 | log.umsns.com | tcp |
| CN | 223.109.148.178:443 | ulogs.umeng.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 59.82.29.249:443 | log.umsns.com | tcp |
| CN | 223.109.148.141:443 | ulogs.umeng.com | tcp |
| CN | 59.82.31.154:443 | log.umsns.com | tcp |
| CN | 223.109.148.130:443 | ulogs.umeng.com | tcp |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | s.appjiagu.com | udp |
| US | 104.192.110.60:80 | s.appjiagu.com | tcp |
| CN | 59.82.31.160:443 | log.umsns.com | tcp |
| CN | 223.109.148.177:443 | ulogs.umeng.com | tcp |
Files
/data/data/com.tiexue.ms/.jiagu/libjiagu.so
| MD5 | 07e17870c523237a6fc7d65ab7407f8a |
| SHA1 | ce8bf3e219791243a14f55ae497a381038f22b07 |
| SHA256 | 93250202db3277c9d9874c82f93fd9257da32ef8529a5fe64a384dfdb1ecd0cc |
| SHA512 | 3ab015eca0c6f5adbb086d0125e3825152b816fb91626fbbe68c318200fe336e5f15d44f4e71fe818e61626519f9cb8182a3c5ed62add3447e0e7112cb3bc73f |
/data/data/com.tiexue.ms/.jiagu/classes.dex
| MD5 | cde1063807e0f849c8c21e62dea0c9d6 |
| SHA1 | 87194a340b722983eea2705743d13807ff582d13 |
| SHA256 | 3ebda0c8dba66247b319d4567171c3181767d68435e332f7e7338f9418b434de |
| SHA512 | e44d9da058dc4d1c952d692d1aa0be1ba62763d59f3f05ed053e7b20dc335a75b39b2c3f3ec3f29097e8d2790667b0334ebcc8e88ef9466376b8615118f50793 |
/data/data/com.tiexue.ms/.jiagu/classes.dex!classes2.dex
| MD5 | ffd2c8ebfceaf3422cf1c163645be4fc |
| SHA1 | 6f7b4ddee1c0350724795b932ed506a04e7b73c9 |
| SHA256 | bb56bc9265d02fa1d27051ed8b54acd5eab895534757eca50a412fc4a83bec5b |
| SHA512 | 4e69c39a4684ebb12675d3cbb4fd2f6bc0a05ca6e92067605ca37c4fdd7960c3621b122d567caeec2d5045c7ee409a86cb5a2fc41486477d447c02efb6f272a7 |
/data/data/com.tiexue.ms/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/com.tiexue.ms/files/.jglogs/.jg.ri
| MD5 | 403bf3acea22208869b7bb453b1ab7d3 |
| SHA1 | 301f7c07f97ac5d72eb9e72ffa401580c192f012 |
| SHA256 | 0837b429df29875dce2554b0d121f5f489713f57df5cc884ddf7938dba380bb5 |
| SHA512 | 45ea73bc158dd18e1e41dc28ef56be7e7e04fdcac3b9fa54b81b10110709e3e1886a1ef9c3dbb8629839c60cb53f3135679341595af69ab5dbb446f1e538b3ce |
/data/data/com.tiexue.ms/files/.jglogs/.jg.ri
| MD5 | 10e6ad201018b07aec67dcdc72f7f4c7 |
| SHA1 | c5f36060a0ed6071c1fbf37f9bd7a9de86f3fd56 |
| SHA256 | 70eceb1dfac5fdcad9353049bfbdb8fbb540ee2ef9e0ec55db573a318a15be67 |
| SHA512 | 881b21e9f9427804202909b830bca90686b923b7f550bf893c04c114cdd698c040634912b9548146a20185df3f998c159ad2347bcd49d6d116067a55be5e71ed |
/data/data/com.tiexue.ms/files/.jiagu.lock
| MD5 | 3cc8f96dc786a9f6d22d96164e21af79 |
| SHA1 | d10e6a27c056f4699a0c6acc5d50d633e633d797 |
| SHA256 | 187bb926507bf9e278c4769ad5305a6df255b9b51e307e02e1940528256e8f9f |
| SHA512 | 03222f806dfcd9fac9fcebf5af333fdc29567580ab7de51d99a7db0e03c2e203e628e78bb6151563118a586fa0574218104e37d2787e5697889a5165c679f857 |
/data/data/com.tiexue.ms/files/.jglogs/.jg.rd
| MD5 | c2e79ac702fea25042ec6813de1e92c3 |
| SHA1 | 401674b4351176422ff75d782580af26187d7e45 |
| SHA256 | 7bc4e4e873cc16fed25b4daf475791f3839876b9f700636006ed51e0f10a6681 |
| SHA512 | ea7a4ce359b89a8c24b3d8416c65aff91dc25c73397642e83d4747caef968567260c13bc08eeed09de7c8a08b2bf47a26ddee99fda310d7b63038648afe15498 |
/data/data/com.tiexue.ms/files/.jglogs/.jg.store.report_pid
| MD5 | a19ccc2f1150578350ec2b78339af599 |
| SHA1 | 7a1536aadf432da5ad924fd774ec9a8e5ed910f5 |
| SHA256 | 681695e90a96732c5efbcd997108d66066adbbefa7a56cdd61f6e604fe87c84e |
| SHA512 | ad88dbf2b348dfc6d25c6a3f15e5b717431243c5b0a63dd227f0b02a68403d11bf1e7abc6e91b24af8990440a5d6a0180e192a77afc99ac1830ecf0fae87fa4d |
/data/data/com.tiexue.ms/databases/MessageStore.db-journal
| MD5 | 2e3d84292e6ef6a8d5feab7485709be7 |
| SHA1 | 9267352ee5ba9584e366d2a46552975d8d9b7c1e |
| SHA256 | ae50d8a38ad0f86ec08f517538fc75214364b123321eec5905bbe9f1fc0e4975 |
| SHA512 | 1457aff6777c3bd437681e7255e4379fef7861b866287fec73121e6f170bed809c6b955837f5df6c77942ac6e05223ccab14069fcdfcf7a6ebb505b7f507be0f |
/data/data/com.tiexue.ms/databases/MessageStore.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.tiexue.ms/databases/MessageStore.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.tiexue.ms/databases/MessageStore.db-wal
| MD5 | 384d0114778dbd307ba1681718d7d145 |
| SHA1 | b06910b7bcf672483d3be42667f7e23de9fd513a |
| SHA256 | 6e70202904a53c137468544b0fa2588cb22a4f7bf0ff15eb0a7313fe61dcb626 |
| SHA512 | a0379030fef94f961f546e1b6f88fde5794eb2d9133c042c5a47baf853095a669253bdedf89a3c9dcb6683a52af3dbdbc4b12f81fe6081e73696a9e99c37a754 |
/data/data/com.tiexue.ms/databases/MsgLogStore.db-journal
| MD5 | 746d4c357a772fbc9220d624e1669e52 |
| SHA1 | e08ea88725c58f5b02e08e49bf57fe49a93d2a10 |
| SHA256 | dc64905a34e00d8ce240b56c5bfd821f169e7c8c850a4f15c72c1b609c8ea210 |
| SHA512 | f7ef8245f095dae744dce7b92a02e8ddf75fc7bcb6c165a147450e7f4511f3a207571d7aeae06a43b18b180ea884a96b53dc895a712b76f9e5fbcd41b539af85 |
/data/data/com.tiexue.ms/databases/MsgLogStore.db-wal
| MD5 | 4e4284496c6b47401cbb8d31d9128c22 |
| SHA1 | d30c094e1007a91ea0670d7ffee3d09c886ad095 |
| SHA256 | 52604fb5429310c2b976a994c069f5857cabd4c8e048da15848f2a231e2d826a |
| SHA512 | 8e171c95b01b978f34cc031766086768204b402a9e699b6bd18455d21dcd92b922b171c089efb45491c60c5b184d30d2ba7b81b31fd0e7802a190dc5f137a779 |
/data/data/com.tiexue.ms/files/.jglogs/.jg.ac
| MD5 | 9c0f48a9d9eef8200c36ac5559f31f2d |
| SHA1 | e34c6ac5aebaf5ea1f985aea010bb73bc3241d3b |
| SHA256 | 6d219b405efa980ebaa7b6233ecf9abb02045cfc4a896b3c76bfa034f4c97458 |
| SHA512 | 060515282e06bf6f5abb1df178e11ec02dd9a371ecab5fa194c305d4e5436732311696d70f38e25e16acdd46c212099e41f59c81ccada555a5fd5523c21896af |
/data/data/com.tiexue.ms/files/.jglogs/.jg.ic
| MD5 | 8e32e6f18f323380c17c57a139bb11de |
| SHA1 | 0999ef34e91363b0fb81b5266103bcf50096b40a |
| SHA256 | 3b4af64bfd8377ff9273774955802e1da6b470314dff500952cce4d42c913357 |
| SHA512 | 8e2d08a6781f9e9bd5f2f94ccd270a8004340f0ce9d9305e5d02555a9937a6238351e425c5e8f1ad80173fd773190cd90228f0ee4579ab4842e4712d7b3bd3cb |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 77c4ee2f992bd02e4bc8a95aef09e79d |
| SHA1 | a400dd45c5010b566523683017998637b1a7832a |
| SHA256 | 256a1433f6e9b2fa25d9f8e83e51580a2acef6c8ceef7f46c871c4bd00f0e22c |
| SHA512 | f1ad73c473c2c40228a5fa98aef25aa87e1a17950f93915bb1aae36e2bbf4f0bf3ffb88319f0260155540924cb3cd501e1841f7e07eacb004094d013357f0667 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | fe8c8ae0b68a65144823a6f0436ff015 |
| SHA1 | 7a97640b47e3717910633de251c5d4e1bff05fa6 |
| SHA256 | 8fdfc9bd31e831291f4a1d98565cddf2ee62773ee38397c4c5f99239823cdfc8 |
| SHA512 | 31c758eed160c9ce1e0586bb3cebd3200573cebfdee84904c7a0679c5fe98fd76af99b1b389643f5c87269096527fd1f134c452d33cd334ce3bb5a01dbccd724 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 7883a4de010837c79b457ef4dbf913e7 |
| SHA1 | 529d7e67d2b5465fc3886262d56532c764780d66 |
| SHA256 | 1c5c2dbf1d42bb7d8ee046687e0f2183302c12e33e9742879d561dc840557308 |
| SHA512 | c5da99e678788fbc1a7dcc1f97475f1b6133218ab63a0e3cd0eeb85d4cc995442c4d4e616abc923049f1c7caf844ca99607cc5f506300eb4288e85f038b3737c |
/data/data/com.tiexue.ms/app_06851326-179e-4f06-8472-d5e78a1ab259/be7b7b05-7ca6-433e-b4b8-e26585aa3a9b
| MD5 | 2f615c3148a3d616a4d3c6cc7ffb832a |
| SHA1 | da2260e80e5b5d58553405877262a6bf2790352f |
| SHA256 | 4938e50025b5e6b8ea639daa3c13e706003c22bdde1eb5b0faca99849a1ab987 |
| SHA512 | 8e7709e07bebd2be655be40629f636711d7de67ed5bbac036957387bde9a5966ede6439caee99629c153f302e11e6763e236c25fcf850c0f80570bdf24db6ddb |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 20542e2add024a709fff9646b6b87030 |
| SHA1 | 28fab9bd79ceb1af8844bc8cd89189730c3ccb71 |
| SHA256 | dfd530bb3fc18b0f3748a3938659abffa9a68e6f228a2b50fdbe4876b9f51581 |
| SHA512 | b333dd45fd5ec742d5e1d6078532902d052dd06bac24b4c6c6f3aa71bd1de6ba862b3d55c0cbd938f532ccce7188e9fd1d620a7d04be9b01f1a4ee600862165d |
/data/data/com.tiexue.ms/databases/ua.db-journal
| MD5 | 9226b12fa17aa37e28cba3d50da719fe |
| SHA1 | 0b2038a4bbf615cd72ddaa6045b4769b68678e38 |
| SHA256 | d8594f4ee6817b4852016eb58ac137d4bf8d1db7460a3d4c490cbebaf2a50e8b |
| SHA512 | 3efc0cccb62f015ebb09f96e4be4972e69ab5afb68509ee68c82c1ba7bb950c3a1bd9ad93f362e5f9ecc3d806a62927f2791d2856ae123a2067d47f9057bc0d5 |
/data/data/com.tiexue.ms/databases/ua.db
| MD5 | a2c8ea957c4597e5db4c0a0d8e0c5ed9 |
| SHA1 | 60e20b2855a3cf0725332849c7717c6d98875e1e |
| SHA256 | c821fbe5f760f9087a3e1618936eab77433afb71558cffc0624ba2999bb33866 |
| SHA512 | 780de46a7729ff1aad53afb51388c1cea55a8bb2f8a9de6e76c979c4bae0f9d58c83e772c443a2cb8b8e507a9aa399f0ad1400bcdcdb916d17f6c73061172b36 |
/data/data/com.tiexue.ms/databases/ua.db-wal
| MD5 | c41cdc73d8fa7ab09ecc62668e8f49be |
| SHA1 | a4785ca2a6cecdbd266e87087ea9699506d0c258 |
| SHA256 | 60e4cdaef9de343d218d7c95fb489333fd6dd4454af743780af8ed2ffb48a87a |
| SHA512 | 13033188d227360da296f40a0af75c47a9f03ffeb45611ae688c7e5d7b012abc4cec2b018d06f9f2b525294fe80637a4a7bbf76b58e3d1d73b78e9416975a6a4 |
/data/data/com.tiexue.ms/databases/ua.db-wal
| MD5 | 4e5b9062f0fed661fc2a26d8391c39d3 |
| SHA1 | c85ed6fce99dba2732d9142a63ff406ea27d75bb |
| SHA256 | d49a0d91ec4fa151ea84854e9d179378623c377e8509eda4a15517a1d05150d3 |
| SHA512 | cf679ccd0bb535d3cb39dc762fb4751b4b2ea5a8ea11c7de64afdc290f026b36e22a1dd814322c705ccc3c7ea49e12b7dd0a0fdbd66d812a6874597638da896f |
/data/data/com.tiexue.ms/databases/ua.db
| MD5 | 1880e83b948aae158647d42a9925c69a |
| SHA1 | 50f893bd302585e29eb00d00544b1822d95b18c7 |
| SHA256 | d0545fbbda5b7bca6b5ecd12c9389e46adfb6ab6f4100c2c877325350eaa150c |
| SHA512 | 7ed1276b176b83abc549eb7df24f60b2854c3258d89142216015d3b943c2d60b58dcaa4f8a08f4b5d6060c11f07d882fa7117c55ede7ddd1c99e2eb88106683e |
/data/data/com.tiexue.ms/databases/ua.db-wal
| MD5 | a048f20c1b37d335f9ca9700c0ad964a |
| SHA1 | 22e4ea4c4e24de0cee71fdd844b74467e40e2ba1 |
| SHA256 | b1c7e519c70c1e2432a7c47164c73d8441609010bd42a9c85c1484b2fc9a7af7 |
| SHA512 | 97885cdf85aeaa24212e5db10b184c766d14b75f355ae8cb76312561f19005282c00e4ca4aff62e07771de522a13fc96d27505ef403c059353ef41bb781ac1e8 |
/data/data/com.tiexue.ms/databases/ua.db
| MD5 | f3ae3b23c9af0e3cdf8588518e4ff2df |
| SHA1 | e2458999ca139bf4b8ff25579e6848e689f35605 |
| SHA256 | 687c06e94e1adf3fcb68747360f32160293991ba173345093c1960a5afe9d323 |
| SHA512 | d519f7b6c42f9ddc9bdd6354f8098bf79de26a256fd107f97b93d07bf50cd73b76bd5f527e58836a0a0df32dbcb2c7d2d9f3423044df3acfc077cd030f308b5c |
/data/data/com.tiexue.ms/databases/tiexueDB-journal
| MD5 | 9b54ab94addd45c0d0026636efc13ab9 |
| SHA1 | 62d57420c334bf911c62783205492886a5e213b3 |
| SHA256 | 436e23c6cfdaeaed48e450f05549eb8953935d485230a801ef41cb89e4acd5c5 |
| SHA512 | 81f57bc6aec58ebcc7cb404dfc4bca5cc12a1e47a6b253bc652996ddfaa9dc369e4970d8ed5955dd38ea3b85d069f3f2eb3c04a86209e6954a22e9babe24d2e8 |
/data/data/com.tiexue.ms/databases/tiexueDB
| MD5 | 182e45248c8fbd0d3a29d8556bf70d12 |
| SHA1 | c7edbcd068cc019a2233113db28c37b0cdef2e94 |
| SHA256 | 0ebcd3f9b33232251735e337cfc4905a0df7a164ee6c6130f31031da5b77d03c |
| SHA512 | 87394d81727ae9bd7a855388e40483bb86d4ab968ebc4c511ae52e781c0b0ad0370244b190495a1d4481ae21b6c9373aa34b0c9e7cbf6177a4b5216c33c5456d |
/data/data/com.tiexue.ms/databases/tiexueDB-wal
| MD5 | e502c38ffff82b139e05ecf3ad12af22 |
| SHA1 | d9f82dce0f39a00055e74b092bbe2f3c3abf7892 |
| SHA256 | c4a9f3eaa0e92e6de824def50b7a50893a0c2af771f3c4191578dbb402c83787 |
| SHA512 | aece03ed9f06f9d337aec7fe2660b1a4f630218f872ddd96d098fc535950d758a71d82782124a6c78589d2eefc9c81aa89167b48c7b6359f6f2e1553e80fa851 |
/data/data/com.tiexue.ms/files/umeng_it.cache
| MD5 | cf0051b78e2d79afab8705bf07e8721e |
| SHA1 | 1ed9c489d40c2cb107c972b46156f75b7f6d76e1 |
| SHA256 | 3f39c5cbbbfa457860662648db940a46f0ab6f3915f9366db8e586b2eca496ce |
| SHA512 | b962005dd81e8bf2dcd717b7cd957f42a5a7a5e3af86113aec8687dbcf3187b880969f6a8d6411a9a3a00bdd37acd1d31e31bd2587d728e2dac7568e8fd52814 |
/data/data/com.tiexue.ms/files/.umeng/exchangeIdentity.json
| MD5 | ff3c6344977d4fdec4aafadcade9ad87 |
| SHA1 | bf85102be48c6b967d6830f6255790c86867e22d |
| SHA256 | fafc45386d7a1155e1d5500490aa31ef20905b5c40647eb7310e97ad5ae7b3d5 |
| SHA512 | c4a18c35b81efd7d2b47f6e0c3e5f5358fb149ad4ba8cc7a9cf86e1958d1d1f0ed0c157cfe9546214dd5607667d96876ae1fa552ef4f7fff3eaf932a8e494b40 |
/data/data/com.tiexue.ms/files/exid.dat
| MD5 | 76ccc05ba8b4e0c074caa0c2220ce8fa |
| SHA1 | d76e58b85c134273199ed9ed7cd9a94b77a4a0ac |
| SHA256 | 354cc18fea6a511bd9ca5b8bf844c4e2def8d0380a35feb8fa9731b95244633a |
| SHA512 | e4a94a8150f11484eb17641d2e31aae39d02292aad445d91bb5798224ffa8d7ff6c08110507b3ba059e43d1b5e2e0dd5d1445b9f5f3a88009302f08ad611a2b1 |
/data/data/com.tiexue.ms/files/.envelope/t==8.0.2&&2.3.0_1715966343632_envelope.log
| MD5 | 24dd1f803067d642d0681e27ff86de38 |
| SHA1 | 6f119b73629d56ed9970b6e632102651d8afe5d9 |
| SHA256 | 9f418f051ea3b6907f5f883d31471c9279aa80cbf42c9f4b596aafa1b79501e7 |
| SHA512 | 13b8a7ee45149a209a8149311bb3f349c37f8b45f9f1c780bc767355a23bb1ab0244f3f09d5369bf8b81a449207c139016f0d73564072b9d6c2413e202b42417 |
/data/data/com.tiexue.ms/databases/ua.db-wal
| MD5 | e6ed358b4ebb8ac7aa3f72b27168fcfa |
| SHA1 | a2ade0f5dd7120bdd3e83af609026c7129f0ffe3 |
| SHA256 | 2fca90d5795fd761e95c1b7df06d8d4d35db10314ffb1fbe36f58ca2ce8b38dc |
| SHA512 | bb7c0714ca32b3c81c4689901e7cf2119596b417048a2406f37e78895f6beaf02565341cfeb7580fd0991bfbb286ca727690502b06f1c7a5f25727a738bd528f |
/data/data/com.tiexue.ms/databases/ua.db
| MD5 | 589e6caedc855e00760d048726bb3879 |
| SHA1 | 21f7b297354fba5112833f8c859abeae9495a39f |
| SHA256 | 7c149911f9d84129179771b5b7e09fd94b8c34f33606e268ec551deac9fd8275 |
| SHA512 | 6483e960ddcc4fef1754fb17d9dd04f7c652df528b99a1f27fca02dfe0d6b74a223d512b7ba35e7b9e1d863acb4bfcf112f75679a17e75eab00a6607d8ef7286 |
/data/data/com.tiexue.ms/databases/ua.db-wal
| MD5 | acd75c0c37d4e58bd2533dfcad102613 |
| SHA1 | d9004c49f68b9da945f190a0a415a5193a93eb87 |
| SHA256 | 9c1e98494a7f6697c78d38a566b16beaacb8d036dd745724829643113b83b6c7 |
| SHA512 | 2b313a5af66c3c20d8fb4fe67fcbbfd57edc893a46eb66c967f6e31ef91c33d1a263a886e3d4eeb57dc2d50011e17b5815b617dce5956a6bc754e1703b3f538f |
/data/data/com.tiexue.ms/databases/ua.db
| MD5 | 46c84a8201da77545e28578836bd5085 |
| SHA1 | 854e0c4e9b4300798fab79444364e8b10a9ba1a4 |
| SHA256 | 454937335a86a2ffc8640b5fc66e1ffe5617f209b5c44bd5e5930cb99b2d4d01 |
| SHA512 | 63716d88eb84d051ccf390c46e73fd159a697a61c55718749a385db83cb526c8ed6824fc967a07c6072fd8f81856c28bb21db46f3bb9f17beba44952765f7187 |
/data/data/com.tiexue.ms/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1OTY2MzY5OTMx
| MD5 | c516dbc9319411b9f7e4940cc2199070 |
| SHA1 | 9ad45d77f2a17796946938b2d610a0d6bb010dbc |
| SHA256 | 41943d3cb456cb144f92418ab278e76aec6beabbe0f3231e13c5bb69f47fc00d |
| SHA512 | 528d1849237a99debf0668d72e57f02b30ce3691ec0711797879bc26514d653ac5ab6118993bcd6d2818e332b7cd6b51fbdd48cbd28f1770a8e444a03a6f7360 |
/data/data/com.tiexue.ms/files/.envelope/i==1.2.0&&2.3.0_1715966370987_envelope.log
| MD5 | 318adfbad676891cee0b16a381ff753e |
| SHA1 | 0dc93c4158eb4e2a6048da9f0ebe53f9f4be4f38 |
| SHA256 | 15ed3df9d759361f83577f760b7c2d94df62397e343ea63871e263a983a80762 |
| SHA512 | 93e65ebe190beeddb122a821305443da4a6a7da7775bf7e77ea9b2cae1fae368738894e14b420ec7d84af06ec70018321becf1ee85a2c9ad02fa631ca229e25a |
/data/data/com.tiexue.ms/files/.jglogs/.jg.ac
| MD5 | 260f5a09d1b5664d0045960282089e93 |
| SHA1 | ff398b2b564e5fcc2556dc637d94308b3498a074 |
| SHA256 | 5a6cd6a569b4a371df151de46b9949876361510ae31b9819bf7a0d843c4bfd8e |
| SHA512 | 80f8ece592a07933b6ded4a7c8747ed1a67210368910e4846129c7e18cd7fb9dd2f8edaa26ea455f3976e97ccbb7d61e745f875479c5ab7141df567a8fd32a09 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-17 17:18
Reported
2024-05-17 17:21
Platform
android-x64-20240514-en
Max time kernel
159s
Max time network
181s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/xbin/su | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/bin/su | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.tiexue.ms/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.tiexue.ms/.jiagu/classes.dex!classes2.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.tiexue.ms
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.74:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| CN | 203.107.1.97:443 | tcp | |
| US | 1.1.1.1:53 | log.umsns.com | udp |
| CN | 59.82.29.162:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | sec.umeng.com | udp |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 203.119.169.175:443 | sec.umeng.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.junpinzhi.cn | udp |
| US | 1.1.1.1:53 | android.api.tiexue.net | udp |
| US | 1.1.1.1:53 | ulogs.umeng.com | udp |
| CN | 223.109.148.177:443 | ulogs.umeng.com | tcp |
| CN | 203.119.169.175:443 | sec.umeng.com | tcp |
| CN | 203.107.1.100:443 | tcp | |
| US | 1.1.1.1:53 | ez4q2.cn | udp |
| CN | 112.65.70.244:80 | ez4q2.cn | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | httpdns-sc.aliyuncs.com | udp |
| CN | 203.107.1.100:443 | httpdns-sc.aliyuncs.com | tcp |
| CN | 59.82.29.163:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.73:443 | plbslog.umeng.com | tcp |
| CN | 223.109.148.130:443 | ulogs.umeng.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 172.217.169.10:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| CN | 203.119.169.175:443 | sec.umeng.com | tcp |
| CN | 203.107.1.97:443 | httpdns-sc.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| CN | 59.82.29.248:443 | log.umsns.com | tcp |
| CN | 223.109.148.179:443 | ulogs.umeng.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 59.82.29.249:443 | log.umsns.com | tcp |
| CN | 223.109.148.141:443 | ulogs.umeng.com | tcp |
| CN | 59.82.31.154:443 | log.umsns.com | tcp |
| CN | 223.109.148.178:443 | ulogs.umeng.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 59.82.31.160:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | s.appjiagu.com | udp |
| US | 104.192.110.60:80 | s.appjiagu.com | tcp |
| CN | 223.109.148.176:443 | ulogs.umeng.com | tcp |
Files
/data/data/com.tiexue.ms/.jiagu/libjiagu.so
| MD5 | 07e17870c523237a6fc7d65ab7407f8a |
| SHA1 | ce8bf3e219791243a14f55ae497a381038f22b07 |
| SHA256 | 93250202db3277c9d9874c82f93fd9257da32ef8529a5fe64a384dfdb1ecd0cc |
| SHA512 | 3ab015eca0c6f5adbb086d0125e3825152b816fb91626fbbe68c318200fe336e5f15d44f4e71fe818e61626519f9cb8182a3c5ed62add3447e0e7112cb3bc73f |
/data/data/com.tiexue.ms/.jiagu/classes.dex
| MD5 | cde1063807e0f849c8c21e62dea0c9d6 |
| SHA1 | 87194a340b722983eea2705743d13807ff582d13 |
| SHA256 | 3ebda0c8dba66247b319d4567171c3181767d68435e332f7e7338f9418b434de |
| SHA512 | e44d9da058dc4d1c952d692d1aa0be1ba62763d59f3f05ed053e7b20dc335a75b39b2c3f3ec3f29097e8d2790667b0334ebcc8e88ef9466376b8615118f50793 |
/data/data/com.tiexue.ms/.jiagu/classes.dex!classes2.dex
| MD5 | ffd2c8ebfceaf3422cf1c163645be4fc |
| SHA1 | 6f7b4ddee1c0350724795b932ed506a04e7b73c9 |
| SHA256 | bb56bc9265d02fa1d27051ed8b54acd5eab895534757eca50a412fc4a83bec5b |
| SHA512 | 4e69c39a4684ebb12675d3cbb4fd2f6bc0a05ca6e92067605ca37c4fdd7960c3621b122d567caeec2d5045c7ee409a86cb5a2fc41486477d447c02efb6f272a7 |
/data/data/com.tiexue.ms/files/.jglogs/.jg.ri
| MD5 | 403bf3acea22208869b7bb453b1ab7d3 |
| SHA1 | 301f7c07f97ac5d72eb9e72ffa401580c192f012 |
| SHA256 | 0837b429df29875dce2554b0d121f5f489713f57df5cc884ddf7938dba380bb5 |
| SHA512 | 45ea73bc158dd18e1e41dc28ef56be7e7e04fdcac3b9fa54b81b10110709e3e1886a1ef9c3dbb8629839c60cb53f3135679341595af69ab5dbb446f1e538b3ce |
/data/data/com.tiexue.ms/files/.jglogs/.jg.ri
| MD5 | 7d47efd8d947c42d6466614fed6ee7d7 |
| SHA1 | 153615f80206a580d31f3a4e596e90573daf767e |
| SHA256 | 37d8a63db6df07c75ce96a8c61b4897b755a660dc64d93ec7aa0853b18d42f51 |
| SHA512 | b667153918c8160f19902e15fd48f9044ad42974686eda057831d2b2522cb2f5a2818ab88fe1c2903cc7d1d3e14203a80f29fa0979c2415338ad5f055eb47d59 |
/data/data/com.tiexue.ms/files/.jiagu.lock
| MD5 | 66cf10f1c9b6ef0a34f88d4045078203 |
| SHA1 | c52d950389d85fd3a7ef14c895ed4b4822845ffd |
| SHA256 | 39c0b5042252747d43fc8a142d825b8e00d7e00db0bd97d82b7f0880f3bb4991 |
| SHA512 | 0b1254bf72aec4c7d193c5a11f0bc54a9a4c9ce0ef8f40a478c03f7e6fe8673c9d72c6536cd16bbd84517f3adce30bea70c8fda9465f4b73a6cba093166a8d84 |
/data/data/com.tiexue.ms/files/.jglogs/.jg.rd
| MD5 | 6c0f45448f2d3fcbb64884a85b1999c6 |
| SHA1 | 747ab06fd0789696341ddbd97873a497b07db8a9 |
| SHA256 | bcb11bc5342abbcecd55d8b46fdfd9c7291fd2eb2300e6541cec5f10633897ce |
| SHA512 | 85d508472374a603dcb5f1130e7e8f453a9dabacbc2e1aaa4ef1c380f5f650d6c0cea401cfc649fc1b8c788bb07975e0abde549fdb1344eb3da0d9a515e95926 |
/data/data/com.tiexue.ms/files/.jglogs/.jg.store.report_pid
| MD5 | a19ccc2f1150578350ec2b78339af599 |
| SHA1 | 7a1536aadf432da5ad924fd774ec9a8e5ed910f5 |
| SHA256 | 681695e90a96732c5efbcd997108d66066adbbefa7a56cdd61f6e604fe87c84e |
| SHA512 | ad88dbf2b348dfc6d25c6a3f15e5b717431243c5b0a63dd227f0b02a68403d11bf1e7abc6e91b24af8990440a5d6a0180e192a77afc99ac1830ecf0fae87fa4d |
/data/data/com.tiexue.ms/databases/MessageStore.db-journal
| MD5 | b82ebf6d56506dfa3b2444a1712631ce |
| SHA1 | 6f799398c991bec5bc50c5ff4bee5bad963c80fb |
| SHA256 | ef82108a187f5073c90e98171f555f98c2c08a49c5c99329823baa35f9e489fe |
| SHA512 | 26892f1893480fa79dd7b34ac14971df8ef985e75b6c80204f3dc92650330fda0c579e103c38e4e9290f69e227ea0cdc80a40739c4f7f6d4cc50aaa8e196f977 |
/data/data/com.tiexue.ms/databases/MessageStore.db
| MD5 | 15669eb47bb19111cb64fa7508b227d7 |
| SHA1 | c7585424afeb0fc7051697b771eb3d81e0e3aae3 |
| SHA256 | ecb0e8c93a782292a1dfe20a90e204d1c1c804e2773f1831c9ca34826aa62071 |
| SHA512 | 13c2cb45912090ba0b670b36050eab5954e22d57b79e141d2236035dc1ea2000960d93ebc544fc4dee48765335a3d52baeb5d31c8a40407224c624fffebbc11b |
/data/data/com.tiexue.ms/databases/MessageStore.db-journal
| MD5 | 6e4eaef0bb70d0f10eede1a987278026 |
| SHA1 | 995eb00bdde6fec8bea5659681ea4b2caf40d83c |
| SHA256 | 48e3bea83da753333117e8abfa905fe4ae735f9a39e879ae59b18f87f8677896 |
| SHA512 | 4ccb7a3758758c687438c22ebf47130b239f5362b7801898b9966eb09b215b2c27bbf3b21028fd9b8d86883458564ee1cac89afa0ddb379d240497b5a1e72220 |
/data/data/com.tiexue.ms/databases/MessageStore.db-journal
| MD5 | 745abd0b6c04e22b271552b20c7d7e89 |
| SHA1 | c1fd4a9d59b18b872b09fff85e4e723c2f6ea64e |
| SHA256 | bafc0422455c91903e05d92715d17fc5d93915df8b40ba220a2575c368e410e5 |
| SHA512 | bbabf6676c697b8db55030dc5d0859d12ffadfd31ba6719406694e325831ac43ef5edc3d8372bf17e1b8b9d2667cda4a6c4e3fa5aeae27d7d9ab202ade431c37 |
/data/data/com.tiexue.ms/files/.jglogs/.jg.ac
| MD5 | 9c0f48a9d9eef8200c36ac5559f31f2d |
| SHA1 | e34c6ac5aebaf5ea1f985aea010bb73bc3241d3b |
| SHA256 | 6d219b405efa980ebaa7b6233ecf9abb02045cfc4a896b3c76bfa034f4c97458 |
| SHA512 | 060515282e06bf6f5abb1df178e11ec02dd9a371ecab5fa194c305d4e5436732311696d70f38e25e16acdd46c212099e41f59c81ccada555a5fd5523c21896af |
/data/data/com.tiexue.ms/files/.jglogs/.jg.ic
| MD5 | 8e32e6f18f323380c17c57a139bb11de |
| SHA1 | 0999ef34e91363b0fb81b5266103bcf50096b40a |
| SHA256 | 3b4af64bfd8377ff9273774955802e1da6b470314dff500952cce4d42c913357 |
| SHA512 | 8e2d08a6781f9e9bd5f2f94ccd270a8004340f0ce9d9305e5d02555a9937a6238351e425c5e8f1ad80173fd773190cd90228f0ee4579ab4842e4712d7b3bd3cb |
/data/data/com.tiexue.ms/databases/MsgLogStore.db-journal
| MD5 | adc950e4f239b5192aa219a48c963225 |
| SHA1 | 684c499c184dc62827459749e2e19742460a75b3 |
| SHA256 | 533bdfb16c0a73bceecd5ff8861a764ea5ab595c380e1a0e69a6238b87fc47e8 |
| SHA512 | 3a147983ad460b922748b8cc744a1ed4c7892787eb5532ebbfb51a08b6fd8b0d563ae81e24a9a9d40784a8430d295e0ee18c6f3cba5dfca710db3b160c2f30ee |
/data/data/com.tiexue.ms/databases/MsgLogStore.db
| MD5 | 9cec591e3ef91ae568f4cb6e7c2a8745 |
| SHA1 | ccf756b6b465ad9ad7ff6bfbeb4e8345ba3f6ff7 |
| SHA256 | 05be88f05e9bfd4d6496caab584a704e7956fb87036529a0c8028f1e2bda309c |
| SHA512 | f824b3268338787275c184bb740d152d53c1d8e57a044f587530735ef04d021a2671cc2aebb17ae3b497a0ad171060da484a565bfa62d32ed334ae5ffb538f51 |
/data/data/com.tiexue.ms/databases/MsgLogStore.db-journal
| MD5 | 9a0747c4c44e97b2670cf35684efc01b |
| SHA1 | 0137abd0fc9e39d68d66bfd233991eb10cbb37fc |
| SHA256 | a0947a7d184753cbfd92a6e1df0e49f32cadec39e103267596c131b511b596c4 |
| SHA512 | 2aebb78acac13fc8ab05bcb871a3f673b5d38f72b90b1865a72bc619e8e5198fa487b80f911593195977097fae6bf42f7a2beeecd9f271d8f8023e0dbec77ba7 |
/data/data/com.tiexue.ms/databases/MsgLogStore.db-journal
| MD5 | 1d16835f44b1e887f490385f0cb98e11 |
| SHA1 | a8c41f410fd1da3dbdc0b7bf01bba09db581d8a6 |
| SHA256 | bc7081c9f9db9464edad7f500534c974ecc627894a4391e4b4b92b5db24ebc88 |
| SHA512 | 16dd5d7a6ef9e1b700ca30f67e6725a555a23eea98c4a06de4ff46ccb3bc53c7f68ccdb11ffa2ae8e5f923a35083c9bf99748ac38350bfb6306553729c310819 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 05b792fbec5983ec84dfe3c30346256c |
| SHA1 | 27238afb15fa7eef9c2a6e51a56259c9f50ffbf3 |
| SHA256 | df718366dd9f2f444eed8be956d0c81810924d71dee269b5dd688510ebc8afea |
| SHA512 | e441747440dd1ff9a408b23b26a0220b06d688db999549bb0d9c0d763da0f11f59327bfe542922241cccb4cf2e2ac858ffc2bb899eb66e591880cc5433455c4f |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 693fe4dc0ad53ab27e7d57f943217cee |
| SHA1 | b642e2250c41f490bd2ec34bfac3fc46571d94d0 |
| SHA256 | 3bcd5c700c46fa26c18319537fcbf482c83831d052c76810002408340d8e2e25 |
| SHA512 | 69212c313c5c04c6cf18f658555c46281b845c792c3c09ac859085fba9a94002c472c1ae68915397eb081f84d7b2972fed2905d6faef23ec5260f82baa2bda10 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | af0e1f84360d2255c13389ffb56c6ffa |
| SHA1 | 6c38fb005d3de7831da5196ee17574813954129d |
| SHA256 | 7f13129dedac98637e842132d6f1b7ac436f0e400c434fa20341f8bfd86f221c |
| SHA512 | d1322c39c6a282f22533c8837db0bc48d21379c50baabb248a57d8f5dc1cbcda65bdc146216e33590e2907da4b2b83b3e4ac716db9b08d752098d29d9dd6a7d8 |
/data/data/com.tiexue.ms/app_06851326-179e-4f06-8472-d5e78a1ab259/be7b7b05-7ca6-433e-b4b8-e26585aa3a9b
| MD5 | e9e852b12e2eab2f29e9c441a4402611 |
| SHA1 | 9f85be6758ca0990748e7f3758dc6d69606a753a |
| SHA256 | d36c838246ea232a0b978b491719b8b77b97e7e3507e08db2198d1603b596569 |
| SHA512 | e8020b9d4bca8955c8d5ff7afbef4861deedc976c1e8e0178d30fe8782c929965bbc1512c43fe21fc6a59ca81d4c49a61ae2d1a6f27159bb927e4b9f6db1fe08 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | d4a1ef01e033ebd4c2b72a800d630ef0 |
| SHA1 | 0d6ead907cb96370d9dbaa44727e2b4c83c7b54c |
| SHA256 | 697311a1dd9f566a8811d2169d0a2d91481b28a71942a36319de2b22c805ddb5 |
| SHA512 | 5540cb0f8461fcc8b4a2e14d4aae66b68cd5fcbc7b572eecf36fab29e5aa768cf22d773b2e8a429054fd9352ae1b3105a5ae10a70ad1761c916dcb8e03be8464 |
/data/data/com.tiexue.ms/databases/ua.db-journal
| MD5 | c8c7342315f7a57bbdbefe35e901720a |
| SHA1 | 6565eec9f9f25ae7bbcac29b0a5680d1aff11aaf |
| SHA256 | 323d033ea536257f8fafd99a28a15d9192bdb9f85a4255efcfa83531d31dd5f1 |
| SHA512 | 1c7b624071b751ca34331353c2962b6c5b592e1298ee945d31030cafdfec68366e9475e8911ad978acff5757686c37c978a8fedbc9c01886599856cb9180e822 |
/data/data/com.tiexue.ms/databases/ua.db
| MD5 | a342af56ea950c9380be27c3d7367861 |
| SHA1 | 135ebdd4d3f0bc23534e3d01dea5451924246474 |
| SHA256 | 11a75167d37d8639f826800a09d15d24a5649f2f268acb4fb9ca5af44ea45bd2 |
| SHA512 | a5984169c9c0f5baaf01b4da27cb5db4de4021b296b3d709a5c27548b0dd14e56278338020fb9788a0170c034f61086be8599f8d1c96f46352644885c84bd378 |
/data/data/com.tiexue.ms/databases/ua.db-journal
| MD5 | a45a262088f2537b335aff3058fe9399 |
| SHA1 | 6b774292ec7a0814acbac41ba4a49b723f7eb1a7 |
| SHA256 | 028d19611f3d92931f4dc092aef06013330a045418c8b728d0463d55f36220b1 |
| SHA512 | 91f48273a0b6fe441e72e4fe1e134c51030f169c715094aea1433a577fc31b7bbb827559182bacc0895f53f20a8954ae8f77f3a28dcf6af27de2acfc9f989805 |
/data/data/com.tiexue.ms/databases/ua.db-journal
| MD5 | bb33d1876aaa5492b9c2dca87107543c |
| SHA1 | 88ec031b438a599fcd003e247a8719ce82869f90 |
| SHA256 | b6c80d64c7d864077ed541d1e5dd9b0b78e6605906ca5bb27d5a84615c6a44f0 |
| SHA512 | adbe8855d4a6d0e4b1241104bdb52cf98fe0de999401078411ec90b2702cc38d7b1b423f9dcf81496d015090a79ae6be08fc9cc32dfbd4b4f1e9989c05c51808 |
/data/data/com.tiexue.ms/databases/ua.db-journal
| MD5 | 45052a29b63e599594f597ee9b685d2c |
| SHA1 | 507fa2b2f4c1b2d733638ac871656cf7c7c4ef59 |
| SHA256 | 581286ec7cfff0771c186b0b9006143b2efaf7b2faef0bba0321afedc3ca81f8 |
| SHA512 | cc725e3d1518bd971a3542877e14e566be8c8a6ab79cdb3bb568d827ec71645fddb1842ca007d581bf53e8ab45fb45cf732651b6cff9501533623a4f25c376f5 |
/data/data/com.tiexue.ms/databases/ua.db
| MD5 | 7c4cdcad38c8336460ed4b8237cdce92 |
| SHA1 | 9aac9109f2749d5f0744040af145482792de5b27 |
| SHA256 | 9c64e6ff77dcc6ec6c318b72cd274098011adb50123b2092262dcd8ccdb44cfe |
| SHA512 | fd83be4e4e32e4bbb47e11bf4093460b9c990203fc7deed5826f5d18e9de7a20a8c48e564967b9e4c2d2e7209f53b1fd6e8e78b1dee6f59b9e0bfa181974f9df |
/data/data/com.tiexue.ms/databases/ua.db-journal
| MD5 | 345c4216e74b22a8467c8c39933759be |
| SHA1 | 2425e2e146039dc382bd56030f59d9e7bd8330ea |
| SHA256 | 31ec0f6adfb62b46be714d0d0601a74a8d24e04be217e6cb4a0cde6b034512e1 |
| SHA512 | 1253b3fdbed9a923d02a0baf7a0fd3804a0c61d286d1a1e71c2d59ca7d34cf2c9a8416014a9e790bbf35787f9f6b0a3c83616d38e06640e66faca5a04bf319c2 |
/data/data/com.tiexue.ms/databases/ua.db
| MD5 | 7d675bde6d4885c12efd4b2bd2209321 |
| SHA1 | ef001f7d4c47034b372d5779041e972ba75f40cb |
| SHA256 | f10bfb93607e4cfce1d4a2dcb6727e45a8ec651ae3d44b6b57d6d4410c5604f5 |
| SHA512 | c08e01604a10b243ee3c309e847b0d84b4ce3192faf0dd7ad46a2e7a89f3baace6e95f26288c138243b23f6959aa54b1f6a3fc8ed43baa5516b78c898a4b0dc1 |
/data/data/com.tiexue.ms/databases/tiexueDB-journal
| MD5 | 605fc394cd9e6d159365d0c4ccf09b3e |
| SHA1 | 6c13d782f4ca987b3bf211d827683fb811238d39 |
| SHA256 | ba008783fe6a28678df602773ad9e8fe6f5ab5ecb86b6c578a702f67334fbbc5 |
| SHA512 | 622d58ab4dfb40be1958509ef86249ba8393ea04e10babf775001555cb04152993bf09caf5572a323363e9e2f01b05096aced8ac219e22eacc22e84aa714f833 |
/data/data/com.tiexue.ms/databases/tiexueDB
| MD5 | c9e0de999c969963952a18cd7887bb16 |
| SHA1 | 458fba7b8212c0f1632d1f4183a27210ce580592 |
| SHA256 | 5301aa7e5c08e053e15b015076b4174d4dbc70a426d0ceaefb146085fb5c7bed |
| SHA512 | 73d87448c4f4aafb320f63349ad5289a227d9db5e5789fdada70629ec46e59776fcf91b69160652da36af0136f8bfc61a08320c9157157264a5f853cbc229dbd |
/data/data/com.tiexue.ms/databases/tiexueDB-journal
| MD5 | 61a4180d66b1c04009d818af24bfd077 |
| SHA1 | a42781411f7c509e336057a2caa3b14b630ede97 |
| SHA256 | 7d8eae991b966712383d5a4c7c84cd7feff9eecaacff1a8e861741997ba2ab2a |
| SHA512 | 42914f7cf3ab90fe2f7e81a003796bb5aa90e35c4098aca43cbdc5f982d09cb1561a3f1e91e05b7d33424553c1c192ab42f146cfc855ee17feb1de9efecb26b6 |
/data/data/com.tiexue.ms/databases/tiexueDB-journal
| MD5 | 969c21487323c5d4fc6e19045cd65c6a |
| SHA1 | 97f791ab6669855b1e5f2f3d2763000f402b3093 |
| SHA256 | 970de904a217463b64ac9ada056cfd0523c1c001575f32292efda9752386e45b |
| SHA512 | 77f9d9efd1679654b1c1867c819d6c752b3e35d45c00ac6dc722863baef54686207a0c4a6a355189dcd9b4c4ffea9c640396bee3626722d8567f81839051dcc8 |
/data/data/com.tiexue.ms/files/umeng_it.cache
| MD5 | 53acfeb3f95f733530bbc6a7bb58c6ff |
| SHA1 | c145da6b4769ae328e20e62c70c11e4d4633659d |
| SHA256 | b53180d4b90226eaa5d6df7d2ca647f6f1fa1ce7a87151807e34d7d1d178dd38 |
| SHA512 | fd8314b240e10db9da8123f6e7d8e9db93f32eccb845292f315e24f965946f6a4090e87553c6bf03e2a8690a9bbe807b3022b442d3de9bcce34485545f21d8ce |
/data/data/com.tiexue.ms/files/.umeng/exchangeIdentity.json
| MD5 | 12880067436e4ad1ba809be9a722b83a |
| SHA1 | 6e2c29eb8d29f1e1aded17972eaa1ec1dbdb0223 |
| SHA256 | 1094a7ae3ec2d5869db3f2715e8db71a4bc3516f350b072313f6d7f8e1f491eb |
| SHA512 | 703be4df248d75dd1d7a6295364f93d0446ac4b85b4a80fa85973d9152546367583406103f771b16e60a6488842de4627a206d1a8104c72015b6fba7bf5e46a1 |
/data/data/com.tiexue.ms/files/exid.dat
| MD5 | 76ccc05ba8b4e0c074caa0c2220ce8fa |
| SHA1 | d76e58b85c134273199ed9ed7cd9a94b77a4a0ac |
| SHA256 | 354cc18fea6a511bd9ca5b8bf844c4e2def8d0380a35feb8fa9731b95244633a |
| SHA512 | e4a94a8150f11484eb17641d2e31aae39d02292aad445d91bb5798224ffa8d7ff6c08110507b3ba059e43d1b5e2e0dd5d1445b9f5f3a88009302f08ad611a2b1 |
/data/data/com.tiexue.ms/files/.envelope/t==8.0.2&&2.3.0_1715966343498_envelope.log
| MD5 | de30d0a67c8fe24965633ec8de1c2144 |
| SHA1 | 5f854eb0b2ba67a7d3a82182168cfd196d257537 |
| SHA256 | cb53b9f8cb4fc83748c2d08765c64569680778819fd58c148b93557412326462 |
| SHA512 | c6e549a0446c23b6a6d1b853e28984ce994fbebee32cf0f273d9f2b93339d65f4bdc2db1f0fc5d7950c30fc1259607933c0a2238bc7700213359b7556cff9f7a |
/data/data/com.tiexue.ms/databases/ua.db-journal
| MD5 | 6ba284c5171ea4d36ef84097f49799e8 |
| SHA1 | c0d026e27f9918b0ba65f4d6a8296ad741946405 |
| SHA256 | 3fdf9373161b6c92f3bef18f00f232a76dd12514b9c09baa11f539bb2bf5e3db |
| SHA512 | 7f46e0ce616ee998e6e10175aefe4578c0f018be326b3bc834e2444170876b7c1293e64850de3bd549b079710def0270f6c05f22b723fbb4151882cccf5b5f26 |
/data/data/com.tiexue.ms/databases/ua.db
| MD5 | 2cc0571b3bf90b13167829416c74791b |
| SHA1 | 6f03c4f1c289b9eaeb0e568164d81a932a465960 |
| SHA256 | cb1bf09a181a532733bf1511dce0ceb43fabb11641a54b92faaecd54c855156a |
| SHA512 | e8a37ac4426f473467d31ce5e1bd63dff421be1a5467a5ea612b82e646e75ffbcb16b3c474c5d267e40e25d3f4b69ed41a3e4f9b86365f379fca1b200cf51e46 |
/data/data/com.tiexue.ms/databases/ua.db
| MD5 | 3c3e618e4983e1c5390e2af8c4fb2c17 |
| SHA1 | 8da835e393c89cc4be98e9a0d96481b894e79b5e |
| SHA256 | 913167b27a9a43d5bdb32844cb4352183f1c1c7afde4dcb34142dcbb6bc923a8 |
| SHA512 | 08b6b515315c9b6c09ad610a0b0dfb08e0242c51df53d6a8633a58e9ad832ec5110dc1551fdff1e2c84c5a22501ee751bba5066acdb0e77907cd8ca47efc69d6 |
/data/data/com.tiexue.ms/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1OTY2MzY5NjE1
| MD5 | 6f576dc1439112c2fe74b823652c0f9c |
| SHA1 | 9d0702f7bbaaa1b8cffec86b033b4c9a6ce97dc1 |
| SHA256 | 49135119c6b6ded7ce1d0b1a4e3f2303bf7ad84be7748c5b9edcaaac67823d5c |
| SHA512 | 160719018f22d7ad80e64e7087b6db349424a43e8c9843a8c2dcb7d0c80ed24e96f1e65ea940446dd2694325550b1652406887c4438ca86f9c469098156103a8 |
/data/data/com.tiexue.ms/files/.envelope/i==1.2.0&&2.3.0_1715966370090_envelope.log
| MD5 | 756f427906c52aef127def4d24dd25cc |
| SHA1 | 2a4659de6669773fbcaaca75da6d2c190f4dbf39 |
| SHA256 | e17bac0a5aa4d019c32ac19e7a29a405aacfbf240f61174237d97d52c454d1fa |
| SHA512 | 5613e218eca953e383543d1ff982ce29c85a500c22d8c57fba648af8c5e60495ffcd761c86d87a7177378769c2ce7ef4f4c2d99551e84b04e982d718133d30a4 |
/data/data/com.tiexue.ms/files/.jglogs/.jg.ac
| MD5 | 260f5a09d1b5664d0045960282089e93 |
| SHA1 | ff398b2b564e5fcc2556dc637d94308b3498a074 |
| SHA256 | 5a6cd6a569b4a371df151de46b9949876361510ae31b9819bf7a0d843c4bfd8e |
| SHA512 | 80f8ece592a07933b6ded4a7c8747ed1a67210368910e4846129c7e18cd7fb9dd2f8edaa26ea455f3976e97ccbb7d61e745f875479c5ab7141df567a8fd32a09 |