Malware Analysis Report

2024-10-19 13:17

Sample ID 240602-xahb8aca63
Target 8f0777fa51f297002fb0a616e5e43edf_JaffaCakes118
SHA256 c5dc5f69df98c947622482c6f427cb947385e0736a3d3892d763fc6108a853e6
Tags
collection discovery evasion impact persistence credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c5dc5f69df98c947622482c6f427cb947385e0736a3d3892d763fc6108a853e6

Threat Level: Likely malicious

The file 8f0777fa51f297002fb0a616e5e43edf_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence credential_access

Checks if the Android device is rooted.

Requests cell location

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current Wi-Fi connection

Checks memory information

Queries information about the current nearby Wi-Fi networks

Checks CPU information

Queries information about running processes on the device

Obtains sensitive information copied to the device clipboard

Loads dropped Dex/Jar

Requests dangerous framework permissions

Checks if the internet connection is available

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 18:39

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 18:38

Reported

2024-06-02 18:42

Platform

android-x86-arm-20240514-en

Max time kernel

80s

Max time network

182s

Command Line

com.zongxueguan.naochanle_android

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes4.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes4.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes4.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.zongxueguan.naochanle_android/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.zongxueguan.naochanle_android

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.zongxueguan.naochanle_android/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.zongxueguan.naochanle_android/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.zongxueguan.naochanle_android:pushcore

com.zongxueguan.naochanle_android:core

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:80 log.umsns.com tcp
US 1.1.1.1:53 api.lishizg.online udp
US 1.1.1.1:53 wanproxy.127.net udp
HK 103.129.255.21:443 wanproxy.127.net tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 59.82.29.162:80 log.umsns.com tcp
US 1.1.1.1:53 lbs.netease.im udp
IE 54.73.57.121:443 lbs.netease.im tcp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 q.tinkerpatch.com udp
US 1.1.1.1:53 plbslog.umeng.com udp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 36.156.202.78:443 plbslog.umeng.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 120.46.84.108:19000 s.jpush.cn udp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
US 1.1.1.1:53 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 59.82.29.163:80 log.umsns.com tcp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 59.82.29.248:80 log.umsns.com tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 59.82.31.154:80 log.umsns.com tcp
CN 59.82.31.160:80 log.umsns.com tcp

Files

/data/data/com.zongxueguan.naochanle_android/.jiagu/libjiagu.so

MD5 610a895c4a71bbeeaea16eddb1422bbf
SHA1 9f919de42ed1e80bfadfef48f8202b202166f869
SHA256 baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217
SHA512 ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

/data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex

MD5 f0cd5bd2022286ce34c3ce4ce82dc629
SHA1 fd304dda0545d8fbf1221266f9049054ed9f4895
SHA256 f4b7c7202afbd6c88c772ef964e636e896736d2af10b1e281a76d190f858ff05
SHA512 0e2905d04e59611fd3bd033af6c0ae1f4c6c392a99c69019445a7e84c6d4de90b62af62dca55b1f57f7ed3f330507e2b21e8865b15369b4028993df29fea22b2

/data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes2.dex

MD5 36ace6020c58cfbc4e5f57438f2a8c63
SHA1 345c013037bfc0da6bde5603643bf9d8b208b301
SHA256 616ce3d84ea7b4424d04ca98f5bcd1b4453b19c768e258d00f7c3a9847932cae
SHA512 493b58c6d93412c614a1d10401a58f8c9b26d67987dfa4b67bd8441d428b315ba40eae4adcd090fa27afe4e19f327c0625e46a490012edb099f2f105c4510090

/data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes3.dex

MD5 d032bdc646cc63c2c6a2a4db02d9a07c
SHA1 59af272d29990751f998998db2493536b3c0fdef
SHA256 8e23a93bc9469594efd7ac506f28991f4089154364168ae4f0b752d7edbade8a
SHA512 06c554f1017be1bc1f75a2b3d72a33188ab4d6f9dd77a0df40e2573944003611aafcc51874aac4465ef3d10c72f2e4244fd7be7fed5ab57e79bade765d5f5794

/data/data/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes4.dex

MD5 6442450755d6ceeb065a34956e06d22f
SHA1 c02ea6834719dda4f0296acf90a3f4dbd272be09
SHA256 e127dd108290cad9d6178f70ebf74aaa4dee1f211fa734db93fa8ddd9fdd4b4b
SHA512 b68b38d4340ec9535a7e5d161bf1fbb9e1dfca65ad43224d89b0bf1be311d5efd945b1e7df257a5656cef57789a98451195f61fb80c85c8238c400ed55be991d

/data/data/com.zongxueguan.naochanle_android/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.zongxueguan.naochanle_android/files/.jglogs/.jg.ri

MD5 ef1b7bf68d290c31426bb73ffca011c6
SHA1 57d5699cae48d2b7a15873f6212f2c08dc53d771
SHA256 dc6c140df650de370fcf1a1072329793366b85352a063fac9cc92b00b2aeeb87
SHA512 6703d349bb7dbc7960b5b721d1080ccedb997277d14e4ce07c7188c17354632fdac2fe25079e2e305bdfef936c3e812f6fd3d0ae9b2352f707b160b63b175081

/data/data/com.zongxueguan.naochanle_android/files/.jglogs/.jg.store.report_cf

MD5 25a0f3995cdfd2364fe0552d6a9255f8
SHA1 86f5e34f6d3655e757f9e6df19dccc7705039bca
SHA256 cdb5043d53c97753e2f1177dabea6c662447d9de9e127f642e6755803b78c82d
SHA512 dde0c5f79f31d98ed8c38b9a5fa7a0c8ad5656acc2990e6f1b03ae02d38818006fdd8fe9faf6595b05dcf5f9d2c9817a7df08825e8387dfc12878d2f626eb1d0

/data/data/com.zongxueguan.naochanle_android/files/.jglogs/.jg.store.report_pid

MD5 309e86d7037fd16a8817721868aa2bfa
SHA1 b687a24e54e907a5854de46e24ff00167dab0ed8
SHA256 e1353e8366260760ec427718a27ac80906b64613f556522976e2037342bf4e22
SHA512 be6aa251ef30eddd7ffca2632e9c6db3a1464b398d8dae12350945944bfc40239e9842641c9cd2efbea4b96b0ebb03f63609f2ece4ad3e701a596879740db741

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 6a8479e8dfca7d3a358c074d4337a365
SHA1 49ac1ed8702b1232c0ffe894b906fa8df8cc89c7
SHA256 019fcfefebf70c88f9237882c05dfd4fb7ef4f46755ac38429bea7e240784b0d
SHA512 ef9de30363b1a14483a8088c9b690babbdec8e2a0c37670d317d04a4173f6b755cd16e5a2e3d7845158fb0d64dc104c3ce018b8f09cc5ee235fa476ba4c1760f

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 8dfd1f56b03c5257c1c91e72378d543e
SHA1 f76565bda4a56824cf751ebde5c00e46899f93e5
SHA256 96147644330fcf76b7fe3a4d629583b2e38de5c1115a66c92233d98f125a0ae6
SHA512 c664195b91bf153766fa49043b300094383f00642215d4158aac0822937daffb211d981d673358630ec9363a0eb5779e2a644b77e62e6e3e8ae989dc9e2e62a4

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 5297153f27100669a6d617eaf059836d
SHA1 4cf42dd8a86de806f8f63e277e108517d830b576
SHA256 54967fddcb94520d53c0d82bef4f3c4d72c5057ed12e76fc606f2e0e99e8dcb8
SHA512 ff652ef2287b4b8efac353e6a9ef64334b41d5bf2407af82f6ac436b9b098a48e99403663aa617a0cc64bed94cb1ee3fbb13ff9af79e94ee4c0a0c6e738f7fca

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 7040d13353f8ffe1f52315f25484df10
SHA1 1ac1369816e356210c03fae7482b1aeee36be1f0
SHA256 d87efd1e0004d824eea00d9e0723745a62d7d87eaa7d5160ce37632b6b36b206
SHA512 a4014df26beca4a49feb90b2d6feaab7e2c2eceb67daf448891cec9c109166f648b548ebaf7d8d4824b69ff719e2daabf4b9d46628e7de4897570c82351803ac

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 aa1f4e0a90efa7a66d1527d730e2e790
SHA1 b5e79e3770c152397563ff6c0bfb8671755c58dc
SHA256 600d0c57a34b02b715c818f8b9d47ce7119e9dcbb17647ea96b998054978c0d2
SHA512 a4ad44f39836e75d12c588b5e637c5054161847f72380ef74dcb84d22dee430c720068d6a48bb527296a9f77ab536c5b4aceeac192ec422a29625526dd54eb49

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 fb0177fd85eadd6ce89ff09b3dfd1c6b
SHA1 25dcd0a075e4e381d46d7005944c8db9817cb830
SHA256 fc2cc7d0942650b59fcaf665404dedc730d039ff78293e93cc59b9dda6e9d03e
SHA512 1dd03f46982c642eb58e60511416be41cfce44888e671d7209bf1cd54593fa14aa60981ec3d75f473ed7d2f39889f2cc04d311fbad52273d79e88f3810fa7acd

/storage/emulated/0/com.zongxueguan.naochanle_android/log/demo_20240602.log

MD5 9f282669c6e7468a989bfcde26077779
SHA1 7eb5ac0c6a1270d2c03fbd3799a4f7a769f9e76f
SHA256 41a39be58cdbbf8dd29d0f2ec27314f310679dde168a789f4c415f615d0d2746
SHA512 a1107c938dea49c414aa16a77aee22bcac759c0719fc2ff32f91693e89a86ad8d33cf7a92dc27aadad6529bb6670061deb5ebbd5dd0f05a0523e858eea736a19

/storage/emulated/0/com.zongxueguan.naochanle_android/log/demo_20240602.log

MD5 23c91d3d090ea40ab522f6296d9fe527
SHA1 d52f83df020cacbb3ba9bbb2c83cf9a3acb8823a
SHA256 d2d67fd8aa704cc6ad97ad7a423551ef06cdcd944d7ef1eec781853511a14c82
SHA512 6d4b30061df02715142490ce9a5e5bc02605f57566035c5f3a090ce730489f2f9886435b2ad9994dc91debc6c0a79769d5f33f99fc787c980ef98de3f62a84a3

/data/data/com.zongxueguan.naochanle_android/tinker_server/0f751a5a5fdc5dd9_version.info

MD5 5df841e5901ace0a5332e46df239dbdd
SHA1 11f31fd6f98cd837f2201000472acb0107facabc
SHA256 380b7185e9671402423c8b34d05c7493f1ca60058869383fd2c413e6430b0b50
SHA512 84f973fa9fff23321e7a7d004b27dbe1d45201cfe0fc550f5086640883d5a8e536ce6e7d4a7b6cecbccf47b38979d0f1c1f24f020b45b8f105451ba83f6ec46c

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 d0ea0f61c216a82bad03152e185a00dd
SHA1 21e236ba52bda42f54965a4ec665624c8ab916f7
SHA256 a8d959e11d0f9c19a238873f85cd11041df9b08841808c6a2a0ed00280096c0a
SHA512 6748034c4cb0a6b883c328eb944c924f1a5d533e88ce2bf3de0251c4fdeebd39c87f626a33993d225f623328bab7544f0e43dd5f2a2e6275eae044ed2fcead19

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 26f9c81816b3aff7db827eb48ce7ab40
SHA1 4818f5533350e0cab029bbb0da0e24c09445e4aa
SHA256 09ee8069f117a7304f2760eef390c77c718d4ab6a65d0e220d802b87c06ab1e2
SHA512 6f45fcc9b67b15e044598e4ae6c4d6230433f26ce51c9025d413f435ba60e0197dc1d88f591fbdbd0aa0cafe936ed3d1c5fe001c541e79408076ac8ab11bc298

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 ebcde6b689a7ba9cd42f64b1aec1915b
SHA1 00c51dbeb2ada1bbe6b1b6fa95ee9f0ef5c7e4d6
SHA256 e832e45d8dc85512b96b0a47d8087e877be3253bea1f17e6a33e36a9a5e95531
SHA512 2278750ceb5a40a93d792eb920fbcfcb3d2b45e0c5af910f49384609e89593217e09265ddf1d68c8927f730ddb5bbcb27b3336eea60d78403d7f1ef5aa483ff9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 18:38

Reported

2024-06-02 18:42

Platform

android-x64-arm64-20240514-en

Max time kernel

116s

Max time network

187s

Command Line

com.zongxueguan.naochanle_android

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes4.dex N/A N/A
N/A /data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes4.dex N/A N/A
N/A /data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes4.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.zongxueguan.naochanle_android

com.zongxueguan.naochanle_android:pushcore

com.zongxueguan.naochanle_android:core

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:80 log.umsns.com tcp
US 1.1.1.1:53 api.lishizg.online udp
US 1.1.1.1:53 wanproxy.127.net udp
HK 103.129.255.21:443 wanproxy.127.net tcp
CN 182.92.204.122:443 api.lishizg.online tcp
CN 182.92.204.122:443 api.lishizg.online tcp
CN 182.92.204.122:443 api.lishizg.online tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.196:443 www.google.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.68:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 182.92.204.122:443 api.lishizg.online tcp
CN 182.92.204.122:443 api.lishizg.online tcp
US 1.1.1.1:53 q.tinkerpatch.com udp
US 1.1.1.1:53 lbs.netease.im udp
IE 54.73.57.121:443 lbs.netease.im tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 123.60.89.60:19000 s.jpush.cn udp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
CN 182.92.204.122:443 api.lishizg.online tcp
CN 182.92.204.122:443 api.lishizg.online tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.92.77.21:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 124.71.170.130:19000 easytomessage.com udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 59.82.29.163:80 log.umsns.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 59.82.29.248:80 log.umsns.com tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
US 1.1.1.1:53 ebjvu.cn udp
CN 112.65.70.244:80 ebjvu.cn tcp
GB 142.250.187.206:443 tcp
GB 216.58.201.98:443 tcp
CN 59.82.29.249:80 log.umsns.com tcp
GB 216.58.212.196:443 www.google.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 59.82.112.112:80 log.umsns.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 59.82.31.160:80 log.umsns.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp

Files

/data/user/0/com.zongxueguan.naochanle_android/.jiagu/libjiagu.so

MD5 610a895c4a71bbeeaea16eddb1422bbf
SHA1 9f919de42ed1e80bfadfef48f8202b202166f869
SHA256 baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217
SHA512 ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

/data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex

MD5 f0cd5bd2022286ce34c3ce4ce82dc629
SHA1 fd304dda0545d8fbf1221266f9049054ed9f4895
SHA256 f4b7c7202afbd6c88c772ef964e636e896736d2af10b1e281a76d190f858ff05
SHA512 0e2905d04e59611fd3bd033af6c0ae1f4c6c392a99c69019445a7e84c6d4de90b62af62dca55b1f57f7ed3f330507e2b21e8865b15369b4028993df29fea22b2

/data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes2.dex

MD5 36ace6020c58cfbc4e5f57438f2a8c63
SHA1 345c013037bfc0da6bde5603643bf9d8b208b301
SHA256 616ce3d84ea7b4424d04ca98f5bcd1b4453b19c768e258d00f7c3a9847932cae
SHA512 493b58c6d93412c614a1d10401a58f8c9b26d67987dfa4b67bd8441d428b315ba40eae4adcd090fa27afe4e19f327c0625e46a490012edb099f2f105c4510090

/data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes3.dex

MD5 d032bdc646cc63c2c6a2a4db02d9a07c
SHA1 59af272d29990751f998998db2493536b3c0fdef
SHA256 8e23a93bc9469594efd7ac506f28991f4089154364168ae4f0b752d7edbade8a
SHA512 06c554f1017be1bc1f75a2b3d72a33188ab4d6f9dd77a0df40e2573944003611aafcc51874aac4465ef3d10c72f2e4244fd7be7fed5ab57e79bade765d5f5794

/data/user/0/com.zongxueguan.naochanle_android/.jiagu/classes.dex!classes4.dex

MD5 6442450755d6ceeb065a34956e06d22f
SHA1 c02ea6834719dda4f0296acf90a3f4dbd272be09
SHA256 e127dd108290cad9d6178f70ebf74aaa4dee1f211fa734db93fa8ddd9fdd4b4b
SHA512 b68b38d4340ec9535a7e5d161bf1fbb9e1dfca65ad43224d89b0bf1be311d5efd945b1e7df257a5656cef57789a98451195f61fb80c85c8238c400ed55be991d

/data/data/com.zongxueguan.naochanle_android/files/.jglogs/.jg.ri

MD5 98072fa1d5ea6061086f937e019f5aa7
SHA1 283bd6a0a0f51079d390b502a50b03f98bed3004
SHA256 2dac1c4cba5818ca84e6b070cccb12c6a369dacb34f8250fda2451ee01ea0e67
SHA512 71cdba2538009a874f3fcd104a53b020a2d5ef0b4b0db3f8320a4bae537a58deae4d490c6f9f8119f9cf7e20bd6a10d625911edbcab0781f6a2600156eea24a9

/data/data/com.zongxueguan.naochanle_android/files/.jglogs/.jg.store.report_cf

MD5 2e086ad23cb423283774df5c88e92851
SHA1 148697ce4ca168de4a9da834a0e48ea2a8dee3f6
SHA256 971e1d34a12587a048c64a7f7a2fd3c9b93dc9b90d2e121729b6de48b36a898f
SHA512 e04cc859036ad2d16a8a753e24aeac4b4b871b6a7af75e5e918e6b004df09245d90d64e103473278455e31834d0d0d727cebf25c4c1911b0144499aaaaed23bf

/data/data/com.zongxueguan.naochanle_android/files/.jglogs/.jg.store.report_pid

MD5 e08772f1bafd5fff9e3624f38f8ef3f6
SHA1 4c1ed55fd7e8de142643de62c35fa58ef687e40c
SHA256 33ffe2bab692a433adb47988f20db5080d0c08c8a101e3fa9aa08f633e111ba8
SHA512 e42f6695025d41704d265c2dace05bddbc00478d19008e62de7f7a7df3653c0066edfad933e89c50899d710296490b8ca691a527208e23751de7fa56f0ee7567

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 1ec404b7af4186ae6def743368043ed0
SHA1 a1a7d258b759475822330093a6f960c8cc244f32
SHA256 e5b4d5e68028e4f44b7d7f73a37321ad6257c83ad53b4f5e9e3ce12d682028b9
SHA512 534268b209acdb6d78a05d7d760e9a43f9973f8ffb409e994776aa0757da1ab1bd834592e21534529caba31bb27d8a8d039464694e76973923e3a305316fd51c

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 da27e4264e2d8d248a82937b59dbe5ef
SHA1 60f2fdd49b078c21261830024ef5dfcfd39c4936
SHA256 d029f51139a398fce48a2987a245fad6c49410d2e31763ccbc731c686fd3e525
SHA512 0b2a3d82f97e86c7e252377a4829a754d16997794f65d8a924a2bfebb4b24c66f91c3b5580d9b04ca9fc070f296dcc20b459a9647a94311569f025d6a7380e6c

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 aefcac1051efeb61c391b16c8f708313
SHA1 b574aa8dae489759aab0e0f15df519ced738c895
SHA256 b3a10299ac88e59595730781cfb08e4b75f74e2748f3bcf0983d04757d5e9e56
SHA512 bc8f71af6d1e170c98a745e2c1062e79e685ef0ac796b2ec55e44d314d84b8711d56adaebae8e509a0451d4acc22fce1e8abfedd9f284a8e2df62f74a98ae60c

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 c444739bd1dcc593ff53fb1644d53fd8
SHA1 5361a91ed1aad787102036dea9b9fac7578d77f4
SHA256 dddf54fa6677a5e9935a3a29f70c72374444bd8814f28d341f6f749dfada7bed
SHA512 724094bc54a72506f429490588571233b8c89ede771de86144d9d2b7cae882fec52ad170efb784776ec0a8899a8fb4982ebfd2fdcc6749eb00e36e441425aa46

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 42cc81f831ed8777f4d52b1157a24556
SHA1 0e478a5a2a45757cb949e6ef6f81e5d357e261c8
SHA256 18a9ce0178e65c852d33b864df54bd9b71ca45159501d85a101e2eb1efa5bcb5
SHA512 ee990d579ad65ad01dfd61c926ca6bcca37295268f574ee379d47e7910aca6d24eda4ce2640e84bae752973998f2b2e508ec5e2532a9813ec3668c8c436dc4b8

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 beffb61e467977f532e4e4f9b473afad
SHA1 5e2575cf24c64053e0b2a768ce1d8d77a98f632f
SHA256 09801162e2e9026f8b2768b1fae9bbca6c80732402fef3ac0d4e3f410a2955c5
SHA512 7de2b0b6510f925e2b16e174fdeedc192c6feef74eb11de4a4afb5d65dda5c044f3b0eaa3ffffcbdc52f0290d2208b02b34668334b082a9ea50fc3d0496ce896

/storage/emulated/0/com.zongxueguan.naochanle_android/log/demo_20240602.log

MD5 31f24f062925acb07dc8e240780e880d
SHA1 56a3ba3a21e711779b4241a7016a45d6fb3aa167
SHA256 9331fcc61b7dc1b9dc01024bc05133fcaa7f503b6273c0be5244c11a6111a770
SHA512 278d3db06ba3257eb7a99aacbab7ef062ee769aeaff1c4178c378815083d370fd9158288141ca24ca7e00ce276ea306ff93442d4bbfa76db745795d07db741e0

/storage/emulated/0/com.zongxueguan.naochanle_android/log/demo_20240602.log

MD5 13a0f634ae9185cbe0be134f85a50c45
SHA1 191857286fa6e88a62fc2095acaf5a5acca18eb2
SHA256 ed3ad60dd3a011caadf3e9cb0fab17237e18ca8d0e7e7fef6f4bee6831d5d50c
SHA512 ff4c807370a3e0b21aa0e8e21e7be27d0ae62230bad71196512b18ae25e5029413d8d8b45edae24e773b5d8ddbb7052ca0123173f18acafde45836297c019a6e

/data/user/0/com.zongxueguan.naochanle_android/tinker_server/0f751a5a5fdc5dd9_version.info

MD5 6d687da5da2f8c4532ff875d52ee22dd
SHA1 9f074714cd802a6e0c9c7580d7092c7ae3a6ca65
SHA256 2a7788b606b2cfe848a3dd63287c2c12804a42720a816c147b2880a222fd745f
SHA512 b45540ba69c6936e4e16b6f45e092d700050df91f5aabe3f9807c9ff23989ee5aedee02136f68f4de790f9decb33ae4b6250ffcb36909be91af4b0331bdda548

/data/data/com.zongxueguan.naochanle_android/files/.jglogs/.jg.ac

MD5 278d132fbf02b48eed829b9d947293de
SHA1 a77054e53709aaf5d63db33c727508dda6a05e13
SHA256 9be07d516400491134aea4c011852f883e73134c700a829ab02695cce9b78742
SHA512 1d0eb0ebcb3deb4ae8c3378f1da372afc2e9737534470f2c2c174cb4f1f090f3f5d7140ad744b95354fe23b134e60372230bd96d45ed4a75ada58564c061c77d

/storage/emulated/0/data/.push_deviceid

MD5 a7471a3c597b3138b932751dc3b183ba
SHA1 1b4ebde41dba7d8a1d5b4a192a9e27cbd718860c
SHA256 cb564c80e29b85779cda893850fc356b1d7fe495b045771660dbe4dc175ec5cb
SHA512 863004a038ea209edd16ff560c4268d7030691b3c1013d8c486a6814098480cb0883868f508ceb008170acc7e0a71607a7d00fa5e937c1fb5a7443abb61a36d9

/data/user/0/com.zongxueguan.naochanle_android/files/jpush_stat_cache_history.json

MD5 c79d1eaf180e92e6b4217f8292af1def
SHA1 63996442ca9612c628cf0f5f3ed4b1cac323b96f
SHA256 d63b5e9da7f386873b209fda12ee94f5ba9fddf52c322ebda8e368c963c05ab4
SHA512 ace02f58b0f0e9b56dc4c1ba14afcfbfa378fcae40899afb94fdeb4505b086eea113154094a796b30e7faa7e0188fdbe92582b7f8211fee14f17b8fe39da0bc0

/data/user/0/com.zongxueguan.naochanle_android/files/umeng_it.cache

MD5 a1f5b252324617d47e2e6d591a6542ff
SHA1 ea8ba6cdbe6bc212006ef4a5cca9ff8064757a97
SHA256 29adf5254057bd05cbf23c0b55d61807326ee63f14f124eb3bbfdc93320cfba9
SHA512 9fce769790c3a3ba845f755a9bf4ac14c7ff743a5240a98dd1fd1e26bfa9f0a96168b7e66188ff4c1eeb05d19594d6c3c7b0108a1513848ac3ae75e1fbaa5c4f

/data/user/0/com.zongxueguan.naochanle_android/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3MzUzNTYyMjE4

MD5 f2d033713016fbbded34d20084730447
SHA1 d5d33039a3fa0dbd3192944a6c569a84f9d45d5e
SHA256 46800db9bf8b20b7435d50a10379a764ae75c8d29e04d288e5da6c8c965c1fc0
SHA512 a054e66bc5d07f96ccd892a6fbf287f8e1cfbdec7bb331ddbe279489d9f76540204c7b3282887ccec81098869213e3f6215c0cb34c95c5a6b00e208f98d76888

/data/user/0/com.zongxueguan.naochanle_android/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3MzUzNTYyMjIx

MD5 b02c0a26bf92e7db53fc6a65409cf8d1
SHA1 658bc0ea605e489478bfbf44990b57da167a028a
SHA256 2d427aa97c09364646bba81eda0e39fa3ba4c775bb2767564668893f776aad90
SHA512 808c1dd447beae9f1e9c8da979c67bb1278bb11d9c8e02e18e7e3d353e322853304daf3e260f8a416c07ef7516943f98c5294e0214fbe45670d3bdc3d407c6b9

/data/user/0/com.zongxueguan.naochanle_android/files/.umeng/exchangeIdentity.json

MD5 3b09f70a4682969e7083cbea13509b27
SHA1 94b6f47ce338f04393c606d78a9786c568bbedf6
SHA256 cb987463e394aa1ca7d3f7cc0078c9c93f6ee8d847509eee365c22b587b8768b
SHA512 51fa5106ac345769a233c28ce6968a8cc692b27de330c4647f267674b4fa846cc8ed13ba9312ee5d3c61bf7e6845ec2e22d61154fea4fbcdb15eb9041b845ed6

/data/user/0/com.zongxueguan.naochanle_android/files/exid.dat

MD5 857015742fcf8ef93cb7a131f8bb31cc
SHA1 b720c02c7828905e5235429194e0b8c3b554398d
SHA256 6c23f21710c82e66c870727a99b8e2ccce0e2c90f2dc9193e5fbcea4230491c7
SHA512 87c5be3d6530f5a0e857b338f93e726676c0d0044c8ae2bca48b52e541c706b42e94ad30499404edbece176cb09dc59a6c0c5cb2e37945ec548f840fc4d3f325

/data/user/0/com.zongxueguan.naochanle_android/files/.envelope/i==1.2.0&&1.6.1_1717353563417_envelope.log

MD5 b4847db97c42773c9e20299ac6efdd4c
SHA1 0147686a9c0d2d2f4d54afc878fb580703fd6185
SHA256 9c96db040cd8b55bc6092d07c10d33bae8a560754779550ab3c764ca3960613f
SHA512 1921086760cc1bbb967da8f0137ffa64983cba648796f78212c204ff8c2fbddc77d5ab53f6f726c0e67964ecb85c3e1c639547f6615b9b7ac5cc3d94df498205

/data/data/com.zongxueguan.naochanle_android/databases/ua.db-journal

MD5 87b929b521ebed6da93a98dd62d2afde
SHA1 64aa568402618a8cfeeceb2484cb533feb6af470
SHA256 fe7e75f25c84ef9c35e1a1c474b0844d240f8b3ba0a82813c6481a58e20b9459
SHA512 83c0239b3fd471b488d84fd007a2bfbbf3c4fb341e9970d4b64aa66bda8d09caa210b0a93a6aa8a9bae0b6077d287e281763e44b136f0598488355cf366b3bd4

/data/user/0/com.zongxueguan.naochanle_android/files/jpush_stat_cache.json

MD5 6c7bb1f0af79f8d1a0cb0c5002e4523d
SHA1 6720fab3a3c560e84ed160aede9395a99f013eca
SHA256 641190a2257d6c759c15ea2b5a852c8b9001bd0ef5780e37206858727f133106
SHA512 59bf0b3c7043dd324c760261cb8835d7cea0a45e55bb7e48f5276dea33cf5766dc0153ed4e2bac523dbdd4c2715fbfe61769e3ec16dd6a0742293edbc69ce54a

/data/data/com.zongxueguan.naochanle_android/databases/ua.db

MD5 4a8120c91e3143b2db43971dbc77cf8d
SHA1 37c5700d35059c4e0a718ced73b3d73ba5d2b277
SHA256 1fa1b6e6bd75bcef64d35785e2fd6f2e73dcdf92dce73c8b2a8fed49746d53bb
SHA512 465cd282927e30a0a894a75ad261feddde5a31869c8cea6b548362afce08fbb7cff7a784bd1d62c3e4c95916ce30e758d3919dd4cdc13176f29d68c2620c185c

/data/data/com.zongxueguan.naochanle_android/databases/ua.db-journal

MD5 bb2a6b65947c330c1d8cc7c423311a8f
SHA1 2178838e7c10db77d916952247bfa78021c8384e
SHA256 e32879dbdef4d3a71262c4ad2e0710bbacac7471456357ab09d100a877674723
SHA512 9abbbb7a14cc6be964d199cd0839f053ab5e4ea6b9f3d7f5dbbd13f2dbb8bd01751bdc8fccd6097a3321b806bef4195f0400e3e04ef37b5c18d4d0022b19a9ae

/data/data/com.zongxueguan.naochanle_android/databases/ua.db-journal

MD5 4ec80f05f00f45da8ed8fbe29308df17
SHA1 f39e5dd3a2d42dc6ee75ebe6488c2682d4bebe58
SHA256 6aaddfc89531f4612d82886befeca964adb6616a365f8d34511af4f68c00e03a
SHA512 773fb3b8a237f8fe420d7126f635579ead695898fc134d202aa3f3befedde15659eaef2c7fd1a8ad56e4e1badea518cd6371b6c258f4361ebe00f9a2a6331a90

/data/data/com.zongxueguan.naochanle_android/databases/ua.db-journal

MD5 bb608cff1807018186467d23a5c65340
SHA1 cb2f6bfedbeab306e5d1f7ddd7518733928cb19b
SHA256 65b5ce5a9ecef54e00b2bbcd362bcf604fdf491aa234ffd97e77199307e22fc9
SHA512 62842205416f4b7a56ded70c4c4dfe197a42bf76a31b6d777477c68107692695d26ff806c71608fa48e9c0648e1a297eefcc22d3c1fb3a0f8a7f1a9d64e951fc

/data/data/com.zongxueguan.naochanle_android/databases/ua.db

MD5 010e9592ebb1f64ba552c227dbe30a53
SHA1 5b4ef5a644890b0acff4d5222d42278b52b21b05
SHA256 1e787a9a8c93fc0c24df3ca113a229803ef90f178119339c5b8d503b6665c692
SHA512 0dd4ccde185a2bcbedcd6fe703ea4ef393706f88b02506a79d8918d856a33f8351007e223084504175add76ad9a9fc9b373018cb5a7b93336fe90f13c26a8c50

/data/user/0/com.zongxueguan.naochanle_android/files/.envelope/a==7.4.0&&1.6.1_1717353566423_envelope.log

MD5 6ab248137395a56fc7cf20c4a9a80cca
SHA1 aed0014538ca87de0bd4caf96f0a77f97658d089
SHA256 ea7f1b880ce6e10c492e143556c96bbf7556a3d19fb578b3290e928da6b63388
SHA512 dade08cd35b31d62fbff50083335a971d31fcca1a1d2aa3761788437a1276ccf109381ac02ab795829a46543b9f7d8794f009559b55f06766b3bc3da1031d375

/data/data/com.zongxueguan.naochanle_android/databases/ua.db-journal

MD5 12e76b17fb77f4b5ec8bb19d4f24ca96
SHA1 f9d822875495d94b9d961637c695c105e201952d
SHA256 39fa1f383cf43fc58e569f5f457c90bd5924c460575142bb2e13a9f9c265ff80
SHA512 f6cfdf67da1c37beaef7468c146fa66347e77ec164bb1dad7c4efab75b59b27098ba9278873e7b40e9983a3d65a9e6df80bbe5e806c16edc573c72b2283bee08

/data/data/com.zongxueguan.naochanle_android/databases/ua.db

MD5 52f91f671c304303b6f92eada934319a
SHA1 2c601988be7e00cffec199cc3dcb8ec2f619630b
SHA256 e01635ae96c540012420a63051408cb13871ffcf0b2267a7a2c108f6da25fee6
SHA512 e65b95009d502c81c908cc593556d3bbef3c5dc6b334cbcfebe06eb7f41c2c3adbae12a08cb46cf357e2ecc126264971af143d0299c7e6d8d4c90ee51631f67d

/data/user/0/com.zongxueguan.naochanle_android/files/jpush_stat_cache.json

MD5 21437c29cbe62ba9bddbd90b89646054
SHA1 e96b8ac0c93b5ab363ffbb1386711062d3b14cbb
SHA256 d723967dd103527842491f676049ab69c57017a376a1db54800d8f460567b5db
SHA512 d888d81e2bf1d0bfcdc9f7ba57689d5e68ce7ce6f2c559e5226e21ce4fd460bdfda72a4d39c9bde510cc466378756c3999cb07566afa2a5f8d3035704b702ccd

/data/data/com.zongxueguan.naochanle_android/databases/ua.db-journal

MD5 bf64be5cee9fabf8f3b8c0e57da6402e
SHA1 62649c0e2e7449430f04869e8ca9f11f58b7b2b1
SHA256 daff79b2eea476584a03959370a13f5c2fbdc2c0392d7f7c9c187c5fb2b89f2a
SHA512 38d8bc2aca174bb13fa54f8708b55dce4f26f3f387ac125534195cb66b22d6e8c3b101c99fc230e3c82f62335421fe724bfa0b9c6916751406ab98f3964aa9f3

/data/data/com.zongxueguan.naochanle_android/databases/ua.db

MD5 7a2e1a38be856bfaf092909e248801e3
SHA1 12051b0c5e089589a49edba0e6cb4aa72165c8fb
SHA256 8c250ac4b4ebb3cb4b4472307c597eddcf890793d01242923177131be88982c2
SHA512 087c754d96de91959e4556b043818b2e14b39fa3929153da9bd404b6bbefd54068c4194cd7dafe54f244897f419784e0ba164210b823a4f730a5b272028934b9

/data/user/0/com.zongxueguan.naochanle_android/files/jpush_stat_cache_history.json

MD5 77e2c7c5da944187424827782178e16a
SHA1 b5f07558c8306a7d2f7090b799a44bfb338b6b4d
SHA256 1cf4a7fee0b62d90e5a88dcc8f00bb19d9816aa27b8b4386a5e61cffcec10bd3
SHA512 9bd6e137bfd3a065ac4464f79cd05b459eaad2834d26aea4e7e5a44e9109b9cb5efd2815531b5c392d56ff17ca6b4387111a8b48dbc6034c69a91ad038e85997

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 4c4594b9eb3e4eeff6ffcf11035829ea
SHA1 45cbb31d51b18661502a2190f588ad61805c5938
SHA256 8da030d89f256baf65fb6a938f896665efa03c5d91de207941d1761917459b35
SHA512 56137b6ca9e75c07547bbb0cabbbc2f54f96a765ef2d508c9f2203fdb39dc013b48b14fff1510599de1040b3b5fc98a18f6bbaf4206a1faaa954374ff328d103

/storage/emulated/0/com.zongxueguan.naochanle_android/nim/log/nim_sdk.log

MD5 abafd6d1f0bd159802061202b4e4251d
SHA1 fc5144914d98bcbbed7e6862f07c3362fe92dcfd
SHA256 9a385fe3cdbca3fe6d7e111d403b83e9cb321c32e647406e6238f9b25ccdc534
SHA512 17e9487e5be4678534c76bb405580c65eb26927cf4e30148cdebc6740bf63bf2e564b8f20e462d13f93628b412fa60a0427819bb06bde86da47f0ac66902059d

/data/data/com.zongxueguan.naochanle_android/files/.jglogs/.jg.store.report_cf

MD5 35621f298bf0c1aca1a8996b4cab61ee
SHA1 0d8f0628c75489ee2401451b26dba2ed7d9b8659
SHA256 ba266929372b28919271b5ea5f18a04d41f32cbce0353aaccae12fd612e27b43
SHA512 c94c97011a6edc9ad644bc637104b0fd8271ca57f484eb7dd1757a75b6b450b996c9cc436b747f21c73adf95a9f27a82510947de945dc1b4253f5111730e7983

/data/data/com.zongxueguan.naochanle_android/files/.jglogs/.jg.ri

MD5 eaac3b8faf97c059aeaace00853a46e9
SHA1 2b8bea2bb637428773c08eb9933e98690efee7a9
SHA256 96af534f8a0fd0eecd3a9525b45b3dd9715a31c5054e2d80764da0430350a7a8
SHA512 410f1322aa31786cfeb34d91666b39396bb6fcd27d075cad2f18052f51aa4c3a630e914acf487a749350447c3208bbd3e863edefce0bec9f061c7f182a30d3b1

/data/data/com.zongxueguan.naochanle_android/files/.jiagu.lock

MD5 0a504e4d2ff86716fbe4af8e37544797
SHA1 b997c7d03a33a45d1fe9762d0d4b602496e72c69
SHA256 5f1959ff100563946c69e33a34a7f69b403c962c3b211cb70bbeb05ff3e48e15
SHA512 d30a626eeb36a860826156e97da8edb7d151c44dc8284df13716b00b0200aacff6d55baedfbf1d4fa2d2e1dc54ae299b2a9bb328e7414e5ca3bb64919bc61612

/data/data/com.zongxueguan.naochanle_android/files/.jglogs/.jg.rd

MD5 102019fc82a91236c70821e1e7a8afe6
SHA1 a4573bb59ed9e6fe00b042478a9054fd23d0642c
SHA256 9d3b9b5a064159e808d4969ac5d16cd8e7c2d7b6afce3819b399b0e4b7009f34
SHA512 c46ce7066ee3294ad729a0e7f4aa55a68296ceeb1384a9c7a0170330f74a6bd8ef67ad64ab240ecc15a3fd33cd0d8a23fa17f0b358e6aba63c9e645dbd151a64

/data/data/com.zongxueguan.naochanle_android/files/.jglogs/.jg.store.report_pid

MD5 8163917a3f7b68df08ad723c13570559
SHA1 196dc7d718a63ced3cb5ab9413e0319979a8d0f3
SHA256 b5472820718d46c668d70f7f5e2f1062817c5233e08c04add178789dcabd3e40
SHA512 220e7921acb00a436baea337a250da136c4442e7938338cdecb32f49702098a9bc13ce295672cc496f58a8680d299f6725274561f687dc2da7be019e520fbae3

/data/data/com.zongxueguan.naochanle_android/files/.jglogs/.jg.pk.h

MD5 af85a9343a5af31fc75ce305f5210e80
SHA1 7a6a94f6916367f04d4fd3e46d792f8659d49377
SHA256 806132c038beb14d8794ab800ce0bdf843e6f75891f7f96b8aba5aefd0cd0ac6
SHA512 e64144427d8a83bb2090d6e5f17c68de882062ec4eb15d524f97a0dc98d213d976bb79531b014633b812cceca1c5e3e7509990744023998ba0fcc6f649d8fcc8

/data/data/com.zongxueguan.naochanle_android/files/.jglogs/.jg.pk

MD5 7ba62aad66cc6f0bd3bf01857f2985b4
SHA1 688af059ace0aab0079edf1be791f9b3cbe9aad4
SHA256 7609edfb9a2175b202718e5f99a95f6a9bf72eb6e7acf39abe14033caa0a2d03
SHA512 ead656c4876de8717c26c336b3ed729daa0436d4f9ce446c69bfeb7c52dcf9f6dd5f06598630a2bad62e864ed26f04254151a010240642d25a15ea70b40738fe

/data/data/com.zongxueguan.naochanle_android/files/.jglogs/.jg.ic

MD5 8bcb97eb87b75b254b82b833dc91139b
SHA1 1cd15581403fa9ba800a50de8f29b68f34033fdd
SHA256 e0cd9b873e57a2c7af805c28c121f35e2cb02306c7fe397a26dc1dd82dbea54c
SHA512 7c65f7934296d717bc0c78e566f8d6cf67992c993b3552d4c54ba647cb873c352c18aaf50a35f196c7d9606f5bfce487f41cbab8dc79ebdcd3f7fee3630f75f9

/data/user/0/com.zongxueguan.naochanle_android/databases/mingbai.db-journal

MD5 c35817a539f4464e0d2a82fb3b4f2c1d
SHA1 d91e1bf7a2ae892ce8bc94c649ccd05b9a0eb4c3
SHA256 03b6f35b9d4fafb42a4bcef371aa1a93f87eb23a2e8afde4fb09146467cbd416
SHA512 535c3238bdbd1b37e038c9cfdf50fb608094e10c5b4dc59158af1ad1541f140afdade3961d8740a8b160b003716f28c94b87fa4231c2b6672d2d6425db035a50

/data/user/0/com.zongxueguan.naochanle_android/databases/mingbai.db

MD5 94e3a259bc1c5d8bd6d80dffce195c2f
SHA1 b01d49f2e52ebd04266ad46f23137a7aca935a22
SHA256 afb0d20028f6af6cf977489362810d51d45007bb2987b83187eb9ec56d05aaa4
SHA512 9b1682465013e22d59163e24aa1efc8766af88bb3c6c312c8f8bb6a32d30be085980b54416b782352de9075662869de38bccdf8669bda988e0841b10535efb5e

/data/user/0/com.zongxueguan.naochanle_android/databases/mingbai.db-journal

MD5 ba8002e75a519f580a6143107a1ec834
SHA1 db7b22f50dda2b55f7a42d3e387246b5e584e687
SHA256 2f378f552cd22c927b5f16d20118c91c430cf37ef2071094dfd958afe5d2a0a0
SHA512 9ed083966412f4f55a8fae563520a16ffce90206c4b621d18830a69578fbaec88454d6932acb13e0c4ed53ea0a88bb8cc04d673a6a3f66b7ec3d43e0c517d657

/data/user/0/com.zongxueguan.naochanle_android/databases/mingbai.db-journal

MD5 90cf650c8a19d953148942fab2164ad1
SHA1 340718b513844df30088bcc2f388abbbcb178112
SHA256 234cda6e84ac46f4a1552cf553702c3256d9a81962e5985d27f5c55d3207ff25
SHA512 6995325321c245b454bbf2910193b4d323042b34b60ea7cc357add0202ae55e578c79773ef565ec24c99717720a3a7e277e6c0e25384b19a45b1433b14d16c5b