Malware Analysis Report

2025-01-19 08:07

Sample ID 240605-wk9c1see73
Target 98daf1bb869a3cc4d8a4eaf1ca70658c_JaffaCakes118
SHA256 5577c3572eec192271402733140e270bbfff6ebe7b6e6d70bf4a8acafd9ef5f6
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

5577c3572eec192271402733140e270bbfff6ebe7b6e6d70bf4a8acafd9ef5f6

Threat Level: Likely malicious

The file 98daf1bb869a3cc4d8a4eaf1ca70658c_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Loads dropped Dex/Jar

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Declares services with permission to bind to the system

Queries information about active data network

Makes use of the framework's foreground persistence service

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 18:00

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by remote views services to bind with the system. Allows apps to share and display views across different processes. android.permission.BIND_REMOTEVIEWS N/A N/A
Required by remote views services to bind with the system. Allows apps to share and display views across different processes. android.permission.BIND_REMOTEVIEWS N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 17:59

Reported

2024-06-05 18:03

Platform

android-x86-arm-20240603-en

Max time kernel

177s

Max time network

186s

Command Line

com.plan.kot32.tomatotime

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.plan.kot32.tomatotime/.jiagu/classes.dex N/A N/A
N/A /data/data/com.plan.kot32.tomatotime/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.plan.kot32.tomatotime/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.plan.kot32.tomatotime/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.plan.kot32.tomatotime/.jiagu/classes.dex N/A N/A
N/A /data/data/com.plan.kot32.tomatotime/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.plan.kot32.tomatotime/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.plan.kot32.tomatotime/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.plan.kot32.tomatotime

com.plan.kot32.tomatotime:pushservice

/system/bin/sh -c getprop

getprop

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq

sh -c ps -ef

ps -ef

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 hk.pool.ntp.org udp
US 1.1.1.1:53 asia.pool.ntp.org udp
US 1.1.1.1:53 ntp.nasa.gov udp
US 1.1.1.1:53 sg.pool.ntp.org udp
US 1.1.1.1:53 tw.pool.ntp.org udp
US 1.1.1.1:53 cn.pool.ntp.org udp
US 1.1.1.1:53 oss-cn-beijing.aliyuncs.com udp
US 1.1.1.1:53 time.asia.apple.com udp
US 1.1.1.1:53 jp.pool.ntp.org udp
US 1.1.1.1:53 pool.ntp.org udp
US 1.1.1.1:53 tomatodo.oss-cn-beijing.aliyuncs.com udp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 39.97.203.59:80 tomatodo.oss-cn-beijing.aliyuncs.com tcp
CN 39.97.203.59:80 tomatodo.oss-cn-beijing.aliyuncs.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 pingma.qq.com udp
CN 119.45.78.184:80 pingma.qq.com tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
US 1.1.1.1:53 api.tomatotime.cn udp
CN 106.75.14.172:80 api.tomatotime.cn tcp
CN 106.75.14.172:80 api.tomatotime.cn tcp
CN 119.45.78.184:80 pingma.qq.com tcp
CN 106.75.14.172:80 api.tomatotime.cn tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 tomatodo.oss-cn-beijing.aliyuncs.com udp
CN 203.107.1.1:80 tcp
US 1.1.1.1:53 tomatodo.oss-cn-beijing.aliyuncs.com udp
CN 203.107.1.1:80 tcp
CN 39.97.203.59:80 tomatodo.oss-cn-beijing.aliyuncs.com tcp
CN 39.97.203.59:80 tomatodo.oss-cn-beijing.aliyuncs.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
GB 216.58.201.110:443 tcp
GB 142.250.187.194:443 tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 tomatodo.oss-cn-beijing.aliyuncs.com udp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
US 1.1.1.1:53 tomatodo.oss-cn-beijing.aliyuncs.com udp
CN 39.97.203.59:80 tomatodo.oss-cn-beijing.aliyuncs.com tcp
CN 39.97.203.59:80 tomatodo.oss-cn-beijing.aliyuncs.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 ebjvu.cn udp
CN 112.65.70.244:80 ebjvu.cn tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp

Files

/data/data/com.plan.kot32.tomatotime/.jiagu/libjiagu.so

MD5 4f96450368abc4976389ba6a8868c92a
SHA1 04cc1bbd8c890fa68e860000deafaa6e5c686465
SHA256 c0417a15db824d1b60046cdc6cb1219c51dfe63c13882b5ebb1921c186bf1d6c
SHA512 3c2511e8c5c88514989b982dcdc7f960b13d583fce123edbd95235d008659d75ddab93ffd9e0356e7816a5e5068ef6f6b3cc6564f90862202881772433e1715f

/data/data/com.plan.kot32.tomatotime/.jiagu/classes.dex

MD5 a21a9dc62ee865aa85fedfd623754fd1
SHA1 4e84ddce9d9b6402db9f34984336a0fa97f3cb30
SHA256 ba2c9ebee2e4fd715955f44fe0ae99e426a25ce9146889b986be049a3c80ce4c
SHA512 8d7bbba6162b21c66be3205c55e0337538b1416a1d6367c83dc36de66d98c0e87241bcc156f4146f57af5ea586919e9327dbac50a067bb760a9ec288848cd927

/data/data/com.plan.kot32.tomatotime/.jiagu/classes.dex!classes2.dex

MD5 a81dd0f7f7d734b5b8268bbfaca596db
SHA1 2b30bf7eb10c8b26ffe48dc7323d01ac1d4acfff
SHA256 ca5f159120a46da65e18ac7f2e2357c7b97ad3a05bfce7eaba53f4dfa083e98b
SHA512 1642b0dea92e273c691cd7c6af74374bb7a7bf50ff962e8b97d07c46c76c91d64f6e1aa6531f80673c4f43a1bd46cf7197c2fe3ecd005d23d7c233850d4cbb62

/data/data/com.plan.kot32.tomatotime/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ri

MD5 fbba008510d807be009acf5b5bfcc63f
SHA1 9ad9576e7a4cf91876c28a6254ae314f3797a69d
SHA256 aa488bcb83b16726f7d1618dd1232ac8e7eacc99e6b8411c3c7ccc5ca4fda9d6
SHA512 dda2226c807f5bc6ea27bf334a65d5b8dd09b927a360c2588f73eaa9fc95ea75e635257c7c0e0d87e8fb5499cd5c8834054935f60ce0ef043bff0599092301b9

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ri

MD5 cc441357a4a0b910bf42eec82558de8f
SHA1 a9260e895508bb1a1510ff87d1eda7c1b81a599d
SHA256 eef38865aaa0469af3259cb0add130311d13c64f2900c01c43d58e247fb6d9b3
SHA512 1f4ce3a72f8931b84cefb50653176e00ec4378b0ba4c43e91f74ddce50a5f390bcee3b3e1f01ba0c464e4c2646ce049af3d6e40c6aefeb261c30fdd5f84ed9f8

/data/data/com.plan.kot32.tomatotime/files/.jiagu.lock

MD5 d3ee77d2ce3ccd4816507653d55fe763
SHA1 b3388ddd7c1e7def2cf288e8be57c981bdb512a4
SHA256 ee1cec080d5cbf781cb19f22322291112e83bb72cd8b9fef0d23d8414b5b26a0
SHA512 bc2057eb1855c056275bc89bd5c8b04287367346e8717d86766d66385ccd70efa33372dbaa176f041474381f55d3e1ead5535d9779ad9e8e238dff6c05d8acf0

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.rd

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.store.report_pid

MD5 28cd15af90e074563903d50ba8128652
SHA1 aa008f9a50e1e2cccfc506042567c5a7ca3c6d9f
SHA256 5ac073d7086d7c27ddd9384e691f12e9183221ec292bc0d737199f63a4f7bf97
SHA512 b8e7d4b7d8576061bc2abb164431e7ba6300bb1ac461f89150274fcb1f6a576b5ef0c2734e5ff296f1f44e7d76b799446de20d44a1f34ce4b596b3d2bbfc5549

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ri

MD5 73a3fd2df4d3c110ae4ee494f2a53ece
SHA1 f4b98f632b9b7bafa36979accb40687966a4df5b
SHA256 1aad3b89925f13da6dcacb20e46c14bf32b76f390b40ee02aa2cc5c8fe8391fa
SHA512 ef7b45f49857a8b513e5dd8c7f92c6385bd70ae4106063189fd4596f0b0e88e3d40961f8fbafaffb446a821f85ee798df13c962fbd415509317cb955cec177ec

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.cl

MD5 fe1b0013d987d87bb876d9aea163f7f9
SHA1 722e8b5be909e81807bbcd3b8fa6c88020e9a5a7
SHA256 53fd64fcd498741b20acb3ee7e585f98356207cc6a4e1b12dea20ac2bb98e85b
SHA512 3df0bb170fc84ffc9ce2d14508df1838b1777adc2e76d38a023206d1c1a37d36b70361ca7733385907bf6f332828545d6f84f2d52b27eec3a68c1e62a84ffb6d

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.pk.h

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.pk

MD5 3d0444144815db2493c739c04f84f463
SHA1 431580e6080f96b4ae07a1b18f4ed401eb709174
SHA256 5ec9998d205630ae7f00d92fa9b4ed1e1575a2b67d232cdcfa2525bbba0df915
SHA512 056a4eb1ffdcec95d0047160988fe60edcb2880d16fcc239dc03ecaa19e229ace974d9253563d2378d28f0af1cb856d76e10732e810a005ea0951cc7900f0c34

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ac

MD5 b6416d6d58174c6565491c2b0c2e8e4b
SHA1 03e3277006fdd78cfcdf1e4cd79ed98ef5f83a4c
SHA256 1a977e509a34ba7945579a18260a5075744ee4d45a9f64136b265ebba663b5c7
SHA512 e3f57a88c0adca9cfbb62e62fc6f81f469734f67025a6aba42e2acc3a23c55f1fe80958c9313ab1c0ae3182a8bb0417e968a766032c325c92a451f7de6dac3a8

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ic

MD5 71dd433d1036ae8e9743f03d2591840a
SHA1 5c7c95ac059211d21359107ff042096444d332b8
SHA256 7c70807c39ac4e9263853ec034d8f7dfab6aa71f03d3ef5476676cc536f1d864
SHA512 9e0dea86620a75c9b329e5599da9d9dbc71671a41a792ee5dbafd0c7ddd01ec2d3211e43ae2b31220b88dfce3350fe73c02398013b88a565ca31332d85c86e8f

/data/data/com.plan.kot32.tomatotime/app_crashrecord/1004

MD5 93181c61f27516ef718ebd297593f0d4
SHA1 d87bd42a02c2018f242960cffba58a2abb85696c
SHA256 0ca910a30c3e8c1df38a4cf12f5e4fbcfc3b36a60a67077f06a1abfefba319bd
SHA512 3be9476312a7d1d72565d8c2b64e4ef4b94ef71da5007b4f9d8b26aca1f60ad1170b6b591d73a485bace794c46cdb34f5bbb607f34012dc3370ceab29df057f5

/data/data/com.plan.kot32.tomatotime/databases/bugly_db_-journal

MD5 4bde88430ef3cbe9061197fa2e37150a
SHA1 7e4633af9fe635c099168c57f791dca84c4c5274
SHA256 17e8c6bd4860a8762a508fcfdc17fdae35aa0c8e5a090a47bd80d2f975bd29ee
SHA512 6f766e2e753f269aa606739a21f40ac1a5f02ecd5cd963d36d89900ebd9a158da374619581bc53c6c82113260a70a15cea5b10c43029ff77709f77b319d8a857

/data/data/com.plan.kot32.tomatotime/databases/bugly_db_

MD5 82b67c2da6111d5bbd2d914af4fe7225
SHA1 e8c5a38db837d979cc2f041da25e352dbfacc6dd
SHA256 93a35adad2570a687e0bfdb43b7aac4719be60a8aa498636ec8f7d5d4ff0a9b5
SHA512 1397125b5e587402d36adebaba6df2f4616d53dcdb61cfe680cc7c93918e99e01e9b927ebdc9087df85722f768aad182f5a886147bddd8c36164189bbe2ac39c

/data/data/com.plan.kot32.tomatotime/databases/bugly_db_-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.plan.kot32.tomatotime/databases/bugly_db_-wal

MD5 837a8728fd58d33b8456e9fc77b40dec
SHA1 e3e3fc63157596325941ffc8dba57b84d04f692c
SHA256 5904ad9ef02d153d1b8dafa174f13394e86671c7d54d6f19ccfe7fac7300b4f6
SHA512 31f62d99d631233f7b30a19473846715e274774eca8b1221bb6ae81f28492a8e46b9682fb5f9a4e77791885b45dae8529f1c3c70ceb9cf846afe7ea4222842bd

/data/data/com.plan.kot32.tomatotime/app_crashrecord/1004

MD5 444ee9e696b94249f5cec843a82c3045
SHA1 1997dc5db1af2e30bf13b3d6206ac829e4effa72
SHA256 5657ce0b4d438056160b751c03ae42c95f516aef16c6b69ec9d0a420caf3e274
SHA512 09b1fcc347abd9cdbd1b6b4bd3020093dda99840f0163caebde37bbbdcadb611b6a87df7ef51703aa627f3c4e3886c188456e5489339a38383732e102221c5fb

/data/data/com.plan.kot32.tomatotime/app_crashrecord/1002

MD5 4f392f68e85d4f91e7bc7daa48dae724
SHA1 035a900d0a8ae1231a4b94d19e621508986146a7
SHA256 73eabbe2be69b6d6a0881d3a1e8707507f5a2ddd58157a5ded3fd484810ed9a5
SHA512 35187e87335c9e202075810949de84c171fc157d4d06c5c9d35dbc2758ba495213b7eb8794b5c0b554cd75e104c6893eb7f121c517e5c8fdcc34963ca7e57ee8

/data/data/com.plan.kot32.tomatotime/databases/bmob_provider.db-journal

MD5 2d1174690b0efd411c55c6a2d2501a24
SHA1 041345be0e98666f539a8e672be53e5bb604fd21
SHA256 7c146ad0cd12f03cb7f7d3aaf77617997994ae449c833907efc90f30dea95a67
SHA512 2ec6b1107fdfe151155477c736361db80ab155695199ddc086d92e05fd98f5d176399bc28df173fe532d8b733a60339a8de2a8660ac4cb611db64d54a80269dd

/data/data/com.plan.kot32.tomatotime/databases/bmob_provider.db

MD5 f6bbef0084c821d5b84a9950e229b844
SHA1 b4393d460cda1891633fd57f6d770c96398f4136
SHA256 936ed13b0671692a2c1e4d7d18e175134bc66423fcf0fb9cda5f7c8422707e34
SHA512 93d697a0b5dff379daaf58444242f935d229d445f18cf610fa261ee4898d8af304e12d9035656f24a23e67917f7f45642a131e46a65ce322e9972f629fcdd38b

/data/data/com.plan.kot32.tomatotime/databases/bmob_provider.db-shm

MD5 35274d00c1ac9259da1ef2e3a9a8b6eb
SHA1 944118aed9da0a5095a92cafd1f124b011e3cfad
SHA256 d225f0d2418936d3f7bf10c5ae4a247b91cca71ab7a9ea79cc5902f77c284978
SHA512 0ff421cc1b90a85ce1afc2ba4880bff850ffa3cfaf2c2b9edd00b4913162016d5459e2a3e35b49beeb20590644b288da8506ffb06ef5106b54b3472250667b4f

/data/data/com.plan.kot32.tomatotime/databases/bmob_provider.db-wal

MD5 271e3c29aa8b492b2e14ebc1b7b8f86c
SHA1 94a53531ea0d9697bdf22964ffff56c4e55dbc76
SHA256 c36c15657aefa2cbd73e65c946814e9784f800443c402b4094feeb94aace39e0
SHA512 f5e7e31e84331f80691e4310a3e2aab3de2eb49d56e7c791e0c9faa9d844088b8f25b6b0a707a11f83ee264f34b093628cf2be0cec904fa8b4be4b9c478444d1

/data/data/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-journal

MD5 07862928582ce4b30fbf2d119d209336
SHA1 11845ed04674b4a6542ff5aba51f2509535fd22b
SHA256 fb65348554d9f56e7458c01017f41ee27a11a855608057889efaa56764542d1c
SHA512 079dab6c6cf052002da918967d09675ab1e432d51aac4ad14064bb7daddcab0bd86ab81183ca553d230c885f81c3f8ec4abb601cc46008b5f60d3207eb710e44

/data/data/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-wal

MD5 32e5360d2092678c4ca6e5244f38fff0
SHA1 bd52a218584f2709f589b3a2b007ff23c483c3b3
SHA256 54cdc8c13305af7b10bf410dbda40483c3b624241b6d78d09c4921f00a629aa3
SHA512 15f3393b350aaef7350d5a9ea35ad3b60aa0630d71b92fc0eb6d7bf136409b492c5e0f2327096abfb86cb207a79c08ac487032ff6642d1213b2c1337fe9ea288

/data/data/com.plan.kot32.tomatotime/databases/pri_tencent_analysis.db_com.plan.kot32.tomatotime-journal

MD5 0dc3037cb909fc3aeca9566ba5040153
SHA1 1d7a1a2bb7b7780f6e41092f6cbb51d57dcc5c55
SHA256 c718036d90cbe7449be8495f0604cdf7629b5940b50e5d3bc93a036a04596f71
SHA512 cab8c7671b13844b262e1ff756b19fa6a1d1a583261f929d6a64b68733bc4151e10d1c7792d335f3fc4a807fa95631e43581db8a4e3dc9289703402e0ce588de

/data/data/com.plan.kot32.tomatotime/databases/pri_tencent_analysis.db_com.plan.kot32.tomatotime-wal

MD5 72e2bcb98006f0907d669ca93d1e3040
SHA1 9dca10abfb121c79ec8ebc49100ad30eca9f7645
SHA256 338ae4a1d23915a83e81045d0ba5cc60b9f00d502f84efcb446fa21ba92457b5
SHA512 1011e8a632a0411f473f0b3d7b6ecc6b78ed720da1d2af25a99ab244c556bd9e408f79361d03749d182647965ab26e787a6c382ad0696fe09c339800d1dc104b

/data/data/com.plan.kot32.tomatotime/databases/afinal.db-journal

MD5 432087ef95f7134d7576a25aed0b3bdf
SHA1 4e039f0014cd3f1b43a45a3e2e413f574d5754c1
SHA256 40a4808fe347c95daf751347def0ebd58c86479d3aa651f4e6bf7b9fb65b77a8
SHA512 ab2809c1b84887f44e1b7cb87cdf8ab946e84dc71e6cfcef98058424608c83ea00a04b98365ecfc57bf19c3d94211a93ced00b3b011cebd64611642c98955b2c

/data/data/com.plan.kot32.tomatotime/databases/afinal.db-wal

MD5 17abbf4fe4dfd442393840709a06cf7f
SHA1 bc8048d0d9c0089c9a1c91423fea33b629cb5b05
SHA256 a03eafeff6ad84bd769934b4943f06c57b8a7f9cefe494754e16d20490f52726
SHA512 707fc6f8e9ab7afbdf5181c3cde563485e20b40335b37ad84de924405054c020b232834885a1df0616625e9eb02503b1956f7e09ebc2627585980e799bc97384

/storage/emulated/0/Android/data/com.plan.kot32.tomatotime/files/MiPushLog/log1.txt

MD5 54d056e5893f0c0129e802ce2c7a4ba9
SHA1 107f85b18a36a527214dbd9300646f55f15d12a4
SHA256 23b36f1118c7c20d9a7c1f7007e6fd76ee3b875d39789fc07265c0ee1b5fe381
SHA512 3810ca40b526d5b77b6631a2db71d1e05228bb60ad3240d9f2a28a9b4f8ed2a15355f55854fe62dd8a19850a459275612e3e5c1aa7a5444041405b3e0d9f93dd

/storage/emulated/0/Android/data/com.plan.kot32.tomatotime/files/MiPushLog/log1.txt

MD5 5ef398f730a418d0dbe913123be26317
SHA1 6cf02343f3cbc8a5fce531220538bb7cb73467f8
SHA256 836e993264828db11a8d99c6a7f7239a86fe75a3297fd5eaf7fd860221645375
SHA512 bfea01a679d50894810264424ad742a6d5b267d92294a44ff361ee4548134ae110be3c050823860bca26823e181224d9c170d2d05a440a351240bec0f1ee9c7b

/storage/emulated/0/mipush/lcfp

MD5 449f958b1eea0fa18876f66b085f1cb7
SHA1 efd3da254373d1d09b3bdcf38940060995a5c384
SHA256 2db42e25ed63f844ce62f6d15215130562b2d790022519e9cd1b6fa3a1adaca0
SHA512 67992e968cb2991ad8f4b9fbda95efc5fdfac1bc156f8ddb1249e955b751a22b5488ae904933417f537c7e6c120368019d9ddc9121e168d31a2bfbd726809c9d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 17:59

Reported

2024-06-05 18:03

Platform

android-x64-arm64-20240603-en

Max time kernel

172s

Max time network

187s

Command Line

com.plan.kot32.tomatotime

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.plan.kot32.tomatotime/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.plan.kot32.tomatotime/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.plan.kot32.tomatotime/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.plan.kot32.tomatotime/.jiagu/classes.dex!classes2.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.plan.kot32.tomatotime

com.plan.kot32.tomatotime:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 hk.pool.ntp.org udp
US 1.1.1.1:53 asia.pool.ntp.org udp
US 1.1.1.1:53 tw.pool.ntp.org udp
US 1.1.1.1:53 ntp.nasa.gov udp
US 1.1.1.1:53 oss-cn-beijing.aliyuncs.com udp
US 1.1.1.1:53 sg.pool.ntp.org udp
US 1.1.1.1:53 time.asia.apple.com udp
US 1.1.1.1:53 jp.pool.ntp.org udp
US 1.1.1.1:53 tomatodo.oss-cn-beijing.aliyuncs.com udp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
US 1.1.1.1:53 cn.pool.ntp.org udp
CN 39.97.203.59:80 tomatodo.oss-cn-beijing.aliyuncs.com tcp
CN 39.97.203.59:80 tomatodo.oss-cn-beijing.aliyuncs.com tcp
US 1.1.1.1:53 pool.ntp.org udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 tw.pool.ntp.org udp
US 1.1.1.1:53 pingma.qq.com udp
CN 119.45.78.184:80 pingma.qq.com tcp
US 1.1.1.1:53 register.xmpush.global.xiaomi.com udp
NL 20.47.97.231:443 register.xmpush.global.xiaomi.com tcp
CN 119.45.78.184:80 pingma.qq.com tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
US 1.1.1.1:53 api.tomatotime.cn udp
CN 106.75.14.172:80 api.tomatotime.cn tcp
CN 106.75.14.172:80 api.tomatotime.cn tcp
CN 106.75.14.172:80 api.tomatotime.cn tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 tomatodo.oss-cn-beijing.aliyuncs.com udp
CN 203.107.1.1:80 tcp
CN 39.97.203.59:80 tomatodo.oss-cn-beijing.aliyuncs.com tcp
CN 203.107.1.1:80 tcp
CN 39.97.203.59:80 tomatodo.oss-cn-beijing.aliyuncs.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 203.107.1.1:80 tcp
US 1.1.1.1:53 tomatodo.oss-cn-beijing.aliyuncs.com udp
US 1.1.1.1:53 tomatodo.oss-cn-beijing.aliyuncs.com udp
CN 203.107.1.1:80 tcp
CN 39.97.203.59:80 tomatodo.oss-cn-beijing.aliyuncs.com tcp
CN 39.97.203.59:80 tomatodo.oss-cn-beijing.aliyuncs.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
US 1.1.1.1:53 ebjvu.cn udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 112.65.70.244:80 ebjvu.cn tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp

Files

/data/user/0/com.plan.kot32.tomatotime/.jiagu/libjiagu.so

MD5 cd9f017a46767eef8026d7b62fd50eda
SHA1 738794ac6f0a7a86a116b602cafe1e05fe0d2b00
SHA256 e445fdc8b2b1baf0f49b5c4796cfaf3364881114ec7a1dcf09003a8e2e1350b5
SHA512 8eb412244a99394959f0d6d364472b7437f4248f685ff2da3631c72ce82d533503640df116c08eda9f9389c0f41f524a93909beff8c5a0bf072f75b300cdb91d

/data/user/0/com.plan.kot32.tomatotime/.jiagu/classes.dex

MD5 a21a9dc62ee865aa85fedfd623754fd1
SHA1 4e84ddce9d9b6402db9f34984336a0fa97f3cb30
SHA256 ba2c9ebee2e4fd715955f44fe0ae99e426a25ce9146889b986be049a3c80ce4c
SHA512 8d7bbba6162b21c66be3205c55e0337538b1416a1d6367c83dc36de66d98c0e87241bcc156f4146f57af5ea586919e9327dbac50a067bb760a9ec288848cd927

/data/user/0/com.plan.kot32.tomatotime/.jiagu/classes.dex!classes2.dex

MD5 a81dd0f7f7d734b5b8268bbfaca596db
SHA1 2b30bf7eb10c8b26ffe48dc7323d01ac1d4acfff
SHA256 ca5f159120a46da65e18ac7f2e2357c7b97ad3a05bfce7eaba53f4dfa083e98b
SHA512 1642b0dea92e273c691cd7c6af74374bb7a7bf50ff962e8b97d07c46c76c91d64f6e1aa6531f80673c4f43a1bd46cf7197c2fe3ecd005d23d7c233850d4cbb62

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ri

MD5 a7c326c1a572b23eb2a2851828352b4c
SHA1 4c8beab07e2b22b29027e52fd7d83a8b19b011eb
SHA256 dad5652b1f7c77741e294d1fcca8396ef45f245bca18f7950dd4977f09fde164
SHA512 acff75412c324511da783ee065d3175342d15d4c7e15f5434a7ea93f66b25a781cabdbe6bfcc73ca254f80cd9ff7dbb158a68560b354c885f8b2e4b4f1ed74a7

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ri

MD5 dc2795eed5ea45b2f3a343af36858423
SHA1 cc7e99cc48187d97c6ad1a8eb333225eeb39827f
SHA256 fada407d1dcde0966796302f6d5354fcbf59069ea5dcec268b5db1902f99015d
SHA512 7c15dfbf41428652b24dd681a780c217f125fb1483cdebe1aa5ec8f769e384383eea14b24924fe1e037aefabe3d68ea5c8bb3112631d5cf1ca6704f3ea1aefec

/data/data/com.plan.kot32.tomatotime/files/.jiagu.lock

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.rd

MD5 89e3fbedce8fe34486e709caabb537ab
SHA1 280f35e9c91f0832bdb27f121d8e2647f55ace1c
SHA256 2230584dc7bd3fd53e388777e3777a2e3c39c90cf585e20d25a11e23339d5dd8
SHA512 9eece39abfab59a60f7ecad7d9666c563410ad3d493bbddb79c7156203618fbb5dba060d43c2f23d9181e51366317ceae5d721bbb96f5df117d67c207a16d611

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.store.report_pid

MD5 170cf047d506d8b8d42999712abea23b
SHA1 b7dbdcee6511523c181b71a40a79138583a89efd
SHA256 b9f205c8abbb5b00881dd8fa2d3e6243a92a362441ad64ca7e150584c2e142a5
SHA512 95ca433b9be9280e7eced2cb783d3c093e68daad879958b3c3e789bf68156226bbea6c8df5e352a07a17f0aa0b04155486a1f6d3413b79e7d4e900f376f7ab70

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.cl

MD5 8773c94076c4f316d3ae7820eb1ebae4
SHA1 06409cf42aabf8698fcb42a767174b96800bfce7
SHA256 3618509cec9cf34bc0b4d389870adf318ab3c6c1ace8dbe0211b3cac9c4eb60b
SHA512 803427f038b0f83a8f3fb1e48dcd3c1d6eea5f57797c17f60b5492009f38a614572307139fe6c9187892d7f33353d64a00f4509aca031592eee1a8516658ad1f

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.pk.h

MD5 f776a92bd29b61a24c7f9a59f4cdd67f
SHA1 debd0875b32061aab2a75f530425879440921ebe
SHA256 65e3110cf8f5fa5f76f369963622cfc8a3a5fe8b53f75e4ad6d790de2adb440b
SHA512 cc39d3fa0c914cbc0b754c8500a9d8c1fe65e31095d45a8ab998318c2a7c980b278a49ec2c2b01c3c9b3397fce40a05af82d7b995bc7d04343f772f99fbcf757

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.pk

MD5 40ec9c8f8c99c34787dbd81bcb0be362
SHA1 9cade5d3c0e869e960e7116722a45003416dbe9a
SHA256 b4d9a0f6db9fbb265dc039b2a57ec121fb2befa1d79746247349136431a08f73
SHA512 fcad3577503e14f546078eafd99cea9ef26440379479ef7931097a7180df2fdea9ec0207332dd610ec64fecd6b23bb90e1519bb5c4e7774e56be7ea6d45862cd

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ac

MD5 a97e7b2788e01942257d1ea261dc01fa
SHA1 fdf5c31d5f815f2cc216907043af81c4ec71a1b7
SHA256 a306246ddca31257f4e4bfbc25c7d4c981153a2f39c62207e742ce2c24a2b126
SHA512 cdaaf70e95000b721d230efae2ba44770349f9ad72b419c38e876ef223b76d34227af33ac9e3e1dde4c2eacaa9681927d7cb5edeaadf5b4ff7833730f781d078

/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ic

MD5 208bef15dae9b7a0e53bd7d7d835ad4e
SHA1 907704972da63e68146ae705349c5dd564b70f24
SHA256 b760c938ff2e8840fdfe9bc0124ed1315476c4d2fe8847716c7f7748f1df9195
SHA512 5d9f066294b5cf277c18c3aad29a19e8fa3ee18c7dea4aaf0a85dc3bfab7ef56e3599c7fd6167a23cd3c2b98ec934fd4f1fe46d6d3556024dde6d9927afd2409

/data/user/0/com.plan.kot32.tomatotime/app_crashrecord/1004

MD5 5cc253a581136a4b72236945778b654a
SHA1 1ee68eeecbc4ab68b6c11044d9205c748bef0cfa
SHA256 e5db53b8df01b742f13784d238e0e9d65a4c8669ea63179a740e037555bb5a3f
SHA512 eed2cda419f9b491fb145be4d913705b9dd73e62674e9487b1338645c05144808c152cb9c6f0a3579c3e85eebac203ff84ace31af489fef3f7dd6fe1725cdbea

/data/user/0/com.plan.kot32.tomatotime/app_crashrecord/1002

MD5 b45e85210bb3ec6019fba302a19f063d
SHA1 510b2960133a1af8b919eaa2559bbf11539da999
SHA256 127fc76c6d1f7cfd41c2a3ca385524d2a35f8c2e316092da98aadf2e41ea2b82
SHA512 606f8b7c8a48921ae36cd7d7769b7ff7ac314289cd5983e098f356a8a784de7543b0b8f960ec9e37bf2c09ff6acea56e8d08e9c38843e805e44cc195d82b4784

/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_-journal

MD5 ee9ccd48145f977615e8e7e000c082a8
SHA1 fa6d6bc3fb2c59ea4a865219bf95d60543f57832
SHA256 da65e9bd62f737620dbe5e2ce7c8246aa83eae20c64f37bab6a319c3aeebc67c
SHA512 754eacd074df99a7e4133b2e6f5a998fb87fc14ab6d0953dcec4b3b24da8eb1b37d70e2fa3913c5e6eb19cd330bab396c1406ef803ba5f51779663c84a314003

/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_

MD5 0e04b222bb36bb893e254b639337bfc2
SHA1 7951b32139c68f70e5213502f22e00e8d88cf54a
SHA256 c1ec41e48db8ffeb0dea9490d480f82a29dc7267dbe791a19e37e899da8a83e9
SHA512 6b1112f8a5a5cca4da31d74f8d4d3c4db9b64fb0b0a98dc181683c1eb3f01e6a068f487b50ef6d1dc53f8d0025c243352fefcc50361459850a2fc705a56dc418

/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_-journal

MD5 45176c3d17a8fdc95589913768ba3156
SHA1 8522ebe8e827b1468d1d6759b870f59c3c5691a2
SHA256 f66593ea341b34f023b4afe8c5b65726d05c721cbab7099c7239081a522ff1ab
SHA512 1e3efc725c736fb1c063d8714f3067a703be164f946e8d7fab0de42ea3234b34adca20dcc4da2f4bc8522e35e52ca42d4a48ef015bbce387bfd6a34e0b0af0ed

/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_-journal

MD5 5895c6718f10446b42298a046d6b46cb
SHA1 4322c5b2cb312ef2dac5ca3ec18aa9d71e79417c
SHA256 6880a71bc0bd942958803def2523f42a27ede7d2f739aa449aeaab14555711c5
SHA512 4eaff688d34077d45b96b4b987d15b32a0f14643be57763cade51d2983f4bb8bf9706a1893c3950dcfebd24b18e98946c03a46b67554672c6192daed9c5d00e9

/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-journal

MD5 d46bc80418be822b9faee86c660de0da
SHA1 5d04a5d0a677878cb44fbd3180b77bf8ef3b3176
SHA256 5b20a284283ced2ccd012e6bd2678fa021a3954871afd543d1de3d8b8015336f
SHA512 29533fc9e861985b2f403670918add4289e73f6d6319c1ebd7070711e0e990cfa799bbf7b3e2d03462e087c86ef5f3869a5daa676a7a9372583002594ef93e19

/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime

MD5 31fbb4e205e3974ec6118d478426de52
SHA1 f0eb337bee13ca414bff57d503cd599e3dc368bd
SHA256 90bb8daa76140a13432904572f1ec56f0030d8fea799f969b2062b79a8c00518
SHA512 e78524a949973ae5670ee4216b7d07e0846ad67182cd5865421028953d382d7853bf8128d1b9fd024705a8ad85164309d9fff9742bbe9a5e8700435499d9593e

/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-journal

MD5 c41c48fa4dafb93be10652440b370de4
SHA1 b58907ce731a481090fe335a683e2d621e108175
SHA256 49cde77e353151a6f78743fd5a8425a8f8f2e3cbe3e8de0d3e069271937f2995
SHA512 570eb21972b5f9861696589370b2b898620cc990126470f45618cc144b1c9b4a9104d19793e1e1931f5807fb136c40c790f1fa00c6b1a4ab6b2bd77d8d9b74f6

/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_-journal

MD5 f09c395253b91c9ab11655f20007636c
SHA1 bec4b7af5ef0b3ea4d478ed20362ea5dae48de1f
SHA256 b63fef4ba4291ac283b5b0877606b2ef4333bd5667a8e6758ea52e358d0d613a
SHA512 0b2f124428779968a24567c432b06f043db12eb4a978a05794198773d82b7d04d53ec81fde46b2c5a0161da8e57c8ecbf3632df9caf522eafedd2945ba7ed10d

/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-journal

MD5 3c0b3b6d77836ac8f449446e8f5094cc
SHA1 4b23ef162bbf55dab23b0fc7b9cb7790768f7dc6
SHA256 977eb219776c6a876e31e8a39a7fbbc90da5c5c90009876389596e08e3fedc22
SHA512 07f62fdcaf6564feaf4787ca40da2b57d43c85cebef2153da829c1b4ea6101247219ef3f6e51059182480dc80db23f3071542495b7edbea620c79337987f0c02

/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-journal

MD5 46af0aa1d60ea7c3cd1c5c2432527992
SHA1 3a2fb3025136b54159a39aec2e9c076f7233f039
SHA256 a77d231cee8cc0fa55b79df4ec3b9c18ffb7f6c22fce22e428e2f7f3433623f3
SHA512 2436b5ad64b4544cc0d846ce52fdb37a55e8fc647c9d48e82bc0a291d3f4cca28e0e4e102a9b7aac5b19a85ab3587d175dab6451c6913b70a05d31d284dc9abe

/data/user/0/com.plan.kot32.tomatotime/app_crashrecord/1002

MD5 8c74658f2e002d053af0ceb0596fa2c6
SHA1 3c7f748ef69d964351e6e6f0fc8563813fe93150
SHA256 2080f875106da57b85a7e572135a4608c771139b2a81d308412e3ebc6641538f
SHA512 f4014b1f475352ad35730853e112c8051be282e9280de205dbb16f4eb5189cb848f5aa6bff864ff80acaee022e1b2efa1a0a726aa3b57bdab9227ee4a7e5d3b8

/data/user/0/com.plan.kot32.tomatotime/databases/bmob_provider.db-journal

MD5 fe0a2ab5bd55d23d540ba3292e8dc367
SHA1 ec956bbaa09e23c7aac8c38509fedb2de91198b0
SHA256 8948909fb28acec8145eaac8edc8f9889428e73396ee07b4c23aadcb74b015d6
SHA512 f2f05919a51468cab0f5abb1975081d2acdc043c63ca122405b47a9b2a848f3368790a18489b8ee70574c33175b5c5d322ab126314dd980159338fc2daf09b76

/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-journal

MD5 2ef80624947232c5c63b61b11fb7a29e
SHA1 6b92ab49c28664119e238e59849d1e18286f0db0
SHA256 db0d7afe6ee6f671690b448da063f72dc14c04e86122c48a1f82a16c058e238f
SHA512 f448f987caf248bbf5bf77958bb0b7b3ea662fec1cd2ac9a93a69d1181a0d59418186c377a69be30e7e442ebbcae9dfde7f2cf7a0fbc1f565caf5e2efc08528b

/data/user/0/com.plan.kot32.tomatotime/databases/bmob_provider.db

MD5 5f4e3337962ffff8c701aae7e17e2c94
SHA1 5db4414b46e7368d7499be5e227c8ab5e1fe687f
SHA256 663686c7fa30d46a767b8afdbbb84671be23590039b71626e40a09aba2041c6f
SHA512 c4948eb2bc6f3ed125132ad53bc26e6841c3e7e42a4c41ef8fdf0dab14f1b9547cc8ab3022f93241d9061cabf812c9c573973682d04ee368564f88095c967ada

/data/user/0/com.plan.kot32.tomatotime/databases/bmob_provider.db-journal

MD5 d817e3107ab9e351bafbbb2e77e52435
SHA1 87cdefd01c049b584fa0294cb2756d1586e7ca66
SHA256 6c6620e337effc36d634b90c141fec8c97d06a73107985652603f7a4d936b21a
SHA512 d61bea9a4783eb8276bd8c9c8d0935d7190f4c9fa6cc4fb90adac25400dfd1d0aa60fd79fd126351942a851b7a90d2af43ff45850ffa8238db1322d0e30301d5

/data/user/0/com.plan.kot32.tomatotime/databases/bmob_provider.db-journal

MD5 72927f987f66d6865508f66f024d4809
SHA1 3e8582378ac3e716dacd2de5608e7f1f5872381a
SHA256 d7b013cb45aadbe08d7b9942424e570841d8b59f4818cc4398ac0b3da08bb02d
SHA512 c7721454885e96f576e68b40b0c8b5bf4def54998c29c3e415356245af1b4d17404f85f8287348ab9311f83197f9546868122a832e20fb4cf50330825b7fe225

/data/user/0/com.plan.kot32.tomatotime/databases/pri_tencent_analysis.db_com.plan.kot32.tomatotime-journal

MD5 460919802fa8c10ef0b26a1fef07721f
SHA1 9b75c21fb8bd7825f0555f49dee57438e69a2cf4
SHA256 c47ac49f924f8cb03d1e28ae7d70ee8525177273093833c591a397a3f2d1c055
SHA512 29a6150af81361e75a163dd8cfd0876aab547e8cf22f53dfb4004f53a2b64a5a086adfc91c4d953e159d8e76daa35312104209375e028e37f8167b860ee0391d

/data/user/0/com.plan.kot32.tomatotime/databases/pri_tencent_analysis.db_com.plan.kot32.tomatotime-journal

MD5 592b26c54ed43be080699a623af4a3b1
SHA1 20bc5f5f53e832ada4b21ec4685f1c3cfd2981dc
SHA256 d206d1952414bb9b048ea74845b04bec352f2c1d3bda5cc66342af51b1f04820
SHA512 54b811f033b05e4227ea775ee023f4c86e393cf9c4be91a2894e3291fa71e453393ea229f08d72b9c6f388e190c32ec714a8268e93cd8c612a2ec8991befae50

/data/user/0/com.plan.kot32.tomatotime/databases/pri_tencent_analysis.db_com.plan.kot32.tomatotime-journal

MD5 f56f933a566f0cf9bc970cb51be14a42
SHA1 3455ced706bc7adf4221dc88d6f3c420af2c5c12
SHA256 8ca870503367c63e53873bbb663ffec1451cc31ff52008c6ad16b71d0f5594e9
SHA512 364bafb1150edbd45ca49dbded8dab9a38bb6d34156519e3b173ba8674c69a95cad1ceb73d1358661c12120051f4c101991088a3cce5512eda8bd14ba0c1f743

/data/user/0/com.plan.kot32.tomatotime/databases/pri_tencent_analysis.db_com.plan.kot32.tomatotime-journal

MD5 63f30a3c5866690e5d4a1272d2931457
SHA1 8e94c8e2634842b87acdff85b7fef69d8d1e68c6
SHA256 316ed314106f7a881b60bff64e5853ac36a6e1543584cd01527e3ebdbd9fa959
SHA512 773f854576710e25c6a3f039c1ee0ca97d07e0d69c13f3b2bb195a5f0eb0e13ea9d0d2d8c15e310d9d2715122f31039bf1dc007a654809f876c6c9ff0a29647c

/data/user/0/com.plan.kot32.tomatotime/databases/pri_tencent_analysis.db_com.plan.kot32.tomatotime-journal

MD5 f72c5a27899db8b695d2dba803493580
SHA1 4f19b369c86d359289e67a85678d4e2d15a53d74
SHA256 46bb73e050d963643d045ff66eea07c5574ef292d09f7d908a3d5cd97b314984
SHA512 f50d55a46d2fe94244a897e6ceb27cc34435cbdbfe154ef1b5e64d19ba9cfc08813fb3459d2a3fa64b3f072711a02a1ed5bcf2d65893da026d1ce688ecd3c208

/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-journal

MD5 91ed5874713df3617cf14b478b69d143
SHA1 c258ef42c3052ea3ac33bf6b59337982de7fe11d
SHA256 3078d592c4704a27b723af395051f802589b327d8b4301af69a99f2e9e2e5c45
SHA512 b088440f389dc94cda687f834f8a77166220b262e94dc91dcc175b24671a96db2ef012228cfc3da0c7e9d2c9c7a734b7009522683646bd58452515fe8ca007d4

/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_-journal

MD5 c9997db539430a30e42f48219d6bbde1
SHA1 527293752cca35d8e31c7f48a5b11f0ac00f0eb8
SHA256 587ec0de467f4f193a0dc2474d018d3c65ebae9cfff83fa568a65bbc808821a2
SHA512 7bbf25af909f1628dc78c319a29b11f77c561ec04fe5ad639f0ae8d077bef769c216249d39a6378234c26a944fb862d6acc4a5a5a3af4453b92ddeecd36f408a

/data/user/0/com.plan.kot32.tomatotime/databases/afinal.db-journal

MD5 985f3fa9bae63023b290a9ef9f0c8bd4
SHA1 9cdc32bc7afcc401c0cb886106a6efd58c5f3b0f
SHA256 1ac6f701fcfac3917b989d01d68c40d0309986eb1dcb4fcc15b7824a2a07a772
SHA512 0ab8cb785e07217c1f93ebb8bf4fe3f7d11f9488f38459d35339fb629a79076a0bc6e87d024acdee86420e7e641a9012d96d07586e629a2ba01b74ff6d20f963

/data/user/0/com.plan.kot32.tomatotime/databases/afinal.db

MD5 33fb6e8756732cd13c12574c65a51279
SHA1 7aeebadab57aa37b09a264c5df741df7bb9e309e
SHA256 1e4c3d7ff841a9965a10566968fa7b630c98136c9621eee9fa5b9ea292c1e03b
SHA512 65c44a9671f53b76ee99a207c6bb8226b6acafd45e3f0da2c5494bb3e60b8b747e648abada78291081aaf4050449470a1e597f586fadf647844fac777409b848

/data/user/0/com.plan.kot32.tomatotime/databases/afinal.db-journal

MD5 ceb4582922609c615d5e9bbd6ab7e21f
SHA1 db1f944fa7b516b7ed30f16e2ff0fb0b27dbc08a
SHA256 29d2a10636b43b18b16bbe3870229df765b24ebab630f37927ea042d199312c7
SHA512 ab473c649c1c1af63dbd35f81129cae2042cbd6da6e253afb39a34f6f4500c873621de4d18852e57341737f8d0ebd7963a47fb1b9ea7b223b2487b966f01eb9b

/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_-journal

MD5 e693f65285661e123706dda40f59653f
SHA1 54c3c19f748c5d6f5c247ba6d16285526793ffb6
SHA256 5ef8e6a23f893b691f7660d914866a919f27993eadadc1b235ef94ab7e52c641
SHA512 59cfb8b13fb0eb2d7881527db76bdb9933d14426b72732f37ca9e5c531079cd287f3b015f0c67a13e655b524eb92b349191198c3e84676c8b0273a2a3a566649

/data/user/0/com.plan.kot32.tomatotime/databases/afinal.db-journal

MD5 f163a5c6f3dd889df3bbf112529fbd3a
SHA1 5bc112313b923ffda1591736f482bb7298fa8a14
SHA256 6f165dbe1b9d675205d387c021f2dbc16c7f2d48d473d025e35e83ac0dcc9d41
SHA512 5cfb41d2be91262815c9a35419e41f7ca9970978820043c0d84fe71207a2b2e2e698deb8663321d04ad2e4a64ea3061f167cc23c5b99c8f785439ce2e0466b38

/storage/emulated/0/Android/data/com.plan.kot32.tomatotime/files/MiPushLog/log1.txt (deleted)

MD5 f76a180804178fb6e98871ebaaf0e233
SHA1 45ec003e5309e89ae505d4775e78af57f498f880
SHA256 34625fcea0d3d283ec2ef1aca099db074fc57a41c9b490572bdf4c61cff01076
SHA512 4710d8355fb8649632574076b521dafc96390523c494b80c86ad67bdafb27c115c74145cba4346a548e9658618641b9c5a574205cdddc515a52a4c5c53982317

/data/user/0/com.plan.kot32.tomatotime/databases/afinal.db-journal

MD5 75868a9df8718f830bd1bc0425aaf085
SHA1 15a9e861956deb26754b61275e812611f26a980d
SHA256 a3732cf822a10eb243d059a5ee940e69320ddc0676276639bd17b778d1d97f65
SHA512 69bb6005e8797ebdaab5fc451dd2dec73dd9d5c0c8f4d478294a94fbb35c4b3f5a68d70733ad31e74b9dbdda9193e2e20aaf8e55d934bf85eb75a9b4efc41ce5

/storage/emulated/0/Android/data/com.plan.kot32.tomatotime/files/MiPushLog/log1.txt

MD5 c920547bbbea4057e07976717e140e43
SHA1 302618bb385579af2dd9b2482bc528bbf395f1e0
SHA256 002763757af37e2a43de2702f0499ed335e4594a85ea6a3d5d4171e7464b5c1d
SHA512 86c3e6c6284796f70150546c414f45af42d172cfd3cfbc485d01b4215c5c37ed734d0768791b4fac055ed5db69cd3f0fbb2fc0c0aa897efdae76524c43d56015

/data/user/0/com.plan.kot32.tomatotime/databases/afinal.db-journal

MD5 968593bcfcaa8dcc733c50979103963b
SHA1 81c473577a1f261316ce617fdc59b7bd250d531a
SHA256 09e96e1c70b4e2603b5510523dfad563fb4b9d96e070644bcee22a06bdd246ad
SHA512 d033ca21348b1d5bc85dfe7b971090a179b36ed9a94f5da81b6124c6f7b532fe6b9f16975b2507857b49b6d9f0c8f88927e71f609d31705ed1a60c32094fd294

/data/user/0/com.plan.kot32.tomatotime/databases/afinal.db-journal

MD5 6909aa5b3e0a64a46ea1df5dd2e0dc92
SHA1 2d156cf746e38c2eef3e957ebb53d8eaa12c2901
SHA256 03974c94327fbe4b6181369bca165424d7bfee28ab9089e652a625a65b82e095
SHA512 d5c4cfee8a89c1d5da466f7521c609a45b63b1db284c775e6f3838db8bc72309f514f4cb0c60e489cf7313802b1d991db397c26ccbf7f5a10d557a67ca9634f4

/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime:pushservice

MD5 a1e0948bbd990fc36802c4671c2be87b
SHA1 7a291ced8286851c353be4e5eeea835e09c9c4f1
SHA256 86f17e0772987468a93a2ede105b3215d4ab722e4d26363ed4bb16b2c80572e2
SHA512 cc0b4b9aec8c0e2988a6bf25c5323aab07dfca48758507fbc604192064ceb3e254ebf59458c6de5a330f62bb767268d585ac6105d0aa941700ed9fca49618e8f

/storage/emulated/0/tomatodo/image_desc

MD5 f96f06abb15ae0842b90cd5c9ef8af71
SHA1 7f959adf5fb8d1d9414b4a0c4bce09d5353c2ccf
SHA256 55dc9baf888712459d49871719a37a75d7ddc8d51ba3ad77d78c1a36feec4cbb
SHA512 8e724ff6e2c18c5c3705803c9f8ea6f11cd65c3038209e79b56d3e43ebf9d5bce8f3530d08562587b0e3e2d0bfada9c910f4f896f26b431ef97c5b8f55421163

/storage/emulated/0/Android/data/com.plan.kot32.tomatotime/files/MiPushLog/log1.txt

MD5 ada53792eec237d32b3839f0b75c0f76
SHA1 fb098a673e81ebcfa6a27546a57937ac90a7156e
SHA256 c7c8125d4ef6adaffc8af10be2467bee4459060fc0516a87958e22a9a0c8c4a7
SHA512 8518f3024f8f56e31c73f018da3e9bf5b5548fe83d5c57f24dcdb9fb6d33bbc864de72be67c9eb2a723e96c187f9cef6f5a905b7b1f986b1fe16b7dc75b674d1

/storage/emulated/0/mipush/lcfp

MD5 d8b6791c027db560e0e90e4a560d0124
SHA1 67aa2f160c54216f7c34e1b81fad276030349ae3
SHA256 9b6ecea58e909520d9ae17122426e8ed1f9f539f87daab0e4fdbec0a770f42e9
SHA512 e36b607eb387c3cbf94dc79c50d7be23212e9027840a46593d122c133ef9c2342402f1fea4d0beb29577a174a1af8cb2bf000b72b4963ed5ca4e87cd0314de7b

/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_-journal

MD5 648e3c0e1631e9ef389eef461825ede7
SHA1 013dda895568cf3ea0b2afd9ec43c30c4b51dc14
SHA256 76c5fa35b453167bc1051ec4c8bf45eb06c77ed557f17babcddfd0731ba65412
SHA512 aa95ea096fbac4f586046a9fafdc7a62a94dc22b12fbfb8011b221940a729c00a2898809813da6e29f80c0bf3849359d2573abe17aeeb4fcd4752476dfa1ef60