Analysis Overview
SHA256
5577c3572eec192271402733140e270bbfff6ebe7b6e6d70bf4a8acafd9ef5f6
Threat Level: Likely malicious
The file 98daf1bb869a3cc4d8a4eaf1ca70658c_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about running processes on the device
Queries information about the current nearby Wi-Fi networks
Loads dropped Dex/Jar
Reads information about phone network operator.
Requests dangerous framework permissions
Queries information about the current Wi-Fi connection
Declares services with permission to bind to the system
Queries information about active data network
Makes use of the framework's foreground persistence service
Uses Crypto APIs (Might try to encrypt user data)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-05 18:00
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by remote views services to bind with the system. Allows apps to share and display views across different processes. | android.permission.BIND_REMOTEVIEWS | N/A | N/A |
| Required by remote views services to bind with the system. Allows apps to share and display views across different processes. | android.permission.BIND_REMOTEVIEWS | N/A | N/A |
| Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. | android.permission.BIND_NOTIFICATION_LISTENER_SERVICE | N/A | N/A |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-05 17:59
Reported
2024-06-05 18:03
Platform
android-x86-arm-20240603-en
Max time kernel
177s
Max time network
186s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.plan.kot32.tomatotime/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.plan.kot32.tomatotime/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.plan.kot32.tomatotime/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.plan.kot32.tomatotime/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.plan.kot32.tomatotime/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.plan.kot32.tomatotime/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.plan.kot32.tomatotime/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.plan.kot32.tomatotime/.jiagu/tmp.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.plan.kot32.tomatotime
com.plan.kot32.tomatotime:pushservice
/system/bin/sh -c getprop
getprop
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
sh -c ps -ef
ps -ef
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | hk.pool.ntp.org | udp |
| US | 1.1.1.1:53 | asia.pool.ntp.org | udp |
| US | 1.1.1.1:53 | ntp.nasa.gov | udp |
| US | 1.1.1.1:53 | sg.pool.ntp.org | udp |
| US | 1.1.1.1:53 | tw.pool.ntp.org | udp |
| US | 1.1.1.1:53 | cn.pool.ntp.org | udp |
| US | 1.1.1.1:53 | oss-cn-beijing.aliyuncs.com | udp |
| US | 1.1.1.1:53 | time.asia.apple.com | udp |
| US | 1.1.1.1:53 | jp.pool.ntp.org | udp |
| US | 1.1.1.1:53 | pool.ntp.org | udp |
| US | 1.1.1.1:53 | tomatodo.oss-cn-beijing.aliyuncs.com | udp |
| CN | 203.107.1.1:80 | tcp | |
| CN | 203.107.1.1:80 | tcp | |
| CN | 39.97.203.59:80 | tomatodo.oss-cn-beijing.aliyuncs.com | tcp |
| CN | 39.97.203.59:80 | tomatodo.oss-cn-beijing.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | pingma.qq.com | udp |
| CN | 119.45.78.184:80 | pingma.qq.com | tcp |
| CN | 203.107.1.1:80 | tcp | |
| CN | 203.107.1.1:80 | tcp | |
| US | 1.1.1.1:53 | api.tomatotime.cn | udp |
| CN | 106.75.14.172:80 | api.tomatotime.cn | tcp |
| CN | 106.75.14.172:80 | api.tomatotime.cn | tcp |
| CN | 119.45.78.184:80 | pingma.qq.com | tcp |
| CN | 106.75.14.172:80 | api.tomatotime.cn | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | tomatodo.oss-cn-beijing.aliyuncs.com | udp |
| CN | 203.107.1.1:80 | tcp | |
| US | 1.1.1.1:53 | tomatodo.oss-cn-beijing.aliyuncs.com | udp |
| CN | 203.107.1.1:80 | tcp | |
| CN | 39.97.203.59:80 | tomatodo.oss-cn-beijing.aliyuncs.com | tcp |
| CN | 39.97.203.59:80 | tomatodo.oss-cn-beijing.aliyuncs.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 203.107.1.1:80 | tcp | |
| CN | 203.107.1.1:80 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 142.250.187.194:443 | tcp | |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | tomatodo.oss-cn-beijing.aliyuncs.com | udp |
| CN | 203.107.1.1:80 | tcp | |
| CN | 203.107.1.1:80 | tcp | |
| US | 1.1.1.1:53 | tomatodo.oss-cn-beijing.aliyuncs.com | udp |
| CN | 39.97.203.59:80 | tomatodo.oss-cn-beijing.aliyuncs.com | tcp |
| CN | 39.97.203.59:80 | tomatodo.oss-cn-beijing.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | ebjvu.cn | udp |
| CN | 112.65.70.244:80 | ebjvu.cn | tcp |
| CN | 203.107.1.1:80 | tcp | |
| CN | 203.107.1.1:80 | tcp | |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
Files
/data/data/com.plan.kot32.tomatotime/.jiagu/libjiagu.so
| MD5 | 4f96450368abc4976389ba6a8868c92a |
| SHA1 | 04cc1bbd8c890fa68e860000deafaa6e5c686465 |
| SHA256 | c0417a15db824d1b60046cdc6cb1219c51dfe63c13882b5ebb1921c186bf1d6c |
| SHA512 | 3c2511e8c5c88514989b982dcdc7f960b13d583fce123edbd95235d008659d75ddab93ffd9e0356e7816a5e5068ef6f6b3cc6564f90862202881772433e1715f |
/data/data/com.plan.kot32.tomatotime/.jiagu/classes.dex
| MD5 | a21a9dc62ee865aa85fedfd623754fd1 |
| SHA1 | 4e84ddce9d9b6402db9f34984336a0fa97f3cb30 |
| SHA256 | ba2c9ebee2e4fd715955f44fe0ae99e426a25ce9146889b986be049a3c80ce4c |
| SHA512 | 8d7bbba6162b21c66be3205c55e0337538b1416a1d6367c83dc36de66d98c0e87241bcc156f4146f57af5ea586919e9327dbac50a067bb760a9ec288848cd927 |
/data/data/com.plan.kot32.tomatotime/.jiagu/classes.dex!classes2.dex
| MD5 | a81dd0f7f7d734b5b8268bbfaca596db |
| SHA1 | 2b30bf7eb10c8b26ffe48dc7323d01ac1d4acfff |
| SHA256 | ca5f159120a46da65e18ac7f2e2357c7b97ad3a05bfce7eaba53f4dfa083e98b |
| SHA512 | 1642b0dea92e273c691cd7c6af74374bb7a7bf50ff962e8b97d07c46c76c91d64f6e1aa6531f80673c4f43a1bd46cf7197c2fe3ecd005d23d7c233850d4cbb62 |
/data/data/com.plan.kot32.tomatotime/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ri
| MD5 | fbba008510d807be009acf5b5bfcc63f |
| SHA1 | 9ad9576e7a4cf91876c28a6254ae314f3797a69d |
| SHA256 | aa488bcb83b16726f7d1618dd1232ac8e7eacc99e6b8411c3c7ccc5ca4fda9d6 |
| SHA512 | dda2226c807f5bc6ea27bf334a65d5b8dd09b927a360c2588f73eaa9fc95ea75e635257c7c0e0d87e8fb5499cd5c8834054935f60ce0ef043bff0599092301b9 |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ri
| MD5 | cc441357a4a0b910bf42eec82558de8f |
| SHA1 | a9260e895508bb1a1510ff87d1eda7c1b81a599d |
| SHA256 | eef38865aaa0469af3259cb0add130311d13c64f2900c01c43d58e247fb6d9b3 |
| SHA512 | 1f4ce3a72f8931b84cefb50653176e00ec4378b0ba4c43e91f74ddce50a5f390bcee3b3e1f01ba0c464e4c2646ce049af3d6e40c6aefeb261c30fdd5f84ed9f8 |
/data/data/com.plan.kot32.tomatotime/files/.jiagu.lock
| MD5 | d3ee77d2ce3ccd4816507653d55fe763 |
| SHA1 | b3388ddd7c1e7def2cf288e8be57c981bdb512a4 |
| SHA256 | ee1cec080d5cbf781cb19f22322291112e83bb72cd8b9fef0d23d8414b5b26a0 |
| SHA512 | bc2057eb1855c056275bc89bd5c8b04287367346e8717d86766d66385ccd70efa33372dbaa176f041474381f55d3e1ead5535d9779ad9e8e238dff6c05d8acf0 |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.rd
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.store.report_pid
| MD5 | 28cd15af90e074563903d50ba8128652 |
| SHA1 | aa008f9a50e1e2cccfc506042567c5a7ca3c6d9f |
| SHA256 | 5ac073d7086d7c27ddd9384e691f12e9183221ec292bc0d737199f63a4f7bf97 |
| SHA512 | b8e7d4b7d8576061bc2abb164431e7ba6300bb1ac461f89150274fcb1f6a576b5ef0c2734e5ff296f1f44e7d76b799446de20d44a1f34ce4b596b3d2bbfc5549 |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ri
| MD5 | 73a3fd2df4d3c110ae4ee494f2a53ece |
| SHA1 | f4b98f632b9b7bafa36979accb40687966a4df5b |
| SHA256 | 1aad3b89925f13da6dcacb20e46c14bf32b76f390b40ee02aa2cc5c8fe8391fa |
| SHA512 | ef7b45f49857a8b513e5dd8c7f92c6385bd70ae4106063189fd4596f0b0e88e3d40961f8fbafaffb446a821f85ee798df13c962fbd415509317cb955cec177ec |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.cl
| MD5 | fe1b0013d987d87bb876d9aea163f7f9 |
| SHA1 | 722e8b5be909e81807bbcd3b8fa6c88020e9a5a7 |
| SHA256 | 53fd64fcd498741b20acb3ee7e585f98356207cc6a4e1b12dea20ac2bb98e85b |
| SHA512 | 3df0bb170fc84ffc9ce2d14508df1838b1777adc2e76d38a023206d1c1a37d36b70361ca7733385907bf6f332828545d6f84f2d52b27eec3a68c1e62a84ffb6d |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.pk.h
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.pk
| MD5 | 3d0444144815db2493c739c04f84f463 |
| SHA1 | 431580e6080f96b4ae07a1b18f4ed401eb709174 |
| SHA256 | 5ec9998d205630ae7f00d92fa9b4ed1e1575a2b67d232cdcfa2525bbba0df915 |
| SHA512 | 056a4eb1ffdcec95d0047160988fe60edcb2880d16fcc239dc03ecaa19e229ace974d9253563d2378d28f0af1cb856d76e10732e810a005ea0951cc7900f0c34 |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ac
| MD5 | b6416d6d58174c6565491c2b0c2e8e4b |
| SHA1 | 03e3277006fdd78cfcdf1e4cd79ed98ef5f83a4c |
| SHA256 | 1a977e509a34ba7945579a18260a5075744ee4d45a9f64136b265ebba663b5c7 |
| SHA512 | e3f57a88c0adca9cfbb62e62fc6f81f469734f67025a6aba42e2acc3a23c55f1fe80958c9313ab1c0ae3182a8bb0417e968a766032c325c92a451f7de6dac3a8 |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ic
| MD5 | 71dd433d1036ae8e9743f03d2591840a |
| SHA1 | 5c7c95ac059211d21359107ff042096444d332b8 |
| SHA256 | 7c70807c39ac4e9263853ec034d8f7dfab6aa71f03d3ef5476676cc536f1d864 |
| SHA512 | 9e0dea86620a75c9b329e5599da9d9dbc71671a41a792ee5dbafd0c7ddd01ec2d3211e43ae2b31220b88dfce3350fe73c02398013b88a565ca31332d85c86e8f |
/data/data/com.plan.kot32.tomatotime/app_crashrecord/1004
| MD5 | 93181c61f27516ef718ebd297593f0d4 |
| SHA1 | d87bd42a02c2018f242960cffba58a2abb85696c |
| SHA256 | 0ca910a30c3e8c1df38a4cf12f5e4fbcfc3b36a60a67077f06a1abfefba319bd |
| SHA512 | 3be9476312a7d1d72565d8c2b64e4ef4b94ef71da5007b4f9d8b26aca1f60ad1170b6b591d73a485bace794c46cdb34f5bbb607f34012dc3370ceab29df057f5 |
/data/data/com.plan.kot32.tomatotime/databases/bugly_db_-journal
| MD5 | 4bde88430ef3cbe9061197fa2e37150a |
| SHA1 | 7e4633af9fe635c099168c57f791dca84c4c5274 |
| SHA256 | 17e8c6bd4860a8762a508fcfdc17fdae35aa0c8e5a090a47bd80d2f975bd29ee |
| SHA512 | 6f766e2e753f269aa606739a21f40ac1a5f02ecd5cd963d36d89900ebd9a158da374619581bc53c6c82113260a70a15cea5b10c43029ff77709f77b319d8a857 |
/data/data/com.plan.kot32.tomatotime/databases/bugly_db_
| MD5 | 82b67c2da6111d5bbd2d914af4fe7225 |
| SHA1 | e8c5a38db837d979cc2f041da25e352dbfacc6dd |
| SHA256 | 93a35adad2570a687e0bfdb43b7aac4719be60a8aa498636ec8f7d5d4ff0a9b5 |
| SHA512 | 1397125b5e587402d36adebaba6df2f4616d53dcdb61cfe680cc7c93918e99e01e9b927ebdc9087df85722f768aad182f5a886147bddd8c36164189bbe2ac39c |
/data/data/com.plan.kot32.tomatotime/databases/bugly_db_-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.plan.kot32.tomatotime/databases/bugly_db_-wal
| MD5 | 837a8728fd58d33b8456e9fc77b40dec |
| SHA1 | e3e3fc63157596325941ffc8dba57b84d04f692c |
| SHA256 | 5904ad9ef02d153d1b8dafa174f13394e86671c7d54d6f19ccfe7fac7300b4f6 |
| SHA512 | 31f62d99d631233f7b30a19473846715e274774eca8b1221bb6ae81f28492a8e46b9682fb5f9a4e77791885b45dae8529f1c3c70ceb9cf846afe7ea4222842bd |
/data/data/com.plan.kot32.tomatotime/app_crashrecord/1004
| MD5 | 444ee9e696b94249f5cec843a82c3045 |
| SHA1 | 1997dc5db1af2e30bf13b3d6206ac829e4effa72 |
| SHA256 | 5657ce0b4d438056160b751c03ae42c95f516aef16c6b69ec9d0a420caf3e274 |
| SHA512 | 09b1fcc347abd9cdbd1b6b4bd3020093dda99840f0163caebde37bbbdcadb611b6a87df7ef51703aa627f3c4e3886c188456e5489339a38383732e102221c5fb |
/data/data/com.plan.kot32.tomatotime/app_crashrecord/1002
| MD5 | 4f392f68e85d4f91e7bc7daa48dae724 |
| SHA1 | 035a900d0a8ae1231a4b94d19e621508986146a7 |
| SHA256 | 73eabbe2be69b6d6a0881d3a1e8707507f5a2ddd58157a5ded3fd484810ed9a5 |
| SHA512 | 35187e87335c9e202075810949de84c171fc157d4d06c5c9d35dbc2758ba495213b7eb8794b5c0b554cd75e104c6893eb7f121c517e5c8fdcc34963ca7e57ee8 |
/data/data/com.plan.kot32.tomatotime/databases/bmob_provider.db-journal
| MD5 | 2d1174690b0efd411c55c6a2d2501a24 |
| SHA1 | 041345be0e98666f539a8e672be53e5bb604fd21 |
| SHA256 | 7c146ad0cd12f03cb7f7d3aaf77617997994ae449c833907efc90f30dea95a67 |
| SHA512 | 2ec6b1107fdfe151155477c736361db80ab155695199ddc086d92e05fd98f5d176399bc28df173fe532d8b733a60339a8de2a8660ac4cb611db64d54a80269dd |
/data/data/com.plan.kot32.tomatotime/databases/bmob_provider.db
| MD5 | f6bbef0084c821d5b84a9950e229b844 |
| SHA1 | b4393d460cda1891633fd57f6d770c96398f4136 |
| SHA256 | 936ed13b0671692a2c1e4d7d18e175134bc66423fcf0fb9cda5f7c8422707e34 |
| SHA512 | 93d697a0b5dff379daaf58444242f935d229d445f18cf610fa261ee4898d8af304e12d9035656f24a23e67917f7f45642a131e46a65ce322e9972f629fcdd38b |
/data/data/com.plan.kot32.tomatotime/databases/bmob_provider.db-shm
| MD5 | 35274d00c1ac9259da1ef2e3a9a8b6eb |
| SHA1 | 944118aed9da0a5095a92cafd1f124b011e3cfad |
| SHA256 | d225f0d2418936d3f7bf10c5ae4a247b91cca71ab7a9ea79cc5902f77c284978 |
| SHA512 | 0ff421cc1b90a85ce1afc2ba4880bff850ffa3cfaf2c2b9edd00b4913162016d5459e2a3e35b49beeb20590644b288da8506ffb06ef5106b54b3472250667b4f |
/data/data/com.plan.kot32.tomatotime/databases/bmob_provider.db-wal
| MD5 | 271e3c29aa8b492b2e14ebc1b7b8f86c |
| SHA1 | 94a53531ea0d9697bdf22964ffff56c4e55dbc76 |
| SHA256 | c36c15657aefa2cbd73e65c946814e9784f800443c402b4094feeb94aace39e0 |
| SHA512 | f5e7e31e84331f80691e4310a3e2aab3de2eb49d56e7c791e0c9faa9d844088b8f25b6b0a707a11f83ee264f34b093628cf2be0cec904fa8b4be4b9c478444d1 |
/data/data/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-journal
| MD5 | 07862928582ce4b30fbf2d119d209336 |
| SHA1 | 11845ed04674b4a6542ff5aba51f2509535fd22b |
| SHA256 | fb65348554d9f56e7458c01017f41ee27a11a855608057889efaa56764542d1c |
| SHA512 | 079dab6c6cf052002da918967d09675ab1e432d51aac4ad14064bb7daddcab0bd86ab81183ca553d230c885f81c3f8ec4abb601cc46008b5f60d3207eb710e44 |
/data/data/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-wal
| MD5 | 32e5360d2092678c4ca6e5244f38fff0 |
| SHA1 | bd52a218584f2709f589b3a2b007ff23c483c3b3 |
| SHA256 | 54cdc8c13305af7b10bf410dbda40483c3b624241b6d78d09c4921f00a629aa3 |
| SHA512 | 15f3393b350aaef7350d5a9ea35ad3b60aa0630d71b92fc0eb6d7bf136409b492c5e0f2327096abfb86cb207a79c08ac487032ff6642d1213b2c1337fe9ea288 |
/data/data/com.plan.kot32.tomatotime/databases/pri_tencent_analysis.db_com.plan.kot32.tomatotime-journal
| MD5 | 0dc3037cb909fc3aeca9566ba5040153 |
| SHA1 | 1d7a1a2bb7b7780f6e41092f6cbb51d57dcc5c55 |
| SHA256 | c718036d90cbe7449be8495f0604cdf7629b5940b50e5d3bc93a036a04596f71 |
| SHA512 | cab8c7671b13844b262e1ff756b19fa6a1d1a583261f929d6a64b68733bc4151e10d1c7792d335f3fc4a807fa95631e43581db8a4e3dc9289703402e0ce588de |
/data/data/com.plan.kot32.tomatotime/databases/pri_tencent_analysis.db_com.plan.kot32.tomatotime-wal
| MD5 | 72e2bcb98006f0907d669ca93d1e3040 |
| SHA1 | 9dca10abfb121c79ec8ebc49100ad30eca9f7645 |
| SHA256 | 338ae4a1d23915a83e81045d0ba5cc60b9f00d502f84efcb446fa21ba92457b5 |
| SHA512 | 1011e8a632a0411f473f0b3d7b6ecc6b78ed720da1d2af25a99ab244c556bd9e408f79361d03749d182647965ab26e787a6c382ad0696fe09c339800d1dc104b |
/data/data/com.plan.kot32.tomatotime/databases/afinal.db-journal
| MD5 | 432087ef95f7134d7576a25aed0b3bdf |
| SHA1 | 4e039f0014cd3f1b43a45a3e2e413f574d5754c1 |
| SHA256 | 40a4808fe347c95daf751347def0ebd58c86479d3aa651f4e6bf7b9fb65b77a8 |
| SHA512 | ab2809c1b84887f44e1b7cb87cdf8ab946e84dc71e6cfcef98058424608c83ea00a04b98365ecfc57bf19c3d94211a93ced00b3b011cebd64611642c98955b2c |
/data/data/com.plan.kot32.tomatotime/databases/afinal.db-wal
| MD5 | 17abbf4fe4dfd442393840709a06cf7f |
| SHA1 | bc8048d0d9c0089c9a1c91423fea33b629cb5b05 |
| SHA256 | a03eafeff6ad84bd769934b4943f06c57b8a7f9cefe494754e16d20490f52726 |
| SHA512 | 707fc6f8e9ab7afbdf5181c3cde563485e20b40335b37ad84de924405054c020b232834885a1df0616625e9eb02503b1956f7e09ebc2627585980e799bc97384 |
/storage/emulated/0/Android/data/com.plan.kot32.tomatotime/files/MiPushLog/log1.txt
| MD5 | 54d056e5893f0c0129e802ce2c7a4ba9 |
| SHA1 | 107f85b18a36a527214dbd9300646f55f15d12a4 |
| SHA256 | 23b36f1118c7c20d9a7c1f7007e6fd76ee3b875d39789fc07265c0ee1b5fe381 |
| SHA512 | 3810ca40b526d5b77b6631a2db71d1e05228bb60ad3240d9f2a28a9b4f8ed2a15355f55854fe62dd8a19850a459275612e3e5c1aa7a5444041405b3e0d9f93dd |
/storage/emulated/0/Android/data/com.plan.kot32.tomatotime/files/MiPushLog/log1.txt
| MD5 | 5ef398f730a418d0dbe913123be26317 |
| SHA1 | 6cf02343f3cbc8a5fce531220538bb7cb73467f8 |
| SHA256 | 836e993264828db11a8d99c6a7f7239a86fe75a3297fd5eaf7fd860221645375 |
| SHA512 | bfea01a679d50894810264424ad742a6d5b267d92294a44ff361ee4548134ae110be3c050823860bca26823e181224d9c170d2d05a440a351240bec0f1ee9c7b |
/storage/emulated/0/mipush/lcfp
| MD5 | 449f958b1eea0fa18876f66b085f1cb7 |
| SHA1 | efd3da254373d1d09b3bdcf38940060995a5c384 |
| SHA256 | 2db42e25ed63f844ce62f6d15215130562b2d790022519e9cd1b6fa3a1adaca0 |
| SHA512 | 67992e968cb2991ad8f4b9fbda95efc5fdfac1bc156f8ddb1249e955b751a22b5488ae904933417f537c7e6c120368019d9ddc9121e168d31a2bfbd726809c9d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-05 17:59
Reported
2024-06-05 18:03
Platform
android-x64-arm64-20240603-en
Max time kernel
172s
Max time network
187s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/bin/su | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.plan.kot32.tomatotime/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.plan.kot32.tomatotime/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.plan.kot32.tomatotime/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.plan.kot32.tomatotime/.jiagu/classes.dex!classes2.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.plan.kot32.tomatotime
com.plan.kot32.tomatotime:pushservice
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | hk.pool.ntp.org | udp |
| US | 1.1.1.1:53 | asia.pool.ntp.org | udp |
| US | 1.1.1.1:53 | tw.pool.ntp.org | udp |
| US | 1.1.1.1:53 | ntp.nasa.gov | udp |
| US | 1.1.1.1:53 | oss-cn-beijing.aliyuncs.com | udp |
| US | 1.1.1.1:53 | sg.pool.ntp.org | udp |
| US | 1.1.1.1:53 | time.asia.apple.com | udp |
| US | 1.1.1.1:53 | jp.pool.ntp.org | udp |
| US | 1.1.1.1:53 | tomatodo.oss-cn-beijing.aliyuncs.com | udp |
| CN | 203.107.1.1:80 | tcp | |
| CN | 203.107.1.1:80 | tcp | |
| US | 1.1.1.1:53 | cn.pool.ntp.org | udp |
| CN | 39.97.203.59:80 | tomatodo.oss-cn-beijing.aliyuncs.com | tcp |
| CN | 39.97.203.59:80 | tomatodo.oss-cn-beijing.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | pool.ntp.org | udp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | tw.pool.ntp.org | udp |
| US | 1.1.1.1:53 | pingma.qq.com | udp |
| CN | 119.45.78.184:80 | pingma.qq.com | tcp |
| US | 1.1.1.1:53 | register.xmpush.global.xiaomi.com | udp |
| NL | 20.47.97.231:443 | register.xmpush.global.xiaomi.com | tcp |
| CN | 119.45.78.184:80 | pingma.qq.com | tcp |
| CN | 203.107.1.1:80 | tcp | |
| CN | 203.107.1.1:80 | tcp | |
| US | 1.1.1.1:53 | api.tomatotime.cn | udp |
| CN | 106.75.14.172:80 | api.tomatotime.cn | tcp |
| CN | 106.75.14.172:80 | api.tomatotime.cn | tcp |
| CN | 106.75.14.172:80 | api.tomatotime.cn | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | tomatodo.oss-cn-beijing.aliyuncs.com | udp |
| CN | 203.107.1.1:80 | tcp | |
| CN | 39.97.203.59:80 | tomatodo.oss-cn-beijing.aliyuncs.com | tcp |
| CN | 203.107.1.1:80 | tcp | |
| CN | 39.97.203.59:80 | tomatodo.oss-cn-beijing.aliyuncs.com | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 203.107.1.1:80 | tcp | |
| CN | 203.107.1.1:80 | tcp | |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 203.107.1.1:80 | tcp | |
| US | 1.1.1.1:53 | tomatodo.oss-cn-beijing.aliyuncs.com | udp |
| US | 1.1.1.1:53 | tomatodo.oss-cn-beijing.aliyuncs.com | udp |
| CN | 203.107.1.1:80 | tcp | |
| CN | 39.97.203.59:80 | tomatodo.oss-cn-beijing.aliyuncs.com | tcp |
| CN | 39.97.203.59:80 | tomatodo.oss-cn-beijing.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 203.107.1.1:80 | tcp | |
| CN | 203.107.1.1:80 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ebjvu.cn | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 112.65.70.244:80 | ebjvu.cn | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
Files
/data/user/0/com.plan.kot32.tomatotime/.jiagu/libjiagu.so
| MD5 | cd9f017a46767eef8026d7b62fd50eda |
| SHA1 | 738794ac6f0a7a86a116b602cafe1e05fe0d2b00 |
| SHA256 | e445fdc8b2b1baf0f49b5c4796cfaf3364881114ec7a1dcf09003a8e2e1350b5 |
| SHA512 | 8eb412244a99394959f0d6d364472b7437f4248f685ff2da3631c72ce82d533503640df116c08eda9f9389c0f41f524a93909beff8c5a0bf072f75b300cdb91d |
/data/user/0/com.plan.kot32.tomatotime/.jiagu/classes.dex
| MD5 | a21a9dc62ee865aa85fedfd623754fd1 |
| SHA1 | 4e84ddce9d9b6402db9f34984336a0fa97f3cb30 |
| SHA256 | ba2c9ebee2e4fd715955f44fe0ae99e426a25ce9146889b986be049a3c80ce4c |
| SHA512 | 8d7bbba6162b21c66be3205c55e0337538b1416a1d6367c83dc36de66d98c0e87241bcc156f4146f57af5ea586919e9327dbac50a067bb760a9ec288848cd927 |
/data/user/0/com.plan.kot32.tomatotime/.jiagu/classes.dex!classes2.dex
| MD5 | a81dd0f7f7d734b5b8268bbfaca596db |
| SHA1 | 2b30bf7eb10c8b26ffe48dc7323d01ac1d4acfff |
| SHA256 | ca5f159120a46da65e18ac7f2e2357c7b97ad3a05bfce7eaba53f4dfa083e98b |
| SHA512 | 1642b0dea92e273c691cd7c6af74374bb7a7bf50ff962e8b97d07c46c76c91d64f6e1aa6531f80673c4f43a1bd46cf7197c2fe3ecd005d23d7c233850d4cbb62 |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ri
| MD5 | a7c326c1a572b23eb2a2851828352b4c |
| SHA1 | 4c8beab07e2b22b29027e52fd7d83a8b19b011eb |
| SHA256 | dad5652b1f7c77741e294d1fcca8396ef45f245bca18f7950dd4977f09fde164 |
| SHA512 | acff75412c324511da783ee065d3175342d15d4c7e15f5434a7ea93f66b25a781cabdbe6bfcc73ca254f80cd9ff7dbb158a68560b354c885f8b2e4b4f1ed74a7 |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ri
| MD5 | dc2795eed5ea45b2f3a343af36858423 |
| SHA1 | cc7e99cc48187d97c6ad1a8eb333225eeb39827f |
| SHA256 | fada407d1dcde0966796302f6d5354fcbf59069ea5dcec268b5db1902f99015d |
| SHA512 | 7c15dfbf41428652b24dd681a780c217f125fb1483cdebe1aa5ec8f769e384383eea14b24924fe1e037aefabe3d68ea5c8bb3112631d5cf1ca6704f3ea1aefec |
/data/data/com.plan.kot32.tomatotime/files/.jiagu.lock
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.rd
| MD5 | 89e3fbedce8fe34486e709caabb537ab |
| SHA1 | 280f35e9c91f0832bdb27f121d8e2647f55ace1c |
| SHA256 | 2230584dc7bd3fd53e388777e3777a2e3c39c90cf585e20d25a11e23339d5dd8 |
| SHA512 | 9eece39abfab59a60f7ecad7d9666c563410ad3d493bbddb79c7156203618fbb5dba060d43c2f23d9181e51366317ceae5d721bbb96f5df117d67c207a16d611 |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.store.report_pid
| MD5 | 170cf047d506d8b8d42999712abea23b |
| SHA1 | b7dbdcee6511523c181b71a40a79138583a89efd |
| SHA256 | b9f205c8abbb5b00881dd8fa2d3e6243a92a362441ad64ca7e150584c2e142a5 |
| SHA512 | 95ca433b9be9280e7eced2cb783d3c093e68daad879958b3c3e789bf68156226bbea6c8df5e352a07a17f0aa0b04155486a1f6d3413b79e7d4e900f376f7ab70 |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.cl
| MD5 | 8773c94076c4f316d3ae7820eb1ebae4 |
| SHA1 | 06409cf42aabf8698fcb42a767174b96800bfce7 |
| SHA256 | 3618509cec9cf34bc0b4d389870adf318ab3c6c1ace8dbe0211b3cac9c4eb60b |
| SHA512 | 803427f038b0f83a8f3fb1e48dcd3c1d6eea5f57797c17f60b5492009f38a614572307139fe6c9187892d7f33353d64a00f4509aca031592eee1a8516658ad1f |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.pk.h
| MD5 | f776a92bd29b61a24c7f9a59f4cdd67f |
| SHA1 | debd0875b32061aab2a75f530425879440921ebe |
| SHA256 | 65e3110cf8f5fa5f76f369963622cfc8a3a5fe8b53f75e4ad6d790de2adb440b |
| SHA512 | cc39d3fa0c914cbc0b754c8500a9d8c1fe65e31095d45a8ab998318c2a7c980b278a49ec2c2b01c3c9b3397fce40a05af82d7b995bc7d04343f772f99fbcf757 |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.pk
| MD5 | 40ec9c8f8c99c34787dbd81bcb0be362 |
| SHA1 | 9cade5d3c0e869e960e7116722a45003416dbe9a |
| SHA256 | b4d9a0f6db9fbb265dc039b2a57ec121fb2befa1d79746247349136431a08f73 |
| SHA512 | fcad3577503e14f546078eafd99cea9ef26440379479ef7931097a7180df2fdea9ec0207332dd610ec64fecd6b23bb90e1519bb5c4e7774e56be7ea6d45862cd |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ac
| MD5 | a97e7b2788e01942257d1ea261dc01fa |
| SHA1 | fdf5c31d5f815f2cc216907043af81c4ec71a1b7 |
| SHA256 | a306246ddca31257f4e4bfbc25c7d4c981153a2f39c62207e742ce2c24a2b126 |
| SHA512 | cdaaf70e95000b721d230efae2ba44770349f9ad72b419c38e876ef223b76d34227af33ac9e3e1dde4c2eacaa9681927d7cb5edeaadf5b4ff7833730f781d078 |
/data/data/com.plan.kot32.tomatotime/files/.jglogs/.jg.ic
| MD5 | 208bef15dae9b7a0e53bd7d7d835ad4e |
| SHA1 | 907704972da63e68146ae705349c5dd564b70f24 |
| SHA256 | b760c938ff2e8840fdfe9bc0124ed1315476c4d2fe8847716c7f7748f1df9195 |
| SHA512 | 5d9f066294b5cf277c18c3aad29a19e8fa3ee18c7dea4aaf0a85dc3bfab7ef56e3599c7fd6167a23cd3c2b98ec934fd4f1fe46d6d3556024dde6d9927afd2409 |
/data/user/0/com.plan.kot32.tomatotime/app_crashrecord/1004
| MD5 | 5cc253a581136a4b72236945778b654a |
| SHA1 | 1ee68eeecbc4ab68b6c11044d9205c748bef0cfa |
| SHA256 | e5db53b8df01b742f13784d238e0e9d65a4c8669ea63179a740e037555bb5a3f |
| SHA512 | eed2cda419f9b491fb145be4d913705b9dd73e62674e9487b1338645c05144808c152cb9c6f0a3579c3e85eebac203ff84ace31af489fef3f7dd6fe1725cdbea |
/data/user/0/com.plan.kot32.tomatotime/app_crashrecord/1002
| MD5 | b45e85210bb3ec6019fba302a19f063d |
| SHA1 | 510b2960133a1af8b919eaa2559bbf11539da999 |
| SHA256 | 127fc76c6d1f7cfd41c2a3ca385524d2a35f8c2e316092da98aadf2e41ea2b82 |
| SHA512 | 606f8b7c8a48921ae36cd7d7769b7ff7ac314289cd5983e098f356a8a784de7543b0b8f960ec9e37bf2c09ff6acea56e8d08e9c38843e805e44cc195d82b4784 |
/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_-journal
| MD5 | ee9ccd48145f977615e8e7e000c082a8 |
| SHA1 | fa6d6bc3fb2c59ea4a865219bf95d60543f57832 |
| SHA256 | da65e9bd62f737620dbe5e2ce7c8246aa83eae20c64f37bab6a319c3aeebc67c |
| SHA512 | 754eacd074df99a7e4133b2e6f5a998fb87fc14ab6d0953dcec4b3b24da8eb1b37d70e2fa3913c5e6eb19cd330bab396c1406ef803ba5f51779663c84a314003 |
/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_
| MD5 | 0e04b222bb36bb893e254b639337bfc2 |
| SHA1 | 7951b32139c68f70e5213502f22e00e8d88cf54a |
| SHA256 | c1ec41e48db8ffeb0dea9490d480f82a29dc7267dbe791a19e37e899da8a83e9 |
| SHA512 | 6b1112f8a5a5cca4da31d74f8d4d3c4db9b64fb0b0a98dc181683c1eb3f01e6a068f487b50ef6d1dc53f8d0025c243352fefcc50361459850a2fc705a56dc418 |
/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_-journal
| MD5 | 45176c3d17a8fdc95589913768ba3156 |
| SHA1 | 8522ebe8e827b1468d1d6759b870f59c3c5691a2 |
| SHA256 | f66593ea341b34f023b4afe8c5b65726d05c721cbab7099c7239081a522ff1ab |
| SHA512 | 1e3efc725c736fb1c063d8714f3067a703be164f946e8d7fab0de42ea3234b34adca20dcc4da2f4bc8522e35e52ca42d4a48ef015bbce387bfd6a34e0b0af0ed |
/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_-journal
| MD5 | 5895c6718f10446b42298a046d6b46cb |
| SHA1 | 4322c5b2cb312ef2dac5ca3ec18aa9d71e79417c |
| SHA256 | 6880a71bc0bd942958803def2523f42a27ede7d2f739aa449aeaab14555711c5 |
| SHA512 | 4eaff688d34077d45b96b4b987d15b32a0f14643be57763cade51d2983f4bb8bf9706a1893c3950dcfebd24b18e98946c03a46b67554672c6192daed9c5d00e9 |
/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-journal
| MD5 | d46bc80418be822b9faee86c660de0da |
| SHA1 | 5d04a5d0a677878cb44fbd3180b77bf8ef3b3176 |
| SHA256 | 5b20a284283ced2ccd012e6bd2678fa021a3954871afd543d1de3d8b8015336f |
| SHA512 | 29533fc9e861985b2f403670918add4289e73f6d6319c1ebd7070711e0e990cfa799bbf7b3e2d03462e087c86ef5f3869a5daa676a7a9372583002594ef93e19 |
/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime
| MD5 | 31fbb4e205e3974ec6118d478426de52 |
| SHA1 | f0eb337bee13ca414bff57d503cd599e3dc368bd |
| SHA256 | 90bb8daa76140a13432904572f1ec56f0030d8fea799f969b2062b79a8c00518 |
| SHA512 | e78524a949973ae5670ee4216b7d07e0846ad67182cd5865421028953d382d7853bf8128d1b9fd024705a8ad85164309d9fff9742bbe9a5e8700435499d9593e |
/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-journal
| MD5 | c41c48fa4dafb93be10652440b370de4 |
| SHA1 | b58907ce731a481090fe335a683e2d621e108175 |
| SHA256 | 49cde77e353151a6f78743fd5a8425a8f8f2e3cbe3e8de0d3e069271937f2995 |
| SHA512 | 570eb21972b5f9861696589370b2b898620cc990126470f45618cc144b1c9b4a9104d19793e1e1931f5807fb136c40c790f1fa00c6b1a4ab6b2bd77d8d9b74f6 |
/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_-journal
| MD5 | f09c395253b91c9ab11655f20007636c |
| SHA1 | bec4b7af5ef0b3ea4d478ed20362ea5dae48de1f |
| SHA256 | b63fef4ba4291ac283b5b0877606b2ef4333bd5667a8e6758ea52e358d0d613a |
| SHA512 | 0b2f124428779968a24567c432b06f043db12eb4a978a05794198773d82b7d04d53ec81fde46b2c5a0161da8e57c8ecbf3632df9caf522eafedd2945ba7ed10d |
/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-journal
| MD5 | 3c0b3b6d77836ac8f449446e8f5094cc |
| SHA1 | 4b23ef162bbf55dab23b0fc7b9cb7790768f7dc6 |
| SHA256 | 977eb219776c6a876e31e8a39a7fbbc90da5c5c90009876389596e08e3fedc22 |
| SHA512 | 07f62fdcaf6564feaf4787ca40da2b57d43c85cebef2153da829c1b4ea6101247219ef3f6e51059182480dc80db23f3071542495b7edbea620c79337987f0c02 |
/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-journal
| MD5 | 46af0aa1d60ea7c3cd1c5c2432527992 |
| SHA1 | 3a2fb3025136b54159a39aec2e9c076f7233f039 |
| SHA256 | a77d231cee8cc0fa55b79df4ec3b9c18ffb7f6c22fce22e428e2f7f3433623f3 |
| SHA512 | 2436b5ad64b4544cc0d846ce52fdb37a55e8fc647c9d48e82bc0a291d3f4cca28e0e4e102a9b7aac5b19a85ab3587d175dab6451c6913b70a05d31d284dc9abe |
/data/user/0/com.plan.kot32.tomatotime/app_crashrecord/1002
| MD5 | 8c74658f2e002d053af0ceb0596fa2c6 |
| SHA1 | 3c7f748ef69d964351e6e6f0fc8563813fe93150 |
| SHA256 | 2080f875106da57b85a7e572135a4608c771139b2a81d308412e3ebc6641538f |
| SHA512 | f4014b1f475352ad35730853e112c8051be282e9280de205dbb16f4eb5189cb848f5aa6bff864ff80acaee022e1b2efa1a0a726aa3b57bdab9227ee4a7e5d3b8 |
/data/user/0/com.plan.kot32.tomatotime/databases/bmob_provider.db-journal
| MD5 | fe0a2ab5bd55d23d540ba3292e8dc367 |
| SHA1 | ec956bbaa09e23c7aac8c38509fedb2de91198b0 |
| SHA256 | 8948909fb28acec8145eaac8edc8f9889428e73396ee07b4c23aadcb74b015d6 |
| SHA512 | f2f05919a51468cab0f5abb1975081d2acdc043c63ca122405b47a9b2a848f3368790a18489b8ee70574c33175b5c5d322ab126314dd980159338fc2daf09b76 |
/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-journal
| MD5 | 2ef80624947232c5c63b61b11fb7a29e |
| SHA1 | 6b92ab49c28664119e238e59849d1e18286f0db0 |
| SHA256 | db0d7afe6ee6f671690b448da063f72dc14c04e86122c48a1f82a16c058e238f |
| SHA512 | f448f987caf248bbf5bf77958bb0b7b3ea662fec1cd2ac9a93a69d1181a0d59418186c377a69be30e7e442ebbcae9dfde7f2cf7a0fbc1f565caf5e2efc08528b |
/data/user/0/com.plan.kot32.tomatotime/databases/bmob_provider.db
| MD5 | 5f4e3337962ffff8c701aae7e17e2c94 |
| SHA1 | 5db4414b46e7368d7499be5e227c8ab5e1fe687f |
| SHA256 | 663686c7fa30d46a767b8afdbbb84671be23590039b71626e40a09aba2041c6f |
| SHA512 | c4948eb2bc6f3ed125132ad53bc26e6841c3e7e42a4c41ef8fdf0dab14f1b9547cc8ab3022f93241d9061cabf812c9c573973682d04ee368564f88095c967ada |
/data/user/0/com.plan.kot32.tomatotime/databases/bmob_provider.db-journal
| MD5 | d817e3107ab9e351bafbbb2e77e52435 |
| SHA1 | 87cdefd01c049b584fa0294cb2756d1586e7ca66 |
| SHA256 | 6c6620e337effc36d634b90c141fec8c97d06a73107985652603f7a4d936b21a |
| SHA512 | d61bea9a4783eb8276bd8c9c8d0935d7190f4c9fa6cc4fb90adac25400dfd1d0aa60fd79fd126351942a851b7a90d2af43ff45850ffa8238db1322d0e30301d5 |
/data/user/0/com.plan.kot32.tomatotime/databases/bmob_provider.db-journal
| MD5 | 72927f987f66d6865508f66f024d4809 |
| SHA1 | 3e8582378ac3e716dacd2de5608e7f1f5872381a |
| SHA256 | d7b013cb45aadbe08d7b9942424e570841d8b59f4818cc4398ac0b3da08bb02d |
| SHA512 | c7721454885e96f576e68b40b0c8b5bf4def54998c29c3e415356245af1b4d17404f85f8287348ab9311f83197f9546868122a832e20fb4cf50330825b7fe225 |
/data/user/0/com.plan.kot32.tomatotime/databases/pri_tencent_analysis.db_com.plan.kot32.tomatotime-journal
| MD5 | 460919802fa8c10ef0b26a1fef07721f |
| SHA1 | 9b75c21fb8bd7825f0555f49dee57438e69a2cf4 |
| SHA256 | c47ac49f924f8cb03d1e28ae7d70ee8525177273093833c591a397a3f2d1c055 |
| SHA512 | 29a6150af81361e75a163dd8cfd0876aab547e8cf22f53dfb4004f53a2b64a5a086adfc91c4d953e159d8e76daa35312104209375e028e37f8167b860ee0391d |
/data/user/0/com.plan.kot32.tomatotime/databases/pri_tencent_analysis.db_com.plan.kot32.tomatotime-journal
| MD5 | 592b26c54ed43be080699a623af4a3b1 |
| SHA1 | 20bc5f5f53e832ada4b21ec4685f1c3cfd2981dc |
| SHA256 | d206d1952414bb9b048ea74845b04bec352f2c1d3bda5cc66342af51b1f04820 |
| SHA512 | 54b811f033b05e4227ea775ee023f4c86e393cf9c4be91a2894e3291fa71e453393ea229f08d72b9c6f388e190c32ec714a8268e93cd8c612a2ec8991befae50 |
/data/user/0/com.plan.kot32.tomatotime/databases/pri_tencent_analysis.db_com.plan.kot32.tomatotime-journal
| MD5 | f56f933a566f0cf9bc970cb51be14a42 |
| SHA1 | 3455ced706bc7adf4221dc88d6f3c420af2c5c12 |
| SHA256 | 8ca870503367c63e53873bbb663ffec1451cc31ff52008c6ad16b71d0f5594e9 |
| SHA512 | 364bafb1150edbd45ca49dbded8dab9a38bb6d34156519e3b173ba8674c69a95cad1ceb73d1358661c12120051f4c101991088a3cce5512eda8bd14ba0c1f743 |
/data/user/0/com.plan.kot32.tomatotime/databases/pri_tencent_analysis.db_com.plan.kot32.tomatotime-journal
| MD5 | 63f30a3c5866690e5d4a1272d2931457 |
| SHA1 | 8e94c8e2634842b87acdff85b7fef69d8d1e68c6 |
| SHA256 | 316ed314106f7a881b60bff64e5853ac36a6e1543584cd01527e3ebdbd9fa959 |
| SHA512 | 773f854576710e25c6a3f039c1ee0ca97d07e0d69c13f3b2bb195a5f0eb0e13ea9d0d2d8c15e310d9d2715122f31039bf1dc007a654809f876c6c9ff0a29647c |
/data/user/0/com.plan.kot32.tomatotime/databases/pri_tencent_analysis.db_com.plan.kot32.tomatotime-journal
| MD5 | f72c5a27899db8b695d2dba803493580 |
| SHA1 | 4f19b369c86d359289e67a85678d4e2d15a53d74 |
| SHA256 | 46bb73e050d963643d045ff66eea07c5574ef292d09f7d908a3d5cd97b314984 |
| SHA512 | f50d55a46d2fe94244a897e6ceb27cc34435cbdbfe154ef1b5e64d19ba9cfc08813fb3459d2a3fa64b3f072711a02a1ed5bcf2d65893da026d1ce688ecd3c208 |
/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime-journal
| MD5 | 91ed5874713df3617cf14b478b69d143 |
| SHA1 | c258ef42c3052ea3ac33bf6b59337982de7fe11d |
| SHA256 | 3078d592c4704a27b723af395051f802589b327d8b4301af69a99f2e9e2e5c45 |
| SHA512 | b088440f389dc94cda687f834f8a77166220b262e94dc91dcc175b24671a96db2ef012228cfc3da0c7e9d2c9c7a734b7009522683646bd58452515fe8ca007d4 |
/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_-journal
| MD5 | c9997db539430a30e42f48219d6bbde1 |
| SHA1 | 527293752cca35d8e31c7f48a5b11f0ac00f0eb8 |
| SHA256 | 587ec0de467f4f193a0dc2474d018d3c65ebae9cfff83fa568a65bbc808821a2 |
| SHA512 | 7bbf25af909f1628dc78c319a29b11f77c561ec04fe5ad639f0ae8d077bef769c216249d39a6378234c26a944fb862d6acc4a5a5a3af4453b92ddeecd36f408a |
/data/user/0/com.plan.kot32.tomatotime/databases/afinal.db-journal
| MD5 | 985f3fa9bae63023b290a9ef9f0c8bd4 |
| SHA1 | 9cdc32bc7afcc401c0cb886106a6efd58c5f3b0f |
| SHA256 | 1ac6f701fcfac3917b989d01d68c40d0309986eb1dcb4fcc15b7824a2a07a772 |
| SHA512 | 0ab8cb785e07217c1f93ebb8bf4fe3f7d11f9488f38459d35339fb629a79076a0bc6e87d024acdee86420e7e641a9012d96d07586e629a2ba01b74ff6d20f963 |
/data/user/0/com.plan.kot32.tomatotime/databases/afinal.db
| MD5 | 33fb6e8756732cd13c12574c65a51279 |
| SHA1 | 7aeebadab57aa37b09a264c5df741df7bb9e309e |
| SHA256 | 1e4c3d7ff841a9965a10566968fa7b630c98136c9621eee9fa5b9ea292c1e03b |
| SHA512 | 65c44a9671f53b76ee99a207c6bb8226b6acafd45e3f0da2c5494bb3e60b8b747e648abada78291081aaf4050449470a1e597f586fadf647844fac777409b848 |
/data/user/0/com.plan.kot32.tomatotime/databases/afinal.db-journal
| MD5 | ceb4582922609c615d5e9bbd6ab7e21f |
| SHA1 | db1f944fa7b516b7ed30f16e2ff0fb0b27dbc08a |
| SHA256 | 29d2a10636b43b18b16bbe3870229df765b24ebab630f37927ea042d199312c7 |
| SHA512 | ab473c649c1c1af63dbd35f81129cae2042cbd6da6e253afb39a34f6f4500c873621de4d18852e57341737f8d0ebd7963a47fb1b9ea7b223b2487b966f01eb9b |
/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_-journal
| MD5 | e693f65285661e123706dda40f59653f |
| SHA1 | 54c3c19f748c5d6f5c247ba6d16285526793ffb6 |
| SHA256 | 5ef8e6a23f893b691f7660d914866a919f27993eadadc1b235ef94ab7e52c641 |
| SHA512 | 59cfb8b13fb0eb2d7881527db76bdb9933d14426b72732f37ca9e5c531079cd287f3b015f0c67a13e655b524eb92b349191198c3e84676c8b0273a2a3a566649 |
/data/user/0/com.plan.kot32.tomatotime/databases/afinal.db-journal
| MD5 | f163a5c6f3dd889df3bbf112529fbd3a |
| SHA1 | 5bc112313b923ffda1591736f482bb7298fa8a14 |
| SHA256 | 6f165dbe1b9d675205d387c021f2dbc16c7f2d48d473d025e35e83ac0dcc9d41 |
| SHA512 | 5cfb41d2be91262815c9a35419e41f7ca9970978820043c0d84fe71207a2b2e2e698deb8663321d04ad2e4a64ea3061f167cc23c5b99c8f785439ce2e0466b38 |
/storage/emulated/0/Android/data/com.plan.kot32.tomatotime/files/MiPushLog/log1.txt (deleted)
| MD5 | f76a180804178fb6e98871ebaaf0e233 |
| SHA1 | 45ec003e5309e89ae505d4775e78af57f498f880 |
| SHA256 | 34625fcea0d3d283ec2ef1aca099db074fc57a41c9b490572bdf4c61cff01076 |
| SHA512 | 4710d8355fb8649632574076b521dafc96390523c494b80c86ad67bdafb27c115c74145cba4346a548e9658618641b9c5a574205cdddc515a52a4c5c53982317 |
/data/user/0/com.plan.kot32.tomatotime/databases/afinal.db-journal
| MD5 | 75868a9df8718f830bd1bc0425aaf085 |
| SHA1 | 15a9e861956deb26754b61275e812611f26a980d |
| SHA256 | a3732cf822a10eb243d059a5ee940e69320ddc0676276639bd17b778d1d97f65 |
| SHA512 | 69bb6005e8797ebdaab5fc451dd2dec73dd9d5c0c8f4d478294a94fbb35c4b3f5a68d70733ad31e74b9dbdda9193e2e20aaf8e55d934bf85eb75a9b4efc41ce5 |
/storage/emulated/0/Android/data/com.plan.kot32.tomatotime/files/MiPushLog/log1.txt
| MD5 | c920547bbbea4057e07976717e140e43 |
| SHA1 | 302618bb385579af2dd9b2482bc528bbf395f1e0 |
| SHA256 | 002763757af37e2a43de2702f0499ed335e4594a85ea6a3d5d4171e7464b5c1d |
| SHA512 | 86c3e6c6284796f70150546c414f45af42d172cfd3cfbc485d01b4215c5c37ed734d0768791b4fac055ed5db69cd3f0fbb2fc0c0aa897efdae76524c43d56015 |
/data/user/0/com.plan.kot32.tomatotime/databases/afinal.db-journal
| MD5 | 968593bcfcaa8dcc733c50979103963b |
| SHA1 | 81c473577a1f261316ce617fdc59b7bd250d531a |
| SHA256 | 09e96e1c70b4e2603b5510523dfad563fb4b9d96e070644bcee22a06bdd246ad |
| SHA512 | d033ca21348b1d5bc85dfe7b971090a179b36ed9a94f5da81b6124c6f7b532fe6b9f16975b2507857b49b6d9f0c8f88927e71f609d31705ed1a60c32094fd294 |
/data/user/0/com.plan.kot32.tomatotime/databases/afinal.db-journal
| MD5 | 6909aa5b3e0a64a46ea1df5dd2e0dc92 |
| SHA1 | 2d156cf746e38c2eef3e957ebb53d8eaa12c2901 |
| SHA256 | 03974c94327fbe4b6181369bca165424d7bfee28ab9089e652a625a65b82e095 |
| SHA512 | d5c4cfee8a89c1d5da466f7521c609a45b63b1db284c775e6f3838db8bc72309f514f4cb0c60e489cf7313802b1d991db397c26ccbf7f5a10d557a67ca9634f4 |
/data/user/0/com.plan.kot32.tomatotime/databases/tencent_analysis.db_com.plan.kot32.tomatotime:pushservice
| MD5 | a1e0948bbd990fc36802c4671c2be87b |
| SHA1 | 7a291ced8286851c353be4e5eeea835e09c9c4f1 |
| SHA256 | 86f17e0772987468a93a2ede105b3215d4ab722e4d26363ed4bb16b2c80572e2 |
| SHA512 | cc0b4b9aec8c0e2988a6bf25c5323aab07dfca48758507fbc604192064ceb3e254ebf59458c6de5a330f62bb767268d585ac6105d0aa941700ed9fca49618e8f |
/storage/emulated/0/tomatodo/image_desc
| MD5 | f96f06abb15ae0842b90cd5c9ef8af71 |
| SHA1 | 7f959adf5fb8d1d9414b4a0c4bce09d5353c2ccf |
| SHA256 | 55dc9baf888712459d49871719a37a75d7ddc8d51ba3ad77d78c1a36feec4cbb |
| SHA512 | 8e724ff6e2c18c5c3705803c9f8ea6f11cd65c3038209e79b56d3e43ebf9d5bce8f3530d08562587b0e3e2d0bfada9c910f4f896f26b431ef97c5b8f55421163 |
/storage/emulated/0/Android/data/com.plan.kot32.tomatotime/files/MiPushLog/log1.txt
| MD5 | ada53792eec237d32b3839f0b75c0f76 |
| SHA1 | fb098a673e81ebcfa6a27546a57937ac90a7156e |
| SHA256 | c7c8125d4ef6adaffc8af10be2467bee4459060fc0516a87958e22a9a0c8c4a7 |
| SHA512 | 8518f3024f8f56e31c73f018da3e9bf5b5548fe83d5c57f24dcdb9fb6d33bbc864de72be67c9eb2a723e96c187f9cef6f5a905b7b1f986b1fe16b7dc75b674d1 |
/storage/emulated/0/mipush/lcfp
| MD5 | d8b6791c027db560e0e90e4a560d0124 |
| SHA1 | 67aa2f160c54216f7c34e1b81fad276030349ae3 |
| SHA256 | 9b6ecea58e909520d9ae17122426e8ed1f9f539f87daab0e4fdbec0a770f42e9 |
| SHA512 | e36b607eb387c3cbf94dc79c50d7be23212e9027840a46593d122c133ef9c2342402f1fea4d0beb29577a174a1af8cb2bf000b72b4963ed5ca4e87cd0314de7b |
/data/user/0/com.plan.kot32.tomatotime/databases/bugly_db_-journal
| MD5 | 648e3c0e1631e9ef389eef461825ede7 |
| SHA1 | 013dda895568cf3ea0b2afd9ec43c30c4b51dc14 |
| SHA256 | 76c5fa35b453167bc1051ec4c8bf45eb06c77ed557f17babcddfd0731ba65412 |
| SHA512 | aa95ea096fbac4f586046a9fafdc7a62a94dc22b12fbfb8011b221940a729c00a2898809813da6e29f80c0bf3849359d2573abe17aeeb4fcd4752476dfa1ef60 |