Malware Analysis Report

2024-09-09 16:28

Sample ID 240610-ttxdpstcmp
Target 9b4aad42335cab7a51c975ac94ff3d7b_JaffaCakes118
SHA256 67f44030f3cf48c748ec971c0b69e39f74cf9e1a6f8811dc67e5bd96795aba71
Tags
banker collection discovery evasion impact persistence credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

67f44030f3cf48c748ec971c0b69e39f74cf9e1a6f8811dc67e5bd96795aba71

Threat Level: Likely malicious

The file 9b4aad42335cab7a51c975ac94ff3d7b_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence credential_access

Checks if the Android device is rooted.

Queries information about running processes on the device

Obtains sensitive information copied to the device clipboard

Checks known Qemu pipes.

Loads dropped Dex/Jar

Requests cell location

Queries information about the current nearby Wi-Fi networks

Checks known Qemu files.

Queries the phone number (MSISDN for GSM devices)

Requests cell location

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks Android system properties for emulator presence.

Reads device software version

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Declares services with permission to bind to the system

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 16:21

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 16:21

Reported

2024-06-10 16:24

Platform

android-x86-arm-20240603-en

Max time kernel

174s

Max time network

179s

Command Line

com.juzifenqi.app

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A
Accessed system property key: ro.product.name N/A N/A
Accessed system property key: ro.product.device N/A N/A
Accessed system property key: ro.hardware N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.juzifenqi.app/.jiagu/classes.dex N/A N/A
N/A /data/data/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.juzifenqi.app/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.juzifenqi.app/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.juzifenqi.app/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.juzifenqi.app/.jiagu/classes.dex N/A N/A
N/A /data/data/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.juzifenqi.app/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.juzifenqi.app/.jiagu/tmp.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.juzifenqi.app

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.juzifenqi.app/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.juzifenqi.app/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.juzifenqi.app:pushcore

sh

cat /proc/self/cgroup

/system/bin/sh -c getprop ro.board.platform

getprop ro.board.platform

getprop ro.build.version.opporom

getprop ro.build.version.emui

getprop ro.vivo.os.version

getprop ro.build.display.id

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 fp.fraudmetrix.cn udp
CN 47.101.54.163:443 fp.fraudmetrix.cn tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 abroad.apilocate.amap.com udp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 1.92.77.21:19000 s.jpush.cn udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
US 1.1.1.1:53 jzfqsensorsapi.juzifenqi.com udp
CN 39.96.165.11:443 jzfqsensorsapi.juzifenqi.com tcp
US 1.1.1.1:53 termib.juzifenqi.com udp
CN 39.96.165.11:443 jzfqsensorsapi.juzifenqi.com tcp
US 1.1.1.1:53 hmma.baidu.com udp
HK 103.235.47.161:443 hmma.baidu.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 124.70.128.38:19000 sis.jpush.io udp
US 1.1.1.1:53 acm.juzifenqi.com udp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 1.92.77.21:19000 easytomessage.com udp
CN 124.70.128.38:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 119.3.188.193:7000 im64.jpush.cn tcp
CN 119.3.188.193:7006 im64.jpush.cn tcp
CN 119.3.188.193:7002 im64.jpush.cn tcp
CN 119.3.188.193:7009 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 119.3.188.193:7008 im64.jpush.cn tcp
CN 119.3.188.193:7003 im64.jpush.cn tcp
CN 119.3.188.193:7007 im64.jpush.cn tcp
CN 119.3.188.193:7004 im64.jpush.cn tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 1.92.77.21:19000 easytomessage.com udp
CN 124.70.128.38:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp

Files

/data/data/com.juzifenqi.app/.jiagu/libjiagu.so

MD5 f0f9ef36b67807a253b5932f865eae7b
SHA1 6a8d66c6efa2750b54cb763f4ad044bba4154e0d
SHA256 646dcd8290a30e992553186392239da39ce7c8e7c2fd87b3d6a880551782db75
SHA512 e7ea65467e557e4992e746d808cae3e2d16b42187b1a94326c47c689cef9fe21a2a9d2b312c60c8ff40e128dacbde84cd6b93a191ae38496584a45fe60c04548

/data/data/com.juzifenqi.app/.jiagu/classes.dex

MD5 47264f01a77bc5e0b9aa9da9006e4fac
SHA1 e73b2a125db32d2e99f0fc2fc61fe0f7c1e1319c
SHA256 61e973f3880f11f5e2cc40ef9fa02a65aa43c3dc654eec190a8f50f153972dc9
SHA512 7d36113292d19fcd03cd790bbe02c2372fc49d8bfb8ff19b331af49dc7db98bf6bf14579e3c0ed5d35461f2bc6159fd4c92610f17adf5749ff704c7a074ce027

/data/data/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex

MD5 7e9467b5478e0b443fa19631afd9e63d
SHA1 13e7c01aa9cfbf2c1996ecc86c7f36b0e03e451a
SHA256 11a6c567453575ccfa2c66744710fff50996779c349c45903d6bd3006237be57
SHA512 e3e70a29735f720ec095eb1f416609494414cde83a82476e2e7b45caeac5e05dcad0df6c060ddb0d2057b6d4108686bcbc05e645889b23ec2aa2b3a15fd5f86e

/data/data/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex

MD5 6e980eeef009cb1a890a5f895cd82214
SHA1 147d7216d7a00c066856db4a3ba129f61a0e062e
SHA256 cb5f7b1254c294bb752d912231cdd6db00ce62c56656354db8bd052f432e10bc
SHA512 5dbc6206dcedba15464a3650f9230e57530730e58c1625cd2a5623e913b699644067888f021f298ca9230fc731ee870c261927b709339717a1c4064bc1b054c7

/data/data/com.juzifenqi.app/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.juzifenqi.app/files/.jglogs/.jg.ri

MD5 d77a0060d57593c2fb0e72ebf95831ad
SHA1 1e93d417a57ef587c9d10011f7c62f9bd1549287
SHA256 b0adbe0c251fd75ec2aefdd43573a00acb8d5fa0cc2171696fb83917fbe3953c
SHA512 4e0bbf4f5b2eaa0a37d9e91583374cf1413dea753505d5d413af5f6d33dcb5e3319de1511ffdb7317cbd53a358de641e2105f3e63ce8780e415dec441525aaa6

/data/data/com.juzifenqi.app/files/.jglogs/.jg.ri

MD5 05c5b62cc3504dbb69e6dc289f4f9f81
SHA1 1cca015597cc87f4421c7965af8004a3b4334b31
SHA256 f5fe4a5dee2a34c042e988cabe0b41fc5290135aec4bf4178d0e8a931418a9a6
SHA512 dc37ddba9a587eaf3d1fb7176b8959d3d14c95717748a4117a0a3621074c2f365d03a61f6c5e86467a92f75d966ebebdccdacabb83992c8dd3d2044ac18690c7

/data/data/com.juzifenqi.app/files/.jiagu.lock

MD5 1e749ed4cf792a31d7e9cf0a968784a0
SHA1 3480c0d7fd846b73f946181411da309829e45483
SHA256 0569cbc8b51df48b4d0b5b87f1156b8318c34e69fd03cb828a58dde865d7b2d8
SHA512 ab0e545f420673dadd946a2d9640efe6093828e8426c1912b43aab94a6e8d8b82854468b31f9fdca3e5947db9a397d737e172db5ccf4bfb82699a7cf9725a73a

/data/data/com.juzifenqi.app/files/.jglogs/.jg.rd

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/com.juzifenqi.app/files/.jglogs/.jg.store.report_pid

MD5 937064131af92d70ff7443224d870714
SHA1 35a5d3d6167e3cbc4a2a0b3d8ad7a34647ed3324
SHA256 6ba02daaaa1c593fffb1ea97458a387aa8fa3d5ced1ea9de84bf1f8291ee1bb7
SHA512 b9ea8b286736a7d7971bab26cc11d36f16c35bf9b0d535ce7b9e307aec750569998517f3073058218035502b8af44b4559465fd3d242d451cf6f9eb0aca5f13e

/data/data/com.juzifenqi.app/files/.jglogs/.jg.ac

MD5 d95f89fd13ee8247608ec234e8de3390
SHA1 71be3295d0de421258b58b6703b9b17f7fbc0c9d
SHA256 38eaacf73e6cdaab635e7b8589fee2085578b260e355acd28054ef445163afcc
SHA512 23a9428c6d3e9c26ae0ba80de2c1516678244d25ece7b1bfaa74cc04744f32fae4ce185c43cd829b55ad50c0b23227af7a76aefe26c43691a5386df069e2c7bf

/data/data/com.juzifenqi.app/files/.jglogs/.jg.ic

MD5 ef8849f819db03cdcfc2c7861c64d19f
SHA1 5a6af223a7ea5072b93835930031914d53220e7f
SHA256 c0eceb8042a583476239ee6e64dacec74f65a726e8a46d7e5541c1b8eea602f8
SHA512 6f984e775490c8b5390023280cbba85c4172a76d5b587897a954badde28d4406ac111e69f8ef8111e2c34e963ba7ab76dde371b6c52273c34628aef1849399e4

/data/data/com.juzifenqi.app/files/.td-3

MD5 2d90b600c98d75e222a7e376b3c6f445
SHA1 ed0fac24e7db077bde6a0c4261dd07ba45e2d518
SHA256 a65272624522ddb20147cae8618d57f09b05d6d500b28d4c74bcd17f60ac1e17
SHA512 f790cec0c56476095c0e91321b98598fc2f0136582b207ab7de62a3a16a5e62e044362dfd75e054b75818c518794ff3be647bedb6f02aaa34b16eb53f34a9b87

/storage/emulated/0/.td-3

MD5 7c439ca97a653d3e7625c081de2df09d
SHA1 afd5671490edad45271c8c6a2a0ca804b17f890a
SHA256 e3946f42b449dd11b76e32ebf109bbdb44df27ad8584c613c649fc3656b77c0d
SHA512 f007dfe0966db5c57dc159ceadab9390f9e8d4b0b90d6efb8b1ea2a85bd396a5bf56bec5e5380db47bc34dd2b17afd1f04c90c3d253679135d0747566979b2d4

/storage/emulated/0/Alarms/.td-3

MD5 feb4938127347a12c354b1c288e8529f
SHA1 4df22dddc8a6b6791a68ba65fc0b25e9facad8c7
SHA256 831f6157914529924e16211e34abc618b9fe359edccef039111b0697e49fbe5f
SHA512 c39813e1dada3552591097ca59856451bd68808d40e7d3f333716849ebe817217f8b0dc1d5eb8cacecdea5ddf9c04afe61ddb56385ec8c192b910ee8ab71c3f5

/storage/emulated/0/JuZiFenQi/.td-3

MD5 71efba51b8c6ce5012eeec1026de547c
SHA1 ab2ff97f3c3f1edef191d630fa43652930d0b957
SHA256 b40b05cbc6b08e9f6c3b5935481aee776751fe3984dd7fb546f3a7723d666f9b
SHA512 f02d462e2e11c7150a2b8fc009862d188657fd12dc94ad3f848c9633ebe2c18c03f41634f8ce9d563793a652ba60d49d730d5bddc0775ac7c02b1bbb5d9b202a

/storage/emulated/0/Android/.td-3

MD5 f22e57c7d8d87c4d6b111de763a87428
SHA1 9737b852c31d221ed8ad4a6addde5d8c6a879458
SHA256 ab5c59074306998d71f810f74717c6638a49720f3da4f35dbb7a35a5a2af1353
SHA512 c2bd4e721a037c9bb6601446d8adf6bd13c522202534505d0d63ae678b97156b64e64cebc986a4bf7f1348901add777b052f420896eab5918440a86f67e2b205

/storage/emulated/0/Music/.td-3

MD5 9b5d75d8a28966c0d7fe2085393cc5f5
SHA1 200b33569d4bd1b5825152792d3eaf987599bbc7
SHA256 892beba78232c24f2a50130b16e711060019c7514b274c1c2016b28ff3052ada
SHA512 daac24cc9b8f3db94f26d844976ca38f088373621b2c1c8fc4bae32bbbec55ca7133d64d12272fb39594368433da4ea4a60b04499f5355d5e7c63a225585bbf5

/storage/emulated/0/Podcasts/.td-3

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/Pictures/.td-3

MD5 adeeccf7f919d9855118113217feee9a
SHA1 eadf7ab070e245ba64b36e2f349a23e4307d18eb
SHA256 a6fe581359de9f4f00f35fd6e70a1ab2e62f70f7982e357273a2e142478ffc0b
SHA512 7912354fe0b345a9d23ba4311727bfba946557cfb6ec7bd2a8a60d18f8b2e5b9bb2a1e5c95b4ae678f5e3970650d1ed4e7ed4b1767ea396b19a8e6855b882cc3

/data/data/com.juzifenqi.app/databases/bugly_db_-journal

MD5 a73cf8e2e43a85bd0192fd48057742a7
SHA1 da37f5674a4a836a46cbe570fbeaad8f4c7b628a
SHA256 6b9ce80d78eafba6f5dd04da3295cfe2090acb17efef29efd6e4a99271241659
SHA512 00d558f78b9e680d279eeccdc0bf52f890eccb47f7978f5410a1715a3af6ba0efa25a44a6623b3d22a2732c49b9f7eaae9938014d1343c780dc9c697dabd84ff

/data/data/com.juzifenqi.app/databases/bugly_db_

MD5 1c4274aa7a9a5cac8c6d1df71e4588c6
SHA1 abaecd685e01cc68801292e3dc7085654a22feba
SHA256 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA512 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

/data/data/com.juzifenqi.app/databases/bugly_db_-shm

MD5 ab2872d7ad30035005253f7c75056e4a
SHA1 cbe7fa70d857f136efdac5fe9bd0a5e3a70bd483
SHA256 bc70374d5c10adcf2b2f527a350815d4dc81e938a7488a43f54a9778a5c513b5
SHA512 cac15eca5753c69fdf26efdf64bde261052eaa2791114967f45facd3affdd478b494d2a2214559ef900b08dc4af57c7610d9ef1b803ead41d518e05e43611073

/data/data/com.juzifenqi.app/databases/bugly_db_-wal

MD5 356aa954453139c0ee48c34fccf1b9b1
SHA1 2f3aaf625215a6a5fd7f6827d3deb81d208c2ac9
SHA256 30826f687e8ffa175db5e330acedc7d96eaa1c8d001b88f5af9812581cf3e862
SHA512 7ff6e791dab91b9c5c7a832ba2451ed37249ac0ffb1754a7688ee0cb40b86d8dc294015ba666e80a67ad5e433c264de889970eaf3b1fb6cfc31a91b2826b1753

/data/data/com.juzifenqi.app/databases/bugly_db_-wal

MD5 907c4afd976bf405ca12586db0d96960
SHA1 baaa738b8ab05787f9f67328edcca4e6fa072d14
SHA256 92b2aa268011d6c6c183384ecf5af240fbda8a7b20dc404ebd2ee607dbaefe1a
SHA512 9e18d200238adcac1677a3622fe9de3e090496fa9eab3e4b7b33a95d5005e6d83d7dec68b1e50c013a549c53d1137b07d52b6ce0d14adb7db6971f2e9f3307d3

/data/data/com.juzifenqi.app/databases/hmdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.juzifenqi.app/files/__send_data_1718036533219

MD5 484b69ebf39d73045c58d82de8a8e6d5
SHA1 a1a04354339491511a7067f84ce202ecf2d25ec2
SHA256 a7c04b9b31adc933165a8546d1427e9bbab2d87e64b9cc6bcf2caf3d394a7725
SHA512 e6bd740360dfb3aad0897ff376db193ead88aa5598c65b12adc7cb517e74bdde772d979bfa3ccd7d83726e883e35fae03817b34fda68615d2a3738580208f491

/data/data/com.juzifenqi.app/files/pushcore__local_stat_cache.json

MD5 b786acbafa0eec06f7a55df560d643c4
SHA1 d134f3a02b518abe4503ddd8cdfa97b5a9c62f7d
SHA256 4139dea84753d8b5682f620fd447a1a263ded3873bf7aff73ec43064745188d8
SHA512 16c9725b48c9cce7f23e2d336c3396de274bac330c8be5cc1cc77c3f635e115c9838b386afda4de88570daf2205a68c7dd866d962f13fc11a9161b9339bb60a6

/data/data/com.juzifenqi.app/files/__local_ap_info_cache.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/data/com.juzifenqi.app/files/pushcore__local_last_session.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/storage/emulated/0/backups/system/.confd-wal

MD5 3ec73e9d85b16d31c1187f0435ca759c
SHA1 0c828ec33e03e06b7fa0d034c53979c58186a64b
SHA256 5a580dcafaa20e341be61e0643ac8117444464b1416addc67f9670adc725cb3e
SHA512 6e0f8dd8414b981c92e5651b9dcfbde438b796694d126de4b4b8997025f1c3c9c5c726875b7185a6276ffe1578dc29e8346f7599aa7747ef180f1fd4d8a1d16c

/storage/emulated/0/backups/system/.confd

MD5 d74a445c6af3afe98125dfe99c3a423d
SHA1 a5456dee4c72ce06bc6988b105357181c3f8228e
SHA256 3c73396b418b24e76a86e56ceeced3e281384c95b5549027ef120bad9851febb
SHA512 0acf8b953e40c4cc818bb373ed69f1798f6688c05f6ae94c125451f2f6990a03c03b36cf08e8b3add457df6a0a5340db0ad7216a28eb9de71bddb30960b99e19

/storage/emulated/0/backups/system/.timestamp

MD5 7c6a6901e0fd5c23ecef48b36f73bee9
SHA1 3248a23a9e340f4c95e252de1e748363b359599a
SHA256 f7847834d57071a7f71871b3d598954b2b413e4b6a5b5f7c40525f8c87c00e2f
SHA512 12cf33d0658ae62c53d273ae5ea4448641a0c9f79e08b146347659f2f0a3bbdaf726bed115397ae24f95162ac60096f17331029219cc94936958ce68ab647840

/storage/emulated/0/backups/system/.confd-wal

MD5 f3608105e19dbbaa7f3195103f7b6218
SHA1 0ab3afeeea697bc34d78da8a1b0c665d746c12df
SHA256 5a6e996a2f5125b7c5baf6e433f1a36d884ce563a32322a624296f3b954ae985
SHA512 6f71c15d231807275ad75dc3d3034f513e890c664c8ce125d21a7887aced6f83c3d654c9e391c8d82d91ec910cda5a82d39450c11cafc993e1b254974c237f0b

/storage/emulated/0/backups/system/.confd

MD5 56c2e3245a7d98cf2ffc2788a0a36cdf
SHA1 9713ad6ea1052b8dd27bef51c36caf7399dcc62c
SHA256 3eae6ed185010400f46e206b1e352998ed6fffa325ace35106be1b153e59f525
SHA512 7e09ef13838a00afd24a41fa72534f709eee6077bcfcb738f248da21ac8ee792424a5f6287bbb29721de23d030a9b4d2909bf8abdc7b9f6f19ab1886ace1681a

/storage/emulated/0/backups/system/.timestamp

MD5 0d4da73426fb3ce48ba2aee376cc3d90
SHA1 04fd402f275f2a9adb5d1a815dc2b60479cbd3d3
SHA256 c4bf83b6a4695e0d726f7b5c6313a18d0f534c0188fab2438f35f860427e8f5d
SHA512 21e381811a6f03aa925936babaaf59f724a5377651f88f6377bbec28a768245dd622bfd4bd6409e38228180dbb53f1760253983279ec823bbe3ec5aa6dbdd44a

/storage/emulated/0/backups/system/.confd-wal

MD5 4b3e4f147dfffbb76017a29aeb5402bd
SHA1 4c912ce366a4d0da0eb80fe06958a8f24b0eb446
SHA256 8e61f84585478c2917c87588c04a835440690ea71e487c0eb3a375bd3fe2dff2
SHA512 46198872cec836162a17ca13b9670baa031acb6a024b33d313ca625beac2230bd8e3c7be95bfb716d1f7a22c7d96a576033eb34cf3e78bcf0643137313c23dff

/storage/emulated/0/backups/system/.confd

MD5 dab618eb4ea0e410f99a53e25f787093
SHA1 3a559c04f66715e9ef1273a210b7235c4364b296
SHA256 7a1be49a73d3a25b29888cb672a25ebdba6485fad721ab56a8015947af09dd16
SHA512 214b8c9250dae68591eabb112f7df639f5a7e2ad2569b8a39349e15986750361ff427127cffb24cd50706b96864a664d36e8aa6f7f2b0801dfdf758757df1bb4

/storage/emulated/0/backups/system/.confd-wal

MD5 f3fe315324d11f10bfcebc1a7fc29058
SHA1 c85d50003e7663c49296dd9d9d244cea97415883
SHA256 77b8b142c45d707147deb31063fa122f609e02a940c6ee010e276f7c457ca7e7
SHA512 fb8d0d8f50a729133c50425f82d199de7edec4c9954690b4fb99386ebaf8a2881d40ec5c1fd440c5e1530772cd5c3089d49822a3b478c5eb435a14a682d652ec

/storage/emulated/0/backups/system/.timestamp

MD5 e6a88aa0dbf943ac2e23775a73674add
SHA1 d750d7872b8198e696e6bbc8a0789383b8380051
SHA256 a338f5592ed12338290d20b38bd9a0ae07b076d85dd6699202009434bd6923e9
SHA512 a967240bb9b062b68e61a596e2118ecfe658e393d56e4863ead28326eb49d2bab6e099d87811fd891cdad0b8d3acee520fe0f3365a9921f09953f51f0979e254

/storage/emulated/0/backups/system/.confd-wal

MD5 5aea03a06949b54780931af1e24a1095
SHA1 5db0bc6335e9be9d38857509c44e98a032fef0e9
SHA256 934cb5f6670b2b9b54b1f71afbfa926fc90713940b2288e9d90cb066fdc43223
SHA512 e9ccdf8e2a45dc747f71ed91acd2d8342b7826322a2e6fb5fd8300111e5eaf758e37b98d2a1976ec904bad836df8f6ed59410bc530d693959183ab2b66993f29

/storage/emulated/0/backups/system/.confd-wal

MD5 241b78e7e2318386b0faeb67cf54c89e
SHA1 d7178505178258f93c6d1fcd61439dccecad4767
SHA256 7a781c20887afc49e6a2425a7b7874fe09b350ed3fb22d78948627d0fb3dfeea
SHA512 f47bd26b485fe4a3a9f794c1a66ecfbcdf6fe7c22f66ad1d5d79bd140864d0c872d7689706e2785b32c64a23d8cb9fb4d378a62c2fd1e9fae14ac5795270413c

/storage/emulated/0/backups/system/.timestamp

MD5 70b4f30368c2b252a0c7acd764b2e44a
SHA1 01d28e195c0c23f1b0898e207e7006aea2d89577
SHA256 79895b219347cff385230475d2c79c8be65b62cd85ade9189947664df09b74f2
SHA512 3a8042630eca9b06b64cc6f965bf5c2c377a3b83925af2c93ac8d4083056708b2484c4826bfc72247cbf7814fc3c722a1451ee53973b0225f19e569ce1f65913

/data/data/com.juzifenqi.app/files/a/b/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.juzifenqi.app/files/a/b/journal

MD5 0cf77f36c527abcba3e91da23011c1bf
SHA1 3bd240ceb6e24c9ceb3e2ac8cbaab6cec10cdfdf
SHA256 a6bb2d97757402adee9ec84cd2497f9e23a9408d3ac4f09f2d8fd23066cad0b6
SHA512 6e6e40d6ff7a2e539b81246e9176b4ee18937c9f7884592a91b7613f4eaa754c54c97dde39c6c7c81fbb6901231c3136a288c801bd3c654e58bf24a29112cca4

/data/data/com.juzifenqi.app/files/a/b/4c984fe24161907e5b5b9423ecec3163.0.tmp

MD5 00ca9212ed65ea4b7871e07ad7209c09
SHA1 cb5354f9a93d8ba3c935a3902c9f43b6ccb43715
SHA256 0b706cdf289470300a2dd49f52bae1a6d8a96fc798994fcc8ca228de3125b615
SHA512 cabee2b7ecd5f301fe54761de6d59690dbd3f0af5b7c11053987d66a46c43c731ad442d7bca92addc500c7efacc6ac0d6e4c8d169d0f2251b3df05dc8afddbe8

/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-journal

MD5 76f8dd0727079a0b15541b292000af9e
SHA1 e3aadd97d43305ca15dd1c2200e6cce6ff8ab8c9
SHA256 1ed20daa77cb1059e689668fdb12f6d198eeb87d66f19f61ff6319e39af5b230
SHA512 f7b0287af9052477661cbc799c987b7891b39ad16c5881aa258949cafb4f14dc08289fea899362be48a0ad2cbf0e82d9b2c5928a3da67f4694cb0a7f781b5195

/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db

MD5 731fba9d21f23915576ea5dc2ea3ffb8
SHA1 d1fdbc209db8b71d1b4e5341e75b8cc88647146a
SHA256 87510194f38897a04cd1f80bd6fffc3344fa8ef21baa61de020a2e790a7268ab
SHA512 b643177cf3a30543342d3a521a2dcfce70df4ec450b040e2b61d8692bbed4b3cde2f9f304cbf496869b89455e3cc6a501e8ff720edbdf0f6898e6a5f31fec25d

/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-wal

MD5 053e2edb290b1fd0f49042469760a868
SHA1 3773a9562954b36c732dba3519e47a85721e10d9
SHA256 e5de9502d3a226dedfb649cd163cb5b904ec0dc8180d4366d0353f2946279472
SHA512 985bd0b73495a24a2a3e5fce8097fde555efe54513a4444351e7c68e7fb3f070350890dd6ebe5aed50b7b78f6c1e421436b6d1d82ae5b096675dae50d251bf6a

/data/data/com.juzifenqi.app/files/a/b/journal

MD5 6d2364b0056a6e3b52009ab9043d0e0c
SHA1 b6ceb4206c772bbf184627857392bf73e1efa5aa
SHA256 55f2f695596fbb27693f46c5422b6793b4545e366aea03b98d2ddaecbe87dc21
SHA512 4b624e2f810b5cb833f59ef80e903adfb5409b45f7e6f9d3e13573af78319b48d20060bd61a46164f0e4bdeff0d63afe6b656e6c5efe2240d5382eab782b652b

/data/data/com.juzifenqi.app/files/a/b/7de3252ce9028657c0cf8392d54a6b72.0.tmp

MD5 e5759f48de3d876c84bd67e71c6677ee
SHA1 b9d10d4815fe9255ab9438a859550981f3e5130d
SHA256 b2d547a7b929afa33363e5ff11fff9d95feb9aab6e289e70561eb46a43566b87
SHA512 1fca9095fb2ff9c5fb222327c73ce827bbd7b71995ccd43ec56baf21f74acd5129f3f8a81d7480e2fb4a8c48cfe22acfbf0600076c94504ab9427d05b8d31f12

/data/data/com.juzifenqi.app/files/a/b/journal

MD5 af3ca01a532bfe458ebbefe69637f4fa
SHA1 4d2e57be64d3aaeef2465a974a40a8d7cae378a5
SHA256 173c8c37426d7eed2f904e3af44bdde5e5d4c1375e2e458f3a6cd48a7ec6efd0
SHA512 520bf2de3078abd8d7c2e3aeb19bbb433d243c2e4a0f425a4345a3f74108291397e2e22414091981c71ae90ef09ffa665d7369b17217d718ed7b6fcc42cd7aaa

/data/data/com.juzifenqi.app/files/a/b/302ba74a656c04e34a61632854136ab2.0.tmp

MD5 ad7d42fae9f92339fb463b60ddbbfc6f
SHA1 2e84f1cf2daa32eb571a871d6b66e4341fca6801
SHA256 ed83b1c7c61522b8cf7686abc25e1cc1dd52f8634cf0b01b1c2400c2b5de71ab
SHA512 f151d25bfbb6f7254b7c634126828e282ae2df6aacd84e8d9b378085ff006ed407fcf81bfb90c37930187396b95a6431672867b08b6f3df77cf2f7a1cb4fec6d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 16:21

Reported

2024-06-10 16:24

Platform

android-x64-arm64-20240603-en

Max time kernel

178s

Max time network

187s

Command Line

com.juzifenqi.app

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/bin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /data/local/xbin/su N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A
Accessed system property key: ro.product.name N/A N/A
Accessed system property key: ro.product.device N/A N/A
Accessed system property key: ro.hardware N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.juzifenqi.app/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/user/0/com.juzifenqi.app/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A s.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads device software version

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getDeviceSoftwareVersionForSlot N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.juzifenqi.app

com.juzifenqi.app:pushcore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.196:443 www.google.com tcp
US 1.1.1.1:53 fp.fraudmetrix.cn udp
CN 47.101.54.163:443 fp.fraudmetrix.cn tcp
US 1.1.1.1:53 abroad.apilocate.amap.com udp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 123.60.31.166:19000 s.jpush.cn udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 jzfqsensorsapi.juzifenqi.com udp
CN 39.96.165.11:443 jzfqsensorsapi.juzifenqi.com tcp
US 1.1.1.1:53 termib.juzifenqi.com udp
CN 39.96.165.11:443 jzfqsensorsapi.juzifenqi.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 139.159.137.254:19000 sis.jpush.io udp
US 1.1.1.1:53 acm.juzifenqi.com udp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
US 1.1.1.1:53 ez4q2.cn udp
CN 112.65.70.244:80 ez4q2.cn tcp
GB 216.58.212.196:443 www.google.com tcp
GB 216.58.212.196:443 www.google.com tcp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 39.96.165.11:443 jzfqsensorsapi.juzifenqi.com tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.137.47:7009 im64.jpush.cn tcp
CN 1.94.137.47:7004 im64.jpush.cn tcp
CN 1.94.137.47:7007 im64.jpush.cn tcp
CN 1.94.137.47:7008 im64.jpush.cn tcp
CN 1.94.137.47:7005 im64.jpush.cn tcp
CN 1.94.137.47:7006 im64.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 restapi.amap.com udp
CN 106.11.43.113:443 restapi.amap.com tcp
CN 39.96.165.11:443 jzfqsensorsapi.juzifenqi.com tcp
CN 123.60.31.166:19000 easytomessage.com udp
CN 139.159.137.254:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
GB 216.58.212.196:443 www.google.com tcp
CN 123.196.118.23:19000 udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 103.229.215.60:19000 udp
CN 39.96.165.11:443 jzfqsensorsapi.juzifenqi.com tcp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 1.94.137.47:7009 im64.jpush.cn tcp
CN 1.94.137.47:7008 im64.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 1.94.137.47:7006 im64.jpush.cn tcp
CN 1.94.137.47:7007 im64.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 1.94.137.47:7004 im64.jpush.cn tcp
CN 1.94.137.47:7005 im64.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 39.96.165.11:443 jzfqsensorsapi.juzifenqi.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 120.46.84.108:19000 s.jpush.cn udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 110.41.53.90:19000 sis.jpush.io udp
CN 123.60.89.60:19000 sis.jpush.io udp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp

Files

/data/user/0/com.juzifenqi.app/.jiagu/libjiagu.so

MD5 f0f9ef36b67807a253b5932f865eae7b
SHA1 6a8d66c6efa2750b54cb763f4ad044bba4154e0d
SHA256 646dcd8290a30e992553186392239da39ce7c8e7c2fd87b3d6a880551782db75
SHA512 e7ea65467e557e4992e746d808cae3e2d16b42187b1a94326c47c689cef9fe21a2a9d2b312c60c8ff40e128dacbde84cd6b93a191ae38496584a45fe60c04548

/data/user/0/com.juzifenqi.app/.jiagu/classes.dex

MD5 47264f01a77bc5e0b9aa9da9006e4fac
SHA1 e73b2a125db32d2e99f0fc2fc61fe0f7c1e1319c
SHA256 61e973f3880f11f5e2cc40ef9fa02a65aa43c3dc654eec190a8f50f153972dc9
SHA512 7d36113292d19fcd03cd790bbe02c2372fc49d8bfb8ff19b331af49dc7db98bf6bf14579e3c0ed5d35461f2bc6159fd4c92610f17adf5749ff704c7a074ce027

/data/user/0/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex

MD5 7e9467b5478e0b443fa19631afd9e63d
SHA1 13e7c01aa9cfbf2c1996ecc86c7f36b0e03e451a
SHA256 11a6c567453575ccfa2c66744710fff50996779c349c45903d6bd3006237be57
SHA512 e3e70a29735f720ec095eb1f416609494414cde83a82476e2e7b45caeac5e05dcad0df6c060ddb0d2057b6d4108686bcbc05e645889b23ec2aa2b3a15fd5f86e

/data/user/0/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex

MD5 6e980eeef009cb1a890a5f895cd82214
SHA1 147d7216d7a00c066856db4a3ba129f61a0e062e
SHA256 cb5f7b1254c294bb752d912231cdd6db00ce62c56656354db8bd052f432e10bc
SHA512 5dbc6206dcedba15464a3650f9230e57530730e58c1625cd2a5623e913b699644067888f021f298ca9230fc731ee870c261927b709339717a1c4064bc1b054c7

/data/data/com.juzifenqi.app/files/.jglogs/.jg.ri

MD5 eb8bfd9cfda1a6ce811ef7857d5a8545
SHA1 bde8af01276ee1f9fb2cd60cdaf68746db99d395
SHA256 849c1ad097d8acb2ddc1693179cd9fadc6b2bbf84dc647fce5c6ea66e51c6837
SHA512 3dd16dc1995183294a524b92fd6bb9573559395a1f9b27d6f5d7370d850cf7f59bed3329890d0b13d403bded016536609e04bc4410cc7618759d589a7cfb916d

/data/data/com.juzifenqi.app/files/.jglogs/.jg.ri

MD5 947ffd6bd58a08248740267ad243b6d6
SHA1 f178ff257a773d44beadee0f90648601e5ade10c
SHA256 9f773df1eaacdb2e15d098f3d2a0d434e2dd313d86953116b79910f79ee9f3d9
SHA512 0e37dc1970a2af5b166309304f4fafec20c5742cca47a98c88de6f9f64a196426618ac5adc9e2404bd90d02fd9458ae099ace21f9db1cbc4f778c54720e161a8

/data/data/com.juzifenqi.app/files/.jiagu.lock

MD5 c5f7ad1150a60f1c33af74c53e660553
SHA1 ae79a9d5f6a380c8ed314e99f8bb918c102965e3
SHA256 7d5ebf5f4e4f2d2d531245034f80b8eeeab69455b2f6e0223df4147d3a82adfe
SHA512 1b82f1550eb4b96318d2e6e831d7d57e409dbd25c684e3c18e5fbb736b62bccc6a3a93e0cbf65a16bee951558563c652abfc3ec348225e520ad0cc120bfd46e0

/data/data/com.juzifenqi.app/files/.jglogs/.jg.rd

MD5 e081ec359c87748046674b1acc8797bb
SHA1 e8141e12cdf9675352a3db0fd89939f88b76cd75
SHA256 98434026ad9a33c96e67f239c245b5e8208158a68127a60e0b49a8b5e183e018
SHA512 84afb96e4f18ae4cd5b5af059d9de5e4bc14268d0266b49e027524926819ea0d75f2a67faa4f8c79a6de6a0641f31c2b5d0d7e31ee2981d5bb20b6546ca3608c

/data/data/com.juzifenqi.app/files/.jglogs/.jg.store.report_pid

MD5 10b11328c55e482186b186e57235bf2d
SHA1 64b58f65bf3a63ef8457a72a420e9c710f191eb0
SHA256 0f250bbbd86b40a810fbcd9fabf17e795428e3dab6890f8be3167cc6cf4760e8
SHA512 dfc22a06486bb6d7102ec33dd2820450b1838c39bf5bc678b3581d8b72738143460179912a7732e8c2596337011df633c7497bf1679c35e33e5caf845eea68a2

/data/data/com.juzifenqi.app/files/.jglogs/.jg.ac

MD5 379f9d33e47f8f55509f12e677d5d444
SHA1 94dd4527d6af8e0167ea91c4c4637f66dab7d6b1
SHA256 68d675ed725ec09a47a255f38d4f860791919d5390dedddaf61fb01f22df0534
SHA512 c33480fa6dc4fd41ed85d7a5a48320b87174a6ef6d20f52a0474fe83330fe24725ac70e32d822d7e1a05e3fb0f876a38a8bb7c5a07a60949f2e086042ca507e0

/data/data/com.juzifenqi.app/files/.jglogs/.jg.ic

MD5 91735eb606ee945fd43ab1a3a8a19c56
SHA1 e1e97c75ae52a782a876872973f039c201be3a49
SHA256 1a9d1584b68baba77b0a79831757a3b129fdb7ce77917db493275dbe3cf94d09
SHA512 d606cd3d2d6362b6308286954017055a0b8f32e6a5dba7464226ee6df93b641dcf5e69bfa9e3be40f606f26567e222cb7d60a2a9b9c6466e3a640f3e7105ec3a

/data/user/0/com.juzifenqi.app/files/.td-3

MD5 3d79f3ce744bcbef681fb67d9ef2d335
SHA1 0260cfe50c1cf7f06a2efaec1dd98e8e7d59d445
SHA256 6e050bd707978968be85fe8ad5638a013083eda2977f26631d779b97fcbf1626
SHA512 b16daefd16fc733116e622786fab827290c8ce116cd207adfd2bdf1ed497abbcf1ad1f996038a714ba735130e0a699bd654c7501a1ba19c85fc5c96d8c6f0ef1

/storage/emulated/0/.td-3

MD5 ddaf39e8c0a4cd23a379b0c3b3ed77d0
SHA1 b021e89ee09af345dd647c9ae36935a0acd440e7
SHA256 42731719e55e26bcc550994ecebb0e1c647003bd0d260e42e0db2c0c6b358a37
SHA512 7c2fae1febff09a6ac70fcf9e8450b172d104443d85c71c45317cbcae365c55ba568751288e3d5fcf8d5bb99231d1149fa3d912f46dea9b811fc5f6c3044e8c2

/storage/emulated/0/Podcasts/.td-3

MD5 3bd7e396b6cda248f2841d5d0aab38c0
SHA1 aaf0f6914f0a998084509ff85cbb4d593819fe0e
SHA256 8f8d9b3c1c220fa968de1b2e9607bebd047492efda33ee37e3c71c8e6313608d
SHA512 5ceca05e033dfc7ee0f164ecf951be691f1715da6aceb05b9f6011eb2f93bce07d12ad453084369275a8d4c8d8318ed63ae6c4071a302904e4cc24ff972663b6

/storage/emulated/0/JuZiFenQi/.td-3

MD5 150301a943a20bac013a6c1cdb7c6d58
SHA1 bff908c3018de2a27aaaea87af97c6d79ae5d91f
SHA256 a52b1bc58a63facd822f9373f43d40f915f63275837bbd98672b53029d183dc0
SHA512 4cb5c265d5e15158e8c5abd0aac976b38917cafcd73424726d4dc04877cd37c5f1850004d17aab17dd072e2c28c2cec5a221cdc1772c45845ed768e755dfa384

/storage/emulated/0/Audiobooks/.td-3

MD5 ed5b740cd37685b9eff68c69fc577a91
SHA1 1625fe5ff52690967e143e2f2359b6f342a4466a
SHA256 21b88b712cd20ae7e587b9277e192acca26a92d09352d38a18eea6856838cf8b
SHA512 820496b2dd288384d0337bd61f9bece8a7f6617f090d92108424d39f08f4927c790948c7737baac9bf2ff6a25437fed20bd899582aaadedd24f71bca87836e70

/storage/emulated/0/Pictures/.td-3

MD5 fe7efd3df0864077ae64867cb238f96b
SHA1 5503f29cf70d925dd0a42ec3994f55e6564cb023
SHA256 804d4cf5990f6e4a4283301b69191fdb7254c1a2c54aa54f60406f0f6b6b778f
SHA512 7beecd9bec8cc8315cda86471d522e941f9dca309ad014c9b9b2a1e19a9183af085f305134d51442edbe808a657c02481d271bb394f13b9499c5ccf2d3b1a920

/storage/emulated/0/Android/.td-3

MD5 ff5a4ae34bbf19145b1103aabb0b643b
SHA1 282ca960e5ce7ac66cf98bd8c9ea23354785423b
SHA256 ba34b8606f87be45f6edea56a696ada15bd04c43677612b3ea3149a6e819d9ee
SHA512 c8035d6c683448bb7db1d2d79a35aca9e09511c74a1a3817d4d9ce7804ce6765d225e1a56695acc4363bb76db350066f936c8c6547b67690b0a6301a7949bc6d

/storage/emulated/0/Alarms/.td-3

MD5 1c8872cc763afb2f791a9347e8dc895b
SHA1 92d9e156ea2640bdaf7e883cb8e4e11264e381ab
SHA256 72d1e0672f5346f5904aaa5cb09085dc2b71bc594034760bce25fe973fccb80e
SHA512 58327074c8b6442221caf181c2f979714d98240c4a8e43ea41b10eb11f67d3941731ad0ac0a6edfe49f2fab2081f4e8cfbb22ffc2652648ecc594054c15d8e00

/storage/emulated/0/Download/.td-3

MD5 1b4c088251341968aa6347a78689acbb
SHA1 2d7077c8ed32dc9b38b0903df76a012f67f242fd
SHA256 11a836156bd92b78f91b05cccbaca9ba5db27d43d5f45566623c92b3dbc7a833
SHA512 26d9291cdc93c951e106bc436ec246587f2e2ef2f70c48831d67d519b43c41bcafde4bffc0d9c09e002bc4822f4234a2fc805e6e1f5b33d461de1524f9a428a6

/data/user/0/com.juzifenqi.app/databases/logdb.db-journal

MD5 a42494fc6c8803f892e5e4d8e7baccbe
SHA1 e5da5d4d0ca2161a1f1002b6e02f9790588b764a
SHA256 61c4ed61b8fb54fb350cb8dd87503bbba8140e57b33781b405efb4da28196637
SHA512 f092acb6a3631246fe6ad1a35a315a8f0b0c30e64293a8ae0fff298fafeffaee1a8c9b51543e4c2c32940aa852fe42fcc72fe1cef0e92852d62f637922a85f47

/data/user/0/com.juzifenqi.app/databases/bugly_db_-journal

MD5 96f06a902f3188dfa17ed3c143718044
SHA1 3cd68acf336200fa0706dd08256bd96f59b70cec
SHA256 b5cd16224705b2f8dafca2dc3ba9b7c9c50a161a171368987c64e464532d05ae
SHA512 0c3a5591457c3fe539d39dcc62aa3325831d84d24e52b5815fc9b3c46c8c4f7a2bfc9a8328da00569696806424050b6b6ea615f341ee6b65c16cd0741882791b

/data/user/0/com.juzifenqi.app/databases/logdb.db

MD5 272c9eb9a3670016ffca8a43eb13d5a4
SHA1 1d57145f98669c9b75668ed59121ec8acd00b2cc
SHA256 968726991631a641ac8a30d826c1b72dea959c35b70dde589fe058fa9ff8363f
SHA512 4dae5fb941c19f5532aaf05ad98ac95d811c8373245a1f372caddd11db5b5ff8e4d4982c282792757cd24e513bc7cd6a451ab937c82514fc83f6a7af58179a36

/data/user/0/com.juzifenqi.app/databases/logdb.db-journal

MD5 fe76c9309e2105923628f3fe5452f1e4
SHA1 a4e83bc96c23de96c8028be2947fff6ea4bb7188
SHA256 f8e8d1f5cfa5f323b00b30849acacb1cf11fd03ebe09778a68060443d5c9b78a
SHA512 cd2557578827f4a8e30fdbe17d5b96f9549f49197c345fc511761b60b1d00828cd8214926813601353583b7d0e3e346e5dfd1b7bbe39f6df1a31234f24716c89

/data/user/0/com.juzifenqi.app/databases/bugly_db_

MD5 b77649ff06cc036e9de4bb0d4752915f
SHA1 74c00f2da61b2a56996b46088e920e402f36e78a
SHA256 9cbf6d6b53b607a288d3c1ca62f443af5e63930b02df2d0bef366fe48a61ebba
SHA512 34f84c3c6aab07331d7f511775cd175f28cd32d2d40f8cf4205b854877c13e0d523abac3715ab6541bfbfe0bcf04191046bb7b4daa69d4eb066f42f06090964d

/data/user/0/com.juzifenqi.app/databases/logdb.db-journal

MD5 a5c1b0b8168512c07e711e6e91212fc3
SHA1 def062dc9022d41b6e6fc0c1d6f367393074c346
SHA256 44b0721974eeb357df9fbe584e05e6f5a11f53bf8efbbe249e82eae9791abc63
SHA512 e744dfb75472892ba552c927620087ed018107feb0d8b23eb0253155450777810d66f0ef13c67e36ed6d1d2fd1c97f0127efc01b60e40315e2f0807a01c1f0df

/data/user/0/com.juzifenqi.app/databases/hmdb-journal

MD5 32b0f1be6038bb0b18531f01fb153a11
SHA1 787e410bedcb68e3d93b5d037949d8570b1e6974
SHA256 5a867b85232f580cf99d61fe963a5afded31c53aabfa438a620aeb3f176bdc6d
SHA512 0bb3e9685ee13661561f75dc1427bffc1e0e21bf4cd9073a6dfdb26b2956d982b7ab228e7ea5264b082d672845ed7565858990c02eab6ef172c5c1a9de9ce9fb

/data/user/0/com.juzifenqi.app/databases/hmdb

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/com.juzifenqi.app/databases/hmdb-journal

MD5 d813f45dc49e99478a2ee2a15d14b9ee
SHA1 a9a5201817baaf0a83bbddd4e73b94ac6aa1b59a
SHA256 71933d6fac96d49950a05c8ed2ca718e7ed73253ac5ca5454da15b1288653f3c
SHA512 b44c5e5f04b4b69fe90b08f26e666c4c8a1f367daa264e247314cceef433934c1273175aa004004986bb402774b35cdbf5042e96a5dde32100f076bf56d80449

/data/user/0/com.juzifenqi.app/databases/sensorsdata-journal

MD5 e49f874d07dd8b527dca98e7cf1e585e
SHA1 ad05165600558e271bfa72bf7001ac2a2fb01cbd
SHA256 81049943be36555b4d65d2baa8739b993889a621a30643393f2c8bfc91173943
SHA512 542dd2222f3e9810fa1566e2e574888d2d270fa45c02b8f298da7ccc707d2585507c95e757800411b5c635a684790c456f78199f13d2852526c987776f7ecfd1

/data/user/0/com.juzifenqi.app/databases/sensorsdata

MD5 c849ee5946eef9bfa7d82b2eaecbaae8
SHA1 3ac1fbb0f40bd931b0b6cc1d13cbe9ff8dbbac12
SHA256 4b154a8679f95947b0092e34ae0556d4decf41bc2d856addd755acfd0432203e
SHA512 f9368b69cef238a2368b0b63969c7024a8bb320f40f381f5d2f9ef44d99e8dc903bbcb5ade7d043f7f8c67f6e20c63d19406f7f44a86d178294d5fe49f3ec963

/data/user/0/com.juzifenqi.app/databases/sensorsdata-journal

MD5 13d609bd5505135b2dd05ae77b2e4f56
SHA1 af6a2cba01cb21842125a8a00eec5ec1ac9eb225
SHA256 efa4a6d6a0e871a6841642a98adac54f887e2feaba25f132f0005843d354d454
SHA512 22cd213ca06bdf8ee9519750b3653bd059a3d3ca8e0d0002a779595499a486c48ee33a6707095f6e12b4a2cc51dcdec85538e858ac337470e915eac1e9b70a71

/data/user/0/com.juzifenqi.app/databases/logdb.db-journal

MD5 0398b3e312039996383eec00d5fa9f7d
SHA1 183313d11fefa501b8de8ff3abd0a229013a8414
SHA256 e1e35755d994800e74485a9372a623d9474a2eb11e54e4c118be3c6bb8c71af5
SHA512 710a5f276a3c685d3219201784e4f94c46ce1f9014190a9af9b2f011235bd31e67cc636f7c5137b0539cd6c8d081ccd161753f2cc0f1792caf71f8110ad5e5d4

/data/user/0/com.juzifenqi.app/databases/sensorsdata-journal

MD5 18d88a220e4332ba70651ca8e7530a50
SHA1 ab48506b7133a617c49d438491067e89bd61c24d
SHA256 f8d1dd451410db6cbedb97740c933bc2b096814cb6818956ab7591fe7975dec2
SHA512 b0a57c0ca4e6fe44e65865ab47a8d47b0baa6e23f86276236fbf5a1860858e1661bed552d6e0baf483496c114de79dfda7b4b4cb823073fec8b14ebc82a56c7d

/data/user/0/com.juzifenqi.app/databases/logdb.db

MD5 9aee8423125ba5397cb9244bead68f33
SHA1 faf96cc1db8245c96da123ae2bd76998cbfcaf15
SHA256 365216e10a84db0c50ab5d77e49d6e7287652b8be9285cbdbd83bb1a09fdaf3b
SHA512 9c5f17de101b27ad2592f67436a169b2030efcf2c154b8a82502796b008a0ede1d9496ba2fe6bdce95288ba2189203fc84f93d030a38fd37dab605c279647f38

/data/user/0/com.juzifenqi.app/databases/sensorsdata-journal

MD5 c8767ebbbbc9a045ea2c511dcebfde78
SHA1 98510772bb862c21ae20fbc94cb1040fd128af7e
SHA256 b91290b34f12c48b88a2b448b6501db8964c2ccce5c9f73edc72b1cdf07b7c9d
SHA512 f01cae402f3acfcdb44a1e9936088d50526a4ba1055521a20d759acd7f29be8e7691705569652fbf730a525029f85faadf0e27e6572c6e1cfea94b1517c1eb97

/data/user/0/com.juzifenqi.app/databases/sensorsdata-journal

MD5 c0be87b6f6ed3ca223af232617774c30
SHA1 ddb445fb69a3fc8b465c727fc60b0eea17f216f7
SHA256 876dfcc2dc63c608675e452914c818f10cd43298cf6fdbd21678eea422187c26
SHA512 17f25231c5cda48ad31498f7feec2e53be9cce8c31ca5c9195189b8351301b021015640e19817c0afb266c70aead6a577062863c63b6d2e39bf543816690c2ea

/data/user/0/com.juzifenqi.app/files/libcuid.so

MD5 f1d8016ff27afad5c97f0050cb6e47a9
SHA1 09774d2448059ac6ecd887ce7c46713feceeb031
SHA256 4ace5e2e266bd748b15e0e43950a2e3070484d4a016c9fcfc95e7d2063ba9d88
SHA512 657cb8de2ac7366da87d50a4c791b7e64b86887272af3666df684279affb5455ae80953928530049e17af6dc8864d86c41f9be80f632f84c2fe7815512bcf001

/data/user/0/com.juzifenqi.app/databases/bugly_db_-journal

MD5 f785aa5524ef829f15f7feef56db5d46
SHA1 d05ef15d2aa644fa29bdcb662d140691464844cb
SHA256 7aa9c8ec7d46ab0b5168e04081097122ae1823f9e45517b8df575ba5776423c5
SHA512 8eaf562a6adf0851c4808557f60a6affda34d0312f6e254069b4436f37f439eded50691dee9c3c6fcc0509d6e32daa0e7dee053ff679a49f4318f0209a9247de

/storage/emulated/0/backups/system/.timestamp

MD5 2632a7c4f925483114c0031ace1a4b1b
SHA1 d296b5f725f497c2137e67b84fadbd8b8eb46f94
SHA256 12c6c72103b27face3fbff0fc8bf4c6d0593482fbd1549ff40f6a8e59e1db3ec
SHA512 f6a35cbc44f91181285a84692d15a88377c76d3f4a9a3f97f7eab68dedf77aadeda2b2faeec65a6fce5ba6855d1ecbb3669fae7bc45c627c9cc01edc3a07af33

/data/user/0/com.juzifenqi.app/databases/sensorsdata-journal

MD5 f2278d9c07f9025dcf2db454d82f7e24
SHA1 d496b12acece2272b8b209ac7e89d70ff1036fff
SHA256 665bbc79198684c2209cbe848bcfa64cb749799efa9fd23997370b5a096fd190
SHA512 3274bca12f3feaef001e95759ec239b0576003916e58ed7d5bda1d353a06120dcc02bed71a9b5a57d16e849700671a50cc6d54e963e1d3d99ae15b40ca5323a9

/data/user/0/com.juzifenqi.app/files/a/k.store

MD5 7ab674da0f9818e9144f8b2c8169ead1
SHA1 318a4b8137ad932b0e1e61c540c4b4a4a536837a
SHA256 8f341157c090835d6bf14a770bb188eb3e05cfc4ed1bb13ba90d2bbbe8d331dc
SHA512 0d06a65cdffcd5ad23bbc1a542fa3aec1b8fa94f864a3e510c03e262268b56271b46a06b679d0eeae7bc4a7b783132e81641d64e3b683138b02537cb6dd07e32

/data/user/0/com.juzifenqi.app/files/jpush_stat_history/active_user/nowrap/6ef4c394-361e-4462-88ed-5a3da73f5197

MD5 0acc884766269639fbaab0696c7ed7c4
SHA1 a55f5fac56857522648303143d2576ade770944f
SHA256 be68707185dfee57087f961c6ffeff2a3e601ac28d1c6395c61f7ac0334fd06e
SHA512 18d5cd4759ded8347f867f85db3e7f15351b97a432780f221799be74223d9cefd90703d49a7dbd426c0735d3509a52b059d643cbc5e1e63289a790f863aafe46

/storage/emulated/0/backups/system/.confd-journal

MD5 8c72361a87d9c416f4f345855b7f55dd
SHA1 29d96fac87cbc93827f04944c486e9cedc7d8a77
SHA256 d0e17a137b2925b83849310076cce86449c68f08e7cc34116742b62436a3d0e3
SHA512 d3205d61313b5f5230895f73e263a131d8a38a1397f6a476983b5dc9b54840c6679f4ae98955ea643ed161fbd0988eac3ab3149ba1ee07f88dc2a1c949066691

/storage/emulated/0/backups/system/.confd

MD5 49f65de14426c5c4daee2bd0c8aa7593
SHA1 46cbe7556cb76b09cd918be87674194ddd51fe5a
SHA256 b127fa6ec8ed48b6fe9441d9465ae375be6fa9e00b2ee2770a0c24ab3978ca6f
SHA512 5b97010570b100e3b6e845ee4c52aa6541805ad5cdf669ea3e71b8efc94c0e30f328e0ed9cfbe40fa25a44f420d884809315f7685cf82d98bae566020d2147db

/storage/emulated/0/backups/system/.timestamp

MD5 91546ee136abc8c4bd865bcf17191d26
SHA1 6d6ced8db24e832d84011d0e0aa53d1c50a14bb8
SHA256 093ba29d888c2e940d8abaa2953db027e9e2a98bcece5d774111cf4d6e792ce6
SHA512 4eff4db81beb1b3a5920364428a9373405cb43544159eb16325207363d13b87a845bd07ac215b0b6001a9124f3b798e665619ebfe603ad6053d18edf58a2597f

/data/user/0/com.juzifenqi.app/files/jpush_stat_cache.json

MD5 8a2b41e3bc19fec2dc6bfae80a20abc8
SHA1 b2cc5e20d28deb0458aa9c9264a17e8fb70b55d6
SHA256 46b8904461d8383892856d9d2da4eb0064d768f8175a5eef8847d853c1c42a4e
SHA512 79317e005d1aa7c3c4f86bb6325c08c670fa6837cb83f14f0f5ecce804f133d6e937ac1f2bbbffdfc0ea99126205eeddb5b68e859550bea6eec89dd6492bf0bd

/storage/emulated/0/backups/system/.confd-journal

MD5 5a21a92e1141c8b4b5fb49c0af9eaf11
SHA1 ed69b76f4fb81c456dfd2a35ec82cd04d6e5db50
SHA256 0fb7a17b8c832fce9b15a48edc4d719c8e1116c903a0166a6524c58deb637037
SHA512 91f1f16adad7acb4ba5a1c8a6e0233c0ae531dfc3b0afa9b1f431aeea2f62c33e640295b9035a10d01ff56df9f9f2443fc5ac37eb674bd3f8bc1843e47b68f71

/storage/emulated/0/backups/system/.confd

MD5 1a3ec29d206fd6fb82095ddc53ec4b47
SHA1 88c0dd0e8eef313f7a5e05806652e7479f1ec975
SHA256 c60cb59051fe64e399b329a766dcd647fdb595807920d613b02ca49953c9df82
SHA512 c8ce3df414fb67321fbb5dff88883d921dddc3313a5df6a47e7c691847356304fe44eb63e57fbe0df6110a957a13915c5c5cb820b3362f97259a89841b565cbd

/storage/emulated/0/backups/system/.timestamp

MD5 21916b76fa9bf22ccf67da098de6d3cc
SHA1 455e596a5c8d0f0c9bda66b989f1177fbb3bdafb
SHA256 f0fd84edb68729a17a88e67f9a6fa4eb7acff858d931115016cfd57bb0aecbf6
SHA512 747c8981f38d3c4cf7b97d980e1b99f23e53a5033aea21d66729361eb5ee896f2bddf1105999363cdd8085b0ac84b6e450801001ae48e3589dd1f3f87086369a

/storage/emulated/0/backups/system/.confd-journal

MD5 1ecd58bffb6eedcb94950a9f917be0fc
SHA1 85640888c7564e4ecc92ff2576b7f6d43b743b35
SHA256 1591fc59f3c9eeaec0b91d40b055b43e904c8f9e051bb1e34257a04f1384a490
SHA512 8135fa4040b7727bfc24081060ec818194639d86dbe42be123fc0ed2546fb38d8a5074b5ca20db32a1e7ed737a0868f2b992e33702ebe4eb0657b4cc0b21baa4

/storage/emulated/0/backups/system/.confd

MD5 26f1f3f09da84b6a4606aa717c71847b
SHA1 7668bf2717f8cb0807766056e2c012158caec572
SHA256 ce51d8dc1aa980236ed3914d6299b12c7591db12d14101754e34cf1e88baeddf
SHA512 542b63b23d92132468e694bdf04d01ff7c105c7b8765268889563c4dd7bb1bee13044c5e6a2fcac4a33858c252d43548e83afd0a62cb886a6bf65ae116a93b90

/storage/emulated/0/backups/system/.timestamp

MD5 c0ba7763f2ee72f8f118722b17527896
SHA1 a6ffa66bb9e2acdac75e23d138f76be050a5ecd9
SHA256 0237cbadf814a2568c395891bb7539b862899a5154f5480e8859d813343270b3
SHA512 f6a9798fa33ff3ac842902b4595786730c64bbb671d72e90443f0c0a369718979e15d1c56dc802c7349bbb0cd6569dc2626f464e9bf06bf9e772190a1e565a9d

/storage/emulated/0/backups/system/.confd-journal

MD5 b3788ed41627b3c8b87863f35563f359
SHA1 096e69c53c73375db5155c3e9a65e47e58678863
SHA256 f3710e00528d7629e37bac40e4cd2ebaa043c627f9dbbfde60a46fa16b96da21
SHA512 fbb9246d138266cc4fe1da1af2ad888b51eea72c9f826edbe1b3843fe633bb61778c18746a5f64b4e25b60ed9a3af20b3791d0f5f24675b4dad7ae7adea98842

/storage/emulated/0/backups/system/.confd

MD5 a2940f42358b4559c4015785c2de727d
SHA1 d3583b7f174f8602ac5637cff8b3221720006ca2
SHA256 a4f44cb9fee8233d57ae94f9fd44365a8a1ba73dfa111c0b1fe74c7c656d44ad
SHA512 b19e76becf2f2e880eb10fab0357a46dc1102df58aceaa5df7f4edf54ddf024eecc7a295e3262bd34a325f524576d38368a456b92f57531414408bd865d6ce4e

/storage/emulated/0/backups/system/.timestamp

MD5 ededca24c912b186f19aa4ab443e94d1
SHA1 84883f7561de82e811d649e4f00cc73709703ff5
SHA256 f94c568e58692f0a71ea8616ee046bc176de7691e8e28b2fc75c4b8e454fda94
SHA512 8339b7f5f11e2eee8584ce527ec8860025f62cf0622c4d82cdbf4a63ef7254dcfb5965565c3f213bb7ceb9fa8ffe6485b1749ee1ea85c0b2d7b9df5396e728ac

/data/user/0/com.juzifenqi.app/files/a/b/4c984fe24161907e5b5b9423ecec3163.0.tmp

MD5 a0e3d277b05a0adefe82cfd7388f15bb
SHA1 3b168e572bc75b4e687fd5b451576b276449a1a6
SHA256 09c0281415b6f71daf8f7002bee335585cecd80e8aa3ee96254bc2766129930f
SHA512 1edbb2977c4654a0b0245aa428d9e4159f21a4aab4b8e9e9fa937bfe5072b7a33d15d5b1bc703c2afc814edcedfb2a92c54ddd8a5f12fd95aee8dc778bc2f764

/data/user/0/com.juzifenqi.app/files/a/b/journal

MD5 d988e35c44259e3e2eb24cf321183ce3
SHA1 25c4b06b45763e5745c019032ce1917f1fe48d47
SHA256 151fe4a69a19709f6bec4e14057c2c17bbefe8bfe0154e18ffc20b3945c603c7
SHA512 6926c28370221e3ed927c0589e1063275aa22b692504c7121741b29a45dad865b9f26f00a7d9171536454450da86419422622ffb26be6b3a25e98e0c213364a5

/data/user/0/com.juzifenqi.app/files/a/b/4c984fe24161907e5b5b9423ecec3163.0.tmp

MD5 e492c22b711955f7a154238823c0090b
SHA1 33f0d63e7473308161616637d5550d0c28af6717
SHA256 5b7a06314a4a76de910ea5c128803e0aefb816b24590ebe9eae26685df402d92
SHA512 2e2df9085176641aacb60dc4da2a5d1a57aea0f9dae63aa8ac44c46e023a1a1e12bc8c6742f16795b9b56befc6913b485b5281e2721742762a7ad733cf5b5172

/data/user/0/com.juzifenqi.app/databases/alsn20170807.db-journal

MD5 82ee962c17ead3eb687f57898b6b5df5
SHA1 afdb069369e49b490e4725ca8c71546140b0a0ba
SHA256 63a30e2daf1a8f97275e16785c8553c664bf80683355e5e8124debe9c8ef9102
SHA512 43b1adfb740cf2b50d14e86213ce7f3130cecd8deccb43c2530d818904106b42d2f6cddd3db77034dea4d6ab5caa6eae6403e7571ed69217cc1a0a2e7f869425

/data/user/0/com.juzifenqi.app/databases/alsn20170807.db-journal

MD5 50e5c3f2dda79a73fe60e9448f36ee0a
SHA1 d69b86e5342cc5e20f83c5d7aa0fb978e66d5c9e
SHA256 4994190478b7a1f5aff55163e6f7262826f28a50311393c003a55e38688937b4
SHA512 cb510112ddabf05beeca29eb068b29de0c6a40066944a77ae34acfdda807e7da6be96f09c32e4231e6010a5cc5d47db90c3344c4a331f91df30a68ef453d9bda

/data/user/0/com.juzifenqi.app/databases/alsn20170807.db-journal

MD5 a2eff946b4a7b226afd6210d22a0ee5f
SHA1 b76ff1613f1cc646d440c7b2dfc930746573495a
SHA256 49c1d1871cda371fbb5723be4cc1b85c876a3d957caf7ac26fa4151158cc624a
SHA512 66ce55a9fd38ceaaf689bfadac4cf5b4c340ece2d62784a02d0b358ae18c2432e89d8148db221a4e65c195f9eb592808fdf3e8b35cefccb3bc832f7c0de4466b

/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-journal

MD5 f79310b50b6ef4623776ca5f7f64cfdd
SHA1 282a113cb7b8b3e950ada11b8bdd49b411049cc6
SHA256 9f6d254abd4836649e31f18412e6666b235db3b980e2392fda5530ecaaa9a084
SHA512 942c6034e0bf3ec0185e8689a0464707b422dcd5452b617decbfc2e075ccf2eb07ee6d337fe6f1ec6f8e9879dd58af03092ec86a95189a117adfbf209256fce9

/data/user/0/com.juzifenqi.app/files/a/b/journal

MD5 08fef6331b3916ae24767e973c108c33
SHA1 95d0cd86b079a6f5e5e7dc7c878a0b556e641f1c
SHA256 484dcbf216faae5605aded05bec01c2e19a415772dfa92a1ca81c826fc1e8795
SHA512 84fbb94181a39abf0d85d43ae7355a069ec760ca8f738e7b4ce7502b584da716c843daa8adb6818f6bbe4aab681b8aa41dc4a1da564c45fcb28fed2daaac1281

/data/user/0/com.juzifenqi.app/files/a/b/5ad6cdbb45b4a14283563bba26a5e0b7.0.tmp

MD5 1b8aa3b29cb4b399d3cdfb03ab38f48e
SHA1 8a07a4f37b51e34c0497c5a3be684ec0e97f6311
SHA256 7b214c7a65c3a474c909285c0ef0203e2b77fc2c382a3e16a31503165993d7c4
SHA512 99267cd0274f94f763483dfcc978b156fcece43ecf5c14704999c1d3f5937bbd7db62f51c2aa2f9ae4553a01f601cd941174141bc25c82535ad1d4711e5d468e

/data/data/com.juzifenqi.app/files/.jglogs/.jg.ac

MD5 90d37da02de8060d561eba13c3d447be
SHA1 67363798e5472dce856995e7c2340a46dd4e706e
SHA256 f76863e96bb3f9b5ab4dfcc073e4ee922719bfd10ce0695af6a1f57600174805
SHA512 151915d1e182487fa23a3d7745a2aa23841604ed540f07b6ae9819bd8b7989c2044e35ab534b55234b22d4a427b7b99e6a67f2a18167f75304de332d35b8ac88