Analysis Overview
SHA256
67f44030f3cf48c748ec971c0b69e39f74cf9e1a6f8811dc67e5bd96795aba71
Threat Level: Likely malicious
The file 9b4aad42335cab7a51c975ac94ff3d7b_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about running processes on the device
Obtains sensitive information copied to the device clipboard
Checks known Qemu pipes.
Loads dropped Dex/Jar
Requests cell location
Queries information about the current nearby Wi-Fi networks
Checks known Qemu files.
Queries the phone number (MSISDN for GSM devices)
Requests cell location
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks Android system properties for emulator presence.
Reads device software version
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Queries information about active data network
Queries information about the current Wi-Fi connection
Queries the mobile country code (MCC)
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Declares services with permission to bind to the system
Requests dangerous framework permissions
Listens for changes in the sensor environment (might be used to detect emulation)
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-10 16:21
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 16:21
Reported
2024-06-10 16:24
Platform
android-x86-arm-20240603-en
Max time kernel
174s
Max time network
179s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
Checks Android system properties for emulator presence.
| Description | Indicator | Process | Target |
| Accessed system property | key: ro.product.model | N/A | N/A |
| Accessed system property | key: ro.product.name | N/A | N/A |
| Accessed system property | key: ro.product.device | N/A | N/A |
| Accessed system property | key: ro.hardware | N/A | N/A |
Checks known Qemu files.
| Description | Indicator | Process | Target |
| N/A | /system/lib/libc_malloc_debug_qemu.so | N/A | N/A |
| N/A | /sys/qemu_trace | N/A | N/A |
| N/A | /system/bin/qemu-props | N/A | N/A |
Checks known Qemu pipes.
| Description | Indicator | Process | Target |
| N/A | /dev/socket/qemud | N/A | N/A |
| N/A | /dev/qemu_pipe | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.juzifenqi.app/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex | N/A | N/A |
| N/A | /data/data/com.juzifenqi.app/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.juzifenqi.app/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.juzifenqi.app/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.juzifenqi.app/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex | N/A | N/A |
| N/A | /data/data/com.juzifenqi.app/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.juzifenqi.app/.jiagu/tmp.dex | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Checks the presence of a debugger
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.juzifenqi.app
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.juzifenqi.app/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.juzifenqi.app/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
com.juzifenqi.app:pushcore
sh
cat /proc/self/cgroup
/system/bin/sh -c getprop ro.board.platform
getprop ro.board.platform
getprop ro.build.version.opporom
getprop ro.build.version.emui
getprop ro.vivo.os.version
getprop ro.build.display.id
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.234:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | fp.fraudmetrix.cn | udp |
| CN | 47.101.54.163:443 | fp.fraudmetrix.cn | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | abroad.apilocate.amap.com | udp |
| CN | 59.82.44.11:80 | abroad.apilocate.amap.com | tcp |
| US | 1.1.1.1:53 | s.jpush.cn | udp |
| CN | 1.92.77.21:19000 | s.jpush.cn | udp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 59.82.44.11:80 | abroad.apilocate.amap.com | tcp |
| US | 1.1.1.1:53 | jzfqsensorsapi.juzifenqi.com | udp |
| CN | 39.96.165.11:443 | jzfqsensorsapi.juzifenqi.com | tcp |
| US | 1.1.1.1:53 | termib.juzifenqi.com | udp |
| CN | 39.96.165.11:443 | jzfqsensorsapi.juzifenqi.com | tcp |
| US | 1.1.1.1:53 | hmma.baidu.com | udp |
| HK | 103.235.47.161:443 | hmma.baidu.com | tcp |
| US | 1.1.1.1:53 | sis.jpush.io | udp |
| CN | 124.70.128.38:19000 | sis.jpush.io | udp |
| US | 1.1.1.1:53 | acm.juzifenqi.com | udp |
| CN | 59.82.44.11:80 | abroad.apilocate.amap.com | tcp |
| US | 1.1.1.1:53 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.196.118.23:19000 | udp | |
| CN | 103.229.215.60:19000 | udp | |
| CN | 117.121.49.100:19000 | udp | |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 59.82.44.11:80 | abroad.apilocate.amap.com | tcp |
| US | 1.1.1.1:53 | im64.jpush.cn | udp |
| CN | 1.94.2.18:7008 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7004 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7007 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7009 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7006 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7002 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7003 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7000 | im64.jpush.cn | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 1.94.2.18:7005 | im64.jpush.cn | tcp |
| CN | 1.92.77.21:19000 | easytomessage.com | udp |
| CN | 124.70.128.38:19000 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.196.118.23:19000 | udp | |
| CN | 103.229.215.60:19000 | udp | |
| CN | 117.121.49.100:19000 | udp | |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | im64.jpush.cn | udp |
| CN | 119.3.188.193:7000 | im64.jpush.cn | tcp |
| CN | 119.3.188.193:7006 | im64.jpush.cn | tcp |
| CN | 119.3.188.193:7002 | im64.jpush.cn | tcp |
| CN | 119.3.188.193:7009 | im64.jpush.cn | tcp |
| CN | 119.3.188.193:7005 | im64.jpush.cn | tcp |
| CN | 119.3.188.193:7008 | im64.jpush.cn | tcp |
| CN | 119.3.188.193:7003 | im64.jpush.cn | tcp |
| CN | 119.3.188.193:7007 | im64.jpush.cn | tcp |
| CN | 119.3.188.193:7004 | im64.jpush.cn | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 1.92.77.21:19000 | easytomessage.com | udp |
| CN | 124.70.128.38:19000 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.196.118.23:19000 | udp |
Files
/data/data/com.juzifenqi.app/.jiagu/libjiagu.so
| MD5 | f0f9ef36b67807a253b5932f865eae7b |
| SHA1 | 6a8d66c6efa2750b54cb763f4ad044bba4154e0d |
| SHA256 | 646dcd8290a30e992553186392239da39ce7c8e7c2fd87b3d6a880551782db75 |
| SHA512 | e7ea65467e557e4992e746d808cae3e2d16b42187b1a94326c47c689cef9fe21a2a9d2b312c60c8ff40e128dacbde84cd6b93a191ae38496584a45fe60c04548 |
/data/data/com.juzifenqi.app/.jiagu/classes.dex
| MD5 | 47264f01a77bc5e0b9aa9da9006e4fac |
| SHA1 | e73b2a125db32d2e99f0fc2fc61fe0f7c1e1319c |
| SHA256 | 61e973f3880f11f5e2cc40ef9fa02a65aa43c3dc654eec190a8f50f153972dc9 |
| SHA512 | 7d36113292d19fcd03cd790bbe02c2372fc49d8bfb8ff19b331af49dc7db98bf6bf14579e3c0ed5d35461f2bc6159fd4c92610f17adf5749ff704c7a074ce027 |
/data/data/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex
| MD5 | 7e9467b5478e0b443fa19631afd9e63d |
| SHA1 | 13e7c01aa9cfbf2c1996ecc86c7f36b0e03e451a |
| SHA256 | 11a6c567453575ccfa2c66744710fff50996779c349c45903d6bd3006237be57 |
| SHA512 | e3e70a29735f720ec095eb1f416609494414cde83a82476e2e7b45caeac5e05dcad0df6c060ddb0d2057b6d4108686bcbc05e645889b23ec2aa2b3a15fd5f86e |
/data/data/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex
| MD5 | 6e980eeef009cb1a890a5f895cd82214 |
| SHA1 | 147d7216d7a00c066856db4a3ba129f61a0e062e |
| SHA256 | cb5f7b1254c294bb752d912231cdd6db00ce62c56656354db8bd052f432e10bc |
| SHA512 | 5dbc6206dcedba15464a3650f9230e57530730e58c1625cd2a5623e913b699644067888f021f298ca9230fc731ee870c261927b709339717a1c4064bc1b054c7 |
/data/data/com.juzifenqi.app/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/com.juzifenqi.app/files/.jglogs/.jg.ri
| MD5 | d77a0060d57593c2fb0e72ebf95831ad |
| SHA1 | 1e93d417a57ef587c9d10011f7c62f9bd1549287 |
| SHA256 | b0adbe0c251fd75ec2aefdd43573a00acb8d5fa0cc2171696fb83917fbe3953c |
| SHA512 | 4e0bbf4f5b2eaa0a37d9e91583374cf1413dea753505d5d413af5f6d33dcb5e3319de1511ffdb7317cbd53a358de641e2105f3e63ce8780e415dec441525aaa6 |
/data/data/com.juzifenqi.app/files/.jglogs/.jg.ri
| MD5 | 05c5b62cc3504dbb69e6dc289f4f9f81 |
| SHA1 | 1cca015597cc87f4421c7965af8004a3b4334b31 |
| SHA256 | f5fe4a5dee2a34c042e988cabe0b41fc5290135aec4bf4178d0e8a931418a9a6 |
| SHA512 | dc37ddba9a587eaf3d1fb7176b8959d3d14c95717748a4117a0a3621074c2f365d03a61f6c5e86467a92f75d966ebebdccdacabb83992c8dd3d2044ac18690c7 |
/data/data/com.juzifenqi.app/files/.jiagu.lock
| MD5 | 1e749ed4cf792a31d7e9cf0a968784a0 |
| SHA1 | 3480c0d7fd846b73f946181411da309829e45483 |
| SHA256 | 0569cbc8b51df48b4d0b5b87f1156b8318c34e69fd03cb828a58dde865d7b2d8 |
| SHA512 | ab0e545f420673dadd946a2d9640efe6093828e8426c1912b43aab94a6e8d8b82854468b31f9fdca3e5947db9a397d737e172db5ccf4bfb82699a7cf9725a73a |
/data/data/com.juzifenqi.app/files/.jglogs/.jg.rd
| MD5 | 3fe30614d7e0d11db870b4624f6c50e0 |
| SHA1 | 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533 |
| SHA256 | 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d |
| SHA512 | c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae |
/data/data/com.juzifenqi.app/files/.jglogs/.jg.store.report_pid
| MD5 | 937064131af92d70ff7443224d870714 |
| SHA1 | 35a5d3d6167e3cbc4a2a0b3d8ad7a34647ed3324 |
| SHA256 | 6ba02daaaa1c593fffb1ea97458a387aa8fa3d5ced1ea9de84bf1f8291ee1bb7 |
| SHA512 | b9ea8b286736a7d7971bab26cc11d36f16c35bf9b0d535ce7b9e307aec750569998517f3073058218035502b8af44b4559465fd3d242d451cf6f9eb0aca5f13e |
/data/data/com.juzifenqi.app/files/.jglogs/.jg.ac
| MD5 | d95f89fd13ee8247608ec234e8de3390 |
| SHA1 | 71be3295d0de421258b58b6703b9b17f7fbc0c9d |
| SHA256 | 38eaacf73e6cdaab635e7b8589fee2085578b260e355acd28054ef445163afcc |
| SHA512 | 23a9428c6d3e9c26ae0ba80de2c1516678244d25ece7b1bfaa74cc04744f32fae4ce185c43cd829b55ad50c0b23227af7a76aefe26c43691a5386df069e2c7bf |
/data/data/com.juzifenqi.app/files/.jglogs/.jg.ic
| MD5 | ef8849f819db03cdcfc2c7861c64d19f |
| SHA1 | 5a6af223a7ea5072b93835930031914d53220e7f |
| SHA256 | c0eceb8042a583476239ee6e64dacec74f65a726e8a46d7e5541c1b8eea602f8 |
| SHA512 | 6f984e775490c8b5390023280cbba85c4172a76d5b587897a954badde28d4406ac111e69f8ef8111e2c34e963ba7ab76dde371b6c52273c34628aef1849399e4 |
/data/data/com.juzifenqi.app/files/.td-3
| MD5 | 2d90b600c98d75e222a7e376b3c6f445 |
| SHA1 | ed0fac24e7db077bde6a0c4261dd07ba45e2d518 |
| SHA256 | a65272624522ddb20147cae8618d57f09b05d6d500b28d4c74bcd17f60ac1e17 |
| SHA512 | f790cec0c56476095c0e91321b98598fc2f0136582b207ab7de62a3a16a5e62e044362dfd75e054b75818c518794ff3be647bedb6f02aaa34b16eb53f34a9b87 |
/storage/emulated/0/.td-3
| MD5 | 7c439ca97a653d3e7625c081de2df09d |
| SHA1 | afd5671490edad45271c8c6a2a0ca804b17f890a |
| SHA256 | e3946f42b449dd11b76e32ebf109bbdb44df27ad8584c613c649fc3656b77c0d |
| SHA512 | f007dfe0966db5c57dc159ceadab9390f9e8d4b0b90d6efb8b1ea2a85bd396a5bf56bec5e5380db47bc34dd2b17afd1f04c90c3d253679135d0747566979b2d4 |
/storage/emulated/0/Alarms/.td-3
| MD5 | feb4938127347a12c354b1c288e8529f |
| SHA1 | 4df22dddc8a6b6791a68ba65fc0b25e9facad8c7 |
| SHA256 | 831f6157914529924e16211e34abc618b9fe359edccef039111b0697e49fbe5f |
| SHA512 | c39813e1dada3552591097ca59856451bd68808d40e7d3f333716849ebe817217f8b0dc1d5eb8cacecdea5ddf9c04afe61ddb56385ec8c192b910ee8ab71c3f5 |
/storage/emulated/0/JuZiFenQi/.td-3
| MD5 | 71efba51b8c6ce5012eeec1026de547c |
| SHA1 | ab2ff97f3c3f1edef191d630fa43652930d0b957 |
| SHA256 | b40b05cbc6b08e9f6c3b5935481aee776751fe3984dd7fb546f3a7723d666f9b |
| SHA512 | f02d462e2e11c7150a2b8fc009862d188657fd12dc94ad3f848c9633ebe2c18c03f41634f8ce9d563793a652ba60d49d730d5bddc0775ac7c02b1bbb5d9b202a |
/storage/emulated/0/Android/.td-3
| MD5 | f22e57c7d8d87c4d6b111de763a87428 |
| SHA1 | 9737b852c31d221ed8ad4a6addde5d8c6a879458 |
| SHA256 | ab5c59074306998d71f810f74717c6638a49720f3da4f35dbb7a35a5a2af1353 |
| SHA512 | c2bd4e721a037c9bb6601446d8adf6bd13c522202534505d0d63ae678b97156b64e64cebc986a4bf7f1348901add777b052f420896eab5918440a86f67e2b205 |
/storage/emulated/0/Music/.td-3
| MD5 | 9b5d75d8a28966c0d7fe2085393cc5f5 |
| SHA1 | 200b33569d4bd1b5825152792d3eaf987599bbc7 |
| SHA256 | 892beba78232c24f2a50130b16e711060019c7514b274c1c2016b28ff3052ada |
| SHA512 | daac24cc9b8f3db94f26d844976ca38f088373621b2c1c8fc4bae32bbbec55ca7133d64d12272fb39594368433da4ea4a60b04499f5355d5e7c63a225585bbf5 |
/storage/emulated/0/Podcasts/.td-3
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/storage/emulated/0/Pictures/.td-3
| MD5 | adeeccf7f919d9855118113217feee9a |
| SHA1 | eadf7ab070e245ba64b36e2f349a23e4307d18eb |
| SHA256 | a6fe581359de9f4f00f35fd6e70a1ab2e62f70f7982e357273a2e142478ffc0b |
| SHA512 | 7912354fe0b345a9d23ba4311727bfba946557cfb6ec7bd2a8a60d18f8b2e5b9bb2a1e5c95b4ae678f5e3970650d1ed4e7ed4b1767ea396b19a8e6855b882cc3 |
/data/data/com.juzifenqi.app/databases/bugly_db_-journal
| MD5 | a73cf8e2e43a85bd0192fd48057742a7 |
| SHA1 | da37f5674a4a836a46cbe570fbeaad8f4c7b628a |
| SHA256 | 6b9ce80d78eafba6f5dd04da3295cfe2090acb17efef29efd6e4a99271241659 |
| SHA512 | 00d558f78b9e680d279eeccdc0bf52f890eccb47f7978f5410a1715a3af6ba0efa25a44a6623b3d22a2732c49b9f7eaae9938014d1343c780dc9c697dabd84ff |
/data/data/com.juzifenqi.app/databases/bugly_db_
| MD5 | 1c4274aa7a9a5cac8c6d1df71e4588c6 |
| SHA1 | abaecd685e01cc68801292e3dc7085654a22feba |
| SHA256 | 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be |
| SHA512 | 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c |
/data/data/com.juzifenqi.app/databases/bugly_db_-shm
| MD5 | ab2872d7ad30035005253f7c75056e4a |
| SHA1 | cbe7fa70d857f136efdac5fe9bd0a5e3a70bd483 |
| SHA256 | bc70374d5c10adcf2b2f527a350815d4dc81e938a7488a43f54a9778a5c513b5 |
| SHA512 | cac15eca5753c69fdf26efdf64bde261052eaa2791114967f45facd3affdd478b494d2a2214559ef900b08dc4af57c7610d9ef1b803ead41d518e05e43611073 |
/data/data/com.juzifenqi.app/databases/bugly_db_-wal
| MD5 | 356aa954453139c0ee48c34fccf1b9b1 |
| SHA1 | 2f3aaf625215a6a5fd7f6827d3deb81d208c2ac9 |
| SHA256 | 30826f687e8ffa175db5e330acedc7d96eaa1c8d001b88f5af9812581cf3e862 |
| SHA512 | 7ff6e791dab91b9c5c7a832ba2451ed37249ac0ffb1754a7688ee0cb40b86d8dc294015ba666e80a67ad5e433c264de889970eaf3b1fb6cfc31a91b2826b1753 |
/data/data/com.juzifenqi.app/databases/bugly_db_-wal
| MD5 | 907c4afd976bf405ca12586db0d96960 |
| SHA1 | baaa738b8ab05787f9f67328edcca4e6fa072d14 |
| SHA256 | 92b2aa268011d6c6c183384ecf5af240fbda8a7b20dc404ebd2ee607dbaefe1a |
| SHA512 | 9e18d200238adcac1677a3622fe9de3e090496fa9eab3e4b7b33a95d5005e6d83d7dec68b1e50c013a549c53d1137b07d52b6ce0d14adb7db6971f2e9f3307d3 |
/data/data/com.juzifenqi.app/databases/hmdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.juzifenqi.app/files/__send_data_1718036533219
| MD5 | 484b69ebf39d73045c58d82de8a8e6d5 |
| SHA1 | a1a04354339491511a7067f84ce202ecf2d25ec2 |
| SHA256 | a7c04b9b31adc933165a8546d1427e9bbab2d87e64b9cc6bcf2caf3d394a7725 |
| SHA512 | e6bd740360dfb3aad0897ff376db193ead88aa5598c65b12adc7cb517e74bdde772d979bfa3ccd7d83726e883e35fae03817b34fda68615d2a3738580208f491 |
/data/data/com.juzifenqi.app/files/pushcore__local_stat_cache.json
| MD5 | b786acbafa0eec06f7a55df560d643c4 |
| SHA1 | d134f3a02b518abe4503ddd8cdfa97b5a9c62f7d |
| SHA256 | 4139dea84753d8b5682f620fd447a1a263ded3873bf7aff73ec43064745188d8 |
| SHA512 | 16c9725b48c9cce7f23e2d336c3396de274bac330c8be5cc1cc77c3f635e115c9838b386afda4de88570daf2205a68c7dd866d962f13fc11a9161b9339bb60a6 |
/data/data/com.juzifenqi.app/files/__local_ap_info_cache.json
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
/data/data/com.juzifenqi.app/files/pushcore__local_last_session.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | 3ec73e9d85b16d31c1187f0435ca759c |
| SHA1 | 0c828ec33e03e06b7fa0d034c53979c58186a64b |
| SHA256 | 5a580dcafaa20e341be61e0643ac8117444464b1416addc67f9670adc725cb3e |
| SHA512 | 6e0f8dd8414b981c92e5651b9dcfbde438b796694d126de4b4b8997025f1c3c9c5c726875b7185a6276ffe1578dc29e8346f7599aa7747ef180f1fd4d8a1d16c |
/storage/emulated/0/backups/system/.confd
| MD5 | d74a445c6af3afe98125dfe99c3a423d |
| SHA1 | a5456dee4c72ce06bc6988b105357181c3f8228e |
| SHA256 | 3c73396b418b24e76a86e56ceeced3e281384c95b5549027ef120bad9851febb |
| SHA512 | 0acf8b953e40c4cc818bb373ed69f1798f6688c05f6ae94c125451f2f6990a03c03b36cf08e8b3add457df6a0a5340db0ad7216a28eb9de71bddb30960b99e19 |
/storage/emulated/0/backups/system/.timestamp
| MD5 | 7c6a6901e0fd5c23ecef48b36f73bee9 |
| SHA1 | 3248a23a9e340f4c95e252de1e748363b359599a |
| SHA256 | f7847834d57071a7f71871b3d598954b2b413e4b6a5b5f7c40525f8c87c00e2f |
| SHA512 | 12cf33d0658ae62c53d273ae5ea4448641a0c9f79e08b146347659f2f0a3bbdaf726bed115397ae24f95162ac60096f17331029219cc94936958ce68ab647840 |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | f3608105e19dbbaa7f3195103f7b6218 |
| SHA1 | 0ab3afeeea697bc34d78da8a1b0c665d746c12df |
| SHA256 | 5a6e996a2f5125b7c5baf6e433f1a36d884ce563a32322a624296f3b954ae985 |
| SHA512 | 6f71c15d231807275ad75dc3d3034f513e890c664c8ce125d21a7887aced6f83c3d654c9e391c8d82d91ec910cda5a82d39450c11cafc993e1b254974c237f0b |
/storage/emulated/0/backups/system/.confd
| MD5 | 56c2e3245a7d98cf2ffc2788a0a36cdf |
| SHA1 | 9713ad6ea1052b8dd27bef51c36caf7399dcc62c |
| SHA256 | 3eae6ed185010400f46e206b1e352998ed6fffa325ace35106be1b153e59f525 |
| SHA512 | 7e09ef13838a00afd24a41fa72534f709eee6077bcfcb738f248da21ac8ee792424a5f6287bbb29721de23d030a9b4d2909bf8abdc7b9f6f19ab1886ace1681a |
/storage/emulated/0/backups/system/.timestamp
| MD5 | 0d4da73426fb3ce48ba2aee376cc3d90 |
| SHA1 | 04fd402f275f2a9adb5d1a815dc2b60479cbd3d3 |
| SHA256 | c4bf83b6a4695e0d726f7b5c6313a18d0f534c0188fab2438f35f860427e8f5d |
| SHA512 | 21e381811a6f03aa925936babaaf59f724a5377651f88f6377bbec28a768245dd622bfd4bd6409e38228180dbb53f1760253983279ec823bbe3ec5aa6dbdd44a |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | 4b3e4f147dfffbb76017a29aeb5402bd |
| SHA1 | 4c912ce366a4d0da0eb80fe06958a8f24b0eb446 |
| SHA256 | 8e61f84585478c2917c87588c04a835440690ea71e487c0eb3a375bd3fe2dff2 |
| SHA512 | 46198872cec836162a17ca13b9670baa031acb6a024b33d313ca625beac2230bd8e3c7be95bfb716d1f7a22c7d96a576033eb34cf3e78bcf0643137313c23dff |
/storage/emulated/0/backups/system/.confd
| MD5 | dab618eb4ea0e410f99a53e25f787093 |
| SHA1 | 3a559c04f66715e9ef1273a210b7235c4364b296 |
| SHA256 | 7a1be49a73d3a25b29888cb672a25ebdba6485fad721ab56a8015947af09dd16 |
| SHA512 | 214b8c9250dae68591eabb112f7df639f5a7e2ad2569b8a39349e15986750361ff427127cffb24cd50706b96864a664d36e8aa6f7f2b0801dfdf758757df1bb4 |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | f3fe315324d11f10bfcebc1a7fc29058 |
| SHA1 | c85d50003e7663c49296dd9d9d244cea97415883 |
| SHA256 | 77b8b142c45d707147deb31063fa122f609e02a940c6ee010e276f7c457ca7e7 |
| SHA512 | fb8d0d8f50a729133c50425f82d199de7edec4c9954690b4fb99386ebaf8a2881d40ec5c1fd440c5e1530772cd5c3089d49822a3b478c5eb435a14a682d652ec |
/storage/emulated/0/backups/system/.timestamp
| MD5 | e6a88aa0dbf943ac2e23775a73674add |
| SHA1 | d750d7872b8198e696e6bbc8a0789383b8380051 |
| SHA256 | a338f5592ed12338290d20b38bd9a0ae07b076d85dd6699202009434bd6923e9 |
| SHA512 | a967240bb9b062b68e61a596e2118ecfe658e393d56e4863ead28326eb49d2bab6e099d87811fd891cdad0b8d3acee520fe0f3365a9921f09953f51f0979e254 |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | 5aea03a06949b54780931af1e24a1095 |
| SHA1 | 5db0bc6335e9be9d38857509c44e98a032fef0e9 |
| SHA256 | 934cb5f6670b2b9b54b1f71afbfa926fc90713940b2288e9d90cb066fdc43223 |
| SHA512 | e9ccdf8e2a45dc747f71ed91acd2d8342b7826322a2e6fb5fd8300111e5eaf758e37b98d2a1976ec904bad836df8f6ed59410bc530d693959183ab2b66993f29 |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | 241b78e7e2318386b0faeb67cf54c89e |
| SHA1 | d7178505178258f93c6d1fcd61439dccecad4767 |
| SHA256 | 7a781c20887afc49e6a2425a7b7874fe09b350ed3fb22d78948627d0fb3dfeea |
| SHA512 | f47bd26b485fe4a3a9f794c1a66ecfbcdf6fe7c22f66ad1d5d79bd140864d0c872d7689706e2785b32c64a23d8cb9fb4d378a62c2fd1e9fae14ac5795270413c |
/storage/emulated/0/backups/system/.timestamp
| MD5 | 70b4f30368c2b252a0c7acd764b2e44a |
| SHA1 | 01d28e195c0c23f1b0898e207e7006aea2d89577 |
| SHA256 | 79895b219347cff385230475d2c79c8be65b62cd85ade9189947664df09b74f2 |
| SHA512 | 3a8042630eca9b06b64cc6f965bf5c2c377a3b83925af2c93ac8d4083056708b2484c4826bfc72247cbf7814fc3c722a1451ee53973b0225f19e569ce1f65913 |
/data/data/com.juzifenqi.app/files/a/b/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/data/data/com.juzifenqi.app/files/a/b/journal
| MD5 | 0cf77f36c527abcba3e91da23011c1bf |
| SHA1 | 3bd240ceb6e24c9ceb3e2ac8cbaab6cec10cdfdf |
| SHA256 | a6bb2d97757402adee9ec84cd2497f9e23a9408d3ac4f09f2d8fd23066cad0b6 |
| SHA512 | 6e6e40d6ff7a2e539b81246e9176b4ee18937c9f7884592a91b7613f4eaa754c54c97dde39c6c7c81fbb6901231c3136a288c801bd3c654e58bf24a29112cca4 |
/data/data/com.juzifenqi.app/files/a/b/4c984fe24161907e5b5b9423ecec3163.0.tmp
| MD5 | 00ca9212ed65ea4b7871e07ad7209c09 |
| SHA1 | cb5354f9a93d8ba3c935a3902c9f43b6ccb43715 |
| SHA256 | 0b706cdf289470300a2dd49f52bae1a6d8a96fc798994fcc8ca228de3125b615 |
| SHA512 | cabee2b7ecd5f301fe54761de6d59690dbd3f0af5b7c11053987d66a46c43c731ad442d7bca92addc500c7efacc6ac0d6e4c8d169d0f2251b3df05dc8afddbe8 |
/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-journal
| MD5 | 76f8dd0727079a0b15541b292000af9e |
| SHA1 | e3aadd97d43305ca15dd1c2200e6cce6ff8ab8c9 |
| SHA256 | 1ed20daa77cb1059e689668fdb12f6d198eeb87d66f19f61ff6319e39af5b230 |
| SHA512 | f7b0287af9052477661cbc799c987b7891b39ad16c5881aa258949cafb4f14dc08289fea899362be48a0ad2cbf0e82d9b2c5928a3da67f4694cb0a7f781b5195 |
/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db
| MD5 | 731fba9d21f23915576ea5dc2ea3ffb8 |
| SHA1 | d1fdbc209db8b71d1b4e5341e75b8cc88647146a |
| SHA256 | 87510194f38897a04cd1f80bd6fffc3344fa8ef21baa61de020a2e790a7268ab |
| SHA512 | b643177cf3a30543342d3a521a2dcfce70df4ec450b040e2b61d8692bbed4b3cde2f9f304cbf496869b89455e3cc6a501e8ff720edbdf0f6898e6a5f31fec25d |
/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-wal
| MD5 | 053e2edb290b1fd0f49042469760a868 |
| SHA1 | 3773a9562954b36c732dba3519e47a85721e10d9 |
| SHA256 | e5de9502d3a226dedfb649cd163cb5b904ec0dc8180d4366d0353f2946279472 |
| SHA512 | 985bd0b73495a24a2a3e5fce8097fde555efe54513a4444351e7c68e7fb3f070350890dd6ebe5aed50b7b78f6c1e421436b6d1d82ae5b096675dae50d251bf6a |
/data/data/com.juzifenqi.app/files/a/b/journal
| MD5 | 6d2364b0056a6e3b52009ab9043d0e0c |
| SHA1 | b6ceb4206c772bbf184627857392bf73e1efa5aa |
| SHA256 | 55f2f695596fbb27693f46c5422b6793b4545e366aea03b98d2ddaecbe87dc21 |
| SHA512 | 4b624e2f810b5cb833f59ef80e903adfb5409b45f7e6f9d3e13573af78319b48d20060bd61a46164f0e4bdeff0d63afe6b656e6c5efe2240d5382eab782b652b |
/data/data/com.juzifenqi.app/files/a/b/7de3252ce9028657c0cf8392d54a6b72.0.tmp
| MD5 | e5759f48de3d876c84bd67e71c6677ee |
| SHA1 | b9d10d4815fe9255ab9438a859550981f3e5130d |
| SHA256 | b2d547a7b929afa33363e5ff11fff9d95feb9aab6e289e70561eb46a43566b87 |
| SHA512 | 1fca9095fb2ff9c5fb222327c73ce827bbd7b71995ccd43ec56baf21f74acd5129f3f8a81d7480e2fb4a8c48cfe22acfbf0600076c94504ab9427d05b8d31f12 |
/data/data/com.juzifenqi.app/files/a/b/journal
| MD5 | af3ca01a532bfe458ebbefe69637f4fa |
| SHA1 | 4d2e57be64d3aaeef2465a974a40a8d7cae378a5 |
| SHA256 | 173c8c37426d7eed2f904e3af44bdde5e5d4c1375e2e458f3a6cd48a7ec6efd0 |
| SHA512 | 520bf2de3078abd8d7c2e3aeb19bbb433d243c2e4a0f425a4345a3f74108291397e2e22414091981c71ae90ef09ffa665d7369b17217d718ed7b6fcc42cd7aaa |
/data/data/com.juzifenqi.app/files/a/b/302ba74a656c04e34a61632854136ab2.0.tmp
| MD5 | ad7d42fae9f92339fb463b60ddbbfc6f |
| SHA1 | 2e84f1cf2daa32eb571a871d6b66e4341fca6801 |
| SHA256 | ed83b1c7c61522b8cf7686abc25e1cc1dd52f8634cf0b01b1c2400c2b5de71ab |
| SHA512 | f151d25bfbb6f7254b7c634126828e282ae2df6aacd84e8d9b378085ff006ed407fcf81bfb90c37930187396b95a6431672867b08b6f3df77cf2f7a1cb4fec6d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 16:21
Reported
2024-06-10 16:24
Platform
android-x64-arm64-20240603-en
Max time kernel
178s
Max time network
187s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /data/local/bin/su | N/A | N/A |
| N/A | /data/local/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
| N/A | /data/local/xbin/su | N/A | N/A |
Checks Android system properties for emulator presence.
| Description | Indicator | Process | Target |
| Accessed system property | key: ro.product.model | N/A | N/A |
| Accessed system property | key: ro.product.name | N/A | N/A |
| Accessed system property | key: ro.product.device | N/A | N/A |
| Accessed system property | key: ro.hardware | N/A | N/A |
Checks known Qemu files.
| Description | Indicator | Process | Target |
| N/A | /system/bin/qemu-props | N/A | N/A |
| N/A | /system/lib/libc_malloc_debug_qemu.so | N/A | N/A |
| N/A | /sys/qemu_trace | N/A | N/A |
Checks known Qemu pipes.
| Description | Indicator | Process | Target |
| N/A | /dev/socket/qemud | N/A | N/A |
| N/A | /dev/qemu_pipe | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.juzifenqi.app/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex | N/A | N/A |
| N/A | /data/user/0/com.juzifenqi.app/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | s.appjiagu.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Reads device software version
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getDeviceSoftwareVersionForSlot | N/A | N/A |
Reads information about phone network operator.
Checks the presence of a debugger
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.juzifenqi.app
com.juzifenqi.app:pushcore
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | fp.fraudmetrix.cn | udp |
| CN | 47.101.54.163:443 | fp.fraudmetrix.cn | tcp |
| US | 1.1.1.1:53 | abroad.apilocate.amap.com | udp |
| CN | 59.82.44.11:80 | abroad.apilocate.amap.com | tcp |
| CN | 59.82.44.11:80 | abroad.apilocate.amap.com | tcp |
| US | 1.1.1.1:53 | s.jpush.cn | udp |
| CN | 123.60.31.166:19000 | s.jpush.cn | udp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | jzfqsensorsapi.juzifenqi.com | udp |
| CN | 39.96.165.11:443 | jzfqsensorsapi.juzifenqi.com | tcp |
| US | 1.1.1.1:53 | termib.juzifenqi.com | udp |
| CN | 39.96.165.11:443 | jzfqsensorsapi.juzifenqi.com | tcp |
| US | 1.1.1.1:53 | sis.jpush.io | udp |
| CN | 139.159.137.254:19000 | sis.jpush.io | udp |
| US | 1.1.1.1:53 | acm.juzifenqi.com | udp |
| US | 1.1.1.1:53 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.196.118.23:19000 | udp | |
| US | 1.1.1.1:53 | ez4q2.cn | udp |
| CN | 112.65.70.244:80 | ez4q2.cn | tcp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| CN | 103.229.215.60:19000 | udp | |
| CN | 117.121.49.100:19000 | udp | |
| CN | 59.82.44.11:80 | abroad.apilocate.amap.com | tcp |
| CN | 59.82.44.11:80 | abroad.apilocate.amap.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 39.96.165.11:443 | jzfqsensorsapi.juzifenqi.com | tcp |
| US | 1.1.1.1:53 | im64.jpush.cn | udp |
| CN | 1.94.137.47:7009 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7004 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7007 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7008 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7005 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7006 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7002 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7003 | im64.jpush.cn | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 1.94.137.47:7000 | im64.jpush.cn | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | restapi.amap.com | udp |
| CN | 106.11.43.113:443 | restapi.amap.com | tcp |
| CN | 39.96.165.11:443 | jzfqsensorsapi.juzifenqi.com | tcp |
| CN | 123.60.31.166:19000 | easytomessage.com | udp |
| CN | 139.159.137.254:19000 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| CN | 123.196.118.23:19000 | udp | |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 103.229.215.60:19000 | udp | |
| CN | 39.96.165.11:443 | jzfqsensorsapi.juzifenqi.com | tcp |
| CN | 117.121.49.100:19000 | udp | |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 1.94.137.47:7009 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7008 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7000 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7006 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7007 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7003 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7004 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7005 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7002 | im64.jpush.cn | tcp |
| CN | 39.96.165.11:443 | jzfqsensorsapi.juzifenqi.com | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | s.jpush.cn | udp |
| CN | 120.46.84.108:19000 | s.jpush.cn | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | sis.jpush.io | udp |
| CN | 110.41.53.90:19000 | sis.jpush.io | udp |
| CN | 123.60.89.60:19000 | sis.jpush.io | udp |
| US | 1.1.1.1:53 | s.appjiagu.com | udp |
| US | 104.192.110.60:80 | s.appjiagu.com | tcp |
| CN | 123.196.118.23:19000 | udp | |
| CN | 103.229.215.60:19000 | udp | |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
Files
/data/user/0/com.juzifenqi.app/.jiagu/libjiagu.so
| MD5 | f0f9ef36b67807a253b5932f865eae7b |
| SHA1 | 6a8d66c6efa2750b54cb763f4ad044bba4154e0d |
| SHA256 | 646dcd8290a30e992553186392239da39ce7c8e7c2fd87b3d6a880551782db75 |
| SHA512 | e7ea65467e557e4992e746d808cae3e2d16b42187b1a94326c47c689cef9fe21a2a9d2b312c60c8ff40e128dacbde84cd6b93a191ae38496584a45fe60c04548 |
/data/user/0/com.juzifenqi.app/.jiagu/classes.dex
| MD5 | 47264f01a77bc5e0b9aa9da9006e4fac |
| SHA1 | e73b2a125db32d2e99f0fc2fc61fe0f7c1e1319c |
| SHA256 | 61e973f3880f11f5e2cc40ef9fa02a65aa43c3dc654eec190a8f50f153972dc9 |
| SHA512 | 7d36113292d19fcd03cd790bbe02c2372fc49d8bfb8ff19b331af49dc7db98bf6bf14579e3c0ed5d35461f2bc6159fd4c92610f17adf5749ff704c7a074ce027 |
/data/user/0/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex
| MD5 | 7e9467b5478e0b443fa19631afd9e63d |
| SHA1 | 13e7c01aa9cfbf2c1996ecc86c7f36b0e03e451a |
| SHA256 | 11a6c567453575ccfa2c66744710fff50996779c349c45903d6bd3006237be57 |
| SHA512 | e3e70a29735f720ec095eb1f416609494414cde83a82476e2e7b45caeac5e05dcad0df6c060ddb0d2057b6d4108686bcbc05e645889b23ec2aa2b3a15fd5f86e |
/data/user/0/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex
| MD5 | 6e980eeef009cb1a890a5f895cd82214 |
| SHA1 | 147d7216d7a00c066856db4a3ba129f61a0e062e |
| SHA256 | cb5f7b1254c294bb752d912231cdd6db00ce62c56656354db8bd052f432e10bc |
| SHA512 | 5dbc6206dcedba15464a3650f9230e57530730e58c1625cd2a5623e913b699644067888f021f298ca9230fc731ee870c261927b709339717a1c4064bc1b054c7 |
/data/data/com.juzifenqi.app/files/.jglogs/.jg.ri
| MD5 | eb8bfd9cfda1a6ce811ef7857d5a8545 |
| SHA1 | bde8af01276ee1f9fb2cd60cdaf68746db99d395 |
| SHA256 | 849c1ad097d8acb2ddc1693179cd9fadc6b2bbf84dc647fce5c6ea66e51c6837 |
| SHA512 | 3dd16dc1995183294a524b92fd6bb9573559395a1f9b27d6f5d7370d850cf7f59bed3329890d0b13d403bded016536609e04bc4410cc7618759d589a7cfb916d |
/data/data/com.juzifenqi.app/files/.jglogs/.jg.ri
| MD5 | 947ffd6bd58a08248740267ad243b6d6 |
| SHA1 | f178ff257a773d44beadee0f90648601e5ade10c |
| SHA256 | 9f773df1eaacdb2e15d098f3d2a0d434e2dd313d86953116b79910f79ee9f3d9 |
| SHA512 | 0e37dc1970a2af5b166309304f4fafec20c5742cca47a98c88de6f9f64a196426618ac5adc9e2404bd90d02fd9458ae099ace21f9db1cbc4f778c54720e161a8 |
/data/data/com.juzifenqi.app/files/.jiagu.lock
| MD5 | c5f7ad1150a60f1c33af74c53e660553 |
| SHA1 | ae79a9d5f6a380c8ed314e99f8bb918c102965e3 |
| SHA256 | 7d5ebf5f4e4f2d2d531245034f80b8eeeab69455b2f6e0223df4147d3a82adfe |
| SHA512 | 1b82f1550eb4b96318d2e6e831d7d57e409dbd25c684e3c18e5fbb736b62bccc6a3a93e0cbf65a16bee951558563c652abfc3ec348225e520ad0cc120bfd46e0 |
/data/data/com.juzifenqi.app/files/.jglogs/.jg.rd
| MD5 | e081ec359c87748046674b1acc8797bb |
| SHA1 | e8141e12cdf9675352a3db0fd89939f88b76cd75 |
| SHA256 | 98434026ad9a33c96e67f239c245b5e8208158a68127a60e0b49a8b5e183e018 |
| SHA512 | 84afb96e4f18ae4cd5b5af059d9de5e4bc14268d0266b49e027524926819ea0d75f2a67faa4f8c79a6de6a0641f31c2b5d0d7e31ee2981d5bb20b6546ca3608c |
/data/data/com.juzifenqi.app/files/.jglogs/.jg.store.report_pid
| MD5 | 10b11328c55e482186b186e57235bf2d |
| SHA1 | 64b58f65bf3a63ef8457a72a420e9c710f191eb0 |
| SHA256 | 0f250bbbd86b40a810fbcd9fabf17e795428e3dab6890f8be3167cc6cf4760e8 |
| SHA512 | dfc22a06486bb6d7102ec33dd2820450b1838c39bf5bc678b3581d8b72738143460179912a7732e8c2596337011df633c7497bf1679c35e33e5caf845eea68a2 |
/data/data/com.juzifenqi.app/files/.jglogs/.jg.ac
| MD5 | 379f9d33e47f8f55509f12e677d5d444 |
| SHA1 | 94dd4527d6af8e0167ea91c4c4637f66dab7d6b1 |
| SHA256 | 68d675ed725ec09a47a255f38d4f860791919d5390dedddaf61fb01f22df0534 |
| SHA512 | c33480fa6dc4fd41ed85d7a5a48320b87174a6ef6d20f52a0474fe83330fe24725ac70e32d822d7e1a05e3fb0f876a38a8bb7c5a07a60949f2e086042ca507e0 |
/data/data/com.juzifenqi.app/files/.jglogs/.jg.ic
| MD5 | 91735eb606ee945fd43ab1a3a8a19c56 |
| SHA1 | e1e97c75ae52a782a876872973f039c201be3a49 |
| SHA256 | 1a9d1584b68baba77b0a79831757a3b129fdb7ce77917db493275dbe3cf94d09 |
| SHA512 | d606cd3d2d6362b6308286954017055a0b8f32e6a5dba7464226ee6df93b641dcf5e69bfa9e3be40f606f26567e222cb7d60a2a9b9c6466e3a640f3e7105ec3a |
/data/user/0/com.juzifenqi.app/files/.td-3
| MD5 | 3d79f3ce744bcbef681fb67d9ef2d335 |
| SHA1 | 0260cfe50c1cf7f06a2efaec1dd98e8e7d59d445 |
| SHA256 | 6e050bd707978968be85fe8ad5638a013083eda2977f26631d779b97fcbf1626 |
| SHA512 | b16daefd16fc733116e622786fab827290c8ce116cd207adfd2bdf1ed497abbcf1ad1f996038a714ba735130e0a699bd654c7501a1ba19c85fc5c96d8c6f0ef1 |
/storage/emulated/0/.td-3
| MD5 | ddaf39e8c0a4cd23a379b0c3b3ed77d0 |
| SHA1 | b021e89ee09af345dd647c9ae36935a0acd440e7 |
| SHA256 | 42731719e55e26bcc550994ecebb0e1c647003bd0d260e42e0db2c0c6b358a37 |
| SHA512 | 7c2fae1febff09a6ac70fcf9e8450b172d104443d85c71c45317cbcae365c55ba568751288e3d5fcf8d5bb99231d1149fa3d912f46dea9b811fc5f6c3044e8c2 |
/storage/emulated/0/Podcasts/.td-3
| MD5 | 3bd7e396b6cda248f2841d5d0aab38c0 |
| SHA1 | aaf0f6914f0a998084509ff85cbb4d593819fe0e |
| SHA256 | 8f8d9b3c1c220fa968de1b2e9607bebd047492efda33ee37e3c71c8e6313608d |
| SHA512 | 5ceca05e033dfc7ee0f164ecf951be691f1715da6aceb05b9f6011eb2f93bce07d12ad453084369275a8d4c8d8318ed63ae6c4071a302904e4cc24ff972663b6 |
/storage/emulated/0/JuZiFenQi/.td-3
| MD5 | 150301a943a20bac013a6c1cdb7c6d58 |
| SHA1 | bff908c3018de2a27aaaea87af97c6d79ae5d91f |
| SHA256 | a52b1bc58a63facd822f9373f43d40f915f63275837bbd98672b53029d183dc0 |
| SHA512 | 4cb5c265d5e15158e8c5abd0aac976b38917cafcd73424726d4dc04877cd37c5f1850004d17aab17dd072e2c28c2cec5a221cdc1772c45845ed768e755dfa384 |
/storage/emulated/0/Audiobooks/.td-3
| MD5 | ed5b740cd37685b9eff68c69fc577a91 |
| SHA1 | 1625fe5ff52690967e143e2f2359b6f342a4466a |
| SHA256 | 21b88b712cd20ae7e587b9277e192acca26a92d09352d38a18eea6856838cf8b |
| SHA512 | 820496b2dd288384d0337bd61f9bece8a7f6617f090d92108424d39f08f4927c790948c7737baac9bf2ff6a25437fed20bd899582aaadedd24f71bca87836e70 |
/storage/emulated/0/Pictures/.td-3
| MD5 | fe7efd3df0864077ae64867cb238f96b |
| SHA1 | 5503f29cf70d925dd0a42ec3994f55e6564cb023 |
| SHA256 | 804d4cf5990f6e4a4283301b69191fdb7254c1a2c54aa54f60406f0f6b6b778f |
| SHA512 | 7beecd9bec8cc8315cda86471d522e941f9dca309ad014c9b9b2a1e19a9183af085f305134d51442edbe808a657c02481d271bb394f13b9499c5ccf2d3b1a920 |
/storage/emulated/0/Android/.td-3
| MD5 | ff5a4ae34bbf19145b1103aabb0b643b |
| SHA1 | 282ca960e5ce7ac66cf98bd8c9ea23354785423b |
| SHA256 | ba34b8606f87be45f6edea56a696ada15bd04c43677612b3ea3149a6e819d9ee |
| SHA512 | c8035d6c683448bb7db1d2d79a35aca9e09511c74a1a3817d4d9ce7804ce6765d225e1a56695acc4363bb76db350066f936c8c6547b67690b0a6301a7949bc6d |
/storage/emulated/0/Alarms/.td-3
| MD5 | 1c8872cc763afb2f791a9347e8dc895b |
| SHA1 | 92d9e156ea2640bdaf7e883cb8e4e11264e381ab |
| SHA256 | 72d1e0672f5346f5904aaa5cb09085dc2b71bc594034760bce25fe973fccb80e |
| SHA512 | 58327074c8b6442221caf181c2f979714d98240c4a8e43ea41b10eb11f67d3941731ad0ac0a6edfe49f2fab2081f4e8cfbb22ffc2652648ecc594054c15d8e00 |
/storage/emulated/0/Download/.td-3
| MD5 | 1b4c088251341968aa6347a78689acbb |
| SHA1 | 2d7077c8ed32dc9b38b0903df76a012f67f242fd |
| SHA256 | 11a836156bd92b78f91b05cccbaca9ba5db27d43d5f45566623c92b3dbc7a833 |
| SHA512 | 26d9291cdc93c951e106bc436ec246587f2e2ef2f70c48831d67d519b43c41bcafde4bffc0d9c09e002bc4822f4234a2fc805e6e1f5b33d461de1524f9a428a6 |
/data/user/0/com.juzifenqi.app/databases/logdb.db-journal
| MD5 | a42494fc6c8803f892e5e4d8e7baccbe |
| SHA1 | e5da5d4d0ca2161a1f1002b6e02f9790588b764a |
| SHA256 | 61c4ed61b8fb54fb350cb8dd87503bbba8140e57b33781b405efb4da28196637 |
| SHA512 | f092acb6a3631246fe6ad1a35a315a8f0b0c30e64293a8ae0fff298fafeffaee1a8c9b51543e4c2c32940aa852fe42fcc72fe1cef0e92852d62f637922a85f47 |
/data/user/0/com.juzifenqi.app/databases/bugly_db_-journal
| MD5 | 96f06a902f3188dfa17ed3c143718044 |
| SHA1 | 3cd68acf336200fa0706dd08256bd96f59b70cec |
| SHA256 | b5cd16224705b2f8dafca2dc3ba9b7c9c50a161a171368987c64e464532d05ae |
| SHA512 | 0c3a5591457c3fe539d39dcc62aa3325831d84d24e52b5815fc9b3c46c8c4f7a2bfc9a8328da00569696806424050b6b6ea615f341ee6b65c16cd0741882791b |
/data/user/0/com.juzifenqi.app/databases/logdb.db
| MD5 | 272c9eb9a3670016ffca8a43eb13d5a4 |
| SHA1 | 1d57145f98669c9b75668ed59121ec8acd00b2cc |
| SHA256 | 968726991631a641ac8a30d826c1b72dea959c35b70dde589fe058fa9ff8363f |
| SHA512 | 4dae5fb941c19f5532aaf05ad98ac95d811c8373245a1f372caddd11db5b5ff8e4d4982c282792757cd24e513bc7cd6a451ab937c82514fc83f6a7af58179a36 |
/data/user/0/com.juzifenqi.app/databases/logdb.db-journal
| MD5 | fe76c9309e2105923628f3fe5452f1e4 |
| SHA1 | a4e83bc96c23de96c8028be2947fff6ea4bb7188 |
| SHA256 | f8e8d1f5cfa5f323b00b30849acacb1cf11fd03ebe09778a68060443d5c9b78a |
| SHA512 | cd2557578827f4a8e30fdbe17d5b96f9549f49197c345fc511761b60b1d00828cd8214926813601353583b7d0e3e346e5dfd1b7bbe39f6df1a31234f24716c89 |
/data/user/0/com.juzifenqi.app/databases/bugly_db_
| MD5 | b77649ff06cc036e9de4bb0d4752915f |
| SHA1 | 74c00f2da61b2a56996b46088e920e402f36e78a |
| SHA256 | 9cbf6d6b53b607a288d3c1ca62f443af5e63930b02df2d0bef366fe48a61ebba |
| SHA512 | 34f84c3c6aab07331d7f511775cd175f28cd32d2d40f8cf4205b854877c13e0d523abac3715ab6541bfbfe0bcf04191046bb7b4daa69d4eb066f42f06090964d |
/data/user/0/com.juzifenqi.app/databases/logdb.db-journal
| MD5 | a5c1b0b8168512c07e711e6e91212fc3 |
| SHA1 | def062dc9022d41b6e6fc0c1d6f367393074c346 |
| SHA256 | 44b0721974eeb357df9fbe584e05e6f5a11f53bf8efbbe249e82eae9791abc63 |
| SHA512 | e744dfb75472892ba552c927620087ed018107feb0d8b23eb0253155450777810d66f0ef13c67e36ed6d1d2fd1c97f0127efc01b60e40315e2f0807a01c1f0df |
/data/user/0/com.juzifenqi.app/databases/hmdb-journal
| MD5 | 32b0f1be6038bb0b18531f01fb153a11 |
| SHA1 | 787e410bedcb68e3d93b5d037949d8570b1e6974 |
| SHA256 | 5a867b85232f580cf99d61fe963a5afded31c53aabfa438a620aeb3f176bdc6d |
| SHA512 | 0bb3e9685ee13661561f75dc1427bffc1e0e21bf4cd9073a6dfdb26b2956d982b7ab228e7ea5264b082d672845ed7565858990c02eab6ef172c5c1a9de9ce9fb |
/data/user/0/com.juzifenqi.app/databases/hmdb
| MD5 | 171aedf968e17a2744d2585715606cb9 |
| SHA1 | bbeddeb3b89fcf809619c35b4a318a80e7d5b029 |
| SHA256 | d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e |
| SHA512 | 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b |
/data/user/0/com.juzifenqi.app/databases/hmdb-journal
| MD5 | d813f45dc49e99478a2ee2a15d14b9ee |
| SHA1 | a9a5201817baaf0a83bbddd4e73b94ac6aa1b59a |
| SHA256 | 71933d6fac96d49950a05c8ed2ca718e7ed73253ac5ca5454da15b1288653f3c |
| SHA512 | b44c5e5f04b4b69fe90b08f26e666c4c8a1f367daa264e247314cceef433934c1273175aa004004986bb402774b35cdbf5042e96a5dde32100f076bf56d80449 |
/data/user/0/com.juzifenqi.app/databases/sensorsdata-journal
| MD5 | e49f874d07dd8b527dca98e7cf1e585e |
| SHA1 | ad05165600558e271bfa72bf7001ac2a2fb01cbd |
| SHA256 | 81049943be36555b4d65d2baa8739b993889a621a30643393f2c8bfc91173943 |
| SHA512 | 542dd2222f3e9810fa1566e2e574888d2d270fa45c02b8f298da7ccc707d2585507c95e757800411b5c635a684790c456f78199f13d2852526c987776f7ecfd1 |
/data/user/0/com.juzifenqi.app/databases/sensorsdata
| MD5 | c849ee5946eef9bfa7d82b2eaecbaae8 |
| SHA1 | 3ac1fbb0f40bd931b0b6cc1d13cbe9ff8dbbac12 |
| SHA256 | 4b154a8679f95947b0092e34ae0556d4decf41bc2d856addd755acfd0432203e |
| SHA512 | f9368b69cef238a2368b0b63969c7024a8bb320f40f381f5d2f9ef44d99e8dc903bbcb5ade7d043f7f8c67f6e20c63d19406f7f44a86d178294d5fe49f3ec963 |
/data/user/0/com.juzifenqi.app/databases/sensorsdata-journal
| MD5 | 13d609bd5505135b2dd05ae77b2e4f56 |
| SHA1 | af6a2cba01cb21842125a8a00eec5ec1ac9eb225 |
| SHA256 | efa4a6d6a0e871a6841642a98adac54f887e2feaba25f132f0005843d354d454 |
| SHA512 | 22cd213ca06bdf8ee9519750b3653bd059a3d3ca8e0d0002a779595499a486c48ee33a6707095f6e12b4a2cc51dcdec85538e858ac337470e915eac1e9b70a71 |
/data/user/0/com.juzifenqi.app/databases/logdb.db-journal
| MD5 | 0398b3e312039996383eec00d5fa9f7d |
| SHA1 | 183313d11fefa501b8de8ff3abd0a229013a8414 |
| SHA256 | e1e35755d994800e74485a9372a623d9474a2eb11e54e4c118be3c6bb8c71af5 |
| SHA512 | 710a5f276a3c685d3219201784e4f94c46ce1f9014190a9af9b2f011235bd31e67cc636f7c5137b0539cd6c8d081ccd161753f2cc0f1792caf71f8110ad5e5d4 |
/data/user/0/com.juzifenqi.app/databases/sensorsdata-journal
| MD5 | 18d88a220e4332ba70651ca8e7530a50 |
| SHA1 | ab48506b7133a617c49d438491067e89bd61c24d |
| SHA256 | f8d1dd451410db6cbedb97740c933bc2b096814cb6818956ab7591fe7975dec2 |
| SHA512 | b0a57c0ca4e6fe44e65865ab47a8d47b0baa6e23f86276236fbf5a1860858e1661bed552d6e0baf483496c114de79dfda7b4b4cb823073fec8b14ebc82a56c7d |
/data/user/0/com.juzifenqi.app/databases/logdb.db
| MD5 | 9aee8423125ba5397cb9244bead68f33 |
| SHA1 | faf96cc1db8245c96da123ae2bd76998cbfcaf15 |
| SHA256 | 365216e10a84db0c50ab5d77e49d6e7287652b8be9285cbdbd83bb1a09fdaf3b |
| SHA512 | 9c5f17de101b27ad2592f67436a169b2030efcf2c154b8a82502796b008a0ede1d9496ba2fe6bdce95288ba2189203fc84f93d030a38fd37dab605c279647f38 |
/data/user/0/com.juzifenqi.app/databases/sensorsdata-journal
| MD5 | c8767ebbbbc9a045ea2c511dcebfde78 |
| SHA1 | 98510772bb862c21ae20fbc94cb1040fd128af7e |
| SHA256 | b91290b34f12c48b88a2b448b6501db8964c2ccce5c9f73edc72b1cdf07b7c9d |
| SHA512 | f01cae402f3acfcdb44a1e9936088d50526a4ba1055521a20d759acd7f29be8e7691705569652fbf730a525029f85faadf0e27e6572c6e1cfea94b1517c1eb97 |
/data/user/0/com.juzifenqi.app/databases/sensorsdata-journal
| MD5 | c0be87b6f6ed3ca223af232617774c30 |
| SHA1 | ddb445fb69a3fc8b465c727fc60b0eea17f216f7 |
| SHA256 | 876dfcc2dc63c608675e452914c818f10cd43298cf6fdbd21678eea422187c26 |
| SHA512 | 17f25231c5cda48ad31498f7feec2e53be9cce8c31ca5c9195189b8351301b021015640e19817c0afb266c70aead6a577062863c63b6d2e39bf543816690c2ea |
/data/user/0/com.juzifenqi.app/files/libcuid.so
| MD5 | f1d8016ff27afad5c97f0050cb6e47a9 |
| SHA1 | 09774d2448059ac6ecd887ce7c46713feceeb031 |
| SHA256 | 4ace5e2e266bd748b15e0e43950a2e3070484d4a016c9fcfc95e7d2063ba9d88 |
| SHA512 | 657cb8de2ac7366da87d50a4c791b7e64b86887272af3666df684279affb5455ae80953928530049e17af6dc8864d86c41f9be80f632f84c2fe7815512bcf001 |
/data/user/0/com.juzifenqi.app/databases/bugly_db_-journal
| MD5 | f785aa5524ef829f15f7feef56db5d46 |
| SHA1 | d05ef15d2aa644fa29bdcb662d140691464844cb |
| SHA256 | 7aa9c8ec7d46ab0b5168e04081097122ae1823f9e45517b8df575ba5776423c5 |
| SHA512 | 8eaf562a6adf0851c4808557f60a6affda34d0312f6e254069b4436f37f439eded50691dee9c3c6fcc0509d6e32daa0e7dee053ff679a49f4318f0209a9247de |
/storage/emulated/0/backups/system/.timestamp
| MD5 | 2632a7c4f925483114c0031ace1a4b1b |
| SHA1 | d296b5f725f497c2137e67b84fadbd8b8eb46f94 |
| SHA256 | 12c6c72103b27face3fbff0fc8bf4c6d0593482fbd1549ff40f6a8e59e1db3ec |
| SHA512 | f6a35cbc44f91181285a84692d15a88377c76d3f4a9a3f97f7eab68dedf77aadeda2b2faeec65a6fce5ba6855d1ecbb3669fae7bc45c627c9cc01edc3a07af33 |
/data/user/0/com.juzifenqi.app/databases/sensorsdata-journal
| MD5 | f2278d9c07f9025dcf2db454d82f7e24 |
| SHA1 | d496b12acece2272b8b209ac7e89d70ff1036fff |
| SHA256 | 665bbc79198684c2209cbe848bcfa64cb749799efa9fd23997370b5a096fd190 |
| SHA512 | 3274bca12f3feaef001e95759ec239b0576003916e58ed7d5bda1d353a06120dcc02bed71a9b5a57d16e849700671a50cc6d54e963e1d3d99ae15b40ca5323a9 |
/data/user/0/com.juzifenqi.app/files/a/k.store
| MD5 | 7ab674da0f9818e9144f8b2c8169ead1 |
| SHA1 | 318a4b8137ad932b0e1e61c540c4b4a4a536837a |
| SHA256 | 8f341157c090835d6bf14a770bb188eb3e05cfc4ed1bb13ba90d2bbbe8d331dc |
| SHA512 | 0d06a65cdffcd5ad23bbc1a542fa3aec1b8fa94f864a3e510c03e262268b56271b46a06b679d0eeae7bc4a7b783132e81641d64e3b683138b02537cb6dd07e32 |
/data/user/0/com.juzifenqi.app/files/jpush_stat_history/active_user/nowrap/6ef4c394-361e-4462-88ed-5a3da73f5197
| MD5 | 0acc884766269639fbaab0696c7ed7c4 |
| SHA1 | a55f5fac56857522648303143d2576ade770944f |
| SHA256 | be68707185dfee57087f961c6ffeff2a3e601ac28d1c6395c61f7ac0334fd06e |
| SHA512 | 18d5cd4759ded8347f867f85db3e7f15351b97a432780f221799be74223d9cefd90703d49a7dbd426c0735d3509a52b059d643cbc5e1e63289a790f863aafe46 |
/storage/emulated/0/backups/system/.confd-journal
| MD5 | 8c72361a87d9c416f4f345855b7f55dd |
| SHA1 | 29d96fac87cbc93827f04944c486e9cedc7d8a77 |
| SHA256 | d0e17a137b2925b83849310076cce86449c68f08e7cc34116742b62436a3d0e3 |
| SHA512 | d3205d61313b5f5230895f73e263a131d8a38a1397f6a476983b5dc9b54840c6679f4ae98955ea643ed161fbd0988eac3ab3149ba1ee07f88dc2a1c949066691 |
/storage/emulated/0/backups/system/.confd
| MD5 | 49f65de14426c5c4daee2bd0c8aa7593 |
| SHA1 | 46cbe7556cb76b09cd918be87674194ddd51fe5a |
| SHA256 | b127fa6ec8ed48b6fe9441d9465ae375be6fa9e00b2ee2770a0c24ab3978ca6f |
| SHA512 | 5b97010570b100e3b6e845ee4c52aa6541805ad5cdf669ea3e71b8efc94c0e30f328e0ed9cfbe40fa25a44f420d884809315f7685cf82d98bae566020d2147db |
/storage/emulated/0/backups/system/.timestamp
| MD5 | 91546ee136abc8c4bd865bcf17191d26 |
| SHA1 | 6d6ced8db24e832d84011d0e0aa53d1c50a14bb8 |
| SHA256 | 093ba29d888c2e940d8abaa2953db027e9e2a98bcece5d774111cf4d6e792ce6 |
| SHA512 | 4eff4db81beb1b3a5920364428a9373405cb43544159eb16325207363d13b87a845bd07ac215b0b6001a9124f3b798e665619ebfe603ad6053d18edf58a2597f |
/data/user/0/com.juzifenqi.app/files/jpush_stat_cache.json
| MD5 | 8a2b41e3bc19fec2dc6bfae80a20abc8 |
| SHA1 | b2cc5e20d28deb0458aa9c9264a17e8fb70b55d6 |
| SHA256 | 46b8904461d8383892856d9d2da4eb0064d768f8175a5eef8847d853c1c42a4e |
| SHA512 | 79317e005d1aa7c3c4f86bb6325c08c670fa6837cb83f14f0f5ecce804f133d6e937ac1f2bbbffdfc0ea99126205eeddb5b68e859550bea6eec89dd6492bf0bd |
/storage/emulated/0/backups/system/.confd-journal
| MD5 | 5a21a92e1141c8b4b5fb49c0af9eaf11 |
| SHA1 | ed69b76f4fb81c456dfd2a35ec82cd04d6e5db50 |
| SHA256 | 0fb7a17b8c832fce9b15a48edc4d719c8e1116c903a0166a6524c58deb637037 |
| SHA512 | 91f1f16adad7acb4ba5a1c8a6e0233c0ae531dfc3b0afa9b1f431aeea2f62c33e640295b9035a10d01ff56df9f9f2443fc5ac37eb674bd3f8bc1843e47b68f71 |
/storage/emulated/0/backups/system/.confd
| MD5 | 1a3ec29d206fd6fb82095ddc53ec4b47 |
| SHA1 | 88c0dd0e8eef313f7a5e05806652e7479f1ec975 |
| SHA256 | c60cb59051fe64e399b329a766dcd647fdb595807920d613b02ca49953c9df82 |
| SHA512 | c8ce3df414fb67321fbb5dff88883d921dddc3313a5df6a47e7c691847356304fe44eb63e57fbe0df6110a957a13915c5c5cb820b3362f97259a89841b565cbd |
/storage/emulated/0/backups/system/.timestamp
| MD5 | 21916b76fa9bf22ccf67da098de6d3cc |
| SHA1 | 455e596a5c8d0f0c9bda66b989f1177fbb3bdafb |
| SHA256 | f0fd84edb68729a17a88e67f9a6fa4eb7acff858d931115016cfd57bb0aecbf6 |
| SHA512 | 747c8981f38d3c4cf7b97d980e1b99f23e53a5033aea21d66729361eb5ee896f2bddf1105999363cdd8085b0ac84b6e450801001ae48e3589dd1f3f87086369a |
/storage/emulated/0/backups/system/.confd-journal
| MD5 | 1ecd58bffb6eedcb94950a9f917be0fc |
| SHA1 | 85640888c7564e4ecc92ff2576b7f6d43b743b35 |
| SHA256 | 1591fc59f3c9eeaec0b91d40b055b43e904c8f9e051bb1e34257a04f1384a490 |
| SHA512 | 8135fa4040b7727bfc24081060ec818194639d86dbe42be123fc0ed2546fb38d8a5074b5ca20db32a1e7ed737a0868f2b992e33702ebe4eb0657b4cc0b21baa4 |
/storage/emulated/0/backups/system/.confd
| MD5 | 26f1f3f09da84b6a4606aa717c71847b |
| SHA1 | 7668bf2717f8cb0807766056e2c012158caec572 |
| SHA256 | ce51d8dc1aa980236ed3914d6299b12c7591db12d14101754e34cf1e88baeddf |
| SHA512 | 542b63b23d92132468e694bdf04d01ff7c105c7b8765268889563c4dd7bb1bee13044c5e6a2fcac4a33858c252d43548e83afd0a62cb886a6bf65ae116a93b90 |
/storage/emulated/0/backups/system/.timestamp
| MD5 | c0ba7763f2ee72f8f118722b17527896 |
| SHA1 | a6ffa66bb9e2acdac75e23d138f76be050a5ecd9 |
| SHA256 | 0237cbadf814a2568c395891bb7539b862899a5154f5480e8859d813343270b3 |
| SHA512 | f6a9798fa33ff3ac842902b4595786730c64bbb671d72e90443f0c0a369718979e15d1c56dc802c7349bbb0cd6569dc2626f464e9bf06bf9e772190a1e565a9d |
/storage/emulated/0/backups/system/.confd-journal
| MD5 | b3788ed41627b3c8b87863f35563f359 |
| SHA1 | 096e69c53c73375db5155c3e9a65e47e58678863 |
| SHA256 | f3710e00528d7629e37bac40e4cd2ebaa043c627f9dbbfde60a46fa16b96da21 |
| SHA512 | fbb9246d138266cc4fe1da1af2ad888b51eea72c9f826edbe1b3843fe633bb61778c18746a5f64b4e25b60ed9a3af20b3791d0f5f24675b4dad7ae7adea98842 |
/storage/emulated/0/backups/system/.confd
| MD5 | a2940f42358b4559c4015785c2de727d |
| SHA1 | d3583b7f174f8602ac5637cff8b3221720006ca2 |
| SHA256 | a4f44cb9fee8233d57ae94f9fd44365a8a1ba73dfa111c0b1fe74c7c656d44ad |
| SHA512 | b19e76becf2f2e880eb10fab0357a46dc1102df58aceaa5df7f4edf54ddf024eecc7a295e3262bd34a325f524576d38368a456b92f57531414408bd865d6ce4e |
/storage/emulated/0/backups/system/.timestamp
| MD5 | ededca24c912b186f19aa4ab443e94d1 |
| SHA1 | 84883f7561de82e811d649e4f00cc73709703ff5 |
| SHA256 | f94c568e58692f0a71ea8616ee046bc176de7691e8e28b2fc75c4b8e454fda94 |
| SHA512 | 8339b7f5f11e2eee8584ce527ec8860025f62cf0622c4d82cdbf4a63ef7254dcfb5965565c3f213bb7ceb9fa8ffe6485b1749ee1ea85c0b2d7b9df5396e728ac |
/data/user/0/com.juzifenqi.app/files/a/b/4c984fe24161907e5b5b9423ecec3163.0.tmp
| MD5 | a0e3d277b05a0adefe82cfd7388f15bb |
| SHA1 | 3b168e572bc75b4e687fd5b451576b276449a1a6 |
| SHA256 | 09c0281415b6f71daf8f7002bee335585cecd80e8aa3ee96254bc2766129930f |
| SHA512 | 1edbb2977c4654a0b0245aa428d9e4159f21a4aab4b8e9e9fa937bfe5072b7a33d15d5b1bc703c2afc814edcedfb2a92c54ddd8a5f12fd95aee8dc778bc2f764 |
/data/user/0/com.juzifenqi.app/files/a/b/journal
| MD5 | d988e35c44259e3e2eb24cf321183ce3 |
| SHA1 | 25c4b06b45763e5745c019032ce1917f1fe48d47 |
| SHA256 | 151fe4a69a19709f6bec4e14057c2c17bbefe8bfe0154e18ffc20b3945c603c7 |
| SHA512 | 6926c28370221e3ed927c0589e1063275aa22b692504c7121741b29a45dad865b9f26f00a7d9171536454450da86419422622ffb26be6b3a25e98e0c213364a5 |
/data/user/0/com.juzifenqi.app/files/a/b/4c984fe24161907e5b5b9423ecec3163.0.tmp
| MD5 | e492c22b711955f7a154238823c0090b |
| SHA1 | 33f0d63e7473308161616637d5550d0c28af6717 |
| SHA256 | 5b7a06314a4a76de910ea5c128803e0aefb816b24590ebe9eae26685df402d92 |
| SHA512 | 2e2df9085176641aacb60dc4da2a5d1a57aea0f9dae63aa8ac44c46e023a1a1e12bc8c6742f16795b9b56befc6913b485b5281e2721742762a7ad733cf5b5172 |
/data/user/0/com.juzifenqi.app/databases/alsn20170807.db-journal
| MD5 | 82ee962c17ead3eb687f57898b6b5df5 |
| SHA1 | afdb069369e49b490e4725ca8c71546140b0a0ba |
| SHA256 | 63a30e2daf1a8f97275e16785c8553c664bf80683355e5e8124debe9c8ef9102 |
| SHA512 | 43b1adfb740cf2b50d14e86213ce7f3130cecd8deccb43c2530d818904106b42d2f6cddd3db77034dea4d6ab5caa6eae6403e7571ed69217cc1a0a2e7f869425 |
/data/user/0/com.juzifenqi.app/databases/alsn20170807.db-journal
| MD5 | 50e5c3f2dda79a73fe60e9448f36ee0a |
| SHA1 | d69b86e5342cc5e20f83c5d7aa0fb978e66d5c9e |
| SHA256 | 4994190478b7a1f5aff55163e6f7262826f28a50311393c003a55e38688937b4 |
| SHA512 | cb510112ddabf05beeca29eb068b29de0c6a40066944a77ae34acfdda807e7da6be96f09c32e4231e6010a5cc5d47db90c3344c4a331f91df30a68ef453d9bda |
/data/user/0/com.juzifenqi.app/databases/alsn20170807.db-journal
| MD5 | a2eff946b4a7b226afd6210d22a0ee5f |
| SHA1 | b76ff1613f1cc646d440c7b2dfc930746573495a |
| SHA256 | 49c1d1871cda371fbb5723be4cc1b85c876a3d957caf7ac26fa4151158cc624a |
| SHA512 | 66ce55a9fd38ceaaf689bfadac4cf5b4c340ece2d62784a02d0b358ae18c2432e89d8148db221a4e65c195f9eb592808fdf3e8b35cefccb3bc832f7c0de4466b |
/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-journal
| MD5 | f79310b50b6ef4623776ca5f7f64cfdd |
| SHA1 | 282a113cb7b8b3e950ada11b8bdd49b411049cc6 |
| SHA256 | 9f6d254abd4836649e31f18412e6666b235db3b980e2392fda5530ecaaa9a084 |
| SHA512 | 942c6034e0bf3ec0185e8689a0464707b422dcd5452b617decbfc2e075ccf2eb07ee6d337fe6f1ec6f8e9879dd58af03092ec86a95189a117adfbf209256fce9 |
/data/user/0/com.juzifenqi.app/files/a/b/journal
| MD5 | 08fef6331b3916ae24767e973c108c33 |
| SHA1 | 95d0cd86b079a6f5e5e7dc7c878a0b556e641f1c |
| SHA256 | 484dcbf216faae5605aded05bec01c2e19a415772dfa92a1ca81c826fc1e8795 |
| SHA512 | 84fbb94181a39abf0d85d43ae7355a069ec760ca8f738e7b4ce7502b584da716c843daa8adb6818f6bbe4aab681b8aa41dc4a1da564c45fcb28fed2daaac1281 |
/data/user/0/com.juzifenqi.app/files/a/b/5ad6cdbb45b4a14283563bba26a5e0b7.0.tmp
| MD5 | 1b8aa3b29cb4b399d3cdfb03ab38f48e |
| SHA1 | 8a07a4f37b51e34c0497c5a3be684ec0e97f6311 |
| SHA256 | 7b214c7a65c3a474c909285c0ef0203e2b77fc2c382a3e16a31503165993d7c4 |
| SHA512 | 99267cd0274f94f763483dfcc978b156fcece43ecf5c14704999c1d3f5937bbd7db62f51c2aa2f9ae4553a01f601cd941174141bc25c82535ad1d4711e5d468e |
/data/data/com.juzifenqi.app/files/.jglogs/.jg.ac
| MD5 | 90d37da02de8060d561eba13c3d447be |
| SHA1 | 67363798e5472dce856995e7c2340a46dd4e706e |
| SHA256 | f76863e96bb3f9b5ab4dfcc073e4ee922719bfd10ce0695af6a1f57600174805 |
| SHA512 | 151915d1e182487fa23a3d7745a2aa23841604ed540f07b6ae9819bd8b7989c2044e35ab534b55234b22d4a427b7b99e6a67f2a18167f75304de332d35b8ac88 |