Malware Analysis Report

2024-09-09 13:12

Sample ID 240613-hlp4wayamg
Target a4483633811188d78ae34dfb0fb32bdd_JaffaCakes118
SHA256 5e0e932d61020b26d09258c930f79f5eb82b64e027e95d62b456fcc598c6d994
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

5e0e932d61020b26d09258c930f79f5eb82b64e027e95d62b456fcc598c6d994

Threat Level: Likely malicious

The file a4483633811188d78ae34dfb0fb32bdd_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Requests cell location

Queries the phone number (MSISDN for GSM devices)

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Checks the presence of a debugger

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:49

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:49

Reported

2024-06-13 06:52

Platform

android-x86-arm-20240611.1-en

Max time kernel

11s

Max time network

131s

Command Line

com.gov.cn

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.gov.cn/.jiagu/classes.dex N/A N/A
N/A /data/data/com.gov.cn/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.gov.cn/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.gov.cn/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.gov.cn/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.gov.cn

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --compiler-filter=quicken --dex-file=/data/data/com.gov.cn/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.gov.cn/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 appconfigloader.ptengine.cn udp
CN 139.220.242.47:443 appconfigloader.ptengine.cn tcp
CN 139.220.242.47:443 appconfigloader.ptengine.cn tcp
US 1.1.1.1:53 appcollectservice.ptengine.cn udp
US 1.1.1.1:53 umengacs.m.taobao.com udp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
CN 139.220.242.45:443 appcollectservice.ptengine.cn tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
US 1.1.1.1:53 appen.media.gov.cn udp
US 38.175.44.15:443 appen.media.gov.cn tcp
US 38.175.44.15:80 appen.media.gov.cn tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp

Files

/data/data/com.gov.cn/.jiagu/libjiagu.so

MD5 5aea02f4e4c77fbf2e7a27f7ca9cc06b
SHA1 522db1748608e9173547b29b7aa82ddc3542c534
SHA256 5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2
SHA512 5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

/data/data/com.gov.cn/.jiagu/classes.dex

MD5 5b6d3d61a86fcd04c881101e9fe57630
SHA1 b0120e6ce7bfb52e1978bd2f509f24c4aa9a9a00
SHA256 cbc49d4c4c15a4b8b9720d0b5f68f1a4388b7283ebfa9660122df6713e947a77
SHA512 8bfe533be47cf18fd27932145591ee612a2f05a5a5ff0c021968e1af6545109dde169c016a2fedcf263a6e95d12b2dbdec1399556995f6d9a28ad7ea40da7dad

/data/data/com.gov.cn/.jiagu/classes.dex!classes2.dex

MD5 c08763dcd4be487ecca0a01ea23b4ce3
SHA1 ab586da3f0cc1fd40e59af51affb4d48faf91e1f
SHA256 32614c039cbc8051a151c15ddef06e35ecb7ffa29b25e0ebfc8303dc4bd7ea0e
SHA512 1ed959d67c1191b6f57d18c672a6a4163811d9653dd95a718f24ec833b0827ced710a4aaffc4372f3340be52029c7bf5f37041b291aa332a3a71844d04eb0fa6

/data/data/com.gov.cn/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.gov.cn/files/.jglogs/.jg.ri

MD5 1e941cd150dcf1fd93794d2b1fd23689
SHA1 acc2b7ae9f91c29dbaf826d72b8ac82ff776398c
SHA256 c574a5fb29f236871d676e5c98087e6932ee35f44dbbcd73f60faec71e16f3ae
SHA512 9c00f1bf3a68a496ed8b149e69bf72102d399d36e7e95d98d3663de6901eee74e0d1eddcb0158f2f2717d1988603761caaf8f0d9d6fca83334c7181bd9815f23

/data/data/com.gov.cn/files/.jglogs/.jg.ri

MD5 74bd4d3ead29e338a0d4fddb1c4af778
SHA1 aac39dcbc95ba49092e24a8430754f4388d1d41d
SHA256 8b0c7f57657d54f2c4b610e5ad2674b8e648f29cc223c9c099a61169c80da6ea
SHA512 627fd9fe39d1352c6ad48d5eb11a33380f8089df70d57f231b705b0dc7832da7c9cb2ba7b10866419c1820fe30abf49e59ef3342d75372117d7a4a297db09f8c

/data/data/com.gov.cn/files/.jiagu.lock

MD5 667804c354e80e40c1f7f8116c3c85ac
SHA1 70479f14b674ffeed2c43b53105b254ee631683b
SHA256 55d3b3e45bc5cb916afe8fd3a4f1001ab10bd2c5c3e7524e227f6d341a1d7a4b
SHA512 26aa218e5a3f2ce0e26726f78e97216c31f725e5866a188f5e432b446ded3a9abcea5e7ab0f21fb07f1f2fd2e4e1a658e28f4752cf84ddfc7f5bb4cfe41918e6

/data/data/com.gov.cn/files/.jglogs/.jg.rd

MD5 722d70cd662d6c8728e96e8f59cae339
SHA1 3cd5ba3b824384fdccc1e04750ba1b8219eda494
SHA256 79b992905839a2d2d4146be71f75142d1fb017f4a19323e6e74d75c76d9798d5
SHA512 1bc8d6bd55bc8eb653db228288f41621dcf65d32e46003e944295ef66e33cd21744647c088483a3831ae4998fe12ff064f99fd34f1f48d1b553ad87c44c43075

/data/data/com.gov.cn/files/.jglogs/.jg.store.report_pid

MD5 f1f989f9581b11578ea701d8a4733dc6
SHA1 3ee836f4c1b68cd2115806c9f6b70c2e2708db7a
SHA256 a4e64ed86596b7e6446b6e0a4a81d0c87811dd0b4d3ab7e938bf8cc7c137f9b0
SHA512 2ce12d24e76560558e21f81c38c381ed865a7afd2a5f9090de6f25e06541b9212d1ab7879c89fa94563380d65265685fb06de1cabe1bbe0ab00f6486ec571a85

/data/data/com.gov.cn/databases/MessageStore.db-journal

MD5 1a7360970d524b58dc700d0140be80d2
SHA1 a0031f26007e19de23f3c437c07560bbdd6d8b54
SHA256 517f4e5db930a79e07ae6053bfa2002f4a1f67461db6c02350cbb2fb58b10dfe
SHA512 2c06fbd3809084e3b61739f519e6d2b2f30c6592dded778e01890aae0b7bef6ca1fad36b2c948df77282727a465379dfb517ba6a04d0cbbbc3dac41f6afb1620

/data/data/com.gov.cn/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.gov.cn/databases/MessageStore.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.gov.cn/databases/MessageStore.db-wal

MD5 d76f9dd148b7cb684cb524e34a73ca52
SHA1 5eaccefac02990825e00437c2e16d8c96cc494ef
SHA256 a36ec7415a4405c80b5cb814402f9c3f4a95c24fa78a18741b0d0920919a4fcc
SHA512 d7572ba04e0f049b54bf3df77ccee3605c924094bf743f98186e2cad200060469bd9b8e0a985836e8a99bc82607f2d51f32e987e708876bff9f7bb96db134144

/data/data/com.gov.cn/files/.jglogs/.jg.ac

MD5 d4fc93100b7f2dbdd1f0dace6a45883b
SHA1 a184460fb9a909ac7534fcde74e7ff4617550f3a
SHA256 5d3425bfa9047f2d842c2b64d772661607ac5ec31acdfddcd9b3552c3956eb5a
SHA512 b9f2118ef29db50b070be5e4a7c7ef60ce7b8abd9506c7e581783e6eb929789bee619c2c4b03a7890ebd6154ae617259c60a9bf8104bf76454b36c17b54dc343

/data/data/com.gov.cn/files/.jglogs/.jg.ic

MD5 72c474418ea64ef3c5d903754ce85eea
SHA1 8630610b5e5edfdca52a76ca513836efb81bbad1
SHA256 91a607833338f023c78715e1a5c121d030d82e5d710fb61057b329392a248eb6
SHA512 9f97de08605909590fd317204cfcd0978da007919746a39e5888af0461d219a146da4b51a91ad7934acfc618f93cc6c0296b3657a8565f6d6f38774eb67284bf

/data/data/com.gov.cn/databases/MsgLogStore.db-journal

MD5 a83dc340e68beb917a6a0138ffbc7d41
SHA1 e5f3ba604f1d907a1600bffc68c664922caa0138
SHA256 145adc3b3a41bdd836c71faa7ef2e720ca2365e4420f036b21610bf7ea835b5b
SHA512 eaaa3f9d68fa051831f0d9c5ab287a6c7a58b6299aa67e56459f3107facd6ae353b03897f251d5337e953d7cf036d5c74e899e23ca7fd554e2df2a9965e90784

/data/data/com.gov.cn/databases/MsgLogStore.db-wal

MD5 3dd576f17d57fc3e767ac0e20a1b8fc4
SHA1 1d5a24a1837a98c0c89720df18e1040fce0bcebe
SHA256 de564b32ff1b0cb774b5b9396fdb24a21a1aba217fda550235c43556d8903757
SHA512 aacaa499555990e481aa6bdfae6c057666e3900aed3308c435b9350ae9ef2be9cbb2fc410d9c1761f65d2f674fddfba79c2c3d560c9e2d472ad9cfdc9b001da9

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 c611622bf01e0bdd60cc753429c76776
SHA1 e527b006e399eb694237bb3414017804d4de3a0f
SHA256 51bb8199bfe60d25a77b2415858e5591c76e4df6fa6d0ba24eaa365ec39ef3b3
SHA512 eaf245700f8c76c5f64d9d841b103fff751f635f8a53a5987a7ac7690082a29ed4a2662dbb63d07e4dca654114041db62fb20d028b405978f1b6438d503893bc

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 d4a71970338415bed04d676253ca421d
SHA1 22ebeed73d72c768f3b6c322076e002245a95761
SHA256 e9c7b731ff1795b94760597de3e9a06eb48fb863677ab67a8c450efa2fa629d2
SHA512 b67d7f3ca8fb279fcc2c70ee2d263cd9da1f69521bd7cb9ef1f1fa8c0744a7f66a26cacb2ead0caf3602d1b82af9b94235232738f1e58d1ca9a4ab3e95e60eb8

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 a2d7b786adf8675ca02ca15f8b0739b9
SHA1 11b6f962bbc716dfc899426cf5d42c50f3c18170
SHA256 a5db87ef43a15bd193a35efed7c93467f46293c9a561a6a1d7c9d4dcff281bfc
SHA512 ae2dec0dab03c1900ec76e8eedc56627552909ec635a1d75eea7569fe54e2e1b4a096d3e60bf8484f98616865591674c561f3d5720ecac91d26866be4c156e5e

/data/data/com.gov.cn/databases/accs.db-journal

MD5 67256dfa20d755b22e649f138a06411b
SHA1 b1199bcdf5b5c5d5afdb88e7041ce43da88387c3
SHA256 93f3a94da2e710c02374206f46c63051af6161a825132309afc1fc01f99e5be1
SHA512 94b77651a150b76d7363e9fbec821b35889da49686d36e7be7003f73aff9fd2d8905e074d655183f41aaae626029cfaccdfba02f02ffe0e6ef919cbc513be6d9

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 775afa6f9cb0d5fef4b59367cff94c24
SHA1 4f9dd024cb632d039f850a3977ddfa54465f0f29
SHA256 dc89819e0183b0f82bd457cbd9e67b55ddd654e4779f940a9a5264206f422b71
SHA512 7aa23f88773bb68391d6a1d62fa3e5681365021c05cd98d689eecee5fb0c2def06f570b3d9a1fd638ee51de45f0010e79eef8d4e1f02275079b49e19c0a1170a

/data/data/com.gov.cn/databases/ptengine.db-journal

MD5 f9caa924c03631416bc0141be1e61a9a
SHA1 2d7b30172d7646fe48092056a24159b117b7a730
SHA256 6b0453d3131c4d978964b952269a8480a84c23ac35b0c0a1bd79469df356f9a1
SHA512 f825bdf7141a7e45860046db3e0a89b7fde441f85b08503cc2cf78b443432328b89ab6ac3ee9e22d35fa1a2ef40a0ac39a0cac902f25dee70d33a913124920be

/data/data/com.gov.cn/databases/accs.db-wal

MD5 84434c0120af5f0b1e06173ee42b7368
SHA1 a0cf1ef9c9997d7d36038f7509a730dd87b80a9a
SHA256 28c60815710f052b4636f3009e7d433ef30651a564e3fd495dfb3910c77c0b53
SHA512 7995ddebdae5f48c493862a23bd4d0d9b80e90fc281d36bd7bb82d428d617bb3f0e7f6e2bccaeeaabc4d51a9faf6fd14e37fd771f9858c7b8a3b6bc56be18c59

/data/data/com.gov.cn/databases/ptengine.db-wal

MD5 572965277215193b6bbd096663906336
SHA1 8574813d2ece2eea4f70caf2f122cce53a383304
SHA256 c37dd4a0c0154c7af0c3c4a3227ebdacf2111b13cc57fa3e89bad6f955bf792a
SHA512 7630f52e1cfb458489a27d902e6f014aa7f348ef6d31c4047394b5c73e06bffdf1fa43b16506df52faf36a6fa36dedb286bbf3425b0fcb2d8b5e2cda785528e3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:49

Reported

2024-06-13 06:53

Platform

android-x64-arm64-20240611.1-en

Max time kernel

13s

Max time network

133s

Command Line

com.gov.cn

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.gov.cn/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.gov.cn/.jiagu/classes.dex!classes2.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.gov.cn

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 appconfigloader.ptengine.cn udp
CN 139.220.242.47:443 appconfigloader.ptengine.cn tcp
CN 139.220.242.47:443 appconfigloader.ptengine.cn tcp
US 1.1.1.1:53 umengacs.m.taobao.com udp
US 1.1.1.1:53 appcollectservice.ptengine.cn udp
CN 123.183.232.17:443 umengacs.m.taobao.com tcp
CN 139.220.242.47:443 appcollectservice.ptengine.cn tcp
US 1.1.1.1:53 appen.media.gov.cn udp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.68:443 plbslog.umeng.com tcp
GB 216.58.212.234:443 tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp

Files

/data/user/0/com.gov.cn/.jiagu/libjiagu.so

MD5 5aea02f4e4c77fbf2e7a27f7ca9cc06b
SHA1 522db1748608e9173547b29b7aa82ddc3542c534
SHA256 5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2
SHA512 5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

/data/user/0/com.gov.cn/.jiagu/classes.dex

MD5 5b6d3d61a86fcd04c881101e9fe57630
SHA1 b0120e6ce7bfb52e1978bd2f509f24c4aa9a9a00
SHA256 cbc49d4c4c15a4b8b9720d0b5f68f1a4388b7283ebfa9660122df6713e947a77
SHA512 8bfe533be47cf18fd27932145591ee612a2f05a5a5ff0c021968e1af6545109dde169c016a2fedcf263a6e95d12b2dbdec1399556995f6d9a28ad7ea40da7dad

/data/user/0/com.gov.cn/.jiagu/classes.dex!classes2.dex

MD5 c08763dcd4be487ecca0a01ea23b4ce3
SHA1 ab586da3f0cc1fd40e59af51affb4d48faf91e1f
SHA256 32614c039cbc8051a151c15ddef06e35ecb7ffa29b25e0ebfc8303dc4bd7ea0e
SHA512 1ed959d67c1191b6f57d18c672a6a4163811d9653dd95a718f24ec833b0827ced710a4aaffc4372f3340be52029c7bf5f37041b291aa332a3a71844d04eb0fa6

/data/data/com.gov.cn/files/.jglogs/.jg.ri

MD5 1e941cd150dcf1fd93794d2b1fd23689
SHA1 acc2b7ae9f91c29dbaf826d72b8ac82ff776398c
SHA256 c574a5fb29f236871d676e5c98087e6932ee35f44dbbcd73f60faec71e16f3ae
SHA512 9c00f1bf3a68a496ed8b149e69bf72102d399d36e7e95d98d3663de6901eee74e0d1eddcb0158f2f2717d1988603761caaf8f0d9d6fca83334c7181bd9815f23

/data/data/com.gov.cn/files/.jglogs/.jg.ri

MD5 8c270d20b57947ddf94fd7c928c55deb
SHA1 6ebbbc84ed30c36021b007fd2735aa2c79552420
SHA256 7ce27a9f5a4977a158003dc1662ec474fb7cb9b32d533cac11459e6690193a78
SHA512 056668e7cc350b7a0a81c2bd7dd58978e3b34129a0f7522a5a3d3d6943756237d90c679be2615c43c36b80b5d57236f40c2d0b79c7204870012fe4e8f56bab33

/data/data/com.gov.cn/files/.jiagu.lock

MD5 3512d0c3c05fe93012709a97d7e79900
SHA1 bda8cb0386854ca2739fd378eeb17f2b20a82eaf
SHA256 b61f11609d82e2dbc47eea70b35c3b88abd03637bd5cec96830fe3f07c2ea6e8
SHA512 a5fb404148507d3d5b6498dc38a161925eedabbc66fc149080c51f36cec75cdb78a69d9182575406b7135fd2e77008d76304e4b5dd6e355f2d00401529310f00

/data/data/com.gov.cn/files/.jglogs/.jg.rd

MD5 220bcc59d629fd537adfa7cb373d5576
SHA1 f36205d76365ba99495e79b4667922a172068d84
SHA256 794565e9345aba93eafd4729c2f9884da604a58953f43ae07fd41f08ab5a060a
SHA512 25493c2c42e976c2a93b2862f94bfa85613ec08b941de4c762138c016aed5acf14e8ad39d6903e9869ec31319356822244f8c0ad1ee734c357b73ae568198816

/data/data/com.gov.cn/files/.jglogs/.jg.store.report_pid

MD5 f1f989f9581b11578ea701d8a4733dc6
SHA1 3ee836f4c1b68cd2115806c9f6b70c2e2708db7a
SHA256 a4e64ed86596b7e6446b6e0a4a81d0c87811dd0b4d3ab7e938bf8cc7c137f9b0
SHA512 2ce12d24e76560558e21f81c38c381ed865a7afd2a5f9090de6f25e06541b9212d1ab7879c89fa94563380d65265685fb06de1cabe1bbe0ab00f6486ec571a85

/data/user/0/com.gov.cn/databases/MessageStore.db-journal

MD5 a0a0f04a998018b47a9dd8d833871c4d
SHA1 36d693a71cd6b380ed11b7620d22c3626b6963f9
SHA256 f5a06640453974544bf56c767162d1f2e672df056cf7c6fc8973a205b4bd7a53
SHA512 2d37ce77cc72fff981ab920d43fcbd499657c839c745b6bcbc0da8435ebfc4a0a11b8f8ee5c89fc97ef0a54ddba57810045a19b37baeaa4ded036b24b36f358c

/data/user/0/com.gov.cn/databases/MessageStore.db

MD5 9d5baef09185f860059531b0b916164b
SHA1 f276e43447d13f9fe151991f0e1494f42794f067
SHA256 52e3b24ae8695065bc054e57b557d5c12afd5f8b017e4275696eacf7b6ca5a52
SHA512 928c66a7b9fe26dd70bcbd417d81032517a7b5053af4d055301c7bbee50be7ac91454433201434457a3aff24dc146187ff8dc4a82fdf091e88368e9fc82e6a0b

/data/user/0/com.gov.cn/databases/MessageStore.db-journal

MD5 a97efb1f469d2068566438f342ccfcfa
SHA1 d40b3d3f8f264b020b05d71dd6c2bc96bf4875b4
SHA256 cab04758b985c9bb231d5066a7b878080d9144a7f6fd6f3943ffca105a0f8704
SHA512 2e6e9059c8df37b470ec2ea9404dd709997f54a1daafef66bc699ca95170f6c8318567cd97b99751c57bdd2c5325c9b7ea88737717459387efbbfd15026209b5

/data/user/0/com.gov.cn/databases/MessageStore.db-journal

MD5 e3d7fdccfc5bd414f4d3b235e81fd546
SHA1 0e4b53c8810f34410d62a5657c3c7da836353ead
SHA256 5755cd9708815679ef9bf9709cedacb5dfe333be270564bae4ce82e2919c0497
SHA512 30fe09e4800c470d465667f8e4ad8937ef8bc3ee091a72cb8ed5463b6ff8c79c40e4d4d83c7577015647c5c614fa5f3e90183b355c0c4f87e37fb7d6e6c4e8fd

/data/user/0/com.gov.cn/databases/MsgLogStore.db-journal

MD5 4062c871b57ef9721865bb1caf80c23c
SHA1 14492dbc464ca39e1c7f1266b57831878a65bbcc
SHA256 6ccd1e6cafa9ac5fd0a501add05e3f4d067c689b447c214f95d439670c65ea3d
SHA512 bafd23c7d4ef6e0e626c929c4dc32cf919cca7a45fc28ff156f17f4008209e2731d0abbf82b8152749aeef30cc7b1b6e63434e95e3656a671fb36889290764e5

/data/user/0/com.gov.cn/databases/MsgLogStore.db

MD5 a860ba3e3a648f73fc11269ff9ea9c16
SHA1 7167faf1666bdb05633e945dddc3d6af6c35fd0b
SHA256 4087524ad761d0669a39007849311b2b0a32c1a62d0a7ff04d4a77d702bfe27e
SHA512 279991548672e18e99522e1402ab96a3b1887a6ccbfa350cab5c5f5096807beb647b9cef0a5668755798f8032e243aab9ea5f1cfcd934671153d54fce48ef8c0

/data/user/0/com.gov.cn/databases/MsgLogStore.db-journal

MD5 b41c02719e828113e21fc8be6504b6e2
SHA1 adb4c8ec456cc4da8a5a966c036a9bd85a93fd22
SHA256 842c12008b43bb8b397e1a03758d265b57937a16d53160f6061d05a29e4f01ab
SHA512 190163ae0cf06c42138c9716407e3cb61b6a9750fc5c3a8a2960996701d82aa2af9c76a5b84178e339224a259d120c16b6f090b9897ded47a104949ea9eff6de

/data/data/com.gov.cn/files/.jglogs/.jg.ac

MD5 d4fc93100b7f2dbdd1f0dace6a45883b
SHA1 a184460fb9a909ac7534fcde74e7ff4617550f3a
SHA256 5d3425bfa9047f2d842c2b64d772661607ac5ec31acdfddcd9b3552c3956eb5a
SHA512 b9f2118ef29db50b070be5e4a7c7ef60ce7b8abd9506c7e581783e6eb929789bee619c2c4b03a7890ebd6154ae617259c60a9bf8104bf76454b36c17b54dc343

/data/data/com.gov.cn/files/.jglogs/.jg.ic

MD5 72c474418ea64ef3c5d903754ce85eea
SHA1 8630610b5e5edfdca52a76ca513836efb81bbad1
SHA256 91a607833338f023c78715e1a5c121d030d82e5d710fb61057b329392a248eb6
SHA512 9f97de08605909590fd317204cfcd0978da007919746a39e5888af0461d219a146da4b51a91ad7934acfc618f93cc6c0296b3657a8565f6d6f38774eb67284bf

/data/user/0/com.gov.cn/databases/MsgLogStore.db-journal

MD5 2aa72fc443af7131f5d9343a7f242660
SHA1 d965e30a8a7ff0990acf78949fe3e4916d071a8b
SHA256 12d73e887e09050217728a8d08552b52729fe72ecec53a22ceafed51e684c134
SHA512 d01ff800b8d5ba4a03abbc2448714275ada8b976c7552e4cfb4272383312041e9b6aa58d4b8208e9646f7800d267aead6cd8c737874e95a75e5f3b7901d9fd4d

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 ff0226818caa40550bfea855724fd84d
SHA1 05cff95ef71b0f2021a561e80b987ccb5432a9a3
SHA256 ab96f9bc197e8c3442b5e3122f3df3b30ec81b84c5228c846d06c3545362b2ab
SHA512 38e506359d856a9d3b0a9d7d24be6f561eb80cd566687ebf2a40bb5ec25f2213976c30eed175ab21ba8120baa4a09419f732d6c6c71fac4ba54ca7cd32011ce4

/data/user/0/com.gov.cn/databases/MessageStore.db-journal

MD5 d7eb7f35a899b8b63651fc9d6888b545
SHA1 b425f68c890fe5e6e80c57b74ec9f5ce3a612ca6
SHA256 a0ef231e1eb42db12dea86c6c7ea99d4810964f427ff924c85a3a9c78b124ea2
SHA512 342e89414330f21a37d8fa17c245b58ef1551823f7b88b64285d5696c3e3b5c13f59b7456e690e68cb1faff574705e11d310491de5e68e6f2e6615a300d998dd

/data/user/0/com.gov.cn/databases/MessageStore.db-journal

MD5 77816ec28eda1a7b4c5ccdfabdbe56b5
SHA1 a5fafed2e73e5c7e81a675a253cb59f926f9cda9
SHA256 814193d3e9172a2044991a3c915b6299a582d5a57b68adfa0a45cc3eae7679a6
SHA512 09753d6e31d5a43f7243b0727dd79e584252514ca26c418b4d80f28099bc7f60dbc5aa081e5725df1985251d64f84da951cdb542eb8b4b986882f3970500a40e

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 b0d114d7dd1f98ca3e7c9a56ccd945a9
SHA1 a55bf6e6696a5726ffd08c43dde7b4c0697670b2
SHA256 97ea70d1bce7e532cb15e292334c9b44cce0b85ed5e1bb8c26030635bfd21af2
SHA512 b1712290202f27004736e67d1887edb9b2e69a5f65efa39123698b86f931d2fc7458fdf9fe9f78f6ebaa7fdac96e0e941200c1ae3da59abbb4c939a256c9acf4

/data/user/0/com.gov.cn/databases/MessageStore.db-journal

MD5 b01a3ddbee4aa72ee38fbaeabade37c5
SHA1 c076f1b66218adee344c5b66894d71269d95ea00
SHA256 bb67c5aea6925ac8a4a199dc5c3e430cdd07a63db33eefa6c5767b5125e0ef87
SHA512 6f0cc2356d1622abf4dd0a0d8c03cd86ce8d5206b9537d01cc72b0f218b4fb8966c6b9e54054c7e939f2ad302061312d80cac71f3cb18d13738af527a72712d8

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 2f4528531f8607b238c1469c096a4495
SHA1 6c566f8bf19c8794cc48ad2a34dcd62e29334aca
SHA256 ea7935309e7c7e933e9f661a37be0ea61315e4dbbca37fd94caa6b71c27e8ca2
SHA512 55a734af5ba513fcc09f7ee528be3e3880eb43d91ceb4cf5e813dfdee46a608c38bb484a904793009bf9fcb6d7151a94a7d6dba756054d56b7b0a14f99f6485a

/data/user/0/com.gov.cn/databases/accs.db-journal

MD5 eaa3ce118373d22891ae4b19014d350e
SHA1 62b8c5f1766fe1600d0991151528feaee0b03526
SHA256 1f8de40802b6746f597862f502fed21a567a78704ac69fd76a7ded6cbf911fd0
SHA512 8d51ddf2e6f891b4cb7231d0f45a92e7aa614b73d5e87140243c4aba37dc2645d0c221a542462048f765ab74f5c7600a190a315b878e1c27fcf9d47cabdd66ae

/data/user/0/com.gov.cn/databases/accs.db

MD5 064201502ce25754236b3b5c12e24c65
SHA1 e2c89961dcf8306440bc99f7b058ef4680eacf0d
SHA256 b4ef8a71919ac4b6ef9a895a991b527f5c3316fd6204eb815366c9614dc71f00
SHA512 3f5af9d3e7fbca1c0a3f9ad5a8d8d8e1d3b3e3c79cfda89b6baef007aeafb4ec5738626fca1f682b73b0305a94a4e2bf17c0bdd4fc7fbacb80ed02c7affa44a1

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 76a90b704342fb905148bade58c7e644
SHA1 3ebfa9351598704b0fc58dad13c9795b0e344778
SHA256 c5e415781dce1ec5c0f170cc178298269cf05721784f9a94ff42bdf35e4581cb
SHA512 2929958f8c67f7c007a9286059c5b94c3a42539ba82bbe8243bd8363d3959e20203f1dd2e8db3ab32e4b514c1e11034e45ca2c1643b449241193e653427f972a

/data/user/0/com.gov.cn/databases/accs.db-journal

MD5 e7393ff74d55625b63a705375118037b
SHA1 5ba09d894c01e5bc28534cb0e81d34bcc03c4b22
SHA256 6cca0a09dc28a1c3cd207d4bb615f96cc2b3d273173f240d11d5e0e7e150a4c5
SHA512 225261d1ce815e0a8c81a9d0394c5d79dfcc28ec21abc5329261b464216c52091e79dc633dd27af3591473134845e52b299583e9061f5884aa9f5c9d27f5c29d

/data/user/0/com.gov.cn/databases/accs.db-journal

MD5 2eeaa1c053371787e2aabcdd46448b96
SHA1 0008197237b4ad4399d49cb658fd6ee62701e02e
SHA256 02d302b41a70a08fd625cbcafe1f11ee758bae461fdb5d391a548058baa427d8
SHA512 11b367a3a5574ff67a4b9f5f51c90963bc92311b4a7911f7f4218b04c63e1c31fc54eed29b57dcca34e9c4d1453d74ddec24308c1ec68f3709e60655b3fe9a9e

/data/user/0/com.gov.cn/databases/ptengine.db-journal

MD5 30a006f6f0ba8bdd8a4d8fb2c62ba195
SHA1 39a333d4538ab54f8e5961c31de302212191abd6
SHA256 6c2fba137b4c30982f22ac1b54896158c9db0fa7560e4e54d2d74de86e08ab17
SHA512 9f7c0277f06f20fca72a034dc46001547634acdef25fc24ff9ab6682015bb5d82af97d4cb0867ba1e7cb3cce9718da684bae34d647cffaeaddd63f8a66afe6d8

/data/user/0/com.gov.cn/databases/ptengine.db

MD5 f3e6e461bcb82ac45bc306f5a3688986
SHA1 0091ae2e52692768e625ef38aecc4a407ef4183e
SHA256 2411dc72b1127e6fd3a34c2276d02e4579d8b3ae176294503d56fbf0fa2ece8d
SHA512 218de6e301132dfa5eb92a15e6b2350462b8f56c176186a245ca08dc2eb525d95ae6f840f180bd6c9d72be06070267f23ce9e2e88838d9a1473c780bdcbc97a6

/data/user/0/com.gov.cn/databases/ptengine.db-journal

MD5 890de162fad33a8e1c255537f213347b
SHA1 2a075292bc5260844f83a8b59301f641d84623b3
SHA256 29f2b76ba70c47c1d26f68ad80242726383dd996863acc43c70edf12e205e3eb
SHA512 16f9c8e20d0b993ec0e57d89f15abc1bc4d9a99e61dfe85e24faebe63338ec63e84261f377e5100b5e985ad1827b117ff5afaee3434fd9c27a6676e7de000b66

/data/user/0/com.gov.cn/databases/ptengine.db-journal

MD5 155983fe10cbd1787d7a5b00640b2b80
SHA1 bb590f42ee6bd4a8659a5d48864873e2355b28bc
SHA256 f39d1c0dfd9b11c24dbc9e415eddc418b3068ad290715274a8840466bcd9fa4a
SHA512 9dcf67186b5430c8f0bbb314978477591cc65984895334601ed099c7e8d7799aa54e6b8ab119b7c1f40eb034c1653ea1d9d95f8c3cbef014bea7519f89a606bf

/data/user/0/com.gov.cn/databases/ptengine.db-journal

MD5 26781d2d684770705316bab2f45eff5b
SHA1 1407164b4e3dc5e2f6549e132a4c5a80b08d7d31
SHA256 a0178a893c0d8f821854d67d1bb3d0bb31bf079242a4bc1529cd6f59af8c9b94
SHA512 ddd0a37bbb073a4ed0c0e6da2ebd234f5e4075465a9a4ef9ef980705325b6cce562769ff182e3086c74cced57d45704e417eac5c2433afc960e0231d680db576

/data/user/0/com.gov.cn/app_tbs/core_private/download_upload

MD5 96e54e49c06529473c2cffeff651a9d2
SHA1 a90801e4b5b543fe8e3e0cc818758d61a90c9d1c
SHA256 b25e0e66cd63a4597d3108b5674eb8fb023f7dbde26a12a692474548d23bd693
SHA512 2d2095b2e99530ff98f40d7fc405a9c28a6caae149ea2fb82d698ea0db0e5a1622e3fe65aad5552f9cdbdf75537bcc1267636ca385f1ff67c5580e9b507fb2a3

/storage/emulated/0/Android/data/com.gov.cn/files/tbslog/tbslog.txt (deleted)

MD5 ffca4287b069b45d3b6126a150f4af0f
SHA1 36c18a257d1d465ebfc9d7d0c6d5e77fa8fb7798
SHA256 f3f5b6146a0dffc31648362f4e90b40193e2b10383982c497cdcd32640c8dcf6
SHA512 43fc839a060dc4012ae532440bc59aa26474b7a61d116bde82ba598f0bbc14afde5463d7090ed153517c443cf74035ec30f395da93f6dfbb92f5d36bdf464ceb

/data/user/0/com.gov.cn/app_tbs/core_private/download_upload

MD5 72c326b5c3a255a50e41c0b024755365
SHA1 b4fc537ea22121e118aecb79cf256b841540c5b1
SHA256 bcecb2badf5cf9afb136c425be426f43a6a3ba1e9d064f8a4ea62e46a439fbc3
SHA512 31ed9baacb70ddf5560993971e8075cd0892bd29900b3f18873a8377b7d2742354bd548c6e75f5d0b809ad7ef54fb9c37b8a0bed042d059c7ae6ba5ac1a3272a