Analysis Overview
SHA256
0413c864047b203f508b9c99fd0a6321b5f4b2d0faab6e4aa717e15b10826cfb
Threat Level: Likely malicious
The file a48586b7a008e8b3946587b4181219e6_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about running processes on the device
Loads dropped Dex/Jar
Requests cell location
Requests dangerous framework permissions
Queries information about the current Wi-Fi connection
Queries information about active data network
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Reads information about phone network operator.
Queries the unique device ID (IMEI, MEID, IMSI)
Listens for changes in the sensor environment (might be used to detect emulation)
Registers a broadcast receiver at runtime (usually for listening for system events)
Schedules tasks to execute at a specified time
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:57
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:57
Reported
2024-06-13 08:00
Platform
android-x86-arm-20240611.1-en
Max time kernel
176s
Max time network
184s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /data/local/su | N/A | N/A |
| N/A | /data/local/bin/su | N/A | N/A |
| N/A | /data/local/xbin/su | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.example.jiuzheyang.distributestore/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.example.jiuzheyang.distributestore/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.example.jiuzheyang.distributestore/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.example.jiuzheyang.distributestore/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.example.jiuzheyang.distributestore/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.example.jiuzheyang.distributestore/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.example.jiuzheyang.distributestore/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.example.jiuzheyang.distributestore/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.example.jiuzheyang.distributestore/.jiagu/tmp.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | s.appjiagu.com | N/A | N/A |
| N/A | b.appjiagu.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.example.jiuzheyang.distributestore
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.example.jiuzheyang.distributestore/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.example.jiuzheyang.distributestore/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
com.example.jiuzheyang.distributestore:channel
sh -c ps
ps
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 203.107.1.97:443 | tcp | |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | hy.mengbashi.cn | udp |
| US | 1.1.1.1:53 | umengacs.m.taobao.com | udp |
| CN | 110.253.189.144:443 | umengacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | amdcopen.m.taobao.com | udp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.75:443 | plbslog.umeng.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| CN | 203.107.1.100:443 | tcp | |
| CN | 110.253.189.144:443 | umengacs.m.taobao.com | tcp |
| CN | 203.107.1.97:443 | tcp | |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| CN | 123.183.232.80:80 | umengjmacs.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| US | 1.1.1.1:53 | s.appjiagu.com | udp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| US | 104.192.110.60:80 | s.appjiagu.com | tcp |
| US | 1.1.1.1:53 | httpdns-sc.aliyuncs.com | udp |
| CN | 203.107.1.100:443 | httpdns-sc.aliyuncs.com | tcp |
| CN | 203.107.1.100:443 | httpdns-sc.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.78:443 | plbslog.umeng.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 106.11.61.135:80 | tcp | |
| CN | 106.11.61.135:80 | tcp | |
| CN | 203.107.1.97:443 | httpdns-sc.aliyuncs.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.107.1.100:443 | httpdns-sc.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | b.appjiagu.com | udp |
| CN | 180.163.249.208:80 | b.appjiagu.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 106.11.61.137:80 | tcp | |
| CN | 106.11.61.135:80 | tcp | |
| CN | 106.63.25.33:80 | b.appjiagu.com | tcp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| CN | 123.183.232.80:443 | umengjmacs.m.taobao.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| CN | 123.183.232.80:443 | umengjmacs.m.taobao.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 123.183.232.80:443 | umengjmacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | amdcopen.m.taobao.com | udp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
Files
/data/data/com.example.jiuzheyang.distributestore/.jiagu/libjiagu.so
| MD5 | f07656a2f51ecb23edc102003c32b764 |
| SHA1 | 3ef18f74b609313887b9e825c56a54b5a9eef20e |
| SHA256 | f6847402ab69102f8495aac58b9beddde9a71dc52470c5de17e382eec2a6b913 |
| SHA512 | 34b337d2cf98ec3009f80ff299e43984a1c911e5f9eb5942a915915cb7b5b591ffc9f1b79a7989534c2583a703a3f0857e74be68cdd71388f68d5bef354f7238 |
/data/data/com.example.jiuzheyang.distributestore/.jiagu/classes.dex
| MD5 | cffec18c06438594339a6b2cff65cec5 |
| SHA1 | 59b979149f3cbd9f2174125097f51d7603717d14 |
| SHA256 | 5ca075a99678fb7b076c89b67bda059a400c57bd8d7c3f1cf113ac90a8a98dce |
| SHA512 | 7eec2378dcee49948aa72a38eb39dfecb9182cdd7646973a4e19fb9312db0996d7d243be9eabcdc10438aad6c372f287781ac6c644430ec5e135d15687f1a6eb |
/data/data/com.example.jiuzheyang.distributestore/.jiagu/classes.dex!classes2.dex
| MD5 | 358ec2249bb62d0112a4e134169022ea |
| SHA1 | 4edd36cd911f64c1590a6b657e9b03296dca2714 |
| SHA256 | 1ed1e67692877612d42ff6efaec8c65d925fcffc90e92fdb5f0c9396acc6d099 |
| SHA512 | 46f54faa43519a85f27e7b4147f97b0fc11df1a7bbf80f6c79e217670a3ada74b6eca32ed12d5f7cf83befd6c54b075f5b26e06edfadcfddf4646fea51e84eeb |
/data/data/com.example.jiuzheyang.distributestore/.jiagu/tmp.dex
| MD5 | 63da876cc98434ba1ab255ffea88a224 |
| SHA1 | f69b73fcbb056a1777f2aefd73130beca8c9a69e |
| SHA256 | d06a451d87c824d3abe82ec42149be1ff487b10cbf7463bce0cd91041cec8de9 |
| SHA512 | 4e326b19c0b54356e43efad4f23bedb272b86dfbf403a0b74a951551ca5f46ad198b6b096d0189499d765d115cbe649e83493e0f001f1083357324a9ab5a2d29 |
/data/data/com.example.jiuzheyang.distributestore/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.ri
| MD5 | 916e0d3f58dacf22d2b8edab50ee022b |
| SHA1 | 5d4e3278646840f6548f9262cac40b03ca8da11c |
| SHA256 | 05caf8ae90b368219fbfb581b85f8f134bfb35fe258b4dd8179d391e8bd153e4 |
| SHA512 | 3fce0a70bcb51fb9b902dee8bc47a6d1456edc84c65359ea56237ddc4d542368116399430f0d67ec5bafea79de3de7f517a04ae635156706bdbb4c4589ea90e0 |
/data/data/com.example.jiuzheyang.distributestore/files/.jiagu.lock
| MD5 | 602046f3c499856d57fa27306c9198f2 |
| SHA1 | 80c97e5c5a957d87772b6e073124c5db7f80ca94 |
| SHA256 | 381d43d4b027fc36b00742e858102b70da20af3d33ec7d9d48b33b98eb67033f |
| SHA512 | 9b2628e7a19c93499e8634774f1cdb76f22da907d0052e02a64cd8bcfc0bc3f43022d6ba23213a43cdd19aa82b39fa41fd4291bb9f60a6bf1736980038d52cb2 |
/data/data/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.rd
| MD5 | d6d04efd0c7ff35d56d97a1edf7935d3 |
| SHA1 | 0eed5be8436df2cffb54cf76f2684d50f16bb20d |
| SHA256 | d89b75216ad0f038c5df41f179ad8586e94ca02d9fa345fe6382c765452d6e77 |
| SHA512 | dc8d4ca6f894edbec368fee76bcf4bcc02bf90348bf50c65c278a6f78b997f9cbace25e7517eb8ff55d2fa306ffcaf254012956b6279476c8f641f74e26f2055 |
/data/data/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.ac
| MD5 | de93d25fb85e88dd79bd9d9ff9b1c17c |
| SHA1 | c0fd74c3928b645b9c36b2df2ca5f90b7405ae55 |
| SHA256 | 81f9302a60651cc479fa50cd3c66f8cd74ba1c7941205ac50ea437acd671c2ea |
| SHA512 | e1c8dca1cbfa8c5b99a9706cbecd6d9e682a505efdfde7ba55abb6d04402642cff421ebcce422cb11666c782ccdbec317d446f0c21e7105d4a5736b4aae20e51 |
/data/data/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.ic
| MD5 | 7e68c0547de902a3e49ad734379a8ae3 |
| SHA1 | 7ba36bf36a472d875f941bc185db7a0362e60616 |
| SHA256 | 806895c6f1bcab2593a1b696cc99f0412fa8e211bb08935462eaa6b34ef028bb |
| SHA512 | 69aff824fbe8c82df1e02f448fceca121167ed5d9a26ecd09376c9f1c5f70812f122e72aeb598e914a3a7aea3105d73cceac027213933174435e747c3497a958 |
/data/data/com.example.jiuzheyang.distributestore/databases/MessageStore.db-journal
| MD5 | 0aa1fee14496ac3b0ac832f006788e54 |
| SHA1 | 199cade77a5afe5b7b524198c74891e8d596f24b |
| SHA256 | 41697e25178c76076a8c92acbeb7cff2f5fc850dd0c3dd06b6f9fce5dc9d89f0 |
| SHA512 | 51d93f5612c5c119aaa0270eca099eb3a547951104872216c2380d3e41978ba43ae7fe1ffee5e3c458908cf4290600d97dba00f39cfcaa057168ca75fd1d0234 |
/data/data/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.di
| MD5 | e34b64a229e448432ecfbc37fcc07869 |
| SHA1 | 59269c933e7ad4b54fe63ca9d6334a41e57f7d5a |
| SHA256 | 190b90e9252c1b849cdafbbdd86ddd5db17880564d2ffd3c2cea1b37783f056c |
| SHA512 | ff47d4c511b6fea697cf137b76c21a3d9a9f55f8f4f9dabe70f6052bfe666f9308bf14e3b49d86474598704639821f6b7d760ca19b62f4ecce70a36dcb915281 |
/data/data/com.example.jiuzheyang.distributestore/databases/MessageStore.db
| MD5 | 00af49b9f44d81bd9e335537d70358cd |
| SHA1 | 8279a70478cb6bf87b15f9bdacda441d573192b4 |
| SHA256 | 432c5db5408ec805e102d8781816c9b94f64e3a9206b019fb0d54c068d080dc0 |
| SHA512 | 33868a0d4da7e58535d64f5951dba631966c21a92c619dc6e869fc58214f12f6d3545ccbdacd31b6eabd8d64d980a7af6305b2b5c1890a3317e539ec5c2905c3 |
/storage/emulated/0/360/.iddata
| MD5 | 43b7c8bb28bdd49f6d4cdf5d7de5f111 |
| SHA1 | 1a97abe7aefb0544d9c62d84cc1412ab0fde49b3 |
| SHA256 | c9326f4b6c91cb23d9f70786e24a74ef1636daa2ac567a6294881ad286cda830 |
| SHA512 | 0a64841f1ffc0f59b3599de9880f327be9544bc3572eee8240dc0ba03acfc389e82f502de6c03d042be137809e0370db0d668321afa3a4c984b0a1a0c6283e6d |
/data/data/com.example.jiuzheyang.distributestore/databases/MessageStore.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.example.jiuzheyang.distributestore/databases/MessageStore.db-wal
| MD5 | c2ea498d4a46bef41bec1eeadd336fbe |
| SHA1 | 143d5cd77f6cf27311b354b82809cfca970c9568 |
| SHA256 | 69b1bb7a892519f54ceed6ad168de9f3f0328255e64c202fb536e9833b86c49f |
| SHA512 | 9ee7dcd2df7662b9f15ae5f2d33249f65bc07d50177af972754d2f485b218baba4f6b57fab103bbd32941e47b3733cdf238e28bac0fc89c41349796afc9808a0 |
/storage/emulated/0/360/.deviceId
| MD5 | 1d8d16c4e3b19ebf18988530d9b9a757 |
| SHA1 | bc94c1cce05cd848a53271ecb9c5311e27ffebf5 |
| SHA256 | abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7 |
| SHA512 | 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82 |
/data/data/com.example.jiuzheyang.distributestore/databases/MsgLogStore.db-journal
| MD5 | 833056df8d4527a6f420eb1de29df0b8 |
| SHA1 | 94143d4307bd9c3ab6100da991718725549fdf19 |
| SHA256 | 9dfce3c26dc25c378814a8bb4794a3344702bf74fba90c4f1c59780beafd3cf8 |
| SHA512 | 804da8391188dcdfe40b7c4cdd77e87d640bc4e5592fa3d18a4ab591fe19f8c28b2c2965d7c6319f538c819680e49c98bb2780a28f1bd268091408b202f841ca |
/data/data/com.example.jiuzheyang.distributestore/databases/MsgLogStore.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.example.jiuzheyang.distributestore/databases/MsgLogStore.db-wal
| MD5 | 37b784b74fb62e7037aa1e2cb1df78b0 |
| SHA1 | 408dba1f8a80205e50bb2cf0c627e2c96e2fbe29 |
| SHA256 | 4d34f07a4799dbfba53b81a451b44f8785567f222cbd53a8aa24dbce82ef1284 |
| SHA512 | 969ef594d0616340ad8334bf9f448315afd5905a2ab22fce931533fc47b6163e75ccc5f5197878d6de189e036e30616f2f161e80cdb8d11f4956d27d6064acc1 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 037d33e219297756a42c24158a58a98c |
| SHA1 | e586aa9bc3ec51683ff6787db4dea6f2a73a9140 |
| SHA256 | 38969ebf633f310c0449eaa3315c6b33ebe6810d541945369a29bedba3891db7 |
| SHA512 | 0e3712b692933ed6ad7b8a1ee720849eff39e8a1fccfafd277ce193e5ed6e55034833896f9e2c55e793bdf64af0af50c29a3d31d27b279ddb734a725c457dd17 |
/data/data/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.li
| MD5 | b1a134cf89c463a4860a9afbbdd32ba4 |
| SHA1 | 7488a02035eee4c1dafd8e89e2741ac2b9889113 |
| SHA256 | c9deee75450f8627db5c99cfa95b429f696e436d0b96520aaeaa808c42662d57 |
| SHA512 | 1fde24cefc6bc62bc9727c6b1ab52496ed5bf28d996bd20dfacbd6ed2f420c81bf1e7f9f8073a559950662b455da2a261900fcec0cae63f7f47a2e120a6d0360 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | e8296f1a7b77d412afea5580dcda9dc3 |
| SHA1 | d6a73fb3c61514bdf00825caaeadf5771136c617 |
| SHA256 | 0510999fab19e6706aa389351ad4ea0c79d74ec8d16f3d55f256283f25923d30 |
| SHA512 | 0530e3e9e76cc9bcb0eeae876b0fe9542c7d81144f52824076c38ce7b61c72be7d78786cc3aa83b5141ff78e9982a1a9cf2fbb7e12335cc0c1b56bb15360f0f8 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 4d802718e8f185ff42296159e032f4ce |
| SHA1 | beb1b80108dcee086e751aa5defec685e34202b2 |
| SHA256 | 3801a17b674d44fa4eee7ccf86ab5ffe2d97968e071c3a6b7f18959633507595 |
| SHA512 | 69a7c2a419baad75499d1cb1f95e51e729439c99aa498439ca4375589cf053eff22fac02a1ce3834bf0d3303ea14165e8f541cfd60e03f4a9a888739eed36e16 |
/data/data/com.example.jiuzheyang.distributestore/databases/accs.db-journal
| MD5 | 6b225a09695af030534c1f1e6b62fb3b |
| SHA1 | 575dc59926232d0ae97748464d11e32a0f2fcf0f |
| SHA256 | 15559a2f4304af95fcb9f11a0190d724dec0c71eec76da4881bb02360e149876 |
| SHA512 | 93ac916d5023f4e8f693a23be2a4e380c9cc3dc010a004c345ae6f471c9782126f22f69d8c109f47e786ac79138e4b34a1542fe6255a2d33bb35a6154e3ffabd |
/data/data/com.example.jiuzheyang.distributestore/databases/accs.db-wal
| MD5 | da3d8822f985ba44c7cfe66da3431e01 |
| SHA1 | 8fddedf5a29c6069c54a28cde503fe9d59f5f1e5 |
| SHA256 | eaf1a1cd159d304909fc567f4c48921bce100d6d588758cc01f06a6c04a26652 |
| SHA512 | 6af7efc014780be43b50d0da699e5315f8d46b80d835fbf9b193742065af392cc43cad2fcc718ee3c1e20834a6434aca39a8a665220cbda7521c46ba16923067 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 4e8b0b2fd3100d95b3ddfab73b5cea67 |
| SHA1 | 6d5418355bf2f3762c2db87e7e7ab45963483d83 |
| SHA256 | 1f3a416d741ac42684678d46a87e4fbe8bef3d39bed5d8bd19afdbfdbff0ced2 |
| SHA512 | 1a4e3bf5651384686e8f744ee4e0c1b1df64ebfe8ce204aecd37c0171e798b7e8c3b2852ff047d4bc00014a7b73a19b464efaba6e2b6e86eb588b5749cbd3aaf |
/data/data/com.example.jiuzheyang.distributestore/files/umeng_it.cache
| MD5 | a8d327d2772b289dd08633f1266e0757 |
| SHA1 | 050768c5956d32a5fd70a557b9232d9c9cb87dd4 |
| SHA256 | 28ddca3f91592594492e8e00fe3e940d53c277813a53d88bec491dd6eb10ca7b |
| SHA512 | 80ee032b3dc776697cbf673ac6dc536e30138e6bea0d105c5fdaca01bb2aa2365bdc2464842d08bb3ac65754726e2ef1ba06aea1612a65ec83c6352b0126d584 |
/data/data/com.example.jiuzheyang.distributestore/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MjY1NDYzODcw
| MD5 | 1db62a3dbfdb4c4e0998ced2a5e6d4ee |
| SHA1 | 64ddc0ffa39f98f1c8c2625375479925a6c7f91c |
| SHA256 | 9c082f4efae1fe38ed53257ff9fe81d1fefd5d3e0b491ec0f4d22ab0a0c50b2b |
| SHA512 | 0e1a5d310dae6b05469705d93a77a9eaa71ab680d61a1a2ef86957a426aa5d789a580654f6e5d4de2be3b99368eff8bf7a0e56b501f3fc66fcd0c445322d27ec |
/data/data/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.di
| MD5 | 1e5f1ef9cc4539f8584718566a9948e0 |
| SHA1 | 499983155116667dafdabab6b88045b47a0a0b58 |
| SHA256 | fa2858e2d0a7cb956f8cff67fe4791572ace1ca1a78c0de4d4f4fd489827ad6b |
| SHA512 | 0e1a7e8f2e3dc244d41af93611c10da96226c266ddf2eb13369c886c564e41ccca3a90ba3aa152e38753d95a8cad48f2197e355abc38cd608608ab547f6ba048 |
/data/data/com.example.jiuzheyang.distributestore/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MjY1NDk0NzE4
| MD5 | eb2b74f868a30455481fde229fb00ebc |
| SHA1 | ab99b297a36d197f896e28886be54e5b03ce2563 |
| SHA256 | 467473494246071ea7930ccf5b728e91d6bc2cb5176d35b3210eeba77f1995a0 |
| SHA512 | 75f6e6a66e36124fbef5aea8c12b8991fe71f1b627be1069586cc71a5482878937a3dfeb21b2fa1d79dfebfc06c9f62f961a28a83fc598435e8ea15fa676f848 |
/data/data/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.ac
| MD5 | 7f6652f18a621e5161d6eab2815b0c73 |
| SHA1 | 8cb8b04cae9a88c38848c0652ab58ad6c01270d9 |
| SHA256 | e49dddb1fc643aba76bf193a349c1d807f8cce4ad87eb179e9048e5d5d28ba4c |
| SHA512 | 15207d2d16e14cbe445746abdfe66447f878626ff42f20165ae8d27842b7f7b01776b7b8b4e74c639969242f6d837bc320179eca72dbc6ea346a49c4d324f36c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:57
Reported
2024-06-13 08:00
Platform
android-33-x64-arm64-20240611.1-en
Max time kernel
160s
Max time network
182s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /data/local/su | N/A | N/A |
| N/A | /data/local/bin/su | N/A | N/A |
| N/A | /data/local/xbin/su | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.example.jiuzheyang.distributestore/[email protected] | N/A | N/A |
| N/A | /data/user/0/com.example.jiuzheyang.distributestore/[email protected]!classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.example.jiuzheyang.distributestore/[email protected] | N/A | N/A |
| N/A | /data/user/0/com.example.jiuzheyang.distributestore/[email protected]!classes2.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | b.appjiagu.com | N/A | N/A |
| N/A | s.appjiagu.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.example.jiuzheyang.distributestore
com.example.jiuzheyang.distributestore:channel
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.228:443 | udp | |
| GB | 172.217.16.228:443 | udp | |
| GB | 216.58.212.196:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | udp | |
| CN | 203.107.1.97:443 | tcp | |
| US | 1.1.1.1:53 | hy.mengbashi.cn | udp |
| US | 1.1.1.1:53 | voilatile-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | voilatile-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | umengacs.m.taobao.com | udp |
| CN | 123.183.232.17:443 | umengacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | amdcopen.m.taobao.com | udp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.73:443 | plbslog.umeng.com | tcp |
| CN | 203.107.1.100:443 | tcp | |
| CN | 203.107.1.97:443 | tcp | |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| GB | 216.58.201.99:443 | tcp | |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| GB | 172.217.16.228:443 | udp | |
| US | 162.159.61.3:443 | udp | |
| GB | 216.58.201.99:443 | udp | |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| CN | 123.183.232.17:443 | umengacs.m.taobao.com | tcp |
| CN | 36.143.252.67:80 | umengjmacs.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| US | 1.1.1.1:53 | httpdns-sc.aliyuncs.com | udp |
| CN | 203.107.1.100:443 | httpdns-sc.aliyuncs.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.107.1.100:443 | httpdns-sc.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | s.appjiagu.com | udp |
| US | 104.192.110.60:80 | s.appjiagu.com | tcp |
| CN | 36.156.202.73:443 | plbslog.umeng.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 203.107.1.97:443 | httpdns-sc.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.213.4:443 | www.google.com | tcp |
| CN | 106.11.61.135:80 | tcp | |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 106.11.61.135:80 | tcp | |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 203.107.1.100:443 | httpdns-sc.aliyuncs.com | tcp |
| CN | 203.107.1.97:443 | httpdns-sc.aliyuncs.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 106.11.61.135:80 | tcp | |
| CN | 106.11.61.135:80 | tcp | |
| CN | 36.143.252.67:80 | umengjmacs.m.taobao.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| US | 1.1.1.1:53 | b.appjiagu.com | udp |
| CN | 180.163.249.208:80 | b.appjiagu.com | tcp |
| CN | 106.63.25.33:80 | b.appjiagu.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 36.143.252.67:80 | umengjmacs.m.taobao.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
Files
/data/user/0/com.example.jiuzheyang.distributestore/.jiagu/libjiagu.so
| MD5 | b3ac1ee9aa64f8e06bcce3205a2dfd9a |
| SHA1 | 08c515f96cb89ec82abaf1ddf41215325a3aff18 |
| SHA256 | 5c83817c713f24c66500ec4bac543400d852944977b132f105938637457faac5 |
| SHA512 | 648a5ecb8017cbf0f144f33b2c0dc6836af0bdebbe655188d5bb550ab362899e8d52be27b5678915f638fda64a4e4c1d438d20ccf4f18b6903641d2814bc5659 |
/data/user/0/com.example.jiuzheyang.distributestore/.jiagu/libjiagu_64.so
| MD5 | 45e8ba8af79175b9868cf816b361c26d |
| SHA1 | 093a141f167ddc5d0638fddb80a80740d74efdea |
| SHA256 | 6a71ae0506cbad587e1c3846fffa8bd0aae9fa7b25b9bf63f986cc35fc8d068c |
| SHA512 | f509320c8885493f0f5ba2c673bc6b4fde44e57137f8eb6ed4d927a21e0351ab6392d2a605d6505027d9c9fcc8a504e85c6548867cef3805552a8d16999c539d |
/data/user/0/com.example.jiuzheyang.distributestore/[email protected]
| MD5 | cffec18c06438594339a6b2cff65cec5 |
| SHA1 | 59b979149f3cbd9f2174125097f51d7603717d14 |
| SHA256 | 5ca075a99678fb7b076c89b67bda059a400c57bd8d7c3f1cf113ac90a8a98dce |
| SHA512 | 7eec2378dcee49948aa72a38eb39dfecb9182cdd7646973a4e19fb9312db0996d7d243be9eabcdc10438aad6c372f287781ac6c644430ec5e135d15687f1a6eb |
/data/user/0/com.example.jiuzheyang.distributestore/[email protected]!classes2.dex
| MD5 | 358ec2249bb62d0112a4e134169022ea |
| SHA1 | 4edd36cd911f64c1590a6b657e9b03296dca2714 |
| SHA256 | 1ed1e67692877612d42ff6efaec8c65d925fcffc90e92fdb5f0c9396acc6d099 |
| SHA512 | 46f54faa43519a85f27e7b4147f97b0fc11df1a7bbf80f6c79e217670a3ada74b6eca32ed12d5f7cf83befd6c54b075f5b26e06edfadcfddf4646fea51e84eeb |
/data/user/0/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.ri
| MD5 | 27def0744c648e91f09ead7390c2c1b9 |
| SHA1 | 055712fd3699d77df4f49ac02991f7ee21a0ee0b |
| SHA256 | 1d45507047c9b36c8c6e45d9e6ea35b4e062c1a8856d9ca84501534d5a8e2ba7 |
| SHA512 | 0c415945ae3cfb218f096c0d93fb2f88efaf84f12358d497795a774887757c1acbfa87558217e7906e0d23f5fae81c6e4bf74dd32c9665ee8d3c417a3cd2001b |
/data/user/0/com.example.jiuzheyang.distributestore/files/.jiagu.lock
| MD5 | 55faee1e4f572b9f2067c681950252ad |
| SHA1 | 2ce3d4254e675875201670deaf5a4dc487a96c63 |
| SHA256 | d30aa268d69a3bc7354b512eed2590b6b3ec628eff4652e23039fd89d8c4f222 |
| SHA512 | 1f516a605177632563b3f83cdd3a45b83a6ec2e8634f5d2694abfefed1d220b746e66273c9b19fcee30401b2c6c64322dd2111cac8ff7efa2cf343e4e579b6ca |
/data/user/0/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.rd
| MD5 | 355add01eb396feed6fbaac1dabb1068 |
| SHA1 | 1ddf4381b1ac396fc23e783e91434a0769f8df77 |
| SHA256 | 870fe5a1b9dee0b6eba49350bff0af9b7e3b6858e3d79b9bf73032f9fa87d608 |
| SHA512 | adfe7527f35847b20cbe922b037240fe4cc35111df538900f5bb4bf5d598e9fca97467b37051371dadb7017170e081650f9b6341269251e34048299555d7b82c |
/data/user/0/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.ac
| MD5 | d569110f06aee80c549ccd82cb3e09f2 |
| SHA1 | 9c92d0a21e22219cc629ea20881078ea320a7ad8 |
| SHA256 | c992fb940e1b655d4f613c471c8f7d74f5d82bcaee23e6817bcf067de2ad9db6 |
| SHA512 | 82db3d6f6389ee3e47cec870e2b54826cb5bfd3b81d4524120a07871344969b559a0704897cdd22e19bb384dd76f553b6d4e4ad1819965bbd6e7d2707db4e05e |
/data/user/0/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.ic
| MD5 | b14342a93abed31cc0025c8a418f4eb7 |
| SHA1 | 920f998c0d5d0a9a33c6a56e48cfeb8a31f44b46 |
| SHA256 | 6463ccfd99b16b53322ddcce4843e88495257c9941f2dae307d7c9c5b2dbd95d |
| SHA512 | 8a045b3c3b6ca8d48ba39ea28d8f40ebb09175f2a462da971afe80df0cd0f14db02f9dbd59972dca24be45addae7b81b1b237648e9bfe391fe3812b2c7eb3832 |
/data/user/0/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.di
| MD5 | c383396b49621c6979715840149be718 |
| SHA1 | d2a0c062bbfe1b0301f36c74b471b468879562fc |
| SHA256 | ccd6749278025b10d55e0c96ad5c52e65501b45715d8cadec890fa347b35baf8 |
| SHA512 | c5797839ecc0e97ff40a299cb15145b44cfb6a1b5f345d495891f06273a333fa8750b8b71b8e989cd3a9d63fea0e5a4582b5487d4b0b03fd744520e2aa08b114 |
/data/user/0/com.example.jiuzheyang.distributestore/databases/MessageStore.db-journal
| MD5 | 7e14ca316b361b8a4bad02ef3573ffe7 |
| SHA1 | ffcda4a7d33e62394c732bc637b6a85f91f07f49 |
| SHA256 | 134a1d0fac7064da263f2167ca442699094d3b62e4b3b71f1d89a6cdb0affe12 |
| SHA512 | b099d2458c26060187de502b18036b822d6260bb292cc351d6944fc9517d05bab75eba16c21e4731d2aed585d7b5512fab0ffb805e08735fcd9821b04812fbd9 |
/data/user/0/com.example.jiuzheyang.distributestore/databases/MessageStore.db
| MD5 | a7d04e97164a582580884172aaba0b02 |
| SHA1 | b91a0932fb19ba28e4a9fdc9cd27fed026127170 |
| SHA256 | 54c46233aaee1a76ea2d76411d87e8219e35d885eb1c9f12f743e93aec6d9c81 |
| SHA512 | 6382ef5740d917b2737360840756b8c1b1d3c2307f75f8be9e165a0569e484efb348fa5cde7439a6dd87422caa986f4c9ec75e0ab4cf7da7db44a8ff5a455f23 |
/data/user/0/com.example.jiuzheyang.distributestore/databases/MessageStore.db-journal
| MD5 | 8f38f5ca4cb858d84d9f93810f3cd2c5 |
| SHA1 | 6072f6d9722028ca10b5700295dabae5d59f00ba |
| SHA256 | 164417e2f1d8ef916e233c11bef0f788c27161290fc69a9b8eabc3be58f8ac15 |
| SHA512 | 2b1190284532e11c5524df51d28fa8b3aec99155b86bdfd61316f934786aa436e613e608a5c3cf3a102fe08cdbe3c78a47d4fd696961294f7814900d937d326d |
/data/user/0/com.example.jiuzheyang.distributestore/databases/MessageStore.db-journal
| MD5 | cb97a35816439bda8b0a5967bfee17ba |
| SHA1 | 2955bd7ba307d35ea4d4da2c3f4d412a06d00cfb |
| SHA256 | 02e2f3d8ac02b016543f48fd7a59bdf5a1463d9bb20ee6cc153e025b87ef4447 |
| SHA512 | c983de0e52b88f87680f843d1601a07472a02eb3c233fd05798e6afe2199c6b6d0836967796e58a71e5f4687f02a6e6610a94df1b4b0aa62031ba31fecc2b9ea |
/storage/emulated/0/360/.iddata
| MD5 | b7642697034b476118b9b5489a7138c7 |
| SHA1 | affa370fa7f65158e49ca4f69e761c00557fb2a1 |
| SHA256 | be1e444f66635962156cfca3bd997d99745984ceacab03d23b708279617a27ad |
| SHA512 | 83e9de6eba997f307e8073640046f430e761270ebfbef40204fc368c267a3ff4761db7a727e740a705e1ad96d522278ca255e9fbcb578f445a91aaa793bf9a64 |
/data/user/0/com.example.jiuzheyang.distributestore/databases/MsgLogStore.db-journal
| MD5 | 96e7c9926d6323175e34b35f03c8336f |
| SHA1 | 3a3d5b727f5504e3fdfcb2a2db5be49fd7de2ce0 |
| SHA256 | 9db8554096665c3642d4397e1ab9892b6d02f6855910ce7bf0d2214282241fc6 |
| SHA512 | fcc83e4d188970d046dd0030cd71c4c3273532503c8d20c05b8287c10251162e21f25b7f4b7dc0b8dd585fa8d9f0217ebeb69b72269f40a2c5d7ef397bf0c584 |
/data/user/0/com.example.jiuzheyang.distributestore/databases/MsgLogStore.db
| MD5 | 12a7d379e17bbd9dfb425607991f4814 |
| SHA1 | bc7c5ed79c42863755432f9adf05ffc1848b0a81 |
| SHA256 | 6e9e6f531496fd3cb33584bf4a1303845743589d5527bf8e96e27e2264b1e90f |
| SHA512 | 18d678715f1712f8baee18e23487af449890a4130e304ea10d883dfc99b33b7f88f0f1e0b4008ac0c8f1ea6c19f5460b0510d5372c579b039a96785529d980c4 |
/data/user/0/com.example.jiuzheyang.distributestore/databases/MsgLogStore.db-journal
| MD5 | 7230bb8c13052c788e3bac5c8d039054 |
| SHA1 | b7c077a63801633b3fbec1433f1f2c883900f470 |
| SHA256 | 07683ebe4cd9c9139010a2162a290e908d65339d2af04af0424bc917e711cc53 |
| SHA512 | c3a484d325b2172ef1b22be88f9e7ee8e0975a3a1adc60c6ac728e698e0ea89de3fe7eae3d94b18c5026ba8b865c648de72e12da257c038772da48604de8b027 |
/storage/emulated/0/360/.deviceId
| MD5 | 4c4c5285293d5141f582aefa4e038669 |
| SHA1 | e01852a72e5a8e6f7d63a21426b515118196047b |
| SHA256 | 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731 |
| SHA512 | 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399 |
/data/user/0/com.example.jiuzheyang.distributestore/databases/MsgLogStore.db-journal
| MD5 | 346c756fb10e052fed0623e27e424b7f |
| SHA1 | bfcdbd104121acf35684e1fca4c7094777bf029a |
| SHA256 | 0cbc565fb5975ec50c15aa844032eac9c07da1f5484ae68f04ed0abc2300a7fa |
| SHA512 | 928904802eceaa09bf2ad03869e1046b5f6d35a8e961dafd8e4ede024b78b0c734a1dfeff2d4515b56303219550e4d5254acffc35a62eeecc9e7dae5b5e4b08b |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 2b83103b4893631274bdbdbe1258ffc6 |
| SHA1 | d0e68daba0e48bdca5410def3fc2d2f7708cee6c |
| SHA256 | 95ea85fcc4b34a8fc929ef56fb7576a6f67c7fe434002cd58e816f4c28574116 |
| SHA512 | 823736ce54cb3ace4a947a683ab09c754400cd228152ae3259c2ca95a09fabd6ea4f3f776c0c567aa5826fd7e1914a13709c938e88bd268460b945f0c6c1c83e |
/data/user/0/com.example.jiuzheyang.distributestore/databases/accs.db-journal
| MD5 | a9d57328ffd481c8ec0e5341c0d19a49 |
| SHA1 | 95052fe358c6820b973fc25c09e31c9afe8bcba3 |
| SHA256 | 0398e82ab7279687a90dcc3e02df5f2cc462c097647e35406eeb647be44bac17 |
| SHA512 | b03f75698ba523f83343b15392b0253b98aa88288788c49a6c9fdfeb1d1a8e37304a0abbdaab19b8882735a87c6417df66567c4ddea4925078419003508c5b36 |
/data/user/0/com.example.jiuzheyang.distributestore/databases/accs.db
| MD5 | 558105926688c7d4f4788f6b593bcebf |
| SHA1 | d16091461bb6ba14d9de002f0e32feeb35fda9dc |
| SHA256 | 51b2b66764ca441ef1a110abc89f5b8251be8522e0a9bda462a9375d18594616 |
| SHA512 | 1e7c7947765f949be950a73be089c256b52def43f6621357548a88449ffb6cb128f99bee382cfe8c8c786c3e9ac2a907c08f38e2ff9e1e37fc9138360533b55a |
/data/user/0/com.example.jiuzheyang.distributestore/databases/accs.db-journal
| MD5 | a35cb1a9ac47ccc740cf2686f81f3345 |
| SHA1 | 2c62694e11a8a03eb7419f5f8d1930ea3a20f2c4 |
| SHA256 | 7b52fdf209a780517e29337bf24790b39fd026bcee3ae8a80f0f90efff176e6c |
| SHA512 | d39901a81d631a6ecd483db82ac4a677847fb492574187b2b69dc77e0dbc9aa54fb21c92e044d50d27a8b0627b00a26378f09089984b3ea38ce5d48c62fc587b |
/data/user/0/com.example.jiuzheyang.distributestore/databases/accs.db-journal
| MD5 | 763fe56034db79fb3853d64638c8339e |
| SHA1 | 1e4cd2a1e2d1c04c73249ae3f702cad00bbc8bef |
| SHA256 | 424f7a73a37d8448248fe79765af89344333280df46c44d5a9eaf406b6c03807 |
| SHA512 | 97d342a7f34c534f121d31f4161e07b19a8312ac8c4e420a8d7a38cfe113d2ea01c601665466cab394f2ac211115734fdca9f74e3153e4fa81f4d1e5c6d6eb48 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 3e45297026a730c6e2b1c4a16349209f |
| SHA1 | dffcedb0c231d7310340878527906ebca3098696 |
| SHA256 | 2659c573b00bc738fcad9101c5f3e937f24a5f620161268ff2a04f3d9378c458 |
| SHA512 | 94d393a12f01b44045fba40ed696391713556a49b228370491eb7bef59a3bf67853f3871e105865b8e05760705f93f7db9305a9d1dc8855cfea221cee1823acc |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | dc893960b4bf3aaa0885ff74a18d9278 |
| SHA1 | a6d4740566696466e9dc2c006bb01485e370128c |
| SHA256 | 76c1be75606faa88778df83c971c27513d7c57f2038f9e55ec0ccd06de6fb719 |
| SHA512 | d0db80527366990bd98e0b31c095e55d0283584d45e643aee5029126845a1b0f3e020c51edf3a5d5f92fe7a1b6f94286ce7484c8dff387bb53fdc41734b7f3f4 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | c22789470bf9a760b3a155ba6c56012c |
| SHA1 | acc5f206d88b5fa275760852fac8b3bccf663d3a |
| SHA256 | 3f13c2cb557fd307fcc0092102778e261e151e973dea8cd06c4558899abe680b |
| SHA512 | da1ef96af06117bc805511e14ea9557b8b1cf1e05de5d7c28967d453de75e7476be404e9e287b10078d49f38e8828c39604ee9cef33ceb101074b4d6b3300de2 |
/data/user/0/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.li
| MD5 | 15ee603dcf58aedffed74b74fe7bec2d |
| SHA1 | 9dc24f77c00477240936e205e295d81130f356e0 |
| SHA256 | 76ffeb1ffa7a2ff954e60a44efc77d37263c91e60a5804d20293b1cbdbc5dd1f |
| SHA512 | 27497473fe8a4f065fc3c2b959a79e2d1d4ac7440693b0625e85902e59d5295490f588d1018b0bc51393f89de5d785a4c3b420dd4287fee18f7a54633542631f |
/data/user/0/com.example.jiuzheyang.distributestore/files/umeng_it.cache
| MD5 | e36a2608a02dca3edbadfe2c0637235c |
| SHA1 | 6e5aff2df37e79eb81ef829ad063e364ba981666 |
| SHA256 | b27f5de1fdc3572f179407446a2521874cf312e72cad7d1d17a6aec573f9d1c7 |
| SHA512 | 903754440adb070f8f40d462638a1cf82b96e8b5be68fad63df8d9728292cb4a1cb7afb50322b015b786333ea054474983fa03f29a1daa656507df36956a032f |
/data/user/0/com.example.jiuzheyang.distributestore/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MjY1NDY4NTI5
| MD5 | 5f08538dd1cf8510530d4effa7232d9a |
| SHA1 | 45f22216c1fdc8129842121b310204e88f615fce |
| SHA256 | 47d20a2aee18cbaebfde62358ac634424690217f559adf041c4caa1adae9a082 |
| SHA512 | 7b6c4a42a8fa38be70b0a44a213172a5482174ed257092bb711c881b8c6603715193a31b7a95dd07721003f8b0eea3edc082953ee17a0404dce24004c8e0104d |
/data/user/0/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.di
| MD5 | 2bea2d7e32670b3e14b126dbae7bb852 |
| SHA1 | 093e1207b415fe0eff11f2ebcea63149192ad400 |
| SHA256 | 829a8ea0f2d6f2baabe55f08f20b7c3cb898fbf2cae6c40517e5dc6b368eed58 |
| SHA512 | 20402dcfd7a291e2e4e2a1a2cff5dbe97444a78a9dad08e24c10d435383097189e53700f8fe8734922b77c60811672673e9f909cae4b15a88479b8b8fe72ed76 |
/data/user/0/com.example.jiuzheyang.distributestore/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MjY1NDk4Nzk3
| MD5 | 6c673e7fbdc7bfbcd05f17066fc00bc3 |
| SHA1 | b3cb24225f41878a90b6c2744bc36ba8b580dbc4 |
| SHA256 | dec9060720972a89801cfa31fd424113276274141763705a260633e1036cd1b0 |
| SHA512 | e55a28c64e77decb9dff81880dedb1776aeac917a476744b2b9c1700a9f94e8244f318b934c48511ecb277fa5409821f3a2d8dc92b93b1946c47e267b2f5913d |
/data/user/0/com.example.jiuzheyang.distributestore/files/.jglogs/.jg.ac
| MD5 | 7f6652f18a621e5161d6eab2815b0c73 |
| SHA1 | 8cb8b04cae9a88c38848c0652ab58ad6c01270d9 |
| SHA256 | e49dddb1fc643aba76bf193a349c1d807f8cce4ad87eb179e9048e5d5d28ba4c |
| SHA512 | 15207d2d16e14cbe445746abdfe66447f878626ff42f20165ae8d27842b7f7b01776b7b8b4e74c639969242f6d837bc320179eca72dbc6ea346a49c4d324f36c |