Analysis Overview
SHA256
cb935716f29af4136d449825baab47a79984011807ca0e6dca466e9d6eeffb1f
Threat Level: Likely malicious
The file a4b23fa77a1b406c9026ba2b1d5e3f03_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Loads dropped Dex/Jar
Queries information about running processes on the device
Requests dangerous framework permissions
Queries information about active data network
Queries information about the current Wi-Fi connection
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:47
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:47
Reported
2024-06-13 08:50
Platform
android-x86-arm-20240611.1-en
Max time kernel
177s
Max time network
185s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.gezlife.qianrenzhang/mix.dex | N/A | N/A |
| N/A | /data/data/com.gezlife.qianrenzhang/mix.dex | N/A | N/A |
| N/A | /data/data/com.gezlife.qianrenzhang/mix.dex | N/A | N/A |
| N/A | /data/data/com.gezlife.qianrenzhang/mix.dex | N/A | N/A |
| N/A | /data/data/com.gezlife.qianrenzhang/mix.dex | N/A | N/A |
| N/A | /data/data/com.gezlife.qianrenzhang/mix.dex | N/A | N/A |
| N/A | /data/data/com.gezlife.qianrenzhang/mix.dex | N/A | N/A |
| N/A | /data/data/com.gezlife.qianrenzhang/mix.dex | N/A | N/A |
| N/A | /data/data/com.gezlife.qianrenzhang/mix.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.gezlife.qianrenzhang
sh -c getprop ro.yunos.version
getprop ro.yunos.version
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.gezlife.qianrenzhang/mix.dex --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/data/com.gezlife.qianrenzhang/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
com.gezlife.qianrenzhang:pushcore
/system/bin/sh -c getprop ro.board.platform
sh -c getprop ro.yunos.version
getprop ro.yunos.version
getprop ro.board.platform
/system/bin/sh -c getprop ro.miui.ui.version.name
getprop ro.miui.ui.version.name
/system/bin/sh -c getprop ro.build.version.emui
getprop ro.build.version.emui
/system/bin/sh -c type su
/system/bin/sh -c getprop ro.lenovo.series
getprop ro.lenovo.series
/system/bin/sh -c getprop ro.build.nubia.rom.name
getprop ro.build.nubia.rom.name
/system/bin/sh -c getprop ro.meizu.product.model
getprop ro.meizu.product.model
/system/bin/sh -c getprop ro.build.version.opporom
getprop ro.build.version.opporom
/system/bin/sh -c getprop ro.vivo.os.build.display.id
getprop ro.vivo.os.build.display.id
/system/bin/sh -c getprop ro.aa.romver
getprop ro.aa.romver
/system/bin/sh -c getprop ro.lewa.version
getprop ro.lewa.version
/system/bin/sh -c getprop ro.gn.gnromvernumber
getprop ro.gn.gnromvernumber
/system/bin/sh -c getprop ro.build.tyd.kbstyle_version
getprop ro.build.tyd.kbstyle_version
/system/bin/sh -c getprop ro.build.fingerprint
getprop ro.build.fingerprint
/system/bin/sh -c getprop ro.build.rom.id
getprop ro.build.rom.id
/system/bin/sh -c type su
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | apis.gezlife.com | udp |
| CN | 139.9.33.178:443 | apis.gezlife.com | tcp |
| US | 1.1.1.1:53 | s.jpush.cn | udp |
| CN | 139.159.137.254:19000 | s.jpush.cn | udp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | sis.jpush.io | udp |
| CN | 121.36.205.81:19000 | sis.jpush.io | udp |
| US | 1.1.1.1:53 | easytomessage.com | udp |
| CN | 123.196.118.23:19000 | udp | |
| CN | 103.229.215.60:19000 | udp | |
| CN | 117.121.49.100:19000 | udp | |
| US | 1.1.1.1:53 | im64.jpush.cn | udp |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 139.9.135.156:7007 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7008 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7006 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7005 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7004 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7009 | im64.jpush.cn | tcp |
| CN | 139.159.137.254:19000 | easytomessage.com | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 121.36.205.81:19000 | easytomessage.com | udp |
| US | 1.1.1.1:53 | easytomessage.com | udp |
| CN | 124.70.128.38:19000 | easytomessage.com | udp |
| CN | 123.196.118.23:19000 | udp | |
| CN | 103.229.215.60:19000 | udp | |
| CN | 117.121.49.100:19000 | udp | |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7006 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 139.9.135.156:7004 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7007 | im64.jpush.cn | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 139.9.135.156:7005 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7008 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7009 | im64.jpush.cn | tcp |
| CN | 139.159.137.254:19000 | easytomessage.com | udp |
| CN | 121.36.205.81:19000 | easytomessage.com | udp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 124.70.128.38:19000 | easytomessage.com | udp |
| CN | 123.196.118.23:19000 | udp | |
| CN | 103.229.215.60:19000 | udp | |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 117.121.49.100:19000 | udp | |
| CN | 139.9.135.156:7009 | im64.jpush.cn | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
Files
/data/data/com.gezlife.qianrenzhang/databases/bugly_db_legu-journal
| MD5 | 7230d7d287afd2c899c1cbae3c50c94a |
| SHA1 | 98638c3b601510ea2d882560c6d2a28911368a25 |
| SHA256 | 13f9595a5d4defcf54c95085c34246cb7a4073ba902b298173ec1c9cf58e651c |
| SHA512 | e53eede8f2b500a4085f1bcfcde7ada2559e07fdbf1b8978e896cef9a2e6961323401079ed56125d6084acd232cedefd668c2338c634a1727a885cb6565bca02 |
/data/data/com.gezlife.qianrenzhang/databases/bugly_db_legu
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.gezlife.qianrenzhang/databases/bugly_db_legu-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.gezlife.qianrenzhang/databases/bugly_db_legu-wal
| MD5 | 024d70024b2477d0b5b4ff471f038b70 |
| SHA1 | ac5364724cce4926b67706aa0be7baf3b1aecd13 |
| SHA256 | 1232e501447189353a83edcccc1dacf240926617f31c9ba3b249da9d22a2518d |
| SHA512 | c046830b6fbb4d047def6d6ac81c158a07648e82507712131ed990777781b97f801319d8e819fceed8148042b4285dfe34e842e0a58fb1ca700901b402df2a66 |
/data/data/com.gezlife.qianrenzhang/mix.dex
| MD5 | 63f77f99bd2c2b772a479923bde11974 |
| SHA1 | c7632e7d301e4463fafce85f84e9c3d7da3fdbbe |
| SHA256 | 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615 |
| SHA512 | 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c |
/data/data/com.gezlife.qianrenzhang/databases/qianrenzhang.db-journal
| MD5 | f01be6ff68b2a42e9c876efcb74aeeb9 |
| SHA1 | 28c8416da6f653b30ef46e2752e0e49ebdf0296a |
| SHA256 | de60c036a40c84419cb845565dc255ba60e6441df3917a69fe027777f4a46498 |
| SHA512 | fc6ff342e43a344aaaa39a216de25a7238858debff2c9caa786cdbb53ae69c04d842c3d61a138fb03cffe308e4b37d338364c1b4f7cfe677959b39969bd66604 |
/data/data/com.gezlife.qianrenzhang/databases/qianrenzhang.db-wal
| MD5 | e53426a1cdba7cc3c276e1e4967b76dd |
| SHA1 | c80247ffe3ecc41df5dd2ef779943590a8cf556b |
| SHA256 | 2cd558f9d113604dd46ae5937f4d285874f5cc240b715f7d826f0cd85796c72a |
| SHA512 | 87a45d19122c3e14d639226423862cb2ee60087b344d22509dc6f0112be42a5ed6bb42faeeba6ce4c7d8d25f94cade31b198471a06a6755612edf0aa4daa51bb |
/data/data/com.gezlife.qianrenzhang/app_crashrecord/1004
| MD5 | f708ac11c8221c9e911a006ac3e68e15 |
| SHA1 | f99a4d24406ce5417b25855b01d5a2fee4e2f8ef |
| SHA256 | 81dd4f2f0923d7f85bf6508d5bdaf5267d9b3fd85db39fd778659fbbf2d0b881 |
| SHA512 | 29ffb1dba3bcffb961e8b8fa5b4e8cf3ee40f7ce4dd27b7c618e64f5eff6dd56caedd59f29c2ceca3b1bb51fdf11c5cd2ae04d6e07495b0acf121b3691a5c062 |
/data/data/com.gezlife.qianrenzhang/databases/bugly_db_-journal
| MD5 | d09f0208b12612a0aa2401e43def8787 |
| SHA1 | 7b33fc57ab4858ac2b78d28eb20caaaf9167b882 |
| SHA256 | b20e314610f490c1b14499590476e1866e6ee9d570eee3cb698f159542ca1b13 |
| SHA512 | 2e7d7666e2d40c8de71074e55b604767d809aaa4916056f197cca6e9d1be4dac784fce0c5a9b3b8b4b73e7763d7b6e6b8023748a700ddb05c73772121c985b08 |
/data/data/com.gezlife.qianrenzhang/databases/bugly_db_
| MD5 | aa99281ce0cd69a9302f8b64b918ad75 |
| SHA1 | ccafc0e5fb16198e466b209a888301f4100fafe8 |
| SHA256 | a3cde8388c50e78c7b3c8dab1d0c46c64c375248031adbb6a5802e3da65bb431 |
| SHA512 | a8b80f09a555652d3e4b9775b6aa58341dad7fb120509e128df417533ba361353b19530306e8691f1ce5fc0c69f1a89d29bd2eb176291a5e85b945d14c9eb085 |
/data/data/com.gezlife.qianrenzhang/app_crashrecord/1004
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/com.gezlife.qianrenzhang/databases/bugly_db_-shm
| MD5 | 707977ef50ebff785d8587fe66074a2a |
| SHA1 | 94132c9aedd58224809465fa57038eedb4cace6e |
| SHA256 | 786013e1a4cbf6c7bbc38be3d63814865297f90f9b1a3f0b958fead6fb843c20 |
| SHA512 | 99d991912a4df4d2be6d399321d7866a799cb3757e29c02bf7c82243fa3be30d2ca8d555b96219a4272b17afcc05b7cbf0b23959ac3ddfb4b6e127d998bf25ce |
/data/data/com.gezlife.qianrenzhang/databases/bugly_db_-wal
| MD5 | 9b8a2f765cfb5b73d668e0b46b19362b |
| SHA1 | e3cc09d3acf994f9c0c97c4bac9007ed82acfd92 |
| SHA256 | da90fd507b4ff4a2f2bc9bfaec378cd8b983dcbf80718d2748bfd5258f3c2d06 |
| SHA512 | f92ef5a27edfdc833177909ffb69bdf2267fecb1d9ccbc51a582878212c0e9bf1d647b26552aa9ecc94f5159ab2cb7e794c52047b8534d84da7ef02aa0f88a27 |
/data/data/com.gezlife.qianrenzhang/app_crashrecord/1004
| MD5 | b79f193c8019ad1b73d28828bf1b44f8 |
| SHA1 | 8d2273b39060079e29481f7b376c70f2dbc203a7 |
| SHA256 | 6c916dd45f2839a86374a2fa01a656fa5cbf3e6abd6412a903fcd76c27cb50ee |
| SHA512 | 7fa8c98ff42702a82baf29c2239e42de41a3ff4bfbfd9ed1f304ae4a7f26e3a215e402219e8d33c4aa78a1517a72243008e5cc8d59a136235183892c75a1125d |
/data/data/com.gezlife.qianrenzhang/cache/cache/journal.tmp
| MD5 | 37e8e716e0e2f4a0b05cd9571d95b84d |
| SHA1 | f8d068f6931707bddb8cd69f706f2224ad1fea3c |
| SHA256 | 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca |
| SHA512 | e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6 |
/storage/emulated/0/data/.push_deviceid
| MD5 | 5e902931be874726b42d46b3a83bd7f0 |
| SHA1 | b8e9b2cd9065908556aa293500f70e24870187f3 |
| SHA256 | 21f83c552460badd48a5599f492d4b708befc69d1428a3b3fd9fa2091d4af3c7 |
| SHA512 | dff80d22615d152d1bbedb4fd336de44225f93fc36ee5913aafbc342aa5b93db02a4c0ec8c34181716dc46c70e91c237162acdd50c0a04eb98d59686d3d384fd |
/data/data/com.gezlife.qianrenzhang/files/jpush_stat_history/active_user/nowrap/26c941fa-0352-4c44-a446-5ba511424d1c
| MD5 | 582a17f41ca36d9099b97c857fb59b63 |
| SHA1 | a111771d51f82337295149afb2da26b9e52f5929 |
| SHA256 | a84e03fc414b4d6ec9b1b8620f485ea63a141ff8c81048bb02845c25c979b52f |
| SHA512 | dd0c3f538ea82fadb6d5586183d0c5e4a02e78b782346fc933d46e94c2c627e0c33b41530662ee9cd3ccde4d76ae02689392a3ff56099f9ab774a300a89c10f7 |
/data/data/com.gezlife.qianrenzhang/files/jpush_stat_cache.json
| MD5 | b4e1b05d784ba7c82d74a8b046695c24 |
| SHA1 | 0ce0b02c2fb0adc4cac43540e9dee50e0600e6ef |
| SHA256 | a83fe679357dc7addab381760ff7105fb6be54722d20e8657342a3da950bac5b |
| SHA512 | acaf191d789214f101ccbd3bc70ff9b9cec0d7e5ea505cfbfca3c6216254a7160f4b11d074f64269d79953d387de8f83d723372beb4943d5c2ae3291eff338d8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:47
Reported
2024-06-13 08:50
Platform
android-33-x64-arm64-20240611.1-en
Max time kernel
39s
Max time network
174s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.gezlife.qianrenzhang/mix.dex | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.gezlife.qianrenzhang
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 216.58.212.234:443 | udp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 142.250.200.3:443 | tcp | |
| US | 172.64.41.3:443 | udp | |
| GB | 142.250.200.3:443 | udp | |
| GB | 172.217.169.68:443 | udp | |
| GB | 216.58.212.227:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/user/0/com.gezlife.qianrenzhang/databases/bugly_db_legu-journal
| MD5 | 95d00cbf1d1a728993287e23cd75faa4 |
| SHA1 | 415174df4da9e62a34ba06548434d5fd54502ae3 |
| SHA256 | 9a099e78687c667774c401fd11ba0e1569732585e41866c28c930e1a7772dfe6 |
| SHA512 | da494e42c8fed2f447dac340ec4b78e62cf4e3a2c4782a9377a24238c96872664026020f68c69d37687e4e8323355af5dd49b48177cd3cc24560dd22846e75be |
/data/user/0/com.gezlife.qianrenzhang/databases/bugly_db_legu
| MD5 | b3ab84778b8e610f7c6094a5620688db |
| SHA1 | 54a91c2fc273e765fedd86b11d594d1264748e28 |
| SHA256 | 229cda5700d6099a8884b4120dc8987fed2b790e9642c22dd277e66d57eacc9c |
| SHA512 | 8594080aeda88d6519fbfcc8acc83e79944b11eb232b67d2aa5fb712e7d277f87752d9ee5d680d2158e97e0a8bdb72102cdd10d28dd050300ca5e499c9a07fba |
/data/user/0/com.gezlife.qianrenzhang/databases/bugly_db_legu-journal
| MD5 | 1f24c93e2ca55106a61abbd034185449 |
| SHA1 | 03a370009c02a5b219ca2c2d20d642710d13d88e |
| SHA256 | 32c5d649b0bd1d307a3a95ac3115d2280664dfbffe910a79e68a97c25729c2b9 |
| SHA512 | a1405acaddee066bb0f72ab7e79454bcef1b05949290f9f591c4aa603a096041f5956db698adb1328a388ef7459b9c7c79602aed310176cfc4cba08ae1a7cc1d |
/data/user/0/com.gezlife.qianrenzhang/databases/bugly_db_legu-journal
| MD5 | 782343582fc3dc49e74fc6d884568b0e |
| SHA1 | 9eddc30bbf5f23a3827a1bb56321c3fdf2c7b307 |
| SHA256 | 03d635b71d4ffa40b68032b61cbb5068b99373f1e893e4249b9e051d5b7e8af1 |
| SHA512 | ed05035ce5049e8714bd4adc68e540cb56ec9bb2c7159211a09d6d5a14298dbe3e0cb350d805e678f841d5874fa6f28ec6b8a516c0e02e4320201aa3572b1e57 |
/data/user/0/com.gezlife.qianrenzhang/databases/bugly_db_legu-journal
| MD5 | 067e97535c21ce1ce0e1ef1052344a93 |
| SHA1 | be9e256eedd6b8a97e803f043d05b437d9924707 |
| SHA256 | 0a7c1e3da69f80aa7cb8bfb9b6c9028f226accfb6de5bfabc1cd8d0fc5a3fc76 |
| SHA512 | d205a8b720e0ae95768f877a8f5af57497808348a6dc55e9cefe49a668dc81eaade749d4f96cd403d26ad43ee290c0f7299aaa19b122679a088e059eebdba66d |
/data/user/0/com.gezlife.qianrenzhang/databases/bugly_db_legu-journal
| MD5 | 09d6cec3e98d6e5975b06aaa742d06b5 |
| SHA1 | 88a234634cea7647a52b11670251e32c40bed21f |
| SHA256 | 9f59b78c378a79036a65f12606a7ffd36c77b39c86ef3322f6e15dc22e563cdc |
| SHA512 | 376fbb636fb3aad4188ec20a02432ffcbf239641c1b8c73c1213301a821b3f98b554f38cf98e60d158a1301215d6d2eadbc7d61d6fe28b8b8a72cd6c83e26a50 |
/data/user/0/com.gezlife.qianrenzhang/databases/bugly_db_legu-journal
| MD5 | dd325cfce4900e041d82fd1208882ce5 |
| SHA1 | 21014531601e336c7e5737b8fd222815a43a76f9 |
| SHA256 | 64ec2f55cbe539b372fe3379f815fffb4861e4ec752fac885399ecbb1b58b92c |
| SHA512 | fc8f56540f2d1a92967db3ab42140cc7c5a678d8c76ba5ae4f805e44e3972714558612396abcb6b06f78e1675c32da12f198886572764a614376e1ea7cc86081 |
/data/data/com.gezlife.qianrenzhang/mix.dex
| MD5 | 63f77f99bd2c2b772a479923bde11974 |
| SHA1 | c7632e7d301e4463fafce85f84e9c3d7da3fdbbe |
| SHA256 | 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615 |
| SHA512 | 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c |
/data/user/0/com.gezlife.qianrenzhang/app_bugly/rqd_record.eup
| MD5 | 5ec758aba3fc538354888e38ac5ed313 |
| SHA1 | d35b6573d25b6e282a680a4ffe9ccfceebec74a4 |
| SHA256 | 12eb72ff09eef9137e67ce8f0588607a28976e0e082b80125f7ff572405a582e |
| SHA512 | 13e094ecf0cad0cec897853bd3fad125b5ab07db68652cad4affb1b03da9d50a19815b268361a45543205cd54774148691a3433abb075a48ef0c846dae73ccec |
/data/user/0/com.gezlife.qianrenzhang/app_bugly/tomb_1718268464660.txt
| MD5 | 5cc9ed443aa658221a5151d0aa9be3af |
| SHA1 | 8ddbfc3ecf0a82d7693ad232d9b860c02a81c003 |
| SHA256 | 53294cd6e666f765cf636f2212b3ff9a43587159d9fe3a2c74210f433db9882d |
| SHA512 | a83ef1026c2aee5cd468b9e9a371ed519c9d6a40a29c102c183e39db37ac88b86ded6b1723c5722d880e57a55c53d9d27fd2b681a019fce58aa5972ef69cfd13 |
/data/user/0/com.gezlife.qianrenzhang/app_bugly/rqd_record.eup
| MD5 | 00c5e27fbeb3cbfe3249c83d6d3b8660 |
| SHA1 | 12dcef3c8e6c16700c6cd280c3b3b43e1189df56 |
| SHA256 | 7b98818f8127b23dffc2699faaee1d7fe7ab33bc91c1803de36f535319250d39 |
| SHA512 | 5bc52f5cf19ca5234ce0ce908fc45b509d743653e46634d43a9c30352a04093045181cb2164efe2f907edf9c8664449fcf7b6d1a82b5977984ab3ca344f1557d |
/data/user/0/com.gezlife.qianrenzhang/app_bugly/reg_record.txt
| MD5 | ed853e74c40ce88cc5ceed8d3d7283a7 |
| SHA1 | 148f9e01a805f8adaaf7433c4953e3e48dcefc97 |
| SHA256 | 979b6d7fd786c9ff28ef5c94b8d548b64333865f2512a9d9acab31fd8db8517a |
| SHA512 | 0a1b3407a3ab54302241330d6cd1d4b1e1f05f219927f674e49f97d623037858fbec33331aeff22bb9be5ed41b3e6fe88dfd85b61f13caad22cb8af9269c2369 |
/data/user/0/com.gezlife.qianrenzhang/app_bugly/map_record.txt
| MD5 | f7339d6d104e5b1670fad01228a85e58 |
| SHA1 | 9d8b521e0f3fe2ae5ab8bed45c558e72bf790204 |
| SHA256 | c5cefb089a18c932d73624d6ea1e061b7c666e69c93b0c9a6aeb9cae6f30980f |
| SHA512 | 0674e264150caff0aebb6b7bce9e90b7abafa6e70353223650adab4902595ad337de1aa2279483240f54d49b1b23ee53e58cdcdabab840e645b634bd08073fa6 |
/data/user/0/com.gezlife.qianrenzhang/app_bugly/rqd_record.eup
| MD5 | 1e70a7c5607f95506232efb102f112d2 |
| SHA1 | c9b5bc783195c981d46a1b6ec6d4acd326da38e4 |
| SHA256 | eaa46ee6ac094d65b66202e1120fb86c4e26fdb4a103b054dfbc4fd2f9065e62 |
| SHA512 | 891af35e09a454eb2893157164607d11afad07bc6ba823eb8baf5213bdb298fa77e25cc5b6eede69971c4ae123f8c94954f9f3edf4dcac8dcecd612f5bde74f1 |
/data/user/0/com.gezlife.qianrenzhang/app_bugly/sys_log_1718268464203163.txt
| MD5 | 66fd8fc16027ad55473d3eaa5eb323e0 |
| SHA1 | 029b40a72cee2c822e50b162abe8b98643f214af |
| SHA256 | da8eb8a5500c71335d59c53cf35cd82f63d2ba45de7b862db3d72b96fef1b0a3 |
| SHA512 | e34afd9ebf5190ab5a408b87448201e8cc87007ceaae776c45318bac21228ae23c51eef0c565c2c629bdef953b039ffa3d4f11aabe4ee9790da9c085b3faa4a3 |
/data/user/0/com.gezlife.qianrenzhang/app_bugly/rqd_record.eup
| MD5 | 6b38fe2e6619052a4b719ee3dadc0081 |
| SHA1 | ee18b6085d40c9706061397d89741407bc9c2f03 |
| SHA256 | b864f2b628e6eb2fd06af2c8b51a05b54bbfb0af59cdd6a1fbb9d25348ca3ec0 |
| SHA512 | 4530cf81ad530e486e584b676b85a13abc8c8430a2d2cdda89b1cee4f13ebeeb8eda0c2824659a3615cdba4c6bc5e7d13e7ddf259ce55caad5fd0093a416392a |