Malware Analysis Report

2025-01-19 04:53

Sample ID 240617-3tjmaayhjh
Target ba2b69d1af6627ef3c035bf816b6743f_JaffaCakes118
SHA256 b283a7573149259deedd678e22cf5fe05a3012682de0d06d9362e168bfd0fd5b
Tags
collection discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b283a7573149259deedd678e22cf5fe05a3012682de0d06d9362e168bfd0fd5b

Threat Level: Likely malicious

The file ba2b69d1af6627ef3c035bf816b6743f_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion execution impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Checks Android system properties for emulator presence.

Unexpected DNS network traffic destination

Queries information about the current nearby Wi-Fi networks

Requests cell location

Reads information about phone network operator.

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Queries information about active data network

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 23:48

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-17 23:48

Reported

2024-06-17 23:48

Platform

android-x86-arm-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-17 23:48

Reported

2024-06-17 23:48

Platform

android-x64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-17 23:48

Reported

2024-06-17 23:48

Platform

android-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 23:48

Reported

2024-06-17 23:51

Platform

android-x86-arm-20240611.1-en

Max time kernel

176s

Max time network

191s

Command Line

com.jifen.qukan

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 119.29.29.29 N/A N/A
Destination IP 119.29.29.29 N/A N/A
Destination IP 119.29.29.29 N/A N/A
Destination IP 119.29.29.29 N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.jifen.qukan

cat /sys/class/net/wlan0/address

/system/bin/sh -c getprop

getprop

com.jifen.qukan:pushservice

/system/bin/sh -c getprop

getprop

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 api.1sapp.com udp
CN 47.95.53.13:443 api.1sapp.com tcp
CN 47.95.53.13:80 api.1sapp.com tcp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 mazu.3g.qq.com udp
CN 14.18.202.195:80 mazu.3g.qq.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 recall-push.1sapp.com udp
US 1.1.1.1:53 api.weibo.com udp
CN 59.110.123.81:443 recall-push.1sapp.com tcp
HK 36.51.224.49:443 api.weibo.com tcp
CN 203.107.1.97:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 47.95.53.13:443 api.1sapp.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 47.95.53.13:80 api.1sapp.com tcp
CN 203.107.1.97:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 14.18.202.195:80 mazu.3g.qq.com tcp
CN 59.110.123.81:443 recall-push.1sapp.com tcp
HK 36.51.224.49:443 api.weibo.com tcp
N/A 10.127.0.1:137 udp
N/A 10.127.0.3:137 udp
N/A 10.127.0.60:137 udp
CN 47.95.53.13:80 api.1sapp.com tcp
N/A 10.127.0.9:137 udp
CN 47.95.53.13:80 api.1sapp.com tcp
N/A 10.127.0.32:137 udp
N/A 10.127.0.36:137 udp
N/A 10.127.0.45:137 udp
N/A 10.127.0.56:137 udp
N/A 10.127.0.101:137 udp
N/A 10.127.0.14:137 udp
N/A 10.127.0.24:137 udp
N/A 10.127.0.41:137 udp
N/A 10.127.0.57:137 udp
CN 47.95.53.13:80 api.1sapp.com tcp
N/A 10.127.0.49:137 udp
CN 47.95.53.13:80 api.1sapp.com tcp
N/A 10.127.0.2:137 udp
CN 47.95.53.13:80 api.1sapp.com tcp
N/A 10.127.0.12:137 udp
N/A 10.127.0.20:137 udp
N/A 10.127.0.38:137 udp
N/A 10.127.0.52:137 udp
US 1.1.1.1:53 ddd.1sapp.com udp
US 1.1.1.1:53 umengacs.m.taobao.com udp
N/A 10.127.0.13:137 udp
N/A 10.127.0.19:137 udp
N/A 10.127.0.25:137 udp
N/A 10.127.0.30:137 udp
US 1.1.1.1:53 msg.umengcloud.com udp
N/A 10.127.0.58:137 udp
N/A 10.127.0.66:137 udp
N/A 10.127.0.37:137 udp
N/A 10.127.0.62:137 udp
N/A 10.127.0.238:137 udp
N/A 10.127.0.29:137 udp
N/A 10.127.0.18:137 udp
N/A 10.127.0.33:137 udp
N/A 10.127.0.47:137 udp
N/A 10.127.0.67:137 udp
US 1.1.1.1:53 log-sc.qutoutiao.net udp
N/A 10.127.0.237:137 udp
CN 47.95.53.13:80 api.1sapp.com tcp
N/A 10.127.0.46:137 udp
N/A 10.127.0.51:137 udp
N/A 10.127.0.55:137 udp
N/A 10.127.0.11:137 udp
N/A 10.127.0.35:137 udp
CN 47.95.53.13:80 api.1sapp.com tcp
N/A 10.127.0.54:137 udp
N/A 10.127.0.34:137 udp
N/A 10.127.0.65:137 udp
CN 124.239.14.132:443 msg.umengcloud.com tcp
N/A 10.127.0.22:137 udp
N/A 10.127.0.50:137 udp
N/A 10.127.0.6:137 udp
N/A 10.127.0.28:137 udp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 123.183.232.33:443 umengacs.m.taobao.com tcp
N/A 10.127.0.16:137 udp
N/A 10.127.0.27:137 udp
N/A 10.127.0.176:137 udp
N/A 10.127.0.59:137 udp
N/A 10.127.0.68:137 udp
CN 223.109.148.177:443 ulogs.umeng.com tcp
N/A 10.127.0.23:137 udp
CN 62.234.59.63:80 ddd.1sapp.com tcp
N/A 10.127.0.42:137 udp
N/A 10.127.0.48:137 udp
N/A 10.127.0.21:137 udp
N/A 10.127.0.39:137 udp
N/A 10.127.0.63:137 udp
N/A 10.127.0.44:137 udp
N/A 10.127.0.53:137 udp
N/A 10.127.0.235:137 udp
N/A 10.127.0.7:137 udp
N/A 10.127.0.64:137 udp
N/A 10.127.0.239:137 udp
N/A 10.127.0.8:137 udp
N/A 10.127.0.10:137 udp
CN 39.107.209.114:443 log-sc.qutoutiao.net tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 39.107.209.114:443 log-sc.qutoutiao.net tcp
N/A 10.127.0.236:137 udp
N/A 10.127.0.5:137 udp
N/A 10.127.0.61:137 udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
N/A 10.127.0.31:137 udp
N/A 10.127.0.15:137 udp
N/A 10.127.0.17:137 udp
N/A 10.127.0.4:137 udp
N/A 10.127.0.26:137 udp
GB 142.250.187.202:443 digitalassetlinks.googleapis.com tcp
N/A 10.127.0.40:137 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
N/A 10.127.0.84:137 udp
N/A 10.127.0.155:137 udp
N/A 10.127.0.122:137 udp
N/A 10.127.0.89:137 udp
N/A 10.127.0.156:137 udp
N/A 10.127.0.81:137 udp
N/A 10.127.0.160:137 udp
N/A 10.127.0.120:137 udp
N/A 10.127.0.94:137 udp
N/A 10.127.0.73:137 udp
N/A 10.127.0.103:137 udp
N/A 10.127.0.76:137 udp
N/A 10.127.0.154:137 udp
N/A 10.127.0.115:137 udp
N/A 10.127.0.116:137 udp
N/A 10.127.0.86:137 udp
N/A 10.127.0.253:137 udp
N/A 10.127.0.107:137 udp
N/A 10.127.0.92:137 udp
US 1.1.1.1:53 qfy.innotechx.com udp
N/A 10.127.0.109:137 udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
N/A 10.127.0.117:137 udp
N/A 10.127.0.152:137 udp
N/A 10.127.0.79:137 udp
N/A 10.127.0.105:137 udp
N/A 10.127.0.96:137 udp
N/A 10.127.0.69:137 udp
US 1.1.1.1:53 plbslog.umeng.com udp
N/A 10.127.0.118:137 udp
N/A 10.127.0.83:137 udp
N/A 10.127.0.87:137 udp
CN 36.156.202.68:443 plbslog.umeng.com tcp
N/A 10.127.0.106:137 udp
N/A 10.127.0.99:137 udp
US 1.1.1.1:53 alog.umeng.com udp
N/A 10.127.0.100:137 udp
N/A 10.127.0.162:137 udp
N/A 10.127.0.159:137 udp
CN 223.109.148.177:80 alog.umeng.com tcp
N/A 10.127.0.75:137 udp
N/A 10.127.0.111:137 udp
N/A 10.127.0.110:137 udp
N/A 10.127.0.114:137 udp
N/A 10.127.0.112:137 udp
N/A 10.127.0.77:137 udp
N/A 10.127.0.119:137 udp
N/A 10.127.0.72:137 udp
N/A 10.127.0.85:137 udp
N/A 10.127.0.102:137 udp
N/A 10.127.0.98:137 udp
N/A 10.127.0.80:137 udp
N/A 10.127.0.74:137 udp
N/A 10.127.0.233:137 udp
CN 39.107.112.176:443 qfy.innotechx.com tcp
N/A 10.127.0.93:137 udp
N/A 10.127.0.88:137 udp
N/A 10.127.0.70:137 udp
N/A 10.127.0.157:137 udp
N/A 10.127.0.153:137 udp
N/A 10.127.0.108:137 udp
N/A 10.127.0.97:137 udp
N/A 10.127.0.91:137 udp
N/A 10.127.0.78:137 udp
N/A 10.127.0.252:137 udp
N/A 10.127.0.104:137 udp
N/A 10.127.0.158:137 udp
N/A 10.127.0.113:137 udp
N/A 10.127.0.123:137 udp
N/A 10.127.0.90:137 udp
N/A 10.127.0.71:137 udp
N/A 10.127.0.121:137 udp
N/A 10.127.0.82:137 udp
N/A 10.127.0.161:137 udp
N/A 10.127.0.95:137 udp
N/A 10.127.0.234:137 udp
N/A 10.127.0.254:137 udp
N/A 10.127.0.125:137 udp
N/A 10.127.0.167:137 udp
N/A 10.127.0.184:137 udp
N/A 10.127.0.150:137 udp
N/A 10.127.0.178:137 udp
N/A 10.127.0.126:137 udp
N/A 10.127.0.144:137 udp
N/A 10.127.0.147:137 udp
N/A 10.127.0.185:137 udp
N/A 10.127.0.131:137 udp
N/A 10.127.0.141:137 udp
N/A 10.127.0.140:137 udp
N/A 10.127.0.143:137 udp
N/A 10.127.0.164:137 udp
N/A 10.127.0.190:137 udp
N/A 10.127.0.142:137 udp
N/A 10.127.0.148:137 udp
N/A 10.127.0.166:137 udp
N/A 10.127.0.175:137 udp
N/A 10.127.0.127:137 udp
N/A 10.127.0.138:137 udp
N/A 10.127.0.174:137 udp
N/A 10.127.0.135:137 udp
N/A 10.127.0.137:137 udp
N/A 10.127.0.191:137 udp
N/A 10.127.0.133:137 udp
N/A 10.127.0.212:137 udp
N/A 10.127.0.136:137 udp
N/A 10.127.0.173:137 udp
N/A 10.127.0.189:137 udp
N/A 10.127.0.201:137 udp
N/A 10.127.0.195:137 udp
N/A 10.127.0.145:137 udp
N/A 10.127.0.183:137 udp
N/A 10.127.0.199:137 udp
N/A 10.127.0.149:137 udp
N/A 10.127.0.130:137 udp
N/A 10.127.0.172:137 udp
N/A 10.127.0.193:137 udp
N/A 10.127.0.151:137 udp
N/A 10.127.0.196:137 udp
N/A 10.127.0.198:137 udp
N/A 10.127.0.128:137 udp
N/A 10.127.0.179:137 udp
N/A 10.127.0.192:137 udp
N/A 10.127.0.139:137 udp
N/A 10.127.0.177:137 udp
N/A 10.127.0.129:137 udp
N/A 10.127.0.180:137 udp
N/A 10.127.0.132:137 udp
N/A 10.127.0.188:137 udp
N/A 10.127.0.200:137 udp
N/A 10.127.0.146:137 udp
N/A 10.127.0.182:137 udp
N/A 10.127.0.163:137 udp
N/A 10.127.0.168:137 udp
N/A 10.127.0.187:137 udp
N/A 10.127.0.165:137 udp
N/A 10.127.0.169:137 udp
N/A 10.127.0.186:137 udp
N/A 10.127.0.124:137 udp
N/A 10.127.0.194:137 udp
N/A 10.127.0.171:137 udp
N/A 10.127.0.197:137 udp
N/A 10.127.0.170:137 udp
N/A 10.127.0.181:137 udp
N/A 10.127.0.134:137 udp
US 1.1.1.1:53 apilocate.amap.com udp
CN 203.209.230.23:80 apilocate.amap.com tcp
CN 39.107.112.176:443 qfy.innotechx.com tcp
CN 39.107.112.176:443 qfy.innotechx.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 203.107.1.100:443 tcp
CN 123.183.232.33:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 110.253.189.208:80 umengjmacs.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.107.1.100:443 tcp
CN 14.18.202.184:80 mazu.3g.qq.com tcp
CN 59.110.123.81:443 recall-push.1sapp.com tcp
GB 172.217.169.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 203.209.230.23:80 apilocate.amap.com tcp
US 1.1.1.1:53 httpdns-sc.aliyuncs.com udp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 log.1sapp.com udp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 14.18.202.245:80 mazu.3g.qq.com tcp
CN 59.110.123.81:443 recall-push.1sapp.com tcp
CN 62.234.59.63:80 log.1sapp.com tcp
CN 62.234.59.63:80 log.1sapp.com tcp
US 1.1.1.1:53 api.1sapp.com udp
US 1.1.1.1:53 api.1sapp.com udp
SG 119.29.29.29:53 api.1sapp.com udp
SG 119.29.29.29:53 log.1sapp.com udp
CN 47.95.53.13:80 api.1sapp.com tcp
CN 47.95.53.13:80 api.1sapp.com tcp
CN 47.95.53.13:80 api.1sapp.com tcp
CN 223.109.148.176:443 alog.umeng.com tcp
CN 39.107.112.176:443 qfy.innotechx.com tcp
CN 47.95.53.13:80 api.1sapp.com tcp
CN 39.107.209.114:443 log-sc.qutoutiao.net tcp
CN 62.234.59.63:80 log.1sapp.com tcp
CN 62.234.59.63:80 log.1sapp.com tcp
CN 47.95.53.13:80 api.1sapp.com tcp
CN 36.156.202.68:443 plbslog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 106.11.61.135:80 tcp
CN 106.11.61.135:80 tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 14.18.202.208:80 mazu.3g.qq.com tcp
SG 119.29.29.29:53 recall-push.1sapp.com udp
CN 39.107.112.176:443 qfy.innotechx.com tcp
CN 59.110.123.81:443 recall-push.1sapp.com tcp
US 1.1.1.1:53 restapi.amap.com udp
CN 106.11.43.113:443 restapi.amap.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 106.11.61.137:80 tcp
CN 106.11.61.135:80 tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 110.253.189.208:80 umengjmacs.m.taobao.com tcp
US 1.1.1.1:53 sdk.open.phone.igexin.com udp
CN 115.227.15.233:80 sdk.open.phone.igexin.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 62.234.59.63:80 log.1sapp.com tcp
CN 62.234.59.63:80 log.1sapp.com tcp
CN 120.198.203.156:80 tcp
CN 59.110.123.81:443 recall-push.1sapp.com tcp
CN 47.95.53.13:80 api.1sapp.com tcp
CN 62.234.59.63:80 log.1sapp.com tcp
SG 119.29.29.29:53 ddd.1sapp.com udp
CN 223.109.148.178:443 alog.umeng.com tcp
CN 62.234.59.63:80 ddd.1sapp.com tcp
CN 39.107.209.114:443 log-sc.qutoutiao.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 62.234.59.63:80 ddd.1sapp.com tcp
CN 62.234.59.63:80 ddd.1sapp.com tcp
CN 62.234.59.63:80 ddd.1sapp.com tcp
CN 62.234.59.63:80 ddd.1sapp.com tcp
CN 39.107.112.176:443 qfy.innotechx.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
US 1.1.1.1:53 mazu.3g.qq.com udp
CN 14.18.202.195:80 mazu.3g.qq.com tcp
CN 39.107.112.176:443 qfy.innotechx.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 115.227.15.225:80 sdk.open.phone.igexin.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 14.18.202.208:80 mazu.3g.qq.com tcp
CN 62.234.59.63:80 ddd.1sapp.com tcp
CN 223.109.148.130:443 alog.umengcloud.com tcp
CN 39.107.209.114:443 log-sc.qutoutiao.net tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 39.107.112.176:443 qfy.innotechx.com tcp
CN 115.227.15.6:80 sdk.open.phone.igexin.com tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 110.253.189.208:80 umengjmacs.m.taobao.com tcp
CN 14.18.202.245:80 mazu.3g.qq.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 39.107.112.176:443 qfy.innotechx.com tcp
CN 115.227.15.229:80 sdk.open.phone.igexin.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 62.234.59.63:80 ddd.1sapp.com tcp
CN 14.18.202.184:80 mazu.3g.qq.com tcp
CN 223.109.148.179:443 alog.umengcloud.com tcp
CN 39.107.209.114:443 log-sc.qutoutiao.net tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 39.107.112.176:443 qfy.innotechx.com tcp
CN 115.227.15.227:80 sdk.open.phone.igexin.com tcp
CN 110.253.189.208:80 umengjmacs.m.taobao.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 223.109.148.141:443 alog.umengcloud.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 39.107.112.176:443 qfy.innotechx.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.241:80 sdk.open.phone.igexin.com tcp

Files

/data/data/com.jifen.qukan/databases/data_tracker_v2.db-journal

MD5 7c4acf8da0b109b54f55e3c47eaa8952
SHA1 507995687e9b7e67f5c8444cac9777cefdbee97d
SHA256 34ce2188dbeef0404fe1c8c6104d651673ae80a84ccf4d57b7ca416418ce651d
SHA512 bce894780c1109e22be77637b1b07e4f099b93da9f58799649a89abead370208c0c50a05151145915c53b59d58017239b0ff0ca3d97ed4559972c5e14faa272c

/data/data/com.jifen.qukan/databases/data_tracker_v2.db

MD5 7ecb14ec2b1b7b498869d95d180b1a24
SHA1 46d01a2bf5033d305305fb8f9c720dedb07e9d3b
SHA256 20cc80348a32b6ba81c0055f2e12bdba4cac681df25813f8837d6ad7e5020410
SHA512 3f7fa7c852044c0725bd596d485c34d0bca98685fda6273a2fd4768d10577a62d00e13e7e081169ac18cf62c22732b419a4d5f8132bda2badd53af85f27655a2

/data/data/com.jifen.qukan/databases/data_tracker_v2.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jifen.qukan/databases/data_tracker_v2.db-wal

MD5 0e62a6a1cad69067ca0c00793007018c
SHA1 7d9fb88e7a251ba8e67d5674a33745b0af11d077
SHA256 c3ad6937052eebe3b829aef2c3bf485f946e48b8d42ed4346e711e89fc599982
SHA512 b3fc8a57f4daa264cd634c16e8370c7771faf95adf708d9e7193b0157a6ad4b5bcad1f09a3221bbdf78b6798d48e1f9ab6a68bc5eb0fad6fe144e013a98a2b88

/data/data/com.jifen.qukan/databases/cmd_data_tracker_v2.db-journal

MD5 1b29406cdfffc23105403c2ad386bd82
SHA1 c52f2080df8ba6bc92d879cef5575b77a15dba6d
SHA256 49d28408327147fb39c268f96163faf627303f4d0216909df8be9d4f06e6f1d9
SHA512 ccfeb983433b469ce671ad8e649422d143f13c3359c431ae3da65dc474b8f8dcfe9432c100e3e05d8c3201854d123b7d3f509c34401051ac08e9a192e7575fa3

/data/data/com.jifen.qukan/databases/cmd_data_tracker_v2.db

MD5 f66fa91cad8b1ba98d2feea6be709a42
SHA1 148e8e365f79dd222ee44c202a412e36837d3eae
SHA256 c5e549733f9083fe090d305849ad4560f8c865aac66fd2f3410b57c8a9f91f84
SHA512 67819cec17a50be77466d11640cb1daf0c0f8eba5619912645a4a513cf58abf9e10af89513f79e543c2d96408591ecda53c6aa2844fccb7bafd8428a8e9a101b

/data/data/com.jifen.qukan/databases/cmd_data_tracker_v2.db-wal

MD5 5d803219b8794e2cb2c1fb6a8afc4089
SHA1 dfb94a657e5711e5d6e900f22f7a89fd9a8f75ef
SHA256 49bd8d649fa6f64f384dca95263112bea10dd93543bb084a2b4caae29954904a
SHA512 b885c86fb21f1ea92b6d0fe94d092ab26855fc176ff7b9d2c339ed497db6311fb357113f5fcc8f89eeb182708b93bce9acbcbc5613b938e935c7c03fa5cf3f9d

/data/data/com.jifen.qukan/databases/bugly_db_-journal

MD5 a410301c37678220aa0192d78e9b44b3
SHA1 d767700abf4ba48548d44e97ad16d0b95c9a2384
SHA256 3f07b2133c953d2527328e93010657d88fedd162fa28cf7107435237515ddf2b
SHA512 cca3c2ba504f5c0bcb12c3d0a0770dbb73dce2799f75d022467e33d90b47be110648947a3ec1ee737a6d86b9f278ba8956f440286f389f27b03a7b50d3ec919a

/data/data/com.jifen.qukan/databases/bugly_db_

MD5 aa99281ce0cd69a9302f8b64b918ad75
SHA1 ccafc0e5fb16198e466b209a888301f4100fafe8
SHA256 a3cde8388c50e78c7b3c8dab1d0c46c64c375248031adbb6a5802e3da65bb431
SHA512 a8b80f09a555652d3e4b9775b6aa58341dad7fb120509e128df417533ba361353b19530306e8691f1ce5fc0c69f1a89d29bd2eb176291a5e85b945d14c9eb085

/data/data/com.jifen.qukan/app_crashrecord/1004

MD5 fc2ae253f232a897c9d2b0687b13f6a2
SHA1 7f9838b8ffe4e053b5bc9be7fc1d783d940dfc03
SHA256 ad93da0b8b9e7a00f45e4708e5e34175b5e8c2590f237c33afec6fdde1212bf9
SHA512 498aaf1c95946119e292642086a87c1bff2d77a0aa2de788021004657361cde4f50483717fb70539a5ed1a5562f781b60dbdc13eb63f87572f6ffa1d7ee4009f

/data/data/com.jifen.qukan/databases/bugly_db_-shm

MD5 b354a3798d70ae0a36c4359aac6a5a58
SHA1 591bf4d73a4ea2ede29f25db14d53f0a63b0323d
SHA256 9e3ca451e62c6db03da38f24710d89f83aaa89b5278cecaee6931edb367c249f
SHA512 96a1831defe9bf18c8a1b5b22e7c102da6f63c2e42b30ddc9a428fde7a986d877f0fa848ba8d860946007557146c7d94a87ca9e967dde46e53574b56318eea96

/data/data/com.jifen.qukan/databases/bugly_db_-wal

MD5 69d752e3693d130fc68318c1b523e5f7
SHA1 2cd62ae43ab3a1046956495464edacbd9793c38d
SHA256 4b8771cd8a10207926da2adb56d580bc8f83af0426a8a532af6d8d3a97e024a1
SHA512 8c1bda1db112fc9bf8814d6371df6d03d5cfbef37726c9c32f605755e9bbe28141f70110317d3c3c218a6ba0c6b79953a5eb92bf903b2fe061148293310e814d

/data/data/com.jifen.qukan/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.jifen.qukan/files/libquid.so

MD5 0f740a04d2a6d0d94c8f774e08aa37e8
SHA1 d9f7ac33f93046aef55c7d8cb8b76a538ba668a7
SHA256 e9cc3ff8ae3dae23eaa89b6738fcd21497802dee2bf0f491f3b64db85b7e995d
SHA512 3134a99274eca353ef615d2bb0fa13c7ebc7c7d5b9b1c80492b372e85eda970c2ffd6bb5a8a3c1b794d97b14d98754c86269062fa852c05924de85bd4b440a12

/storage/emulated/0/backups/.SystemConfig/.quid

MD5 2129d1b18f3c5b4e753e31df5339f8fe
SHA1 c77407adbde3176fcbc4401e3bf9ced94bd92ae6
SHA256 07e9933dd69790669aba038674108dd9d00720c6c3d8dc4b6f0467cdab080e38
SHA512 511e561fe152e9f272d02d9ec27686f6aa5de81a086fb5f05ce9ea490af941440fc1025a7cbc7538592e5eebb7aa3ebc9925a3ef878d3cd0ead8782de594105e

/storage/emulated/0/com.jifen.ac/.com.jifen.ac.cuid

MD5 f7bc05662c0e8a416826b46471bc3b66
SHA1 c0ae06ef4ca8c600c92f9e24b8054623fe0e973a
SHA256 1f939dbe2ca25f63127939831148c69d1608fb47d4c856c8e16a457c46beb13a
SHA512 298549a1037701efafa58856df15fe7d4fcd15d5e640c7846ddc903f6aa87912f5f3efcdf0b623edc939d61efc1a0ce873db40d7fd67f4e5c76ca2a0a0f096ff

/storage/emulated/0/Pictures/.b11dd.cuid

MD5 274063f63fd2b295ce21098155d20e0e
SHA1 ffe872a81bdef262439dd592f61ea16919d96e36
SHA256 6a95f32f953cfb912e0ed575221bc44e93c4f6258b5c5d709dbf9b546e4c1b8b
SHA512 ee7530821b0e621009ab61810920e6d9b0bd9a76d90bf7832a522503815f02ad698680fcd4304866b55c6b48eb2e0fa6c40af0ba025b9347a4ccea6ab976b4f4

/data/data/com.jifen.qukan/app_plugin/main_metadata

MD5 4690f71aa31cf78a189475672f475214
SHA1 5543c0951a6296b896b2c58fe2285934749f9b57
SHA256 5162e60f09191bdf5a726ca745056c4ff5707fc1807e88b8dec92f6e1c490e73
SHA512 feae81e26e1db1d60aa6cdbac7a2f43225ac5c5008baa5aae1116d4556fbc44209774c8e109d9f13161840b939315cc51c0e95cf42789c57f1afb41eba24a605

/data/data/com.jifen.qukan/app_plugin/main_metadata.bak

MD5 090b7f779c238785117a0043b5705bce
SHA1 f952282c2f305c8b4ef578fcbf803ca1d660e260
SHA256 64c0363f2b74a52d212e2cdfa47eb1cccf2e2c085b46a22fb026d937ccf123b8
SHA512 9e39d6758416746154eab535e97bc9ad10628f074dc8e6451ff310f0621d5914006ccceb9a0252e4b32492c2c0b4e9df4b1b3014d807da040e6af5c59dd4e44a

/data/data/com.jifen.qukan/databases/MessageStore.db-journal

MD5 3691a386305b30a750f756fed47580dd
SHA1 7e4dadf8d2427e701e76cea33435f551e15d1538
SHA256 0a86ee38ffe8a338933483f7f991b418aa271c19fd0a35a68166b6e8e167173f
SHA512 3ab07ef4d081b3e95f088e9c3f0d70f252c9351af067bb0d097f9f74949499a5c7114a0a6b0e3b9e4168b340e715490c81d5c9207050d2141084171e3aab05dc

/data/data/com.jifen.qukan/databases/MessageStore.db

MD5 e6dceb47e74ee754bc6961c3001803d8
SHA1 a096dca22f278fcef162eb08d37e408f0e794d77
SHA256 1971ec0ff0fcc347654d7841f6069e4909d27d1669956ddca53457a97c65a4e4
SHA512 01ae529f9958477ec87e437b9c6de73babb7b299b6ff8bb86a81d1004bd073d721374142d32f51ac01ba1e70b52d2ecb15f59938cd3b4f67d4e491d35a76aac5

/data/data/com.jifen.qukan/databases/MessageStore.db-shm

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.jifen.qukan/databases/MessageStore.db-wal

MD5 814602d3fca2f20a5025aed5ef638a1b
SHA1 37cc413ff008e435306bb5580ab8c2d069c3454f
SHA256 03d3daa2612a565d06e6e76a716d9304d1025a675037e8d615510f5727a1ff3c
SHA512 ec4c13cb14ea78e11f3c743f5da37fba133334f570a0c490e2cc82afa0b7c1853286cd5ee2acb19640ada9fd51a426f27a353da6a5b930c124fb8802c8c91f58

/data/data/com.jifen.qukan/databases/MsgLogStore.db-journal

MD5 a2477829aecf0d9aa2ea69fe16e3fa25
SHA1 02f5daf8fefd060306f2578b993e2bb5ed65dd24
SHA256 66622b041491413f2d2ea570fdb84f583eb3d9705c43127e32f6089bba818367
SHA512 73609eb28f4daf78e20e1316cc156444d09902a0464ecda9e73605fc745ac0df91658db5d2680ae181600424c73920bcbc9396f8c7f1068576b6ad08799af94c

/data/data/com.jifen.qukan/databases/MsgLogStore.db

MD5 7ad7c82461d44a57a9f650dcea348323
SHA1 87d10dfbe6b1ee11362579a32e63f10a44bb5b98
SHA256 16d28a31f0625ad079ba60d31656c932d4a5f308f69935350f456ff447cf1000
SHA512 677055cffbe96948fb42fd35c276f898130f88de6659e6d6f57edb767f9f0caebec5dafba862b6dfe2db8f38417a8b02138432cd946f0f9c3f6a2f53c846c8dd

/data/data/com.jifen.qukan/databases/MsgLogStore.db-wal

MD5 48f85f0e6dbd95e8f32710c02070b23b
SHA1 b5cdb9c246cd01d3ce8c5f73963a8cca4c814d45
SHA256 d93ded8592c996018f173c210e775650a9ea9d1a1765f5607b9a4eb5a5efd1b3
SHA512 44000b57d111c896f0c15b59ca18a92b0186bd0510f765f9fbddfb5591ae850b331c6b3481d8e30ea87790b44261cf5ecc37e9733e678dbc24e7b667620d5cd6

/data/data/com.jifen.qukan/databases/pdm.db-journal

MD5 328134698d76d4783c1aa502692ad17b
SHA1 65a5928d9e4feb0ffc1f2f8dc24bf2ff5a0bfb55
SHA256 5dad50634af1b459d9675e0959354ba3a22f1dc8612cc21ec93b33c3472806ee
SHA512 80e79e3bd189427a9a6ddd95517a1e9ce4b6cc06e058ef4faaee3f424a12a0803d97ccb6d233596371019b1c12a061deb983d4f4e45324b816211bf19522de0d

/data/data/com.jifen.qukan/databases/pdm.db-shm

MD5 244638aee240f0f739097031649076d2
SHA1 e03e0aba17570c4fce3fdf2d243727641f32e81f
SHA256 2aad19367146cf648730ecec32d2ceb67beb74122f7dd583c0b4d6e3bb19e2cf
SHA512 309707ac5e7c056916d97250b95ab7ddbb0727367cb94f2e8e5efa24a47e440f810a95e9235f40f6812a419caf7580e23d2374d406fd4f246addfa0e0b35c972

/data/data/com.jifen.qukan/databases/pdm.db-wal

MD5 2578b7e32d86a04bf51dd64888eca485
SHA1 7bb4963dd0129d4087b7dd2ed10c5d7236594319
SHA256 3e8199b0a1d35813ba92ce8a8bbd67e61db48007a5ba0045b39ac96819b24ac8
SHA512 069130522337d31bd923ab2c123e6f65c092aebd9e2069ad5db1e5241c4f256f04cf009b01556e439f5f3d0f4ccc1ff9270d74b105dc5dd3020a28830c23999b

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 d998482a39ddd7e42f1fad38aeed1594
SHA1 43cae27e0034f9bbf959638d1dbcdb8cea5fa635
SHA256 b1a203d7e6093cf11f1f8ca3cb27321de3f110dcbf65b7eb5b9c23ea0ca81b3a
SHA512 001e581f2746c720fa236b8b9421bf61447c1196accc1d5895c8182aaa76bf8b820763bdeb8c80d338350564f19302dea2979dad38eb42cb7b6d9ef0373093aa

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 a7b5debf648af8527d38065f285c6754
SHA1 ad8513c878ca1483a2472c7f8dfc8a416418517e
SHA256 0d8f1987d41b042ee7aa1ae97d1950a40884ff4ed620fd02371017160e50eaf5
SHA512 c879b912d723e9c382e547f605dea4d77830d9300c3cdb1a14c2758cf4e895000c7ba2afe37584ed2fb94a9893e8ff47bdfda4dfbf2dc47aca75efc5d28984e4

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 a3a61dbf41ff04e22bd4ce3741d6e0e5
SHA1 b4171d429f1ab534193b756d664fd9607941a3dd
SHA256 7dcc32f75f69b42003a0e7db96eb9be2b02aacd701f71db39e4a274d04811c17
SHA512 cd93f53657d493952aedf37856604d3348617c0d5313fb9eb3e657bea9dabe7880129bbdf24567e0a74c339e9e6a99e234a9e2098e5550fff40bed49231e3961

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 ee3a7360521891d57d0ab7189dd34568
SHA1 d77a18349ad16e9cf1f6224e821bb3ce98b61478
SHA256 315dcc723e029dca9972f7b36a8eb602d4b3fbd8f73e23230a283769ca0aa46f
SHA512 b26b5195b8aa53194017177af95dc5c8fd2d5572ef0b26bda6c8f31e0c6854be36e1047d387ec9f1713aaf8b1ac1bbdd0c27c264f745f94a6d7f6b3019af7ea3

/data/data/com.jifen.qukan/databases/bugly_db_-wal

MD5 e123cfd7927b521e48f60e042e69fdd7
SHA1 2d1feb3ad297a2d315395268d647ac0509df5a7f
SHA256 00a678ea81fd1ae5d1f89729a0a01ca089d1b0744bd3a74698828bf662a7c302
SHA512 13e87145b7adaa78ec75ed6e409830d8d4a1067ee6d355841d781c2aa99f6d31dd3a5cfb45d91548c685948c908515c027d73926503f65205a17959c26b00c53

/data/data/com.jifen.qukan/files/init_c1.pid

MD5 df74f9592dcc059d4bd03cfa80450f9f
SHA1 df763b391b88a0368690638e7e27bda151ceb338
SHA256 cca00b0dbc67c64c7219ba13b5b4ea70fc27a267f295b58e73f82c610ab069dc
SHA512 bceab700c982455edaadb980eece0a067ebe114896438a0a85ec0978ceee0dac4f4a1ccaaf0c1df15059dfba7a944ea62a7e9108f71f74ee802e72e2a2712285

/data/data/com.jifen.qukan/databases/logdb.db-wal

MD5 046a6bf0e75c7f61e8aa90f747a04cac
SHA1 478a02fc391e62acfb7cba09adb36f9cef40c100
SHA256 6a2ddb63e5a55143c444d854ef573a8a591577b1a3a461924098a252e27d0557
SHA512 f8685fe73902e838d78d544da7392ebf20a0d81713c2cce175567106a8fc091296498f27b5432b5c9d5dd1064461b51c4cb3e8563131fb7361a22b3b70eae6cf

/data/data/com.jifen.qukan/databases/logdb.db

MD5 3e4cdcc6c1c28a2ed61821b4e5b2470b
SHA1 c61f1bed26fed081e2bd724e12cc0dc0a70b2028
SHA256 75d75e12087108ce15bf1f2ea00453129a4255a674d392e76fee56ff54b3e6c9
SHA512 a8047606e96ed4693f7bfa47885e0ceb4beb19cf114a7ef164be6d1831a48602dd0b4edce4886b22e808690358169487f8cb187d3e0d55a284487629ae7b6e5b

/data/data/com.jifen.qukan/databases/logdb.db-wal

MD5 d82641124249ed4d0a9d6c774dda238b
SHA1 6fd439c69f8f3199d7132feccc1c823de53c446a
SHA256 95fb4c76cf1352e476a9d36c27d0029c02e6e8926168a6eb7f5cb1e9603c4e62
SHA512 bb24533da32d2f3c009db1e5ddf1c4ed4c787b844d119b6810a2e5d8161453fb56de77650c53748639cf33d72090bb857ce78c9edb77efb34a426115b397717a

/data/data/com.jifen.qukan/databases/logdb.db

MD5 60e918a66670488ae5e111bdcbcfa95d
SHA1 ee81e2f5ad9a7301adfce5999095370e532a43d9
SHA256 0126f776c2c01bb621001c4d80787b706902fa8fdd89fd1f062d063ec74d5313
SHA512 1abb9311fce204649d299a19efab820981c427a8f3778a9848fdfe99aac19fbb3d62bdc4f5fc93bad66c090d198e9db33c23066041207272f2942272167796d2

/data/data/com.jifen.qukan/databases/hmdb-journal

MD5 33c3733b1db6282aa468761818a881e7
SHA1 201cc011567f747a00ae015b4625f92d1efd66c6
SHA256 18be6e27d00e751cca5851de38a64fa61b2c219aa702a2736ff3e76220e6ff73
SHA512 872b4c78483469b82a2235a1492068dfa83b6804293ece3c602bc3b2159b1ac9a1b1f6bdb3845f70503e6890914619ef7bd75b7d75ecc5c6a428fc3bb6219874

/data/data/com.jifen.qukan/databases/hmdb

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/com.jifen.qukan/databases/hmdb-wal

MD5 961b1edd8b06604b18057c863a9ee151
SHA1 252597a2956132c74dd3b28b934e7599a23c75f4
SHA256 41a03aaedc0f5c064f8fe66f474940494fafd8365dde4320d7f5e667a8a54d41
SHA512 a975fe3284bac2cfb9ce6aa6a234dc20f3618fb087ca88976d436e1b6e14eae8efc00a59111aff278d589ab1e985a8fcc9114769a4775bc60151cc2522a67f66

/data/data/com.jifen.qukan/files/agoo.pid

MD5 573f7f25b7b1eb79a4ec6ba896debefd
SHA1 121de4ce4752102b997ffde2b35846ed1c0d02a9
SHA256 961290276708eea73a92095181a7d4c20bee233d6aef7c8b4dbbdc067487ecc4
SHA512 d1cd76e484996048384f0fafadb20198cf04f45dc86dc6e455c569a199d908d42e767e6204c3e0797d0b2974d47b05d080a8a16aa7f374dccbd77c5abdd123d5

/data/data/com.jifen.qukan/databases/message_accs_db-journal

MD5 db44bac2c45bbceb48a354956e60008a
SHA1 03d52f8d7f16022fc48eb1a1ee54184e47d12e4c
SHA256 7030bff25666291301d149cdbf5380c76f091c03ccab33175fedabc25c952b47
SHA512 6ff74cd850ebbee56eef5c58f22f913d1a28bc6c967eee911ec3d21047e9dc1c3fe8f9491e03b19abee46d9be53e6288884a18df0a123e4ea4e3a13f1b87a729

/data/data/com.jifen.qukan/databases/message_accs_db

MD5 486e2bac2b3e9e1cb411d2838a4854bd
SHA1 81dd0a7537f4af319b830ae834908986be85da8b
SHA256 5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512 c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

/data/data/com.jifen.qukan/databases/message_accs_db-wal

MD5 8a3b8bc0b9afbb67d1b662376cc389b6
SHA1 b1443a080a740880f10a5d9108f5070cf5e3f95a
SHA256 8cb9ff6396c3ec503dfe8e97a1f094d91549301c01807d2636042fd5b2c515b0
SHA512 6d6c3549b9a9bf15b4ff6d7befec90167e2dfce4b08389ae350cb183290be26a8482398f303a01e7f4d253ececbac280042a8146c5410c9062862311e05ba908

/storage/emulated/0/amap/openamaplocationsdk/alsn.db-journal

MD5 869e5ad31aaa13837e501db2216a8781
SHA1 294e96eeaa86b628289c3174a1bb50415c6cbddf
SHA256 f7374ff19f0cb29db6646d9af9f05d2d969e23ab6c19e802d66142216607d00e
SHA512 2320d5745fe9bfcda396e701b117ceb010f3fe509e4e6c0973ccb2fcac39180e62e2f6d81ad1174cdb00a65287b3d2a715738e238dc5fcea462b6803e546c774

/storage/emulated/0/amap/openamaplocationsdk/alsn.db

MD5 6999293712000d597b4cf4f0d42316fa
SHA1 ce64c005f5f516ec4c491eabd907423b0fbe2a1f
SHA256 3cd4e50816e59adfdddc5d5ea2bff7068bf6fe711302b4820f6a79f132f0fedb
SHA512 8638503a6e9c40c8025722ce266ca4314804c7d74546938464253a136f230921ecc990343541f481d317c6823ae519a5a33d279b363a1457bb105a6de49656e2

/storage/emulated/0/amap/openamaplocationsdk/alsn.db-wal

MD5 cc70791e13b6f6e3a5113d62eaab5eaf
SHA1 dcec3ac4459284024addc24412511832db067438
SHA256 178d5e1587d5fc442a7cd8d6ba432c21f92fa137b147229287c51dacc20e9ef9
SHA512 4feb95b976de536bc8595d1c730d3138e4aeea034b1a56094f16b0950274ba43ed51d85dbee8e72f35749125b9d1127bcf86a63aabd51634a862227a55e119de

/data/data/com.jifen.qukan/files/a/b/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.jifen.qukan/files/a/b/journal

MD5 8681b4e05aabbea596270b1295fd6daa
SHA1 7ae619e1e63ae4cc09f849a23b8fcc9a1e60593e
SHA256 6ea9fd6d617df2801ea7659bab9e779093e7ba9aa043a1dc74943bf524cadbf9
SHA512 e6d3e2d0111770be6df9d549f9fa623767af9a45fc52f413a45137766c253123083306b44e0332d2d4905ae6264879481fb3d337b9ec8e085c9a15d9bb2d6af6

/data/data/com.jifen.qukan/files/a/b/d4b5b8d8c6bcb55b97dab1997c80c3ce.0.tmp

MD5 84965845a52a1cf169dde788325b6dc3
SHA1 d4c24c44a82cd246430efd7de4949c018e26c145
SHA256 04b0d26b590c473ec3636c49d67d9de707c1f684d7199b2eb686d1e48660125e
SHA512 e9a00d380d23016207f81ecf0e545347ca7f129bd4419d5aa9a85ef1499d8c651ae5e922ec981892a743ba79a2804e048f7eecd66712c9b051f15e55e8d205f3

/data/data/com.jifen.qukan/databases/logdb.db-wal

MD5 25b4e958d8aa5375ba6159152a6e4c85
SHA1 7ffb8839019999362a5e7ce00593c70fcbf8ae8c
SHA256 8e6e54652c78275a33ce3e340579a29ef217faa9f85395804eb7a1e3a7ae7b18
SHA512 a0d5e43a500272687c8ab2ebbc5cc727f3c32de7a0b8b9a68f598e66eb1febe6b0a772e422456fd79015e1546e814cc05e5c9781fc3b5ee16e20dc507d193901

/data/data/com.jifen.qukan/databases/logdb.db

MD5 feca235485e9671c6ec4b55a34504a79
SHA1 ec888ac89783598d2885284f6ab44b3fda4c5238
SHA256 5f8babc15931062d8f7cf8787ea03480335ac3ee32b835753903ccaea92e07c1
SHA512 209116c9ef0848e71163c99336f78c0e70af55e4d9035f5424f14a9580d2e260e98011f821a9db5391bf83b79f982dfa90eede8b18934683e177a38b1b3b9a78

/data/data/com.jifen.qukan/files/a/b/journal

MD5 e554e8f795944a47211affdb5aca621b
SHA1 a77e4fb586b165c4fabc421738fcd35ed006fda7
SHA256 1689c9e949bc089d1563575c1278c8c52304f17f1401857b9d65d716020f8ae8
SHA512 02722d742c4d81f50fd1a01e1f8a323283d18324fce8ef1b24f302b76b121241b9952454ee9e529d5ddce0e49d4153643395feea50cd99d0f4c39e954a17ac30

/data/data/com.jifen.qukan/files/a/b/1fe0ea22b2e87d25ff9fd9c678ff83d9.0.tmp

MD5 b05ee1c5c86b717878c29bc290cbd30b
SHA1 649ee6e9e3a11ccbedfd4e0ddcc1d7e69a8abf4b
SHA256 16cdfc7f4f9ff36f7e04ddfe99461cc6fc6345da9f3ccca142a38fb7482a84ab
SHA512 c5ca6579a1c43246f245c184fc6669827e824102b74543761d3688823d1dbfb5bd32b244035f87f03069acadacd2f264129f105ac8b5f31c4d751f8537e468b7

/data/data/com.jifen.qukan/databases/logdb.db-wal

MD5 ba0fe003cfe6a056eccf56f5929b0549
SHA1 5a85fdaa4c46f27501c0bd1ec80fb542067d9f87
SHA256 ebd50f305cdbe764d9245193bb2d42a563ade299805ca656189c262cfc859490
SHA512 b6308627ee3f224e7bb66fd7461e304899192778138b0f4ba7f6e5e12437ff2335679b396d43b5b5648e926baf5aee92ea23db5dc0d9ed13db0f52eff6457e62

/data/data/com.jifen.qukan/databases/logdb.db

MD5 240215a3e960cb7a0596800d8b3a214a
SHA1 56aef2d8aaef6d89ddaa82d3e2481efe188b1013
SHA256 c11c2448aa0685e5f2a28f68e0d58d5c0404f49d3e7a06a549d01075322a2974
SHA512 12590492a4bc2021e2930a4198d8e7cd061213275f77af9bf1b1719b7618bb3bf792db815a6427583d3bc77421a58cf420e6b90aa663c5e92e6b755e18b81a1e

/storage/emulated/0/amap/openamaplocationsdk/alsn.db-wal

MD5 de26fa56626b9d6fc2064b876d5fc575
SHA1 624def73703713ee0308e3086d23a603e4c06bc0
SHA256 c08e116797662e1d1d5853b7aedfbe5ab0c8e7a1f782f19f98e4a42d7f3557f4
SHA512 b5feafe3c7436c25d5e364f192d1c31ea3182996666147792abd287a781ff29e48c3f915a50df897f35ffb2de1d573ea48a1e66c5a03b79ded6bbfdc1d58fae4

/storage/emulated/0/amap/openamaplocationsdk/alsn.db

MD5 a22d9b53bda0f7778f3d24257fcf4441
SHA1 71a3202820a5d72b61c6a9185a225ad483faf94a
SHA256 888492242c42413ad12546ef19324233a05469b6c6883c49dde8415d06ef5982
SHA512 5e3cef7d79e1a41c55cb92b79cfd5273207df202feb742653462e98a600c0b2c6df0e63be1fc84201a08de83301c2b1a999973e37c3ab25fb0e8f32f94e15d08

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 23:48

Reported

2024-06-17 23:48

Platform

android-x86-arm-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-17 23:48

Reported

2024-06-17 23:48

Platform

android-x64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-17 23:48

Reported

2024-06-17 23:48

Platform

android-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A