Malware Analysis Report

2025-01-19 04:55

Sample ID 240617-w2tnwsyglh
Target b963039f90c91dacd93e08ef1387d9ff_JaffaCakes118
SHA256 a18e47a3b09fef957e00eae85af7d626856fe1afdd14dce171924f43f0b127e3
Tags
collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a18e47a3b09fef957e00eae85af7d626856fe1afdd14dce171924f43f0b127e3

Threat Level: Shows suspicious behavior

The file b963039f90c91dacd93e08ef1387d9ff_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery evasion impact persistence

Requests cell location

Loads dropped Dex/Jar

Queries information about running processes on the device

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 18:25

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 18:25

Reported

2024-06-17 18:31

Platform

android-x86-arm-20240611.1-en

Max time kernel

11s

Max time network

159s

Command Line

com.dengguo.editor

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.dengguo.editor/.jiagu/classes.dex N/A N/A
N/A /data/data/com.dengguo.editor/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.dengguo.editor/.jiagu/classes.dex!classes3.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.dengguo.editor

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 hotfix-api.aliyuncs.com udp
CN 47.102.52.8:443 hotfix-api.aliyuncs.com tcp
US 1.1.1.1:53 umengacs.m.taobao.com udp
US 1.1.1.1:53 norma-external-collect.meizu.com udp
CN 183.60.176.112:80 norma-external-collect.meizu.com tcp
CN 110.253.189.166:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.68:443 plbslog.umeng.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.10:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.dengguo.editor/.jiagu/libjiagu.so

MD5 39d77dcad8e2a44dd7226f442b3a6c92
SHA1 6560fa96c6b5a038abaeee5f139a16e46088d9d7
SHA256 99cba035cae818dbdef989e70e738463798528b8ca52dbf38d2b8a72152680c0
SHA512 7ddfc6c05839160813e58e8f8c50d2dcda7e7b5e7f1d27cffb802ee91de4bb664bc5c257137d39152ed6e8cad0d3c1b067bf8aeb7e53f884893887b54480a5e5

/data/data/com.dengguo.editor/.jiagu/classes.dex

MD5 c8c28bca190e6e6fe11c4b5b9acf44fb
SHA1 bab4db68eb42521daf4b2ecd86ea32fcbfc8962e
SHA256 813f6d91277795cfe66d8f4568ccfd5e8affb423ad501f1f01f16c4c4ad05f31
SHA512 764482c7e9ffe95e3831d0e58d758b5eb6a98a14d2641a95191031974ca9a4492af14ca4b68553d73584aa05267a615ec8a92d31739bc008b93988cd573118e7

/data/data/com.dengguo.editor/.jiagu/classes.dex!classes2.dex

MD5 60071fd8f974835cfacddf77b0cd55cc
SHA1 8bd50137b9aecacb598a67eb3c5219da05e3ea09
SHA256 234d184d447afdfa3234dcefdaa5dbe3b75ffee1e4e9dac74eb3846a7689c713
SHA512 d6620f07562b7bb3bed361e3d2b49bdb410cde2c0df676c1001339950f623c41d1b2d94b2dcc944dba7a04e8f7866d3345e8533fc4f052964b8c11ae9ab05850

/data/data/com.dengguo.editor/.jiagu/classes.dex!classes3.dex

MD5 80219a206cc50429090bdde978ee7d95
SHA1 7bc4c2696ff4fea648b62b8e1205af7ca6ece47f
SHA256 ac67071102f7e280800819e68c32b73af9b172f01ace5f41732b0e5d55291e57
SHA512 bc2366acf9d9da93453f5729cbc4882668aa5ab0742140956c40c5e3146649312457f713692391713ca5f22f28e1a2f54b3c60c9278c4ce2a07e8a916dd89d06

/data/data/com.dengguo.editor/files/.jglogs/.jg.ri

MD5 ecb10d0c87460ecd6de5d5e2c6245ce0
SHA1 a8ea2a844f186f50fc14291cc64972e90e806902
SHA256 7fe1e8a6c6d6f25e8571f12d1312bcb0c5f5c8308804077878a0eb3e80a98ea6
SHA512 5a4dec42a2402ac6554a291077070edbc1af887abed7081ca8cfedc6be317e6d013bda1cdf128b9e7c4e29776dd49769f8f8ab9fcb2c4eddafa1fc22192fa164

/data/data/com.dengguo.editor/files/.jglogs/.jg.ri

MD5 9f0d7122d358cdf6e7bdbe7a12c2848b
SHA1 eddca84350e842dcf2442614c1b93e7c44ea55e8
SHA256 aa9faa17bc0dc7f636ff02ad998f9dac396bf6a3c98996e3be0809c2611d288e
SHA512 ab006b59dee12554d868337a62a716d99d7438323243a9abaa91fa31c3a65d29fa3cbd0cfdae889d8936e916520e77278d6d8a5ea8b8eb74717ad639394d2fb0

/data/data/com.dengguo.editor/files/.jiagu.lock

MD5 8952b00f19e2339c7dc0fb77776c0054
SHA1 93962f044760e4ba335a951e499b538905f9dec2
SHA256 4c6e788e9a2794766a172fea0684c9bb0fe89c36bb3a93b214a31b1f64e278e0
SHA512 141365fa59150980dd12dac715c4ae15bc6223a168b4b77668bc74fea9449ec76ad199891602b5d297320df538e1d51c0ac433fbbdba73ea26cb08cde9fc7d18

/data/data/com.dengguo.editor/files/.jglogs/.jg.rd

MD5 ff209d0194e45e7e9add0410a5224515
SHA1 79aa6b154d7300e07af0df5a9acac850b106f3b3
SHA256 09120c622006682f00cbfd0641ebf07d7c501f6c8e8b5cd314504ad5198d9a13
SHA512 5cca28e86389feca697fe0a0bcda0d5ae9ebf7fc7a44ff4214b31717ad39ffd0753e0b9e94b511dc4b08f207d77c2603cb94d8f7bf9340d063d774bf272185fd

/data/data/com.dengguo.editor/files/.jglogs/.jg.store.report_pid

MD5 5ea2c3a1b18d92913e1c4ab696d50758
SHA1 bc9a851cb2c40ca69ac990fe94f1c734801cff33
SHA256 debc9267377d7096a5e14d297eb37fb8ed9eaf2ae114886ab0495cb369df2341
SHA512 5edda34062139b6f1d4dd73a40307f6edf404d90d77beb15d350e029d25cab5c06eb0f752719c826a4e9b2ee172d381300a3934e893e758de95bd1fe77799922

/data/data/com.dengguo.editor/files/.jglogs/.jg.store.report_pid

MD5 db739adc3aadaf8acbb96f968045d35f
SHA1 76524baa565c08a57374cd2b752afa5f6777fef2
SHA256 9e115293d85321f415810c8214556fe4ebdd0efa77b0fab4e9ebf7d2b54e3114
SHA512 be20ad9c2f1709b131e49e294bf63183bd875bcf2c57eda9ad2d4673ad5bd5b77e31a8a472c94a4ff7d4542450fb5240908af9a9ef7384eaa71fc5c95d206136

/data/data/com.dengguo.editor/files/.jglogs/.jg.pk.h

MD5 edcb0d94deea640f3a8b7e00e77f5281
SHA1 dafaf55ba15abf7b0975759a3031d51fdf2ac3aa
SHA256 84fdbc6913161b5dc99e314e336b757b8858be1bdd1b7d126e71d6bbaec0a800
SHA512 7b1b27aa5ae4350a826fdde0a0d053ddf7e708d37b726388da005659d8ded763335f31f4fa148d1dd2c80ddd76ca937f186e9086afc4e2e0e9708e20a0df2799

/data/data/com.dengguo.editor/files/.jglogs/.jg.pk

MD5 18a372294bb9fe694aef29bc17a1a691
SHA1 7ff8444a7902ca88186f949bc04d0a2967087f94
SHA256 879c65c053f8d8689d80baa7c3945f624e916d2ee27ef3a1a5a22a8fcfd3b3c9
SHA512 38770fe2386d56047262ce160da42e0b316f6d0ea71e3d2e20982841d3c42840a68da1945e65467cc65729d0d9a73ced07e099d7f6521afd41569e49fd9463c0

/data/data/com.dengguo.editor/files/.jglogs/.jg.ac

MD5 9d5551a7e48a694c29ccae451c533b55
SHA1 8a61284a4e275e05d1666978ef3182db528d7320
SHA256 458168b23210ce42931bebba820e826306fe52b1b6179a8596bbf84e05928438
SHA512 04273b23d7e3ce29b4c6fac6adf1dec5fa3b0a55dcb2704c62e429252fc6c36daa2afb0b8cde65c0340731e9837e5703e64a0d73b4f2c549f164a716264d46d0

/data/data/com.dengguo.editor/files/.jglogs/.jg.ic

MD5 9f0c35d0f87ee680cc99a2bd2e625625
SHA1 4e441a4b0d7c55615921add9b57bf6bfefbaf7f4
SHA256 730f1e4276ee755d182b98ea4587429487cf9fcd457558a7970ab2226a435378
SHA512 4011bfd24481a4fa61e94fdf363c7cea2b5bab3068c97ed9aa6e1b97587d10efb9a0525d19212fd949a34528bac83bf71549fccb9dd4238abc89cb90300bc8b3

/data/data/com.dengguo.editor/databases/MessageStore.db-journal

MD5 191301baa94187db4bbe7cfdfb4c28ce
SHA1 6ac8467622bb194acb51d4ea01392f9d3eab1746
SHA256 cc642c07ee9635440a5cd880e953ed777d0ccdf2ca2299017e81193af90f899a
SHA512 1266e80e1f8594a2ff8637271295a79177f9e3b3cd6d1ccf6a4dcd807d1799d7e09927d2f05415afeec6c7974e7ad9275c93aa000799deb5e6388b5a1582ee92

/data/data/com.dengguo.editor/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.dengguo.editor/databases/MessageStore.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.dengguo.editor/databases/MessageStore.db-wal

MD5 e9d338adb879ade835ff2cbb024c689c
SHA1 75f5b5856c7ca61bb1772c43f15fbaa503209590
SHA256 7bca5710c8057021b0f02fd008d81d18d7a85bd2dc5f059cdef5399ed31e4f6a
SHA512 26b9faa8849df30ad2c68f84ccd37fc6b1b4379c2da507188e8e8e2f11f9029ed9706b206286ed22449c3e2f005c9ed660e19ec3b35ca2fbed98344e39c25e8a

/data/data/com.dengguo.editor/databases/MsgLogStore.db-journal

MD5 9204fda8165a2be977f120c2d0724bbf
SHA1 032d322026a12bb5ad7bf1a228ca9b9feb7f57fc
SHA256 8d3b549b7f4ceab53397946ac84a98700beb818740e23e69d321694dc1e6a859
SHA512 72e34fbd43a9f81f437d0940293f7a7ecba11cb4a883a963eaba91d84d913a1761b3b591441028b8d4a4eea7c82af7c2dd06da4b132af89761f7f0126d1d85b0

/data/data/com.dengguo.editor/databases/MsgLogStore.db-wal

MD5 a80ad7c50c6d62d68bb05a4930008696
SHA1 ebd2a74f5e44bde211479807aca2a75d33feedd9
SHA256 da9cd82a8159d2a994aebc1e0f3ff3cfbc83c8d5061ed105caacd5752740584d
SHA512 c56a5d33479773ebe86f9e4bf812cd2f9f6d8e77fca232ffd1b3c54b98f149e0f24711ed28888d4e0c66818a7a269b85f085e99b6147463b0a286d89a54fab25

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 95d634b4ea2739177c93d4c39e3b7786
SHA1 1d44955cd3dc4084d7519904789d6312aaa012ed
SHA256 7ec1fb1de3d514463becfd4d35552eefcd4d1f23f1c67dfb91d537ddae93d483
SHA512 c35d4e2d5bc75c519ffb2796cca5cd86c351a4f14456040e340d4e1fbe324c4d7bb9e18bb0b4cc86fb8da4f4a4e36be131d67c8224f9294321c5a19a380c28ec

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 863e9141e6dc9ac528a9e4b55cce058d
SHA1 f7bd211165fd62aececf1ac8e424a4c06436d7f5
SHA256 2a355b84ade44bc0a893dbc4ea622a78f9e1095334f4bd883c409a97f07e4f22
SHA512 c4929964aa4508abbbabde45c23eeb134aa684ab703cf3a03c85b8e5667dfb76adedb52fe7f2ed81d2e3680db96b673f2bd314489df640ec80366d860b0d72f7

/storage/emulated/0/Android/data/com.dengguo.editor/files/tbslog/tbslog.txt

MD5 eaa1a9a8c0bef86f12791a08488d398f
SHA1 c10c9c9266feae71bb12b12f023320b1a1a0a743
SHA256 8c0d517577ddae7337cd4881908f4462c669c4cb35c81dd4f37094dfbe0bee7b
SHA512 d34d863087e8d1948e1cf9e91d2fe5c7de14a4816769e717b1730a880f6355da420ab80c852a09fa2de21d752a5984a3836cf01186230e799ed7bf924eac84d6

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 7ec98018bfb8c931b9758a674271d28d
SHA1 341b94ce47f08f069bcd94767a671423e022dff0
SHA256 f89d1287e192c1f42a2005854c9f07ffc6439b10bdcde0b636a13ca9009ee9e6
SHA512 db57b8fa55a1c2f891d87a9ca112e9352bebcd5b513947725f41bc1c3397d7177a2c37e37d0d6b2d7eab64bc4ba1f73e7ae55c922bee653b1a909f98b37520f6

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 3dff09439dd5546fd7feae296298bf70
SHA1 5522722a223a997190bf8d0d0606185be3089732
SHA256 8f1f8fd01aacc9da69db0c2cb82bff2c9b8cf038f6383b230479c42fd0af1f41
SHA512 6717ac8d4d6808e6b368081673d4b7b3ca293eed9b5419c237255fc019c103a20a5bf89876292c041fe36db439f047416b2bacd4b99ace6ba5b217942aba2b63

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 18:25

Reported

2024-06-17 18:31

Platform

android-x64-arm64-20240611.1-en

Max time kernel

11s

Max time network

134s

Command Line

com.dengguo.editor

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dengguo.editor/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.dengguo.editor/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.dengguo.editor/.jiagu/classes.dex!classes3.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.dengguo.editor

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 hotfix-api.aliyuncs.com udp
CN 47.102.52.8:443 hotfix-api.aliyuncs.com tcp
US 1.1.1.1:53 umengacs.m.taobao.com udp
US 1.1.1.1:53 norma-external-collect.meizu.com udp
CN 183.60.176.112:80 norma-external-collect.meizu.com tcp
CN 110.253.189.144:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.75:443 plbslog.umeng.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

/data/user/0/com.dengguo.editor/.jiagu/libjiagu.so

MD5 39d77dcad8e2a44dd7226f442b3a6c92
SHA1 6560fa96c6b5a038abaeee5f139a16e46088d9d7
SHA256 99cba035cae818dbdef989e70e738463798528b8ca52dbf38d2b8a72152680c0
SHA512 7ddfc6c05839160813e58e8f8c50d2dcda7e7b5e7f1d27cffb802ee91de4bb664bc5c257137d39152ed6e8cad0d3c1b067bf8aeb7e53f884893887b54480a5e5

/data/user/0/com.dengguo.editor/.jiagu/classes.dex

MD5 c8c28bca190e6e6fe11c4b5b9acf44fb
SHA1 bab4db68eb42521daf4b2ecd86ea32fcbfc8962e
SHA256 813f6d91277795cfe66d8f4568ccfd5e8affb423ad501f1f01f16c4c4ad05f31
SHA512 764482c7e9ffe95e3831d0e58d758b5eb6a98a14d2641a95191031974ca9a4492af14ca4b68553d73584aa05267a615ec8a92d31739bc008b93988cd573118e7

/data/user/0/com.dengguo.editor/.jiagu/classes.dex!classes2.dex

MD5 60071fd8f974835cfacddf77b0cd55cc
SHA1 8bd50137b9aecacb598a67eb3c5219da05e3ea09
SHA256 234d184d447afdfa3234dcefdaa5dbe3b75ffee1e4e9dac74eb3846a7689c713
SHA512 d6620f07562b7bb3bed361e3d2b49bdb410cde2c0df676c1001339950f623c41d1b2d94b2dcc944dba7a04e8f7866d3345e8533fc4f052964b8c11ae9ab05850

/data/user/0/com.dengguo.editor/.jiagu/classes.dex!classes3.dex

MD5 80219a206cc50429090bdde978ee7d95
SHA1 7bc4c2696ff4fea648b62b8e1205af7ca6ece47f
SHA256 ac67071102f7e280800819e68c32b73af9b172f01ace5f41732b0e5d55291e57
SHA512 bc2366acf9d9da93453f5729cbc4882668aa5ab0742140956c40c5e3146649312457f713692391713ca5f22f28e1a2f54b3c60c9278c4ce2a07e8a916dd89d06

/data/data/com.dengguo.editor/files/.jglogs/.jg.ri

MD5 ecb10d0c87460ecd6de5d5e2c6245ce0
SHA1 a8ea2a844f186f50fc14291cc64972e90e806902
SHA256 7fe1e8a6c6d6f25e8571f12d1312bcb0c5f5c8308804077878a0eb3e80a98ea6
SHA512 5a4dec42a2402ac6554a291077070edbc1af887abed7081ca8cfedc6be317e6d013bda1cdf128b9e7c4e29776dd49769f8f8ab9fcb2c4eddafa1fc22192fa164

/data/data/com.dengguo.editor/files/.jglogs/.jg.ri

MD5 77ae692f07f825974e92758e08b96d8f
SHA1 144de29bd867469beec85540b08f3dd0a3e0cd79
SHA256 9e3c091d6cea2809f4578b67ed2306134223992d21f05cfca5a7f6d3836b0183
SHA512 a639ee317669cd749bd129e46edae2e127e5e1266e746aad48ddd3fba38ab1d54a551eae123f680c7b4a13335204e0a8aecad459987adb15284011b51b29adfd

/data/data/com.dengguo.editor/files/.jiagu.lock

MD5 3a698a8d33fb064451615e51ae0c1fb2
SHA1 ef6d5a858185e88779614cedb876bd8f6ca88814
SHA256 1801ba6e80878a8ba11f381101561a7cb5d24092c0d810f4a7fbdeaead90d3b9
SHA512 a5d6812f3c1c98faa2fc91b996ebfc1b7cf70d7f007dc17ea3608ee0718ccddfd959d7b3236dac0b5c1205797a0875cb4c461255a24f88df9501c6bd43ba623c

/data/data/com.dengguo.editor/files/.jglogs/.jg.rd

MD5 e994d85ce40cc985327855873d37d692
SHA1 7fcf1d88daca5f09d894caf4138cf5ee2d1e3d6f
SHA256 f922e1e41894dd3e0e2accda9daacf35052448a8b5d35af878b82ef308b785de
SHA512 4b43f9051878f19b8ae5bf6a6fdeb0a745424dff294339c94b41fa65a93a2f2a8a7a381e363483b9274f0a6a57b376e7bd8e50a2547d34324cb1ec0703388a67

/data/data/com.dengguo.editor/files/.jglogs/.jg.store.report_pid

MD5 5ea2c3a1b18d92913e1c4ab696d50758
SHA1 bc9a851cb2c40ca69ac990fe94f1c734801cff33
SHA256 debc9267377d7096a5e14d297eb37fb8ed9eaf2ae114886ab0495cb369df2341
SHA512 5edda34062139b6f1d4dd73a40307f6edf404d90d77beb15d350e029d25cab5c06eb0f752719c826a4e9b2ee172d381300a3934e893e758de95bd1fe77799922

/data/data/com.dengguo.editor/files/.jglogs/.jg.store.report_pid

MD5 db739adc3aadaf8acbb96f968045d35f
SHA1 76524baa565c08a57374cd2b752afa5f6777fef2
SHA256 9e115293d85321f415810c8214556fe4ebdd0efa77b0fab4e9ebf7d2b54e3114
SHA512 be20ad9c2f1709b131e49e294bf63183bd875bcf2c57eda9ad2d4673ad5bd5b77e31a8a472c94a4ff7d4542450fb5240908af9a9ef7384eaa71fc5c95d206136

/data/data/com.dengguo.editor/files/.jglogs/.jg.pk.h

MD5 edcb0d94deea640f3a8b7e00e77f5281
SHA1 dafaf55ba15abf7b0975759a3031d51fdf2ac3aa
SHA256 84fdbc6913161b5dc99e314e336b757b8858be1bdd1b7d126e71d6bbaec0a800
SHA512 7b1b27aa5ae4350a826fdde0a0d053ddf7e708d37b726388da005659d8ded763335f31f4fa148d1dd2c80ddd76ca937f186e9086afc4e2e0e9708e20a0df2799

/data/data/com.dengguo.editor/files/.jglogs/.jg.pk

MD5 18a372294bb9fe694aef29bc17a1a691
SHA1 7ff8444a7902ca88186f949bc04d0a2967087f94
SHA256 879c65c053f8d8689d80baa7c3945f624e916d2ee27ef3a1a5a22a8fcfd3b3c9
SHA512 38770fe2386d56047262ce160da42e0b316f6d0ea71e3d2e20982841d3c42840a68da1945e65467cc65729d0d9a73ced07e099d7f6521afd41569e49fd9463c0

/data/user/0/com.dengguo.editor/databases/MessageStore.db-journal

MD5 87a1db7de2e6c180eba7932798b3aebb
SHA1 add8b0c9fdec9bc66e80ed17b307f64698bcbdba
SHA256 b74b9738c161a9574fce86b33b977b18d41752ca80e846b502fa0405fe53c1f4
SHA512 afca5fc626a868f460b5bfb7e72c8fe1cdb3b5430cfdfd1d222ef51df6a2fcd4e0d97b8c44bdcc0dcc3a7b8db390dddb21f00489a5ac2b5a52583ca193b91fc9

/data/data/com.dengguo.editor/files/.jglogs/.jg.ac

MD5 9d5551a7e48a694c29ccae451c533b55
SHA1 8a61284a4e275e05d1666978ef3182db528d7320
SHA256 458168b23210ce42931bebba820e826306fe52b1b6179a8596bbf84e05928438
SHA512 04273b23d7e3ce29b4c6fac6adf1dec5fa3b0a55dcb2704c62e429252fc6c36daa2afb0b8cde65c0340731e9837e5703e64a0d73b4f2c549f164a716264d46d0

/data/user/0/com.dengguo.editor/databases/MessageStore.db

MD5 89f6c6d0ac884872b7a112a099dc41f0
SHA1 36385f019bd5b5da9e122a4b6b33db7dc2eeb803
SHA256 cbfc315d833169fefaec3ae1a0f9e6ac47275a707289c42bdbb828a51383381c
SHA512 848884960c210815e8787b343b796cc9aa0bdb53401d3efebe00f3ca7d1f84ae2ce4055ea369860c2d79db6e73598652274e4f723269561a54b875142e67611b

/data/data/com.dengguo.editor/files/.jglogs/.jg.ic

MD5 9f0c35d0f87ee680cc99a2bd2e625625
SHA1 4e441a4b0d7c55615921add9b57bf6bfefbaf7f4
SHA256 730f1e4276ee755d182b98ea4587429487cf9fcd457558a7970ab2226a435378
SHA512 4011bfd24481a4fa61e94fdf363c7cea2b5bab3068c97ed9aa6e1b97587d10efb9a0525d19212fd949a34528bac83bf71549fccb9dd4238abc89cb90300bc8b3

/data/user/0/com.dengguo.editor/databases/MessageStore.db-journal

MD5 283de36da46c0d82ab50b8e1b1708be5
SHA1 c0a67f8fa5ffce83e15bf61fd294157afe48ba22
SHA256 2197c75b5c7e473c1af9665f314891f9524af8e14e78f3c30047e5e3b8e2eef9
SHA512 36c3044369fcbe3f598acd4e568c1b245253c7430e0bca034533190d6dccea02107fa9c4b47a6d5beca73640b4cc6fe0184f5d3add7c07ad2bcce4e8f6314af1

/data/user/0/com.dengguo.editor/databases/MessageStore.db-journal

MD5 7eab1446ecab05c05d3e7b54c7e9715f
SHA1 5fd126821e9203ebedcaa4205cf706efbe68ee35
SHA256 b227a78563a8b4866e218d20dea7d3a6a77ffebae9db7c11152cbe74f884b636
SHA512 3800517ca9c31bf72724e2a124a67558ad5092c0bb2779f35199e6c33530a971ded35f750b89c2232a5509acbda9af5a2e16593b1ac5509d0792eba85d58b5f6

/data/user/0/com.dengguo.editor/databases/MsgLogStore.db-journal

MD5 7628ce96a6b6d2c6b60909dd196c124d
SHA1 4ebbde7b85bf26bf4d0c2ac645034b1aaacd4466
SHA256 e2140ec4ab95d37544621ed81f772b522bb0fc38a386f59356f7e7395c131502
SHA512 9a79167e5f4b6fcb44aa43909fb214f8be78f72477f6c4441f57f6bae9d8a439235293087b949044abeb0bc334597e28a7f507eb6d9292798a0277573b506013

/data/user/0/com.dengguo.editor/databases/MsgLogStore.db

MD5 a860ba3e3a648f73fc11269ff9ea9c16
SHA1 7167faf1666bdb05633e945dddc3d6af6c35fd0b
SHA256 4087524ad761d0669a39007849311b2b0a32c1a62d0a7ff04d4a77d702bfe27e
SHA512 279991548672e18e99522e1402ab96a3b1887a6ccbfa350cab5c5f5096807beb647b9cef0a5668755798f8032e243aab9ea5f1cfcd934671153d54fce48ef8c0

/data/user/0/com.dengguo.editor/databases/MsgLogStore.db-journal

MD5 3174045ecfcf65ad4c42634029bf688a
SHA1 ba94ca4ada695cd51bc026a2e1c30b85e242bc10
SHA256 78007c147a09a77cd99bb24df9636899b5d26dc55524c4d52bcfed41e0fecc5d
SHA512 e29c5fa64ebb26503eb31357bef9f9ea08e203edd960ae245d4cba529fc2bb73c48204a0fa6207f448df11ee79d1d46bb581df34d4483cda769e4d284a430e47

/data/user/0/com.dengguo.editor/databases/MsgLogStore.db-journal

MD5 f42d13f0466e188689edfe17b4cfb3c3
SHA1 4358cfdf80395c678619e807a560a24f49e68440
SHA256 4c76b355708654a887f84984d7e0621c3197f8392e96377943b4e9530d9d74f3
SHA512 fc9a381c9b296d87307d0ec9ddcaaaba7c703778ea2d8daafdf828b8979745d93fe2091c5dcacf62c687a2f19933293c531a40f1718bd317257ca97a4c5a2bbb

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 deb0315217e2224f3be24314a43bd8a5
SHA1 ed7c5e0c12debf30fdc060457ce4564dc518e79d
SHA256 1ddc9e2d5ae28052cf19e338c6ccdf3520bb2b3929ba35d928cf6856ffbd4c22
SHA512 ff6899671708f569c35ef013b3983b9b11faf215327ca0c6306864cf70b63d1e2a381811d34c0ba250760611618fb46c9c1175c616deaef8415902b63c95cb4d

/data/user/0/com.dengguo.editor/databases/MessageStore.db-journal

MD5 3e800f76a73b14fbf24ba83a77322c9f
SHA1 734adf60734ba3ec8f4dc5157c371e5c6ab6c7dd
SHA256 57bea827092509c7abce7863fa44021a410dd0ad6bc5fb7ee44510aebe5bcf0f
SHA512 6a1e0f311cdfa2ce5b51652f0850d13147102fb02ac9efb393b96ed2851f7f04e6cc79cabfd7e3d5cd53278b902efd6536526281b9b38c152dc65bc66c527fb4

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 e52c8b600eed3a1ea04c78c539a10f9d
SHA1 110c0fd6c5f9e5ed57b264baa4f8a80fef4f393d
SHA256 00c5b728a65f701e4d4e422931c20e0e1d6bed50aff83a7d91e22ae9c71d344f
SHA512 4bfdc905455f3da3a8f704333cba456b30da3f54b1002908331928245987d3632d5f575a15215687352970ce53d307a561023dc283b537d6eb08f2e46d4131d1

/storage/emulated/0/Android/data/com.dengguo.editor/files/tbslog/tbslog.txt (deleted)

MD5 bfa92163ba8e30096572502297c9e793
SHA1 62d23598369b97da703cb281d3647f6b3e661b5a
SHA256 02094ba0928b519b7588797079db1e7ff24f14f9bbc38b7fff086b8e82a912e4
SHA512 95fa27acbd848db7215f37436e83518942c5647ede26e1b43510b115f25639eedfe0d483bed68f6ad2d27809618ed790948669a32c7b4c0d349dee605319985d

/data/user/0/com.dengguo.editor/databases/MessageStore.db-journal

MD5 5335471575c161171f96ad89d42184e4
SHA1 11e71f55c5bc5381bb06ca0ae96a9ca8be4ba392
SHA256 5af377638a7be2543c8c681a97098e9cbf6477b837f9640bc958cda77ce8a05c
SHA512 29d4aa425225f10974c55a00a63b2a14785f9346c2684842b46e69275065e6c7370b939a890d16794075236b3bb7b2bec1a146136f3698bc36664e10b0ec9506

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 3255dfdf109e45e38658f5278aa83e37
SHA1 d848319630e83ca1e2e73a184f195533ea5524b9
SHA256 ac2342918170f332de1d236847bc341f6fd523715d24e509a12568258b46082a
SHA512 9ca6f66fdcd61178c907701e87f273cec4723b9f3f9097498bce85f5505d49e4c659b8baa1ac47baa27ac598a175768c8026c8b7ddb07a382dcc80795674b9e2