Analysis Overview
SHA256
abf89b6c6e932dd3c580b43aee510008b933b8eb0283d386814345ded146440f
Threat Level: Shows suspicious behavior
The file 52b859941aeae463735336b3f243ccb2_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
Queries information about active data network
Requests dangerous framework permissions
Queries information about the current Wi-Fi connection
Schedules tasks to execute at a specified time
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-17 16:54
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-17 16:54
Reported
2024-10-17 16:57
Platform
android-x86-arm-20240624-en
Max time kernel
14s
Max time network
130s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/cn.kdqbxs.reader/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes3.dex | N/A | N/A |
| N/A | /data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes4.dex | N/A | N/A |
| N/A | /data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes5.dex | N/A | N/A |
| N/A | /data/data/cn.kdqbxs.reader/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/cn.kdqbxs.reader/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/cn.kdqbxs.reader/.jiagu/tmp.dex | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
cn.kdqbxs.reader
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cn.kdqbxs.reader/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=45 --oat-location=/data/data/cn.kdqbxs.reader/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
getprop ro.miui.ui.version.name
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| CN | 203.107.1.97:443 | tcp | |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | basestatistics.cn-shanghai.log.aliyuncs.com | udp |
| CN | 106.15.241.244:80 | basestatistics.cn-shanghai.log.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | umengacs.m.taobao.com | udp |
| CN | 110.253.189.144:443 | umengacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | dxp.baidu.com | udp |
| CN | 39.156.66.180:443 | dxp.baidu.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| US | 1.1.1.1:53 | amdcopen.m.taobao.com | udp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
Files
/data/data/cn.kdqbxs.reader/.jiagu/libjiagu.so
| MD5 | 610a895c4a71bbeeaea16eddb1422bbf |
| SHA1 | 9f919de42ed1e80bfadfef48f8202b202166f869 |
| SHA256 | baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217 |
| SHA512 | ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2 |
/data/data/cn.kdqbxs.reader/.jiagu/classes.dex
| MD5 | b56a9cc7959c83320d8959410536a0cc |
| SHA1 | 4f53d0315f423388922f92519d098c80eb6ddbfd |
| SHA256 | 1f222e7bb3dc330a61f92b4cac80c33b1bada95ac056b4c03fdcea4669753cb3 |
| SHA512 | e4021001775a04f1a68c9bccdebba69a296092275c3fc69c3efcc29843301f875ea1ffdc0f03c0a23e23bedff9ebc9a397c1ee9709f6e2aed8c15a26327fa8af |
/data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes2.dex
| MD5 | 997d48c2ba922daf248d77bf26d7542a |
| SHA1 | 58a331ef595a2c45b4095de79c9fba8999a03da0 |
| SHA256 | e807cec8c47d423ac8f8a2b940f9838aca2ea211643a5e31466a0c14575923ed |
| SHA512 | cc61f976647c0c0eb6cc20a42985f35e4788d97c00ea770658c4f0754614e945088de4ea446c004b863ffcecc5c1dd467e67adc3b541c81e01bd960380a7f832 |
/data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes3.dex
| MD5 | dec515f498ba570f8f7e30fafc2359a2 |
| SHA1 | 0d9407fe32c8a73dce7e3c25922892afc9ab16f1 |
| SHA256 | 2da1291a90a02db081e8c160f3396f91c8894daefc33b76414430077d6a72f7f |
| SHA512 | 836dae94edd4f398a980b9b97ef604332ed6368d579b66429fcaf1fb7891033b65fc173fdf34aeee07e8072bb20efda491496f0fddca0934f111586bbb5e4968 |
/data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes4.dex
| MD5 | 56a527f3e94a53ae0f021d0185496655 |
| SHA1 | be9db47d587baaeabc9b725d5bcc0f4f91cfe0c8 |
| SHA256 | 7069314535348a22f5ae2956967d9f208a974012773430b8d5ef02ee316f3c22 |
| SHA512 | 481ed46130f5fc83d9685891bc53e6f2585c3f9c51c2def8a7970f738ad3614af3f062069f2d712936d44e4ec926d61001425486fa07db2d36ca6e33545ec869 |
/data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes5.dex
| MD5 | 9fa85329d3ebf6f29973463360e91caf |
| SHA1 | 536749548ba5b5697feb596bba8f9eefde9d478a |
| SHA256 | 062c3998177ced6c5f7c033a408bf0d3b14577cfe7ce97da9a0e421956074de2 |
| SHA512 | 88ff3f07795515c2f3d854d27fb6b3e19ea0a6b86e43a1d06188bc332f9d3403dd98f8e93787dea7f3df52a8cd7343bc792b93a975bfb155d7cef99d06e896de |
/data/data/cn.kdqbxs.reader/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.ri
| MD5 | e4775d8c2f2677d3ae2f503e75830f18 |
| SHA1 | 35c47904eeff0db9705a908dca7c008e09ff6d5d |
| SHA256 | ab2d2778956e533f629b1d45aed5b00596e9a126c92e7b5614afadfc344248a6 |
| SHA512 | d30fa6a9f16bfb3727585f0a71a7922f9479b2f18b1d709693334a6c494efdb51f4eaeb33ebb474f92985628d4c1ca8463d35121d6198d65f28f5b6349bd10ca |
/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_cf
| MD5 | 4fcc5b6271584282e78df0b93a0b2e24 |
| SHA1 | fc13b87ecbf1c3dba06bbd9a2cb0896f84a33300 |
| SHA256 | 842faeaf8fe448b98bd976f4924b8cf4067ad818607bc8d5bfc131a9b9d0ecb4 |
| SHA512 | 824272eeb15c53a78ce5a1d05cbc7b0082b69ce4fc14b15665a01b1a1ff4fee76bd3faab2f617ed82d5a1df75e4682660491e336698e66e186b80c31b6916c7d |
/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_pid
| MD5 | 75002e4a4ba837ecc4ff778aa07da527 |
| SHA1 | fd19585b8ed955d204693a037ebcf2a063a9f31c |
| SHA256 | 603a877e8b09f0fe1380d45d335a63d8cffb7bc9b0a6b19c06f4f08c0e4e9c63 |
| SHA512 | 3a1b9d7488081b3f362d2b27bb5ef07b08640af6b26693a31de63ec4e190e4148b1c68566cad7408580e4c2acd039b22a6aa156cd72d97b352265c9444a1f8fd |
/data/data/cn.kdqbxs.reader/databases/MessageStore.db-journal
| MD5 | 889d248709f303d9de68f70e1d3f8129 |
| SHA1 | dc1742144d4597e70705bf528f916a7331867891 |
| SHA256 | 3ab9f7efafea3ae2f9db45133b408f705c7dc0e279bbc7b25e67cc562ee3ceb1 |
| SHA512 | a772c3a1383fd91b6b4ec6e02d780986f79283273e440741ab5f64af5d06a2a08404907dde92dbffe249a806574ba8f0feb055a59b251528e82457f2d74effa2 |
/data/data/cn.kdqbxs.reader/databases/MessageStore.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/cn.kdqbxs.reader/databases/MessageStore.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/cn.kdqbxs.reader/databases/MessageStore.db-wal
| MD5 | 77fe8b60d6c112e325e67be43712521a |
| SHA1 | ea92f1048beade12154400a2fe7e1d5760937d48 |
| SHA256 | 04b7add4615211deddf929c1ef6248c6a263e121dbc3e00c05e9633f15709b85 |
| SHA512 | be537e103c66174ba028fcf60254a657e57aac0d7bf8518df2dd1c6e4cd52e14995ec0d777a44a8f10be7041419fff19f1ac835eb9bb88659caecbe3bbc864e3 |
/data/data/cn.kdqbxs.reader/databases/MsgLogStore.db-journal
| MD5 | bc664bba47a9b239a5bfe7538c320ba2 |
| SHA1 | 88f5a8335e3f27b67863fb37ee5593acd7d76547 |
| SHA256 | bcd2d420a1387af3c4cdf6659f1eaf9b0c45170a6b5783a713e7e22c89720397 |
| SHA512 | 22cfd78ef53e9ef3ffc7110a81ea12d16d7b2a17df5a084e85689b9ca707f52dd37186ebd1a6155d0c13dc10a6e73646d2f4b57b29cab36530ffba245de683dc |
/data/data/cn.kdqbxs.reader/databases/MsgLogStore.db-wal
| MD5 | 4f77a8f4b68074247c864253c428558b |
| SHA1 | 1f2408333e35b7ee025227fa050067d8d0b0cc32 |
| SHA256 | 9a07bac52dcf04f13984ab7894962c8de614ca26b1e4746ea840fa22dd82fe74 |
| SHA512 | d75a6a9981b309e32c444825f15f002cd5320f84dcb4e08ffc28a699cc3684a2d79872373e353eb6e6729c5970e75380132880c34f0c234510f227a9c7df64e9 |
/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_cf
| MD5 | ad46e889b9e9a71187d2d2dd22bbec3d |
| SHA1 | 1bea5bca0c200e29353148f452b333e1ed830160 |
| SHA256 | 629c196194e33bc6a373fbb2664b2d66739f37f0816acf85b312b901173dcba3 |
| SHA512 | 568dbb953a6aa571d7b9f1eff877c3ca8121f267f44497c48c11e320ae7ccbdce3266906d7862a73d34b4ba09f91d39fe43952835b7ce4e0da453f817043772d |
/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.ri
| MD5 | e9377267430ce8e367e1cc5e16e57a78 |
| SHA1 | cfbba6c0e652bb99abc7530a001ec03e0a0923fc |
| SHA256 | d69b6bddbef70700efb55f74a3fdf93dac3df89c7a5328382134b55ebedeb063 |
| SHA512 | 8f86dee2771dbad0b2aa780342f80405461076340a1ac8c227e2a16eb40b02d959c0bff095f4e5033514258476bd1f6f84727c23b2905b33cbc67b6c8c239b4b |
/data/data/cn.kdqbxs.reader/files/.jiagu.lock
| MD5 | e32cf1dd56dd5060214bc850f6282731 |
| SHA1 | 3c55fc0b96db118b4e7a6cdac7db90bc29c01c92 |
| SHA256 | c639c626207f67228a8cf527c401102bea6f33180f2c3b05cdd0c2782fa194bd |
| SHA512 | 9d525d2a0b04c1028871202975972fd6c110596109bf6e9304782e44c1b74162b13be67498ec67db8f6e7e90b87983825838f63dec26bad7515ef22d06ee7e3d |
/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.rd
| MD5 | 681ee7fa67e3fa26a4557a1e89b0fc42 |
| SHA1 | 15a16058032d96b958d9d1a570c48f35f574eff7 |
| SHA256 | e9de3db4ce237fa4086aa0260551917437ebd0289f7d7eee52e7d015e631eb8f |
| SHA512 | 4fbde098423fce3e43a974b3e06b5d60e9d4580357a141cf1deb34425a603dc740878564165fa20cf4bdc74d897df5d74f3f86e90e0ac2c25d29b37f7a2120c6 |
/storage/emulated/0/dy-sdk/udid/storage/emulated/0/kdqbxs_book/cache/uuid.text/sdk-udid.tf
| MD5 | 72f78481dfa00bcb442f4c73c873d952 |
| SHA1 | 6c3d2738d0517912d5693dfbfd9ea68363e3e71d |
| SHA256 | 2d971e1f45690e03c870d7e95a1970752e5de4b637754953981ce2d31afb949c |
| SHA512 | fac6a9c3ac7bef5226f81567ef75f07c150a2e4ea8e371c8a832254ef837be99f8fafdfbc590d34d42d3c43db1c554760e184d6da4898668f0d9861edc22b94d |
/data/data/cn.kdqbxs.reader/databases/kdqbxsBook.db-journal
| MD5 | a388e4104b74236bc25ed2125f9cb595 |
| SHA1 | 0c34320c9bc5620f9ae70fc80cb2a6ca80a3511e |
| SHA256 | f75fb6745a8f07456224f08e3b15046a9aa8c6f8b0d0a00412ecd2bc1b277541 |
| SHA512 | e5d44ffa1eeddfd9ff60fa3be4ddbbb0ba54d119ad28c55ef6e07c1233f8726412b2846ae4804433c96ddb1556d8849fd2b6a22aaaff2756775e953925e2f007 |
/data/data/cn.kdqbxs.reader/databases/kdqbxsBook.db
| MD5 | c671ade807411a8430bd4cf1c9014f28 |
| SHA1 | 79710e2afdf672fc59e80112ecd0d2813069de41 |
| SHA256 | 7e2f32b9bcffc68be31f2b187c9358d87b1544090b2429272cc59170412038e8 |
| SHA512 | 2db470d0c67979235eacd7e504b6e93cdae1b6c186b98c396cf6ac6bb132bed727fb4b8dd8c4d0e9e6bff292301e07015e7690af92fe4526c20361f10ab82bf0 |
/data/data/cn.kdqbxs.reader/databases/kdqbxsBook.db-wal
| MD5 | c1baf2a1fdcdf45d61ebf7fa7901cf58 |
| SHA1 | 9201d72dadbf78f8e7b3f3cee446074224b00bdf |
| SHA256 | e9d9025d5f801221a1519128d2c6e25f7d884e5fd9e1cad715b080ff7d904cc3 |
| SHA512 | 705f69efd9ccb80893f96470efc6fd7efc13e5ae93028dd62878d4313cdfbfcb0794b7d96159adb25755d777969273bac322a37e464e12caa3a6d2cfa4bf87e7 |
/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_pid
| MD5 | 96184b863cac97e8792e5a8cb8e36004 |
| SHA1 | 4256f7cfb44857404d4a65d1376c4bee1faf50cd |
| SHA256 | ea96c5deee3b5195840ddd485fdb1a1e4522ffd40d21ff3a7b070dc12a6cd868 |
| SHA512 | 2b5139bcb687c350330b09c0fe8b919d4bfea293f3e99ffa3ab4042f5a6863078a0e3a9a212304fa513f33da6230c4fcf60b6e4288951eae6c490d4f58ee94f9 |
/data/data/cn.kdqbxs.reader/files/libcuid.so
| MD5 | 10996a33bbf4a5047ccb9df222f00858 |
| SHA1 | e7ee91f18de17d2a20750deb4bdb88b8af4ba1ad |
| SHA256 | 309d2ef12c6e1e3cc157616608893f99233bc86b78f76c73f2db1752eeb4a85a |
| SHA512 | 98a39f04da842581ede4d213f702ad042c86a516e23aac77afd5a2d32b00e4d5982dfc93c5fa6b52d9e8b9ae67c6124aa6bfe4a5358663186b574e0dbf83fc59 |
/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.ac
| MD5 | 9e4779dd8be3db6e1922d8989548a2dc |
| SHA1 | f71feb15ba0ca843701e49c2607aacf2b97096d8 |
| SHA256 | b903967369c088093df68e7e1bddccf0b7d14b3e9a2d9378f949e9cab73278e2 |
| SHA512 | c960363480ec228affca748855271de2613f1453994dfd938807dcc4752c4343c19dc0e7cbfa9b9bd4109de2011d3b44454c813dd02b726385769359e33f0ce8 |
/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.ic
| MD5 | 9fc813a8c45c1f55f38093aaa52f2bff |
| SHA1 | c4d6e80d1378a563a2f2b06b6e3147a327edae38 |
| SHA256 | 368569eb5be82b89e7e74b7ea7815d4f0f2f94d90c2100bffc22eac3e152681b |
| SHA512 | c66cfe113a055a10c84d79f1313805c62e0dcecab1042239b59043b4cb69bdc493b9eacdc1a1220a864a77bfde58d2eabd350c92b1560c009195e88e38615ab2 |
/data/data/cn.kdqbxs.reader/databases/log.db-journal
| MD5 | 9c3ce5870f83a7e354dca9476f15ca7d |
| SHA1 | 2b16cdd86ff5557943ea1554d9aca923ee016064 |
| SHA256 | e8eaf121b33c5fcba20cdb766a6e107572b75eff8bfdacb0ffe6d2753206e30f |
| SHA512 | 7f2f2a55c18ddf0dd430d367e988b9fa1caf30f6059ee31b8646022c2e24d67eff29be89e0026be2ca3757da65849d5994bf23ffcc3dea964e2f889493c18382 |
/storage/emulated/0/.idf/.IDF
| MD5 | 3e0d16da939a6209bc179dca066a851a |
| SHA1 | c01d679f7d436db98bb92130e6bd23bae031df0a |
| SHA256 | 711a5c9ef2ca0cd2af4b8c70568111d109d525212e4d254f62a5f97d8cfe11cf |
| SHA512 | 2374ec898a706b5afcd66bceda86a8818ce180ab89df0fe656d425d3d7d7b0eb5698d5e178ea524070b530468b784b61f01740f9f7ae0a853c077a5d0068d4cf |
/data/data/cn.kdqbxs.reader/databases/log.db-wal
| MD5 | 8e5e2a0932dc917928c99406eecb8213 |
| SHA1 | 646d19708734ce5ec7dbf77be0d79eb16ba3d285 |
| SHA256 | 46e4ab3829b54884841f1d97ab7659d0f03c8ed66c4546ac1f6eda4d963e8ada |
| SHA512 | bda4cbc2f32a831180d0510b25d90bb476fd87fe10f9ae071126bd55839fa34be4bc4cc50e3119e63e647f62c78d6a43c16b30cd2e22e2669bb946a271c07f19 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-17 16:54
Reported
2024-10-17 16:57
Platform
android-33-x64-arm64-20240624-en
Max time kernel
146s
Max time network
157s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes3.dex | N/A | N/A |
| N/A | /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes4.dex | N/A | N/A |
| N/A | /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes5.dex | N/A | N/A |
| N/A | /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes3.dex | N/A | N/A |
| N/A | /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes4.dex | N/A | N/A |
| N/A | /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes5.dex | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
cn.kdqbxs.reader
cn.kdqbxs.reader:channel
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.196:443 | udp | |
| GB | 142.250.187.196:443 | tcp | |
| CN | 203.107.1.97:443 | tcp | |
| US | 1.1.1.1:53 | basestatistics.cn-shanghai.log.aliyuncs.com | udp |
| CN | 106.15.241.244:80 | basestatistics.cn-shanghai.log.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | umengacs.m.taobao.com | udp |
| CN | 110.253.189.144:443 | umengacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| US | 1.1.1.1:53 | dxp.baidu.com | udp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 172.217.169.42:443 | remoteprovisioning.googleapis.com | tcp |
| CN | 39.156.66.180:443 | dxp.baidu.com | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.73:443 | plbslog.umeng.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | amdcopen.m.taobao.com | udp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.107.1.100:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 142.250.200.3:443 | tcp | |
| US | 172.64.41.3:443 | udp | |
| CN | 203.107.1.97:443 | tcp | |
| GB | 142.250.200.3:443 | udp | |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 142.250.187.196:443 | udp | |
| CN | 203.107.1.100:443 | tcp | |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| CN | 36.143.252.48:443 | umengjmacs.m.taobao.com | tcp |
| GB | 142.250.187.227:443 | tcp | |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| US | 1.1.1.1:53 | httpdns-sc.aliyuncs.com | udp |
| CN | 203.107.1.100:443 | httpdns-sc.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | datastatistics-zn.cn-shenzhen.log.aliyuncs.com | udp |
| US | 1.1.1.1:53 | amdcopen.m.taobao.com | udp |
| CN | 203.107.1.97:443 | httpdns-sc.aliyuncs.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 120.25.112.99:80 | datastatistics-zn.cn-shenzhen.log.aliyuncs.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | umengacs.m.taobao.com | udp |
| CN | 39.156.66.180:443 | dxp.baidu.com | tcp |
| CN | 123.183.232.33:443 | umengacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| US | 1.1.1.1:53 | ulogs.umeng.com | udp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 223.109.148.177:443 | ulogs.umeng.com | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.73:443 | plbslog.umeng.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| US | 1.1.1.1:53 | hmma.baidu.com | udp |
| HK | 103.235.46.195:443 | hmma.baidu.com | tcp |
| CN | 203.107.1.97:443 | httpdns-sc.aliyuncs.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.107.1.100:443 | httpdns-sc.aliyuncs.com | tcp |
| CN | 106.11.61.135:80 | tcp | |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 123.183.232.33:443 | umengacs.m.taobao.com | tcp |
| CN | 36.143.252.48:80 | umengjmacs.m.taobao.com | tcp |
| CN | 106.11.61.135:80 | tcp | |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.107.1.100:443 | httpdns-sc.aliyuncs.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 223.109.148.130:443 | ulogs.umeng.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 106.11.61.137:80 | tcp | |
| CN | 203.107.1.97:443 | httpdns-sc.aliyuncs.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 106.11.61.137:80 | tcp | |
| US | 1.1.1.1:53 | dxp.baidu.com | udp |
| CN | 39.156.66.180:443 | dxp.baidu.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 223.109.148.176:443 | ulogs.umeng.com | tcp |
| US | 1.1.1.1:53 | amdcopen.m.taobao.com | udp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| CN | 36.143.252.48:80 | umengjmacs.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
Files
/data/user/0/cn.kdqbxs.reader/.jiagu/libjiagu.so
| MD5 | 48e09a984647c0dcf75452e24d62806c |
| SHA1 | dbb3afc5495736331ae9618a14826b09ccf540ad |
| SHA256 | c7dfb3480a4410f14c0a86dd2a554a7c65f127d2daef76cb6f206b955f1eca66 |
| SHA512 | 8a22f26f0223f1aa120f2f2809de6a21a623efcc0cccc5306262c442c38808384985d5f86617aa6826d0357b6a80a7948d1dbb50c69a0ed37445b7e470611db6 |
/data/user/0/cn.kdqbxs.reader/.jiagu/libjiagu_64.so
| MD5 | 9473b2918dde9f4a5210f6d4549d3c6e |
| SHA1 | 419e14a83dee73410576c0d3078cc42c3aa6de4d |
| SHA256 | 3016fe961fd1bd4a16442db1358240e2a666c355d47c40133ee5a855d9fdaca7 |
| SHA512 | eac5aa65fa0ec5aca6900617a5715c7f7eb9eff5079bb73aba82a58323b348ce4fd9a92afea7b289a0e5652710e2f6a403425b2f1a8b606d3b5b4d6894adf190 |
/data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex
| MD5 | b56a9cc7959c83320d8959410536a0cc |
| SHA1 | 4f53d0315f423388922f92519d098c80eb6ddbfd |
| SHA256 | 1f222e7bb3dc330a61f92b4cac80c33b1bada95ac056b4c03fdcea4669753cb3 |
| SHA512 | e4021001775a04f1a68c9bccdebba69a296092275c3fc69c3efcc29843301f875ea1ffdc0f03c0a23e23bedff9ebc9a397c1ee9709f6e2aed8c15a26327fa8af |
/data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes2.dex
| MD5 | 997d48c2ba922daf248d77bf26d7542a |
| SHA1 | 58a331ef595a2c45b4095de79c9fba8999a03da0 |
| SHA256 | e807cec8c47d423ac8f8a2b940f9838aca2ea211643a5e31466a0c14575923ed |
| SHA512 | cc61f976647c0c0eb6cc20a42985f35e4788d97c00ea770658c4f0754614e945088de4ea446c004b863ffcecc5c1dd467e67adc3b541c81e01bd960380a7f832 |
/data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes3.dex
| MD5 | dec515f498ba570f8f7e30fafc2359a2 |
| SHA1 | 0d9407fe32c8a73dce7e3c25922892afc9ab16f1 |
| SHA256 | 2da1291a90a02db081e8c160f3396f91c8894daefc33b76414430077d6a72f7f |
| SHA512 | 836dae94edd4f398a980b9b97ef604332ed6368d579b66429fcaf1fb7891033b65fc173fdf34aeee07e8072bb20efda491496f0fddca0934f111586bbb5e4968 |
/data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes4.dex
| MD5 | 56a527f3e94a53ae0f021d0185496655 |
| SHA1 | be9db47d587baaeabc9b725d5bcc0f4f91cfe0c8 |
| SHA256 | 7069314535348a22f5ae2956967d9f208a974012773430b8d5ef02ee316f3c22 |
| SHA512 | 481ed46130f5fc83d9685891bc53e6f2585c3f9c51c2def8a7970f738ad3614af3f062069f2d712936d44e4ec926d61001425486fa07db2d36ca6e33545ec869 |
/data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes5.dex
| MD5 | 9fa85329d3ebf6f29973463360e91caf |
| SHA1 | 536749548ba5b5697feb596bba8f9eefde9d478a |
| SHA256 | 062c3998177ced6c5f7c033a408bf0d3b14577cfe7ce97da9a0e421956074de2 |
| SHA512 | 88ff3f07795515c2f3d854d27fb6b3e19ea0a6b86e43a1d06188bc332f9d3403dd98f8e93787dea7f3df52a8cd7343bc792b93a975bfb155d7cef99d06e896de |
/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.ri
| MD5 | e4775d8c2f2677d3ae2f503e75830f18 |
| SHA1 | 35c47904eeff0db9705a908dca7c008e09ff6d5d |
| SHA256 | ab2d2778956e533f629b1d45aed5b00596e9a126c92e7b5614afadfc344248a6 |
| SHA512 | d30fa6a9f16bfb3727585f0a71a7922f9479b2f18b1d709693334a6c494efdb51f4eaeb33ebb474f92985628d4c1ca8463d35121d6198d65f28f5b6349bd10ca |
/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_cf
| MD5 | 86525c841591ffa90c423b3aa3a8ba8d |
| SHA1 | 5574684838d0d6e0a26714c02c9e8414fa6c5d36 |
| SHA256 | 1cfc7e6c25a0754d26bf6ad466c34f5ae48a9130dc33237ef9ae18013987b4fc |
| SHA512 | 08ba4a3598dc30b917c558d8d98c5d34100c6fb0912ab3da7be3838560eb88e240cb7c42353647127998f01598b008a18ee537fcd875e1dc8278a34bd6affdc6 |
/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_pid
| MD5 | 75002e4a4ba837ecc4ff778aa07da527 |
| SHA1 | fd19585b8ed955d204693a037ebcf2a063a9f31c |
| SHA256 | 603a877e8b09f0fe1380d45d335a63d8cffb7bc9b0a6b19c06f4f08c0e4e9c63 |
| SHA512 | 3a1b9d7488081b3f362d2b27bb5ef07b08640af6b26693a31de63ec4e190e4148b1c68566cad7408580e4c2acd039b22a6aa156cd72d97b352265c9444a1f8fd |
/data/user/0/cn.kdqbxs.reader/databases/MessageStore.db-journal
| MD5 | 816f3ff1dbe736e9ff64896a39219cc9 |
| SHA1 | 8b63355139e9152eed047c3329b64e50e60fd377 |
| SHA256 | 3b460832a99c96956d931903e2f4ac336a90ac98d1205bccb5b56a161704d032 |
| SHA512 | f187cd59826c076892897bd3e595fb676965f339ebff0f7b5391fccb31127763dbdda465e06c3f4b825b7b04644137cc6e78c50d04e98b0d323d7d35d26c8d24 |
/data/user/0/cn.kdqbxs.reader/databases/MessageStore.db
| MD5 | 8667c540902807cb0150ee8fec9f07c7 |
| SHA1 | 1a0cc595caaee104b2209d5e3f6757f2aca8b4c0 |
| SHA256 | 4cbe86bf14b5cba7e82b4c126ca2d7b4e10fb1760936c3a785dcc360863003a4 |
| SHA512 | 665e0106bd09c25d061b77acf933db23d8a4ae6a2f608a41a0cc1eeaa4842605e96b60dbbda1f5fb85f0de5523a15280a593e1f1562ad8e2bface32ab5ec9c62 |
/data/user/0/cn.kdqbxs.reader/databases/MessageStore.db-journal
| MD5 | 5edb1e7c279e2784af9a7deafdd4518f |
| SHA1 | bbeb81b8ef144c44a38dceba7c06f7537b38cf35 |
| SHA256 | f0c6102d7525ad488bdaacae9c2b82d5cb7fb96d9fb51971b525a424d2fe06e4 |
| SHA512 | e2121302588e1f7b16fd4c1f187593ea892c1192ad1bcec216d6f4f22068670939927bfffb2f51fcb5d601fe4347cd581557add4f4030b3ffc7e9636bc436749 |
/data/user/0/cn.kdqbxs.reader/databases/MessageStore.db-journal
| MD5 | b2572e4f5383a17dc3f96b100a7d3cd2 |
| SHA1 | ef0549ab98f47009b13c4ee1acddd5f0131f90d2 |
| SHA256 | 88b1738b2f89583067bb1d209ed90219950436f0c5d2394d935319801be72d77 |
| SHA512 | 594d0a2055b9cb973aad1211c6ad0f45fd61990be38aac3c51aaaa969efcbedcc5f9155b118b958b76dc0011a8b4bb7fbf08ce2713cfe71fadb08e75a4a7d0be |
/data/user/0/cn.kdqbxs.reader/databases/MsgLogStore.db-journal
| MD5 | cf1251eb84f4f8db280a7c4b071fd097 |
| SHA1 | 134adaf194ad132fa24aad9d02e374da6c7004f4 |
| SHA256 | 5ae7fffba6bbb8e0e8be892db86df1239fccbe673e47834d903d4791077ffaa0 |
| SHA512 | aa647e8eb8b5dfbdd3a88f4c5d93ee3c6509e18b18eb25b22ebd64edf838574b237b24fec04df0b8c4938dfb153960deb43d596fd10abdc376336274e673b2e6 |
/data/user/0/cn.kdqbxs.reader/databases/MsgLogStore.db
| MD5 | 12a7d379e17bbd9dfb425607991f4814 |
| SHA1 | bc7c5ed79c42863755432f9adf05ffc1848b0a81 |
| SHA256 | 6e9e6f531496fd3cb33584bf4a1303845743589d5527bf8e96e27e2264b1e90f |
| SHA512 | 18d678715f1712f8baee18e23487af449890a4130e304ea10d883dfc99b33b7f88f0f1e0b4008ac0c8f1ea6c19f5460b0510d5372c579b039a96785529d980c4 |
/data/user/0/cn.kdqbxs.reader/databases/MsgLogStore.db-journal
| MD5 | f1beb451b264ad8da3caedaabf2f93e5 |
| SHA1 | ea2d59e099d88b04e5f2ee8f1cfee74ee3896e7f |
| SHA256 | 02f3842fead56d3eeb99fcdb340a256f4bec8c3d3782bee629d2d3a89e34c5f6 |
| SHA512 | fe5f01eca248e650cb89b784ea530d673c292be7662f4f6bd4fe50b81a00aeef8ba3c7145865efd645b3d206d9836ea257e142897856914aa0abf5ebc73f9c04 |
/data/user/0/cn.kdqbxs.reader/databases/MsgLogStore.db-journal
| MD5 | f6d64a717c6df17e331af9af5e300e54 |
| SHA1 | 70793bfa959775c2f7cf898315d86e0b41ad798b |
| SHA256 | f85a3f24036b5a06dadba2422152b3cf6f81f0ad10ed03dffeddbd5d57330ae6 |
| SHA512 | ed0de34b05d1d3647e997674da733d7d423390f80061a5839a47468eca686b0774523b3fdc2661ddf580debdd7b829e541883188489539afebd78bbcd2380797 |
/storage/emulated/0/dy-sdk/udid/storage/emulated/0/kdqbxs_book/cache/uuid.text/sdk-udid.tf
| MD5 | aea851d092b2ac708df5eb62a1fb5db5 |
| SHA1 | fd085015b5ee80c3dd92c732cbd9632c565f725a |
| SHA256 | 551eea9bfd51c0325bc2cf1c520ad131ff54478a29b1aae73c590ab4fea17ebe |
| SHA512 | 85a2901ffdd5d3d0d71690070a68ac39ecd8bcb42c14a6ee68f9fbf0e81ba6b98cf6c200ae77b92159296b4a6f258d95d41abd740cfc6ac6a7fa636fe0336fd7 |
/data/user/0/cn.kdqbxs.reader/databases/kdqbxsBook.db-journal
| MD5 | 8fb8d39fae6783545efe935639f48889 |
| SHA1 | cded10697afd976255f71b617d364e360a5c8d93 |
| SHA256 | 8dcd48e1ab9528049fcb3f7a21833ea0b53aa4abeb80a07c73580bcd9084f3d5 |
| SHA512 | 17f10cdd21bf1d7e009b9cd01dbbcfdae4e206e66c587ba7efee0356764929806749c657192110f618de967cb47a1397faf39348fa1d1d3c0655dffca2e31ef3 |
/data/user/0/cn.kdqbxs.reader/databases/kdqbxsBook.db
| MD5 | 904fe475406adc29a36b6d0bf5c5ad6b |
| SHA1 | d92121b5f631bbe545cdc22e294d9fd66c5eba23 |
| SHA256 | 97f503c25514610d75a1f8ee56e5727e2d390e9fccf56885c5aadcd02d6c95ee |
| SHA512 | 699e8bdb6bd065f04ac49ab052ad65d3320be6eeb781df03654b4e41261f936d14428db582ac96100446011920395655ec720bd1e7cf99013069cd437883bca0 |
/data/user/0/cn.kdqbxs.reader/databases/kdqbxsBook.db-journal
| MD5 | 9ab56a21fdd1b3adb545b0b408b49d0f |
| SHA1 | bd4545db92a009c9ab1a3cab25f605fbb5042240 |
| SHA256 | b95c783d3977bb83673733bf942895eb999336f794be81cd58a2c42ad5ce3f7b |
| SHA512 | 5e83e6958799ea230882a4bb7a3f4b4a18e1538b377173d7df38c739ea8d5169fd4d8dcb08dfb8de9ad7380468d9d6a420b3ad7e0c85fd08684d92b47fe6c524 |
/data/user/0/cn.kdqbxs.reader/databases/kdqbxsBook.db-journal
| MD5 | 6c76fb65eb5bc3f28b07049599c2bc05 |
| SHA1 | 0e6a1b6d7b00c9eb1ac2e865215464a4c94b9408 |
| SHA256 | f9fbc78882999f19ad7900e060a0c817304778a767f9fb2f086ca55080125eca |
| SHA512 | 5dbb74c6987abaa0ab0e252b88ce24b7dca915eaed2e11323a0e94e9da06436ce4eaa1619431b37f1ffa333f8d6d1172c16d94799e4fef8ab9f420628a5bf625 |
/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_cf
| MD5 | ad46e889b9e9a71187d2d2dd22bbec3d |
| SHA1 | 1bea5bca0c200e29353148f452b333e1ed830160 |
| SHA256 | 629c196194e33bc6a373fbb2664b2d66739f37f0816acf85b312b901173dcba3 |
| SHA512 | 568dbb953a6aa571d7b9f1eff877c3ca8121f267f44497c48c11e320ae7ccbdce3266906d7862a73d34b4ba09f91d39fe43952835b7ce4e0da453f817043772d |
/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.ri
| MD5 | 47ea7dc992ad444b602a1dc3907f6244 |
| SHA1 | a7ae690bd03823111b9fbe2f3670f6581b4a21c5 |
| SHA256 | f090fa776261656e4f0f2f83a9eeaaaeb09e91dc92b159aa1fcf9dce62299970 |
| SHA512 | 629e45c1adfd4875ea6bff5330925774a3eb624855bc4606c700a1cade5b9ef43ab664e7998557913650a2f8d4f496ccd3957423d5f3c2962cdc4ebad2fd8db5 |
/data/user/0/cn.kdqbxs.reader/files/.jiagu.lock
| MD5 | aec54b120ec5b78c75eca4bf1a3fb7a1 |
| SHA1 | 0779217fb852ac055fb8ea1666a3e2dae3dd2299 |
| SHA256 | 93c044731695b363a9969ca645181af4b2d5a0446a6235557f224f10f2c3c4fd |
| SHA512 | c93f89e7b1401d4fcf6503dab82742e276c6284b6bd6c1e41b3134dde3b5391a50f4b201d53f70bd51fe0ad3c4f9f3deb7a233b99d13568c786138fc5c9c56d2 |
/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.rd
| MD5 | 8d466402b1901e7c58138a09cc6d126d |
| SHA1 | c33843c7fd0f453d58bb1c4676aac244932577c7 |
| SHA256 | 016b41721ef53d7a8e6989bcaa23b25953d352dead9f5661cad7fb7e43c3f5b9 |
| SHA512 | 6f92244452a9b0414b18dee8281333059889730bbf56742a6af04afbf009129ccecd13dac9f77060b80e9fbd22bd914176a99b36e819e515f42dac1b324f97d7 |
/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_pid
| MD5 | 96184b863cac97e8792e5a8cb8e36004 |
| SHA1 | 4256f7cfb44857404d4a65d1376c4bee1faf50cd |
| SHA256 | ea96c5deee3b5195840ddd485fdb1a1e4522ffd40d21ff3a7b070dc12a6cd868 |
| SHA512 | 2b5139bcb687c350330b09c0fe8b919d4bfea293f3e99ffa3ab4042f5a6863078a0e3a9a212304fa513f33da6230c4fcf60b6e4288951eae6c490d4f58ee94f9 |
/data/user/0/cn.kdqbxs.reader/files/libcuid.so
| MD5 | 85c06b25d03fc4778558b6c8f4bfc898 |
| SHA1 | 58cc64764b4ee2ff5eb5089c00063ca8dfbbff76 |
| SHA256 | 40da112d652cd27bd43ff03a3ad6b36692f07334ef7193156b453c7551cf9989 |
| SHA512 | 46184013a9a469235eef617959803ec40d3d2b629aff338c8251e7e05f99ad38e62b735f19befec36711296ada9b6695bb950af898fa11f14bae21967068eab0 |
/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.ac
| MD5 | 9e4779dd8be3db6e1922d8989548a2dc |
| SHA1 | f71feb15ba0ca843701e49c2607aacf2b97096d8 |
| SHA256 | b903967369c088093df68e7e1bddccf0b7d14b3e9a2d9378f949e9cab73278e2 |
| SHA512 | c960363480ec228affca748855271de2613f1453994dfd938807dcc4752c4343c19dc0e7cbfa9b9bd4109de2011d3b44454c813dd02b726385769359e33f0ce8 |
/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.ic
| MD5 | 9fc813a8c45c1f55f38093aaa52f2bff |
| SHA1 | c4d6e80d1378a563a2f2b06b6e3147a327edae38 |
| SHA256 | 368569eb5be82b89e7e74b7ea7815d4f0f2f94d90c2100bffc22eac3e152681b |
| SHA512 | c66cfe113a055a10c84d79f1313805c62e0dcecab1042239b59043b4cb69bdc493b9eacdc1a1220a864a77bfde58d2eabd350c92b1560c009195e88e38615ab2 |
/data/user/0/cn.kdqbxs.reader/databases/log.db-journal
| MD5 | 18cb9a96e30b56af853fb87dbad9aecd |
| SHA1 | c37cdbc1ba30516918619ebeb7ce38b2fa1aecd6 |
| SHA256 | 63a4a2df5331a0c65180afc3b90c9891eb71e7bc4d6f8e23bd2597fb321a5228 |
| SHA512 | 5aa7d8d2c68bf59ab818e9f9efb569a9ae3016972248805f685e0b76d801b88c9a7e50a11b32c4f49ad1faa4e95f67875d6759293982d16a0f29df2e7f95c73e |
/data/user/0/cn.kdqbxs.reader/databases/log.db
| MD5 | 0eb157e1a86d4d00aa601dd2f6ff3ee3 |
| SHA1 | fee434f784e73cc7916322e949f727caf8363102 |
| SHA256 | b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4 |
| SHA512 | b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8 |
/data/user/0/cn.kdqbxs.reader/databases/log.db-wal
| MD5 | e0d3f5c99906d8d8857b6a16b14e21c6 |
| SHA1 | 33928aa261d832ede69168ef3521f9019e427536 |
| SHA256 | 31e410038b82a94915f7edcd6c23e51115094f7a1f730ebfccc9fa65a70b4529 |
| SHA512 | 6fd17294db0a5acce1a6a6d68f6c81da273b9ef014e464e4dd97be99ac997ca12bcdcc494903f390ab5e140305aa6b68c847283dd37a6c8418756f281b4aa81e |
/storage/emulated/0/.idf/.IDF
| MD5 | 62278edcb129a0ae2d8fb433205237a0 |
| SHA1 | e94c951412f12e20f1f0fe5e20afa082fb8f975d |
| SHA256 | a929d2d13c3fac13b33eec5ce29e81de16c1f189a461d05e93c27a7f2f9c3de5 |
| SHA512 | 1137112a8251911942785c5e4646403ccd81b6278935854caf1654ba21a305658ec9e1b6f00ec148d7e2d769c98c14b54678a1edfdc605928d7eaac0e5b6cb37 |
/data/user/0/cn.kdqbxs.reader/databases/log.db-wal
| MD5 | dc460e5de45ecd301866999afacf7de7 |
| SHA1 | b42dfe5f89994efe0820014571f452df9eaf046e |
| SHA256 | d4b4e515c854434d746599edf2b31631a0d8d5b5af558dc92d175191ac0a85ff |
| SHA512 | d4434168f967592c4f7895d18c66f1e84c4631112c38d395f1651ad811ad5291f3924a0c0ed95152f333051f04c3a9d50611eb8d493dc9204daee985ab8dfc1a |
/data/user/0/cn.kdqbxs.reader/databases/MessageStore.db-journal
| MD5 | 1b892888ccbbe6a101e0d0bdb2172a7f |
| SHA1 | e7f5269d6b59b3c98c22bf90d4111aa71835e367 |
| SHA256 | 12a7e7baa6dc9404a5f0d940be52747e55a03af8beae24085c95e73be0a8103b |
| SHA512 | d1d3a132ba614f9a5e5cab9f9cc709cb6789eadf40ff9b0bc36860e98f20f2592f493caa933c147db4233fbd2e9fe118025a2c56126a65cef80ecef0c8210f84 |