Malware Analysis Report

2025-08-10 13:46

Sample ID 241017-vewdjavgrg
Target 52b859941aeae463735336b3f243ccb2_JaffaCakes118
SHA256 abf89b6c6e932dd3c580b43aee510008b933b8eb0283d386814345ded146440f
Tags
banker discovery evasion impact persistence execution
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

abf89b6c6e932dd3c580b43aee510008b933b8eb0283d386814345ded146440f

Threat Level: Shows suspicious behavior

The file 52b859941aeae463735336b3f243ccb2_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker discovery evasion impact persistence execution

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries information about active data network

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-17 16:54

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-17 16:54

Reported

2024-10-17 16:57

Platform

android-x86-arm-20240624-en

Max time kernel

14s

Max time network

130s

Command Line

cn.kdqbxs.reader

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/cn.kdqbxs.reader/.jiagu/classes.dex N/A N/A
N/A /data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes4.dex N/A N/A
N/A /data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes5.dex N/A N/A
N/A /data/data/cn.kdqbxs.reader/.jiagu/tmp.dex N/A N/A
N/A /data/data/cn.kdqbxs.reader/.jiagu/tmp.dex N/A N/A
N/A /data/data/cn.kdqbxs.reader/.jiagu/tmp.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

cn.kdqbxs.reader

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cn.kdqbxs.reader/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=45 --oat-location=/data/data/cn.kdqbxs.reader/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

getprop ro.miui.ui.version.name

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 basestatistics.cn-shanghai.log.aliyuncs.com udp
CN 106.15.241.244:80 basestatistics.cn-shanghai.log.aliyuncs.com tcp
US 1.1.1.1:53 umengacs.m.taobao.com udp
CN 110.253.189.144:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 dxp.baidu.com udp
CN 39.156.66.180:443 dxp.baidu.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp

Files

/data/data/cn.kdqbxs.reader/.jiagu/libjiagu.so

MD5 610a895c4a71bbeeaea16eddb1422bbf
SHA1 9f919de42ed1e80bfadfef48f8202b202166f869
SHA256 baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217
SHA512 ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

/data/data/cn.kdqbxs.reader/.jiagu/classes.dex

MD5 b56a9cc7959c83320d8959410536a0cc
SHA1 4f53d0315f423388922f92519d098c80eb6ddbfd
SHA256 1f222e7bb3dc330a61f92b4cac80c33b1bada95ac056b4c03fdcea4669753cb3
SHA512 e4021001775a04f1a68c9bccdebba69a296092275c3fc69c3efcc29843301f875ea1ffdc0f03c0a23e23bedff9ebc9a397c1ee9709f6e2aed8c15a26327fa8af

/data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes2.dex

MD5 997d48c2ba922daf248d77bf26d7542a
SHA1 58a331ef595a2c45b4095de79c9fba8999a03da0
SHA256 e807cec8c47d423ac8f8a2b940f9838aca2ea211643a5e31466a0c14575923ed
SHA512 cc61f976647c0c0eb6cc20a42985f35e4788d97c00ea770658c4f0754614e945088de4ea446c004b863ffcecc5c1dd467e67adc3b541c81e01bd960380a7f832

/data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes3.dex

MD5 dec515f498ba570f8f7e30fafc2359a2
SHA1 0d9407fe32c8a73dce7e3c25922892afc9ab16f1
SHA256 2da1291a90a02db081e8c160f3396f91c8894daefc33b76414430077d6a72f7f
SHA512 836dae94edd4f398a980b9b97ef604332ed6368d579b66429fcaf1fb7891033b65fc173fdf34aeee07e8072bb20efda491496f0fddca0934f111586bbb5e4968

/data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes4.dex

MD5 56a527f3e94a53ae0f021d0185496655
SHA1 be9db47d587baaeabc9b725d5bcc0f4f91cfe0c8
SHA256 7069314535348a22f5ae2956967d9f208a974012773430b8d5ef02ee316f3c22
SHA512 481ed46130f5fc83d9685891bc53e6f2585c3f9c51c2def8a7970f738ad3614af3f062069f2d712936d44e4ec926d61001425486fa07db2d36ca6e33545ec869

/data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes5.dex

MD5 9fa85329d3ebf6f29973463360e91caf
SHA1 536749548ba5b5697feb596bba8f9eefde9d478a
SHA256 062c3998177ced6c5f7c033a408bf0d3b14577cfe7ce97da9a0e421956074de2
SHA512 88ff3f07795515c2f3d854d27fb6b3e19ea0a6b86e43a1d06188bc332f9d3403dd98f8e93787dea7f3df52a8cd7343bc792b93a975bfb155d7cef99d06e896de

/data/data/cn.kdqbxs.reader/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.ri

MD5 e4775d8c2f2677d3ae2f503e75830f18
SHA1 35c47904eeff0db9705a908dca7c008e09ff6d5d
SHA256 ab2d2778956e533f629b1d45aed5b00596e9a126c92e7b5614afadfc344248a6
SHA512 d30fa6a9f16bfb3727585f0a71a7922f9479b2f18b1d709693334a6c494efdb51f4eaeb33ebb474f92985628d4c1ca8463d35121d6198d65f28f5b6349bd10ca

/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_cf

MD5 4fcc5b6271584282e78df0b93a0b2e24
SHA1 fc13b87ecbf1c3dba06bbd9a2cb0896f84a33300
SHA256 842faeaf8fe448b98bd976f4924b8cf4067ad818607bc8d5bfc131a9b9d0ecb4
SHA512 824272eeb15c53a78ce5a1d05cbc7b0082b69ce4fc14b15665a01b1a1ff4fee76bd3faab2f617ed82d5a1df75e4682660491e336698e66e186b80c31b6916c7d

/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_pid

MD5 75002e4a4ba837ecc4ff778aa07da527
SHA1 fd19585b8ed955d204693a037ebcf2a063a9f31c
SHA256 603a877e8b09f0fe1380d45d335a63d8cffb7bc9b0a6b19c06f4f08c0e4e9c63
SHA512 3a1b9d7488081b3f362d2b27bb5ef07b08640af6b26693a31de63ec4e190e4148b1c68566cad7408580e4c2acd039b22a6aa156cd72d97b352265c9444a1f8fd

/data/data/cn.kdqbxs.reader/databases/MessageStore.db-journal

MD5 889d248709f303d9de68f70e1d3f8129
SHA1 dc1742144d4597e70705bf528f916a7331867891
SHA256 3ab9f7efafea3ae2f9db45133b408f705c7dc0e279bbc7b25e67cc562ee3ceb1
SHA512 a772c3a1383fd91b6b4ec6e02d780986f79283273e440741ab5f64af5d06a2a08404907dde92dbffe249a806574ba8f0feb055a59b251528e82457f2d74effa2

/data/data/cn.kdqbxs.reader/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/cn.kdqbxs.reader/databases/MessageStore.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/cn.kdqbxs.reader/databases/MessageStore.db-wal

MD5 77fe8b60d6c112e325e67be43712521a
SHA1 ea92f1048beade12154400a2fe7e1d5760937d48
SHA256 04b7add4615211deddf929c1ef6248c6a263e121dbc3e00c05e9633f15709b85
SHA512 be537e103c66174ba028fcf60254a657e57aac0d7bf8518df2dd1c6e4cd52e14995ec0d777a44a8f10be7041419fff19f1ac835eb9bb88659caecbe3bbc864e3

/data/data/cn.kdqbxs.reader/databases/MsgLogStore.db-journal

MD5 bc664bba47a9b239a5bfe7538c320ba2
SHA1 88f5a8335e3f27b67863fb37ee5593acd7d76547
SHA256 bcd2d420a1387af3c4cdf6659f1eaf9b0c45170a6b5783a713e7e22c89720397
SHA512 22cfd78ef53e9ef3ffc7110a81ea12d16d7b2a17df5a084e85689b9ca707f52dd37186ebd1a6155d0c13dc10a6e73646d2f4b57b29cab36530ffba245de683dc

/data/data/cn.kdqbxs.reader/databases/MsgLogStore.db-wal

MD5 4f77a8f4b68074247c864253c428558b
SHA1 1f2408333e35b7ee025227fa050067d8d0b0cc32
SHA256 9a07bac52dcf04f13984ab7894962c8de614ca26b1e4746ea840fa22dd82fe74
SHA512 d75a6a9981b309e32c444825f15f002cd5320f84dcb4e08ffc28a699cc3684a2d79872373e353eb6e6729c5970e75380132880c34f0c234510f227a9c7df64e9

/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_cf

MD5 ad46e889b9e9a71187d2d2dd22bbec3d
SHA1 1bea5bca0c200e29353148f452b333e1ed830160
SHA256 629c196194e33bc6a373fbb2664b2d66739f37f0816acf85b312b901173dcba3
SHA512 568dbb953a6aa571d7b9f1eff877c3ca8121f267f44497c48c11e320ae7ccbdce3266906d7862a73d34b4ba09f91d39fe43952835b7ce4e0da453f817043772d

/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.ri

MD5 e9377267430ce8e367e1cc5e16e57a78
SHA1 cfbba6c0e652bb99abc7530a001ec03e0a0923fc
SHA256 d69b6bddbef70700efb55f74a3fdf93dac3df89c7a5328382134b55ebedeb063
SHA512 8f86dee2771dbad0b2aa780342f80405461076340a1ac8c227e2a16eb40b02d959c0bff095f4e5033514258476bd1f6f84727c23b2905b33cbc67b6c8c239b4b

/data/data/cn.kdqbxs.reader/files/.jiagu.lock

MD5 e32cf1dd56dd5060214bc850f6282731
SHA1 3c55fc0b96db118b4e7a6cdac7db90bc29c01c92
SHA256 c639c626207f67228a8cf527c401102bea6f33180f2c3b05cdd0c2782fa194bd
SHA512 9d525d2a0b04c1028871202975972fd6c110596109bf6e9304782e44c1b74162b13be67498ec67db8f6e7e90b87983825838f63dec26bad7515ef22d06ee7e3d

/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.rd

MD5 681ee7fa67e3fa26a4557a1e89b0fc42
SHA1 15a16058032d96b958d9d1a570c48f35f574eff7
SHA256 e9de3db4ce237fa4086aa0260551917437ebd0289f7d7eee52e7d015e631eb8f
SHA512 4fbde098423fce3e43a974b3e06b5d60e9d4580357a141cf1deb34425a603dc740878564165fa20cf4bdc74d897df5d74f3f86e90e0ac2c25d29b37f7a2120c6

/storage/emulated/0/dy-sdk/udid/storage/emulated/0/kdqbxs_book/cache/uuid.text/sdk-udid.tf

MD5 72f78481dfa00bcb442f4c73c873d952
SHA1 6c3d2738d0517912d5693dfbfd9ea68363e3e71d
SHA256 2d971e1f45690e03c870d7e95a1970752e5de4b637754953981ce2d31afb949c
SHA512 fac6a9c3ac7bef5226f81567ef75f07c150a2e4ea8e371c8a832254ef837be99f8fafdfbc590d34d42d3c43db1c554760e184d6da4898668f0d9861edc22b94d

/data/data/cn.kdqbxs.reader/databases/kdqbxsBook.db-journal

MD5 a388e4104b74236bc25ed2125f9cb595
SHA1 0c34320c9bc5620f9ae70fc80cb2a6ca80a3511e
SHA256 f75fb6745a8f07456224f08e3b15046a9aa8c6f8b0d0a00412ecd2bc1b277541
SHA512 e5d44ffa1eeddfd9ff60fa3be4ddbbb0ba54d119ad28c55ef6e07c1233f8726412b2846ae4804433c96ddb1556d8849fd2b6a22aaaff2756775e953925e2f007

/data/data/cn.kdqbxs.reader/databases/kdqbxsBook.db

MD5 c671ade807411a8430bd4cf1c9014f28
SHA1 79710e2afdf672fc59e80112ecd0d2813069de41
SHA256 7e2f32b9bcffc68be31f2b187c9358d87b1544090b2429272cc59170412038e8
SHA512 2db470d0c67979235eacd7e504b6e93cdae1b6c186b98c396cf6ac6bb132bed727fb4b8dd8c4d0e9e6bff292301e07015e7690af92fe4526c20361f10ab82bf0

/data/data/cn.kdqbxs.reader/databases/kdqbxsBook.db-wal

MD5 c1baf2a1fdcdf45d61ebf7fa7901cf58
SHA1 9201d72dadbf78f8e7b3f3cee446074224b00bdf
SHA256 e9d9025d5f801221a1519128d2c6e25f7d884e5fd9e1cad715b080ff7d904cc3
SHA512 705f69efd9ccb80893f96470efc6fd7efc13e5ae93028dd62878d4313cdfbfcb0794b7d96159adb25755d777969273bac322a37e464e12caa3a6d2cfa4bf87e7

/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_pid

MD5 96184b863cac97e8792e5a8cb8e36004
SHA1 4256f7cfb44857404d4a65d1376c4bee1faf50cd
SHA256 ea96c5deee3b5195840ddd485fdb1a1e4522ffd40d21ff3a7b070dc12a6cd868
SHA512 2b5139bcb687c350330b09c0fe8b919d4bfea293f3e99ffa3ab4042f5a6863078a0e3a9a212304fa513f33da6230c4fcf60b6e4288951eae6c490d4f58ee94f9

/data/data/cn.kdqbxs.reader/files/libcuid.so

MD5 10996a33bbf4a5047ccb9df222f00858
SHA1 e7ee91f18de17d2a20750deb4bdb88b8af4ba1ad
SHA256 309d2ef12c6e1e3cc157616608893f99233bc86b78f76c73f2db1752eeb4a85a
SHA512 98a39f04da842581ede4d213f702ad042c86a516e23aac77afd5a2d32b00e4d5982dfc93c5fa6b52d9e8b9ae67c6124aa6bfe4a5358663186b574e0dbf83fc59

/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.ac

MD5 9e4779dd8be3db6e1922d8989548a2dc
SHA1 f71feb15ba0ca843701e49c2607aacf2b97096d8
SHA256 b903967369c088093df68e7e1bddccf0b7d14b3e9a2d9378f949e9cab73278e2
SHA512 c960363480ec228affca748855271de2613f1453994dfd938807dcc4752c4343c19dc0e7cbfa9b9bd4109de2011d3b44454c813dd02b726385769359e33f0ce8

/data/data/cn.kdqbxs.reader/files/.jglogs/.jg.ic

MD5 9fc813a8c45c1f55f38093aaa52f2bff
SHA1 c4d6e80d1378a563a2f2b06b6e3147a327edae38
SHA256 368569eb5be82b89e7e74b7ea7815d4f0f2f94d90c2100bffc22eac3e152681b
SHA512 c66cfe113a055a10c84d79f1313805c62e0dcecab1042239b59043b4cb69bdc493b9eacdc1a1220a864a77bfde58d2eabd350c92b1560c009195e88e38615ab2

/data/data/cn.kdqbxs.reader/databases/log.db-journal

MD5 9c3ce5870f83a7e354dca9476f15ca7d
SHA1 2b16cdd86ff5557943ea1554d9aca923ee016064
SHA256 e8eaf121b33c5fcba20cdb766a6e107572b75eff8bfdacb0ffe6d2753206e30f
SHA512 7f2f2a55c18ddf0dd430d367e988b9fa1caf30f6059ee31b8646022c2e24d67eff29be89e0026be2ca3757da65849d5994bf23ffcc3dea964e2f889493c18382

/storage/emulated/0/.idf/.IDF

MD5 3e0d16da939a6209bc179dca066a851a
SHA1 c01d679f7d436db98bb92130e6bd23bae031df0a
SHA256 711a5c9ef2ca0cd2af4b8c70568111d109d525212e4d254f62a5f97d8cfe11cf
SHA512 2374ec898a706b5afcd66bceda86a8818ce180ab89df0fe656d425d3d7d7b0eb5698d5e178ea524070b530468b784b61f01740f9f7ae0a853c077a5d0068d4cf

/data/data/cn.kdqbxs.reader/databases/log.db-wal

MD5 8e5e2a0932dc917928c99406eecb8213
SHA1 646d19708734ce5ec7dbf77be0d79eb16ba3d285
SHA256 46e4ab3829b54884841f1d97ab7659d0f03c8ed66c4546ac1f6eda4d963e8ada
SHA512 bda4cbc2f32a831180d0510b25d90bb476fd87fe10f9ae071126bd55839fa34be4bc4cc50e3119e63e647f62c78d6a43c16b30cd2e22e2669bb946a271c07f19

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-17 16:54

Reported

2024-10-17 16:57

Platform

android-33-x64-arm64-20240624-en

Max time kernel

146s

Max time network

157s

Command Line

cn.kdqbxs.reader

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex N/A N/A
N/A /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes4.dex N/A N/A
N/A /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes5.dex N/A N/A
N/A /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex N/A N/A
N/A /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes4.dex N/A N/A
N/A /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes5.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

cn.kdqbxs.reader

cn.kdqbxs.reader:channel

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.196:443 udp
GB 142.250.187.196:443 tcp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 basestatistics.cn-shanghai.log.aliyuncs.com udp
CN 106.15.241.244:80 basestatistics.cn-shanghai.log.aliyuncs.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 umengacs.m.taobao.com udp
CN 110.253.189.144:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 1.1.1.1:53 dxp.baidu.com udp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 172.217.169.42:443 remoteprovisioning.googleapis.com tcp
CN 39.156.66.180:443 dxp.baidu.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.107.1.100:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.200.3:443 tcp
US 172.64.41.3:443 udp
CN 203.107.1.97:443 tcp
GB 142.250.200.3:443 udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
GB 142.250.187.196:443 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.187.196:443 udp
CN 203.107.1.100:443 tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 36.143.252.48:443 umengjmacs.m.taobao.com tcp
GB 142.250.187.227:443 tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
US 1.1.1.1:53 httpdns-sc.aliyuncs.com udp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
US 1.1.1.1:53 datastatistics-zn.cn-shenzhen.log.aliyuncs.com udp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 120.25.112.99:80 datastatistics-zn.cn-shenzhen.log.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 umengacs.m.taobao.com udp
CN 39.156.66.180:443 dxp.baidu.com tcp
CN 123.183.232.33:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
US 1.1.1.1:53 hmma.baidu.com udp
HK 103.235.46.195:443 hmma.baidu.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 106.11.61.135:80 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 123.183.232.33:443 umengacs.m.taobao.com tcp
CN 36.143.252.48:80 umengjmacs.m.taobao.com tcp
CN 106.11.61.135:80 tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 106.11.61.137:80 tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 106.11.61.137:80 tcp
US 1.1.1.1:53 dxp.baidu.com udp
CN 39.156.66.180:443 dxp.baidu.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 36.143.252.48:80 umengjmacs.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp

Files

/data/user/0/cn.kdqbxs.reader/.jiagu/libjiagu.so

MD5 48e09a984647c0dcf75452e24d62806c
SHA1 dbb3afc5495736331ae9618a14826b09ccf540ad
SHA256 c7dfb3480a4410f14c0a86dd2a554a7c65f127d2daef76cb6f206b955f1eca66
SHA512 8a22f26f0223f1aa120f2f2809de6a21a623efcc0cccc5306262c442c38808384985d5f86617aa6826d0357b6a80a7948d1dbb50c69a0ed37445b7e470611db6

/data/user/0/cn.kdqbxs.reader/.jiagu/libjiagu_64.so

MD5 9473b2918dde9f4a5210f6d4549d3c6e
SHA1 419e14a83dee73410576c0d3078cc42c3aa6de4d
SHA256 3016fe961fd1bd4a16442db1358240e2a666c355d47c40133ee5a855d9fdaca7
SHA512 eac5aa65fa0ec5aca6900617a5715c7f7eb9eff5079bb73aba82a58323b348ce4fd9a92afea7b289a0e5652710e2f6a403425b2f1a8b606d3b5b4d6894adf190

/data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex

MD5 b56a9cc7959c83320d8959410536a0cc
SHA1 4f53d0315f423388922f92519d098c80eb6ddbfd
SHA256 1f222e7bb3dc330a61f92b4cac80c33b1bada95ac056b4c03fdcea4669753cb3
SHA512 e4021001775a04f1a68c9bccdebba69a296092275c3fc69c3efcc29843301f875ea1ffdc0f03c0a23e23bedff9ebc9a397c1ee9709f6e2aed8c15a26327fa8af

/data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes2.dex

MD5 997d48c2ba922daf248d77bf26d7542a
SHA1 58a331ef595a2c45b4095de79c9fba8999a03da0
SHA256 e807cec8c47d423ac8f8a2b940f9838aca2ea211643a5e31466a0c14575923ed
SHA512 cc61f976647c0c0eb6cc20a42985f35e4788d97c00ea770658c4f0754614e945088de4ea446c004b863ffcecc5c1dd467e67adc3b541c81e01bd960380a7f832

/data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes3.dex

MD5 dec515f498ba570f8f7e30fafc2359a2
SHA1 0d9407fe32c8a73dce7e3c25922892afc9ab16f1
SHA256 2da1291a90a02db081e8c160f3396f91c8894daefc33b76414430077d6a72f7f
SHA512 836dae94edd4f398a980b9b97ef604332ed6368d579b66429fcaf1fb7891033b65fc173fdf34aeee07e8072bb20efda491496f0fddca0934f111586bbb5e4968

/data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes4.dex

MD5 56a527f3e94a53ae0f021d0185496655
SHA1 be9db47d587baaeabc9b725d5bcc0f4f91cfe0c8
SHA256 7069314535348a22f5ae2956967d9f208a974012773430b8d5ef02ee316f3c22
SHA512 481ed46130f5fc83d9685891bc53e6f2585c3f9c51c2def8a7970f738ad3614af3f062069f2d712936d44e4ec926d61001425486fa07db2d36ca6e33545ec869

/data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes5.dex

MD5 9fa85329d3ebf6f29973463360e91caf
SHA1 536749548ba5b5697feb596bba8f9eefde9d478a
SHA256 062c3998177ced6c5f7c033a408bf0d3b14577cfe7ce97da9a0e421956074de2
SHA512 88ff3f07795515c2f3d854d27fb6b3e19ea0a6b86e43a1d06188bc332f9d3403dd98f8e93787dea7f3df52a8cd7343bc792b93a975bfb155d7cef99d06e896de

/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.ri

MD5 e4775d8c2f2677d3ae2f503e75830f18
SHA1 35c47904eeff0db9705a908dca7c008e09ff6d5d
SHA256 ab2d2778956e533f629b1d45aed5b00596e9a126c92e7b5614afadfc344248a6
SHA512 d30fa6a9f16bfb3727585f0a71a7922f9479b2f18b1d709693334a6c494efdb51f4eaeb33ebb474f92985628d4c1ca8463d35121d6198d65f28f5b6349bd10ca

/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_cf

MD5 86525c841591ffa90c423b3aa3a8ba8d
SHA1 5574684838d0d6e0a26714c02c9e8414fa6c5d36
SHA256 1cfc7e6c25a0754d26bf6ad466c34f5ae48a9130dc33237ef9ae18013987b4fc
SHA512 08ba4a3598dc30b917c558d8d98c5d34100c6fb0912ab3da7be3838560eb88e240cb7c42353647127998f01598b008a18ee537fcd875e1dc8278a34bd6affdc6

/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_pid

MD5 75002e4a4ba837ecc4ff778aa07da527
SHA1 fd19585b8ed955d204693a037ebcf2a063a9f31c
SHA256 603a877e8b09f0fe1380d45d335a63d8cffb7bc9b0a6b19c06f4f08c0e4e9c63
SHA512 3a1b9d7488081b3f362d2b27bb5ef07b08640af6b26693a31de63ec4e190e4148b1c68566cad7408580e4c2acd039b22a6aa156cd72d97b352265c9444a1f8fd

/data/user/0/cn.kdqbxs.reader/databases/MessageStore.db-journal

MD5 816f3ff1dbe736e9ff64896a39219cc9
SHA1 8b63355139e9152eed047c3329b64e50e60fd377
SHA256 3b460832a99c96956d931903e2f4ac336a90ac98d1205bccb5b56a161704d032
SHA512 f187cd59826c076892897bd3e595fb676965f339ebff0f7b5391fccb31127763dbdda465e06c3f4b825b7b04644137cc6e78c50d04e98b0d323d7d35d26c8d24

/data/user/0/cn.kdqbxs.reader/databases/MessageStore.db

MD5 8667c540902807cb0150ee8fec9f07c7
SHA1 1a0cc595caaee104b2209d5e3f6757f2aca8b4c0
SHA256 4cbe86bf14b5cba7e82b4c126ca2d7b4e10fb1760936c3a785dcc360863003a4
SHA512 665e0106bd09c25d061b77acf933db23d8a4ae6a2f608a41a0cc1eeaa4842605e96b60dbbda1f5fb85f0de5523a15280a593e1f1562ad8e2bface32ab5ec9c62

/data/user/0/cn.kdqbxs.reader/databases/MessageStore.db-journal

MD5 5edb1e7c279e2784af9a7deafdd4518f
SHA1 bbeb81b8ef144c44a38dceba7c06f7537b38cf35
SHA256 f0c6102d7525ad488bdaacae9c2b82d5cb7fb96d9fb51971b525a424d2fe06e4
SHA512 e2121302588e1f7b16fd4c1f187593ea892c1192ad1bcec216d6f4f22068670939927bfffb2f51fcb5d601fe4347cd581557add4f4030b3ffc7e9636bc436749

/data/user/0/cn.kdqbxs.reader/databases/MessageStore.db-journal

MD5 b2572e4f5383a17dc3f96b100a7d3cd2
SHA1 ef0549ab98f47009b13c4ee1acddd5f0131f90d2
SHA256 88b1738b2f89583067bb1d209ed90219950436f0c5d2394d935319801be72d77
SHA512 594d0a2055b9cb973aad1211c6ad0f45fd61990be38aac3c51aaaa969efcbedcc5f9155b118b958b76dc0011a8b4bb7fbf08ce2713cfe71fadb08e75a4a7d0be

/data/user/0/cn.kdqbxs.reader/databases/MsgLogStore.db-journal

MD5 cf1251eb84f4f8db280a7c4b071fd097
SHA1 134adaf194ad132fa24aad9d02e374da6c7004f4
SHA256 5ae7fffba6bbb8e0e8be892db86df1239fccbe673e47834d903d4791077ffaa0
SHA512 aa647e8eb8b5dfbdd3a88f4c5d93ee3c6509e18b18eb25b22ebd64edf838574b237b24fec04df0b8c4938dfb153960deb43d596fd10abdc376336274e673b2e6

/data/user/0/cn.kdqbxs.reader/databases/MsgLogStore.db

MD5 12a7d379e17bbd9dfb425607991f4814
SHA1 bc7c5ed79c42863755432f9adf05ffc1848b0a81
SHA256 6e9e6f531496fd3cb33584bf4a1303845743589d5527bf8e96e27e2264b1e90f
SHA512 18d678715f1712f8baee18e23487af449890a4130e304ea10d883dfc99b33b7f88f0f1e0b4008ac0c8f1ea6c19f5460b0510d5372c579b039a96785529d980c4

/data/user/0/cn.kdqbxs.reader/databases/MsgLogStore.db-journal

MD5 f1beb451b264ad8da3caedaabf2f93e5
SHA1 ea2d59e099d88b04e5f2ee8f1cfee74ee3896e7f
SHA256 02f3842fead56d3eeb99fcdb340a256f4bec8c3d3782bee629d2d3a89e34c5f6
SHA512 fe5f01eca248e650cb89b784ea530d673c292be7662f4f6bd4fe50b81a00aeef8ba3c7145865efd645b3d206d9836ea257e142897856914aa0abf5ebc73f9c04

/data/user/0/cn.kdqbxs.reader/databases/MsgLogStore.db-journal

MD5 f6d64a717c6df17e331af9af5e300e54
SHA1 70793bfa959775c2f7cf898315d86e0b41ad798b
SHA256 f85a3f24036b5a06dadba2422152b3cf6f81f0ad10ed03dffeddbd5d57330ae6
SHA512 ed0de34b05d1d3647e997674da733d7d423390f80061a5839a47468eca686b0774523b3fdc2661ddf580debdd7b829e541883188489539afebd78bbcd2380797

/storage/emulated/0/dy-sdk/udid/storage/emulated/0/kdqbxs_book/cache/uuid.text/sdk-udid.tf

MD5 aea851d092b2ac708df5eb62a1fb5db5
SHA1 fd085015b5ee80c3dd92c732cbd9632c565f725a
SHA256 551eea9bfd51c0325bc2cf1c520ad131ff54478a29b1aae73c590ab4fea17ebe
SHA512 85a2901ffdd5d3d0d71690070a68ac39ecd8bcb42c14a6ee68f9fbf0e81ba6b98cf6c200ae77b92159296b4a6f258d95d41abd740cfc6ac6a7fa636fe0336fd7

/data/user/0/cn.kdqbxs.reader/databases/kdqbxsBook.db-journal

MD5 8fb8d39fae6783545efe935639f48889
SHA1 cded10697afd976255f71b617d364e360a5c8d93
SHA256 8dcd48e1ab9528049fcb3f7a21833ea0b53aa4abeb80a07c73580bcd9084f3d5
SHA512 17f10cdd21bf1d7e009b9cd01dbbcfdae4e206e66c587ba7efee0356764929806749c657192110f618de967cb47a1397faf39348fa1d1d3c0655dffca2e31ef3

/data/user/0/cn.kdqbxs.reader/databases/kdqbxsBook.db

MD5 904fe475406adc29a36b6d0bf5c5ad6b
SHA1 d92121b5f631bbe545cdc22e294d9fd66c5eba23
SHA256 97f503c25514610d75a1f8ee56e5727e2d390e9fccf56885c5aadcd02d6c95ee
SHA512 699e8bdb6bd065f04ac49ab052ad65d3320be6eeb781df03654b4e41261f936d14428db582ac96100446011920395655ec720bd1e7cf99013069cd437883bca0

/data/user/0/cn.kdqbxs.reader/databases/kdqbxsBook.db-journal

MD5 9ab56a21fdd1b3adb545b0b408b49d0f
SHA1 bd4545db92a009c9ab1a3cab25f605fbb5042240
SHA256 b95c783d3977bb83673733bf942895eb999336f794be81cd58a2c42ad5ce3f7b
SHA512 5e83e6958799ea230882a4bb7a3f4b4a18e1538b377173d7df38c739ea8d5169fd4d8dcb08dfb8de9ad7380468d9d6a420b3ad7e0c85fd08684d92b47fe6c524

/data/user/0/cn.kdqbxs.reader/databases/kdqbxsBook.db-journal

MD5 6c76fb65eb5bc3f28b07049599c2bc05
SHA1 0e6a1b6d7b00c9eb1ac2e865215464a4c94b9408
SHA256 f9fbc78882999f19ad7900e060a0c817304778a767f9fb2f086ca55080125eca
SHA512 5dbb74c6987abaa0ab0e252b88ce24b7dca915eaed2e11323a0e94e9da06436ce4eaa1619431b37f1ffa333f8d6d1172c16d94799e4fef8ab9f420628a5bf625

/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_cf

MD5 ad46e889b9e9a71187d2d2dd22bbec3d
SHA1 1bea5bca0c200e29353148f452b333e1ed830160
SHA256 629c196194e33bc6a373fbb2664b2d66739f37f0816acf85b312b901173dcba3
SHA512 568dbb953a6aa571d7b9f1eff877c3ca8121f267f44497c48c11e320ae7ccbdce3266906d7862a73d34b4ba09f91d39fe43952835b7ce4e0da453f817043772d

/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.ri

MD5 47ea7dc992ad444b602a1dc3907f6244
SHA1 a7ae690bd03823111b9fbe2f3670f6581b4a21c5
SHA256 f090fa776261656e4f0f2f83a9eeaaaeb09e91dc92b159aa1fcf9dce62299970
SHA512 629e45c1adfd4875ea6bff5330925774a3eb624855bc4606c700a1cade5b9ef43ab664e7998557913650a2f8d4f496ccd3957423d5f3c2962cdc4ebad2fd8db5

/data/user/0/cn.kdqbxs.reader/files/.jiagu.lock

MD5 aec54b120ec5b78c75eca4bf1a3fb7a1
SHA1 0779217fb852ac055fb8ea1666a3e2dae3dd2299
SHA256 93c044731695b363a9969ca645181af4b2d5a0446a6235557f224f10f2c3c4fd
SHA512 c93f89e7b1401d4fcf6503dab82742e276c6284b6bd6c1e41b3134dde3b5391a50f4b201d53f70bd51fe0ad3c4f9f3deb7a233b99d13568c786138fc5c9c56d2

/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.rd

MD5 8d466402b1901e7c58138a09cc6d126d
SHA1 c33843c7fd0f453d58bb1c4676aac244932577c7
SHA256 016b41721ef53d7a8e6989bcaa23b25953d352dead9f5661cad7fb7e43c3f5b9
SHA512 6f92244452a9b0414b18dee8281333059889730bbf56742a6af04afbf009129ccecd13dac9f77060b80e9fbd22bd914176a99b36e819e515f42dac1b324f97d7

/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.store.report_pid

MD5 96184b863cac97e8792e5a8cb8e36004
SHA1 4256f7cfb44857404d4a65d1376c4bee1faf50cd
SHA256 ea96c5deee3b5195840ddd485fdb1a1e4522ffd40d21ff3a7b070dc12a6cd868
SHA512 2b5139bcb687c350330b09c0fe8b919d4bfea293f3e99ffa3ab4042f5a6863078a0e3a9a212304fa513f33da6230c4fcf60b6e4288951eae6c490d4f58ee94f9

/data/user/0/cn.kdqbxs.reader/files/libcuid.so

MD5 85c06b25d03fc4778558b6c8f4bfc898
SHA1 58cc64764b4ee2ff5eb5089c00063ca8dfbbff76
SHA256 40da112d652cd27bd43ff03a3ad6b36692f07334ef7193156b453c7551cf9989
SHA512 46184013a9a469235eef617959803ec40d3d2b629aff338c8251e7e05f99ad38e62b735f19befec36711296ada9b6695bb950af898fa11f14bae21967068eab0

/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.ac

MD5 9e4779dd8be3db6e1922d8989548a2dc
SHA1 f71feb15ba0ca843701e49c2607aacf2b97096d8
SHA256 b903967369c088093df68e7e1bddccf0b7d14b3e9a2d9378f949e9cab73278e2
SHA512 c960363480ec228affca748855271de2613f1453994dfd938807dcc4752c4343c19dc0e7cbfa9b9bd4109de2011d3b44454c813dd02b726385769359e33f0ce8

/data/user/0/cn.kdqbxs.reader/files/.jglogs/.jg.ic

MD5 9fc813a8c45c1f55f38093aaa52f2bff
SHA1 c4d6e80d1378a563a2f2b06b6e3147a327edae38
SHA256 368569eb5be82b89e7e74b7ea7815d4f0f2f94d90c2100bffc22eac3e152681b
SHA512 c66cfe113a055a10c84d79f1313805c62e0dcecab1042239b59043b4cb69bdc493b9eacdc1a1220a864a77bfde58d2eabd350c92b1560c009195e88e38615ab2

/data/user/0/cn.kdqbxs.reader/databases/log.db-journal

MD5 18cb9a96e30b56af853fb87dbad9aecd
SHA1 c37cdbc1ba30516918619ebeb7ce38b2fa1aecd6
SHA256 63a4a2df5331a0c65180afc3b90c9891eb71e7bc4d6f8e23bd2597fb321a5228
SHA512 5aa7d8d2c68bf59ab818e9f9efb569a9ae3016972248805f685e0b76d801b88c9a7e50a11b32c4f49ad1faa4e95f67875d6759293982d16a0f29df2e7f95c73e

/data/user/0/cn.kdqbxs.reader/databases/log.db

MD5 0eb157e1a86d4d00aa601dd2f6ff3ee3
SHA1 fee434f784e73cc7916322e949f727caf8363102
SHA256 b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4
SHA512 b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

/data/user/0/cn.kdqbxs.reader/databases/log.db-wal

MD5 e0d3f5c99906d8d8857b6a16b14e21c6
SHA1 33928aa261d832ede69168ef3521f9019e427536
SHA256 31e410038b82a94915f7edcd6c23e51115094f7a1f730ebfccc9fa65a70b4529
SHA512 6fd17294db0a5acce1a6a6d68f6c81da273b9ef014e464e4dd97be99ac997ca12bcdcc494903f390ab5e140305aa6b68c847283dd37a6c8418756f281b4aa81e

/storage/emulated/0/.idf/.IDF

MD5 62278edcb129a0ae2d8fb433205237a0
SHA1 e94c951412f12e20f1f0fe5e20afa082fb8f975d
SHA256 a929d2d13c3fac13b33eec5ce29e81de16c1f189a461d05e93c27a7f2f9c3de5
SHA512 1137112a8251911942785c5e4646403ccd81b6278935854caf1654ba21a305658ec9e1b6f00ec148d7e2d769c98c14b54678a1edfdc605928d7eaac0e5b6cb37

/data/user/0/cn.kdqbxs.reader/databases/log.db-wal

MD5 dc460e5de45ecd301866999afacf7de7
SHA1 b42dfe5f89994efe0820014571f452df9eaf046e
SHA256 d4b4e515c854434d746599edf2b31631a0d8d5b5af558dc92d175191ac0a85ff
SHA512 d4434168f967592c4f7895d18c66f1e84c4631112c38d395f1651ad811ad5291f3924a0c0ed95152f333051f04c3a9d50611eb8d493dc9204daee985ab8dfc1a

/data/user/0/cn.kdqbxs.reader/databases/MessageStore.db-journal

MD5 1b892888ccbbe6a101e0d0bdb2172a7f
SHA1 e7f5269d6b59b3c98c22bf90d4111aa71835e367
SHA256 12a7e7baa6dc9404a5f0d940be52747e55a03af8beae24085c95e73be0a8103b
SHA512 d1d3a132ba614f9a5e5cab9f9cc709cb6789eadf40ff9b0bc36860e98f20f2592f493caa933c147db4233fbd2e9fe118025a2c56126a65cef80ecef0c8210f84