Malware Analysis Report

2025-08-10 23:55

Sample ID 240517-veg6xahd2y
Target 5082211d415b1f3fa8ed5295f68f19d8_JaffaCakes118
SHA256 3a771e8bfb19354e3c2f4e0697ec794033bd20fa681c47aae16e0300c0285bfa
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

3a771e8bfb19354e3c2f4e0697ec794033bd20fa681c47aae16e0300c0285bfa

Threat Level: Likely malicious

The file 5082211d415b1f3fa8ed5295f68f19d8_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Requests cell location

Checks memory information

Checks CPU information

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Checks known Qemu files.

Queries information about running processes on the device

Registers a broadcast receiver at runtime (usually for listening for system events)

Loads dropped Dex/Jar

Checks known Qemu pipes.

Reads information about phone network operator.

Requests dangerous framework permissions

Checks if the internet connection is available

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-17 16:54

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to access data from sensors that the user uses to measure what is happening inside their body, such as heart rate. android.permission.BODY_SENSORS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to receive WAP push messages. android.permission.RECEIVE_WAP_PUSH N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to use SIP service. android.permission.USE_SIP N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to add voicemails into the system. com.android.voicemail.permission.ADD_VOICEMAIL N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 16:54

Reported

2024-05-17 16:57

Platform

android-x86-arm-20240514-en

Max time kernel

177s

Max time network

187s

Command Line

com.zhangkongapp.joke.bamenshenqi

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /sys/qemu_trace N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.zhangkongapp.joke.bamenshenqi/app_SGLib/libsgmain_312768000000.zip N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.zhangkongapp.joke.bamenshenqi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 i.tddmp.com udp
CN 116.196.71.30:443 i.tddmp.com tcp
US 1.1.1.1:53 platform.bamenzhushou.com udp
US 1.1.1.1:53 conf.xdrig.com udp
CN 114.67.244.173:443 conf.xdrig.com tcp
US 1.1.1.1:53 adashx.m.taobao.com udp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
US 1.1.1.1:53 av1.xdrig.com udp
CN 116.198.14.44:443 av1.xdrig.com tcp
US 1.1.1.1:53 alog.umeng.com udp
US 1.1.1.1:53 1.cn.pool.ntp.org udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 adashbc.m.taobao.com udp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
US 1.1.1.1:53 ynuf.alipay.com udp
US 47.246.137.12:80 ynuf.alipay.com tcp
US 1.1.1.1:53 0.asia.pool.ntp.org udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 116.198.14.40:443 av1.xdrig.com tcp
US 1.1.1.1:53 adashx.m.taobao.com udp
CN 101.226.27.166:80 adashx.m.taobao.com tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
CN 101.226.27.166:80 adashx.m.taobao.com tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
CN 101.226.27.166:80 adashx.m.taobao.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 116.198.14.4:443 av1.xdrig.com tcp
US 1.1.1.1:53 adashx.m.taobao.com udp
CN 101.226.27.166:80 adashx.m.taobao.com tcp
US 1.1.1.1:53 adashx.m.taobao.com udp
CN 101.226.27.166:80 adashx.m.taobao.com tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp

Files

/data/data/com.zhangkongapp.joke.bamenshenqi/databases/bamen_user.db-journal

MD5 403f6d50afaa0751ffcc88dcbaa67d6f
SHA1 faab00f67b7e0ff3e5f7df40a1e77dcaf3ac3b50
SHA256 2a7dbf30898ba6b8cee230c2270a319f7ee578c7bc6d4a8ec63d994ce068b089
SHA512 f3524f2daf5603ab9431363d73711d8265c18f0e263de3ed953b9af70a974ad83179a741410ab2bbe6f8e49e69328b01b3636068549751260816040dcb61b85b

/data/data/com.zhangkongapp.joke.bamenshenqi/databases/bamen_user.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.zhangkongapp.joke.bamenshenqi/databases/bamen_user.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.zhangkongapp.joke.bamenshenqi/databases/bamen_user.db-wal

MD5 c1b39c08ac3439871721023df1886cdd
SHA1 c13c2a18085719059d288633321330d18a2b67f6
SHA256 6cd5fd47b91fd7c0a10f193a88c3a88514265c8b42601c17aaadd7b7bffa4db8
SHA512 571447b35f6a716f70f472e436f63c50f99e81fe11ff2fd91fc6178890748acfb51a4faac528a7ff17cbec0093141b49f9c66f05360267413c901ff4f4ba3775

/data/data/com.zhangkongapp.joke.bamenshenqi/app_SGLib/libsgmainso-5.1.96.so.tmp

MD5 3d5170eb90d461e27d9ce5b78e9f506f
SHA1 d899a2e7db8ed092005643d23e93e53273090c79
SHA256 741786241f3c1a8eb0ac81fc2dac0103aaf1c328d3b745b25b1e80e2cd3c450a
SHA512 45e5143ed14e1cafac0c0540d286edddec5a90055bded1a738bdd5aa5bc6c13b51302b1d37c71aa7d44c4ad39238ad82934fc67b5cd9c94f414fa5b88ec65dd2

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 a14507102e2ea148da97e629afc2d195
SHA1 d1b6b7453b9b465dff44ad0f771100eefa745d22
SHA256 eb6b228b603005d7eb5a5019efbb488aca01ca4f04c065dd0f2c00ece723b04c
SHA512 a3229dbe631b500a815f026f6bd285a990217df6638cf5162d55edd44eea35840ca2588dadc1a13934e0a85dcaf2d5087cc6270c8a668796d8e0f9154a8726de

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 22ac0425be6bce8ce9df5b24c99313cf
SHA1 ea66a952111bc18549218da063678674fcb7ec4c
SHA256 6296d94e40a0902fc329bc46267712d1ea1e2fd4f39e2d52f8c76dc9f41106c0
SHA512 f1f6f0766e7e975d9fee5abdb5d4cf1d6954e5f35a13f22b4f74da2ca3e3b4404204b595d11c70f18514cb02e4ed07dc1be1a8a8c0c1afdcaa49143acbb86862

/data/user/0/com.zhangkongapp.joke.bamenshenqi/app_SGLib/libsgmain_312768000000.zip

MD5 32f2c8b3462ccd5ef664020833c825d9
SHA1 ed5e47c61cedb3acb97d057efd8ed0d8687086ac
SHA256 8eaca414e6f55a0e85e83ecde780e91e17c7b9b60aaf217d6f4317dd69ce6187
SHA512 328224e4fd88934cdb718d6e3d6ae1f93a5430bf0f73a7379e89516962664e0e282c4cd48dde4039d5ffa8c9841f4f32f417a8a084cebf6c82ff82427da266e9

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 7abca05426831e483f6095bf0b1f50cb
SHA1 16adab7c73786b4f1bcd7af8f59831af3a5b740d
SHA256 8c2673d5b6b90fa28f3a60c83c585cbb76a48a379670b2fc2180e11fcbfe5dfe
SHA512 06e3d550b846dd0f6dda504a4c9fc42ce4f9394d8886f8172290ea766f996e391095065a380284c5f1397ef676f83a4c1d70b74edcc1630ba678b826eac4ce65

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 02a9c384ea14e1945d6ebb38a15ad396
SHA1 78379c50fd7adb4e8e53cbc54a57dfc04920ec66
SHA256 c3ce3ec06d5b2a80a8509f1c2c67f6afbabbab18e13213feb4db3504515a9f32
SHA512 3ebfe2432f61ef19d48c1afb0cb4ffedc3a372756bcde2086124ad100dee8b589f69793c7f2713fd1fb4066d0257121919dbcd3e60e4c71d317dde197b93a1a8

/data/data/com.zhangkongapp.joke.bamenshenqi/files/Q0VSVC5SU0EK.txt10af

MD5 0be660597f1c6f2108c67bef73a750d2
SHA1 bfb67228fa0a154220439ee70dd0c565a7aa3361
SHA256 ffdb6eaabd07a21e9a39dd7564c1574bfac585c3666d110dac5a53b8ceaecbb5
SHA512 4d494eb51c0c90f64ba1bd75ab10188f3e74b4ca81f8110642b8aa2b3ffe65735b062fcef048483cdb9768932324a436b1d951f179c30428fec0a5c052ac0f22

/data/data/com.zhangkongapp.joke.bamenshenqi/databases/ut.db-journal

MD5 b880b891542be580ddbdb981094a4154
SHA1 7d106cf79055c95dc1be94aa4d34a3f7f293cbb8
SHA256 c364fb9cc7e4200ce1d442d700ad97346777c1669d3626f73ffca41db3cc6bff
SHA512 342067898637fe3aba7b168335db9c13c2ee4606c86cc6c31cee0c99945802b1a13aad1f0ae86de511e7c5d89784a93a26da07b992e86a7df8755930a15e5dc4

/data/data/com.zhangkongapp.joke.bamenshenqi/databases/ut.db

MD5 38616785cca0600a03205f84fe330b4b
SHA1 6ac41a6bdcae297d56dac5fdde70be5faccf0832
SHA256 b05c698d5827005da5e04b4fbdcac53cfc83405247353f8e9e145969a820a4e8
SHA512 7ff2901c032607f5fa1f24a48056ae85fe8d67b6c5649233fdad7b66950d359b2fb933344bf1e2fe6255a00c593de7bcf959d201fe8b6ad214249bb31f855a08

/data/data/com.zhangkongapp.joke.bamenshenqi/files/AntiCheatingLock

MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA512 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

/data/data/com.zhangkongapp.joke.bamenshenqi/databases/ut.db-wal

MD5 ce833028f5ce8e418f27ebe6ed98cddf
SHA1 ad3838cdf95a4a1e67fee699deb1027cbc4e6aa5
SHA256 457d4f15d03d35207d079428745f52b840c40695fbb424ec08197d9195bd2f82
SHA512 86631daf43d82a88bab2251aa0028dc2d6cf37176ed3482153d9d1e8b6d8a1f5477b8aefea6e5539e3384d4d269d29fc6e4d1a68f57f281a507be08435da1b75

/storage/emulated/0/Android/data/com.zhangkongapp.joke.bamenshenqi/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/.tcookieid

MD5 256c738bf9f033f44e29fcae0278cbc1
SHA1 22b0219c36cf92dbf90c51ad8736d3c8ff5314f7
SHA256 e6ea454067ea9d9da65c177af76dc0d77fe078518df573a1f1bc7645ab7f7316
SHA512 b70cc74499d1b43e3908c61f867e843a2568cf0c7a3359b64b3778fbbe0c1cf1b300cbb010b2ad11e50ecce54076cd64d42aacfb39a20cc8453ce736e39289c9

/data/data/com.zhangkongapp.joke.bamenshenqi/files/td_database2TalkingData/1715964870360_4271

MD5 f6c578f3165e67f6605973a915da8bba
SHA1 22c0833024344ef860d805998af4951952e9ca35
SHA256 ddae490bcdb22a556cb6eabbec3cd2612de2ad59525d3e49b8f6125b2b7f9ee8
SHA512 45eede268332d91e1ff2a7e8df50ae68b4f3a8877aa634031ec0a2c0c395095c7e41ab683314bd81b10cfeab290c37d1f99a0e839c6248e9e4444e09ad5ecb76

/data/data/com.zhangkongapp.joke.bamenshenqi/files/td_database0TalkingData/1715964870603_4271

MD5 93c6e907ee0c942df555e9c5fa918da6
SHA1 8a67adec89104d3cad3f6edf832b4cbd14eb805e
SHA256 fd9a51572799eef6d10713cca78622c49d8846c713b1b072e2fc1dbce5ddd924
SHA512 74b28b7c82241d806e28d73cc12ada92e5f5dd5f7c46946f305aa3bdb9a2bc679621a2388a6890f1ae25ac85042b0cba56c885a307be05515ea6f33f2058586a

/data/data/com.zhangkongapp.joke.bamenshenqi/files/umeng_it.cache

MD5 6e138e305eeb20a4665106f693e678f2
SHA1 36d1b9da83b3bc78a0b71cb5bf524fec27b2cd9a
SHA256 b557350100b6a5a9ad7e57452aec10aca62f83f9dc3bd3679239d840d4c10cb8
SHA512 a1f8b8f85cb1214e7c143395932bc058e0e1d5119573250efe273411ccca5b2dca2f72f27ee8ebbde18a092ed7f7b987190f7cbd05ca10404bdc61969b905d4d

/data/data/com.zhangkongapp.joke.bamenshenqi/files/.umeng/exchangeIdentity.json

MD5 22ba7deda998f0ee7bdd0d52ca51ce85
SHA1 9fb11cb906454d628982cd059b42caac2b61f539
SHA256 15657d855bf822694504c8b8d1f8d85a7824b3ceaea1c1b9017924f00631fed8
SHA512 e94b34a39962a53377bd52cd06a4b5b5ece547999f12fdd0ad76620384c15e99f6439ac83839622f267128bf7838585ebf05310ea64a95d77bdd31ea1166989c

/data/data/com.zhangkongapp.joke.bamenshenqi/files/td_database2TalkingData/1715964871111_4271

MD5 624382890314ac5b126c2e2ec67955b8
SHA1 50d5c6a9c11ef207be5396631f4efa5c554054c0
SHA256 d251a9d1ae83fa340aba78ceb61d697797b198cdd83f58fa7a5f762207ac8dbe
SHA512 40429bb4df53ef3e30fccfbda67be8544bd89fb460de28ab50ae81fec275bd1af8a3029c7ac8e6bc77b5bf2248179996a91fedabae24d6798276123edf51a94e

/data/data/com.zhangkongapp.joke.bamenshenqi/files/td_database0TalkingData/1715964871285_4271

MD5 ca1040e81f01e8143d4ffcc8be29b91f
SHA1 1659dacb7a35807d46cbde80959188c30019b15d
SHA256 0e9d9efb4e80c606dc03b80443d8984780cb1dd0f7fc46ec2b4b7a44c66016a5
SHA512 d3becdb1629f768d4e1a2e55d51272661dffc3b6cb2d616f0b592a526cf62749917fb6555dcb9ffb281236d9e94832a1b6b6c418fae11365fecde5fd12abc953

/data/data/com.zhangkongapp.joke.bamenshenqi/databases/ut.db-wal

MD5 82c551125f46c920f9865ab5ef3990c1
SHA1 ffdde17c38e05fcce4ded790f14fb4f9a5bf88c8
SHA256 29906b6e4bfcc602d6ce9fc698ce759d26421a42b6556319414dd03826ea9e17
SHA512 277328de69fb130b3517df73447a9e3802fe0fdd779d2c72cf5c7d8c60f9ed2bb34de76de9734a4d55d0d1d0819b20a1b0f2582db34fdde2b8a4af69d15aa7fb

/data/data/com.zhangkongapp.joke.bamenshenqi/databases/ut.db

MD5 f64e8ecfaf88ef4628cc4a22de373753
SHA1 d4f461a2a3047cfb159e174c9cf1390a191d6c0c
SHA256 011a23e5e3d541bbe83f781b18546e46be921f4091570b491c03dd2a449f7293
SHA512 4b62b6d59e52d9fa1518236ff0a210d1027a2aa4f0f132e84faa2e5d9537a066aad589e449c591414a44be1dddacef27afa2357af896612a3a01867bf54e3e74

/storage/emulated/0/bmsq/accountSave/bmuser_share.db-journal

MD5 1dbf94e37a05f5b77dad5894849a5719
SHA1 cda3db547126b993197de7aa843f328501260d98
SHA256 42de34564e98389a12a7486beb2be996d9036c05abe06d1161f116b69867061a
SHA512 b12f53ca927c16e7cfec7ed8292b07d97c427d0552411a4bd8ba286df546551025e8eb8a2b71e8457361e3322d4df30bff7fb27f3bfce1b56a895dbcaa459f29

/storage/emulated/0/bmsq/accountSave/bmuser_share.db-wal

MD5 195ebf713cd9017583616c307d402f74
SHA1 582d0d92310d185a5f09668568d9c5c4c9904045
SHA256 10e965fcb3ba7e2b69146d2537a431551156b1f558f0a4789827ce9f37108467
SHA512 e069b6f465892f48f54d5525648cf9cb9142b9c471fc89b0d03fc57d9148bd3c19f3bd51e3018485cf2caf476e75ee61fb7ca314a7f01c9ee079bdfa292da83b

/data/data/com.zhangkongapp.joke.bamenshenqi/files/SGMANAGER_DATA2.tmp

MD5 f58f13d0fc991322df1eec4c68481464
SHA1 fac54fd6dfb4fa6e0b0f548eb024573dca8cd259
SHA256 1d3ba112a38305e67ffb1aa4a0e0e70b3a22809904675efecec0c949d0b76396
SHA512 e1ef5bbe84095b5ed02d1d9b23bc7e034b67715b3535473553a2d797b86ddbb81028e0cd5ccc457be1828893413eb368e04f29b7c3a2878f933a025153cca535

/data/data/com.zhangkongapp.joke.bamenshenqi/files/SGMANAGER_DATA2.tmp

MD5 e226bf9446849dc009baa24a537ac74c
SHA1 b6b4de6d0febe5a29c94656ddbf85823f20d6204
SHA256 f4748057d8d507d1ff277a03fdef8184f0e215e4be2de5315b48c647fb0d8a19
SHA512 0acf633e9b926ee1c43ba5f11357a9f31524a62e7487fe95b70feee27740197a4cf725c3a0aaeadb2fdc441ce4af69e0800ae23bb7a64c7525e7044ed49c6541

/data/data/com.zhangkongapp.joke.bamenshenqi/files/SGMANAGER_DATA2.tmp

MD5 6a8863dd4be7802445180fb86132a879
SHA1 318b6be6ca08b4edd3c0e949f0c4ee34b1b1b768
SHA256 003384a9be52ac8b293ce45c557533b3e72efebf1165f128bc9dcaee5b414e08
SHA512 21c52dbe0c216efc38950433e9601102dbb0abfc1bcf844e24da21e047cface75f0fabacb07bc38042bd46638611dbd6b7cc7a41e25c824725ec8112f0094780

/data/data/com.zhangkongapp.joke.bamenshenqi/files/SGMANAGER_DATA2.tmp

MD5 0438489e26550304ace8e365664531ae
SHA1 cb4e150d8a2f36dcffb61bf28f01f2c6313f30e4
SHA256 a179e2d846f440a85be5d1837704df7092888784914b38b61067568308ec76bb
SHA512 6e0782109933287e1fc72b2da6db675e4ec1b0d3cd17e95e2769fe362b4a880664d2159c5521f7b15d7287cf2671d8e73a93b570d16888cc4280a90c38072dd4

/data/data/com.zhangkongapp.joke.bamenshenqi/files/SGMANAGER_DATA2.tmp

MD5 94bef5f8de93f721a419210666c5da87
SHA1 e1a9a9c2d4727a0360c81587ec1dc6faa659920f
SHA256 3fca7efa0892a145a61ad51e0aa3cc2a323e54753bf106ab8b7dddba5b05f97a
SHA512 7b72fe1a750404353e5ca236651dee04c3744602e6f72b8885b43a592ba0975e56e44c031884ee6e5c236148f5cb9aa254a775458e74cb7e729689e7da531bac

/data/data/com.zhangkongapp.joke.bamenshenqi/files/SGMANAGER_DATA2.tmp

MD5 934d35d3b1de15c85d558f8609dc3bc0
SHA1 a7f014f1c50d2f81c354efd2c59d3f789559a147
SHA256 6536f8a8f589e5c91b593197167290fbb4c9be58da69b825be3372605b56a86b
SHA512 cc1f5efc2dd31e5e55320abb41f7fc09c08e2f4835b3b6fb3e75392bb4409ae91c355ac387be44cfea3e0304bfc89abf8255dd29684d8101b416eba29d74e768

/storage/emulated/0/.com.taobao.dp/dd7893586a493dc3

MD5 016ddd45f46f351f72fde0ea53bbe04f
SHA1 ca937fd27aa544eab8e39f82370c23d495aa85ce
SHA256 8b93b2f764605ff34b1e4256f78d4b5bbd8a3424ef5ddd6f47303bfd44964cf8
SHA512 51112e65fe24abdbe436e82e03ff550926c3185d9593500b5f951207e4b2d18e55a9aa72bc588e1b1cd7524c2db1e93f8f8d26d8b05855ed3c604423dcd7e121

/data/data/com.zhangkongapp.joke.bamenshenqi/databases/ut.db-wal

MD5 0f5f883de0c1e9c6d92e41382f7e86f4
SHA1 20a0429e02a9299dfeca5f26eaa08c25514bb482
SHA256 e1207f25c3607fb77f4cf93a8ec9db8020b07c56667bae047bd7e6b69b6e562c
SHA512 67f081b09f5499256f8b8d3e4ff22b67c7379257093b491e04450c9a99428965820342f75ba03bd1de1951fb9556b2a7e4f4ea2e8db88d4831612cfb6592f67d

/data/data/com.zhangkongapp.joke.bamenshenqi/databases/ut.db

MD5 2a2b4cd2f41589c2198c7b0f2ab4f006
SHA1 9fd8113690a13e9547b6652805bc676d0cd52eb5
SHA256 cb15a2792ed701bae3a955a0e93533f39cf3e7b23d38dcfda8d1ad9f8e9bf460
SHA512 085c3e4e309cb0da4f640f70e07f7824f48f0e8b8a45112218ad7c058089dff8285d856659adbce32a39c99868b6876c200e346c6afe5c27187b22fa0cfa1cf2

/data/data/com.zhangkongapp.joke.bamenshenqi/files/21c22f492aba3de8.lock

MD5 76720c74cbdbc653944cfe0f52cd1e3b
SHA1 580f3c8bb5a304c6a66f06332f235e4f865f44ac
SHA256 84c0ed2792acbe3ad35d141467a94af04a5867895ac5a54d61f75f93c2995bdf
SHA512 ef2f374f186d066956e818cebaa51b16cd12eb096212ed45cc776ad54c657fdd65e7102720adaf7d3dd1708ccb2dacabc239b4ed6db972dd2218fefc1f6150d2

/data/data/com.zhangkongapp.joke.bamenshenqi/files/0a231bd8575dcf72.txt

MD5 5becb7d29833fa190654bb077d397e74
SHA1 df785ce7bff99a84b76f5b040cd7653c4b23c1bf
SHA256 f0007a729c4a6e51765390b44c3973b44bb2a31c2bafae690a9d742fe7351af4
SHA512 86e081c36b529107a1e3122d9203e008ed3f3d73ace704f54c752f7ffe818432232f48964320acb33da469ffadcc37d713d451a0e7da7dc00ad7dd641c9e7bb4

/data/data/com.zhangkongapp.joke.bamenshenqi/app_SGLib/oat/libsgmain_312768000000.zip.cur.prof

MD5 4941ca3e0d86e3454ba0e5a6cf9a82f4
SHA1 dda0409fa4ed6ef98c048da689e67172466d1c9d
SHA256 4cd6908a14b2e70d624f9ca3f2d0772ff35f7b6e9db9230717521fbe62715499
SHA512 96d3a840e102300402933116626f3cb038b3de68602cb946e4176bc0f7a17df9c8ab3deb521529c2db649657bdbaac3d8b53478616a6a41403995ec45fefadfa

/data/data/com.zhangkongapp.joke.bamenshenqi/files/.um/um_cache_1715964931612.env

MD5 2e1f5d6ae7f14755c7895fac8987b17b
SHA1 296b343721382b661a760a5c7d29e823b83b6ffb
SHA256 19ccf4b00ad4b7de4bc171c9ebdf59876de2c5d4d93c6d15ee38b6170c0c0424
SHA512 0be5c5bd84870c75d9fecdae69334c0af652b1a6f47865e6ed26f804516415b35ec572457b8f372ac27b56016fcb8a0d92028459e02e29894475acf5d0deeb56