Malware Analysis Report

2025-01-19 05:03

Sample ID 240605-xxvwtsga94
Target 990250b1a1645d3b281b0ed5e074e4e3_JaffaCakes118
SHA256 235f2a0c73aaffa7bbd5b806ade3e3b61b03f1fb5b5c1d2c104d75262c827b29
Tags
discovery evasion persistence collection impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

235f2a0c73aaffa7bbd5b806ade3e3b61b03f1fb5b5c1d2c104d75262c827b29

Threat Level: Likely malicious

The file 990250b1a1645d3b281b0ed5e074e4e3_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence collection impact

Checks if the Android device is rooted.

Queries information about running processes on the device

Requests cell location

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Makes use of the framework's foreground persistence service

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 19:14

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to access data from sensors that the user uses to measure what is happening inside their body, such as heart rate. android.permission.BODY_SENSORS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to receive WAP push messages. android.permission.RECEIVE_WAP_PUSH N/A N/A
Allows an application to use SIP service. android.permission.USE_SIP N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to add voicemails into the system. com.android.voicemail.permission.ADD_VOICEMAIL N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 19:14

Reported

2024-06-05 19:25

Platform

android-x86-arm-20240603-en

Max time kernel

168s

Max time network

95s

Command Line

com.blackbean.dmshake

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.blackbean.dmshake

com.blackbean.dmshake:loovee_push_svr

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 bugtags.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 cgi.connect.qq.com udp
HK 43.154.252.110:80 cgi.connect.qq.com tcp
HK 43.154.252.110:443 cgi.connect.qq.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp

Files

/storage/emulated/0/Meach/Icons2/journal.tmp

MD5 8c8bcb7d36cb5a71729c00c4e7f2d330
SHA1 a352667c61dc45f43cae74a7102fa692fba98d3e
SHA256 fddce724f39edc9ae1df4f8920e512cfd0fe3a9017b32031f1ca0e9ec06a1150
SHA512 4589f9c835a12ddaa04617822b93aba809aa85b392dc8596d47368a31648c542a0eb96643ca3a8d21d31aa1a790580a3258afdc3d202d31c5a324a4b591ccb62

/data/data/com.blackbean.dmshake/cache/_KStore_/cache_http_api/journal.tmp

MD5 fa79244c9fe70f6cc813c4bece0d1bd2
SHA1 becc80a0d952cd02e9ab07408136498dbc82774b
SHA256 aafeabed5f0062912cd9016f90617308e1d8e320f09ac7dd65383498dc868371
SHA512 049bff76881d28a757bb8a573d9bd75ad15b6a93e9ece52b90cf29b433aba855bd6b0c39b5dd56bd86abeeae13654aa58c29f9e9483ace0963dbe5c7c8f05a55

/data/data/com.blackbean.dmshake/databases/molove_account.db-journal

MD5 8f844f6ac5f3f8330fc07909761b002a
SHA1 13f04e74dd1e210c35a8088f55dec3378ab3109e
SHA256 20895dab7ecadbe719e0f7903f5181365efb0af1145d8ba04f03260019794bc9
SHA512 423f0d48b858ee00dec533719b1b43494c6adf92d55f49a34680fd682110a62c845493abb652784d95bb4c3e42d87edc48eeab08e5d7e31cde9b6de07b154e2b

/data/data/com.blackbean.dmshake/databases/molove_account.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.blackbean.dmshake/databases/molove_account.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.blackbean.dmshake/databases/molove_account.db-wal

MD5 6c2ed2f42412baf198b316c8719a9f99
SHA1 a680f756f6fbd8ef1b48d774df973e689159479a
SHA256 5a1688b133165e0cd559f744d8b716262ca88f98e24e0e9e482e96f28fff9643
SHA512 9a3ab32a98c28e462137f2963edaf9547cb6663d4f1e1ed9401ac2c147bd7800290f8842007ca1dde023d545c335fa8a699b44d9afe43c94c6a0624bbe157621

/data/data/com.blackbean.dmshake/databases/molove.db-journal

MD5 00d2c3b1aff4cbd530d1cb5f4884c41d
SHA1 31ad61392926cb746ca24aa3dfca7f968987591b
SHA256 d753d4a92359deeb5eb7a1051cf5f6e38ac26e14d5f3c8ade0d470bea8b52388
SHA512 df69dec8216d6f7cac68e447ff553f2a928c839767867ba227e2ba588262c04179003bb70e7fbfae4ce7cf3165720c29580c4f2d4bdf2a76ac8d45e17e8072f6

/data/data/com.blackbean.dmshake/databases/molove.db-wal

MD5 9a22d19eaf2d98f9cc5fac9288eeee71
SHA1 d15bf9938a2da5a8641cee675afdbd5f07ff3aec
SHA256 2b9d61cc2828c9c5504ac087a7d13cebdf1d1871a5f7ecb5e7f647ccca763f6a
SHA512 a8cb7f9ad591f7fc4488f5b63f5838e25bf42010eda497749816469f312b943dc09efcb7e248a051fbea0cc44a7fe39c3b63f3730169f67912fd696605c0b426

/storage/emulated/0/Meach/Icons2/images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.blackbean.dmshake/databases/tencent_analysis.db-journal

MD5 eeccf38c42ad89e92bf2d71bde7d7c63
SHA1 3760d590299fd94b2cfce4b68a0048801aae3426
SHA256 5e395bdf7abd60a63f040c273e6319a171d8aca7dd9a9bf533227beb709952c1
SHA512 643348f7e7745e24fa87563824fa922fde9c68659377b26d9b11b44a051a36279fb5cf573d3ceb911b42372646ef0aef312844f3e27c6e1d20d39aa3c5777a78

/data/data/com.blackbean.dmshake/databases/tencent_analysis.db-wal

MD5 6889a81ce6d9594f1c0f6276b2aa22ea
SHA1 6a6141ab5e82c728bae1a88f3af8d46d0c9a692a
SHA256 08efbe337f79cb1e84db3a066fc9d1bef4d4abaac64bc8daf641782822acb30b
SHA512 84be10d70ac2bd5377dcbf2cbdfbda8ede345f047b0818401d9b8fb0c22a3360ba82c382d92d7a903c2c35163f903e779903423e7584c10237a1f0b3898d0b85

/data/data/com.blackbean.dmshake/files/com.tencent.open.config.json.100314375

MD5 f526172de1566b34fdcea744710d9559
SHA1 000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d
SHA256 8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940
SHA512 dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 19:14

Reported

2024-06-05 19:25

Platform

android-x64-arm64-20240603-en

Max time kernel

170s

Max time network

172s

Command Line

com.blackbean.dmshake

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.blackbean.dmshake

com.blackbean.dmshake:loovee_push_svr

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
GB 216.58.212.234:443 tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 bugtags.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 cgi.connect.qq.com udp
HK 43.154.252.110:80 cgi.connect.qq.com tcp
HK 43.154.252.110:443 cgi.connect.qq.com tcp
US 1.1.1.1:53 pingma.qq.com udp
CN 119.45.78.184:80 pingma.qq.com tcp
US 1.1.1.1:53 dmdvwww.loovee.com udp
US 1.1.1.1:53 api.weibo.com udp
US 1.1.1.1:53 dmdvm.loovee.com udp
HK 36.51.224.49:443 api.weibo.com tcp
US 1.1.1.1:53 disp3.duimian.cn udp
HK 36.51.224.49:443 api.weibo.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.212.206:443 tcp
GB 142.250.179.226:443 tcp
GB 216.58.212.206:443 tcp

Files

/storage/emulated/0/Meach/Icons2/journal.tmp

MD5 8c8bcb7d36cb5a71729c00c4e7f2d330
SHA1 a352667c61dc45f43cae74a7102fa692fba98d3e
SHA256 fddce724f39edc9ae1df4f8920e512cfd0fe3a9017b32031f1ca0e9ec06a1150
SHA512 4589f9c835a12ddaa04617822b93aba809aa85b392dc8596d47368a31648c542a0eb96643ca3a8d21d31aa1a790580a3258afdc3d202d31c5a324a4b591ccb62

/data/user/0/com.blackbean.dmshake/cache/_KStore_/cache_http_api/journal.tmp

MD5 fa79244c9fe70f6cc813c4bece0d1bd2
SHA1 becc80a0d952cd02e9ab07408136498dbc82774b
SHA256 aafeabed5f0062912cd9016f90617308e1d8e320f09ac7dd65383498dc868371
SHA512 049bff76881d28a757bb8a573d9bd75ad15b6a93e9ece52b90cf29b433aba855bd6b0c39b5dd56bd86abeeae13654aa58c29f9e9483ace0963dbe5c7c8f05a55

/data/user/0/com.blackbean.dmshake/databases/molove_account.db-journal

MD5 bae6821f023af93f002f7a600415f1b3
SHA1 40f8a0d33514e9f1f5e3c50c610f64acb876141a
SHA256 50da8663e9b6d206aacab89ad38d1bd5f610106de341934acabff8b936817f28
SHA512 5adbdfbc1a9441607b55b93223721eedc13f08ce65e215df0c4eb969a8d53099084d6636afbc50f00c779d1aa603546e5a25b251c463bf7039e5d5e4d279f8e8

/data/user/0/com.blackbean.dmshake/databases/molove_account.db

MD5 837ac1d8d1a17220d8aad5f01f9199d8
SHA1 37de4390d01ebe0ac1e8b474d56cab60bde71f6c
SHA256 d50724cbf5277d669e7a7b63a31519693055b4a0bbe5848e5595c948bd5e04f1
SHA512 4acd7dd282602bbaf2c8421d48a1274652ca05eea76e4ceccbca51f19f2c39107c983742ddb2e94b6ff1e4e15282cff040cb6f6d1399700f3f3f40f31042b57b

/data/user/0/com.blackbean.dmshake/databases/molove_account.db-journal

MD5 6f15be2370168b3ffa42b98119a49b48
SHA1 bc650d504afa4fe551fb087780f8610a7fec12cd
SHA256 48a07024793d74f6a1927dea90bbb1eb404afc736f27a8fdbbc39c80ad4f2f72
SHA512 3df70c2180280777d49390ab647d58b72c4cecc0817ae790a6b811a5f5c8cbcf186505a0efc000d08dc8f157df629b7db65088d941355ff26bf8dfd85cb553a1

/data/user/0/com.blackbean.dmshake/databases/molove_account.db-journal

MD5 d26d8774679c24339ad91b587de36183
SHA1 ffb2fd5d0673f0a8a7713ce6bd9a701ea9921265
SHA256 40ee40660e38bdefd74feb5730d08a6c7df3a42cb014cfa4c1132a388860532d
SHA512 ac382bc1c9bf218e7e260efb06294404cd112f0a1675e80ef14375eafe388c958a235f1ba92917a933bea60eecc1291dca8519d57606268104c28ea58d617a6d

/data/user/0/com.blackbean.dmshake/databases/molove.db-journal

MD5 9173d807d39c4846816322ccf1fee53c
SHA1 784f1f6ff2e925eb6136f40427b210ecc66334f2
SHA256 ec3ed05da6209c31eebae90a4eaf42503a72ae4febbf05cbb77e307424b81d91
SHA512 367584ab7500a5f01e3159c11ab597f3cf08a74269898d2674d2e669e794b5a093c83719c8d6f8e6b5074bd01bfe5cc5aeb80374f0a2eb90c5c74855aaa5184c

/data/user/0/com.blackbean.dmshake/databases/molove.db

MD5 ebfdc47aa4e6af57b245057f82fddd5f
SHA1 35f415090705e4c102b93ed20001ec31f1bf7fc7
SHA256 27da90ee5c508eb19b6b4a51b14819e5420a209cd91dcf10f3cdc37cadb7ffd5
SHA512 1a37fe9c49489713b7cf208ce0edf5529ce873a2490dc42913aa764fa9f792407f37b9725daa53dd1bade04a96f74f7ae3df7c8205741284bf4571755b1198bb

/data/user/0/com.blackbean.dmshake/databases/molove.db-journal

MD5 f051f9e1e3f12e3706948621d6ebeacf
SHA1 8fa1a0f7da9c41b8d9f2517b5697f8dd6b3c6564
SHA256 46032d4a589df8060039806a0609ad017004ac3f30629d5ffd7d48fd8194c18f
SHA512 55d05b7e17334eccdce20ad2412e52c0f74400017355869d66ba7d8f14e6f6eb5fa7148126c2c5ca429dfc16e66e216d75254ce51f4a8cdf8a73dada7d75cb85

/data/user/0/com.blackbean.dmshake/databases/molove.db-journal

MD5 70f82c25a6eecd0c610a0baf25f64984
SHA1 e24b92f2e6d6f45bec93e9129095f461345ad695
SHA256 f4f3da9c47d3af2fa0a502f574f53aecdb91b1b435f92740b774683a91bd1fc9
SHA512 3378b008a3f8149e1eb4387a3a661218e952940302382ad8289daad517d85bfeaebcf7bfae87e1c0026e87fe2e89791c072a086a6f26742c6fbd5da429da61fd

/data/user/0/com.blackbean.dmshake/databases/molove.db-journal

MD5 b3f3133f4f49aa94a38acdc77a3cd796
SHA1 2d33b8c306d03fe50e9421fdecc2e07cec0aa18e
SHA256 18d3e5294daf69cd26215f3c8e7079a18ecc7c7f80f8c9bff18bb9287b76244e
SHA512 41ba97e01d402c9b8023a1b9339550816adf94566fb475a6f464ac918bae946338d7b97ccd3ab093895689f8b99fcafcb5f2e24e9775d0280a2b154c732c8ea0

/storage/emulated/0/Meach/Icons2/images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/user/0/com.blackbean.dmshake/databases/tencent_analysis.db-journal

MD5 d4e12bab5182a6dcef031bfd0f941df5
SHA1 2f77fe937037ee3b988fb2904ac3f37952422e28
SHA256 a85c491417711073d035fa6623b58dcc71c0ed9f8ee557e1c2a6bbcb55fcd828
SHA512 f28a30ba17557695a531a75bce333a2e128df6b509903a12d61306b60ae506e6d02ca8208ed28b8a084db0a85c1bda278025118f51c4f94d25c659ff9cc6d183

/data/user/0/com.blackbean.dmshake/databases/tencent_analysis.db

MD5 646b04cea4d692da476e45a55603b510
SHA1 0c64eeb2daae392c03ff92ce64098aef7492c42f
SHA256 c0524035757ea1253ab883d7f3638073a70d00047ea51baa201b0403df496cdf
SHA512 316c39feeb977ac051d3567ba20a0b695de1948f3884529ac93b987393b7853673e1b02562ad2e098c47617cd5dfa53aec6e4785c49aa5471b3919ed7c6fa4d8

/data/user/0/com.blackbean.dmshake/databases/tencent_analysis.db-journal

MD5 2db2d74085491b92151df45ecd79c039
SHA1 8359aef905347f4abc44ae76c64327a0bfc51a18
SHA256 9f14380332f5f25f6bacd1552f6f4c6460bd80ac28b1d37ef502d46b25e8d4c5
SHA512 53b0db2424e61efe6292aa843a1f5c36b6c2fb139f8f435989b0d202cdfaa65bf2bc032ec2f61615dd13ae5d5d23aa5f1dc6f2a07396e5bb727671f32e94dfb0

/data/user/0/com.blackbean.dmshake/databases/tencent_analysis.db-journal

MD5 08759f5aab0d329070cd17f061ea328a
SHA1 69aa9de1860697c277117f8392aa54221effb78c
SHA256 b936964da2e74891f286c22390f797fb3836dd1f96b3f233463445a21a17e2a0
SHA512 142658366d71750d9aca9e3bbf7a969c98aae225cc0d439477fa66640e6e15e6921540172acd81b384f2aedf86b46b0dddade2cf5d821b6c8db285091d181eaf

/data/user/0/com.blackbean.dmshake/databases/tencent_analysis.db-journal

MD5 3e915abd178f010d6b7ce02c79dbc55f
SHA1 76e3b0e165a592d5492ca89d3b1f3bce2964ea54
SHA256 bad4f44979fd32756ea2c4c13b7de12ba6d5a9ccc8f2f61e4abf4cbcd8abca7b
SHA512 890a869c5d11702ede17512e7ccf215da53d6c96f179cc3f4fb0f50f0088dbdffd27fa2aa82c973e290996ac310d78ab755ec0da8fa44b3ee2c3a8bf54edb668

/data/user/0/com.blackbean.dmshake/databases/tencent_analysis.db-journal

MD5 77e4c22697c37ea9c6077f6be44ca0c2
SHA1 e31f4ff493d6d31271e798fdc0499eb579c3e567
SHA256 c9163afd8f49375f300051fe8555ea5a2459d9916028af8e27dabc7e83509434
SHA512 5db3de9b6e1d31011d3760e5332b7504a9c1e1d6688d12fe793cf92ebda9e9901d625100a4001d7ba4b953411cb06ee320a6a291e4b6fe3b9e669c4bf0ef9723

/data/user/0/com.blackbean.dmshake/databases/tencent_analysis.db-journal

MD5 12c484fa64440f2d5cea4f87cf799b13
SHA1 16974ffdca7937d1fd96e89bc346666c252348a8
SHA256 f34f5e3c2de9cb345b80baae8936e9b7d5746a262e2973d8c3112a35ca08eb8e
SHA512 b4669863a61fa2f4aff8a54f06ad1c669b7ee8c51a3bf90bf33aac4ad5427d6d861ddffa5f676a976d88d61f5489f7f307ebde6e99ff600bbf21d8c32bfc1d6a

/data/user/0/com.blackbean.dmshake/files/com.tencent.open.config.json.100314375

MD5 f526172de1566b34fdcea744710d9559
SHA1 000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d
SHA256 8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940
SHA512 dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d