Malware Analysis Report

2024-09-09 17:50

Sample ID 240613-fl7mtayekj
Target a3e574122b0146d9be60feab2c532c29_JaffaCakes118
SHA256 dbd3ed439189d9c51bbd915d2d4592b340595a4c307ce76121e4fcd756edff58
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

dbd3ed439189d9c51bbd915d2d4592b340595a4c307ce76121e4fcd756edff58

Threat Level: Likely malicious

The file a3e574122b0146d9be60feab2c532c29_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:58

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:58

Reported

2024-06-13 05:02

Platform

android-x86-arm-20240611.1-en

Max time kernel

154s

Max time network

189s

Command Line

com.kwai.sogame

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.kwai.sogame

getprop ro.miui.ui.version.name

getprop ro.build.version.emui

getprop ro.build.version.opporom

getprop ro.vivo.os.version

getprop ro.smartisan.version

getprop ro.letv.release.version

com.kwai.sogame:pushservice

com.kwai.sogame:link

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 im.gifshow.com udp
US 1.1.1.1:53 open.kuaishou.com udp
CN 103.102.202.85:80 im.gifshow.com tcp
CN 103.102.202.158:443 open.kuaishou.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 link.gifshow.com udp
CN 103.107.217.28:80 im.gifshow.com tcp
CN 103.102.202.37:443 open.kuaishou.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 103.107.217.68:80 im.gifshow.com tcp
CN 103.102.202.108:443 open.kuaishou.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 103.107.219.38:80 im.gifshow.com tcp
CN 103.102.202.118:443 open.kuaishou.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp

Files

/data/data/com.kwai.sogame/app_crashrecord/1004

MD5 160ce9d9eae67a64b7e785150dfd8de5
SHA1 1843ad282d92c89a03d2c9a4e014893663c21378
SHA256 522913053e60ae925ebf8f060bf20ae2c659559016098bb399a2ebe0e0eac41a
SHA512 b116b039f11515dd1076022ded3a3e622e8d45fc9a02390bc3ffe46af46b37e7c4fe0c5d4671d337ac689361120de56b54ec1f0ec0739ea43f938b362cba09ce

/data/data/com.kwai.sogame/databases/bugly_db_-journal

MD5 a45f798fa7f60f1d518f52d5f4e5b8d8
SHA1 e9a6260dda39e790948794ea8731f0e84d0503a3
SHA256 abd9ee0f68d4da24dbf8a54ec311889665401c6c68699bc4392d52cfbf2f0f5d
SHA512 93ce3ea69d6abd5c8bec38b4f0c912c3992b981274ebbd656f41aef5b7ec33ec0593282421f2c81fd26dd9dbd08ae52071716151abdde2ac968a4f9c74d2a282

/data/data/com.kwai.sogame/databases/bugly_db_

MD5 a9dd5cc105dd5c1f01b5d8ace9fe8e88
SHA1 cf8f96b72eb02042b52cc5e1ede5c3b39ae0316c
SHA256 63e90a66dd20d4c09564bbe0c05d5684e75703f3cd4175875d1987f56675b03c
SHA512 966c5c2b2e7958aca7eb58a74fef211aebff1a314e3534dc1017ef2a761d52669a98174f6d51da648b38bdea710803267b42037df42ec34911ab270670bd439d

/data/data/com.kwai.sogame/databases/bugly_db_-shm

MD5 24aff05cde1aeeda1dae5c1dc90797f8
SHA1 bc0ba532dd38175fbc0e33cb335b5ad1c4483800
SHA256 ada8b657362d0faf48f81c0a487d2e0c8dcef85bb03d25b7c0d2aa837ca23bc1
SHA512 2fde305f0d88d394410a8482f3511fb95cb4fc60f0190fd587d57be8fd1c916412cd193673cca95e4b9698589a89de0ac3fde5394eccc2ef81081cb7a17a61bf

/data/data/com.kwai.sogame/databases/bugly_db_-wal

MD5 eaee82081190c363a77f8e059385cc13
SHA1 3990ae78af114cd3906e44e07bafd77716c1a97f
SHA256 1a2e39896f438aa03ccbb6d36f9138be49a2b6bb19b40e7b431a840ca53a6a10
SHA512 a7703046e343cc34c49146c8b7972e3f08ee2abda4bc959a5d07c8d7b2540b1e8691c60f2a91ce95d53249256729af896e4f8e31a31caab14132c14fcf34b252

/data/data/com.kwai.sogame/app_crashrecord/1004

MD5 b0f9e23bef9b10e6ba370d9c9ba49a4c
SHA1 82c943b5d747fd96504e146a78580706ebf74f02
SHA256 6f7917a8131ce42ee301bcf1598f2169ecb2ddcd35d0459079439d9a284f93e0
SHA512 3b3598743a2729eae5eeaca2f4575402ee6b671b79caf69404fee6c0d1c3ab0166f591b023a16ab585e5763b403901968298871dd69aad02ea5983e456e0b2fa

/storage/emulated/0/log/tencent/liteav/LiteAV.mmap2

MD5 6501bc90b59d0d69861992c40ca37c7a
SHA1 b8963abd3a9c5ce2dee11516872fe0a2a0d7aa5b
SHA256 8faf78175263698e3f90687d09e4c9162ef0c909b03341d07149f094c4aad043
SHA512 793c6e3df7a298b017f5ae318b08fc7f9b63d0c06982568a3cf4d2d4da1f440ded551f4022e9346e8401b53e08e7a3197ae5696de5ca32c7c21c89bbad6047fd

/data/data/com.kwai.sogame/databases/MyStatistic.db-journal

MD5 ea6d6db468006b0d9d05bec2225f27ac
SHA1 d52bcfbae5701ef354d8c479c2659a41c154b2df
SHA256 3e28fd5c9c5389aa69936f71c9b7b7a4406405b043ec90570187d948c640b47c
SHA512 8d1bc88cbcf6ce1e78ff531ec0d2a62cbdd57022c19c1e73ac382b97119a47572f3b6d4424d5627361cd4ac9851ae6ceff3de392dd150ef5daae3e85931fb83a

/data/data/com.kwai.sogame/databases/MyStatistic.db

MD5 1deb6b895a2280f63ea2f3783f0a5ebd
SHA1 c01eee51a200d2007d3972b551e2515fc8f96d95
SHA256 c14b81f1de9ea7414f9ab576df19d63c1d4f22750ab37f0800a7a0ee6a15a70d
SHA512 269affd56d83a323141c44f786128a60d501d4e0ede0c4b7d9b5757a2e40851872c801dc1355c62c0607b95b1e42e2bf0b824d0230e1455655d1bb020c6a45e4

/data/data/com.kwai.sogame/databases/MyStatistic.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.kwai.sogame/databases/MyStatistic.db-wal

MD5 5be99a953975142e2c809a5dc24ad80b
SHA1 fd36d866436fa00a64b5390a31e53dfb25e5804b
SHA256 70f9df6a90fd71086a632debf1247e304247c964cfd64030d2b2004fe20c9639
SHA512 ab8816b02149bf4d275e8dc2c4a5dc5a29b4b3d4aa4391cbf2d0849a27a3842c27f1d693385c932d4bb736d3e322137c1b03079ec32c3f76638b9d00566f903c

/data/data/com.kwai.sogame/databases/ua.db-journal

MD5 bad2e061c6a848b24cf4119468552972
SHA1 1c3eea5fabf8192f72e3d47b66b959f9b22f0cc6
SHA256 6d5fcbd91433cd191527f0e1f1ddf8c22c2c5031a656d97cbf0b43ea79cf9d70
SHA512 a692ce7777e2fad26d8641a7128e9454e73f79e8b45639d7aeb1ab9ff88a226470aa4dc797bc11eb2ab6876e419511e2e4c7f3e1ddd4dc262ebdd9d5bad604fd

/data/data/com.kwai.sogame/databases/ua.db

MD5 cc5ef6cfd40d903e3f811790fae56dc5
SHA1 38cca876378fe1bee4d723189812973abc1cf9ed
SHA256 2a2d1351092c48d80f1a9bc550e56be0a7e550358f32503a49ca04951d35e695
SHA512 1e32c1db31bcaf2fd4b4765fce0fea6d29e99cd1fc409033d88b02ee6f486b83af6ea642798656746be998fe970acec6800f3870ec5aa8ab3105f764b637686a

/data/data/com.kwai.sogame/databases/ua.db-wal

MD5 9f600c6974ae5efb39a209fcf2797048
SHA1 64138612213ebcc9782b29a017e1288d793d7b74
SHA256 1d5dd20b2aa6c9e01dfc7610182bae56c00f86a158dd643f7a1f95bc27feaea1
SHA512 5fced5b639398b9527e44745ab11d2099a934bf173b725053688e7c0e66e32adabcd002d8305cc028b87c126f1f6fa5590e284fe84d6e19393c2f1d98b04b7d4

/data/data/com.kwai.sogame/files/tiny_data.data

MD5 08b2961e9ca8050b6dae517e095f6427
SHA1 10da165958df4145f7f0853839549cd54cc9032d
SHA256 e246d4f14613060191c6007ba8bab827677c9c527eb0d89e9952d13a8f9bfab5
SHA512 431855f55d6f91767e5a7972c2529914d41fa5650c8ae926c435a47f1e4456cc0ea1c617863ddfb571640bbfa1414900dcbba1f8e4fce426f2eedacad57a1431

/data/data/com.kwai.sogame/databases/ua.db-wal

MD5 00864333e2a8ee7e6266a07c5f5422f4
SHA1 3f39bb50fff9b2d29028c789f53fa2493b590145
SHA256 cfffa729facbfb8be2bbf9d3c5af38beec1666920697270074710505c42be213
SHA512 480bda57019cad010b2f2618ed678d9c066491f86fd9809df1d87bfc18a805ce15231b7280863812422b4bf49fe20b07224aba81f44357dfa179123610c3d2a8

/data/data/com.kwai.sogame/databases/ua.db

MD5 35fab08c8300e09f35b35ffd50c9a943
SHA1 68661e4a7fac388349b2dcb166969ad2fd52ec07
SHA256 00d17e1ec2261c4d1c7944605d9793b3c9df9073daf951b0d27bddcd995710e4
SHA512 90e0325863c98c6c75080b4f09ddfda32ffba8f3f26c59b5da1309cdd43afa70f7aad3ad1c2bd44233830d48aae7439609f80d49ad20e68438f9b9305e1e265c

/data/data/com.kwai.sogame/databases/cc/cc.db-journal

MD5 2118e6e7505fee2a20e84f1958b02509
SHA1 7317bc7dd9ec82cbf86197e565458f69c75dac8b
SHA256 055e8e5f810a5130dc76fb6447980117448b033eb6bc2ee02967f1bbb11b93e1
SHA512 5594a5824c43018b2f388a34206783d1aef43f1f6d924495493437a8024ecd1794bbb6e235ee7f869a38758220fa1e578efb391839c4bb3be6c7665dbf12c134

/data/data/com.kwai.sogame/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.kwai.sogame/databases/cc/cc.db-wal

MD5 a4fb991c7f48eeb4652479b7bf04adde
SHA1 2d5d5f24c581a68b74dc591a9ce15c82e15ed8df
SHA256 f283a0ee603a44e1d8caa18f9f0d9ca01f924c3fa2a9bf03df58f65c5bfc181f
SHA512 390f355010416d740f4582745be46def8be54602073352e4fd3fcac2c674f11b6e1f51a2f7080670eb946b77b6afd32d7b9aa08dd1edb6157be121cc19562dc4

/data/data/com.kwai.sogame/files/umeng_it.cache

MD5 b1b4744bb44f84b2f1e4a9f786da0e67
SHA1 c56e8670796fa1bc2c06d7413f519109d079ef93
SHA256 25f251c9e0f39c2da612e0d65c97611c35ed4dd8b180ac1eb1d2f608a941bbcb
SHA512 162c763e4f358c4dd53527eea28f7e34f27fbfc3087af8c402de90ed753b63528e5455bf8c75e64167226503b8b4e600f4ebf93412e3b0afa42671880d73f0cc

/data/data/com.kwai.sogame/files/.umeng/exchangeIdentity.json

MD5 9480debb9b452bb2bf87179082a12385
SHA1 d37149aee497a4b3f5ba87113fc0122e0ee3d6fd
SHA256 9d2a4caca375f87222f1845ebd3d6a16a9e0ea53ff74ee4d747aa6f6543d3905
SHA512 c043365b7598a0a1b2dbbb839a1ac9507b87f36ce19ccbc89c6adf110b8b802b7bd260b8787c1daf5df04e77b13c7298a950db4f05d64d7af1858e0217c7d411

/data/data/com.kwai.sogame/files/exid.dat

MD5 1b89b453d20702fdbc6afd43ef50d443
SHA1 218fdf0b1944841f680dbb5fe0551c4cd49f864e
SHA256 90f8e93f1430f1caa06bbb40cf444cd1ea035b6871d210774a1053b2e055fe88
SHA512 bc8176f9a89aecf3c2f9c70d86ee19a9df25cf0d09a9418ad5353a5c77c4529a38402f0fc185010a1558446f5deec254e650dcc3fc35ec24cf087912048c6ddb

/data/data/com.kwai.sogame/databases/bugly_db_-wal

MD5 9ead7a65899be1d42c9f910936337d8f
SHA1 97a6c448dd84a669890be3166b704325b05d1626
SHA256 0782f86db4193d1891985c1242eb5e41e8bde1aa0a8a58c369a85794c3adf75d
SHA512 0d9f208b7a829dd2f877332c3814f229c7de38df78a195129f90994396491227f757f146d74823641b8116a05f71028e767fb2111be9e86c23b9aac4f9829639

/data/data/com.kwai.sogame/databases/ua.db-wal

MD5 949036ca5eff4d16123c21315075d633
SHA1 1aaf81e367024b6ffb12c9a18aa423d7bf603efa
SHA256 4de79fea0e36a726005f5e28dc0a97f9db7e38bf4d5500b9634de2c0dcfcae8f
SHA512 8a8a3e9f84ef88ce67acb9b10a40a05b897ce3e6c59b85f5203567849640291676cee8389d9dfe1e5e15d4dca7ede5c126071ae13957cbe2866dcb70a347399a

/data/data/com.kwai.sogame/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.kwai.sogame/app_crashrecord/1004

MD5 cdd80a94b748709a1670cc81a7dd9dd7
SHA1 8aa4764e78e2f8c576ffb531c7f3b7877c0a0177
SHA256 793797fc51a71ec1f23482be3b3728346e64721d9bf72ead707d97f815196567
SHA512 a3e2e476762fd3598b447831d3e180c55ae9b0dc77283e9054124e4126f867af639543590ebdb04ac807c6c285c2345ff6804758a554e964a299d8bd2488f8f8

/data/data/com.kwai.sogame/databases/cc/cc.db-wal

MD5 f271e34ff490d1ccebc4d17ed9657085
SHA1 ca2c2b4a9c1702b449ae3e5170d3c2ffb0bafefb
SHA256 42150cd2512755e8bc27ebd5dca11c732df5015060d111dbde746c746345d8f6
SHA512 69a05a5103f12f382cb51cf15e6baaa118c7b978aac78edd6e9e6568236c3826d6680e952edb4259784397f364b1f23da05faa96774a7311d5f45bef3d4de017

/data/data/com.kwai.sogame/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/storage/emulated/0/SoGame/log/2024-06-13/1.main.log

MD5 9d3352d691551190d92aa452df27a4f0
SHA1 729ac372f2ff89750d514d2bb1ea2bd7e68708b9
SHA256 80ed755ad7bd0226e7d3f08999e8fd0973125b1462b41168ca104ae789d08131
SHA512 43c39fa01ca6a18782d28026786bbfbc68376c039d0eb47080b50ab4499b6f771fd8026fbb22743ff9b114507aa84ea14f623e211c9c1234bdcd344fa9c0ac72

/data/data/com.kwai.sogame/files/.imprint

MD5 06b51699a8f93b5274cf3c5b6a5a6801
SHA1 1d645375ddb73b0b207310aab3ff447d93e5fa6a
SHA256 8026e94904ff2dac8cc361ef500994e7f0df070e030f3e576c2b3d8ed35452b7
SHA512 facd378bc28fa91823dfa6070b94c4da56ba97024f0ba23b58a0526d8686dd313216e16409471523d57736ede7fa5a727b7d0eed2c59bd230c773ce9f2928a52

/data/data/com.kwai.sogame/files/umeng_it.cache

MD5 0acd54c622d83a1e02c79808fd525200
SHA1 289acbfeabb16db768cbe704ebec6fcbc9510789
SHA256 6581794cc8e5c9fe5e2e89458c57718f9cc8dc475d62fe9df19ae37064b4d53b
SHA512 abd89ceaede011f07d7a97140c8551145a133902f43aabeb27d3cad6eb308d284d581feb34b75339df633ce90910a831efc5cc34e69bfa049497e8ce727c9f3f

/data/data/com.kwai.sogame/files/.umeng/exchangeIdentity.json

MD5 34f43ba587db739c9486dfd5e17ec85a
SHA1 ea5b989ac1e5bfa83b152cfb1425700673d6597c
SHA256 b94620dd0dc78dec87574ac1542f6f18e30534529b4c3fad238762be37af5b32
SHA512 7cda564751ba82b14e3119332aadab5a85664e387bd723cc375e43aa3114796daa5de4e850eac9c8ccfbc2a1fa143b126c98571e41b89f4c126cd323f43071d9

/data/data/com.kwai.sogame/files/exid.dat

MD5 d7b700b2ad077df3feef090c2b880a8f
SHA1 c7d08962bca96a70258dfb4af70518c5406c0fd8
SHA256 a34d12a8ee536eda2824c72f93abb3ed234b0abdcaa10894150279bbd3026873
SHA512 3e14f4490c94dc2a38784c6911fd70b14284279e07d7baca40083f6947479dd8d59abbd1e5c96467cb3527a9d3288b7f5a36b309848b1dc7c298f0ed3bf9380f

/data/data/com.kwai.sogame/databases/ua.db-wal

MD5 182ff4898c367b5778632c2e87ecac92
SHA1 6b7c9de18a8f87a5bfd825ff8a22565ee96bc91f
SHA256 28a391249d54877b8a0417d4a038a49789a9f36ffeadffa0b614531e14e7e0c7
SHA512 3a41fdc610ae9c91b892cb898e1bdc55403d677340c280fa0d94a69f846a9b369b57662c231cd8f3c7804433d2bc779f9514b9f17167608315ed4e872f125f12

/data/data/com.kwai.sogame/databases/cc/cc.db-wal

MD5 19e53a05fa93f5dbcbba07850ec50c13
SHA1 afad2e43b5b053422ae056cc7d6da52f9782116d
SHA256 f79cbc51852e7991b1269aded604b97e6091e2c3350ff72bad3e8633441fe847
SHA512 0c77dd0fbd237d833d5def3febb1cd45b386432eb32f66724f88ebe8ef8b59360f7baecb3e5b6d15c7fad4c2128112f6694f7373df813498ca1e9c7cbdc19552