Malware Analysis Report

2024-09-09 17:38

Sample ID 240614-j1p8vs1gpd
Target a8aa28dc1517eeb785a3f85e5b99f151_JaffaCakes118
SHA256 24130082d02ff01e9f10393fe18c254096b3f8cfda37b00dac58a5409f6efd6e
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

24130082d02ff01e9f10393fe18c254096b3f8cfda37b00dac58a5409f6efd6e

Threat Level: Likely malicious

The file a8aa28dc1517eeb785a3f85e5b99f151_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Unexpected DNS network traffic destination

Queries the phone number (MSISDN for GSM devices)

Queries information about the current nearby Wi-Fi networks

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 08:08

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 08:08

Reported

2024-06-14 08:11

Platform

android-x86-arm-20240611.1-en

Max time kernel

178s

Max time network

187s

Command Line

com.kuaikan.comic

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 114.114.114.114 N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A
N/A alog.umeng.com N/A N/A
N/A alog.umeng.com N/A N/A
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Processes

com.kuaikan.comic

com.kuaikan.comic:monitorService

com.kuaikan.comic:QALSERVICE

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

com.kuaikan.comic:QS

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 sa.kkmh.com udp
US 1.1.1.1:53 api.kkmh.com udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
HK 101.32.198.237:443 api.kkmh.com tcp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 101.32.198.237:443 api.kkmh.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 maabiz1.chinanetcenter.com udp
FR 157.185.129.26:6666 maabiz1.chinanetcenter.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
GB 163.171.146.43:80 mauth.chinanetcenter.com tcp
HK 101.32.198.237:443 api.kkmh.com tcp
CN 59.39.31.36:80 conf.mcadn.com tcp
US 1.1.1.1:53 maabiz1.chinanetcenter.com udp
FR 157.185.129.26:6666 maabiz1.chinanetcenter.com tcp
GB 163.171.146.43:80 mlog.wangsu.com tcp
CN 59.39.31.36:80 conf.mcadn.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 www.3322.org udp
CN 118.184.169.48:80 www.3322.org tcp
GB 163.171.161.11:443 mlog.wangsu.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 120.46.131.222:19000 s.jpush.cn udp
US 1.1.1.1:53 maabiz1.chinanetcenter.com udp
US 1.1.1.1:53 urd025.analysys.cn udp
FR 157.185.129.26:6666 maabiz1.chinanetcenter.com tcp
CN 103.234.21.36:8089 urd025.analysys.cn tcp
GB 163.171.146.43:80 mlog.wangsu.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
CN 59.39.31.36:80 conf.mcadn.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 163.171.161.11:443 mlog.wangsu.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
HK 101.32.198.237:443 sa.kkmh.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
HK 101.32.198.237:443 sa.kkmh.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
HK 101.32.198.237:443 sa.kkmh.com tcp
HK 101.32.198.237:443 sa.kkmh.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 maabiz1.chinanetcenter.com udp
SG 138.113.53.147:6666 maabiz1.chinanetcenter.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
GB 163.171.146.43:80 mauth.chinanetcenter.com tcp
CN 59.39.31.36:80 conf.mcadn.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 43.137.70.64:80 lkme.cc tcp
HK 101.32.198.237:443 pay.kkmh.com tcp
CN 120.46.131.222:19000 s.jpush.cn udp
HK 101.32.198.237:443 pay.kkmh.com tcp
HK 101.32.198.237:443 pay.kkmh.com tcp
HK 101.32.198.237:443 pay.kkmh.com tcp
HK 101.32.198.237:443 pay.kkmh.com tcp
HK 101.32.198.237:443 pay.kkmh.com tcp
HK 101.32.198.237:443 pay.kkmh.com tcp
HK 101.32.198.237:443 pay.kkmh.com tcp
US 1.1.1.1:53 m.data.mob.com udp
HK 101.32.198.237:443 pay.kkmh.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 114.114.114.114:53 sa.kkmh.com udp
CN 175.25.17.120:80 www.qmlog.cn tcp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 init.kkmh.com udp
SG 138.113.112.211:443 mlog.wangsu.com tcp
US 1.1.1.1:53 ait025.analysys.cn udp
US 1.1.1.1:53 qiniu.kuaikanmanhua.com udp
US 1.1.1.1:53 www.qmlog.cn udp
CN 175.25.17.120:80 www.qmlog.cn tcp
CN 103.234.21.36:8089 ait025.analysys.cn tcp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 api.shuzilm.cn udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 47.95.162.60:443 api.shuzilm.cn tcp
GB 43.132.64.190:443 tn1-f2.kkmh.com tcp
GB 43.132.64.188:443 tn1-f2.kkmh.com tcp
GB 43.132.64.190:443 tn1-f2.kkmh.com tcp
GB 43.132.64.190:443 tn1-f2.kkmh.com tcp
GB 43.132.64.190:443 tn1-f2.kkmh.com tcp
US 1.1.1.1:53 tn1-f2.kkmh.com udp
GB 104.166.160.228:80 qiniu.kuaikanmanhua.com tcp
US 1.1.1.1:53 www.qchannel01.cn udp
CN 49.233.236.43:80 www.qchannel01.cn tcp
CN 49.233.236.43:80 www.qchannel01.cn tcp
US 1.1.1.1:53 lkme.cc udp
CN 120.53.207.65:80 lkme.cc tcp
US 1.1.1.1:53 api.exc.mob.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.94.137.180:19000 sis.jpush.io udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 49.233.236.43:80 www.qchannel01.cn tcp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
HK 101.32.198.237:443 init.kkmh.com tcp
CN 43.137.70.64:80 lkme.cc tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 120.53.213.210:80 www.qchannel01.cn tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 120.53.207.65:80 lkme.cc tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 120.53.213.210:80 www.qchannel01.cn tcp
US 1.1.1.1:53 tcp
CN 120.46.141.4:19000 udp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 43.137.70.64:80 lkme.cc tcp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 121.36.15.222:19000 udp
CN 120.53.213.210:80 www.qchannel01.cn tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 120.53.207.65:80 lkme.cc tcp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 123.60.79.150:19000 udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 43.137.70.64:80 lkme.cc tcp
CN 124.70.159.59:19000 udp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 103.234.21.36:8089 ait025.analysys.cn tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 1.94.119.240:19000 s.jpush.cn udp
CN 223.109.148.141:80 alog.umengcloud.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 1.94.137.180:19000 s.jpush.cn udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 123.60.89.60:19000 s.jpush.cn udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 tcp
CN 124.70.159.59:19000 udp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 120.46.141.4:19000 udp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 121.36.15.222:19000 udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 city.ip138.com udp
CN 123.60.79.150:19000 udp
US 1.1.1.1:53 m.data.mob.com udp
CN 59.57.13.133:80 city.ip138.com tcp
US 1.1.1.1:53 tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 47.95.162.60:80 api.shuzilm.cn tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 180.188.25.47:80 m.data.mob.com tcp

Files

/storage/emulated/0/Mob/com.kuaikan.comic/cache/comm/.mps

MD5 e84ec52e084b054719f916284fdf11cc
SHA1 f83fbafaffcbb791b1850972e0d47c685ed19ae3
SHA256 7837cb3f2ce4943325dcce4a1915e07a21db77d6ff49a5ab51d8f43c04cb1849
SHA512 5635353185c39838a81073fa1f4cc6dc17d9dca59f80175c4e6044f0e7c9bc2f090517d5e02ba2da5f901e2c0977f0acd1cd6bf8beec71fbff157035b60f3a80

/data/data/com.kuaikan.comic/databases/cc/cc.db-journal

MD5 8049e607c6830d3df1fe9819b009e157
SHA1 bf4949e52a02977bcc8a071ab81efc2c93f39840
SHA256 b4402da982be44c549d467a5f55bf6ece070002b57368f960332279fa01544bc
SHA512 d049318559950fc5067d41b9aa6f6ba18430da8429e1ec738183f7a70b88574963f6495b5ea79ebfed55f044b88c4d677e29bccebb3a76f164c076850f287599

/data/data/com.kuaikan.comic/databases/cc/cc.db

MD5 8b111b636ed63ca5af984c43b034be0e
SHA1 0c5a3410e035b53b7887faf4abd4640edec41aca
SHA256 d61069607caa7366890df392720a1e29a9ed1bccf291715fef3b286d46e6bb8e
SHA512 d77279dd876d722569a998e97d99d4e467b599fb835197eb0b4c8453cfbd62a324fffcc83de6d23815f1734007a0407fba7d8b8461366f6748165a080963edc4

/data/data/com.kuaikan.comic/databases/cc/cc.db-shm

MD5 eae9e9f396afc13461b06cf8f3d7dad4
SHA1 635f83cc0a3976dc1baed0a18c7dea9bc94e8a7c
SHA256 75cae9306b03b94ef9ec98d4d3181210928aa5cd70fdf5e39ac90bb875a8e714
SHA512 9ff9c236b76ad42bc769ce7edb274d75ddf7565f6ca04fb6922b2fff9f6a4ea212dae1ac04d99f78dbc43d7e68f316d9dfbd3c4a13c63ce2373f4deade3ab3af

/data/data/com.kuaikan.comic/databases/com.kuaikan.comic-journal

MD5 395ab5f2094658a864f1132df5b8ff68
SHA1 dfdc0e8ae596f59bf60cc61af386f951038ab3bb
SHA256 ffdf9aea3fe3e0b25198dd31fba0fac5c142d3f5a844b9e095fcb3cf1db1c96c
SHA512 307d2c4872aa880f7311b8b79a7601b1901f9ee1aee108edf8aa4d3eedf2f1863c246eb6b28907c7f6d4c1e9e8fda11b9ff120fcb015f5f5815024dc663ef649

/data/data/com.kuaikan.comic/databases/cc/cc.db-wal

MD5 bbbf3facf2ccc4febcdad797f81182c4
SHA1 a63c8ef7aa05eaaa520e7e93e9f0eb4451c8adf6
SHA256 d0d7f4b72be6ed3a4e61da69b8668d25fb27573a790154d9bc59f064e731f618
SHA512 eea0d531fe38b3f0e102df8e0edef572f1274a52166e557e2b3e88e5756c4f632a5176b73fa1c0bab0955a6a71c58f7a7369c17b7a33d2b7c238146f3eae34e1

/data/data/com.kuaikan.comic/databases/com.kuaikan.comic

MD5 57a842b0c508b70e1de8ebd0c01e7165
SHA1 077875471e3c2fc2b642e6d74e4d8106ad96cd4d
SHA256 11cf6fec4f0d855027244b9621d59a302b4739efdc8a968dc412477034c759f4
SHA512 70d85af9e4d706c1751d3148982ae8656e65a55c6ee61d9df5b4b642e89d213e28529d631f7ed6f033a71e1294ce9a1937000fdd4bc7950339f8cb52a94ce4ab

/data/data/com.kuaikan.comic/databases/com.kuaikan.comic-shm

MD5 7598f6487b14efed2b6ccafb2a58871f
SHA1 c01e448cbc6265ed5773e2e7675cf2053fee5a46
SHA256 deeec7136725de6c5fd35187453a260093b705afc4c8ab6468653348d4ae009e
SHA512 e7bd0e85c0b4bc4bf97954acb639108f02534638878709110753193270e9b1409c86de933b644637ab39c19d382153621827ffac2a04698278c9df15e5fc0c1f

/data/data/com.kuaikan.comic/databases/com.kuaikan.comic-wal

MD5 bb19bf7477d484589f37370b10f8c32f
SHA1 ff038c84b412413fed6ddf9ddf76173d39e2b395
SHA256 6b3304f6ddcbba11a3da43e70590aab25aba30b5b07605a96fa4f67c44a00752
SHA512 2bf9930ea44e91abf027ee255f96baa5e756143e6b1c81aa863d55abb9934e048f41c721c01ad5e7973ae9510d9b4c39edd41a6d9d5cfbe0744534823276a190

/storage/emulated/0/Mob/comm/.di

MD5 c268b34708e948ab5188a8fc819b8868
SHA1 7ca72205a9e7880b5f558b7f17e78677060e3518
SHA256 28ccbca0962932cc46b5efae30ff2d8a724e0bd4f7a084ecc7d35b838ecb521e
SHA512 156eaf703e43b6f4a7914056b870aca7ad07ea2e72b5ea7b8c43c2654262029a6bce9d82d9fab07a8dc33fa46f3d871e776b65f49a7298e954136ed89f1899fe

/storage/emulated/0/Mob/comm/.di

MD5 70a42cba408700f9a6c01c7941a8829e
SHA1 eab01cc2c0671538795fb0b1146017dc099d0984
SHA256 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA512 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

/data/data/com.kuaikan.comic/databases/.ua/ua.db-journal

MD5 878ff7b7f575e4964acff558216a414c
SHA1 5e1f418cfcf1ff4c6f1ee4c8a2f12d10ff7d40c3
SHA256 83e89910f031f232cf24758b32f55363772b104789a47c9712e8cc7bc0399d32
SHA512 d35d9068d0a4c1ada749a133e72bb298f63fe823504e922acbefd16e77d441014e33eeecded6b0f264659a86b12dc5f2b382a624402503f8b9962ad902bc00e8

/data/data/com.kuaikan.comic/databases/.ua/ua.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.kuaikan.comic/databases/.ua/ua.db-shm

MD5 3044a50cdad68e2b1743db88dfe4380d
SHA1 66f4f1163c96f835b02eb0ee47cf5eeca85d98aa
SHA256 ef1b5ac8c46c1e6fbf4f6099a5148daa310afabfc04ec64ddcbaf584eb9832f4
SHA512 3a1f1b9b1890eabd734b5847cef5ea43533f41454dad7a25ddc5c84910245ad1b953e039141dc88a0a5b90a2db3d36b1de7be48dfbb82e30d5081134a9cc9fc5

/data/data/com.kuaikan.comic/files/wspx

MD5 569b0dfbbff6e31911b7158bb9287f34
SHA1 c01d7a5f5f47eae8363e1fbb4ee490aa0794834b
SHA256 775186cea439713030d5dc1472b31b6e74216aac017a1f509fa5626adcdf234f
SHA512 4f9cdf77d87b0cc8b10c8b96671663f603cbabde99160924ffdd50958099583f19d48c0d28382807d398d6f91d8573fd057b83554374155267799c9cf3ad25d4

/data/data/com.kuaikan.comic/databases/.ua/ua.db-wal

MD5 778fa0f05757c443867e495c09d2cc61
SHA1 5de48f7f712c82aba930ce3f3e67b53b4ebd499f
SHA256 772f87db0d840ce43f4f2c7fa142912dbac7c9d7887f86f04f234ad41eb9731c
SHA512 dea69996f3dd4f1ce89ec8e854a3d5dffd89317d19dc2b9980bdd399c93208c495324042300d075e7befacfde67e0fc0ae1865afcee4bca0b36a9736f1ad88b6

/data/data/com.kuaikan.comic/databases/.ua/ua.db

MD5 20f2f9456f8fdfc5b3fb5cabe6618856
SHA1 4d25bb6370325a5e2971628491de4ed8a3186f62
SHA256 c5528ba6b83decbde206d0390ba5e1eafae45082001f3ac44a357078061613c3
SHA512 b7862bcfc1840e2780664b0fec79b907f5ea43667151ed787eb3b742fb3a36773c76e4cc686308785b3e5b361da64aab5626f32c2a6458b1ebb9598bfac8421c

/data/data/com.kuaikan.comic/databases/.ua/ua.db-shm

MD5 e2b46bd7b7f89a5a18563e6f1c403b7e
SHA1 16490972f37d54294db58bc15576158ee71b6df8
SHA256 f4436fcbb58d3c242cf221a8e07323aff79033aceb97dcd675fcef5c7f91581e
SHA512 1ba1988c2b0d17e5fe119f7f8b41f54111cc0436cfbb8edfe666e3aae486dffaa58742af4e61113ddfc03d899da5cdc77aef34e6fee50474a972f613a7d84bd8

/data/data/com.kuaikan.comic/databases/kkmh.db-journal

MD5 bff28047c7a4cf520ce96b05c734a263
SHA1 361e523e272d963262974290fa15c7c696224baa
SHA256 bd835114adeb763b8d50ae665de60d2cc357a4fe3b82663ed8fa9eab136b19fd
SHA512 2e9476178cd1332778b9c19cb8a226d5f4f7c722c6f9f0aca732ee88c44e2381664cba5f96ea27022832ab167af9ad6c89137893748f2188cf1d409dec81ecf3

/data/data/com.kuaikan.comic/databases/kkmh.db

MD5 1ad2e74d983e792fd3f0dae9bcf7f304
SHA1 1a1397b234a4b8d1c357027ab76349ffd1f50778
SHA256 f1e5ff4549e8af1c3f09f27577c3b21db2d394504c46a9ec622feb66b5a6bf28
SHA512 f02199904a4e32faf54767632f8dd8c808d75f116dcc5c6e6eb3ccf8067f5e6ba50751760e5208877440b68aeaa8f6cc30d838d07aa928f283547b66ae783c6b

/data/data/com.kuaikan.comic/databases/kkmh.db-shm

MD5 f585d7cf92b9813df6dff8920abba2a6
SHA1 5980fc654aa3f5660f4c877ed297a47114558056
SHA256 44cd7579a0574dbc41472ed7ffff2e09345f1646898023b16a0ab9f057105f3b
SHA512 04a66e59cbda08366b7ddbdb8a6f4c9af2d2dc5ccc9b553f4bc130e04b51de01529fc2de1729f92d08e49a8122ff64272db143766a467b4bf48b43200603d5f1

/data/data/com.kuaikan.comic/databases/kkmh.db-wal

MD5 25b78cfd668887e02b212d9aeda2ea69
SHA1 57d0aed916eaac9b78cd1bcd60c4e014d71e93ec
SHA256 19e6c0f8e6b0caf8e0bb2b8aa53ec397f9c340767f0956ce003908fa8bbac928
SHA512 afca988585b44af42955a67b33ff172feae201805dac2d538313e24e448b089f91252f4136e52c063cd6ae3b9b05a0c32c1742246051a719b18a2ac3709a6daf

/data/data/com.kuaikan.comic/files/report_v5.msgstore-journal

MD5 485b64e7f81c8b9142c649a8290d8b2a
SHA1 cbe9edfaa033e54873878afd6b08ead2b7fcd092
SHA256 84fe40358bd4b02754d09adcad1cd99692716026dcd0e40a2f4525764d8a2c31
SHA512 3c0dec0c40e81684fe33d35941fc17d2cbef1a1b97003132b2d312f461dd19d6ab2e8289689fc16f95cf1866cca1730ab7cde45550aadf0248312116d363e221

/data/data/com.kuaikan.comic/files/.umeng/exchangeIdentity.json

MD5 02b7fe80cfe1d44bbee020a509441e87
SHA1 b59dffe5c936ddae0c53a6a199e8a98136d40382
SHA256 fd7cfd4a696c2bd53e1714f107043ce09c516acd2ce1a84f45afb4b6ebe3d3de
SHA512 e0dc4f50cfad99aa619fbf78d1493152e2a3e77e48a0dc06bc66e781f35398b1d0aa8c17761da76e4df800481c99071523850c984cd82207ef71d62efae27980

/data/data/com.kuaikan.comic/files/exid.dat

MD5 053b9dddb928ec50c646f542d50e0645
SHA1 85739f303b34be0acf474574ecd5bd2d31e80ff6
SHA256 8c72071c5fa34bba2ffb91c2f50a44c1158bf3827b7409ae7589b4db6fa96c33
SHA512 6f2bc65cb17091e973e3dfebbda2d9610a0b4a8def483289f734923c240f2e1240e03b9ff78f44646631cb9ab7142b824b656d77f10bff25e4c44bf826b33296

/data/data/com.kuaikan.comic/databases/.ua/ua.db-shm

MD5 4f8e925cdf90344b38cfabca3f8390f2
SHA1 343fcb26d935c8e74ec6af626785ba68bbc9eab9
SHA256 96c2e7c44a1c441fd95539a8601c75abab5e2cc119763ee36ea066045d2e08c2
SHA512 77206d9699e0e57749ccc0d783e73116d5181e9f3eb199a620b1a4a1203954dcc5fef418dd180f14224526fc970b779696af1a148979fffa9eb169863945bb93

/data/data/com.kuaikan.comic/databases/.ua/ua.db-wal

MD5 f5c8cfc92b5044a293045400d3d6f120
SHA1 fed30848589202206f7732fcb43ce415b99d2437
SHA256 010cae2d42ec7a6d9a03467bc9934c98f2760cccfdca5afff13388b00ebe3f29
SHA512 0dc7ad31b15228cf8b3a60b5a44e66dde8055236b28f3e5c6ba890d4f4f845033e88ca4e0158b9dd6829af594637e8d80be4770be678496e6412c9a987e6e140

/data/data/com.kuaikan.comic/files/com.maa.sdk/monitorService/access.log

MD5 b6b6565c9010e8a1313aba5841bd7dee
SHA1 b4374d6ace24f0d7f217796cff13ff9265f4db20
SHA256 9b37b15758d9aa531da9fe739d0ccd9302bcfa473aca6c1f0e6928dbfd8ec0a9
SHA512 ebee7d9cc98015e3b30357c3301dcdda610fc95ceee11ac2fde605b2a6ce0b98e33842573f7b72f925dbb5a5306778d9a64f88fec710aeb706b323906807682a

/data/data/com.kuaikan.comic/databases/.ua/ua.db

MD5 35d056043fee8fe1fc6a85c4dda314e0
SHA1 46ffdec04a8b4abcaf7c028301404136b9bde36a
SHA256 1834b726c34abef9ad17e69f5a8e0a432a61d0a28d09299aa9cafbe07f7fcfef
SHA512 9355bdaa4fa1e3b720e9186e807bff9f877525b1b0b7a9cd16d01e4338d04cb551ca3912f596cde2bc4d0edf23df4daa2b7feee0f0e4933416afdfcce82c27da

/data/data/com.kuaikan.comic/databases/cc/cc.db-wal

MD5 ac35ec122d6e143e7bf60f53223b4a05
SHA1 574f5dddd30fdfe5f5cffe45481e808cc5c75107
SHA256 b41bb5db5e634301a73f5c0e415d557744968784f83e1b97f00bd1df1217b4e0
SHA512 0ed6d589b83c3316cbac1ada7f279857439bb3d72102a53386a02a436028692148b93919550d5fe010e8120616b110909aced92747b1255831115957e4d2eb23

/data/data/com.kuaikan.comic/databases/cc/cc.db

MD5 eef3af72e3f37452807b8a3e70312786
SHA1 e9a7feeb3107029800751848f06204e83223e82c
SHA256 93a2353bbbb2adad5b19c138356630ae9ed6176a3f8219d6cf099234b93d3ea0
SHA512 4ffc7a17178fae3965da6ff72dc295c13a2b73c8f0f04a5df8a35502743e5250ac70dd0896a7a69a02027338874b6626cb80f2bd9cf67c40bf0c0488c9dbaf8d

/data/data/com.kuaikan.comic/databases/eguan.db-journal

MD5 d899ba5a3662c59fcd28d8126bb6dae5
SHA1 0a219ef4eec3ad84f2d5323ee15b7ac8cabc690a
SHA256 a82b40d936471326b49edad32aac6a35f0b1c4a9c6fd6303188ba01eaacc1ce9
SHA512 f47c9532fff4ec831afcfead3055ef096125f7c5b3b796e9226676717e0463dc47413dde24242249e01560dd774cf66661c424459a20eb3e647637dc2e2fa332

/data/data/com.kuaikan.comic/databases/eguan.db

MD5 1d6d1c415d4b5e2c3aebdb57914b6793
SHA1 9f149386002055de1e1f3ac3f87affd7372f3e34
SHA256 b91058cbd16718abcd5095ea1ba58a4186c916bab6631774c672afcd81ec1823
SHA512 289687739b16af8ca74a36870840a7875752cf07b1490199c38212113ac371ad3490f8bba1fa127240cae98c94f8ec001e4abb674867a2db601ef0289e1d04aa

/data/data/com.kuaikan.comic/databases/eguan.db-shm

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.kuaikan.comic/databases/eguan.db-wal

MD5 2460ad0519d400dc33e67426b8f595d7
SHA1 7b9697819f602b55936ec16002dc99ccd3c7cb2e
SHA256 a346c1479fa2848df38ee2bd25e65006ca86b2ac339fc60246092ab6eb5ad16b
SHA512 cbd0bf79ea8bbb441afd048413156b117f0a0dbdded72f18ecd797994ada25d1c10cc59faa402325d737a6d6f83dc59aa5e5e12441a030cd1d91cdc96a209a03

/data/data/com.kuaikan.comic/databases/.ua/ua.db-shm

MD5 8db328e86ee899fd12ce0c6cd475523b
SHA1 dcb844810bf1a0c6742863abcfd1a0036675fea6
SHA256 39b46c5c8ec678300a22a7827e45c65d9eda27cd4c17ffa9761910e876babc91
SHA512 9596b271b064a95de8fbfcb24f6e459749d3a13004963c3663b01db1d5ff5a6321c103e9fba5ebc2939c94d2193e5062f521c61ad7834a9a181cc31d657c4526

/data/data/com.kuaikan.comic/files/wlogin_device.dat

MD5 6613e033a1749befa7e853760e5e38a4
SHA1 03ba08b39b1efc95358ea725d35fed463672e1ba
SHA256 80d36b732d52be020b9517a08ab5c4ba93323a1e5b369b6752ca1d6471d075f0
SHA512 8ce19e18848109c8dff5dbd9d74ec0d913e4cd649f1fe4c51b174a3461497bf583201692bdb7277fef13061285e5a088b54ff56fe9ff0fcbf491d3906a461c77

/storage/emulated/0/Mob/comm/.di

MD5 81029aebd71bbdd9d085c4b8f2c4e7c4
SHA1 b444bd51c9494c6d722ec59a2536efbf01f57f23
SHA256 a493fb1c23c078fe6436aed555a1b8f7a13ab98e6ec189649f168f9b99bb046b
SHA512 8a8f7ca082f5285dc905f81b5096de4c4737cb32afeaa3634b10e37649df5a23376c2da3e96376c3dc1da88bf556f2fa890e49373e0ff22015297495d7e2794e

/data/data/com.kuaikan.comic/files/Mob/share_sdk_1

MD5 840eaa01e5d03fffee257ed5ce4fba9e
SHA1 886bd732b29f6dbdd94b890a2b203c5a276ae773
SHA256 7648e772307acf936c331c4ea9d92872b1af6367cbf83f33f569ac204df65595
SHA512 b0a4f9238c4b60bec0cca9c72e551a702a95210a735bd8176c1d5ba741e264d2f1e885d65ed07a88086afd74f69c5e02a92db8068b222a62c6f56762a26b7d4d

/data/data/com.kuaikan.comic/databases/eguan.db-wal

MD5 005ef6e48b6abd6df3008034d066f4c4
SHA1 c1fa43f300c6f04651c2f1fd289da0dbf7b9e144
SHA256 a2168c5528b57cfeab69eebc1ade200e56c4006f7342d3956e62e400aae6b19e
SHA512 5df4e77c299455b987d1a94d2b0001b7ec98992893d41ee885c97bc079b6717178e048b80be971a97a01d0f505e09d5a182406e5325710d3bb6e0606043f7fb3

/data/data/com.kuaikan.comic/databases/eguan.db

MD5 ed5d8fd43ef8062b919f2d156d9e4b98
SHA1 a58eee51830c3886b808da4c537240034518ccdf
SHA256 3bc32e518a30edbc4c0f98a7170f2ef16c6a592be3fd87acc855fa110ba754c7
SHA512 2ff61665cd9d63f7983784389fc7fbdefe3d792117e529d252004d6ec6a93d58292deb86b5c531b9907aa829d540b7c37e0497ff234b838be5d67d21d1034967

/storage/emulated/0/Mob/com.kuaikan.comic/cache/comm/.mps

MD5 12ceb41d73fdcf309c9312f330c21c0c
SHA1 1c0d88ac272cece2c26431f785d226747563c20c
SHA256 56bf4b498b7406b19bce1db3c5f9872e52aedaad9d65a2f743515c0d144bed0a
SHA512 bd4bdee8eafef7b1096c4f15ce8228331f897cac95022c3ec713972cc8960e1c10e016ca6587132c732ec2dc885976ea0e78e6c483cebb0f81b09c9f787fb031

/storage/emulated/0/Mob/comm/.di

MD5 acc2a2f5cb76c41d2e97e0d409b53bdd
SHA1 ed06f22ff10e0912f50d53bc775ed2ae70f85d5a
SHA256 12ee2ab25175281fd1efab755eb5a5b442e91d263646c52118e6b1e97856f448
SHA512 faed72411dfb1546a82a302b6aadf921bf66a09aa4641a6d1d523e5b58c063d5210089ca2d7dec8aadbe1efec4748a8abb36ab9fe1ab18539a92b76730b85419

/storage/emulated/0/tencent/imsdklogs/com/kuaikan/comic/imsdk_20240614.log

MD5 3c3a824cf393e1b7de0457a7d8505c11
SHA1 15b9ee19509fe05a1d5d0bf064c83253b79b0b84
SHA256 e899c7cfd21fac4355e56c6cb8541c38acf0593842e50bbf0513ae5f4590d7fa
SHA512 ac872bd439e96dc159b397c03b48a4006f16432fabe7f97dde015be20057db81ca4d265a9d9ba2b0afa9ee08a13228f4e6509b7f40d5932603a271f38674c3fc

/storage/emulated/0/Mob/comm/.di

MD5 08e5475f37d4187f7a2ec235b1168ea8
SHA1 114efe0dedba8825a2002c7634234c7ce3604c6e
SHA256 bebf130b3a291313730c5cce01047f7b2f11c861cf4b77fe1edeafec699757f6
SHA512 edba2f6a65b4bf082419af27c29320c5003a90423b53839de1aafecf7c3a4eb638132bafbd920b586b2981aa552ba8fc3351d68898d6ed6c1ead44edd165d534

/data/data/com.kuaikan.comic/files/Mob/mob_commons_1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/storage/emulated/0/Android/data/com.kuaikan.comic/cache/httpdns.log

MD5 7f57aa03cb2f63e5ed80deddc9811381
SHA1 d388a3348cb60bc686e30e49b09051cfc96ab326
SHA256 9d192ea65e7a9ce9befd6dc56e0696ef5a0e3ac3c979b3ce0883a18beb6abff2
SHA512 4320886b0f8f4f0ab62ddc22a7c666b1f214f447a3b4144e64f0bd77a6b4793c01f4524429d1e67d4ae673a4c02d6d6af1f050f31d5b6b0813ce32168cdbd0f4

/data/data/com.kuaikan.comic/files/Mob/mob_commons_1

MD5 3ed21a010a990d5641a9b72ad5a73534
SHA1 2ec478d2a5df5b85597a613e1744a7ce8955cce2
SHA256 ac4c391d8f9f1743b26b6099cafe711ee232fc06fd42cb19b37fc661959628ca
SHA512 9b6d98437c1e7f3b19d8ec8a19b4e6d5d1fed32e40bbf2477b962108679b7a99e3b4775034d130ae6b31e99387aa7259d5bb8593f2722a22a55c77ca8800152e

/data/data/com.kuaikan.comic/files/.um/um_cache_1718352657470.env

MD5 b3bee84ce80ebd39b8a96abcc451855d
SHA1 c52fdc5d5a1d10e22067272f2b67edf8e2db024d
SHA256 bdf8bb76d040b1f7c014549f075432402d554103e603bce64cec7a7f391b511c
SHA512 f9f3ab2a3dd839734723ade955387ae9bd3df6987c08c5aba14f0cfb08807e4f4f899cf4e4f106ba28a5165d9eced669263a3da9b3497de79d280c86198b2de5