Malware Analysis Report

2024-10-19 11:48

Sample ID 240615-e57lgsygkg
Target ace37f430a65489135f2ccdd5756aff2_JaffaCakes118
SHA256 c9a205fa92493d44f0d589fc3373857c8a48599c22ee257961cdfa35674a1a80
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c9a205fa92493d44f0d589fc3373857c8a48599c22ee257961cdfa35674a1a80

Threat Level: Likely malicious

The file ace37f430a65489135f2ccdd5756aff2_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks known Qemu pipes.

Checks known Qemu files.

Queries information about the current nearby Wi-Fi networks

Requests cell location

Queries information about running processes on the device

Queries information about active data network

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 04:32

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 04:32

Reported

2024-06-15 04:36

Platform

android-x86-arm-20240611.1-en

Max time kernel

12s

Max time network

186s

Command Line

com.duowan.xunhuan

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.duowan.xunhuan

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq

Network

Country Destination Domain Proto
GB 142.250.178.3:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 crash-reporting.yy.com udp
CN 58.215.180.63:80 crash-reporting.yy.com tcp
CN 61.146.73.130:4002 udp
US 1.1.1.1:53 aplbs.yy.com udp
CN 61.146.73.130:4002 tcp
CN 61.130.29.215:4002 udp
US 1.1.1.1:53 wtaplbs.yy.com udp
CN 61.130.29.215:4002 tcp
CN 42.56.75.12:4002 udp
US 1.1.1.1:53 xhweb.yy.com udp
CN 61.133.52.174:5002 udp
US 1.1.1.1:53 spec.wtaplbs.yy.com udp
CN 114.236.143.48:6002 aplbs.yy.com udp
CN 221.228.248.99:5002 udp
CN 61.133.52.149:23 udp
CN 218.98.23.25:80 xhweb.yy.com tcp
US 1.1.1.1:53 fts.yy.com udp
CN 113.108.82.187:443 fts.yy.com tcp
CN 113.108.82.187:443 fts.yy.com tcp
CN 113.108.82.187:443 fts.yy.com tcp
CN 113.108.82.187:443 fts.yy.com tcp
US 1.1.1.1:53 ap.yy.com udp
US 1.1.1.1:53 conf.argo.livemediav.com udp
US 1.1.1.1:53 cgi.connect.qq.com udp
HK 43.154.252.110:80 cgi.connect.qq.com tcp
US 1.1.1.1:53 ap.livemediav.com udp
CN 183.36.110.90:6888 ap.yy.com tcp
US 1.1.1.1:53 proxy.livemediav.com udp
HK 43.154.252.110:443 cgi.connect.qq.com tcp
US 1.1.1.1:53 proxy.hls.yy.com udp
US 1.1.1.1:53 ap-malaysia.yy.com udp
CN 218.98.23.25:80 ap-malaysia.yy.com tcp
HK 43.154.252.110:80 cgi.connect.qq.com tcp
US 1.1.1.1:53 gray-component.yy.com udp
CN 113.108.82.187:443 fts.yy.com tcp
US 1.1.1.1:53 ap-russia.yy.com udp
CN 113.108.82.148:80 gray-component.yy.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
HK 43.154.252.110:443 cgi.connect.qq.com tcp
US 1.1.1.1:53 ylog.hiido.com udp
US 1.1.1.1:53 dlog.hiido.com udp
GB 216.58.204.78:443 tcp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 mlog.hiido.com udp
CN 117.185.226.53:80 mlog.hiido.com tcp
CN 36.110.128.176:80 gray-component.yy.com tcp
CN 182.247.249.100:6002 udp
CN 61.130.29.214:5002 udp
CN 112.90.175.157:6002 udp
CN 61.133.52.149:4002 udp
US 1.1.1.1:53 hlog.hiido.com udp
CN 14.215.84.167:80 udp
CN 220.170.50.135:80 udp
US 1.1.1.1:53 abroad.apilocate.amap.com udp
CN 175.20.84.154:4002 udp
CN 106.120.191.81:6888 ap.yy.com tcp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
CN 112.90.175.158:23 udp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 58.215.180.63:80 gray-component.yy.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 117.185.226.53:80 mlog.hiido.com tcp
US 1.1.1.1:53 short-yypush.yy.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.duowan.xunhuan/databases/MessageStore.db-journal

MD5 555be0c97a6922e79c0789fd7be7b3b3
SHA1 be9b6ac74505473db30c19b0d764f80d550e4ca2
SHA256 e7b8bf7dc6d4efed06f117978026b0bbc97f5c32f9bb6df3358afe702129a745
SHA512 6267d9390e8607d1857956c952338857c6f5964bcd17186058774f8d09b1376827f7d39004a7bfc28773d273dea324d06d00a8c2dd44e719a5a2ced705561f34

/data/data/com.duowan.xunhuan/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.duowan.xunhuan/databases/MessageStore.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.duowan.xunhuan/databases/MessageStore.db-wal

MD5 90fe2d8fe7fa173bbdc4c0d6f598a3ea
SHA1 7198941faf181b90d7ed4812e10a193f09994b9d
SHA256 c1e4025e465b403cea53b4ab63b05b1497e43786dca6745d36c95f2eb40edc65
SHA512 29c7990dfa7d0f0f32a43b60353c6d0c7f682823bbeafdb69bb35a6dc80dbeb07ea0e136048f9001fa2c222db0dfd086a8aca85c7c281db2f5ab35f11b62b10a

/data/data/com.duowan.xunhuan/databases/MsgLogStore.db-journal

MD5 327a24f2cd3bfa63d598428c3b645e20
SHA1 d1b8299111237e74e8bb569fa808a3ce85bc3253
SHA256 e58e352d36b9db30ed4bab0ac352cc73b46b43d64f461bc04b57c4578acbd672
SHA512 783be7e38b4275093ca831e81b7cf74018c221023099afd6b5aabdf54e4d64c4e94cd764b51418d38ef503bcc08796ba73b4e701b1cf3bbcd067f1f6cc39a139

/data/data/com.duowan.xunhuan/databases/MsgLogStore.db-wal

MD5 696de32fe2b012b25d63de2928e2adb9
SHA1 2724a49652a5eb0d351dfb4a012ccf8e651e4481
SHA256 9beaa6d95df43e4d54ba2c0d096e7bbd720e8fee07fad9e8eba0c64abb94a439
SHA512 0d04e3b2895bd2947aa66f1ca8c5fa65cbdcf11d0382e0c0d89d4e47202d78dc0ce009f5153b6c420cbe910546d2fa940ded4caee7d815bc27092503badce8a4

/storage/emulated/0/Android/data/com.duowan.xunhuan/files/tbslog/tbslog.txt

MD5 2aa03764eb7eca841255e707f9c493d3
SHA1 819a361013530c20536d2e69d25b2ca33224d334
SHA256 f413448e7aba4ed5fd104affbe3a2914ce9ba42f8baa118044180f81b5aa1567
SHA512 8f5f0b1519c2b9f9c019abea1487f27b0cffad9866592b82160d99c2851177a075e267bdd10a150c9652fd3561ad37e1fd057a0919887179f0b026fd5bbd7206

/data/data/com.duowan.xunhuan/files/hdid.bck

MD5 2a205b76fc9fa3df65457b8896108ae0
SHA1 ec913a22adb7bf7eae6ef192ce2aa01e1832b0bf
SHA256 545f4dc4a517fc713c422b3726428ffa4f1d14a8c394484580ca7cd365117c11
SHA512 a055003ee16ac602f3fd444ac9e91241b82ad49c7c5c4d6b9fe5051923017e111f51d7087e5d9b9cfe6ee6725e39e4af50b494b7608d6904235c84b4825f2f34

/data/data/com.duowan.xunhuan/databases/hdstatis_cache_9dbd321e.db-journal

MD5 886e186e16449ba303ce3dc1c6109de3
SHA1 8ab6c7236187ac5786a223750ca037b27f10c344
SHA256 e4532c26aaba85471925d52aa900b31cec05d1e6f1187d3c4d5d52e9b5c872b0
SHA512 edae5a1018e59bc11c2fa9977332e476e11e87f432a2802d11aa9d39cbe8d4d68567cbd47c3e7e0b966befd16f3526f2a276c318e1755d9681485721adb4a292

/storage/emulated/0/.android/Global

MD5 07648e10fbe8e6385483f755d4880f56
SHA1 b83be61491bffc009a3c8fb6ad6b7986ee153ff0
SHA256 afa488ecfa0ce8f9689e149e0e1ad0ee0111074d9992e6cfc2ce9eeae34147d1
SHA512 c83559f110b494d69747f5d5898d6323fca184f23d6955c95fd2866f584bff9767148aa44d81f1ad09214ec607e26df7b7abab8af8396e4321a9a59364c57466

/data/data/com.duowan.xunhuan/files/hdid_v2

MD5 68b6339ed9562f5e0623e1b5ec395d62
SHA1 ebc2f326372b0db484711b61c907f975b5005e4e
SHA256 3d2030242f7153061df4dcedd4fe657a131c7d57137d1b94710a24fe40e56cf5
SHA512 7546e55e9f00aa1113d9cbcf891e019c3bec823340cfca44f1f81b27b6295735d51be4ad8618ab8b511ecb43e9ce2e317b70a2b46bf35a1559615c1145ed3be3

/data/data/com.duowan.xunhuan/databases/hdstatis_cache_9dbd321e.db-wal

MD5 92f746cd0b00c972f51e78247b0e06ab
SHA1 2d8aa6b08c5d957134312af9f96231eec31fe692
SHA256 33e7ba4c7e80c2082e00fc5279785ee37bfc174e3668f40f85d7e9ac7c1b8f1c
SHA512 d20bc6a2e48bb879aeecb1cd3770572bbbbd872b0ef4095d2d03f9ab43390604806740ccb4ece718dcbcbde87c2b9b1653ac6defc29612ae78899dcc436be11a

/storage/emulated/0/yysdk/logs/yysdk_adapter-06-15-04-33.txt

MD5 1d9a8b4e8310bbb9df1d02d1c92724fd
SHA1 a1c75f303afd752903c641c2a97238568a6b0847
SHA256 11b5b6478e7d2e232c10ebf8c55ef13204bd0b59568ba3e8282aa5b59f71de73
SHA512 46ecc22e5dadc9578d8da3da4a17f5eede8e010a3bd05bd24d344949b0b2a69ad0dcafd1544f29559c28db36500208706b2822dd9e8f63d2ee5bb1ce28e6879d

/storage/emulated/0/logfile/log-jni-makefriends.txt

MD5 8b6e5bd9c31afdb2a1133415f484efc3
SHA1 61bd10c66033ca126bfa9c3a7fadbcea70755bfc
SHA256 26a46b56031a966414d29e5727d6f6872af8b445383bacfbbe797e6d96bd1bc5
SHA512 3e2d644f3032c88aede5943d0d42e3049e512dfe9cd44e8677df4c2215f91620f08ca0819c4c9b5faf8574470966ed463ef29a7514f734f8cddc6408477bc194

/storage/emulated/0/yysdk/logs/yysdk_adapter-06-15-04-33.txt

MD5 2a450cde2047b1025ffe82173aba173e
SHA1 dca890c11721e96b3723db18fcfdebaad080b718
SHA256 2a8a645ab87663ec170db5ae88bfb0560048f831460723ae70b87fde7566e12f
SHA512 e5dac12e760bdd00e5c330c0708fd43485dcf0939a0dabd38a8b6454ed2569b9f92fabc168f74e13228083fd2dc6e51121427b47e6bf3b90fa5ff94d79cca16d

/storage/emulated/0/yysdk/logs/yysdk_adapter-06-15-04-33.txt

MD5 2d5ffaab34df1d727449022a299a6513
SHA1 168d4bd26ae9a38f1da5426657bfa7e21f2910c8
SHA256 a013551596316e6434f04e36ac59210b2257f37135b9cc03202cf84c8498c06b
SHA512 e782223ea83e264e39d60bc92c2953a72d3a391dbce3669675433008ca0d8bece265cb6ff44de65d5d5007bc3dbc4c5d19aafa06da219cd9bcb3e80d6ff07df7

/storage/emulated/0/yysdk/logs/yysdk_adapter-06-15-04-33.txt

MD5 70e7f8e452f74530a6a2400a4172441d
SHA1 bf3fd7022d39f7aa456a4f7a6f3d342fe3e08c42
SHA256 6c00e7c1565205a0cd37ce790f2731f673a41987e80c8005237280b39426b601
SHA512 5af4d799edf5ebe0bd4dabe738b1144ce588bbae5f825891b7abc6749abc00b4f03ff5ed6383c480030df41dfdda43602a46dc2bfd727e1ca0b0fc3185b3e2d7

/storage/emulated/0/duowan/d2b08ce4-1e6c-4515-b320-680ecdd98da2

MD5 748d9beeaa1899252a7365b780b95fb0
SHA1 2158cbe9044f2b138df0094615afe6616e526c9d
SHA256 59290d2d5a77605f8140feb82e44e8438115fb2f93dc56ed4c225b88c21baaa8
SHA512 cdeb0c4cebf1cc96ebda6940763a940df76120ee991bc7f003480caf055a970f16e4a19ef2ba2c56fa056d539b981e16542ec7239a7b91dd3828585bc2d1e440

/storage/emulated/0/yysdk/logs/yysdk_adapter-06-15-04-33.txt

MD5 4fa6cd519567d03bd74bf3b512fb5479
SHA1 206bb5818c683740a4e970c953cc1bdb1deb3748
SHA256 bf76bd8adc47f12bff8f9647a545194aae0a920550fbc625e12c802ec5fcf285
SHA512 fae6d66b23f4b433f5da242d65cb37e9db0f7a589ee4b89ed4f39c88c44ff443e4fd491767efdd72276f9a8996bec8d6a87224bf32f23e32e132a998070f3a63

/storage/emulated/0/yyxunhuan/log/sdk/udb/yysdk-yym105and.txt

MD5 9a2dd7ebad316316249d1f185687c04f
SHA1 7a0b3437f104041eb1ab8e015d774d6e6a41b9f3
SHA256 b1837f5d01d2577b5fdfa325aa59b1af34cba9c10e7e21175ebda25bab118c59
SHA512 093fa6ab6a65f40de5b2a3a91c653e77e63cb8534acdbb53b8c5657c694d12da75e202fa07a6970be031b6b3bafa2e27e2866d9152410dfe6e5d7eebf62426bf

/data/data/com.duowan.xunhuan/databases/hdstatis_cache_f4df5118.db-journal

MD5 de045080e5415a998492168f84c15185
SHA1 e616cc855635dbfddc4f2e3c8032743b163ea8b2
SHA256 db08e010c9dfcd814ed78ff5c264570913b96940dda9982e31bd035b696b2afd
SHA512 a4e893cfd7208c60f2c948dcefcecc03d7cd44991d6c431875446d62bb92ebb2e9c471700e87d6e9d09905164577d6339435090c1a450e805808b81eadaf34a6

/data/data/com.duowan.xunhuan/databases/hdstatis_cache_4bcbabc0.db-journal

MD5 a653107b18a7ea42936413ca5d862b90
SHA1 81d9d56514b26dcaac4160800ebf70131d683f1d
SHA256 ae28ef07931b22639fcba2cf0faf3f370a17d821573855ea649f4d1828653384
SHA512 9c8cffd79af6e517c53ff2b1750a94db7fee056616cf64ea4167fdbb945a0410e06cb01710b33ca2b750114a3d855036f0e58fdcc2cc451b1cf7d7c596710808

/data/data/com.duowan.xunhuan/databases/hdstatis_cache_f4df5118.db-wal

MD5 7d319a59d8c68e240fe98605920a4bed
SHA1 b76acd68589d90d00129835213d48f764aeb2e4f
SHA256 5608759f35086983a9ba3358a58bab7c5b5ee35755bdacfc1cf7458208ef5c4a
SHA512 e538adf112cd5cac7cd22d6f52b8facc619d6f26aebb19e6281549cafd03d02d1c729e7549b4ea081aefb743355f3b2d3701d39302eaddbcc84dfd24a46d0d1c

/data/data/com.duowan.xunhuan/databases/user_account-journal

MD5 a1413b5948a2e4fce7a3a208f4a7ca0f
SHA1 8b377452bc5647285a84cbfe3264f29ac4e1fcca
SHA256 0c5d3521bee9d4b94fd54cbbf90548ab54e74d0bc1abca2d6a0969842f835b08
SHA512 89033181fdd10459ec4dea75beb739305c7ce2978ebcf006923224fd649920988ef1a2850855140cd86613d29a6aa859ab6aadef7399270acd15501078a80fb4

/data/data/com.duowan.xunhuan/databases/hdstatis_cache_4bcbabc0.db-wal

MD5 da955f64e7a9405d711de79bf48d3d6c
SHA1 b9fe2f2ba71177085a53db1a44181033eb86be06
SHA256 355fd728023ff705610dd8c00f97d3934f79dc3f665903783ed3a1de6ea7687a
SHA512 43f4c124d01603cde2a658f44c75ae4814b9738383b2a523bac9129a5ec2dbb99459b15aeef1d60c0cfbadb69e8aa80fca3831775a980814198bc1628f8a3f75

/data/data/com.duowan.xunhuan/databases/user_account-wal

MD5 41fc74920322ae8d26bb82a2d553df93
SHA1 93d6d57c58d127dc6504dab768a0a0e94610e6c6
SHA256 1ee38c52fcdd1bb6c7d2306d3659abbb79d9ddf552447cd5f5331ac9e75cb03d
SHA512 be56f16866f8713968f5c56803e59df13495274078249815bde4c7977c7c8e301bb1a24d76ae9264d6136cb48718aa639b8608193a0c552e714b3023d157a35f

/data/data/com.duowan.xunhuan/databases/makefriends-journal

MD5 bbfcf259557a973823b1de4aad2b190b
SHA1 80c0d2a19015b74bad5194e8699e80964ac43d27
SHA256 9c64fff7b6d9193aba67dcdf0a82a5a71c531e8a53bfbce1bc1bf1dbf4088a14
SHA512 aa90ac212c58cd182e8d17f7e1fb2bccebdb8cf53bd11e3b1d66cffe8805a8d5894007b719764f3541dbc3accf424f734698e9d5af53f0317db884276685f3ba

/data/data/com.duowan.xunhuan/databases/makefriends-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.duowan.xunhuan/databases/makefriends-wal

MD5 e64a25fc3461611b6a132e3e9ed09a95
SHA1 b6b8ad553cd1f680c3d535929a654b19611dacc2
SHA256 b22afb1401e65c29b6367d09bfb6efaf3a894967d2fadd4480576781a4e30a7b
SHA512 ee237776b9d204639f56faac02200e1de71e63e883a6bfc4fca1c1ed138ef531995bd78dcd4e2e7d12bc289011286abac5a724dd382bd97af987e7f5ad5b77e3

/data/data/com.duowan.xunhuan/cache/http/journal.tmp

MD5 37e8e716e0e2f4a0b05cd9571d95b84d
SHA1 f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA256 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512 e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

/data/data/com.duowan.xunhuan/databases/tencent_analysis.db-journal

MD5 10966751edb8436948dd0da33f2e4c24
SHA1 17904d0b76ac2f76acfe5a24f9ff56a3221b5da1
SHA256 7841e01635b524fbee9b49de90176bb41e0d198c40d8bfa6f03fbb9b1481dfef
SHA512 cd83d5ac78b6d8981a9f7772b66efc30f1c3c5222bdd151c7705921eb514ab655c11e6b9b86981c2f0e42ab73e04a5aa820cbfd131bf262fc87cff4b476f25f5

/data/data/com.duowan.xunhuan/databases/tencent_analysis.db-wal

MD5 2c683182b4bc41203f7583a8ec34e160
SHA1 751688676ac7f21b18036c74a46d66e767f6176d
SHA256 fae59bad98156371133d8f311461a293f2ee16eba90a92b3423c4c67e662ac44
SHA512 8e6ae0232305388c3983bc69ffc4645857c51a0ebbb22739779b38b1cddde69a6a7d847a818ee97d1c6d2d6aa23561f53a726ae102879dc8a84d31d2f4502a94

/storage/emulated/0/yyxunhuan/log/sdk/audio/YYLiveSdk4Cloud.txt

MD5 ec52f27524408674f6c70e99da8c8964
SHA1 172fd10e24d01a8132b0d04aa10861be9d898aab
SHA256 49e90964355b50194df9da53090241a2c0fe2cc99275cd6ae8734858f1d15f46
SHA512 17e4696efe1713b858ba70dc6ef3b222129a7adaf5848389242c79fc897a191f34a0d58a652d49cc8cd21497372c46c4b7c78b48f9effdebb4fa36ed2c6f279d

/data/data/com.duowan.xunhuan/files/com.tencent.open.config.json.1106049545

MD5 f526172de1566b34fdcea744710d9559
SHA1 000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d
SHA256 8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940
SHA512 dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

/data/data/com.duowan.xunhuan/databases/logdb.db-journal

MD5 77863a6e2860de0e959160b399f52f08
SHA1 288717305c49c85b09d9e065b26df0d69e3d504c
SHA256 352b90f6dde7a28911babdb07bbdf31c5757d309e51ec23791c61376ada563e5
SHA512 e31ae774dd5740e618e6d66dc69d0e01a5644e080f3badc56112ccced75901d81a2415757ce83192e005dbf7997330ba8ab82a33a6e31505f4e923e9e92ca458

/data/data/com.duowan.xunhuan/databases/logdb.db

MD5 a7b5debf648af8527d38065f285c6754
SHA1 ad8513c878ca1483a2472c7f8dfc8a416418517e
SHA256 0d8f1987d41b042ee7aa1ae97d1950a40884ff4ed620fd02371017160e50eaf5
SHA512 c879b912d723e9c382e547f605dea4d77830d9300c3cdb1a14c2758cf4e895000c7ba2afe37584ed2fb94a9893e8ff47bdfda4dfbf2dc47aca75efc5d28984e4

/storage/emulated/0/PushSdkDefaultLog/com.duowan.xunhuan/log/pushsvc_log.txt

MD5 525e1254f5b15f87c296b01d873bf6a8
SHA1 aa934b021368fd2a39e419086b122baf688dabaf
SHA256 fac9fc08f9194b1258833b2c179955aa5e6dccee6e533cbca7a3836e5e15b034
SHA512 c28ead3a3042c74a4faa2b4e4c1b9cbe4f1dc9e3d92e1aef76948a0670dec6bb6d534b2f1e9b28be8ee5030e92cf199524522a8ca7d8578d795ca955a062cd50

/storage/emulated/0/PushSdkDefaultLog/com.duowan.xunhuan/log/pushsvc_log.txt

MD5 ec9536eee03827ed0487da9541dc62e6
SHA1 92f1ee51af4f8199f803068c5d55b9590991b456
SHA256 0f23148cfc58ecd8557aa889bed4aae7c6055e1e9d39f91ccf1403205857720d
SHA512 aa57ddc78bfd469565959fb39fbe76c818a4fffc0f2333e0d8c7f9265a6f3262377c1967d342866d3c0291c469780b29fa52e721bc3e28681803c7c2760841e7

/storage/emulated/0/PushSdkDefaultLog/com.duowan.xunhuan/log/pushsvc_log.txt

MD5 1af3e7e37a14c5c809d14938adfb5812
SHA1 427983b8a86f62dbd120c7b2d991efa83a87f1dd
SHA256 35ec5a34854583441413ea404cf3abfe05d91d6e30efced625bf374e3750d1e7
SHA512 b96826d058866671bfadf7aac850061091aa0d73f998c4be30447f3468fdf5cc1c6ab533998436881b20bfd3b4a479268141d2c4e6c3f7698deabc4dbee4bb05

/storage/emulated/0/.android/hdcltid.ini

MD5 ef8c1468ca781d49e9d7d35bdc0dbfc9
SHA1 9ba8acc077c8c029d796d609b9719fd518b4dfa5
SHA256 fc8ce91c58b18930c49772a961efe76b39b913c6be2af0dd63c5ccaa7e860caa
SHA512 0033b473042d6f4d1d1731086c31813b9bfd28ee8ec2c74641bf3ea40ee601404a71ef6aecdd8b757b66586f53ed9f5c10b0452da40c00289d364165f5a5c7e4

/data/data/com.duowan.xunhuan/databases/logdb.db-wal

MD5 6f914011eaf16616d282abc9f04bf8d5
SHA1 ec38644d8c18f688f58f10a2e2fffacd5a5f835b
SHA256 daf4c540b61988994c17479f8415296c1028e650fe43373503f81b23d75ca681
SHA512 2a5ccc27762c206ad05279ed7c93c5220f442e3836e986e0db07d6947ead6aa1c7a8675e426dec232af9a791f590acaba1c891f6e6ecfba7beff624277bfda49

/data/data/com.duowan.xunhuan/files/hduuid_v1

MD5 06962dc5123a22b1106497a39323c625
SHA1 b4d765d409acff5c810e221626c73961bdeb7df7
SHA256 b58c951bb9d2376a51c63bbbce92a7cc1441c4e3449b78e92b26b75b7277fb44
SHA512 4ee761009ed324a2f87ea7db8ae3c70068b6a1e85eac6d421cf697d82797d80de2d0caa7f336a6c5f7b6d06bf2de5929626b8a630816722cc58975aed951a4d0

/data/data/com.duowan.xunhuan/databases/logdb.db-wal

MD5 c014a0ea243265e3822a53c046355157
SHA1 0699d42a7f48a552f365cc0937ac4ed51c711733
SHA256 de17a9aed750c9d00ecf4dde3cc6afb4a6f4844411b54d9a872c6b7a969a6fde
SHA512 d349d7a8425ac1d4ae35f7acfb6b2d4bf22890acd1827d8e9709398663ff8c30ab42e22460eec1e5b7f06ea58d744e3732c0792b9b9f049e068371a323ac2a6a

/data/data/com.duowan.xunhuan/databases/hmdb-journal

MD5 d43b1c29894bbe55619c064de1dd049b
SHA1 3ed02cc89829044942af263ee1a5bcd62ea4a569
SHA256 a409492cd85d4a3d4d607376c0a767fd341c72a873e00548aeb23edf96219ccc
SHA512 07db4fa0037e9ed5287f3ccdfd86889acf68a11bf60feaa188da18dcf7f4c009af0146e0d4add314365e7296e7c7650a322ab174a3fe174cfb6416724d3d6996

/data/data/com.duowan.xunhuan/databases/hmdb

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/com.duowan.xunhuan/databases/hmdb-wal

MD5 77b8030cbe084a06379035d49fb61d7b
SHA1 8df659ba45f71953a93654bec2f0ad6516c8eb97
SHA256 eda8f3b66bc4873e6e827ccb0150e78fb63481dee5610b9d4cfdebdc31cd6502
SHA512 999fb71c6abdf3b6b1932fba6ee465451289d1dc9e84cd86175f3d33b745ba8befd43b7e9dd5a477c1b0461b2ed918b51b95530ea6ea682a752fa61df52b3ac9

/data/data/com.duowan.xunhuan/databases/logdb.db

MD5 be5671c81eff187a640eae8b1b07c320
SHA1 ab35edf013dbaaa267db3c871bfc2c18ba68ca2d
SHA256 4351472efff537a26a79e22f26d027596234d9d5245342161103a33215494a40
SHA512 24658194aa0804bd1057a7f449ad7693162054519746b6e326730f5c6d4539ee9c31307d74bb81dc3c42c526dee84e257799fa6bf4b98409d1ab27c24c730bb4

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 abc81ab80feed79683fdbbeec6e67119
SHA1 96885aa8a46edbeab27384acdc2bf963ae195865
SHA256 1cc89c5f1d3ff9c609bc6f2430666ddaa7bbe9639de990f863df859e8dfe8487
SHA512 986f80eacfe38d72b8b2377014a1dcde50958f7757f5b8a96e101757e98e566e0d21e6eee596ac05864410fc200d5d16eef412519b2ab31f28880e377e557a74

/data/data/com.duowan.xunhuan/databases/com.yy.shortpushsvc.db-journal

MD5 6897a611cf71834845566fed63d3624d
SHA1 eb3e2bd13624528bd12fcdffb54774c358beac64
SHA256 fa3773004489fbf0fc2e690e36682db5831945c4890a7bbf9b17fe3d39b982f5
SHA512 99163e8f45ec271fd8735fe19414eb256abd77978a5446e616bcd7f70a118e9b0109c2a10110b28812930b68cbc3b5f109a74cedac6d2d773de31bba75b140d5

/data/data/com.duowan.xunhuan/databases/com.yy.shortpushsvc.db-wal

MD5 af68381a57f31e91851bd7c22eeba739
SHA1 87b835522748f2cb849520b8cebe8b1b700c3f64
SHA256 48cf985be85262ae2ce715a506c655bfd51269cf26bd65b8f69aecbcf850a0d7
SHA512 252fd414c5ea3bbb61f3b688300f9ace1bc13194e48c5545ed1fd74b7b0c5cb3adc117b422d9a20ab942741e6f27ec776d13612b1a112a6b2987a2f90a15d1a2

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 b2d517131b3f237154ed3165a343e785
SHA1 d174a9e4163983165ed2b1d0be783c9247efef47
SHA256 0dfafd4d4841d59109227c2579e2caf96f150cf06a3c274d0b90251b91bbcef0
SHA512 14c64aad95cd0ad4227404d0d2781787a1c2a8f42bfbc38495bce55317ba9f17ad8f4802fc8965c7964696d508f45f029d6c14dcf5b19dd98c2006fec7f96801

/storage/emulated/0/PushSdkDefaultLog/com.duowan.xunhuan/log/pushsvc_log.txt

MD5 b6692188ba5801a9e35a8f0b996f9ca8
SHA1 00709dce17903957a38db5d530c6c7c98e6afbf3
SHA256 012186b33dc0faa26266e43fbb79eeae4eb8399a90e24b1093f3c424bd71fead
SHA512 91ca801d472aacc5d4167c2b37d32a53c7e730546fadf223ffa3d782ee82075b583d7d9b934c25acaf5d795684ed6b8b562ba348493d24554ee48d2aa26e2586

/data/data/com.duowan.xunhuan/databases/udbauthlooog-journal

MD5 e8656913085256949cf637da011e07b4
SHA1 8bb5405f983e553373df20e816dc731f1b271112
SHA256 36b2c1198c76a6a2bef03d801786c2d69fc5296a04899ec3270116d4ffaba9ce
SHA512 ba97e9facd0fee86bb82f857584b6559b85165883b252400345fcd089d4c54a9a391912bbb168a553db0cdaafe39fa5e300e29faa93b7df5b541cdfc128a110e

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 f3d2bf99b1ed8854247794523e5ef7e3
SHA1 09e6357648ba998b38553f585c29224f1db159e9
SHA256 d22a5985eaf86e8d84562efeab07aeb66eca7f50625d737a21f8b3fb85749dc1
SHA512 0d880d4e0e52dd1831077d3f972fd31e8b756a52cb1f0c64861a414c5ac7c7866a4b6363944acbfac57533c209b34ae00bdde742fbbe8505262950a6f7af0b68

/data/data/com.duowan.xunhuan/databases/udbauthlooog-wal

MD5 22bff205865a7366f543ea083d153211
SHA1 1a70ca4ddf89219ba77df39e01e955a9189bd24c
SHA256 7f9ad936821116169e43a91b65fc5256c1e9b385d049b77a30e3ba7eaf7e4efc
SHA512 46398fbd4c5982d120af104a09d2932ba76eac5581185c67a2b34b7e22426b81da65d06ede3041f1a5b0e81e20b68deea04575546b96e8207e503bbbd6216f2e

/storage/emulated/0/PushSdkDefaultLog/com.duowan.xunhuan/log/pushsvc_log.txt

MD5 d3a8af267cd3ac842fedf246b1310bb7
SHA1 3f5a1aa2286e66fa8df4a0286c6325babef8d1e6
SHA256 49393c289cda8728dc59d13fcb8e8799a469acf95cb19b50e7040454c26182db
SHA512 c8159edd7ab6604722ba68006c557876dd9b50bec2a1ca439b4d750be5f061b01a278b06ccd9071e732415a8e18fae766fecde75694fdf24e307517d366b2503

/data/data/com.duowan.xunhuan/databases/hdstatis_cache_4b04df0e.db-journal

MD5 7f26171616bc1fc5e0ef730fb41d9507
SHA1 6c9b1d06a6612460680c06d1e188d74b69acc439
SHA256 05a796be08a57cf06f6a11782d6e5085388cdcafaaa1232857c4389725821670
SHA512 3a40aa02547c69be3aac0c1de6aa959090e73ca26abf029471d19b3379b4e652bf5b2f84a1cec43a3740820640638f8f3ebe739a3d2a3df134df16c66f531fbe

/storage/emulated/0/hiidosdk/hdstatis/com.duowan.xunhuan/hdstatis_20240615.log

MD5 00e3d4ff80d166c92bc6f5d15b3e7352
SHA1 74b9f4cd1879eb12620009be41465cd91739bd3a
SHA256 84f56208ff1f2988f7b291c3c60e744c59367d89e8ad7b00a1a9543886111a15
SHA512 ddeca5c18ec27f7a7add7146b1a5c17570150baa84ebafe74df0bc84d618bc984173543c40cab92c9b2506728dfe1cf15a9aff91f9b93f369a264e9d442ab386

/storage/emulated/0/hiidosdk/hdstatis/com.duowan.xunhuan/hdstatis_20240615.log

MD5 1f3e5050b62040e9b832b31c225501c1
SHA1 6df463dad86a796590e5b6bc225b75f5b085e6c8
SHA256 2fc80651535155d20613ad93f35209c9ff737aeea512b22f7b5a81cee3699113
SHA512 0054935f20e675f3898097d6007f41eafc56d20bad857867b16a2304a93c587dd88366f1f038410807085c8e51dbc007b5dcb7956fa01bd25a80c334e5cdcad1