Malware Analysis Report

2025-01-19 04:52

Sample ID 240618-ak4a4szdmd
Target ba3ec8784205b6d1327c84bdbad2f706_JaffaCakes118
SHA256 e2af7cc890bc1fad1ea2ab65eb1d2039eec5f4f76d5054c5304c80bdb1c4e45b
Tags
collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e2af7cc890bc1fad1ea2ab65eb1d2039eec5f4f76d5054c5304c80bdb1c4e45b

Threat Level: Shows suspicious behavior

The file ba3ec8784205b6d1327c84bdbad2f706_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery evasion impact persistence

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Requests cell location

Queries information about the current Wi-Fi connection

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Makes use of the framework's foreground persistence service

Queries information about active data network

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 00:17

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 00:17

Reported

2024-06-18 00:20

Platform

android-x86-arm-20240611.1-en

Max time kernel

118s

Max time network

188s

Command Line

com.yuewan.main

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.yuewan.main

getprop ro.product.cpu.abi

com.yuewan.main:pushservice

com.yuewan.main:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:80 log.umsns.com tcp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.106.211:80 log.tbs.qq.com tcp
US 1.1.1.1:53 api.momoyuedu.cn udp
CN 59.82.29.162:80 log.umsns.com tcp
CN 59.82.29.162:80 log.umsns.com tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 alog.umeng.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:443 loc.map.baidu.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 59.82.29.163:80 log.umsns.com tcp
CN 59.82.29.163:80 log.umsns.com tcp
CN 59.82.29.163:80 log.umsns.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 59.82.29.248:80 log.umsns.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 59.82.29.248:80 log.umsns.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 59.82.29.248:80 log.umsns.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
GB 142.250.180.4:443 tcp
GB 216.58.201.99:80 tcp
BE 74.125.206.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 172.217.169.34:443 tcp
GB 142.250.187.227:443 tcp
GB 172.217.16.238:443 tcp
GB 216.58.212.234:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.212.238:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.187.227:443 tcp
GB 142.250.187.227:443 tcp
GB 142.250.187.227:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 1.1.1.1:53 log.umsns.com udp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.179.234:443 mdh-pa.googleapis.com tcp

Files

/data/data/com.yuewan.main/databases/hi.db-journal

MD5 6feea1f697e956684779fbc14008798f
SHA1 25016342159255ae3faf2947f3e648e2cd829c1a
SHA256 07c31d1b7f46e4157cf7e2a7a017df2227826585651ca7c349c3fd0ecf596647
SHA512 b784317c79fa9353c5d07d107a124e7db8639c072323677547b3f2b9290bb69c76f0ae9a73c2aad92704fb8439d1318ca46003ada48df67a2bd2e2aae2df3af1

/data/data/com.yuewan.main/databases/hi.db

MD5 f4b1830c3fa097a646179a2d9fa17fbc
SHA1 d3608529e5a34a71b6428f97370afbeeb1c1f573
SHA256 8853fb620079c79759b68f7b5392a9b235afda50dee406b5f52c4ade7dab6f20
SHA512 9983551b5e45edcc7ae41d6556862ad33755d060125a0bdb9885587f9ec868d110914221de094d4e963b090e802a8e4a2356dd7524e024d52595aa75430a2031

/data/data/com.yuewan.main/databases/hi.db-shm

MD5 4b0f4b04271ee38b384fd34a1ea0a20c
SHA1 a9e784980686c412166c904fb2999408b11a5e8b
SHA256 d2be7877a0a2f798add8c0e379e43c78e91b30f252250dd2291aa56283dff4f2
SHA512 5e58df6b87a29a0c5c751bd3c8d4b0a6683d95de7b9686767beda486a24b2a9ad484e66b5ec4bdc366f0d9e43871cb209f520ec64cef8347e3e92976502e2ac7

/data/data/com.yuewan.main/databases/hi.db-wal

MD5 0f597b4a5a08a36416b44d4f35a5819d
SHA1 4148650ffb6ae59771be8283e2b4f4b52343a0ed
SHA256 a6221860ac10d2c17867ec1583f935bf6b5eb909e6b8e2b2c7825f404c75e078
SHA512 8ab0a245051618b9481140b841efafd8c7dafb02f7da81f3a2e1f9ff5add52a57f3bbdf156177f0cbd0eca04799b9cce6ac5a42944e5adff6b922ecef5379352

/storage/emulated/0/Android/data/com.yuewan.main/1109171220115678#niwoyuewan/core_log/easemob.log

MD5 7448f56c5b6bac858f07878e46d14115
SHA1 3690581df5a43be84a7c1c19a4b80937d40806f2
SHA256 407cc6e1221a211d08f169691c4247a9c4072a653ca7425c585edcb1ea547f79
SHA512 71cf8ff86ffa9f7168a9360ff3326f8141bfdfd0dab215db6062177f5943b7abdd6663a5b6600c2d040ba934b7aefb74ee3e7df7384c11cbff7db60f5f4ab563

/storage/emulated/0/Android/data/com.yuewan.main/files/tbslog/tbslog.txt

MD5 82d9ee30ad7b20bed36aac2d025026fa
SHA1 802b9d2c0fc3ada8a5938d11515d21e63d599478
SHA256 c8a162a243047f9124cac90c8435fe682a6f0319bf6df14739ccc4a5b6af6e71
SHA512 93696e1032f76a9c454ebd5e7007db870292c2e64ac411c0cc13b0dde1d47341691531e2682a284e3da49a138aae4c538352cebdc1ae9982995d57f9176c0ecd

/data/data/com.yuewan.main/databases/cc/cc.db-journal

MD5 ce86de425ec1d09b61a2a925668ec7f7
SHA1 6e7e2dfb5357396f4d59bbb383c089148054b79a
SHA256 e82eae2dbaf675a60e33fa1dffe5dcfe040ca3edcadd8ea1fe206109dc7f0102
SHA512 ef5bbb9e1460f292c6fc582feec9099fd4438123d9ca38a5b032ec4ae7c7c2049ff15309fdaa9b0c4e78e93b1039233db630af2de9b6e827e12efc9859943b7f

/data/data/com.yuewan.main/databases/cc/cc.db

MD5 a591c0d4ee351bc688a6375c8a22fce4
SHA1 62eb32a187df2f0c5b10ba8363a1d3b6834fda85
SHA256 ffef075cf2fdedd2dd1b8ad9438d584bfa16895f4d67d8c8b2889e4fae2e72fc
SHA512 fd63b3346b6304788d9a202af22aeb02457f4533b4f47f5feee3cc415eba8996c8a6691b4526f23bc81c5eb517b56b626578fba1e212e1e9cdc838bff0c92104

/data/data/com.yuewan.main/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.yuewan.main/databases/cc/cc.db-wal

MD5 4028f3d945bf00a0776096b0fefde470
SHA1 75a8180493b123cabb08927ec3b8ad1a836ffc87
SHA256 34368648ad917ad11effbb273064c1a6397e5b2cb518276a53e9fa4f915e94b8
SHA512 edba375b7c497949f5edc0fbbc46ad7b6e098b7b8e201d90d1dc5ba51563082bae1af8708112034f028d262a1d5863fd8df7f4a73920c34a7edb5bc5aeb4f188

/data/data/com.yuewan.main/databases/ua.db-journal

MD5 fc18b23da96014402fe0bfdf95651808
SHA1 ac2d1f84256c1975bfb261a7bcc68c8d6bd4a4c8
SHA256 01873edf4541cd64b86082c9e1e23c73f76f29f2ee2fd905064ea522a3b53ae4
SHA512 4887484d2662a045a5c9763f1e7a5a19a00e4fdcbf7513a7530d4fc73c599aa5ceeaee6d6038ad494306a1d93e0aa27516a750442421d8005825b49a19ee45b2

/data/data/com.yuewan.main/databases/ua.db

MD5 5a58e7cbb31c1e57e5095a66d7d7f589
SHA1 b5cf3821b3acc77d0aac72921de558f7b6847861
SHA256 6e717d80945246d338fcd7e34187fd5e3cf517dfb9a3331b8317ce40d73db479
SHA512 0cf75d7effb15787a5d802f3f71ddd5cbc64789191d493bbc01dfb997ed2d6f3b1c72b386ff814159d12021e3486495cafddf8468c44fc3046fed6b795aa243c

/data/data/com.yuewan.main/databases/ua.db-shm

MD5 9a638d534718a9766fe5612ac6820e6b
SHA1 78d369692954d070f272d1dd3b5ce1149182c903
SHA256 e4d5eb7ac28d8bba9bca673f08740d6ad6c544098c2a6f901f25c4f9a30b0ee8
SHA512 21e603597b4d0bee45294db3aa00e8845c20af3ea60f3aeb1d28b4ead250f567df9c9573f4b8366eb6143f752630ebb28a6e0b60efb47f18640ed8c81fea3ef5

/data/data/com.yuewan.main/databases/ua.db-wal

MD5 f8dc09e9414c8b636fba9a9c5fdc88e1
SHA1 15bf6735a1154c6e6fc54fd3f1784a1209dd5601
SHA256 01fc426b97693edb5e0936cbafdabef222cae85fbe51a406062188f0bfae20e4
SHA512 b784ec131186eec9e601f7953ca57960739caa57a302c1de5b36440aa1aec0cee9a9857d312e01b34d701f2487bb0cbd656d5c9b1549b840e935ba81cf51ebc0

/data/data/com.yuewan.main/files/libcuid.so

MD5 4376b7eb3ff3890b2749ee784f0da227
SHA1 94e67ff76c579312ba7c180c903c4ce86b7ebca3
SHA256 59ef93cfea5b023f9936615bc730437c05f8c45932786a4413794b35b625a501
SHA512 eb26d25b5bb1eed24b7566771887ab9b05a7545bb1f62834b68ae546d8ef9476b58aeee5dec497bcd2ca97b5c903187378a181593abe9e3f122bea3fb5d90601

/data/data/com.yuewan.main/files/m.dat

MD5 8b8d1d51c61d03209848366e61f3d3a0
SHA1 98f839f783bda936831bb31db934f2f963081519
SHA256 a847afcdde72f24ddb66b381ea0849c25d72629d5d8344643b409ea582cc1dab
SHA512 df494c343e80f9011a3564c6dfd51e7205d460bfad2a7c26343afa1dc9b74c2f244d86c006bd33debf40fdf3a7658090b7a083303e3216c40c576a21542a3e6d

/data/data/com.yuewan.main/databases/pushsdk.db-journal

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.yuewan.main/files/umeng_it.cache

MD5 e89b796b1d4da777630d6fc415489754
SHA1 1ba1aa70855c923c6d8426a46805f992c1158abf
SHA256 ede5e480ddb8caafa1e1522057503ac11d4da9ccfac20be4ac2d7f0607ca08e4
SHA512 8eeddff194ff5e85f2f9d71743faff30d9ad647ad1842e325ac600570159e66dd0f2bfbcdf73b1a418f8fa6a805fde9505e85c03c9bbde5fed90c0cb72a52633

/data/data/com.yuewan.main/files/.umeng/exchangeIdentity.json

MD5 e186116256c30c869bf92284c15c035e
SHA1 2240af2eb50d2e797b42a22fdfdd87d0f4879c23
SHA256 d9d0356b6718679e725a13f3a73ad0c774f0a3e5e9f73ef52ea66e2ad71b3c0c
SHA512 427250221c7a5f983164872eca2dc52420ffc7854120fec8177c22206efc5e38e49d0ad68cd3a878b2d7d5c9febc0f2fbd92d4a2c1da5b0e587b22cedca09789

/data/data/com.yuewan.main/files/exid.dat

MD5 ac24c1b00785c776626df2296149b784
SHA1 3f2b3db38bfd1904c78945604e5e79a83b2c66d2
SHA256 8425d6bd1b4fb0958435b9770d590915b43d96af8af06dbf807fdd02f2e45195
SHA512 9951220f50d86c9997eb0c6b4bd1b88e92719307a1d50fbb7f67817e8eb0cfbf88a8e4ae59580c1317b1d82c60301be58abc550117bb735feb99fdeae39a703e

/data/data/com.yuewan.main/databases/ua.db-wal

MD5 f6061c4826d8edb599bd5e5f903c81f3
SHA1 42ec5b357ad2f582da618d4a2b1221dfe6f34dda
SHA256 304c792fcbd3e5b4bab4f2cfeb3eea026b720644917e1b12a0b9d55bed543787
SHA512 74860c144b102afd8a49dfe0316787698b63f7726b77a437c9dbba1b243bb6b3bec8df1df18837882136854006891194f4111976605d91f5cfbaf365db0cb9ad

/data/data/com.yuewan.main/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.yuewan.main/databases/cc/cc.db-wal

MD5 2af819829b9e2dc313866538f2e778a7
SHA1 f24e84bd0d19f877bc6c69549ee32f317f7f40ef
SHA256 1dd285ff0871f6937bb42d7ac7045953c7914035e34dc8e82f335ccdbeffb993
SHA512 2f7ab310548aabd42127ef0a63756b2959ceda20bc8dc54f9841df5435e9c039e48d58127b31505613863911b23b3d268cabe41654bf3afd687efe1eb8591f87

/data/data/com.yuewan.main/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.yuewan.main/files/lldt/firll.dat

MD5 40319ba4c250db8f67824df61962c4c7
SHA1 6e3d4fcfe8b6700edcb891acd11b8daefe5eab06
SHA256 4ffb696007821a119fcc4e593ec0e5e6f8d165de3896d68c2d2b7e8afb056064
SHA512 6d8192d8f1c9f020c561bcc19b270ebcbc8092c463b1dfe96d690a34b4a374d1ce3b6ce836e273e120db003545bdabfb51def2b3e69b91a98e60df18d680a4d5