Malware Analysis Report

2025-01-19 04:52

Sample ID 240618-hxszxascrh
Target ba5976c52c9a0d06343c2f5237b2cf21_JaffaCakes118
SHA256 054c7119f8ead58079b47c955f3713944db0b9dc157c02bb47abe749d5c305f8
Tags
banker collection discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

054c7119f8ead58079b47c955f3713944db0b9dc157c02bb47abe749d5c305f8

Threat Level: Likely malicious

The file ba5976c52c9a0d06343c2f5237b2cf21_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion execution impact persistence

Checks if the Android device is rooted.

Queries information about the current nearby Wi-Fi networks

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Queries information about running processes on the device

Checks known Qemu pipes.

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 07:07

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 07:07

Reported

2024-06-18 07:10

Platform

android-x86-arm-20240611.1-en

Max time kernel

139s

Max time network

190s

Command Line

com.zhangmen.children.parents.am

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.zhangmen.children.parents.am

com.zhangmen.children.parents.am:pushservice

com.zhangmen.children.parents.am:QALSERVICE

com.zhangmen.children.parents.am:channel

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 api.sobot.com udp
CN 203.107.41.32:443 api.sobot.com tcp
US 1.1.1.1:53 i.tddmp.com udp
US 1.1.1.1:53 cloud.xdrig.com udp
CN 116.196.71.30:80 i.tddmp.com tcp
CN 116.198.14.43:443 cloud.xdrig.com tcp
CN 203.107.1.97:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
CN 203.107.1.97:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 tcp
CN 59.82.29.162:443 log.umsns.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 116.196.71.30:80 i.tddmp.com tcp
CN 116.198.14.43:443 cloud.xdrig.com tcp
CN 203.107.41.32:443 api.sobot.com tcp
US 1.1.1.1:53 app-gateway.zmlearn.com udp
CN 203.107.41.32:443 api.sobot.com tcp
CN 203.107.41.32:443 api.sobot.com tcp
CN 203.107.41.32:443 api.sobot.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
GB 13.224.132.113:443 app-gateway.zmlearn.com tcp
CN 36.156.202.75:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.177:443 ulogs.umeng.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 av1.xdrig.com udp
CN 116.198.14.54:443 av1.xdrig.com tcp
CN 203.107.1.97:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 tcp
CN 203.107.1.100:443 tcp
CN 203.107.1.100:443 tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 124.239.14.248:443 umengjmacs.m.taobao.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 tcp
US 1.1.1.1:53 httpdns-sc.aliyuncs.com udp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 106.11.61.137:80 tcp
CN 106.11.61.137:80 tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 116.198.14.42:443 cloud.xdrig.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 116.198.14.5:443 av1.xdrig.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 116.198.14.3:443 cloud.xdrig.com tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 116.198.14.49:443 av1.xdrig.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp

Files

/data/data/com.zhangmen.children.parents.am/databases/MessageStore.db-journal

MD5 92f83ec46233e626f659bba81a556b07
SHA1 f70d078144b60add3b88ba21c3c341f54bab76f8
SHA256 821c8f62a27aa6ad967dba3ee8a3e874a332a648fafe214e6378261aafcfefd9
SHA512 3ed898f4d81fb03cc898c8ad9219661f651ba2afbfbd457c2026a606d4cf45d12df1c37a351451f71c75d11caf0cca88a260a6defa6dff2e21a0cb1dd341c098

/data/data/com.zhangmen.children.parents.am/databases/MessageStore.db

MD5 f544abfb471c0b32d16e13374db3b7ce
SHA1 14d463505d3a278bb2d5c8e1033cd44cb3d5f95a
SHA256 36f65c9acbdf4f96dda76ed8ab960bf9b35af283f8585e37b6aceb6382927134
SHA512 2af8f743d76f96771ff6b3e542794aa841a66504f23fb92ba126a2229249490f879291721da325dc6df70fb78cf9d345ddca320e32b43cd8e4f77016b8d1e898

/data/data/com.zhangmen.children.parents.am/databases/MessageStore.db-shm

MD5 8986c651fa947723f48b8b9af4a9104e
SHA1 7593c7fa9c13421be88063bc9c1772a7d362b043
SHA256 32934648655338cbb30fa82e16ea2ab5a39bb7a56fa588bdca20968abcac4beb
SHA512 6f340250cd9afd8813c148bfabee376449273192463a42fd86829d31424e0d96dd401b0108aa8de91a126bb4a0b5a011c1a9bbb3cd82bd9ecc02071e957e7bcf

/data/data/com.zhangmen.children.parents.am/databases/MessageStore.db-wal

MD5 4342a29ddc6becbe57848bd504d3e7d5
SHA1 feb7f6295f7c28eecce55fbdcb1eee4c8c923933
SHA256 1f291eaf7b648667858a5f4b128db1d0cbafe616a552a4d4a9128573c778ddfc
SHA512 710889320a1ad56f22bf44f612130853646eb6c3aed79e19c335b3b806a3c1fe91d071d3cceef33b2581b2bc1fa9238eb019551005d1068c6b296752af758b37

/data/data/com.zhangmen.children.parents.am/databases/MsgLogStore.db-journal

MD5 0ae45d89434bd26236a80da3f4f886d2
SHA1 6243720108680629c44f65a03018bfa6621df4b2
SHA256 f83f421b3e0874e9637932edff23fd17d25dff6b88a5aea0e341ad1c9507675e
SHA512 611282d6a20f872f6e70d054ef6e071ed1d78f28bf5b4a9a494c390308b29bb31d646afb947f44cb0eb1b2a4bac475a5bb761eb129063a6fa6f468b9253f08a3

/data/data/com.zhangmen.children.parents.am/databases/MsgLogStore.db

MD5 486e2bac2b3e9e1cb411d2838a4854bd
SHA1 81dd0a7537f4af319b830ae834908986be85da8b
SHA256 5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512 c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

/data/data/com.zhangmen.children.parents.am/databases/MsgLogStore.db-shm

MD5 64957b332f097ccc95f4749ec234f507
SHA1 2011f5210825f0a15e042928fd861bc09c808a30
SHA256 02ea5a7a13f7795dbeee3294d3161e328f3a5dea3b2b02aed3f49bd6126f14e2
SHA512 c8ae0976a203661b45a381eb6c47c0bf17d767fee4932af205a030ea22eab9f65d9b129b81db981b3603867f5e45e1e3e48a49814aa8c37a3b387d5710103761

/data/data/com.zhangmen.children.parents.am/databases/MsgLogStore.db-wal

MD5 929b2b5722d3b6c1200a3599123160ec
SHA1 3fccb5343ec3b6329b3e9a955689eb1c50af782e
SHA256 be809ad47fd94d7da97a20b3b78589ced5e86a8c303a740f0f754840a7406167
SHA512 bb6846f380b29f91598a8ee2c873c527ffdd1b43927a4ca4234d3ac8a02f43600279ab5b0b72a0baad983e743934fa3d0c0a5bd57953d46de6805f690b310dc3

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 476c3f6f1a3977acbce57fb95191ff7c
SHA1 75275d6f06afc4df427ac9b5fef12cb49bfff6ce
SHA256 e55a1487ef9721503df0a8678887bf27bafbf229c3535342c38edd8fdcd3b61c
SHA512 eb4d3fca42b0399e6b5b03a4fe528c6e1200179ecfe5d24208a014a35db36c63efb1e544901f81c539c629f3872304bca4065d421e67fce00b68913314ba3119

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 072464a38fb0b5daad01935999747197
SHA1 142759193943aa87a07f97c80b3fc3f3d72c2acb
SHA256 83dc966c3625e1401d0c1c401d2eed0027be60609523861e43238f6e8069c3db
SHA512 12a44a39210f1a1d2f56d32962b1df1b0f15879766934dcd69cd234170e38e977394847b265ded9c7aaa810abab6d84c3e45d4acd7d7bc9071deae2bf80bd95a

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 b15b00bf90b7c93b3665eda88fbc4808
SHA1 5d90cbaee0798753afcad7e6555a92d2567dd02a
SHA256 92882182a7ffae56437ee1b2b3a68ddc0594b28c1e3a4254920023015cb4b429
SHA512 cbea5c61e2043c01bbf5b0ba79e45106bf011e29447317a4bc66560afb52177f2268f5fd95d84868152b25b1aa4368256392d24eed3f4fb9a56cb2eaa1b27059

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 bd90c86ecee0a66ea60030359c19d25a
SHA1 a6c4269858c306351fae51cb4c9074fc22b50146
SHA256 72dd775bab3ae2a281ca647ab71cea4d3e738d5e2d1a33eb950dda1c8f9484af
SHA512 f14c44ddcc3d546602548a9ac7ab5da969597a10b1f7257c8fb25c8fac72ca11a6c882df695a2dca5f6e445d5a469e156a097a94523bdfc529f0dfbc69d60b58

/data/data/com.zhangmen.children.parents.am/databases/bugly_db_-journal

MD5 ea88e95a5873ce735afb8715dd6601a1
SHA1 b978120b3644604a9c0d36ad26281786f4134a02
SHA256 62b883ad20f392438cdede126225b1594a632eb4db15444553361f62fe8cdb57
SHA512 3881012cac84e18ab67fd2429578bdd2a7398cd86b7f21fa9492e88486e222eb5218b07d66942536b997bd646856aa2e38f498a7c8e3b29c51c9969ce5978077

/data/data/com.zhangmen.children.parents.am/databases/bugly_db_

MD5 248acf1edb3cab91ce253b4c38aab0b6
SHA1 49620db6aaeea1a1a9240283810eace4d606b028
SHA256 86c9e0f070e0cd88e532ecb6609dffd41a4a6b48ebe15458c69d525058dee36b
SHA512 8d2d55c1ff1779e4d6ef8ca92b9e691c97fb458e20ecdd7597c9986de534f9524591334e8603fa17532dc826c9298e51bc948efb5f20b86c48114243fc38d264

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 782263b0a0c92e2c9d25c5cbeff66b74
SHA1 9f855e5d2efce1fed17ce26632e425b9587b7173
SHA256 81d5b83a825328c7f96bca359792615f674f78079d831002f20c9e7f79e47175
SHA512 3641af46cadda520cade75012201adde7f69f1ed9705d82564d21f1a15ad6929a7bb9e4ae173759f8899d29c0316897b02ec2776c787ee681595f477e6612367

/data/data/com.zhangmen.children.parents.am/app_crashrecord/1004

MD5 2a0b696f91d8b0d748a25e8af2e537a4
SHA1 ca4afbc69111e886c7a283bbf51d7e70f1adec87
SHA256 dec45c29b42e8b924d37b884351abd1e68a3e4e32b0be841b7574f511285d06e
SHA512 341d1b8cd9abb95dc01751629ebfd561a57f411e7925b4841527979a5a75c8ef1fd29b0ee2ba057989d219ced96b290af140a43c617ed31e19a3a9bfcdd4dd16

/data/data/com.zhangmen.children.parents.am/databases/bugly_db_-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.zhangmen.children.parents.am/databases/bugly_db_-wal

MD5 5c53652b40f528ec82eba08d2cc1ec41
SHA1 fd641a1bb8513832d04ecc02df60b37f47b3482c
SHA256 1b80c3f0019d8b0ac8338d3afc9e2be45ff4e59bcde4b49ccbc310df18899e54
SHA512 41c10d72f0119cd81a189b118afd29d4742745cc40d8b65236547cab66f9bac26e163ecb23afbfa24663a4f70d5b3d44064ccbc6b2862b5998a8b75e3f0599c6

/data/data/com.zhangmen.children.parents.am/databases/accs.db-journal

MD5 cca8714a493e0e3ccebb7260afbcaeef
SHA1 36a1bc8f8a8153a89da1f48bb1fd53f7834b2193
SHA256 e1564b89bcd26ca8377496c3e54143ca6669f49c647ba349d37a36c42ee0ad47
SHA512 71ca2d9ea5619c99dff2f9c7a24ab9de5fc381ee90073d2ccb3730f1f10cf5967ee1b584ef830fca3f2aa962924388336345cc6440249902d45f848831c8d79d

/data/data/com.zhangmen.children.parents.am/databases/accs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.zhangmen.children.parents.am/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.zhangmen.children.parents.am/app_crashrecord/1002

MD5 95696c5aa4ffac4d3a4dadb68d83c5f4
SHA1 c8e22234d5a52ffbecf977c85a1602a8d10254b5
SHA256 19ccecb8e294852160eabff86986ee832233d1a9762100d3bf4798d666bf8faa
SHA512 2dcbdf7ad6e065e1d79b13a0e8c280827fc009e01fb2e52fc916365c26f3e01d2be51a475946b504b47d1b14fdf5c848a96672b422fbcdbc1e0ca8524e2e640d

/data/data/com.zhangmen.children.parents.am/databases/accs.db-wal

MD5 8244e6d8660c72d5fe47945974713f5e
SHA1 6a0636491b12e7fc038d5dcf9fee044893eef6dd
SHA256 39f61b21ad0f4da0dd5a6a611ca01b93f23c6f572bb48113e1477006b89cadf0
SHA512 67e71d727fc14b80b395631c9cfd4cbb1797233a900ac3b80f0733272cec6e064c5544bd923db505ddc8dd4a189e9e154aa6cac2c28ae4f4ec38949ae7209204

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 fc6d953344424e0f181169f8aa9a9a61
SHA1 3b3da8cd6eab794024ed6d5430196ef7352f07d9
SHA256 2800d40bfbeea101cd67f32eeb2ea2850d4a8440edc5d267c356494de34f6d55
SHA512 b3a58432e75a45da68781805611de9c736562fe065e860cf8848ce451cab05dfa7a8419254763e95b73edce75fdd0ccf425a76466d44a461a5cd2d58b7cdd103

/data/data/com.zhangmen.children.parents.am/files/TDAntiCheating_Switch_Value

MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA512 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

/data/data/com.zhangmen.children.parents.am/files/sobot_chat_log/sobot_chat_20240618_log.txt

MD5 3da67005b62672e33b0c71c3f9844c89
SHA1 8d0337c89fa01411a6ad7b44897ab46513343863
SHA256 9cd8abe1715e318414c988a77d908c313300bd65bbc2456a45fa3ab5a48fb0ee
SHA512 acf7191f934604fc69d7ed7122e183fab2c9d5bc64614c81839649dbafa2cc93b7cae3c6e4898a0ba5c8c139199e05bcc65e5c560c1bb1aad892b0388b2cfea4

/data/data/com.zhangmen.children.parents.am/files/xlog/app.mmap2

MD5 06ae8a01d80da962c7987c264af64cec
SHA1 63a497994321f254b535a846ce89f076d4e378ee
SHA256 0c5cc90b079d0d9c1ded1376357d23a9782a704a83e01731f50ccd162e246492
SHA512 8720928fbe7cf8351c9dc45cb1a9c8243939c7e3c9c6957d24dbe18c0819d05ea7475e3953018f0365461fb2987ad68d8ec9f59b03aef3adbd3e4ae8ebbd0427

/storage/emulated/0/.tcookieid

MD5 10825525f71251279c665531cb84dafd
SHA1 a55283141737283815f1fe80f48dd3f560e6a9c4
SHA256 d24df8177d9bb97fe68b795a2c3c370b13a2b46e654eb5c42bbfa46de6df11e8
SHA512 c59e565598bca4f96c21c1faaa7eba460e21910c59eef4e986013b628c632d79873a907c88ae452f335055b36411267c329968740ace3e2d0374e1541b2a6186

/storage/emulated/0/Android/data/com.zhangmen.children.parents.am/files/MiPushLog/log1.txt

MD5 879993aecd0dc49a798b5b9bd6761f30
SHA1 77eea33844f297c5f3065e7e07ad4f6f3af21424
SHA256 5759efdc49164da77b3d678ee7ae7327fd1219d6400422e9594c4011992c387b
SHA512 822fde1611f31a0ccb782d2530f6f4d916a7437db6c5904e23c46e5c5d4489f7840be470f41ce386d697c06f125e6fd3ab2c77afaaffe25ffd9d9b96bf0c3b37