Malware Analysis Report

2024-11-16 10:45

Sample ID 240603-ltff7abg64
Target 9155aaf0ab86031967ac54478a436fd4_JaffaCakes118
SHA256 6ed330f0682e1a0b1afd97b26b77d6bc221b7d9c615bfbf99da8e238645618ca
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

6ed330f0682e1a0b1afd97b26b77d6bc221b7d9c615bfbf99da8e238645618ca

Threat Level: Likely malicious

The file 9155aaf0ab86031967ac54478a436fd4_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about running processes on the device

Checks CPU information

Checks memory information

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Checks if the internet connection is available

Reads information about phone network operator.

Acquires the wake lock

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 09:49

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 09:49

Reported

2024-06-03 09:52

Platform

android-x86-arm-20240514-en

Max time kernel

11s

Max time network

131s

Command Line

com.wawagame.app.pixeldraw

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.wawagame.app.pixeldraw/mix.dex N/A N/A
N/A /data/data/com.wawagame.app.pixeldraw/mix.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.wawagame.app.pixeldraw

/system/bin/sh -c getprop ro.board.platform

sh -c getprop ro.yunos.version

getprop ro.board.platform

getprop ro.yunos.version

/system/bin/sh -c type su

cat /sys/class/net/wlan0/address

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 sdk.e.qq.com udp
CN 113.108.27.88:80 sdk.e.qq.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 gameapi.orange-social.com udp
US 1.1.1.1:53 ecommerce.iap.unity3d.com udp
US 35.241.22.100:443 ecommerce.iap.unity3d.com tcp
CN 47.104.65.209:443 gameapi.orange-social.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp

Files

/data/data/com.wawagame.app.pixeldraw/databases/bugly_db_legu-journal

MD5 82f348c1f7b0f4381ae6f3f43b5aeab4
SHA1 5aab5edcc122cd486fac34c46111a4cfc46ccca5
SHA256 d95c4c2b65ed13a981f7c150ffa8565f8e9de9e4ac8bc13881e82fd4b8684b50
SHA512 ee46a08880d04d99e7b2db115a24ab2e5543f8ac3502db892e557af11f99ba5b6e487225a5b4dbe500e8eb0308dc946dcdab1d883325a2c57258b37405ef135a

/data/data/com.wawagame.app.pixeldraw/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.wawagame.app.pixeldraw/databases/bugly_db_legu-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.wawagame.app.pixeldraw/databases/bugly_db_legu-wal

MD5 66ead246d32033ba05333e81ef67b764
SHA1 c9bca0e38957fadf29be48a1ea758cd59ff442c0
SHA256 f937805beb9549145608b58383160ebb8a3e38b1df9ff0f06144cc3f5efa60b3
SHA512 a569f6b9a489e473ab149ceb8a1fa1141f41655b77da8a0fd9864f846645e6481529772de85c551803d90348f66ecaf644eb7a0171cdc38e5438965c018b5f7e

/data/data/com.wawagame.app.pixeldraw/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/storage/emulated/0/Mob/comm/.di

MD5 70a42cba408700f9a6c01c7941a8829e
SHA1 eab01cc2c0671538795fb0b1146017dc099d0984
SHA256 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA512 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

/data/data/com.wawagame.app.pixeldraw/app_e_qq_com_plugin/update_lc

MD5 dce7c4174ce9323904a934a486c41288
SHA1 e117797422d35ce52f036963c7e9603e9955b5c7
SHA256 0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f
SHA512 d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

/data/data/com.wawagame.app.pixeldraw/app_e_qq_com_plugin/update_lc

MD5 0bcef9c45bd8a48eda1b26eb0c61c869
SHA1 4345cb1fa27885a8fbfe7c0c830a592cc76a552b
SHA256 bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec
SHA512 91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

/storage/emulated/0/Android/data/.mn_410185822

MD5 e8be01a3d651b9f955cbb28d7fe2f623
SHA1 04010f8b539c2e98c8d7b7752e9879547aa9dc0f
SHA256 97f36bba6fac1a853fc47a62ed426b46325a58a209d20a7c232641ffba4e44f4
SHA512 19eb61bf037bcc667e6a19773beee13011faffc9a5f8efffebddeb5e27e017bc47f26e143de5e9f471668bdd9eb445fb85afda410b065f0d3ae323169ba4b34f

/data/data/com.wawagame.app.pixeldraw/no_backup/com.google.InstanceId.properties

MD5 52755ae63a28c565357c4f2882476ff7
SHA1 f397f1e2413261a2edda9b8c6306e73a1606845d
SHA256 5ecc50aaa3943306a134b07a7b489430607d5dcead07d05c36c8b1d6cd8267bc
SHA512 c53842035ff680612eb96d8d798d0df54c81b3f596f0739732b9988b03da6c92b5ae818c54fc25016204feea00dc5b98c5f345607c3294e5f297b4629974ecda

/storage/emulated/0/Mob/.mcw

MD5 f8c4d8955f69864e10965386f4fba522
SHA1 e6bc7af49f9d9c111e0dab6109615a7baf58ac62
SHA256 993cc8cd5e38b0bfd7bfb20059f36d3fc75cc1bb496ac61b66a961b251acf128
SHA512 5ccaf7fe71b83b1f67c87c6953bdf994911d5b7e81afa95f45d2d58a9658adc38670b0eb683018d226ccdb283f12e7ed4beb30eccf4f5a2805abc72a45732a5d

/data/data/com.wawagame.app.pixeldraw/databases/google_app_measurement_local.db-journal

MD5 544c9106cd868729832c6969660a1c32
SHA1 c7a86c79e3220b3b787ba47fd086d4293dde3f68
SHA256 85541da42f08dc8799416b939be6e0c4b2baf907d30ff165cd9fe75f103f3a8c
SHA512 9fb52052f8749ae02c1b0fed919aa507db79d772eedd03e8c6e8cd8c30b16ce23c62c94413ba80897969869d98c3cdbe5635230962041b014579f4dd6875e242

/storage/emulated/0/Android/data/.mn_410185822

MD5 50ec57be46f6c13fb3730ba426a7f846
SHA1 19534861729f02ce50168d21170d1bff5b9bcd44
SHA256 b1fb1b4cb10fe283e2229990688c3050d0b4439caeddc055a972b9d8b361e60f
SHA512 5f9638fd1ab72a331a8a029f4abfd3e85553b95b7aa7507aa3e28aacf7ee94f6364966074fbfd0a1aaa7405e627e4d7c2719735faec5feee4f53860dadd4afa9

/data/data/com.wawagame.app.pixeldraw/databases/google_app_measurement_local.db

MD5 ebd16983b02a880456c40334e969e0a4
SHA1 cae40435b24447a9eb2eb9bb2efd1ddf9c7942f2
SHA256 4183d212a0ba318126a45bfd895d323f3ed328d0e522b72b57430db5a4d74cba
SHA512 0e5d180ef900d8114cecd1a2c0c6f83017d5b1c8e38f26c79f116a3180039a6b089ec7317f0e22512d876662c5372097ca03b92cc6cf1ab537d202a26a9ec7b4

/data/data/com.wawagame.app.pixeldraw/databases/google_app_measurement_local.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.wawagame.app.pixeldraw/databases/google_app_measurement_local.db-wal

MD5 18d62115a1f1d687b3e014d5821526f3
SHA1 022a033232e50a0dc26b956e1dce788a3a5e4c73
SHA256 d6236ef12e5a9b274bc3c643faff60de1c934da3e74df6e80a510d5c89337167
SHA512 97045e9e382eef6d458cf83fcec93927b2e5430a8eb814ad09631e868b36a4109de3d777aaef3d6810ee08713ac30e691a3bac40f5f3da37b9b728fbd29b3777

/storage/emulated/0/Android/data/.mn_410185822

MD5 b7c524faa6e473c31dd55905ae3df4b2
SHA1 f30f5e334bb634f85a93e01aa4562f61738e64c9
SHA256 300eb69ff5f14934a3e59261843f855bfaddef8e0b577048edb1ddb4b46389ec
SHA512 0dcb75c11e8b0c52ac7c5314763579ce986f542428f42e5348837b077b5b08b4993e6b4e2330d99d5e4f1f430db55d6283fd03173caa0f371c5757490722ea73

/data/data/com.wawagame.app.pixeldraw/databases/google_app_measurement_local.db-wal

MD5 59fb5ede95427311745094cf5fd241f0
SHA1 8c5cf86e2cdcb7a9027658f1e943e5f7cf66f305
SHA256 97065d1ed4d30e3a9b603abc64851d730142cefe59d4ae74658c06b9d3b3da08
SHA512 203ecd740a7f961e72a7a9b87d5f37827aa6dd461fb9d68c2ae725562e6dd77be8d609a66d00917072bf4f28b53c5ed0e46cd86a0c974abb75bf7787e317eb45

/data/data/com.wawagame.app.pixeldraw/databases/google_app_measurement_local.db

MD5 6b63b92f6d4ec960961ab1deba76d015
SHA1 bf6ffccf76f70b897c1a6cb46d129418190f509d
SHA256 a16377ad9b4b59218937f24a93699b9a7cc2409814ad71504ffb45c59fc699c9
SHA512 43e6e2290c76065c77021b625e5f31d41df9f98b2efec0db7e363c7b34bbbeccff92699465c899a34400ddd1195d67f580e4f0eb92479defdaebe4ea24fd9e21

/data/data/com.wawagame.app.pixeldraw/databases/bugly_db_-journal

MD5 bde704bbc3c053b0de46d5eee87f4116
SHA1 5387631af60de3136f8c5a2dc1e671064efdbe02
SHA256 81c9110996fff2f5ad11c5159408646b00f7be2fc03d0d7e24294cf7d01ccb97
SHA512 a0ac7a0f47c3cb03a59defae6f18fd29531eae8e85007ad4061fe616ea9e8625ef6dfcb3d6452a315f2a572436c521f08a2d12e75099df3e3a9a9902efae55ed

/data/data/com.wawagame.app.pixeldraw/app_crashrecord/1004

MD5 a6a207fdf0978f6616594ba86d791b0f
SHA1 d073041c4bef6dc2e5d59305d3a07bb3f6dab24c
SHA256 daa11652cc88e3d3db548f7ef8a47344e4bac1d5ede4fdb34307dedff5503713
SHA512 8d408ef600d833bd21ad6767b084fc73f7ffc2c309aa03d25299afa357f4d889940267a0a77025eb29365b8b10162377a7930b7c36710162483bef5fa49edd43

/data/data/com.wawagame.app.pixeldraw/databases/bugly_db_-wal

MD5 353fbe7bda6e94f2eb6738050c333892
SHA1 d51837b023e3e0af36b0938ffb961aa5e75e8cb3
SHA256 0695c1ed78a5afc7552909584527b4ba97c4e1a2568897fd0961170e04922e7f
SHA512 b2c304d3a3fc60913932158f1e377287f77903436454501fc1c13b787bf2987eb22e709d50f9fd7dd9a77d8a24dae3aea36c548396254d3b81e04cb9554bcd6a

/data/data/com.wawagame.app.pixeldraw/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 09:49

Reported

2024-06-03 09:52

Platform

android-x64-20240514-en

Max time kernel

106s

Max time network

183s

Command Line

com.wawagame.app.pixeldraw

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.wawagame.app.pixeldraw/mix.dex N/A N/A
N/A /data/data/com.wawagame.app.pixeldraw/mix.dex N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.wawagame.app.pixeldraw

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp

Files

/data/data/com.wawagame.app.pixeldraw/databases/bugly_db_legu-journal

MD5 240b5860434cdae4a708cd2987c5c8f4
SHA1 e7265574c859ed0d5f241963ad897cf36dc56339
SHA256 755d4ec869f626a0bbfe1c264abf09d343b9d1841b1371458d9cd241f4e46c11
SHA512 52ff2b3c11b7fd3f9382ccb33a769ab3b1bb05c332ed8bc5b2df82253b162a39b315265f81e98c2e05c2d832321fd72df313bc6c49141c8914fd04a0842b2be4

/data/data/com.wawagame.app.pixeldraw/databases/bugly_db_legu

MD5 0490cafbd54f79ee7fd1238998d47b6e
SHA1 547a8d14b68577af24de3d3503c5a5a6eb0fb0b2
SHA256 56c591ca8061c4fec4d8ffb79843affb430bd58cd25410b7b76f9936d959b4c3
SHA512 c34435a2e8dd5e0a278af5e9d48fcc168f44689a3e4a78cf69993c0ab6b4f865a2603aa02156121b27ffbb29c1ed1532e5e48c08a0d977bbcd0faecb2df63e9b

/data/data/com.wawagame.app.pixeldraw/databases/bugly_db_legu-journal

MD5 9f239327affb656a8d2d1e697ffcece3
SHA1 f22a571e0ca65b709c25b0eca7614b563d0c907c
SHA256 14146bdb0483b3adf23507b0a19e2cc68be8ac3ec80f6280cab3d40670e9027b
SHA512 f1be141e042480628967fccfa5f46f29c4650f7ac81a87d4c1c010f45113bcb17a417cc8152c444e1e45133ae3b950dc96d712d3eff68e026d87ec2e189d9ed4

/data/data/com.wawagame.app.pixeldraw/databases/bugly_db_legu-journal

MD5 2b0f0e327d51215b7b2884a49be5433d
SHA1 648cc80ce0769ec512ccf63e7a218c133036ee55
SHA256 9f6fe9ef572c4f1eac657fb7be51dfda462eaac21d658c0b9b7856b0927c2285
SHA512 3795ec38d69e52ed32238738d91171982e47a00ee241c73ca0c43b839cb61cbd8e59d4a26a4a416d8dcbe465675422c609bedef6130f5f618074c8281d505dfb

/data/data/com.wawagame.app.pixeldraw/databases/bugly_db_legu-journal

MD5 d6eadeec793cf228de23ce16b01f787d
SHA1 1d42d994ea0df2596b6ef8f3caf5cdcd9dfe4274
SHA256 16ae75790c0f94f94979eeedcc4b44cb4d7140ca3f3a557c07f5cd89f2ca2dfd
SHA512 7456a0e2ca68f94c6217b3de93de03a92855bd7f9737ed30762cb3547095395d8c5cf93e0a9dc75a9658c76b46e37219b296c8719b8a886e294cf457ea6126e9

/data/data/com.wawagame.app.pixeldraw/databases/bugly_db_legu-journal

MD5 11f133dcfb338e3f2c2ec4007a6ececa
SHA1 8cb71e54a25b121d2d0394a254feca3ffd8b91a9
SHA256 3f8434d525dd3f30c870cb34f7fd5c14d8e920ad7fb99144391a8e0e6f8067de
SHA512 38b621fb0ddb736cabda3b99e3ce546b7c3f7a366599a0f2fe7f62f8a4b8b1eefb53db2798d3329e0df3770df93e9a8c1e18d8fdac32d4f033afe886312de701

/data/data/com.wawagame.app.pixeldraw/databases/bugly_db_legu-journal

MD5 c8963fbd3d1717cdf32e57266fd8dda3
SHA1 fd74b7246e97ed6806d9b25541034e0e53e409df
SHA256 77407ac1f6a9041454daf35264207ea4b18abe741cec91951f2d7517fd756772
SHA512 14e7f9a472422a7aaae843f97e295685f0f14c2970e168f69f16c00af91ced33f29bce8776ca00b8b00f0585f061b561ddf3e7245efc17828530cc8d50ebbd48

/data/data/com.wawagame.app.pixeldraw/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/data/data/com.wawagame.app.pixeldraw/app_bugly/rqd_record.eup

MD5 5ec758aba3fc538354888e38ac5ed313
SHA1 d35b6573d25b6e282a680a4ffe9ccfceebec74a4
SHA256 12eb72ff09eef9137e67ce8f0588607a28976e0e082b80125f7ff572405a582e
SHA512 13e094ecf0cad0cec897853bd3fad125b5ab07db68652cad4affb1b03da9d50a19815b268361a45543205cd54774148691a3433abb075a48ef0c846dae73ccec

/data/data/com.wawagame.app.pixeldraw/app_bugly/tomb_1717408179126.txt

MD5 f3f1194b4cbd990e5ea5411dec47614d
SHA1 ce7de91ee7c5286b73dacc1f029ea56f84ef0d84
SHA256 32b87d3c71628493e71961790963d19c3fb3559a160ae576a919b28bcb3f8116
SHA512 5df456f4a04d96b4ab57a808b0987a9cfdb7443797d0659cd783ae34785753c4ab9ae61daaac5f4e750ba5b4215391794eebc895fd49748ac64baccebe90fefb

/data/data/com.wawagame.app.pixeldraw/app_bugly/rqd_record.eup

MD5 e05dc2cd0584c21c0bde55830082ed49
SHA1 fa98884a6c376c2330fca71d3e32d9965be9d2a8
SHA256 75c33cc05860fb23860df52f10d1aaae3ba9dbcc9fa3816287f7e1ae38f708c0
SHA512 fdc388e40a9ff803bd443e2eca043b8bbdef3934edbed3ee49ac8f40315d8655e1931fc4516472ce152ade79801b672e79de74e951352ec58320868fd21d875e

/data/data/com.wawagame.app.pixeldraw/app_bugly/reg_record.txt

MD5 0292555a99d504e651997fc04dae6d78
SHA1 39a17f73a25e44ebe236dcbb0a7bf181d1b85359
SHA256 e855b9b00fd4b2e8e138b537c02476adb0ff9bdf8be20a6d3e4482cdd0a74bb3
SHA512 1cc555efb98198066be286358fc3e814ddf2d515b64ddf9993ad8272b6a490840909d54210a52bd96f0c5ada6115974adc86630c9728a09001199f5759302c00

/data/data/com.wawagame.app.pixeldraw/app_bugly/map_record.txt

MD5 6010c038b5762c35eb1b6aa08c9941e2
SHA1 a257bd317094f4cd667a9d7ee402fb9a3cca38fb
SHA256 a3d04000a13b5f46f9e34f13f2ef58dd68980bdd0b9b9af78794defb8749051f
SHA512 a6a5b7d0b29a942a659ae387949c3b0225a4b55b5832723839a3e6e1c147326cb8fd1cbebf291377fe27c8ec463d99cc35326b71fc1840c2021a7d66f1bf3e7a

/data/data/com.wawagame.app.pixeldraw/app_bugly/rqd_record.eup

MD5 06961a1b6a069d791c748e357af083e0
SHA1 1a652ae12db7528dc811420d3f590ab5e953c430
SHA256 4a227416c9c349216c1d173f9e2c44877dcc017332257dca17352be5386579e1
SHA512 e8fa6afff776580ac41fb5c7086468ef23e7f7b3bddaa85680c0242602afc984c63a3ef2ba52c2a384388044b86585d15c54792597730b091ea4a320f220428a

/data/data/com.wawagame.app.pixeldraw/app_bugly/sys_log_1717408178619243.txt

MD5 f229948ed78d864d5ed1916e55edcbad
SHA1 a4a8f1402f5c02e4829fea26222c7d7e3cc546ed
SHA256 22ed21f3aadc99b95686d403397807987ecaf6f2a133ec1b5eb9319dcf4d78db
SHA512 207c568173af54c501feaf01cb3ba85f3a05f582e564fee9701d6914f00c20e25996910d835651ae99a5b71fa725463a0787db4b16537f1e71790eb3e9faaf76

/data/data/com.wawagame.app.pixeldraw/app_bugly/rqd_record.eup

MD5 51a4e1d6d8bb3d89aa899bd1625428e1
SHA1 349cdba7fa7259958d28e1005ef1fdcf64118742
SHA256 845f218293548746a562f591f3aba94e72f483822c90d7aea3a7365bf8fad861
SHA512 7b428a2ec18f820f5a3ffa0b24b0c4a9aaca67b96a4a952f936c807c953b3b4b9279d739d1b132e462d37123f15716f8f31f260ebf401bbdc2e3e016f6cdf4c7