baa630bc3288cb1146c12af9e6016831f73570017ca6fe586810f22ae972f8c6

Analysis

max time kernel
174s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13-06-2024 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7290f583b7ad5a960f1da6e5d02796d_JaffaCakes118.apk
Size

5.4MB
MD5

a7290f583b7ad5a960f1da6e5d02796d
SHA1

f2b3a1d61e508f480319b8f6df555cbac2dd242a
SHA256

baa630bc3288cb1146c12af9e6016831f73570017ca6fe586810f22ae972f8c6
SHA512

d4f39b2a24914c77fbc1fcc86dc68f1ca400f58fc918bc033d4cd37ee394392c439e315a0d0f56525cf45c33b42a69f9b03998128b03f22df20408465938e009
SSDEEP

98304:qhytlO9Yi9iUTzVfGDqpGfrvyk3jpcbTtJ+iFge13g0m7BW:qhyzO9Yi4UTzVfGOpor6kVO+iFge13gs

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.shwoww.bbfafa.jfrhy

ioc process

/system/app/Superuser.apk com.shwoww.bbfafa.jfrhy
/system/xbin/su com.shwoww.bbfafa.jfrhy

ioc	process
/system/app/Superuser.apk	com.shwoww.bbfafa.jfrhy
/system/xbin/su	com.shwoww.bbfafa.jfrhy

Loads dropped Dex/Jar 1 TTPs 8 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.shwoww.bbfafa.jfrhy/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shwoww.bbfafa.jfrhy/files/adbase.jar --output-vdex-fd=52 --oat-fd=53 --oat-location=/data/user/0/com.shwoww.bbfafa.jfrhy/files/oat/x86/adbase.odex --compiler-filter=quicken --class-loader-context=&/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shwoww.bbfafa.jfrhy/files/extend.jar --output-vdex-fd=52 --oat-fd=49 --oat-location=/data/user/0/com.shwoww.bbfafa.jfrhy/files/oat/x86/extend.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/classes.dex	4289	com.shwoww.bbfafa.jfrhy
/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/tmp.dex	4289	com.shwoww.bbfafa.jfrhy
/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/tmp.dex	4335	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/tmp.dex	4289	com.shwoww.bbfafa.jfrhy
/data/user/0/com.shwoww.bbfafa.jfrhy/files/adbase.jar	4386	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shwoww.bbfafa.jfrhy/files/adbase.jar --output-vdex-fd=52 --oat-fd=53 --oat-location=/data/user/0/com.shwoww.bbfafa.jfrhy/files/oat/x86/adbase.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.shwoww.bbfafa.jfrhy/files/adbase.jar	4289	com.shwoww.bbfafa.jfrhy
/data/user/0/com.shwoww.bbfafa.jfrhy/files/extend.jar	4417	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shwoww.bbfafa.jfrhy/files/extend.jar --output-vdex-fd=52 --oat-fd=49 --oat-location=/data/user/0/com.shwoww.bbfafa.jfrhy/files/oat/x86/extend.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.shwoww.bbfafa.jfrhy/files/extend.jar	4289	com.shwoww.bbfafa.jfrhy

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.shwoww.bbfafa.jfrhy

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.shwoww.bbfafa.jfrhy
Acquires the wake lock 1 IoCs

Processes:

com.shwoww.bbfafa.jfrhy

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.shwoww.bbfafa.jfrhy
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.shwoww.bbfafa.jfrhy

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.shwoww.bbfafa.jfrhy
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.shwoww.bbfafa.jfrhy

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.shwoww.bbfafa.jfrhy
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.shwoww.bbfafa.jfrhy

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.shwoww.bbfafa.jfrhy
Checks the presence of a debugger
evasion
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.shwoww.bbfafa.jfrhy

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.shwoww.bbfafa.jfrhy
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.shwoww.bbfafa.jfrhy

description ioc process

File opened for read /proc/cpuinfo com.shwoww.bbfafa.jfrhy
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.shwoww.bbfafa.jfrhy

description ioc process

File opened for read /proc/meminfo com.shwoww.bbfafa.jfrhy

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.shwoww.bbfafa.jfrhy

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.shwoww.bbfafa.jfrhy

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.shwoww.bbfafa.jfrhy

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.shwoww.bbfafa.jfrhy

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.shwoww.bbfafa.jfrhy

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.shwoww.bbfafa.jfrhy

description	ioc	process
File opened for read	/proc/cpuinfo	com.shwoww.bbfafa.jfrhy

description	ioc	process
File opened for read	/proc/meminfo	com.shwoww.bbfafa.jfrhy

com.shwoww.bbfafa.jfrhy
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4289

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4335

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shwoww.bbfafa.jfrhy/files/adbase.jar --output-vdex-fd=52 --oat-fd=53 --oat-location=/data/user/0/com.shwoww.bbfafa.jfrhy/files/oat/x86/adbase.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4386

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shwoww.bbfafa.jfrhy/files/extend.jar --output-vdex-fd=52 --oat-fd=49 --oat-location=/data/user/0/com.shwoww.bbfafa.jfrhy/files/oat/x86/extend.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4417

cat /sys/class/net/wlan0/address
2⤵
PID:4444

sh -c ps -ef
2⤵
PID:4643

ps -ef
2⤵
PID:4643

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/classes.dex
Filesize
5.1MB

MD5
bcdd44c847ba168f2747a9ead140e39b

SHA1
113fd4f2e39b3879fcfc75d81e8c54df4170adf8

SHA256
53fca30b75e5c62b31aa8e4589f28e66e5b774c4fe321c11cc591b81851decd6

SHA512
117b15f59e75405f6371dc8dec1f33e7b3231452bfe6734b798e0e105d38d645aec57b982953b65e26dab069d890916758533f63f561ed9e08f1d55ccb02eb7c

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/libjiagu.so
Filesize
477KB

MD5
39d77dcad8e2a44dd7226f442b3a6c92

SHA1
6560fa96c6b5a038abaeee5f139a16e46088d9d7

SHA256
99cba035cae818dbdef989e70e738463798528b8ca52dbf38d2b8a72152680c0

SHA512
7ddfc6c05839160813e58e8f8c50d2dcda7e7b5e7f1d27cffb802ee91de4bb664bc5c257137d39152ed6e8cad0d3c1b067bf8aeb7e53f884893887b54480a5e5

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db
Filesize
16KB

MD5
06f10275717990e883dff70311099d28

SHA1
506631c161f171452d0259ec2e2427a1af6cf164

SHA256
fb1fd029e73c65d19020280deb8f607499d19615dd399236ea414bc36ff9cf59

SHA512
7f467ad782d5e0497ead5fd4b6b23dcb83d7325bea8bdf14d02a8d101ab45d6732fdf884b360dc0ffe94f06f50458a98c4e8e66e6f13bb96aea893eef5e0c94f

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db
Filesize
16KB

MD5
b72611400d8fe0817cde9e4bf3494b1d

SHA1
37257bad74ea1f4e0d911b1ed53c1bc0c9c807c2

SHA256
c3c3148929ccf9465d25a5c05372b76abf76eb3fe04260eaef9da9fe9ee9a030

SHA512
9bad0d1746d3b1665ceee9ab8db5b600f2d40beafaf11535ecfe51670efe1b698d28bc37b4172e4111046848c5bad0bc3bca139580500de4939b710b11c9090d

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db
Filesize
16KB

MD5
2b6f6c5301b0161a5a191ff766df073d

SHA1
99317d790310d1a129b248570942e50d16d78be8

SHA256
8f369196baac366bf0a2da0a8477dd1b4983906b2ea8f3c4cebc1851c79f32e0

SHA512
a0930546ef22db60be2078b7b87ddc034c05b707e5452e18b10484420167ba582d41505ff80e5d2e323e2efbaf59d165d222fd463a358803a13b368f3b803fb7

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db
Filesize
16KB

MD5
344dea8796a9964695ccb09ee67d68b9

SHA1
8747a3902a323d95d53670d772e6c85e628b5da8

SHA256
5dd530a776c4f69d56a8d714929d51b99d6e869370aa4e102903498771571f48

SHA512
c75410cbf5961fb7871f7a46a07277c07a1941b518df18b6548eb3d9d5198b3565e631c6eb071d42969802a011130a0507a52cb86d32dd296b7791fa2ba3fe74

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db
Filesize
16KB

MD5
c1c01034dc1b9bb5fafcdf6653fde4b8

SHA1
3d66318ffed342b1068a6c861dc1dd17214a8c8d

SHA256
44cd4445c6c6ad767fca94a1b7c2e240f1f64557c7486da4de6098ed098b97ed

SHA512
783355362a588da2f7b5c78d95a394f7cb082bfa81995d063f15d7d06f5c46f1608e64c00b96f1fff2b7e6302e07a2817c2fbf260fc582f120dd241180434198

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db
Filesize
16KB

MD5
3dd6a452d2db2a90730e9bffb1046cb7

SHA1
e8d3d3fcaf4cf66c1ea64510462106eb44b576b0

SHA256
060b72c18f85df54805263b53a339d910371ebede89d3309d32fafdf53b8bdf0

SHA512
cb2e37d5e214b3fe38a957cf9ccfd6b0ac1d7ac0cdda34754ce88ef680b91a038160b42fc01e514d1f38f8ee3c7248337d7ac678ddd1b7944e3cb817c6944c4e

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
ab7ec7de6c8b7f948d622f5d34a20753

SHA1
3a4714093c7f2945658cb4914f35b96f2593a39d

SHA256
06de2c273ef43c77a4b40e394adba42d96e181f0c2b91101720eee55744bd055

SHA512
477d4b8c04cead517d0b11956103e01c5b1a1224eb7a117018db71457c7eb3bab07a84e80573a0858629c6a0d48229d8a7bb033aa93d088e4a045ee555f9577d

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-wal
Filesize
36KB

MD5
b88b392deed933635be36ddd272ba3ef

SHA1
a62a0c312349e3e6765ee6ab1ffe6e55d5a5b204

SHA256
8b17a950439e849d6a7a044a94f3c4893d02e304923b5a9c27f3c8faf3b0c5b1

SHA512
643d5243d13671ef59d33b8ebb9b9512a3703600614e38bd238f87cb522f759403299a168048466d11486cf8214591275e203d297eb66bcd13fa7ead987b3511

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
d375ce098886070f3ed5b98d378dfba5

SHA1
e2889bc0e69c68426085832ded5bd07759403bb9

SHA256
cb2130eb58da48ae3460f0880b431b067e18c3f70b79aa01c425e2e766276789

SHA512
2229f3b2a3cf811ab76b21e73a0621f918001b3b7244e8ead0775556f9dfeaebb8621ac902f62b4918f6f951eaf88c8c67233701e0225c6f9ba93c2bd0d71fa9

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
fdec0c20d19f97eb1e3f210029d1964a

SHA1
a43e982b345d111990f935eb6f204e9267859302

SHA256
503bc9b3cf9a7dd57ea16b2a1092e1a46ec035e8b4f11ac3df0cb9a5a64e6d79

SHA512
6babc0f508d6d23258264b42559547ccc99527de8d107be352a4c7d7a96d8cbc5791143a42f0b0e3026183b4a16efb065368d609e2fbd6ce0d8501f786cc916e

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
a07f3272a3a814bd9d86187f17484146

SHA1
632c5e81821437ae57401fd5fb9dd53990d6b423

SHA256
a7f0c35ed0707ae95d0b023b6eebcc70987a76b461db578c52701990967b1f6a

SHA512
01ae3fbcfe30316bdf301b19ca4751e2ad680f4a76b20934ba136bb9bd6e6a3b96a7096906834f7e412e774e589478a9425f98338d496960763b08cd71c34c98

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
11c31d84bacf64b82bc74fe0770d7ea4

SHA1
86f52cfe1e0d808961e4df3d0bf446a7e75c9d92

SHA256
b2cdaf5cf06f6ae92f5b587cd20bd26d5bc522a77e611f8a80618985a143324c

SHA512
fc8dc717b25d2242dd8855d78d86e54af7026c21803953cac2f90f4d6438e0285095da59d073bb6eb7fdc56cb3a880512e09732010833b7358b684d279043577

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
e62765d3284842f1826adf7b65dbaa6f

SHA1
cfc4f3461f561dedb76fd5d37efb85a401f5d3b4

SHA256
e9af242964fc64e97a81ced51c5580ffe5909af419dd1a68709a2e4e28f5f894

SHA512
7f1d3a30523001a97c0577701d24dfad3381369e26cbc7519f3bfce8d9dfadf0318c2e031b6841ab9d299c45fbe0d6c139509ac4076514a886455611aa33a8db

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/ping
Filesize
20KB

MD5
e90ea921239d1fd7fb91691e5353d86d

SHA1
76699b26b98db472021dc490dc55883c2c7293e4

SHA256
a469c40779227c6056e29c0a80faaca576d0a5574b75db49714abdab9aa8cead

SHA512
246c09beb1feb1c2814d666415c01613d7c5040d4ab64ef2a8824ff5a23d1ae747d591c68480b2ef3569a3068d9bbf2599891f710e0850610a73713944f27c52

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/ping-journal
Filesize
512B

MD5
47cd7784a6cb5a1924878c6b8291aae4

SHA1
183a2566d81408502ec4463da46ec8ffb67ff711

SHA256
10ff97541cc1820073e2192f1b3d68d5c002e6581f0a85a4d90e5816a0fa7a56

SHA512
db09e0da5578eb2162e65d3dca854eff2b6c2b1d02de230fae69d4ddb1da26dae259cf4f3eec7a880196f76f7b83aaee4edb56ca110c63c957f2a8bfa13b62bc

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/databases/ping-wal
Filesize
32KB

MD5
939b6731a4be11f3d0d1ee434dfa21c8

SHA1
feeca83f41879d070ad734eabeba9ceae8777cb2

SHA256
4d2d4574660a1dd9830759c0f441d521680d35f0d0bb1e4d7c06d97716befcec

SHA512
90cb5a4e149d876ed70a1c51d66dafde97e180f13b69fb07186c5cd3b290b1f9b1aa31ce9bfc02c253e31631c87a693db88e4ea62f3c6de1ae3778794a72f7ac

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4BeginSession.cls_temp
Filesize
77B

MD5
cc3fe04df8515d0f74d1c26a1191aa56

SHA1
d61e45b003f03e7928005806b755364959926f17

SHA256
5dede0148ee2a3a10be9fa787071a554700401c07df8e6911df069bcd16a3560

SHA512
c186b628e38f589fd46432ece55ceac72d9a4a54d611306df9333207711e1d0553f9e87e7c0a56dd784d2b0f2a35a329ec587ed57fa781ed8aaf58c76a187037

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4BeginSession.json
Filesize
132B

MD5
87d3046ef92302ce18bb354b25671459

SHA1
205551e7a17403b43e380d9fb104376c0711f9f9

SHA256
9aa3f09d35fe6b4277adf8d4688a936b0cf567c968a3f2d5661e88b4543a8ef2

SHA512
b595ae39dd411e50921cf759963732e4ad2be6e600faabed516a9f6c4dfe96a92968e858909e623f284029a5f480f49a44bd36e6852615b6823085679253f821

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4SessionApp.cls_temp
Filesize
118B

MD5
e1a48c2d08fc17ff61ab5a69d3a20375

SHA1
5cc733364da25b8effcef9cc2df5a2f6220c851d

SHA256
4bd98ad31b368ae4d9bccdb28fe7ee4b680ba9c9cce7eccdd636a9a4c40b6035

SHA512
d2db15b9629a98f9c25d83d945a2bb5f1fd2db79c648db52119d39149fbecaefa68029a122614724ab5ccb78102626bd30b97107ce4453a3a7bac3d8d3d00513

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4SessionApp.json
Filesize
232B

MD5
c1c55458c53dea99a86250474b40d0ca

SHA1
e1524f70e105b68bb1392fc085d1aa1e01a4eb96

SHA256
8a0d85550f897f4251f2a50a279c893d2462139fde7ce24dcd6ea9d98e5761de

SHA512
946ba17164d79cb22ef47a0a43d11aa7568021b424a86f6529ad4a1d8b39f373b0df7260ee8f89db4a74f2aad60b86a5826c0b904f91165998a65b6b38d56433

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4SessionDevice.cls_temp
Filesize
48B

MD5
cf9cb0612d588a1f71b63084cea67316

SHA1
3d035bb92fd3f8997160cf8025c40239af74d3ca

SHA256
0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

SHA512
70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4SessionDevice.json
Filesize
202B

MD5
75db92d50c80a89e068550028c62acec

SHA1
d78ea55f5dc682e4da456d26383249f608fe894f

SHA256
1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2

SHA512
dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4SessionOS.cls_temp
Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4SessionOS.json
Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
404B

MD5
c9dec07de93c03471e2b74abbec27b08

SHA1
08552be1a8ac359fb8a6e25dce523b75c61e862e

SHA256
a534242deab3aa5ac04051ebb8496778b7c2e554b20402e1f2712e8fc2117219

SHA512
b1efc80b3fcc8bed6f3e563f06f5659c399acda72f62caff6fccf87165f3bd5fe1bc4853d497372192f55b944b7bb50e206bbea2a03a3558c59df6d7a1413e1f

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
2KB

MD5
60f9d7c6db2929cff82047137a5de622

SHA1
9bd840ce89d02d6d1edf4fd4bd891f2e0cce28cb

SHA256
ab5ca0326db2f133f146ae7b1b94269543a6262f19d2c350fd4aec578d85feeb

SHA512
e8f92e3cb8b8aa9d1b48b35e74a7d48e55ce242bd96f0cd12957df017a17c669e4acbcd2390dd835bff549e2be396af3c09d12057a9563fb3c9c3e1ab0e76938

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_55b01f75-28f0-4aac-96a0-5d9e5ca3a09d_1718322341701.tap
Filesize
323B

MD5
903861ec5c7422b8c2a2b60365c7053a

SHA1
d1358d2f4f2ec74d21be0dda5e6a6e1d60e9afbf

SHA256
0642163596b650032d7cacbf8bd6a9d2895d59358b8f5e866b1cd2ea6966ab24

SHA512
64ca7be52cd80e8405f328dab17498ca1bd84cb614399f4ed32ce5a9a1cac6dc9f3d82eab8c6e13a643cf80d3fc9d3af0d85f1262c558871b13e5db09be2177d

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.ac
Filesize
32B

MD5
b01414b47699730ffb5abf86ef35eff5

SHA1
73a0052e85b12067573185f075bbd75124cb4b6b

SHA256
c29cfc7b25242ba99e89a199da08867c5939074d7293ac72d80b4fe09abf7967

SHA512
a5ed17b0742aa8914b6d54848f7c31932de412b83bcac27b77a55c4df2f04cae989d20a9c2e0ad704ede7aa08ca3c0c88dfad265a8ba6377e16612b50ecb26bd

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.ic
Filesize
32B

MD5
f8696bfb07b145d38a38fff40137931c

SHA1
57855640a03549677be4267aba78d80d7f59d4cf

SHA256
e0532449c8fc8c93405be3af62fc395ae341cf85a0c29ee41a679300cbb01c63

SHA512
e9f3af1ee81048f765dbdbebde63c42a3973cca6eb633ae42fa21ddbea2cec7b68bb6cbc65d646c7f8bcdc4a07ef6de4412a8c20c356b5967cfcedf0d75ded3c

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.pk
Filesize
32B

MD5
aefb2a5ecc52884b5d4ddfcf39d1bbc6

SHA1
f4bc3d5706bcbca3e7bd6612ea99784f6049d02f

SHA256
69815765d1664ac5eee9e914e5f6b148f3a7d82d0ecc1d62688dae14c662a3bd

SHA512
6f94147623efac472886b1d7bc0e0bb3547b85f5e3d09174572bb87d2803c7951914a5a77c77d8923c042bd888e8886286f6956dd07842715619525157c48045

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.pk.h
Filesize
64B

MD5
d8165d04eb5f3a7ef9c8d3ff2a8a1aa3

SHA1
d28b4d95991a55249b1c30c45b64aa9b82782c93

SHA256
be0377cadffa2baff0a1c086bb5b0e94200e0da8c074ded17426544ac91c82de

SHA512
61e3642a36b7908b8a61db7181dd3c6773cd6a10f0ceda460e905322b01805c4b4054d569924ca585ee74ad184ddc4b31a17fe3f2a4d7dc36991ce47f6be9eb1

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.rd
Filesize
73B

MD5
54582129785746b4b7e6f305d65ea79f

SHA1
00cfe5b7d2779c63b84089f88691df95a13791db

SHA256
1520f75a2222a38cea61cc036c3d9331a1b6cb2c66b53092e6396423a09b2d08

SHA512
dc3ae51aca643c97d27179e1b12edf1c4b04e1941f07bb3d5fd63131a61fa771b1d88ec685790cdd6a2b915bc35a7d9ded985a718df2f9c8e3d2141716a173aa

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.ri
Filesize
307B

MD5
0e9d4ac4f0fe1c027d36360824b6ea79

SHA1
019b176eda64bcb83fdaa23cabbc3453fe5a8ca0

SHA256
54c4bce09a3ae7364896a6b9f353676f5e1460cb619595c6122a5186cd0de0e5

SHA512
0661f354c2167dd29b77acd30fdffd95aadf73c1a7bbf6dd0043695f66aecc7a50e0f0c6fbebeb0348b180d39914997ce8a741c1f7adc6c3b675797b119a76aa

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.ri
Filesize
314B

MD5
3df301511d5a392ff009d9e5d07367d8

SHA1
71bc129539ef7173c03a3d3f5e5e6736dd5499c6

SHA256
aed137b08ab55d1442c3222dc430042dbcba8e0973f86eb506102a06c129f98c

SHA512
5c4bdbdec45ad586fee27b3f493f3641c37cf623e8bf334d5f3f34125f204dcfc83521220ce8b8a1748614da5a4af2297d71d0282717d7bfab8489b3dcee6548

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.store.report_pid
Filesize
32B

MD5
7d76b30a84de28f0005276b14ee03b5b

SHA1
fc8ce63f0d148ab6ad21ab8bb476508c28659dfe

SHA256
2c0db45f47a02de750185cd6a2d0d8bb8b7100d101c2ff412574dc9972b806bd

SHA512
9390a51dd0efe40a563d95708686997385b3d80b5d7f338464ca243b4abaa284681ce10708401d28be00821a5aaa235777e37fe1ba4977cdfddac3315aec859d

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.store.report_pid
Filesize
54B

MD5
ae4e896c06b21d60efa4b24c1a1ae490

SHA1
060a045f6ba7867e618f10f901aa256e6ba437b9

SHA256
7a93123831bbded0e25fbf42aae2a1e1985dbe0265a310f324477c5533e452c4

SHA512
1b8cdf82950e35f9a7abe74b51441dfcfe7dfbc28932b15f31ed9b1b98bbe8031853171df94be3dd95bd5b29d87aa479c88cd6cf7526ea615a1e19d8ee846147

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/.jiagu.lock
Filesize
27B

MD5
a08f037e7be709c12f79f6dded371ea8

SHA1
67c25caf4466312e7558ce93aaebc12a93e9ce0d

SHA256
52876dec71aac2aaced15c467975e0f04e1f05f8dd6ea14115b6a0016b2532c1

SHA512
a0c10ad43ed3a51e6355d5b5f6b24c518f1fe25cbc5fbf3c854a22d15d9c894c34b7a77bf22d601ab28ae01b989ca84c608705f3b6ebcdd8dad5774ac1cb43d3

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/adbase.jar
Filesize
173KB

MD5
45c127db9213dcaf96041bf38d80a6b0

SHA1
e29c8b16c59b44b607afa30233d1bf0ded093094

SHA256
eb5b3fe15eeca58667063a0b394f48533a389d5e2ca2b617b2b24e8f2e186ed9

SHA512
c400ddb0dcb4656b5089f145e358f0f9eccdd8815a232f9a98862d28785ea36b3c9e9d689edaf99f55ea68e1772f43d53f2d56116bfe37c94a7944c59dc0bfdf

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/extend.jar
Filesize
28KB

MD5
9644c5091c7e2511eaf2bf3047249592

SHA1
03bea0baf91d9bb62945a7dfeafe0ebd87679f72

SHA256
b41cbffbf88b4e4b515b5dfed5b728525766c874bc8ccc5c8cdea9c02bda18a3

SHA512
c2854e6ab3c9ab0cd19c783a9710e13714d79638824f9d23622292920cb244aed97ff4f78a241c6001d30f721f13989ab60458a805daad39d063fe303b2db211

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/files/oat/adbase.jar.cur.prof
Filesize
254B

MD5
dcde68e978a1190c29061fa74b8da0ef

SHA1
9ca669e014046a88bc7d558c12b89583bbb5d08d

SHA256
e6e43e14046d12aaf60fba18ec2a8ecb68090d3d47d9dac579bfb0c9a4f85988

SHA512
3256ce77a5253c51a0a9138ff79d88466e6e6e6b0fd44feb23d42fbd801545b8ed0a22096f406604758d7b7e209d32848ae7048ef431d610e0c9e53bc247dec3

Download Submit
/data/data/com.shwoww.bbfafa.jfrhy/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
cf8c6f60549383085ece6357cbaa65fe

SHA1
37d9b99bb3ecb974ae3b9476351496c5b511aea6

SHA256
2f324e106c0c6b77727f9fef150c0bba17b5302ba737624d1e4ff4386474fc99

SHA512
eb039c2f5c50b453a02b383a55d25898f2deabfae8e9a84c0b86f648027300fb968fb8b1ab7710d26acbdbf4f1243e0864c6b2ffa3ec429b26d23ff854cb3172

Download Submit
/data/user/0/com.shwoww.bbfafa.jfrhy/files/adbase.jar
Filesize
301KB

MD5
92b77a588b462e87a58f047015b797c9

SHA1
d2777df831ad17550c859821debeffe57f48e51f

SHA256
711448d00c5f7b1b02a112cc1d77b84bea68b748e523ad56d94e80ea74617db5

SHA512
9268d95bed9b6170fab091c2218f86f7869d40a3f708b310aa715d3a711f7c0d837ae8ccd29d6553b4f1ce169187db2d8d7edffc733b06d23c46ffb818910fa5

Download Submit
/data/user/0/com.shwoww.bbfafa.jfrhy/files/adbase.jar
Filesize
301KB

MD5
075950b678202c0d8ee259a23a94ae9f

SHA1
36e519f85b99f8d2221a9b325e630d1dd5477600

SHA256
e5c0a990fb7c5e1f3078b6f5101b76bd78583ac4e2a11b19554485d1a934a625

SHA512
51c99cbe76b385ab832b5a9a9aca46bb3bc07e7f59c135ca46ce0faccfb39f737f5c6c1ef8f1d85b6e414536ddf1503c60ebf787cf8c0ac6144d251e01ae8ff8

Download Submit
/data/user/0/com.shwoww.bbfafa.jfrhy/files/extend.jar
Filesize
64KB

MD5
900045dc76a74473c1d327a38966ee3b

SHA1
e21937a611e719475594697b167baade598a7b7b

SHA256
fae11ef94615eba191373311fa2f6f8dacadd10cb01929847d31783648a4e78b

SHA512
c0976f25ff21ace30417ddb9e9d48ddde1ed10e3cb616e5c5be048b0944c62a17026a20e04c57aa02280da2f1d4536b24d0fc317909dad05ea9702980a2718c8

Download Submit
/data/user/0/com.shwoww.bbfafa.jfrhy/files/extend.jar
Filesize
64KB

MD5
1a38ed7d3a7349ba068965a4b69b1ca3

SHA1
59e04ca83dfc3ef0c57379aa120e6536ea743ed1

SHA256
0cee48142b980f5d4d733cc5b87bcdd1f6c401d61882679fb2221afb388b3519

SHA512
5646ff17dea4bd7c14f2468c96345b3eb04a3d209791b895cfc3332e3391a0af6828249bb40403fa9a8b1243243c11267826b19a61d959e7bc5963d50f792993

Download Submit