Analysis Overview
SHA256
4a19bf75c68cc74ecaa34e8e5f7116f284d35911305a8055e9c0a832b568fa8c
Threat Level: Likely malicious
The file a49971dbee503e2c21da3f02679a9a5b_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about running processes on the device
Checks Android system properties for emulator presence.
Loads dropped Dex/Jar
Checks Qemu related system properties.
Queries information about the current Wi-Fi connection
Requests dangerous framework permissions
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Queries information about active data network
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks memory information
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:20
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:20
Reported
2024-06-13 08:24
Platform
android-x64-arm64-20240611.1-en
Max time kernel
7s
Max time network
133s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.poiuylkjh.vbfgrtdefgg/[email protected] | N/A | N/A |
| N/A | /data/user/0/com.poiuylkjh.vbfgrtdefgg/[email protected]!classes2.dex | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Processes
com.poiuylkjh.vbfgrtdefgg
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/user/0/com.poiuylkjh.vbfgrtdefgg/.jiagu/libjiagu.so
| MD5 | 0bb4d654e3ad9c4b9110d2c83a807d92 |
| SHA1 | 9c07bd8b32cee0ee13c5c2da65d44e52156f315c |
| SHA256 | 4011a80b1f410991e861724f7f04fa1cec52c7f83dde89001f3eca1d7783a51f |
| SHA512 | f830107afc85758ebe384e04cfa7bd082a1fec14f596f09cf7321ebe2c85dd7112ee56e985c08733be874905be3b9339885fdc788bcaaf453004240dd8e36d13 |
/data/user/0/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex
| MD5 | 316c62965ef8e5c39a34589da59031c1 |
| SHA1 | 795119baabff3ed8288ea0b9ca7369e6a9e73fb6 |
| SHA256 | d73fb18430a6f812dd4ac9aac99945296afe6ca532480b281203609a2d9985d7 |
| SHA512 | 4c1f9a70ea986a4c3eb64fbf18f67631f16ebf3cf99073b7a25f48c8bf10ecce85187fda59c5c17b8ffeb39ba0f61b78a0896187f1cde50aac6237232bd0f6b7 |
/data/user/0/com.poiuylkjh.vbfgrtdefgg/[email protected]
| MD5 | 2bb9a998aa693df6cc04440eeb737bbc |
| SHA1 | 9080735699e16340d3a4fec843a77769bdfacf9f |
| SHA256 | ee433d4202c61b50ba95cd38607af6b90b093b5dce12aa1a4e0c450c284b1cbc |
| SHA512 | 16ca304338dd82b6ca1b75e4fe54962e22668e2b24e5124dfe32b1a07d43f98baf415dd0280098e202d06e36ada813761b89e293e625c345638a8a8e4c29dfc4 |
/data/user/0/com.poiuylkjh.vbfgrtdefgg/[email protected]!classes2.dex
| MD5 | 317c3d4098ff65d239297c6a09db35f5 |
| SHA1 | b7f4094f51ef3e03b2043fc7322bfa73f6b238df |
| SHA256 | b920bdcdff7ef0883492fcaca634aa0ec79a67d9dc75012c6480d7560f7ddb87 |
| SHA512 | 5dfda89ab8e4f87e3cc728ed5fafebb7af8e181384d3a701e0d6cbbc33f4d43f8a3f69c031e80d2df179614103bb24c715c11166ecec7398e47f44bda9649c0c |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.ri
| MD5 | 5ea6a1cd83e282dbc84eb5e17bc66661 |
| SHA1 | 1fd6a76f1ab9c4839e88c28ab4e7f3c2a4c94a57 |
| SHA256 | 13671f120971adbf3a8e0561995b64cbfd3fc262114c9f3e00d3daf4d9c096f7 |
| SHA512 | ab40206d634ab7f51c88d827a8b3654ffdaef8ed62c5071c5ffb0a11e91d3d6904c91797f7fc75304fdd39254301d778cfd3d0dc5c338a4664855bff448ab820 |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jiagu.lock
| MD5 | 2a66996462c5b3d4bdbcb1778aa7776e |
| SHA1 | 0b2588017aec58a2ef5067ca6608309e4ea4b797 |
| SHA256 | 26de10d7a92b20a5f024c94e45c47653e08bdb9ab861033e8bde5dc7144df230 |
| SHA512 | 56222aa6afb92f8693e7670416695391d2b36ab047b8e1c6e6646907f9a0a8d53ea79356d1633c728cc32d6982fda3fa4c4886bc3842c4e7848c5e20783cff4c |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.ac
| MD5 | 2ee035412fd78fa6202652705df85fce |
| SHA1 | 4d30b90d7be58dea7bd92c876f6ddf30b1c247a5 |
| SHA256 | 78ed5c466d4854ff40c46bb768e5bac55460999ddb797f956b96991f7b4217c1 |
| SHA512 | 49686abefdd3080d3ad3cc1135dd820339b652aaf5ef94fc6321f463cfe94d72b0233ab74add5fb87d1887a59b01efbfe7838df9ac5d3b69b745c7048720568e |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.ic
| MD5 | 5357e876d2e46535797bc796ded52b31 |
| SHA1 | a02b8832c4f628c1e541a3f5bcc6aa7f289b7eab |
| SHA256 | f88d23f47648865b256dacfdb6ae30e0ad9cad204e3c740ffe346d003026af81 |
| SHA512 | bb548479ee5371e87e7058c39b118e0909201b79ce552e2627aac1f36d099e4befe364e6797e532bb110c35f76d43c95c25b8cc5747f9e4a5eeb5aa41d28e20e |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.di
| MD5 | 2507992a2393cbb367c3fd0aa43f9a69 |
| SHA1 | 9564e00ae55bddf06e89118a7264638cc4b32a2a |
| SHA256 | b96cfa3004f66f7a12da41b9c1a9581a7fbe5c526dd042aefa73a2141ee924d5 |
| SHA512 | a54fb17f7defab24cb6747e838a1377cb46fb0a0f2112bee319a5a6788132e182bb90acdba72c9f2391962e711f32e2a636bf438664469e32b3c077347a899de |
/storage/emulated/0/360/.iddata
| MD5 | a778c9e38096878a53a09d3c260847e4 |
| SHA1 | 0733c1b59c700b548a3ba0b2cc5184143e1756c4 |
| SHA256 | 035bc8eaeb64ae0716fe0d1e888b7df18fb87c8a48f08d35e3c73379cdc82dc5 |
| SHA512 | af02f7b5e0af55326cb820e442e4a3ee14308e8af5210adf5cf23c1200e1ff2b07ce8553dab369778beacde44fa161aa0fe033c7bb92e0ecbb1f9329600b3ab0 |
/storage/emulated/0/360/.deviceId
| MD5 | 4c4c5285293d5141f582aefa4e038669 |
| SHA1 | e01852a72e5a8e6f7d63a21426b515118196047b |
| SHA256 | 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731 |
| SHA512 | 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:20
Reported
2024-06-13 08:24
Platform
android-x86-arm-20240611.1-en
Max time kernel
179s
Max time network
156s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /data/local/bin/su | N/A | N/A |
| N/A | /data/local/xbin/su | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
| N/A | /data/local/su | N/A | N/A |
Checks Android system properties for emulator presence.
| Description | Indicator | Process | Target |
| Accessed system property | key: ro.serialno | N/A | N/A |
| Accessed system property | key: ro.bootloader | N/A | N/A |
| Accessed system property | key: ro.bootmode | N/A | N/A |
| Accessed system property | key: ro.hardware | N/A | N/A |
| Accessed system property | key: ro.product.device | N/A | N/A |
| Accessed system property | key: ro.product.model | N/A | N/A |
| Accessed system property | key: ro.product.name | N/A | N/A |
Checks Qemu related system properties.
| Description | Indicator | Process | Target |
| Accessed system property | key: ro.kernel.android.qemud | N/A | N/A |
| Accessed system property | key: ro.kernel.qemu.gles | N/A | N/A |
| Accessed system property | key: ro.kernel.qemu | N/A | N/A |
| Accessed system property | key: init.svc.qemud | N/A | N/A |
| Accessed system property | key: init.svc.qemu-props | N/A | N/A |
| Accessed system property | key: qemu.hw.mainkeys | N/A | N/A |
| Accessed system property | key: qemu.sf.fake_camera | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/user/0/com.poiuylkjh.vbfgrtdefgg/files/e.jar | N/A | N/A |
| N/A | /data/user/0/com.poiuylkjh.vbfgrtdefgg/app_eed2b8ff-ed77-4175-9eaf-445bd3498ebe/5b7a2e5d-9554-425d-9758-0db43990e8db.jar | N/A | N/A |
| N/A | /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/user/0/com.poiuylkjh.vbfgrtdefgg/files/e.jar | N/A | N/A |
| N/A | /data/user/0/com.poiuylkjh.vbfgrtdefgg/files/e.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | b.appjiagu.com | N/A | N/A |
| N/A | s.appjiagu.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.poiuylkjh.vbfgrtdefgg
chmod 755 /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/libjiagu.so
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
ls -l /system/xbin/su
com.poiuylkjh.vbfgrtdefgg:Mbks
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.poiuylkjh.vbfgrtdefgg/files/e.jar --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/user/0/com.poiuylkjh.vbfgrtdefgg/files/oat/x86/e.odex --compiler-filter=quicken --class-loader-context=&
sh -c ps
ps
ps daemonsu
ps | grep su
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | feedback.umeng.com | udp |
| CN | 120.76.224.67:80 | tcp | |
| US | 1.1.1.1:53 | data.flurry.com | udp |
| US | 74.6.138.67:80 | data.flurry.com | tcp |
| US | 1.1.1.1:53 | pss.alicdn.com | udp |
| CN | 47.92.21.227:80 | pss.alicdn.com | tcp |
| US | 1.1.1.1:53 | pns.alicdn.com | udp |
| CN | 47.92.62.7:443 | pns.alicdn.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | lkjhj.4atop.top | udp |
| CN | 120.76.224.67:80 | tcp | |
| CN | 47.92.62.6:443 | pns.alicdn.com | tcp |
| US | 1.1.1.1:53 | s.appjiagu.com | udp |
| US | 104.192.110.60:80 | s.appjiagu.com | tcp |
| CN | 120.76.224.67:80 | tcp | |
| CN | 47.92.40.34:443 | pns.alicdn.com | tcp |
| CN | 120.76.224.67:80 | tcp | |
| CN | 47.92.40.33:443 | pns.alicdn.com | tcp |
| CN | 120.76.224.67:80 | tcp | |
| CN | 47.92.40.32:443 | pns.alicdn.com | tcp |
| CN | 120.76.224.67:80 | tcp | |
| US | 1.1.1.1:53 | b.appjiagu.com | udp |
| CN | 180.163.249.208:80 | b.appjiagu.com | tcp |
| CN | 47.92.40.31:443 | pns.alicdn.com | tcp |
| CN | 106.63.25.33:80 | b.appjiagu.com | tcp |
| CN | 120.76.224.67:80 | tcp | |
| CN | 47.92.40.22:443 | pns.alicdn.com | tcp |
| CN | 120.76.224.67:80 | tcp | |
| CN | 47.92.21.239:443 | pns.alicdn.com | tcp |
| CN | 120.76.224.67:80 | tcp | |
| CN | 47.92.21.238:443 | pns.alicdn.com | tcp |
| CN | 120.76.224.67:80 | tcp | |
| CN | 47.92.21.237:443 | pns.alicdn.com | tcp |
| CN | 120.76.224.67:80 | tcp | |
| CN | 47.92.21.236:443 | pns.alicdn.com | tcp |
| CN | 47.92.21.235:443 | pns.alicdn.com | tcp |
| CN | 120.76.224.67:80 | tcp | |
| CN | 120.76.224.67:80 | tcp | |
| CN | 120.76.224.67:80 | tcp |
Files
/data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/libjiagu.so
| MD5 | 0bb4d654e3ad9c4b9110d2c83a807d92 |
| SHA1 | 9c07bd8b32cee0ee13c5c2da65d44e52156f315c |
| SHA256 | 4011a80b1f410991e861724f7f04fa1cec52c7f83dde89001f3eca1d7783a51f |
| SHA512 | f830107afc85758ebe384e04cfa7bd082a1fec14f596f09cf7321ebe2c85dd7112ee56e985c08733be874905be3b9339885fdc788bcaaf453004240dd8e36d13 |
/data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex
| MD5 | 1fe6f1e7482bc922fabdedbdc60ff1ba |
| SHA1 | d3d1ba56a8f39d542ab7a61e018cf3d4508668e1 |
| SHA256 | 9d1c8c751cf419625693d301c9a7db0e5e872648915e5b29e25dcba4543800d8 |
| SHA512 | 8a54fd0293157e3b913b7564c96e1b9210f09c85b7d48f69441d15d55aeb3bb30763cfa4ede354608447ff14b51dee9228f84be9e3c6ee68d1d54b03568a2139 |
/data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex
| MD5 | 2bb9a998aa693df6cc04440eeb737bbc |
| SHA1 | 9080735699e16340d3a4fec843a77769bdfacf9f |
| SHA256 | ee433d4202c61b50ba95cd38607af6b90b093b5dce12aa1a4e0c450c284b1cbc |
| SHA512 | 16ca304338dd82b6ca1b75e4fe54962e22668e2b24e5124dfe32b1a07d43f98baf415dd0280098e202d06e36ada813761b89e293e625c345638a8a8e4c29dfc4 |
/data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex!classes2.dex
| MD5 | 317c3d4098ff65d239297c6a09db35f5 |
| SHA1 | b7f4094f51ef3e03b2043fc7322bfa73f6b238df |
| SHA256 | b920bdcdff7ef0883492fcaca634aa0ec79a67d9dc75012c6480d7560f7ddb87 |
| SHA512 | 5dfda89ab8e4f87e3cc728ed5fafebb7af8e181384d3a701e0d6cbbc33f4d43f8a3f69c031e80d2df179614103bb24c715c11166ecec7398e47f44bda9649c0c |
/data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.ri
| MD5 | 47181b6f98c0b03027346c60a789eff0 |
| SHA1 | ce4c2d05e9bab1893849befac997ed7e86ba2dd7 |
| SHA256 | a5822c76acedab8b66d7bbc0b4303abcdc3a4b6c037dfd2ced1ac82f360b18cc |
| SHA512 | 889ad8d0fc2ace64d6a8140ca8c949d7a45a4a32ce7ae82decda8c8cb7a8d41e500bd5eed296e49b59bb8a9812d8cf37883e32e98ddea5e0f01f74f07b0862bf |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jiagu.lock
| MD5 | 4e0f1b80d02850bd814884834515b0bd |
| SHA1 | 6fe1f39154f6ef27a04a9528a7bb33c6302c9897 |
| SHA256 | 313e49afb2458032cf432b1a112c7b326c22e85f09b600f36d52cf90d3c4653e |
| SHA512 | 580984b86b1ce261c4416196d3ac080019e3dc32c6bdf80bc4fbbdeab69c7f3c982bd9365fedc384335a7c09499026d6639e461255702ba9c1b69411e934f136 |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.ac
| MD5 | c3bf117840305fcc12f370e8a5925302 |
| SHA1 | 59aae5ff5d554a97e13fb3486204e54b0744183e |
| SHA256 | 169d6e09e7eb102cc349442d0fbd9098da5c2ecdca0723cc06819c9faaa13c99 |
| SHA512 | a754878e9f1b54a02837f63706478ac3d34208253f4e954b4b0f618399e76db7b25d43577a5f2e7db7e67bb624a4c9e47f022c4569beda6c97dfe6b986c8806d |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.ic
| MD5 | 890d258307e890913a5af69db27ce756 |
| SHA1 | 9dcfdd76fc80b6c8d4a7a903ebc829e54c09b21f |
| SHA256 | 738b4c4946edb2d49fcb44f81eac3887691ab35bf18eb679fbaefa328e898c4d |
| SHA512 | 4c48b845edb4439d15ac3c332eb021b17891d605bb98398ba92e541b2400848c57bfad41ab58bdbfb21d8e2ca90e00d7a49d49d2da5e5c8b20db651d63c8b573 |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.di
| MD5 | 1ed7f0c02757c8730bee9b39b4f2b02f |
| SHA1 | f189a272a052e98ff3406d8c094d57c9c149823e |
| SHA256 | 5b4f2ddbb7d930efcb5eea1439d21b554083728cc3a34a746a744c2031b4d952 |
| SHA512 | 00354094a170044791c63526b7ae2501cd53fa696362c6904ffeee9ec88b080b5f75b49cb738314ead1bec2c1f424b275e80acba22b4b9b08316e17a1de86050 |
/storage/emulated/0/360/.iddata
| MD5 | 409d3977c0aec5bd3db9cc65969a3d44 |
| SHA1 | f6e812c7e9fd1661c8c7b93d3a96a1104fd46cb4 |
| SHA256 | 2007726d60a2fcf3e68f3ef4cf481034d03d5a5072e463e82de2e57b142c00ba |
| SHA512 | 50025c5067a70d1375c3c13ee4806f485f74403408909ce7cc3de07f0ebfacdaa2f3e34551148e341a8ca8cc4f84a23d729e46428bac77818d23a9ec5cc9a5cc |
/storage/emulated/0/360/.deviceId
| MD5 | 1d8d16c4e3b19ebf18988530d9b9a757 |
| SHA1 | bc94c1cce05cd848a53271ecb9c5311e27ffebf5 |
| SHA256 | abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7 |
| SHA512 | 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82 |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.Fabric/com.crashlytics.sdk.android:crashlytics/666AABF40090-0001-10AA-2807317166A8BeginSession.cls_temp
| MD5 | 03e56e9fb20c78805cc94724c20ba7ac |
| SHA1 | 433f11e39e163616a55fb9e89849536942ec50be |
| SHA256 | 52e196e00724e8c0fd8ea4c35f484a0c6f545932834fd23eb2a7b65691aa2a62 |
| SHA512 | e995219accbd2e848053ae02398e992e607fb3aab384f56cf2147024b296689aef240b09f17e93edb9454a2321f0028f8021dc1a583483e2a2c620971889b3a7 |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.Fabric/com.crashlytics.sdk.android:crashlytics/666AABF40090-0001-10AA-2807317166A8SessionApp.cls_temp
| MD5 | b79ac7af2cbf7b5693866e2d8756b4eb |
| SHA1 | 6c5dad4c545e837ce8e3c2e6d0e2157329dddbda |
| SHA256 | d9dd935f2337785f744652c3b87678b8210056e5bbf1899f6dc4fa376dc2c584 |
| SHA512 | 73bbe5e3d4b5c4463d951deeac28750d4f2dd30033e1358f2b3849b2f8121dc550ed34649c6af76dac472a1e63c158ed681e59cc9701edeae9aa72accca618ef |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/e.jar
| MD5 | e28edc521aa9b4dcb05930c290bc053e |
| SHA1 | 22819a815995cb4c9a18ebe0f685f0038ff8c1ef |
| SHA256 | f135588551cc996aa55f33854dfcff6034470a4bb47fb0e3d695377093b56a5f |
| SHA512 | 0a85386ca20f3425c8e4b963dca7180dd0398fc4862176c4863e4c91ec55ec6222030eafa720d9e835a7ca5332c0e2504f4ba34c65220be033ffb1faf5ef9599 |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.Fabric/com.crashlytics.sdk.android:crashlytics/666AABF40090-0001-10AA-2807317166A8SessionOS.cls_temp
| MD5 | 9b3d4522944ce6396563812bfdb92fa9 |
| SHA1 | 6d2a6133c8f01938a48ccc77ef86ad8ca335c020 |
| SHA256 | d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9 |
| SHA512 | 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727 |
/data/user/0/com.poiuylkjh.vbfgrtdefgg/files/e.jar
| MD5 | ae34ef72e1a74f567db870db47aa0495 |
| SHA1 | 654fde3a9490e9a1e1b75481b243631af920016f |
| SHA256 | f6c4b41cdd3546aa8edd7286c1478af0c9ff5f4d1cc926761428ee8c0596209c |
| SHA512 | 0691f70c6bf06557f20c5cb11db8e0afcf920fbde26ea54d35906ab8c392704cbd3f61388b1514d5a0f29032074fadfd9cc2032d1bde143e32f0139443cead88 |
/data/data/com.poiuylkjh.vbfgrtdefgg/app_eed2b8ff-ed77-4175-9eaf-445bd3498ebe/5e617efa-33bb-487d-ae70-c0ccd4238538
| MD5 | 146a650dd469a6b6391f560eeabdeb0e |
| SHA1 | 25e20b3bfe93d7c16c6bb21e65942a58e6ce6bf2 |
| SHA256 | 6756084a60a3b21dc9ad595ab336ef3b2b6f5c0039f7de1463f61f8a58de4de4 |
| SHA512 | d72dfc7aeefb2d77e46e0b5323c77bedd3a75c2cd670ce382c6a0dd894105aa42d9056909abb94dde007424f1a877478e96f8e5a5831aa48a21b5057c1e7193b |
/data/data/com.poiuylkjh.vbfgrtdefgg/app_eed2b8ff-ed77-4175-9eaf-445bd3498ebe/5b7a2e5d-9554-425d-9758-0db43990e8db.jar
| MD5 | d73ac1e8603c9212c8d7bd0efd555ecd |
| SHA1 | 0d3a248ce2541ca4952e7bfc3f1a7d46ef1c384e |
| SHA256 | 560d25284546e0bde690b859b5d9bbe1e1b8ec924524b929674305935c80a107 |
| SHA512 | acd304c4237efe3537af363caabc17f135e78f12801094e62df1e3dc260549acf7fccf51eedfb5c57d12c1b2f503244007c222411792d3b4a3e5c2f72d771949 |
/data/user/0/com.poiuylkjh.vbfgrtdefgg/app_eed2b8ff-ed77-4175-9eaf-445bd3498ebe/5b7a2e5d-9554-425d-9758-0db43990e8db.jar
| MD5 | aabcab5764a2c245f66f05275409d9ac |
| SHA1 | 70025f9a50f5741874e7ba414065d839050b55de |
| SHA256 | 8c8323abb7822bc8faddd358956746fb66451b64f7add56a124e78fc614561b1 |
| SHA512 | fff399b665c673d83f25ec7ff16bb3f07a7395d45dd106fe1857fb8f1920e9a98c6b60ba90d1f95d76b3d671e27349cdb3abc6a1b1f3b7b46a4f1c0020e22071 |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.flurrydatasenderblock.59a31fc9-efd3-4227-bbea-525e530eefbc
| MD5 | 47f7eefb547f47ea9ff326f20a096526 |
| SHA1 | 14fb45e032ed3998d6a010f8ab69b50a8234cb11 |
| SHA256 | 0b8d72b4d5f783a6d293198aaba45bf8159b3f90a725c7c23db1f547d48e7749 |
| SHA512 | 45dcac933d6a89e7b05f51a6902e8f220fb2f76f23a7b4b8a7a48d5e0329cf95277df917602616b6b852ed620fa7117d7700f40d08eb66012ae89c09df58d265 |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.flurryagent.7707c387
| MD5 | 9fd38eb16ad3c4a1a42c205588da041a |
| SHA1 | 63dc11215c2f673f66b4d3f9942c322708890441 |
| SHA256 | dd619abd0728b5faef3c875424a206640b65ca452df779951ad22c83fadaa8f1 |
| SHA512 | 941d95e559728e77bbd1791459f0dd40d9417b59e35db40783a0ad81997b61b7c266fe76773226eabbc3c193bbbdbf0a83990e13fd098db8670e15169d094760 |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.FlurrySenderIndex.info.Data_ZXZCX8FQRQM33HN2F5J2_151
| MD5 | 352622f5384b26ced53720604118cf23 |
| SHA1 | ed53849c77624c669820f80c87797c4d2b1d8604 |
| SHA256 | 419d0c75fc423ceb30178d260c0fbc816c0f00e3bee03efd6dc15e7447dcd7ff |
| SHA512 | 3bbfbbd3d20f8829128cebbc1e0fba62c0f776cc03ccf4abadb5f3c956bd3d77c543c1375a9d8a3e183f6c9fdda427eda8e3e2026c43544001f7303225a160ed |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.FlurrySenderIndex.info.Main
| MD5 | 16f634c1c78d58b4c9be8fcaf30d7c49 |
| SHA1 | ca767de0fdf311bbb2dbfeb2a71ba59d3cdd71d2 |
| SHA256 | 23389f53215739d67e9e98cb23358b51cee0b12c13a1543b822bc472ce91f66d |
| SHA512 | 8a3777414cfab79f5fb0d136c333e765e2a42834e8dcf9814c050bdfa503783a65d435ef40787b76c0128019a651d24659efdef6693c7c9e8e46abea2f9ccae4 |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.Fabric/com.crashlytics.sdk.android:crashlytics/666AABF40090-0001-10AA-2807317166A8SessionDevice.cls_temp
| MD5 | 25fca8b4d108c327bf6fd6af28d11ea3 |
| SHA1 | 0c24feaeb23eaaa42a9c1f63f37ef33a31178540 |
| SHA256 | 04ba59ab70d5ccdcafe02373a39219ae062b0a29e417f638a5a5b9d95def52f5 |
| SHA512 | e33da71d13bf46b2b532b747b9d12a2944f3a07720a7259cbf92ad44e70a57895d15c7471ca7519505d3b62c2e8e50c036bd76eb9687e84f6c954180d483288d |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
| MD5 | c33583fae4e0b61cde1c5b9227963237 |
| SHA1 | fe2ebe4d27469af1460f7e852031a04208ef629b |
| SHA256 | 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc |
| SHA512 | fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
| MD5 | bd5f34acc5852c9c3c583bd59ef03b8c |
| SHA1 | 368963e395a145038e8c39ff0d2b68351b9dd309 |
| SHA256 | 1737e3ab2c40b6c4bafc0a863a76e6e9db71bb7ecf97b352edca5b46dd30a572 |
| SHA512 | 766e524e4b561385f4d009c65519c23661d9cad1db4cca783562dd6d6842b35c7485256d1589c9b757e75e7420a9e6871b8100d45ee1a86705d300256356296c |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_d7b42636-6997-4bd7-a430-37e67fa23562_1718266872438.tap
| MD5 | 925930a2bb9c88ccdb9c42bd238a4aba |
| SHA1 | ad9c0b2d1a7fdb15e26bf29a04f21012a6639151 |
| SHA256 | 03b608de9450e32be328b38bfd3c3baa8cbcd08f2ddbab6f8839b5bf6ff17871 |
| SHA512 | 6e1fe585f2fd28343a36c3bb57d760660942da1e26f4ed1f8d2f7c2545a7e08581bb15beac7ba433c699a0e92c00997bde36ec85480b9a891c180107202bac6d |
/data/user/0/com.poiuylkjh.vbfgrtdefgg/files/e.jar
| MD5 | d6db95699624985b7a9c103cf3371163 |
| SHA1 | 85ec57c1fa8236efecb64ac337f17488d8f461f1 |
| SHA256 | fc716609a604f9c3c4aef74475921129f55b76d69a43e3f938931eb78b343fbd |
| SHA512 | 2ec684eb9e5909b63745072889235dd9bcbd061d34da16fd2870ce26323334112054715f70761bc011b61ac573e1333f9ab4a361180947aec9413b1fc4e50081 |
/data/data/com.poiuylkjh.vbfgrtdefgg/databases/vmeni.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.di
| MD5 | 91dbbadc46b0d3e35f97ffa9272007c2 |
| SHA1 | 1940a4fb3c658d71e3bb48b38e36cac9f64be100 |
| SHA256 | 66f990baaef651ff858ca0210d69d6dc1a2a23cc688202260912d52065af8cda |
| SHA512 | 859ac8ca314bb6a95655ba5f7f26f6f1b7e686536f556644eb47fe4bb6866184323b04851df958948d731e141a07e787ae94367e6aae5e2809244071921fd6eb |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.ac
| MD5 | 47789bc94e25bde5957416aea1f15848 |
| SHA1 | 01f9fd37d9f3db9ffbddcc14c8927efe32a6a0de |
| SHA256 | 7cd6eef94faef49d62a80f398612485352d9e62e409bb10f49f101da07e0df7e |
| SHA512 | e5467b9411256fa63b4164427d3868d34077059552380cb6d2d931651ad5b18ae930522928b5b08c5c08aa254e047b513f2c90abd2657956f3bc04bec6999610 |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/SUBOXLOG_
| MD5 | 3586ea4b94baf0b3a9943a3b3b5c5325 |
| SHA1 | 0b5faca66faabcd19527c2e7c84ab91eeb401c4e |
| SHA256 | 2e1b039d2f4c574e3f3276980f53a187ca470efdadffe1df66f912c2cab84ee1 |
| SHA512 | 753c9cf4935ffb590f890398fcf037c79d440c5e68b083b5a1e6fc507396e51960c30156f7486f779e3849713a81f1e8b9431a3aafdec3e70a51d974b36dd2ab |
/data/data/com.poiuylkjh.vbfgrtdefgg/files/SUBOXLOG_
| MD5 | a52e5ff214ce88cea6aa5097b9853933 |
| SHA1 | 750a9d43cabc258ea8459c8061cd5451ca3a211f |
| SHA256 | 42877dc2de4baf560acf2943cb797af78655811cd0cfb6b297b527dddf994948 |
| SHA512 | 454b724aaae953d14bdd642edfdfd379d4e27a03d23ffa8c1c2f882b4c3f000dcc54f4ac58aff8cff2409c5e8c146c060d6dd7b931655f63131050f249686f90 |