Malware Analysis Report

2024-09-09 17:48

Sample ID 240613-j8sc7avcmp
Target a49971dbee503e2c21da3f02679a9a5b_JaffaCakes118
SHA256 4a19bf75c68cc74ecaa34e8e5f7116f284d35911305a8055e9c0a832b568fa8c
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4a19bf75c68cc74ecaa34e8e5f7116f284d35911305a8055e9c0a832b568fa8c

Threat Level: Likely malicious

The file a49971dbee503e2c21da3f02679a9a5b_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Checks Android system properties for emulator presence.

Loads dropped Dex/Jar

Checks Qemu related system properties.

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:20

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:20

Reported

2024-06-13 08:24

Platform

android-x64-arm64-20240611.1-en

Max time kernel

7s

Max time network

133s

Command Line

com.poiuylkjh.vbfgrtdefgg

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.poiuylkjh.vbfgrtdefgg/[email protected] N/A N/A
N/A /data/user/0/com.poiuylkjh.vbfgrtdefgg/[email protected]!classes2.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Processes

com.poiuylkjh.vbfgrtdefgg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/com.poiuylkjh.vbfgrtdefgg/.jiagu/libjiagu.so

MD5 0bb4d654e3ad9c4b9110d2c83a807d92
SHA1 9c07bd8b32cee0ee13c5c2da65d44e52156f315c
SHA256 4011a80b1f410991e861724f7f04fa1cec52c7f83dde89001f3eca1d7783a51f
SHA512 f830107afc85758ebe384e04cfa7bd082a1fec14f596f09cf7321ebe2c85dd7112ee56e985c08733be874905be3b9339885fdc788bcaaf453004240dd8e36d13

/data/user/0/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex

MD5 316c62965ef8e5c39a34589da59031c1
SHA1 795119baabff3ed8288ea0b9ca7369e6a9e73fb6
SHA256 d73fb18430a6f812dd4ac9aac99945296afe6ca532480b281203609a2d9985d7
SHA512 4c1f9a70ea986a4c3eb64fbf18f67631f16ebf3cf99073b7a25f48c8bf10ecce85187fda59c5c17b8ffeb39ba0f61b78a0896187f1cde50aac6237232bd0f6b7

/data/user/0/com.poiuylkjh.vbfgrtdefgg/[email protected]

MD5 2bb9a998aa693df6cc04440eeb737bbc
SHA1 9080735699e16340d3a4fec843a77769bdfacf9f
SHA256 ee433d4202c61b50ba95cd38607af6b90b093b5dce12aa1a4e0c450c284b1cbc
SHA512 16ca304338dd82b6ca1b75e4fe54962e22668e2b24e5124dfe32b1a07d43f98baf415dd0280098e202d06e36ada813761b89e293e625c345638a8a8e4c29dfc4

/data/user/0/com.poiuylkjh.vbfgrtdefgg/[email protected]!classes2.dex

MD5 317c3d4098ff65d239297c6a09db35f5
SHA1 b7f4094f51ef3e03b2043fc7322bfa73f6b238df
SHA256 b920bdcdff7ef0883492fcaca634aa0ec79a67d9dc75012c6480d7560f7ddb87
SHA512 5dfda89ab8e4f87e3cc728ed5fafebb7af8e181384d3a701e0d6cbbc33f4d43f8a3f69c031e80d2df179614103bb24c715c11166ecec7398e47f44bda9649c0c

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.ri

MD5 5ea6a1cd83e282dbc84eb5e17bc66661
SHA1 1fd6a76f1ab9c4839e88c28ab4e7f3c2a4c94a57
SHA256 13671f120971adbf3a8e0561995b64cbfd3fc262114c9f3e00d3daf4d9c096f7
SHA512 ab40206d634ab7f51c88d827a8b3654ffdaef8ed62c5071c5ffb0a11e91d3d6904c91797f7fc75304fdd39254301d778cfd3d0dc5c338a4664855bff448ab820

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jiagu.lock

MD5 2a66996462c5b3d4bdbcb1778aa7776e
SHA1 0b2588017aec58a2ef5067ca6608309e4ea4b797
SHA256 26de10d7a92b20a5f024c94e45c47653e08bdb9ab861033e8bde5dc7144df230
SHA512 56222aa6afb92f8693e7670416695391d2b36ab047b8e1c6e6646907f9a0a8d53ea79356d1633c728cc32d6982fda3fa4c4886bc3842c4e7848c5e20783cff4c

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.ac

MD5 2ee035412fd78fa6202652705df85fce
SHA1 4d30b90d7be58dea7bd92c876f6ddf30b1c247a5
SHA256 78ed5c466d4854ff40c46bb768e5bac55460999ddb797f956b96991f7b4217c1
SHA512 49686abefdd3080d3ad3cc1135dd820339b652aaf5ef94fc6321f463cfe94d72b0233ab74add5fb87d1887a59b01efbfe7838df9ac5d3b69b745c7048720568e

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.ic

MD5 5357e876d2e46535797bc796ded52b31
SHA1 a02b8832c4f628c1e541a3f5bcc6aa7f289b7eab
SHA256 f88d23f47648865b256dacfdb6ae30e0ad9cad204e3c740ffe346d003026af81
SHA512 bb548479ee5371e87e7058c39b118e0909201b79ce552e2627aac1f36d099e4befe364e6797e532bb110c35f76d43c95c25b8cc5747f9e4a5eeb5aa41d28e20e

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.di

MD5 2507992a2393cbb367c3fd0aa43f9a69
SHA1 9564e00ae55bddf06e89118a7264638cc4b32a2a
SHA256 b96cfa3004f66f7a12da41b9c1a9581a7fbe5c526dd042aefa73a2141ee924d5
SHA512 a54fb17f7defab24cb6747e838a1377cb46fb0a0f2112bee319a5a6788132e182bb90acdba72c9f2391962e711f32e2a636bf438664469e32b3c077347a899de

/storage/emulated/0/360/.iddata

MD5 a778c9e38096878a53a09d3c260847e4
SHA1 0733c1b59c700b548a3ba0b2cc5184143e1756c4
SHA256 035bc8eaeb64ae0716fe0d1e888b7df18fb87c8a48f08d35e3c73379cdc82dc5
SHA512 af02f7b5e0af55326cb820e442e4a3ee14308e8af5210adf5cf23c1200e1ff2b07ce8553dab369778beacde44fa161aa0fe033c7bb92e0ecbb1f9329600b3ab0

/storage/emulated/0/360/.deviceId

MD5 4c4c5285293d5141f582aefa4e038669
SHA1 e01852a72e5a8e6f7d63a21426b515118196047b
SHA256 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:20

Reported

2024-06-13 08:24

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

156s

Command Line

com.poiuylkjh.vbfgrtdefgg

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /data/local/su N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.serialno N/A N/A
Accessed system property key: ro.bootloader N/A N/A
Accessed system property key: ro.bootmode N/A N/A
Accessed system property key: ro.hardware N/A N/A
Accessed system property key: ro.product.device N/A N/A
Accessed system property key: ro.product.model N/A N/A
Accessed system property key: ro.product.name N/A N/A

Checks Qemu related system properties.

evasion
Description Indicator Process Target
Accessed system property key: ro.kernel.android.qemud N/A N/A
Accessed system property key: ro.kernel.qemu.gles N/A N/A
Accessed system property key: ro.kernel.qemu N/A N/A
Accessed system property key: init.svc.qemud N/A N/A
Accessed system property key: init.svc.qemu-props N/A N/A
Accessed system property key: qemu.hw.mainkeys N/A N/A
Accessed system property key: qemu.sf.fake_camera N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex N/A N/A
N/A /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/tmp.dex N/A N/A
N/A /data/user/0/com.poiuylkjh.vbfgrtdefgg/files/e.jar N/A N/A
N/A /data/user/0/com.poiuylkjh.vbfgrtdefgg/app_eed2b8ff-ed77-4175-9eaf-445bd3498ebe/5b7a2e5d-9554-425d-9758-0db43990e8db.jar N/A N/A
N/A /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex N/A N/A
N/A /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/tmp.dex N/A N/A
N/A /data/user/0/com.poiuylkjh.vbfgrtdefgg/files/e.jar N/A N/A
N/A /data/user/0/com.poiuylkjh.vbfgrtdefgg/files/e.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A b.appjiagu.com N/A N/A
N/A s.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.poiuylkjh.vbfgrtdefgg

chmod 755 /data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/libjiagu.so

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

ls -l /system/xbin/su

com.poiuylkjh.vbfgrtdefgg:Mbks

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.poiuylkjh.vbfgrtdefgg/files/e.jar --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/user/0/com.poiuylkjh.vbfgrtdefgg/files/oat/x86/e.odex --compiler-filter=quicken --class-loader-context=&

sh -c ps

ps

ps daemonsu

ps | grep su

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 feedback.umeng.com udp
CN 120.76.224.67:80 tcp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.67:80 data.flurry.com tcp
US 1.1.1.1:53 pss.alicdn.com udp
CN 47.92.21.227:80 pss.alicdn.com tcp
US 1.1.1.1:53 pns.alicdn.com udp
CN 47.92.62.7:443 pns.alicdn.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 lkjhj.4atop.top udp
CN 120.76.224.67:80 tcp
CN 47.92.62.6:443 pns.alicdn.com tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 120.76.224.67:80 tcp
CN 47.92.40.34:443 pns.alicdn.com tcp
CN 120.76.224.67:80 tcp
CN 47.92.40.33:443 pns.alicdn.com tcp
CN 120.76.224.67:80 tcp
CN 47.92.40.32:443 pns.alicdn.com tcp
CN 120.76.224.67:80 tcp
US 1.1.1.1:53 b.appjiagu.com udp
CN 180.163.249.208:80 b.appjiagu.com tcp
CN 47.92.40.31:443 pns.alicdn.com tcp
CN 106.63.25.33:80 b.appjiagu.com tcp
CN 120.76.224.67:80 tcp
CN 47.92.40.22:443 pns.alicdn.com tcp
CN 120.76.224.67:80 tcp
CN 47.92.21.239:443 pns.alicdn.com tcp
CN 120.76.224.67:80 tcp
CN 47.92.21.238:443 pns.alicdn.com tcp
CN 120.76.224.67:80 tcp
CN 47.92.21.237:443 pns.alicdn.com tcp
CN 120.76.224.67:80 tcp
CN 47.92.21.236:443 pns.alicdn.com tcp
CN 47.92.21.235:443 pns.alicdn.com tcp
CN 120.76.224.67:80 tcp
CN 120.76.224.67:80 tcp
CN 120.76.224.67:80 tcp

Files

/data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/libjiagu.so

MD5 0bb4d654e3ad9c4b9110d2c83a807d92
SHA1 9c07bd8b32cee0ee13c5c2da65d44e52156f315c
SHA256 4011a80b1f410991e861724f7f04fa1cec52c7f83dde89001f3eca1d7783a51f
SHA512 f830107afc85758ebe384e04cfa7bd082a1fec14f596f09cf7321ebe2c85dd7112ee56e985c08733be874905be3b9339885fdc788bcaaf453004240dd8e36d13

/data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex

MD5 1fe6f1e7482bc922fabdedbdc60ff1ba
SHA1 d3d1ba56a8f39d542ab7a61e018cf3d4508668e1
SHA256 9d1c8c751cf419625693d301c9a7db0e5e872648915e5b29e25dcba4543800d8
SHA512 8a54fd0293157e3b913b7564c96e1b9210f09c85b7d48f69441d15d55aeb3bb30763cfa4ede354608447ff14b51dee9228f84be9e3c6ee68d1d54b03568a2139

/data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex

MD5 2bb9a998aa693df6cc04440eeb737bbc
SHA1 9080735699e16340d3a4fec843a77769bdfacf9f
SHA256 ee433d4202c61b50ba95cd38607af6b90b093b5dce12aa1a4e0c450c284b1cbc
SHA512 16ca304338dd82b6ca1b75e4fe54962e22668e2b24e5124dfe32b1a07d43f98baf415dd0280098e202d06e36ada813761b89e293e625c345638a8a8e4c29dfc4

/data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/classes.dex!classes2.dex

MD5 317c3d4098ff65d239297c6a09db35f5
SHA1 b7f4094f51ef3e03b2043fc7322bfa73f6b238df
SHA256 b920bdcdff7ef0883492fcaca634aa0ec79a67d9dc75012c6480d7560f7ddb87
SHA512 5dfda89ab8e4f87e3cc728ed5fafebb7af8e181384d3a701e0d6cbbc33f4d43f8a3f69c031e80d2df179614103bb24c715c11166ecec7398e47f44bda9649c0c

/data/data/com.poiuylkjh.vbfgrtdefgg/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.ri

MD5 47181b6f98c0b03027346c60a789eff0
SHA1 ce4c2d05e9bab1893849befac997ed7e86ba2dd7
SHA256 a5822c76acedab8b66d7bbc0b4303abcdc3a4b6c037dfd2ced1ac82f360b18cc
SHA512 889ad8d0fc2ace64d6a8140ca8c949d7a45a4a32ce7ae82decda8c8cb7a8d41e500bd5eed296e49b59bb8a9812d8cf37883e32e98ddea5e0f01f74f07b0862bf

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jiagu.lock

MD5 4e0f1b80d02850bd814884834515b0bd
SHA1 6fe1f39154f6ef27a04a9528a7bb33c6302c9897
SHA256 313e49afb2458032cf432b1a112c7b326c22e85f09b600f36d52cf90d3c4653e
SHA512 580984b86b1ce261c4416196d3ac080019e3dc32c6bdf80bc4fbbdeab69c7f3c982bd9365fedc384335a7c09499026d6639e461255702ba9c1b69411e934f136

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.ac

MD5 c3bf117840305fcc12f370e8a5925302
SHA1 59aae5ff5d554a97e13fb3486204e54b0744183e
SHA256 169d6e09e7eb102cc349442d0fbd9098da5c2ecdca0723cc06819c9faaa13c99
SHA512 a754878e9f1b54a02837f63706478ac3d34208253f4e954b4b0f618399e76db7b25d43577a5f2e7db7e67bb624a4c9e47f022c4569beda6c97dfe6b986c8806d

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.ic

MD5 890d258307e890913a5af69db27ce756
SHA1 9dcfdd76fc80b6c8d4a7a903ebc829e54c09b21f
SHA256 738b4c4946edb2d49fcb44f81eac3887691ab35bf18eb679fbaefa328e898c4d
SHA512 4c48b845edb4439d15ac3c332eb021b17891d605bb98398ba92e541b2400848c57bfad41ab58bdbfb21d8e2ca90e00d7a49d49d2da5e5c8b20db651d63c8b573

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.di

MD5 1ed7f0c02757c8730bee9b39b4f2b02f
SHA1 f189a272a052e98ff3406d8c094d57c9c149823e
SHA256 5b4f2ddbb7d930efcb5eea1439d21b554083728cc3a34a746a744c2031b4d952
SHA512 00354094a170044791c63526b7ae2501cd53fa696362c6904ffeee9ec88b080b5f75b49cb738314ead1bec2c1f424b275e80acba22b4b9b08316e17a1de86050

/storage/emulated/0/360/.iddata

MD5 409d3977c0aec5bd3db9cc65969a3d44
SHA1 f6e812c7e9fd1661c8c7b93d3a96a1104fd46cb4
SHA256 2007726d60a2fcf3e68f3ef4cf481034d03d5a5072e463e82de2e57b142c00ba
SHA512 50025c5067a70d1375c3c13ee4806f485f74403408909ce7cc3de07f0ebfacdaa2f3e34551148e341a8ca8cc4f84a23d729e46428bac77818d23a9ec5cc9a5cc

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.Fabric/com.crashlytics.sdk.android:crashlytics/666AABF40090-0001-10AA-2807317166A8BeginSession.cls_temp

MD5 03e56e9fb20c78805cc94724c20ba7ac
SHA1 433f11e39e163616a55fb9e89849536942ec50be
SHA256 52e196e00724e8c0fd8ea4c35f484a0c6f545932834fd23eb2a7b65691aa2a62
SHA512 e995219accbd2e848053ae02398e992e607fb3aab384f56cf2147024b296689aef240b09f17e93edb9454a2321f0028f8021dc1a583483e2a2c620971889b3a7

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.Fabric/com.crashlytics.sdk.android:crashlytics/666AABF40090-0001-10AA-2807317166A8SessionApp.cls_temp

MD5 b79ac7af2cbf7b5693866e2d8756b4eb
SHA1 6c5dad4c545e837ce8e3c2e6d0e2157329dddbda
SHA256 d9dd935f2337785f744652c3b87678b8210056e5bbf1899f6dc4fa376dc2c584
SHA512 73bbe5e3d4b5c4463d951deeac28750d4f2dd30033e1358f2b3849b2f8121dc550ed34649c6af76dac472a1e63c158ed681e59cc9701edeae9aa72accca618ef

/data/data/com.poiuylkjh.vbfgrtdefgg/files/e.jar

MD5 e28edc521aa9b4dcb05930c290bc053e
SHA1 22819a815995cb4c9a18ebe0f685f0038ff8c1ef
SHA256 f135588551cc996aa55f33854dfcff6034470a4bb47fb0e3d695377093b56a5f
SHA512 0a85386ca20f3425c8e4b963dca7180dd0398fc4862176c4863e4c91ec55ec6222030eafa720d9e835a7ca5332c0e2504f4ba34c65220be033ffb1faf5ef9599

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.Fabric/com.crashlytics.sdk.android:crashlytics/666AABF40090-0001-10AA-2807317166A8SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/user/0/com.poiuylkjh.vbfgrtdefgg/files/e.jar

MD5 ae34ef72e1a74f567db870db47aa0495
SHA1 654fde3a9490e9a1e1b75481b243631af920016f
SHA256 f6c4b41cdd3546aa8edd7286c1478af0c9ff5f4d1cc926761428ee8c0596209c
SHA512 0691f70c6bf06557f20c5cb11db8e0afcf920fbde26ea54d35906ab8c392704cbd3f61388b1514d5a0f29032074fadfd9cc2032d1bde143e32f0139443cead88

/data/data/com.poiuylkjh.vbfgrtdefgg/app_eed2b8ff-ed77-4175-9eaf-445bd3498ebe/5e617efa-33bb-487d-ae70-c0ccd4238538

MD5 146a650dd469a6b6391f560eeabdeb0e
SHA1 25e20b3bfe93d7c16c6bb21e65942a58e6ce6bf2
SHA256 6756084a60a3b21dc9ad595ab336ef3b2b6f5c0039f7de1463f61f8a58de4de4
SHA512 d72dfc7aeefb2d77e46e0b5323c77bedd3a75c2cd670ce382c6a0dd894105aa42d9056909abb94dde007424f1a877478e96f8e5a5831aa48a21b5057c1e7193b

/data/data/com.poiuylkjh.vbfgrtdefgg/app_eed2b8ff-ed77-4175-9eaf-445bd3498ebe/5b7a2e5d-9554-425d-9758-0db43990e8db.jar

MD5 d73ac1e8603c9212c8d7bd0efd555ecd
SHA1 0d3a248ce2541ca4952e7bfc3f1a7d46ef1c384e
SHA256 560d25284546e0bde690b859b5d9bbe1e1b8ec924524b929674305935c80a107
SHA512 acd304c4237efe3537af363caabc17f135e78f12801094e62df1e3dc260549acf7fccf51eedfb5c57d12c1b2f503244007c222411792d3b4a3e5c2f72d771949

/data/user/0/com.poiuylkjh.vbfgrtdefgg/app_eed2b8ff-ed77-4175-9eaf-445bd3498ebe/5b7a2e5d-9554-425d-9758-0db43990e8db.jar

MD5 aabcab5764a2c245f66f05275409d9ac
SHA1 70025f9a50f5741874e7ba414065d839050b55de
SHA256 8c8323abb7822bc8faddd358956746fb66451b64f7add56a124e78fc614561b1
SHA512 fff399b665c673d83f25ec7ff16bb3f07a7395d45dd106fe1857fb8f1920e9a98c6b60ba90d1f95d76b3d671e27349cdb3abc6a1b1f3b7b46a4f1c0020e22071

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.flurrydatasenderblock.59a31fc9-efd3-4227-bbea-525e530eefbc

MD5 47f7eefb547f47ea9ff326f20a096526
SHA1 14fb45e032ed3998d6a010f8ab69b50a8234cb11
SHA256 0b8d72b4d5f783a6d293198aaba45bf8159b3f90a725c7c23db1f547d48e7749
SHA512 45dcac933d6a89e7b05f51a6902e8f220fb2f76f23a7b4b8a7a48d5e0329cf95277df917602616b6b852ed620fa7117d7700f40d08eb66012ae89c09df58d265

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.flurryagent.7707c387

MD5 9fd38eb16ad3c4a1a42c205588da041a
SHA1 63dc11215c2f673f66b4d3f9942c322708890441
SHA256 dd619abd0728b5faef3c875424a206640b65ca452df779951ad22c83fadaa8f1
SHA512 941d95e559728e77bbd1791459f0dd40d9417b59e35db40783a0ad81997b61b7c266fe76773226eabbc3c193bbbdbf0a83990e13fd098db8670e15169d094760

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.FlurrySenderIndex.info.Data_ZXZCX8FQRQM33HN2F5J2_151

MD5 352622f5384b26ced53720604118cf23
SHA1 ed53849c77624c669820f80c87797c4d2b1d8604
SHA256 419d0c75fc423ceb30178d260c0fbc816c0f00e3bee03efd6dc15e7447dcd7ff
SHA512 3bbfbbd3d20f8829128cebbc1e0fba62c0f776cc03ccf4abadb5f3c956bd3d77c543c1375a9d8a3e183f6c9fdda427eda8e3e2026c43544001f7303225a160ed

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.FlurrySenderIndex.info.Main

MD5 16f634c1c78d58b4c9be8fcaf30d7c49
SHA1 ca767de0fdf311bbb2dbfeb2a71ba59d3cdd71d2
SHA256 23389f53215739d67e9e98cb23358b51cee0b12c13a1543b822bc472ce91f66d
SHA512 8a3777414cfab79f5fb0d136c333e765e2a42834e8dcf9814c050bdfa503783a65d435ef40787b76c0128019a651d24659efdef6693c7c9e8e46abea2f9ccae4

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.Fabric/com.crashlytics.sdk.android:crashlytics/666AABF40090-0001-10AA-2807317166A8SessionDevice.cls_temp

MD5 25fca8b4d108c327bf6fd6af28d11ea3
SHA1 0c24feaeb23eaaa42a9c1f63f37ef33a31178540
SHA256 04ba59ab70d5ccdcafe02373a39219ae062b0a29e417f638a5a5b9d95def52f5
SHA512 e33da71d13bf46b2b532b747b9d12a2944f3a07720a7259cbf92ad44e70a57895d15c7471ca7519505d3b62c2e8e50c036bd76eb9687e84f6c954180d483288d

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 bd5f34acc5852c9c3c583bd59ef03b8c
SHA1 368963e395a145038e8c39ff0d2b68351b9dd309
SHA256 1737e3ab2c40b6c4bafc0a863a76e6e9db71bb7ecf97b352edca5b46dd30a572
SHA512 766e524e4b561385f4d009c65519c23661d9cad1db4cca783562dd6d6842b35c7485256d1589c9b757e75e7420a9e6871b8100d45ee1a86705d300256356296c

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_d7b42636-6997-4bd7-a430-37e67fa23562_1718266872438.tap

MD5 925930a2bb9c88ccdb9c42bd238a4aba
SHA1 ad9c0b2d1a7fdb15e26bf29a04f21012a6639151
SHA256 03b608de9450e32be328b38bfd3c3baa8cbcd08f2ddbab6f8839b5bf6ff17871
SHA512 6e1fe585f2fd28343a36c3bb57d760660942da1e26f4ed1f8d2f7c2545a7e08581bb15beac7ba433c699a0e92c00997bde36ec85480b9a891c180107202bac6d

/data/user/0/com.poiuylkjh.vbfgrtdefgg/files/e.jar

MD5 d6db95699624985b7a9c103cf3371163
SHA1 85ec57c1fa8236efecb64ac337f17488d8f461f1
SHA256 fc716609a604f9c3c4aef74475921129f55b76d69a43e3f938931eb78b343fbd
SHA512 2ec684eb9e5909b63745072889235dd9bcbd061d34da16fd2870ce26323334112054715f70761bc011b61ac573e1333f9ab4a361180947aec9413b1fc4e50081

/data/data/com.poiuylkjh.vbfgrtdefgg/databases/vmeni.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.di

MD5 91dbbadc46b0d3e35f97ffa9272007c2
SHA1 1940a4fb3c658d71e3bb48b38e36cac9f64be100
SHA256 66f990baaef651ff858ca0210d69d6dc1a2a23cc688202260912d52065af8cda
SHA512 859ac8ca314bb6a95655ba5f7f26f6f1b7e686536f556644eb47fe4bb6866184323b04851df958948d731e141a07e787ae94367e6aae5e2809244071921fd6eb

/data/data/com.poiuylkjh.vbfgrtdefgg/files/.jglogs/.jg.ac

MD5 47789bc94e25bde5957416aea1f15848
SHA1 01f9fd37d9f3db9ffbddcc14c8927efe32a6a0de
SHA256 7cd6eef94faef49d62a80f398612485352d9e62e409bb10f49f101da07e0df7e
SHA512 e5467b9411256fa63b4164427d3868d34077059552380cb6d2d931651ad5b18ae930522928b5b08c5c08aa254e047b513f2c90abd2657956f3bc04bec6999610

/data/data/com.poiuylkjh.vbfgrtdefgg/files/SUBOXLOG_

MD5 3586ea4b94baf0b3a9943a3b3b5c5325
SHA1 0b5faca66faabcd19527c2e7c84ab91eeb401c4e
SHA256 2e1b039d2f4c574e3f3276980f53a187ca470efdadffe1df66f912c2cab84ee1
SHA512 753c9cf4935ffb590f890398fcf037c79d440c5e68b083b5a1e6fc507396e51960c30156f7486f779e3849713a81f1e8b9431a3aafdec3e70a51d974b36dd2ab

/data/data/com.poiuylkjh.vbfgrtdefgg/files/SUBOXLOG_

MD5 a52e5ff214ce88cea6aa5097b9853933
SHA1 750a9d43cabc258ea8459c8061cd5451ca3a211f
SHA256 42877dc2de4baf560acf2943cb797af78655811cd0cfb6b297b527dddf994948
SHA512 454b724aaae953d14bdd642edfdfd379d4e27a03d23ffa8c1c2f882b4c3f000dcc54f4ac58aff8cff2409c5e8c146c060d6dd7b931655f63131050f249686f90