Malware Analysis Report

2025-01-19 04:54

Sample ID 240617-xqw6bazgjd
Target b988c4128bc6817c9d8de3f451cf4e41_JaffaCakes118
SHA256 f67075861a74c33338860869ffa1102ab254854685651a2fef717c764ce6af3d
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f67075861a74c33338860869ffa1102ab254854685651a2fef717c764ce6af3d

Threat Level: Shows suspicious behavior

The file b988c4128bc6817c9d8de3f451cf4e41_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Requests cell location

Loads dropped Dex/Jar

Queries information about the current nearby Wi-Fi networks

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about active data network

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 19:04

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 19:04

Reported

2024-06-17 19:07

Platform

android-x86-arm-20240611.1-en

Max time kernel

47s

Max time network

139s

Command Line

com.app.hero.ui

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.app.hero.ui/cache/ads8820418696143585467.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.app.hero.ui

com.app.hero.ui:bdservice_v1

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 hoad.gomumu.mobi udp
US 1.1.1.1:53 ct.kuro.cn udp
US 1.1.1.1:53 hmma.baidu.com udp
HK 103.235.46.195:443 hmma.baidu.com tcp
US 1.1.1.1:53 channel.api.duapp.com udp
CN 110.242.69.50:80 channel.api.duapp.com tcp
US 1.1.1.1:53 herook.kuro.cn udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.gomumu.mobi udp
US 1.1.1.1:53 media.admob.com udp
BE 74.125.71.102:80 media.admob.com tcp

Files

/data/data/com.app.hero.ui/databases/songpayeddb-journal

MD5 0f8667240e448728f0ca10cc19ef192c
SHA1 9905aa1742ad8d76f7f78f72acf88cd791403825
SHA256 c01683dd5545166f7702c7984b152f3eba7e0953803e1f332bd5983463031bec
SHA512 b2da32892b02e3ebe6830bd9ca948513c3ae9dd826c7cc69e334308a16aa5e8ae261e408ed73f66f4a6fcdb5f44dc7b0094807888604ee0053ffb0c87fc2c296

/data/data/com.app.hero.ui/databases/songpayeddb

MD5 996697f79c9eb6dbf277dd423cb149af
SHA1 54772e00fd33e226750ed53070d8231874edc641
SHA256 dd3f5bd02a4f13ab68a910475500c34175a1c65f9fe898ea2f99eaebab1dd831
SHA512 2fee65df5d32c70be7ad0771c64498f117ce449b962261255b62edfe6c6b53f6772e975eefea2d09aeda2876dae3f8a8e8bdef7067d0e611cfaf4f0eae4b2e91

/data/data/com.app.hero.ui/databases/songpayeddb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.app.hero.ui/databases/songpayeddb-wal

MD5 079c5f7231cdd576f0937ea348b9724f
SHA1 3fabd00b61c9e4d1be6d8effe2b45b82af278f4f
SHA256 c1a234edea53e67e11082b10f6d205767c4e76814f5362b1a8d6d2556c8c18d1
SHA512 552c26c14f451bbef229b9fa66c548640c0621f005f425ddf725ecc4cd977ddd3e0e3aedcd559f70581e6edda48feee1b231ddb355a872f4f050dd8e5f4af4c3

/storage/emulated/0/backups/system/.confd-journal

MD5 5bfe2f3a0a2b429102406a7a9f872a0f
SHA1 0e0333bb24b3c7bd74464c9b6317c6c8019aca8d
SHA256 0cacd3a8d2de8a05bedc62184fcae1c44beddee4ac6c5e42bf217b46dc12bce8
SHA512 6eec3271a9024ce78a9b717ac707eecb71c394b6d7290722336dbc44a23f31558a6d3888c7b79be251fe24c0c43375fc211afc4722918ffeb11ada2406deb5a0

/storage/emulated/0/backups/system/.confd

MD5 048c73f536f234f0ad0d2fa8bdbda899
SHA1 dba2e666721e0b0988807b8bb3ce0452dad3448c
SHA256 f1a64586ce75e770e2f36a7ef6f7419e26ebb9e9e786df3c5adce50a196d2d07
SHA512 6ae398c682724f0008ce47cfc790a7ad3dd7cc801fb3a8a692d28da5533ea7ed830ea36933bd3e3219fc8cbade90f073c2c418611921bc7d6877d94b6745c4f0

/storage/emulated/0/backups/system/.confd-wal

MD5 9268fc0bf5ebcd2ba30b1c6736f427c0
SHA1 2901983e064470cd471ed51bb8c7106c3b7b74d1
SHA256 f99554cfae33f360980c091b07839bc511c282532b97dd3b687175ad2b16e451
SHA512 860f124234bb67788c94ace87fb98933d27323caccb26d901dd148bc44d98aae32ef9639fb087c95b1743f9c6d60e78677f0caa078d970a039fd8953180d0bc6

/data/data/com.app.hero.ui/databases/account_binding_db-journal

MD5 7a78624562bd4e4098ec3938553a376f
SHA1 8482f3c97fcd7d724a8a0354b4b167e85d463b9c
SHA256 cbf2383a25b38bccb0691dc71e08f14fe98077df34aaa9867cba4b0f0219c7d4
SHA512 def6ea2c31eb56428c260f7beb4ff44ac0ab85f7215047e248951efbb88cbe28a9453c908f0b6d1e7a3c90bd571e832550b9305cb114e8c59de4389fabcab0cf

/data/data/com.app.hero.ui/files/libcuid.so

MD5 d47597bf36f2d38c1cc5e1c1d791444a
SHA1 6d72163678e410d6e2367861470c240e46fb3ab7
SHA256 6ff21eefe9782b425012ff23eea157a4bef69a3663a2e5ee79352e15607f299e
SHA512 b5271c6cabba7fd466bf0ece7eeb5d65ba4bef7d5b7f7626356881474f1ee39a7f8912d5409f9d4e3e205c757bb5b9d9a54653d752f7c788250a4fe00a010203

/data/data/com.app.hero.ui/databases/account_binding_db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.app.hero.ui/databases/account_binding_db-wal

MD5 153ae15e3b8459e84e449978a0d46caa
SHA1 0e3b533a1a2e0c0118f4463c6205af4b4d08bb32
SHA256 26ca37aadb390a391498a2a82e03088be730c17b340ea7f26f040aa2d8c5752b
SHA512 1269b2613a552a04d2492e38728b0ced39b8f8ea13fdf1481fc3f266c9cf155a14e4cf5f3fa32a7ee38df6af394da8446082fc31418f9ed77ed30b290fa92fd8

/storage/emulated/0/backups/.SystemConfig/.cuid

MD5 f549fa7cb2a0d1c840ab0aaf3d7dd30d
SHA1 2a1d69ddde2539c9aed0ed39a5225f659e1f2396
SHA256 55807cb0c8a69c63231f266fb954090aae9809b401e934c2efbe66bf3c391ea0
SHA512 635fdec489aea3eb46c26a1a33e0c2d1ed604a328729a067326453f87059170c9e774fd10c30507e078b6e13583bfce9d7308151dd5ed4d5a717c929d0f7ddd9

/data/data/com.app.hero.ui/databases/marketdb_v2-journal

MD5 acbd6ed57b55e26976b0c018b3d59146
SHA1 02b56deebc4e31cd5c1e120af19f241595738233
SHA256 0533de26b04e7038819dee6e499109b5ca9004f604e7312c7c43061d7d208dd9
SHA512 435662e5c2802f508ced64f8e4a4039c996687eca5309bcdd6798dff18b517aeaca33703146a255355b4634ee7e2c969d1d7eb164ef1e779611fa571a55a95a7

/data/data/com.app.hero.ui/databases/marketdb_v2

MD5 c3d1b832d90b91f3f39d9ad1e6cecd92
SHA1 a169af4543714f4e156ecb80ae7f6784740a1f30
SHA256 7ac585729e86dce64523426b8204ee17161fc386f921bd25e5a82da3e71025fe
SHA512 f4d3f43ee296c1ad8654fcf699118e2321d6b87fb792827fb6a51719839bdaa8c598d9c973d727c76e6b3f70fbf19b2750e7370de4a916c644e30d4d8b0918a6

/data/data/com.app.hero.ui/databases/marketdb_v2-wal

MD5 2b5ee9e4f6ae8465bbaa9e2d6b299076
SHA1 20d86240c78bb38be3b20a9079f6bdbe0a45446c
SHA256 84dcc21d7f7daea97ead03ad855c3561b008001a8b389e538e7e23ea6b91c649
SHA512 b66515551159de170ec05cd0d9951f1d13e905d7786fb75012f7a17cb304951def17ee4e8832adb03f123d67473889b00b08f0fc4c730f0c917c4acca5be79ec

/storage/emulated/0/backups/system/.timestamp

MD5 9a0cd03d17e32f28f0592888c5149539
SHA1 38273ca020b6f72f5fa7424428b8a2be42e75130
SHA256 30d9681ee23a888d5a16aba8f9d7f9305f438d9fd0412d6fcec9df68b1044e9a
SHA512 aba674c6c45dee5152c37c0567bedd11ec163575db3b65dde9374cef9ba6785ec25941ab764606f02b9448e76ba98072bbd3994a4735219bfde2f8790f1af410

/data/data/com.app.hero.ui/databases/online_play_ctrl_db-journal

MD5 378839315a0761b6e56d9b702976f576
SHA1 b88cd5d38b450a0656791fd3aefaca368ed0f588
SHA256 4b647173d267011702f2464f38113fba295ff3d206ab8a16371aadd8606575b5
SHA512 3dcc8ec874f1473b5e954266547527293b7e068866430313580f7c6b53d31f23ab70695c7494cb09e0ab77923974c80cc7512d31592213aa2368e359327d8d1f

/data/data/com.app.hero.ui/databases/online_play_ctrl_db

MD5 0eca679a10e138f0e3d0cc036ec5ccbd
SHA1 72946d04ec2f50ea98624fc79223a58134c10bdf
SHA256 0984148a1f05b56119a310a850e93720c411ee447a3f6cc78c60a87984b9d66d
SHA512 42f20943bedde52edfc9bf6b5bfd520379a8956dc8860b0585125f8f4579387cd1c7a436a64c64719af2888f54a0efea90941f7108e39c5fd662ad7e5709c5ea

/data/data/com.app.hero.ui/databases/online_play_ctrl_db-wal

MD5 7dec91129acb7e9d74f848d11b6cc61d
SHA1 40d86c9a20e5d66f16b1c5b42d8fdb89276c96dd
SHA256 dfd466c42c8a0100354b3af996bcfd16a84bffc81b1df545cc7d6e59b6f27e3f
SHA512 698930e6bd799b3a343059471cabe26e703c594a8dcc8295b8887ae3a96776a909a873d51646e620f4da0bf3769765160e3dd81fedc3cf18c84a5a9c5f46d774

/data/data/com.app.hero.ui/files/__local_stat_cache.json

MD5 c8ca75d7f84f5657e80beedfd20a25da
SHA1 0bf5d3bb95f518d466b99d73dc78f1f1cb7948fd
SHA256 c5537532440e9e78d8b83d0fbd6cc9e9e4a9814f1ee704883e46caf048c439f7
SHA512 c02117bd85331797d202037b82addd718dc63a852e6525e1f8e67da35e903b4feefe2987a26572ce39be7c812a5df39df9d05cc93cf87a1033af0ca117ea4397

/data/data/com.app.hero.ui/files/__local_ap_info_cache.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/data/com.app.hero.ui/files/__local_stat_cache.json

MD5 cdf561ecab3ee15e83ee2886ed5718af
SHA1 a3d946c9d5304eded653326b489de5e082b45040
SHA256 fcc40eb36482c5c5ba9acf6e7009d5fcd2624e5996b0301a3f510842ee3aafca
SHA512 33be7c5a456cca83bcf95975bc5db042923cfb1ad51bf7aaff5aad4e362de0a25a28c7a61ceeabb47f462dc8d32572e1dff3ba365e22b92cb6a8f671d29142ac

/data/data/com.app.hero.ui/files/__send_data_1718651061800

MD5 e104ca5a67141e7bf8334b8c3720b2fd
SHA1 24d31905f9a18dc388ab5bdff7cc88168a048554
SHA256 e2eaae3092bcc272f568a19a3c5218472169042ed9dc531ffc15339fd57e87c3
SHA512 c84be1650d938c1b09be96e009e59681f50e7ebe9ebe6ecfdc41556ec910f7e72082541b010393d5f22a2ca59f63ca66b1d8c6e7b0ddedb2e37913308b051428

/storage/emulated/0/backups/system/.confd-wal

MD5 c7ae8163ca76dc9a26ad9abfead0870d
SHA1 7bcad4b12ea7f5fb4ed7eb0223feee812d52bae2
SHA256 96bf0f0e8ba66059716e0395fc154546a8df439417d8e07649b9b2027883a31d
SHA512 521bd14cbab640326109d6e5dae9b5473bf4151752eee40e4a1ac3ec59eda801b9bbad4be119f1ebdc7ed23d79ef173e83a276d102dd03907dfa99eba095ac96

/storage/emulated/0/backups/system/.confd

MD5 20b4c5a4e7944c6575524b67929456e8
SHA1 8c00624e72d53734b11bbd36d92523e4d80ed5b1
SHA256 269e0fdb977c639320baa5a0f88db814d17c1058fe5aaffdfb723764e5029f69
SHA512 c4d54bdd070a8c6b8e8be330700b75c278cbebe6f2325337dbd958b2604b81f9d23e27a537352abf1c628e35a88818efa0c37b6b796b16619754db62f9481cfa

/data/data/com.app.hero.ui/databases/downdb-journal

MD5 17e6e94d8708832b2344bdba7e027f6f
SHA1 596dac940756777b9afa62de1b5aa79bf6af84c8
SHA256 d614efa45c33ec90527b40fa623bf9a1f2177b93a62bccf2ede968a4eeebb9e7
SHA512 a2b7361951eefe4a3c51752efb1c572714733ba8a8b1fea8e4468976a710fc2e92b52f3965130cafcf3c7fc9002020744258a8e1f8ee8eda434b5b860974137b

/data/data/com.app.hero.ui/databases/downdb

MD5 bb0b6f571c10b377b88a6ae3ab6f97ef
SHA1 6d6b2dfeb8a09b7b05849bb2580d60765337edda
SHA256 c02f88112c00742ec2ebd9ef596b41acc5a3b7dff29fbba0f3aca044ec7b9094
SHA512 70c15f99e4fa3c0100324c838f438c5333608f6e96c36291ed3fa73180754a5a7bdfd8ff93dfc485ea4dcfa5a00ab219bda260413b4ccbf7d3c340e8c2ef714f

/data/data/com.app.hero.ui/databases/downdb-wal

MD5 e9da7309168ae2d8255c3d64dbb116ec
SHA1 6088548f12a5404e43fa001c3891e9df0ac27a64
SHA256 dabd30a2beb1594558ff0234956bfca691e9e0f40ac0ab44e43bb388ef265b95
SHA512 73561f4285e3b5e7a88b4b6db612bb39460ef26dafd1ebb00ef64fb477b75b48b354f891f5abdc80eface6a3e9a0f9957d6af3fb3fc8570ffb5591e40019d518

/data/data/com.app.hero.ui/databases/recorddb-journal

MD5 682face8b62cc42fedb519d025f1b457
SHA1 d9f74ae66813345af7607e92fec6743b87767307
SHA256 cbb66052b8c96c1c10a4d89c5c5bd53d639d594485eb5a4fd06e1b65900463da
SHA512 9277978a7e9eb20ca697746a2a16341a1f02b1b19f0032866cf31a7fb2bc14a2f1af60ff4692f1b495d7084e9525eefac90efcc13ae1e2fed5cce2895e4a9005

/data/data/com.app.hero.ui/databases/recorddb

MD5 dc5748e7e4b52561ab856b6e8fe2f9a1
SHA1 72701efbef8527ae7459bfbc2b4b4877bfdb2c2b
SHA256 6570ed30812527ca9748112f9a429927c960f377495c7fc0eb807ebae1385973
SHA512 44e92fe13e74ea85665c9ee0c61f3a89bcb0dad87b40260676e145861750bb48015ec712ce89027c4faacfa29420262d36688b9d9db257876a49ab445880bf7e

/data/data/com.app.hero.ui/databases/recorddb-wal

MD5 560fa098cd0751afee1b84a5ddd5ca3f
SHA1 b02c8446a232f600c9c22041908d851c7ce8bf64
SHA256 360a2a75319d7cb12e66c05318cef6b4d0a9755af6ba7f93a1a7e0b856008308
SHA512 16e95ab59df75aa497de2b29e73f6d1514c769ca40d64ef8527e311996aab4e6aa6ff210387ff7f9dd812fce384932f7dbc36ce73313fdd12ff1737290d0e866

/storage/emulated/0/backups/system/.confd-wal

MD5 163520c1b3167f27158da2c2fa0dd0b0
SHA1 d1bb63cfd831d1406d8a9ca5cb2c6482800b1590
SHA256 e201b29feef110e5368eaedfbea9c6c8887f03a7b2a9815860ef9c6b1c0d1a34
SHA512 34ef02d700186dd7f58bf19ab67571f92be79c818d3900d26b1c54eb3d1b7eb43e5651cc5f416b9d16d08788f16b2caf0e6d6aadb1434874df71d74fc5410bf7

/storage/emulated/0/backups/system/.confd

MD5 c8d9f6eed357fb2cb6be3e51e2dd7fdf
SHA1 aaaa447672508aa2ce24dd1e1be79960543c0998
SHA256 58f3ea5acb82fb0e2f5129744513bd76516534dcd8aef3865f5edf2efb108f58
SHA512 6fc58812d8c71530cd92bc076550ecd86c93531ddaa82ee8847e3c94d59faed04dc93a93fd4541633de448193ea4e36a85059002448463d1338394b28b81509d

/storage/emulated/0/backups/system/.timestamp

MD5 60fe242c3af65ee52d385d2bd4cab719
SHA1 b126f4296f46b6794041ffe3b9b7db21dd09eaa6
SHA256 cb53205ea426c02853b2d6b85e48837d59e8641f0910998e6ca5e76590c3f2c2
SHA512 9b2fbda50d389b274b441bc43a4c79e8fec0864e3654978a38ae48530b54fbef02c5e48573cd13a7907963d3ce0b5d33ca303ddef20d259c514474bff233b75d

/data/data/com.app.hero.ui/databases/cloud_back_db-journal

MD5 d9752b20e6cd2cb298c5f5f898f36f2c
SHA1 e6a9ce10d792df45c53bd03a10589b511d84fed7
SHA256 31d0f207efc2496f30643f0b2e0ecc4abac2ab08148fc824536635f707122790
SHA512 56b8e2c86d731ac25158f783baa9e5f054f386c5a91c8c90b30a04e48aa69f4f6524f2f54a80fc5d0d143e9801b4c994856840cafeec245e339663b13ff23644

/data/data/com.app.hero.ui/databases/cloud_back_db

MD5 62d7567a29a28a238f05d098892586f0
SHA1 e361690d9ffda39a0d4f19e57b1e3e78c9753875
SHA256 7cbcc194cf50350069d1796f90d97720b121280ff6615b27f3617ca1616b95a7
SHA512 ee78cb007b7111a2d57a10a698d7a0427d475f37bf421b8497770ef00513444814a1d5f3fc68786702c7ccf7138bdbad2687984cf010b90dd7b2e66d8cebeac3

/storage/emulated/0/backups/system/.confd-wal

MD5 66a9fcb42c854f02b423ac0f942181e1
SHA1 d0d5a12a59234375c6137b5f2e356988fcb5aeab
SHA256 b82cf42e8a24e9993a8d1e030f0abfa96ce8ed07ecb59b42edb92db2957eecdd
SHA512 890edea1a6510c146de95136f354df21929fe99bb945566caa24982643032050fb75ed85b7f8c320254403045b9dbb192902ff747b592eb2242e05c0ed2b023b

/data/data/com.app.hero.ui/databases/cloud_back_db-wal

MD5 4b84c983ba3c9434ecdb9e04319700b7
SHA1 466ae614b610db3b74a27894d49123486a7ae517
SHA256 39f9b6907f41f2035d0e63ba1bbd6abe53ebc0144b0079f27cf46bfe43a83541
SHA512 8a6da16b4c11418cf1f0ddc69097cabbb7fcbf0cd2712d6bb7103402b9b19ac1521571330604af7e7a8f6b290ddf11d95dac9916b1eb8c58085da3a8e822557e

/storage/emulated/0/backups/system/.confd

MD5 c6d772345556c235773720c8b73819aa
SHA1 6c6b621afa4d400403b9db1a3a10491c9feafdc7
SHA256 a2e9510d98719db51a753bf13f823caadb421266926866528a57c96dade8bb1d
SHA512 6957e24c7ebcc384f35b1fa165b2a8f1d50093cd62a6f4e3ef73c5fe2b5b71c925f0a3725bb25f5be8f23a737235fd7434ce2ce34e9df74fefaa50d0250bb49f

/storage/emulated/0/backups/system/.timestamp

MD5 22f014d76b1e7fa7e63d457981fe3a02
SHA1 cf87194754b64542ad425d0685410e6316c914a7
SHA256 7ae8f527a40049c191f79405a1d71ce7baa7b2cee1819c922a8cd597e324745a
SHA512 3ae84bc61d968c7c346789b9f8fd66b2942c7294aac1e8a397cf8156bdf0413933bebffd062aa0c4484c7cb46eab25502c3878d0027d4fae57b1918ee20b0d5a

/storage/emulated/0/backups/system/.confd-wal

MD5 8f5d0af16aedd995449569dfb71d71f7
SHA1 a42e1663fcab4ba2a77bb178a82cf4d93c5bdcad
SHA256 ffb8f5904928f5b3b591e2c589705aa5c6dac387cb8cc6f3d00d4ff17b4da35a
SHA512 1f0008dd57470e7650a062fb65a7a452abda196691025846f00e650e1ace802e9c0d2c5b14c6e5859f71aa3813e03a3ef3b58ddacf5e95a1f59383c59772c3c9

/storage/emulated/0/backups/system/.confd

MD5 d1b2796fda6e45e06fb56ba8d1c57569
SHA1 6f2054c42b38b7845b1c0e5caa05df3ce1bcb8a5
SHA256 013b85f63a9202ba39c2f72e4eafc73029f0ed52783aceebd61d44c98ac5e57c
SHA512 ec0c3e4dbc7fec3e8d366609bb90c147d089c4ae39c1493263aaabb87de9f6651138d35d0fc201218a58d710f41ef3dd277d94decf4b22c2619e80f217831703

/data/data/com.app.hero.ui/cache/ads8820418696143585467.jar

MD5 030f79e160dd93acc424e00ca3b1574f
SHA1 6c67ca0369bd381d6426dc642d731ad3a14df2cd
SHA256 c9015ed1e8436b145f069d37608b035e7ddc981c55a70385aeaf3c7e90c1c2bc
SHA512 d6f8d6f7cc5943a6e1bf8d2d9504494561658642d36dbab75cb294944f2e5eea20ce2f00425c2100e50af97f687b9e7e4c61d72625e58427df862aa94c6f586b

/data/user/0/com.app.hero.ui/cache/ads8820418696143585467.jar

MD5 12670a32ad1380c9021a9e74aa5f2281
SHA1 7e8caf0c7a4d78452efb90958e8ce1aae5148e44
SHA256 f3c142f78cadcb57d7da3d8e4dc5f8c7b05377417c639059910696c844afc1f9
SHA512 1277dde373cab02d5df62732834adb79f8dbf1d1a9ac56b5b348e354317fadc24fe20b5ebdd1ecc28f8fc98dcdff807d2839bef75ef7d871e976e68a95851b06

/storage/emulated/0/backups/system/.confd-wal

MD5 4b45c150de105da917af463d7fa3e524
SHA1 72b74b7f06e61d0fb034cddefc70ede0606c031f
SHA256 6f5f4e374b4e261524d25059c7d4c10cec859b63b124b182b123a92f9cb23845
SHA512 ee6aa2d756fa60e1f22a7be0aa1981d66b65d0f94445b6e9f0a83cfcb6236be8e2cc2daa0417f8cefa33218c32b34b64ff8a0099a958e9df3aa66fc7668e2ac0

/storage/emulated/0/backups/system/.timestamp

MD5 5a5b00d8953c02c4d586b2f965350554
SHA1 552fdc44fc5819b702911cb1edddbd27e5021bdf
SHA256 791438d8f763c9a527908dd5786c598d848670d3f00bec951ff1523494d0347b
SHA512 8cb5f6f3a22ba1433f318c6093b4e2f6cded2cfbe3622d7c8e45418fa78b7fda4bf968bca39a842a5f8df37204be3c0ff9df06ce0598c4e125b4854f8f79e6cb

/storage/emulated/0/backups/system/.confd-wal

MD5 5a1f600ffe2ae342e294506d0ec3a60f
SHA1 1cdaa04a1bab23a279c4a85a2bc12c82158dd798
SHA256 26a21c7c1fbbdf64f5bdd823289cacac1f87ea302641f4ef19cea4f399e7d8f2
SHA512 7d3de395b6da7af58a29755af7ed803f53530ba65901fba177833fdb98ada602df3368105037c3527768420e41c7afb3950ed1f74615e182f44b453d7a2e9aa9

/storage/emulated/0/backups/system/.confd-wal

MD5 36cd19c44313f87ba6bb2d767afe37e0
SHA1 ffb00b94f96c737e95c579c9199b43c9cfdcef77
SHA256 52de42761435c02e86dfa7d5994bf18df6a1c915d60851bc52ee4d446564f5ff
SHA512 5ae191fd3aa01f209252fe470487b159e4db1bc94806929e3d64eca0f5620d851dc7534f54d42bc16fde0be71fe8d617e08be732cae9b48ce4f90c5e938723ec

/storage/emulated/0/backups/system/.timestamp

MD5 6b6bbf0736002c1d1ff12ca44139eb8e
SHA1 2a29c61f4c0902758b16742eec626c5254bc58a3
SHA256 f5c6f4f262252d1385dae8545c254ae2e38bf5746c0af63c5d001319138b2051
SHA512 57d83247acb1bc3939e9456a501fd36bfc2aa6a2da6d37a5a04fbfe462879794ef8cb312abfc6785445c1d261a784c0b42c9db90a722f858833d3f4e7cd8d9dc