Malware Analysis Report

2025-01-06 09:26

Sample ID 240601-fxqhnsbf99
Target 8973ff10987999d41286db2876f2ec6e_JaffaCakes118
SHA256 1632f869be61b631f689bb903d48ca068113d500b68d897812705e5ca470142b
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

1632f869be61b631f689bb903d48ca068113d500b68d897812705e5ca470142b

Threat Level: Likely malicious

The file 8973ff10987999d41286db2876f2ec6e_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks if the internet connection is available

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 05:15

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 05:15

Reported

2024-06-01 05:19

Platform

android-x86-arm-20240514-en

Max time kernel

167s

Max time network

184s

Command Line

com.chinazyjr.creditloan

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.chinazyjr.creditloan

com.chinazyjr.creditloan:pushservice

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.201.98:443 tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp

Files

/data/data/com.chinazyjr.creditloan/databases/message.db-journal

MD5 4f6e03066f5f243a9421490ec8f00f2a
SHA1 1451d95b79bcf52a8a75bfe9e64d821a09b18665
SHA256 52cd351dad3e04652f7b19790f2038b7a608d7d3332c201802193ab433a5a78c
SHA512 e3294d06d4f51af1d49ff40b7dcb4f3071c14c9fef0cf8555e4ce2fe413453cc8d05f614f1675fe58984b4fe4453a31e77bbab5e906c03bd07cb9a4bc9024c97

/data/data/com.chinazyjr.creditloan/databases/message.db

MD5 1325bdfdae861f162cde6b0f2f117860
SHA1 66785543edff1e0d2165c87ac7894bd0e78e771b
SHA256 27d048ee36fdd3e660b6076dba2cbf75a667aa22c1549bc4d55115fa63e04661
SHA512 8626f5136686648b12db73c56bc93017af55dce80dac6bd6dfb6b7a2fece44536aa55ee736ea8c5c80136055108d5bb9a290e088b350bb964a3c4847836d277e

/data/data/com.chinazyjr.creditloan/databases/message.db-shm

MD5 1c4274aa7a9a5cac8c6d1df71e4588c6
SHA1 abaecd685e01cc68801292e3dc7085654a22feba
SHA256 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA512 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

/data/data/com.chinazyjr.creditloan/databases/message.db-wal

MD5 ddb1f32ed465b41d207b6c6410713460
SHA1 63d8abac77851c1f0bab901551229747b50b4592
SHA256 a2d283b7703746610941b6be3a6648aafe39e2ac46d32606e6a06411e3f81e98
SHA512 d7bacd0e02480a840ce3d97a6793f13c2c83cfde77c01e48c3967ba9a7a790b6f17278851ad3adf8e1088d1a036c5f8196e164b3ca8a4f22bfff1eea1037ddc8

/data/data/com.chinazyjr.creditloan/files/libcuid.so

MD5 5d2c37a93982a68c534200d962c12527
SHA1 17628d43c0427df60994bd135d7aa04f68926624
SHA256 69245df0e240d85c588ce143ba98dbca48cb813a6c6a074ee2b613919ea091ff
SHA512 80a490e5b7124df3673b8d280ae0b423ea1cc766f2691cb6178fcc4ccd269719b4b0526f367ea35a49d1a1286dfa4b70a8bd85a60fbb748d23866c405299d107

/storage/emulated/0/backups/.SystemConfig/.cuid2

MD5 17b760c98ef22b5174d1c12956576843
SHA1 bcee3ab31392ff2045bae75c8ea21a39c0ca1937
SHA256 a5214051824f797d773e14833fccb238d99d86aee53472d5a0114d24b9c79c52
SHA512 fbde7b638536ce9b8f2336ea18c2e9139a3283db8d9714394d063db111d28c8bbc961abbaa7e17aafc8b70b33f71bb917280a78a5de71bb21298b46cefeaf040

/data/data/com.chinazyjr.creditloan/databases/cc/cc.db-journal

MD5 f393a72a45892c79907d298b9641146f
SHA1 e70550a78a77ec5a23e2a5e61ce9b6c316378dbe
SHA256 cd551402b68bdf3552b7784783ac30a9460a8c784c871fa942a72055c5319e38
SHA512 6c23cb3bfe979e5c903ae9be8559dfbde7ebf643bb6fe725d4a6b2b754c3e60a1b11e4c4f3b39e2b32fc65561d9ac02d9d53c906df11ffadb56a98ddd0640708

/data/data/com.chinazyjr.creditloan/databases/cc/cc.db

MD5 d422883e4047fbd3fc0c03fab6719b53
SHA1 b43b28d5c2f95374347a1f4923cb342ecf2ce2f7
SHA256 b416f5aa42a8aa5ff34bba8ca829b3146be1e5c10f8bc040be3e633ef28bd6ef
SHA512 15a6f413433f942c4e8c58ac7aea7ba1a64215c2f75a3d9e0610262d4ddb3ae75e2753321d442bfa177bf63c9b62e3b8a167d36d237e5237c154f669f44376f8

/data/data/com.chinazyjr.creditloan/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.chinazyjr.creditloan/databases/cc/cc.db-wal

MD5 f68ece680d3024019d49c7ad56118854
SHA1 6830ad33af51a6e408cd3569ffdbd39ba65fdec3
SHA256 7359bbf71901c344a9deebd80e1503d2eadd6b8c4dfca9666e91be10f4073f6b
SHA512 0074d083306807624b40ba676d9a130eb1d9b2d44eb26a9685c9d7b4e66524de815b78df85b6ee94d1f107c0eebd8bc6188912bfe72bbec228b0fdc74be3e6c1

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 026e5e2f5596e7b2b256391ef9afbf64
SHA1 f19bac13ca4394a73326eecbf56695e534bd8ecf
SHA256 a2b94fb632c5ea707eec302d53902da0705cb9a1880b70001d211768af172023
SHA512 9f382e04c05802ab338bfcfa3ea5e92dd3c038e8c73a279f16014e05b1f3dac80ec99c3af4e0474e4d1a0b7b488e6c493f608d298bbbb7f3548b1e3b12391fc7

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 5ad0e610109787befa9f4300cbea0ae0
SHA1 961d00aab5d102a67d26209d9f5e222c8d55906e
SHA256 fcb6bfba08a0bef0bd35638d2cf5653dba44724ddf0473f5633c960c53efdef0
SHA512 007ceea294f06f237a0da760cea3c3fff20b0cc443ee0b3b28cff8b629b1e337c7e49aec4927c585d223b0957cdad75f0d7d8ea570044745a69c3fdac0de6d5a

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 26424353ffec412cfa32b4d3850930b9
SHA1 d265c75b0e9286a89dda76284ab6e0364f466b70
SHA256 08e93c03744625bf1049db18867234085f59353984651ce6fb1000db7f90ee55
SHA512 079d3884899b9c721b0c4d8fac91375e8adc93832b2d2ecd106732f5308dfef5442ffdd22fc79ab4a2253caa5adcfef0c8698bf5cf352af5d728dc4bfc50467a

/data/data/com.chinazyjr.creditloan/files/umeng_it.cache

MD5 7780491c0a902bfcbc5ffb45a717acf7
SHA1 7f3c14597f101c0a804b4b4026acf546d59ce29e
SHA256 8fd799447077e8456127a54f12f66bc7bfc1489b23830234a02a3ae8b2d237e5
SHA512 4d2add00366efb67a1c9472a7bd910d3bd740041825248bf0e1677964152402b8fde1a4c07cf0b0df1bed0c944e91831aa37c9e82b04b92004704fde30dc641c

/data/data/com.chinazyjr.creditloan/files/.umeng/exchangeIdentity.json

MD5 ff90399ed80ee58ece32fc2505530d73
SHA1 b9a5ed5910b293a83dc1b40ce3b47f873d881b09
SHA256 3020bd1055675370521fb81bbd684dd844e5ece5e28b638416b4d68a62e22f4d
SHA512 92d58d3ce1409c396802c5146d1ca1582b0fa01a245467971145c99f7838541ddc4859206e7e7e0a975fa0ceb1401677f9091c592705479c4f4449838c2b413e

/data/data/com.chinazyjr.creditloan/databases/cc/cc.db-wal

MD5 b2e7bba5965d720c82f7133c062d3992
SHA1 2d93b43c94bffb462b480b39b0c3fff181b87f4b
SHA256 1707ea098bcc00526618ac76a199c3dc0fbad89c3425680f2c31e58cb01e2726
SHA512 f76d62596f6229ad3afe272d7b7e04513775cbbda4e59b8c5f85415bee2d66420f06c1541f41f1c167aaaebbf198efa904be38bf47357c98627e306b81978ed4

/data/data/com.chinazyjr.creditloan/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.chinazyjr.creditloan/files/.um/um_cache_1717219055389.env

MD5 ad9a7689fd856a5ab959eb5a59f35d36
SHA1 5639fef3313173dced65d3b816f8d939e39df83b
SHA256 2a307e2940bcbaa9127861cdc59e73930649134d0d4fdbd045deeff3fcc16abd
SHA512 e60f6f8bcdc282503b0712073574868c69edaf6d7a1a54d6001026a68ee7e4fc9dfbddd69b98d8be1d3eea8fce020b4f7bb217c8fa22c66eaf20de7724459052

/data/data/com.chinazyjr.creditloan/files/mobclick_agent_cached_com.chinazyjr.creditloan14

MD5 f0e4e654a6f51470e3cbbce4f87f7545
SHA1 7a86582748b39ab92301956e540bc3274c6dfb21
SHA256 514d178c81bc015504b24be6ce8751fb45935b2694aa7b2f52e79ebc87ac0f28
SHA512 df8410e8756659bcc8040cefb5e2cfac307de5ecba1828b9d00f6959f08b4f37b1df1af81d91c9a8a398f5d2173025c18fb7905c3b3fdd248268c826bf9cddd5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 05:15

Reported

2024-06-01 05:19

Platform

android-x64-20240514-en

Max time kernel

177s

Max time network

181s

Command Line

com.chinazyjr.creditloan

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.chinazyjr.creditloan

com.chinazyjr.creditloan:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.2:443 tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp

Files

/data/data/com.chinazyjr.creditloan/databases/message.db-journal

MD5 bd0aa4903b9ed62f2a1eabff0d3e5547
SHA1 a5a88544486dcb43bbf1a6d4e27229fb655deb1c
SHA256 c3f5470fff782acc1f78f6dde5b77ffd32c779a78c69e95addc6f74e22e3507b
SHA512 7662b201eebcb52c80d63ba93da697d75b12338e55f5837f8ae196e4d786c2d30423e221bb38994ac72f2dfd6ec3fa4f8e6a1f9a2a5247c88f3a2bb634b310a4

/data/data/com.chinazyjr.creditloan/databases/message.db

MD5 3fcb6b4c4e9a61af883b69aa1612eb9a
SHA1 45460d94573559ff048ef77590ecf6cceff955fa
SHA256 5ad0ec4b6abee549f29dd8d74169023e30ab7e87db8ccd5d706a0b73d8e8289e
SHA512 09880f7cb41e563c829ea34979feb80bf2db0a1431b60d60de13a12a5de440c26ac4943ea2c23ef9a1dfb9637865abc7be23e59d2d0869a79fa50d15d81645e7

/data/data/com.chinazyjr.creditloan/databases/message.db-journal

MD5 0d23ac96c98114eb64a1b543e5616898
SHA1 19e13c5d5b9ffc5f18ecd0525e633369f4e083d8
SHA256 cfe71996161ff8d2f6ae090e22631dffe2606a0149ced477f652167e13c66ab8
SHA512 331842fdbe086f84628e68525e3a40a240950128bbc5f29630054fb8391a92accd6cf558ab3657c941bbf781df6466c8e3875e5c1a1e450b8a2cf04ab1fffa77

/data/data/com.chinazyjr.creditloan/databases/message.db-journal

MD5 56afd222d4acba2a1dd483207a86fa15
SHA1 393bf9e41cb475f979281a56357d19fab83c1f18
SHA256 5c5d7eff877b6d62c26b0da2a2129f114372f9610c71ee3b671e3e8d9060b650
SHA512 8569e60b39defc6d32f73bb40f5c9b88772e902dfa43b9b79b6259fdba57f5330629902c70a58d12bfde9e84cf62fa7b1d2d6f77f520858bc15f32dd58d62978

/data/data/com.chinazyjr.creditloan/databases/message.db-journal

MD5 7d88b20a1d9013111232fa95bf13844c
SHA1 1b7aa99329248b6ca4b24a8646e9dc2d7764c780
SHA256 5f6a4a53525f113e8c1f249b497badd35f79a2ccaa8908306850a6820c49ca54
SHA512 412e748761b66b0a0b11de89d58c10cb519a4209d726a197f8ab82771701cce2207f84c57ce4a50d2eeccc93edf5276ee826974b087d30deff0ca93e0ae42947

/data/data/com.chinazyjr.creditloan/files/libcuid.so

MD5 28c21bee9261b543ce28fff708215480
SHA1 a244e9da24fe33dc2f552309b4f5f33c8a416c4c
SHA256 5464aae2e33f81a6f3e965d9f245483544b6d02117fa713e185e216b6dd5e454
SHA512 49dbd07b9f0376f6a2873940e6350ec2c5e927b0e7ec1f9597050f0d327ab3cff157ed96d21baef5e6e1d447877ab50fb10c383f4553ed187d8fb616746c2fc8

/storage/emulated/0/backups/.SystemConfig/.cuid2

MD5 502bdfde6c0536556c176ed5933fe0e4
SHA1 1a0f967db3b9e276a7fb20907149813fc4d3c8b1
SHA256 782d4a8b1755b6e64dcf74818d94b30098f1e9f0d973ff59239e39326cabb486
SHA512 52481a48b6693a87b59f14bdf34bf1fb542656fde27a31c0e6e90293a3fd8d03b2b217f0db91a764b3373294c01140e15601722df63567f01e00e4be3926ec19

/data/data/com.chinazyjr.creditloan/databases/cc/cc.db-journal

MD5 ef5c9c90b5b331d29d37bfe0bb4649ff
SHA1 f71ef9a013b58cb725e421a3b4fefc0f8b9a0b67
SHA256 4a9302b8ab5b83629d13dbdd3fe789d8b6ee64389fab1ed9ab1b1b9f2dd6cd62
SHA512 e9145b5c5a1653718eef8a48543253e6008a3ef1e12995e62a8ed5daf6db2cbe06c0772ade43eed65a4f0459df5dee73838ac1bb201fed5e3698b18af3b03012

/data/data/com.chinazyjr.creditloan/databases/cc/cc.db

MD5 997b976be3ad1d6f16d7930e9fe1839a
SHA1 b13289720118d2bc799137c8a491c169606b060d
SHA256 22c5244a902e62ec58bd8356e929c18940d7293e9b54deb58a82bf6a1967edeb
SHA512 526eb04bac9e3a491aa6b2c03ade05c5abd2b7bf46888065950b0fe8887c46c2717f157f2c4e07fd6fbd093d4322d8ffd9d36d9f163404307cb949efedcd83ce

/data/data/com.chinazyjr.creditloan/databases/cc/cc.db-journal

MD5 c8079c86dbf0dbe643441d6f20c383f2
SHA1 18c14295d312097ecf81594fc18f96e00328e688
SHA256 d850423799eebf638182944f1c40ad6ff4901156ddaa01de4c635d5a46da839f
SHA512 ea06048029d8811de720bcdfa131b2177b21fd95a54d013af826ae775c0a7a4912444ec4195749a929efaae2743727d6453300e31dbbd8ce6b71ce7bcf84a561

/data/data/com.chinazyjr.creditloan/databases/cc/cc.db-journal

MD5 649e457fe7163f67a8bbdbe6dc8bf2a1
SHA1 3fb31ca60b032316db8bfcf6362179b83d5fca80
SHA256 29d20e4149d5136b2aff298a9e82569f71e5002713dfa335b7762e4e4a0c63a4
SHA512 4155b9c17d66e6b9582e610709837ba2cca53e68f2e68f06e50d245aad646a9bbb767853c70e42262359a7b8e3c895102f042bee62a6f8b9756291240a67d65f

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 6225ac5f1d49c9032899dbeb21d87951
SHA1 fe4dfcca6190a383ceb5eb72b108728853ab6fb0
SHA256 2f1feb6cd60f106d6959c62227f61f78cf376b89e8f3a8eb9486e572b4de96bd
SHA512 92de7a7739a93f40bebc658a730f735c2c5a4f22c76c604ee43372b06cbd469a2e15ba058348d1368cddfc63573b9f95d9a6540470b32b646d6214aa8d9d24a0

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 f244514a2a54d2a74d0f27ff567672e0
SHA1 77d853e5b4461f63e364205712042b3297cf883b
SHA256 626b35379ec2ceb03e03fe1fe9b8508a4e964ee0ab99b3537f553791f307871b
SHA512 c0ccdc5fe7906143f23372abb29c392c26017f6aa7a9b7a1358915f6569eea8778a193db1c3f51037c188d7123b96cbaa15f3a8f95193cd4564dfab471d5c3e8

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 b63b702eef384bf0fa2896f9c429f8f9
SHA1 3563b3bf6c89127d2e7ee068f3eafff4c4a147c2
SHA256 dd9a0ba636e6cb9b252ee72d3c581bcb11f6f4dec099f7f6c3854f08dc0a0eed
SHA512 2b6925fabd5772f9b5ae3693ccd386bb4e0527c4fbd7be72c9d633eb5bbc12317812b356a2d59cfc46c510b4406d99523a3286dd6a2db892f543e1d59c61a641

/data/data/com.chinazyjr.creditloan/files/umeng_it.cache

MD5 354670ab4aeae26670c2fc1a29f9f0f9
SHA1 038cfac9de0dd60ed4d9b8a0d94cde8e90906432
SHA256 a8fba6e4e9f10090497f9b38783c1bd237e971a7e5ebff90fe521b0bafda25f9
SHA512 431ca29a01bb2eb83e8c8ff4593ed1f2ab3e2a03d78efff924c2e3eb31a11491b8b7a5ba7fc572056de73a72495901450cfd6ee6ee9d7b3ccc09e026ff1808fa

/data/data/com.chinazyjr.creditloan/files/.umeng/exchangeIdentity.json

MD5 bf33ce8a6c4eb026ac017f8c58fa4177
SHA1 0157eb61655dd859f8e3ec8049dd21acbc5b862a
SHA256 920dec00df82fe021cb5339a9c30850d84b6801bef4b71536f966e432019082a
SHA512 bc565f0944136e6a3716b4261bd49230c56ae23034261d879d44a97fb0ec98e4d06176d92300d0c81dd90ef655a05e1f0139d519e20893552b31699421bf5847

/data/data/com.chinazyjr.creditloan/databases/cc/cc.db-journal

MD5 23f11c9b4502b6971f8a3117e36a1e4b
SHA1 88a0eadb580307a743656c4350d81608d4f69ee8
SHA256 5068e546bd59c779f1d7b579f1ffd62691c33e5ca934db87e292ed9500238726
SHA512 92e3d541d25cec2b0c214280b475690ac9aa257131afa1e32dabe5b9c8ab2dce4664b4dede8f71408c5e6282717ca3f32d9a0383529fac3dab1ac6af012c4d06

/data/data/com.chinazyjr.creditloan/databases/cc/cc.db

MD5 67c12933d1e0e63d9801a6aa43092ce7
SHA1 b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256 abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512 db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

/data/data/com.chinazyjr.creditloan/databases/cc/cc.db-journal

MD5 28f1197f0c81c9e176a7928520a2f694
SHA1 a9815293dc6284fbec84a579485b4873a15749a6
SHA256 c213a37ba9d252fbffb48d77162631c29b47dfdcdc1dd96f3ee7645c390dc9f9
SHA512 a2a51e8489a9cc81b18e8c07985983ab5f7fbe9cb197fe3b8dac20c473f1a7b648ee245fcb429f4e4831d47183147222c6cb45ba508b88f03f049bcbbd2d8a71

/data/data/com.chinazyjr.creditloan/databases/cc/cc.db-journal

MD5 9acbbcce46b1dedb817428876ef9cda6
SHA1 b95aad3f07f8a794e5a4457a763f5b35b98f818d
SHA256 772bbf61155a30101acd93afad9298a9920726cb776ee3b35b4541756736a546
SHA512 4272618feb4548f820e0cd7eb1462e5394613ce772afb0349b7803c1113a0c719ee0e465f68a3ed46f9539ed1bf2f25afff74eb28e4b814591b9a28e8c5eb8e6

/data/data/com.chinazyjr.creditloan/files/.um/um_cache_1717219057364.env

MD5 741efa15fd68abf911ce4ba21ea69a6e
SHA1 eb3200db15a588e9c04d01a0a47423b846a8dddd
SHA256 eef06c8589735d76c42e997c08f96eb240119fc5b17ebb0093ab4f2d90168246
SHA512 6a4d7c855b676b83c50a93ef2f0ac13f076c296ded7833f390c7127141fdfce6c6c7a8e79d01a7878ae333ce962eb16473a5aca9477909f41d5e314ff9945749

/data/data/com.chinazyjr.creditloan/files/mobclick_agent_cached_com.chinazyjr.creditloan14

MD5 8832a1fbee9b2231fed269f7d92bd80e
SHA1 ddda76aac24b86d346d84e4c678c80f829b91ed4
SHA256 ad40bcc3b9c253ac151a873f9aad8a7ada80403565337851ea823f3d46a6c7a7
SHA512 2238f38461b252746c9e6ab71c7f42a23cb8ee97c2fa90aad4547f37c73116a0a1f137533866a3925e73c1aa8cae7e627dbba14904ba629583894afdc55d4af9