Malware Analysis Report

2024-10-19 11:54

Sample ID 240612-mlb98svdpr
Target a0562e908bd461c881aa5604a9931df9_JaffaCakes118
SHA256 6ca121b27a51f9a7b84b1ac82f060187ea7fcc7d9c84ef6dc7edc63ccacb4a7f
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

6ca121b27a51f9a7b84b1ac82f060187ea7fcc7d9c84ef6dc7edc63ccacb4a7f

Threat Level: Shows suspicious behavior

The file a0562e908bd461c881aa5604a9931df9_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Reads the content of SMS inbox messages.

Requests cell location

Loads dropped Dex/Jar

Reads the content of the SMS messages.

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 10:32

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 10:32

Reported

2024-06-12 10:36

Platform

android-x86-arm-20240611.1-en

Max time kernel

35s

Max time network

174s

Command Line

com.zke.ofakdv

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.zke.ofakdv/files/xu/hntOHuAJ.jar N/A N/A
N/A /data/user/0/com.zke.ofakdv/files/xu/hntOHuAJ.jar N/A N/A
N/A /data/user/0/com.zke.ofakdv/files/Pdd.apk N/A N/A
N/A /data/user/0/com.zke.ofakdv/files/Pdd.apk N/A N/A
N/A /data/user/0/com.zke.ofakdv/app_dex/utopay.jar N/A N/A
N/A /data/user/0/com.zke.ofakdv/app_dex/utopay.jar N/A N/A
N/A /data/user/0/com.zke.ofakdv/files/yl_plugin.apk N/A N/A
N/A /data/user/0/com.zke.ofakdv/files/yl_plugin.apk N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Reads the content of SMS inbox messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/inbox N/A N/A

Reads the content of the SMS messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/ N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.zke.ofakdv

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zke.ofakdv/files/xu/hntOHuAJ.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.zke.ofakdv/files/xu/oat/x86/hntOHuAJ.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zke.ofakdv/files/Pdd.apk --output-vdex-fd=60 --oat-fd=65 --oat-location=/data/user/0/com.zke.ofakdv/files/oat/x86/Pdd.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zke.ofakdv/app_dex/utopay.jar --output-vdex-fd=74 --oat-fd=75 --oat-location=/data/user/0/com.zke.ofakdv/app_dex/oat/x86/utopay.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zke.ofakdv/files/yl_plugin.apk --output-vdex-fd=76 --oat-fd=73 --oat-location=/data/user/0/com.zke.ofakdv/files/oat/x86/yl_plugin.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 app.jtmtht.com udp
US 107.178.223.183:89 app.jtmtht.com tcp
US 107.178.223.183:89 app.jtmtht.com tcp
US 107.178.223.183:89 app.jtmtht.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 107.178.223.183:89 app.jtmtht.com tcp
US 107.178.223.183:89 app.jtmtht.com tcp
US 107.178.223.183:89 app.jtmtht.com tcp
CN 120.55.89.238:8977 tcp
US 1.1.1.1:53 sdk.qipagame.cn udp
US 1.1.1.1:53 xiafa.hamofo.com udp
US 1.1.1.1:53 jx.hamofo.com udp
CN 120.55.89.238:8977 tcp
US 1.1.1.1:53 passport.migu.cn udp
US 1.1.1.1:53 zyin.bjmcmj.cn udp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 116.62.54.183:9004 tcp
US 1.1.1.1:53 pay.91mgame.com udp
US 1.1.1.1:53 vpay.api.eerichina.com udp
CN 115.159.152.136:8090 tcp
US 107.178.223.183:89 app.jtmtht.com tcp
CN 47.114.40.15:80 pay.91mgame.com tcp
US 1.1.1.1:53 v3.utopay.cn udp
CN 116.62.54.183:9004 tcp
US 107.178.223.183:89 app.jtmtht.com tcp

Files

/data/data/com.zke.ofakdv/files/xu/hntOHuAJ.jar

MD5 bce637b6769c57d511e9d7f9927c8421
SHA1 76b784ebf5ec739e5860611eae7af270b05b79b3
SHA256 380fd3d06bbc9ce926aa4f6fabc8e834f93d1f93469c933db78ca72423199123
SHA512 18c347cdd53e919b6202afb998b4ce9104835ff866d1b140e166f88ad312df17be0440e25ceeb0862336b150dc64095789e312aa579c165e077478fb0d7b912d

/data/user/0/com.zke.ofakdv/files/xu/hntOHuAJ.jar

MD5 5087284b2c59a2df8c2f6c61d24497e3
SHA1 3805290096bdb822e2d694e264dca90302b79e8d
SHA256 df95c902513c3744ad209e102d1f9e0cd2b2d43d482b1bf6446422301ce12743
SHA512 6bd901b7764827e9ac3023550a6bf83319b5570323d2af6588b1260b82cb63a7da4b4cd122eb4708046f6dcee20dfa755d182ac9836f44f1cc32140e4195d7f4

/data/user/0/com.zke.ofakdv/files/xu/hntOHuAJ.jar

MD5 0b0387b81476090a284f7105fba4129b
SHA1 8720d05f70aacd247f5bfa83b8601b54a04beb66
SHA256 b9871fb8bd0d9b91b2b058da7b73f5904f176a8bae7fcfd812f4774545a8fa5b
SHA512 16bc1361f347135364d20162973305375b62166491dda427efcbdd84ab682b32c891c8e23a7aa6b3a2a25a96e9d6c6155d8322ac0b515b717210ed2720e7d4a5

/data/data/com.zke.ofakdv/files/Pdd.apk

MD5 e8fbf92c750dbd6fb316be82a6b7b7ae
SHA1 2a6ae9568698807cacc8cf4349556446c996b136
SHA256 2a3cb93d0ca14a1d0b0820c2a26df502a461fb2546ef4587524087c130553f10
SHA512 7848191878b5b8ba2d5020c7be953e70ccc4d392d29e400a65a57cd3731604933125de1d81b3732d251b3450fd4766a814ccd01f3975beda2499a9ba585a26e0

/data/user/0/com.zke.ofakdv/files/Pdd.apk

MD5 a4237ef36f11c2db307f6d9701da0062
SHA1 5d11008a4b9275034db8904e538f7115a429ef0d
SHA256 32f697f7444c79efe23be55fdcdab52c8e6f5cd43474cd1735602675feb5639e
SHA512 6921b3cbb4e6a062eb9408c06e46e6d6cd7554f6e485b8f6275d8df3b7a8d23b26220c0cb979d3fe919fb6622d5d49160769b0567eebe61488cc4c7708f3b34d

/data/user/0/com.zke.ofakdv/files/Pdd.apk

MD5 b91783059376e2bebfd7c24802289350
SHA1 9e0f855404908f993a3beb146e7a4e83789674bd
SHA256 46245d65e1d96038918f77ed8412bcde6a72b513c94a72369a751251f568e73c
SHA512 c50af3f34a519fdb34aa9be70128c55c57df169f8112887f17f9dece581a15cd9b6702939ee4f77370bb33a5d2fe449610c42e699008d4233344d406c3563f30

/data/data/com.zke.ofakdv/databases/wochi_v4.db-journal

MD5 04083a08573134f7158f5e031d262530
SHA1 9b67f709002a51d26b29cbfb17cac00ed9b9ef42
SHA256 afa0d5d791084baa6c6633540ee593f3e880f42b83a79e64d12f5b542c4fbcfd
SHA512 239db34b539afb68b922ce753fbed571591656772c38c43323516235523e5a6c892227789175065dddee529b36aec67a07cb598a31e7bd95b2d884e847bcafa7

/data/data/com.zke.ofakdv/databases/wochi_v4.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.zke.ofakdv/databases/wochi_v4.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.zke.ofakdv/databases/wochi_v4.db-wal

MD5 7794915e5f77a37f8343761581411139
SHA1 9258e6c50b8c29694d6fdfd935a9b2e6617ae099
SHA256 6bc5790b6f015b620b5d5e7e9bf723913c25bf06f40d989f9f137f36de4096b5
SHA512 230a9630c89f7d682c3a8d0eca77b13b7f03f5d0cc7219df4d3210d1648e4b78fdc5ef76c14c07efe071fe54354a97c418d81d276b0f6d446be48239da4ae507

/data/data/com.zke.ofakdv/app_dex/utopay.jar

MD5 eb6089c1acfa9f12535e533aebee845e
SHA1 165e39ee07dcd9ed00fc2dc1ff466bc1d6b813c9
SHA256 b825cde84e3dddfc147c71265d2259c422d51a7e56d1dcdba1321e3119b1df07
SHA512 5b1bc26bcbcf05fc331865fb4dd572b673a52650d68ab4d9b028ea15219e0d93c1ec17996953436801913388d78e25c67ea33aa93544d65e96a799eb06cc70f5

/data/data/com.zke.ofakdv/files/log.dat

MD5 ff9229f8e7c92d44d48e25206d43b021
SHA1 be3d75050c16c5b7484652ba292fdd6510f205d3
SHA256 77fc3599be409f7e73e643de843c0ebcfa20662964c498fc59e245c7f5e003a2
SHA512 be7b3aa8d670a2873c6b7bfd4ca93121fd2450723cbbc36d9d06d152fafa3ce90451f0a60ab56bc96bccb81cf5aae0167b404073db14dc17b9513ac73d455c58

/data/user/0/com.zke.ofakdv/app_dex/utopay.jar

MD5 5220524411d0bacd600da60814d1ee9f
SHA1 fef7210ff44e757328bc0ff7aae7bb2191cbf634
SHA256 6286a800597b845785eb664710253ebd20771737dddd5b80067e0e9d37c804b2
SHA512 b2d8af5019c176d682634747d83320e609fb6122ef850f4069a0c78c2415d242087099cf60ecb03039a9ab71902a4e3b22e9cf144de89e506991fb93280f6a5f

/data/user/0/com.zke.ofakdv/app_dex/utopay.jar

MD5 3b8bb9a8679ac8c24e8d179fc5bae999
SHA1 e6ea7a1095524087f481ba04321c4cb6fd2426f3
SHA256 83c996c0d067b5f516897480f427dfffdcfb49ab7654dac9b805376bbd49e1db
SHA512 abf1cbed7a8cf4a29d7a32a83f15aa0a6c9e2be8484c2dd8d9bf16a76e337b17b9c05efa0773598806b3d3da4fe3a9217b583abb9aaf5e3dc054dc77b10cae63

/data/data/com.zke.ofakdv/files/yl_plugin.apk

MD5 5a4c666b43ee7f2b6995aaf3527e4a4d
SHA1 b205bcb022797f3b16635db139c7524c0c388adc
SHA256 05eb3e1ca331b8c6a1f60f92abb2bddbac54a7b2c229ac07bf26c756297fe72a
SHA512 c84fceddbf9928110fc3b85e0989b9cedd06383007ff99dea5a25096d8f892ab52d30ed9b52b72211449041f1274ead85bb42929ec269b58b6b0e616a8545e17

/data/data/com.zke.ofakdv/databases/740410100062013-journal

MD5 80cfe3f19dec2b47f8261f3f195fe5c5
SHA1 98b3a760d1a028111d6f3feca6b9868156f65331
SHA256 c018d55147d3094f60cc51942f3bca6858ef0c1e0f44649aacb687ce9b63644d
SHA512 eca3b5694f4a4460295222b589c70019eaf37842a4773d11dcba2f8cea32dea9065d312e5959f61e977033efb81b634711c4aed2f2670a21d9d68e3bae96de00

/data/data/com.zke.ofakdv/databases/740410100062013-wal

MD5 097968ab814cd61f4d4dd0b7051e741e
SHA1 f24d82ac1549ab919e7ae3809b7c21e4f5eb4b19
SHA256 3ed61c5c9ff6851a1d6f687fc15af2dc55140baa83e09cd1955df8d9c6f9c087
SHA512 270103cbceaccabac6011de689749d187a57b2f83437eeb525e6bf1e4311c5fe1b760b97bebb9d7c3ee4a71824cc3338a417fcb6166a6a8567c55649135ae4d6

/data/user/0/com.zke.ofakdv/files/yl_plugin.apk

MD5 918890b3fc5a3dc184a57d027ead24da
SHA1 c638f375f49bc4731b633bdc001aeeadf9462039
SHA256 57d03ac2189851d5069515da6997e12ca307c145aa21679da001477df5f81836
SHA512 fd9bfe41ce4041dc8c7db17df2a2164a24ea96372c212399c499f94d1fb7d95d430b8a7eb86041b9b2db88dfca0cf39e53cba2dad1e346aebed29e4ca5deb2ef

/data/user/0/com.zke.ofakdv/files/yl_plugin.apk

MD5 9fc68c74fcdf2ca6c0252ed39de275f0
SHA1 84438de24f01ade937d2f1a0f70c797e616b7199
SHA256 87751b4f40f3cf03b3e2a1e5eb9ef248ad79a8f47304d2a527939ed634ac8f2c
SHA512 10feb413b7a89f92339dd1d1a9538fdb22009279778d985f6649faf0af7cd1d5998adff439cad6b99ec2aade6b235b72385a83d9943e5b5898eb7ecdd7a398e8