Malware Analysis Report

2024-07-28 14:20

Sample ID 240613-pqk42syepc
Target a58d69dc82381d824392e84e9553bdd9_JaffaCakes118
SHA256 d0cc4b48f86ba9d2bc1e98717e31014f9e762990dde94c2a1022614405185810
Tags
discovery evasion persistence banker
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d0cc4b48f86ba9d2bc1e98717e31014f9e762990dde94c2a1022614405185810

Threat Level: Shows suspicious behavior

The file a58d69dc82381d824392e84e9553bdd9_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence banker

Queries the phone number (MSISDN for GSM devices)

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about the current Wi-Fi connection

Acquires the wake lock

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 12:32

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 12:32

Reported

2024-06-13 12:35

Platform

android-x86-arm-20240611.1-en

Max time kernel

151s

Max time network

157s

Command Line

com.akapp.myhe.dfgfok.fytgry

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/classes.dex N/A N/A
N/A /data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/tmp.dex N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A s.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.akapp.myhe.dfgfok.fytgry

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

sh -c ps -ef

ps -ef

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 irtpifrf.api.lncld.net udp
US 1.1.1.1:53 app-router.leancloud.cn udp
SG 119.29.29.29:80 119.29.29.29 tcp
CN 106.75.100.17:443 app-router.leancloud.cn tcp
SG 119.29.29.29:80 119.29.29.29 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ez4q2.cn udp
CN 112.65.70.244:80 ez4q2.cn tcp
GB 216.58.212.202:443 tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp

Files

/data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/libjiagu.so

MD5 f0f9ef36b67807a253b5932f865eae7b
SHA1 6a8d66c6efa2750b54cb763f4ad044bba4154e0d
SHA256 646dcd8290a30e992553186392239da39ce7c8e7c2fd87b3d6a880551782db75
SHA512 e7ea65467e557e4992e746d808cae3e2d16b42187b1a94326c47c689cef9fe21a2a9d2b312c60c8ff40e128dacbde84cd6b93a191ae38496584a45fe60c04548

/data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/classes.dex

MD5 5d2831489e483565f4223fafdfaa104a
SHA1 d7efbcdc9be15f5660bdc0044b238bfd3dd905aa
SHA256 0edd278469d2b087bc820bbfcba368d2f232cffd8785d1134ba8b47ae642307f
SHA512 9d5277cc74c6d6cd374410d8e0bef50b33a149f410c5fb3b53bf4be43e914524da96c0ca5e5c5f7c388d3f695f781071da56af28485bfe472cc24489c94764cf

/data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/classes.dex!classes2.dex

MD5 f72965e5a8da6d6318b1c7405bcbaf71
SHA1 af942d35db828a5cb3c199dfdc39139e58fd852c
SHA256 72b32a24d49d111bb5451520d5f6f1756c17e5b756c2e692344729f3351fe9fd
SHA512 47ffe49d914c8b8c39365d4d5607796463050a55d295dd9447747ec4aa5f9e84fb1336f711354263f8ef14a43bde1be23268f4fe415bfa8d6230b511d465580d

/data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.akapp.myhe.dfgfok.fytgry/files/.jglogs/.jg.ri

MD5 69e3aac63b2c26377905a43e26e38e2d
SHA1 8256b58d4a18421bc90f631cd0c25525476ed25e
SHA256 abcafedf99624ce38f73cd86ceeffe07852af1f4e42d2ac8848c8d51b8b7f423
SHA512 3275d96b1fa2f5dea83f36165e39a16a78d11538fcd5b0c99eebd29398ed030dd62162d14d42529b0e57a0284bd348043ead2ae1b0a75dde17f7f43120e77158

/data/data/com.akapp.myhe.dfgfok.fytgry/files/.jglogs/.jg.ri

MD5 fb4c7f45edb13b4ac8a62ddb5eeabcb0
SHA1 76592b23a46cf31f768c73e3590dfc552e49759c
SHA256 80b776ee2eb485af8edd0495a3fe4bd6584deeaf5fb367c0231d01d4f994b620
SHA512 63de12a7a5207fe7730a0444ef800a8594c577804e34ce464ffb97f8b91d37f535641d39f555369f850fbc011cb5cd973f7ef4f1c42a5f305c880201f9dfb25f

/data/data/com.akapp.myhe.dfgfok.fytgry/files/.jiagu.lock

MD5 449d6b023576fa956d144b6e631a70e5
SHA1 23e6efe3232fba52279c0b1f3eeea4020f53ec21
SHA256 54f44f66e2465768b491560da9168a22e1939e0aae9db9510decc9000fd491a9
SHA512 4e7595973e6d8549e842a4375b8971e0c0b69f17a506eaea68fb954b3b7876709c24e1386c57545e911e9224c6809caf51e5beca4cd169ba39653ac6dc42ac7d

/data/data/com.akapp.myhe.dfgfok.fytgry/files/.jglogs/.jg.rd

MD5 3a3344b251e381e4d2c00e7ff52ef43f
SHA1 c6c67e7de02ed2361bc80b0aabec7bf833bd3ccd
SHA256 d99f9452d1cacdffbec36ab66db66b0659cf4342ae4eee8f72ad29258d6c51b6
SHA512 4381ce5a8da3496d467d2440e7f3e08cb1ae37dbcb3c6f13830bc19c7f8c3bba74d9f1037e04115dc77ab74128bd68c049722ea297f271e58ca718a171e6892a

/data/data/com.akapp.myhe.dfgfok.fytgry/files/.jglogs/.jg.store.report_pid

MD5 66193133908184486c18edf122570d08
SHA1 d7ec59a15bb3a7252b24f0f93850c708abf1e895
SHA256 75f9d2a74de27e5af208dec03f5eb21c62b12c3f4392c37ceabf76cb238404d4
SHA512 dd219d144a5942b4653d53fe24728040e690343eea2ef90bcad96b6eedffcd5c0de62088d34508ffa6805d2d6cef91685b3183332a52bb4361635954a15e60e6

/data/data/com.akapp.myhe.dfgfok.fytgry/files/.jglogs/.jg.ac

MD5 c430eeca4180ff92ed1d66ea650b824a
SHA1 9c6becc680d627c4710f29e7a2617b74eb72e683
SHA256 f2bc08950487304c585280cd7c94d17aacb73a158eec47584c84f6435b5fdf55
SHA512 afd1286024985c36ee363de9f682c26826a9d927c6a9005f2397ff844f069d7c285ded65dd2b3fd26bceb3c3a9ea7022fa32bbda39d56e4bcd41bf4c962ab3bd

/data/data/com.akapp.myhe.dfgfok.fytgry/files/.jglogs/.jg.ic

MD5 528b8251e55c8e944de09d358ab0dd74
SHA1 b5334e2683bd87a85227f0086d400dac2e365513
SHA256 bee3d9ee7dcd04274d063dba152d284870eed7ca327908da7c01a17719740cb7
SHA512 e2f14a6b485cf08d6de31c4974c21ff61a1d09327afc49de2a963b91be152551382beec1dcbcd9c73d107cc85c255fb204698cb6ad2541124ced32b833dabee0

/data/data/com.akapp.myhe.dfgfok.fytgry/files/adbase.jar

MD5 40673b3ddc4e01246a5def6584282273
SHA1 795b345aacaca08604bbba653d0e8b06f0049e09
SHA256 e8dc297a5643ac3d9d9bcf1befff154356b02eb96ad3c2d8ecbcc8ac303e9f8c
SHA512 8715c59e8605be1b1c5348e04b7791ec6190f4877e52f5922cce21614f4ed4725cf4f3eb77bd852b20f85e5935caa7daccc6530879a0256eadc63f0a1b2fb06c

/data/data/com.akapp.myhe.dfgfok.fytgry/files/.jglogs/.jg.ac

MD5 87dcd75b18c30dc7c2e17cd4ea0828bd
SHA1 2bc8b937fcaaccfdac96798669ddff58d36d8b51
SHA256 8efecd9c92b514e2147e5a529b3b3d0f8fd9e18936fbe1e89328dc128eb5fcfc
SHA512 30fb75d84107588a3f6cc5436fa47ef49f4c0ab2465e6fda6a460437bd59f63e3c518e4000c8853193b117868a35b31fd032c8551722a99aa2e728d0b070f033

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 12:32

Reported

2024-06-13 12:35

Platform

android-x64-20240611.1-en

Max time kernel

10s

Max time network

163s

Command Line

com.akapp.myhe.dfgfok.fytgry

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/classes.dex N/A N/A
N/A /data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.akapp.myhe.dfgfok.fytgry/files/adbase.jar N/A N/A
N/A /data/user/0/com.akapp.myhe.dfgfok.fytgry/files/extend.jar N/A N/A
N/A /data/user/0/com.akapp.myhe.dfgfok.fytgry/files/gd.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.akapp.myhe.dfgfok.fytgry

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 app-router.leancloud.cn udp
US 1.1.1.1:53 irtpifrf.api.lncld.net udp
SG 119.29.29.29:80 119.29.29.29 tcp
CN 106.75.100.17:443 app-router.leancloud.cn tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.180.3:443 tcp
GB 142.250.179.228:443 tcp
CN 106.75.100.17:443 app-router.leancloud.cn tcp
SG 119.29.29.29:80 119.29.29.29 tcp
US 1.1.1.1:53 api.iclknet.top udp
SG 119.29.29.29:80 119.29.29.29 tcp
US 198.2.208.146:80 api.iclknet.top tcp
US 1.1.1.1:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 1.1.1.1:53 g.tenor.com udp
GB 216.58.213.10:443 g.tenor.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
US 198.2.208.146:80 api.iclknet.top tcp

Files

/data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/libjiagu.so

MD5 f0f9ef36b67807a253b5932f865eae7b
SHA1 6a8d66c6efa2750b54cb763f4ad044bba4154e0d
SHA256 646dcd8290a30e992553186392239da39ce7c8e7c2fd87b3d6a880551782db75
SHA512 e7ea65467e557e4992e746d808cae3e2d16b42187b1a94326c47c689cef9fe21a2a9d2b312c60c8ff40e128dacbde84cd6b93a191ae38496584a45fe60c04548

/data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/libjiagu_64.so

MD5 c26350f8b4709f13c7adeac3c1ec791b
SHA1 0d773039deffff4f2bcab5cbc2ac04c4a2e7de9f
SHA256 947093725142dabf77b01a8c9020312dc4544403c0a86e8a55d0174e6808e87f
SHA512 56a1d1b7255a311317757850bfc7f5b4e59333c386f1b17555a2f03090a5bd5db66b6da2c59e90ed674f9bba1c991956877b95da8d2a75fcc1b8f3f6b9a979be

/data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/classes.dex

MD5 5d2831489e483565f4223fafdfaa104a
SHA1 d7efbcdc9be15f5660bdc0044b238bfd3dd905aa
SHA256 0edd278469d2b087bc820bbfcba368d2f232cffd8785d1134ba8b47ae642307f
SHA512 9d5277cc74c6d6cd374410d8e0bef50b33a149f410c5fb3b53bf4be43e914524da96c0ca5e5c5f7c388d3f695f781071da56af28485bfe472cc24489c94764cf

/data/data/com.akapp.myhe.dfgfok.fytgry/.jiagu/classes.dex!classes2.dex

MD5 f72965e5a8da6d6318b1c7405bcbaf71
SHA1 af942d35db828a5cb3c199dfdc39139e58fd852c
SHA256 72b32a24d49d111bb5451520d5f6f1756c17e5b756c2e692344729f3351fe9fd
SHA512 47ffe49d914c8b8c39365d4d5607796463050a55d295dd9447747ec4aa5f9e84fb1336f711354263f8ef14a43bde1be23268f4fe415bfa8d6230b511d465580d

/data/data/com.akapp.myhe.dfgfok.fytgry/files/.jglogs/.jg.ri

MD5 e78224e0a02e963cdae921615f43ad0d
SHA1 c8736e2758b1a9189ff698bc5b062a73cc5936f0
SHA256 0e1777713e99bc7991f7fb73ba6c929a32b594cffe5438e5ec2f81fc323534d1
SHA512 8ab25d4870a6ad6483a660878d63b1077a3d708b3ec9db25915f541e87eddb6cea147bd48e7c102c2d74d3bfbcd3ce6240fca937a711a6c0a782c5112f8302c1

/data/data/com.akapp.myhe.dfgfok.fytgry/files/.jglogs/.jg.ri

MD5 c5d2a9b1c5475cc6c0e63ac28cc535b9
SHA1 5972a8a60796cb60da5f430b74ab54acfd2f0262
SHA256 76b7d16ae9426849c73d923ce8f2b804c6902f4c4b9543db144664d08446ffa2
SHA512 7040690dd5a22511ef654d8009be86c9a195b625a154525a27dccda5018e538f5ad6db7466aef6b03560328f24750f82492a2942904a16bcd45b6de3ed507d6d

/data/data/com.akapp.myhe.dfgfok.fytgry/files/.jiagu.lock

MD5 039c48cb631e14f50ea31b8cb4e02426
SHA1 26a0b95d307cc2ebfcb4778d5b94e253e8e8b744
SHA256 9a4a72fbfb86013c0d36dcbfe0fd42427df606d01634b6909582c5fa5a5f1f6a
SHA512 f9e9675f28870aca71ba184386cd9b592d06287e5f821c39156ac096a5829a136ce00f59cc12479849f6e00be1f4af5311ebb1756e5ed21469f1917d7de7e2f7

/data/data/com.akapp.myhe.dfgfok.fytgry/files/.jglogs/.jg.rd

MD5 b674ca503b266e9f041c1e9fded79f98
SHA1 e84cf2869ccf02b20e4af7e0ff2c14bfa95ecf96
SHA256 a908f08805fc8f236f6c2826fe1a5454e90bfa0edb37f39b2d481db15367390d
SHA512 d988f82e53836cad7c38f68171c6168743ad8e3b21c375e89215ec665c0e115c59cb30be14cf62eec7df65d7ba2a2b71e5606902874b5bf8f74f7eb5d8394b57

/data/data/com.akapp.myhe.dfgfok.fytgry/files/.jglogs/.jg.store.report_pid

MD5 66193133908184486c18edf122570d08
SHA1 d7ec59a15bb3a7252b24f0f93850c708abf1e895
SHA256 75f9d2a74de27e5af208dec03f5eb21c62b12c3f4392c37ceabf76cb238404d4
SHA512 dd219d144a5942b4653d53fe24728040e690343eea2ef90bcad96b6eedffcd5c0de62088d34508ffa6805d2d6cef91685b3183332a52bb4361635954a15e60e6

/data/data/com.akapp.myhe.dfgfok.fytgry/files/.jglogs/.jg.ac

MD5 c430eeca4180ff92ed1d66ea650b824a
SHA1 9c6becc680d627c4710f29e7a2617b74eb72e683
SHA256 f2bc08950487304c585280cd7c94d17aacb73a158eec47584c84f6435b5fdf55
SHA512 afd1286024985c36ee363de9f682c26826a9d927c6a9005f2397ff844f069d7c285ded65dd2b3fd26bceb3c3a9ea7022fa32bbda39d56e4bcd41bf4c962ab3bd

/data/data/com.akapp.myhe.dfgfok.fytgry/files/.jglogs/.jg.ic

MD5 528b8251e55c8e944de09d358ab0dd74
SHA1 b5334e2683bd87a85227f0086d400dac2e365513
SHA256 bee3d9ee7dcd04274d063dba152d284870eed7ca327908da7c01a17719740cb7
SHA512 e2f14a6b485cf08d6de31c4974c21ff61a1d09327afc49de2a963b91be152551382beec1dcbcd9c73d107cc85c255fb204698cb6ad2541124ced32b833dabee0

/data/data/com.akapp.myhe.dfgfok.fytgry/files/adbase.jar

MD5 40673b3ddc4e01246a5def6584282273
SHA1 795b345aacaca08604bbba653d0e8b06f0049e09
SHA256 e8dc297a5643ac3d9d9bcf1befff154356b02eb96ad3c2d8ecbcc8ac303e9f8c
SHA512 8715c59e8605be1b1c5348e04b7791ec6190f4877e52f5922cce21614f4ed4725cf4f3eb77bd852b20f85e5935caa7daccc6530879a0256eadc63f0a1b2fb06c

/data/user/0/com.akapp.myhe.dfgfok.fytgry/files/adbase.jar

MD5 5687998376ff266e6a8731654fbee93e
SHA1 b465a823068a4edf99d2ef7886f03d525fd38e0c
SHA256 fbc1c7aa99036f25c79cdf90463d98e2420a92cceaf9ff1464e33edf04c22dc0
SHA512 e39c08e6f1befa2ecd8c373eb00078a1540750c545d178fbbfaa907738fd95eec68f22110e3d6cbb4fe92f8c1574bf2afeda6f582f0572231bf8c9e1cfa3f12c

/data/data/com.akapp.myhe.dfgfok.fytgry/files/extend.jar

MD5 c17429ecc92f0734270b12c0872a0672
SHA1 1ef7f4b4ed8e69de899e68b3074929ba5a972f1c
SHA256 beac644a161f16cec4fc72aaa289e65d27e83a601bdfa36be602de33cbe3cd41
SHA512 76501c14093a9e293ebd36efc79f7091b4446acf6db9b955b6a502065041446165de36f59e19dd1be94030b33ca37a2bbdc381a108a3017c1db9a281cfd07b9c

/data/user/0/com.akapp.myhe.dfgfok.fytgry/files/extend.jar

MD5 efbe6c369ca83fbbca6fb6d4f310eefa
SHA1 118c33b7d35e2495ad683d8fcd527d3b7a3d17b8
SHA256 272b17547fd31e07d421156730825a902790859c902ad77244a4ca0a2fe8b634
SHA512 cfd0a1efffa2b920c61c13b17e71a24a2c853e46c0a587d5ea6cb81467dda054bd01835e692c3b48bb4d5fddacf0e315af2fa791dfce3c3f2aa38eb473dea046

/data/data/com.akapp.myhe.dfgfok.fytgry/files/gd.jar

MD5 977e422bd68727aa50852f8ea37dacf3
SHA1 46fc3adc060f1b048dba6f7bd8686e8ffa3f6c36
SHA256 cd89d75818c06410a3ed1f3c1ca326902a2ae276f04b0bc82846f9faaec5b07c
SHA512 43b30e7c2202301e5b33eb81ccc96a9b5c128409cc80d133002e23ca95d08f4f226e39331536ff10ef86882e0e58b474c7303bac56662481fc85c40d6fa927fa

/data/user/0/com.akapp.myhe.dfgfok.fytgry/files/gd.jar

MD5 539b79b0434963091a476041aa1ee2b7
SHA1 20666ed22946bac5c9876c67fd4c227f33be7dbb
SHA256 9a186f16d1234fa33e909bee82d819014382466fb43ff09c8e61ef550d12c2ae
SHA512 6640fbc2cb1b121a3512bd13571e2a451df900d1376a95190b0384893a46a8df630649d9b090f088db7f852b5ec9dcc2cf6eb90120c92ddac8307437f7315c5d