Malware Analysis Report

2024-09-09 12:57

Sample ID 240614-n6g7natcqp
Target a99131b703b8d06c433c2c1ea442a426_JaffaCakes118
SHA256 3b01b63ab05a8a912f66df75aa26f16fc8660273f0cf3f2783d58520bd804add
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

3b01b63ab05a8a912f66df75aa26f16fc8660273f0cf3f2783d58520bd804add

Threat Level: Shows suspicious behavior

The file a99131b703b8d06c433c2c1ea442a426_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Checks Android system properties for emulator presence.

Requests cell location

Reads the content of the SMS messages.

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Reads the content of SMS inbox messages.

Queries the mobile country code (MCC)

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Queries information about active data network

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 12:00

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 12:00

Reported

2024-06-14 12:03

Platform

android-x86-arm-20240611.1-en

Max time kernel

106s

Max time network

175s

Command Line

com.zap.sfrfqt

Signatures

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.zap.sfrfqt/files/cua/XZXINnVuu.jar N/A N/A
N/A /data/user/0/com.zap.sfrfqt/files/cua/XZXINnVuu.jar N/A N/A
N/A /data/user/0/com.zap.sfrfqt/files/Pdd.apk N/A N/A
N/A /data/user/0/com.zap.sfrfqt/files/Pdd.apk N/A N/A
N/A /data/user/0/com.zap.sfrfqt/app_dex/utopay.jar N/A N/A
N/A /data/user/0/com.zap.sfrfqt/app_dex/utopay.jar N/A N/A
N/A /data/user/0/com.zap.sfrfqt/files/yl_plugin.apk N/A N/A
N/A /data/user/0/com.zap.sfrfqt/files/yl_plugin.apk N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Reads the content of SMS inbox messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/inbox N/A N/A

Reads the content of the SMS messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/ N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.zap.sfrfqt

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zap.sfrfqt/files/cua/XZXINnVuu.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.zap.sfrfqt/files/cua/oat/x86/XZXINnVuu.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zap.sfrfqt/files/Pdd.apk --output-vdex-fd=59 --oat-fd=60 --oat-location=/data/user/0/com.zap.sfrfqt/files/oat/x86/Pdd.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zap.sfrfqt/app_dex/utopay.jar --output-vdex-fd=75 --oat-fd=76 --oat-location=/data/user/0/com.zap.sfrfqt/app_dex/oat/x86/utopay.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zap.sfrfqt/files/yl_plugin.apk --output-vdex-fd=77 --oat-fd=74 --oat-location=/data/user/0/com.zap.sfrfqt/files/oat/x86/yl_plugin.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 app.jtmtht.com udp
US 107.178.223.183:89 app.jtmtht.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 107.178.223.183:89 app.jtmtht.com tcp
US 107.178.223.183:89 app.jtmtht.com tcp
US 104.155.138.21:89 app.jtmtht.com tcp
US 104.155.138.21:89 app.jtmtht.com tcp
US 104.155.138.21:89 app.jtmtht.com tcp
US 104.155.138.21:89 app.jtmtht.com tcp
US 107.178.223.183:89 app.jtmtht.com tcp
CN 120.55.89.238:8977 tcp
US 1.1.1.1:53 sdk.qipagame.cn udp
US 1.1.1.1:53 jx.hamofo.com udp
US 1.1.1.1:53 xiafa.hamofo.com udp
US 1.1.1.1:53 vpay.api.eerichina.com udp
CN 120.55.89.238:8977 tcp
US 1.1.1.1:53 passport.migu.cn udp
US 1.1.1.1:53 zyin.bjmcmj.cn udp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 116.62.54.183:9004 tcp
CN 115.159.152.136:8090 tcp
US 107.178.223.183:89 app.jtmtht.com tcp
CN 116.62.54.183:9004 tcp
US 1.1.1.1:53 v3.utopay.cn udp
US 1.1.1.1:53 p1.ilast.cc udp
US 44.221.84.105:80 p1.ilast.cc tcp
US 107.178.223.183:89 app.jtmtht.com tcp

Files

/data/data/com.zap.sfrfqt/files/cua/XZXINnVuu.jar

MD5 41bae40da071bc36f48340e97bc058a3
SHA1 1bc64ce894bf7d5fd8f7ecd30b685aae271a5867
SHA256 d7a9441b7500f946a068e97f10cf93192d87f1aa6f2d3e5446fec9af94e2fc33
SHA512 fb8d52c2282282821c6a59618e0c583672ffc32b9ca49116061b50cbba4648b17e6cdf83c33f35b311d9860483a32be04a0ac3226cbd9867e9c3b0b834d9ed31

/data/user/0/com.zap.sfrfqt/files/cua/XZXINnVuu.jar

MD5 5198d7149fea3a3658fe78de729743d7
SHA1 31b88bf4fbd4773dd38738acef666aceee43195d
SHA256 4eb39771f7cc3865d97e151a66ae434661dcf7025f706405fd27f673b736ba6a
SHA512 6a19f847bb8d2acc5621c5fe2ff1ffae8d031c261620ed3cbb5eae472638388baecbdbeac3ff9720ec44d1b870d2f0fd7bef78fee9431f6178df7f5b44a6230b

/data/user/0/com.zap.sfrfqt/files/cua/XZXINnVuu.jar

MD5 c72e7678f08ec9b12a6c8b022dec2fe8
SHA1 f28169b45c516c159cd669e55b02233a3b3dc948
SHA256 513b0c0da6ad0388addb00e36877f9f11787ff895c63cdb1738255ffba9455e1
SHA512 4b728901ac22eed516e9c0bd28d8846d3683701f0302d2ff2535df564b45b21f0b64538ab0934b12d8a86d0d4ef01afa61e72efab36be68dcba52ce9d01ba860

/data/data/com.zap.sfrfqt/files/Pdd.apk

MD5 e8fbf92c750dbd6fb316be82a6b7b7ae
SHA1 2a6ae9568698807cacc8cf4349556446c996b136
SHA256 2a3cb93d0ca14a1d0b0820c2a26df502a461fb2546ef4587524087c130553f10
SHA512 7848191878b5b8ba2d5020c7be953e70ccc4d392d29e400a65a57cd3731604933125de1d81b3732d251b3450fd4766a814ccd01f3975beda2499a9ba585a26e0

/data/user/0/com.zap.sfrfqt/files/Pdd.apk

MD5 a4237ef36f11c2db307f6d9701da0062
SHA1 5d11008a4b9275034db8904e538f7115a429ef0d
SHA256 32f697f7444c79efe23be55fdcdab52c8e6f5cd43474cd1735602675feb5639e
SHA512 6921b3cbb4e6a062eb9408c06e46e6d6cd7554f6e485b8f6275d8df3b7a8d23b26220c0cb979d3fe919fb6622d5d49160769b0567eebe61488cc4c7708f3b34d

/data/user/0/com.zap.sfrfqt/files/Pdd.apk

MD5 b91783059376e2bebfd7c24802289350
SHA1 9e0f855404908f993a3beb146e7a4e83789674bd
SHA256 46245d65e1d96038918f77ed8412bcde6a72b513c94a72369a751251f568e73c
SHA512 c50af3f34a519fdb34aa9be70128c55c57df169f8112887f17f9dece581a15cd9b6702939ee4f77370bb33a5d2fe449610c42e699008d4233344d406c3563f30

/data/data/com.zap.sfrfqt/files/cua/oat/XZXINnVuu.jar.cur.prof

MD5 663bd4956531ceeb2ba9df905901239c
SHA1 d1840a37651864c08e33a0970cde066e196f3635
SHA256 496edd2855b6beeeaad80779f7b384b0c9fe2d1ed6e3d65a51066e7b69495b5d
SHA512 6915464f4efe1ff5ef1cb6e803ba92aa6a31b44edfa9a119482b3cdf203bb1cb0b9432180c9eba21eafd249680dddd9a2ea9f236426b8402bac9367e0cf29777

/data/data/com.zap.sfrfqt/databases/wochi_v4.db-journal

MD5 16154e801b23041a2f9b8239735acb4e
SHA1 44e936673badb157183dd83cba25534e660dc6df
SHA256 ebab4d9159e81f4bc38ddbea07d91aafe460d5bb05ef738bd199fc5aee5fcd8e
SHA512 4471155e578d8e6c8ed6d5eaa16d587819173ed6b729bd9d92e11fb007fb81f79e7a15f5771651baa2238daa319440fafa90c47a3704573e76ad9ad6f5ca33a4

/data/data/com.zap.sfrfqt/databases/wochi_v4.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.zap.sfrfqt/databases/wochi_v4.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.zap.sfrfqt/databases/wochi_v4.db-wal

MD5 a5614c229dd2f0cf5704a006c4fa497f
SHA1 6fa8fa51703492d791994895c5a2e68722c21c6d
SHA256 0c142edac36f331095d087be36c46ead1c39f56562f4d051dea48082d4af2710
SHA512 a2cfdbf558ea3da15e475793e3bf5c57b4f83aac7eeec054a46548ef074f19a5538f09507c826095ed5a5f46120618546d1fb61bf076c112bdfb28904a8dbad6

/data/data/com.zap.sfrfqt/app_dex/utopay.jar

MD5 eb6089c1acfa9f12535e533aebee845e
SHA1 165e39ee07dcd9ed00fc2dc1ff466bc1d6b813c9
SHA256 b825cde84e3dddfc147c71265d2259c422d51a7e56d1dcdba1321e3119b1df07
SHA512 5b1bc26bcbcf05fc331865fb4dd572b673a52650d68ab4d9b028ea15219e0d93c1ec17996953436801913388d78e25c67ea33aa93544d65e96a799eb06cc70f5

/data/data/com.zap.sfrfqt/files/log.dat

MD5 ff9229f8e7c92d44d48e25206d43b021
SHA1 be3d75050c16c5b7484652ba292fdd6510f205d3
SHA256 77fc3599be409f7e73e643de843c0ebcfa20662964c498fc59e245c7f5e003a2
SHA512 be7b3aa8d670a2873c6b7bfd4ca93121fd2450723cbbc36d9d06d152fafa3ce90451f0a60ab56bc96bccb81cf5aae0167b404073db14dc17b9513ac73d455c58

/data/user/0/com.zap.sfrfqt/app_dex/utopay.jar

MD5 5220524411d0bacd600da60814d1ee9f
SHA1 fef7210ff44e757328bc0ff7aae7bb2191cbf634
SHA256 6286a800597b845785eb664710253ebd20771737dddd5b80067e0e9d37c804b2
SHA512 b2d8af5019c176d682634747d83320e609fb6122ef850f4069a0c78c2415d242087099cf60ecb03039a9ab71902a4e3b22e9cf144de89e506991fb93280f6a5f

/data/user/0/com.zap.sfrfqt/app_dex/utopay.jar

MD5 3b8bb9a8679ac8c24e8d179fc5bae999
SHA1 e6ea7a1095524087f481ba04321c4cb6fd2426f3
SHA256 83c996c0d067b5f516897480f427dfffdcfb49ab7654dac9b805376bbd49e1db
SHA512 abf1cbed7a8cf4a29d7a32a83f15aa0a6c9e2be8484c2dd8d9bf16a76e337b17b9c05efa0773598806b3d3da4fe3a9217b583abb9aaf5e3dc054dc77b10cae63

/data/data/com.zap.sfrfqt/files/yl_plugin.apk

MD5 5a4c666b43ee7f2b6995aaf3527e4a4d
SHA1 b205bcb022797f3b16635db139c7524c0c388adc
SHA256 05eb3e1ca331b8c6a1f60f92abb2bddbac54a7b2c229ac07bf26c756297fe72a
SHA512 c84fceddbf9928110fc3b85e0989b9cedd06383007ff99dea5a25096d8f892ab52d30ed9b52b72211449041f1274ead85bb42929ec269b58b6b0e616a8545e17

/data/data/com.zap.sfrfqt/databases/740410100062013-journal

MD5 50b7ca820800f63e45d4cb644a7cc595
SHA1 b4670459837be92511a6d77e3e2775367d60d19b
SHA256 9ce671d81fe2399d1871c1733805c92e4b0ab0a7dd84de7bfff6b43ad2bde721
SHA512 a29c50aec32df8fd9eed87f8df18e50f6e037c684ffdd0ad29a64949459cf5658dde025f306ed53eda31a58c63807fc8f93f0ff41cf814691c856acad639e620

/data/data/com.zap.sfrfqt/databases/740410100062013-wal

MD5 22de8ab9cfdaf4b306137a0f0b7cfb3d
SHA1 9db289cb26bc0386bf7d892b33ab2b7a8993876b
SHA256 d1be2cc374b0b6191fed72f3d26dc43dadbe7a950818762bb0f9cc216fe78642
SHA512 c10f2bb51fa16e69538b83db084e493285b39467204a62444ceff6386d21e970ea1af9d1ae6887e93d7adc481dc4af2918fc552418283bf743aecec1e975eafb

/data/user/0/com.zap.sfrfqt/files/yl_plugin.apk

MD5 918890b3fc5a3dc184a57d027ead24da
SHA1 c638f375f49bc4731b633bdc001aeeadf9462039
SHA256 57d03ac2189851d5069515da6997e12ca307c145aa21679da001477df5f81836
SHA512 fd9bfe41ce4041dc8c7db17df2a2164a24ea96372c212399c499f94d1fb7d95d430b8a7eb86041b9b2db88dfca0cf39e53cba2dad1e346aebed29e4ca5deb2ef

/data/user/0/com.zap.sfrfqt/files/yl_plugin.apk

MD5 9fc68c74fcdf2ca6c0252ed39de275f0
SHA1 84438de24f01ade937d2f1a0f70c797e616b7199
SHA256 87751b4f40f3cf03b3e2a1e5eb9ef248ad79a8f47304d2a527939ed634ac8f2c
SHA512 10feb413b7a89f92339dd1d1a9538fdb22009279778d985f6649faf0af7cd1d5998adff439cad6b99ec2aade6b235b72385a83d9943e5b5898eb7ecdd7a398e8