Malware Analysis Report

2025-05-06 01:30

Sample ID 241103-yg5xjatarj
Target 8d305eec1cf56a8311b1871c1702116c_JaffaCakes118
SHA256 59662e1b9346cfed1196c339581524e82864fe32388debb4b9b9e79fb8c0aeb1
Tags
collection discovery evasion execution impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

59662e1b9346cfed1196c339581524e82864fe32388debb4b9b9e79fb8c0aeb1

Threat Level: Shows suspicious behavior

The file 8d305eec1cf56a8311b1871c1702116c_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery evasion execution impact persistence

Loads dropped Dex/Jar

Queries the phone number (MSISDN for GSM devices)

Reads the content of SMS inbox messages.

Requests cell location

Reads the content of the SMS messages.

Queries information about active data network

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-03 19:46

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-03 19:46

Reported

2024-11-03 19:49

Platform

android-x86-arm-20240624-en

Max time kernel

13s

Max time network

136s

Command Line

com.fiz.abeywl

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.fiz.abeywl/files/R/jLLkNQv.jar N/A N/A
N/A /data/user/0/com.fiz.abeywl/files/R/jLLkNQv.jar N/A N/A
N/A /data/user/0/com.fiz.abeywl/app_ss/ss.jar N/A N/A
N/A /data/user/0/com.fiz.abeywl/app_ss/ss.jar N/A N/A
N/A /data/user/0/com.fiz.abeywl/files/hrbxq_d/hrbxq_f.zip N/A N/A
N/A /data/user/0/com.fiz.abeywl/files/hrbxq_d/hrbxq_f.zip N/A N/A
N/A /data/user/0/com.fiz.abeywl/files/viXN-nItmOkIezOjxZd7IR4tVTij7FF5IF-f2SdK40g=/m19bTU5KkfrSuM64C22O6Q==/p7U5fXLUzNUq4Ffm.zip N/A N/A
N/A /data/user/0/com.fiz.abeywl/files/viXN-nItmOkIezOjxZd7IR4tVTij7FF5IF-f2SdK40g=/m19bTU5KkfrSuM64C22O6Q==/p7U5fXLUzNUq4Ffm.zip N/A N/A
N/A /data/user/0/com.fiz.abeywl/files/one.dex N/A N/A
N/A /data/user/0/com.fiz.abeywl/files/one.dex N/A N/A
N/A /data/user/0/com.fiz.abeywl/files/one.dex N/A N/A
N/A /data/user/0/com.fiz.abeywl/files/jiepayplugin.apk N/A N/A
N/A /data/user/0/com.fiz.abeywl/files/jiepayplugin.apk N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Reads the content of SMS inbox messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/inbox N/A N/A

Reads the content of the SMS messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/ N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Processes

com.fiz.abeywl

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fiz.abeywl/files/R/jLLkNQv.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.fiz.abeywl/files/R/oat/x86/jLLkNQv.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/cat /proc/cpuinfo

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fiz.abeywl/app_ss/ss.jar --output-vdex-fd=79 --oat-fd=82 --oat-location=/data/user/0/com.fiz.abeywl/app_ss/oat/x86/ss.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fiz.abeywl/files/hrbxq_d/hrbxq_f.zip --output-vdex-fd=84 --oat-fd=85 --oat-location=/data/user/0/com.fiz.abeywl/files/hrbxq_d/oat/x86/hrbxq_f.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fiz.abeywl/files/viXN-nItmOkIezOjxZd7IR4tVTij7FF5IF-f2SdK40g=/m19bTU5KkfrSuM64C22O6Q==/p7U5fXLUzNUq4Ffm.zip --output-vdex-fd=87 --oat-fd=89 --oat-location=/data/user/0/com.fiz.abeywl/files/viXN-nItmOkIezOjxZd7IR4tVTij7FF5IF-f2SdK40g=/m19bTU5KkfrSuM64C22O6Q==/oat/x86/p7U5fXLUzNUq4Ffm.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fiz.abeywl/files/one.dex --output-vdex-fd=85 --oat-fd=88 --oat-location=/data/user/0/com.fiz.abeywl/files/oat/x86/one.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fiz.abeywl/files/jiepayplugin.apk --output-vdex-fd=56 --oat-fd=58 --oat-location=/data/user/0/com.fiz.abeywl/files/oat/x86/jiepayplugin.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.palmfunplay.cn udp
US 1.1.1.1:53 xzfsdk.zhangxhy.com udp
HK 38.239.233.14:80 www.palmfunplay.cn tcp
HK 38.239.233.14:80 www.palmfunplay.cn tcp
HK 38.239.233.14:80 www.palmfunplay.cn tcp
HK 38.239.233.14:80 www.palmfunplay.cn tcp
HK 38.239.233.14:80 www.palmfunplay.cn tcp
US 1.1.1.1:53 app.eahwq.com udp
US 172.65.190.172:10011 xzfsdk.zhangxhy.com tcp
US 1.1.1.1:53 d.angshuwl.com udp
US 1.1.1.1:53 d.angshuwl.com udp
HK 168.76.254.227:9270 d.angshuwl.com tcp
CN 47.97.211.44:18888 tcp
CN 120.78.31.198:8030 tcp
CN 120.78.159.72:8866 tcp
CN 115.159.152.136:8090 tcp
US 1.1.1.1:53 api.qiazhiwenhua.cn udp
CN 120.78.31.198:8030 tcp
HK 38.239.233.14:80 www.palmfunplay.cn tcp
US 1.1.1.1:53 jiepay.jiemengkj.com udp
US 172.65.190.172:10011 xzfsdk.zhangxhy.com tcp
US 104.155.138.21:8152 jiepay.jiemengkj.com tcp
HK 38.239.233.14:80 www.palmfunplay.cn tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.fiz.abeywl/files/R/jLLkNQv.jar

MD5 44922a5761d3c709be6c6a2758208f86
SHA1 a05a6198b4eaef9413675c4c6f85076bf56f04bf
SHA256 64d3c2a6cd6a8ec30245ffede86908d13ff44e9cab268a7759ba54fe57808cbc
SHA512 79013c867e3eb234588b47e93fc3acf9a9c649203c6ced72a9b0223dd37b03690c38abc89034bc6bd77a11f1252b9dcc065f6f23b2c22f10cd753a82ec4dd992

/data/user/0/com.fiz.abeywl/files/R/jLLkNQv.jar

MD5 88e0615bcbe83d79c2d02e8b891463c8
SHA1 201d65aec51339f433e6088f05d44d867523f66c
SHA256 f0b1051f97f06fd6abc5ed23f27c7767ae518e09034a833ba8a0b70af9cef0bd
SHA512 1b63b473177f9d19cd657ae09819bffd39ac9af9d3e9b097113d6f805c78e2b32cfd13d1cd15c6e0e4271f6e8459efafb6adf67a08e2a91dab8dbe16db085445

/data/user/0/com.fiz.abeywl/files/R/jLLkNQv.jar

MD5 7d8aecd7e9cee58024f96e196019e2ae
SHA1 041972f5a8f73a1b8bc74f48910c7248c52656d8
SHA256 15273b69251e287bad82cb8e07bd040ac0d199b8a3b560d7c3bbd18c2ef811f5
SHA512 127be9f66a302e72f751d5c7cbbc4db3918119245e709069048a5d84e873d1c7894f993ba265a911db7505f50debbe5b3921616612e1e439da472727a4ca84b7

/data/data/com.fiz.abeywl/app_ss/ss.jar

MD5 2e50cc7de794dad35005e0fc6fbb8d9a
SHA1 25f188bcb76fb759325301b6a1a508b4ac9b9dc6
SHA256 c0825eade44f2794f1ad9e6e3d7f6b52fd4ff8f47db2d6a348a963d6d2f00898
SHA512 1576744b260b25357ae922cb2ba46c240ef9eea01243d1953d900cea47699383e1d0cbcb2feeb433135bea6617780f7aceadaffa9f05859916da6a1c60ca6695

/data/user/0/com.fiz.abeywl/app_ss/ss.jar

MD5 c17e22be7df1cc470a46d32be821387d
SHA1 3c21fde0b28282fca8a1dfff842122827a6df844
SHA256 01b13f6265807551a706ad6fea1b400c6c0c86fa0ac7281270c09d0155466a00
SHA512 0fa2ae8e132c547e7f8a989f05c839e0fb698714ef314e636c6721b6aca3359eb901eeeea36f7e59c85f9faf9c81d7ff650ac1ea28ed5300258c38a035ad03b5

/data/user/0/com.fiz.abeywl/app_ss/ss.jar

MD5 5354e36676e36340dc86a19b65afdea1
SHA1 e407079be10a5b3ccdf24b39ba9b117a8a8b6521
SHA256 a6900a7431a26d7306303ed4d37e0c59c639bdd25c5fe74ff49adcf1485e90d2
SHA512 4d230ee19a929dd0d817bdc12356e6785460927bfb73888c1895751da8689c47ffb6fca98c2284a44221c3520c4faa6a89c04d2c7962a1fd69ae72cce892e8c9

/data/data/com.fiz.abeywl/files/hrbxq_d/hrbxq_f.zip

MD5 4879309709922de0bfb700386ff10a2d
SHA1 0c03c1db3a716d3d5f1e179e48d5e2fb4cb3cf6a
SHA256 ecbc371f4925340af5630066c1a12425d5299d3fc9b91de2741bd8dc6a60697d
SHA512 0facaa8490e958243391c55282e3b70d501fb32c0222d87acebb1c7977a6f9c3aba1fdbf59d6dfc25d7ed5c5f59cb83816e2f103820952410330b1794cf52db0

/data/user/0/com.fiz.abeywl/files/hrbxq_d/hrbxq_f.zip

MD5 1c5bca4085a4191c2d52a050e042604a
SHA1 73e9a34eda4102f03d4236ac17dace41e3c171f8
SHA256 9903d7dcf265401128068d9c6ba81432022b0a1397989f57c30a0b2d01f07622
SHA512 c8f352ff9bcea50424162d84f1d058365df8c3c9ca09e3925bb0ada69396a5ad3345cc47f8b5b832bdb13374dfe1968a24181ffc2c87defe5dd21925ba7b682e

/data/user/0/com.fiz.abeywl/files/hrbxq_d/hrbxq_f.zip

MD5 bb8cb1729ec22d8106c8c26706f3dd5b
SHA1 cadf6c4b63bf24469843e9cb531c244c1427d140
SHA256 a64947c6263f708b1590a6e25c42ca1698ee4b1fd3262aaa55f0f06c7e143f5b
SHA512 7c640f995327da04b019a4afb32a4215007b30095f69bb47f4525117b406606494ea063ad121dc70c523a6447c488abc3718bccf4d3d49e629ec6b2ede885ebb

/data/data/com.fiz.abeywl/files/viXN-nItmOkIezOjxZd7IR4tVTij7FF5IF-f2SdK40g=/Nu33NAgsaWRij9eH-BuBuw==.new

MD5 c7179dd8e80935ccb38f47d60de2c4e5
SHA1 8be87173e31ebec9f2f3e8e402e114aa02374023
SHA256 94b8efb36cf3659ebf070588de7dae75dbb1998a05da2c00977d08a91dfa6e29
SHA512 219dda21c6201695bdfa649f65cc99df7aecf9c66f0e359cd43f0f8905345ed4fd7f3f07a35327a0cd11b03d18f9d551599edd4e0fd75035e2e25ec239f491d9

/data/data/com.fiz.abeywl/files/viXN-nItmOkIezOjxZd7IR4tVTij7FF5IF-f2SdK40g=/Nu33NAgsaWRij9eH-BuBuw==.new

MD5 bebe48059d4ba2a22de8791d8f442e4f
SHA1 55efa109b25f3143e8ec88ac5392232c2f0b740b
SHA256 6a297855ade61f9ee13cd25b0dab4d596c564cf114796ee3dfaed353f8a7ba55
SHA512 6961c0c74079bdb519df1f95606bb6843a72cc55fdd10daedbd878713d04c15f12181dd56c0f4d09567e42efabf8d75b17a69877f338ae01e8de9c783dda2c81

/data/data/com.fiz.abeywl/files/viXN-nItmOkIezOjxZd7IR4tVTij7FF5IF-f2SdK40g=/Nu33NAgsaWRij9eH-BuBuw==.new

MD5 c13c52666073176690a9d554e2dc5a04
SHA1 cd97aad396995aa9f1d77f095cd3c6f6679fbd15
SHA256 7d651cacb28d6cc788d16425124903a2a34ec4cfdd9dd617cd4388e975a0e692
SHA512 9de18c57d6e1c149461c8fca395c70a6e0fbea6c488201c2940aba83aad830ae9f4c1f8c10fd6814d6b23e6a94871977a673d320b829480da0f143551b821192

/data/data/com.fiz.abeywl/files/viXN-nItmOkIezOjxZd7IR4tVTij7FF5IF-f2SdK40g=/-uDG27czQERXTl94cLMLBA==.new

MD5 e1a5cc89e24d2fb247e13f0c1ee88e4f
SHA1 03196ca5996f41be2aa3987e27c7c24c1b5506f1
SHA256 48cd0f96a5ddb77729db89021fda4294201e88b84f45928f180f9a2195448ff9
SHA512 d1997b405017865073826c2b59a2ae5453ae6cba454566c9b319b053a2c4897416a1f2bad3f9930d03855f714e1b103d2f1cefd4de09484732bedd1b24aa3dbc

/data/data/com.fiz.abeywl/files/viXN-nItmOkIezOjxZd7IR4tVTij7FF5IF-f2SdK40g=/Nu33NAgsaWRij9eH-BuBuw==.new

MD5 8a0a15af3ba494388cc11f1c4f436903
SHA1 99dc51523334ea346423b2e887130818e51d7194
SHA256 8ca870105add9dc75d006f69f844404653fd5c49f468126bf7f509636a074ea7
SHA512 4a8a3c51214ccfe7a50f4935e7a0514d8a0c5e5533d10ce0c3e70a4f7dc9955e3c5218abb63dbe23cadccf23c4551f6f09e261559d1addbc7f9155212b5831b2

/data/data/com.fiz.abeywl/files/viXN-nItmOkIezOjxZd7IR4tVTij7FF5IF-f2SdK40g=/5SZ71sjMwPw3wOm9JVPVyg==/nHajHPC7PppuWdmMi4yr7w==

MD5 747eba8d7fbfe30923962d5c27fe62ba
SHA1 adc96cf6b78d89f646e61930b54f17db5be738cc
SHA256 18baa13cf7a5ad3013cd358f6815228b8d88adbfe1c0e5faffe38dc3184d3328
SHA512 c0ad70fd612c9ee8f27a212bc07af760c3604cf0e018b23591ee5f703fea20800addf9fe9b1056b3db9cd9a1ba9bf8d3142199ec9fc2578e58bb482b4d400039

/data/data/com.fiz.abeywl/files/viXN-nItmOkIezOjxZd7IR4tVTij7FF5IF-f2SdK40g=/EUxgcH7lOdhrTgF5g87nUw==/G7zsMN9bvKFHEgXa

MD5 433820daec4736c0cf015fce0a2705ae
SHA1 55b858b12b7a82ba48ef6bf0db65520c1ea4d38d
SHA256 7dd0a8b932a478515bb27115124ab4627ddf2086426932e3e39a0c503f4de74c
SHA512 ae6df2c47307677b41bc124e473260942b8a541e18f9be57fcc2af3994f8a5ea03d4b9ad41c57deca1eab78466e4793118dea4302f113fad6a78e775c644ba25

/data/data/com.fiz.abeywl/files/viXN-nItmOkIezOjxZd7IR4tVTij7FF5IF-f2SdK40g=/EUxgcH7lOdhrTgF5g87nUw==/MhmCzLufGQOOGYK0PR1j5Q==

MD5 95a57474503cb6bdc162f0dfd4e15cc4
SHA1 e8b2efcdfa313b22e1862a5387314287b4c4aa08
SHA256 914077f85c2fdc62ff69de00aed17d00dd1707136124e6e134c0fd48ea5116a7
SHA512 7a6fc5c031c5c40870f6f5440a33209396d66370a42253d8055377b5dd651f0fe648c61aedcbd6e3851f3c52b5ad1217936044be3d2423502f24bf8a8c60bedd

/data/user/0/com.fiz.abeywl/files/viXN-nItmOkIezOjxZd7IR4tVTij7FF5IF-f2SdK40g=/m19bTU5KkfrSuM64C22O6Q==/p7U5fXLUzNUq4Ffm.zip

MD5 fe3aa6f5971ba5076e332f080255f23b
SHA1 5cd47d9fdc45ba59c901e75dd3afa452a969dc7e
SHA256 d9d4cd2bad4b59ccf0a35685f4cb49914115ee5a0a7a3f1611da059fddabb935
SHA512 2b95caa2d282068f5eff9bdaeeade53eadf4c326083005c2b2d66c148587f905ff0ee28e071d5934de141ff44312092f23c61295fb9a9662d5eadc7374a9b1e6

/data/user/0/com.fiz.abeywl/files/viXN-nItmOkIezOjxZd7IR4tVTij7FF5IF-f2SdK40g=/m19bTU5KkfrSuM64C22O6Q==/p7U5fXLUzNUq4Ffm.zip

MD5 065dc1e61480d1e3a7ad0add0bc10bde
SHA1 90c6401ea87760eedf854855f0f4501294775ebe
SHA256 55c05d77d66acac68d1bd4b3c9e1fc41370d1b9a3ff63f9f4581110bdc9d1914
SHA512 80beafbbee535cc3b673e1874e6d805418df86c3c2469ca1b060f1081c9ad7ec7f9151fd745607787bb7ddbb455376df916a0757d4ed3d2c000229ec8a0e1e9d

/data/data/com.fiz.abeywl/files/one.dex

MD5 3253d9a3e924311215ed5fc1d4f819ba
SHA1 77cdb93e01b6098d3abb1ce58b57e07cab89b0ee
SHA256 ea59f7861ac9d24eefe391ce9896160c31f6817ae3fcfeb42a503cd1e5640644
SHA512 63a2f3d0af447f20631e7c031f8bb6a167bc2595c50d3c835d0eff05a4a281a2b45bb10198e5339f39d739c16b2ee9e5fbba9e763ee8cd2799f958ceae6b2abf

/data/user/0/com.fiz.abeywl/files/one.dex

MD5 78f6ea4a04ce99ad7ba0ef62a29ad038
SHA1 73f074ec0d580b0489a5a3077a0da7240e57b4c8
SHA256 ad3dd1f60ae608ad4199c40cb00a0e69e92134996fdf7f6e4ae05019b65e3266
SHA512 3776684fdd52c0833996046597a52bd8bf09e38ac4aa7700c2f131a3e2952f6be756a57f66b77ff08cf2fcbbfdd1030e4476e54034ac15fe8a3366ae9d68c266

/data/data/com.fiz.abeywl/cache/ydutl/ydutl.cf

MD5 d8ccf1baae4265f44d99e0dd16749291
SHA1 956e3f00648f6d23ddddab9f54ccc63209a90177
SHA256 d2ce7fccbe00f23706d51594c39eae3159ae19182c0177119303dbb111c654fd
SHA512 f9940c179709b2032818063fe8975a043616e1eacca28f723032b63ec8bd9265604f183640752a1aca89797b0c3666608b8f4f43f686ec664509ec9733f5d897

/data/data/com.fiz.abeywl/app_jar/orbgi.jar

MD5 ef772db4d7ca77c272bc8f27225302e1
SHA1 c7d95f8fe24450269b879cfd1a57adc2bab23ef3
SHA256 d44ac353702eee1f4c8f852af20994417fd9f73df5e011bb0a726c2f2dfa3aac
SHA512 32df876d190453abc658ab762711b5e8455535eb9afa6457db9e08d9223bc6152137c941d6964e7ca13ecd36716db3990ebd3e89ef577ef3c6e2759b4bf3f7a8

/data/data/com.fiz.abeywl/files/jiepayplugin.apk

MD5 841e03ad638dc4ec961813b36f4b840b
SHA1 13cda32836181128f3d6c92b71639c23c2548e0d
SHA256 36422b91709e97dda8eb54ad9fad62d595b500500450d1430f24395b1bc686f9
SHA512 27e2c82de231019e65537e06ae639c9f440db3d80f46f4fd7683a43128a4fd4ce46576046438666a2bad24a7b55d5ee6d1cb1b2a6e43efb8c51ec97a5844085d

/data/user/0/com.fiz.abeywl/files/jiepayplugin.apk

MD5 b1cdb24183bb9b0bca72ae4686ab2939
SHA1 ccba7e9f3a7fdbb23b3f6d8d703394eee299fee2
SHA256 5938ae175be6f88d9f659bd63932d8672b6ebc1e41069bcd1714690fe3a5b7f0
SHA512 209713ad041d468af887d1d6c0abc3af6152307769e8e6c32981e081283c1ac86f441572ba8161dab911e311f542bfff7daf1f29915c7eabcb03c158abc337c2

/data/user/0/com.fiz.abeywl/files/jiepayplugin.apk

MD5 e60e0b38e94a3a4fa4c688968e1ee7c1
SHA1 9844b74586d20539e48163884b0cd83a6dd87885
SHA256 79f3bc8e2bd35937601505c64b4fc0a266278ee5d9c06ab9d74a731a32c8e010
SHA512 59caa74fb0afb863161e15b5bae607525617236437f1df0a9f4967fec43d57c3f8b5ff1ae7dc58b78810e7fd3efe2c0d6fe2214f8ec38f9474b5903c1d0bc106

/data/data/com.fiz.abeywl/files/rdata_combowaldenz.new

MD5 104c407182d31342859a0fd30b5ac0fb
SHA1 cf7a7c6002504a71c125b02a05ce5865eb1c7b49
SHA256 60b5de7381fe76ed10ec8120318827f17c5ddc1b811cf032374b3e13e2afbaec
SHA512 a7cdfb76a9ae5daddfbf34c91931cdc65157a27a254a0d2c1b61c918128a11204bfe2a5350bd20d75ccb67a8bf4e46881044dc476a2f47f2297ee4f689d38e6b

/data/data/com.fiz.abeywl/files/6p0ZUbse0TuMYq0IQxqCz2IzyjPgQrgNvNNIVjK-Q8s=_files/CqW6tFwge02JeE-9nQ57Fg==/49nfKUzlfUNvBGLJHAmlUrcH9IE=.new

MD5 e04cd5c007a1719404fd87de03307680
SHA1 3bafb9929674b5c80b78ab760ba12d837b24edf1
SHA256 7e0d4f749862ef5f4ac96d62ba6a0578243078e6ad8089f4010ea2305c46c710
SHA512 a5b4418c171c3bc1ec177d577131a4a883de1030e549cf5783e8e1dd2c3ca969c92e19b11f1704b92f5cea8e7240de191e6fa3f7b325100e1981a3f97e39a9eb

/data/data/com.fiz.abeywl/files/6p0ZUbse0TuMYq0IQxqCz2IzyjPgQrgNvNNIVjK-Q8s=_files/EOOtQe4NhK9cuHzDco3C5w==/MbVvfa_0ez4xUYILahMxjw==.new

MD5 3f5634e04ea0e8de3fecf62351534c11
SHA1 38d5cceea321443746e2704e876b979ca70bf98b
SHA256 45445a915b1da8f516ae46a752f9319bdd5a2790df6be1333d439bd595e5f50e
SHA512 fa2ee96d58e55497debed2747960f9c3cbe26675e9de7f7361b2bdcff15a4256ca8ce5b38cc6c3da42ddff9e41f2157860b5a7965b56db9c5cf903e6aff72299

/data/data/com.fiz.abeywl/files/6p0ZUbse0TuMYq0IQxqCz2IzyjPgQrgNvNNIVjK-Q8s=_files/EOOtQe4NhK9cuHzDco3C5w==/--x3TROgroPCP9tAGCOjFVwB4tE=.new

MD5 3d9e41620f1c0662b443b2f260ecf2af
SHA1 ff0c524e89f2d9956056afe37c009441caa23a7d
SHA256 c67769739a4460db64fa590b5be5c0cb7ad53f3412b8024e923189dc78b1ccf7
SHA512 9944858946a0893893a8f273d73cc0328f3c1e4374883e64b90133d138a3d31ef9fd509405afc0422c4b76f67ba9185d7261e00ec72d999c2224bcd0364a9504

/data/data/com.fiz.abeywl/files/umeng_it.cache

MD5 1033fba2eed42d186c068bd8000a63f3
SHA1 c5bcafbd3944de38c6f8148c5a1eb345eaaaa912
SHA256 0d4aa358224d0d071bcf4a40d24c4b86a180d5c17ea3334a48c026901088583a
SHA512 0ebf2ad3b5552ac7651bd91b488df7011b4e8e8fc2920e71abc1d0b3574a3e2937aad27dc0e8ad6f2f63f1be3a0d65d879c6945e3aa4f7c07c7879b17636e394