ID: Sample Name: eikadagene_ _ _5ac51250.apk Cookbook: defaultandroidfilecookbook.jbs Time: 09:17:09 Date: 05/04/2018 Version:

Transcription

1 ID: Sample Name: eikadagene_ _ _5ac51250.apk Cookbook: defaultandroidfilecookbook.jbs Time: 09:17:09 Date: 05/04/2018 Version:

2 Table of Contents Table of Contents Analysis Report Overview General Information Detection Classification Signature Overview Change of System Appearance: Location Tracing: Operating System Destruction: Spam, unwanted Advertisements and Ransom Demands: E-Banking Fraud: Networking: Boot Survival: Remote Access Functionality: Stealing of Sensitive Information: Data Obfuscation: Spreading: System Summary: Malware Analysis System Evasion: Hooking and other Techniques for Hiding and Protection: Language, Device and Operating System Detection: Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Screenshots Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Static File Info General File Icon Static APK Info General Activities Receivers Services Permission Requested Certificate Resources Network Behavior Network Port Distribution TCP Packets UDP Packets DNS Queries Copyright Joe Security LLC 2018 Page 2 of 49

3 DNS Answers HTTPS Packets APK Behavior Installation Miscellaneous Simulated Events Interacted Views By Permission (executed) By Permission (non-executed) By Class (executed) By Class (non-executed) By API Disassembly 0 Executed Methods 0 Non-Executed Methods Copyright Joe Security LLC 2018 Page 3 of 49

4 Analysis Report Overview General Information Joe Sandbox Version: Analysis ID: Start time: 09:17:09 Joe Sandbox Product: CloudBasic Start date: Overall analysis duration: Hypervisor based Inspection enabled: Report type: Sample file name: Cookbook file name: 0h 8m 35s Analysis system description: Android 6.0 Detection: Classification: Warnings: false light eikadagene_ _ _5ac51250.apk defaultandroidfilecookbook.jbs SUS Show All all executed log events are in report (maximum 10 identical API calls) all resource files were parsed Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing dynamic data code. Detection Strategy Score Range Reporting Detection Threshold Report FP / FN Classification Copyright Joe Security LLC 2018 Page 4 of 49

5 Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Signature Overview of System Appearance Change Tracing Location System Destruction Operating unwanted Advertisements and Ransom Demands Spam, Fraud E-Banking Networking Survival Boot Access Functionality Remote of Sensitive Information Stealing Obfuscation Data Spreading Summary System Analysis System Evasion Malware and other Techniques for Hiding and Protection Hooking Language, Device and Operating System Detection Click to jump to signature section Copyright Joe Security LLC 2018 Page 5 of 49

6 Change of System Appearance: May access the Android keyguard (lock screen) Acquires a wake lock Location Tracing: Queries the phones location (GPS) Operating System Destruction: Lists and deletes files in the same context Spam, unwanted Advertisements and Ransom Demands: May use Google Cloud Messaging (GCM) or Google's Cloud to Device Messaging (C2DM) services E-Banking Fraud: Has functionalty to add an overlay to other apps Networking: Checks an internet connection is available Opens an internet connection Performs DNS lookups (Java API) Found strings which match to known social media urls Monitors network connection state Performs DNS lookups Urls found in memory or binary data Uses HTTP for connecting to the internet Uses HTTPS Boot Survival: Has permission to execute code after phone reboot Installs a new wake lock (to get activate on phone screen on) Remote Access Functionality: Uses DownloadManager to fetch additional components Stealing of Sensitive Information: Has permission to read the phones state (phone number, device IDs, active call ect.) Queries list of installed packages Queries media storage location field Queries stored mail and application accounts (e.g. Gmail or Whatsup) Has permission to query the current location Data Obfuscation: Found very long method strings Obfuscates method names Uses reflection Copyright Joe Security LLC 2018 Page 6 of 49

7 Spreading: Accesses external storage location System Summary: Executes native commands Requests potentially dangerous permissions Classification label Creates SQLiteDatabase table Loads native libraries Reads shares settings Malware Analysis System Evasion: Accesses /proc Accesses android OS build fields Checks if the Android Monkey is running (UI Automation) Queries several sensitive phone informations Queries the unique operating system id (ANDROID_ID) May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) Hooking and other Techniques for Hiding and Protection: Aborts a broadcast event (this is often done to hide phone events such as incoming SMS) Has permission to draw over other applications or user interfaces Queries list of running processes/tasks Uses Crypto APIs Language, Device and Operating System Detection: Checks if phone is rooted (checks for su binary) Queries the network operator name Antivirus Detection Initial Sample No Antivirus matches Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains Source Detection Scanner Label Link onesignal.com 0% virustotal Browse play.googleapis.com 0% virustotal Browse Yara Overview Copyright Joe Security LLC 2018 Page 7 of 49

8 Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Screenshots Created / dropped Files No created / dropped files found Contacted Domains/Contacted IPs Copyright Joe Security LLC 2018 Page 8 of 49

9 Contacted Domains Name IP Active Malicious Antivirus Detection Reputation onesignal.com true false 0%, virustotal, Browse high play.googleapis.com true false 0%, virustotal, Browse high Contacted IPs No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs IP Country Flag ASN ASN Name Malicious United States GOOGLE-GoogleIncUS false Reserved unknown unknown false United States GOOGLE-GoogleIncUS false United States GOOGLE-GoogleIncUS false United States CLOUDFLARENET- CloudFlareIncUS false Static File Info General File type: Zip archive data, at least v2.0 to extract Entropy (8bit): TrID: Android Package (19004/1) 39.58% Java Archive (13504/1) 28.12% Google Earth saved working session (6004/1) 12.50% ZIP compressed archive (4004/1) 8.34% Java Script embedded in Visual Basic Script (3500/0) 7.29% File name: File size: MD5: SHA1: SHA256: SHA512: eikadagene_ _ _5ac51250.apk 9d99a96fc7abc4cb9d0d09c41e64c511 f842d5ebb04be72d851dfc03c3a9a7fa5513ab6e bc417a6f2cb052c47cf76177c382443bb4325c6b c50bba742e904a192 51f28b5ec197fcda cd4f1765ea a1f6a31f e0745c7ab5bbf592e713fda57d7520abffd3ccd5 2e23b7d3912e310d0838d7eef588cb42e Copyright Joe Security LLC 2018 Page 9 of 49

10 General File Content Preview: PK...\ AndroidManifest.xml..Il...p...B..J \...9..~..B...^.zK K; n.zH {..B...u File Icon Static APK Info General Label: Eika Dagene Minimum SDK required: 16 Target SDK required: 22 Version Code: 1 Version Name: 1 Package Name: no.muuh.eika Is Activity: true Is Receiver: true Is Service: true Requests System Level Permissions: false Play Store Compatible: true Activities Name no.muuh.eikano.muuh.eika.mainactivity no.muuh.eikacom.facebook.react.devsupport.devsettingsactivity no.muuh.eikacom.google.android.gms.common.api.googleapiactivity no.muuh.eikacom.onesignal.permissionsactivity Is Entrypoint true Receivers com.google.android.gms.analytics.analyticsreceiver com.onesignal.bootupreceiver Intent: android.intent.action.action_boot_completed, android.intent.action.boot_completed, android.intent.action.quickboot_poweron com.onesignal.gcmbroadcastreceiver Intent: com.google.android.c2dm.intent.receive (Priority 999) com.onesignal.ificationopenedreceiver com.onesignal.upgradereceiver Intent: android.intent.action.my_package_replaced Services com.google.android.gms.analytics.analyticsjobservice com.google.android.gms.analytics.analyticsservice com.onesignal.gcmintentjobservice com.onesignal.gcmintentservice com.onesignal.ificationrestoreservice com.onesignal.restorejobservice com.onesignal.restorekickoffjobservice com.onesignal.syncjobservice com.onesignal.syncservice Permission Requested android.permission.access_coarse_location android.permission.access_network_state android.permission.bind_job_service android.permission.internet android.permission.read_app_badge android.permission.read_external_storage android.permission.read_phone_state Copyright Joe Security LLC 2018 Page 10 of 49

11 android.permission.receive_boot_completed android.permission.system_alert_window android.permission.vibrate android.permission.wake_lock android.permission.write_external_storage com.anddoes.launcher.permission.update_count com.google.android.c2dm.permission.receive com.htc.launcher.permission.read_settings com.htc.launcher.permission.update_shortcut com.huawei.android.launcher.permission.change_badge com.huawei.android.launcher.permission.read_settings com.huawei.android.launcher.permission.write_settings com.majeur.launcher.permission.update_badge com.oppo.launcher.permission.read_settings com.oppo.launcher.permission.write_settings com.sec.android.provider.badge.permission.read com.sec.android.provider.badge.permission.write com.sonyericsson.home.permission.broadcast_badge com.sonymobile.home.permission.provider_insert_badge me.everything.badger.permission.badge_count_read me.everything.badger.permission.badge_count_write no.muuh.eika.permission.c2d_message Certificate Name: Issuer: Subject: classes.dex CN=Chris Aardal,OU=Muuh,O=Muuh,L=Kristiansand S,ST=Vest-Agder,C=NO CN=Chris Aardal,OU=Muuh,O=Muuh,L=Kristiansand S,ST=Vest-Agder,C=NO Resources Name Type Size abc_ic_commit_search_api_mtrl_alp ha.png PNG image data, 32 x 32, 8-bit gray+alpha, non-interlaced 173 abc_screen_simple.xml data 872 abc_list_focused_holo.9.png PNG image data, 6 x 6, 8-bit/color RGBA, non-interlaced 222 abc_dialog_title_material.xml data 1156 abc_btn_check_to_on_mtrl_015.png PNG image data, 32 x 32, 8-bit gray+alpha, non-interlaced 321 CheckForNull.java ASCII text 375 abc_list_pressed_holo_light.9.png PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced 221 abc_edit_text_material.xml data 1360 common_google_signin_btn_icon_da PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced 610 rk_normal_background.9.png abc_menu_hardkey_panel_mtrl_mult.9.png common_google_signin_btn_text_da rk_normal_background.9.png libyoga.so abc_scrubber_primary_mtrl_alpha.9. png PNG image data, 64 x 24, 8-bit/color RGBA, non-interlaced 589 PNG image data, 333 x 144, 8-bit/color RGBA, non-interlaced 1638 ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked (uses shared libs), BuildID[sha1]=01dcfdf9db ba85c056d7fef5975e696f4, stripped PNG image data, 15 x 18, 8-bit/color RGBA, non-interlaced 214 abc_switch_track_mtrl_alpha.9.png PNG image data, 35 x 25, 8-bit/color RGBA, non-interlaced 538 CodePushHash ASCII text, with no line terminators 64 abc_switch_thumb_material.xml data 560 Immutable.java ASCII text 1333 Google_internal.gwt.xml exported SGML document, ASCII text 213 notification_bg_low_pressed.9.png PNG image data, 8 x 8, 8-bit/color RGB, non-interlaced 223 abc_btn_radio_to_on_mtrl_015.png PNG image data, 64 x 64, 8-bit gray+alpha, non-interlaced 785 app_resources_eika_logo_white.png PNG image data, 467 x 190, 8-bit/color RGBA, non-interlaced abc_textfield_search_activated_mtrl _alpha.9.png PNG image data, 36 x 10, 8-bit/color RGBA, non-interlaced 193 abc_ic_ab_back_material.xml data 908 abc_tint_seek_thumb.xml data 608 amu_multiple_placemarks.kml ASCII text 824 abc_screen_toolbar.xml data 1632 amu_unsupported.kml ASCII text 512 Copyright Joe Security LLC 2018 Page 11 of

12 Name Type Size googleg_disabled_color_18.png PNG image data, 54 x 54, 8-bit gray+alpha, non-interlaced 727 abc_list_selector_disabled_holo_ligh t.9.png abc_seekbar_tick_mark_material.xm l abc_ic_menu_copy_mtrl_am_alpha. png PNG image data, 13 x 41, 8-bit/color RGBA, non-interlaced 227 data 600 PNG image data, 96 x 96, 8-bit gray+alpha, non-interlaced 327 abc_btn_colored_material.xml data 1908 amu_visibility_ground_overlay.kml XML document text 696 abc_menu_hardkey_panel_mtrl_mult.9.png PNG image data, 192 x 72, 8-bit/color RGBA, non-interlaced 1779 abc_list_divider_mtrl_alpha.9.png PNG image data, 1 x 1, 8-bit grayscale, non-interlaced 167 common_full_open_on_phone.png PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced 681 abc_spinner_mtrl_am_alpha.9.png PNG image data, 18 x 24, 8-bit/color RGBA, non-interlaced 340 abc_btn_radio_to_on_mtrl_015.png PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 563 abc_btn_radio_to_on_mtrl_000.png PNG image data, 128 x 128, 8-bit gray+alpha, non-interlaced 785 libglog_init.so ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked (uses shared libs), BuildID[sha1]=8e685dfc f6e551b0fdb04f50303e6, stripped abc_btn_default_mtrl_shape.xml data 1092 app_resources_ic_mail.png PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced 516 abc_ic_arrow_drop_right_black_24dp data 1248.xml switch_thumb_material_dark.xml data 468 abc_list_focused_holo.9.png PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced 244 abc_list_selector_background_transi tion_holo_light.xml data 508 tooltip_frame_light.xml data 564 abc_screen_toolbar.xml data 1688 ParametersAreNullableByDefault.jav a abc_cab_background_top_mtrl_alph a.9.png ASCII text 1096 PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced 234 abc_fade_out.xml data 396 abc_list_pressed_holo_light.9.png PNG image data, 9 x 9, 8-bit/color RGBA, non-interlaced 212 notify_panel_notification_icon_bg.pn g abc_ic_menu_copy_mtrl_am_alpha. png PNG image data, 14 x 14, 8-bit colormap, non-interlaced 93 PNG image data, 24 x 24, 8-bit gray+alpha, non-interlaced 127 app_resources_eika_bg.png PNG image data, 750 x 1334, 8-bit/color RGBA, non-interlaced onesignal_bgimage_notif_layout.xml data 1896 abc_ic_menu_paste_mtrl_am_alpha. png PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced 226 abc_alert_dialog_button_bar_materia data 1752 l.xml abc_spinner_mtrl_am_alpha.9.png PNG image data, 72 x 96, 8-bit/color RGBA, non-interlaced 513 common_google_signin_btn_text_da rk_normal_background.9.png PNG image data, 168 x 73, 8-bit/color RGBA, non-interlaced 960 notification_template_media.xml data 1440 libglog_init.so abc_list_selector_disabled_holo_dar k.9.png ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=ed1563c6582c3acf38e ee ff, stripped PNG image data, 42 x 126, 8-bit/color RGBA, non-interlaced 307 amu_cdata.kml ASCII text 328 abc_btn_check_to_on_mtrl_000.png PNG image data, 32 x 32, 8-bit gray+alpha, non-interlaced 214 abc_text_select_handle_left_mtrl_lig ht.png PNG image data, 44 x 22, 8-bit/color RGBA, non-interlaced 203 app_resources_backbutton.png PNG image data, 20 x 32, 8-bit/color RGBA, non-interlaced 248 libglog.so notification_template_media_custom.xml ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=195a65e2a75f517572cc2d e68cda34639, stripped data 2628 abc_list_pressed_holo_dark.9.png PNG image data, 6 x 6, 8-bit/color RGBA, non-interlaced 211 abc_hint_foreground_material_dark.x data 568 ml abc_list_selector_holo_dark.xml data 1208 Nonnegative.java ASCII text 1303 googleg_disabled_color_18.png PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced 516 libimagepipeline.so ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked (uses shared libs), BuildID[sha1]=3eaef82aba7872c11f a990ba20c7229, stripped notification_action_background.xml data 1352 Copyright Joe Security LLC 2018 Page 12 of

13 Name Type Size abc_cab_background_internal_bg.x ml abc_ic_menu_copy_mtrl_am_alpha. png data 436 PNG image data, 72 x 72, 8-bit gray+alpha, non-interlaced 263 abc_ic_star_black_48dp.png PNG image data, 192 x 192, 8-bit gray+alpha, non-interlaced 1680 abc_secondary_text_material_dark.x ml data 468 abc_list_longpressed_holo.9.png PNG image data, 9 x 9, 8-bit/color RGBA, non-interlaced 212 abc_search_view.xml data 3568 abc_btn_radio_to_on_mtrl_000.png PNG image data, 64 x 64, 8-bit gray+alpha, non-interlaced 651 abc_text_select_handle_right_mtrl_d ark.png PNG image data, 176 x 88, 8-bit colormap, non-interlaced 513 Eika-Medium.otf OpenType font data amu_poly_style_boolean_alpha.kml XML document text abc_ic_commit_search_api_mtrl_alp ha.png PNG image data, 96 x 96, 8-bit gray+alpha, non-interlaced 224 googleg_standard_color_18.png PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced 1615 abc_ic_menu_cut_mtrl_alpha.png PNG image data, 72 x 72, 8-bit gray+alpha, non-interlaced 710 common_google_signin_btn_text_da rk_normal.xml data 692 abc_ic_menu_selectall_mtrl_alpha.p ng PNG image data, 96 x 96, 8-bit gray+alpha, non-interlaced 305 node_modules_reactnavigation_src_ views_assets_backicon.png common_google_signin_btn_icon_lig ht_normal_background.9.png PNG image data, 72 x 72, 8-bit gray+alpha, non-interlaced 167 PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced 564 ic_os_notification_fallback_white_24 dp.png PNG image data, 24 x 24, 8-bit gray+alpha, non-interlaced 177 abc_ic_star_half_black_48dp.png PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 310 notification_bg_normal_pressed.9.pn g abc_scrubber_control_to_pressed_m trl_005.png PNG image data, 8 x 8, 8-bit/color RGB, non-interlaced 223 PNG image data, 18 x 18, 8-bit gray+alpha, non-interlaced 197 abc_list_selector_disabled_holo_ligh t.9.png PNG image data, 21 x 63, 8-bit/color RGBA, non-interlaced 240 app_resources_eika_logo_white.png PNG image data, 1401 x 570, 8-bit/color RGBA, non-interlaced app_resources_ic_mail.png PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced 1508 abc_fade_in.xml data 396 amu_ground_overlay.kml XML document text 729 common_google_signin_btn_text_lig ht.xml data 716 amu_basic_placemark.kml ASCII text 1120 select_dialog_multichoice_material.x ml data 788 abc_ab_share_pack_mtrl_alpha.9.pn g PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced 305 abc_action_bar_view_list_nav_layou t.xml data 396 abc_scrubber_control_to_pressed_m trl_005.png PNG image data, 72 x 72, 8-bit gray+alpha, non-interlaced 631 abc_grow_fade_in_from_bottom.xml data 860 common_google_signin_btn_text_da rk_focused.xml data 1016 amu_draw_order_ground_overlay.km XML document text 419 l abc_text_select_handle_right_mtrl_li ght.png PNG image data, 132 x 66, 8-bit colormap, non-interlaced 422 abc_btn_radio_to_on_mtrl_000.png PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 464 abc_btn_switch_to_on_mtrl_ png PNG image data, 81 x 81, 8-bit gray+alpha, non-interlaced 2804 abc_list_selector_disabled_holo_ligh t.9.png PNG image data, 28 x 84, 8-bit/color RGBA, non-interlaced 253 tooltip.xml data 976 abc_ic_menu_share_mtrl_alpha.png PNG image data, 24 x 24, 8-bit gray+alpha, non-interlaced 270 abc_cab_background_top_mtrl_alph a.9.png PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced 225 amu_document_nest.kml ASCII text 312 abc_ic_star_black_48dp.png PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 467 Eika-Bold.otf OpenType font data common_full_open_on_phone.png PNG image data, 128 x 128, 8-bit colormap, non-interlaced 489 abc_ic_star_half_black_48dp.png PNG image data, 192 x 192, 8-bit gray+alpha, non-interlaced 991 Copyright Joe Security LLC 2018 Page 13 of 49

14 Name Type Size abc_hint_foreground_material_light.x data 568 ml libicu_common.so ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=8deaddc973f04f317bc24475c556665eee25a14a, stripped notification_media_action.xml data 616 notification_template_media.xml data 1348 abc_ic_menu_copy_mtrl_am_alpha. png notification_template_icon_group.xm l PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 178 data 400 notification_action.xml data 1268 abc_scrubber_primary_mtrl_alpha.9. png PNG image data, 30 x 36, 8-bit/color RGBA, non-interlaced 218 amu_nested_multigeometry.kml XML document text 807 abc_scrubber_track_mtrl_alpha.9.pn g abc_list_selector_disabled_holo_dar k.9.png abc_ic_voice_search_api_material.x ml abc_scrubber_control_off_mtrl_alpha.png PNG image data, 30 x 36, 8-bit/color RGBA, non-interlaced 212 PNG image data, 28 x 84, 8-bit/color RGBA, non-interlaced 254 data 1208 PNG image data, 18 x 48, 8-bit gray+alpha, non-interlaced 201 ic_launcher.png PNG image data, 72 x 72, 8-bit/color RGB, non-interlaced 2196 abc_ic_star_half_black_36dp.png PNG image data, 54 x 54, 8-bit gray+alpha, non-interlaced 328 googleg_standard_color_18.png PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced 982 abc_spinner_mtrl_am_alpha.9.png PNG image data, 27 x 36, 8-bit/color RGBA, non-interlaced 367 common_google_signin_btn_icon_lig ht_normal_background.9.png common_google_signin_btn_icon_lig ht_focused.xml abc_text_select_handle_right_mtrl_li ght.png PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced 935 data 1016 PNG image data, 176 x 88, 8-bit colormap, non-interlaced 513 catalyst_slide_down.xml data 360 abc_ic_star_black_16dp.png PNG image data, 64 x 64, 8-bit gray+alpha, non-interlaced 599 ic_launcher.png PNG image data, 48 x 48, 8-bit colormap, non-interlaced 1324 amu_multigeometry_placemarks.kml ASCII text 1586 libglog.so ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked (uses shared libs), BuildID[sha1]=ec4c6265a4fd5759fb5359b82b4fc50afa98c070, stripped abc_action_menu_layout.xml data 584 Annotations.gwt.xml exported SGML document, ASCII text 375 common_google_signin_btn_icon_lig ht_normal.xml libimagepipeline.so data 652 ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=1ba5e6dfb45f5d77c6af6c7a7f289a89c86ab073, stripped abc_ic_menu_cut_mtrl_alpha.png PNG image data, 96 x 96, 8-bit gray+alpha, non-interlaced 910 Exclusive.java ASCII text 650 common_google_signin_btn_text_lig ht_focused.xml common_google_signin_btn_text_di sabled.xml abc_textfield_search_default_mtrl_al pha.9.png data 1016 data 1296 PNG image data, 12 x 3, 8-bit/color RGBA, non-interlaced 180 amu_ground_overlay_color.kml XML document text 415 OverridingMethodsMustInvokeSuper.java ASCII text 580 dev_loading_view.xml data 652 select_dialog_singlechoice_material. xml data 788 abc_ic_star_half_black_16dp.png PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced 146 abc_popup_enter.xml data 512 notification_template_part_time.xml data 448 abc_btn_switch_to_on_mtrl_ png PNG image data, 41 x 41, 8-bit/color RGBA, non-interlaced 1548 abc_tab_indicator_mtrl_alpha.9.png PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced 199 abc_textfield_activated_mtrl_alpha.9.png abc_list_selector_disabled_holo_dar k.9.png PNG image data, 12 x 11, 8-bit/color RGBA, non-interlaced 186 PNG image data, 21 x 63, 8-bit/color RGBA, non-interlaced 239 abc_btn_check_to_on_mtrl_015.png PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 404 ParametersAreNonnullByDefault.jav a ASCII text 866 Copyright Joe Security LLC 2018 Page 14 of

15 Name Type Size abc_dialog_title_material.xml data 1112 abc_text_select_handle_middle_mtrl _dark.png PNG image data, 60 x 72, 8-bit/color RGBA, non-interlaced 752 common_google_signin_btn_text_da rk_normal_background.9.png notification_bg_normal_pressed.9.pn g PNG image data, 111 x 48, 8-bit/color RGBA, non-interlaced 615 PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced 247 select_dialog_item_material.xml data 648 amu_default_balloon.kml XML document text 365 abc_ic_star_black_16dp.png PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced 193 app_resources_ic_person.png PNG image data, 54 x 60, 8-bit/color RGBA, non-interlaced 883 abc_scrubber_track_mtrl_alpha.9.pn g PNG image data, 20 x 24, 8-bit/color RGBA, non-interlaced 207 index.android.bundle.meta data 21 abc_alert_dialog_title_material.xml data 1572 abc_textfield_activated_mtrl_alpha.9.png PNG image data, 38 x 33, 8-bit/color RGBA, non-interlaced 202 app_resources_eika_bg.png PNG image data, 1125 x 2001, 8-bit/color RGBA, non-interlaced abc_text_select_handle_right_mtrl_li ght.png abc_text_select_handle_right_mtrl_li ght.png PNG image data, 88 x 44, 8-bit/color RGBA, non-interlaced 318 PNG image data, 44 x 22, 8-bit/color RGBA, non-interlaced 186 abc_vector_test.xml data 812 abc_list_longpressed_holo.9.png PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced 214 abc_btn_check_to_on_mtrl_015.png PNG image data, 128 x 128, 8-bit gray+alpha, non-interlaced 476 abc_ic_star_half_black_16dp.png PNG image data, 64 x 64, 8-bit gray+alpha, non-interlaced 376 abc_action_mode_close_item_mater ial.xml data 796 abc_ic_star_black_36dp.png PNG image data, 54 x 54, 8-bit gray+alpha, non-interlaced 522 abc_seekbar_thumb_material.xml data 1232 abc_list_divider_mtrl_alpha.9.png PNG image data, 1 x 1, 8-bit grayscale, non-interlaced 167 libfb.so ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=b7afcf81c48cb70d37285af19b973948de095c82, stripped PropertyKey.java ASCII text 366 abc_tint_switch_track.xml data 772 abc_list_focused_holo.9.png PNG image data, 9 x 9, 8-bit/color RGBA, non-interlaced 244 amu_poly_style_boolean_numeric.k ml XML document text abc_alert_dialog_button_bar_materia data 1704 l.xml abc_ratingbar_indicator_material.xml data 760 amu_bubble_mask.9.png PNG image data, 72 x 43, 8-bit/color RGBA, non-interlaced 569 abc_ic_menu_selectall_mtrl_alpha.p ng abc_textfield_search_default_mtrl_al pha.9.png PNG image data, 72 x 72, 8-bit gray+alpha, non-interlaced 262 PNG image data, 36 x 10, 8-bit/color RGBA, non-interlaced 196 abc_ratingbar_material.xml data 712 ic_launcher.png PNG image data, 144 x 144, 8-bit/color RGB, non-interlaced 4822 abc_cab_background_top_mtrl_alph a.9.png PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced 246 abc_search_url_text.xml data 596 common_google_signin_btn_icon_da PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced 1032 rk_normal_background.9.png amu_basic_folder.kml HTML document, ASCII text 264 libreactnativejni.so notification_template_icon_group.xm l ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=75e9243f7c843ecdf0b02a3389c4720dde66a58c, stripped data 996 notification_action_tombstone.xml data 1444 app_resources_eika_bg.png PNG image data, 375 x 667, 8-bit/color RGBA, non-interlaced abc_spinner_mtrl_am_alpha.9.png PNG image data, 27 x 36, 8-bit/color RGBA, non-interlaced 368 abc_tint_btn_checkable.xml data 732 abc_scrubber_control_to_pressed_m trl_005.png abc_textfield_activated_mtrl_alpha.9.png abc_btn_switch_to_on_mtrl_ png PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced 391 PNG image data, 19 x 16, 8-bit/color RGBA, non-interlaced 192 PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced 2606 resources.arsc data abc_ic_menu_share_mtrl_alpha.png PNG image data, 96 x 96, 8-bit gray+alpha, non-interlaced 899 Copyright Joe Security LLC 2018 Page 15 of

16 Name Type Size abc_scrubber_control_to_pressed_m PNG image data, 12 x 12, 8-bit gray+alpha, non-interlaced 145 trl_000.png abc_primary_text_material_light.xml data 468 libgnustl_shared.so ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked (uses shared libs), stripped notification_action.xml data 1204 amu_info_window.xml data 560 Tainted.java ASCII text 372 abc_tint_btn_checkable.xml data 628 Eika-Semibold.otf OpenType font data abc_scrubber_control_to_pressed_m trl_000.png PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 415 common_google_signin_btn_icon_di sabled.xml data 1276 catalyst_push_up_in.xml data 600 abc_list_menu_item_icon.xml data 688 fps_view.xml data 716 notification_template_big_media.xml data 1652 tooltip_frame_dark.xml data 564 notification_bg_normal_pressed.9.pn g PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced 225 notification_bg_low_pressed.9.png PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced 225 googleg_disabled_color_18.png PNG image data, 18 x 18, 8-bit gray+alpha, non-interlaced 281 node_modules_reactnavigation_src_ views_assets_backicon.png PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced 134 abc_tab_indicator_mtrl_alpha.9.png PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced 208 abc_tint_spinner.xml data 672 MANIFEST.MF ASCII text, with CRLF line terminators abc_text_select_handle_right_mtrl_d ark.png PNG image data, 88 x 44, 8-bit/color RGBA, non-interlaced 319 abc_btn_check_to_on_mtrl_015.png PNG image data, 64 x 64, 8-bit gray+alpha, non-interlaced 432 abc_text_select_handle_left_mtrl_da rk.png abc_ic_menu_copy_mtrl_am_alpha. png PNG image data, 132 x 66, 8-bit colormap, non-interlaced 420 PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 178 abc_popup_exit.xml data 512 common_google_signin_btn_icon_lig ht.xml data 700 abc_scrubber_primary_mtrl_alpha.9. png PNG image data, 20 x 24, 8-bit/color RGBA, non-interlaced 219 abc_list_selector_holo_light.xml data 1208 amu_ballon_gx_prefix.kml XML document text 4959 RegEx.java ASCII text 1064 abc_btn_check_to_on_mtrl_000.png PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 227 abc_ic_star_half_black_36dp.png PNG image data, 72 x 72, 8-bit gray+alpha, non-interlaced 421 index.android.bundle ASCII text, with very long lines common_google_signin_btn_text_lig ht.xml data 700 Nonnull.java ASCII text 706 abc_list_pressed_holo_dark.9.png PNG image data, 9 x 9, 8-bit/color RGBA, non-interlaced 212 notification_template_media_custom.xml data 2856 common_google_signin_btn_tint.xml data 468 abc_ic_menu_paste_mtrl_am_alpha. png PNG image data, 96 x 96, 8-bit gray+alpha, non-interlaced 461 abc_btn_colored_text_material.xml data 504 abc_text_select_handle_right_mtrl_d ark.png PNG image data, 132 x 66, 8-bit colormap, non-interlaced 422 WillCloseWhenClosed.java ASCII text 385 abc_scrubber_control_to_pressed_m trl_005.png PNG image data, 54 x 54, 8-bit gray+alpha, non-interlaced 595 abc_text_select_handle_left_mtrl_da rk.png PNG image data, 176 x 88, 8-bit colormap, non-interlaced 513 abc_btn_switch_to_on_mtrl_ png PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced 3853 abc_list_longpressed_holo.9.png PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced 221 abc_ic_star_black_36dp.png PNG image data, 108 x 108, 8-bit gray+alpha, non-interlaced 983 abc_background_cache_hint_select or_material_light.xml data 472 Copyright Joe Security LLC 2018 Page 16 of 49

17 Name Type Size abc_action_mode_close_item_mater data 884 ial.xml notification_bg_normal.9.png PNG image data, 12 x 12, 8-bit grayscale, non-interlaced 212 abc_tint_seek_thumb.xml data 504 abc_text_select_handle_middle_mtrl _dark.png PNG image data, 20 x 24, 8-bit/color RGBA, non-interlaced 311 Annotations.gwt.xml exported SGML document, ASCII text 119 notification_template_big_media_cu stom.xml data 2864 abc_switch_track_mtrl_alpha.9.png PNG image data, 47 x 32, 8-bit/color RGBA, non-interlaced 741 GuardedBy.java ASCII text 1611 abc_text_select_handle_right_mtrl_li ght.png PNG image data, 66 x 33, 8-bit/color RGBA, non-interlaced 262 abc_btn_check_to_on_mtrl_000.png PNG image data, 128 x 128, 4-bit colormap, non-interlaced 275 abc_btn_check_material.xml data 560 abc_scrubber_track_mtrl_alpha.9.pn g abc_text_select_handle_left_mtrl_lig ht.png PNG image data, 15 x 18, 8-bit/color RGBA, non-interlaced 201 PNG image data, 176 x 88, 8-bit colormap, non-interlaced 513 CERT.SF ASCII text, with CRLF line terminators ThreadSafe.java ASCII text 752 notification_template_big_media_cu stom.xml data 3144 abc_btn_radio_to_on_mtrl_015.png PNG image data, 96 x 96, 8-bit gray+alpha, non-interlaced 1208 abc_list_selector_background_transi tion_holo_dark.xml data 508 abc_ab_share_pack_mtrl_alpha.9.pn g PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced 297 abc_activity_chooser_view.xml data 1728 notification_bg.xml data 644 abc_background_cache_hint_select or_material_dark.xml data 472 libjsc.so abc_text_select_handle_right_mtrl_d ark.png ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=7728c28a a53209ebaa1c0b2b1e6990ade, stripped PNG image data, 66 x 33, 8-bit/color RGBA, non-interlaced 263 abc_tint_edittext.xml data 672 abc_ic_star_half_black_48dp.png PNG image data, 72 x 72, 8-bit gray+alpha, non-interlaced 431 abc_text_select_handle_middle_mtrl _light.png abc_text_select_handle_left_mtrl_da rk.png PNG image data, 20 x 24, 8-bit/color RGBA, non-interlaced 310 PNG image data, 88 x 44, 8-bit/color RGBA, non-interlaced 336 redbox_item_frame.xml data 1004 catalyst_fade_in.xml data 396 select_dialog_multichoice_material.x ml abc_list_selector_disabled_holo_dar k.9.png data 872 PNG image data, 13 x 41, 8-bit/color RGBA, non-interlaced 226 abc_tint_switch_track.xml data 668 CheckReturnValue.java ASCII text 494 libfolly_json.so ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked (uses shared libs), BuildID[sha1]=3d6e97ee9e890faeb58216bbd83120acac1bbe37, stripped abc_tab_indicator_mtrl_alpha.9.png PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced 210 notify_panel_notification_icon_bg.pn g abc_btn_switch_to_on_mtrl_ png PNG image data, 30 x 30, 8-bit colormap, non-interlaced 99 PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced 1124 abc_spinner_mtrl_am_alpha.9.png PNG image data, 36 x 48, 8-bit/color RGBA, non-interlaced 483 amu_extended_data.kml ASCII text 380 abc_ic_menu_share_mtrl_alpha.png PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced 389 libprivatedata.so ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=34a804d4819bf574a1845c4d0f85d4ace97cf81c, stripped Nullable.java ASCII text 373 TypeQualifierDefault.java ASCII text 590 notification_action_tombstone.xml data 1380 TypeQualifierNickname.java ASCII text 822 abc_spinner_mtrl_am_alpha.9.png PNG image data, 54 x 72, 8-bit/color RGBA, non-interlaced 593 notification_bg_low_normal.9.png PNG image data, 8 x 8, 8-bit grayscale, non-interlaced 215 abc_seekbar_track_material.xml data Copyright Joe Security LLC 2018 Page 17 of 49

18 Name Type Size abc_ic_menu_paste_mtrl_am_alpha. PNG image data, 24 x 24, 8-bit gray+alpha, non-interlaced 152 png abc_popup_background_mtrl_mult.9. png PNG image data, 192 x 96, 8-bit/color RGBA, non-interlaced 2774 abc_list_pressed_holo_light.9.png PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced 214 libgnustl_shared.so ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped googleg_standard_color_18.png PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced 562 abc_item_background_holo_dark.xm l data 1136 ic_launcher.png PNG image data, 96 x 96, 8-bit/color RGB, non-interlaced 3061 abc_ic_clear_material.xml data 924 abc_list_focused_holo.9.png PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced 245 abc_search_view.xml data 3524 abc_btn_check_to_on_mtrl_000.png PNG image data, 64 x 64, 8-bit gray+alpha, non-interlaced 281 abc_color_highlight_material.xml data 548 select_dialog_singlechoice_material. xml data 872 notification_media_cancel_action.xm l data 792 abc_ic_star_half_black_36dp.png PNG image data, 108 x 108, 8-bit gray+alpha, non-interlaced 577 abc_list_pressed_holo_dark.9.png PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced 214 classes.dex Dalvik dex file version abc_secondary_text_material_light.x ml abc_textfield_search_default_mtrl_al pha.9.png data 468 PNG image data, 18 x 5, 8-bit/color RGBA, non-interlaced 182 common_google_signin_btn_icon_da PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced 1510 rk_normal_background.9.png common_google_signin_btn_text_lig ht_normal_background.9.png abc_ic_menu_copy_mtrl_am_alpha. png abc_textfield_search_activated_mtrl _alpha.9.png PNG image data, 168 x 73, 8-bit/color RGBA, non-interlaced 854 PNG image data, 24 x 24, 8-bit gray+alpha, non-interlaced 133 PNG image data, 24 x 6, 8-bit/color RGBA, non-interlaced 190 catalyst_fade_out.xml data 396 abc_ic_star_black_36dp.png PNG image data, 72 x 72, 8-bit gray+alpha, non-interlaced 652 Exhaustive.java ASCII text 1097 abc_action_bar_up_container.xml data 448 notification_template_lines_media.x ml data 2668 common_google_signin_btn_text_da rk.xml data 700 Detainted.java ASCII text 375 abc_ic_star_black_48dp.png PNG image data, 72 x 72, 8-bit gray+alpha, non-interlaced 668 tooltip_enter.xml data 396 abc_item_background_holo_light.xm l data 1136 abc_btn_radio_material.xml data 560 abc_btn_radio_to_on_mtrl_000.png PNG image data, 96 x 96, 8-bit gray+alpha, non-interlaced 984 abc_scrubber_control_to_pressed_m trl_000.png libfolly_json.so PNG image data, 24 x 24, 8-bit gray+alpha, non-interlaced 267 ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=a059d843693fa57838c656aa261ffe67eafd0e24, stripped amu_unknwown_folder.kml ASCII text 86 common_google_signin_btn_text_lig ht_normal_background.9.png PNG image data, 333 x 144, 8-bit/color RGBA, non-interlaced 1545 common_google_signin_btn_icon_da data 652 rk_normal.xml abc_popup_menu_item_layout.xml data 1884 support_simple_spinner_dropdown_it data 508 em.xml abc_tint_default.xml data 1128 abc_text_select_handle_middle_mtrl _dark.png PNG image data, 40 x 48, 8-bit/color RGBA, non-interlaced 583 abc_action_mode_bar.xml data 500 ic_launcher.png PNG image data, 36 x 36, 8-bit colormap, non-interlaced 978 abc_btn_colored_borderless_text_m aterial.xml abc_ab_share_pack_mtrl_alpha.9.pn g data 608 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced 274 Copyright Joe Security LLC 2018 Page 18 of

19 Name Type Size abc_ic_star_half_black_16dp.png PNG image data, 24 x 24, 8-bit gray+alpha, non-interlaced 197 notification_action_tombstone.xml data 1340 abc_text_select_handle_left_mtrl_da rk.png PNG image data, 44 x 22, 8-bit/color RGBA, non-interlaced 203 catalyst_push_up_out.xml data 600 abc_btn_radio_to_on_mtrl_015.png PNG image data, 32 x 32, 8-bit gray+alpha, non-interlaced 356 app_resources_eika_logo_rounded.p ng PNG image data, 450 x 238, 8-bit/color RGBA, non-interlaced TypeQualifierValidator.java ASCII text 687 abc_slide_in_bottom.xml data 400 abc_textfield_search_default_mtrl_al pha.9.png PNG image data, 24 x 6, 8-bit/color RGBA, non-interlaced 190 abc_ic_menu_share_mtrl_alpha.png PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 480 amu_bubble_shadow.9.png PNG image data, 72 x 43, 8-bit/color RGBA, non-interlaced 1006 common_google_signin_btn_icon_da data 700 rk.xml node_modules_reactnavigation_src_ views_assets_backicon.png PNG image data, 24 x 24, 8-bit gray+alpha, non-interlaced 100 abc_ic_menu_copy_mtrl_am_alpha. png PNG image data, 96 x 96, 8-bit gray+alpha, non-interlaced 325 CERT.RSA data 1374 app_resources_ic_person.png PNG image data, 18 x 20, 8-bit/color RGBA, non-interlaced 307 notification_bg_normal.9.png PNG image data, 8 x 8, 8-bit grayscale, non-interlaced 215 abc_ic_menu_cut_mtrl_alpha.png PNG image data, 24 x 24, 8-bit gray+alpha, non-interlaced 253 abc_ic_commit_search_api_mtrl_alp ha.png PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 171 abc_ratingbar_small_material.xml data 760 abc_popup_menu_header_item_layo ut.xml data 812 abc_ratingbar_indicator_material.xml data 712 abc_btn_colored_material.xml data 428 abc_alert_dialog_title_material.xml data 1480 abc_textfield_default_mtrl_alpha.9.p ng PNG image data, 25 x 22, 8-bit/color RGBA, non-interlaced 197 notification_tile_bg.xml data 380 abc_scrubber_control_off_mtrl_alpha.png PNG image data, 24 x 64, 8-bit gray+alpha, non-interlaced 267 switch_thumb_material_light.xml data 468 abc_switch_track_mtrl_alpha.9.png PNG image data, 94 x 64, 8-bit/color RGBA, non-interlaced 1025 AndroidManifest.xml data abc_btn_borderless_material.xml data 700 Untainted.java ASCII text 364 abc_search_dropdown_item_icons_2 data 2204 line.xml abc_ic_menu_selectall_mtrl_alpha.p ng ic_os_notification_fallback_white_24 dp.png PNG image data, 24 x 24, 8-bit gray+alpha, non-interlaced 139 PNG image data, 96 x 96, 8-bit gray+alpha, non-interlaced 482 abc_list_menu_item_checkbox.xml data 536 abc_scrubber_control_to_pressed_m trl_000.png PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced 403 abc_alert_dialog_material.xml data 2640 WillClose.java ASCII text 344 amu_text_bubble.xml data 904 abc_textfield_activated_mtrl_alpha.9.png PNG image data, 25 x 22, 8-bit/color RGBA, non-interlaced 198 abc_scrubber_control_to_pressed_m trl_005.png abc_btn_switch_to_on_mtrl_ png PNG image data, 27 x 27, 8-bit gray+alpha, non-interlaced 272 PNG image data, 81 x 81, 8-bit/color RGBA, non-interlaced 3755 abc_btn_colored_text_material.xml data 608 abc_activity_chooser_view_list_item. xml common_google_signin_btn_text_da rk_normal_background.9.png data 1312 PNG image data, 222 x 96, 8-bit/color RGBA, non-interlaced 1086 abc_ic_menu_copy_mtrl_am_alpha. png PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced 199 abc_tint_spinner.xml data 776 abc_ic_star_black_48dp.png PNG image data, 144 x 144, 8-bit gray+alpha, non-interlaced 1291 abc_list_divider_mtrl_alpha.9.png PNG image data, 1 x 1, 8-bit grayscale, non-interlaced 167 Copyright Joe Security LLC 2018 Page 19 of 49

20 Name Type Size notification_bg_low_pressed.9.png PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced 252 abc_scrubber_primary_mtrl_alpha.9. png PNG image data, 10 x 12, 8-bit/color RGBA, non-interlaced 208 app_resources_eika_logo_white.png PNG image data, 934 x 380, 8-bit/color RGBA, non-interlaced abc_text_select_handle_middle_mtrl _light.png PNG image data, 40 x 48, 8-bit/color RGBA, non-interlaced 585 abc_ic_star_black_16dp.png PNG image data, 24 x 24, 8-bit gray+alpha, non-interlaced 263 WillClose.java ASCII text 337 abc_select_dialog_material.xml data 1020 abc_ic_search_api_material.xml data 1172 abc_spinner_mtrl_am_alpha.9.png PNG image data, 36 x 48, 8-bit/color RGBA, non-interlaced 489 abc_ic_menu_cut_mtrl_alpha.png PNG image data, 24 x 24, 8-bit gray+alpha, non-interlaced 251 notification_icon_background.xml data 436 abc_tint_default.xml data 1232 abc_slide_in_top.xml data 400 abc_slide_out_bottom.xml data 400 CheckForSigned.java ASCII text 698 libyoga.so abc_text_select_handle_left_mtrl_lig ht.png ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]= dabb647facf946742d141, stripped PNG image data, 88 x 44, 8-bit/color RGBA, non-interlaced 335 notification_action.xml data 1164 abc_text_select_handle_middle_mtrl _dark.png abc_spinner_textfield_background_ material.xml libjsc.so PNG image data, 30 x 36, 8-bit/color RGBA, non-interlaced 398 data 1328 ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked (uses shared libs), BuildID[sha1]=226989bdbc0fa1178d050b53f098afe01a24c066, stripped amu_webview.xml data 572 abc_btn_radio_to_on_mtrl_000.png PNG image data, 32 x 32, 8-bit gray+alpha, non-interlaced 324 abc_btn_colored_borderless_text_m aterial.xml notification_template_big_media_nar row_custom.xml abc_text_select_handle_left_mtrl_lig ht.png notification_template_custom_big.x ml data 504 data 3268 PNG image data, 132 x 66, 8-bit colormap, non-interlaced 420 data 3020 abc_expanded_menu_layout.xml data 396 onesignal_bgimage_notif_layout.xml data 1944 notification_template_custom_big.x ml abc_textfield_search_activated_mtrl _alpha.9.png abc_scrubber_control_off_mtrl_alpha.png data 2500 PNG image data, 18 x 5, 8-bit/color RGBA, non-interlaced 182 PNG image data, 12 x 32, 8-bit gray+alpha, non-interlaced 159 ic_launcher.png PNG image data, 192 x 192, 8-bit/color RGB, non-interlaced 6417 abc_dialog_material_background.xm l abc_text_select_handle_middle_mtrl _light.png abc_control_background_material.x ml notify_panel_notification_icon_bg.pn g data 844 PNG image data, 60 x 72, 8-bit/color RGBA, non-interlaced 753 data 380 PNG image data, 15 x 15, 8-bit colormap, non-interlaced 93 amu_bubble_shadow.9.png PNG image data, 78 x 50, 8-bit/color RGBA, non-interlaced 1357 node_modules_reactnavigation_src_ views_assets_backiconmask.png PNG image data, 48 x 82, 8-bit/color RGBA, interlaced 1887 abc_list_menu_item_layout.xml data 1404 abc_scrubber_control_off_mtrl_alpha.png PNG image data, 36 x 96, 8-bit gray+alpha, non-interlaced 322 abc_screen_content_include.xml data 556 abc_tab_indicator_mtrl_alpha.9.png PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced 205 abc_edit_text_material.xml data 1040 notification_template_custom_big.x ml abc_text_select_handle_left_mtrl_lig ht.png ic_os_notification_fallback_white_24 dp.png data 3216 PNG image data, 66 x 33, 8-bit colormap, non-interlaced 277 PNG image data, 72 x 72, 8-bit gray+alpha, non-interlaced Copyright Joe Security LLC 2018 Page 20 of 49

21 Name Type Size abc_switch_track_mtrl_alpha.9.png PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced 428 common_google_signin_btn_icon_da data 1016 rk_focused.xml common_google_signin_btn_icon_da PNG image data, 73 x 73, 8-bit/color RGBA, non-interlaced 897 rk_normal_background.9.png abc_ic_star_black_16dp.png PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 459 common_google_signin_btn_text_lig ht_normal_background.9.png abc_ic_menu_selectall_mtrl_alpha.p ng PNG image data, 111 x 48, 8-bit/color RGBA, non-interlaced 558 PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 183 MatchesPattern.java ASCII text 883 abc_menu_hardkey_panel_mtrl_mult.9.png PNG image data, 128 x 48, 8-bit/color RGBA, non-interlaced 1122 abc_shrink_fade_out_from_bottom.x ml data 860 When.java ASCII text 639 redbox_item_title.xml data 552 abc_tab_indicator_material.xml data 564 common_google_signin_btn_text_lig ht_normal.xml data 692 notification_template_big_media_nar row_custom.xml data 2924 abc_ic_star_half_black_48dp.png PNG image data, 96 x 96, 8-bit gray+alpha, non-interlaced 548 abc_text_select_handle_right_mtrl_d ark.png PNG image data, 44 x 22, 8-bit/color RGBA, non-interlaced 187 abc_ic_star_black_36dp.png PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced 364 abc_spinner_mtrl_am_alpha.9.png PNG image data, 54 x 72, 8-bit/color RGBA, non-interlaced 595 abc_text_select_handle_left_mtrl_da rk.png PNG image data, 66 x 33, 8-bit colormap, non-interlaced 277 abc_action_bar_title_item.xml data 940 abc_popup_background_mtrl_mult.9. png PNG image data, 64 x 32, 8-bit/color RGBA, non-interlaced 850 abc_list_divider_mtrl_alpha.9.png PNG image data, 2 x 2, 8-bit grayscale, non-interlaced 171 abc_btn_switch_to_on_mtrl_ png PNG image data, 41 x 41, 8-bit/color RGBA, non-interlaced 1748 abc_ic_menu_cut_mtrl_alpha.png PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 492 abc_ic_star_half_black_36dp.png PNG image data, 144 x 144, 8-bit gray+alpha, non-interlaced 760 abc_textfield_default_mtrl_alpha.9.p ng PNG image data, 19 x 16, 8-bit/color RGBA, non-interlaced 198 abc_ic_menu_cut_mtrl_alpha.png PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 494 redbox_view.xml data 2484 abc_list_longpressed_holo.9.png PNG image data, 6 x 6, 8-bit/color RGBA, non-interlaced 211 abc_primary_text_disable_only_mat erial_dark.xml data 468 googleg_disabled_color_18.png PNG image data, 27 x 27, 8-bit gray+alpha, non-interlaced 410 abc_primary_text_material_dark.xml data 468 abc_cab_background_top_mtrl_alph a.9.png PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced 229 notification_bg_low.xml data 644 notification_template_big_media_nar row.xml data 1668 abc_textfield_default_mtrl_alpha.9.p ng PNG image data, 12 x 11, 8-bit/color RGBA, non-interlaced 182 ThreadSafe.java ASCII text 892 ula.kml XML document text app_resources_backbutton.png PNG image data, 10 x 16, 8-bit/color RGBA, non-interlaced 188 abc_menu_hardkey_panel_mtrl_mult.9.png PNG image data, 96 x 36, 8-bit/color RGBA, non-interlaced 817 Jsr305_annotations.gwt.xml exported SGML document, ASCII text 133 notification_template_big_media_nar row.xml abc_btn_switch_to_on_mtrl_ png data 1924 PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced 2259 abc_btn_check_to_on_mtrl_015.png PNG image data, 96 x 96, 8-bit gray+alpha, non-interlaced 593 libreactnativejni.so ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked (uses shared libs), BuildID[sha1]=e799ae755e9c39cd919cfc09a0e22c255cc6f289, stripped app_resources_ic_person.png PNG image data, 36 x 40, 8-bit/color RGBA, non-interlaced 571 abc_action_menu_item_layout.xml data 804 abc_list_pressed_holo_light.9.png PNG image data, 6 x 6, 8-bit/color RGBA, non-interlaced Copyright Joe Security LLC 2018 Page 21 of 49

22 Name Type Size node_modules_reactnavigation_src_ PNG image data, 96 x 96, 8-bit gray+alpha, non-interlaced 207 views_assets_backicon.png abc_scrubber_control_to_pressed_m trl_000.png PNG image data, 18 x 18, 8-bit gray+alpha, non-interlaced 196 abc_slide_out_top.xml data 400 abc_action_bar_item_background_m aterial.xml data 336 abc_scrubber_track_mtrl_alpha.9.pn g abc_ic_commit_search_api_mtrl_alp ha.png abc_ic_menu_selectall_mtrl_alpha.p ng PNG image data, 10 x 12, 8-bit/color RGBA, non-interlaced 197 PNG image data, 64 x 64, 8-bit gray+alpha, non-interlaced 228 PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced 215 abc_ic_menu_paste_mtrl_am_alpha. png PNG image data, 72 x 72, 8-bit gray+alpha, non-interlaced 348 common_google_signin_btn_text_lig ht_normal_background.9.png notification_template_lines_media.x ml PNG image data, 222 x 96, 8-bit/color RGBA, non-interlaced 976 data 2880 amu_bubble_mask.9.png PNG image data, 78 x 50, 8-bit/color RGBA, non-interlaced 662 Syntax.java ASCII text 1412 abc_textfield_default_mtrl_alpha.9.p ng abc_textfield_search_activated_mtrl _alpha.9.png PNG image data, 38 x 33, 8-bit/color RGBA, non-interlaced 204 PNG image data, 12 x 3, 8-bit/color RGBA, non-interlaced 181 notification_template_part_chronome ter.xml data 448 abc_ic_star_half_black_16dp.png PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 309 abc_alert_dialog_button_bar_materia data 1660 l.xml abc_ic_menu_share_mtrl_alpha.png PNG image data, 72 x 72, 8-bit gray+alpha, non-interlaced 700 abc_screen_toolbar.xml data 1580 abc_ic_star_black_36dp.png PNG image data, 144 x 144, 8-bit gray+alpha, non-interlaced 1269 app_resources_eika_logo_rounded.p ng abc_popup_background_mtrl_mult.9. png PNG image data, 900 x 476, 8-bit/color RGBA, non-interlaced PNG image data, 96 x 48, 8-bit/color RGBA, non-interlaced 1256 notification_bg_normal.9.png PNG image data, 16 x 16, 8-bit grayscale, non-interlaced 221 abc_list_selector_disabled_holo_ligh t.9.png PNG image data, 42 x 126, 8-bit/color RGBA, non-interlaced 305 abc_textfield_search_material.xml data 880 tooltip_exit.xml data 396 amu_nested_folders.kml ASCII text 72 abc_ic_menu_overflow_material.xml data 1132 abc_cab_background_top_material.x ml abc_btn_switch_to_on_mtrl_ png data 412 PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced 3524 abc_ratingbar_small_material.xml data 712 ic_os_notification_fallback_white_24 dp.png PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced 265 abc_ic_menu_cut_mtrl_alpha.png PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced 404 abc_tab_indicator_mtrl_alpha.9.png PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced 192 abc_ic_star_black_16dp.png PNG image data, 32 x 32, 8-bit gray+alpha, non-interlaced 333 abc_list_menu_item_radio.xml data 536 common_google_signin_btn_icon_lig ht_normal_background.9.png PNG image data, 73 x 73, 8-bit/color RGBA, non-interlaced 817 amu_inline_style.kml XML document text 1713 abc_ic_menu_copy_mtrl_am_alpha. png PNG image data, 72 x 72, 8-bit gray+alpha, non-interlaced 260 abc_ic_star_half_black_48dp.png PNG image data, 144 x 144, 8-bit gray+alpha, non-interlaced 789 abc_screen_simple_overlay_action_ mode.xml data 828 abc_ic_go_search_api_material.xml data 832 dev_loading_view.xml data 568 common_google_signin_btn_text_da rk.xml data 716 Signed.java ASCII text 424 abc_ic_menu_cut_mtrl_alpha.png PNG image data, 72 x 72, 8-bit gray+alpha, non-interlaced 705 abc_switch_track_mtrl_alpha.9.png PNG image data, 71 x 48, 8-bit/color RGBA, non-interlaced 1060 Copyright Joe Security LLC 2018 Page 22 of 49