Malware Analysis Report

2025-01-02 07:35

Sample ID 240510-epc2yaaa51
Target 2d41a25f2035f213aaba8ad10444f7a2_JaffaCakes118
SHA256 f41621463f6ed2f7beb9b61ba788dc070341203e79c4bd9f8e8d6fbf988e30ca
Tags
privateloader discovery evasion impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f41621463f6ed2f7beb9b61ba788dc070341203e79c4bd9f8e8d6fbf988e30ca

Threat Level: Known bad

The file 2d41a25f2035f213aaba8ad10444f7a2_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

privateloader discovery evasion impact persistence

Privateloader family

Checks known Qemu files.

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the unique device ID (IMEI, MEID, IMSI)

Checks if the internet connection is available

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 04:06

Signatures

Privateloader family

privateloader

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 04:06

Reported

2024-05-10 04:09

Platform

android-x86-arm-20240506-en

Max time kernel

149s

Max time network

158s

Command Line

org.cocos2d.wg0001_online

Signatures

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

org.cocos2d.wg0001_online

org.cocos2d.wg0001_online:pushservice

sh -c rm -r "/data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/"

rm -r /data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/

sh -c rm -r "/data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/"

rm -r /data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/

sh -c rm -r "/data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/"

rm -r /data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/

sh -c rm -r "/data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/"

rm -r /data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/

sh -c rm -r "/data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/"

rm -r /data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/

sh -c rm -r "/data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/"

rm -r /data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/

sh -c rm -r "/data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/"

rm -r /data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/

sh -c rm -r "/data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/"

rm -r /data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/

sh -c rm -r "/data/user/0/org.cocos2d.wg0001_online/files/wg0001-remote-asset_temp/"

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 openinstall.io udp
CN 47.93.186.175:443 openinstall.io tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 lobby.nfqcgx.com udp
US 1.1.1.1:53 clientip.wgqp.net udp
US 1.1.1.1:53 hot.ycfazhi.com udp
HK 168.76.131.109:7060 lobby.nfqcgx.com tcp
HK 168.76.131.109:7060 lobby.nfqcgx.com tcp
CN 47.94.92.163:443 openinstall.io tcp
HK 47.244.117.116:80 clientip.wgqp.net tcp
CN 47.93.186.175:443 openinstall.io tcp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 47.94.92.163:443 openinstall.io tcp
GB 172.217.169.10:443 tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 47.94.92.163:443 openinstall.io tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 47.94.92.163:443 openinstall.io tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 47.94.92.163:443 openinstall.io tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 sdk.open.phone.igexin.com udp
CN 115.227.15.233:80 sdk.open.phone.igexin.com tcp
CN 47.94.92.163:443 openinstall.io tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 openinstall.io udp
CN 47.93.186.175:443 openinstall.io tcp
CN 47.94.92.163:443 openinstall.io tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 115.227.15.6:80 sdk.open.phone.igexin.com tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 47.94.92.163:443 openinstall.io tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 115.227.15.237:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 47.94.92.163:443 openinstall.io tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 47.94.92.163:443 openinstall.io tcp
CN 115.227.15.225:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 47.94.92.163:443 openinstall.io tcp
CN 115.227.15.241:80 sdk.open.phone.igexin.com tcp
US 1.1.1.1:53 openinstall.io udp
CN 47.94.92.163:443 openinstall.io tcp

Files

/data/data/org.cocos2d.wg0001_online/databases/jsb.sqlite-journal

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/org.cocos2d.wg0001_online/databases/jsb.sqlite

MD5 ec35b9bb8e02507d29d59afc25bebe20
SHA1 ce4f4deccdc8d1834dcad2d061b587e1dc38db41
SHA256 8b62a00b12df5dac97f8a20553d82778fef9bdd97d5b2e137fc90a8bee25f72a
SHA512 4b0509b24ff81cbbdff419695d28302aa5e953cf2ea47d19d72f7caaa2d3ad77aaa3cdb7b5ca810d6db01ad793d63bebf968c5cc80f623d252d7285197f15ee7

/data/data/org.cocos2d.wg0001_online/databases/jsb.sqlite-shm

MD5 66c31a27c2970d6dcde27561f6b29f97
SHA1 8d5c1b074182008bb568a51b537aa2205c295457
SHA256 c46c14acdddf8af388383f5373234241fc1ff7e20e2a8563ffcb0bbd2cab0ca8
SHA512 f13a0157fcfd481146f2daf55601bf915b3e4092d5bc47c0176f8e687204294f9fad9988fee625ae89fe4b02f94a6201413b98b94de6a73f23e09c8ca7bcaff5

/data/data/org.cocos2d.wg0001_online/databases/jsb.sqlite-wal

MD5 7d8db835152873df1e0031d632779c27
SHA1 b05d2e3049003d5b3dec53be39e097115d74f62e
SHA256 aa6b8f089c665a3970e8a28f6b99731b22c942ca24ec1bf1ef3924ec3750e55d
SHA512 b42011ddfe911e05248f9dc4bab7469e230f1a9f4e6a8721bcb4c1eac7076c800c2aeb3708ee0827823ef89ae1e47533057dba7805fafbe456d4795777416742

/data/data/org.cocos2d.wg0001_online/databases/pushsdk.db-shm

MD5 5a8261c1c4c2ee442ca7d16979055080
SHA1 03dbdce0d52d85fa3d2fe988d4bac897f0e7decd
SHA256 9b7c5af352489d555ce1aa937e23352c5d9cdba58f9aa85b0df076cca2592e3c
SHA512 a94a799801d801f5a41272803463e8f81327ae4ee326e6181773c22a696848a113ef2bb4f7571a76190d33e85e9a3375e1a961c8a6b839cebde8960b99a19b1d

/storage/emulated/0/libs/org.cocos2d.wg0001_online.bin

MD5 37ef156059120bade28f75bd8ac9c9b8
SHA1 ceef247f00c19cfb52d1b45db5e0ca542bf3681f
SHA256 46962b0b4ad9c37b7f1ec3960c2f7178bac8cbaae20fd4af53e32f7d3d87c191
SHA512 48c0e1f60960c0d666e62daa0d3ec0e87ba57b843b0072b53babcc3b16a47acec0c16c021df2ccc8fdd484b8788a1da7c95db9a494ed09063fd8e71a9dacab42

/data/data/org.cocos2d.wg0001_online/files/cookieFile.txt

MD5 07a71d65dc569c32b774905d58789128
SHA1 c473a864c3978f8dc7cf634e53b6e015e5bb1f08
SHA256 54d5b6d0dc77ececa4aac6d61b8ed1d1ca602b640cfcb089e5081fc0af2a6b43
SHA512 5428b4a0dbcc5b45d9679681b5f119c4b35f7729f92225cb8f85fee9d1d2f0c8ac35420ab34db7b5232c279552af78c8f13b5e25ed890152bea3e16719ddc1ea

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 04:06

Reported

2024-05-10 04:09

Platform

android-x64-20240506-en

Max time kernel

148s

Max time network

164s

Command Line

org.cocos2d.wg0001_online

Signatures

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

org.cocos2d.wg0001_online

org.cocos2d.wg0001_online:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 openinstall.io udp
CN 47.94.92.163:443 openinstall.io tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 lobby.nfqcgx.com udp
US 1.1.1.1:53 clientip.wgqp.net udp
US 1.1.1.1:53 hot.ycfazhi.com udp
CN 47.93.186.175:443 openinstall.io tcp
HK 47.244.117.116:80 clientip.wgqp.net tcp
HK 168.76.131.109:7060 lobby.nfqcgx.com tcp
HK 168.76.131.109:7060 lobby.nfqcgx.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
CN 47.94.92.163:443 openinstall.io tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 47.94.92.163:443 openinstall.io tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 47.94.92.163:443 openinstall.io tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 47.94.92.163:443 openinstall.io tcp
GB 216.58.204.78:443 tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 47.94.92.163:443 openinstall.io tcp
GB 142.250.180.14:443 tcp
GB 216.58.201.98:443 tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 sdk.open.phone.igexin.com udp
CN 115.227.15.227:80 sdk.open.phone.igexin.com tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 openinstall.io udp
CN 47.94.92.163:443 openinstall.io tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.237:80 sdk.open.phone.igexin.com tcp
CN 47.94.92.163:443 openinstall.io tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 47.94.92.163:443 openinstall.io tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 115.227.15.231:80 sdk.open.phone.igexin.com tcp
CN 47.94.92.163:443 openinstall.io tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 47.93.186.175:443 openinstall.io tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.235:80 sdk.open.phone.igexin.com tcp
CN 47.94.92.163:443 openinstall.io tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 47.93.186.175:443 openinstall.io tcp
US 1.1.1.1:53 openinstall.io udp
CN 47.93.186.175:443 openinstall.io tcp
CN 115.227.15.241:80 sdk.open.phone.igexin.com tcp
CN 47.94.92.163:443 openinstall.io tcp

Files

/data/data/org.cocos2d.wg0001_online/databases/jsb.sqlite-journal

MD5 fee13330f00c67aabeec02ecfff1060f
SHA1 b6ea067ceddea2033e7d01cb8b4050a2f37a8978
SHA256 2671019b9497c3e8c6fd80ff2146d9699a07e1c2c3dcf832630f14ad48f2cba9
SHA512 e6e6150f272e3066bf79cf929c107e86a47df2b983d22bcb26872ffbe4ff114eed157994534cd548397f71d8f84063983700bd38bdcc5e36083b6f6e3369c36f

/data/data/org.cocos2d.wg0001_online/databases/jsb.sqlite

MD5 22bc7b927554d1b5e6fbf18121403fb3
SHA1 79025b6032f49f61e8132c4e8830e067ac63b8bd
SHA256 31cdea4742b13fcbb5210a44bb2b4b210d2df209d13a2fd88b1d60a96abdf426
SHA512 f27d579ebbd9cc00bf17e7d135d6fb4a3bc530988f7b9ce25975994b8b0eed6d26f3a53f5aca620704f13095ff1596a272278c5a2bba6bdd09d5f6cbcfb13e63

/data/data/org.cocos2d.wg0001_online/databases/jsb.sqlite-journal

MD5 b9ebc27daa0345c9417c7e94e691a4a1
SHA1 3fc327fdbcd1694d159292dd1a470db0bf55fe57
SHA256 fe9da4b81121ea92cef529eec96b668647b5dbbe4c557dbe81afbe97e48955c2
SHA512 baf6833b257adedf6d5b93e5e3b85052c5a920e6447fad342cf9b0a3841b83e5c52b5bc2ccafb497a42f391f96bba57a0c8b35fb0c3911177de8868e852fc051

/data/data/org.cocos2d.wg0001_online/databases/jsb.sqlite-journal

MD5 dd02a090773ba81d26b2e42c0627d3b5
SHA1 e4b369154addc11f46e540da36109bbdafab3caa
SHA256 702aa9ffe6923df3bc72dbfeff0a97a2cdbceaa236145f6941dfa7bdcf33948a
SHA512 cd7ff9d636812f4320a531df54c448c88a957014079623b752675f54c17be908884398bb3594bc2340c5b09df7d93896d6b0f5e53e97ef4c331cd49957cdbc70

/data/data/org.cocos2d.wg0001_online/databases/jsb.sqlite-journal

MD5 ccb961de0d90bad7fcc4f65ba9473fe3
SHA1 c26cb924799ca8cd97ebe043a537e790e70be209
SHA256 3fe5c551ce49b8b0904027df214d3825667dac53d385c70eefa042ded9566d79
SHA512 96fd5def18ba309366dd27892a33338de84a8bfd10b790df1b9597f529b5cd4f56f7506a4e64c783d5978dbbb6c6aa13dc4b406ca8bfe3353f1af5d47188f5e8

/data/data/org.cocos2d.wg0001_online/databases/jsb.sqlite-journal

MD5 9d96b4ba1fc73d3dfbe682ea8b1ad747
SHA1 ed6cf95d00150e779b58ca896e6793548e4aafcf
SHA256 eaa39915fa90c38a1f60c772d6bf64708951b524c22363965eefca10ede14e14
SHA512 b4d32c07a615df263484d41fbe89266e7939c69dc2c6c7f680a7c44f9df356186b696e9127530e2562967db85f6d4b55e75ad986ed216f31dfae0a459f141df2

/data/data/org.cocos2d.wg0001_online/databases/pushsdk.db-journal

MD5 8416e27826c334d70dc4034b0edf14b3
SHA1 c27a139670aef3ceedb7b5c3453ea8d9b2cde142
SHA256 11f3594b0355d17411b90b5ba385d9842c52de2b88c3124c8fbd3977b8f1c678
SHA512 95b9732078bc7a1ae392abcabd27ab79d82b71b6c2f4a2269dc09234ec5ff5da132dcf5f750c649deb0e5e5194af02168e3ce5882685ff7149e629a9f8688e58

/data/data/org.cocos2d.wg0001_online/databases/pushsdk.db-journal

MD5 95d8c8c44de978defa2d41f9389b1358
SHA1 8e4fbd4e85218d0b495545683a14e374f940ef8e
SHA256 483ea31a7dd750b91500da9dcb45885c7e712d5e1dfdecddebcf1fd6bc27b884
SHA512 57cb00c52e49fbb1f74997e7bb611c7002f6da499b87d90e2470d45d3159ac5dccdb9ca6441a4687dbf7d9c734163011c755ac45b1fc36770facf51fbaff5184

/storage/emulated/0/libs/org.cocos2d.wg0001_online.bin

MD5 dbba06f303f0683bf7b18175c5a55e6b
SHA1 14f69525813e0bb40c3766e46c57783a6c82a608
SHA256 ef373e89d6f06a8f0badc89485b8a3d91dfa06c39c77ac2f14e693e9e44d2d85
SHA512 1d8af192925cc7c14667ea7b3e91c665693dad4b8e1489409a2218cdb92097dcb334fe58a0339a6384914f41f9fd8afe2e317a3a20cb4b30fad8ac98af337733

/data/data/org.cocos2d.wg0001_online/files/cookieFile.txt

MD5 e9e20b127758e8d92c54131398fd49e4
SHA1 8c52cf0a860ebe787af7a71701ecc06995ee149e
SHA256 78057f5deff6a4e35ef8dfa383afb305a6a326673b03eb43f831baee1f058013
SHA512 54b640e652479564fdaf12674834a9d35bb3fb05cf4783619c30a9ae7c0ce6838145737650b9ec51bceb9702dde4fa4ba2073b7327f8941743c321b8f5f935dc