Malware Analysis Report

2025-01-02 08:05

Sample ID 240510-g24frsba66
Target 2dc245e233ce463f95847dc0d6e71e23_JaffaCakes118
SHA256 1fbc66f562278ee148515d35109e41b48f384a445b14df7601a4c887a3eaf1cf
Tags
privateloader discovery evasion impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1fbc66f562278ee148515d35109e41b48f384a445b14df7601a4c887a3eaf1cf

Threat Level: Known bad

The file 2dc245e233ce463f95847dc0d6e71e23_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

privateloader discovery evasion impact persistence

Privateloader family

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Queries the phone number (MSISDN for GSM devices)

Loads dropped Dex/Jar

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests dangerous framework permissions

Checks if the internet connection is available

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 06:19

Signatures

Privateloader family

privateloader

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 06:18

Reported

2024-05-10 06:21

Platform

android-x86-arm-20240506-en

Max time kernel

13s

Max time network

130s

Command Line

com.gugu.android

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.gugu.android/.jiagu/classes.dex N/A N/A
N/A /data/data/com.gugu.android/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.gugu.android/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.gugu.android/.jiagu/classes.dex N/A N/A
N/A /data/data/com.gugu.android/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.gugu.android/.jiagu/classes.dex!classes3.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.gugu.android

com.gugu.android:core

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 142.250.187.234:443 digitalassetlinks.googleapis.com tcp
US 1.1.1.1:53 www.guguyy.com udp
US 1.1.1.1:53 lbs.netease.im udp
IE 54.73.57.121:443 lbs.netease.im tcp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.gugu.android/.jiagu/libjiagu.so

MD5 5ea233e95f2729fc94032fe038c30e12
SHA1 8855f0e8290ee1201358799b04e31e97d07a67b6
SHA256 3ae79035c867b5cd1a649c90f81f149e4118ffe59292937537c86a82018e381e
SHA512 583556ffcc803eabf877353ce3ebc587be70aac950f7629b424f986099b1fc7d2033e6493a2a5f44d6ad788431e095e5ccd0959b6a0f13da41c4a53eef998df3

/data/data/com.gugu.android/.jiagu/classes.dex

MD5 08cd6500667f651131aedc12e03f50f7
SHA1 f4f8ca06069590f03271b8a4a2337a1f144a49a3
SHA256 ba9757b0fd54dc3b2aa49816ce5c1d8a36efa91d0be4bde6eb57fb8996721c92
SHA512 37ee70c8a5952313d88ad3fbbb45c0276cab93b9997f3a1e04d516877fd9dee2a7e86346003e86c7fe88232189f85c8403cc6218fc775629029b9bbb5b1b88ec

/data/data/com.gugu.android/.jiagu/classes.dex!classes2.dex

MD5 a20b8f633eafdcc52797cb41297a6fbb
SHA1 29efa6347aa66bdca885d736f7aee636025c564b
SHA256 667300bdc4c89a9749e2fbe1e657e7c44ea5a8d705180377b81bf7c9a70f7685
SHA512 0eee0c3589a03b9b4311b568661d5b7b79c4b1bdd8a57c709f1ae32d18b61d0ea56e125b28ff2e2b9a289d1661d915a09697b9148f0907a405ed549e4a204151

/data/data/com.gugu.android/.jiagu/classes.dex!classes3.dex

MD5 64268210868ef0faf51c43464d2d87f1
SHA1 874165c522a7551365f1e92a26f0863a1bebf493
SHA256 f654de802c66db86b004244a99e81d44108c3229dfa87a0bd2fc521fccec1a20
SHA512 cb65e8b957f9f9ab13f725f049d2f05b69cbc1d2c690470a0ba3225c4f46dcf6e973172b6f1a64d430f769dc6284fb90b8cc35205e47b8670aed1a0490bf6521

/data/data/com.gugu.android/files/.jglogs/.jg.ri

MD5 5446d9ec4edf764384d31a683c43f627
SHA1 4049a9135389640c58a665f2df19b73193fabae6
SHA256 edae5cd5f77999f8b9e598f8758ab4a125aaa0519e15c802ae7406b97afc3a21
SHA512 87a6a16a86a0443134d811425a2ef96ba82e581d5ea880bdd41418beb6dfed590b40912fa6073bf1d062f3c3e2fd2363617cc071a65215da3c570236b9136579

/data/data/com.gugu.android/files/.jglogs/.jg.ri

MD5 c1d2a4878bae2b54fa5da3b1079a8103
SHA1 cd4163172cc557f29f5e0a710a11ad602853ccbf
SHA256 8894bfe5d777c037d25f5a96d5a986417f6b338fcbb294d27a967fad1142e740
SHA512 a92926c20815052f100cdfb06d6eb5bd24c34f66c6b17abb68ca547b642d1fa16a09fbbba0c15ebaada295aa246914e1540b19277f8c58a48da6ba86233f1181

/data/data/com.gugu.android/files/.jiagu.lock

MD5 e106727f105ebdd171a2cbb2503015a1
SHA1 31d026ee2f5e9225408a76a2fa9b2f0c3313daa6
SHA256 e406daec913881a9ae952ce5916026c2c3bc6a3c9635291187fafe8f78310ba0
SHA512 5efcfa7d82e32524c19276c1f9ea5e099d20ca50dc864c32c696a73b6a5ec167e7f35872b87dc076c99fee99c9802ba41b40cbd3d2faf5f7d2bf6631cc24bc44

/data/data/com.gugu.android/files/.jglogs/.jg.rd

MD5 6e82196389b80a7d7c63f5952d5e72e2
SHA1 ffaf665e042883bd053fd3972fedfe28d8f7fde0
SHA256 a0d7b71b5195893b912caecc99f4cb1e91b9818f977fd448d91c7068b0d8d02e
SHA512 fbb286e3eeada1f8a71187c7837d47bee15ce4fa5b1f9f4f131e7f3e0a8a5c1ac0d484fb108c5ba9d4a490c5432c80853999794600d28030c1c6f966222a6c8c

/data/data/com.gugu.android/files/.jglogs/.jg.store.report_pid

MD5 a9e4082faf958988f74ec9bb1b3c74f5
SHA1 3796b792c291b106a16df439899f16c71733e0a1
SHA256 461562f94ac69c925cdbeb74f5a7f1d1f460fee9e414169891aeec4df83b8e84
SHA512 5f96ae040ae4fa041201d6ab9e1913335ca18d27bed22076cc53b5c7df04d6900e6e5444b264c2b743fbb98d20da2d909d2898612dabae6270f8a0ae6f429390

/data/data/com.gugu.android/files/.jglogs/.jg.ac

MD5 ca8bbca73b4cd5eb0d611a3706d7a1d7
SHA1 8d9e33b40070d73d80e6578667e26bfd50ccb821
SHA256 568a3388146e94921581cb0b2c85e7746b7bafe330ac120f2aabb9a011ec9642
SHA512 6b0ffd06378ca92e34eeee108e3cdbeee037c5c40a9aebd8272d8e7f4226683f5c36aada7aa07a55396fdc09d67bd2a1b4fb2605f6f477d137c595951fb7b730

/data/data/com.gugu.android/files/.jglogs/.jg.ic

MD5 930eb698781b85a710929be1db350180
SHA1 84a98c110e5f4c01b1dd56ef0535f1f7330f34f6
SHA256 e92fadabca92d91f595219049f6648645d3700c09c27c13be929d795ea0d4157
SHA512 37dce924265cfe33449e43abcd08a7a9d4ed0a2c90599a04d0f1fb3cf5a66b48552fd3ceab7463727fece7d1f8ffc33e240261779d77cbc7c8fc84af4f96a51b

/storage/emulated/0/com.gugu.android/nim/log/nim_sdk.log

MD5 0e32e0a991dbefc755b72cfa0f21ab13
SHA1 71d245ca5267af7b805c780b2bdb73d6eff52da2
SHA256 28beeae9da32f2eeeb3734a71a776cd5ad7f36878da422d7807629908a534650
SHA512 960f763787ad85786ef4072e9b5a24dada8add1871e960ebbd59b5bd3323794f17ae50b40088ef8ba5358cc9483b31f7a6dbf8ec60026b828defe2d4f15da08b

/storage/emulated/0/com.gugu.android/nim/log/nim_sdk.log

MD5 e672903b83b264f9c9ce68b8f9cf376a
SHA1 5b4bbf6fd506cdac6f19bf3321b7193044219168
SHA256 3ee4e8cf4e6f6b680ad6833de207829e16635e405654f1641e48240a9be5e6e5
SHA512 bf7fc6ec50f9e461a558b94098b02bb96e8029dbdfc8495cfec270f152e0c7021d7c28d07bb243b6c050bfe378ca65d9b028bbe4f427a189fdaab1bbc21a8b00

/storage/emulated/0/com.gugu.android/nim/log/nim_sdk.log

MD5 20c2a6e01da76843fb6c3cb9b0d70d20
SHA1 3a8d7d72c0257bd6d1a84d06ea4906609bc2a66f
SHA256 41f39eaeb65d186988287ac5581cc196e2bb9749c4328bf78935585de8d19dc0
SHA512 77792bd46269224f0a5114a632f0c94c70b9a6983fe42ba61246a33f6de754531d5d92db35b370d162e015c4658efeb0944ba58b48a6f29aaced9f1e61258c94

/storage/emulated/0/com.gugu.android/nim/log/nim_sdk.log

MD5 64cc7175a4368790b3018e1ea912dbc1
SHA1 9bb5edc032e55d25edf210b3ce2fb688af57b125
SHA256 324f006c2e7cdd06ae874402e83955b510a2af56964013bdfb658a67e2a7b56f
SHA512 0267e5f1762ee0c82cf2b9c8639cf10ee472d2a7939f362e31f4152b1e707439b03b4b1f5888bedefd2d201e5bb06745e23b3467c8a8fa47280d19d26cf512ce

/storage/emulated/0/com.gugu.android/nim/log/nim_sdk.log

MD5 3e42de28dd8c235177b05b50a8a25118
SHA1 808629774d654123dece870261ef75db3099143b
SHA256 e56f727095a4548bede5ad07482434a75bf29fa608f148ba7d38cca20358a9a0
SHA512 f06a78eb673fe9b9abba7449978900ee7c9a3e39406bb265d1bfa781d0096715102f7e7dc61d04cce777532da9d0712e1d556f81504525eee2d61000f2a47e44

/storage/emulated/0/com.gugu.android/nim/log/nim_sdk.log

MD5 ad4f5dbbae06cc1219c747a3551f2ec9
SHA1 57e8f8eca454f338c40e9a2cdd8cdbf815884cee
SHA256 9ec452fa997c7fdf8b6a33fe6207583f7e6ac450ed65fa99042b7290d228b8f1
SHA512 715ed642c2c1c8b659a25059dd775e5ff601934919449171b67f2d579e92fab999de0e70241675ec3a5411ed0b2f27ac0b2252efea4b807b128bd985ecd29c8a

/storage/emulated/0/Mob/comm/.di

MD5 70a42cba408700f9a6c01c7941a8829e
SHA1 eab01cc2c0671538795fb0b1146017dc099d0984
SHA256 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA512 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

/storage/emulated/0/com.gugu.android/log/demo_20240510.log

MD5 71a4fe27f62eac282fd878c2fb59f2b7
SHA1 3ffee35f079af5e62fde151fc370d0d68b54735c
SHA256 9e8eb2ed64d87134799038b62de51eccb91af34c98c7d87cc500d97b4000c2a0
SHA512 33f45435db9da8adbb626d74274cc613525b6dee16b76cd9b27c633c394069cedbf106afb959b3af1633030f832b7eb65237d18665b06369b518a557e39ba6cf

/storage/emulated/0/Android/data/.mn_410185822

MD5 f321656a466363e5192773d92000e401
SHA1 3a6abe9be1a6f4deffaa98fd27f3449c888d3c4a
SHA256 53efd5207de6ed80429ec3c7865eed2b64023a0ed66e0fd29e7f45b708a1751c
SHA512 fcf6884bf5ce8d10b3a3dd461fad96cb6cf0bc4129e01788de112551230fbc4d8ea6961b04411d1c7816e248437c4560277069d9c544e5450612abc0e2c0171d

/data/data/com.gugu.android/databases/bugly_db_-journal

MD5 d75a0ecf3d7e642b0ef5f32158c3dc23
SHA1 b4df9b670ab1bde522bb2c342d6b8a277ca2dacc
SHA256 ee7cac0020c71a99bf14895b0936a25132ba9f14f8912ef3f51a3911416157eb
SHA512 deab9743b90a70d9a222d6e4c326c4af2ea7993fcfc69c8d4441e354e5174da5424d58e7fd992ef4ad568372edf79f4e1f980ff0ab872c91cd27d146d502ef60

/data/data/com.gugu.android/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.gugu.android/app_crashrecord/1004

MD5 bc80afb59998d3ef8ed07103f92569a9
SHA1 ea579cf83ef840db880e82b713cde67e5de27cae
SHA256 2d93dd542d102ab456ebc0a5024905dd6d13f99db57f9dd9c7a93040895f7373
SHA512 6a0a9196c23d66d8bd2f7cc1d45181fd11774d262767ecc9724e2d0b18689a6c1177a289663159e38c7829533fb50acfef5f9293c67e957c10e639dde1c39163

/data/data/com.gugu.android/databases/bugly_db_-wal

MD5 416ce7a1222ba6de383db87f702a51c7
SHA1 94985c3c5ea7eac06d3aac0fb9b56f8a3e295926
SHA256 1bc38956b09bdbd620a99fed2e58008cb025b66150b0f6254d856717c2bd4fd9
SHA512 767b1d05cd18308eb7662fbbde3e90b3c65faaf4f6ebc6db286ccd805f62e0bdb3c2c7dbf617773e01358c4a329a39119a24cb7d08810b722b5b9eca20cfabdc

/data/data/com.gugu.android/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.gugu.android/app_crashrecord/1002

MD5 eb1754d703ba2ab18a56436f74f6bfc8
SHA1 011be0f0718331e521915b0f13a06508c8a7deda
SHA256 40fc95c7becd47e8a4747247da178d68b74726ab670f8124a4f2d98662960bfa
SHA512 867dcec0f0dfa152c09d45ad2f81417b28090121e34bd288bbc0e7da4b18262703a30229704205056fe52bf8389c7f4c1bc535201ce26dbf1a1a3b3b9168857d

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 06:18

Reported

2024-05-10 06:21

Platform

android-x64-arm64-20240506-en

Max time kernel

13s

Max time network

135s

Command Line

com.gugu.android

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.gugu.android/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.gugu.android/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.gugu.android/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/user/0/com.gugu.android/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.gugu.android/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.gugu.android/.jiagu/classes.dex!classes3.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.gugu.android

com.gugu.android:core

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.guguyy.com udp
US 1.1.1.1:53 lbs.netease.im udp
IE 54.73.57.121:443 lbs.netease.im tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/user/0/com.gugu.android/.jiagu/libjiagu.so

MD5 2ac4641eea9885e26c559ed3fd8e0f19
SHA1 6ab15a9261ed3762cc87e2d2609496c5a6bfc52a
SHA256 3ca019bf11d57c9797d5063b3f979a0b529628f4d367dfd6e7323d6f3eaa63b5
SHA512 4112dbfe7e35cfafdf728a51edb8c30a25ed0886c0bda840e1bd8f0f9bf922009a5bcc3fc7b522cb653b1dd59182e2b2a9229db7d90e0f9ba154c13ea9901fbf

/data/user/0/com.gugu.android/.jiagu/classes.dex

MD5 08cd6500667f651131aedc12e03f50f7
SHA1 f4f8ca06069590f03271b8a4a2337a1f144a49a3
SHA256 ba9757b0fd54dc3b2aa49816ce5c1d8a36efa91d0be4bde6eb57fb8996721c92
SHA512 37ee70c8a5952313d88ad3fbbb45c0276cab93b9997f3a1e04d516877fd9dee2a7e86346003e86c7fe88232189f85c8403cc6218fc775629029b9bbb5b1b88ec

/data/user/0/com.gugu.android/.jiagu/classes.dex!classes2.dex

MD5 a20b8f633eafdcc52797cb41297a6fbb
SHA1 29efa6347aa66bdca885d736f7aee636025c564b
SHA256 667300bdc4c89a9749e2fbe1e657e7c44ea5a8d705180377b81bf7c9a70f7685
SHA512 0eee0c3589a03b9b4311b568661d5b7b79c4b1bdd8a57c709f1ae32d18b61d0ea56e125b28ff2e2b9a289d1661d915a09697b9148f0907a405ed549e4a204151

/data/user/0/com.gugu.android/.jiagu/classes.dex!classes3.dex

MD5 64268210868ef0faf51c43464d2d87f1
SHA1 874165c522a7551365f1e92a26f0863a1bebf493
SHA256 f654de802c66db86b004244a99e81d44108c3229dfa87a0bd2fc521fccec1a20
SHA512 cb65e8b957f9f9ab13f725f049d2f05b69cbc1d2c690470a0ba3225c4f46dcf6e973172b6f1a64d430f769dc6284fb90b8cc35205e47b8670aed1a0490bf6521

/data/data/com.gugu.android/files/.jglogs/.jg.ri

MD5 4869546d8cdc8ef6134af6d41991302c
SHA1 8cec70b25998fa66f19ebe978dc8bad647cfc2a8
SHA256 7097ca157236652680ae5730703fab6686a7167d8a3c7b2a8719fcd43ee17574
SHA512 a7d94df4b772b557f4cd6319496d0f3fd2be7b162ee0f626ff2bf2d2c78f1863682e54de8326d180451b15a669e19e43158415fd3669fad9bdea2b6e63eb3b34

/data/data/com.gugu.android/files/.jglogs/.jg.ri

MD5 86fdb67520f62c8dbc24c77245815088
SHA1 9d35cdcede8839d0f37a644bedcff03bf9029627
SHA256 7eef09440905f31d61b330a3351c9c5f92c844cc8675f64c413fd02cad231795
SHA512 e8e46d8768b7c8a37e9c106d5d1390be0ddc1839965c3a079c6cf718676815e46f23b3c49d34b7338690f23a901ca06b1eec1eda32a68508d4feae4bd26f695c

/data/data/com.gugu.android/files/.jiagu.lock

MD5 56cce071f4e18c244afee8462fba7c30
SHA1 5817b664235ed779697a04237cfb2ea21b757f90
SHA256 bf43aedc81bc2581a9b6fad9fed8f7f926ec96a286efb7545b15e8b351a76eec
SHA512 76e2880cc0706db65a7f43a56e6285b521ce02af8f3f079796bdcf440016f29513e9f383c3b8c6f773e394acdce41c9d509b24e16e7d44c2a12bb59880861f8c

/data/data/com.gugu.android/files/.jglogs/.jg.rd

MD5 3a18f1a2df84f47360b7f041e0afcaa0
SHA1 cfd2505e76986ea883682810559e234ebe29baac
SHA256 453648fdf784143f3ed718af4478f76c745fce15c98a049ee1d468419feec2a8
SHA512 3d6fca810ba50a2b625b4e6825236aa842d5095d96c53df5ac62720070d227d6bc5a0bd4aad3dc25b0cba0df4b2b456db8960ac9235d5b4f0360d2eed171c6d8

/data/data/com.gugu.android/files/.jglogs/.jg.store.report_pid

MD5 6d32679f9a67b7ac4c6d5aa70f7803ad
SHA1 46790d2b907a104d3f03619cfc9c3f25c94110ad
SHA256 211770667466502f4f752bb9896d93da4a1c73eb26c6287ac0dc23b1157c4152
SHA512 c8ae5b5f6d231725fd3149e0447258913dccc56d7eb68d0fee768a81d4b163d9a9d59bdb2806e36ee49a7d98b57933b09dda008f0eeab27016305b1b96819ee8

/data/data/com.gugu.android/files/.jglogs/.jg.ac

MD5 ca8bbca73b4cd5eb0d611a3706d7a1d7
SHA1 8d9e33b40070d73d80e6578667e26bfd50ccb821
SHA256 568a3388146e94921581cb0b2c85e7746b7bafe330ac120f2aabb9a011ec9642
SHA512 6b0ffd06378ca92e34eeee108e3cdbeee037c5c40a9aebd8272d8e7f4226683f5c36aada7aa07a55396fdc09d67bd2a1b4fb2605f6f477d137c595951fb7b730

/data/data/com.gugu.android/files/.jglogs/.jg.ic

MD5 930eb698781b85a710929be1db350180
SHA1 84a98c110e5f4c01b1dd56ef0535f1f7330f34f6
SHA256 e92fadabca92d91f595219049f6648645d3700c09c27c13be929d795ea0d4157
SHA512 37dce924265cfe33449e43abcd08a7a9d4ed0a2c90599a04d0f1fb3cf5a66b48552fd3ceab7463727fece7d1f8ffc33e240261779d77cbc7c8fc84af4f96a51b

/storage/emulated/0/com.gugu.android/nim/log/nim_sdk.log

MD5 f710186062faf5f82fabe6ee6e44b75a
SHA1 6d0e9e07eaf1394a8d903b14235ea0b476e4c09f
SHA256 cce2ecd19beb1f5d16c7bb6cd66b7dd32afb196f6d74743d1462df43e7dac22e
SHA512 6b5ff5e72902bd18c15acc77bd7931d68734431d62d79eb2fb40728786b52ae84d56ef4a753a0ed4090c7217c7f6e1ea499fb0fcd0ef11e4cfb32ccf4c530d80

/storage/emulated/0/com.gugu.android/nim/log/nim_sdk.log

MD5 1c3bf2da796a2cb05b9f684ae4e45186
SHA1 c0b9c649efecb7957940c66f42b18bd40a5f492d
SHA256 a635c8584a1967d2b9c12ddc57f7d464c0168eb34d4f5127ed8f5902d9fcf5e8
SHA512 9fcffdae3b699a72489d89b924b957984c4e775e5f5ac79a2dd3df47091aa92dbdbd1f854eae9cfca891bc68e567c4ebfdb0d8e3e63928284ff5dc63393b2b06

/storage/emulated/0/com.gugu.android/nim/log/nim_sdk.log

MD5 e17841b9c0f20c0554b82d95dc800d60
SHA1 66fad232cc191251b4715a4cac378cf857ae86bb
SHA256 e733662a74cb43f9e76250c8ce7fcaf4543c4de26861be6356dd91f13ad0454b
SHA512 8cd2a1229b7cb55c9c1fd6c2f79778a367613509c834a67b1053aa770b4fa5842a5e86c7d80986722690b98359876128280c6f0e130b5d9ece4309e090ad3965

/storage/emulated/0/com.gugu.android/nim/log/nim_sdk.log

MD5 21967f5efda5a2c766d35a4b4a37e86e
SHA1 c4ccd6f190339c705bc24df831250580c506efee
SHA256 5f776c1a999de43c61e20a812f9a0b429f0cd6e4a5af30dece61ee8ccd551a57
SHA512 b0d6700af0ed22fb4f0d2282b79a0c50550b3e57c2d27638f7beb1f46a2c9621bd5aeee0043513a61e0c7e89b87137b1cff8bae9e526177c61157e63f7eb544b

/storage/emulated/0/com.gugu.android/nim/log/nim_sdk.log

MD5 18de84018fc0b3c4d2e83f85e643e53e
SHA1 472477f09a399ecbe9ca1fb97b13d2c5dfd121fc
SHA256 2c137ea3086858345a23bbc62b9786ce54b5e3dc084dd8b65530a28c2b68d177
SHA512 3198ebe5e945ff7ca6b293904b3a754f2ea40b58117b06d36bd2dd13fee3c57b9c453c18d52dd8af4eb6f2b179c0dfef985f6aaf5f275ff37a5d7a02b9e0a049

/storage/emulated/0/com.gugu.android/nim/log/nim_sdk.log

MD5 aad4daec4a218f76d295bc4de6509be8
SHA1 939568233c0eff9cac3a24d85e76b99c212967b9
SHA256 c1d9125209f5de1f473851855b314253979df44b5dcfdf998828187f6f5e0e99
SHA512 f87be105b64ffa6ce101354b4603fdb978733e1f3f472c8e107b520f093a8dc4c49cdf2ac278bc20cb28dfa6e5e0daf93fd441f7141848d6e86a481ccdb833a7

/storage/emulated/0/com.gugu.android/log/demo_20240510.log

MD5 41e358640d1906f595420fbfa6996ca2
SHA1 ca1c86496a7fb1075fc4442ae3d1361ac8008fb6
SHA256 2bf6cbf99d6182f6dabe7b6b350d19c0d424417a35316b104631e0df89be5051
SHA512 3dfa5a2d7cc45e1b69d0e692c30fbee063540b3376d136f71e91ba7a2c4b553b1350fb6c354ebbe98fa7be5589052d68282d7c26a7fca4fad8dacb9d45444a72

/data/user/0/com.gugu.android/app_crashrecord/1004

MD5 809dbfb9f107c29f12ccd416e3889808
SHA1 e433195e92d973ed121e71c424153de83a746b6f
SHA256 4b8e42b924472f584f918fcb0fbd913f7a0ef6c0fdb525c45e4d722bc083f90c
SHA512 da85415d05110e028fc247274ab539abe68359bea116747177fd4a5fd0824d481ab035030feba064dd554021c917c14df87ad407bb229488fffe4e2b94dfba03

/data/user/0/com.gugu.android/databases/bugly_db_-journal

MD5 c9b72756da5315d578036750599e5c32
SHA1 745efd27b6ecedb3f41cb8e59f94c3fb13fdf31b
SHA256 e9a074d8c0be478cc7c1c354cfa6777638d87c7d1cb4a84945efce8512e4a27e
SHA512 860fac977fa994d9ecc9e11bbfcb68e4bc124b1b8121b443938a4395926caf684e4fc1a6087a897b9f60700fef02ef6e569a4f36cee2f9de7c23f95b34c9bdc0

/data/user/0/com.gugu.android/databases/bugly_db_

MD5 7a681c8d07306556e6a3c12dad8def7d
SHA1 13564da17133f582cf4a2d82399451a3646a1703
SHA256 d2ff9fd5f42c178ff869c16effc21f82d67f3ff81d030db4fe8c5eced39a0227
SHA512 638f80334e306ec2b86729c5899ddcf2efebaafed386f667ddbe87f2f5045f47cd1aa5a09a5e305f0702f766dddb629933eb59f820650ba676fa191e0e1d1f42

/data/user/0/com.gugu.android/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/com.gugu.android/databases/bugly_db_-journal

MD5 a83add0ff09664478307eca3bcbd1dda
SHA1 eb14d49433617c0eec1da71454078ba69f5d4787
SHA256 8f4cea7fa416280665f0465c29508585d8ad92fc378af1ce98ef1e67c5370e8a
SHA512 5f38dc10731ca4cdd0571dcf11c8fd30260bc92facbfc536f3676b8abd18f7a1bc26f8b06dc52ae3b75ca426035e472d9bdc614e3458dfbcd9c2eaab5822d635

/data/user/0/com.gugu.android/databases/bugly_db_-journal

MD5 1717c49143d892af35a7f6ff725096a1
SHA1 b9345c49262e4702c05f1045992daf2877fbdb4e
SHA256 4a22873317df90bc88710c2f79c52350e3b82274d3a146cc78a8c15b147c8eaf
SHA512 1924656ee3c0d8c4007759159eace49c95fda57abe336497b2b1a23e964cecbb7c986c9791442df48add753736574c4b54521f3d96b5a4f4840bfff18ba8d6a0

/data/user/0/com.gugu.android/app_crashrecord/1002

MD5 99976495c1bb897c439996275fb36921
SHA1 d6c5b4e8587809817f2127c984367f461c0f4972
SHA256 11cb4d17a2e2e7bd69dafcc40838540bf0d39e6a09a8ed5f688c6b07bde86b38
SHA512 b7daadb3c5ae2f2ee9b30fcf3831dba2f07d907ddde1d2914dbeb5a6e7fb2b22d94af7f918096ca7ec603cce80fa9cb4c2c60f90e384a89d8c0a3be0718fa7d5

/data/user/0/com.gugu.android/databases/bugly_db_-journal

MD5 ef37ee4bb650a779611e3915066e1a1b
SHA1 4df0cbc39b8aebfcfd51f8acf5034f9dfd2640ae
SHA256 2cc7584a6ed025dfaf87e63b928cfe1d4118dff3f04c687c21faa6055559868a
SHA512 c328fa4de52bb8fad571455edb298a5c848d4c9a11f10632d0f71c6e8cfb102585663949fa65eedae56656bc8965454583d160bb62efad1e92fe833e5201f347