Malware Analysis Report

2025-01-06 10:32

Sample ID 240601-dy9ltsgh33
Target 893d51dd6fb7ae889d8882dc1d75b7bb_JaffaCakes118
SHA256 0783d113641dfd20c236395078809c92a6a44a3174140b45d971ad626948c629
Tags
discovery evasion impact persistence collection
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

0783d113641dfd20c236395078809c92a6a44a3174140b45d971ad626948c629

Threat Level: Likely malicious

The file 893d51dd6fb7ae889d8882dc1d75b7bb_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence collection

Checks if the Android device is rooted.

Requests cell location

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks known Qemu pipes.

Checks memory information

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Checks Android system properties for emulator presence.

Checks CPU information

Queries the phone number (MSISDN for GSM devices)

Checks known Qemu files.

Loads dropped Dex/Jar

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Reads information about phone network operator.

Checks if the internet connection is available

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 03:26

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 03:26

Reported

2024-06-01 03:29

Platform

android-x86-arm-20240514-en

Max time kernel

177s

Max time network

171s

Command Line

com.mklove.coco

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.mklove.coco/.jiagu/classes.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex!classes3.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A s.appjiagu.com N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.mklove.coco

com.mklove.coco:ipc

/system/bin/sh -c getprop

getprop

logcat -d -v threadtime

com.mklove.coco:ipc

sh -c ps

ps

logcat -d -v threadtime

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stats.cn.ronghub.com udp
GB 8.208.8.123:443 stats.cn.ronghub.com tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp

Files

/data/data/com.mklove.coco/.jiagu/libjiagu.so

MD5 0e6c6a80b8d73b86833da191ab530fc8
SHA1 f270c9ffcdc8dd520d756f2990cbfcc02b39aa09
SHA256 062a20ba9735ba3dcb6f91893ec015348fcec8e694b082eb47f24cee86fd3ba2
SHA512 631f6b90709db5d370b8fb9888c2ae85e46e84cc96b8e25a99548f55ef91d8e7b8f1e6c0040dce7eab5ccb9e5ef6abb6ba5099f0012903e821b8d603b5b0370a

/data/data/com.mklove.coco/.jiagu/classes.dex

MD5 776666b6ffcaaae598f1f131cd8036e5
SHA1 ad66a12c101cbe8fabca4e7f181a133fcc5b77d4
SHA256 df77079f58cb5ffae461349f5900ee326a9d04a050ae8196a02d9f821dc56e87
SHA512 cad7273e261ce78012a0f9d4d4d212fd063adb3264fc31bd8d49d4a89d73b13c5b92d4c7934721285d9f9da36a1a3049c41e355c4fec588386cbf38a8b1e1c63

/data/data/com.mklove.coco/.jiagu/classes.dex!classes2.dex

MD5 aafa933e9d5788d9548e59c7cb90a7a8
SHA1 8eb0ea8f984c800beecfb1f1f57fd57404769238
SHA256 1aa3c1bdf4fb4b945977e0f3191aa4c1808d73812601abad1908da8d7adafaa7
SHA512 5952f2cf2001e4ebcd05b7aa58009af39ae43f4b53642e2d411c0c036085d10b4cbc9f8d560cb0e872388c326aa8ea9b9c9d17663124d622efc3e0a4044045ec

/data/data/com.mklove.coco/.jiagu/classes.dex!classes3.dex

MD5 44d1beef1778fdd14ac712a7ac7da370
SHA1 3be8adacfb7b3e9787f3d64bd93e8f58a3bab1ed
SHA256 f3e34bd5ec9c8953792cfbfe55aee311adfd0c5dc0217749759085232c7c78ba
SHA512 bbc78449c98783f0faff72fe93f727866a48982915f43838797c06c2128863a5bb278ef7f025926aa66402a6543dca9cb6bdb3fafa540aa309749baf91b1f399

/data/data/com.mklove.coco/files/.jglogs/.jg.ri

MD5 4ff9feea07afa1dc503b081c2412bc67
SHA1 545d7b874500416cc7e7e705bbdb0881efc4780d
SHA256 62dff12a5d06ae611e66a6c54c046f754916d49a5fbcf8245592486e420a895c
SHA512 ac38fb0fef05f687c0d060de718034c9566cba35b130d62fa910d518f9eff9fc4060b10a93e0719b6ad2e2f0c9c58a5a5a2f4460b4c6db8f5c1e50861fcb32ce

/data/data/com.mklove.coco/files/.jiagu.lock

MD5 d498c3102db7a838116dbbcd258c85a5
SHA1 bb9333e866c08d46e4f4456a328ec38b90bfaab4
SHA256 0747db5a2b6edce8d81b24f1b9c3cfc3d84a2bb6779ffbb3ff4819c0987c1dc3
SHA512 c4b62817124a27f9ae94822dd3a061a144feefeadd4dae1e2956e1224141f60bb3a3f1dfb1e328e06f36022e4aff16a43474ab82c27532d7e618fbb1845678eb

/data/data/com.mklove.coco/files/.jglogs/.jg.rd

MD5 49a58f06d1dfe278119cc515fba1ee8c
SHA1 e2bf15d796fd1301e261c3699082e5a86a0e448a
SHA256 5dbff8f0dfba2e9085ae454827daf6b873e5e7f077c9e8bc8e358112176c1b7e
SHA512 8e6178ae979b7fde0e9f807dafddb9598b37502239081630eb7de0d4d969e9d2ca60b7a3654f76638634152a9b17ed9f1a2c9b6b71aa9d7f35774dc8f19c944d

/data/data/com.mklove.coco/files/.jglogs/.jg.store

MD5 6cabf77917b6f7d4650bf6694a7727c0
SHA1 d5c824613933b09ab3456fbe72f478dd50865491
SHA256 2ff220fe99885dee5a9556f7b88d1d20425ff409ae12def764f38425fc665994
SHA512 c12797903d44bcc682cdfd94b5132cf8e736e97bfd161ff40e7ef9bfbfee2f2f92cbe1b805d2aca894988a0677490b7486cf7815c48aeb359bbd75c9caac1749

/data/data/com.mklove.coco/files/.jglogs/.jg.ac

MD5 584f95e40c14c0efaeaf79529d403818
SHA1 f7fe4f787adcecda0a96bbb514dc4756731c461f
SHA256 37588a849f2d4a2ff2bbe159a29fb3be46d2dd722eaa3298511cfee2a80f371c
SHA512 9f23c405e062d6c088603de811c89c57020a4c98dd0a777c5271d4a9532811fdf36f70a51ea1fc6dbc4eee253c641ee77d87caa5fe003ddfc1dfb3a4ae05cb63

/data/data/com.mklove.coco/files/.jglogs/.jg.ic

MD5 3cbd6e083fd496d0bf562c068fe25775
SHA1 7c7f31e67e18b1bde29c56728dcfe4353fab4789
SHA256 90a52ef97e8914ebc5354518013807523558d1895f58b1cb0eefbe0e161889e1
SHA512 26a913b7c9d060a8d6de54104a64aebcd4384c5e577311ab950d2d87da3462c109e116c315f686617e3305b02956673979587a4f9d74aadabf095cdb9ea5ab72

/data/data/com.mklove.coco/files/.jglogs/.jg.di

MD5 83e4cf0c0bb31e7507f0f8cbc6301ee7
SHA1 e687db134999675414e0015ecbaae250136ef65c
SHA256 aa06d36d8d3b0f4fae5e0e2a23f52fea35a20cfc72f7fd5dbbff0531350a7e72
SHA512 653c96ae85cc12ce3824566b0a672c377c73494d7f4da472533e718bdf4e263da48a6960a65a98fa7626737874d604aa989c84b5546155a2496a1d6bcc96c654

/storage/emulated/0/360/.iddata

MD5 57a85c959a6d03bd875d5c4628a35436
SHA1 84124371a2eb61388434035c2ea53bef026a8965
SHA256 a8dd2e90ee501906f0ff86d380fd94b5db5aece4abcb957900122166ef85839d
SHA512 195ebabc9e29b97daf9ab5745a10a046d64d43d81feb4ab403ea56f503d4a99f7772e395126a56f29a13316a5d68bbefe6d401d606550c118e2bb79831e2fd86

/storage/emulated/0/360/.deviceId

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.mklove.coco/cache/image/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.mklove.coco/files/.jglogs/.jg.di

MD5 a498ee998a7c8ffcf987abd166c765e5
SHA1 4b4285205d89a0669098a4a2a7b3f7e9a208ea9d
SHA256 c528444fe459ccd70623d5d9812794082e831004caa00b24a501eaf48c61323e
SHA512 a1a9d8b1425dd9f8733804645e1c974cdfdad0876019fbca4a3c94fba328ee8296e58305878e4f5ec7e0f83caa386c633d754675e462ef7e881ce54a2471072b

/data/data/com.mklove.coco/files/.jglogs/.jg.store

MD5 439ee42d43f8a42bbc97321abd323671
SHA1 ff695196cc9f0d16339efac3d45b11c041f586c9
SHA256 34dfa496dac94a44bc94d296b942a58b60ca2e6f008e2282b1e72acffdbc5db5
SHA512 4130a7dbff16d2d48ea4149f9055eb9b59c69cdd612aeec4cb1a4004ecef4246ad67dcfe4df41e7f19282da9569db57b22b4939ebb7218a024de3ef5c32f4686

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 03:26

Reported

2024-06-01 03:29

Platform

android-x64-20240514-en

Max time kernel

29s

Max time network

131s

Command Line

com.mklove.coco

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A
N/A /sbin/su N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.device N/A N/A
Accessed system property key: ro.product.model N/A N/A
Accessed system property key: ro.product.name N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.mklove.coco/.jiagu/classes.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.mklove.coco/.jiagu/classes.dex!classes3.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.mklove.coco

com.mklove.coco:ipc

io.rong.push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 stats.cn.ronghub.com udp
GB 8.208.102.120:443 stats.cn.ronghub.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.200.2:443 tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:443 loc.map.baidu.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 nav.cn.ronghub.com udp
GB 8.208.102.120:443 nav.cn.ronghub.com tcp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 60.205.180.247:8000 tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

/data/data/com.mklove.coco/.jiagu/libjiagu.so

MD5 d9adada5d6551f4f934bd867714cfb3d
SHA1 b81024554c9b48f7fad85d83b27697bbd85d6387
SHA256 95e95c86650b1a80cf23b9c3286918c8ad64d52b0e22267ebb737cbd824d2491
SHA512 e66abac93edd4369772cef12c6c1716702661bf17f8eb6ecee86ad50361140b4f854ca7dc4fbf8e46802f36b81706ec7d951d6e9c803e242881dfb7ca865d456

/data/data/com.mklove.coco/.jiagu/libjiagu_64.so

MD5 3f01d185c3ebafb8c0236bfcd634c4d6
SHA1 cc2da08fce34b6b57bedbd0a3d5319d2e58a1827
SHA256 e160d6098a09718bb4fd6c8a0a9bad2a4000336e2ebcc08e439a841d6c3cfb22
SHA512 51979a1bd27cff8459e6f266744480b598c48775da35f4c60f58a2d1a88f888747fa66b8a495499e5ae033433f301bb42f2fd845a3eeffdcbf9166fed669b139

/data/data/com.mklove.coco/.jiagu/classes.dex

MD5 776666b6ffcaaae598f1f131cd8036e5
SHA1 ad66a12c101cbe8fabca4e7f181a133fcc5b77d4
SHA256 df77079f58cb5ffae461349f5900ee326a9d04a050ae8196a02d9f821dc56e87
SHA512 cad7273e261ce78012a0f9d4d4d212fd063adb3264fc31bd8d49d4a89d73b13c5b92d4c7934721285d9f9da36a1a3049c41e355c4fec588386cbf38a8b1e1c63

/data/data/com.mklove.coco/.jiagu/classes.dex!classes2.dex

MD5 aafa933e9d5788d9548e59c7cb90a7a8
SHA1 8eb0ea8f984c800beecfb1f1f57fd57404769238
SHA256 1aa3c1bdf4fb4b945977e0f3191aa4c1808d73812601abad1908da8d7adafaa7
SHA512 5952f2cf2001e4ebcd05b7aa58009af39ae43f4b53642e2d411c0c036085d10b4cbc9f8d560cb0e872388c326aa8ea9b9c9d17663124d622efc3e0a4044045ec

/data/data/com.mklove.coco/.jiagu/classes.dex!classes3.dex

MD5 44d1beef1778fdd14ac712a7ac7da370
SHA1 3be8adacfb7b3e9787f3d64bd93e8f58a3bab1ed
SHA256 f3e34bd5ec9c8953792cfbfe55aee311adfd0c5dc0217749759085232c7c78ba
SHA512 bbc78449c98783f0faff72fe93f727866a48982915f43838797c06c2128863a5bb278ef7f025926aa66402a6543dca9cb6bdb3fafa540aa309749baf91b1f399

/data/data/com.mklove.coco/files/.jglogs/.jg.ri

MD5 84a986566b3b9e543c6937492bb742ca
SHA1 90fabe2b7f0a5a6854e8ca66e4e4f59aaf1df331
SHA256 800f08b7270edc4168d9e2357d6b7094686dc8b6057eea77a5f6cc9d9656b7c9
SHA512 54124762b3c0ddf520baa9cd116c1ad1da4cd5a33233b45b2883db453b1fbfbfd2e78e1138d4b78ff0a212d46097059604cbf9f352916eebc213b21fe438ee7e

/data/data/com.mklove.coco/files/.jiagu.lock

MD5 3520b64c94b4135ab784c82d45587192
SHA1 f2bb0d98a095e96ff1447194e796f530522d128a
SHA256 bb159fdb88b66fc7e693fe62248a7cfd87836d358f71981ed6d39b46fbe8d668
SHA512 f5b7fea2a4f77d7a9e4f1fe0235f46add818cf025371f0d0d5bc1bb43881df5256f7f7472accf6f231de9507357224eb14c86ec8201c5205fd10ab8614305dcb

/data/data/com.mklove.coco/files/.jglogs/.jg.rd

MD5 dcff185367b5bece82b7864e3dfee51b
SHA1 fa00204e0d358d43536fae174af68be3b0ab11c8
SHA256 145af0c6ddbfcd4b686c05dff1252bc5561493c6e06c6414c1ee8c6350c25067
SHA512 e287ddee56fa9ddc2780bc43ea61b8ed7c0afd13dea32e17bfdfb4f96b8402ccfa7d612e11d28f91eb862bc617d5eccc30f36235dc0cdb3d7fb9e8bb76ee8632

/data/data/com.mklove.coco/files/.jglogs/.jg.store

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.mklove.coco/files/.jglogs/.jg.ic

MD5 bbf0bcf20f39702e1063a6e932d7c56f
SHA1 48a5a009f9d7b18cb2ce2ad5144da9f4b780fa68
SHA256 0ccc8f3a0e26244581bbdd9e36a03ba01261a2d8579f691f2dede13233cb4cfc
SHA512 c73662c81f152d09bb6a633b63c9b4eafc7d27bcdefc2d7942b69339bbdbccbf078aeeafc5cea0812059a97e35f13cdf87bfc45bb0a927405d0249a2e2adea32

/data/data/com.mklove.coco/files/.jglogs/.jg.di

MD5 56a99db9fbef6549cb392ad9540413ba
SHA1 7a594214944df3fdb0ba31e448a2c0f90e5c09dd
SHA256 9a3507506d7a8358934d1f8654fb871be0c7fc3eeb193f164782c0b25375c63f
SHA512 290ac6a2718f7b26d6ab9bf91c4c39455cc8991185b41390eefa8a1d8d7ab1471b04589a40b7dfe8e8f5130ccd48941085834ec6f52ea64dbf0d40dcf1481b4a

/storage/emulated/0/360/.iddata

MD5 6ce3f0d91a56280a6d7a22c8d4924023
SHA1 27d90e6062cf4592b1f19808fb6d653deb982bba
SHA256 2a7d6bdd7e4b50eb8c435bb0a7763bc55a28c0caa421a48c1f585f6368728c04
SHA512 9ae1e2bfe6dd8cd9aacbde234b3c3eacf675e2303c9b5ce9a28697c466b640a52fb451bd0c79de04deec232b4f562d08c4699f0952add564d85b3c539b1bad5f

/storage/emulated/0/360/.deviceId

MD5 e557e4e0363378a44849f4862638df25
SHA1 dbbf8a57c6f4fbb997883a23a063ae9825eb670f
SHA256 66247024ad712e8e040f215438471369cbcf9f9b7eca0e210ab372cc3fabeb80
SHA512 eff7562c45e068d65868ab741a0cbe872a26fe77ea4f9ee484968b6d3b45c17bbc762fe844a0cecf95240a84753275854c73151b735088ac2381adb00c36ebbc

/data/data/com.mklove.coco/cache/image/journal.tmp

MD5 c9bee95e49a3e1809c65cd5b67ade340
SHA1 fb159e6701198d02680bb033bcfecd5b8c26b62b
SHA256 2deda7fb8ed729201164280e04b715de0552c3904fccd464c4daaf1deebc6ca0
SHA512 d64001261f7f629c4e29bb051f179e7af51b43414e0f2398c197c2837f348644709d20f7769161f20b6340b38b381c0dfd69df0888310a80663098b8ccc60ee2

/data/data/com.mklove.coco/app_crashrecord/1004

MD5 fb0f05b639daea206a604ee417dd6963
SHA1 edf4d3e7b0d87ca534070114a9887415e1fa1259
SHA256 0ce2249ff8d7042b56fd9e848ce6136a1709aa607ae393548cc22dec71692680
SHA512 a9751fba388df6000cab6fbea453fd3d77424fe1a739ca83e8c7260df8b47e21bb9d123cc185e1f41cc19b7aa8af032f4320752e0504f31711297ef67d5f531c

/data/data/com.mklove.coco/databases/bugly_db_-journal

MD5 6798bfa0886059e3dc6d31901f8546ab
SHA1 91d3d62f3721f3c1ebb98db4242c22ab17253677
SHA256 5717931da044e86e161cc5ef36c3b3c2a158926eb7eb6340e659bf3613cb1a58
SHA512 6492bd928b1195f38df9e4b9dcb271865ec350d9d0edadc99e4f6181f08821c2d4244e6acbfc8efb8ef6ab85bc420213c9b15dad185655cb202662c91a7c170b

/data/data/com.mklove.coco/databases/bugly_db_

MD5 0c15fc4c0ecb4c4d5f69563e62f4f184
SHA1 7553b26a49e7226c94aa3291e35a69e4d88a416b
SHA256 85b5263442fb4ba2f8a5105a5d74b6586b19744e5cba0fbebb2a97cab8fed07c
SHA512 6432ff3add9ca1e45428d725ee0e1cb2fdc5492b481686414579b1475dff811e44c3dabe09b394ef9c5f1813b073bcf5fdf59614458e121e35932e80441e6054

/data/data/com.mklove.coco/databases/bugly_db_-journal

MD5 038594f642bc99a2c8518d4ad5b40a1e
SHA1 b67dac851605c3259c83ed18ff7247f4db7ed871
SHA256 4562dcff56a78a36fb1854417aac0ac204bf06f4c94b1186ffa42d205a7cc05e
SHA512 2d931118350457e21a1ba5d74060a70892b1bbc9f93934ffd39d6e68e245885703fb1cf2d85018aca4ec3ee5eb3c06fb719d940b544629db8c9fcab3597c4e2e

/data/data/com.mklove.coco/databases/bugly_db_-journal

MD5 dbf9b5d5919a6cb9991e7b45b5594fa4
SHA1 633cc268fda25bf948314f0ce98253d59c4098ea
SHA256 0a9a41ceb83c944625a601af49b997842e5d2208689f7336a3e0b39b87a84649
SHA512 ae9af23b65c055f32e440dc251c02450af337e3a00aa9b79f51481d1cbf1c1d35ef5220179f6bb17d74cec7aa32fa6833cee60905b6d84b278802a0258a0924e

/data/data/com.mklove.coco/databases/bugly_db_-journal

MD5 ffed0da96d533a8e940f56938ca1c53b
SHA1 8e382c68c0224595e350dcd3bc4aabc440429c4b
SHA256 ba9004d999edc6ef7202fd35d8a80543d4f7bed75041b7a415c81be0acc9ab42
SHA512 c16315150960db2b9a6c5264881ff54f0949e4acf7bfdcfaa6811eae0e62f3b19060b893d82af056cc1e96d87fa4a42fb638fc94e317b2bd7dd67cb51f800f1a

/data/data/com.mklove.coco/databases/bugly_db_-journal

MD5 98ca249f85c436d857e6d5d2fdf9aa3d
SHA1 335fd5c262e84f2d6c6a6e8c71f8e360f7edd587
SHA256 6eae09a4de48c92ac8dd224f68d4a77d03ab21af160be56a3d685e6eb339604d
SHA512 1347b8dace24c8156e3913d7f80b0979ab80eb4041fb390d6ece09fcbbe3b56d4a61313a408d4aee33deab23b087dfe51b4f3a2cfd04c7540cec5815fbb7dc46