Malware Analysis Report

2025-01-06 10:32

Sample ID 240601-eebfcsha2y
Target 8949113d36ef384f47cc70a1dffd18ab_JaffaCakes118
SHA256 35c3b2b50dc85b260fb98e5cb1ac33ec10a29946de0d2bf40f054e0d0dcfdea2
Tags
collection discovery evasion persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

35c3b2b50dc85b260fb98e5cb1ac33ec10a29946de0d2bf40f054e0d0dcfdea2

Threat Level: Likely malicious

The file 8949113d36ef384f47cc70a1dffd18ab_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion persistence

Checks if the Android device is rooted.

Requests cell location

Registers a broadcast receiver at runtime (usually for listening for system events)

Reads the content of photos stored on the user's device.

Checks memory information

Checks CPU information

Loads dropped Dex/Jar

Queries information about running processes on the device

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 03:50

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 03:50

Reported

2024-06-01 03:53

Platform

android-x86-arm-20240514-en

Max time kernel

5s

Max time network

131s

Command Line

com.coolsnow.gif2video

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.coolsnow.gif2video/.jiagu/classes.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

com.coolsnow.gif2video

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.227:443 tcp
US 1.1.1.1:53 www.joy666.cn udp
CN 81.68.245.73:443 www.joy666.cn tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.coolsnow.gif2video/.jiagu/libjiagu.so

MD5 98736de515958ae37ae93a0a0e997098
SHA1 72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9
SHA256 335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421
SHA512 cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

/data/data/com.coolsnow.gif2video/.jiagu/classes.dex

MD5 dc59811ad8212f0b7e1d78e273dda0ff
SHA1 3ee6f5766f69bd9c78c2442b654ea493894fcd20
SHA256 4eee9700ea2e4c99dcd4ccc9fd3c477f1ae344eebdf2015f84e2c1374eb15771
SHA512 35c22b76dbc86273548f72434beeec4ab907f11588ddf8cf405e2a488063f764f341ccb584bde968d110082d05c24d5d768c64338bffcebbc5db7e2ddf4293e4

/data/data/com.coolsnow.gif2video/files/.jglogs/.jg.ri

MD5 68abdf12075d9082dd57352e11a7188a
SHA1 fa2b7bc45fa299b2c8b21c1935dcb74d2e5cbe7d
SHA256 f4a9c44a497a40a790d711d75d1085b1ad46c8a77cd49449d4d0def96abc4086
SHA512 78dd6364c299af485f906bed90b924479678cb44cbf0e187a076f0b90745cb957c5620178382463f4707359fff94391d9fd122d8cd460853757b4182c0759d4f

/data/data/com.coolsnow.gif2video/files/.jglogs/.jg.ri

MD5 d44ece18b39b02d9a570df2e296392d2
SHA1 03b0bd85b2452f16c2c776aaf4f585c4a111d0f0
SHA256 116b202db95bb563e845e96531da5938049346a8d8734a61f65264f4eeae2d12
SHA512 ecdb607c53c995198d3aa19d12905a299ad7027e53a09f172bd8801bd86ca24ad5e8c1580314749648e533eab0c3427c5fdbedf4e8f46a5b5308af526aeab6a8

/data/data/com.coolsnow.gif2video/files/.jiagu.lock

MD5 82796ec92cf05fcfe5384ab25776c852
SHA1 2de2076e67da7191b39512ceab73c181a2a2f956
SHA256 acb069526c9b801383844b03e06853ee3d459861a567a5bbe1ebbbdc22ac29dd
SHA512 8745cf9e088aeb58e4fa725ba605c7562c13ad5cce7e5143e7a261503bea364b86123fb40a0ce5e3d9d8af242bddd302dd00cc63ebf44745ac3ef88ab9ff12a6

/data/data/com.coolsnow.gif2video/files/.jglogs/.jg.rd

MD5 74c5be926c91af4b5ff7be685b48adf5
SHA1 2a299d3dc6a086d25ebf6a1d8a28b739dfaf3180
SHA256 91bddc926355aa817daef947f53684da7db10d44b1a4b7f5e877670f8ea97880
SHA512 d21aa59438716382eee33becc58c23b66637d37b152b50b1dac5a5fdeef960f41314ff6be58c884dd0772f896695463ddd8e344ceb2dbb5023cb1a4b6ad6a950

/data/data/com.coolsnow.gif2video/files/.jglogs/.jg.store.report_cf

MD5 d48d4caeac57cff779751b3279930e99
SHA1 0f5d08b55eb8ff68fa0a7a44180097c38d2eb609
SHA256 fb7d802756aae7612dc5f96a3f215bb8405ce486e8fa849e8a8a218c6c9d6465
SHA512 8ed880ee76ab3ad84b8dac5b801b60acb41c15d0b9d5c91abb271a73bd5ab06d443f8491b13ddee49bc27d7d9f9d932e9069ec0d0d86fa3e22d719aac841d1a6

/data/data/com.coolsnow.gif2video/files/.jglogs/.jg.store.report_pid

MD5 da5451d88bdbd4c7b30e95ced4a90be6
SHA1 bef393923343a5a5fc24af96f6be708ebce937ab
SHA256 e9a559dc2f5998826ddea5bf7cb3711b4815a874fbb6d9d6e8e403cc19076626
SHA512 a5231bda44b94cd6af44bc6cd663f9b05b0f30e63d51e18d2e0a45d088e4e8e8d980d5e03a94789490714636bc4845387c86cf402d80fa1c4aeff5ed8f394fa3

/data/data/com.coolsnow.gif2video/files/.jglogs/.jg.ri

MD5 b0fdb5f441a5b6c3ae05390882e06356
SHA1 cd2203e48086646619fceafaed67a80d99eba941
SHA256 d31c30927a73f2935a9779b8649ca1bbab0dfe86e0521e24fcf2c12f72ad96cf
SHA512 1160206c27d50aecbf83fa9139d6e0db70256bb998d598666fb33b512aff9510787464fa8de2e80a6f7b98dfe3d8bd73a7d16c5662f0fa281af32648921849f3

/data/data/com.coolsnow.gif2video/files/.jglogs/.jg.ac

MD5 45ed1541d7f44071e210968f2b7dddfb
SHA1 075e15e7937a7778057219f67c262bd7e2aff310
SHA256 5b357b0ae5f1193bc054c43a2a7f3ba4197d3a40e9a0f95f2af1668fadda8e09
SHA512 24b4b28e13b9edacaa0373f78b313f04498e501789b01186155244823708c188a481840c34045447244e70184cb9af013cf23a90860bf74de722b38bfafa58fe

/data/data/com.coolsnow.gif2video/files/.jglogs/.jg.ic

MD5 62c56cb6ea0a495b2ff2e999a4591d8b
SHA1 c3c359a73d3e558d4cfe94317681bb76b638d5f3
SHA256 ae74a2af8fc9b3b620393d6891ba8679d368a9205706e655a063fa5a31b64020
SHA512 6a022ffe606ffc03d7819cad3666dc9440a36c4e916f3aa1a76f41d52bf6147b8b51461050c6d0fe40f0b180a324bea88259a7649038a4784c4221707240bdeb

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 03:50

Reported

2024-06-01 03:54

Platform

android-x64-20240514-en

Max time kernel

156s

Max time network

153s

Command Line

com.coolsnow.gif2video

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.coolsnow.gif2video/.jiagu/classes.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

com.coolsnow.gif2video

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.joy666.cn udp
GB 142.250.200.46:443 tcp
CN 81.68.245.73:443 www.joy666.cn tcp
GB 172.217.169.14:443 tcp
GB 172.217.16.226:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 ebjvu.cn udp
CN 112.65.70.244:80 ebjvu.cn tcp

Files

/data/data/com.coolsnow.gif2video/.jiagu/libjiagu.so

MD5 98736de515958ae37ae93a0a0e997098
SHA1 72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9
SHA256 335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421
SHA512 cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

/data/data/com.coolsnow.gif2video/.jiagu/libjiagu_64.so

MD5 64f0958be2a8e6862b90faacb40129e0
SHA1 389c618137db70dbf84adffcdc3c5d4850a5ff24
SHA256 4f38bee50f32a8c64f4f9c671b7cece34d4a1cb926087fec8ef505327d4edfaa
SHA512 793cb7104013b7841c38e4aa14f4d9246aefa61aa9803160e6398c4115a2df5c6af304bad045c687467547deaab3bb77272a675b0d673f81f2df3dee2d1fe94d

/data/data/com.coolsnow.gif2video/.jiagu/classes.dex

MD5 dc59811ad8212f0b7e1d78e273dda0ff
SHA1 3ee6f5766f69bd9c78c2442b654ea493894fcd20
SHA256 4eee9700ea2e4c99dcd4ccc9fd3c477f1ae344eebdf2015f84e2c1374eb15771
SHA512 35c22b76dbc86273548f72434beeec4ab907f11588ddf8cf405e2a488063f764f341ccb584bde968d110082d05c24d5d768c64338bffcebbc5db7e2ddf4293e4

/data/data/com.coolsnow.gif2video/files/.jglogs/.jg.ri

MD5 68abdf12075d9082dd57352e11a7188a
SHA1 fa2b7bc45fa299b2c8b21c1935dcb74d2e5cbe7d
SHA256 f4a9c44a497a40a790d711d75d1085b1ad46c8a77cd49449d4d0def96abc4086
SHA512 78dd6364c299af485f906bed90b924479678cb44cbf0e187a076f0b90745cb957c5620178382463f4707359fff94391d9fd122d8cd460853757b4182c0759d4f

/data/data/com.coolsnow.gif2video/files/.jglogs/.jg.ri

MD5 6de3c30d1664c54c190f8f5ca72954fe
SHA1 392fe7413fa927c3010d6df3a405b7a910187cf0
SHA256 41a8050d6521d6dbd710740e7d6baf49ff6f1464f6269fde354ded7f90326a27
SHA512 28d6d46fb4488e079b81c782dedfc25bc7ffd0e4653d912dcd16b5ee53f48a5c205a1d59478c5985879c3cde54e25e981caaad952e2b9cb12c9ab429ce82af55

/data/data/com.coolsnow.gif2video/files/.jiagu.lock

MD5 7ed4580a24ea6d1a09484a60f140037e
SHA1 883585a2b898d5d7d008d629fefc2fc13aa6c291
SHA256 8858131364821973724bbbbb10169764ab59fa1d180bfa1579909842163c58ce
SHA512 517678bed059d1303ca937b187d6deedf9fa7218ce040b8d0e476a4b7a2d4e317ea2696fc169a35807da12730d9cdf89ab07c46a9a15f8fe222f1e31e84c739b

/data/data/com.coolsnow.gif2video/files/.jglogs/.jg.rd

MD5 74c5be926c91af4b5ff7be685b48adf5
SHA1 2a299d3dc6a086d25ebf6a1d8a28b739dfaf3180
SHA256 91bddc926355aa817daef947f53684da7db10d44b1a4b7f5e877670f8ea97880
SHA512 d21aa59438716382eee33becc58c23b66637d37b152b50b1dac5a5fdeef960f41314ff6be58c884dd0772f896695463ddd8e344ceb2dbb5023cb1a4b6ad6a950

/data/data/com.coolsnow.gif2video/files/.jglogs/.jg.store.report_pid

MD5 da5451d88bdbd4c7b30e95ced4a90be6
SHA1 bef393923343a5a5fc24af96f6be708ebce937ab
SHA256 e9a559dc2f5998826ddea5bf7cb3711b4815a874fbb6d9d6e8e403cc19076626
SHA512 a5231bda44b94cd6af44bc6cd663f9b05b0f30e63d51e18d2e0a45d088e4e8e8d980d5e03a94789490714636bc4845387c86cf402d80fa1c4aeff5ed8f394fa3

/data/data/com.coolsnow.gif2video/files/.jglogs/.jg.ac

MD5 45ed1541d7f44071e210968f2b7dddfb
SHA1 075e15e7937a7778057219f67c262bd7e2aff310
SHA256 5b357b0ae5f1193bc054c43a2a7f3ba4197d3a40e9a0f95f2af1668fadda8e09
SHA512 24b4b28e13b9edacaa0373f78b313f04498e501789b01186155244823708c188a481840c34045447244e70184cb9af013cf23a90860bf74de722b38bfafa58fe

/data/data/com.coolsnow.gif2video/files/.jglogs/.jg.ic

MD5 62c56cb6ea0a495b2ff2e999a4591d8b
SHA1 c3c359a73d3e558d4cfe94317681bb76b638d5f3
SHA256 ae74a2af8fc9b3b620393d6891ba8679d368a9205706e655a063fa5a31b64020
SHA512 6a022ffe606ffc03d7819cad3666dc9440a36c4e916f3aa1a76f41d52bf6147b8b51461050c6d0fe40f0b180a324bea88259a7649038a4784c4221707240bdeb

/data/data/com.coolsnow.gif2video/.oabugaij/.fsgkea

MD5 01abfc750a0c942167651c40d088531d
SHA1 d08f88df745fa7950b104e4a707a31cfce7b5841
SHA256 334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b
SHA512 d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-01 03:50

Reported

2024-06-01 03:54

Platform

android-x64-arm64-20240514-en

Max time kernel

155s

Max time network

153s

Command Line

com.coolsnow.gif2video

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.coolsnow.gif2video/.jiagu/classes.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

com.coolsnow.gif2video

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.joy666.cn udp
CN 81.68.245.73:443 www.joy666.cn tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 ebjvu.cn udp
CN 112.65.70.244:80 ebjvu.cn tcp

Files

/data/user/0/com.coolsnow.gif2video/.jiagu/libjiagu.so

MD5 98736de515958ae37ae93a0a0e997098
SHA1 72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9
SHA256 335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421
SHA512 cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

/data/user/0/com.coolsnow.gif2video/.jiagu/libjiagu_64.so

MD5 64f0958be2a8e6862b90faacb40129e0
SHA1 389c618137db70dbf84adffcdc3c5d4850a5ff24
SHA256 4f38bee50f32a8c64f4f9c671b7cece34d4a1cb926087fec8ef505327d4edfaa
SHA512 793cb7104013b7841c38e4aa14f4d9246aefa61aa9803160e6398c4115a2df5c6af304bad045c687467547deaab3bb77272a675b0d673f81f2df3dee2d1fe94d

/data/user/0/com.coolsnow.gif2video/.jiagu/classes.dex

MD5 dc59811ad8212f0b7e1d78e273dda0ff
SHA1 3ee6f5766f69bd9c78c2442b654ea493894fcd20
SHA256 4eee9700ea2e4c99dcd4ccc9fd3c477f1ae344eebdf2015f84e2c1374eb15771
SHA512 35c22b76dbc86273548f72434beeec4ab907f11588ddf8cf405e2a488063f764f341ccb584bde968d110082d05c24d5d768c64338bffcebbc5db7e2ddf4293e4

/data/user/0/com.coolsnow.gif2video/files/.jglogs/.jg.ri

MD5 68abdf12075d9082dd57352e11a7188a
SHA1 fa2b7bc45fa299b2c8b21c1935dcb74d2e5cbe7d
SHA256 f4a9c44a497a40a790d711d75d1085b1ad46c8a77cd49449d4d0def96abc4086
SHA512 78dd6364c299af485f906bed90b924479678cb44cbf0e187a076f0b90745cb957c5620178382463f4707359fff94391d9fd122d8cd460853757b4182c0759d4f

/data/user/0/com.coolsnow.gif2video/files/.jglogs/.jg.ri

MD5 dfc91b4284fb0993cd1479c21f908224
SHA1 dad095d0c0d601faeddee15bd090e55ba007c2cc
SHA256 5eb7969f6ba7c005a2110bf28bdd3deb8ca3707d34571a9f8c6d0c0ffd5f0514
SHA512 bbf9161db69aaef36d35908c46dce4587b0be5cdfaef2988d5b30e4a179f054347f85a87118b4da847c17c112b5de98c939a17de06bc733bf6bc00d71657edd3

/data/user/0/com.coolsnow.gif2video/files/.jiagu.lock

MD5 742399ec654e9fb48f36eb94ef0804df
SHA1 09cf1ada88f7f6194ce37ec0e3e105d21912c623
SHA256 f82c3eab6a142eb2b41f78a74620dabc702379fb2ee17bc4ff78f7aea1f939c2
SHA512 706d3019526beb2fc13a184eb2fece36695d1dc86a4d696fc2298ffc3d4c452d02276b81456efcdbba2845a64a8777a67268fcec06c3a85021adad2e33ed0415

/data/user/0/com.coolsnow.gif2video/files/.jglogs/.jg.store.report_pid

MD5 da5451d88bdbd4c7b30e95ced4a90be6
SHA1 bef393923343a5a5fc24af96f6be708ebce937ab
SHA256 e9a559dc2f5998826ddea5bf7cb3711b4815a874fbb6d9d6e8e403cc19076626
SHA512 a5231bda44b94cd6af44bc6cd663f9b05b0f30e63d51e18d2e0a45d088e4e8e8d980d5e03a94789490714636bc4845387c86cf402d80fa1c4aeff5ed8f394fa3

/data/user/0/com.coolsnow.gif2video/files/.jglogs/.jg.rd

MD5 74c5be926c91af4b5ff7be685b48adf5
SHA1 2a299d3dc6a086d25ebf6a1d8a28b739dfaf3180
SHA256 91bddc926355aa817daef947f53684da7db10d44b1a4b7f5e877670f8ea97880
SHA512 d21aa59438716382eee33becc58c23b66637d37b152b50b1dac5a5fdeef960f41314ff6be58c884dd0772f896695463ddd8e344ceb2dbb5023cb1a4b6ad6a950

/data/user/0/com.coolsnow.gif2video/files/.jglogs/.jg.ac

MD5 45ed1541d7f44071e210968f2b7dddfb
SHA1 075e15e7937a7778057219f67c262bd7e2aff310
SHA256 5b357b0ae5f1193bc054c43a2a7f3ba4197d3a40e9a0f95f2af1668fadda8e09
SHA512 24b4b28e13b9edacaa0373f78b313f04498e501789b01186155244823708c188a481840c34045447244e70184cb9af013cf23a90860bf74de722b38bfafa58fe

/data/user/0/com.coolsnow.gif2video/files/.jglogs/.jg.ic

MD5 62c56cb6ea0a495b2ff2e999a4591d8b
SHA1 c3c359a73d3e558d4cfe94317681bb76b638d5f3
SHA256 ae74a2af8fc9b3b620393d6891ba8679d368a9205706e655a063fa5a31b64020
SHA512 6a022ffe606ffc03d7819cad3666dc9440a36c4e916f3aa1a76f41d52bf6147b8b51461050c6d0fe40f0b180a324bea88259a7649038a4784c4221707240bdeb

/data/data/com.coolsnow.gif2video/.oabugaij/.fsgkea

MD5 01abfc750a0c942167651c40d088531d
SHA1 d08f88df745fa7950b104e4a707a31cfce7b5841
SHA256 334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b
SHA512 d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236

/data/user/0/com.coolsnow.gif2video/databases/ua.db-journal

MD5 8432dc41e5f93331fa9dc748d060b50b
SHA1 7706807ab5589c510b570ead0c35e5cc1766da39
SHA256 4b55fe4384b9454d9529bf3c0044de6e9ccb5cc52ae760d0b37c5721c6254b71
SHA512 e791b1db8d3a0fa49c7f5db49b3a4da8a4f3339de79083e057c03f72488b1c3fbecdd5502940beb39cbc385d447064f90304c2a94e08f838bac5555c6af86d14

/data/user/0/com.coolsnow.gif2video/databases/ua.db

MD5 4a7d7a879469bee7fdadfe97aee8c722
SHA1 cf7d1142800de9b07f098787b16b601bee9f803c
SHA256 5dc7460e67ed8400bb5706b1f4c7338ec6f4a76767a725c4b48ab73680bffc95
SHA512 4e0e2cb7f3dcae5587a0e31d71efa46bfd8cab6447faf2c0d98fba57f830525f374d87ee4c1e7a5ca27c366f8c6269bab41bcaa6dbf7b88cf32eb973f9312053

/data/user/0/com.coolsnow.gif2video/databases/ua.db-journal

MD5 f093591cbb636b35268d4952c68f4741
SHA1 cc3036cb75c5db92ddda5c94e2386fc0e304bfcd
SHA256 90089fdfcc6348671198b8fca985de877f09f3b5d93cfd71a1b127bd146f593e
SHA512 7882a4a446b5174ad212a89b46ad361af26ed686bf42717458b27b2fdfde36c8fd6d852f8ab703f5fc3fc07f1d56d0c37b18ea2b7d464dafd2bcfdf13880d8b6

/data/user/0/com.coolsnow.gif2video/databases/ua.db-journal

MD5 ff3d74703fa20cd8d83946b10cab9248
SHA1 d1f7c22011992491e4912b2c7a7f03eb37083814
SHA256 08cf3f21d06c04dd73a932e5a7918c91a8e0813f1f60588037cceefe2633e989
SHA512 4bd1b2fcf70e77183c3276866915315ced5ffbd9d36c9c9f576ea457f3ba2b05986fb216c647b6f547f5677ec2e28a8315dcd9e6770d0b4e530a6665f3ac311c

/data/user/0/com.coolsnow.gif2video/databases/ua.db-journal

MD5 b52f041539082d47945e85370e7e517f
SHA1 623248292e9a6219c052dc921db4a142282d12e9
SHA256 6e3164e43a6ebd94e4817f421a9fe0b44214de13ce4590b717961aafeae920c2
SHA512 912bb25341158db83d8c6c702744019b5f578b551a0208caea447ea8b5164997d836e077cf0c548adf28424cf1485b2cf61f57516b959056df231a0de4e1cde6

/data/user/0/com.coolsnow.gif2video/databases/ua.db

MD5 081d678d0a88189f50e94a35d7ec3966
SHA1 8554e94db0db00e7a4491965d311634fc7b269df
SHA256 f4fc10b8a5c48169b4f61fa2f9dbd68c2c9ae8e9a29f98eee82ea9837a5a7161
SHA512 0b036cb64b1d3e16c1220c38d8522db815ac08cbf7520e6ade125f05624a0f34eeceb0964e3ec24092c001d495349ca82eb59858975d3ae621f9cba99f6bceba

/data/user/0/com.coolsnow.gif2video/databases/ua.db-journal

MD5 17e81d0f129b93f793a9900543d7270d
SHA1 f2eb595d813ef16d214b929333a474083e81f5ef
SHA256 cf90e4b86c8410bb77a694cea00a695bad1734d2cce4e7a2fec2df0ebc73dfcf
SHA512 aec6a1f1f7677a0e6d8ae4d6eeae0bfffc4402c3ac7c5d6200c1f44b84e40284834f80ee7c0804e0a40ad59789ce89377a1d786f507fd1a6157fc7533d6112b2

/data/user/0/com.coolsnow.gif2video/databases/ua.db

MD5 1b36ac4ecff189833c3c38d08c5b27d6
SHA1 01e475350fbae4a633f3411575b9db4169aa4534
SHA256 9a097f0b86e7cb21c0e7cd3fac32d32f7d92893307cb1cb26316a519ab3270a0
SHA512 187e08006cea4c71e017d864d34237ba9734792fcf1386baeeb15d1d2c2e77472baca03a66fea528564c337e43ab37322215df136cfaa7b091abdb593617cdfa