Malware Analysis Report

2024-07-28 12:05

Sample ID 240611-t5l24stcrb
Target 9ed620e2c9c7eff79a4cd0682e66c000_JaffaCakes118
SHA256 a81233ada65412d9800f95c21b2ffaadb8d51781c8dea9e63c7a4d8413003985
Tags
evasion banker discovery collection credential_access impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

a81233ada65412d9800f95c21b2ffaadb8d51781c8dea9e63c7a4d8413003985

Threat Level: Likely malicious

The file 9ed620e2c9c7eff79a4cd0682e66c000_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

evasion banker discovery collection credential_access impact

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Requests cell location

Requests dangerous framework permissions

Legitimate hosting services abused for malware hosting/C2

Reads information about phone network operator.

Queries information about active data network

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 16:38

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 16:38

Reported

2024-06-11 16:42

Platform

android-x86-arm-20240611-en

Max time kernel

2s

Max time network

131s

Command Line

com.android.vending.billing.InAppBillingService.COIN

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Processes

com.android.vending.billing.InAppBillingService.COIN

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

/data/data/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal

MD5 6d0ece1c630a092219990ca0cee6514b
SHA1 e1aa18d49ef2d38759fca35e7827bdced3b8ee10
SHA256 b7c109267ff1c35f63112be33651c98ad60f386e05c98e3b5837963b8a86c1e6
SHA512 4657fefc8c3758d18eacabae946a1705d3d943666862077e739637f5d52890c79901023f80fd0d60340174bb1e8697b4e9352ebc3b9f85974068264bdd32d581

/data/data/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-wal

MD5 dd7a22fa03d36f2c49e7e4d7b84ff233
SHA1 85e23242876a9597498c9efbe665eaa85caf3e26
SHA256 8b49ae0b9f776ee03961f7ad3f34c3f558cd5e45ffc3a1d15329913111bea6b0
SHA512 8ff3e67598c5d7cf0990cbfd331858321abe05ae43a5391b97ee7a7b4d56d50fa29681fdaa26ccdd5f5247c6c5fc47fa0c96c69077734e96ffeb44d0521e68c0

/storage/emulated/0/Android/data/com.android.vending.billing.InAppBillingService.COIN/files/LuckyPatcher/AdsBlockList.txt

MD5 50dcd85ef074fb8121f155bc19b3c7f6
SHA1 c45c2b45cf49fabbeb7d3f12328e57d531a75f37
SHA256 02d3782e856f4d3bbacc764cfcd1fd4b9d50492b5ef93f24e8811a6a494df48d
SHA512 118c0f05b6342b52c0671cc1ba52f6df977a39835cd03f5e6d2a015a572a11c3f7eebd23a9c0a209497631296d07250416c28b9b21f91448d2970efc010a4dee

/storage/emulated/0/Android/data/com.android.vending.billing.InAppBillingService.COIN/files/LuckyPatcher/AdsBlockList_user_edit.txt

MD5 302f7b6d9a4ffeccdda9ef94184c8326
SHA1 d4038ca0629f57b7e5c4056e74a395e5598aa16a
SHA256 5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe
SHA512 299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 16:38

Reported

2024-06-11 16:42

Platform

android-x64-20240611-en

Max time kernel

5s

Max time network

133s

Command Line

com.android.vending.billing.InAppBillingService.COIN

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Processes

com.android.vending.billing.InAppBillingService.COIN

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp

Files

/storage/emulated/0/Android/data/com.android.vending.billing.InAppBillingService.COIN/files/LuckyPatcher/AdsBlockList.txt

MD5 50dcd85ef074fb8121f155bc19b3c7f6
SHA1 c45c2b45cf49fabbeb7d3f12328e57d531a75f37
SHA256 02d3782e856f4d3bbacc764cfcd1fd4b9d50492b5ef93f24e8811a6a494df48d
SHA512 118c0f05b6342b52c0671cc1ba52f6df977a39835cd03f5e6d2a015a572a11c3f7eebd23a9c0a209497631296d07250416c28b9b21f91448d2970efc010a4dee

/storage/emulated/0/Android/data/com.android.vending.billing.InAppBillingService.COIN/files/LuckyPatcher/AdsBlockList_user_edit.txt

MD5 302f7b6d9a4ffeccdda9ef94184c8326
SHA1 d4038ca0629f57b7e5c4056e74a395e5598aa16a
SHA256 5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe
SHA512 299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

/data/data/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal

MD5 1d2449e99c44f3904e5536a5fba35d3e
SHA1 91b1b8bb47f87d3f1722dee5efb7b83978651106
SHA256 85c63b1f5ec998911ee05b99754cd6866bc3bba414963089cae71457ccdba55c
SHA512 06372a50f0b3a2651ebc748f036bc24389771daca8b173cc501f1c1598653873d5a256d0b9cea000948b42ca7f2c606b7181c1dde3fc9b6dc0dec1d190cd6467

/data/data/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB

MD5 6f28d6f6ad39d268e51eece911221efd
SHA1 f1b12348425c55d3b2745d8d5b4999a80a87b176
SHA256 edf5927a66ca3c1a69b1f06ac09bfad2d0992923f5c75cd783f575d18c72db9a
SHA512 c289e57f5455fbe108bf65c5a09f4a369ea74e129b951e23f9d61b2d70c017b6dd5c8679169d6d0b488d2211e7bd21f8e8e0d162184cf139ddc2d69d40759472

/data/data/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal

MD5 5d55f52d0e251d474a068c3aa36c7022
SHA1 4b562141f133bf0f2dd45003f9bcedfe8063252b
SHA256 9704b67f342d65ab2c96f7ce5d967888f3b6875b83ccfed8a3a6f2ec9f2c9a50
SHA512 d1eef2a3dfd6525070214b0339e27b91e412d62e4946dc9ffba1d59933ba4ad728c9004dd47fa9c64b6e98bd8d51608a02647f9b17ff1d10303dc2bb388828bd

/data/data/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal

MD5 c598fa6eec442aee273c07cb86aa3d2d
SHA1 07add93b257793520e13b211c53d4c4014fe3f6c
SHA256 5c0ac061f8ef2b6ca12c23aa5ea6a4bd83a7a570c0c59d6d645786f66f4a4c88
SHA512 2112e959ef750dea98b52f1e0a2724f38d5da0097139bc385054e2b4d301193c995f4129e6a158160b7d35a2b2355c375bdc84d9c32a11662f892e935030884a

/data/data/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal

MD5 ec714004f869f1184ae66a12b28bc030
SHA1 b9a7c3adf6d6451a75caecb8c87e4e1e102ec1dd
SHA256 243f96d4e7f01c92cb464f46b0c38334320e43ba0920a15e39f38ded0916039f
SHA512 d8d6ceaf2324f4d4901bdfdec63ac43a01fc99f7b34d5e27feaf2788bbdf5de5e93f146ff9f2c40d5e2cf43c1dac9928af6a56843b104c1792c337cfe8adab27

/data/data/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal

MD5 ff3178f185a37287caa669899d2b5dad
SHA1 08fcbec41c63282b70e211276fce03354e9c13ee
SHA256 668d1641f2395a860d9455554397379cfd808c9704f59cb07677271687ccb7a5
SHA512 53a6b41f5a0e31ee7384ef9b8a0e49d35439114d5ce1bec47affc1835aae5b4cfdfc0ab016e6f6351fadd48e01f796706f3b33f944192c2cdb58b0407b52d508

/data/data/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal

MD5 5a927d350d41ad1cbe2f4eafd4772292
SHA1 e0a7cb14f5917c9666e86cdec0775090f4d766ce
SHA256 48fe939da6355d48385fd3b0265f03eddd6d569ee2e6258d72da38b425982cd5
SHA512 12897ff00509b6c64d3bcbb5da953ceb37dd77d1c90a156fe85f9b89c84c2f57673782aedb68cee2e8175385f4e8c0dd63e01175f5a6648baf207d0aa7111f14

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 16:38

Reported

2024-06-11 16:41

Platform

android-x64-arm64-20240611-en

Max time kernel

87s

Max time network

177s

Command Line

com.android.vending.billing.InAppBillingService.COIN

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.vending.billing.InAppBillingService.COIN

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
GB 216.58.212.238:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
US 1.1.1.1:53 sites.google.com udp
GB 142.250.179.238:443 sites.google.com tcp
GB 142.250.179.238:443 sites.google.com tcp
GB 142.250.179.238:443 sites.google.com tcp
GB 142.250.179.238:443 sites.google.com tcp
GB 142.250.179.238:443 sites.google.com tcp
GB 142.250.179.238:443 sites.google.com tcp
US 1.1.1.1:53 chelpus.com udp
US 104.21.59.188:80 chelpus.com tcp
US 104.21.59.188:80 chelpus.com tcp
GB 142.250.179.238:443 sites.google.com tcp
GB 142.250.179.238:443 sites.google.com tcp
US 1.1.1.1:53 imp.startappservice.com udp
SG 168.138.188.189:443 imp.startappservice.com tcp
SG 168.138.188.189:443 imp.startappservice.com tcp
SG 168.138.188.189:443 imp.startappservice.com tcp
SG 168.138.188.189:443 imp.startappservice.com tcp
US 1.1.1.1:53 init.startappservice.com udp
SG 168.138.188.189:443 init.startappservice.com tcp
GB 142.250.179.238:443 sites.google.com tcp
US 1.1.1.1:53 req.startappservice.com udp
SG 168.138.175.122:443 init.startappservice.com tcp
SG 168.138.188.189:443 init.startappservice.com tcp
DE 132.145.224.90:443 req.startappservice.com tcp
SG 168.138.188.189:443 init.startappservice.com tcp
GB 142.250.179.238:443 sites.google.com tcp
SG 168.138.188.189:443 init.startappservice.com tcp
SG 168.138.179.114:443 init.startappservice.com tcp
SG 168.138.179.114:443 init.startappservice.com tcp
SG 168.138.179.114:443 init.startappservice.com tcp
GB 142.250.179.238:443 sites.google.com tcp
SG 168.138.179.114:443 init.startappservice.com tcp
SG 168.138.179.114:443 init.startappservice.com tcp
GB 142.250.179.238:443 sites.google.com tcp
SG 168.138.175.122:443 init.startappservice.com tcp
SG 168.138.175.122:443 init.startappservice.com tcp
SG 168.138.175.122:443 init.startappservice.com tcp
SG 168.138.175.122:443 init.startappservice.com tcp
SG 168.138.175.122:443 init.startappservice.com tcp
SG 168.138.175.122:443 init.startappservice.com tcp
SG 168.138.175.122:443 init.startappservice.com tcp
SG 168.138.188.189:443 init.startappservice.com tcp
SG 168.138.175.122:443 init.startappservice.com tcp
SG 168.138.175.122:443 init.startappservice.com tcp
SG 168.138.175.122:443 init.startappservice.com tcp
SG 168.138.188.189:443 init.startappservice.com tcp
DE 132.145.224.90:443 req.startappservice.com tcp
SG 168.138.175.122:443 init.startappservice.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
SG 168.138.175.122:443 init.startappservice.com tcp
SG 168.138.175.122:443 init.startappservice.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
SG 168.138.188.189:443 init.startappservice.com tcp
SG 168.138.175.122:443 init.startappservice.com tcp
SG 168.138.175.122:443 init.startappservice.com tcp
SG 168.138.175.122:443 init.startappservice.com tcp
SG 168.138.188.189:443 init.startappservice.com tcp
GB 142.250.180.3:443 tcp

Files

/data/user/0/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal

MD5 018fa8d377de706ed080ccda17077b1b
SHA1 708912d160baf654ddedbe97b696694fdd787586
SHA256 9cfaac6e53911251768f77725e493ece8c1096445d1f777e0766bcf868f98e8f
SHA512 ace4c80d6a0d9de3129af857e04c3c616794780896aa928d98bd1888c337e8301b55689c87ec58b4a6cd4874b2264c992c025683a72c4c70f3e0a81c65c14168

/data/user/0/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB

MD5 64057b4e9f4b3ca8009a0e6c52054c62
SHA1 e6685e9e781502e9e61f6cae0a40a21f9dc9da94
SHA256 d47a8ea5e6278b9819279b007e97710ccbb6e329c9bb0ad52bb631dc3b1f5bd3
SHA512 91d7412bcf14c690b73255989fc549f836ccdf8b83116dfe412b167d3f9307a5bd3d6a0353e4c95fb4c5493b02278889eeb7ae230b0a57956a2bd5b74ae80045

/storage/emulated/0/Android/data/com.android.vending.billing.InAppBillingService.COIN/files/LuckyPatcher/AdsBlockList.txt (deleted)

MD5 50dcd85ef074fb8121f155bc19b3c7f6
SHA1 c45c2b45cf49fabbeb7d3f12328e57d531a75f37
SHA256 02d3782e856f4d3bbacc764cfcd1fd4b9d50492b5ef93f24e8811a6a494df48d
SHA512 118c0f05b6342b52c0671cc1ba52f6df977a39835cd03f5e6d2a015a572a11c3f7eebd23a9c0a209497631296d07250416c28b9b21f91448d2970efc010a4dee

/storage/emulated/0/Android/data/com.android.vending.billing.InAppBillingService.COIN/files/LuckyPatcher/AdsBlockList_user_edit.txt (deleted)

MD5 302f7b6d9a4ffeccdda9ef94184c8326
SHA1 d4038ca0629f57b7e5c4056e74a395e5598aa16a
SHA256 5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe
SHA512 299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

/data/user/0/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal

MD5 4647422464371647d5cdafa3e1080be1
SHA1 89af2c83244457838ad4971f15a77389d5c4aad5
SHA256 dbf270be49193967b765c5170824ddb8e7aa204d1a30c14867262e3b1d57acbb
SHA512 aef71fd6da99f4c61e460f5e292dfa71bc59cc67686a9c0be6313f74f3b4a77848a321d5f0df097363f09e503d00070cc1a7210eada7ecc503904c33ebc19443

/data/user/0/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal

MD5 01e5c7e5d32218adcd8ca414e06f6913
SHA1 e1897bbf1c9e02766cfdb737434065df415f70d0
SHA256 990ef37a6e2d6abc801bf1b3f0935845df311019fbea1f5c4c04a8e35a3e283c
SHA512 f2a677174af40d41779569839f9a965eb9b64104a0af3fddea520f6c39a6879f7373e824c08823893b8dede5732b4bbdba2a3065571837d841676eaa0f921835

/data/user/0/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal

MD5 fe0bc615e6a16ce95d34bba2dcc7b201
SHA1 6ebd106a2269adbb2cd6bb9996f16b3aa830fbb8
SHA256 2cee9652eeda4a7a323965bcd224fd082a5239291cd659ddaa1e072c680de962
SHA512 c9310f53387a26847ac75929c978959453fc2a63de56803c301156b17ec431169ffca615bb8d7931395cc2220c77387ca6033c484878c29dc1048b11debfa92c

/data/data/com.android.vending.billing.InAppBillingService.COIN/lp/lp_utils

MD5 d806ad8bf2d114c3c2a929777a1586e2
SHA1 282d137a000ddb7275c1b70eed49c555d01efb24
SHA256 716fb9b508fca7565f530bf1577ceff1122248a7df9d3a11e2220a45ed77f587
SHA512 5cf3f28a99b35089ea0a98381694212854c29090078cf4afd1e404b0975acceccd1ea1ddfa926005a6b0ec9979e4f0e5683baa75ac209deefe7fcce5cf758003

/data/user/0/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal

MD5 8760e4a665acce95a1179a54758dd270
SHA1 020b4d6b3ddbc0e2483a7e20f68ab99855564659
SHA256 19c4a49c9a80517b5f9e7ef6a391ba7c1eee7d5e0a5123637183f9f0679c9ee7
SHA512 7acbf9afaba55ffc659f29f68ec250fd7e9849b09aec69df2159e680060234576c726761c5d4e0555b032243bbb46a5e69c03cf657c2a9ee1fbdefdab2b4bede

/data/data/com.android.vending.billing.InAppBillingService.COIN/lp/xposed

MD5 b668e60ffaeb51e47b00e302b2a19209
SHA1 50e94e34b64cd625230724c17cc4bae9d26b7aab
SHA256 b024e9b44b18afcd7e405bf94a542019c4b6ca3c048a6a4f7d72247ef3bb4c02
SHA512 f4c6a60ecb2b32abd7120b109f3ece20900f692cf5f4cfd68ac4b406a6ee81b03fe61b594490ed144ad9e323f64e7cdb005f1b446a1cec5566e129d5272ef3f0

/data/user/0/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal

MD5 78e40999d55ea73cac851f1d455a91ff
SHA1 24de15d9b3b07a0f4b72b5afcb737a25631357e7
SHA256 46329f2f84f51147ba41c707021036f4eb69395e3c6d3575849819ca3d581a75
SHA512 e93293679a05bf5e97c6fc3904baac4109fe27903df3ab35d3d209587686f4ddf442217f1ca4683a8e93a2fc9dbc22edc5600f96c1f22182db03e3b547ca1049

/data/user/0/com.android.vending.billing.InAppBillingService.COIN/files/shared_prefs_sdk_ad_prefs

MD5 5f1a61cd768d1d0d2ba1f41af39ed1d6
SHA1 e9efaab032c07d485ba10b77448eb05eafb5a8ce
SHA256 323711ea097e99a032b55fd7c52e319f64c28762778f63760046ba3f368bc082
SHA512 2a89c90459c010d2e0a943bc5fd085d0472d9c167e827dc7d25843b66a88e284330827767c4978a96ac3c763fa18242bb225590973fe0ca2fd321d28b04e4d12

/storage/emulated/0/Android/data/com.android.vending.billing.InAppBillingService.COIN/files/LuckyPatcher/Changes/changelog.txt

MD5 b0908140975d51549d437a7712975674
SHA1 297d9d15014ea8ba5c173466eed55ebbf3cf39dc
SHA256 0cdd78e3c4b482e79d857811e7108ed2b447bf4f9daa892ed1afb566af88ec12
SHA512 fe6465aa08225d92db7a12b331c7b36faf2abfe48c1ffbca22d4035179e149f492d6c801af7f78e7ff31ad99bd5e2a2260e62070cf415db35bf83f3968d95b97