Malware Analysis Report

2024-09-09 16:16

Sample ID 240612-sk47hstcll
Target a11bca6812b5f1397eea02a1d139f9ab_JaffaCakes118
SHA256 ba4f4003d7878473620b70de963611e48e6738002c8e780aa3c49487375d86b0
Tags
collection credential_access discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ba4f4003d7878473620b70de963611e48e6738002c8e780aa3c49487375d86b0

Threat Level: Likely malicious

The file a11bca6812b5f1397eea02a1d139f9ab_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection credential_access discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 15:12

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 15:11

Reported

2024-06-12 15:15

Platform

android-x64-arm64-20240611.1-en

Max time kernel

11s

Max time network

133s

Command Line

com.lhgame.apps

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.lhgame.apps/.jiagu/classes.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.lhgame.apps

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 storage.dizhan666.cn udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 cgi.connect.qq.com udp
HK 43.154.252.110:80 cgi.connect.qq.com tcp
HK 43.154.252.110:443 cgi.connect.qq.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.zuhaowan.com udp
CN 39.105.138.72:443 www.zuhaowan.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/com.lhgame.apps/.jiagu/libjiagu.so

MD5 de685970891708f6edfd18f03c6557ba
SHA1 ac50f88327652a72df73d43e9260faf169283c34
SHA256 b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e
SHA512 cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

/data/user/0/com.lhgame.apps/.jiagu/libjiagu_64.so

MD5 f3f377aff0413b6667306b3ad51a032e
SHA1 0e03658be45eb84be83a147329b82885da1b4702
SHA256 78bf69f4b3eea98355f96ae381547380263beb136fe29d630e2e3216780fdac8
SHA512 a23a89fb8721736f4c82f779f515fc2f702c0d98d696911802d57600ba4066762ade878535abdff7ba529e167d035f7b97e829dc3e1b7d04825b00d31f7d3b0b

/data/user/0/com.lhgame.apps/.jiagu/classes.dex

MD5 87656496e0d7ad522764ec6ed07c8535
SHA1 96abde097510851108f4ac7811b0ad9f028d1437
SHA256 91d6b85f0bae0ac37e330e1abec3d26238f12140fbe567dfb8794fc775086c17
SHA512 d36d579868d541c7148febe8f9f1f5fd36c70a6c390312bf4ff994395802d617d1be928930d8a5a125e8a915ace6ba2ab0a410887adafd66350798091046f294

/data/user/0/com.lhgame.apps/files/.jglogs/.jg.ri

MD5 23ea1ff193bd799b1ea0be7bae2c4aa2
SHA1 40a0a96d8fa0e73effcf3836b53e897ac38b1548
SHA256 5aad89b6961a0e6ee313e8be13938a168f56f38b61dea21d6414c5e4d98384f9
SHA512 8fee860db59b9aa67760a4f1a8756e5249a4ca2146efe104516a5b1cf2c234d9b90fb2e331069e037a0a57dda9fe0eaabcca898da2fba431b1c2b38ecb51d88d

/data/user/0/com.lhgame.apps/files/.jglogs/.jg.ri

MD5 5bf3910f8b986776a3807d1c34715149
SHA1 4a7dcd80b8607ae2b4bccd4c8d34e3f37a5922f1
SHA256 5bc9a970553fe761121c8b086eec220489ea8e12d7d21c870f89e50de2b8a225
SHA512 efed850ab7c1a56b86587cbdc57bf56a9f5ce138029971551f75a4f694391c1040ba736b2d22c75632adb49376f24751e46d9a07e1b75c85c9c9ed058cc11ab4

/data/user/0/com.lhgame.apps/files/.jiagu.lock

MD5 b866a9652ff185fb1d0568298998b9a2
SHA1 689795ea30a4d1abe8aa4c5b894b394898e3109f
SHA256 4c2288fbb1f09b6f2ea749ea1295ae12a67534dadee173904188984ca0ef3476
SHA512 563df6ebb82f2915438e470945123457f5dab07bb732461d2b3abd4af93a0647e6f56fa77f28b9aea38caf0398d52854d0779ee0f3b6b25e4e87339683628e95

/data/user/0/com.lhgame.apps/files/.jglogs/.jg.rd

MD5 b485d0533c5bd6f51377a513514256fc
SHA1 f159c5f4b95b56a5853e17b428ebaadc89c614ae
SHA256 e9d48f3fb5eaf2ebeacbe17180f8e61c19e38a20bf1208823e2f6ed6c3d37998
SHA512 85fe29f8c5c4910e81363cdded2972d667629e309bf04fe471bff6d5aba39091784820534903d953969721c99c1815dc77211ffaa15f4f8ade50de1b0cae060a

/data/user/0/com.lhgame.apps/files/.jglogs/.jg.store.report_pid

MD5 8f7d96a9dd3b52f955206042be5c63c4
SHA1 be6f193487dfbf13b759e58f957a27df6e59558a
SHA256 f80d89bf0f356f5546e8b83d820a8d2da9db64b1876c9a0dbc746eceec40688a
SHA512 2d282234f4fd09fd21e5576dd51ebc65c83fc619ae194db97395ab38139d20c610dd3d125c02dd3b2d07bb66e6eb9d72754e2760f15666fd7d394e7fd45b708d

/data/user/0/com.lhgame.apps/files/.jglogs/.jg.pk.h

MD5 d52fb17f4f67903874ee16b8a8a42897
SHA1 cd2ca4d997185a8d3d0c404c9a9faa2b84d9d4a7
SHA256 5ccb856a71f0c19b4dcafa4586a5f48a539c222dbd3b1c796bec6301e291603a
SHA512 5c37c64c6382603daaaa134d16133913a80529d17d2ade6c56f3fc760d23dfdd6b48bb50d39b538cd89c7fc5e198143eb4f5d479e76cd2af48484da4e3a818ca

/data/user/0/com.lhgame.apps/files/.jglogs/.jg.pk

MD5 2262cdd6965daea0de13fae80c4b7a47
SHA1 b4e8f28f4b494e93255f35ca5bc99d952c3f0adf
SHA256 8276e27f3479922c5f5bf8179b30c22cf4b8362b376c00e658627f25085dadf7
SHA512 5d57012cef45f97f6d9803a710926279c96c17539e3a0da0c5869d09e08535ba86923aac22054015c8a8d7130e3e98e7574bb89f86c824ea0dd5bfeefbb36471

/data/user/0/com.lhgame.apps/files/.jglogs/.jg.ac

MD5 fad84578e6b9bbb9ea81375af5372331
SHA1 eabfd871937e2824cefd62223e8f72b5e41ecc28
SHA256 45165e7469c775e064178330b653deea83324a18fb5a5358b3153ddc6b172ec6
SHA512 131a787bf178d4e785cd2313c070005d839a21b703d9ee52842c1210bd92e75d134892741126413f266e515b0a8ba0249ac6b0f9719d22c37236216231e0569f

/data/user/0/com.lhgame.apps/files/.jglogs/.jg.ic

MD5 56d591a798c9698cdbbea7b45e4fedee
SHA1 412a4dc533e4ce0791f2d9197bdbe7677fa45bb1
SHA256 8035f2f26fb5c0f8d3af5a1727dfd435b830655feb3a24562539afc2c1d69821
SHA512 e268269b25d83319c1c66e87d9b0ea1c98ecb83627790f94b75edbd64b8a083106cbed6b75df03b004ec7275d1b862677a60f93cf073419964e0cb045433a7b5

/data/user/0/com.lhgame.apps/files/.jglogs/.jg.store.report_cf

MD5 8f8af63c3ed6ede622cdafdb5347ef7c
SHA1 15ed29ef7e0090335cdf8d30f792d6c99ff00cfa
SHA256 92b28a9216f60abedfbbd278ab2ded803b30ddbdf6a5a0d3670455379bb2193c
SHA512 f901032202fb75b8b5732cb6fcfb6005e5698c233fcd76d1d41eb0335948c9db21e22e8477b2abd5bf4c57c28ff7a704ccfb69ebcdf63ed75a62d353a5351926

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 15:11

Reported

2024-06-12 15:15

Platform

android-x86-arm-20240611.1-en

Max time kernel

6s

Max time network

131s

Command Line

com.lhgame.apps

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.lhgame.apps/.jiagu/classes.dex N/A N/A
N/A /data/data/com.lhgame.apps/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.lhgame.apps/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.lhgame.apps/.jiagu/tmp.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.lhgame.apps

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.lhgame.apps/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.lhgame.apps/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.lhgame.apps/.jiagu/libjiagu.so

MD5 de685970891708f6edfd18f03c6557ba
SHA1 ac50f88327652a72df73d43e9260faf169283c34
SHA256 b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e
SHA512 cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

/data/data/com.lhgame.apps/.jiagu/classes.dex

MD5 87656496e0d7ad522764ec6ed07c8535
SHA1 96abde097510851108f4ac7811b0ad9f028d1437
SHA256 91d6b85f0bae0ac37e330e1abec3d26238f12140fbe567dfb8794fc775086c17
SHA512 d36d579868d541c7148febe8f9f1f5fd36c70a6c390312bf4ff994395802d617d1be928930d8a5a125e8a915ace6ba2ab0a410887adafd66350798091046f294

/data/data/com.lhgame.apps/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.lhgame.apps/files/.jglogs/.jg.ri

MD5 ce2824394a6684e3df5e25a1d4a1675a
SHA1 ae986ca50d5a14bb3e8f8b6dfc2f5886985b1bb5
SHA256 f90cd9087b49fbc739f398df5f4092d69b6103afec0ddf167b0cdd416b23414a
SHA512 766df184abcfbfd5f7a0558175e580cdc27ba140d945c4713f4900b49978642601a02025dafebbbf605e4becb5338601c57761a7473aaa820a8a86b23c246e4d

/data/data/com.lhgame.apps/files/.jglogs/.jg.ri

MD5 dee4ef33c0131c2138103894d6bf1f4f
SHA1 5a5b464b11c735ba28d1bf60c8e1da87ac2a55ce
SHA256 f976a1dc47e0c31c94b5bffb56a7066e3ef50964a57878b9af516210f7cafbb8
SHA512 14c09ed0d1524c8e222d85401afc575a369c6c451b827ff8ef981089952b9ef7ede6887137a6f0b6a987188b2e2f340fd00e8ed5f1334ebb7c893c3008bc7730

/data/data/com.lhgame.apps/files/.jiagu.lock

MD5 77d82bdf199e622f773bd1923aa7fa61
SHA1 f7f4f1db6ee7064d0c0d90c9c710d38840b9b5df
SHA256 c5461bc2c20c44140fdbb62a3e503cfaef0fa9476735b6a9599b3ef725e38912
SHA512 4bb10775bf9f5649dd81e51eaf30c4d5a0592825e54610c2adfe2f85f37a9f23f4b3f326d3f4c94e8748298f5c69f7650d1e7e32a6e899073a5267fb5f383b0a

/data/data/com.lhgame.apps/files/.jglogs/.jg.rd

MD5 b485d0533c5bd6f51377a513514256fc
SHA1 f159c5f4b95b56a5853e17b428ebaadc89c614ae
SHA256 e9d48f3fb5eaf2ebeacbe17180f8e61c19e38a20bf1208823e2f6ed6c3d37998
SHA512 85fe29f8c5c4910e81363cdded2972d667629e309bf04fe471bff6d5aba39091784820534903d953969721c99c1815dc77211ffaa15f4f8ade50de1b0cae060a

/data/data/com.lhgame.apps/files/.jglogs/.jg.store.report_cf

MD5 908b0af8605ac9c80d82507bc151676e
SHA1 1335a36a7b6ec2f0cb309b61174fd9ab8c863caa
SHA256 1888f06d1de8d59d30ba0bf477b4c12d0f72b6940ee6ad49bfe7437a0626a4f1
SHA512 9cc8ea3e508ecf951091e9649f6a6f34a14688e7221c4be96f7d227108a9c26b138083c3d911b62e9cd7f7afb54004d1ff5150c49069bdf837fa99ad7afda305

/data/data/com.lhgame.apps/files/.jglogs/.jg.store.report_pid

MD5 8f7d96a9dd3b52f955206042be5c63c4
SHA1 be6f193487dfbf13b759e58f957a27df6e59558a
SHA256 f80d89bf0f356f5546e8b83d820a8d2da9db64b1876c9a0dbc746eceec40688a
SHA512 2d282234f4fd09fd21e5576dd51ebc65c83fc619ae194db97395ab38139d20c610dd3d125c02dd3b2d07bb66e6eb9d72754e2760f15666fd7d394e7fd45b708d

/data/data/com.lhgame.apps/files/.jglogs/.jg.ri

MD5 88e499f9460f16b9d921f95ba88dd680
SHA1 45ce7c732220370bc13ff562ac48cfd8f3a1bb15
SHA256 511707e3b312f21654bc293236c1699c9adab8f460b72529e9083bd8df18d75d
SHA512 60d33ba236f1171ade87bce8e40ed82246276aea2b6684ac643658fb6763e90330035dc6f9816a2375e35119fa3a4ebd3192d2561bfb1d8d180c0c17ca54491d

/data/data/com.lhgame.apps/files/.jglogs/.jg.pk.h

MD5 d52fb17f4f67903874ee16b8a8a42897
SHA1 cd2ca4d997185a8d3d0c404c9a9faa2b84d9d4a7
SHA256 5ccb856a71f0c19b4dcafa4586a5f48a539c222dbd3b1c796bec6301e291603a
SHA512 5c37c64c6382603daaaa134d16133913a80529d17d2ade6c56f3fc760d23dfdd6b48bb50d39b538cd89c7fc5e198143eb4f5d479e76cd2af48484da4e3a818ca

/data/data/com.lhgame.apps/files/.jglogs/.jg.pk

MD5 2262cdd6965daea0de13fae80c4b7a47
SHA1 b4e8f28f4b494e93255f35ca5bc99d952c3f0adf
SHA256 8276e27f3479922c5f5bf8179b30c22cf4b8362b376c00e658627f25085dadf7
SHA512 5d57012cef45f97f6d9803a710926279c96c17539e3a0da0c5869d09e08535ba86923aac22054015c8a8d7130e3e98e7574bb89f86c824ea0dd5bfeefbb36471

/data/data/com.lhgame.apps/files/.jglogs/.jg.ac

MD5 fad84578e6b9bbb9ea81375af5372331
SHA1 eabfd871937e2824cefd62223e8f72b5e41ecc28
SHA256 45165e7469c775e064178330b653deea83324a18fb5a5358b3153ddc6b172ec6
SHA512 131a787bf178d4e785cd2313c070005d839a21b703d9ee52842c1210bd92e75d134892741126413f266e515b0a8ba0249ac6b0f9719d22c37236216231e0569f

/data/data/com.lhgame.apps/files/.jglogs/.jg.ic

MD5 56d591a798c9698cdbbea7b45e4fedee
SHA1 412a4dc533e4ce0791f2d9197bdbe7677fa45bb1
SHA256 8035f2f26fb5c0f8d3af5a1727dfd435b830655feb3a24562539afc2c1d69821
SHA512 e268269b25d83319c1c66e87d9b0ea1c98ecb83627790f94b75edbd64b8a083106cbed6b75df03b004ec7275d1b862677a60f93cf073419964e0cb045433a7b5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 15:11

Reported

2024-06-12 15:15

Platform

android-x64-20240611.1-en

Max time kernel

6s

Max time network

186s

Command Line

com.lhgame.apps

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.lhgame.apps/.jiagu/classes.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.lhgame.apps

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.194:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/data/com.lhgame.apps/.jiagu/libjiagu.so

MD5 de685970891708f6edfd18f03c6557ba
SHA1 ac50f88327652a72df73d43e9260faf169283c34
SHA256 b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e
SHA512 cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

/data/data/com.lhgame.apps/.jiagu/libjiagu_64.so

MD5 f3f377aff0413b6667306b3ad51a032e
SHA1 0e03658be45eb84be83a147329b82885da1b4702
SHA256 78bf69f4b3eea98355f96ae381547380263beb136fe29d630e2e3216780fdac8
SHA512 a23a89fb8721736f4c82f779f515fc2f702c0d98d696911802d57600ba4066762ade878535abdff7ba529e167d035f7b97e829dc3e1b7d04825b00d31f7d3b0b

/data/data/com.lhgame.apps/.jiagu/classes.dex

MD5 87656496e0d7ad522764ec6ed07c8535
SHA1 96abde097510851108f4ac7811b0ad9f028d1437
SHA256 91d6b85f0bae0ac37e330e1abec3d26238f12140fbe567dfb8794fc775086c17
SHA512 d36d579868d541c7148febe8f9f1f5fd36c70a6c390312bf4ff994395802d617d1be928930d8a5a125e8a915ace6ba2ab0a410887adafd66350798091046f294

/data/data/com.lhgame.apps/files/.jglogs/.jg.ri

MD5 ce2824394a6684e3df5e25a1d4a1675a
SHA1 ae986ca50d5a14bb3e8f8b6dfc2f5886985b1bb5
SHA256 f90cd9087b49fbc739f398df5f4092d69b6103afec0ddf167b0cdd416b23414a
SHA512 766df184abcfbfd5f7a0558175e580cdc27ba140d945c4713f4900b49978642601a02025dafebbbf605e4becb5338601c57761a7473aaa820a8a86b23c246e4d

/data/data/com.lhgame.apps/files/.jglogs/.jg.ri

MD5 b3f791d9e7d689cd455f1d5cd194ebfe
SHA1 89a51afbd33b988d579eb4d11d66359a43f5767a
SHA256 f2dba6088cdba761a2eaf22eb36ec603472a9ea34371b3bb0a41a386aa3f7a49
SHA512 0489c1f0a53f6031f956b5f6d6f7d8174a4eeb3320a6cb5307b7a8aa786e1554431662f067d1312ce09dc6ff644978138fef3228609f93f92afbc77f556571c2

/data/data/com.lhgame.apps/files/.jiagu.lock

MD5 ef8934ea731d7dc62cf5b7b6057d9e83
SHA1 8a9bbad1808c1dd5b2465540086031c6c104d0ac
SHA256 49cc4884f95ac88f8dd48392658b7a1d35176d340c6ed55ca7b9d1a2cb5c8dc0
SHA512 8c66f497135e8e211f87c0afd4b22ac9966f3a89df1c183903db1fc0f25ea38c1009a867e72389cce9df88dd74abfa8c33e37a7e52beb97bb8c42eda740677a1

/data/data/com.lhgame.apps/files/.jglogs/.jg.rd

MD5 b485d0533c5bd6f51377a513514256fc
SHA1 f159c5f4b95b56a5853e17b428ebaadc89c614ae
SHA256 e9d48f3fb5eaf2ebeacbe17180f8e61c19e38a20bf1208823e2f6ed6c3d37998
SHA512 85fe29f8c5c4910e81363cdded2972d667629e309bf04fe471bff6d5aba39091784820534903d953969721c99c1815dc77211ffaa15f4f8ade50de1b0cae060a

/data/data/com.lhgame.apps/files/.jglogs/.jg.store.report_pid

MD5 8f7d96a9dd3b52f955206042be5c63c4
SHA1 be6f193487dfbf13b759e58f957a27df6e59558a
SHA256 f80d89bf0f356f5546e8b83d820a8d2da9db64b1876c9a0dbc746eceec40688a
SHA512 2d282234f4fd09fd21e5576dd51ebc65c83fc619ae194db97395ab38139d20c610dd3d125c02dd3b2d07bb66e6eb9d72754e2760f15666fd7d394e7fd45b708d

/data/data/com.lhgame.apps/files/.jglogs/.jg.pk.h

MD5 db655a7d61e9fd36575110afb67d4edb
SHA1 a854462d8de925e0911e7808e4d6d8c52b5bb807
SHA256 f4c95cf411dac662ce0fdafcf44ef9b97f0538943d5a78d699a4681fa6fa0a68
SHA512 1ae6c22bdae2d91decd6ce927d28ae6b0632195e38dd1269feba3ffab8e4813c7de962e6fede9477115cbbda5cc65db4129a69ff95ab0615abbf654915cfae76

/data/data/com.lhgame.apps/files/.jglogs/.jg.pk

MD5 2262cdd6965daea0de13fae80c4b7a47
SHA1 b4e8f28f4b494e93255f35ca5bc99d952c3f0adf
SHA256 8276e27f3479922c5f5bf8179b30c22cf4b8362b376c00e658627f25085dadf7
SHA512 5d57012cef45f97f6d9803a710926279c96c17539e3a0da0c5869d09e08535ba86923aac22054015c8a8d7130e3e98e7574bb89f86c824ea0dd5bfeefbb36471

/data/data/com.lhgame.apps/files/.jglogs/.jg.ac

MD5 fad84578e6b9bbb9ea81375af5372331
SHA1 eabfd871937e2824cefd62223e8f72b5e41ecc28
SHA256 45165e7469c775e064178330b653deea83324a18fb5a5358b3153ddc6b172ec6
SHA512 131a787bf178d4e785cd2313c070005d839a21b703d9ee52842c1210bd92e75d134892741126413f266e515b0a8ba0249ac6b0f9719d22c37236216231e0569f

/data/data/com.lhgame.apps/files/.jglogs/.jg.ic

MD5 56d591a798c9698cdbbea7b45e4fedee
SHA1 412a4dc533e4ce0791f2d9197bdbe7677fa45bb1
SHA256 8035f2f26fb5c0f8d3af5a1727dfd435b830655feb3a24562539afc2c1d69821
SHA512 e268269b25d83319c1c66e87d9b0ea1c98ecb83627790f94b75edbd64b8a083106cbed6b75df03b004ec7275d1b862677a60f93cf073419964e0cb045433a7b5