Malware Analysis Report

2025-08-10 23:55

Sample ID 240517-txt3ragc7s
Target 5067e9f2c45670c1a206c42f51d8a27b_JaffaCakes118
SHA256 43947ef9505effdd3ca0e0236380feea7e4057cab0935dfb0a5c7284cd51cca9
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

43947ef9505effdd3ca0e0236380feea7e4057cab0935dfb0a5c7284cd51cca9

Threat Level: Likely malicious

The file 5067e9f2c45670c1a206c42f51d8a27b_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Requests cell location

Queries information about the current Wi-Fi connection

Queries information about the current nearby Wi-Fi networks

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about running processes on the device

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-17 16:26

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 16:26

Reported

2024-05-17 16:29

Platform

android-x86-arm-20240514-en

Max time kernel

174s

Max time network

185s

Command Line

com.xkwx.tbb

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.xkwx.tbb

com.xkwx.tbb:remote

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
CN 59.82.29.162:443 log.umsns.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 116.62.206.242:80 tcp
CN 116.62.206.242:80 tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 59.82.60.44:443 log.umsns.com tcp
CN 59.82.60.44:443 log.umsns.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 116.62.206.242:80 tcp
CN 116.62.206.242:80 tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
GB 216.58.204.78:443 tcp
GB 216.58.201.98:443 tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 116.62.206.242:80 tcp
CN 116.62.206.242:80 tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp

Files

/data/data/com.xkwx.tbb/databases/tbb.db-journal

MD5 995ed81aa055abe99df2719b4e57cad5
SHA1 54a87386f583877225348b2b8a4bb8da40525e9e
SHA256 11bbdf68ee94857d3c8d9756e380d0d04392f78e330acba35ba6b66f01f32923
SHA512 fe3693e92a8243284f0a4109b33da8adcb35c6992989484889f6c9e4f1336bc7bbc3b9730eff00dc2a108610d57cadb49a45c27562cb30a2c16872e949aa2a62

/data/data/com.xkwx.tbb/databases/tbb.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.xkwx.tbb/databases/tbb.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.xkwx.tbb/databases/tbb.db-wal

MD5 2994cf0458593983b01e4978fe0c3eae
SHA1 0b478b771a3fd78326405f2fc8cc574eca2ba8af
SHA256 80f935f957e9a0bb3dfcd5a7430b2f16ac408a2f67a739a9721857abecd8f083
SHA512 a2d901a9d220a6e12b83fe53bedb213c8fd16b382eae432359aa5deaf65e33f2180b5a916eb13a73dbd4b987f202296f32d5430b0e9d6bf7a09e96e3f25c1b66

/data/data/com.xkwx.tbb/files/libcuid.so

MD5 819e0f262769763d1918e56a7f170c6c
SHA1 c44c0a09cc88c44e1812525c01fac24d236ac486
SHA256 6bcff4c2600ba8d152bc26091877050e43e2b279fcdae1825287065f1239c5d5
SHA512 6589b10fbc2bc4807e347aae6b62c9bd02d6d1295bef7f55d92a91e92589ba129689ef7c3acfd5c01fbab42a10e9a674617fbfbb8b9e8a2806148669d443f17a

/storage/emulated/0/backups/.SystemConfig/.cuid2

MD5 af757be229945be283974841139afbae
SHA1 7effab66dfda5890e9c65b2538fb073a71502670
SHA256 9e63d4d76760ce8968ff4cd4ea3450981d377876b31a1c651b26cf4ab7282100
SHA512 e164c3f219121ec48481653693fff175db6ccdb5e9d66b63d4ddbb21d42069579837375ebf1c0525e697a7183bcb9a0b46a86707467269cbe5a55c7b7266bee2

/storage/emulated/0/backups/.SystemConfig/.cuid

MD5 0e6457808fd3c6414b0138b1976a2fc0
SHA1 75d8c79569af310c3d2e8ef6759516e5a19dd938
SHA256 2286ed539dcc81a8767befe61c9eec74c57369e27b4fe49af183fd3f947bfae3
SHA512 e2298299a585e1a4b245c5914a69343409c33f0ce5d83cf1a83f6b4f385488c9a6c02cb7ca717393754762d8ce0a66f831c148bcf6b82a628f5e82fb83290ab9

/data/data/com.xkwx.tbb/files/init_c1.pid

MD5 da7b48d13c1816116b283436582fe9d8
SHA1 e46698560e51201cbfccaa8f3409057230247c2f
SHA256 8c538bc5dda9eac914479be1cc55e5e43cf3d31d24cd241d388e3a69dd60b6ba
SHA512 c8e52dda98ab1b69fe07c1de5236a3688bf3ca29b5e2763d104bdec4e8cba30b8a45221d1afe16efa0e9e9ae92cd053096e4389bcf10629b888fceda8241e559

/data/data/com.xkwx.tbb/databases/pushsdk.db-journal

MD5 2f44e59b55d52fd742d7d90f5184dbdd
SHA1 345e8a072e318d9fadd7e6370dde99d9b4fe2bb0
SHA256 ed9172d419d239952284255ba1338d2a310f496aeed89740e70ce53e40c63714
SHA512 a09673f68a24f1b483f0ec42a61d129fcf6e677155f1f6b73f050fef61031cfbcb3b5c658bed3873c9ad39b793e643181776b67c50a0544eca72e38a4bf19165

/data/data/com.xkwx.tbb/databases/pushsdk.db-shm

MD5 3fa7e69b316b7ff11dacfa54cdea929b
SHA1 d8680edc2e89e50f0a358042c89dbac4280ebfee
SHA256 8bfb473a622f2b7a12b5a6865ea1cfa10955a764355b7b83a150342872391148
SHA512 1a3e5c0f65ac5f16ee6cbca6323fec460edece95d8840664d1af5781a2a241e1a63858a1c6cae1c1c687764da30d47fe1c05b5927e38812c375685a967deb8b0

/data/data/com.xkwx.tbb/databases/pushsdk.db-wal

MD5 c91c83c8d70422ea51590cb81bd1c7a3
SHA1 55900f414979bfc2d4245eaf56e09efcea366e1c
SHA256 1904a375a23f5f2f62593ebcabbbe369e5e279a15672183d1f0c443145b5ae89
SHA512 348d2b707f9e98d9213469583c020dad0ba8be6504cf4afcfef7ba8a9c279cd593c599d8f809990cb50c3f7261be2005ffb64c4f9bbfc5e5148bb88b67b157f8

/data/data/com.xkwx.tbb/files/init_c1.pid

MD5 fdc757211721769c51b0fdd51dfd40af
SHA1 3bdbf14f68440d1d3741b1cf241660f0db16cc85
SHA256 a95c941cb11d4b8b560d80a559e9890f8e4d9b88a389dbba3af5b3f10d99a224
SHA512 117f893ca3a3c0ce98f070424c46027335fb72a1989b158f486d40c564f08fcd42fa43ead9806c18b08c6f29b9c9c846e2820eb81039ed437d8df342078c7a46

/storage/emulated/0/libs/com.xkwx.tbb.bin

MD5 6281fa83e9facae1be37bf819422586f
SHA1 e2dacd05241f96ff3ca979b60b6701ad225292fc
SHA256 b6f673b7a71d25bd270eed8ac94a3b5ee426ecaaf6ef6ad2a8494b91962df51a
SHA512 c5e88a1abf4ad10d217a916357b8b0d12fc537f277ff19d371c84e906eaed727b5dd7a06efef08a5eccbb9fc8a87a326aba3df5149c9d19d662e2de50425c138

/storage/emulated/0/libs/com.xkwx.tbb.bin

MD5 1ae74b7d402e5c8420e655af3f3e98c8
SHA1 f6d712296b566b94e22146a38fa462eb2e5e1551
SHA256 5757284eab1a42c7e159269ffd0b39a110ddfc49bad287e41e08d6b4ed4a0150
SHA512 3ce98b1a2d35fbc38540486ae6b1044fea401a20286b9bd5c73ecf6992ff885dc4508a10629f690460b8d0022ea40ac271bacf244b820879ca7fc1fa99d11601

/storage/emulated/0/baidu/tempdata/yoh.dat

MD5 a936690571e9104e1922dda4a0ba5bd1
SHA1 65f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256 f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA512 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

/storage/emulated/0/baidu/tempdata/yoh.dat

MD5 1681ffc6e046c7af98c9e6c232a3fe0a
SHA1 d3399b7262fb56cb9ed053d68db9291c410839c4
SHA256 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA512 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-17 16:26

Reported

2024-05-17 16:30

Platform

android-x64-20240514-en

Max time kernel

176s

Max time network

191s

Command Line

com.xkwx.tbb

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.xkwx.tbb

com.xkwx.tbb:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.14:443 tcp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 log.umsns.com udp
US 1.1.1.1:53 api.map.baidu.com udp
CN 59.82.29.162:443 log.umsns.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
CN 59.82.29.162:443 log.umsns.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
CN 116.62.206.242:80 tcp
CN 116.62.206.242:80 tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
GB 216.58.212.194:443 tcp
GB 142.250.180.14:443 tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
GB 142.250.200.10:443 semanticlocation-pa.googleapis.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 116.62.206.242:80 tcp
CN 116.62.206.242:80 tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 116.62.206.242:80 tcp
CN 116.62.206.242:80 tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp

Files

/data/data/com.xkwx.tbb/databases/tbb.db-journal

MD5 585be6d905a279d71d222d6e01f2f1cc
SHA1 d2a2e7b1dc272541d0a8c64c06a4dfb9d9a75b03
SHA256 1bf71b4a905d956a2e7d12ed732344f998e5566e4cc837d96e3814d5187240f9
SHA512 c17f10575de3a389b32dbb25c489d95881905019f7e074ce478cb9d033147dcc03d265fd4430db38b7c2803a1d5505596ac7aab03c8ae92235086ef8d1d24ae8

/data/data/com.xkwx.tbb/databases/tbb.db

MD5 046efc522aa11b3226aadbbf0098fd05
SHA1 43adc74d64d07924b50b65463dabeb2c3125e9a6
SHA256 a576d56c4d8d88e2419ba3b290388c41b48374b0d6a7a12e0e9d5c7688b72dc2
SHA512 c4008d06e7f1fedc7e0709c3736620a42cf5daf2d1d8749b6452ae18b820a44317c3f296351caea25edf58fd5bfe5315c70629049efa087c7b9f172f3bac3e7a

/data/data/com.xkwx.tbb/databases/tbb.db-journal

MD5 3dd7760267aecec84568e3aec6631f86
SHA1 50de01088c4daf639940c17bda3fa7bcf551ae05
SHA256 1479859f7fe1a8623b3f5bdd61066fc4147248b4a05583885f914d11816f4d75
SHA512 884a95df9e7174300e217137c1469cf62dcd030eb72f991346d965a2b2884bc7268a1933fe2d925e4e8c273aea627276e79a5b4ecd7eda5c4aab913db3ae2bb2

/data/data/com.xkwx.tbb/databases/tbb.db-journal

MD5 dd3b95854dfe3e19933079fa273cd153
SHA1 0cabeeb749070a4b6fd8cd44cd22ee6fd6fd03f1
SHA256 793b960d34b425f9ff38c1db5172c47f25c2fe45da8aee24a4fce3ad894fd7ba
SHA512 6f7338a2b8755836a22a573c757ad8e3589370bad61faf63de7016aa1482f7c2ff6d09cd772b9927bffddd4f49c7fd4e1cc030201f1637d9f5e4af3702f2da5b

/data/data/com.xkwx.tbb/files/libcuid.so

MD5 25abb936c24ae3ee46e574e6ee84f6db
SHA1 3a84473be6bd2b83330479976b6ee83e2715828c
SHA256 c1e579d2489155b8d599f0fb02ad0db81f29e4eb51a4c32cb004710636ebafcf
SHA512 36e434cb8722516d25b06c2b35222500db40d49badf38839dcdbb372ef500f412f178ed15ccad7aa0e289a0ab406895d8185ab7a9b23d88c1ee7cfaa0f1db0ff

/storage/emulated/0/backups/.SystemConfig/.cuid2

MD5 43edc816f79ed8d5d21a636036abe6c2
SHA1 f496122b0e370c4c9b6824dba4e3677a0b17c09b
SHA256 3fda6b6e4b852d756f71568c3e881341478ca1cf403deb8cb04f9d0650e5e0d7
SHA512 8d505ccd7042b9c29cfd5f5d8e28f246a6c248007ab35cd8fdc46203dbee5b61adc730693431b644f71b032954a32d04fe736f7fb75057e909c424957a1c27bb

/data/data/com.xkwx.tbb/files/init_c1.pid

MD5 1e9a485817348bc13825af05106d5b1d
SHA1 aaa8361244e7864799ee39db563064e8c8232154
SHA256 c0f1be5b75d5a1623d86f9bb8621bc049472a9308cd39f72a6c3c8c1c24a365a
SHA512 cd72745f85ff42ea9e113f709ac433014d871c3d0649ffe1db374f2362cb60fe10edb396da1221ada1bbf9ff39efd841d3b423a0015a1da8fc1ed33cfa7e01fc

/data/data/com.xkwx.tbb/databases/pushsdk.db-journal

MD5 dbb3390041ecb78fd4add11fbd532c6e
SHA1 044975063db99f0f8f3766304132c341246f987e
SHA256 4232d9ec1d947f3e4029779f458d1f838711338bda474036f0606ac1bdec18ca
SHA512 cad0e87c5f7df6c0e569d937077ac96d76e473b818a946c547015d7f958d4245232032bfb779756c372009c7fc8c53e934a1135d5a8e89e1cedd9bceebe7d695

/data/data/com.xkwx.tbb/databases/pushsdk.db

MD5 306c02eab557c52a2126e3bb4b8ddc72
SHA1 32db3d3fe6c852d914193b6ba8e21daef47d8138
SHA256 dbb61e97543282aec5d689bd38f88d84d66626665558705de0ee3a4b4a45bc02
SHA512 2d645d1cd32877e754e20ad5cf1273262d39733b5456bec60e04fd4435ebd98714803d758e8a09c90f3afd724f45f5c0e50f3efb3b15cd39e0c8c6247e16cd1f

/data/data/com.xkwx.tbb/databases/pushsdk.db-journal

MD5 55be252b7e7c880d035e5690fa6c0f9c
SHA1 09a5d25050598c42c43a500c2c45c2dc84332ce4
SHA256 28e2f3fd6152529040163c1f67741b19663af8992565d7cd32f5ad6b11d7e637
SHA512 dffc51e629aeea9b2b04b18347ffb1d1a13013552de052304f82e87e54004eee905ec16b83742c752dd9727ad64809a07ac47d37b11f49eae927f9879b6dc942

/data/data/com.xkwx.tbb/databases/pushsdk.db-journal

MD5 fda7b6d11c2bf858809013137ba7d49b
SHA1 14fe448460ec5dca853466e21602e59c24c04390
SHA256 c49ed5dda2ed605fdd5989de81731558df49aa76a22eb868c6c6037601b9c9e1
SHA512 fba709e33d6677fdd7812209a7f39fa29e44b73e9c1c6e5cdbe4724e4ae1606e63f47ceb64af9fcf1904d076e35cee4096a63405574cbd2f13bfab2037a55149

/data/data/com.xkwx.tbb/databases/pushsdk.db-journal

MD5 35d370d5504e8fd2ccd367f2ca5dcccf
SHA1 6a6f7ce79f7ef6a0a4f72837bce3f7b54384b601
SHA256 8cba532a79d3f1b135d4d774b584c33ac5f676214ccd6fdd9c93ac55673a2cfb
SHA512 f82bbbbb7546d07690e864b56f22cb2b0c7c19be2df8c3fd8b727974eb505eef7c20fec8c40f618118ca5323b395bbdb2836f3ec5a740b4d232c13df7dfd0954

/data/data/com.xkwx.tbb/databases/pushsdk.db-journal

MD5 105c43c8b7f3dcbd36aaec8132430db3
SHA1 51d72087daf0a4fb6e27a09271c35d92c1879481
SHA256 2d1b9b8588d4e9ce256de2ef63b63f0599ce27c3968f367cd535cd4c2e50b7f7
SHA512 3c509ec9558503cdb93dd6010df061d5526b4eb140ba8c7f29d4def50e1c855249d74c2840977b6bfcb60aa760b74ba89deea5d314a65e7cc199d4610e710251

/data/data/com.xkwx.tbb/databases/pushsdk.db-journal

MD5 ef5d98fc3286b272945344861be63bf8
SHA1 e81083e1522cd0a38849485e690ff394bd6545f8
SHA256 587b47efee12c206589e2c414e0179dc29edb26da97001b5b712011424d31413
SHA512 eda0f30a269f4bd67e296c75cbf0499a49d643a89d8fb1c11c927a7a13c75213595e58ae0518d0cc95dc974dabe0068e6d4dc1d62ae6f394f5476a7d2254ab7f

/data/data/com.xkwx.tbb/files/init_c1.pid

MD5 4957f6b3286dcba490689fca422b1dc4
SHA1 6e946dab1e504d0a98f8d5c7f538da9664b66b81
SHA256 d9fa93f783daa9d4ac88b86579061d7cc9111fb0c374ad862e021ca2e7705805
SHA512 b88afaa95a77ba65621f342587406836ab40a1b60767cf9b315644b3a60432727796e29e9bae5735cbdfe86287cc3db2495c70c227b5fb3b658b5c9843aa8f51

/storage/emulated/0/libs/com.xkwx.tbb.bin

MD5 3d3961413615a348b39d1e4788ee0c5d
SHA1 4da3535c84df1dd732e5d6f51d68de1cbb20bda3
SHA256 5eb0a5f7decceedba3a1345d3091621259eddc435a7093f1872eb6452f5a31cc
SHA512 cf276b976aa517abb7f373c1efcc014cc91b7b42aac52df1213df9493375e012483d06729af2470ceb471a8b65f2e4e2e7bda3e46005ee06709e8e718518dd7a

/storage/emulated/0/libs/com.xkwx.tbb.bin

MD5 7683c3da10490c0e30738897397f98fe
SHA1 50e204beaa1331fca793fdaa70cb5565573b0300
SHA256 6db9dfaaf1a107a9d9e6ec781676198d15caccc0c42ef2969360923c677e8c65
SHA512 5ccec4bb0be2b9a998cdb5541f6aabcb9772af7e326dfb2e22bf3ce0721492d167d2b13186fec40355d2f34de5b54d135572159f041636d4db9f61446796e02c

/storage/emulated/0/baidu/tempdata/yom.dat

MD5 a936690571e9104e1922dda4a0ba5bd1
SHA1 65f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256 f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA512 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

/storage/emulated/0/baidu/tempdata/yom.dat

MD5 1681ffc6e046c7af98c9e6c232a3fe0a
SHA1 d3399b7262fb56cb9ed053d68db9291c410839c4
SHA256 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA512 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5