Malware Analysis Report

2025-01-19 06:55

Sample ID 240523-h5qjrahc8y
Target 6a2afdea243dadeb5be6909c47e412cf_JaffaCakes118
SHA256 6193c7904d1fa6e47a307f9fc0d94409db61a8205558ecf47450bb92b5f2e84c
Tags
discovery evasion impact persistence collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

6193c7904d1fa6e47a307f9fc0d94409db61a8205558ecf47450bb92b5f2e84c

Threat Level: Likely malicious

The file 6a2afdea243dadeb5be6909c47e412cf_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence collection credential_access

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Checks memory information

Queries information about running processes on the device

Checks known Qemu files.

Checks known Qemu pipes.

Checks CPU information

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Requests dangerous framework permissions

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-23 07:19

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-23 07:19

Reported

2024-05-23 07:22

Platform

android-x86-arm-20240514-en

Max time kernel

163s

Max time network

183s

Command Line

com.icloud.MASHNCCSC

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.icloud.MASHNCCSC

/system/bin/sh -c getprop

getprop

com.icloud.MASHNCCSC:pushcore

com.icloud.MASHNCCSC:multiprocess

/system/bin/sh -c getprop

getprop

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 ys.suiyi.fun udp
JP 52.193.29.181:80 ys.suiyi.fun tcp
JP 52.193.29.181:80 ys.suiyi.fun tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 www.51xiaocaimi.com udp
JP 52.193.29.181:80 ys.suiyi.fun tcp
JP 52.193.29.181:80 ys.suiyi.fun tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.187.202:443 safebrowsing.googleapis.com tcp
JP 52.193.29.181:80 ys.suiyi.fun tcp
JP 52.193.29.181:80 ys.suiyi.fun tcp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.107.80:80 log.tbs.qq.com tcp
HK 154.209.37.123:443 www.51xiaocaimi.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
JP 52.193.29.181:80 ys.suiyi.fun tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp

Files

/data/data/com.icloud.MASHNCCSC/app_tbs/core_private/download_upload

MD5 8ecd4e3d4a3470d477c44f63c1ee14a9
SHA1 1410ee9e6d33a274acaa196068515a92cecbd8cb
SHA256 ab3491f47bfc684841c653b7b5097adc8d92b319a758780fd6efd37128e91fca
SHA512 48501407d9c984d44027ed9bcb9f9570bfc88ee43d197b936a2f39ede0b17e8f384e7ee3e2d65bd008701780711da73cb0520adfb8ca328a2df75c38f367575c

/storage/emulated/0/Android/data/com.icloud.MASHNCCSC/files/tbslog/tbslog.txt

MD5 3e506c885910b0c1a1bf8475bc34eb8e
SHA1 4a0429b94a431ba6036db3ec042bf84d8dc7c403
SHA256 c25639800f4700b37cb7e0ce673f0c5ab57f1d6f7e7764891ab3dbb0d253f45c
SHA512 8fd5c50d64fb0f629844a674f88196b3f42c62b4a191fc8088da867e895b3512d6c194a515b616c3f0aba60e460c9dc0d4818e9b096b2b76a5e4df32258e374d

/data/data/com.icloud.MASHNCCSC/app_tbs/core_private/download_upload

MD5 ff4510684509ac628cc2e6eba198a0b7
SHA1 3dfe2d85143452667aab357c8b2883aea9597ed7
SHA256 05eababac2f483d903491ab9fa418d363bd985054d9d4cc19c99dea2a79f1456
SHA512 6dd3389961e183c7647a1dd7bacf529170b641b13071879c09f060d523149cb64142e0be664af99bb0c2ab40999824c32336b156e2de421d53115dafa3a7edf6

/data/data/com.icloud.MASHNCCSC/app_tbs/core_private/download_upload

MD5 6eaa3bed432bdd3b750a0f3fdc7e250e
SHA1 f0363b71a6c8beb2c4bfc1942b22ce5b6a1cdbaa
SHA256 5e2e9b38e289c2ca559e0d690b72a98e7575e463b51b0ff9e7f2d4bfbc06f39e
SHA512 b53ff0963431110c9a544edfa39b95f54ac1b3210e0c8d679ae7624acb3fb0d5f9aa3a55d3b0cc9a30beeebf7c368e602b3c476843822822b40492179c2a4124

/data/data/com.icloud.MASHNCCSC/app_crashrecord/1004

MD5 a30008b5f16dc0b29ebdab60bd0c24f5
SHA1 ba6309e0c9878f4ba165d24ebaaa659a50b40baf
SHA256 23a7970ec9e71185fcf264b6ba5ffc1b287d2f5121a521cae81e7a5164be451a
SHA512 ccf5e202bcaf6ba99b72f625678c8b7756f3ad3942c7c629905dd2d47ab26577d20330f9787a85a5c03eda6db51d72917aa83d4e6921ef9b7ef7f696e5c0935e

/data/data/com.icloud.MASHNCCSC/databases/bugly_db_-journal

MD5 c8cdd68d68eea5ad7343b20919c6a61e
SHA1 4e8f15005606d0c19dd287c0fccf2951b47a1fa2
SHA256 763ad26e79c73f39bf7c4104a07c333ec9e0fb17c9de8024c993b3f2004a6d58
SHA512 6e7692bd4ca1ad2921014ee724e2d41d4c4bf5fb36728b67aabd41bc9bbda3956f0b6078dbad9390ff58a21c71a51fe09a9710bbab90599840b42225f0e4afc0

/data/data/com.icloud.MASHNCCSC/databases/bugly_db_

MD5 52424946000465cd3f986f7c74b5f7a2
SHA1 e09df405069efa7be9364abc488eec546b8edf60
SHA256 c95bd304f778e4ba712f43a3debe7a90215148b89e403e9d9c400ed2fe858ea9
SHA512 c879827bd7a6b88f55b181a03095f041184da14bfb6756c29d71c23ad17a277c78b7d39655469558346ba587bbe272657c726cd70b29dfea20ae5269e72be311

/data/data/com.icloud.MASHNCCSC/databases/bugly_db_-shm

MD5 4e8994d4beda752e9d28c1d44f678185
SHA1 c358a00bc95882ef1d86ae8eceb90cc81a69ebae
SHA256 b8930c6adcfbcb867f6b5217c15eaa296c8f685e4273919b87994cc42a016611
SHA512 e19af09d8031e1a224e6da57bac1105a3987c59e06d9c81f8d6a1a18311b083fe525426cb96dc2f87632c8cbe3d18cd46e239bc7d548ada5126aeb0008ea0263

/data/data/com.icloud.MASHNCCSC/databases/bugly_db_-wal

MD5 e27db5860d7eaf035f241221c0b596f8
SHA1 2a37454515a6ccb95455b83de2129fe8885c356e
SHA256 582483b69c234bc28fec10c385b4f94b2a2ecf7d5d5daf262247a01428a1d905
SHA512 fd92fcb420405c347480a591970ac5194a9d91517ff9077dc398de99aacfeaddcfd0955abdf632d133a35a19ea02b71881723b56c42954d5efc29c942c8f70e5

/data/data/com.icloud.MASHNCCSC/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.icloud.MASHNCCSC/databases/ua.db-journal

MD5 e33f1262add94992f7cf824762a1f242
SHA1 3f2571d5d5bfce7a4e59771341108f5bf7822d33
SHA256 28df5ea5a2ffdb34e63d37457c07c7d2ee561150ee61e4f8c1fc229da02d3490
SHA512 164fd87441ea1790fde8f3de8b548cc7c228bd81e7fe624937407134853dc4865eb6e393de9e33fcb7ea05c91b93b85c769c641220226eb79acc07e0394c5bed

/data/data/com.icloud.MASHNCCSC/databases/ua.db

MD5 0adda9c85a5e4808f5b1b74c0a8591a5
SHA1 5048107883ab1e345af9cf2e6849ce46e0e612bf
SHA256 1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1
SHA512 646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

/data/data/com.icloud.MASHNCCSC/databases/ua.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.icloud.MASHNCCSC/databases/ua.db-wal

MD5 37680d22887e2e92f823ba326d5a867a
SHA1 477992fa94ec45eee92dfeadecc7e1503b454f2b
SHA256 2a85cde073a53fd97b0aad65006a3a64014c440f1877b60713f866ae77fa89eb
SHA512 d12e80a9b1f55b9bd9ea85e0323d9c6a29ec4e703f3b7d803b2bd2a94faa6331a8522118a68e4fc0281f7f3d17d3759a293664841e631000ceb2a721f74ff4d9

/storage/emulated/0/data/.push_deviceid

MD5 945cb8e78e05bf73328861b9fa94daa1
SHA1 84481194c0af0e57dda542f543a9fe17624011a3
SHA256 3ae8e1a3ca9cc531f4f53105d9ab2514ca91d9206e9a875d191236cda27bc814
SHA512 4dae7aed10139477418b4ae0c281432da8d9fc6fafddbf9def3dd4004ad25e649260f193fd1b9c2200e9735e59f8dd40ccd25af5d54173e04c61164775a6fcca

/data/data/com.icloud.MASHNCCSC/app_tbs/core_private/download_upload

MD5 8856e729cd10c7435267173d5ddac4ec
SHA1 24db4026de141ddda1f94428978887b459d64663
SHA256 e3145585752a7a938bbb0e70e734a80e2c7abe95a289e198030975dd15de4160
SHA512 1314cdeb164d88b15ee2bb56c64ddbb8e813cefa9aac55282400b6ed26b1234099805249c98041250e63bad3de5ed28b6acef037f6dd894e75597c0d15d2d4f8

/data/data/com.icloud.MASHNCCSC/app_tbs/core_private/download_upload

MD5 db8c65e76da1a86b9f077d582db33aa0
SHA1 71ec92d4ad57a2b27d1206cfde4ae82fc8f5ee76
SHA256 4854fb27b4161a6fa7b37de1d0450f305fc633a61029696be3add663bb33d7ae
SHA512 8fa139a5d2eef0fa484f2d95411fa3d9da84b430874dc9f25fa43c6242b215e2c52d81c266ad853685dbf81831a6379047083be7cd437dec620c4f36b4bce768

/data/data/com.icloud.MASHNCCSC/files/jpush_stat_history/active_user/nowrap/306d8e19-389f-4380-b4b0-b8ecba19830c

MD5 e6a3fa676730f9ba5e0af71122f8eec4
SHA1 e2c52de64e314d0746d3bb5854d7df51ddd1cb56
SHA256 fe9ba342ddf28edf6c798bc5aa9fdf771cad589fe729ff35098bef5a68dc2d10
SHA512 d0755c9d1f961018b5c44b4b1f4a3054e77cad7d47642c55528c8abf80923b65cff0d2f11e6a287746a45b05e0cb6a9dbebc5ae1ba4f947de95725481c9f4a55

/data/data/com.icloud.MASHNCCSC/app_crashrecord/1004

MD5 1a83801664a9e2222dd16fa99c59375b
SHA1 a0b7295b886de3c7edfd31dad7a185ec9dcfee6a
SHA256 ab29f5449e93c57f1819fc12a3bf3e220acc7993a1d389745d9e1502c3e33f33
SHA512 6aad6e34019b42660631c8574cd86d1a307d164768679c9c1792c008012e0b7e7b171f36395de3a11296215ca7cb4d41e92930787305f439f6bedc9776dd8e63

/data/data/com.icloud.MASHNCCSC/app_tbs/core_private/download_upload

MD5 172946487679711daec820eb24ab6c94
SHA1 dc795a24201f57343eff77dcfbaa365a97226dd0
SHA256 8990a1f96660df6089c6930ed64b802de217c90d13045c8773e011baaf8d5467
SHA512 af0266b7968add9c175065f33f2c7de0bf6b6313d72e692687a3a7ae5406a13a3f33b188ba46501ca044061aa716cb019086bbcda980645c4b9af0ed9d6b8eff

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-23 07:19

Reported

2024-05-23 07:22

Platform

android-33-x64-arm64-20240514-en

Max time kernel

170s

Max time network

187s

Command Line

com.icloud.MASHNCCSC

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /sbin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /system/xbin/su N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.icloud.MASHNCCSC

com.icloud.MASHNCCSC:pushcore

com.icloud.MASHNCCSC:multiprocess

Network

Country Destination Domain Proto
GB 216.58.201.100:443 udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 udp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.200.35:443 tcp
US 1.1.1.1:53 ys.suiyi.fun udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 www.51xiaocaimi.com udp
JP 52.193.29.181:80 ys.suiyi.fun tcp
JP 52.193.29.181:80 ys.suiyi.fun tcp
HK 154.209.37.123:443 www.51xiaocaimi.com tcp
JP 52.193.29.181:80 ys.suiyi.fun tcp
JP 52.193.29.181:80 ys.suiyi.fun tcp
JP 52.193.29.181:80 ys.suiyi.fun tcp
JP 52.193.29.181:80 ys.suiyi.fun tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
GB 142.250.187.227:443 tcp
US 162.159.61.3:443 udp
GB 142.250.187.227:443 udp
JP 52.193.29.181:80 ys.suiyi.fun tcp
US 1.1.1.1:53 log.tbs.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
HK 129.226.106.211:80 log.tbs.qq.com tcp
HK 129.226.106.211:80 log.tbs.qq.com tcp
GB 216.58.201.100:443 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com udp
GB 142.250.180.4:443 udp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.107.80:80 log.tbs.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 216.58.212.202:443 remoteprovisioning.googleapis.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp

Files

/data/user/0/com.icloud.MASHNCCSC/app_tbs/core_private/download_upload

MD5 1dc6badc0f630520bd2ce92539e01e0a
SHA1 5a2e6cc90576419f3e8f86049b403c107dd478f4
SHA256 dd0323f260c35d7ab5aea9b28c7c81e0efc7f6003ceae05c6593bc7c33b305c0
SHA512 927bba1972e58cac265e5e741fa4dd3600f1a1c6094326c5abb32e6ffe64fac76ad6d13cdf3ceba1063b6fb623823ce52d7c7d2597a2af0b3b688a355522b014

/storage/emulated/0/Android/data/com.icloud.MASHNCCSC/files/tbslog/tbslog.txt (deleted)

MD5 b3cef725c2e5483546dcf06f853555c3
SHA1 e97407fbd9efc5231c3b34fd4adde7db0dec30ea
SHA256 dc32374f63db657d6cab39a5abffdc676086c0ddc5e026edcb5a90362ddb7198
SHA512 ffeaa1347f4c4ecd9660e7f3c10f714f4d3eea251e4ba37fd89fa55b48f989810931626e00325e72d5e819cb10624e7c218988ae4abc7e9d8ae1ba79af79b7f4

/data/user/0/com.icloud.MASHNCCSC/app_tbs/core_private/download_upload

MD5 196c75cd709c924efefe4f91f50c79f6
SHA1 c8b1db2a6d051e615c58d98c046db4511fba74d6
SHA256 91710c634c0731dee7c1c89ed7730f8c983b48ea2a312e5f95539f4ee58173da
SHA512 ff3e32756e30596e1aa7d888e9a9a3ce4a38973ecd7f87102e3abe5b71cc953bba1337083296ffeef9bcb1bfb825a5ee08ef5fc720c3f3d8dc03b2aef82d1be4

/data/user/0/com.icloud.MASHNCCSC/app_tbs/core_private/download_upload

MD5 63c27da42d8eac90a1ba0a481349e50d
SHA1 bc2b1d6dcbb2d924fc014246efcfcc2bb0e49490
SHA256 f8e15b35aad8683ef71d491012dc4fa51b263cc9ce1108baf844230c0fd3dae5
SHA512 073aa14a056cbdb63cee89cfbd14df911d511853451b7f11c222c09fc5828897abf8892eac833760654746ac5de16f6ad18fe896b7e136da6a596a936c252eb6

/data/user/0/com.icloud.MASHNCCSC/app_crashrecord/1004

MD5 fefcdb700cc528daec77fb97d5132672
SHA1 42ee685c7fb52b9a5cbcb30f6808f775f106bd3f
SHA256 e21a71f11363d978d4f43df0e628f8b8eeb1224035188fff1bed81211ac8c468
SHA512 ef81a22f91bea9664f1e16759e7e0a431099273a170075882405aeb65e2a0b672286769dd6d67e6d930e5a9bdd35a2ef365819c70409bfa77d17521852099048

/data/user/0/com.icloud.MASHNCCSC/databases/bugly_db_-journal

MD5 9598dbc462da4f72c8e252d3d06af6fc
SHA1 bb3312f2870130b13ec3f575bae1c825a1ec5077
SHA256 da06d251ba1b43201b1c23287a37ba4aed7659003c7e43fe6ee650fdfa8bcca8
SHA512 47e2e9ca929357042b6c3d54077e201502b1843304b9c8ecb1d3bb3dedf036d75d0af64dd771d7e5ea28d0d8cb11ffb1d576c576614606acc431ac0120f087be

/data/user/0/com.icloud.MASHNCCSC/databases/bugly_db_

MD5 1f3aa2427e9d624303a5f6cd5df7e025
SHA1 ad406c97b71ccb80715dd509e4ff0d937b12fd92
SHA256 d25f1178ef045ed329f61cec2efc0e5deb75199e3499f85c0d3d1f06df6ebfa1
SHA512 90bbb2bc58bd137a73d6f3b3756dbeb846cee7ed62746c47ae8e3503ee0cd4573d10a39f18d4b393d42ef3dd10d741640476953aa97b3e27ca5758b8b73995e8

/data/user/0/com.icloud.MASHNCCSC/databases/bugly_db_-journal

MD5 67be286ab84fcae896356a9fd0c40cf0
SHA1 333f2bbc98e58da0a6c82af4f7eb5c2714ffabc3
SHA256 72b1f6de9b3f98846128530a21636090a5a3dae037f6414ada9d69cbd70f0b7e
SHA512 7198223206921bbea584b5b9fc4683eeefbbb95c6891cffff40db683e5fdb9b0207c884f8dac98a65756145fdaaca0503d4fbe0143b4eb5f1a149e816c7360c2

/data/user/0/com.icloud.MASHNCCSC/databases/bugly_db_-journal

MD5 85f8dcc3ea8378834b8d70d00dce971f
SHA1 3d08f7f6ee22286e32f580175b699030de785f48
SHA256 a4afa1e3547b1d5873be7181a2d49870a752e28bcaf7a35f76e8ea90a6e2e8e4
SHA512 3690d08d7a9433cbb2ccc6edf799b39294086585f6f15b6c1030a62b042a6377a31c2fa43a11ed83bf4f35aa9042e9b26d6191bcb5c38cd2ebe3f200df81e2bc

/data/user/0/com.icloud.MASHNCCSC/app_crashrecord/1004

MD5 58d2b0da7bddececb991b848e02c76d2
SHA1 b2e15e232def1969d4333e4ea500f5d0ed2dba7e
SHA256 53cea6c4c139d6f5d617450a6fbe413b40c628a51191dad42f1681c22677e5a7
SHA512 5ceb2379c34dfe39f75eb4ba873daa674f07538df0974adbe7fc8e69fa83a8b35a1897abb9b56d36e90f0f370130614bce8a51bb3f298fe52410dd2ff192f6e7

/data/user/0/com.icloud.MASHNCCSC/databases/bugly_db_-journal

MD5 a0411be074dc8428ddbf87d78028bcfa
SHA1 ca29d157044266e15aa7a23bdd2e09b9bd4201ec
SHA256 934d944db0582156945a71649f34448ba8d35d13830fcce6c101cdb644579a8f
SHA512 4b6711c12ebbb2b1b851a68f032c6294332b3eafcb19ff7235bc039b3b432841bbb421f39ec939855c8aa1f70aec0c65b2a6654369b890900ca7b75b85d49c38

/data/data/com.icloud.MASHNCCSC/databases/ua.db-journal

MD5 ffbf5adc20df4eec5956c3390d31f50e
SHA1 284688ba11f0c4aad050669e9eaf35c6f396e337
SHA256 4122776566fe061f4cc75e26cbb15598ade1339e8b3d6f5f878f2cd4ca1027b4
SHA512 8d2b7b0687c5cc50a618bffb0cd7dd40274247e04163be19a6f4aa268fd965074b7bcda38875f61549783e6551cf81e8e28955264b2b20041d94c60dbdad6787

/data/data/com.icloud.MASHNCCSC/databases/ua.db

MD5 96d00c090cc0e3ae70369c1abf29eb1b
SHA1 b56fd1c8aad351a021fe82d7b6d0d81629ac1d4c
SHA256 7a0df9a5766bcb2a85e0c5e8770cf359552d156a6c03fcf02b4978a36b8ee296
SHA512 33a4567dd7466410d71b64815f6b1a383fab1477e579a62fae83469fc65fd723a99bbecd1cf9667bfa4ca7257f7375ca5b4b6ea22324c1b680b726dc73c85cdd

/data/data/com.icloud.MASHNCCSC/databases/ua.db-journal

MD5 7e3270a6aee0e43c54c73244866307dd
SHA1 220e3b8ce97b218fe113a1cc8efb64707b862c9d
SHA256 08c6b542776404c9aadd66544f4c754a7168d0fbd8c0e5f84a60313cde07cc16
SHA512 6a41b8479cfbc7963ab9dc8c5947ed860e7f5463a592faa009ff29b681a3e22d1a7bd8ab4799d0a9954e8b6ed59fa89a45ac5d2022896606b44ec2c06f9c9652

/data/data/com.icloud.MASHNCCSC/databases/ua.db-journal

MD5 f5ed575f293067d13883eeca386c44bc
SHA1 06c5711c0b553407276330b8ec350a40ef523492
SHA256 833e76f83d79240b70f64175503bee290714b55c23c50539f8cddee07a8146ca
SHA512 62fd4efccfb99a6e00d585fdd397c84eb50cd33fa58ccecf430bcd4a76672dd191335787d1cd4791aaa642e4d3d3eb744f21a877a6434aab7299d2a5b08545d0

/data/user/0/com.icloud.MASHNCCSC/databases/bugly_db_-journal

MD5 334cbee0865df4f9258c4c3b1b4d6d59
SHA1 9e4dd3bf161005e4e2bd68a4c8d4d1e0445d9e46
SHA256 0b2e733c34aebc06cbc4828a2977a16779e7816dea31f95ad22281de6b0a54b4
SHA512 f496c1fc84fc53cb2438110e2dfe796791101a2aaeaea7a26371f5194c9ba1a9cdebf160c8e3612d5ebfe9da2160131c712b4769643d1e770ab9202766a42a9d

/storage/emulated/0/data/.push_deviceid

MD5 460b6bbdb79318134ce3952b92894083
SHA1 e20c66223a3330933369da815f3d3bb245847e98
SHA256 aa0a67de8289bd95fcfc872fe573d1cd1be6e2424144ffc38ad4cd88f5b21fd9
SHA512 f6af64ba78dcc26f1f82c58ab980afabdd3794f1529e9f6256e45ffc0ae6981ee0dc67da2e925f871eb1ef05d2273022df41037e441e60f01922f5f1a4db8961

/data/user/0/com.icloud.MASHNCCSC/files/jpush_stat_history/active_user/nowrap/d096a746-86b8-42a0-a36c-b5600a92cb61

MD5 519ef1909edb98a4db251c31f95c0711
SHA1 362b613c65452eeffc5ec6cf54733518086be4b2
SHA256 63f42dc0fb32c64e3be8434b892ba4b4707204a00208625149449d3df8491219
SHA512 8e88e91f410e71af34f1754ce8959e21351a048310e7379d6ddcb52afd5b80f83367f76f694634c21511206823331511c6fd0962d49354172e8b73be50afc36a

/data/user/0/com.icloud.MASHNCCSC/app_tbs/core_private/download_upload

MD5 f57b086871d46c35db8b3b5e602f1cf4
SHA1 a8364b0071a9a349da36b5b13329c947fdede642
SHA256 094779b15fd2c1045b6dc3bfcc866a7b84fd040d09e30c5b2fb75cfb3254ac86
SHA512 59c55277d9ad42e1b89bd7b8d9a971ff25348fb07cec364d62553665256e63bb1125682ded1c5c40a907bf3109689f2099584832da48ebe485a5ea058697328a

/data/user/0/com.icloud.MASHNCCSC/databases/bugly_db_

MD5 f59ab786feb88d47608b35f94113b4fe
SHA1 f62a6faa000a3e710354b607552dd718c361b457
SHA256 55ea4e955cf27253081b547ea7cfd88d1cc59c89c72c3aba7be67ca2ceb527af
SHA512 0efd879aacd8eaf531402b34ea12bceabb222b04f38806ddf22483cad616cdd08c951f905a253260e61139e58a18b0a2f87d725cf3c3e1c4144cdaff0f12889a

/data/user/0/com.icloud.MASHNCCSC/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/com.icloud.MASHNCCSC/app_tbs/core_private/download_upload

MD5 a2b0d94a8c4662e168e1d7332ebb1d04
SHA1 024d80d7ac4857430528334c0348bbca4ebc931e
SHA256 2524839ad978c30f98b79ba88e8225b9949052c93ad9d862c3b7d3dc85e5f5c5
SHA512 c0dac72a79893315bc30a05e5c56c1234d38d5de6845d108b0b06e75c2ab3933ce72906ebe48d598e785bdd36f270697d46fd49ca9886c26b8fc4cc01c1efbad