Malware Analysis Report

2024-10-19 13:18

Sample ID 240602-jwwj3sfe6w
Target 8d6346731b68f41af2e69f11d93e24fa_JaffaCakes118
SHA256 32222772e81d03ab733bce47fa0348e7cda65020a2c9fce95220a12936d847c5
Tags
collection discovery evasion impact persistence credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

32222772e81d03ab733bce47fa0348e7cda65020a2c9fce95220a12936d847c5

Threat Level: Likely malicious

The file 8d6346731b68f41af2e69f11d93e24fa_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence credential_access

Requests cell location

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Checks CPU information

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Reads the content of the SMS messages.

Queries information about running processes on the device

Checks memory information

Checks if the internet connection is available

Reads information about phone network operator.

Requests dangerous framework permissions

Acquires the wake lock

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 08:01

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 08:01

Reported

2024-06-02 08:04

Platform

android-x86-arm-20240514-en

Max time kernel

55s

Max time network

175s

Command Line

com.incooltech.xsyd

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads the content of the SMS messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/ N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.incooltech.xsyd

com.incooltech.xsyd:pushcore

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.51datakey.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
CN 117.78.49.155:10002 tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 120.46.84.108:19000 s.jpush.cn udp
US 1.1.1.1:53 app.upenny.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.92.70.140:19000 sis.jpush.io udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 im64.jpush.cn udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 124.70.211.119:7000 im64.jpush.cn tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 124.70.211.119:7002 im64.jpush.cn tcp
CN 124.70.211.119:7003 im64.jpush.cn tcp
CN 124.70.211.119:7003 im64.jpush.cn tcp
CN 124.70.211.119:7004 im64.jpush.cn tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 124.70.211.119:7004 im64.jpush.cn tcp
CN 124.70.211.119:7005 im64.jpush.cn tcp
CN 124.70.211.119:3000 im64.jpush.cn tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 113.31.17.106:7000 tcp
GB 142.250.178.3:80 tcp
GB 172.217.16.228:443 tcp
BE 64.233.184.188:5228 tcp
GB 142.250.200.46:443 tcp
GB 142.250.187.195:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.187.195:443 tcp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.187.226:443 tcp
GB 216.58.212.227:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 1.1.1.1:53 ytdessgbgyx udp
US 1.1.1.1:53 owvxficdqaw udp
US 1.1.1.1:53 ctnruyfsbikqiyv udp
GB 142.250.187.206:443 www.youtube.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp

Files

/storage/emulated/0/DCIM/Screenshots/._config

MD5 7c45bec709cd80286218342a09024c6c
SHA1 7ce4fe6a158b3deeff2072424953f1b005262e1f
SHA256 d1cbacd25908a24a829defe41f11469289d03c5d8d63ea4c6b8a1ce885096044
SHA512 05d52be2c9bc86125358c95d22f787ff72828fb6abe76a0e731af0b82921ac46c0c4ffef5d4397a5689e40044f468ffe48d9252ee4ba4484f8cf045c68c1470e

/data/data/com.incooltech.xsyd/databases/xsyd.db-journal

MD5 f56dfbb32246957a1c992d1e7dd18724
SHA1 d1fff9e3e7bb9b2d69c5e16ffba5e11c025ff318
SHA256 a437422baee8ec9e7ce90ad9810958091680d449ed80534e318056c57d69b72b
SHA512 0d083d09ffcce815c1b9c3550c8a640ddd484741269a6712532dedf294c9e5a3b379b46d0beef3086646ad71bd22d8a46c251a439744ee96b9787b690c51f4a5

/data/data/com.incooltech.xsyd/databases/xsyd.db

MD5 ab999a08654430a869d29846d4bc09f4
SHA1 d649d2a2fa7a3e38f8d09d98c24e5f4cedcf7b5e
SHA256 c646aa1f4e26737a122261fe0cc4d5899bdd953b56d630c5b4ca7b00d48291b9
SHA512 4bf08cef7b600fe036920d38f8424814a495e35d3dccd05af734ec26585a356cddde9e6f4f16c20839d21b6729ef146345903c02bf3d66595b5a4a4a45e6985e

/data/data/com.incooltech.xsyd/databases/xsyd.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.incooltech.xsyd/databases/xsyd.db-wal

MD5 4fe861e9cba7723bda75c13129a473db
SHA1 c2659be240cfa4037396fae33e995f1c455da49d
SHA256 da079eb215d1f3939514b1eef034bd527cdfedb2162ea24491927ee3f152f1f2
SHA512 755972504dd42572452bb594e082c7b42fcaeade29cd9b4922e1a666d72744065fd68bbbecd5d5f5ab19dc352422d19b084ca1033ccbea4fc6e0f3fe507b75f5

/data/data/com.incooltech.xsyd/databases/ua.db-journal

MD5 5cba01063bb754b7987aed33ac31df5c
SHA1 1c2b823bd6f6671e135c2ccfcf21b3822b5acc3e
SHA256 489cb0bcfb76f348df95198ddbeff5c0152e5070424eea8a92173295ca55f8bf
SHA512 d7f275391bf46ace3d1e05a98500148bd1aa0612298a7cab12d587db623ec0e7dcaa7e4ddcfda770fd077d89152a37fccb0cf531f333212022e8e1f2544fc2f0

/data/data/com.incooltech.xsyd/databases/ua.db

MD5 efb8a79e4122d40377a74e3cb5db2507
SHA1 7834215022042586dae7e68ce27f81c70f88e344
SHA256 b20c81f8c15e53393025fce7652314e0d961437e97939118802ba4534a20ca51
SHA512 66e55a74dda0bc3b35ca3b44980f5ca2219a1abefffcc49784c01f03eff07080770d6487052cfca86430eb5696ea2349e9772ae35ee0b4680fbffeeec90ec695

/data/data/com.incooltech.xsyd/databases/ua.db-wal

MD5 bdeda1baf396b2f3421a2e04205dd9c0
SHA1 9e00abea17621b6c89542041facbf7ac51fa3f46
SHA256 cb1519942abacc70b1ef8cf1ba3820cf27e3beca403d71b5670b323ca8978386
SHA512 9084ea15aedfe46cb7b5b2c7262dd5a241860d0440fe9a271af4427c35b20ef7e053edf67b5205aa310536b4ff65cb1332bbba982b20a187c4f9a18ac7c4d3af

/data/data/com.incooltech.xsyd/databases/cc/cc.db-journal

MD5 f470fb85e614e630bdf0625e27f4d139
SHA1 bc63ac736b80a29a83b2cb6f0ee135aa473f09ac
SHA256 a75a492789cb9a4b69c2fcf0ceb01e3e16741341f132b1d62760ca74c387df61
SHA512 8edbe50ff8bbaa84f0c2cad937937fc334b2cc459b4d7ddf71606333f3c9ffb469325127a3475c5ee0a42a423ad74bc805e90d36a9e02e2d0d5dac5a0e2df4d9

/data/data/com.incooltech.xsyd/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.incooltech.xsyd/files/jpush_stat_cache.json

MD5 6a79c599d510ca9ed1df2863d65072a6
SHA1 6f1549f18ff862861d9f10b731677388dab8dbff
SHA256 20291c9e3d2b9831edb6a1f6e53a85e697ecf086b72b30a69053bcbe64f15fd9
SHA512 43fec660ea574cea4ea30d8c94cefc39ce113a714ee4e775a5a94d3c0e4a2131037e2e4e21eee5d2511ba1d1041d4234e1eeeeee9b5f2ccc17c69d8884d7ac05

/data/data/com.incooltech.xsyd/databases/cc/cc.db-wal

MD5 822685c1d57121ef1bdf90ce4c0e7fe2
SHA1 9325d48ae54e320498604ff8e49adb528d2f0efe
SHA256 98cc67caca3b99ea61ffef63c5114aa5bfc0a91c05e1c44f9472cb59148639f3
SHA512 7ddb03df33125fb20c2ba29cf64965f0b5dce9837c3b5e27947b47802c766027acc57c2165b4e54a53a376d7b726349446ca786f4de484189913295edeadd5d9

/data/data/com.incooltech.xsyd/databases/ua.db-wal

MD5 d8341200d0fcaada372a622d6f01013b
SHA1 be7df5d5ac7a2cc01885a67807ec4b9e6a606c6a
SHA256 8d8eeb1e1b9998e8fdec4a37579d5ebf5b41061a1957d9b3d4a50966486f7bd3
SHA512 35f16735939ffc51bc82800a5aca38f24f04ffca4a01b20fe8626a2aabd2ba4f06be585cab85e4a4b1795640337d925ff993b3adf06de6eb2af86574a17cf6b6

/data/data/com.incooltech.xsyd/databases/ua.db

MD5 55ebeefc745c0a3a81b964fbc318a176
SHA1 ae1d22cd030f99603813af4b572f8bffa784b964
SHA256 d450e328a26a748a2760fc1952b148b78a4500a76dcd6af1b379893e462ff5df
SHA512 7e7105753581ae1bc549a012137953d8e531f5318e8b924070e9ef3a86a2ca0fa2532cb9c530f607237c347c016d09dc565290176e7f7bfe05e56e5516a9612a

/data/data/com.incooltech.xsyd/databases/ua.db-wal

MD5 50d054849f9521b14650a02a25ef8486
SHA1 d7ad4d86f8f12f016bf1f3c5ec87d681b9758b3f
SHA256 4498dbc78562c3242cfa2400ed74f3f286c3a539f32c69c6dca92972b294c7c5
SHA512 e85bbf0650ffcb760002a4f1549fe3fde869a13966c01f3257f2e2c55679efbbf470bee4f437bdce2b42ddb3f0a9e7fd026ac3a5126ce598bcef4c0c393084ee

/data/data/com.incooltech.xsyd/databases/ua.db

MD5 03dac5531f6bd4129f0c32a9bb9e74e4
SHA1 6666e7a3bcf9d7a428fc3254f25c19b716b7b411
SHA256 937584515066666a9ddc46527179bd8e1c0132a463802bfd83319dd58b9375df
SHA512 bd69e3046774a43bfb4ab53df12deb20f12a8f0fdda8791313c90c97eebe3ffdf390c429fcb25276d0bac88f234f640f9a5ce40438113b6ae06ee7d106ca0a1e

/data/data/com.incooltech.xsyd/files/umeng_it.cache

MD5 f1d2fcd05440fc5fe8a7e4353b9785c3
SHA1 72db5092aa7f98f7ce56889a1406fe38de6d57bb
SHA256 d5ff12ad647215e1f84c03a2f03ec588291e8704431b795c6e911fc968c90cda
SHA512 6cd8399c23b74271698ce25ab25eb91563de051af4991f9ca15b2ec700f77c12c61c9cf10689ed99b3eac6e0a4335df32d882b8e4b69e7b40760744e375a39d3

/data/data/com.incooltech.xsyd/files/.umeng/exchangeIdentity.json

MD5 fbe7238e1c23a7038e64e6443ff38136
SHA1 7e3ce6f6617829731f25a5476a477f0f637a2c44
SHA256 dbfb729f0a9da4462bf451d1bf141a28e3bb475d84f24fa5e47c51a33a80cf0f
SHA512 15283624ad817e977635e3105c843e346a4f83deaa64bf34af3479637eddc6e575c31d2a204e3c58f254c1a16215aa7d8536e54e59de9a7aa7c4798c727a9468

/data/data/com.incooltech.xsyd/files/exid.dat

MD5 c7539f9280b210d74c3d91d9472cbc03
SHA1 09adecc3d5a51c92f22df462d3df3ef11cef3ad3
SHA256 120d578f7c7c6fab440603d116b605c539e590abe2c93cad236c31cab7e4ba6a
SHA512 02f0884ed535f0762aa59606a6a60e5ec0c1587067c1a61f4167e66fff08b368375c69f280488cbd3d7c9c7c039a6f0ce485d8847d8b60338aaf25485b54bbe3

/data/data/com.incooltech.xsyd/databases/ua.db-wal

MD5 c7cb0d8c2de621ca4750766d6c386652
SHA1 cb15f85e72133e995dfcce46fbe279b221ca7905
SHA256 bd1c4c1f2b64431a64b4ec8c2ceafe0c4c79fd4ce291a7581f818612e8d2a47b
SHA512 3b816e31fe31d74ee8c36c39329146ad174367a60720941fc4a46ba02dbc2b3549fbbe8865aec887f2a6c1aa7061e97b837a0b98ae8d9846d0dabb37afc561c5

/data/data/com.incooltech.xsyd/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.incooltech.xsyd/databases/cc/cc.db-wal

MD5 00cfcf1bb8e4fef555a320f473cfac5a
SHA1 f45feffe6bfd0a3129c5e30ca4a270bfdb43c770
SHA256 d29d67b74dcc5b8bf3512c122a7c77c9f4824077d75555f8f9bfc140b38a11c8
SHA512 7ba3a6a7295faa70e4a3c71cebb4f6071eaaaaca7482fbe27f8ad91f1b01354c61d1db64cca220ab4549c1b7565dfa7c6c876099f6592edfbcc82122ae361701

/data/data/com.incooltech.xsyd/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 08:01

Reported

2024-06-02 08:05

Platform

android-x64-arm64-20240514-en

Max time kernel

178s

Max time network

187s

Command Line

com.incooltech.xsyd

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads the content of the SMS messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/ N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.incooltech.xsyd

com.incooltech.xsyd:pushcore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 api.51datakey.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 1.92.70.140:19000 s.jpush.cn udp
CN 117.78.49.155:10002 tcp
US 1.1.1.1:53 app.upenny.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.92.70.140:19000 sis.jpush.io udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.2.18:3000 im64.jpush.cn tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 113.31.17.106:7000 tcp
CN 1.92.70.140:19000 easytomessage.com udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
CN 1.92.70.140:19000 easytomessage.com udp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 113.31.17.108:19000 udp
CN 1.94.2.18:3000 im64.jpush.cn tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 113.31.17.106:7000 tcp
CN 1.92.70.140:19000 easytomessage.com udp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 1.92.70.140:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 113.31.17.108:19000 udp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 1.94.2.18:3000 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 1.92.70.140:19000 easytomessage.com udp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 1.92.70.140:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 113.31.17.108:19000 udp
CN 1.94.2.18:3000 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 117.78.49.155:10002 tcp
CN 1.92.70.140:19000 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.94.137.180:19000 sis.jpush.io udp
CN 123.60.89.60:19000 sis.jpush.io udp
CN 113.31.17.108:19000 udp

Files

/storage/emulated/0/dcim/Screenshots/._config

MD5 2964624d8ad2303e1e4cc42f5c032233
SHA1 a7a8a57440eacbbb2b9e1bce83cf449ef7d37727
SHA256 33c8e9825ef0e1a02f0bbe1b441e8022ee65ac9c6bc08c4d629f40c7738db675
SHA512 9d05ba75c6b89cfe841a52b542bd46d55ae9b0ced50c882ffa31ebef1dcef221d0fbe531e49ff49448a09b96f93b879119fe8df7b3f91283e5cfb0943b3c1b2a

/storage/emulated/0/data/.push_deviceid

MD5 1853a95cf3759535bbe1ca2306f2cdfd
SHA1 d82735108e1100199b9cf112035959b82d0c1dd3
SHA256 f7b48fc6e735227e13d9f1e2dde90819262e6c5d8f63c0fb187cd898c1ebfd6e
SHA512 c4ed095072189ccaa001b64f210fb74bb1d95f7fd3e387a9a2339c59904a7fba51edea7c10102622d58aa24a737d622faf5bb03d72e3b265f6073389542e9e87

/data/user/0/com.incooltech.xsyd/databases/xsyd.db-journal

MD5 9cb6f86cac4aa1bbf73c716293549fe7
SHA1 d6009703db9b6fc2d0e4f56c68a3d8ce5c32a9ef
SHA256 fbff670c66fa2a4e55d3ea60f475d1c9e1675398aaad7e4ef6872b4d283a9385
SHA512 db6999e81a6ec04e6df873bd9dbe14cc9604d2a79cc18abdd8f60ec8493dc8cdc4fb60cd67becbc5500ebaa1fbf7f2fb3079ff37f6b83c5c96ac5a77e723b4c0

/data/user/0/com.incooltech.xsyd/databases/xsyd.db-journal

MD5 ecfb082afdd41570d51938d833149b7e
SHA1 1cc935b7b60cd2a10b64166d9580201d765e0758
SHA256 94023223b1282508acdc11d81f7b0a5d2e908867eac1247d5393e1cc20ec4279
SHA512 cd69ef95c6bc23a068f18fa5d1631a1c86d3fc2943e0a4db87be1b3471ea227080e222e125af2a520518e22ecc39379d890436155cf7ea1f82b30f5da9204fdc

/data/user/0/com.incooltech.xsyd/databases/xsyd.db-journal

MD5 4ec58977c4786138734bb54162b80dd4
SHA1 d5b59240f5977ab729c2a1e61389b95689a03b4e
SHA256 c0b3140d1fe7e654476bd1a2eb432226205fc588d0fcc3af54972b6ba8a53ea2
SHA512 a9d5f54b002f4762fb892fe9239d75e44fe92f98b969a3aca70b8c4269e23aaf6cb9105594d218d58b0dd986fe975670ed771a19893dde7f8583dd9eb15bf622

/data/data/com.incooltech.xsyd/databases/ua.db-journal

MD5 7734d07af14a73f7c80f10fe8a4aa729
SHA1 ef93dd3a4630764201b660b8740e17531488a033
SHA256 3efd4ce401ec015162a61d054a967a688beb48880ca73bb48d10c9ebec1dbc36
SHA512 9d7e092a605cb2b1ad3b9d8dc8d8a3db14d6da2027eb9271f3e6c7e709ff106d54b9466972f0d8b972c45996e4ebf5cd42719a3f7f1f9d99ec28fe485960b94f

/data/data/com.incooltech.xsyd/databases/ua.db

MD5 fce197b0b5d7a48a126c4d37b4e88ada
SHA1 29994d8c7c9d300418f5b1f725fe33f2d0a28c23
SHA256 1f8209f4c2ed30aa8585d82547077863590603b625a5eca8a4454aaa2c59d380
SHA512 e39ed2bbe23bc32c10b1e5f7958316ed8f945c5f64e41728782be523c77ce80e83f2e63e39f7e2829fb839491814bd35e52b50771b0a6957b0097e9a166fca27

/data/data/com.incooltech.xsyd/databases/ua.db-journal

MD5 5fd6c2ac26cd6b4c98fc3f35f54fdfb1
SHA1 077e444bb15dcb4641c49c7506a0ebb2a6695648
SHA256 6fe19e3c411035db2a217a1f44a406e813977a3cb4394d8bd4a024838a3bf1ef
SHA512 aaa04a20aebd7fd670ef863e8bd980c7b32f7974d9ac2d33281ebd7c1e0422951ade47a12117a434376f5a7837b708b00136bbbf2189f5d472f64827b835df82

/data/data/com.incooltech.xsyd/databases/ua.db-journal

MD5 6ecd66076682c0ae343a86fa132d891e
SHA1 ffc26e807997b3b7cd288ec2c9f5f7a913ec02d2
SHA256 457a6340b14bf999c71b76e1b418c394973c796a8a25d89b160d19a03db04165
SHA512 0a3ee3cf2d882005c87dbbc61e278df068de4ec6732d5dfef05d80fcb38af45531d89b285d3ee53fd69ed4d25af835c1422174030616c0c68b109d069b0a3dba

/data/data/com.incooltech.xsyd/databases/ua.db-journal

MD5 a70bd044f490b0f0d27dfe1a41387d9c
SHA1 2e054261d7d0ea7fb26fe19316b83c336b76eda5
SHA256 c78d425f038c17292f2ac3303e8daa3e40a6f702d4584158d89f143d7498f20d
SHA512 e2f4686cdf1b385fcbe2cfe8fd6f88053a4db9c5f730fe4b358681bf2cc5f2c46e6894437eb4d8bf4b1a9088200bea5582c47d18364d0ed7f91c44bc92743bff

/data/data/com.incooltech.xsyd/databases/cc/cc.db-journal

MD5 045b9be2d6f12d5075b654ede6a72558
SHA1 ab51c3ec117e86caef399e3ad6c673bae7a72609
SHA256 abf583ac4b81a8ef2d750d4bff5ff0e65f2141be991c56f099febed780029722
SHA512 4859e8574a4ae7f0fa4973a99c2d49efba40cb58aba005b3f55ce9a52a23f6c08090c67806569f1256dd1d26247b5b6c6d1782e5c6c2ccd707707ce47a2717b1

/data/data/com.incooltech.xsyd/databases/cc/cc.db

MD5 4cfe777c9f6e7859f5efe2197401d8e5
SHA1 bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256 c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA512 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

/data/data/com.incooltech.xsyd/databases/cc/cc.db-journal

MD5 6eaf67fe92b94f2f076c55854d113415
SHA1 715c4f46ec2b7bc2dfa21f590ed7f267dd2cef4b
SHA256 17b7198ddcc9d6b24177faff2f6494479534902f87fd526e4d5fc5eede8a7b51
SHA512 fa8a8969faeea08e1c559f92bdc5386dc37b20ba26f3139a7b7237455fcdbd920de85dfd138e58c3817f23716518c656fdba13aafb20bf29c5367fae2c36db30

/data/data/com.incooltech.xsyd/databases/cc/cc.db-journal

MD5 5faeea04391b058cf7ca137cdb02cc55
SHA1 98b52be70167fc358734c3b0832564d647db8e48
SHA256 c1d4f68209fefa5feb85e9bad5f71b698bc0470c40d4ae0780e4cec83e80c846
SHA512 80839c93d11166a024c80e29ff6861264b30c38fcf1dc71f55d986ccd149dee1e5c1a0c0df58bcc3287f0840257d172a5343cab93b42e540c55fda0149611ce7

/data/user/0/com.incooltech.xsyd/files/jpush_stat_cache.json

MD5 e1555a2416b16b86156627479497faf4
SHA1 f4fbdd1d4d868fd492e98015405a0f8dff437e62
SHA256 c28c952495af7aec77a863db2fff8f0447e138b49ed6391c1004570213f3e789
SHA512 6e0c460d4c424b2e02d18aff60f9dfa1d63e44641cba07f6a01f866eada2cbf24580eddd01733c25a9155ebfba9e167de4501dd92a1d1b5e40f1cc7a63c44dc8

/data/data/com.incooltech.xsyd/databases/ua.db-journal

MD5 bb33e38e2d15c182c7f77ae4aafae469
SHA1 3d45f047254ef7a0fba016008b44268303f0aae2
SHA256 fe1876e15ccc92622450e2a1a8eabacb33095b907c2796a8a695b6c7d20a3fc9
SHA512 6ebb49eac4f0626d1f398b67b52ba921ad30660508eb5974a806f22f2cfd4d0bf54b0526a1d6168b6ff6402ea02b2dc44ac6fda12bbc505490b95bc73f420ab6

/data/data/com.incooltech.xsyd/databases/ua.db

MD5 05a51243dac469dba568b11935e06439
SHA1 008ee34eea2b4e6cfa410e03729f5c6276473c74
SHA256 095d6eea4ae854144cc684548bd0eb6d423f4f62928aadff82893c263fa38386
SHA512 0c22b2f476326dc0a76ad7fcf2e5ce097642c5f39d22bf64a2fc3c104bfb028e639978c6c5f341f4b2e33c79ac90f73ea6a5cbcd87e773feb07fe95c2fb76d80

/data/data/com.incooltech.xsyd/databases/ua.db-journal

MD5 85ea64fddf0738b2965d24488ad84a04
SHA1 59b0f9f79d93dd1f3f71c2198ee596a0b0dd7e6e
SHA256 178a5dda71ddf37795037c0b439a9517a713de66ef985e41d6c0d09a67d66095
SHA512 467e0cec1ba4ba7bc92f1ba25c77a2ce6ae151b5865ba0024d9fc4d83898318ec0f5274b2e9e24eed3bc060dda1fda1c6b692eabf238f32391f8a29f00f78e44

/data/data/com.incooltech.xsyd/databases/ua.db

MD5 d897701cdbd6f9600e090c76a5d9ce2c
SHA1 37070b1e8c97fe837cb128900c4cbd289889ff6d
SHA256 94c7f1f04941cfcdfa662ccd66d309e3ab2ee649013e3c3fb8b53b173515db18
SHA512 cb479af5923da596f7fe3fede6688981061ca12976b28ad3a6a4b320e7bc0f8c486068a2a9dba70e5680af78c0b69c71da7e0982d3c15e38bc9432e5e2bf49b7

/data/user/0/com.incooltech.xsyd/files/umeng_it.cache

MD5 27424a21624969ccb2cac17a4f070725
SHA1 7bcfb8814bcfae6cc01153aeffafa55af585d822
SHA256 12097a782a87d9e633a201e4256eea75e6db2e4f6939ea6097c1fe6d9567f346
SHA512 5e0fb03a0d3efa6b84f3a50c25c73d9107e046104320f5f8aacc1ec9fb681d3a38cf73431c957e171d3a7e77630768b3a4708e1f3eee84c95b7da172c484a939

/data/user/0/com.incooltech.xsyd/files/.umeng/exchangeIdentity.json

MD5 428dbf3f72f284c296f3007c0136202e
SHA1 5f0fc8d40d3f8d88c9ee5634fb55b3d7d3d20a61
SHA256 479a52590f1ba9691b394e8d21638f1ae6638da19f319184323a11a532f32e33
SHA512 7dcac85cd16a708684829b55d31f822416740b976c64c6e12257aa6c83533f26df15e57d2554981e55463cd5c68872d18044caf65b4d38741d9c3810a103526b

/data/user/0/com.incooltech.xsyd/files/exid.dat

MD5 c7539f9280b210d74c3d91d9472cbc03
SHA1 09adecc3d5a51c92f22df462d3df3ef11cef3ad3
SHA256 120d578f7c7c6fab440603d116b605c539e590abe2c93cad236c31cab7e4ba6a
SHA512 02f0884ed535f0762aa59606a6a60e5ec0c1587067c1a61f4167e66fff08b368375c69f280488cbd3d7c9c7c039a6f0ce485d8847d8b60338aaf25485b54bbe3

/data/data/com.incooltech.xsyd/databases/ua.db

MD5 4cd141af5f5f1ff6416e42d1aa8fd169
SHA1 121bf46cb4857e644ebf1d78fbda4c226cc9d028
SHA256 0d025277ecc531093a863bbbf75b61f5c22997f1e70fd5f8d70f3c0ec66630cb
SHA512 c2362199eb6452beb82042280a58c7cf60143881673120f7029e461bbfeccf0c3f0b668b40cd93c5fb4b0dd2eb9a3fa41307bb19f276fe3729ccfa4db12c03b6

/data/data/com.incooltech.xsyd/databases/cc/cc.db-journal

MD5 9e064482858e6ce1d918e0e657605f8b
SHA1 fa305f3dc643277d49040871c76f8d56418d0a6b
SHA256 4817b2d9b8c687c01a711eb6aafe10dc2072c3e6840ed81187c2cc0f60878d11
SHA512 a7cf9a7b83b55be2f70619d49fe7c71c360259f5f017df7f89b65f1f0c9615443203e5910cc3a8583d5a053b6f825fc65452af314c5f411dbe77b919bd8ac7b2

/data/data/com.incooltech.xsyd/databases/cc/cc.db

MD5 86752a4be6564d8370f2f0e403995003
SHA1 29f7d50675f6e59f3b808eb6dcc8619384412115
SHA256 50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c
SHA512 79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

/data/data/com.incooltech.xsyd/databases/cc/cc.db-journal

MD5 ad53940c27f24fbea1c66b705cdbbd51
SHA1 64b6f4f1196748d8dd360e4a0d6adc935a59897f
SHA256 56f8dad7ba6ec8dbca3e7bd4047d1906aa942287c48da7c092b2c281bf615679
SHA512 dfe2da17d0d70dc9cd48a537b4dd43b1c4b400843cf2e968650d7c5de104d85d219a4f68355129130ea5dd18d11990b5f3aa94e9ad42a9b4bc31a45356d0cca1

/data/data/com.incooltech.xsyd/databases/cc/cc.db-journal

MD5 011083af1ec11626b66482fc96c8a3aa
SHA1 4cd764d649a242f64b4c4dc8fa3953a971956c32
SHA256 085d698504e9359dae5cb0db97b0dbcb14189d42f3513ee28f197be263a4cc64
SHA512 eb2fda2434fe6d34515f68d2e8b413184e1682ed393f87a269ba23eacfcd70a0fb7a651c350fee3abf8a424c11963bc83ade9b8a193f6d4595fad6d83cf4f260

/data/user/0/com.incooltech.xsyd/files/.um/um_cache_1717315446919.env

MD5 82576a05d7d186d33ff9d5d00356a197
SHA1 e1fa0100dde2076cd720292673468b01f239033b
SHA256 5e19e5cb8e964d47cdf57d635164027c46b867b26f4620562b8607370bff00c9
SHA512 7f28fb4ee297e04af886bb06f1203a5e5e4e0d522c472bd9a4d5db4401bbb7f7c3326ba11b148d0fda4156bc55aed2f180b48c078ff29bb0d5c93d92276b009f