Malware Analysis Report

2025-01-19 08:08

Sample ID 240605-vedhqadc28
Target 98ae96626f355c416b2ea127a1235ece_JaffaCakes118
SHA256 13c6c54e99e15f0590596891ae32466ee38ab9508691b0d921f5ae1de0778b2b
Tags
banker discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

13c6c54e99e15f0590596891ae32466ee38ab9508691b0d921f5ae1de0778b2b

Threat Level: Shows suspicious behavior

The file 98ae96626f355c416b2ea127a1235ece_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Checks Android system properties for emulator presence.

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 16:53

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 16:53

Reported

2024-06-05 16:57

Platform

android-x86-arm-20240603-en

Max time kernel

2s

Max time network

132s

Command Line

com.duowan.mobile.gamecenter

Signatures

N/A

Processes

com.duowan.mobile.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-05 16:53

Reported

2024-06-05 16:57

Platform

android-x64-20240603-en

Max time kernel

2s

Max time network

132s

Command Line

com.duowan.mobile.gamecenter

Signatures

N/A

Processes

com.duowan.mobile.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
GB 142.250.187.194:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-05 16:53

Reported

2024-06-05 16:57

Platform

android-x64-arm64-20240603-en

Max time kernel

2s

Max time network

133s

Command Line

com.duowan.mobile.gamecenter

Signatures

N/A

Processes

com.duowan.mobile.gamecenter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 216.58.201.106:443 tcp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 16:53

Reported

2024-06-05 16:57

Platform

android-x86-arm-20240603-en

Max time kernel

178s

Max time network

190s

Command Line

com.duowan.mobile

Signatures

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A
Accessed system property key: ro.serialno N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.duowan.mobile

com.duowan.mobile:com.yy.pushsvc.PushService

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 aplbs.yy.com udp
CN 117.25.157.160:80 udp
CN 119.84.76.209:6002 udp
US 1.1.1.1:53 wtaplbs.yy.com udp
US 1.1.1.1:53 spec.wtaplbs.yy.com udp
US 1.1.1.1:53 ylog.hiido.com udp
CN 124.95.181.17:5002 udp
CN 61.158.244.151:5002 udp
US 1.1.1.1:53 crash-reporting.yy.com udp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 112.29.177.237:23 aplbs.yy.com udp
US 1.1.1.1:53 star.m.yystatic.com udp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 60.190.118.225:80 udp
CN 58.215.180.63:80 data.3g.yy.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 122.141.244.103:4002 udp
CN 58.215.180.63:80 res.3g.yystatic.com tcp
US 1.1.1.1:80 star.m.yystatic.com tcp
CN 58.215.180.63:80 res.3g.yystatic.com tcp
CN 113.108.82.148:80 res.3g.yystatic.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 113.105.147.67:80 mlog.hiido.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 183.240.99.202:80 www.baidu.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 112.29.177.237:5002 aplbs.yy.com udp
CN 114.236.143.48:23 aplbs.yy.com udp
CN 61.133.52.33:23 wtaplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 119.84.125.8:23 udp
CN 122.228.246.138:80 udp
CN 61.158.244.135:6002 udp
CN 122.141.244.8:80 udp
CN 124.228.238.16:5002 udp
CN 113.108.82.187:80 data.3g.yy.com tcp
CN 222.186.49.5:6002 udp
CN 113.108.82.187:80 data.3g.yy.com tcp
CN 218.27.136.27:5002 udp
CN 175.22.6.70:4002 udp
CN 58.215.180.63:80 res.3g.yystatic.com tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 star.m.yystatic.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
CN 218.16.227.133:23 udp
CN 119.84.125.8:5002 udp
CN 61.158.244.135:4002 udp
CN 122.141.244.8:5002 udp
CN 114.236.143.48:80 aplbs.yy.com udp
CN 114.236.143.48:80 aplbs.yy.com tcp
CN 113.108.82.148:80 res.3g.yystatic.com tcp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com tcp
CN 119.97.153.155:5002 udp
CN 58.215.180.63:80 res.3g.yystatic.com tcp
CN 222.134.66.77:6002 udp
CN 58.215.180.63:80 res.3g.yystatic.com tcp
CN 113.108.82.148:80 res.3g.yystatic.com tcp
CN 112.29.177.237:5002 aplbs.yy.com udp
CN 114.236.143.48:23 aplbs.yy.com udp
CN 61.133.52.33:23 wtaplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 112.29.177.237:23 aplbs.yy.com udp
CN 61.133.52.33:4002 wtaplbs.yy.com udp
CN 122.228.246.166:80 udp
CN 218.60.71.7:6002 udp
CN 113.108.82.187:80 data.3g.yy.com tcp
CN 113.108.82.187:80 data.3g.yy.com tcp
CN 58.215.180.63:80 res.3g.yystatic.com tcp
CN 122.228.246.138:80 udp
CN 222.134.66.73:6002 udp
CN 113.108.82.148:80 res.3g.yystatic.com tcp
CN 113.108.82.148:80 res.3g.yystatic.com tcp
CN 113.108.82.148:80 res.3g.yystatic.com tcp
CN 112.29.177.237:5002 aplbs.yy.com udp
CN 114.236.143.48:23 aplbs.yy.com udp
CN 61.133.52.33:23 wtaplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 218.16.227.133:23 udp
CN 222.134.66.73:6002 udp
CN 219.153.55.66:4002 udp
CN 111.178.146.26:4002 udp
CN 182.118.1.87:4002 udp
CN 58.215.180.63:80 res.3g.yystatic.com tcp
CN 119.167.206.174:5002 udp
CN 58.215.180.63:80 res.3g.yystatic.com tcp
CN 58.215.180.63:80 res.3g.yystatic.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 218.16.227.133:23 udp
CN 119.84.125.8:5002 udp
CN 61.158.244.135:4002 udp
CN 122.141.244.8:5002 udp
CN 113.108.82.148:80 res.3g.yystatic.com tcp
CN 113.108.82.148:80 res.3g.yystatic.com tcp
CN 113.108.82.148:80 res.3g.yystatic.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 117.185.226.53:80 mlog.hiido.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 112.29.177.237:5002 aplbs.yy.com udp
CN 114.236.143.48:23 aplbs.yy.com udp
CN 61.133.52.33:23 wtaplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 58.215.180.63:80 res.3g.yystatic.com tcp
CN 58.215.180.63:80 res.3g.yystatic.com tcp
CN 58.215.180.63:80 res.3g.yystatic.com tcp
CN 122.228.246.138:80 udp
CN 222.134.66.73:6002 udp
US 1.1.1.1:53 star.m.yystatic.com udp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 113.108.82.185:80 dataaq.yy.com tcp
CN 180.163.207.106:80 earn.yystatic.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 221.228.202.164:80 idx.3g.yy.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 112.29.177.237:5002 aplbs.yy.com udp
CN 114.236.143.48:23 aplbs.yy.com udp
CN 61.133.52.33:23 wtaplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 114.236.143.48:80 aplbs.yy.com udp
CN 114.236.143.48:80 aplbs.yy.com tcp
CN 61.133.52.33:4002 wtaplbs.yy.com udp
CN 61.133.52.33:4002 wtaplbs.yy.com tcp
CN 118.123.115.6:4002 udp
CN 60.212.16.141:6002 udp
CN 113.108.82.185:80 dataaq.yy.com tcp
CN 180.163.207.112:80 earn.yystatic.com tcp
CN 125.94.240.78:80 idx.3g.yy.com tcp
CN 218.16.227.133:23 udp
CN 119.84.125.8:5002 udp
CN 61.158.244.135:4002 udp
CN 122.141.244.8:5002 udp
CN 114.236.143.48:80 aplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 116.211.118.138:23 udp
CN 119.188.71.137:23 udp
CN 113.108.82.185:80 dataaq.yy.com tcp
CN 180.163.207.107:80 earn.yystatic.com tcp
CN 221.228.202.164:80 idx.3g.yy.com tcp
CN 112.29.177.237:5002 aplbs.yy.com udp
CN 114.236.143.48:23 aplbs.yy.com udp
CN 61.133.52.33:23 wtaplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 122.228.246.138:80 udp
CN 218.16.227.133:23 udp
CN 61.158.244.135:6002 udp
CN 222.134.66.73:6002 udp
CN 121.14.241.41:4002 udp
CN 61.55.172.56:80 udp
CN 113.108.82.185:80 dataaq.yy.com tcp
CN 180.163.207.109:80 earn.yystatic.com tcp
CN 125.94.240.78:80 idx.3g.yy.com tcp
CN 122.228.246.138:80 udp
CN 222.134.66.73:6002 udp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 112.29.177.237:23 aplbs.yy.com udp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 61.133.52.33:4002 wtaplbs.yy.com udp
CN 14.17.119.111:80 vr.duowan.com tcp
CN 114.236.143.48:80 aplbs.yy.com udp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 221.228.202.164:80 idx.3g.yy.com tcp
CN 180.163.207.108:80 earn.yystatic.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 163.177.216.54:80 mlog.hiido.com tcp
CN 113.108.82.187:80 data.3g.yy.com tcp
CN 14.17.106.77:80 vr.duowan.com tcp
CN 119.84.125.8:23 udp
CN 122.141.244.8:80 udp
CN 125.94.240.78:80 idx.3g.yy.com tcp
CN 180.163.207.113:80 earn.yystatic.com tcp
CN 58.215.180.63:80 data.3g.yy.com tcp
CN 61.147.186.77:80 vr.duowan.com tcp
CN 112.29.177.237:23 aplbs.yy.com udp
CN 112.29.177.237:23 aplbs.yy.com tcp
CN 61.133.52.33:4002 wtaplbs.yy.com udp
CN 61.133.52.33:4002 wtaplbs.yy.com tcp
CN 221.228.202.164:80 idx.3g.yy.com tcp
CN 180.163.207.111:80 earn.yystatic.com tcp
CN 113.108.82.187:80 data.3g.yy.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 112.29.177.237:23 aplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 125.94.240.78:80 idx.3g.yy.com tcp
CN 180.163.207.110:80 earn.yystatic.com tcp
CN 58.215.180.63:80 data.3g.yy.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 180.163.207.106:80 earn.yystatic.com tcp
CN 113.108.82.148:80 res.3g.yy.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 58.215.180.63:80 res0.3g.yystatic.com tcp
CN 218.16.227.133:23 udp
CN 122.228.246.138:80 udp
CN 61.158.244.135:6002 udp
CN 122.141.244.8:80 udp
CN 180.163.207.112:80 earn.yystatic.com tcp
CN 58.215.180.63:80 res0.3g.yystatic.com tcp
CN 113.108.82.148:80 res0.3g.yystatic.com tcp
CN 180.163.207.107:80 earn.yystatic.com tcp
CN 113.108.82.148:80 res0.3g.yystatic.com tcp
CN 120.233.147.183:80 mlog.hiido.com tcp
CN 58.215.180.63:80 res0.3g.yystatic.com tcp
CN 180.163.207.109:80 earn.yystatic.com tcp
CN 58.215.180.63:80 res0.3g.yystatic.com tcp
CN 113.108.82.148:80 res0.3g.yystatic.com tcp
CN 180.163.207.108:80 earn.yystatic.com tcp
CN 113.108.82.187:80 data.3g.yy.com tcp
CN 112.29.177.237:5002 aplbs.yy.com udp
CN 114.236.143.48:23 aplbs.yy.com udp
CN 61.133.52.33:23 wtaplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 113.108.82.187:80 data.3g.yy.com tcp
CN 114.236.143.48:80 aplbs.yy.com udp
CN 114.236.143.48:80 aplbs.yy.com tcp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com tcp
CN 180.163.207.113:80 earn.yystatic.com tcp
CN 58.215.180.63:80 res0.3g.yystatic.com tcp
CN 218.16.227.133:23 udp
CN 119.84.125.8:5002 udp
CN 61.158.244.135:4002 udp
CN 122.141.244.8:5002 udp
CN 58.215.180.63:80 res0.3g.yystatic.com tcp
CN 114.236.143.48:80 aplbs.yy.com udp
CN 61.133.52.33:4002 wtaplbs.yy.com udp
CN 180.163.207.111:80 earn.yystatic.com tcp
CN 113.108.82.187:80 data.3g.yy.com tcp
CN 112.29.177.237:5002 aplbs.yy.com udp
CN 114.236.143.48:23 aplbs.yy.com udp
CN 61.133.52.33:23 wtaplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 113.108.82.187:80 data.3g.yy.com tcp
CN 119.84.125.8:23 udp
CN 222.134.66.73:6002 udp
CN 180.163.207.110:80 earn.yystatic.com tcp
CN 58.215.180.63:80 res0.3g.yystatic.com tcp
CN 122.228.246.138:80 udp
CN 222.134.66.73:6002 udp
CN 58.215.180.63:80 res0.3g.yystatic.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 112.29.177.237:23 aplbs.yy.com udp
CN 61.133.52.33:4002 wtaplbs.yy.com udp
CN 114.236.143.48:80 aplbs.yy.com udp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
N/A 172.19.22.116:80 tcp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 180.163.55.195:80 mlog.hiido.com tcp
CN 112.29.177.237:5002 aplbs.yy.com udp
CN 114.236.143.48:23 aplbs.yy.com udp
CN 61.133.52.33:23 wtaplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 58.215.180.63:80 res.3g.yystatic.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 113.108.82.185:80 dataaq.yy.com tcp
CN 119.84.125.8:23 udp
CN 122.228.246.138:80 udp
CN 122.141.244.8:80 udp
CN 61.158.244.135:6002 udp
N/A 172.19.22.116:80 tcp
CN 218.16.227.133:23 udp
CN 119.84.125.8:5002 udp
CN 61.158.244.135:4002 udp
CN 122.141.244.8:5002 udp
CN 113.108.82.148:80 res.3g.yystatic.com tcp
CN 113.108.82.185:80 dataaq.yy.com tcp
CN 112.29.177.237:23 aplbs.yy.com udp
CN 112.29.177.237:23 aplbs.yy.com tcp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com tcp
CN 112.29.177.237:5002 aplbs.yy.com udp
CN 114.236.143.48:23 aplbs.yy.com udp
CN 61.133.52.33:23 wtaplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 58.215.180.63:80 res.3g.yystatic.com tcp
CN 113.108.82.185:80 dataaq.yy.com tcp
CN 112.29.177.237:23 aplbs.yy.com udp
CN 61.133.52.33:4002 wtaplbs.yy.com udp
CN 122.228.246.138:80 udp
CN 222.134.66.73:6002 udp
CN 113.108.82.148:80 res.3g.yystatic.com tcp
CN 113.108.82.185:80 dataaq.yy.com tcp
CN 112.29.177.237:5002 aplbs.yy.com udp
CN 114.236.143.48:23 aplbs.yy.com udp
CN 61.133.52.33:23 wtaplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
US 1.1.1.1:53 star.m.yystatic.com udp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 113.108.82.185:80 dataaq.yy.com tcp
CN 218.16.227.133:23 udp
CN 222.134.66.73:6002 udp
CN 218.16.227.133:23 udp
CN 119.84.125.8:5002 udp
CN 61.158.244.135:4002 udp
CN 122.141.244.8:5002 udp
CN 113.108.82.185:80 dataaq.yy.com tcp
CN 112.64.218.65:80 mlog.hiido.com tcp
CN 112.29.177.237:5002 aplbs.yy.com udp
CN 114.236.143.48:23 aplbs.yy.com udp
CN 61.133.52.33:23 wtaplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 113.108.82.185:80 dataaq.yy.com tcp
CN 122.228.246.138:80 udp
CN 222.134.66.73:6002 udp
CN 113.108.82.185:80 dataaq.yy.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 183.240.99.202:443 www.baidu.com tcp
US 1.1.1.1:53 star.m.yystatic.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 114.236.143.48:80 aplbs.yy.com udp
CN 114.236.143.48:80 aplbs.yy.com tcp
CN 61.133.52.33:4002 wtaplbs.yy.com udp
CN 61.133.52.33:4002 wtaplbs.yy.com tcp
CN 112.29.177.237:23 aplbs.yy.com udp
CN 61.133.52.34:4002 wtaplbs.yy.com udp
CN 119.84.125.8:23 udp
CN 122.228.246.138:80 udp
CN 122.141.244.8:80 udp
CN 61.158.244.135:6002 udp

Files

/storage/emulated/0/yymobile/logs/sdklog/pushsvc_log.txt

MD5 6c53927056957e33b813130b3a7e24f5
SHA1 f0e7a5e9f604169dfa09fb7f70255cbacbe88c0c
SHA256 678ca7d96f0413dfeb1c8040f4bcf277b6649b255cf0d09009225a3a6f5824e2
SHA512 06332ed797a271fdb0c6d844892aa410ca20cbff0af731e1787da34e16c82976f58990a26eeb60f22bd06c551c04d28ad7361b763e861bc8a99fec2d24da5692

/storage/emulated/0/YYPushService/com.duowan.mobile/config/LogPath.txt

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/yymobile/logs/logs.txt

MD5 3f2f4a82e6744d2c544c64bd61db7f78
SHA1 b36882c5f27db6c9658ea3a8ebb0a22abf74bdbe
SHA256 18aea47e7c09a4f9522fb31f62684b4f0dc75133d9b892610cadddcb709d91c3
SHA512 4e248e7ea35e3a983eee8195067c5c3deb59d93fd12096d35c2ad4e024be0fe3cc9bda1faadd46c60ac2a548616279a66fa7a79540c925ab79a8498f021d853d

/storage/emulated/0/yymobile/logs/sdklog/yysdk-yymand.txt

MD5 d09138798a4cc6ea381c11d496e38262
SHA1 6c25ba78da76d6f61b1929fff2eb8b62fa0f46f9
SHA256 7455b84158afe032e0dc87ccfdb642c205d56bf84d8348e43649a3e20d37782b
SHA512 ae0bed49a4f5ffad7e7a6718783cf157dfeaae15f151d0ffb2fb9f8c47fedbe326df8715c2c4e556d42d66929f9184cd31820e7f62d7af447aa76e7726e52235

/storage/emulated/0/yymobile/logs/sdklog/mediaSdk-trans.txt

MD5 1a45dbfbb16d7369f7e9a5e6a2502c55
SHA1 f5efa9429a467c7ee225f4fda0f14291351939c8
SHA256 a6812a8ae156d3737cf503e6873c2a124cbe120b1f6e45f7b69069e4e283e34f
SHA512 0954fb3897fae851189776783bf76c1fad5ec4f89402104b1412251d15db6f0dbd6a4442d4fbcee4635dccdb04633c804f25d70e0ac9e515c26b9ec0ab347572

/storage/emulated/0/yymobile/logs/sdklog/imsdk-yymand.txt

MD5 481b2382b808be959e9d225dbb7e0d5b
SHA1 7f6a7009a9fc7ae21fa5c01ba15e1c059bff9e74
SHA256 a048a27b215eafc2f093246a08e098ea56ade4f99bc652fcb41ba25bbe626b0e
SHA512 ab81d521761a11b3651997e4dd341945627b06f664272105a1cf64084cbc26569e5b629251be51db144eb3d04d0e6fe293d39db2f5deef0738212cac59836aff

/data/data/com.duowan.mobile/databases/core.db-journal

MD5 ab56d6652f071583fd8362c888243f34
SHA1 cc4934863a94e7538d4dce6587516cc3c8a1e25b
SHA256 929376cd8160e588951badad2288a5c43cdcee0fddfc7d295747ed66e9b4287f
SHA512 49de5400a47174072c2ec75bcea34700af941580f7ee034baa860f76b53882b48a45b913a926290f57825e72b583c1d7bf117b2c2236770950490d66280b4636

/data/data/com.duowan.mobile/databases/core.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.duowan.mobile/databases/core.db-wal

MD5 3f7b0215381feee755975f1f4653c28b
SHA1 f4f0caf6a41494b6a71dbd721dd5e0f28b84acaf
SHA256 4a3b9697d7f3deca4e7599f847049bc46a1765e4dfed8175829ab43918b8ad4b
SHA512 313358d32dbf63a1f5dab3e961d0326d06f169fb275bcc59b4e44e91110d29ba12a57e3e81d9642be635c67347a1e3ac5d51632a1471f2e194f43e3f834ea0c1

/storage/emulated/0/yymobile/logs/sdklog/pushsvc_log.txt

MD5 4fd37147ddf132f68e510094559a930f
SHA1 7470d1ca00cd8834ca58e9544b79a589b988b92f
SHA256 f23240128b4c71e18814d730a94868deb0632e44805e600df174e84ccc1ff600
SHA512 60eac7f4a7ca98216192fa2d94818913d6313600f7c284168c49a1014a73d1701de57cbf70a0f1ab8bc742056b3645128e10439407a1d22a97736895dfda13d4

/storage/emulated/0/YYPushService/com.duowan.mobile/config/LogPath.txt

MD5 6b33a15c9174ebc013496b33a21dc865
SHA1 7031b5c8c0711658049de428daf029002d1e0492
SHA256 b47ca03086754464912eff23f88cad3a1845b210b498a82412d555dc5fd8610f
SHA512 66c177fe8dbc0cac84a685b936c3484c13e0bfe04b9703620f4daa36e335173ddd259f7a0327105c6fa56c727aa17eb6cac93a7ec30ece0f2c184957a259516b

/storage/emulated/0/yymobile/logs/logs.txt

MD5 20d307a6925c52abcc31fcd746971ab8
SHA1 971347b14e83b7537dd98a6c135b448783201c6b
SHA256 64aa975da15b6fcc9f78dfb9a38471d46e6696f5e5a5a28e5491a5518147578c
SHA512 0c14c393c62911eab158cbcc3dd95071759492bf560b3617c22dab86d462f132a961809ff5d05ac7f7d7f150f4726a9fda1a84a6a5c0ae60b291d7a6905df831

/data/data/com.duowan.mobile/databases/accounts-journal

MD5 774ea812bb31961741effd24cceb460c
SHA1 fc436fd01d242fb44e6df91a08280a5c2d3a3b81
SHA256 99f993ca8aeb632e6762b2491cb461afaba476fc06093ef05a22a2ff06458eb9
SHA512 c83c79b097fc7c4c09ddfaadde0cb84418da87e7ea9edb1fe4cef0d2018f075ce85e49d5d6a9a170693c5547e026309c5085c14469dab9b7bd1bf1d6fcb669d5

/data/data/com.duowan.mobile/databases/accounts-wal

MD5 92e974db4fbb7a84694330e28eb40e18
SHA1 0afcc0882de95d80f85cf72fe57924df659e7783
SHA256 25f1bbaf88373b0838d04ddd5b089665bf9286a3df78b57d475ff8a5c17fab1c
SHA512 5681084c13445346a3a22af531d859671fd3d75e2ba4afe8be0f2e64bf7a730703924781b49b7749d3d7aed93cf52378ee5b5dacc54ff47606184029fcfeb9f9

/data/data/com.duowan.mobile/databases/com.yy.pushsvc.db-journal

MD5 ca40e89ebc49d90469087b7e847649ea
SHA1 a726f2987a4dc78f4e77a007a68cac4e2cca1264
SHA256 e138513ea7567380d556cec9ae08d0b783f04d3ea0f558eac32259ad04a5854d
SHA512 2644b6cdbe8fd62529d4bf3f39ca423627826540b07a212d2722d3c3e1aa124993a88a21f88a15bed2cf5fd57cba740635a6ded53f4c94e6589841fb3803b150

/storage/emulated/0/yymobile/notice_settings/vibrate_switch

MD5 b326b5062b2f0e69046810717534cb09
SHA1 5ffe533b830f08a0326348a9160afafc8ada44db
SHA256 b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
SHA512 9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de

/storage/emulated/0/.android/uuid.bck

MD5 852b0b54fe8abd02ff6c1d5c64880a9b
SHA1 d6dcf5e93e52607c61c9bb2f82fccd12d905021d
SHA256 3a731f9edd97826cf7caa3fdea3104088ad617543e6166bc8e498ff36092c216
SHA512 6dc967fdcdea218a9cade71235773164e3b2ac8247db4b456d0320442a8757f2a30494e8dc28283ab8ff56f59f40edf84c0bb7ff53986c2417a038fe3889e9ad

/data/data/com.duowan.mobile/files/hdstatis_cache_51e048ad

MD5 4a2aa91e02736116bd83213679c7e1bd
SHA1 24c0b91ab83289f877329ee90b508f52c35f4d01
SHA256 26ebe08b2c777000c58dbd529e5a8857226f7db15cc44f452343692aa898d7a6
SHA512 3c70e552050bf15fdf623bab28fc9ce0a0a5a6fe135de970c571c61228d451d5f29101a2b060fa0d2d5a18ac6e2dab69b7ee2050562111363779abb266a6bbe0

/storage/emulated/0/hiidosdk/hdstatis/com.duowan.mobile/hdstatis_20240605.log

MD5 7921a225bb384552b1fb92f9d8c9666e
SHA1 3b2bd9905adfc7c36e8f9ddb6356c7da6dbd74b8
SHA256 482a5ce6440281ca34f797e9ec92296c94e4473b77c0175b382397027a73b8d5
SHA512 9f0bce5b8dcc1e24257ee6e7ec7e21ba1d7dd8822f2132ac993f29c4f50903208a9ce079034a9839641ad2a39c83b634e219a1b778b1cdb966e082e86ed6b33c

/data/data/com.duowan.mobile/files/hdstatis_cache_51e048ad

MD5 cd934485facd46632424d9be9ff32d84
SHA1 525783a005db859ab33e46f01b8e65f3059f319a
SHA256 9a54c5bbd0fede59e84c64a6463f5c6e9b93680ebbf5f237a00bc1b41e31ff23
SHA512 8de3b1536b75eb15434de8f47bb14832be4441dd482bfec882bce1b3ba56cf76861ddd30b5d4e747b5b2eb986ef16b1b1067a4d2cbd3210afa22760264874ee8

/storage/emulated/0/hiidosdk/hdstatis/com.duowan.mobile/hdstatis_20240605.log

MD5 272a5ce2fd31c8ab20ffd0cfc47d71f6
SHA1 0548d09533434b9b2fca9e0eb2097b36dbb26d84
SHA256 10336f380db73cb24451d8fb058fb6ad7032839f28d4e5d2c5f91d21655b5698
SHA512 6119378332b1cc2d7c1fc17d1d49b13f815068e2afeb535c6f6e231f4824b4170a53a9e8996e70bebc4720f0288c02f1dd8b5e60cd76833b00e15ac7c0a4136b

/storage/emulated/0/hiidosdk/hdstatis/com.duowan.mobile/hdstatis_20240605.log

MD5 34f5a92686815c04fc0f8ffa1050f98a
SHA1 e705fbd0410e61fcb602c4c714ebc5c87cb30b14
SHA256 35f9dee6d86f9f9a75170fc30ad84e821dd8aeb629f41fc9b1474ae52fa9e888
SHA512 1b3402ce9d83f8970cfd26c1f1ffc7f2455b9e71ba9a15959838b0948972482101923cf1bab6552546bd4553a99cee8eface1abfe981144af994f20c8a35c3b5

/data/data/com.duowan.mobile/files/hdstatis_cache_51e048ad

MD5 7f2f00ab066280391d72302bae7c7274
SHA1 77050627418807b78b76f8b7bfa17e8652ac28ae
SHA256 082fc82b7c5aac646cc8570835faaff9eb551a553891d1659e27491383a3ac55
SHA512 2020e19bf0ad326e85cccd5e4cd34ccc7bb58b67587c793ae363f204eb17d0352ea02f0cfa4361ecdf4a254ba5b55e5ccefbf6bc89c9f4080834717fcbbe5d09

/storage/emulated/0/ShareSDK/.dk

MD5 c9383021bd97affc44be4db7018c4d7b
SHA1 7e680409d1c86e35149bebc22f2cf8c484f0d23e
SHA256 b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65
SHA512 7303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81

/storage/emulated/0/hiidosdk/hdstatis/com.duowan.mobile/hdstatis_20240605.log

MD5 2f6f8957a15d308fe5dcaf71915024e7
SHA1 ec610867e82a16327711ed2d45e0acda2a639248
SHA256 477c828383ac40fdee2e18b8ee506a39af6f6c9838107eef0570b73f79165210
SHA512 d68bf3c6fbf404924c9b0bf30fd79eab762717dd165f3694f7184fba84c71c605a6a1ce68d314ff9b47cf47d2c9ef54686ab803eaad4a29fd8656131cb93d6e2

/data/data/com.duowan.mobile/files/hdstatis_cache_51e048ad

MD5 0474a2a6f4658ac871139af01f8d9fa6
SHA1 89411724faaebd4e98ae8eee397076c9ee2c71c8
SHA256 ae052216291b2f90d5d4a0f0c96930b5bd8f2a696546f30f8039b0ce6368efea
SHA512 643bdff5e4d43d07c70a8555f71a9f8f083d0a05da1c51ef415af5a71e4856d877f212d2abd826f476fdf50568529b2f8c4ce9cb89c471b96b15ac306dc2cdbf

/data/data/com.duowan.mobile/files/hdstatis_cache_51e048ad

MD5 2713c07d21ccd94a3f3eff2b78a51542
SHA1 06c9d9545b8019b311fefb1db862a02ff5e8c80d
SHA256 b1d52184f3c52e88da4fbd62063f1916a6ee46a386cfae0d68f8f1832bc221fa
SHA512 64f56e92fbc217c7d95b840817e5d9aead4c113dd205a3055dd9e2fe06f9312e9041ba5914741e84cf88734a24c6c45d91c63e82fa33bd32d9048c643514f6f4

/storage/emulated/0/hiidosdk/hdstatis/com.duowan.mobile/hdstatis_20240605.log

MD5 a6b7b07f3eed216eba346f1b22005e83
SHA1 83c46dfc81954c63fb13619af80b2ac3d8fd27f2
SHA256 f6e76729d80ac52f11cfcab4516e09d23b74af97b5ddd35b1804755974a16f61
SHA512 01b1ce1395bacb3a8a50f2e1c57694960899392656009c7245473907eb2fd7a76f9bc0a6cf94600301294e3ab10fc56e587ea568606ede0eeeba2a3a48d0ad91

/storage/emulated/0/Android/data/.dat/37443355

MD5 0080960bd8b83ff4af7537c925a4dbb0
SHA1 6f0e283acba5dfecff351351a2cd657434b753a7
SHA256 81a6fcdda49d1f8594ae7e762b330d9d554e0c6a3ab95ef2c5a94806adc9d8dc
SHA512 0c74591eb7cd78a96ccc7287ea0c72f6deb063f296ef5b983a9f8ed4087df8b586c779b73e81472edbde8987d3a1f82f59d36e71f06f10bc424e1de2486fe053

/data/data/com.duowan.mobile/files/Hiido_BasicBehavior_Event_v3

MD5 e463bb47566e24cfdcc077cb9e1b2809
SHA1 f034f23d360765e7365d3f45f38ae00caea79960
SHA256 60828e5dae63f0daeb202a3d0081c28ba701264dc1518f8ab10eb64e362405eb
SHA512 16a851735b8fc2ccc3e7fb1467a644736c852feb0801cc83d34bb0f329ac6e1098a551c711fc359d1a63787120955a1a2a15b0e148c853bbf3b703363ef2b8d9

/data/data/com.duowan.mobile/files/hdstatis_cache_51e048ad

MD5 3a977be15f2f5560d2fd35a0e0384092
SHA1 6bd34d14608f9397a34eb62e0163966ad95e8986
SHA256 fa4641c7676b85d56a96da2644460bae8ab47377c05d5ab03a226b5724eb0d94
SHA512 2ba2e133d0cad5bfd60370a85a6cd28ae28d0dbcf6b299f2d767895ba818bbb42511579ed04083738be58dd34243621ba632b3d5a3921e0524adafa975e76350

/storage/emulated/0/hiidosdk/hdstatis/com.duowan.mobile/hdstatis_20240605.log

MD5 02d3c01f82a0914d79323f1894af3e41
SHA1 0658f92df7ddd39a240c5a1fd6492c5b77ec466c
SHA256 946ed8d220410310e6ff25c3c1f0cc2823632242756af0a7bad421129c8a32ba
SHA512 e1e09267fe911d72f7ab4cc39d17a166b011d8a673edf72ee89a2e726b30a8bfc156cdf13e556ccc05efcb2b84f3cf7e0f2013f501b00f6a3569ba86e86807ab

/data/data/com.duowan.mobile/databases/sharesdk.db-journal

MD5 649e33c100e992d7b3738a57a165419d
SHA1 675578dea23041c91dbf1a84030bb2e702d61eab
SHA256 7852eea26a9a5f95c9836eb4e84f18c1a75f10a9f9a4cbe57812fedb606b268f
SHA512 9029b10946e542aae9e8ddbed39c03cdffac28196fa1d15adfea0ddfa69e31308bc0dc9d441f95da47c6038168cba65a85b6f478b938553bc4e263ea2259c660

/data/data/com.duowan.mobile/databases/sharesdk.db-wal

MD5 8502c3b97fd1ef60b38ad2c75d3c743b
SHA1 f0122acff7c1d5e4a325ee79423a6d258b75f5a3
SHA256 db9c077919b704e0203aadf6273af5b439a8685dd52c345714fdf63d37e7b627
SHA512 4fb1a4f7e68d2730c341f90beed957142f21967e99b0bdd8084ab0d0ae496ef2cc95751c14b569c535f0a4072c89106fc30d5e7ebdd4a357a14ba2b86ba62cea

/storage/emulated/0/ShareSDK/.ba

MD5 52794b05c7286dcef7e30503a9f702cd
SHA1 bd2224279ee456da44f415dcb641b501431311b6
SHA256 bf33b4504e8d50c1c676b91a2f730282066ee09bd54077244a63a4910d9222d2
SHA512 d7d0f1ffe39227a163766b5b4b55d140aecf1508afac417799227c10382e87f4285ea40b83ab10c5dc9d8e93d461555ed41fa752a6cf7fab02834f78616353ca

/storage/emulated/0/ShareSDK/.ba

MD5 1aeb232922640cb790b9eccd3c22e485
SHA1 a69df31de2eb41a77fc7e8bcc9a619448cb42844
SHA256 27d86ced2ffca8ceed80a0e9e81fd499f386bb079c743a646229532e1e8c86c8
SHA512 855862bcde22917ef903ab588eb1ccfa74e17c7e64cf1bb22cbe7653e84707c785d20cbbcf8546e51db71dc2370715f1e374e0490723281d619e2604a014ec30