Malware Analysis Report

2025-01-19 05:01

Sample ID 240605-ylfs7sfh6x
Target 99136ac0b9af058a990f0b3312f9958e_JaffaCakes118
SHA256 7e57d637e8b4de970b44a7b634484d94017d797ce8d3ce41fb40b3040ba7441d
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7e57d637e8b4de970b44a7b634484d94017d797ce8d3ce41fb40b3040ba7441d

Threat Level: Shows suspicious behavior

The file 99136ac0b9af058a990f0b3312f9958e_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Requests cell location

Queries information about the current nearby Wi-Fi networks

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Reads information about phone network operator.

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Acquires the wake lock

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 19:52

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 19:52

Reported

2024-06-05 19:55

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

185s

Command Line

com.dyxd.instructions.s1151

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.dyxd.instructions.s1151

com.dyxd.instructions.s1151:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp

Files

/storage/emulated/0/Android/data/com.dyxd.instructions.s1151/cache/uil-images/journal.tmp

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/baidu/.cuid

MD5 81c2d9934cbefbf635ff6fefa72bcf18
SHA1 414cc73b3372bccac8d83e0db85dbdf604ac5b52
SHA256 fd9b2edc495112453259ae75445f1764728260d8492d3ecd39e608fec4df4b35
SHA512 b5da18d8fc2eac0ae2a9a59b6879c9fe2121feb2d334e3bc8cb2d2d8a4c66e897f78108ee18f4e317240486c3e247b26c81f9b80ef357d5b4ec2325425a37430

/data/data/com.dyxd.instructions.s1151/files/detail.html

MD5 1e0496a9e329be90ed1b30687b17a61c
SHA1 26edd390fc94cb6ce26468f1300eadeef735d2dd
SHA256 0a4acd5ead101021ae696a0db85074b5b1cbce15d3f3a372c7d0c1a7c4875e26
SHA512 a216d7853169e893593e956325ebcfe9045841914bd212b49d03cbde0c50435d05600a61ea63765603bddf95ba428d1f9ec209189de780d406c4f982af0da98c

/data/data/com.dyxd.instructions.s1151/files/brand/p129302239751932500.png

MD5 b5d93830929f48f9fa2fa7e50bc50360
SHA1 568b26120cd44c7af4edd2fd82dec953a26e0a89
SHA256 c3c666fe547a057ff4ec23e3000f90a68fcf138201f28790eac5a3e93d4c9da3
SHA512 bb7653d652e7700a42b0a50b78afca00b54ac9c4d58ca70714135093bf16d8d099a191a8eeab2d764f827e4e89067477af0a375a8b8aa4171ea7c75a34344ee5

/data/data/com.dyxd.instructions.s1151/files/brand/p129302239927557500.png

MD5 61c2f9d5fc515378a02a4d62a6d78570
SHA1 dfea43094a3af7aba64696ab70dc313ef19c5edb
SHA256 c7681cd8c15dcdad575ecec8b2cab6a2042729e79c1591b1a384026328386f71
SHA512 07b936ff09b900f4cb0216ba8ae78adec893ab48c4616e34f1efb1731e7a0a0be6f3d6dc8dd8f608828822a7b3ce4d0098dc125321d4f492a55631e0840c7c80

/data/data/com.dyxd.instructions.s1151/files/brand/p129302240087557500.png

MD5 22d3b741cb824639ed62761af1ad0b53
SHA1 00bf864f44e54e8f69fe0570ae923df5d5055563
SHA256 c689fae0a6aec4d6169680252643c96ca26d7d42eed7d03e97593661ebf7d6fc
SHA512 daa2283b485558286a91d0030de76f07169ebf0c8e82110aafa762ae94d8f4b13709d96625662370824ef5143a97d86302f1b4cc92a0d7c27f2588231fa27e84

/data/data/com.dyxd.instructions.s1151/files/brand/p129302248767870000.png

MD5 8e4ab617afec18711af80c2661d81573
SHA1 361681b36fc93aaf93535655672a9a10ec10318b
SHA256 5c5893b0c7ce1300d9e47e4144331e982d1d5adc19ad3740d178bfa3edab5725
SHA512 117ca4f3b01f55effcb7678daf8145aa422723ff6f4cfab6a2bb80fd8e10d031730ed71f370b4772d91da6c78d933e3cb4fd0ba14608bcd415e50a5557ff01c3

/data/data/com.dyxd.instructions.s1151/files/brand/p129302254410838750.png

MD5 e47af2eae544dad6581642ee4174c278
SHA1 4d31069ecbea69bad5e4e9a15d764388af047255
SHA256 1caf36c7541263fb38fc86be07cbc3f8991972038bc5e6fb6a94482d66ecc317
SHA512 f6a451063b3e5b2f4538e7e5a0c331968f741f4e7cafa251b0d7b33a34598aaeae760363cac6121bad8ce6d601821b4d6b9fa16439beff3914da13b158675469

/data/data/com.dyxd.instructions.s1151/files/brand/p129302256764745000.png

MD5 eef0875718fae679ddb1b30735635b84
SHA1 74724865219f565e28a27100e2321f0a5cfc964c
SHA256 1636e5ce3a92d0b7927f84dda3bb10a93217feb4f809982cd3f608dba25022d4
SHA512 c35510b756edbe66dec7151092b1aeb5ca2eb66623153f67743ddf20b665ded1dd8dea7f621e097f3f6188ee6b2620a7cabf27cf2977d86a3dba87028c89a5f3

/data/data/com.dyxd.instructions.s1151/files/brand/p129302257960370000.png

MD5 53eae262cc17035ac1d5ed200bd10c1c
SHA1 83ede8c32e25b1d21986a9024d454973ed75d20c
SHA256 0b898f859bf6a537e054a696131d3f8e1ab4f15598d8153e13c1d5a7122adf6f
SHA512 682d3415f46987cfe2d9c4853897bea83c3cdb1b1fa48cfbeba24b39f7672b3fc6c816fd2bc8c50ac524b5cf3b1290d6bc8f31884f6699fa44f23100341cb9c4

/data/data/com.dyxd.instructions.s1151/files/brand/p129302900493437500.png

MD5 07e15ae54396056a9e47b02631f832b3
SHA1 c116c22c1801ea59c69893c063b92f7039e6d2c2
SHA256 d1419944112bed7a6d4cd70cef4b458257512d77435514686181828276c29443
SHA512 29ef1e9db14b4ddb991b793e88d269101ab4fc8fbc7f42937dab8be4e32ee3f63acbbc05de93d4d388b7c69d8ac3ed1728ad0eda74584ae738d0b2da85b029df

/data/data/com.dyxd.instructions.s1151/files/brand/p129302901592343750.png

MD5 472ba80209aa244a05bdb7cc657ccf48
SHA1 8db5fba67cbbe52a404fb39c5bad8c5d5ea6ad04
SHA256 bc87bd273fe95299208c3aaf64303735cb738e7af8bcc678bd37ff086340ee2a
SHA512 c82655895304e263549277d5aa3053cd5a1783c42e9da7721952ed49650d5d5c0880baa96a33245bba642778958959d1cb64afb70f34e0279bee4517e9bebac7

/data/data/com.dyxd.instructions.s1151/files/brand/p129302966016093750.png

MD5 361fa47053a463c16c3a27315fb3c9ed
SHA1 291ee9d52d850c3b2a01b42c3eeb37370909933a
SHA256 1b56727efe5f3223d4cf2e1678667982bea41726fd88401d03bd54ec2d8d14b9
SHA512 88bf4121ff7b2a2c304b266e4e7029dea6192e201ef0230cbf82d5a2e98d68b43284810d5b695055d2f8c746bdd090b604da5d9597caa07c10caadfd7fb31e17

/data/data/com.dyxd.instructions.s1151/files/brand/p129386871808336250.png

MD5 381b2405d32cc544ba935e4039eb2275
SHA1 372df8c051011788cd4315b4fcdea196925d2f8c
SHA256 7883eba1fb3c36d48c512ca66bd11272ac1b2dd89e9be383327315c51c0efccf
SHA512 78b29be6e2f4de621ddbaf1ffa19c0535906cb7a537073efba5d89279420a6790cd377fbe05a621b5dff389b1cc8661acbeed9b3b3f0036294148483f7f873d9

/data/data/com.dyxd.instructions.s1151/files/brand/p129472203719848750.png

MD5 a5a06f66e78afcb41245189a729943a6
SHA1 d4c61a08545d2f0676c7116f6e17a551c8fd3b07
SHA256 61d374028f79fcb8c5576a91fccb5ab7362fbf337ea9d8bbc265fa80d9c0bfa2
SHA512 5cc1c240417c10b363d2d1ca75e1706f2d556057501afc15329fb5472caab1902151e76e6055c1b5baf2cbf436d5617b4cc1c14ade62e6064bf38e6b2c8ca610

/data/data/com.dyxd.instructions.s1151/files/brand/p129683886312508553.png

MD5 3b7ed703d1cc6b099b39ea791e1897d8
SHA1 9d36bbce63ecfa11538afef63a1bbf1f160bea11
SHA256 538f97a6f7cbff7c173240f9d30dc668c195f5da93bb26ed50ef2c03097814bf
SHA512 f41c9c8826b35df453e956357bdf28a5e61f96fe602e5ac0bbe95be73c471c5fef1d17547bd1877e8dc3963addda296d835077c0f7d5676dd690ae661e66870c

/data/data/com.dyxd.instructions.s1151/files/brand/p129743627900268975.png

MD5 0a4b321c9d899b91312453112626dbc8
SHA1 80342d6db870d0f60a1a57169d21821725caf22e
SHA256 589f6f88760d4a35d0c965ec9a0ff7eecf4c09580d41c5f3643d01544c324175
SHA512 8ba1417705c8af962cd679e7e3a2268a361edb477b06bcbe0a3cb9eecd0cec19dfa0da06488e8718056811dab2fb04e73ad399874d21be4a259d780fafc22138

/data/data/com.dyxd.instructions.s1151/files/brand/p129815225692590942.png

MD5 8ddfbceddfcea68aa9b741e6dba1d391
SHA1 aed619a1de1715a1e6531669ef22217ca16fd0d2
SHA256 0326fc88821c1fcdcd990ba8e649ce15bbfffede357b4b6683e1cdd8129753a7
SHA512 c4f12cde3638140a487e3cfc5c90d610425e83f9661d54a2b3e69e140a8663edb496dd2708e1439251479dec421c9abc4bc04ad47f6d00c9d61f7efbf2ce916b

/data/data/com.dyxd.instructions.s1151/files/brand/p130003561762214051.png

MD5 dfaaba370b0ac7a54414657ef9980ddb
SHA1 c61a337ef6072786e1c905093b503f6ca1b6df26
SHA256 5229343306520fc98b3dd42cdd7174922ee70b9a76b24781d82ddbbc3bce5d30
SHA512 c583214862219459928f254d7dd5752a0f91288b8c5967c50bc95c6d9e39ce60425553a95d190ca3800d5ccd58e01e3105b38ae9170c1615da174b1ba739410e

/data/data/com.dyxd.instructions.s1151/files/brand/p130026045626228167.png

MD5 3d07484d8e23390634f6c4292b1793e5
SHA1 abece87143365cfb644f75a04586d7b5d99444ab
SHA256 a57ede9fc3adbb55aec3bcaaa51d60c333903613468396777f430b92aae01694
SHA512 cd343ab0325af5755cdba273b9a240d34c53a07b0630cfaa2c83899fc74f2c309a027b584a55f8bcc2409a26f620755406cd5279315bada18b4be3dfa00f57b5

/data/data/com.dyxd.instructions.s1151/files/brand/p130090252174664593.png

MD5 c682ad0d068ebfa7534fed463520edf7
SHA1 e32539136c30b4e7e7509554b4fa12b4a057d911
SHA256 f3d02cfdd11d65aabdf3520310c681da665e585938caefc80beedcb9b44332ae
SHA512 a369e5d8f6e884b82f5589eb347af1f19c578bbdc62616064145112e971299fcb48e7f96bdc11d884c07e08260ee6c0e72751357abbeb449eb7cbb6860dff7df

/data/data/com.dyxd.instructions.s1151/files/brand/p130119534743029556.png

MD5 9366b5841b37def3237c7f0bcfe7ac0e
SHA1 0d52d698c27602d5db7fddb1de0577bf327664f0
SHA256 31483b3742da5fa58f3b0bd674e25384b7190f2939f9578099484387d5a84f48
SHA512 078573d4ac7e2f93a28ac59cec927fdf764995aca37d67e42d4f411c808414d6c6f99646c889e36ecbfdc042a8797c85f2a64c50387f1239e1ebbbc3a16cfcea

/data/data/com.dyxd.instructions.s1151/files/brand/p130278291464085825.png

MD5 6e1e3a767180b5706bd56b435473f8b0
SHA1 fd0d8e54fe889e3d89190606ededfdea05c0bae7
SHA256 534489d801c717f9931a261686f137b0c2c1f5f06b88ca82c67b5c9d8c5f60a1
SHA512 cf5137839cf9542636cc4f7ec4b525741b90690d2ecaa32e3297b89088a418bb2a4a55c8f13237fc8253384ee7b76f5369e641068dc40d124f337884c55f4c9b

/data/data/com.dyxd.instructions.s1151/files/brand/p130306243240170768.png

MD5 4644674b594069e1731932564f3b4593
SHA1 dde1df773b72fd0dc566cfea8d2eff62c3d52ae7
SHA256 4c0989b9e8490265cb42df58b3f572ccd4305d42426d09692c519efb390ac2aa
SHA512 296abcc5d07baba2caeae5c6a7bef77814c73b62943643b35e3f0533bd3a632811f0d5f45ba02d037621e73f8ee3b93bd573645e537131d4228a7dcf2633b107

/data/data/com.dyxd.instructions.s1151/databases/pushsdk.db-journal

MD5 850897c3bfb9942f3918064a2074687f
SHA1 0d50f7e42fe13a4f906845d18efebd929fc22752
SHA256 fc572af8d049ace8e4c5be064b3f2ba5a38d7fad3399101ab033a84184333a5a
SHA512 a0cf9ac0c9c0e9d508afc34adb4e2633514589e8f805a110770a77648908506040a4f2201da60c9ab49e6b6c5afbf9ccb6f8b9a854288881612abda24449b604

/data/data/com.dyxd.instructions.s1151/files/umeng_it.cache

MD5 a4d7d4409e8125399ebf288e8f13fda6
SHA1 5a0e10a0aa363809d9c27d71ae8bbca20b5d14a7
SHA256 f73692c2992bf3d2e4a82fe13cff061653a4e07ddb4cf1ec369c5d335d61622d
SHA512 2f90eca5189d13d758a436cbad1c584adb13a79444e435dcc988e4214830fb8323dd44f31dc4f70bcf31a36a16cb70da5ee11a69aef73bc28761f11e787d1906

/data/data/com.dyxd.instructions.s1151/files/.imprint

MD5 f732c68bf01ca43e66c6032aa1504482
SHA1 3da5e723cfd14b79f31a6c4f34091b6ce9d29285
SHA256 cd68ca283829db19f54222a762bb2ea1b78ba4b8ab48d3c0f6511c052f6de011
SHA512 01853fe26978e63228705ac0b5b19224ac4536ddee149167668ac6ee8739cf259147a902186c10383a02e0635d147214958c15fdc05f869b18f7e3a294dc6ed0

/data/data/com.dyxd.instructions.s1151/files/umeng_it.cache

MD5 b21db624847b3d5030a61f144b621600
SHA1 932b314cbf4ea8268a4d413bf01f683f1e82405a
SHA256 5bfc6932ca63046f3a87ce230e95c9b143db0cfc8ec282d024f737b0e0313ee5
SHA512 96b4f4e6d77d5f5b26be9168f0e40b0adc49cbc1522827c1ffb6778b75834b8decb57c7c5db8252e7bb9b7db650854a08c412ecda5948e7e55c5d5d023ee62f3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 19:52

Reported

2024-06-05 19:55

Platform

android-x64-20240603-en

Max time kernel

165s

Max time network

179s

Command Line

com.dyxd.instructions.s1151

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.dyxd.instructions.s1151

com.dyxd.instructions.s1151:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
GB 172.217.169.14:443 tcp
GB 142.250.200.34:443 tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.46:443 tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp

Files

/storage/emulated/0/Android/data/com.dyxd.instructions.s1151/cache/uil-images/journal.tmp

MD5 fb6348e043287168fdc5f71f030b7144
SHA1 15eb95559b2c841c5a933bff4176437e0d410e3a
SHA256 940d915e56b3fe0c546265d09022cc5ce6af5c57209b6ab051227871032d96c5
SHA512 53ae74ee167b9f28b1b13b2ecd8aba2091c646e3bae7b436ed0a103d2846048de437e3cce44f0c8897b3e44ee1a91597204b6ee4d15df60aabab59677689b1d9

/data/data/com.dyxd.instructions.s1151/files/detail.html

MD5 d59577ac5a455a8fe54da5203e9cdd37
SHA1 442bc67960880772a2180e195a278505e5a263d7
SHA256 07a817c969810dadaaca2dd7b87d54dc6555a6552fb934fea4fa143bc10916af
SHA512 4d0517828ad3e2c73aa5292d52f1afb0c61077e87f5c2908d3fc84c000005fb1715b05263a2a5eb5dde9311e7e8d25a960c8291d8a1d53c1dddccb60ca350b4f

/data/data/com.dyxd.instructions.s1151/files/brand/p129302239751932500.png

MD5 946d9bc5ea9b0a5c3b8fbb746a010ae0
SHA1 8f484767111a2f2cb6df4889c2fcc8ec21e8f18a
SHA256 059107753d44a000f98361ec127438e3c82062fa9523dde88f5d76e5b0ffb12b
SHA512 c0b2ef418e9d5818e338a38f4bedc3bb74233411ceedd65635b04a45e28f747aac986067eaad4c38f33cf8504a5baf22b4376ab60f2f4a6d8c18ddf4019980e0

/data/data/com.dyxd.instructions.s1151/files/brand/p129302239927557500.png

MD5 41efbcda31cd69b86d42f5cb88726ace
SHA1 42a3c080a69493673b4b0a0235f8be23d7e419b0
SHA256 49a235da47f78ec17e8f760d471e7c8a0df35d281ef726f8cad47a30f307a6f1
SHA512 ca456a7cecada27f6d374be6302532f971de83441d683ba7053779209b488ce585713f524df91cce04ee360fa490db54547c3291df46cad3aeea95c75cd30be8

/data/data/com.dyxd.instructions.s1151/files/brand/p129302240087557500.png

MD5 87a447384f05bedcf3ad50b0a3084716
SHA1 93b061a118144b69d18cb1c4cffe46595eeacf36
SHA256 d977a69dce4addad477c1e34fbba684397a0dfb5d25807eb9d1d4f326aaf9dbb
SHA512 cdd3005dc41608b74e73d8e6b17a435978b839908a3a4ca6d9764ff20a76e0093551c251508912e7e30940fc9daca5b1fa1e3c85c0754fd8f501deeb3dd48fc4

/data/data/com.dyxd.instructions.s1151/files/brand/p129302248767870000.png

MD5 45d6d91486da675dee26e7b1ce432cdf
SHA1 61d337396c8dca677342c3315d3415ee3fadc538
SHA256 da99a02e7969d6657e3d4d8ecbc4cab60a938ca81b156ff6f8802bc638269b97
SHA512 e90e67794f88213ada4f6d77d0b4b9f2075527a190dd6e5289de64deda56bf7808a77563cea1ff5b6586a36ed76386fa8288985751ac1f925daa48bab1683cd6

/data/data/com.dyxd.instructions.s1151/files/brand/p129302254410838750.png

MD5 e47af2eae544dad6581642ee4174c278
SHA1 4d31069ecbea69bad5e4e9a15d764388af047255
SHA256 1caf36c7541263fb38fc86be07cbc3f8991972038bc5e6fb6a94482d66ecc317
SHA512 f6a451063b3e5b2f4538e7e5a0c331968f741f4e7cafa251b0d7b33a34598aaeae760363cac6121bad8ce6d601821b4d6b9fa16439beff3914da13b158675469

/data/data/com.dyxd.instructions.s1151/files/brand/p129302256764745000.png

MD5 eef0875718fae679ddb1b30735635b84
SHA1 74724865219f565e28a27100e2321f0a5cfc964c
SHA256 1636e5ce3a92d0b7927f84dda3bb10a93217feb4f809982cd3f608dba25022d4
SHA512 c35510b756edbe66dec7151092b1aeb5ca2eb66623153f67743ddf20b665ded1dd8dea7f621e097f3f6188ee6b2620a7cabf27cf2977d86a3dba87028c89a5f3

/data/data/com.dyxd.instructions.s1151/files/brand/p129302257960370000.png

MD5 53eae262cc17035ac1d5ed200bd10c1c
SHA1 83ede8c32e25b1d21986a9024d454973ed75d20c
SHA256 0b898f859bf6a537e054a696131d3f8e1ab4f15598d8153e13c1d5a7122adf6f
SHA512 682d3415f46987cfe2d9c4853897bea83c3cdb1b1fa48cfbeba24b39f7672b3fc6c816fd2bc8c50ac524b5cf3b1290d6bc8f31884f6699fa44f23100341cb9c4

/data/data/com.dyxd.instructions.s1151/files/brand/p129302900493437500.png

MD5 07e15ae54396056a9e47b02631f832b3
SHA1 c116c22c1801ea59c69893c063b92f7039e6d2c2
SHA256 d1419944112bed7a6d4cd70cef4b458257512d77435514686181828276c29443
SHA512 29ef1e9db14b4ddb991b793e88d269101ab4fc8fbc7f42937dab8be4e32ee3f63acbbc05de93d4d388b7c69d8ac3ed1728ad0eda74584ae738d0b2da85b029df

/data/data/com.dyxd.instructions.s1151/files/brand/p129302901592343750.png

MD5 472ba80209aa244a05bdb7cc657ccf48
SHA1 8db5fba67cbbe52a404fb39c5bad8c5d5ea6ad04
SHA256 bc87bd273fe95299208c3aaf64303735cb738e7af8bcc678bd37ff086340ee2a
SHA512 c82655895304e263549277d5aa3053cd5a1783c42e9da7721952ed49650d5d5c0880baa96a33245bba642778958959d1cb64afb70f34e0279bee4517e9bebac7

/data/data/com.dyxd.instructions.s1151/files/brand/p129302966016093750.png

MD5 361fa47053a463c16c3a27315fb3c9ed
SHA1 291ee9d52d850c3b2a01b42c3eeb37370909933a
SHA256 1b56727efe5f3223d4cf2e1678667982bea41726fd88401d03bd54ec2d8d14b9
SHA512 88bf4121ff7b2a2c304b266e4e7029dea6192e201ef0230cbf82d5a2e98d68b43284810d5b695055d2f8c746bdd090b604da5d9597caa07c10caadfd7fb31e17

/data/data/com.dyxd.instructions.s1151/files/brand/p129386871808336250.png

MD5 381b2405d32cc544ba935e4039eb2275
SHA1 372df8c051011788cd4315b4fcdea196925d2f8c
SHA256 7883eba1fb3c36d48c512ca66bd11272ac1b2dd89e9be383327315c51c0efccf
SHA512 78b29be6e2f4de621ddbaf1ffa19c0535906cb7a537073efba5d89279420a6790cd377fbe05a621b5dff389b1cc8661acbeed9b3b3f0036294148483f7f873d9

/data/data/com.dyxd.instructions.s1151/files/brand/p129472203719848750.png

MD5 a5a06f66e78afcb41245189a729943a6
SHA1 d4c61a08545d2f0676c7116f6e17a551c8fd3b07
SHA256 61d374028f79fcb8c5576a91fccb5ab7362fbf337ea9d8bbc265fa80d9c0bfa2
SHA512 5cc1c240417c10b363d2d1ca75e1706f2d556057501afc15329fb5472caab1902151e76e6055c1b5baf2cbf436d5617b4cc1c14ade62e6064bf38e6b2c8ca610

/data/data/com.dyxd.instructions.s1151/files/brand/p129683886312508553.png

MD5 3b7ed703d1cc6b099b39ea791e1897d8
SHA1 9d36bbce63ecfa11538afef63a1bbf1f160bea11
SHA256 538f97a6f7cbff7c173240f9d30dc668c195f5da93bb26ed50ef2c03097814bf
SHA512 f41c9c8826b35df453e956357bdf28a5e61f96fe602e5ac0bbe95be73c471c5fef1d17547bd1877e8dc3963addda296d835077c0f7d5676dd690ae661e66870c

/data/data/com.dyxd.instructions.s1151/files/brand/p129743627900268975.png

MD5 0a4b321c9d899b91312453112626dbc8
SHA1 80342d6db870d0f60a1a57169d21821725caf22e
SHA256 589f6f88760d4a35d0c965ec9a0ff7eecf4c09580d41c5f3643d01544c324175
SHA512 8ba1417705c8af962cd679e7e3a2268a361edb477b06bcbe0a3cb9eecd0cec19dfa0da06488e8718056811dab2fb04e73ad399874d21be4a259d780fafc22138

/data/data/com.dyxd.instructions.s1151/files/brand/p129815225692590942.png

MD5 8ddfbceddfcea68aa9b741e6dba1d391
SHA1 aed619a1de1715a1e6531669ef22217ca16fd0d2
SHA256 0326fc88821c1fcdcd990ba8e649ce15bbfffede357b4b6683e1cdd8129753a7
SHA512 c4f12cde3638140a487e3cfc5c90d610425e83f9661d54a2b3e69e140a8663edb496dd2708e1439251479dec421c9abc4bc04ad47f6d00c9d61f7efbf2ce916b

/data/data/com.dyxd.instructions.s1151/files/brand/p130003561762214051.png

MD5 dfaaba370b0ac7a54414657ef9980ddb
SHA1 c61a337ef6072786e1c905093b503f6ca1b6df26
SHA256 5229343306520fc98b3dd42cdd7174922ee70b9a76b24781d82ddbbc3bce5d30
SHA512 c583214862219459928f254d7dd5752a0f91288b8c5967c50bc95c6d9e39ce60425553a95d190ca3800d5ccd58e01e3105b38ae9170c1615da174b1ba739410e

/data/data/com.dyxd.instructions.s1151/files/brand/p130026045626228167.png

MD5 3d07484d8e23390634f6c4292b1793e5
SHA1 abece87143365cfb644f75a04586d7b5d99444ab
SHA256 a57ede9fc3adbb55aec3bcaaa51d60c333903613468396777f430b92aae01694
SHA512 cd343ab0325af5755cdba273b9a240d34c53a07b0630cfaa2c83899fc74f2c309a027b584a55f8bcc2409a26f620755406cd5279315bada18b4be3dfa00f57b5

/data/data/com.dyxd.instructions.s1151/files/brand/p130090252174664593.png

MD5 c682ad0d068ebfa7534fed463520edf7
SHA1 e32539136c30b4e7e7509554b4fa12b4a057d911
SHA256 f3d02cfdd11d65aabdf3520310c681da665e585938caefc80beedcb9b44332ae
SHA512 a369e5d8f6e884b82f5589eb347af1f19c578bbdc62616064145112e971299fcb48e7f96bdc11d884c07e08260ee6c0e72751357abbeb449eb7cbb6860dff7df

/data/data/com.dyxd.instructions.s1151/files/brand/p130119534743029556.png

MD5 9366b5841b37def3237c7f0bcfe7ac0e
SHA1 0d52d698c27602d5db7fddb1de0577bf327664f0
SHA256 31483b3742da5fa58f3b0bd674e25384b7190f2939f9578099484387d5a84f48
SHA512 078573d4ac7e2f93a28ac59cec927fdf764995aca37d67e42d4f411c808414d6c6f99646c889e36ecbfdc042a8797c85f2a64c50387f1239e1ebbbc3a16cfcea

/data/data/com.dyxd.instructions.s1151/files/brand/p130278291464085825.png

MD5 6e1e3a767180b5706bd56b435473f8b0
SHA1 fd0d8e54fe889e3d89190606ededfdea05c0bae7
SHA256 534489d801c717f9931a261686f137b0c2c1f5f06b88ca82c67b5c9d8c5f60a1
SHA512 cf5137839cf9542636cc4f7ec4b525741b90690d2ecaa32e3297b89088a418bb2a4a55c8f13237fc8253384ee7b76f5369e641068dc40d124f337884c55f4c9b

/data/data/com.dyxd.instructions.s1151/files/brand/p130306243240170768.png

MD5 4644674b594069e1731932564f3b4593
SHA1 dde1df773b72fd0dc566cfea8d2eff62c3d52ae7
SHA256 4c0989b9e8490265cb42df58b3f572ccd4305d42426d09692c519efb390ac2aa
SHA512 296abcc5d07baba2caeae5c6a7bef77814c73b62943643b35e3f0533bd3a632811f0d5f45ba02d037621e73f8ee3b93bd573645e537131d4228a7dcf2633b107

/data/data/com.dyxd.instructions.s1151/databases/pushsdk.db-journal

MD5 853891477506e71b359a44ac89aa6b4f
SHA1 f293e7d63e9c3c381ed0a694c24dc59ca0631d57
SHA256 cf8246b87037e8ff42c78f051267feadf16b2fb2e40bf7c532d760762849621d
SHA512 968391a064e1ea1433bb1195cec62fa031c3c2a7a3e99f63df8897a3c3ccefb9d7fba0d8c98099c636ac1bea43a3056bd5bdef5cff13e2a5864b05e838fa5080

/data/data/com.dyxd.instructions.s1151/files/umeng_it.cache

MD5 32e9ec24fc3fe3392e8689cda8691fba
SHA1 15974865955ea7c4b539dda6b914f3f98a0e1097
SHA256 49cb2d620eaca42ac4de6cca186430335b150f5ad4b604b2e021552c6347be83
SHA512 a783c527e72e7187588be793a1a503711603f2cfa4cd5e0c26fd779858aaca069fdcc4f6ab9465e1ba2adf9ee22adbde1e33694c0dfc6b0ded9bd62dcd15cabc

/data/data/com.dyxd.instructions.s1151/files/.imprint

MD5 f3177291bee46d6848f03601d7d53b19
SHA1 ca97427f8b5aeadb0bf8ee044b8290ae77946f5c
SHA256 ab5ea6dedc902f65a3be54cafeebe916d908f30c80b26ad7e58cffb0811aaebf
SHA512 cf507e90a7912479573e7f656bee75dae53287ceb621ac1570d3c9c860ede600dbd34ce1b5675ab9f3a1c50273fa08a80d802ebd52542c91ad4d15171ff7a65c

/data/data/com.dyxd.instructions.s1151/files/umeng_it.cache

MD5 3d6a7aeb94b70b9611e1b59875c7afc3
SHA1 fe755f88d6634877d13811e88841901fc1f60b93
SHA256 55f0f7ce3ff7c9cd14c794c5c95194e1938974bd21f3f44fb7d71467c55090dd
SHA512 db169f9618e76c2eaf460e20650f30c5c0a41dda0223e13f04148a9b3ece427033524db16dfbdd57b06bd6523b7dd102ac0a03e4c02a941fd851f238871d73a8