Analysis Overview
SHA256
6382aefd3a65de5018ecf62fbf1a743afe82b2ed94829a7b1d5546ced451123f
Threat Level: Likely malicious
The file a6c4085bd5bdf9a6c4e30e7cba5634d5_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Loads dropped Dex/Jar
Queries information about running processes on the device
Requests dangerous framework permissions
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Queries information about the current Wi-Fi connection
Queries information about active data network
Listens for changes in the sensor environment (might be used to detect emulation)
Uses Crypto APIs (Might try to encrypt user data)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:57
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:57
Reported
2024-06-13 22:00
Platform
android-x86-arm-20240611.1-en
Max time kernel
134s
Max time network
131s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.ykx.flm.broker/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.ykx.flm.broker/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.ykx.flm.broker/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.ykx.flm.broker/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.ykx.flm.broker/.jiagu/tmp.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | s.appjiagu.com | N/A | N/A |
| N/A | b.appjiagu.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.ykx.flm.broker
chmod 755 /data/user/0/com.ykx.flm.broker/.jiagu/libjiagu.so
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.ykx.flm.broker/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=44 --oat-location=/data/data/com.ykx.flm.broker/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
sh -c ps
ps
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.234:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | cloudconfig.mta.qq.com | udp |
| CN | 58.250.9.51:4002 | cloudconfig.mta.qq.com | tcp |
| US | 1.1.1.1:53 | mpush-api.aliyun.com | udp |
| CN | 106.11.253.96:80 | mpush-api.aliyun.com | tcp |
| US | 1.1.1.1:53 | api.map.baidu.com | udp |
| US | 1.1.1.1:53 | flm-resource.oss-cn-shanghai.aliyuncs.com | udp |
| HK | 103.235.46.245:443 | api.map.baidu.com | tcp |
| CN | 106.14.228.165:80 | flm-resource.oss-cn-shanghai.aliyuncs.com | tcp |
| CN | 106.14.228.165:80 | flm-resource.oss-cn-shanghai.aliyuncs.com | tcp |
| CN | 106.11.243.160:80 | mpush-api.aliyun.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| CN | 106.11.248.144:80 | mpush-api.aliyun.com | tcp |
| CN | 140.205.160.128:80 | mpush-api.aliyun.com | tcp |
| US | 1.1.1.1:53 | s.appjiagu.com | udp |
| US | 104.192.110.60:80 | s.appjiagu.com | tcp |
| CN | 106.11.253.96:80 | mpush-api.aliyun.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| CN | 106.11.243.160:80 | mpush-api.aliyun.com | tcp |
| CN | 106.11.248.144:80 | mpush-api.aliyun.com | tcp |
| CN | 140.205.160.128:80 | mpush-api.aliyun.com | tcp |
| US | 1.1.1.1:53 | b.appjiagu.com | udp |
| CN | 180.163.249.208:80 | b.appjiagu.com | tcp |
| CN | 106.63.25.33:80 | b.appjiagu.com | tcp |
| US | 1.1.1.1:53 | mpush-api.aliyun.com | udp |
| CN | 106.11.248.144:80 | mpush-api.aliyun.com | tcp |
| CN | 140.205.160.128:80 | mpush-api.aliyun.com | tcp |
| CN | 106.11.253.96:80 | mpush-api.aliyun.com | tcp |
| CN | 106.11.243.160:80 | mpush-api.aliyun.com | tcp |
Files
/data/data/com.ykx.flm.broker/.jiagu/libjiagu.so
| MD5 | aa01dd97609092ce310e17bf791069ce |
| SHA1 | f000840a8f68ea7beb2e29ea466088daf55609db |
| SHA256 | e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2 |
| SHA512 | 766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4 |
/data/data/com.ykx.flm.broker/.jiagu/classes.dex
| MD5 | d5d329a5993732c32b98fc5b567b8f83 |
| SHA1 | cf41634864bea29adf608a5745bceaee6c183682 |
| SHA256 | fd4cab3aeb9b003dee39637ac7fc144734dbd22e34f950b2623082224ba044a9 |
| SHA512 | 9a69be47d07dbdd6b8dbda8a033568216fed10e7db32135e988101f57136e1f64d41620875dd4157b75a7bab733e790e418050d5b4f44a81c15235caba4e131e |
/data/user/0/com.ykx.flm.broker/.jiagu/classes.dex
| MD5 | 002a294aea45cba9f916ae7d7bb5cad0 |
| SHA1 | 8fa9066c8365d2e3d3a4bcd08e9ffe905866fbde |
| SHA256 | 7e1ddca5b940b0b5d955fb394737b18d0596edd415026b0185178952fc9e5e91 |
| SHA512 | 67cf055a4e44741aad584eac66baa6cf1c9a2ebbf3887c4456bcab20280b7adc53e3a2a5b584cfc5713096054a0c006fa7676d0e3d9b59507c362cd00acadec7 |
/data/user/0/com.ykx.flm.broker/.jiagu/classes.dex!classes2.dex
| MD5 | bc8a924d1a64ec86edbea31e24951109 |
| SHA1 | a9a417048a68e1d0704ca559d6f23aeffb472714 |
| SHA256 | 6686bbe3ae501c296b040e4cde52b9183533b4a327c7a0ea6619e103985877e4 |
| SHA512 | c0990dbe0f11a5e4b3220f5e47eb62fa03ef91d4154a709a173efcc8e0619e38e3938e7af4f14640babc16cb96e8704830f0e9f637137803f7441070dd9cb4aa |
/data/data/com.ykx.flm.broker/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/com.ykx.flm.broker/files/.jglogs/.jg.ri
| MD5 | 900cd21b817022cce694e8754f4e0264 |
| SHA1 | e41f605cdf460dca31e1a1f6a5a0a9975ced791f |
| SHA256 | 901a2b6453056893fb82a55ba0879ae27002e6fdf40c7f7166ffa608f46cc54f |
| SHA512 | 446937bc74c37098040a97db88b98fae983d6d60e46821958031d13f5ed961970c66e6c6f0f3a4c22b9abe2d88a65145e0d373375f94e1ca194a175c2bfbff01 |
/data/data/com.ykx.flm.broker/files/.jiagu.lock
| MD5 | 2611a902151b2c11e41ae43bb9deffce |
| SHA1 | 9747ca9bf4706b54603325a0676d7e7d7a64547a |
| SHA256 | f822cea8a93e885ccd7935a482f8d45926b9616bd201c2d996e210db0a0cd738 |
| SHA512 | 697dbd2dc957f49d29f8aff5211cca6e3b0ae94b42d416d6b64114bf0aa2a2df9a13b4309373417a74c3be715952a95accdd561ddd2c98e200ca1b0e43fb1f42 |
/data/data/com.ykx.flm.broker/files/.jglogs/.jg.ac
| MD5 | e0fc16857e50b235e04496a1e7a26a9f |
| SHA1 | f321389fcf9bb7cb8446a4d6a6954cbce6376f10 |
| SHA256 | 20f3375a97bad55b8bd5c1fd906d80ecbe09eebf9598ba2fa16d968e9b63dabc |
| SHA512 | 5d038a59d434119bfb106c14bf9f6142247da03945af3a7f0a1a2de60dc25ffe413f368ac5b50621ca16ee6a79b9cc157c9549ad1fa52d71927f318935e810fe |
/data/data/com.ykx.flm.broker/files/.jglogs/.jg.ic
| MD5 | 7ce84dbed5ff1ca06e3fda4d77cb70e9 |
| SHA1 | d0ac73a3102f46066545f9e02e42b89ee70df763 |
| SHA256 | 52b5c858055cc76df6263fd4ba945a549fddefa82729ca3858c5fd2818e58bd4 |
| SHA512 | 54596aa6b418cb621c7fc724fef4c2bd6f18ea5e0365579e6b55d1627643d1c98482d1589de4814c2d11dca25c66b35c15858eec6e9aa9bde106e7820c122646 |
/data/data/com.ykx.flm.broker/files/.jglogs/.jg.di
| MD5 | d168d7bc47eadf96c8c3ab583bdb038d |
| SHA1 | 492e9e2c2c288ac80011488492c0550d48ddb6e2 |
| SHA256 | f4c1f068a4cd4eb888f8013cc52c77ef746fb577da697c274aba6c8340c6a767 |
| SHA512 | dfc8da0818d797bfcf838d7d3687114739c6c72788ddbf1f2f20f5884279ace51ea936f8a55aba218b87ff4a4128cebb09f09e3a020c8be8c0e53f319ab95a4d |
/storage/emulated/0/360/.iddata
| MD5 | 23cbfcd9a19dd30203f90481f2acbb39 |
| SHA1 | feb982b639e4d68b32302205cf7a7747b7722c9f |
| SHA256 | d18170a148ccbc6bebbb81c8f2115678dd017f6b1ad763aeaae10c01510f53f3 |
| SHA512 | f5a95341add7384563834dee156f232d3a03fc6285afe9311d710311bbdfcf059faf8b9b1b742b25dede31389300701d79dc2be0f9f63cec9ef0d8e978d2064b |
/storage/emulated/0/360/.deviceId
| MD5 | 1d8d16c4e3b19ebf18988530d9b9a757 |
| SHA1 | bc94c1cce05cd848a53271ecb9c5311e27ffebf5 |
| SHA256 | abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7 |
| SHA512 | 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9764738822c12c815c1620d3459a1f16 |
| SHA1 | 84b11d74820a904e12da574b831be250f8881ddf |
| SHA256 | 9a255ae50f4a818242aa7d6efc51546958293446ecaeb4fd1f4ec93976bb7c51 |
| SHA512 | a0f157cb4d41ad851c1e21a6f0f141fb2f71557cb4a2aee8c5f165d528d4e1ae9237fcc7ee761c7bee839f718143852391fe344ee76c0c995b0049d40c287f4e |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 5bfc0a35e5624eeb8978a1628200ab30 |
| SHA1 | 038eadfe79a65d104502d735edb559f519db0027 |
| SHA256 | 67e8aae6ec19c60b46df92f8a9a47f7f485e4c7d7cd9f9fa9a0ff6b6522704b2 |
| SHA512 | c670cae1e6bfe34e9e14a824f7d479e5bb9126db6edfa14d8c4d7798d7d251af19af5fa82051053e4942670a1ddf3f7c55efa3d2b4328659f452d25af3240d35 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 38619c332f7333b538b336126cb108ce |
| SHA1 | 74f6c135dd5bcb0d0b65155b8f18b3db058c380f |
| SHA256 | 1601494307454b6de203afc6151d676652b50639272ab3f0dfe143175ef865d5 |
| SHA512 | de78628e981146dc14a944c6bcb367abec1553e6e9d0e0f01320ad018147711ef5e42296f49f2a6b8fc5699898444070c5ea9f5f185cedb068c61ac6eb1919d4 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 4776390573e3dc330b036a7d7344c86e |
| SHA1 | 018d017fb9d67e1e2e9633d8ee9c9dde28719fba |
| SHA256 | fecd1d859c7b8bc80d79c8b4a1b3cf8beccec96ead8e579488cd364ef6c6d23a |
| SHA512 | ebff0190773264dde38ee50573ea36e807cee34b6742e46c08dac7db957066e74f2df04d519b6cc53aac9bd720a6a68031044ce8b3298a58560d5f0001bc2970 |
/data/data/com.ykx.flm.broker/files/libcuid.so
| MD5 | 5aeda60c6fc2e0198b199be22fa1abd4 |
| SHA1 | c1937ae20a6b5a5e8b882ce8292c022820006263 |
| SHA256 | 8a9deee84a21ec4bf3f7fa28ab600a26c4b216263ac6ce6a983e4d22267a41e2 |
| SHA512 | fb3243fcbe60c912bc43be1a32856497c437fb192d3ed6ea59177ab396575f3eb08d7b44b2ae70f1ef7b6bec88d985990c3fccf772b380a9b9b5da10202434a8 |
/data/data/com.ykx.flm.broker/databases/tencent_analysis.db_com.ykx.flm.broker-journal
| MD5 | b08bdd934b1fdeb33dc1a108359b43f1 |
| SHA1 | 705cc337407cab29d2ddf3c016b2adf05318a95d |
| SHA256 | 055d4da56d9ccbb4900a3a3c17759dbc559c168f318ec79bf2ff822bf63f1de9 |
| SHA512 | 54b8cd8fdfff2896b1a96d3a7d6938da83110b89e01b654c77a84a966ba163499f830b638532a0ba132e21f00b734e26e7dc59de3a3555453543ae5fe9994389 |
/data/data/com.ykx.flm.broker/databases/tencent_analysis.db_com.ykx.flm.broker
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.ykx.flm.broker/databases/tencent_analysis.db_com.ykx.flm.broker-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.ykx.flm.broker/databases/tencent_analysis.db_com.ykx.flm.broker-wal
| MD5 | fe6aabcea155d7537e7caf5bc9e91f15 |
| SHA1 | 774fa04c3d0065deb0654479cdc8edfc3a96e9aa |
| SHA256 | 3e5eba64257d01d8afd13877629bb212201b1a59c52038dc50afcf29a1845871 |
| SHA512 | b708831809f68f99a89128b1344effdc171d43315eb92e3d9035e397eb866dd256cdc7c7f751c5b348de4ce08c47846a5cf699ba7b58082b254585eed20bfdf6 |
/data/data/com.ykx.flm.broker/databases/pri_tencent_analysis.db_com.ykx.flm.broker-journal
| MD5 | 4df8b877ebd33c99c88e18e74b044496 |
| SHA1 | 6218a9d985a6ef593d57eb5679d0588895b4fcfd |
| SHA256 | 7d5174e3b2602827f99fb0e24f18f1794e3714ff95fe08196bd828c164c877cc |
| SHA512 | 205a196e35d2eaf88f79ab108baf96b9279a5df384eac39c286570427e6b0d6fa44a93b1ce2fd952e039e0caa96dd8d19dfb1d4d13e1dd4d02f9aac6f5747061 |
/data/data/com.ykx.flm.broker/databases/pri_tencent_analysis.db_com.ykx.flm.broker-wal
| MD5 | 89301171597b8bf13ff2047f54c289f8 |
| SHA1 | 2908b756ac04b248049d7ff2d7501a90f66a3b9d |
| SHA256 | 11784b8e4658cd7603ce57488286ed4e270c0811c8b14d3b81f17320fbe4b078 |
| SHA512 | bf524483ced88925313e1efe4fb17df337cd7dbd10ce025b04123e3970710db02f7d273351081c5c48bbf837d9ab4a672d58f45fbd38e44a58ccf676b19bb383 |
/data/data/com.ykx.flm.broker/files/.jglogs/.jg.di
| MD5 | 9ff5bc61f8168395adb8298001f2486f |
| SHA1 | 824364914082417c1702d939dad6b1daf1a52435 |
| SHA256 | 947c2e5fce27282a4f9d279b5e633994cfb9f228b6fd173343c86c8f7ad3d3aa |
| SHA512 | b3f759a0ad424e5d2fc998df72248e3e6fbf58a70e193fc741fcc2533a0199a97807ce2ccb88c213a27ab07cf08dbbda8206ab0e04631afba2a167aa0d8e8c79 |
/data/data/com.ykx.flm.broker/files/.jglogs/.jg.ac
| MD5 | 2f75c725e2bee36e1fa30c62b52690d3 |
| SHA1 | 602258e85ec474f23a39ae5ae6e7f607134d04e0 |
| SHA256 | 441504d0e00402ff462f5f3d07f233943cb9bef171e813853f50b15d6b71b128 |
| SHA512 | 3dc531a2732f6754e2065865717c27cfddfd840adc4409bac9a2fb9b7b40273b56fffa7cc19f84bdbb1fb1824879f82eb71cb24ff50d26806eb2b069b2934f1b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:57
Reported
2024-06-13 22:00
Platform
android-33-x64-arm64-20240611.1-en
Max time kernel
8s
Max time network
179s
Command Line
Signatures
Processes
com.ykx.flm.broker
Network
| Country | Destination | Domain | Proto |
| BE | 142.251.168.188:5228 | tcp | |
| GB | 216.58.204.74:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.10:443 | udp | |
| GB | 142.250.180.10:443 | tcp | |
| GB | 216.58.212.227:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 216.58.201.99:443 | tcp | |
| US | 172.64.41.3:443 | udp | |
| GB | 216.58.201.99:443 | udp | |
| GB | 172.217.169.68:443 | udp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/user/0/com.ykx.flm.broker/.jiagu/libjiagu.so
| MD5 | aa01dd97609092ce310e17bf791069ce |
| SHA1 | f000840a8f68ea7beb2e29ea466088daf55609db |
| SHA256 | e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2 |
| SHA512 | 766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4 |