Malware Analysis Report

2024-09-09 17:33

Sample ID 240613-ndqnbswerd
Target a53fd694aa54206625d89b4a972a8e8a_JaffaCakes118
SHA256 4fbac3e6a33ff1a92a4eface3131bab03da59bb3dc96efd3866a29becb6c9dd3
Tags
discovery evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4fbac3e6a33ff1a92a4eface3131bab03da59bb3dc96efd3866a29becb6c9dd3

Threat Level: Shows suspicious behavior

The file a53fd694aa54206625d89b4a972a8e8a_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion

Checks known Qemu files.

Queries information about running processes on the device

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 11:17

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 11:17

Reported

2024-06-13 11:21

Platform

android-x86-arm-20240611.1-en

Max time kernel

165s

Max time network

187s

Command Line

com.yxxinglin.xzid24803

Signatures

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.yxxinglin.xzid24803

com.yxxinglin.xzid24803:pushcore

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 hc.hhhkkkk01.com udp
US 1.1.1.1:53 hc.hhhkkkk02.com udp
US 1.1.1.1:53 openinstall.io udp
US 1.1.1.1:53 hc.hhhkkkk03.com udp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 1.1.1.1:53 hc.hhhkkkk04.com udp
US 1.1.1.1:53 hc.hhhkkkk05.com udp
US 1.1.1.1:53 hc.hhhkkkkk06.com udp
US 1.1.1.1:53 hc.hhhkkkk07.com udp
US 1.1.1.1:53 hc.hhhkkkk08.com udp
US 1.1.1.1:53 hc.hhhkkkk09.com udp
US 1.1.1.1:53 hc.hhhkkkk10.com udp
US 1.1.1.1:53 hc.hhhkkkk11.com udp
US 1.1.1.1:53 hc.hhhkkkk12.com udp
US 1.1.1.1:53 hc.hhhkkkk13.com udp
US 1.1.1.1:53 hc.hhhkkkk14.com udp
US 1.1.1.1:53 hc.hhhkkkk15.com udp
US 1.1.1.1:53 hc.hhhkkkk16.com udp
US 1.1.1.1:53 hc.hhhkkkk17.com udp
US 1.1.1.1:53 hc.hhhkkkk18.com udp
CN 47.93.186.175:443 openinstall.io tcp
US 1.1.1.1:53 hc.hhhkkkk19.com udp
US 1.1.1.1:53 hc.hhhkkkk20.com udp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.94.92.163:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 1.1.1.1:53 www.baidu.com udp
HK 103.235.46.40:80 www.baidu.com tcp
GB 142.250.187.238:443 tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.93.186.175:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.94.92.163:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.93.186.175:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.94.92.163:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.93.186.175:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.94.92.163:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.93.186.175:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.94.92.163:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.93.186.175:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.94.92.163:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 1.1.1.1:53 openinstall.io udp
CN 47.93.186.175:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.94.92.163:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.93.186.175:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.94.92.163:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.93.186.175:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.94.92.163:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.93.186.175:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.94.92.163:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.93.186.175:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.94.92.163:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 1.1.1.1:53 openinstall.io udp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.93.186.175:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.94.92.163:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.93.186.175:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
CN 47.94.92.163:443 openinstall.io tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp
US 38.60.64.210:54210 hc.hhhkkkk02.com tcp

Files

/data/data/com.yxxinglin.xzid24803/databases/jsb.sqlite-journal

MD5 ac8d4923ced622cdfecb2407f91680f1
SHA1 0d2d6f9ebc373213dd5ed84ef421bcb0a56f4324
SHA256 d02a2a3a2d6dfde70d2683e0c863578dbca44693ac413dc572e241f08a4d5154
SHA512 8a50d7cea09e4681bc1268c13849d45134ff657db196470de1126b0bf514ed71faaf361f34e9ebc116320c5d0c9ef86c4462143ab02c275151bd37ce32cf86fd

/data/data/com.yxxinglin.xzid24803/databases/jsb.sqlite

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.yxxinglin.xzid24803/databases/jsb.sqlite-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.yxxinglin.xzid24803/databases/jsb.sqlite-wal

MD5 a950f194d745944eca858880f7105a05
SHA1 a4f31e1c488d79c14eca31787f42a276f08dffa3
SHA256 14787104d9323aac9415ac831f087597f65f033f2ed6f03103adeb2deb1d1487
SHA512 4389c579ad2678062b393d46cfae5527d5cefec91c2572e372b911bdd26778bdf57bea81697d6a9c81a4fb2c8b3a4f0168c8e13475d601595ae5ba2666e515f2