Malware Analysis Report

2024-09-09 12:54

Sample ID 240614-demyqasfpg
Target a7c5c395bd3f189abf1c1cc8f317dfbf_JaffaCakes118
SHA256 e62312465dd2741095e793c14ae5ed2888b3473aa081901350e64c38f615d984
Tags
collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e62312465dd2741095e793c14ae5ed2888b3473aa081901350e64c38f615d984

Threat Level: Shows suspicious behavior

The file a7c5c395bd3f189abf1c1cc8f317dfbf_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery evasion impact persistence

Requests cell location

Requests cell location

Queries information about running processes on the device

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Queries the mobile country code (MCC)

Makes use of the framework's foreground persistence service

Queries information about the current Wi-Fi connection

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:55

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:55

Reported

2024-06-14 02:58

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

187s

Command Line

com.android.yxkaola

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.yxkaola

com.android.yxkaola:download_server

com.android.yxkaola:jpush

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

com.android.yxkaola:channel

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
CN 140.205.160.76:443 tcp
US 1.1.1.1:53 www.qicloud.com udp
US 1.1.1.1:53 log.reyun.com udp
US 1.1.1.1:53 id1.cn udp
CN 54.223.175.26:80 log.reyun.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 116.205.165.66:19000 s.jpush.cn udp
CN 116.205.165.66:19000 s.jpush.cn udp
CN 54.223.95.86:80 log.reyun.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 121.36.205.81:19000 sis.jpush.io udp
CN 121.36.205.81:19000 sis.jpush.io udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
CN 140.205.160.76:443 tcp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 124.71.183.120:7002 im64.jpush.cn tcp
US 1.1.1.1:53 119.3.188.193 udp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 139.9.135.156 udp
CN 113.31.17.106:7000 tcp
CN 116.205.165.66:19000 easytomessage.com udp
CN 116.205.165.66:19000 easytomessage.com udp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp
CN 121.36.205.81:19000 easytomessage.com udp
CN 140.205.160.76:443 tcp
CN 121.36.205.81:19000 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 tcp
CN 140.205.160.76:443 tcp
CN 113.31.17.106:7000 tcp
CN 116.205.165.66:19000 easytomessage.com udp
CN 116.205.165.66:19000 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 124.70.128.38:19000 sis.jpush.io udp
CN 124.70.128.38:19000 sis.jpush.io udp
CN 120.46.131.222:19000 sis.jpush.io udp
CN 140.205.160.76:443 tcp
CN 120.46.131.222:19000 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
CN 124.71.183.120:7002 im64.jpush.cn tcp
US 1.1.1.1:53 tcp
CN 124.71.183.120:7000 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 me.xdrig.com udp
CN 116.198.14.189:443 me.xdrig.com tcp
CN 124.71.183.120:7002 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 140.205.160.76:443 tcp
CN 116.205.165.66:19000 sis.jpush.io udp
CN 116.205.165.66:19000 sis.jpush.io udp
US 1.1.1.1:53 sis.jpush.io udp
CN 120.46.131.222:19000 sis.jpush.io udp
CN 140.205.160.76:443 tcp
CN 120.46.131.222:19000 sis.jpush.io udp
CN 120.46.131.222:19000 sis.jpush.io udp
CN 120.46.131.222:19000 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 124.71.183.120:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 124.71.183.120:7003 im64.jpush.cn tcp
CN 140.205.160.76:443 tcp
CN 113.31.17.106:7000 tcp
CN 116.198.14.183:443 me.xdrig.com tcp
CN 140.205.160.76:443 tcp
CN 116.205.165.66:19000 sis.jpush.io udp
CN 116.205.165.66:19000 sis.jpush.io udp
CN 120.46.131.222:19000 sis.jpush.io udp
CN 120.46.131.222:19000 sis.jpush.io udp
CN 120.46.131.222:19000 sis.jpush.io udp

Files

/data/data/com.android.yxkaola/databases/MessageStore.db-journal

MD5 0d7eb5281e9559bde41cb0290f15b3ef
SHA1 510eb65d5f0460fadb3e5bf3c1fe27001bf31582
SHA256 bfc97b62de33ffc655c9d2a39826d63511a4f4ea7a58cc27cf67b1c0e725a4da
SHA512 8e590e93cd0b97d1b5521f2d5d776264e686938c38019d9656da670b746e474395ac548b9afdeb601edff417eed7b7e2fc24926b4ea1966f38ba395195583205

/data/data/com.android.yxkaola/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.android.yxkaola/databases/MessageStore.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.android.yxkaola/databases/MessageStore.db-wal

MD5 e49785a1d29878626a6f986423419172
SHA1 cb489999bd091ff8e8b36794e4e895ff72660af8
SHA256 5441be6b53148397be8ba6d1c1a97eed26b651b556aefce8e7ac7b22bfaf6b01
SHA512 1962959a9a6c305044e99ea3638895be881c8ba9228df9fb0708b0394faa5479d6fff561159685cfc9b59577b2d162d7feeedb3af8316b9a69eb1edfa274987a

/data/data/com.android.yxkaola/databases/MsgLogStore.db-journal

MD5 44d2dd763742f1df0b2de4507ec1c03a
SHA1 04119a6a2b9718411d4ca073ee2755b0c8db3bc2
SHA256 f6dfc96839b29ec021a3965987e9fe8ff63160724144018d7991bc2a8ae16ce0
SHA512 282c56bb20e24a2d0b3dc1ef4e870f741c8f193759deeadcaaefca879cf064ee69586d7c1378958d5b4cdc419ca7e9e5abe0137eddb3b8b16b96e6d52f316cb2

/data/data/com.android.yxkaola/databases/MsgLogStore.db-shm

MD5 685ab75d5c3001231a723b577dde07c4
SHA1 d83223bcba4682053345fa9cadeb5b8e0bcab220
SHA256 1263d337190243c9d7fb883853434ea107119a7e9af161680d8e7c3a153c5aa5
SHA512 984414d00e0316c0b5bcb61daa7118b75001b6730e74d9db419b326c434a19ba35a56a6b63065fc166e762336440de0036af26b7d706d425d029d0d0474a2cac

/data/data/com.android.yxkaola/databases/MsgLogStore.db-wal

MD5 bc11dcb1961ac83f1cc93fe18cbfd985
SHA1 7287451e9713c003cd9ba4094bb75341a5c9cd01
SHA256 8a154b97473a683ceb1001784ef074f0da4865a376071ee06e2e41af615ad866
SHA512 b6b99a6139773925e1086b43544a76a33d39452e4f2a24e864c720250bd68f5e2cd255def4aca36c23e94e4b91d589d826341b70bf2073ad08564ae2e8b89660

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 f96a49054cc23d4f89235fbe7b2fe6b9
SHA1 7b0376077e37814bc0259a376ee794c4f869d0b4
SHA256 79b996ce7d67809639c4e42f1230d8a98ac83427de15bb62a3ea40924d38076b
SHA512 b9fcc1416e9e03e465a63d84581bf41b424fb710b59e3b3c297a75d9fa57843a403b71494e5ea2289d159c745d26fd47443bb90b1fd7bda623d4b2f3a5fb4164

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 ded4a57726dbf89ba6fe6d5c1ca0eb72
SHA1 5df72d5f62b03618276c7c8ef2fd1e39e23ba12c
SHA256 61ba2c32cdad7f786dd08e9779a4a753ba7db05d6a6814049979ea98106cbdbb
SHA512 f10f1924528a91dcd169d279944bc5dea50e5e8414d8b1da81872bd9c744a6b570bb53bc0a5c218e5c89eeca0e934e1447ae97f8d9bf218b8d6271b6714be012

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 53389ccce1ca10a7579b8f99b178aa69
SHA1 dac88e535c9c2d24b5e0521f73d023f8c2b6d2a2
SHA256 5108b917e3381965737ba8b3ea45484199c2bea00f44925c5fecc1d1bbd6f0a7
SHA512 9befcc0daf3b16126be3cf58c81b584328320a479b2b0e95b2bdf40be20be8826e427ed26ccc1b304b1d5bcf0d3252568fda6725ea343779359fce9fe7aacf92

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 104ccc5efcc82113d30e929e7d458e28
SHA1 c0a0d84adf3d65bc79c1fcb3b0dc9c0a31c34079
SHA256 0a2c0eccb186f892d291e40f41cb60d3b83a90302f12a45e7d65d4d4f9848f82
SHA512 77dd0e910e05b466c7ac36816f32a2c9c31b1eb4661e5d718c5333ba64ec57ca78c8ecf0f09ddaec993ec8b5c88c3a1b36676b2736f7128e8d4d66a64d236e59

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 f20641e03eaf65067c4deb4f70ce28e5
SHA1 afadfece3b3a2c08933a9258eb969e87423382df
SHA256 f1fefa1d223088707e62db7ea0267cea16cff27f974b94e85614d9c6e0e6007a
SHA512 38bb7e491238543a9ed712a06be5229567d5b934b74a1fc4578581a02ae1263721a9e63527abb5d3e4089e2f74566a2ecd18aff70b53410de2da3feaddee4a9c

/data/data/com.android.yxkaola/databases/accs.db-journal

MD5 6128b848446cf3565e2cd11b5f5ffc84
SHA1 2b1a515e0b7381b3b1a42ecdd17dd7afdc27eb5f
SHA256 1fcad696942472aee555ff5552f739100c4d71940b1bad5dfc147ec05e1e974c
SHA512 76035212e1bbf5b767ca64227abce1df4d040665987298643a48dbf285c34af6e90fdc7c36784c320a22c1367980b07eef6576edb78e1f3dc65c703e2571d7f6

/data/data/com.android.yxkaola/databases/accs.db-wal

MD5 23af771cf4b6e98da3b22a75359cdab3
SHA1 0d2b5a00537cf6b5ada3e3e92efabae69dbbf4c9
SHA256 cd865c3af9ee582c5d486b694a088929f6c90d520b917c5ed7a614f86ad0a4d7
SHA512 183a81ca8a36838850b04c3e45698c7bf1fd1b49351a9a9b61cbd2466f2c08267912e61fd2a86bb6ab2d46abaf0bd8d8a7b22d342f6453b5834a13523b01f29d

/data/data/com.android.yxkaola/files/AntiCheatingLock

MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA512 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

/storage/emulated/0/.tcookieid

MD5 762460207aad2ec03f4ae5fa2f0df2dd
SHA1 5755dcd19e704830bc8b8f85972aa00626752218
SHA256 90e90d799702de3f88d42828ccf3192e3fffa8c8c69d323400cf869481cd07fb
SHA512 0d3ad5417e10f350bec53f1c41065af7f510466fca79d21e597922397bc68e50f5c02716d4b202f93f10f83533e6c8f0e31ea56e11a79163ea322c2b14d24424

/storage/emulated/0/QICloud/OpenBox/2024-06-14.txt

MD5 f929f11236654977372d9d8f59575b3a
SHA1 55435bfb71477de06527fc4883f7b0312101e9cc
SHA256 50b4788b7d93ad1bcfd177b071b857525fb9326d290a7f6cd6ed02d03d0af4b0
SHA512 3ecf5346ad70a73ffbbabf8a09345a51bef8167e965a9d2da18d73c213990d66dca0d5fa432702e994af70befe4fb38f7c4260d804f7b98a4aa1a28e3bc1a456

/storage/emulated/0/Android/data/com.android.yxkaola/files/tnetlogs/inapp_20240614.log

MD5 3836337bc44b77851b41b72a5ebd999b
SHA1 e3503fbf61968b6250979fa165311f810064590c
SHA256 6b2099347953f9ae2723b64265d2ad5b940aa1b6aba13216d8b7c5fd7061e429
SHA512 184a9b8e0474e5ed40405cafec10e177127e29c32c196fba54c596d5c43bfbcf83a756d73b38dd8a84f543d11275b1fc6bb63346fe63451283da886b0e47b84a

/storage/emulated/0/QICloud/OpenBox/2024-06-14.txt

MD5 0288dde362807a34ec6ac800aec20ef8
SHA1 658001d8a4f8e209d2a59187196baacb52d2c18a
SHA256 e34b69fd55ed0a8455dd7d2fba2d5b1aa214a94657b98dc25334a487c7298b29
SHA512 6f78aa6a6439bce247247ca22d0fe5367848e51c859e4eaa53770a4c5a023354dc82a5eeef1445c2605a2b577afb1661b95efd95473d4744516a0f90db61d498

/data/data/com.android.yxkaola/files/td_database2TalkingData/1718333755023_4271

MD5 3de12fd969942fb25d78830587799f39
SHA1 7c6c90c3399def19556a89f0707abad4ce01cb16
SHA256 51260a58e4530c7a661fe7cd933c54224ce59373c1068e9b92f4f3d3655f40e6
SHA512 a4b81f968b9ed4b1926c2e4d7023af654dbdcf9afab1a5e8f7f7e273f485d79541e06621b99549185d0d8c7a8d4ea863afd2dc8c6b1b7e87bd8e0ec3edcd1d65

/storage/emulated/0/data/.push_deviceid

MD5 5a4e4e2e1f70d4b30cd01632ffbdcc0c
SHA1 1e30cc3302bb24f2344c18f54c8564e994e817ee
SHA256 26bc48c058ea4be4222758db1230623be29242b6f2947a605190bbc7536b069d
SHA512 67337b7b410010c66f1a042cf9d4330643ce241707ba1a7794e4d152a7fff247b13305bc94f0eb943d6e6997b5efe56c9a5d282c18806bc9a001480306a7b66b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:55

Reported

2024-06-14 02:58

Platform

android-x64-20240611.1-en

Max time kernel

177s

Max time network

190s

Command Line

com.android.yxkaola

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.yxkaola

com.android.yxkaola:download_server

com.android.yxkaola:jpush

com.android.yxkaola:channel

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
CN 140.205.160.76:443 tcp
US 1.1.1.1:53 www.qicloud.com udp
US 1.1.1.1:53 log.reyun.com udp
US 1.1.1.1:53 id1.cn udp
CN 54.223.175.26:80 log.reyun.com tcp
US 1.1.1.1:53 1.cn.pool.ntp.org udp
US 1.1.1.1:53 av1.xdrig.com udp
CN 116.198.14.4:443 av1.xdrig.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 119.3.253.130:19000 s.jpush.cn udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
US 1.1.1.1:53 0.asia.pool.ntp.org udp
US 1.1.1.1:53 sis.jpush.io udp
CN 121.36.205.81:19000 sis.jpush.io udp
US 1.1.1.1:53 2.asia.pool.ntp.org udp
US 1.1.1.1:53 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
CN 140.205.160.76:443 tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 124.70.211.119:7000 im64.jpush.cn tcp
CN 124.70.211.119:7002 im64.jpush.cn tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
US 1.1.1.1:53 139.9.135.156 udp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
GB 142.250.200.46:443 tcp
CN 119.3.253.130:19000 easytomessage.com udp
CN 140.205.160.76:443 tcp
CN 121.36.205.81:19000 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 140.205.160.76:443 tcp
CN 116.198.14.38:443 av1.xdrig.com tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
US 1.1.1.1:53 119.3.188.193 udp
CN 113.31.17.106:7000 tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp
CN 119.3.253.130:19000 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 124.71.170.130:19000 sis.jpush.io udp
CN 140.205.160.76:443 tcp
CN 120.46.131.222:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
CN 113.31.17.106:7000 tcp
CN 140.205.160.76:443 tcp
CN 119.3.253.130:19000 easytomessage.com udp
CN 124.71.170.130:19000 sis.jpush.io udp
CN 140.205.160.76:443 tcp
CN 120.46.131.222:19000 easytomessage.com udp
CN 116.198.14.37:443 av1.xdrig.com tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 139.9.138.15 udp
CN 113.31.17.106:7000 tcp
CN 140.205.160.76:443 tcp
CN 140.205.160.76:443 tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 124.71.159.41:19000 s.jpush.cn udp
CN 124.71.170.130:19000 s.jpush.cn udp
CN 120.46.131.222:19000 easytomessage.com udp

Files

/data/data/com.android.yxkaola/databases/MessageStore.db-journal

MD5 f12ebcc813ea9c06d07a60adfb7e87cb
SHA1 f4cc4e7d816a162c68df0cb96a89d9e9831ec6e4
SHA256 39938297c8b5b5ac580c7728afe2ed74d09f58cdb002e2c7c4bb7d28eb9cf3a4
SHA512 fe560ab6f3afbbf5706588b9254984ad4eb956c8a73179709cb365fcf6b45c27a6e4f5d4529584458b7099f039f859d38a22781f8aa3bf7809cbffbc3714bacb

/data/data/com.android.yxkaola/databases/MessageStore.db

MD5 b4d1037afca4357a8d0e6216c8dde758
SHA1 8f4994fe75ff727f5aa51979db60afa1c00b583a
SHA256 263bb95aa091dacd20b8b206a58cde6abd13fe26f69714b4e9203417279f1dad
SHA512 8183ab9719bd0f6b059899ab33106a5fa636e994fd90aea6445a3f364d6cf9ab4fa5772012609b6d4c812801a57c0c8f2866dbea08ddf2066a6fe7802b939e54

/data/data/com.android.yxkaola/databases/MessageStore.db-journal

MD5 19e23bcc1faa4d9905e90543a9d5da14
SHA1 5fd1abffe3c23c75b65185b9308fa67862b44bc7
SHA256 a634029fc6761e05e4d68ee4c1d426fe387cc59266f85ba92c58dd1f143db682
SHA512 1ba291b73185b1d35df309d5ad7a97cc41cec58d2b5cf13ea6ed31550de2e2c7467e13a2714ec7c9fd9b433a61d9e7075aada9820d0bdc9189522ed43aea4260

/data/data/com.android.yxkaola/databases/MessageStore.db-journal

MD5 77033ec7319ee0d25a89a714c6777840
SHA1 da68bb33ecf1005bcf5de60471b17bc9e12fd790
SHA256 c1bd519c2321a9b225dd1fd097dfbec30f80450bcc2a8176ecc5199fd073b3d3
SHA512 105a9ed4ab0fde057859faeb0524fe6d9b4dc900eecc7280f9714c1d29a4cc5cd2bd54eb337003c8037e192cb9093970b723ab1d203245941effc6b4cfa8de33

/data/data/com.android.yxkaola/databases/MsgLogStore.db-journal

MD5 50f30885f1ea9ebc6d8131cd2a03f75b
SHA1 6ce0f234465dbece99668e6ad1dd560211436d2f
SHA256 59798059a5c1648cfb9ad4e37d0427ca897b217212b45f53d70c4f48f68d345b
SHA512 19fbaa871ece92fed9dca279909cc3242c501ef247f8119797113d07de9993112162963cbae7ccdcc417d28169c47dea493b5bb86eba0a04cd04a3a6ccd452ec

/data/data/com.android.yxkaola/databases/MsgLogStore.db

MD5 d2afe5d22e347cc66d7ca5bfddbe911a
SHA1 af5769430759496979c9b6efb88b68bf2476d719
SHA256 286fe14ca18d33958362bd374736a9d25ed8a527b9ae43775cd071abe0564e24
SHA512 8a37955581717e88a023cbfc35294aef1403fc3c5dbdf53cd8a7f761e45521b501cd2f81ecb84621c341eb00a1e18e8da48395de076289ae21610c99b7f02418

/data/data/com.android.yxkaola/databases/MsgLogStore.db-journal

MD5 41996bd5bff0769db2fdd53e7faf45f7
SHA1 a479ae940fd4d9125467e1e97f872649612a0141
SHA256 6d26cbb87ca8e647b0af3902ea816a15e9cfc32380964d0bb8389758c9e2c739
SHA512 dd9672481d7fd8d338a116f710964aa82bd9fcaaf2d0f458b4dd2beec22ebd632cb6099252f87268137ee6f0d349efe1e45845b604293f356edfba41fa9d189e

/data/data/com.android.yxkaola/databases/MsgLogStore.db-journal

MD5 a9a43c844a26586a54f04dd2404d2a49
SHA1 c8b2c077d2842ac2d9448f586ddfbaf3f2d18546
SHA256 eae220d270ecae89b6939593ab12aab92457a83ae48143496ba08b133d87bbc6
SHA512 1a2a95f9703012cde8a72b96abb5490741313375e7af368a0de348c2d76fd4b697a60060c71b0963b12f88c5ee26b7adc86dcbe88e9cba8336ef0015abbc0932

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 df4d98fcf6ea7891bf5daa6b34e081d6
SHA1 0aaee0cc589a848d48706d555462f6311104d697
SHA256 e94d7fad24821bd2855bf3c15442a94a8308fca6176c0bd22a4ffc19969ed557
SHA512 4c387fe29e7e6a5f3260a07d88f6e9128defa852aa272f141710a7d6c90e968bb5b68d64b7798504b68e22e82e3ace9952c8ebf581888a4029f8738ec433d832

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 d91163a3cc60cdbca1faa131f1f003e2
SHA1 a820b50e992d2d7e069b483a853551bd1307f97e
SHA256 b9ca3334d4476bfc8511d9afd677d322203531f9f07a56e4daa6b26fb38877da
SHA512 5fbee81c10c052a258d86eb7b05ca71517d82f214ecd662921e2e4b5ea539c5dddeac763628bf851569a3a8c5f1530527763e1efada3502fd5babb9ffcef0e9f

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 20d65c0a9a6a8daac16429ae4fd8208d
SHA1 990234d0c1ea598a1e0b0f5f1af1afdd3eb6d8fc
SHA256 6bffbb60d48c2b7bc746604ac27f5410387a994989b2cc81ffaf3d9a335537c1
SHA512 1f88c69d33cd8e01b430dbf1384f7d3bae2febd5185feab0881583078a5dd33ba821bb8b989bdd9f7a356fa99f22564b3219c4c1cb175647a6b47ef8d100b082

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 3473576bb9e8d832ffd4d71a8aa2aa44
SHA1 a0cf709454e2e0ae8ed0ae126889dbd161c135a6
SHA256 f5908bafbe9db8a067f5ed32001c5455b57def030bffb0370b3200e390c1c979
SHA512 ef3108737c4252666a9838eb9a1695628a66775f1cbb450f90650a615dff3188d96a3602323b7604431540a6e2c20b69db9b51ccb7c26a24b78e486fb1aac921

/data/data/com.android.yxkaola/databases/accs.db-journal

MD5 d122de8c5897df71a9a0041a5da4a072
SHA1 df42ec9426b0945f67388caf5f641fe96e258b65
SHA256 1bf829b6342295ba3759e48baa03548fe887c21124600e6a014bd8150c65d529
SHA512 6ccf1ae1db14a22675ea91f11cc521d93215c099dbe82aca2a1221708b97fa0080846c7c97e6326efb07d873e77e0cf328ae4edebc935315d126d37bfe945902

/data/data/com.android.yxkaola/databases/accs.db

MD5 d95e1280cc553509d7b5b7851398db12
SHA1 121eb76ea37f3407d0f3b56392f6f67893fbe649
SHA256 58e0eeb309805e54342d5ccb3f9006751543d5a1306898dad2c09048b294153c
SHA512 f52c432894144ad581d36d447ed61ac50485dbc931ddd9b2ba5ce399642dcb361502e6492f28e05dc7cdbd5f19126bbc6cc09e62586b73bf449da950a6de1284

/data/data/com.android.yxkaola/databases/accs.db-journal

MD5 d010852bc0e58b3c85e4529f3d3e42bd
SHA1 033558321467b80d061aa00d1ea24fc7a3cee63c
SHA256 06171fdd19b67a2c2fa86f890e04f079bcf4158e798c31d42a12099221670c25
SHA512 fb4531882d2c0eaa00e8d106ae298cd466b86495daca53e1f80273140065df1d03d1e60dc650a576f0f7de17d5e44371f1b22613d694c65240b5f6ec0257006b

/data/data/com.android.yxkaola/databases/accs.db-journal

MD5 e64e99c8fc7cc1cae5a5543bf41358f3
SHA1 d6c8db475a2f05ee20dcb63bbe0dc5df9263eaab
SHA256 24af01461434e1a9647b826ffa4e40ff7fa48cba72bdc3f7d1bbbe7a7b1dbd90
SHA512 e97f4954ac836a99af730d12430af48b5b9db5ee4f345498ffcd4437093f829f478895cfbc9006e9620222d5f7e693a512a980a32217bd80fcfc8badafe55566

/data/data/com.android.yxkaola/databases/MessageStore.db-journal

MD5 635d63f09bde5ed811470da250b92668
SHA1 31d60242e4f03e9a4cedf675aedaeca44bcdd5ae
SHA256 f5ec22609f1b794cd2b648a5c89d1d0802f34cc61d810156dfa82a94be496a06
SHA512 1e096754a61ea5d662fad605588c2dd17c30ff3f82dad64dd517d905322325f7ed88c66f25804d4d0c7914ef7556821fdbef0a2deb68ec16314c762c9204e11d

/data/data/com.android.yxkaola/files/AntiCheatingLock

MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA512 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

/storage/emulated/0/.tcookieid

MD5 209dca0a8d378f499277b6820e1f6f58
SHA1 f14db70831940f584d6e44496f05e9e96ce58b68
SHA256 1f547391c1e41db71d1ce5b07917d5c62dbeefb09bbaa78fc9433f31e36ade42
SHA512 a21ca973b62e39a1710d3a2f61ffbbdaa789cafd9f9a70ed85591e498037d74ad0347adac34d8f8212f9a17628d064fc22b4b4708276cce7833db0272965295e

/storage/emulated/0/Android/data/com.android.yxkaola/files/tnetlogs/inapp_20240614.log

MD5 f5ec1da68330386c7f7be012b93e301e
SHA1 572e848a77fdd01cde114a09c9ce038735863f11
SHA256 943273d7b31f47550c767749ed0d6d6e8c93d2f56134acbb969368114dda8316
SHA512 798bd5b5b583184eccd05bd4517d73d47f7f89694d79dc575f32b3071a7529917464b0c1ddf5c565fb079068364f4f550e79a969bc31329926bfc2cb67b16280

/storage/emulated/0/QICloud/OpenBox/2024-06-14.txt

MD5 71dada3e510d1a1b003a9e02cd34cb5d
SHA1 2f02728f471fc3dcf96636aa5e737437a8edc0ce
SHA256 eb76e2160eb3a8b06138dd1575d09381380accbac2d0b9bf593ae38f06639d00
SHA512 939f208f7e4d98ea86ee3e9d06b5ed92f63830daac5359fdcdafe634c733510e73d2bcf7248bf50afa64ab04b416a4d6b72ae358698f985fc10c6f9a1627f5d5

/storage/emulated/0/QICloud/OpenBox/2024-06-14.txt

MD5 e3068e0af12ea9c43d90b97ab9c0d487
SHA1 84af2f8b32e62926c4ef9ff68c5caad56d61bb09
SHA256 886f87ab07d32e5754329fd16971f51797e793686b28b75f57c078be770890de
SHA512 117bbcd960342864d41e4a0952ea7c7cd553361ce5b7a86dac7bea7c2b063170b2b60f9e4b1e0602547dd4bcf51086f14426bfce316776054cb441533c2a2f88

/data/data/com.android.yxkaola/files/td_database2TalkingData/1718333751280_5177

MD5 3e16bc6a2308114caa9f33a9bfd62e91
SHA1 d40f42e87543b32fc4d0041b6705f4a126b9fbda
SHA256 12d8c427ec8d6d43a02f809d07a73ba7a6d7391aed67292745c5f0d49edaf13c
SHA512 7fde29e7e4d3b88e852a2fdd07b1f724ea71a119ce664d2de2669dd6c455595a0cab28d03ee71ecf3d8c0ccd3ceac2b49056f1e7f0f7bf3f270dc6e078971786

/data/data/com.android.yxkaola/files/td_database0TalkingData/1718333751410_5177

MD5 04aa4df675ca25615e18a1cb8d7106c8
SHA1 b1c29cd44195e1b1fe2b0eafbb3a9ff8caa9d714
SHA256 dbfb7f74da51794f0b293bf03712f34670e8618fc4ef440c37656159ab29cae6
SHA512 df2746552f44295e0674648ae61b338c35233d597d95df1dabe94b59298af0428644b978e288be57ece2836ecf2b9bef65b54d187cb69f2c20a6bf105c8ccc08

/data/data/com.android.yxkaola/files/td_database0TalkingData/1718333751599_5177

MD5 5f685cf465baa7ad60112b864a7cdc9e
SHA1 d4eb7730beea081bfa490027278258db0e4719fe
SHA256 78baf8199568c11d1a72e1657fc6f8d5ec8d8fb9844f8403a412bc6c3de4db09
SHA512 7f2db2dac7f06b4a99fe159434b6fd643c673d765c726d37a3e5cb7bfa26098422be1f0e4ffeacaa716174cc22cf2dd49a199117c0367c5bc9828556a1d1851a