Malware Analysis Report

2024-09-09 12:56

Sample ID 240614-kl8bkawgpj
Target a8c920c1274e23d3e3b7f86ae178e289_JaffaCakes118
SHA256 30fb8863fe9ab35917deb1041000ca54d37b24dc9e6b9969a78ec587b1aba9df
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

30fb8863fe9ab35917deb1041000ca54d37b24dc9e6b9969a78ec587b1aba9df

Threat Level: Likely malicious

The file a8c920c1274e23d3e3b7f86ae178e289_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Requests cell location

Requests cell location

Reads information about phone network operator.

Queries information about active data network

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 08:42

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 08:42

Reported

2024-06-14 08:45

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

186s

Command Line

com.ynxhs.dznews.yuxi.tonghai

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.ynxhs.dznews.yuxi.tonghai

com.ynxhs.dznews.yuxi.tonghai:pushservice

/system/bin/sh -c getprop

getprop

/system/bin/sh -c getprop

com.ynxhs.dznews.yuxi.tonghai:remote

getprop

/system/bin/sh -c getprop

getprop

/system/bin/sh -c type su

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 party.api.xinhuaapp.com udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp

Files

/data/data/com.ynxhs.dznews.yuxi.tonghai/app_crashrecord/1004

MD5 6f0e28a2f99e5005398eec0ea6e11299
SHA1 2bf6d79003d4255be27066d694443dbccbb37cbc
SHA256 e4becc7729121ffeb4d95ac273ef5ce50f7a1519186cf3400effb3e809369fe1
SHA512 aea8870462ff0971cc87289c04c93555fbb3fc852b622c46e79e81bee7dc733dd7886ee187fea28ae6935152850ca211c545b1eac7d6207eee88b51727238558

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journal

MD5 0fab1817aeb6122d5798ce57fa1626f1
SHA1 0114e1292a4312f56b6d84041a9f5dd867f1f544
SHA256 ea4d1f6ab37fd41e7ec0145d941b0bbc5e78164475f9da9429c07829927c5dfd
SHA512 a67da4c899a403b5752b568b322d68ba13eb239f715077bb79c304be95a0cd1718c50db09c2512e3beeb7a83f121db4a00286ab76e47ef785863baf12a720d50

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_

MD5 05c9edc48ebae0942e3309d6a4106d92
SHA1 408fca0187936e58c84cdfad3ef643aee35794fd
SHA256 9bef24a8a288037124c6f7cbaf6cd859d66246c8b32d5bb8cf4de39b7df90d4d
SHA512 484e0d01340f2092141234c028b2dba03c59d262326b7566049e04b6f72de5ef97e40025bcb2669837ce0213a7db8ace1e99062a3e01bb094edd8fb6059a010a

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-shm

MD5 4c126487d8842995f2921e023311364a
SHA1 458694bc8d4ada4cd88a5215b2f695eb662bca5a
SHA256 959353e946aecd9ff366bf4b8d57e04da937961386012c66e9560f79dd42058a
SHA512 bee5635ae8530981898cdf0f994be5b64296cc333eaa91e57b2b4f90cc5e0d081fa69af94726920ce4341391b1d1b4b1bf1a098ec4b333d0f004cd329f960ea4

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-wal

MD5 cc2478672c53da7ae5b65dbfee2195e9
SHA1 1b92e98cedd257709c89070c0f7d436e016808c6
SHA256 45c1a725eb1c1ae6d2d0377394e3df181606d2826f4a7166395d9e2d5cab7efe
SHA512 491329d31927dd528d2e32b6d105eecf3b24bece996b3d8f14d7e730699242c5c5d4c530758bf5ccf670e868e7923190549f9131bb410dc90faf893cb0bc3246

/data/data/com.ynxhs.dznews.yuxi.tonghai/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journal

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db

MD5 a6215828de4f6363118596ff463e0bfb
SHA1 19b83ade551b015b8ccc7b25ab2ecd5274fd27d9
SHA256 e89bea04361e43b9ed37bd5e25418e6412c366a8f54ed6f03b6223a2c0b2c756
SHA512 461636e17fe3e38c5b62ce066a282386dd7071291c3185de2c6b4c296df19247addf79493b4f455fbdf54928741d44864701659ac2aa0a2bc64b03bc796969c6

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-shm

MD5 3724eb4070b68db936b7b50fa7c0efcf
SHA1 39026fcc4ca9ee670adf8e9ef7eb5e4bdc5490dc
SHA256 810856e6a32131a59f547676ce70292778fbc7fd15236ebc51d960ac7940aced
SHA512 a440c1fecd39a1bda348a730a181275e33ed1a4e49c6f73d0d0bb5d2a4f1092e731ae019e41ba1ca7d87116850ea2293dd3f9a46cb822ed6828571444eff2877

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-wal

MD5 a89091c153d6f69d5310983dc0c7c118
SHA1 06841e4d51a76090a88269853e9f2531b182482e
SHA256 a9bc352874448bdb59151361859903cb37ae51d098d7c189338a9e97b4c7c76d
SHA512 945eb6e69bd97aaeb5c477dd7a7b3eb73b0323541ef38b5f62a5c0f6378efb0f7251d1fab397df6a476446e0b102f91eeb6ae9d4eebcac9813e079019debe553

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-wal

MD5 972725fb7349476caeceec0661c9201e
SHA1 3c44801fa73c30536158ccceddb968d1015e1e0b
SHA256 f61dfcb7040e5fd23773c788e9ac79a6e3ea73689242b41af2781eb0bbbc4378
SHA512 b1925c1f93d36d3a88b0172e065c4fe91dbb0221932d35c0e0160a0417a14e706c2779046cd39dcc4280278e1b3a47b7b4effbe00a0df633b34c87afd164c826

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db

MD5 99e9a62a1835202247c787a646782ec4
SHA1 6879005aeef3095ec255442165ebd1bf676af662
SHA256 0d3309f481f7ab003b8bf93e4d347b09321b468e41b366908b253e53023ac773
SHA512 1c35e5682203a517c1758f6074c6a22444ccda6e7726ef20f7a5d2e396a9a486440ee12af9001ab5a3c7d1909997b120166b1a17f921019e4a2c77da8b996639

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-wal

MD5 fd53de3b7931da8e30f5db7c088dc924
SHA1 346cb8898a6fe92d22edbadcee615684d1d01642
SHA256 9e61716440fc0e6cc0857004b91595b554c8013ce3a4ebc42aedc072c2cb17c8
SHA512 4557c1f1f836ca3a4b5a1bb97f492944db698dfde154aebf56ef5658270957db9b35077170fccdaeb0c342a3b6f3360f96f97abd38ea6a079ca3168c6635a5d8

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db

MD5 b876092ff49038dfd83e6d77f9d322cd
SHA1 13e920aa7b019a46c0378211770b46c96d008109
SHA256 33b1de0981153cffed59ce474a8a16d51decff027e7ad851f737dbcfe2dc0f52
SHA512 dc431b0d7c8d5f786b632cd305b70f9e8575f22e224ca927385bd2451cf319ac2567add1fee6bf8707259a1ba96b24b5a0c1933e18d2f9dbbb04c90ac61da937

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-wal

MD5 37afbbd1e1c34065c814447d5c6a1425
SHA1 de13339706d4eff802cc761251f987f5c434e452
SHA256 255bfbba3d5fe8562fbae42cdb3c08cc8d3d206cd9763742e1bd840560f36e88
SHA512 6feb200844cf63e9eee07f278c945cfd1ea1827dbd31ede22a68a84dff29ac67ee6e8c583ec27353570ebe00c9ee4a230bf1e6afc57906023cfc018996b0f1e3

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db

MD5 82aba2d427f63af05eb3c3c0682a7f8b
SHA1 a9307781219f84687bc4578037ad3b11f12f3132
SHA256 e15dda3058f439a41bbe7ac89b8018d3b40933fa760bc3e6c20ea2294bf4ccba
SHA512 f2f0de4df31446b0a656967c5bda350772532ac4dc318be9b384258763e467798207949a4d8db16d47a0c2297c9a2f650c413dc73fd1aee05e3cda7165a4f850

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-wal

MD5 f6ef3c14460a54eb46fcdece105b53ee
SHA1 8dcf8aeed27e534d92922a642c1f3627c3590897
SHA256 d1714b5270f8d0f2f2c9f7ad98268d282c52cb1f420cc150568b8effb3f21c2b
SHA512 8a1c5cae2f2921915f21b60d036e511596a7934eb71e411e4c66aac2ee82780ac08bab980defc743e2cd16acd3ade58f3f59a682ea8636a19a25a119d602dcf6

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db

MD5 9092f116349504a93bf24ad216956a8c
SHA1 9b8d0b8356d72425ce55eb430bdc9c9d97f67824
SHA256 bb717dd6ae8bc2e722b06efd9a72fcb4c202fc9291febd20fe65558120058487
SHA512 0737e5b359d5181fa666dec030bca71c087f602232be79126d9d405957d43bc40c35ab34882164fea924a9d07909ef226a79b399e155ad06c00cb646220ef351

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-wal

MD5 5b6de45f86ea96d74dcffaf15f50bf43
SHA1 bd77e6b57046278def0aa7f7f66ef795d86810ff
SHA256 29c1da68eec6d5e7202946ce28a2467fa28fa2d9f19e7cd09b356be5c6431d10
SHA512 ee35c8ea3a02d70996dbab4c32a94e677a711ef77dbd02acaa0cc8872d608c036f6593c322d029fbf787148e4c363b7251aeabcf498f27e0c0ec2132b4a2748f

/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db

MD5 ea04d3f4c66f4f554cb961591826518a
SHA1 5b7ace9ebb17d1f0044e19b1d6d25377c08cbb84
SHA256 b2eddf9d02c61bf9fb4a4741b462f1ba3332c84f16c7e2d10fbb440135fa79a7
SHA512 4e51a02cd46090894ddfbd6efa526c65a0059e752f1a1c5b536ee1eed91d73ee9fc672b1077648cdc96a3bcfc0daacbbb71ab72be341170bcd77bde42c27833f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 08:42

Reported

2024-06-14 08:45

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

179s

Max time network

186s

Command Line

com.ynxhs.dznews.yuxi.tonghai

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.ynxhs.dznews.yuxi.tonghai

com.ynxhs.dznews.yuxi.tonghai:pushservice

com.ynxhs.dznews.yuxi.tonghai:remote

com.ynxhs.dznews.yuxi.tonghai:remote

com.ynxhs.dznews.yuxi.tonghai:pushservice

Network

Country Destination Domain Proto
GB 172.217.16.228:443 udp
GB 172.217.16.228:443 tcp
GB 216.58.212.196:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 party.api.xinhuaapp.com udp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
GB 142.250.178.3:443 tcp
US 162.159.61.3:443 udp
GB 142.250.178.3:443 udp
GB 172.217.16.228:443 udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
GB 142.250.179.228:443 tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp

Files

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/app_crashrecord/1004

MD5 32006ebc5b2f6219b46b6b320642023a
SHA1 c0106d98c88c9f8d10fe819dfaf9f1cbf6fc7730
SHA256 f8588f94c8bb74d07c4e26427bc7df60aff38556344ff0eecf72d0a15cc9de8f
SHA512 abff6a62c21b6ac1ffbe3a3b98ed3c18f43910beab55d021c54209af9ba4dd32a3dd90f09cb635b1dc3b4d14dfec6dc6631064577613753f36289778a84b29a6

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journal

MD5 4d4dd2a63e159fd52275797c03654ce8
SHA1 a64346241960c333dd301bae2ed3c07999a910cf
SHA256 af98f2d4f1d13bfd5176c756fe56428c528ea34b2dde09a5aebfe33115134105
SHA512 a72fbdc3256064a88276bae1cc11f4b598099826fbec66988833221f8993a8990143b937bd56e81dc13325e37cc79866838bcd4f9e0fd1900bc693338d684099

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_

MD5 3aab4c5a851d4c3d87c8f369eba78dd9
SHA1 06ec8244201c349dd0c13a82434c76171413715f
SHA256 3d15057455640464a24c877f753002a46ec7e52c0be892116233ef4bc12d66a9
SHA512 8c26676b33e9c482ca30873105f5c464af028a9067226f9e514b3a78ab74b31a80453b000e79d672617691c9ae2f12a94ce8cd4fd1f2ea4d13b2020e3343e520

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/app_crashrecord/1004

MD5 f53f1867384a126a5409a7977b174a54
SHA1 dd4b44105ff893ec081fb920dfebcf09d77a5957
SHA256 1fb371a6a0941738e674b7d915169febe90fbdccd528a6493943863eecb8f25e
SHA512 51835934655475e738c285748ccc90d87f6d7bd51abf025a4c93dca3d79318c6b44fc74f90334af8ed99bbb5e4cad712a75f84738e2bcfac51e0bf17fadb8cd0

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journal

MD5 2afc75e40189cd18153a25efe81af843
SHA1 7a4807e7e959a18386b80bd0fe368d5ead56c793
SHA256 7b414feda502ecda7362a1456f448a5d254cf9cbb6d9a5b1d469f481dc2a3e84
SHA512 256fec58510bc363cbf41779693c2f98992c9d2f774043257788e1a604ccf0e435991f73900cc0a38920ae7c64ca2b24dfdc3e2267223df937195643f97506b4

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journal

MD5 395d4484b4d03380d69524daac5dd839
SHA1 fd66bd95ef00a2dd87f8fe56142ff6cf66a9e3d0
SHA256 e2f6c8373760a2b8063cb437646051e82244d76bc4f45ae1b20013f3353ef66d
SHA512 5848f380f6d2015d61fd63707e4de37d7896ea2d0240ed11d9d266fd10cff013d34a465ff3b64afdff2751fd1e57910ee088bae17baa3039a7fac73aaa0f0bed

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journal

MD5 ef4cee190e0404f79555ff41e159bf19
SHA1 d9f0297383afb2efb4ea47b988a97fadf5bd1896
SHA256 5e0a9b37b926c11e51e256a600859272b2e3db3cbd4a046da918c3b86b8c2d5d
SHA512 c98f35c1c8f9383e39862cb3c254ea17a1fe1a90df35738475dbadbda579f65cfdeae5ecf0c562849e0863b58947f4d6ba25b7f64a5793aa1ab29626f709bf55

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journal

MD5 707e58354ddf9a0bc131d9aefd47aae0
SHA1 a41f71186ac27887231cc2c52aa118ef707c1ada
SHA256 129baa86766dc2ae75571e2cbb73e321d38a79e78af9632744356e2ae53147da
SHA512 8f5f7d08b8f179553dc32391b55868e062ff7f8e7781b8c344c1d425ca827f991b45619a91fa23990f4a3fb0aa7a80f16b118bf0cc89d40e0376403945269d1e

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db

MD5 1e0c2603f2736c8a497460a0403dbc6a
SHA1 98e7bfa807d7f5152c263186d3896ac73d9e5430
SHA256 b0102c148d5d854546e553cef5c719786d164df71c34c854191b13491e29aef7
SHA512 a84a91ce69c524fd8b4c230ffeb4b2f59cee1a6d11dced9ad7b1ed5cc022c364a247c4838492f4b32ff475045b1f94792dd623153ec8bd36235adac75594f17b

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journal

MD5 c93218b2f3292104e20305d49b68ad7b
SHA1 4928d56782536f10619bcc40fc9d63097775e936
SHA256 65fc651bfe913c9018ecb96cf06e549ecf58f8457e60cc84eac7c9d552a0c2c5
SHA512 92753e6a6a1420dd1a10700aa0285c2c71f8320daf2833b3e9163f94e9d04a3639247690d387585189e7a9f82174d3857b6504f5ecb7303d062fda9ff5c4732c

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journal

MD5 dca0ada8afbe381079e39e82bf0968db
SHA1 a3438c2585e0d2df7f8047d69ad603b9651ea908
SHA256 42a59e9f3764b66cf83fb2b5127a7591447a1306270ca64ef04de6df5544c82b
SHA512 b1300590740ad5e767d76a14eebe1d3d58cdace35db1921cf60ed825e24e33498a289a1a145bd417f3181200f8dbb991848995ab2e8faf13ee77a7c68682b055

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journal

MD5 58c9ba18e5387b15676f75f122362a36
SHA1 fbf380a304ac8e3cd46e92500acdeabab5304ba0
SHA256 e2ab3d741b10464438c06eaca6f1a8291f0c5d83ad73fb1ab08a422514d26df1
SHA512 c3fa4d82f9f41cfbb89589c501c04caf279723fbecef22a3b8b1cc4c528b1bd512c9890592af07d61b0c6d9f78a0401a3d61ed1df6795dc9a7353018909d1e1d

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journal

MD5 ef2f1a85a1f1556183ab769e2104cdbb
SHA1 a259f1bc4bd7b15012505fd744094c271f534204
SHA256 1f879554ef2469ad5c51c74bdbfe2b8be062759453304bee316822b25f1af667
SHA512 4bc4828f0301bd59ecf553e3a93ec9feb7107949d304dba079c2b391af1fa8f46b0c4320fb419e04e8de0b351f4b3ede5c295410dc6ff31a57139f1c5b52f768

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db

MD5 89f24c55c5d0c357908fd2dd2033f074
SHA1 98afc3573d80278fa9c28c35cac5358e67ca069e
SHA256 7b054b6fbdefdc1ded6c728ae7d191fcb8bb3d4ee04d1aec6444bd777e5cec27
SHA512 31aa44a2bc76a12f86e246ac02aea15a2acb5dcd2510624e068cbaf47680495f13f745eb40b8eae71e39aed55c3deb282b75fe3698ebfcf8e1848cbf6806c1c9

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journal

MD5 b03ab7696ed42e23784ba00bce20a23b
SHA1 52e3d1156a2443f863ad3ea14eb3d371c0e17d21
SHA256 43082671b8b30eb5eeb3863db7145cc7784788ff312aadc53a0e73205c77a008
SHA512 bd568f36e685ab8de642543f39c67beec8d02be2c8182717d6018a57a1f306eef99c4c78cff4533861633b653e2ad3f9532e727ab68212a2feb56f3728eeebd4

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db

MD5 9748af263ce3fdf1269b13810a05f2f7
SHA1 6883ec2d90d7bb6e94b417b7032c2385f82fb22a
SHA256 8acc4931421a2200da3bb4f6df2adb77f2bbc538cfa79d4c2c3ab75ffc59eac5
SHA512 de7d510da823e91d4d1f4d4180b3e42da8c87b0fec1e3ec18676dd10f07cc9cd1910e310b1e0f9953a7cbc38186aecb1bd41d8356d046f1218cad236b7521139

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db

MD5 f5f7184e089cebf426f4604c6d990a72
SHA1 d90aed3a15beedd60087d8ecdb884cc1e8f65fa8
SHA256 49f12ab90931f044a86bdf260d7ae66622b1d65be863d5550dce60722730e590
SHA512 54ad678b5e72501835796bef108fd5c1ffa9d17a95b3ad130edbe5135d150b8b63ac0fcf90c9ded9f6c0d764bf98cdb010da2e7cc2cd4260bbe8fc33082f791c

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db

MD5 f264a6f36d854fe97978ecd49f1cbd79
SHA1 c59dd21a7ed257ed90b113e8af466fc874284355
SHA256 8dc7fc06bab9d86974e12753c1f820739583a88055ed94b61ee89e62c6665094
SHA512 1c28e1bc1e87137aabeeba3d7e2eefea62fdfdd43d581fdbe9136f6b23d381c25239d901990b84d2c5b611fe68b659e41e27351a4d1d1cd363f244725da1581d

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db

MD5 44b98c0d0ab33f8df1253e26e8e6117b
SHA1 d0fdfcfee51782a0c62add8e1bc4e2b05ade5c18
SHA256 4b03e9dcfac93f0716b985fb1e3e48ee94c66e880d8edd488062adb80bb8c0c6
SHA512 91f8a4f2a4da3fd9b19f9faa386d7201c585237f1f32e1cb73d7cf74e67691a8c2ee573c31657e1c217d328d9ad809e3dc005c8cbcd858ef3188d686ee9daa59

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journal

MD5 ce1ff63645b8bf52ea758e549fa3a859
SHA1 314d871447bdbe3f7586f663339020bbf7667f83
SHA256 f049091970fb353a36a75ad6806549c3492dac203e0a698785d40c972494214d
SHA512 5213f8ca03e7bc6a690c858a3fda3e722b0d0d0ece53ec324ef586c9ce9a2ea9906202a53689b6122a0b46a1c55289ce629df6c07e37075414a022e5c9efc177

/data/user/0/com.ynxhs.dznews.yuxi.tonghai/files/libcuid.so

MD5 6a2dbaeb0e2b94e2527cff7eaefd7f86
SHA1 87ff5f0a611a9b5c4db2066eea9f9de4592703ea
SHA256 ad65bb158a59642195b8fbc219932a42aa566121d3104907baf53749f6c2acb3
SHA512 22ec4b2e3a1eccc492baaed207e7fe0e3ffc0946debffee2b7397d37dc4cbc5feefca9e277b74d63d167fee915125071c71a45e3bb660c33c50daa168a9de6da