Malware Analysis Report

2025-01-19 08:02

Sample ID 240616-s497wayfmg
Target b448cbd1206ce374b9c2d3911e61c13f_JaffaCakes118
SHA256 0b856786a7ad267eb4e50c806cfb7dc348baaca8e1bdbc6f2de05fa7bdb001cc
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

0b856786a7ad267eb4e50c806cfb7dc348baaca8e1bdbc6f2de05fa7bdb001cc

Threat Level: Likely malicious

The file b448cbd1206ce374b9c2d3911e61c13f_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 15:42

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 15:41

Reported

2024-06-16 15:45

Platform

android-x86-arm-20240611.1-en

Max time kernel

176s

Max time network

185s

Command Line

com.imib.cctv

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.imib.cctv

com.imib.cctv:pushcore

/system/bin/sh -c getprop ro.board.platform

getprop ro.board.platform

/system/bin/sh -c type su

/system/bin/sh -c getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

/system/bin/sh -c getprop ro.build.version.emui

getprop ro.build.version.emui

/system/bin/sh -c getprop ro.lenovo.series

/system/bin/sh -c type su

getprop ro.lenovo.series

/system/bin/sh -c getprop ro.miui.ui.version.name

/system/bin/sh -c getprop ro.build.nubia.rom.name

getprop ro.miui.ui.version.name

getprop ro.build.nubia.rom.name

/system/bin/sh -c getprop ro.meizu.product.model

getprop ro.meizu.product.model

/system/bin/sh -c getprop ro.build.version.opporom

getprop ro.build.version.opporom

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 124.70.128.38:19000 s.jpush.cn udp
US 1.1.1.1:53 t.appsflyer.com udp
GB 216.137.44.111:443 t.appsflyer.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 123.60.89.60:19000 sis.jpush.io udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.137.47:3000 im64.jpush.cn tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 124.70.128.38:19000 easytomessage.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 113.31.17.108:19000 udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 1.94.137.47:3000 im64.jpush.cn tcp
US 1.1.1.1:53 devs.data.mob.com udp
CN 180.188.25.17:80 devs.data.mob.com tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 124.70.128.38:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 113.31.17.108:19000 udp
CN 1.94.137.47:3000 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 124.70.128.38:19000 easytomessage.com udp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 1.94.137.47:3000 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 124.70.128.38:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp

Files

/data/data/com.imib.cctv/databases/cctv_db-journal

MD5 e75ef96af24bb01618062034d2e1c976
SHA1 f08d46fccbc24feba7c21b807267c6903fd5ff6a
SHA256 59c00a9f1b1a531ec931f2b1e3c3528333fcb4b5298f8617b2a693e2eced7500
SHA512 1908be74dd13637b13f300adeca8246150f4b15aa1f189fc2bb98773bbebad4f0ec49de63337c5db823304a3f39c4d69f946f5189d5f541ddaf96e1ecd0fa22f

/data/data/com.imib.cctv/databases/cctv_db

MD5 4ab97c329ae083d36faae95190603fb2
SHA1 3725e7aee0c1115181164e1e0e80f5c38dabcdb6
SHA256 c20e0b8294eace8b7506b1f65a02f50455dd7aaadbd0b0ac6536f75daadd1e74
SHA512 fd755f48385f1713d919662400b0281740a99e472a47473c71cea1bba3748e5e562119538e9b67ad5a0517d97d059f0053c4278b4b693a523d187ed930d82bb0

/data/data/com.imib.cctv/databases/cctv_db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.imib.cctv/databases/cctv_db-wal

MD5 3e64204d4194860ac0e69ec4360913bb
SHA1 7c8cb8864ba86febf2c50904c1433053801dea4e
SHA256 669ea4f023045f8697558d207c118304c3e31257fa88fbcda340c90a38b35d01
SHA512 52ee3271358b1cc835561af1566454d1b6c19e492d0a5eeef1574c485954d48f795de9e5d3f4f6490d19a295f244f22df1cabe875f7f36f6f848fc048b3bff21

/data/data/com.imib.cctv/databases/bugly_db_-journal

MD5 107f4c462684a7ce9f4a48761c73806b
SHA1 15cefcdc8791535962998d5ca14924f8fab29fa4
SHA256 df74214bdbe5cb61f2f9ab28e25cd758c0ea89b714d3d928b80e8e2fa8f2a69a
SHA512 c5e49b31a33f916e64d0751384584977f0b7f16abab5b9e55d89c129d13776c7bcc7328e4f9ff19c64a829329e08ba552c83f6e673ab7e78d3c2a83b1f827855

/data/data/com.imib.cctv/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.imib.cctv/app_crashrecord/1004

MD5 b7be05065f60015f28af0561837b63de
SHA1 2f8252e09db5fac1c517f3e26b320beec440b5a8
SHA256 adde84ed15e3850a6a5b1038846e1bd32e2488ee2b6cae22c1aec37e261104be
SHA512 360179a75c6f47ca3aa100aed928b6678178edbe76c70e8559af523b624a1339693e7ff7859de6e1957ae7113d47f65ccded0e86b9e58e0b0a066e36b6b157cb

/data/data/com.imib.cctv/databases/bugly_db_-wal

MD5 6b2bb472fffaeb85caabd080e9feb93a
SHA1 2a6f5e4bdb1a046353de1ca85cdf8fe35d70494f
SHA256 8ad478454ebfd672de28fc93aedb602c03a13f90586c748c54fce8989d2457ac
SHA512 cbfde9cef2cc03f78db0583835548a8be9b32e826fd14a460641fce0386c8b55843c04f9985aa24e5a16fd5bf97183d051c7e168436be56f46dae7900cdc16b1

/data/data/com.imib.cctv/databases/bugly_db_-wal

MD5 0547120cba9afa36cbd63fa5e188bf46
SHA1 9e371f21e28dc5aa1bef6d010c7b242c963e4209
SHA256 b4a5e55a8283cd53331fcf922cf9aeb2c701d4b0534ec8723c83c7193eb44c1a
SHA512 9357c90b0171a45266290ce0af2cf4d879a5dfb9811f173c3b2ba2ad50c84302dbe9a2e1ace3276c9e4ab7b85f667bf25dad8c362bcb1b60e0613b993de81f25

/data/data/com.imib.cctv/app_crashrecord/1004

MD5 823ab16305474af72381fae87911cfe4
SHA1 2d4e923293b2ea7bbb24fab0d2bb129df445d3f4
SHA256 df4c46480984c43fe343e6fbaf9806b2645392ff4c4e9a0bb6032d770d76ca27
SHA512 49ac118cc512556c06181c1f9bb1bb95f0abd79764138f5c291065923f0b1369139cb58b6fbaf13d6c7c94847805954402290a181c7c2d48aecfe31669aa84ea

/data/data/com.imib.cctv/databases/cctv_db

MD5 816f3178daa9104ab0bdf747c3efe04d
SHA1 688a74b63693fecb43ceb430d3e313fa09fac4b7
SHA256 48212144ecec46c8df0ff072ac3908bce04a80ab23e5586d4eb39cd0ce63b920
SHA512 e54dcc5ceee552cb9183015ae165ccbf35a4d3aa717124ee1fa70d886f65c112f1a08a62153d467bcfc14f7fc1ec14b9ee318ac3111b9a7d37bd4a72c25c0578

/data/data/com.imib.cctv/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.imib.cctv/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.imib.cctv/cache/image_manager_disk_cache/journal

MD5 7a6eb2055b584e898bc58693fa93ec82
SHA1 9df21d14a6fb149b7fea0c46408bf84a6331f41a
SHA256 6f62d4cc0e5037dcb292772a8e754f657e169506d2f7609ae8f8a5988deb1edd
SHA512 3e3096f7aa9044165f4385c5f3334a3fe40801eca60e3a35a4dbde7afb6639ddaeb78529c768c727560ea756c7b32e53084af6632b681181e8d8df44a7739662

/data/data/com.imib.cctv/cache/image_manager_disk_cache/a49a7c949cb3688a073149700bb8178fc1c6c59f1548231f457baeb319debac8.0.tmp

MD5 1f6110d07bb5beb71c4651c854180493
SHA1 1b478de7a0ac6e6b961bb597998625aee744c77c
SHA256 cf1e247a9a7240d458d6bff0b3805ca8d0b8186e57cedcf5b24d8912efb3948e
SHA512 78e283df3a7f107f897e0c4aa005de6be7b7d009cf0fec7bfd75f78c05b5a97f85924297097c33584b93685d16263f80b73e9eccc46d342ee013ce7026af1f10

/data/data/com.imib.cctv/databases/cc/cc.db-journal

MD5 63c24f80e543556e86344a69c22a01ea
SHA1 4c610d492aa0849de12f4a5648ddf62283b2cdd3
SHA256 d14911c503d38a2c1e1f811136f3260b500785b1b1bd168fabd5ddaacee35120
SHA512 96ed586487c49aab0445627c8ced13b34bcf73f9617d0dba45b3d2d22cc1f8197ab6d675a2d8d2d73d2088abe8cbe04e69f295ba77186c833ca817eb25f8715c

/data/data/com.imib.cctv/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.imib.cctv/databases/cc/cc.db-wal

MD5 4f5b873fc41a5c210950f30554efa710
SHA1 4d0c587de67f25b17281232db70f273f5259f120
SHA256 7218d4df54f9df41d93db419d79d9453915f13b7f24402288c2bda7e7a20b266
SHA512 e04b93d003572810bbd5dee889440a610c892903a97cb252e41f39c251abf1dc54a59b09a4d2afec67af698d1c85a018dbb61be84b2ad535b0e63a5e21b6b9d2

/data/data/com.imib.cctv/files/umeng_it.cache

MD5 d4748a9f9b2e370fc49c3d36812492d5
SHA1 1118bf0685de9424ab378d84bd571fd287451d29
SHA256 ce84f89d4fee0e9338496d8bd75ac78cc32ae64a78c984dae2a648c92faf5032
SHA512 615cc21a3cb7783af1cb4eee866b2db74a0f3f960fb933ba4e18887edfaea2a2351d4608187d79a4136c4fb1050f487a59263f6be13e610347eb40bba785de0c

/data/data/com.imib.cctv/files/.umeng/exchangeIdentity.json

MD5 c442e15a3e3b8bed905a857f64d35ace
SHA1 2fe10c4aaeac8e34d761a5aab1ce6d06d2760527
SHA256 8287a180ccfab37ef1acabb99d6d8f0d7127c2516a34c46de1ff6df837aef517
SHA512 4e4f40493798ead747715e9ef2233db7510254fc2d1f1aa5344419992ff5f7e1a26e64ba03022ff4945d7f31a4bd888f3495601cf9937d24a0bb49200eab7cde

/data/data/com.imib.cctv/files/exid.dat

MD5 ce9622b0225d9cc2d0fec80ac98fbc08
SHA1 2daeb8547ded8975a55ee20e3d30ac864b6ecf7e
SHA256 8f32c2197888ab8af8de783e15f142238f57708da169ecd58727d58de84428e1
SHA512 f8faa407df14cf33150dd421fe7e99cedf046227fe3e0f4d512a7f607f395193aa0b168a5fb17010bdd814dca57fba94809a1ebf344c97f365073f6d25124958

/data/data/com.imib.cctv/databases/cc/cc.db-wal

MD5 d7dd3b18da199880d95618dd55929942
SHA1 112c8b6a944aa3f7155b28fc6f25f5b2639b52ad
SHA256 badee7840d17a25bbed68ae77cc4dad561657a2fea1b91ec4a892250128257ab
SHA512 e15bfa11d6836477964e36a00bf49b99e2db2668d87ac7cba88835331f50fd58f0e1652c634792e915f7bc41eb7c26347d421cc699716f4cc7f2ee1183cdae2c

/data/data/com.imib.cctv/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.imib.cctv/databases/ThrowalbeLog.db-journal

MD5 c27302501243011cd1c2b928af1ee61f
SHA1 e000ab912f123ef6f79a2d007e76c0045318c236
SHA256 81cf35dab4a2983689c867ae0676bdf02651ecddc4aa9fc1c490d24bf0f3cf45
SHA512 fc4a6bedcce68562196557a073979f6502dba408a9f0f3f033d869bc561f6f68d29644f675cbad82377ec605b7a2a395cf0e894e25d130dd827e34e5779c8348

/data/data/com.imib.cctv/databases/ThrowalbeLog.db-wal

MD5 c813ff6a9a3c876150cacd3b3398645a
SHA1 093705f0237cc78d22af41ec8f6dde6156de22d9
SHA256 9bb00751c7a28e8e96b4cc7ac336e31a24ab553ca747264fd77db9fa9f5b5043
SHA512 9592715b6d0511993e489c03de37f90934019bbb6c13442bfefbde55e9f52663585a5877bf6279af15c0acc0145f01c99ee5e9fd2e5da8526708ba6e2cd0cd1f

/storage/emulated/0/Mob/.dk

MD5 856e82c643b0855479fffdecbcb5d55c
SHA1 f69377430634346518986ba1e03f0811538f68ed
SHA256 984d70b6a50e81113d4721d7f6aabe0c60021ed6b8470d383182fe7dbafd3f84
SHA512 44694c8a4ae38388cab4b9e1f9c447d629d5ead08f92639c331eded984277cbf77dc004054eda1982128dcc32a36fe71cbdb547c53a1d01faf3a832028a63b4d

/data/data/com.imib.cctv/files/.um/um_cache_1718552664419.env

MD5 a4a243f095d965217b3fa194c91109b3
SHA1 b3bb8623ffba98810725b9a56475cb0901643bec
SHA256 113d2b177bf2355bfb90068580cbcbf865e80f816cb2a5e2fa40d6a0534210b2
SHA512 f4fe5bc1e61e3849895ecf4bbf8ec0b9886c8c0adffab1b8feeb0ba0143e0e4bb6e8bdd4d0b1b67e824783f331e595d7a0810112f91d5942c8b63ef852c49dc2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 15:41

Reported

2024-06-16 15:45

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

111s

Max time network

139s

Command Line

com.imib.cctv

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Processes

com.imib.cctv

com.imib.cctv:pushcore

com.imib.cctv:pushcore

com.imib.cctv:pushcore

Network

Country Destination Domain Proto
GB 216.58.212.196:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.228:443 udp
GB 172.217.16.228:443 tcp
GB 142.250.187.202:443 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 t.appsflyer.com udp
GB 216.137.44.111:443 t.appsflyer.com tcp
US 1.1.1.1:53 alog.umeng.com udp
SG 47.246.109.109:80 alog.umeng.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.179.234:443 remoteprovisioning.googleapis.com tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
GB 142.250.178.3:443 tcp
US 162.159.61.3:443 udp
US 1.1.1.1:53 stats.appsflyer.com udp
US 2.18.190.71:443 stats.appsflyer.com tcp
GB 142.250.178.3:443 udp
GB 172.217.16.228:443 udp
GB 142.250.179.228:443 udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 t.appsflyer.com udp
GB 216.137.44.128:443 t.appsflyer.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp

Files

/data/user/0/com.imib.cctv/databases/cctv_db-journal

MD5 e6ee706f3e4c4be3d9416a0bb04ff3d7
SHA1 cc912af3f496743fcdd96f9230397e3e95fbf658
SHA256 751047ae209745da60fe33a8d4422e7898329764628bfcc3d8679678a788975b
SHA512 6362f84e9db0e4b2fc667c8408a6bba969a75d3b87f5e54109bf05b2fbc36ae774ff497a49ad2e53eae3b55d6c59b75fa3b478d4001af67fa9e9a285c3419a59

/data/user/0/com.imib.cctv/databases/cctv_db

MD5 98c888a83a388352355eb1673d984be8
SHA1 956e6f50b02ea1a44dc254df0821659bc26ddf60
SHA256 0f660e0398936d857db0f624a008d168b414cc0cf467daab8d1ccc25c12f0fa2
SHA512 87b2007628f84f4f50421fdad7fae2526e428dc5accb4d8a58aa665d46b2ccc2eb34d8b911f8de069e1e10e89917b6295151a9b76000011ba67ce0da4630c840

/data/user/0/com.imib.cctv/databases/cctv_db-journal

MD5 5e65cb6d04796827f34d3e2d5097986a
SHA1 94436f9741aa53fab4f306829da042a3cdcbc443
SHA256 a99ac19989df3f2302a4a1a7d34aa973d8aa4c8109b6c379e8e0d1e56a6b1f38
SHA512 db9e5a7c30491faba3a317f3db65722b565ae88bf4ff17df338708fb1eadf961909795ed14c705bc185f974bcfd5ecbd97377c187f48e4ae4ccf47ddf14c601f

/data/user/0/com.imib.cctv/databases/cctv_db-journal

MD5 6426b68400cd46d48f618928dbf0e6d0
SHA1 46028ac669c8661f4d926f58e997fea9e4b19080
SHA256 3e073805230842eb4792ecaec45917bd33017288c40624898176d47a0b0d1b05
SHA512 64dac7f52dee15f9c04288862adabdc311b36a9cd87ef42eadc429afbb29a130758e2f638db132aa01961abd85d6fd3be174637c2b7c2e067f2bd5fafd430d51

/data/user/0/com.imib.cctv/databases/cctv_db-journal

MD5 b60abaf11ba108e2f0b92ce48d8d15e0
SHA1 23c6a2cf7b9b147d6884d921dbd16745cdd9ea8f
SHA256 cb7e0844d3fb7c934388db3689eb95504c9ad2fafe2c374f1aae92e1a34de6ce
SHA512 c25ae43717996828e44df099fd4a016f89d69d335709ed9ccbf36c5acee574915e749326e31ce046a3ec546561aab0a166e07c3827c9f214f51899d4886e7f5d

/data/user/0/com.imib.cctv/databases/cctv_db-journal

MD5 1d8c6b303828c59fbef00ec3698da78d
SHA1 1c903edd680ced6fc4ae79c6520ef6f39a79ac8e
SHA256 b49f8329aa1a294b767ab6605ff82d0d4d1dfc9d9c395c321f187463fd113a61
SHA512 2167144a75c10b38db8dbfd1ec6e826abe96fc16cd28a26ee56744036641c6f5e45efd00285b854b11f0b51edf25b8a48f2beca4d5ce53a829b728230462c05f

/data/user/0/com.imib.cctv/databases/bugly_db_-journal

MD5 cde536f3fd98a6087f067621f85dccd6
SHA1 75008dbd1c9ed32734bc8df147605b0243e4d375
SHA256 ef17f9f3ae321847d0373568d4a1e5947e94e3f58f30c77560fcb2eaddc89cfb
SHA512 a0519ce3944c7fb469db56985363e979a83cad7aeb0901485c095a95eae116b3c0236481554b55e1ecfdaca937f2be819863fbda76195fb7c835f43dd01a2e61

/data/user/0/com.imib.cctv/databases/bugly_db_

MD5 7a2cfdf364ffb81e8fba60a4990111be
SHA1 71fe376c2682d5bc176ba2889d4e064a47ab223c
SHA256 c8f13c07cb5af4d2a6ce135468e05bca9da9f2ec3d0519385bf0054a5b475e0a
SHA512 9cc6dab6d97314732dbb5519c48b697f83cb521e825630d727552289f0cb1ec5a031bbedf878a8a40c3bbe5dd41820e298d510315dda2aa56ea106bf292943f2

/data/user/0/com.imib.cctv/app_crashrecord/1004

MD5 6aaa515d7db8d84ed29791982b0e0a79
SHA1 dd3ab8a63761c467f3d4782ac17b63d8e01418a5
SHA256 3188711cff3827025d1ef9034962b2c2f66db32dfce2d8b039557bd61a2be020
SHA512 aa2a0682227c4105ff5624f7898305ccecfc1d5c0819a11c73a61ef5d77fb63385bf991aef39a4734db81bb15fb10aade20ba325cc41b1a4a3b4ee5edc11955a

/data/user/0/com.imib.cctv/databases/bugly_db_-journal

MD5 4d2c56d77cd0802eb6287e2fefc7b2a2
SHA1 0af824b73af6cba75659aed5f811c364ac1c40dd
SHA256 b7ee6f90f47fb474a935d1b41184aa49d821c3c3e2f6bcffa9b8fba71a6eb713
SHA512 0ed568172ecb599a2474a10faa8c57e9a0b9e8bc775d01467bd853f03a3cb7fa7080d369140e693541376e50f80d2d2cfce159eb5a76161e81b717edef8e3b02

/data/user/0/com.imib.cctv/databases/bugly_db_-journal

MD5 80a943a23ec646a54f03b9f921339712
SHA1 f28667fed61601929c5edaab0e43aa4a987a4570
SHA256 e06454a0ec9b31242ef15505fac3569d2ec551cfdd856137dd68af02e6eb5364
SHA512 29ba213601080dad33fa65c3b4054818386b8d1a84dab6640800f95218aaeaf93ea19e688f9d8ee8326ecc887fac42e6c611b4fdcdd87b1569361b6a7ad66ecb

/data/user/0/com.imib.cctv/databases/cctv_db-journal

MD5 f531c77d9c25a7e3cbe39e93fdaf5cba
SHA1 e29c6b48f59ae118eca307db1e1715c9296cb4d3
SHA256 5b94dd5027308b7931708a00225cf8cadf09b99e3017be2e919c71c0b9422ebd
SHA512 0bb5e561d832a4b53a33a89ec67c2c7f3e04e58a37929aeba67dae973dfa6a31d16fbf65beedb7d9bb1f276cc14b4928907083fa7c8e0b7ab9e9fc5639dfba80

/data/user/0/com.imib.cctv/databases/bugly_db_-journal

MD5 c8ebb8fbe65fa2612c7aa5eab5b8b06c
SHA1 e1a1b070bfe1ec91dbc2482def4d652be9d15447
SHA256 6b13309a819a0e98c761023fcb99bbb6a1df00c203b09345959177aec782e4eb
SHA512 d7997179445016c9c283bab325db8850340f74a80ad88a308340c7b5ec2ddc61e02c37cad38fcc461fbf98c2641acfd5a689b13f9b7904325b960e25b988a0b9

/data/user/0/com.imib.cctv/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/com.imib.cctv/databases/bugly_db_-journal

MD5 e1219f561fb7d3ec05359c1569965624
SHA1 95f6511fe282ce96a7ded75658bc4ec0210c02e0
SHA256 171e50f3bb91d9afb693421ebe5c9a4a6cfd6b0dc2014b123d04d870334e4292
SHA512 a552be85780912fdd654b58c9327a48e4c0d06478f8a58a03da059be09afe46d63006e63340994e9d1eef5cbd5cf7fe603afbfa91d9873da99812976d3f3e71e

/data/user/0/com.imib.cctv/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/user/0/com.imib.cctv/cache/image_manager_disk_cache/journal

MD5 701e6208a509377c41ed03cd6b72a1d5
SHA1 70476a45830a1487fcf4cb4c9747ea75a858c2a1
SHA256 634f322c53bc6cff539cccc76142583eed4330918159de23dc20c105af78b60d
SHA512 558995b38f351b50e997a285c511d6d4fd6db675e69b71ffe1d6a75d54ef8207122e84b655c6b73a2be4566c291e9a7297f79c8fbc3bcbffcd9186aedc391271

/data/user/0/com.imib.cctv/cache/image_manager_disk_cache/76f665ddbe2360deb04e97bc6247553c29327c33328f6929b16b5a3239c2c2ad.0.tmp

MD5 1f6110d07bb5beb71c4651c854180493
SHA1 1b478de7a0ac6e6b961bb597998625aee744c77c
SHA256 cf1e247a9a7240d458d6bff0b3805ca8d0b8186e57cedcf5b24d8912efb3948e
SHA512 78e283df3a7f107f897e0c4aa005de6be7b7d009cf0fec7bfd75f78c05b5a97f85924297097c33584b93685d16263f80b73e9eccc46d342ee013ce7026af1f10

/data/data/com.imib.cctv/databases/cc/cc.db-journal

MD5 717d2789472f990d8693d46067b4ca4c
SHA1 2326a31fd2dbf7e7b3275877d6166e0384d47962
SHA256 8d5815dc036a96c86b8fefc698fd412ffbdac60f91d09b0042e696bd59e9f6ca
SHA512 6a9cbb8ff1b386f168448604a992aa5cb9af054da03aef5cc3faa44b355ceed6707848f068e46448c578ae038b9c4c67656570b983f3443ab7acb4f67791fa38

/data/data/com.imib.cctv/databases/cc/cc.db

MD5 b986a138e325f9ed31653e246087baa6
SHA1 1cda06c101efbf7c89305f44b552e38282225064
SHA256 6945d75275af161fa082eab8b348f4cdccbab03854963f5e861fde210447e058
SHA512 5894180006885af44962dcd92c6f33a640d6080060a51a38ee4e348ee2dafe9abdcf2a931cfad4c395ebe20e08b96f810ca54b5b1f584fa232cdabc76be0740d

/data/data/com.imib.cctv/databases/cc/cc.db-journal

MD5 eee9a41de46fbb803f1036beaa5c94f3
SHA1 4f409e0baead8be81899a60a5b177255ba7ac533
SHA256 3e3734fbb4586f94468e938f79312ab947ed6c495c96fb3989d72e7cee1a10f9
SHA512 c61f87bb7703b6cad799841a6afa949fd283f6d485f69e8b8554d2011438493ae4351620186e578afd6b4126594b544be114eeb6370c6a4a152fa76bf6f84d94

/data/data/com.imib.cctv/databases/cc/cc.db-journal

MD5 c08cda9bd4c1bcdd687c9f923f61e345
SHA1 22019adebfc196fe4870e3e72d5d91461399cf3b
SHA256 45c4166a0e01fd17320474dd227a346d5e4d03d79aac4fa577ebb215bd365c92
SHA512 0dd9f268ce6737b85daffa196ee61e5ae6ea229420c2685ea443ca6d3ace4e415b5905ca7dd243d933c3b55d81eb9a7ccd3ffea21069331432366b0e8658d2cd

/data/user/0/com.imib.cctv/files/umeng_it.cache

MD5 184f932bbbd87ed65225bd09f7e92d6b
SHA1 a9d52ae90c085821d59c0261573a98aafaf16838
SHA256 301f5ac6c8e62cdfbb374e2eb1f4977596997386b7130ef4d3ac55bf20c15ec2
SHA512 e236226b3a9c6c7dabe0d5890a4a4b712ec8ec012429758e101d1422f93d0c2baeafece5d4ab0a91fcd7bbe47d2dbf0e310354a2c12dfafcd2eeee8dadd99f46

/data/user/0/com.imib.cctv/files/.umeng/exchangeIdentity.json

MD5 14fd36d9b7e98dd90bd9dba21fc643c1
SHA1 04338572cd0f81a1dc2a6f429ec1393221768af1
SHA256 fbf644cca5803272fa746b67d39236bdba8e81ac1b7d1be7eec62e741e1bd313
SHA512 690dd0f34f317de47b479c866a316ccbf1561a8bbe5fb0b26bdaa0d695947071a5d1260e8a3299372425d291fd18d2fe57b6ffe171c22f616b777071d69ead17

/data/user/0/com.imib.cctv/files/exid.dat

MD5 ce9622b0225d9cc2d0fec80ac98fbc08
SHA1 2daeb8547ded8975a55ee20e3d30ac864b6ecf7e
SHA256 8f32c2197888ab8af8de783e15f142238f57708da169ecd58727d58de84428e1
SHA512 f8faa407df14cf33150dd421fe7e99cedf046227fe3e0f4d512a7f607f395193aa0b168a5fb17010bdd814dca57fba94809a1ebf344c97f365073f6d25124958

/data/data/com.imib.cctv/databases/cc/cc.db-journal

MD5 07faecadf53f325f44d242c0ea3a8541
SHA1 57bd8bbbb1769e3ac49efe949aa292570d08d317
SHA256 361aee244a0d3018de5d7828c8c8d24dfce39745473baaa6449a7baeab031901
SHA512 f30555e6bdb719099e36d7009719134996fdf9dc90e4ad029b46bd3497877d4ce4e36b905e0980a8bb93b6f70ffac91f143049e42db62e34fdd9b634040943ab

/data/data/com.imib.cctv/databases/cc/cc.db

MD5 1b77217d803a7c04af9466680b92d104
SHA1 0cb959f4773c6730e8aed5746706c0f3ecb35c1f
SHA256 66c83ae35e997c33eaffe9c0557d98ee31931c18b99585a64eb6cc8f63d303e3
SHA512 39ea189895ca93855bb71b4a5447815e9373ffd39b50611ac172ae321ee7716fd4af5f86c1fd0d17e12b771f4016a86184620a7c5d07f57b88f017c4ce8312ec

/data/data/com.imib.cctv/databases/cc/cc.db-journal

MD5 a75d22750636c72e85bc72a55ac40b46
SHA1 bb53d676da4222cacc97389e35e5000f279877ec
SHA256 e8eec8858da8e9ec9808377636d9d00fcacdaf37f40e9b301232517cfa6c59a6
SHA512 c71374524346f07145ce10cf3eee8ab3c73b6a5902029ebb9a1359a10bca4ff253b031787971ea871315736412394698ef286ccda3234be4b1c8c43d61926eef

/data/data/com.imib.cctv/databases/cc/cc.db-journal

MD5 3fbb55897f2957d9e213649c692c3728
SHA1 6671c024f7d446605f317b15d13ac1a923c2bded
SHA256 acf22a041fce38f0f9db97ca3590d4509f62da2702eb25f0b27565510e81e734
SHA512 4dec6555d1aa4b51fdadac70352c50650d15ef57642aa568e7e2198fe0c70e2083a66734cae9f256753db26e37abd68c7b07aa7dfe89d23b881052283282222c

/data/user/0/com.imib.cctv/databases/ThrowalbeLog.db-journal

MD5 45cc07605cad95ebcbaf131363c14b6d
SHA1 79f33ad9424e9415bd3d0725de331e5d46d773b7
SHA256 a41677531cbb311249de25f369aace98de301940234ecdafeabcab28a5c0bfb7
SHA512 4185f03490378a42f487a88a694edf487d550fb391b0de4893f473228f5d253528d89352f28232f23584417e3930e6c5500869a09bfba97a5b4b5083e96814fa

/data/user/0/com.imib.cctv/databases/ThrowalbeLog.db

MD5 b4f2ad0e77816305a082548936075fc8
SHA1 966f3a8c028eaa0be92bcc8b8dd05e29f49e1815
SHA256 89816897722d907af52f046a1a16d1016cdb2297b9246ab3047314c3612d44bb
SHA512 8733221508f42378dd85416e0cbe60366104cde7a3525a7e5403ee91179d81397510fe1c3320ded97fea00dda0b0490e7db4b53b7cd1a0eb70dc6b6296c922e1

/data/user/0/com.imib.cctv/databases/ThrowalbeLog.db-journal

MD5 e9b227c63809bddc06a8825e8c9669a0
SHA1 e8a407fefc5d9084113585b694c7c8e0d3c5d2d9
SHA256 16ac16f54aeacc8cf5795d0e7d8fcd5eb3a3e97cca3c4ad2da529957ee5383ed
SHA512 5551456b1a8597680b84f821571dbf457decc4078998b89b007c4416026a6b4201a4805817d8fe2442db13122b302065b4b1edda930ad1d304c976f537bbfdae

/data/user/0/com.imib.cctv/databases/ThrowalbeLog.db-journal

MD5 bdfd9891f1c713c9391a9f59655f4a00
SHA1 77c316f23dab5c1311fe1496728481894aab16f8
SHA256 d8c4c910cae76f14563e661d8bacee8d8ded3023d3d0d720bffe161c7dc6dccb
SHA512 cb2cbd8d8dbea600acadacfdadae79d5ce6edffff8411997b2d74926c29590d9ed77cd63e02e76ca3740ad7d2d6b24318f1972ea0a6bb150fad9c7e77c21c315

/data/user/0/com.imib.cctv/files/.imprint

MD5 8a79022862ee69c8a1930d0c0907d516
SHA1 ae61fef07240dc8de812b9c1c5693b20e8ce3149
SHA256 4b14871ce79257b319aa99ca63609fcf6854a5eaaa08526369729a5ce79a02b8
SHA512 a5037118fa24c9849ca3e9976b5b43b3eebafe98f5b9f85b4f211a0dc17357344ed5f2c671ce5bbc35e8f63417db5a131bc5d9b62df26136904dcb33a440d171

/data/user/0/com.imib.cctv/files/umeng_it.cache

MD5 2aa101e9735a03ff2696a458acc80861
SHA1 426d144a4be1a3aae7539c2684e360babfa66cb4
SHA256 8231d0bd5ba2ef61965b7973ac58fbff3802144d1ce4674d434fe3f6ccfabde5
SHA512 5e356d3c24e25905a87eddbffe32ee5ea7ac0dc7037e2674964300510211c11e608a9f907cfa067d026e5be0e0a56e22d67ebd4fe6b2cdaf831e20192e5ec960

/data/user/0/com.imib.cctv/databases/ThrowalbeLog.db-journal

MD5 835870832f935fed5919c67620c97653
SHA1 dcd3a7a1d27d2bf854be4b326d66665a6a221103
SHA256 f826ea942e1fce47a58a4eff857304ecb5b3b39100c6aa364e494c2acfdbf0e2
SHA512 6feac49f7c579da411dc374e400a52c1f3e1238e32c65be3cc57bc929e479facdb7356249217d82fa87bd49a5679a755ca876478aa523cf49bd93fd541501c94

/data/user/0/com.imib.cctv/databases/bugly_db_-journal

MD5 bb837362bfc0cbcf017f3b7ae2e242b7
SHA1 971a7497dd4e76af0caee3b732ebb243c6a7dfc4
SHA256 4f63bd0ab1c5693caece9fb10d31047674dfc77548d40f60a0a321bb4373fe84
SHA512 d9dccef74eae709d392f13dc8b9f0649b8704230440269bfd96409296b54170582a786488534bf73bf2038ed00fd4a78b745628a793e483cfab5f917ea7cecef