Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.RemoteCode.231.origin
- Android.Triada.554.origin
- Android.Xiny.293.origin
- Android.Xiny.5549
Downloads the following detected threats from the Internet:
- Android.RemoteCode.231.origin
Network activity:
Connects to:
- UDP(DNS) 8####.8.4.4:53
- TCP(HTTP/1.1) z.c####.com:80
- TCP(HTTP/1.1) new.beauty####.net:80
- TCP(HTTP/1.1) sele####.offerst####.net:80
- TCP(HTTP/1.1) 4####.33.9.178:80
- TCP(HTTP/1.1) gc4####.9####.com:80
- TCP(HTTP/1.1) s####.b####.com:80
- TCP(HTTP/1.1) ssl.c####.com.####.net:80
- TCP(HTTP/1.1) h####.b####.com:80
- TCP(HTTP/1.1) t####.knight####.com:80
- TCP(HTTP/1.1) log.koapk####.com:80
- TCP(HTTP/1.1) s.jop####.com:80
- TCP(HTTP/1.1) api.applove####.com:80
- TCP(HTTP/1.1) hw9####.new####.com:80
- TCP(HTTP/1.1) www.n####.cn.####.com:80
- TCP(HTTP/1.1) t####.young####.top:80
- TCP(HTTP/1.1) c####.vortexm####.mobi:80
- TCP(HTTP/1.1) cdn.tab####.com:80
- TCP(HTTP/1.1) h5ng####.ly####.com:80
- TCP(HTTP/1.1) fo####.site:80
- TCP(HTTP/1.1) sdk.jedi####.net:9001
- TCP(HTTP/1.1) lo####.suibyu####.com:80
- TCP(HTTP/1.1) hao####.site:80
- TCP(HTTP/1.1) 13.2####.16.115:8081
- TCP(HTTP/1.1) clk.hola####.com:80
- TCP(HTTP/1.1) s4####.cloudi####.com.####.net:80
- TCP(TLS/1.0) 1####.217.20.106:443
- TCP(TLS/1.0) 1142864####.cn-hong####.fc.####.com:443
- TCP(TLS/1.0) 125f5f5####.trccmp####.com:443
- TCP(TLS/1.0) 2####.nl:443
- TCP(TLS/1.0) go1.app####.com:443
- TCP(TLS/1.0) new.beauty####.net:443
- TCP(TLS/1.0) www.googlet####.com:443
- TCP(TLS/1.0) c.c####.com:443
- TCP(TLS/1.0) al####.u####.com:443
- TCP(TLS/1.0) p####.rubicon####.com:443
- TCP(TLS/1.0) www.npr.org.####.net:443
- TCP(TLS/1.0) android####.go####.com:443
- TCP(TLS/1.0) spykem####.g2####.com:443
- TCP(TLS/1.0) app.appsf####.com:443
- TCP(TLS/1.0) npr####.streamg####.com:443
- TCP(TLS/1.0) adser####.go####.nl:443
- TCP(TLS/1.0) fortun####.ho####.com:443
- TCP(TLS/1.0) dis.cr####.com:443
- TCP(TLS/1.0) m####.ad####.org:443
- TCP(TLS/1.0) dsp.adke####.com:443
- TCP(TLS/1.0) gm.mm####.com:443
- TCP(TLS/1.0) g.geo####.com:443
- TCP(TLS/1.0) 2####.58.211.106:443
- TCP(TLS/1.0) btt####.com:443
- TCP(TLS/1.0) c####.gowa####.com:443
- TCP(TLS/1.0) www.chatten####.nl:443
- TCP(TLS/1.0) securep####.g.doublec####.net:443
- TCP(TLS/1.0) s####.tab####.com:443
- TCP(TLS/1.0) a####.google####.com:443
- TCP(TLS/1.0) 2####.58.208.106:443
- TCP(TLS/1.0) yun.b####.com:443
- TCP(TLS/1.0) 2-01-27####.cdx.ced####.net:443
- TCP(TLS/1.0) wcf.seven####.com:443
- TCP(TLS/1.0) lp.cooktra####.com:443
- TCP(TLS/1.0) bun####.npr.org.####.net:443
- TCP(TLS/1.0) trac####.le####.com:443
- TCP(TLS/1.0) y####.fi:443
- TCP(TLS/1.0) cdn.tab####.com:443
- TCP(TLS/1.0) e1.em####.com:443
- TCP(TLS/1.0) go.g####.net:443
- TCP(TLS/1.0) im####.wsj.net:443
- TCP(TLS/1.0) www.travelc####.com:443
- TCP(TLS/1.0) tpl.af####.com:443
- TCP(TLS/1.0) si####.ho####.com:443
- TCP(TLS/1.0) cdn.linei####.com:443
- TCP(TLS/1.0) k####.union####.info:443
- TCP(TLS/1.0) www.2####.nl:443
- TCP(TLS/1.0) www.dutch####.nl:443
- TCP(TLS/1.0) md####.google####.com:443
- TCP(TLS/1.0) adser####.go####.com:443
- TCP(TLS/1.0) a####.cloudf####.com:443
- TCP(TLS/1.0) trac####.yoh####.com:443
- TCP(TLS/1.0) admob####.ho####.com:443
- TCP(TLS/1.0) www.google-####.com:443
- TCP(TLS/1.0) instant####.google####.com:443
- TCP(TLS/1.0) i####.yle.fi:443
- TCP(TLS/1.0) do####.geo.ipo####.net:443
- TCP(TLS/1.0) i####.cn####.com.####.net:443
- TCP(TLS/1.0) pug-####.pubm####.com:443
- TCP(TLS/1.0) e####.vap.l####.com:443
- TCP(TLS/1.0) id5-####.com:443
- TCP(TLS/1.0) lg####.contex####.com:443
- TCP(TLS/1.0) cds.tab####.com:443
- TCP(TLS/1.0) san.cbc.ca.####.net:443
- TCP(TLS/1.0) f####.gst####.com:443
- TCP(TLS/1.0) s4.reuters####.net:443
- TCP(TLS/1.0) sb.scoreca####.com.####.net:443
- TCP(TLS/1.0) f3238a8####.safef####.googles####.com:443
- TCP(TLS/1.0) a####.b####.com:443
- TCP(TLS/1.0) f####.google####.com:443
- TCP(TLS/1.0) cm.g.doublec####.net:443
- TCP(TLS/1.0) app-mea####.com:443
- TCP(TLS/1.0) and####.cli####.go####.com:443
- TCP(TLS/1.0) p####.w####.com:443
- TCP(TLS/1.0) z.c####.com:443
- TCP(TLS/1.0) jsc.m####.com:443
- TCP(TLS/1.0) tpc.googles####.com:443
- TCP(TLS/1.0) gd.a.s####.com:443
- TCP(TLS/1.0) www.story####.net:443
- TCP(TLS/1.0) sslbdst####.jom####.com:443
- TCP(TLS/1.0) h####.b####.com:443
- TCP(TLS/1.0) s.c.ap####.net:443
- TCP(TLS/1.0) sett####.crashly####.com:443
- TCP(TLS/1.0) n####.bellm####.ca.####.net:443
- TCP(TLS/1.0) x.bidsw####.net:443
- TCP(TLS/1.2) 1####.217.19.195:443
- TCP(TLS/1.2) a####.google####.com:443
- TCP(TLS/1.2) 2####.58.211.106:443
- TCP(TLS/1.2) 1####.217.17.142:443
DNS requests:
- 125f5f5####.trccm####.com
- 125f5f5####.trccmp####.com
- 2####.nl
- a####.b####.com
- a####.cloudf####.com
- a####.google####.com
- aac####.ho####.com
- admob####.ho####.com
- adser####.go####.com
- adser####.go####.nl
- and####.cli####.go####.com
- android####.go####.com
- api.applove####.com
- api.crashly####.com
- api.crashly####.com.####.8
- app-mea####.com
- app.appsf####.com
- bh.contex####.com
- btt####.com
- bun####.npr.org
- c####.gowa####.com
- c####.mm####.com
- c####.vortexm####.mobi
- c.c####.com
- cdn.linei####.com
- cdn.tab####.com
- cds.tab####.com
- ce.l####.com
- clk.hola####.com
- cm.g.doublec####.net
- dis.cr####.com
- dsp.adke####.com
- e1.em####.com
- f####.google####.com
- f####.gst####.com
- f3238a8####.safef####.googles####.com
- fo####.site
- fortun####.ho####.com
- gc4####.9####.com
- go.g####.net
- go1.app####.com
- gold####.world
- h####.b####.com
- h5ng####.ly####.com
- hao####.site
- hlg.ca####.com
- hlg.ca####.com.####.8
- hw.b####.com
- hw9####.new####.com
- i####.cn####.com
- i####.yle.fi
- i.c####.ca
- ib.a####.com
- id5-####.com
- im####.cdn.yle.fi
- im####.tab####.com
- im####.wsj.net
- instant####.google####.com
- jsc.m####.com
- k####.union####.info
- lo####.suibyu####.com
- log.koapk####.com
- lp.cooktra####.com
- m####.ad####.org
- m####.go####.com
- m####.npr.org
- md####.google####.com
- new.beauty####.net
- npr####.streamg####.com
- p####.rubicon####.com
- p####.w####.com
- p####.w####.com
- p3.img.cct####.com
- pag####.googles####.com
- pic.ne####.org
- pv.s####.com
- qu####.site
- rtb-c####.smartad####.com
- rtb.mfad####.com
- s####.b####.com
- s####.tab####.com
- s.c.ap####.net
- s.jop####.com
- s2.reuters####.net
- s3.reuters####.net
- s4.reuters####.net
- s9.c####.com
- sb.scoreca####.com
- sdk.jedi####.net
- securep####.g.doublec####.net
- sele####.offerst####.net
- sett####.crashly####.com
- si####.ho####.com
- sim####.pubm####.com
- spykem####.g2####.com
- ss0.bdst####.com
- ss1.bdst####.com
- ss2.bdst####.com
- st####.ctv####.ca
- syn####.tab####.com
- t####.knight####.com
- t####.young####.top
- tpc.googles####.com
- tpl.af####.com
- trac####.le####.com
- trac####.yoh####.com
- trc.tab####.com
- u####.u####.com
- v1.c####.com
- wcf.seven####.com
- www.2####.nl
- www.2####.nl
- www.chatten####.nl
- www.dutch####.nl
- www.google-####.com
- www.googlet####.com
- www.n####.cn
- www.story####.net
- www.travelc####.com
- x.bidsw####.net
- y####.fi
- yun.b####.com
- z12.c####.com
- z6.c####.com
HTTP GET requests:
- api.applove####.com/api/v3/cache/get?osv=####&srnc=####&token=####&ds=##...
- api.applove####.com/api/v3/search/get?osv=####&token=####&pm=####&os=###...
- api.applove####.com/api/v3/template/get?slot_id=####&update_time=####&us...
- c####.vortexm####.mobi/click?offer_id=####&affiliate_id=####&gaid=####&s...
- cdn.tab####.com/libtrc/dashuye-goldgame/loader.js
- cdn.tab####.com/libtrc/idgtnmain-network/loader.js
- cdn.tab####.com/libtrc/snaggletooth-beautygame/loader.js
- cdn.tab####.com/libtrc/tami-haokanm/loader.js
- clk.hola####.com/click?aff=####&ost=####&click_id=####&gaid=####&aff_sub...
- fo####.site/upload/sdk_thridLib-release-unsigned-20201222.apk
- gc4####.9####.com/zsyunsxda
- gc4####.9####.com/zsyunsxda/
- h####.b####.com/hw/xpw/hw_irn20201023_qs001.js?key=####
- h####.b####.com/hw/xpw/hw_irn20201026_qs006.js?key=####
- h####.b####.com/hw/xpw/hw_irn20201026_qs007.js?key=####
- h####.b####.com/hw/xpw/hw_irn20201113_qs008.js?key=####
- h####.b####.com/hw/xpw/hw_irn20201130_qs009.js?key=####
- h5ng####.ly####.com/swift-ninja/?channelid=####
- h5ng####.ly####.com/wp-content/themes/sokidaTheme/css/mobile.css?v=####
- h5ng####.ly####.com/wp-content/themes/sokidaTheme/css/public/bootstrap.m...
- h5ng####.ly####.com/wp-content/themes/sokidaTheme/css/public/font-awesom...
- h5ng####.ly####.com/wp-content/themes/sokidaTheme/css/public/reset.css
- h5ng####.ly####.com/wp-content/themes/sokidaTheme/css/theme.css?v=####
- h5ng####.ly####.com/wp-content/themes/sokidaTheme/fonts/fontawesome-webf...
- h5ng####.ly####.com/wp-content/themes/sokidaTheme/images/top.png
- h5ng####.ly####.com/wp-content/themes/sokidaTheme/js/CustomAds.js
- h5ng####.ly####.com/wp-content/themes/sokidaTheme/js/public/bootstrap.mi...
- h5ng####.ly####.com/wp-content/themes/sokidaTheme/js/public/jquery-1.11....
- h5ng####.ly####.com/wp-content/themes/sokidaTheme/js/public/swiper/swipe...
- h5ng####.ly####.com/wp-content/themes/sokidaTheme/js/shejiwo.js?v=####
- h5ng####.ly####.com/wp-content/uploads/2020/02/187-star-wars-action1-300...
- h5ng####.ly####.com/wp-content/uploads/2020/02/18Ninja-jumps-up1-300x300...
- h5ng####.ly####.com/wp-content/uploads/2020/02/22,Colorful-candy1-300x30...
- h5ng####.ly####.com/wp-content/uploads/2020/02/239-bouncing-adventure1-3...
- h5ng####.ly####.com/wp-content/uploads/2020/02/274-eddies-dinosaur1-300x...
- h5ng####.ly####.com/wp-content/uploads/2020/02/280-save-the-gingerbread1...
- h5ng####.ly####.com/wp-content/uploads/2020/02/72-gold-cannon-shooter-30...
- h5ng####.ly####.com/wp-content/uploads/2020/06/icon_20200619105434.png
- h5ng####.ly####.com/wp-content/uploads/2020/06/微信图片_20200618094705.png
- h5ng####.ly####.com/wp-includes/js/wp-embed.min.js?ver=####
- hao####.site/
- hao####.site/body/26.txt
- hao####.site/body/8.txt
- hao####.site/common/img/320x50_News_mobile_header.jpg
- hao####.site/detail.html?id=####
- hao####.site/detail_files/font_1549371_dwwmcfmccpv.css
- hao####.site/detail_files/main.css
- hao####.site/favicon.ico
- hao####.site/img/breakingNewsMobileHeader.png
- hao####.site/img/breakingnewsmobileTag.png
- hao####.site/index.html
- hao####.site/index_files/mobile.css
- hao####.site/index_files/mobile_common.css
- hao####.site/plugins/slick.css
- lo####.suibyu####.com/android/v1/impression?slot=####&doimp=####&pkg=###...
- new.beauty####.net/news.html
- s####.b####.com/redirect?s=####&at=####&rt=####&s1=####
- s.jop####.com/favicon.ico
- s.jop####.com/games/playgame_files/basis.min.css
- s.jop####.com/games/playgame_files/detail-v2.min.css
- s.jop####.com/games/playgame_files/flexible.min.js
- s.jop####.com/games/playgame_files/font_633469_vsn760jskh.css
- s.jop####.com/games/playgame_files/osd.js
- s.jop####.com/games/playgame_files/quick.min.js
- s.jop####.com/games/playgame_files/router.min.js
- s.jop####.com/games/playgame_files/sdk.min.js
- s.jop####.com/games/sam-bogart.htm
- s.jop####.com/imagerec/blackmoon/sambogart_256.png
- s.jop####.com/imagerec/d26b02e2d0bd46b5943c24addf6e32ad@256.jpg
- s.jop####.com/imagerec/e8af16dcb95c4c87a572274df67c986a@256.jpg
- s.jop####.com/imagerec/f409aa47f10c442eae44b223744c5ae6@256.jpg
- s4####.cloudi####.com.####.net/image/upload/w_165,h_93,c_fill,g_faces,f_...
- s4####.cloudi####.com.####.net/image/upload/w_369,h_207,c_fill,g_faces,f...
- sele####.offerst####.net/index.php?ios_idfa=####&google_aid=####&aff_sub...
- ssl.c####.com.####.net/photoworkspace/contentimg/2019/12/19/201912191101...
- t####.knight####.com/click?id=####&aff=####&gaid=####&android_id=####&pk...
- t####.knight####.com/favicon.ico
- t####.young####.top/click?ost=####&click_id=####&aff_sub=####&aff_id=###...
- www.n####.cn.####.com/photo/titlepic/112641/1126414248_1598408278932_tit...
- www.n####.cn.####.com/photo/titlepic/112661/1126616696_1602767308437_tit...
- www.n####.cn.####.com/photo/titlepic/112662/1126620874_1602845392136_tit...
- www.n####.cn.####.com/photo/titlepic/112662/1126621334_1602856136259_tit...
- www.n####.cn.####.com/photo/titlepic/112662/1126621335_1602856186376_tit...
- z.c####.com/stat.htm?id=####&cnzz_eid=####
HTTP POST requests:
- hw9####.new####.com/api/activite
- hw9####.new####.com/api/back
- hw9####.new####.com/api/offer
- hw9####.new####.com/apidata/showeb
- log.koapk####.com/pgm/sr/gm/gy
- sdk.jedi####.net:9001/api/v1/cm.reqCfg
- sdk.jedi####.net:9001/api/v1/cm.reqOff
- sdk.jedi####.net:9001/api/v1/cm.reqUp
File system changes:
Creates the following files:
- /data/data/####/-1114867691
- /data/data/####/-1446052569
- /data/data/####/-1941317373
- /data/data/####/-574987229
- /data/data/####/-618860734
- /data/data/####/-841856943
- /data/data/####/.2969407120.apk
- /data/data/####/.2969407120.dex
- /data/data/####/.2969407120.dex.flock (deleted)
- /data/data/####/00dc2acb9d12ca7d_0 (deleted)
- /data/data/####/0118f8b5854ead9f_0
- /data/data/####/02db50466a476126_0
- /data/data/####/0405da0e0fa19087_0
- /data/data/####/05438610ded78603_0
- /data/data/####/0583b02d1bf76819_0
- /data/data/####/067adaaa71a803df_0 (deleted)
- /data/data/####/077fc3209ad8ec33_0
- /data/data/####/07fd36e1552138a2_0
- /data/data/####/094e7bde1e18c129_0
- /data/data/####/0969bf8249f6fc97_0
- /data/data/####/0adf91c2cce6618c_0
- /data/data/####/0b1ed17682e30c62_0 (deleted)
- /data/data/####/0b897d43b337beba_0
- /data/data/####/0c16e90687433f86_0
- /data/data/####/0caa2e90cc8e53f8_0
- /data/data/####/0d078696b9fdc0b4_0
- /data/data/####/0e0696fe6602b0fe_0
- /data/data/####/0e659ac7dabde55b_0
- /data/data/####/0f9f14e6afeb4f2d_0
- /data/data/####/0fd1ef3c5f93a9c9_0
- /data/data/####/100f86dde8769398_0
- /data/data/####/105d36453dd9d5c5_0
- /data/data/####/105d36453dd9d5c5_1
- /data/data/####/10e03e484a6c0dd7_0
- /data/data/####/10fcb522e4ae7454_0
- /data/data/####/111118ca3e012811_0
- /data/data/####/11f8a0ea89a498bc_0
- /data/data/####/122fe9145293beff_0
- /data/data/####/132fd89cca49a221_0
- /data/data/####/133a0e35f6f4bed3_0
- /data/data/####/14da3a12fca8624a_0
- /data/data/####/1502509754
- /data/data/####/17524123c2c446c6_0
- /data/data/####/17524123c2c446c6_1
- /data/data/####/177577435be16275_0
- /data/data/####/1814570134
- /data/data/####/1912562069
- /data/data/####/19854f40cba07be9_0
- /data/data/####/19874986845c4302_0
- /data/data/####/1d47aef1fed158d9_0
- /data/data/####/1e0c23e9340c77b9_0
- /data/data/####/1e631053670ac74c_0
- /data/data/####/1f16014fded26d0c_0
- /data/data/####/1fa3e17311a82456_0
- /data/data/####/1fba6331b0aaf98f_0 (deleted)
- /data/data/####/2047680815
- /data/data/####/20f4f32d8d91cabf_0
- /data/data/####/21456215df682e5a_0
- /data/data/####/22818fcf78627508_0
- /data/data/####/236397cf4020ef6d_0 (deleted)
- /data/data/####/249cb2d875a2b84a_0
- /data/data/####/2530eede38649027_0
- /data/data/####/257e99050a6fdc82_0
- /data/data/####/257e99050a6fdc82_1
- /data/data/####/25c5d4b1f9a46b3b_0
- /data/data/####/26350036cfb9b394_0
- /data/data/####/272de581f7f65804_0
- /data/data/####/272de581f7f65804_1
- /data/data/####/273511acf38e385d_0 (deleted)
- /data/data/####/273afb53e8bc6121_0
- /data/data/####/2858ce6083c0becf_0
- /data/data/####/2940195bd9870d6e_0
- /data/data/####/2940195bd9870d6e_1
- /data/data/####/29727d8fc58da008_0
- /data/data/####/2a72082156e5090a_0
- /data/data/####/2a72082156e5090a_1
- /data/data/####/2ba388d7ced6405f_0
- /data/data/####/2bd98315624ef1f8_0
- /data/data/####/2dcfe8200d3df994_0
- /data/data/####/30e87e509a75cac9_0
- /data/data/####/317db0cc70d10ad2_0
- /data/data/####/31cca5b3824d9520_0
- /data/data/####/323678ded326e640_0
- /data/data/####/3327275
- /data/data/####/335e5d46ecc2b0fc_0
- /data/data/####/34ae427be5e588bd_0
- /data/data/####/3518fef0c85a9f81_0
- /data/data/####/353179106e59139a_0
- /data/data/####/36bb29137d21b2f3_0
- /data/data/####/37c3887d925d0b98_0
- /data/data/####/3885a631d59d3a2a_0
- /data/data/####/3929949f07d1e9e7_0
- /data/data/####/3ad9e5b66ce7f137_0
- /data/data/####/3b0a2173fffdb342_0
- /data/data/####/3b14daded18b971f_0
- /data/data/####/3bf82e77ee438f3d_0
- /data/data/####/3c0390553eb149fe_0 (deleted)
- /data/data/####/3ce2c54455bccb2c_0 (deleted)
- /data/data/####/3d331ab414d13e1a_0 (deleted)
- /data/data/####/3e18ab83f89a066e_0
- /data/data/####/3e7c88410a5f860f_0
- /data/data/####/3f3464d652f29101_0
- /data/data/####/3fc84628e01f572f_0
- /data/data/####/40a84b0d761d02d5_0
- /data/data/####/4180ae9752b57353_0
- /data/data/####/4336f798d2fd556a_0 (deleted)
- /data/data/####/44853572
- /data/data/####/4619e5abd8c383d6_0
- /data/data/####/46ec6595805093a2_0 (deleted)
- /data/data/####/46f5e9fba07b971a_0
- /data/data/####/472078fe4fbd734e_0 (deleted)
- /data/data/####/49409c8b6b001d8e_0
- /data/data/####/4a5329949c0a2186_0
- /data/data/####/4a5329949c0a2186_1
- /data/data/####/4a53aa83842367b1_0
- /data/data/####/4ac93175981dc9e1_0
- /data/data/####/4c37d896bdf575d6_0
- /data/data/####/4cd3b045310566d2_0
- /data/data/####/4e019a2c1a4676bd_0
- /data/data/####/4e0f312dab6f8b80_0
- /data/data/####/4f3d1ebe13d61222_0
- /data/data/####/4f5ac6efb5948bc5_0
- /data/data/####/51cca6e5a1930076_0
- /data/data/####/52b5244155ba07a2_0
- /data/data/####/52b5244155ba07a2_1
- /data/data/####/532f35cb65867c8e_0
- /data/data/####/54d2c79efdaa6091_0
- /data/data/####/555532f5f3704d12_0
- /data/data/####/55fe87ee6440799a_0
- /data/data/####/5661d2cb8e4f2775_0
- /data/data/####/56cb1b29a78e0636_0
- /data/data/####/581fb5c5d8a34982_0
- /data/data/####/582e35b023c398de_0
- /data/data/####/590b40fd364a0547_0
- /data/data/####/59e6982aa7285cc1_0
- /data/data/####/5a9149785682ad97_0
- /data/data/####/5fa8201e2821e929_0
- /data/data/####/5fdf6ee477a4e048_0
- /data/data/####/60c65754b855e958_0
- /data/data/####/61094b6435e5c548_0
- /data/data/####/617707306b4323c0_0
- /data/data/####/619d87d5ed6cbc56_0 (deleted)
- /data/data/####/62307d9a9cdc37ef_0
- /data/data/####/6342d0610af80df61be9346badebbf04.d
- /data/data/####/63a06fb8f52f924a_0
- /data/data/####/63fa7437bc147a82_0
- /data/data/####/6468ccc2bc9c56ca_0
- /data/data/####/6471ecb4a4c2bb32_0 (deleted)
- /data/data/####/6508d0254ee2006b_0
- /data/data/####/66f00cd704d83443_0
- /data/data/####/672c7fedd758c160_0 (deleted)
- /data/data/####/68783520b98f98e8_0
- /data/data/####/6a1e54099c819823_0
- /data/data/####/6a587be200c436ef_0
- /data/data/####/6ac07edb89908e8c_0
- /data/data/####/6b45d560645d5a7b_0
- /data/data/####/6b8c77af419d94e3_0
- /data/data/####/6d04b520efbd2dce_0
- /data/data/####/6e0e0ab003df85b5_0
- /data/data/####/6e90d77b16118677_0
- /data/data/####/6f67dfcbe35a6c35_0 (deleted)
- /data/data/####/6fd7bc923c947229_0
- /data/data/####/6fd7bc923c947229_1
- /data/data/####/70547fddd44742dc_0
- /data/data/####/706f1a3dcfbe0cfc_0
- /data/data/####/719cd5005f60b437_0
- /data/data/####/729c6bb4edbfec29_0
- /data/data/####/72d846d2f1414952_0
- /data/data/####/735e0911ab158d7f_0
- /data/data/####/735e0911ab158d7f_1
- /data/data/####/74929f90ede9e175_0
- /data/data/####/74d4957d4265a069_0
- /data/data/####/769ce0a96ddca9d5_0
- /data/data/####/770a23365c44fd20_0
- /data/data/####/7773d388716b1917_0 (deleted)
- /data/data/####/77f1605dfaed3c5f_0
- /data/data/####/781ea185fee7d931_0
- /data/data/####/79b518dfce7569fe_0
- /data/data/####/79b518dfce7569fe_1
- /data/data/####/7a3e279834e3cf21_0
- /data/data/####/7aaf9e2e9d529d53_0
- /data/data/####/7aaf9e2e9d529d53_1
- /data/data/####/7c14391470e65830_0
- /data/data/####/7c55d009f4976ea6_0
- /data/data/####/7c6bf41552584779_0
- /data/data/####/7cfba443c7065e4f87058f05b248403d.d
- /data/data/####/7defec275e938d0d_0
- /data/data/####/7f1fd2e2b65144b0_0
- /data/data/####/7fe2481cef92471d_0
- /data/data/####/80d2b996abf3b600_0 (deleted)
- /data/data/####/80d9004169dce816_0
- /data/data/####/811d1f993188217c_0
- /data/data/####/824f2b6d74a6b25d_0
- /data/data/####/836241ddd71ba8de_0 (deleted)
- /data/data/####/840be5f7ee7a7c22_0
- /data/data/####/85e740a542876b17_0
- /data/data/####/871f77b6ff138792_0
- /data/data/####/87c9baa3678aa7ec_0
- /data/data/####/88883ef2c74eb8ff_0
- /data/data/####/88d60c0e055ab2c6_0
- /data/data/####/89cab6e27dd3e5b7_0 (deleted)
- /data/data/####/8b4219bc5600655c_0
- /data/data/####/8b5262c478aa2523_0
- /data/data/####/8bfd8fc27cc80fae_0
- /data/data/####/8c3091cf27575a4c_0
- /data/data/####/8c99cff916aa2de5_0
- /data/data/####/8da03e0b650fb09f_0 (deleted)
- /data/data/####/8de8db9dadda8aee_0
- /data/data/####/8e08598b530fa7dc_0
- /data/data/####/8e952c58ba037422_0
- /data/data/####/8e952c58ba037422_1
- /data/data/####/8eecb15b0b733112_0
- /data/data/####/8fcc3e571d558d75_0
- /data/data/####/9279838611610c50_0
- /data/data/####/939ce2831cc2ae41_0
- /data/data/####/952a91e392ce127c_0
- /data/data/####/973cdfb443ced52f_0
- /data/data/####/97516bec6576f942_0
- /data/data/####/97f136c59b5ec8a1_0
- /data/data/####/9897b64f8e6f8ac0_0
- /data/data/####/99778d24d36510e5_0
- /data/data/####/99b963528e17e298_0
- /data/data/####/9a01621d724079da_0
- /data/data/####/9a03fada161b623c_0
- /data/data/####/9a4968ac584da608_0
- /data/data/####/9ad98944b8d39f26_0
- /data/data/####/9dc44c920ee0d967_0
- /data/data/####/9dc7cd44fe27ce97_0
- /data/data/####/9dcab1f1f2d34b2d_0
- /data/data/####/9e76e6b839c48105_0
- /data/data/####/9f6493937585bc71_0
- /data/data/####/9f6493937585bc71_1
- /data/data/####/Cookies-journal
- /data/data/####/PYKMARKEY.xml
- /data/data/####/WebViewChromiumPrefs.xml
- /data/data/####/a03227829cfb5d05_0
- /data/data/####/a3a8cf82a31113ef_0 (deleted)
- /data/data/####/a40fc251f651005f_0
- /data/data/####/a4c6a77025a37bf5_0 (deleted)
- /data/data/####/a74618b23cccccc3_0 (deleted)
- /data/data/####/a88aa61d3a868df2_0
- /data/data/####/aa865f2f5d96cde8_0
- /data/data/####/ab02508f5df0d3a4_0
- /data/data/####/ad205a137cdbdb1f_0
- /data/data/####/add1878ac8b255b9_0
- /data/data/####/ae4077fb90b76d34_0
- /data/data/####/anl.db
- /data/data/####/anl.db-journal
- /data/data/####/anl.db-shm (deleted)
- /data/data/####/anl.db-wal
- /data/data/####/anl.db-wal (deleted)
- /data/data/####/as0230rfjm20rn3g93h409.xml
- /data/data/####/as0230rfjm20rn3g93h409.xml.bak
- /data/data/####/b1a2faf170507972_0
- /data/data/####/b3656918ba6ce057_0
- /data/data/####/b38a2df3ad6c9fb0_0
- /data/data/####/b39cc1b42eb84d83_0
- /data/data/####/b69b6e717b340d9a_0
- /data/data/####/b71edbf698cb6bea_0
- /data/data/####/b7a9947b47843370_0
- /data/data/####/bad56febee3e2ea1_0
- /data/data/####/bd3e68319f7540e3_0
- /data/data/####/be80e655f7a6d6b8_0
- /data/data/####/bi_1l1li1l1i1li1.xml
- /data/data/####/bi_1l1li1l1i1li1.xml.bak
- /data/data/####/c0143a17142dd543_0
- /data/data/####/c01bac5cd4b392d1_0
- /data/data/####/c14ab210ffd01c0d_0
- /data/data/####/c1b9debd56b6df05_0
- /data/data/####/c1e2f10a39e27506_0
- /data/data/####/c5a9ac48f55358b6_0
- /data/data/####/c67f126d2aa86022_0
- /data/data/####/c6a163c6d49f1271_0
- /data/data/####/c7b9b9e849fccc08_0
- /data/data/####/c8970e0bf20aadb6_0
- /data/data/####/cab9bb5f3d2a4e33_0
- /data/data/####/cb3e7cfb5b588fa3_0
- /data/data/####/cc357993e306db56_0
- /data/data/####/ccf0d74983440bf9_0
- /data/data/####/cdea6e6429f6bde3_0
- /data/data/####/cdea6e6429f6bde3_1
- /data/data/####/ci_v1v2v3.so
- /data/data/####/com.bb.c3ds.sadfas.new.の.dex
- /data/data/####/com.bb.c3ds.sadfas.new.の.dex.flock (deleted)
- /data/data/####/com.bb.c3ds.sadfas.new.の.fadsfads
- /data/data/####/com.bb.c3ds.sadfas.new.の.ffrewf
- /data/data/####/com.fast.ts_keo_ct_default.xml
- /data/data/####/com.fast.ts_keo_preferences.xml
- /data/data/####/com.fast.ts_keoye_after_install_pkg.xml
- /data/data/####/combbawmian.
- /data/data/####/combbawmian.dex
- /data/data/####/combbawmian.dex.flock (deleted)
- /data/data/####/cum.lock
- /data/data/####/d029f0a8fc726de4_0
- /data/data/####/d1f2406f2c3a3556_0
- /data/data/####/d25123d7cf569ddc_0
- /data/data/####/d2af037fedb23df1_0
- /data/data/####/d2b26c8df6ab7e11_0 (deleted)
- /data/data/####/d4870fbb88217b37_0
- /data/data/####/d4870fbb88217b37_1
- /data/data/####/d503e71d8553e08c_0
- /data/data/####/d7fc92ddf4f647e8_0 (deleted)
- /data/data/####/d8036e12f7e17ecc_0
- /data/data/####/d8f32e5341e29be1_0
- /data/data/####/d8f32e5341e29be1_1
- /data/data/####/dad911578b67b98c_0
- /data/data/####/dasdasdsadsad
- /data/data/####/dc1507c2bc6790ca_0
- /data/data/####/ddfbe98140f689d9_0
- /data/data/####/deaa310e61c94c0f_0
- /data/data/####/df8bba96117c9d0c_0
- /data/data/####/e042e8bc8d9a06f4_0 (deleted)
- /data/data/####/e0b6e72253c06ed1_0
- /data/data/####/e0b6e72253c06ed1_1
- /data/data/####/e1f86ccc2da0f41d_0 (deleted)
- /data/data/####/e27b21bac27f4f2c_0
- /data/data/####/e34f187a228945b2_0
- /data/data/####/e53cd21c7aea02cc_0
- /data/data/####/e547effc90490aee_0
- /data/data/####/e63d143fa8ea3870_0
- /data/data/####/e6f54f4cfaa43914_0
- /data/data/####/e6f54f4cfaa43914_1
- /data/data/####/e723f6add279f309_0
- /data/data/####/e858a7a9c40d2a21_0
- /data/data/####/e9044f739aecc6d3_0
- /data/data/####/e966912d5f776613_0
- /data/data/####/ea84070a322d5e89_0
- /data/data/####/eac27dd8f78fd5c9_0
- /data/data/####/ead2dee4a9edcad1_0
- /data/data/####/ead2dee4a9edcad1_1
- /data/data/####/eb0d591d5da1df37_0
- /data/data/####/ebc90f5e2dcb0064_0
- /data/data/####/ec454fd3efa396b5_0
- /data/data/####/ece2dec664bc4dc7_0
- /data/data/####/ece2dec664bc4dc7_1
- /data/data/####/ef29fae6783fbbed_0
- /data/data/####/ef29fae6783fbbed_1
- /data/data/####/ef9e7cd34bb5b3e5_0 (deleted)
- /data/data/####/efcf64e09f6a1b91_0
- /data/data/####/efe590622c485786_0
- /data/data/####/f06506fbde751940_0
- /data/data/####/f06506fbde751940_1
- /data/data/####/f0f91d5e65120e6b_0
- /data/data/####/f0f91d5e65120e6b_1
- /data/data/####/f12fe77b5eeeb63c_0
- /data/data/####/f17ba247f9247fb1_0
- /data/data/####/f1887ad3cc5ecd92_0
- /data/data/####/f26e7d9ef91f3d16_0
- /data/data/####/f4121191e857f7b5_0
- /data/data/####/f57ae89211764dff_0
- /data/data/####/f57ae89211764dff_1
- /data/data/####/f77f8ecc834dad48_0 (deleted)
- /data/data/####/f788e231ebdedd86_0
- /data/data/####/f92e2f290e03cc04_0
- /data/data/####/f9b5ca7f61d8f3ce_0
- /data/data/####/f9b8a91feaa9c5fa_0
- /data/data/####/fab263525ffcf26c_0 (deleted)
- /data/data/####/fb42e78ff0ba0028_0 (deleted)
- /data/data/####/fc1d9163c1fa4a57_0
- /data/data/####/fc3f0bc685e2eac5_0
- /data/data/####/fd4990958d5cf0b0_0
- /data/data/####/fde6d2252e3792e5_0
- /data/data/####/fe74e8d070764ad1_0
- /data/data/####/fec547faac62ec7c_0
- /data/data/####/feea5a93fae69424_0
- /data/data/####/ferfawefbdfsasf.vv
- /data/data/####/ff20c5fe923028b7_0
- /data/data/####/ff4752ab4b9922f2_0
- /data/data/####/ffe1be0079f90c01_0
- /data/data/####/fwj8i3dd.data-journal
- /data/data/####/g5dtf4rd.xml
- /data/data/####/g5dtf4rd.xml.bak
- /data/data/####/godzilla.db
- /data/data/####/godzilla.db-journal
- /data/data/####/godzilla.xml
- /data/data/####/godzilla.xml.bak
- /data/data/####/godzilla_update.xml
- /data/data/####/godzilla_update.xml.bak
- /data/data/####/http_goldgame.world_0.localstorage-journal
- /data/data/####/http_haokanm.site_0.localstorage-journal
- /data/data/####/http_new.beautygame.net_0.localstorage-journal
- /data/data/####/http_s.jopikie.com_0.localstorage-journal
- /data/data/####/https_quewei.site_0.localstorage-journal
- /data/data/####/iavi.txt.xml
- /data/data/####/iavi.txt.xml.bak
- /data/data/####/index
- /data/data/####/lob.xml
- /data/data/####/lob.xml.bak
- /data/data/####/m2020031115.apk
- /data/data/####/m2020031115.dex
- /data/data/####/m2020031115.dex.flock (deleted)
- /data/data/####/metrics_guid
- /data/data/####/mosla_update.xml
- /data/data/####/mosla_update.xml.bak
- /data/data/####/pref_bl
- /data/data/####/s2020031115.apk
- /data/data/####/s2020031115.dex
- /data/data/####/s2020031115.dex.flock (deleted)
- /data/data/####/sbtyu76j7ui78pi7_6i7c8i78i78oin78fi76i8ig78i7.xml
- /data/data/####/temp.zip (deleted)
- /data/data/####/the-real-index
- /data/data/####/urlSetting.xml
- /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
- /system/bin/cat /proc/version
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/.2969407120.apk --oat-fd=109 --oat-location=/data/user/0/<Package>/code_cache/.2969407120.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/<Package>0<Package>/combbawmian. --oat-fd=41 --oat-location=/data/user/0/<Package>/files/<Package>0<Package>/<Package>/1608873862983/combbawmian.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/<Package>0<Package>/combbawmian. --oat-fd=41 --oat-location=/data/user/0/<Package>/files/<Package>0<Package>/<Package>/1608873866376/combbawmian.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/com.bb.c3ds.sadfas.new. .ffrewf --oat-fd=88 --oat-location=/data/user/0/<Package>/cache/<Package>/com.bb.c3ds.sadfas.new. .dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/m2020031115.apk --oat-fd=82 --oat-location=/data/user/0/<Package>/app_dex/m2020031115.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/s2020031115.apk --oat-fd=93 --oat-location=/data/user/0/<Package>/app_dex/s2020031115.dex --compiler-filter=speed
Uses the following algorithms to encrypt data:
- AES
- AES-CBC-PKCS5Padding
- DES-CBC-PKCS5Padding
Uses the following algorithms to decrypt data:
- AES
- AES-CBC-PKCS5Padding
- DES-CBC-PKCS5Padding
- desede-CBC-PKCS5Padding
Accesses the ITelephony private interface.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Displays its own windows over windows of other apps.
