Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.SmsSpy.69.origin
Network activity:
Connects to:
- UDP(DNS) 8####.8.4.4:53
- TCP(HTTP/1.1) php.lao####.com:80
- TCP(HTTP/1.1) imageqi####.lao####.com.####.com:80
- TCP(HTTP/1.1) rp.hp####.cn:80
- TCP(HTTP/1.1) api.lao####.com.####.com:80
- TCP(HTTP/1.1) imageq####.lao####.com.####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) sdk####.hp####.cn:80
- TCP(HTTP/1.1) 1####.254.116.116:80
- TCP(HTTP/1.1) log####.lao####.com:80
- TCP(HTTP/1.1) norma-e####.m####.com:80
- TCP(HTTP/1.1) amdc####.m.ta####.com:80
- TCP(HTTP/1.1) i####.hp####.cn:80
- TCP(HTTP/1.1) sh.wagbr####.aliyun####.com:80
- TCP(HTTP/1.1) idv####.qini####.com:80
- TCP(TLS/1.0) 1####.217.20.106:443
- TCP(TLS/1.0) et2-na6####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) dig.b####.net:443
- TCP(TLS/1.0) c####.x####.com:443
- TCP(TLS/1.0) 1####.217.17.142:443
- TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) acceler####.tencent####.com:443
- TCP(TLS/1.0) safebro####.google####.com:443
- TCP(TLS/1.0) 1####.217.17.106:443
- TCP(TLS/1.0) sf3-ttc####.ps####.com:443
- TCP(TLS/1.0) www.gst####.com:443
- TCP(TLS/1.0) 2####.107.1.97:443
- TCP(TLS/1.0) to####.ctobsn####.com:443
- TCP(TLS/1.0) 1####.217.168.202:443
- TCP(TLS/1.0) android####.go####.com:443
- TCP(TLS/1.0) instant####.google####.com:443
- TCP(TLS/1.0) api.map.b####.com:443
- TCP(TLS/1.0) voledev####.google####.com:443
- TCP(TLS/1.0) 1####.217.20.74:443
- TCP(TLS/1.2) 1####.217.17.142:443
- TCP(TLS/1.2) 1####.217.20.106:443
- TCP(TLS/1.2) 1####.217.20.74:443
- TCP(TLS/1.2) 1####.217.19.195:443
- TCP(TLS/1.2) 1####.217.168.202:443
- TCP zb-cent####.m.ta####.com:443
- TCP 2####.205.253.149:8080
- TCP 2####.205.254.165:8080
DNS requests:
- 254.120.168.####.arpa
- a####.man.aliy####.com
- amdc####.m.ta####.com
- and####.b####.qq.com
- android####.go####.com
- api.lao####.com
- api.map.b####.com
- c####.x####.com
- cryptau####.google####.com
- dig.b####.net
- i####.hp####.cn
- imageq####.lao####.com
- imageqi####.lao####.com
- instant####.google####.com
- is.sn####.com
- l####.tbs.qq.com
- log####.lao####.com
- log.u####.com
- norma-e####.m####.com
- php.lao####.com
- plb####.u####.com
- red.lao####.com
- rp.hp####.cn
- safebro####.google####.com
- sdk####.hp####.cn
- sf3-ttc####.ps####.com
- to####.ctobsn####.com
- u####.u####.com
- umen####.m.ta####.com
- umengj####.m.ta####.com
- voledev####.google####.com
- www.gst####.com
- y####.tim.qq.com
HTTP GET requests:
- api.lao####.com.####.com/sns/androidversioninfo/
- i####.hp####.cn/Author/GetImServer?appid=####&token=####&uid=####
- idv####.qini####.com/p.php
- imageq####.lao####.com.####.com/FgJnKvTtAlHNDGZqbzjozDpctG0F?imageVi####
- imageq####.lao####.com.####.com/FgLBUyihJzc6qAGgmqqZnRpf0edm?imageVi####
- imageq####.lao####.com.####.com/FihgleSCefnVeJAk0eTt0W9JTh5S?imageVi####
- imageq####.lao####.com.####.com/FixuZVLpt3jzn2SMhF26_ynXVeh-?imageVi####
- imageq####.lao####.com.####.com/Fj-qNWiio18BBdj_NawkbCUxKOUp?imageVi####
- imageq####.lao####.com.####.com/Fj-sz975jZ65GqBc9XNJ9xF7sFMu?imageVi####
- imageq####.lao####.com.####.com/FjK4Rk-7cqlKVODZomRJYB_vNlnc?imageVi####
- imageq####.lao####.com.####.com/FjbUH5NdE0ohPajDJ2TnBR3vFd1-?imageVi####
- imageq####.lao####.com.####.com/Fjd9mDmyQvWq_How4YLYbm8hUaz9?imageVi####
- imageq####.lao####.com.####.com/FjpD1pjtFBOa6IbaSVBZ5lBeP3TS?imageVi####
- imageq####.lao####.com.####.com/FkNC2mFKfciX0nyndz-Umk13EMI2?imageVi####
- imageq####.lao####.com.####.com/FkX3seP3oudVmXZriVk61lO5HZoG?imageVi####
- imageq####.lao####.com.####.com/FksH-rq4LVptAF9MfYzOoI21Cthl?imageVi####
- imageq####.lao####.com.####.com/FlJvFkblZbZQ6AcD6wzRWH_lJGMe?imageVi####
- imageq####.lao####.com.####.com/FlYC8mUtqbz_49ACMXyRQOiIuG_K?imageVi####
- imageq####.lao####.com.####.com/Fm2AYoJkZdqz8SQecHtfC1l-dYny?imageVi####
- imageq####.lao####.com.####.com/FmUSNd72zUyWP02ncX1N9PkqfRtU?imageVi####
- imageq####.lao####.com.####.com/FmVS28Iejcmymv3UkIziMa2njPjN?imageVi####
- imageq####.lao####.com.####.com/FmuqaPshr2ozyY1G-6aJrbUDodt3?imageVi####
- imageq####.lao####.com.####.com/Fn6CAjasx74y0t_i8IioKTl4URY-?imageVi####
- imageq####.lao####.com.####.com/FoRoqjgVygmDVfrp_VDKP1CCi6z_?imageVi####
- imageq####.lao####.com.####.com/FogdOx3f-6kZtNXGiVQsb9Sf40mc?imageVi####
- imageq####.lao####.com.####.com/FpvCvgm1839A6ccAC_zmPqcEoOMz?imageVi####
- imageq####.lao####.com.####.com/Fq0a2V4Bi0jfKvoYPnUrmAyyXkiP?imageVi####
- imageq####.lao####.com.####.com/Fq1iiEB75cSb5hmC9il6FULI2ui0?imageVi####
- imageq####.lao####.com.####.com/FqCuZ6sCoc00HOLssNp8QEGv3xKY?imageVi####
- imageq####.lao####.com.####.com/FqTg1IwokonZUyZtxyU2WW7UWZo9?imageVi####
- imageq####.lao####.com.####.com/FqZ88dZCz81QTXf8p3ef5r-69AKs?imageVi####
- imageq####.lao####.com.####.com/FqZDMQQMdrNDEo6ZKpWyjtsKh67O?imageVi####
- imageq####.lao####.com.####.com/FqflNwHr8UrFuQWSH7bu2cIQRl3C?imageVi####
- imageq####.lao####.com.####.com/FqitePRo5W101CnLk0zHk6Q5fzT0?imageVi####
- imageq####.lao####.com.####.com/FqmoC-mhf0txdq-JbXX7aej5NVN0?imageVi####
- imageq####.lao####.com.####.com/FqudViFBrhQRLqlWUtclycN625fF?imageVi####
- imageq####.lao####.com.####.com/FrBlGKS57Wk9RHtYF-Pz0cI4O7W-?imageVi####
- imageq####.lao####.com.####.com/Fr_jXflZd7wGsbMCyei8Bv_M7mPL?imageVi####
- imageq####.lao####.com.####.com/Fs3VWkBEeo8ORdTGIqhGwAXBCS_A?imageVi####
- imageq####.lao####.com.####.com/FsFUyQKKN7yLqss3PGVik8AXa_oU?imageVi####
- imageq####.lao####.com.####.com/FsPZHEJcN48jVpnZB26sdD92uTcH?imageVi####
- imageq####.lao####.com.####.com/Ft6X6QQXonw_q2ZZ1jg3Fnfqy6Ne?imageVi####
- imageq####.lao####.com.####.com/FtBjaohuosqkrCjcQUCER4kkQort?imageVi####
- imageq####.lao####.com.####.com/FtzH9UWMfPtJoLxByqsRii0U8O4-?imageVi####
- imageq####.lao####.com.####.com/FugO3NwwIM_Vvj744ubvsHEPbS21?imageVi####
- imageq####.lao####.com.####.com/FugzGejeG4uEnT6ja1MkyYF47pez?imageVi####
- imageq####.lao####.com.####.com/Fuk-yJuAAaTiizgv1VvQ4uYH0oc1?imageVi####
- imageq####.lao####.com.####.com/Fuqcgi9UxtSh4MXxX-nO8NlqBDJ4?imageVi####
- imageq####.lao####.com.####.com/Fuuv9a4DZbg-1ahCleERs_KHk5sp?imageVi####
- imageq####.lao####.com.####.com/FvN4S1312yc5jsRhmxXbqPQhhGxV?imageVi####
- imageq####.lao####.com.####.com/FvZPVAMOXtN4wMqq4K5pJWQ_7hGy?imageVi####
- imageqi####.lao####.com.####.com/FmpX5Gxa5bM8XNzMessMRuDtwWnA?imageVi####
- log####.lao####.com/index.html?action=####&md5=####&production=####&prod...
- log####.lao####.com/index.html?action=addsysmsg&md5=ef506662b84c68643d54...
- log####.lao####.com/index.html?action=addxposedinfo&md5=b011f1042291611e...
- log####.lao####.com/index.html?action=applicationlist&md5=ca37385d5c47d5...
- log####.lao####.com/index.html?action=btnevent&md5=1e99b0a0a4f2e3e88b962...
- log####.lao####.com/index.html?action=btnevent&md5=ad5604ad57c0e87458b26...
- log####.lao####.com/index.html?action=netelapsedtime&md5=0ef2d675e74641c...
- log####.lao####.com/index.html?action=netelapsedtime&md5=1858930d44e1b53...
- log####.lao####.com/index.html?action=netelapsedtime&md5=1fbcc8b066e512c...
- log####.lao####.com/index.html?action=netelapsedtime&md5=27034e12ef63ab4...
- log####.lao####.com/index.html?action=netelapsedtime&md5=392ef37f55ed204...
- log####.lao####.com/index.html?action=netelapsedtime&md5=44c049e95152114...
- log####.lao####.com/index.html?action=netelapsedtime&md5=54ab9467e825918...
- log####.lao####.com/index.html?action=netelapsedtime&md5=6c8e88d1eda0028...
- log####.lao####.com/index.html?action=netelapsedtime&md5=6ff77a5c009f181...
- log####.lao####.com/index.html?action=netelapsedtime&md5=7c5e6c89ca014b7...
- log####.lao####.com/index.html?action=netelapsedtime&md5=855a2230a520596...
- log####.lao####.com/index.html?action=netelapsedtime&md5=8686387e9d097b0...
- log####.lao####.com/index.html?action=netelapsedtime&md5=874e6ceecdfc4df...
- log####.lao####.com/index.html?action=netelapsedtime&md5=8cd17be8270ef88...
- log####.lao####.com/index.html?action=netelapsedtime&md5=921ab8f40c21919...
- log####.lao####.com/index.html?action=netelapsedtime&md5=965a0e9c8814005...
- log####.lao####.com/index.html?action=netelapsedtime&md5=9670c2e4e1a9dc4...
- log####.lao####.com/index.html?action=netelapsedtime&md5=9aab0fc0ded1a43...
- log####.lao####.com/index.html?action=netelapsedtime&md5=a75444e0e695527...
- log####.lao####.com/index.html?action=netelapsedtime&md5=a8e28ff4d333cd8...
- log####.lao####.com/index.html?action=netelapsedtime&md5=b7fbfdbae4478ca...
- log####.lao####.com/index.html?action=netelapsedtime&md5=c277bb2e8e6663f...
- log####.lao####.com/index.html?action=netelapsedtime&md5=c5937d7049a6238...
- log####.lao####.com/index.html?action=netelapsedtime&md5=c9764c3bf70f776...
- log####.lao####.com/index.html?action=netelapsedtime&md5=d4604503729d0a0...
- log####.lao####.com/index.html?action=netelapsedtime&md5=dd24b4e7a1c52ae...
- log####.lao####.com/index.html?action=netelapsedtime&md5=ed6f144c5f49b2e...
- log####.lao####.com/index.html?action=netelapsedtime&md5=f41f7b805bf9d4c...
- log####.lao####.com/index.html?action=netelapsedtime&md5=fd96a614bbfd2ac...
- log####.lao####.com/index.html?action=pageintime&md5=218b0b05f842800b46f...
- log####.lao####.com/index.html?action=pageintime&md5=269349e1dd9fed2fa3a...
- log####.lao####.com/index.html?action=pageintime&md5=6d4c845f60cbb83bf95...
- log####.lao####.com/index.html?action=pageintime&md5=a4cc3305c891e70762e...
- log####.lao####.com/index.html?action=pageintime&md5=a602bc2e62c088c120c...
- log####.lao####.com/index.html?action=pageintime&md5=e5ec2a3aa96ca879db1...
- log####.lao####.com/index.html?action=pageouttime&md5=3b51da1da5588a623d...
- log####.lao####.com/index.html?action=pageouttime&md5=5f8e20da8c68aa80ae...
- log####.lao####.com/index.html?action=pageouttime&md5=67acbb3f5e54ea5ff3...
- log####.lao####.com/index.html?action=pageouttime&md5=85f003250622b8f1ed...
- log####.lao####.com/index.html?action=pageouttime&md5=c49bd87a0acdd89091...
- log####.lao####.com/index.html?action=pv&md5=055fcf482f4cf0f30862cfa7ddf...
- log####.lao####.com/index.html?action=pv&md5=4e2c2312089ed4eb791f25351dc...
- log####.lao####.com/index.html?action=pv&md5=52ceb87fea765e6eb3a83808a13...
- log####.lao####.com/index.html?action=pv&md5=546ce88be4d1767000ee87cfba0...
- log####.lao####.com/index.html?action=pv&md5=68b2ad3017c33e672178affa0ee...
- log####.lao####.com/index.html?action=pv&md5=6a19c09f3638990278ab1e06ccb...
- log####.lao####.com/index.html?action=pv&md5=795f8625873f057cc452fa70604...
- log####.lao####.com/index.html?action=pv&md5=92db3f4bfcf38181086e5288994...
- log####.lao####.com/index.html?action=pv&md5=939bd8303cd85e271882cc4ee15...
- log####.lao####.com/index.html?action=pv&md5=a27a4df9003e1f1af9217e24de4...
- log####.lao####.com/index.html?action=pv&md5=ba7ecf03b8ce794b056638b1a0b...
- log####.lao####.com/index.html?action=pv&md5=bbc79697c7706f7ccc31e12dc0a...
- log####.lao####.com/index.html?action=pv&md5=bc08ed0d205ee7008c21c4ff845...
- log####.lao####.com/index.html?action=pv&md5=c4cf97d959183fa15c3b42d2331...
- log####.lao####.com/index.html?action=pv&md5=cf0b893e09d82814b6b12530650...
- log####.lao####.com/index.html?action=pv&md5=d090f9d55a3342f822c1f21e686...
- log####.lao####.com/index.html?action=pv&md5=e5fa5847821e69dfd1dc1a5af69...
- log####.lao####.com/index.html?action=pv&md5=eecc884d31cf1515dda245f5f43...
- log####.lao####.com/index.html?action=pv&md5=f3c6561dd6d4db70ec334f156be...
- log####.lao####.com/index.html?action=pv&md5=f678fa2fed809d6b3b10e9bf5ff...
- norma-e####.m####.com/android/exchange/getpublickey.do
- rp.hp####.cn/logins?v=####&s=1=00c####&0i79Muc.i0039fn73c5.1-=####&a####...
- rp.hp####.cn/relation?v=####&s=493m0####&5cp####&39t502=####&400t=####&0...
- rp.hp####.cn/service?v=####&s=1=00c####&a####&15352r.####&6####&44v217=#...
HTTP POST requests:
- amdc####.m.ta####.com/amdc/mobileDispatch?appkey=####&deviceId=####&plat...
- and####.b####.qq.com/rqd/async?aid=####
- api.lao####.com.####.com/home/state/4/3/?md5=486f7565a506a0c6afa4caaee59...
- api.lao####.com.####.com/home/state/4/3/?md5=f2efa50ea5f57adcc1fa7faada5...
- api.lao####.com.####.com/home/ywf/getfox/4/3/?md5=####&production=####&p...
- api.lao####.com.####.com/home/ywf/hotserieslist/4/8/?md5=####&production...
- api.lao####.com.####.com/home/ywf/hotserieslist/4/8/?md5=6de8678fb892fa6...
- api.lao####.com.####.com/home/ywf/tablist/4/5/?md5=1f6814a7f814d42a8bf43...
- api.lao####.com.####.com/home/ywf/tablist/4/5/?md5=4584e2aa2a546febcf876...
- api.lao####.com.####.com/home/ywf/tablist/4/5/?md5=874f1797fcdab459f10c0...
- api.lao####.com.####.com/home/ywf/tablist/4/5/?md5=88665a2398cc43b9f6f03...
- api.lao####.com.####.com/home/ywf/tablist/4/5/?md5=e5b60a2e8d7b5e12209cd...
- api.lao####.com.####.com/home/ywf/topfeed/4/3/?md5=3d960542a5308d6691333...
- api.lao####.com.####.com/qc/list/4/3/?md5=####&production=####&productio...
- api.lao####.com.####.com/qc/list/4/3/?md5=64d64d5539f00f36ba49f93522b512...
- api.lao####.com.####.com/qc/list/4/3/?md5=84c4c658139abd2eee11cccd38a71a...
- api.lao####.com.####.com/qc/list/4/3/?md5=a98eef7038658ec2a13b9b34a34fe7...
- api.lao####.com.####.com/qc/list/4/3/?md5=cc53be443c9ef958c4dd658541911b...
- api.lao####.com.####.com/qc/list/4/3/?md5=f6751d53c9034de211986fb2038557...
- api.lao####.com.####.com/qc/resourcelist/4/3/?md5=946627b6646105fcff2ee4...
- api.lao####.com.####.com/recommend/getnew/4/11/?md5=bb61c9c628f67bcf2b22...
- api.lao####.com.####.com/recommend/listsnsids/4/3/?md5=4e84134fb26e9e50c...
- api.lao####.com.####.com/search/ywf/hotsearchword/one/4/3/?md5=####&prod...
- api.lao####.com.####.com/search/ywf/hotsearchword/one/4/3/?md5=25c194ce5...
- api.lao####.com.####.com/search/ywf/hotsearchword/one/4/3/?md5=385840bf8...
- api.lao####.com.####.com/search/ywf/hotsearchword/one/4/3/?md5=b90c7e308...
- api.lao####.com.####.com/search/ywf/hotsearchword/one/4/3/?md5=c17f225d5...
- api.lao####.com.####.com/search/ywf/hotsearchword/one/4/3/?md5=d62cbb9c2...
- api.lao####.com.####.com/snshotshow/listbycategoryid/4/3/?md5=36256c163f...
- api.lao####.com.####.com/snshotshow/listbycategoryid/4/3/?md5=8cb6c7293c...
- api.lao####.com.####.com/snshotshow/listbycategoryid/4/3/?md5=aab40b5f17...
- api.lao####.com.####.com/snshotshow/listbycategoryid/4/3/?md5=c9ea3ac1ec...
- api.lao####.com.####.com/user/messagecount/4/3/?md5=767f1d14880a4d458165...
- api.lao####.com.####.com/user/ywf/login/4/3/?md5=####&production=####&pr...
- api.lao####.com.####.com/user/ywf/login/4/3/?md5=02357b1f1e949cc7bca9017...
- norma-e####.m####.com/push/android/external/add.do
- php.lao####.com/PublicRoadTest/log-file-receiver.php
- sdk####.hp####.cn/Author/PhoneAuthor/?appid=####&uid=####&version=####&p...
- sh.wagbr####.aliyun####.com/man/api?ak=####&s=####
File system changes:
Creates the following files:
- /data/data/####/-H4qVReGzgEcouTKt9NQkQJ5CEQ.cnt
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/1004
- /data/data/####/1pjdk7XXKO9Yh_DLA8Vrm-iYxp8.cnt
- /data/data/####/2blR2HHFfCS4SXC5S4iyGpkRQvs.cnt
- /data/data/####/3-tFnyr9b8hm9lJKpFlIsjvVlQ4.2098474061.tmp
- /data/data/####/35a8763a3fae4c03b6277f2ef69f029e
- /data/data/####/5F0Fj4AYJmezu1YXW_fzVFsFd7g.1341605934.tmp
- /data/data/####/5X50VBwhbDv3goR-pj3LN1RoYwk.cnt
- /data/data/####/6TtTZilO5nq_PcEsPIWGnVhQCcQ.cnt
- /data/data/####/8nSnW8M5IpWtEt9UgWIvu5xiBWo.644612490.tmp
- /data/data/####/A3AEECD8.dex
- /data/data/####/A3AEECD8.dex.flock (deleted)
- /data/data/####/ACCS_BINDumeng;58624494310c931c3f001e4b.xml
- /data/data/####/ACCS_SDK.xml
- /data/data/####/ACCS_SDK_CHANNEL.xml
- /data/data/####/ACCS_SDK_CHANNEL.xml.bak
- /data/data/####/AGOO_BIND.xml
- /data/data/####/Agoo_AppStore.xml
- /data/data/####/Alvin2.xml
- /data/data/####/AqPfmoyCB5vjz5_KAUhOzOoeSWQ.1293657477.tmp
- /data/data/####/Bf9jSTGMiT84iTfDdkS5hgubBgo.cnt
- /data/data/####/BuglySdkInfos.xml
- /data/data/####/ContextData.xml
- /data/data/####/CzlsBJt1uvgpvSkz66Oe6fBm3sE.778552566.tmp
- /data/data/####/DeviceInfo.xml
- /data/data/####/F-JgSgiQ9PHYGLXzVwl_eeHcxpE.439299290.tmp
- /data/data/####/Fav6BlBrH6OfPN6nhgta1tFkiA0.cnt
- /data/data/####/HuGdRKsRJAVC_1jbWOojcKKSzns.cnt
- /data/data/####/ILPSATqWeG10sQFQjWkf-B7KZdk.1150407609.tmp
- /data/data/####/J7U_2Cb_R0M1jRT1vZgk674ToSA.cnt
- /data/data/####/KzXPk3KsrdyV2yGdUEl344AL4Bs.cnt
- /data/data/####/L02j0xf72MQu6QAyDVFiSPA-Ras.cnt
- /data/data/####/LicenceCheck.lastModified.xml
- /data/data/####/M2RcgNcrjhyXh7NG12hTxlkyBms.2047049390.tmp
- /data/data/####/MUP-Llfry4W8ljpd02exNRkCanc.1730278823.tmp
- /data/data/####/MessageStore.db-journal
- /data/data/####/MpzdQfZr6B9QuvyFPzg96MnYpT4.cnt
- /data/data/####/MsgLogStore.db-journal
- /data/data/####/RdnMIBJM4VB9qsFJvzYq-SWmtbI.107608677.tmp
- /data/data/####/S8sol_tGzWaStnzhVcmbmfICvZA.cnt
- /data/data/####/TD_app_pefercen_profile.xml
- /data/data/####/TD_app_pefercen_profile.xml.bak
- /data/data/####/TDpref_cloudcontrol2.xml
- /data/data/####/TDpref_cloudcontrol2.xml.bak
- /data/data/####/UM_PROBE_DATA.xml
- /data/data/####/VXllyU4qOlshtYHSKrRQotebPSw.cnt
- /data/data/####/WEILIu8uq57ugH1XmtWTTgCXwmI.cnt
- /data/data/####/Y9Eujn7muw4aoeUaptb3cVa-KqM.cnt
- /data/data/####/YGPc1tWlzBL142gk-65G1fIY9d8.cnt
- /data/data/####/Z1ZFhpE1-siE1JNZD0lletn42Do.cnt
- /data/data/####/Zf0ml3hDLkxGcYfd1fS3l6mtD2E.630556989.tmp
- /data/data/####/_mjo82x23CBO4i0wumlox0Labig.cnt
- /data/data/####/aO_sXR031VAas_s4dFnBh_p8R_Q.870088708.tmp
- /data/data/####/aTgGQIvao8jQu9_uJvS3zDasE0M.cnt
- /data/data/####/accs.db-journal
- /data/data/####/ad_auth.xml
- /data/data/####/agoo.pid
- /data/data/####/androidx.work.util.id.xml
- /data/data/####/androidx.work.workdb-journal
- /data/data/####/authStatus_com.feng.car.xml
- /data/data/####/bF9VN0UBQpH3aYfpCwlQk6lLhus.1385295786.tmp
- /data/data/####/bU17mnAbfHM9aJt5y3W553fXCnE.cnt
- /data/data/####/bd_embed_tea_agent.db-journal
- /data/data/####/bugly_db_-journal
- /data/data/####/bytedance_downloader.db-journal
- /data/data/####/c8b62fe65592471ea9826ce3d3bf5a64
- /data/data/####/channel_umeng_common_config.xml
- /data/data/####/classes.dex
- /data/data/####/classes.dex;classes2.dex
- /data/data/####/classes.dex;classes3.dex
- /data/data/####/classes.dex;classes4.dex
- /data/data/####/com.feng.car_preferences.xml
- /data/data/####/com.x.y.1.xml
- /data/data/####/com.x.y.2.xml
- /data/data/####/core_info
- /data/data/####/crashrecord.xml
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTgzODgxOTY3NDI2;
- /data/data/####/dW1weF9wdXNoX2xhdW5jaF8xNTgzODgxOTc3MTYz;
- /data/data/####/dW1weF9wdXNoX3JlZ2lzdGVyXzE1ODM4ODE5Njc0MTE=;
- /data/data/####/download_upload
- /data/data/####/e5736892e8a1492c910a9338d408e46c
- /data/data/####/embed_applog_stats.xml
- /data/data/####/embed_last_sp_session.xml
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/feng.db
- /data/data/####/feng.db-journal
- /data/data/####/feng_sp.xml
- /data/data/####/feng_sp.xml.bak
- /data/data/####/httpdns_config_cache.xml
- /data/data/####/i==1.2.0&&3.9.7_1583881967498_envelope.log
- /data/data/####/iFQddJN46rGS-z18wIb6IDo_KVs.1791287949.tmp
- /data/data/####/idjNrJL9RsnYuYxZLBnWw-LSZVc.cnt
- /data/data/####/imsdk_20200311.log
- /data/data/####/info.xml
- /data/data/####/jeMsnXg5SP__0o9ARMyEQ4GhvfI.cnt
- /data/data/####/kmtLVoBPNZxqUzlAC313yg6keYM.cnt
- /data/data/####/lVqxL0LqPNplMXpKZWwG-zuBz_c.cnt
- /data/data/####/libcuid_v3.so
- /data/data/####/libjiagu.so
- /data/data/####/local_crash_lock
- /data/data/####/local_crash_lock (deleted)
- /data/data/####/message_accs_db
- /data/data/####/message_accs_db-journal
- /data/data/####/mqJSYfEik7ifnjkuIcKBVpH6Ad4.cnt
- /data/data/####/mz_push_preference.xml
- /data/data/####/native_record_lock
- /data/data/####/npth.xml
- /data/data/####/npth_log.db-journal
- /data/data/####/o8H2KPmRZ9-vKb-3by409WDQENo.662903358.tmp
- /data/data/####/p9oXa5rLoHMFK6PK1mZ8VcXre0Q.66279861.tmp
- /data/data/####/p9oXa5rLoHMFK6PK1mZ8VcXre0Q.cnt
- /data/data/####/pn3Iqt2LSyQN7_MGl-yX97TnIDI.cnt
- /data/data/####/proc_auxv
- /data/data/####/security_info
- /data/data/####/share.db-journal
- /data/data/####/siXHwv7Fvjy27_brxutdyEhTM0s.cnt
- /data/data/####/snssdk_openudid.xml
- /data/data/####/sp_push_time.xml
- /data/data/####/t==8.1.0&&3.9.7_1583881969324_envelope.log
- /data/data/####/tbs_download_config.xml
- /data/data/####/tbs_download_config.xml.bak
- /data/data/####/tbs_download_config.xml.bak (deleted)
- /data/data/####/tbs_download_stat.xml
- /data/data/####/tbs_pv_config
- /data/data/####/tbscoreinstall.txt
- /data/data/####/tbslock.txt
- /data/data/####/tdid.xml
- /data/data/####/tt_dns_settings.xml
- /data/data/####/tt_sdk_settings.xml
- /data/data/####/tt_sdk_settings.xml.bak
- /data/data/####/ttopenadsdk.xml
- /data/data/####/ttopensdk.db-journal
- /data/data/####/uM4VIIn_LfEuIrw9OEgHfN3Fnc0.cnt
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/um_pri.xml
- /data/data/####/umdat.xml
- /data/data/####/umeng_common_config.xml
- /data/data/####/umeng_common_location.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_general_config.xml.bak
- /data/data/####/umeng_it.cache
- /data/data/####/umeng_message_state.xml
- /data/data/####/umeng_socialize.xml
- /data/data/####/update.xml
- /data/data/####/wK5YBxpAM3oOv9Dw-U7bAdWk-CU.1680321847.tmp
- /data/data/####/wsJ-1o_vzgZAfB0cXdqx5ZLDI98.cnt
- /data/data/####/wxU97U5Ie4XFMsvx-5Cb_DVYnqk.1495877494.tmp
- /data/data/####/wxU97U5Ie4XFMsvx-5Cb_DVYnqk.cnt
- /data/data/####/zBkYwkUH1oCLBu4PqXRIrZ2jKzU.1533159519.tmp
- /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/.00000000000/A3AEECD8.dex --oat-fd=117 --oat-location=/data/user/0/<Package>/.11111111111/A3AEECD8.dex --compiler-filter=speed
- cat /proc/cpuinfo
- cat /sys/class/net/eth0/address
- chmod 777 /data/user/0/<Package>/cache/Download
- getprop
- getprop ro.build.version.emui
- getprop ro.product.cpu.abi
- ls /
- ls /sys/class/thermal
Uses the following algorithms to encrypt data:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- AES-GCM-NoPadding
- DES-CBC-PKCS7Padding
- RSA-ECB-NoPadding
- RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
- AES-ECB-PKCS5Padding
- AES-GCM-NoPadding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.
