Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Android.DownLoader.4863

Added to the Dr.Web virus database: 2020-05-08

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Click.338.origin
  • Android.Click.339.origin
  • Android.Click.340.origin
  • Android.DownLoader.870.origin
  • Android.DownLoader.906.origin
  • Android.DownLoader.909.origin
  • Android.DownLoader.929.origin
  • Android.DownLoader.956.origin
  • Android.DownLoader.960.origin
  • Android.RemoteCode.262.origin
  • Android.Triada.4567
  • Android.Triada.482.origin
Downloads the following detected threats from the Internet:
  • Android.Click.338.origin
  • Android.Click.339.origin
  • Android.Click.340.origin
  • Android.DownLoader.870.origin
  • Android.DownLoader.906.origin
  • Android.DownLoader.909.origin
  • Android.DownLoader.929.origin
  • Android.DownLoader.956.origin
  • Android.DownLoader.960.origin
  • Android.RemoteCode.262.origin
Network activity:
Connects to:
  • UDP(DNS) 1####.114.114.114:53
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) ss.ist####.com:8071
  • TCP(HTTP/1.1) ln####.jqshe####.com:80
  • TCP(HTTP/1.1) gd.a.s####.com:80
  • TCP(HTTP/1.1) res####.a####.top:80
  • TCP(HTTP/1.1) p####.q####.cn.####.net:80
  • TCP(HTTP/1.1) kz####.o0####.com:12037
  • TCP(HTTP/1.1) ff.s####.com:8080
  • TCP(HTTP/1.1) ap####.adoc####.com:80
  • TCP(HTTP/1.1) jx####.em####.com:10519
  • TCP(HTTP/1.1) api.meiju####.net:80
  • TCP(HTTP/1.1) r.ist####.com:8071
  • TCP(HTTP/1.1) b####.t####.s####.com:80
  • TCP(HTTP/1.1) 2####.98.35.10:80
  • TCP(HTTP/1.1) www.sep####.cn:8084
  • TCP(HTTP/1.1) s####.al####.com:80
  • TCP(HTTP/1.1) ad.smudge####.com:8986
  • TCP(HTTP/1.1) ym####.89####.com:34656
  • TCP(HTTP/1.1) ott.h####.com:8071
  • TCP(HTTP/1.1) api.liyan####.com:808
  • TCP(HTTP/1.1) a.bjsd####.com:80
  • TCP(HTTP/1.1) www.sep####.cn:80
  • TCP(HTTP/1.1) cdn.clou####.xyz:80
  • TCP(HTTP/1.1) k####.mcu####.com:80
  • TCP(HTTP/1.1) ad.l####.com:3001
  • TCP(HTTP/1.1) 1####.29.29.29:80
  • TCP(HTTP/1.1) 47.95.1####.130:80
  • TCP(HTTP/1.1) 1####.196.131.99:3001
  • TCP(HTTP/1.1) www.78####.cc:80
  • TCP(HTTP/1.1) b####.bugse####.com:3001
  • TCP(HTTP/1.1) 1142864####.cn-hang####.fc.####.com:80
  • TCP(HTTP/1.1) img.kuy####.com:80
  • TCP(HTTP/1.1) n3-bugs####.b0.a####.com:80
  • TCP(HTTP/1.1) jp####.njt####.com:10091
  • TCP(HTTP/1.1) b####.bugse####.com:80
  • TCP(HTTP/1.1) m.jufe####.com:80
  • TCP(HTTP/1.1) alldo####.cqs####.com.####.com:80
  • TCP(HTTP/1.1) yun.b####.com:80
  • TCP(HTTP/1.1) php.sho####.com:80
  • TCP(HTTP/1.1) r1.baiyuns####.com:80
  • TCP(HTTP/1.1) api.yunco####.com:80
  • TCP(HTTP/1.1) ad.l####.com:80
  • TCP(HTTP/1.1) wap.78####.cc:80
  • TCP(HTTP/1.1) p####.api.adoc####.com:80
  • TCP(HTTP/1.1) eff.lu.s####.com:80
  • TCP(HTTP/1.1) url.xuntong####.com:80
  • TCP(HTTP/1.1) 2####.186.173.17:8888
  • TCP(HTTP/1.1) de.ssp.harm####.cn:80
  • TCP(HTTP/1.1) i.ist####.com:8071
  • TCP(HTTP/1.1) f####.xuntong####.com:80
  • TCP(HTTP/1.1) 1####.201.175.19:80
  • TCP(HTTP/1.1) mh####.b0.a####.com:80
  • TCP(HTTP/1.1) 39.1####.5.68:80
  • TCP(HTTP/1.1) a.78####.cc:80
  • TCP(HTTP/1.1) z.c####.com:80
  • TCP(HTTP/1.1) dw####.jq####.com:12037
  • TCP(HTTP/1.1) tinychi####.q####.com.####.com:80
  • TCP(HTTP/1.1) d####.dd7####.com:80
  • TCP(HTTP/1.1) t####.a####.top:80
  • TCP(HTTP/1.1) 14.17.1####.182:80
  • TCP(HTTP/1.1) filt####.a####.top:80
  • TCP(HTTP/1.1) 78####.cc:80
  • TCP(HTTP/1.1) i####.doub####.com:80
  • TCP(HTTP/1.1) csd.someint####.com:80
  • TCP(HTTP/1.1) v.sho####.com:80
  • TCP(HTTP/1.1) ad.l####.com:3002
  • TCP(HTTP/1.1) p####.sho####.com:80
  • TCP(HTTP/1.1) ad.l####.com:3000
  • TCP(HTTP/1.1) co####.ssp.adoc####.com:80
  • TCP(HTTP/1.1) tt####.vni####.com:20147
  • TCP(HTTP/1.1) b####.bugse####.com:3002
  • TCP(HTTP/1.1) oi####.kenanta####.com:80
  • TCP(HTTP/1.1) b####.t####.sogo####.####.com:80
  • TCP(HTTP/1.1) b####.bugse####.com:3000
  • TCP(HTTP/1.1) weib####.g####.sina####.com:80
  • TCP(HTTP/1.1) e4####.0r####.com:10293
  • TCP(HTTP/1.1) ssp.k####.com:80
  • TCP(HTTP/1.1) d.sho####.com:80
  • TCP(TLS/1.0) f####.58.com:443
  • TCP(TLS/1.0) z.c####.com:443
  • TCP(TLS/1.0) www.google####.com:443
  • TCP(TLS/1.0) lhyysdk####.oss-cn-####.aliy####.com:443
  • TCP(TLS/1.0) we####.58.com:443
  • TCP(TLS/1.0) www.58.com.####.com:443
  • TCP(TLS/1.0) cn2.3####.cc.####.com:443
  • TCP(TLS/1.0) res.wx.qq.####.com:443
  • TCP(TLS/1.0) android####.go####.com:443
  • TCP(TLS/1.0) xsh####.b####.com:443
  • TCP(TLS/1.0) gm.mm####.com:443
  • TCP(TLS/1.0) apkpro####.b####.com:443
  • TCP(TLS/1.0) lib.sin####.com:443
  • TCP(TLS/1.0) log.mm####.com:443
  • TCP(TLS/1.0) impres####.af####.com:443
  • TCP(TLS/1.0) et2.wagbr####.adverti####.####.com:443
  • TCP(TLS/1.0) us####.al####.com.####.net:443
  • TCP(TLS/1.0) sf1-ttc####.ps####.com:443
  • TCP(TLS/1.0) i####.doub####.com:443
  • TCP(TLS/1.0) dc52####.58.com.####.com:443
  • TCP(TLS/1.0) api.icinep####.com:443
  • TCP(TLS/1.0) api.g####.vip:443
  • TCP(TLS/1.0) j1.5####.com.####.com:443
  • TCP(TLS/1.0) 2####.58.208.106:443
  • TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
  • TCP(TLS/1.0) img.kuy####.com:443
  • TCP(TLS/1.0) ims-####.sm.cn:443
  • TCP(TLS/1.0) na61-####.wagbr####.ali####.####.com:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) i####.doub####.com.####.com:443
  • TCP(TLS/1.0) st3.wagbr####.adverti####.####.com:443
  • TCP(TLS/1.0) md####.google####.com:443
  • TCP(TLS/1.0) c.c####.com:443
  • TCP(TLS/1.0) s####.al####.com:443
  • TCP(TLS/1.0) 1####.217.17.138:443
  • TCP(TLS/1.0) pic.ha####.com:443
  • TCP(TLS/1.0) mipst####.s####.cn:443
  • TCP(TLS/1.0) d####.58.com:443
  • TCP(TLS/1.0) img1-do####.b0.a####.com:443
  • TCP(TLS/1.0) p9.ps####.com.####.com:443
  • TCP(TLS/1.0) ssls####.jom####.com:443
  • TCP(TLS/1.0) trac####.58.com:443
  • TCP(TLS/1.0) ad1.azh####.com:9190
  • TCP(TLS/1.0) g.al####.com:443
  • TCP(TLS/1.0) s####.shidux####.com:443
  • TCP(TLS/1.2) 1####.177.126.94:443
  • TCP(TLS/1.2) 2####.58.211.110:443
  • TCP(TLS/1.2) 2####.58.208.106:443
  • TCP(TLS/1.2) 1####.194.79.113:443
  • TCP 39.1####.38.25:9048
  • TCP gw.adv####.com:8080
DNS requests:
  • 4v####.8m####.com
  • 617.a####.top
  • 617.a####.top.####.8
  • 78####.cc
  • a####.al####.com
  • a####.m.sm.cn
  • a####.xapr####.com
  • a.78####.cc
  • a.bjsd####.com
  • ad.l####.com
  • ad.smudge####.com
  • ad1.azh####.com
  • android####.go####.com
  • ap####.adoc####.com
  • api.adoc####.com
  • api.g####.vip
  • api.icinep####.com
  • api.liyan####.com
  • api.m2g.adoc####.com
  • api.meiju####.n####.####.8
  • api.meiju####.net
  • api.meiju####.net/
  • api.minc####.com
  • api.yunco####.com
  • apkpro####.b####.com
  • app.a####.top
  • b####.bugse####.com
  • b####.bugse####.com
  • b####.t####.s####.com
  • b####.t####.sogo####.com
  • bds.sn####.com
  • c####.mm####.com
  • c.5####.com.cn
  • c.c####.com
  • cdn####.f####.top
  • cdn.clou####.xyz
  • cn2.3####.cc
  • co####.ssp.adoc####.com
  • csd.someint####.com
  • d####.58.com
  • d####.dd7####.com
  • d.clou####.xyz
  • d.sho####.com
  • d1.sho####.com
  • de.ssp.harm####.cn
  • dm####.gn####.com
  • dw####.jq####.com
  • dwf.cqs####.com
  • e4####.0r####.com
  • eff.lu.s####.com
  • ex####.sn####.com
  • f####.58.com
  • f####.xuntong####.com
  • fc.b####.com
  • ff.s####.com
  • filt####.a####.top
  • fou####.ta####.com
  • g####.bdst####.com
  • g.al####.com
  • gm.mm####.com
  • gr####.58.com
  • gw.adv####.com
  • gxe.h####.s####.com
  • h####.c####.com
  • i####.doub####.com
  • i####.doub####.com
  • i####.doub####.com
  • i####.uc.cn
  • i.ist####.com
  • i.sn####.com
  • img.5####.com.cn
  • img.kuy####.com
  • impres####.af####.com
  • ims-####.sm.cn
  • is.sn####.com
  • j1.5####.com.cn
  • jp####.njt####.com
  • jx####.em####.com
  • k####.mcu####.com
  • kz####.o0####.com
  • l####.m.sm.cn
  • lg.ca####.com
  • lg.ca####.com.####.8
  • lhyysdk####.oss-cn-####.aliy####.com
  • lib.sin####.com
  • ln####.jqshe####.com
  • log.mm####.com
  • log.sho####.com
  • m####.go####.com
  • m.jufe####.com
  • md####.google####.com
  • mipst####.s####.cn
  • n####.mer####.s####.com
  • n4.bugse####.com
  • oi####.kenanta####.com
  • ott.h####.com
  • p####.api.adoc####.com
  • p####.bugse####.com
  • p####.byt####.com
  • p####.google####.com
  • p####.q####.cn
  • p####.sho####.com
  • p9.ps####.com
  • php.clou####.xyz
  • php.sho####.com
  • pic.ha####.com
  • plb####.u####.com
  • pv.s####.com
  • r####.wx.qq.com
  • r.ist####.com
  • r1.baiyuns####.com
  • r1.y####.com
  • res####.a####.top
  • rs1.minc####.com
  • s####.al####.com
  • s####.kt####.com
  • s####.kt####.com.####.8
  • s####.m.sm.cn
  • s####.shidux####.com
  • s2.z####.cn
  • s3.ps####.com
  • s3a.ps####.com
  • s9.c####.com
  • s96.c####.com
  • sf1-ttc####.ps####.com
  • sf3-ttc####.ps####.com
  • sn####.kv####.com
  • ss.ist####.com
  • ssp.k####.com
  • t####.a####.top
  • t####.sogo####.com
  • t.clou####.xyz
  • trac####.58.com
  • tt####.vni####.com
  • u####.a####.top
  • u####.u####.com
  • url.xuntong####.com
  • v####.ix####.com
  • v.bjsd####.com
  • v.h####.com
  • v.sho####.com
  • v1.c####.com
  • w####.58.com
  • wap.78####.cc
  • we####.58.com
  • we####.58.com
  • ww1.sin####.cn
  • www.78####.cc
  • www.78####.cc
  • www.google####.com
  • www.sep####.cn
  • www.toutiao####.com
  • wz.78####.cc
  • xsh####.b####.com
  • y####.m.sm.cn
  • ym####.89####.com
  • yun.b####.com
  • z12.c####.com
  • z2.c####.com
  • z3.c####.com
  • z5.c####.com
  • z6.c####.com
HTTP GET requests:
  • 1142864####.cn-hang####.fc.####.com/qs/?pa=####
  • 1142864####.cn-hang####.fc.####.com/xqs/?pa=####
  • 78####.cc/index/count/count_shell?shellname=####
  • a.78####.cc/index/upapp/app_datas?upapp_id=####&imei=####&channel_id=####
  • ad.l####.com/sdk_ad
  • ad.l####.com:3000/api?rdtime=####&secure=####&channel=####&osv=####&adid...
  • ad.l####.com:3001/api?rdtime=####&secure=####&channel=####&osv=####&adid...
  • ad.l####.com:3002/api?rdtime=####&secure=####&channel=####&osv=####&adid...
  • alldo####.cqs####.com.####.com/rhsdk/tktest503/xdt.jar
  • ap####.adoc####.com/ssp/mgm/task?taskId=####&ip=####
  • api.meiju####.net/plugins/80s.json
  • api.meiju####.net/plugins/kuaikan66.json
  • api.meiju####.net/plugins/micaitu.json
  • b####.bugse####.com/sdk_ad
  • b####.bugse####.com/sg001.js
  • b####.bugse####.com/sg002.js
  • b####.bugse####.com/sg003.js
  • b####.bugse####.com:3000/api?rdtime=####&secure=####&channel=####&osv=##...
  • b####.bugse####.com:3001/api?rdtime=####&secure=####&channel=####&osv=##...
  • b####.bugse####.com:3002/api?rdtime=####&secure=####&channel=####&osv=##...
  • b####.t####.s####.com/ask?id=####&cb=####&ssi0=####&wsg=####&_v=####
  • b####.t####.s####.com/wap_ask_service?callback=####&url=####
  • b####.t####.sogo####.####.com/wap/css/common.css
  • b####.t####.sogo####.####.com/wap/images/wap_logo_2.png
  • b####.t####.sogo####.####.com/wap/images/wap_txt_1.png
  • b####.t####.sogo####.####.com/wap/js/wp.js
  • cdn.clou####.xyz/jar/365admo.jar
  • cdn.clou####.xyz/jar/ad367.jar
  • cdn.clou####.xyz/jar/adm_296_1231.jar
  • cdn.clou####.xyz/jar/admob654.jar
  • cdn.clou####.xyz/jar/an0416.jar
  • cdn.clou####.xyz/jar/cf1231.jar
  • cdn.clou####.xyz/jar/js1202.jar
  • cdn.clou####.xyz/jar/la0116huo.jar
  • cdn.clou####.xyz/jar/miqiu0925.jar
  • cdn.clou####.xyz/jar/santi0316.jar
  • cdn.clou####.xyz/jar/so0117.jar
  • cdn.clou####.xyz/jar/xixi0401.jar
  • cdn.clou####.xyz/jar/ys1450.jar
  • cdn.clou####.xyz/jar/ys7781.jar
  • co####.ssp.adoc####.com/api/v2/SDKCommonConfig?channelCode=####&version=...
  • co####.ssp.adoc####.com/api/v2/mgmConfig?channelCode=####&version=####
  • co####.ssp.adoc####.com/api/v2/mgmWebviewRatioConfig?channelCode=####&ve...
  • csd.someint####.com/ds/c0e92f5f05b4b44eb1140963a4131132e6f997f9842e62d9c...
  • d####.dd7####.com//upload/plog/cvfd.jar
  • d####.dd7####.com//upload/sdk/Ericdex20200324.jar
  • d####.dd7####.com//upload/sdk/papp09001dex20200401.jar
  • d####.dd7####.com//upload/sdk2/SDK442dex20200106.jar
  • d####.dd7####.com/upload/plog/bghu.jar
  • d####.dd7####.com/upload/sdk/zawdex20200320.jar
  • d####.dd7####.com/upload/sdk2/rq02dex20190829.jar
  • d####.dd7####.com/upload/sdk3/kzddex20191224.jar
  • eff.lu.s####.com/answer?asid=####&r=####
  • f####.xuntong####.com/app/com.cool.jz.app/230/CoolLedger-channel_release...
  • ff.s####.com:8080/ttad/api/jv5/HOoKYok4gMkH1gXDnyW1FQ==/4aa72613deabcac2...
  • filt####.a####.top/filter_control_617.json
  • gd.a.s####.com/cityjson?ie=####
  • i####.doub####.com/0516000058D36683ADBC094EB400C844
  • i####.doub####.com/aa361989141655bd5d4ee6f3838c3222/5eb47b7f/video/tos/c...
  • i####.doub####.com/ims?kt=####&at=####&key=aHR####&sign=yx####&tv=####&x...
  • img.kuy####.com/pic/uploadimg/2020-3/p2581279028.jpg
  • k####.mcu####.com/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ4NjQiOmZhbHNlL...
  • ln####.jqshe####.com/one/44236jghgvjhbwyf.zip
  • ln####.jqshe####.com/two/aksoqdqwe
  • ln####.jqshe####.com/u/mzkasldjqwex
  • ln####.jqshe####.com/u/smqnsdjqje
  • ln####.jqshe####.com/zz/442ghffgtrwyf.zip
  • m.jufe####.com/caihua/libnms.so
  • m.jufe####.com/caihua/libnms64.so
  • m.jufe####.com/ot/so/sodown.jsp
  • m.jufe####.com/ot/so/sodown.jsp?type=####
  • m.jufe####.com/v2/cd.jsp?ch=####&appId=####&androidId=####&v=####
  • m.jufe####.com/v2/ci.jsp?ch=####&androidId=####&v=####
  • m.jufe####.com/v2/cs.jsp?androidId=####&aid=####&action=####&ch=####
  • mh####.b0.a####.com/api/sdk-api-ad.js
  • mh####.b0.a####.com/favicon.ico
  • mh####.b0.a####.com/sdk/tt_001.html
  • mh####.b0.a####.com/sm/tx001.js
  • mh####.b0.a####.com/sm/tx002.js
  • n3-bugs####.b0.a####.com/100431.html
  • n3-bugs####.b0.a####.com/favicon.ico
  • n3-bugs####.b0.a####.com/moban5/css/animate.min.css
  • n3-bugs####.b0.a####.com/moban5/css/bootstrap.min.css
  • n3-bugs####.b0.a####.com/moban5/css/fontello.css
  • n3-bugs####.b0.a####.com/moban5/css/iconfont.css
  • n3-bugs####.b0.a####.com/moban5/css/reset.css
  • n3-bugs####.b0.a####.com/moban5/css/style.css
  • n3-bugs####.b0.a####.com/moban5/images/p5.png
  • n3-bugs####.b0.a####.com/moban5/js/bootstrap.min.js
  • n3-bugs####.b0.a####.com/moban5/js/jquery-1.11.3.min.js
  • n3-bugs####.b0.a####.com/moban5/js/plugins.min.js
  • n3-bugs####.b0.a####.com/moban5/js/wow.min.js
  • oi####.kenanta####.com/c/ieuwndlsn0219.zip
  • oi####.kenanta####.com/c/jz/kdyyeeq.zip
  • oi####.kenanta####.com/c/soiueyqas.zip
  • p####.api.adoc####.com/ip
  • p####.q####.cn.####.net/vcover_vt_pic/0/rmwveg7cmeicjjpt1444975894.jpg/220
  • p####.q####.cn.####.net/vcover_vt_pic/0/tldyy9mk2ladxmg1518060417/220
  • res####.a####.top/617.html
  • res####.a####.top/LHYY.png
  • res####.a####.top/anshuaControl.json
  • res####.a####.top/sdk10_2.png
  • res####.a####.top/sdk3.png
  • res####.a####.top/sdk6.png
  • s####.al####.com/L1/272/6837/static/wap/img/uc-32.png
  • s####.al####.com/L1/272/6837/static/wap/img/uc.png
  • t####.a####.top/anshua.json
  • t####.a####.top/pingpaiAD.json
  • tinychi####.q####.com.####.com/TTT052_0021.y
  • tinychi####.q####.com.####.com/api_75_api.jar
  • tinychi####.q####.com.####.com/lijian.jar
  • tinychi####.q####.com.####.com/share_img.png
  • tinychi####.q####.com.####.com/sm2_6_smn.jar
  • url.xuntong####.com/com.cool.jz.app/230
  • wap.78####.cc/api/cn/1
  • weib####.g####.sina####.com/large/683cb5a1gy1g1mbi0xz6bj20go08cdg8.jpg
  • www.78####.cc/index/backend/pro_count?event_id=####&imei=####&channel_id...
  • www.78####.cc/index/limit/getLimit?channel=####&project=####
  • www.78####.cc/index/limit/limit_get?channel=####&project=####
  • www.78####.cc/index/project/project_status?action=####
  • www.78####.cc/index/publics/get_hot?user=####
  • www.sep####.cn/1038.html?channelid=####
  • www.sep####.cn/1045.html?channelid=####
  • www.sep####.cn/js/ad.min.js
  • www.sep####.cn/sources/detail/iconfont.css
  • www.sep####.cn/sources/detail/phone.css
  • www.sep####.cn/sources/detail/style.css
  • yun.b####.com/pw/666f72627974.jpg
  • yun.b####.com/pw/70777777.jpg
  • yun.b####.com/pw/765f73646b.jpg
  • yun.b####.com/tz/6173.jpg
  • yun.b####.com/xtz/1579072131.ico
  • z.c####.com/stat.htm?id=####&cnzz_eid=####
HTTP HEAD requests:
  • f####.xuntong####.com/app/com.cool.jz.app/230/CoolLedger-channel_release...
  • url.xuntong####.com/com.cool.jz.app/230
HTTP POST requests:
  • a.bjsd####.com/index.php?r=####
  • ad.smudge####.com:8986/api/5/detail?businessId=####&token=####&timestamp...
  • api.liyan####.com:808/get/api
  • api.meiju####.net/
  • api.yunco####.com/service/rest
  • csd.someint####.com/v2/lkx/c4e42756-44ac-4765-8517-48552114bda7
  • csd.someint####.com/v2/skx/c4e42756-44ac-4765-8517-48552114bda7
  • d.sho####.com/index.php?r=####
  • de.ssp.harm####.cn/r
  • dw####.jq####.com:12037/mqtrll/
  • dw####.jq####.com:12037/wuegnh/
  • e4####.0r####.com:10293/widlth/
  • e4####.0r####.com:10293/xkeila/
  • i.ist####.com:8071/6.1.1/1510864978/1
  • jp####.njt####.com:10091/wisdom/marking
  • jx####.em####.com:10519/ntmili/
  • jx####.em####.com:10519/qazggd/
  • jx####.em####.com:10519/xoslvm/
  • kz####.o0####.com:12037/ftudgp/
  • kz####.o0####.com:12037/mqtrll/
  • ott.h####.com:8071/api/10
  • p####.sho####.com/index.php?r=####
  • php.sho####.com/index.php?r=####
  • r.ist####.com:8071/6.1.1/163832107/2
  • r1.baiyuns####.com/service/rest
  • ss.ist####.com:8071/1
  • ss.ist####.com:8071/8
  • ssp.k####.com/api/useful
  • tt####.vni####.com:20147/dijc1v/
  • v.sho####.com/index.php?r=####
  • www.78####.cc/index/backend/pro_data
  • www.sep####.cn:8084/ad/channel/getChannelList
  • ym####.89####.com:34656/aowbg/
  • ym####.89####.com:34656/ixowf/
  • ym####.89####.com:34656/qdkle/
  • ym####.89####.com:34656/rqiea/
File system changes:
Creates the following files:
  • /data/data/####/-1127729055-1266689676
  • /data/data/####/.6173.apk
  • /data/data/####/.6173.dex
  • /data/data/####/.6173.dex.flock (deleted)
  • /data/data/####/.666f72627974.apk
  • /data/data/####/.666f72627974.dex
  • /data/data/####/.666f72627974.dex.flock (deleted)
  • /data/data/####/.70777777.apk
  • /data/data/####/.70777777.dex
  • /data/data/####/.70777777.dex.flock (deleted)
  • /data/data/####/.765f73646b.apk
  • /data/data/####/.765f73646b.dex
  • /data/data/####/.765f73646b.dex.flock (deleted)
  • /data/data/####/.bak
  • /data/data/####/.bdlock
  • /data/data/####/.dex
  • /data/data/####/.dex.flock (deleted)
  • /data/data/####/.f458e123-1bc2-44b2-a4c9-1675d6875ad2
  • /data/data/####/.imprint
  • /data/data/####/.suuid
  • /data/data/####/.suuid.lock
  • /data/data/####/00993f511c8b1b878830aa908a599c16c3d7ae512bc2c46....0.tmp
  • /data/data/####/02444eda177e91d1_0
  • /data/data/####/026a67c1da734ba5_0
  • /data/data/####/026a67c1da734ba5_1
  • /data/data/####/029f3598556c673dec8a8d52ab4d3640.0.tmp
  • /data/data/####/029f3598556c673dec8a8d52ab4d3640.1.tmp
  • /data/data/####/034fd43ce0c47da5db73d085e7768524fb762dbf9948d8f....0.tmp
  • /data/data/####/0389ab9faa3d953a_0
  • /data/data/####/042b705c03135639_0
  • /data/data/####/0577124ae2839581_0
  • /data/data/####/09230ebd5f3fc307_0
  • /data/data/####/0da42c3166426948_0
  • /data/data/####/0da42c3166426948_1
  • /data/data/####/0e350b766d596aff_0
  • /data/data/####/0e350b766d596aff_1
  • /data/data/####/1021689741840853517
  • /data/data/####/10_2.dex (deleted)
  • /data/data/####/10_2.dex.flock (deleted)
  • /data/data/####/10_2.jar
  • /data/data/####/143970178-1509997924
  • /data/data/####/161e8125686aafae_0
  • /data/data/####/18873752c3fbe12ffe85ee4952f33c449532fba942089c4....0.tmp
  • /data/data/####/1ab1a36d887a253edd1fe33ff509a07e.0.tmp
  • /data/data/####/1ab1a36d887a253edd1fe33ff509a07e.1.tmp
  • /data/data/####/1b35351742fbe1af_0
  • /data/data/####/1f4c42c2ca4cd7f6_0
  • /data/data/####/1f4c42c2ca4cd7f6_1
  • /data/data/####/214b24e970f6e9a394ac80a4af8a671e.db
  • /data/data/####/21b60fb6adc59d02_0
  • /data/data/####/2234b121ae530bae_0
  • /data/data/####/2437898672c2a2ef_0
  • /data/data/####/24a52531b50817fa_0
  • /data/data/####/24a52531b50817fa_1
  • /data/data/####/25a78a055f24659b_0
  • /data/data/####/267d778e2ab8659263fd9fd49f3b76795a38a2dac099769....0.tmp
  • /data/data/####/26e1d6891242f138_0
  • /data/data/####/26f2e38eea006505_0
  • /data/data/####/2714ce7ecd9dbcfe_0
  • /data/data/####/27f2dd6b1ceca7b927c695cad6d8d546.0.tmp
  • /data/data/####/27f2dd6b1ceca7b927c695cad6d8d546.1.tmp
  • /data/data/####/28BFF8DF45B978D339EFBD230A17100A.dex
  • /data/data/####/28BFF8DF45B978D339EFBD230A17100A.dex.flock (deleted)
  • /data/data/####/29d69140079b845e_0
  • /data/data/####/2D877BEFD33FF12D858B92AAFB6A567E.dex
  • /data/data/####/2D877BEFD33FF12D858B92AAFB6A567E.dex.flock (deleted)
  • /data/data/####/2bc2d1a6e132e24b_0
  • /data/data/####/3.dex (deleted)
  • /data/data/####/3.dex.flock (deleted)
  • /data/data/####/3.jar
  • /data/data/####/3006896f090241cd_0
  • /data/data/####/3006896f090241cd_1
  • /data/data/####/365admo.dex
  • /data/data/####/365admo.dex.flock (deleted)
  • /data/data/####/36bd1ba46f08b1f74e67523b148cad7501751d6bb3c8789....0.tmp
  • /data/data/####/388052ae96cc1635ef5051fd5372e8b5.0.tmp
  • /data/data/####/388052ae96cc1635ef5051fd5372e8b5.1.tmp
  • /data/data/####/3a451df2d3075370_0
  • /data/data/####/3a451df2d3075370_1
  • /data/data/####/3b3039e15a42b4acb7ad9507cc1833fbfbb23ec66f9c5f6....0.tmp
  • /data/data/####/3d087411528c0546_0
  • /data/data/####/402a3c145e89fe017738b95148df3bc9.0.tmp
  • /data/data/####/402a3c145e89fe017738b95148df3bc9.1.tmp
  • /data/data/####/403ac6020fa03cf4_0
  • /data/data/####/42e3379b554d697429c03f7f78da57aa.0.tmp
  • /data/data/####/42e3379b554d697429c03f7f78da57aa.1.tmp
  • /data/data/####/44367F39739CCD6BBF960E91E7DB78B2.xml
  • /data/data/####/44b7d4c434b47e92_0
  • /data/data/####/44b7d4c434b47e92_1
  • /data/data/####/463772255674cfef_0
  • /data/data/####/46c896ee89731ecb_0
  • /data/data/####/46c896ee89731ecb_1
  • /data/data/####/47d4228f3bad4f1d_0
  • /data/data/####/4B8DB6B83129A65A2EF4DCFC1393C3B0.xml
  • /data/data/####/4D002E28A394CE875ED647EEEB8EECAC.dex
  • /data/data/####/4D002E28A394CE875ED647EEEB8EECAC.dex.flock (deleted)
  • /data/data/####/4b5d60033f49281a_0
  • /data/data/####/4e45bac7838d2deb_0
  • /data/data/####/4f118e10919f4aceba83a27652ccc452.0.tmp
  • /data/data/####/4f118e10919f4aceba83a27652ccc452.1.tmp
  • /data/data/####/4fe7bd89a01cf83a_0
  • /data/data/####/5731148B02391003626E1D6AA6E7C848.dex
  • /data/data/####/5731148B02391003626E1D6AA6E7C848.dex.flock (deleted)
  • /data/data/####/579565eec49cc265_0
  • /data/data/####/579565eec49cc265_1
  • /data/data/####/58e1ffad1eaf8445_0
  • /data/data/####/58e1ffad1eaf8445_1
  • /data/data/####/592meiju_data.xml
  • /data/data/####/596b7d5e30df79df_0
  • /data/data/####/5b65d82d7dc634d4_0
  • /data/data/####/5cf489cd310a7607_0
  • /data/data/####/6.dex (deleted)
  • /data/data/####/6.dex.flock (deleted)
  • /data/data/####/6.jar
  • /data/data/####/61362fd2a4aec3e3_0
  • /data/data/####/61362fd2a4aec3e3_1
  • /data/data/####/61b3e3a71cda4c03_0
  • /data/data/####/61d018678fdd98b9_0
  • /data/data/####/6355c27db2864218158100bc3fa20751
  • /data/data/####/6355c27db2864218158100bc3fa20751.tmp
  • /data/data/####/6b0046aa35b4ccb58938330566f1083b.0.tmp
  • /data/data/####/6b0046aa35b4ccb58938330566f1083b.1.tmp
  • /data/data/####/6b594dc93c6ae451f2b8663d001cc538.0.tmp
  • /data/data/####/6b594dc93c6ae451f2b8663d001cc538.1.tmp
  • /data/data/####/6cca847935c8af83b5386c466243959d.0.tmp
  • /data/data/####/6cca847935c8af83b5386c466243959d.1.tmp
  • /data/data/####/6f182f23ff9d74e8bc48ee4f8ad28391238807a2c249e7d....0.tmp
  • /data/data/####/70bd33ff4f48ceef_0
  • /data/data/####/70bd33ff4f48ceef_1
  • /data/data/####/71ea3523cdcca367_0
  • /data/data/####/72e5f6a7283a9e465b414e0192c071c9.0.tmp
  • /data/data/####/72e5f6a7283a9e465b414e0192c071c9.1
  • /data/data/####/74cc40abe940518b_0
  • /data/data/####/75e901d2edbff818_0
  • /data/data/####/7701029832
  • /data/data/####/785dccd23290f43e_0
  • /data/data/####/79cbf504e4cb4331_0
  • /data/data/####/7a8f11619dc79ad6_0
  • /data/data/####/7b197e675d463842_0
  • /data/data/####/7b197e675d463842_1
  • /data/data/####/7cbf62915c2bf508_0
  • /data/data/####/80c784a6ccb6d321_0
  • /data/data/####/81e1e7a35728918a_0
  • /data/data/####/84ba1e02b607c12e733d0d7eb1875a0644af3ed59c0ca3f....0.tmp
  • /data/data/####/85a00c385b940a7a_0
  • /data/data/####/85d67f99e81b7178_0
  • /data/data/####/87236ad5fabafe74_0
  • /data/data/####/87236ad5fabafe74_1
  • /data/data/####/89c7e21b2a1de4c4_0
  • /data/data/####/8EAD111D030291821E19A80E344C340A.xml
  • /data/data/####/8cb9fc596ece5fde_0
  • /data/data/####/8cb9fc596ece5fde_1
  • /data/data/####/8d1c57f9cfc385dc_0
  • /data/data/####/8de241427775dca1ac66ccee6eb4923a.0.tmp
  • /data/data/####/8de241427775dca1ac66ccee6eb4923a.1.tmp
  • /data/data/####/8e254b0bced8b664da46d56411f4c485.0.tmp
  • /data/data/####/8e254b0bced8b664da46d56411f4c485.1.tmp
  • /data/data/####/8f68b92eb8d59c6c_0
  • /data/data/####/8fd202430b8f7da6_0 (deleted)
  • /data/data/####/91b308d83f06b9b514556df25aeb6473289db7fc56e1c1d....0.tmp
  • /data/data/####/91c0612f7cba5c37_0
  • /data/data/####/93a34fe8d0bdbc1425e88dd745161a17.db
  • /data/data/####/94a89b3cdb2631c1_0
  • /data/data/####/95a04e4fb2325ee9_0
  • /data/data/####/9618302918.xml
  • /data/data/####/9618302918.xml.bak
  • /data/data/####/9c346ccdcdbd5cc184e0806d2dc0876177a7123a6837d03....0.tmp
  • /data/data/####/9e9310c3caf74614_0
  • /data/data/####/Cookies-journal
  • /data/data/####/Ericdex20200324.dex
  • /data/data/####/Ericdex20200324.dex.flock (deleted)
  • /data/data/####/HttpDNSConstantsJson.xml
  • /data/data/####/Ix132mMskey1.xml
  • /data/data/####/Ix132mMtasks.xml
  • /data/data/####/Ix132mMtasks.xml.bak
  • /data/data/####/SDK442dex20200106.dex
  • /data/data/####/SDK442dex20200106.dex.flock (deleted)
  • /data/data/####/UM_PROBE_DATA.xml
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/_p.xml
  • /data/data/####/_sh.xml
  • /data/data/####/a1345af851b5d4e46e74031fc7d536c8bc80f66ddf25a90....0.tmp
  • /data/data/####/a299ebccc6d2f08c29168c41caa787c4.0.tmp
  • /data/data/####/a299ebccc6d2f08c29168c41caa787c4.1.tmp
  • /data/data/####/a5612ebed3d70361db4a062bd1bfd12d.0.tmp
  • /data/data/####/a5612ebed3d70361db4a062bd1bfd12d.1.tmp
  • /data/data/####/a76f5044b28a6734855a12af6cadc19d6537431aabf4510....0.tmp
  • /data/data/####/a888b2ce5d18a925_0
  • /data/data/####/a888b2ce5d18a925_1
  • /data/data/####/a92112b06fa31290_0 (deleted)
  • /data/data/####/a95bfe1862d2566f_0
  • /data/data/####/a95bfe1862d2566f_1
  • /data/data/####/acc2552224265139_0
  • /data/data/####/ad367.dex
  • /data/data/####/ad367.dex.flock (deleted)
  • /data/data/####/adb482cf92102505_0
  • /data/data/####/admob654.dex
  • /data/data/####/admob654.dex.flock (deleted)
  • /data/data/####/ae163094d28df65b_0
  • /data/data/####/aee82cb2b27690dd_0
  • /data/data/####/af718ea2158bb085_0
  • /data/data/####/an0416.dex
  • /data/data/####/an0416.dex.flock (deleted)
  • /data/data/####/api.dex
  • /data/data/####/api.dex.flock (deleted)
  • /data/data/####/api.jar
  • /data/data/####/atai.jar
  • /data/data/####/b06578ae0cd878a24c1c3e977623353f33c4844ad09e2fa....0.tmp
  • /data/data/####/b1dee636f3931e4f_0
  • /data/data/####/b3bd7c1b3ae8637c_0
  • /data/data/####/b6d18b45203d9613_0
  • /data/data/####/ba3faf3c6a49406f_0
  • /data/data/####/bb549fea9ff55120_0
  • /data/data/####/bc09eb81cd16f384_0
  • /data/data/####/bcfc76c61684846e_0
  • /data/data/####/bfe888b98c4c5622_0
  • /data/data/####/bghu.dex
  • /data/data/####/bghu.dex.flock (deleted)
  • /data/data/####/bxshieldcfg.xml
  • /data/data/####/bxshieldcfg.xml.bak
  • /data/data/####/bxshieldcfg.xml.bak (deleted)
  • /data/data/####/bxshieldh.db-journal
  • /data/data/####/c.dat
  • /data/data/####/c112256c04e7d836_0
  • /data/data/####/c2a22b733c47aacb_0
  • /data/data/####/cad5697aa715fbc1732c3b097b479937d0e3eeaab7da4c9....0.tmp
  • /data/data/####/cca2da790f141be8b8b357c73092b75a.0.tmp
  • /data/data/####/cca2da790f141be8b8b357c73092b75a.1.tmp
  • /data/data/####/cdaeb425fe344e29_0
  • /data/data/####/ce818a1f2604843e_0
  • /data/data/####/cf02cba8aa325a81_0
  • /data/data/####/cf1231.dex
  • /data/data/####/cf1231.dex.flock (deleted)
  • /data/data/####/cfcff5229a6739d60df5eebb6765e0b8
  • /data/data/####/cfcff5229a6739d60df5eebb6765e0b8.tmp
  • /data/data/####/cfdsd.xml
  • /data/data/####/cfdsd.xml.bak
  • /data/data/####/cfdsd.xml.bak (deleted)
  • /data/data/####/classes.dex.flock (deleted)
  • /data/data/####/classes.jar
  • /data/data/####/com.meiju592.app_preferences.xml
  • /data/data/####/com.meiju592.app_preferences.xml.bak (deleted)
  • /data/data/####/cvfd.dex
  • /data/data/####/cvfd.dex.flock (deleted)
  • /data/data/####/d044d44896450e5b_0
  • /data/data/####/d19f1e78d0e30c30_0
  • /data/data/####/d1a8e1674c0bc9e0_0
  • /data/data/####/dW1weF9pbnRlcm5hbF8xNTg4ODg1NjYxNjc2;
  • /data/data/####/dW1weF9pbnRlcm5hbF8xNTg4ODg1NjcwODE5;
  • /data/data/####/db1079d0268380b1_0
  • /data/data/####/db64144592e6c02b040383ecdf104e9c1d3c316f1fc6c34....0.tmp
  • /data/data/####/dd7e990a0fa41dc84bfcf1f190f92f29.0.tmp
  • /data/data/####/dd7e990a0fa41dc84bfcf1f190f92f29.1.tmp
  • /data/data/####/de3wq2u.data-journal
  • /data/data/####/dns_ip_info.db
  • /data/data/####/dns_ip_info.db-journal
  • /data/data/####/downUmeng.dex
  • /data/data/####/downUmeng.dex.flock (deleted)
  • /data/data/####/downUmeng.jar
  • /data/data/####/downloader.db-journal
  • /data/data/####/dwrsw2w33x.xml
  • /data/data/####/dwrsw2w33x.xml.bak
  • /data/data/####/dwrsw2w33x.xml.bak (deleted)
  • /data/data/####/dwssedjb.data-journal
  • /data/data/####/dwwsdws.data-journal
  • /data/data/####/dzbcsa.xml
  • /data/data/####/dzbcsa.xml.bak
  • /data/data/####/e1f09243a8de6572_0
  • /data/data/####/e2be2cad701429a5_0
  • /data/data/####/e2df73e753930659_0
  • /data/data/####/e30223f42a3c1738_0
  • /data/data/####/e5863f2edaa7b33a_0
  • /data/data/####/e60a1fb2b4146722129ac1d05188cff8119b6fbd77c5b32...cb80.0
  • /data/data/####/e7bef99d78dfd0e8900be326e465ae9f.0.tmp
  • /data/data/####/e7bef99d78dfd0e8900be326e465ae9f.1.tmp
  • /data/data/####/e9cd6ecfb638bd30356a56bd97943a99.0.tmp
  • /data/data/####/e9cd6ecfb638bd30356a56bd97943a99.1.tmp
  • /data/data/####/edaabf2cbd78b31b_0
  • /data/data/####/edghy6trds.xml
  • /data/data/####/edghy6trds.xml.bak
  • /data/data/####/edghy6trds.xml.bak (deleted)
  • /data/data/####/ef3053a5614a8eb4_0
  • /data/data/####/ef3bb9e431f42956d7418fa4f42c60de2efb6e315cb9286....0.tmp
  • /data/data/####/ef3e3cf75ff31cb0af5d33e45b2eb39d.0.tmp
  • /data/data/####/ef3e3cf75ff31cb0af5d33e45b2eb39d.1.tmp
  • /data/data/####/ef71b91d46b5bec1_0
  • /data/data/####/eoqpgixe.dex (deleted)
  • /data/data/####/eoqpgixe.dex.flock (deleted)
  • /data/data/####/eoqpgixe.jar
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/exid.dat
  • /data/data/####/f026ef5c8fbda785bdc0f43ad98c9383.db
  • /data/data/####/f03a2b54d96ad247_0
  • /data/data/####/f06ee32aa1eda3a5_0
  • /data/data/####/f50fd18752b98d15_0
  • /data/data/####/f5bc8d520d3e8c00_0
  • /data/data/####/f5ddfc9f26735ea5_0
  • /data/data/####/f75ab44b7e9d8f40_0
  • /data/data/####/f75ab44b7e9d8f40_1
  • /data/data/####/faa6b1ce5597cc7a_0
  • /data/data/####/fb44871185581fb1a2dd9b446f64637d.0.tmp
  • /data/data/####/fb44871185581fb1a2dd9b446f64637d.1.tmp
  • /data/data/####/fc33210168c75b76_0
  • /data/data/####/fc33210168c75b76_1
  • /data/data/####/fd07144201813397_0
  • /data/data/####/fd07144201813397_1
  • /data/data/####/gameid
  • /data/data/####/gameid.zip
  • /data/data/####/gk.xml
  • /data/data/####/hanbxer.xml
  • /data/data/####/hdp.xml
  • /data/data/####/hdp.xml.bak
  • /data/data/####/hffjhas.data-journal
  • /data/data/####/https_yz.m.sm.cn_0.localstorage-journal
  • /data/data/####/i==1.2.0&&zhaohuiyou修改_1588885661891_envelope.log
  • /data/data/####/index
  • /data/data/####/info.xml
  • /data/data/####/journal.tmp
  • /data/data/####/js1202.dex
  • /data/data/####/js1202.dex.flock (deleted)
  • /data/data/####/kdrd3ew4.data-journal
  • /data/data/####/kdsedqe.data-journal
  • /data/data/####/kzddex20191224.dex
  • /data/data/####/kzddex20191224.dex.flock (deleted)
  • /data/data/####/la0116huo.dex
  • /data/data/####/la0116huo.dex.flock (deleted)
  • /data/data/####/leroadcfg.xml
  • /data/data/####/libbaiduprotect_x86
  • /data/data/####/libcwzdnq.so
  • /data/data/####/libcwzdnq.so-32
  • /data/data/####/libcwzdnq.so-64
  • /data/data/####/libnms.so
  • /data/data/####/libnms64.so
  • /data/data/####/libxov
  • /data/data/####/lijian.dex
  • /data/data/####/lijian.dex.flock (deleted)
  • /data/data/####/lijian.jar
  • /data/data/####/lpl.xml
  • /data/data/####/lpl.xml.bak
  • /data/data/####/lpl.xml.bak (deleted)
  • /data/data/####/meijuniaoV2.db-journal
  • /data/data/####/metrics_guid
  • /data/data/####/miqiu0925.dex
  • /data/data/####/miqiu0925.dex.flock (deleted)
  • /data/data/####/nggvdd.data-journal
  • /data/data/####/owsddza.xml
  • /data/data/####/owsddza.xml.bak
  • /data/data/####/papp09001dex20200401.dex
  • /data/data/####/papp09001dex20200401.dex.flock (deleted)
  • /data/data/####/proc_auxv
  • /data/data/####/qweswws.data-journal
  • /data/data/####/qwevwwssww.xml
  • /data/data/####/qwevwwssww.xml.bak
  • /data/data/####/rq02dex20190829.dex
  • /data/data/####/rq02dex20190829.dex.flock (deleted)
  • /data/data/####/rq_file.xml
  • /data/data/####/santi0316.dex
  • /data/data/####/santi0316.dex.flock (deleted)
  • /data/data/####/sdk_config.xml
  • /data/data/####/sm2.dex
  • /data/data/####/sm2.dex.flock (deleted)
  • /data/data/####/sm2.jar
  • /data/data/####/so0117.dex
  • /data/data/####/so0117.dex.flock (deleted)
  • /data/data/####/sp_ad_download_event.xml
  • /data/data/####/sp_reward_video_adslot.xml
  • /data/data/####/sp_reward_video_adslot_preload.xml
  • /data/data/####/sp_reward_video_cache_933669717.xml
  • /data/data/####/spu_ti.xml
  • /data/data/####/spu_ti.xml.bak (deleted)
  • /data/data/####/spu_yj.xml
  • /data/data/####/sunn.dex
  • /data/data/####/sunn.dex.flock (deleted)
  • /data/data/####/sunn.jar
  • /data/data/####/sunn.tmp (deleted)
  • /data/data/####/sunn.x
  • /data/data/####/swwkwsghf.data-journal
  • /data/data/####/the-real-index
  • /data/data/####/tt_sdk_settings.xml
  • /data/data/####/tt_sdk_settings.xml.bak
  • /data/data/####/ttopenadsdk.xml
  • /data/data/####/ua.db
  • /data/data/####/ua.db-journal
  • /data/data/####/ugr5trds.data-journal
  • /data/data/####/um_pri.xml
  • /data/data/####/umdat.xml
  • /data/data/####/umeng_common_config.xml
  • /data/data/####/umeng_common_location.xml
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_general_config.xml.bak
  • /data/data/####/umeng_it.cache
  • /data/data/####/vpef.xml
  • /data/data/####/vpef.xml.bak
  • /data/data/####/wbwgdesf.xml
  • /data/data/####/wbwgdesf.xml.bak
  • /data/data/####/wbwgdesf.xml.bak (deleted)
  • /data/data/####/wesdrdsqse.xml
  • /data/data/####/wesdrdsqse.xml.bak
  • /data/data/####/wesdrdsqse.xml.bak (deleted)
  • /data/data/####/wesw2qse.xml
  • /data/data/####/wesw2qse.xml.bak
  • /data/data/####/wewse23wws.data-journal
  • /data/data/####/wiwsf.xml
  • /data/data/####/wiwsf.xml.bak
  • /data/data/####/wjrwwwsswsf.xml
  • /data/data/####/wjrwwwsswsf.xml.bak
  • /data/data/####/wjrwwwsswsf.xml.bak (deleted)
  • /data/data/####/wr4532de.xml
  • /data/data/####/wr4532de.xml.bak
  • /data/data/####/wr4532de.xml.bak (deleted)
  • /data/data/####/wrwwswe.xml
  • /data/data/####/wrwwswe.xml.bak
  • /data/data/####/wrwwswe.xml.bak (deleted)
  • /data/data/####/wry6reww322.xml
  • /data/data/####/wry6reww322.xml.bak
  • /data/data/####/wry6reww322.xml.bak (deleted)
  • /data/data/####/wsdewse.xml
  • /data/data/####/wsdewse.xml.bak
  • /data/data/####/wsdewse.xml.bak (deleted)
  • /data/data/####/wtwtggs.data-journal
  • /data/data/####/wwawds.data-journal
  • /data/data/####/wweds3sws.data-journal
  • /data/data/####/wwsrswf.data-journal
  • /data/data/####/wwssse.xml
  • /data/data/####/wwssse.xml.bak
  • /data/data/####/wwssse.xml.bak (deleted)
  • /data/data/####/wwswswewax.xml
  • /data/data/####/wwswswewax.xml.bak
  • /data/data/####/wwwseds.data-journal
  • /data/data/####/xixi0401.dex
  • /data/data/####/xixi0401.dex.flock (deleted)
  • /data/data/####/xshield_d.db-journal
  • /data/data/####/xshield_re_po_rt.xml
  • /data/data/####/yd_config_c.xml
  • /data/data/####/ys1450.dex
  • /data/data/####/ys1450.dex.flock (deleted)
  • /data/data/####/ys7781.dex
  • /data/data/####/ys7781.dex.flock (deleted)
  • /data/data/####/zawdex20200320.dex
  • /data/data/####/zawdex20200320.dex.flock (deleted)
  • /data/data/####/zgf.xml
  • /data/data/####/zrhzaf.png
  • /data/media/####/.a.dat
  • /data/media/####/.adfwe.dat
  • /data/media/####/.cca.dat
  • /data/media/####/.dzc
  • /data/media/####/.eiz
  • /data/media/####/.hwm
  • /data/media/####/.nid
  • /data/media/####/.qosu
  • /data/media/####/.umm.dat
  • /data/media/####/.upj
  • /data/media/####/.usdis
  • /data/media/####/0f4e1d5ae60f6339bf30f0a3de1b4923.png
  • /data/media/####/230.apk.temp
  • /data/media/####/28BFF8DF45B978D339EFBD230A17100A (deleted)
  • /data/media/####/28BFF8DF45B978D339EFBD230A17100A.jar
  • /data/media/####/28BFF8DF45B978D339EFBD230A17100A.temp
  • /data/media/####/2D877BEFD33FF12D858B92AAFB6A567E
  • /data/media/####/2D877BEFD33FF12D858B92AAFB6A567E.jar
  • /data/media/####/2D877BEFD33FF12D858B92AAFB6A567E.temp
  • /data/media/####/2e501745fad44f7433cdff62785072ef.xml
  • /data/media/####/2e501745fad44f7433cdff62785072ef.xml.bak (deleted)
  • /data/media/####/365admo.jar
  • /data/media/####/3EECF143548FEC8323DACA31637DE2D6.jar
  • /data/media/####/3EECF143548FEC8323DACA31637DE2D6.temp
  • /data/media/####/4D002E28A394CE875ED647EEEB8EECAC (deleted)
  • /data/media/####/4D002E28A394CE875ED647EEEB8EECAC.jar
  • /data/media/####/4D002E28A394CE875ED647EEEB8EECAC.temp
  • /data/media/####/4ea7316bc26e87103f2dde58058a35fd.tmp
  • /data/media/####/5731148B02391003626E1D6AA6E7C848
  • /data/media/####/5731148B02391003626E1D6AA6E7C848.jar
  • /data/media/####/5731148B02391003626E1D6AA6E7C848.temp
  • /data/media/####/6336964b3afe5cab0a21d8cb2570cbad.tmp
  • /data/media/####/6B2F4FEDB1346F9E3AE1C0D381EEFBC9
  • /data/media/####/6B2F4FEDB1346F9E3AE1C0D381EEFBC9.temp
  • /data/media/####/6B2F4FEDB1346F9E3AE1C0D381EEFBC9.zip
  • /data/media/####/9088D7915D2BC2DEE6562BDECE89F3E2
  • /data/media/####/961EA7E2036C89A047B08219D658170F
  • /data/media/####/C8A11676494AD470F7C88E355D34B620
  • /data/media/####/CBA2A7EDFE513B7DF1E6E2F7B359B143.temp
  • /data/media/####/CBA2A7EDFE513B7DF1E6E2F7B359B143.zip
  • /data/media/####/Ericdex20200324.jar
  • /data/media/####/SDK442dex20200106.jar
  • /data/media/####/_pn
  • /data/media/####/_shn
  • /data/media/####/a20d4e7e7bd3ed63564138b2e7dcf0b1.jpg
  • /data/media/####/ad367.jar
  • /data/media/####/admob654.jar
  • /data/media/####/an0416.jar
  • /data/media/####/bghu.jar
  • /data/media/####/c5415219273479d7c3c087f19c28557a
  • /data/media/####/cf1231.jar
  • /data/media/####/cvfd.jar
  • /data/media/####/date40003000700
  • /data/media/####/exr
  • /data/media/####/httpdns.log
  • /data/media/####/js1202.jar
  • /data/media/####/kzddex20191224.jar
  • /data/media/####/la0116huo.jar
  • /data/media/####/miqiu0925.jar
  • /data/media/####/papp09001dex20200401.jar
  • /data/media/####/pidfile.txt
  • /data/media/####/rq02dex20190829.jar
  • /data/media/####/santi0316.jar
  • /data/media/####/so0117.jar
  • /data/media/####/temp_pkg_info.json
  • /data/media/####/uyh
  • /data/media/####/xixi0401.jar
  • /data/media/####/ys1450.jar
  • /data/media/####/ys7781.jar
  • /data/media/####/zawdex20200320.jar
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/cat /proc/cpuinfo
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/.elvpp/eoqpgixe.jar --oat-fd=332 --oat-location=/data/user/0/<Package>/.elvpp/eoqpgixe.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_cache/.hefbdhsfb/api/api.jar --oat-fd=167 --oat-location=/data/user/0/<Package>/app_cache/.hefbdhsfb/api/api.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_cache/.hefbdhsfb/lijian/lijian.jar --oat-fd=132 --oat-location=/data/user/0/<Package>/app_cache/.hefbdhsfb/lijian/lijian.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_cache/.hefbdhsfb/sm2/sm2.jar --oat-fd=186 --oat-location=/data/user/0/<Package>/app_cache/.hefbdhsfb/sm2/sm2.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_df_file/.6173.apk --oat-fd=215 --oat-location=/data/user/0/<Package>/files/.6173.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_df_file/.666f72627974.apk --oat-fd=224 --oat-location=/data/user/0/<Package>/files/.666f72627974.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_df_file/.70777777.apk --oat-fd=200 --oat-location=/data/user/0/<Package>/files/.70777777.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_df_file/.765f73646b.apk --oat-fd=213 --oat-location=/data/user/0/<Package>/files/.765f73646b.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_rq_file/sunn.jar --oat-fd=340 --oat-location=/data/user/0/<Package>/app_rq_file/sunn.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/cache/cacheUmeng/oatCache/downUmeng.jar --oat-fd=73 --oat-location=/data/user/0/<Package>/cache/cacheUmeng/oatCache/downUmeng/downUmeng.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/.f458e123-1bc2-44b2-a4c9-1675d6875ad2 --oat-fd=314 --oat-location=/data/user/0/<Package>/files/.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/cache/cacheUmeng/10_2.jar --oat-fd=128 --oat-location=/data/user/0/<Package>/files/cache/cacheUmeng/10_2.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/cache/cacheUmeng/3.jar --oat-fd=71 --oat-location=/data/user/0/<Package>/files/cache/cacheUmeng/3.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/cache/cacheUmeng/6.jar --oat-fd=112 --oat-location=/data/user/0/<Package>/files/cache/cacheUmeng/6.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/365admo.jar --oat-fd=301 --oat-location=/data/user/0/<Package>/365admo.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/Ericdex20200324.jar --oat-fd=302 --oat-location=/data/user/0/<Package>/Ericdex20200324.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/SDK442dex20200106.jar --oat-fd=310 --oat-location=/data/user/0/<Package>/SDK442dex20200106.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/ad367.jar --oat-fd=287 --oat-location=/data/user/0/<Package>/ad367.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/admob654.jar --oat-fd=239 --oat-location=/data/user/0/<Package>/admob654.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/an0416.jar --oat-fd=192 --oat-location=/data/user/0/<Package>/an0416.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/bghu.jar --oat-fd=305 --oat-location=/data/user/0/<Package>/bghu.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/cf1231.jar --oat-fd=187 --oat-location=/data/user/0/<Package>/cf1231.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/cvfd.jar --oat-fd=306 --oat-location=/data/user/0/<Package>/cvfd.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/js1202.jar --oat-fd=275 --oat-location=/data/user/0/<Package>/js1202.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/kzddex20191224.jar --oat-fd=284 --oat-location=/data/user/0/<Package>/kzddex20191224.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/la0116huo.jar --oat-fd=280 --oat-location=/data/user/0/<Package>/la0116huo.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/miqiu0925.jar --oat-fd=299 --oat-location=/data/user/0/<Package>/miqiu0925.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/papp09001dex20200401.jar --oat-fd=265 --oat-location=/data/user/0/<Package>/papp09001dex20200401.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/rq02dex20190829.jar --oat-fd=300 --oat-location=/data/user/0/<Package>/rq02dex20190829.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/santi0316.jar --oat-fd=312 --oat-location=/data/user/0/<Package>/santi0316.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/so0117.jar --oat-fd=281 --oat-location=/data/user/0/<Package>/so0117.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/xixi0401.jar --oat-fd=308 --oat-location=/data/user/0/<Package>/xixi0401.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/ys1450.jar --oat-fd=294 --oat-location=/data/user/0/<Package>/ys1450.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/ys7781.jar --oat-fd=242 --oat-location=/data/user/0/<Package>/ys7781.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/zawdex20200320.jar --oat-fd=266 --oat-location=/data/user/0/<Package>/zawdex20200320.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/hr/<Package>/xn/6B2F4FEDB1346F9E3AE1C0D381EEFBC9.zip --oat-fd=364 --oat-location=/data/user/0/<Package>/files/6B2F4FEDB1346F9E3AE1C0D381EEFBC9.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/obg/<Package>/xxno/28BFF8DF45B978D339EFBD230A17100A.jar --oat-fd=320 --oat-location=/data/user/0/<Package>/files/28BFF8DF45B978D339EFBD230A17100A.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/obg/<Package>/xxno/2D877BEFD33FF12D858B92AAFB6A567E.jar --oat-fd=312 --oat-location=/data/user/0/<Package>/files/2D877BEFD33FF12D858B92AAFB6A567E.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/vm/<Package>/txws/4D002E28A394CE875ED647EEEB8EECAC.jar --oat-fd=304 --oat-location=/data/user/0/<Package>/files/4D002E28A394CE875ED647EEEB8EECAC.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/vm/<Package>/txws/5731148B02391003626E1D6AA6E7C848.jar --oat-fd=300 --oat-location=/data/user/0/<Package>/files/5731148B02391003626E1D6AA6E7C848.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/xb/<Package>/kso/3EECF143548FEC8323DACA31637DE2D6.jar --oat-fd=367 --oat-location=/data/user/0/<Package>/files/3EECF143548FEC8323DACA31637DE2D6.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/zh/<Package>/bnc/CBA2A7EDFE513B7DF1E6E2F7B359B143.zip --oat-fd=268 --oat-location=/data/user/0/<Package>/files/CBA2A7EDFE513B7DF1E6E2F7B359B143.dex --compiler-filter=speed
  • cat /proc/version
  • cat /sys/class/net/wlan0/address
  • getprop
  • getprop ro.build.display.id
  • getprop ro.build.version.emui
  • getprop ro.build.version.opporom
  • getprop ro.letv.release.version
  • getprop ro.miui.ui.version.name
  • getprop ro.vivo.os.build.display.id
  • ls /
  • ls /sys/class/thermal
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS5Padding
  • DES
  • DESede-CBC-PKCS5Padding
  • Des-ECB-NoPadding
  • RSA-None-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS5Padding
  • DES
  • DESede-CBC-PKCS5Padding
  • Des-ECB-NoPadding
  • RSA-None-PKCS1Padding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android