Android.HiddenAds.2430

Technical information

Malicious functions:

Executes code of the following detected threats:

Android.HiddenAds.600.origin

Network activity:

Connects to:

UDP(DNS) 8####.8.4.4:53
TCP(HTTP/1.1) tx2.a.yx####.####.com:80
TCP(HTTP/1.1) to####.ctobsn####.com:80
TCP(HTTP/1.1) and####.b####.qq.com:80
TCP(HTTP/1.1) a####.b####.qq.com:8011
TCP(HTTP/1.1) m####.3g.qq.com:80
TCP(HTTP/1.1) web.kan####.com:80
TCP(HTTP/1.1) oth.str.mdt.####.com:8080
TCP(HTTP/1.1) s####.e.qq.com:80
TCP(HTTP/1.1) oth.eve.mdt.####.com:8080
TCP(HTTP/1.1) ac####.we####.com.cn:80
TCP(HTTP/1.1) 7611####.xima####.com.####.com:80
TCP(TLS/1.0) sy.cl####.com:443
TCP(TLS/1.0) ti####.c####.l####.####.com:443
TCP(TLS/1.0) zt.gif####.com:443
TCP(TLS/1.0) al####.u####.com:443
TCP(TLS/1.0) sdk-ope####.g####.com:443
TCP(TLS/1.0) kk.we####.com.cn:443
TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
TCP(TLS/1.0) web.kan####.com:444
TCP(TLS/1.0) tnc3-b####.sn####.com:443
TCP(TLS/1.0) t####.h####.com:443
TCP(TLS/1.0) q####.tc.qq.com:443
TCP(TLS/1.0) s####.e.qq.com:443
TCP(TLS/1.0) ws.ksmo####.net:443
TCP(TLS/1.0) c####.h####.com:443
TCP(TLS/1.0) api.map.b####.com:443
TCP(TLS/1.0) ce3e####.j####.cn:443
TCP(TLS/1.0) p-fas####.j####.cn:443
TCP(TLS/1.0) l####.cmpass####.com:9443
TCP(TLS/1.0) aliyun-####.al####.com:443
TCP(TLS/1.0) c####.g####.com:443
TCP(TLS/1.0) t####.j####.cn:443
TCP(TLS/1.0) co####.j####.cn:443
TCP(TLS/1.0) socials####.we####.com.cn:8066
TCP(TLS/1.0) cfg.i####.qq.com:443
TCP(TLS/1.0) tbsreco####.i####.qq.com:443
TCP(TLS/1.0) www.yunqin####.com:10443
TCP(TLS/1.0) to####.ctobsn####.com:443
TCP(TLS/1.0) nr.yunqin####.com:443
TCP(TLS/1.0) loc.map.b####.com:443
TCP(TLS/1.0) md####.google####.com:443
TCP(TLS/1.0) and####.cli####.go####.com:443
TCP(TLS/1.0) ali-s####.j####.cn:443
TCP(TLS/1.0) in####.d####.net:443
TCP(TLS/1.0) st####.yx####.com.####.net:443
TCP(TLS/1.0) l####.tbs.qq.com:443
TCP(TLS/1.0) s####.cl####.com:443
TCP(TLS/1.0) 2####.58.214.10:443
TCP(TLS/1.0) pang####.sn####.com.####.net:443
TCP(TLS/1.0) adx.h####.com:443
TCP(TLS/1.0) f####.j####.cn:443
TCP(TLS/1.0) securit####.sp####.mig.####.net:443
TCP(TLS/1.0) o####.e.kuai####.com:443
TCP(TLS/1.0) ups.ksmo####.net:443
TCP(TLS/1.2) 1####.250.179.163:443
TCP(TLS/1.2) 1####.217.20.74:443
TCP sdk.o####.t####.####.com:5224
UDP easytom####.com:19000
TCP cm-1####.g####.com:5227
UDP 1####.217.20.74:443
TCP 1####.9.126.21:7002
TCP 1####.232.57.199:21002

DNS requests:

a####.a.yx####.com
a####.b####.qq.com
ac####.we####.com.cn
adx.h####.com
ali-s####.j####.cn
and####.b####.qq.com
and####.cli####.go####.com
ap####.g####.com
api-ac####.pangoli####.com
api.map.b####.com
api.xima####.com
c####.g####.com
c####.g####.net
c####.h####.com
ce3e####.j####.cn
cfg.i####.qq.com
cm-1####.g####.com
cm-1####.g####.com
co####.j####.cn
config-####.j####.cn
dm.tou####.com
easytom####.com
f####.j####.cn
gd-s####.j####.cn
gs.g####.com
gtc.g####.net
gtc.ge####.com
helpgam####.ksmo####.com
i####.me
kk.we####.com.cn
l####.cmpass####.com
l####.tbs.qq.com
loc.map.b####.com
log####.pangoli####.com
log.u####.com
m####.3g.qq.com
m####.go####.com
md####.google####.com
mpush####.al####.com
nr.yunqin####.com
o####.e.kuai####.com
oth.eve.mdt.####.com
oth.str.mdt.####.com
p-fas####.j####.cn
pang####.sn####.com
plb####.u####.com
q####.qq.com
s####.cl####.com
s####.e.qq.com
s.j####.cn
sdk-####.g####.com
sdk-jm####.j####.cn
sdk-ope####.g####.com
sdk.o####.t####.####.com
sdk.o####.t####.####.com
sdk.o####.t####.####.com
sdk.o####.t####.####.net
sf3-fe####.pglstat####.com
sf3-ttc####.ps####.com
sis.j####.io
socials####.we####.com.cn
st####.yx####.com
sy.cl####.com
t####.h####.com
t####.j####.cn
t####.m.qq.com
tbsreco####.i####.qq.com
tnc3-b####.sn####.com
to####.ctobsn####.com
tts####.tianqis####.com
tx2.a.yx####.com
tx3.a.yx####.com
u####.u####.com
ups.ksmo####.net
web.kan####.com
ws.ksmo####.net
www.yunqin####.com
zt.gif####.com

HTTP GET requests:

ac####.we####.com.cn/android/error/chuanshanjia
ac####.we####.com.cn/android/splash
ac####.we####.com.cn/android/start/chuanshanjia
to####.ctobsn####.com/upic/2021/03/10/10/BMjAyMTAzMTAxMDA3MTlfMTI1MTM5OT...
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x34cd56mqfpecc.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x34cd56mqfpecc_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x5jfq8n5iztui2.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x5jfq8n5iztui2_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x5zaa2782wehqg.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x5zaa2782wehqg_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x72svrg4ku54ma.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x72svrg4ku54ma_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x7g8c3p3wscxks.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x7g8c3p3wscxks_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x7wrzckpvzmr9e.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x7wrzckpvzmr9e_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x894eb2n36rty6.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x894eb2n36rty6_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x8dtesmzjctdxw.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x8dtesmzjctdxw_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x8wqwxwfr6uwuq.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x8wqwxwfr6uwuq_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x94n9aa8t8twiq.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5x94n9aa8t8twiq_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xae83hqrwsvqk4.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xae83hqrwsvqk4_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xaxf9tznk3qfyw.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xaxf9tznk3qfyw_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xbbdvybgz6f48a.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xbbdvybgz6f48a_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xby23wq9rguvuu.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xby23wq9rguvuu_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xd2dfwv2yea5iq.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xd2dfwv2yea5iq_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xd2vimwuii9sss.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xd2vimwuii9sss_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xd3vpthptama5y.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xd3vpthptama5y_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xdmcee7mp6fapy.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xdmcee7mp6fapy_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xe88vmt2g36cxi.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xe88vmt2g36cxi_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xeg4bri9nhx6j4.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xeg4bri9nhx6j4_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xemi6y4xfgh32i.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xemi6y4xfgh32i_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xf5ks2dbd7iyt9.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xf5ks2dbd7iyt9_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xf8kzhq399c5jy.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xf8kzhq399c5jy_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xgmbpnrpqw2uwc.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xgmbpnrpqw2uwc_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xgq2smgxhabjiq.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xgq2smgxhabjiq_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xgyik628vigks4.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xgyik628vigks4_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xhgq5iha37qar9.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xhgq5iha37qar9_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xhj4kgdtvmwbfi.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xhj4kgdtvmwbfi_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xjb4w7f63sgbcu.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xjb4w7f63sgbcu_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xk8yk4xhu5ywi9.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xk8yk4xhu5ywi9_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xkm82nhn4z9xd4.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xkm82nhn4z9xd4_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xkxvttv5xup3s2.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xkxvttv5xup3s2_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xnhp9vwhp4jvqy.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xnz9ticijnsd5q.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xnz9ticijnsd5q_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xp5grbay62szi9.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xp5grbay62szi9_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xqnrruy9qzjfg2.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xqnrruy9qzjfg2_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xrmjgev3dex6q6.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xrmjgev3dex6q6_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xrpe6u8hy3inpy.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xrpe6u8hy3inpy_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xsa5ztej5fjsp2.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xsa5ztej5fjsp2_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xsvzh8figkhnte.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xsvzh8figkhnte_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xuqvr6h7swwqxk.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xuqvr6h7swwqxk_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xvbtx8kqb5w34k.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xvbtx8kqb5w34k_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xwxxrpjdsb49b2.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xwxxrpjdsb49b2_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xypw9esn4qmgr6.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xypw9esn4qmgr6_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xz4jy9yy27brtk.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xz4jy9yy27brtk_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xz4zmu9vi5c26a.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xz4zmu9vi5c26a_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xz6qdsrmkj5d4s.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xz6qdsrmkj5d4s_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xz89tirrrckkhs.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xz89tirrrckkhs_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xztjpiauuh2hhk.png
tx2.a.yx####.####.com/bs2/emotion/app_1574675492000_5xztjpiauuh2hhk_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1580805626075_5x3ip3yx4dbqr59.png
tx2.a.yx####.####.com/bs2/emotion/app_1580805626075_5x3ip3yx4dbqr59_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1580805626075_5x9pf6qt6t5zkt9.png
tx2.a.yx####.####.com/bs2/emotion/app_1580805626075_5x9pf6qt6t5zkt9_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1580805626075_5xhmqiubf6nmc7w.png
tx2.a.yx####.####.com/bs2/emotion/app_1580805626075_5xhmqiubf6nmc7w_b.png
tx2.a.yx####.####.com/bs2/emotion/app_1580805626075_5xxa5i8tsdxm2fc.png
tx2.a.yx####.####.com/bs2/emotion/app_1580805626075_5xxa5i8tsdxm2fc_b.png
tx2.a.yx####.####.com/upic/2021/01/21/03/BMjAyMTAxMjEwMzQzMTJfMTE5NDg5ND...
tx2.a.yx####.####.com/upic/2021/03/26/23/BMjAyMTAzMjYyMzQ0MzRfMjE2OTgxMD...
web.kan####.com/android/error/chuanshanjia

HTTP POST requests:

7611####.xima####.com.####.com/oauth2/secure_access_token
a####.b####.qq.com:8011/rqd/async?aid=####
and####.b####.qq.com/rqd/async?aid=####
m####.3g.qq.com/
oth.eve.mdt.####.com:8080/analytics/upload?rid=####&sid=####
oth.str.mdt.####.com:8080/analytics/upload
oth.str.mdt.####.com:8080/analytics/upload?sid=####
s####.e.qq.com/activate
to####.ctobsn####.com/weather.html

File system changes:

Creates the following files:

/data/data/####/-10250528141888202117
/data/data/####/-135259974-1363970411
/data/data/####/-772579007-1339196500
/data/data/####/.cl
/data/data/####/.db25ee158df568a455afaa66aff0f065
/data/data/####/.extConfig.xml
/data/data/####/.imprint
/data/data/####/.jg.ic
/data/data/####/.jg.ri
/data/data/####/.jg.store.report_cf
/data/data/####/.old_file_converted
/data/data/####/.turing.dat
/data/data/####/01decddc0473a6f1ba16696d4040cae0
/data/data/####/02be491c-9f5a-436b-9873-f4476d2fd289
/data/data/####/0c52be201bdb6e474eb2b288063400e2_0
/data/data/####/0e5f4908-5864-459f-b65c-3458c591b050
/data/data/####/1002
/data/data/####/1004
/data/data/####/105498_auMini_1
/data/data/####/11ad7365-83f9-401b-9062-a3a2b480a396
/data/data/####/11ad7365-83f9-401b-9062-a3a2b480a396 (deleted)
/data/data/####/1625085468320.log
/data/data/####/1625085501063.log
/data/data/####/1625085543331.log
/data/data/####/22af82d6-d6f4-4356-af99-4624e9652542
/data/data/####/2ca7b58aa2e4f96aee5f20a28b6e814d7aab53859bfefb5....0.tmp
/data/data/####/38d1ffe0-9dae-45e4-b1a3-0f60f678642b
/data/data/####/40f41145855c8656c306cff386859020
/data/data/####/4512.yaqcookie
/data/data/####/46538f27-d7b6-401b-b284-155fd1b4c53a
/data/data/####/5257.yaqcookie
/data/data/####/5f348a234f981ce425a44ca0ce758eb2
/data/data/####/753c6e9f61963ddda062bb50f97efdc8
/data/data/####/77d804fba253106585cc21434c975b0c14c1570c9c36195....0.tmp
/data/data/####/783b77e4-6bb9-4303-a1c3-67c2ae2f82d2
/data/data/####/83f9d9e1-89d6-4806-b212-de9de8272a69
/data/data/####/876e53b5-0ca6-489e-9014-81ae01284f42
/data/data/####/8ab7535a-490c-4bcc-be1d-26bd006f6a6b
/data/data/####/8b6f3f7b-d5f6-4f07-9322-cf5268683bef
/data/data/####/94e612b36e6379e10bfd0f4ebfbcc6a173dd34bcd1d0480....0.tmp
/data/data/####/9605350421709796619
/data/data/####/9983c160aa044115
/data/data/####/9c31782b792f275248a38accbd1016b2_0
/data/data/####/9c631c33-86b9-4b95-b0f1-22d4496039b6
/data/data/####/A0E36719C3BF51CDBECE8E63C8A1D694.d
/data/data/####/A0E36719C3BF51CDBECE8E63C8A1D694.dex
/data/data/####/A0E36719C3BF51CDBECE8E63C8A1D694.dex.flock (deleted)
/data/data/####/Alvin2.xml
/data/data/####/BDLocConfigManager_com.weface.kksocialsecurityB...ig.xml
/data/data/####/BuglySdkInfos.xml
/data/data/####/DENGTA_META.xml
/data/data/####/DeviceInfo.xml
/data/data/####/DeviceInfo.xml.bak
/data/data/####/IpInfos.xml
/data/data/####/Push_Page_Config.xml
/data/data/####/TMAssistantSDKSharedPreference.xml
/data/data/####/TMSDKPrefer.xml
/data/data/####/UM_PROBE_DATA.xml
/data/data/####/Web Data
/data/data/####/Web Data-journal
/data/data/####/WebViewChromiumPrefs.xml
/data/data/####/YD_SP.xml
/data/data/####/ZzxCache.xml
/data/data/####/__xadsdk__remote__final__builtin__.jar
/data/data/####/__xadsdk__remote__final__running__.dex
/data/data/####/__xadsdk__remote__final__running__.dex.flock
/data/data/####/__xadsdk__remote__final__running__.jar
/data/data/####/a325712a39bd320a
/data/data/####/afm.cache
/data/data/####/bac.catch
/data/data/####/ban.catch
/data/data/####/bd_embed_tea_agent.db
/data/data/####/bd_embed_tea_agent.db-journal
/data/data/####/beacon_selfupdate_db
/data/data/####/beacon_selfupdate_db-journal
/data/data/####/bugly_db_
/data/data/####/bugly_db_-journal
/data/data/####/cache_coupon_info.html
/data/data/####/cache_coupon_open.html
/data/data/####/cache_feed.html
/data/data/####/cache_feed_splash.html
/data/data/####/cache_insert_screen.html
/data/data/####/cache_interstitial_ad.html
/data/data/####/cache_mini_card.html
/data/data/####/cache_pop_wind.html
/data/data/####/cache_reward_middle_endcard.html
/data/data/####/cg.db
/data/data/####/cg.db-journal
/data/data/####/classes.dex
/data/data/####/classes.dex;classes2.dex
/data/data/####/classes.dex;classes3.dex
/data/data/####/classes.dex;classes4.dex
/data/data/####/classes.dex;classes5.dex
/data/data/####/classes.dex;classes6.dex
/data/data/####/classes.dex;classes7.dex
/data/data/####/classes.oat
/data/data/####/cloudmsgadv_kankanshenghuo.json
/data/data/####/cmgame_sdk.xml
/data/data/####/cmgame_sdk.xml.bak
/data/data/####/cmgame_sdk_init_config.xml
/data/data/####/cn.jiguang.analytics_push.xml
/data/data/####/cn.jiguang.common.xml
/data/data/####/cn.jiguang.common.xml.bak
/data/data/####/cn.jiguang.prefs.xml
/data/data/####/cn.jiguang.prefs.xml.bak
/data/data/####/cn.jiguang.sdk.address.xml
/data/data/####/cn.jiguang.sdk.report.xml
/data/data/####/cn.jiguang.sdk.user.profile.xml
/data/data/####/cn.jiguang.sdk.user.set.profile.xml
/data/data/####/cn.jpush.android.user.profile.xml
/data/data/####/cn.jpush.android.user.profile.xml.bak
/data/data/####/cn.jpush.config.xml
/data/data/####/cn.jpush.config.xml.bak
/data/data/####/cn.jpush.config.xml.bak (deleted)
/data/data/####/cn.jpush.preferences.v2.rid.xml
/data/data/####/cn.jpush.preferences.v2.xml
/data/data/####/com.qq.e.sdkconfig.xml
/data/data/####/com.weface.kksocialsecurity.BETA_VALUES.xml
/data/data/####/com.weface.kksocialsecurity_infoc_config_pref.xml
/data/data/####/com.weface.kksocialsecurity_preferences.xml
/data/data/####/core_info
/data/data/####/crashrecord.xml
/data/data/####/ct_account_api_sdk.xml
/data/data/####/d7448ff8-b97a-40e1-ad6d-fa7352ee0ea0
/data/data/####/d9c27566-630d-4834-9bd0-09880f1b8f2c
/data/data/####/dW1weF9pbnRlcm5hbF8xNjI1MDg1NDU3ODI3;
/data/data/####/dW1weF9pbnRlcm5hbF8xNjI1MDg1NDg0NDA3;
/data/data/####/dW1weF9pbnRlcm5hbF8xNjI1MDg1NTMxMzc5;
/data/data/####/dW1weF9zaGFyZV8xNjI1MDg1NTQzODAy;
/data/data/####/devCloudSetting.cfg
/data/data/####/devCloudSetting.sig
/data/data/####/dfd2d472-c333-45f2-9b6b-f5db98d28459
/data/data/####/dim.db
/data/data/####/dim.db-journal
/data/data/####/download_upload
/data/data/####/downloader.db
/data/data/####/downloader.db-journal
/data/data/####/e389078c-aa6f-4399-819a-bf083ce051d6
/data/data/####/embed_applog_stats.xml
/data/data/####/embed_header_custom.xml
/data/data/####/embed_last_sp_session.xml
/data/data/####/exchangeIdentity.json
/data/data/####/exid.dat
/data/data/####/feed.html
/data/data/####/feed_splash.html
/data/data/####/gal.db
/data/data/####/gal.db-journal
/data/data/####/gdt_config.cfg
/data/data/####/gdt_plugin.dex.flock (deleted)
/data/data/####/gdt_plugin.jar
/data/data/####/gdt_plugin.jar.sig
/data/data/####/gdt_stat.db
/data/data/####/gdt_stat.db-journal
/data/data/####/gdt_suid
/data/data/####/getui_sp.xml
/data/data/####/gis.db
/data/data/####/gis.db-journal
/data/data/####/gtc3.db
/data/data/####/gtc3.db-journal
/data/data/####/hst.db
/data/data/####/hst.db-journal
/data/data/####/i==1.2.0&&1.98.5_1625085457847_envelope.log
/data/data/####/i==1.2.0&&1.98.5_1625085484608_envelope.log
/data/data/####/i==1.2.0&&1.98.5_1625085531417_envelope.log
/data/data/####/ias.db
/data/data/####/ias.db-journal
/data/data/####/ias_sp.xml
/data/data/####/ias_sp.xml.bak
/data/data/####/info.xml
/data/data/####/init.pid
/data/data/####/init_c1.pid
/data/data/####/insert_screen.html
/data/data/####/interstitial_ad.html
/data/data/####/jAnalysis_genera_config.xml
/data/data/####/journal.tmp
/data/data/####/jpush_local_notification.db
/data/data/####/jpush_local_notification.db-journal
/data/data/####/jpush_local_notification.db-wal
/data/data/####/jpush_uncaughtexception_file
/data/data/####/jxlh_push.db
/data/data/####/jxlh_push.db-journal
/data/data/####/kankanshebao_guide.xml
/data/data/####/keycursession
/data/data/####/keysession
/data/data/####/ksad_file_download.db
/data/data/####/ksad_file_download.db-journal
/data/data/####/ksadrep.db
/data/data/####/ksadrep.db-journal
/data/data/####/ksadsdk_config.xml
/data/data/####/ksadsdk_device_sig.xml
/data/data/####/ksadsdk_download_pop_window_config.xml
/data/data/####/ksadsdk_download_pop_window_config.xml.bak
/data/data/####/ksadsdk_egid.xml
/data/data/####/ksadsdk_mini_card_template_config.xml
/data/data/####/ksadsdk_pref.xml
/data/data/####/ksadsdk_rep.xml
/data/data/####/ksadsdk_reward_middle_endcard_template_config.xml
/data/data/####/ksadsdk_seq.xml
/data/data/####/ksadsdk_seq.xml.bak (deleted)
/data/data/####/ksadsdk_splash_template_config.xml
/data/data/####/ksadsdk_template_config.xml
/data/data/####/kscfg_outdfp.xml
/data/data/####/kssdk_api_pref.xml
/data/data/####/kssdk_api_pref.xml.bak
/data/data/####/libMMANDKSignature.d5c9597c.so
/data/data/####/libcuid_v3.so
/data/data/####/libjiagu.so
/data/data/####/libturingau.d5c9597c.so
/data/data/####/libyaqbasic.d5c9597c.so
/data/data/####/libyaqpro.d5c9597c.so
/data/data/####/local_crash_lock
/data/data/####/m_ss_app_config.xml
/data/data/####/metrics_guid
/data/data/####/mini_card.html
/data/data/####/mpdc_105498_1
/data/data/####/native_record_lock
/data/data/####/native_record_lock (deleted)
/data/data/####/npth.xml
/data/data/####/npth_log.db
/data/data/####/npth_log.db-journal
/data/data/####/ofl_location.db
/data/data/####/ofl_location.db-journal
/data/data/####/ofl_statistics.db
/data/data/####/ofl_statistics.db-journal
/data/data/####/persistent_data.xml
/data/data/####/persistent_data.xml.bak
/data/data/####/prefs.lock
/data/data/####/proc_auxv
/data/data/####/push.pid
/data/data/####/push_stat_cache.json
/data/data/####/pushsdk.db-journal
/data/data/####/qihoo_jiagu_crash_report.xml
/data/data/####/reward_middle_endcard.html
/data/data/####/rl.catch (deleted)
/data/data/####/sdkCloudSetting.cfg
/data/data/####/sdkCloudSetting.sig
/data/data/####/security_info
/data/data/####/shanyan_share_data.xml
/data/data/####/shanyan_share_data.xml.bak
/data/data/####/share.db-journal
/data/data/####/share_date.xml
/data/data/####/snssdk_openudid.xml
/data/data/####/sp_multi_ttadnet_config.xml
/data/data/####/sp_multi_ttmadnet_config.xml
/data/data/####/sp_push_time.xml
/data/data/####/ss_app_config.xml
/data/data/####/ssoconfigs.xml
/data/data/####/tbs_download_config.xml
/data/data/####/tbs_download_config.xml.bak
/data/data/####/tbs_download_stat.xml
/data/data/####/tbs_emergence.xml
/data/data/####/tbs_pv_config
/data/data/####/tbscoreinstall.txt
/data/data/####/tbslock.txt
/data/data/####/ting_data.xml
/data/data/####/ting_data.xml.bak
/data/data/####/tmapkpatch_sdk.db
/data/data/####/tmapkpatch_sdk.db-journal
/data/data/####/tt_ad_sdk_sp.xml
/data/data/####/tt_ad_sdk_sp.xml.bak
/data/data/####/tt_adevent.xml
/data/data/####/tt_adevent.xml.bak
/data/data/####/tt_device_info.xml
/data/data/####/tt_mediation_open_sdk.db
/data/data/####/tt_mediation_open_sdk.db-journal
/data/data/####/tt_sdk_settings.xml
/data/data/####/tt_sdk_settings.xml.bak
/data/data/####/tt_sp_app_env.xml
/data/data/####/tt_sp_app_list.xml
/data/data/####/tt_sp_app_list.xml.bak
/data/data/####/ttnet_tnc_config.xml
/data/data/####/ttopenadsdk.xml
/data/data/####/ttopenadsdk.xml.bak
/data/data/####/ttopensdk.db
/data/data/####/ttopensdk.db-journal
/data/data/####/turingfd_conf_105498_auMini.xml
/data/data/####/turingfd_conf_105498_auMini.xml.bak
/data/data/####/turingfd_protect_105498_47_auMini.xml
/data/data/####/um_pri.xml
/data/data/####/umdat.xml
/data/data/####/umeng_common_config.xml
/data/data/####/umeng_common_location.xml
/data/data/####/umeng_general_config.xml
/data/data/####/umeng_it.cache
/data/data/####/umeng_socialize.xml
/data/data/####/update_app_config.xml.xml
/data/data/####/update_lc
/data/data/####/yaq.d5c9597c.sec
/data/data/####/yaq2.d5c9597c.sec
/data/data/####/yaq3_0.d5c9597c.sec
/data/data/####/yaqsdkcookie
/data/media/####/.jdevice_id_map.bat
/data/media/####/.jpush_uid.bat
/data/media/####/.push_deviceid
/data/media/####/.turing.dat
/data/media/####/0233e0d28e1a068846dad0737d31dd46
/data/media/####/40d667da9f422fa47ad6af1ffe1d1c19
/data/media/####/5x34cd56mqfpecc.png.temp
/data/media/####/5x3ip3yx4dbqr59.png
/data/media/####/5x3ip3yx4dbqr59.png.temp
/data/media/####/5x5jfq8n5iztui2.png.temp
/data/media/####/5x5zaa2782wehqg.png.temp
/data/media/####/5x72svrg4ku54ma.png.temp
/data/media/####/5x7g8c3p3wscxks.png.temp
/data/media/####/5x7wrzckpvzmr9e.png
/data/media/####/5x7wrzckpvzmr9e.png.temp
/data/media/####/5x894eb2n36rty6.png
/data/media/####/5x894eb2n36rty6.png.temp
/data/media/####/5x8dtesmzjctdxw.png.temp
/data/media/####/5x8wqwxwfr6uwuq.png
/data/media/####/5x8wqwxwfr6uwuq.png.temp
/data/media/####/5x94n9aa8t8twiq.png.temp
/data/media/####/5x9pf6qt6t5zkt9.png
/data/media/####/5x9pf6qt6t5zkt9.png.temp
/data/media/####/5xae83hqrwsvqk4.png.temp
/data/media/####/5xaxf9tznk3qfyw.png.temp
/data/media/####/5xbbdvybgz6f48a.png.temp
/data/media/####/5xby23wq9rguvuu.png.temp
/data/media/####/5xd2dfwv2yea5iq.png
/data/media/####/5xd2dfwv2yea5iq.png.temp
/data/media/####/5xd2vimwuii9sss.png
/data/media/####/5xd2vimwuii9sss.png.temp
/data/media/####/5xd3vpthptama5y.png.temp
/data/media/####/5xdmcee7mp6fapy.png.temp
/data/media/####/5xe88vmt2g36cxi.png.temp
/data/media/####/5xeg4bri9nhx6j4.png.temp
/data/media/####/5xemi6y4xfgh32i.png.temp
/data/media/####/5xf5ks2dbd7iyt9.png
/data/media/####/5xf5ks2dbd7iyt9.png.temp
/data/media/####/5xf8kzhq399c5jy.png.temp
/data/media/####/5xgmbpnrpqw2uwc.png.temp
/data/media/####/5xgq2smgxhabjiq.png.temp
/data/media/####/5xgyik628vigks4.png
/data/media/####/5xgyik628vigks4.png.temp
/data/media/####/5xhgq5iha37qar9.png.temp
/data/media/####/5xhj4kgdtvmwbfi.png.temp
/data/media/####/5xhmqiubf6nmc7w.png
/data/media/####/5xhmqiubf6nmc7w.png.temp
/data/media/####/5xjb4w7f63sgbcu.png
/data/media/####/5xjb4w7f63sgbcu.png.temp
/data/media/####/5xk8yk4xhu5ywi9.png.temp
/data/media/####/5xkm82nhn4z9xd4.png.temp
/data/media/####/5xkxvttv5xup3s2.png.temp
/data/media/####/5xnhp9vwhp4jvqy.png
/data/media/####/5xnhp9vwhp4jvqy.png.temp
/data/media/####/5xnz9ticijnsd5q.png.temp
/data/media/####/5xp5grbay62szi9.png.temp
/data/media/####/5xqnrruy9qzjfg2.png.temp
/data/media/####/5xrmjgev3dex6q6.png.temp
/data/media/####/5xrpe6u8hy3inpy.png.temp
/data/media/####/5xsa5ztej5fjsp2.png
/data/media/####/5xsa5ztej5fjsp2.png.temp
/data/media/####/5xsvzh8figkhnte.png.temp
/data/media/####/5xuqvr6h7swwqxk.png.temp
/data/media/####/5xvbtx8kqb5w34k.png
/data/media/####/5xvbtx8kqb5w34k.png.temp
/data/media/####/5xwxxrpjdsb49b2.png.temp
/data/media/####/5xxa5i8tsdxm2fc.png
/data/media/####/5xxa5i8tsdxm2fc.png.temp
/data/media/####/5xypw9esn4qmgr6.png.temp
/data/media/####/5xz4jy9yy27brtk.png
/data/media/####/5xz4jy9yy27brtk.png.temp
/data/media/####/5xz4zmu9vi5c26a.png.temp
/data/media/####/5xz6qdsrmkj5d4s.png.temp
/data/media/####/5xz89tirrrckkhs.png.temp
/data/media/####/5xztjpiauuh2hhk.png.temp
/data/media/####/Alvin2.xml
/data/media/####/com.getui.sdk.deviceId.db
/data/media/####/com.igexin.sdk.deviceId.db
/data/media/####/com.weface.kksocialsecurity.bin
/data/media/####/com.weface.kksocialsecurity.db
/data/media/####/cookie
/data/media/####/ff87aa93aaad73710415f57439e13559
/data/media/####/journal
/data/media/####/journal.tmp
/data/media/####/ls.db
/data/media/####/ls.db-journal
/data/media/####/meta.dat
/data/media/####/sysid.dat
/data/media/####/tbslog.txt
/data/media/####/temp_pkg_info.json
/data/media/####/test.log (deleted)
/data/misc/####/primary.prof
/data/user_de/####/move_to_de_records.xml

Miscellaneous:

Executes the following shell scripts:

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
/system/bin/df
/system/bin/getprop
cat /sys/class/net/wlan0/address
getprop
getprop ro.build.version.emui
getprop ro.build.version.opporom
getprop ro.letv.release.version
getprop ro.miui.ui.version.code
getprop ro.miui.ui.version.name
getprop ro.product.cpu.abi
getprop ro.product.system.manufacturer
getprop ro.smartisan.version
getprop ro.vivo.os.build.display.id
getprop ro.vivo.os.version
ls -l /system/xbin/su
ls /
ls /sys/class/thermal
ps
sh

Uses the following algorithms to encrypt data:

AES
AES-CBC-PKCS5Padding
AES-CBC-PKCS7Padding
AES-CFB-NoPadding
AES-ECB-PKCS5Padding
AES-ECB-PKCS7Padding
AES-GCM-NoPadding
DESede-ECB-PKCS5Padding
RSA-ECB-NoPadding
RSA-ECB-OAEPWithSHA256AndMGF1Padding
RSA-ECB-PKCS1Padding
RSA-NONE-OAEPWithSHA1AndMGF1Padding
RSA-None-PKCS1Padding

Uses the following algorithms to decrypt data:

AES
AES-CBC-PKCS5Padding
AES-CBC-PKCS7Padding
AES-ECB-PKCS5Padding
AES-ECB-PKCS7Padding
AES-GCM-NoPadding
DESede-ECB-PKCS5Padding
RSA-ECB-PKCS1Padding

Accesses the ITelephony private interface.

Uses special library to hide executable bytecode.

Gets information about location.

Gets information about network.

Gets information about phone status (number, IMEI, etc.).

Gets information about installed apps.

Displays its own windows over windows of other apps.

Requests the system alert window permission.

Technologies

Terminology

Training and education

Myths

Technical information

Curing recommendations

Free trial