Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Click.366.origin
Network activity:
Connects to:
- UDP(DNS) 8####.8.4.4:53
- TCP(HTTP/1.1) luna-im####.qq.com.####.com:80
- TCP(HTTP/1.1) s####.e.qq.com:80
- TCP(HTTP/1.1) ed####.yizh####.com:80
- TCP(HTTP/1.1) r####.gdt.qq.com:80
- TCP(HTTP/1.1) l####.tbs.qq.com:80
- TCP(HTTP/1.1) 4####.96.49.164:10000
- TCP(HTTP/1.1) ti####.c####.l####.####.com:80
- TCP(HTTP/1.1) api.8f####.cn:80
- TCP(HTTP/1.1) ali-####.sho####.com:80
- TCP(HTTP/1.1) dvo####.oss-cn-####.aliy####.com:80
- TCP(HTTP/1.1) pi####.qq.com:80
- TCP(HTTP/1.1) ip.ta####.com:80
- TCP(HTTP/1.1) qin####.com.www.####.com:80
- TCP(HTTP/1.1) v2.g####.qq.com:80
- TCP(HTTP/1.1) api.ipad####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) www.ipad####.com:80
- TCP(TLS/1.0) u####.com:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) q####.tc.qq.com:443
- TCP(TLS/1.0) api.8f####.cn:443
- TCP(TLS/1.0) 1####.194.220.139:443
- TCP(TLS/1.0) www.z####.org:443
- TCP(TLS/1.0) securit####.sp####.mig.####.net:443
- TCP(TLS/1.0) api.alli####.com:443
- TCP(TLS/1.0) dm.tou####.com:443
- TCP(TLS/1.0) p####.google####.com:443
- TCP(TLS/1.0) m.u####.com:443
- TCP(TLS/1.0) 64.2####.162.95:443
- TCP(TLS/1.0) mi.g####.qq.com:443
- TCP(TLS/1.0) s####.e.qq.com:443
- TCP(TLS/1.0) api.ipad####.com:443
- TCP(TLS/1.0) md####.google####.com:443
- TCP(TLS/1.0) cdn.jsde####.net:443
- TCP(TLS/1.0) cnc.dsa.bd####.com:443
- TCP(TLS/1.0) 1####.194.73.95:443
- TCP(TLS/1.0) ip.adi####.net:443
- TCP(TLS/1.0) safebro####.google####.com:443
- TCP(TLS/1.0) analy####.map.qq.com:443
- TCP(TLS/1.0) instant####.google####.com:443
- TCP(TLS/1.0) sf3-fe####.pglstat####.com:443
- TCP(TLS/1.2) 1####.194.220.139:443
- TCP(TLS/1.2) 1####.194.73.94:443
- TCP(TLS/1.2) 64.2####.162.95:443
DNS requests:
- ali-####.sho####.com
- analy####.map.qq.com
- and####.b####.qq.com
- api.8f####.cn
- api.alli####.com
- api.ipad####.com
- c####.wee####.cn
- c####.wee####.cn
- cdn.ipad####.com
- cdn.jsde####.net
- dm.tou####.com
- dvo####.oss-cn-####.aliy####.com
- ed####.yizh####.com
- h5.g####.qq.com
- hm.b####.com
- ibookst####.qin####.com
- imgc####.qq.com
- instant####.google####.com
- ip.adi####.net
- ip.ta####.com
- l####.tbs.qq.com
- m.8f####.cn
- m.u####.com
- md####.google####.com
- mi.g####.qq.com
- p####.google####.com
- p####.ugd####.com
- pang####.sn####.com
- pi####.qq.com
- q####.qq.com
- r####.gdt.qq.com
- s####.adi####.net
- s####.e.qq.com
- safebro####.google####.com
- sdk.ipad####.com
- sf3-fe####.pglstat####.com
- sf3-ttc####.ps####.com
- t####.m.qq.com
- to####.ctobsn####.com
- u####.com
- v2.g####.qq.com
- www.ipad####.com
- www.z####.org
HTTP GET requests:
- ali-####.sho####.com/channelList
- ali-####.sho####.com/newsList?needHtml=####&channelId=####&needAllList=#...
- api.8f####.cn/rest/comm/v1/moreapp-banner?system=####&language=####&x-os...
- api.8f####.cn/rest/comm/v1/param?lastUpdateTime=####&appId=####&sign=###...
- api.8f####.cn/rest/comm/v1/timestamp
- api.ipad####.com/ip/h5/ver/control/get?type=####
- dvo####.oss-cn-####.aliy####.com/comm/20210121/返利多-7343f0a277db45e698ae5...
- ed####.yizh####.com/?channel=####&t=####&tk=####&timer=####
- ed####.yizh####.com/favicon.ico
- ed####.yizh####.com/h5_api/books/get_bootstrap_recommend?userid=####&typ...
- ed####.yizh####.com/h5_api/books/mp/signInfo?pkg=####
- ed####.yizh####.com/h5_api/books/store?offset=####&count=####
- ed####.yizh####.com/h5_api/personal/html_read_progress?pkg=####
- ed####.yizh####.com/h5_api/product_h5_setup/config?domain=####&productCh...
- ed####.yizh####.com/h5_api/user/info
- ip.ta####.com/outGetIpInfo?accessKey=####&ip=####
- luna-im####.qq.com.####.com/gdt/0/EABCIMXAQ4AeAAAAY26BfpADHBxrw12VB.jpg/...
- luna-im####.qq.com.####.com/qzone/biz/gdt/dev/sdk/cdn/resources/common/S...
- luna-im####.qq.com.####.com/qzone/biz/gdt/mod/android/AndroidAllInOne/pr...
- qin####.com.www.####.com/cover_730071_180x240
- ti####.c####.l####.####.com/FnxgmzBXFV2TNMPiDm0BOciouzTb
- ti####.c####.l####.####.com/banner_161354013802048
- ti####.c####.l####.####.com/banner_161354015234622
- ti####.c####.l####.####.com/banner_161354016305952
- ti####.c####.l####.####.com/banner_161354017408965
- ti####.c####.l####.####.com/bs/images/chasing_dots.png?ver=####
- ti####.c####.l####.####.com/bs/static/css/app.5b217e1a.css
- ti####.c####.l####.####.com/bs/static/css/chunk-27e89726.10091821.css
- ti####.c####.l####.####.com/bs/static/css/chunk-2cd24d46.dbe41140.css
- ti####.c####.l####.####.com/bs/static/css/chunk-2ce55d9b.e3f93300.css
- ti####.c####.l####.####.com/bs/static/css/chunk-350b1d67.b25787cc.css
- ti####.c####.l####.####.com/bs/static/css/chunk-3a5861c9.cc975fcb.css
- ti####.c####.l####.####.com/bs/static/css/chunk-45b6e9d4.c5db3e2d.css
- ti####.c####.l####.####.com/bs/static/css/chunk-45d1b656.0bedbbee.css
- ti####.c####.l####.####.com/bs/static/css/chunk-493f8bd8.4df63762.css
- ti####.c####.l####.####.com/bs/static/css/chunk-5c0a86cb.81560803.css
- ti####.c####.l####.####.com/bs/static/css/chunk-5d9c3d4d.60a684eb.css
- ti####.c####.l####.####.com/bs/static/css/chunk-6ab4e262.307baf48.css
- ti####.c####.l####.####.com/bs/static/css/chunk-74d8d23e.df861e11.css
- ti####.c####.l####.####.com/bs/static/css/chunk-7c81dd9e.96e192d8.css
- ti####.c####.l####.####.com/bs/static/css/chunk-a71b30c4.bcc05bda.css
- ti####.c####.l####.####.com/bs/static/css/chunk-baee83e2.fbbfdb2f.css
- ti####.c####.l####.####.com/bs/static/css/chunk-e6ade8bc.6d1c3679.css
- ti####.c####.l####.####.com/bs/static/css/chunk-eb98a71a.085de04b.css
- ti####.c####.l####.####.com/bs/static/css/chunk-fa2d32ec.2488aa8a.css
- ti####.c####.l####.####.com/bs/static/css/chunk-vendors.24149012.css
- ti####.c####.l####.####.com/bs/static/css/comments.a606d51e.css
- ti####.c####.l####.####.com/bs/static/css/components.38f40172.css
- ti####.c####.l####.####.com/bs/static/css/local-book.94ba0c62.css
- ti####.c####.l####.####.com/bs/static/css/readers.444670e2.css
- ti####.c####.l####.####.com/bs/static/css/task.56d7418c.css
- ti####.c####.l####.####.com/bs/static/fonts/icomoon.248337c3.ttf
- ti####.c####.l####.####.com/bs/static/img/banner_shh.b1af7b55.png
- ti####.c####.l####.####.com/bs/static/img/bookshelf-icon.e8bd990a.png
- ti####.c####.l####.####.com/bs/static/img/close.0da54d3b.png
- ti####.c####.l####.####.com/bs/static/img/def_thumb.f95ee701.png
- ti####.c####.l####.####.com/bs/static/img/gl.7c93ebf6.png
- ti####.c####.l####.####.com/bs/static/img/small_coin.d3c83cdb.png
- ti####.c####.l####.####.com/bs/static/img/sx.4e7be487.png
- ti####.c####.l####.####.com/bs/static/img/syq.e22688a6.png
- ti####.c####.l####.####.com/bs/static/img/task_chain_banner.497fee80.png
- ti####.c####.l####.####.com/bs/static/img/task_chain_finish_title.f5d55c...
- ti####.c####.l####.####.com/bs/static/img/task_chain_title.ae7e6525.png
- ti####.c####.l####.####.com/bs/static/img/tx.127028bf.png
- ti####.c####.l####.####.com/bs/static/js/app.2d611640.js
- ti####.c####.l####.####.com/bs/static/js/chunk-27e89726.85b5232e.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2cd24d46.41c05459.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2ce55d9b.407d5719.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2d0aab96.ac93d57e.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2d0ac448.4295f32a.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2d0b27b5.79d36548.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2d0b6359.86842b31.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2d0b6aec.86fd7491.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2d0df288.6e026769.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2d0e5da1.3ce68656.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2d0e5fac.4373afae.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2d0e95df.714749d8.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2d0f026d.9d24b350.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2d21f251.f0dd1213.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2d225814.6ebbbd82.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2d225b9a.af8d43a0.js
- ti####.c####.l####.####.com/bs/static/js/chunk-2d22d014.9ed1ba84.js
- ti####.c####.l####.####.com/bs/static/js/chunk-32191632.9e34a13c.js
- ti####.c####.l####.####.com/bs/static/js/chunk-350b1d67.afc67a35.js
- ti####.c####.l####.####.com/bs/static/js/chunk-3a5861c9.b554e6cf.js
- ti####.c####.l####.####.com/bs/static/js/chunk-45b6e9d4.8f452409.js
- ti####.c####.l####.####.com/bs/static/js/chunk-45d1b656.a8d988a8.js
- ti####.c####.l####.####.com/bs/static/js/chunk-493f8bd8.a60ac72d.js
- ti####.c####.l####.####.com/bs/static/js/chunk-5c0a86cb.45bc9556.js
- ti####.c####.l####.####.com/bs/static/js/chunk-5d9c3d4d.411dfc57.js
- ti####.c####.l####.####.com/bs/static/js/chunk-6ab4e262.784ff7ad.js
- ti####.c####.l####.####.com/bs/static/js/chunk-74d8d23e.1b1c1917.js
- ti####.c####.l####.####.com/bs/static/js/chunk-7c81dd9e.3ce82b00.js
- ti####.c####.l####.####.com/bs/static/js/chunk-a71b30c4.bd91bd9a.js
- ti####.c####.l####.####.com/bs/static/js/chunk-baee83e2.d48effcd.js
- ti####.c####.l####.####.com/bs/static/js/chunk-e6ade8bc.df2aab94.js
- ti####.c####.l####.####.com/bs/static/js/chunk-eb98a71a.7c8c3b7e.js
- ti####.c####.l####.####.com/bs/static/js/chunk-fa2d32ec.c2612b1a.js
- ti####.c####.l####.####.com/bs/static/js/chunk-vendors.333e5cc6.js
- ti####.c####.l####.####.com/bs/static/js/comments.418b3b4f.js
- ti####.c####.l####.####.com/bs/static/js/components.369b88bb.js
- ti####.c####.l####.####.com/bs/static/js/local-book.3d98ff5b.js
- ti####.c####.l####.####.com/bs/static/js/readers.5bf79988.js
- ti####.c####.l####.####.com/bs/static/js/task.e50b0390.js
- ti####.c####.l####.####.com/link_tag_158433958107216
- ti####.c####.l####.####.com/link_tag_158433959325527
- ti####.c####.l####.####.com/link_tag_158433960394651
- ti####.c####.l####.####.com/link_tag_158433961387183
- v2.g####.qq.com/gdt_stats.fcg?viewid=####&i=####&os=####&xp=####&mu_p=####
- www.ipad####.com/rpads/score/getSignInCount?userId=####&productId=####
- www.ipad####.com/rpads/score_task/isComplete?userId=####&productId=####
HTTP POST requests:
- and####.b####.qq.com/rqd/async?aid=####
- api.8f####.cn/rest/count/v1/report
- l####.tbs.qq.com/ajax?c=####&k=####
- pi####.qq.com/mstat/report/?index=####
- r####.gdt.qq.com/sdk_track
- s####.e.qq.com/activate
- s####.e.qq.com/launch
HTTP OPTIONS requests:
- www.ipad####.com/rpads/score/getSignInCount?userId=####&productId=####
- www.ipad####.com/rpads/score_task/isComplete?userId=####&productId=####
File system changes:
Creates the following files:
- /data/data/####/-1135038580-754662270
- /data/data/####/-1561220934-41946751
- /data/data/####/.bak
- /data/data/####/.cl
- /data/data/####/.jg.ic
- /data/data/####/.jg.store.report_cf
- /data/data/####/.turing.dat
- /data/data/####/00755d3334dce644_0
- /data/data/####/0333c9a9177d68f2_0
- /data/data/####/03deed1ea6a72d63_0
- /data/data/####/085f135915e071e7_0
- /data/data/####/1004
- /data/data/####/105498_auMini_1
- /data/data/####/1416f4da233ec65233b16f4a6f686f16_0
- /data/data/####/154d8de583b0b834_0
- /data/data/####/185d8cdb55a3b942_0
- /data/data/####/185d8cdb55a3b942_1
- /data/data/####/1de1552d71d3e304_0
- /data/data/####/1e81fb9d7e0c7ca2_0
- /data/data/####/1fa80c5919114b72_0
- /data/data/####/1fa80c5919114b72_1
- /data/data/####/1s.dex
- /data/data/####/1s.dex.flock (deleted)
- /data/data/####/1s.jar
- /data/data/####/228d6a87cd237a12_0
- /data/data/####/228d6a87cd237a12_1
- /data/data/####/27cc39d2c28bb0219b6f9c2c862d9a19
- /data/data/####/2aa367dd980f71b8_0
- /data/data/####/2aa367dd980f71b8_1
- /data/data/####/2add5037e1466784_0
- /data/data/####/2b830872b09c07e9_0
- /data/data/####/2b830872b09c07e9_1
- /data/data/####/2bb4da94a56cceec_0
- /data/data/####/2bb4da94a56cceec_1
- /data/data/####/2c132041a191e29c_0
- /data/data/####/2c7da2323332ac26_0
- /data/data/####/2c7da2323332ac26_1
- /data/data/####/2d1647cddb2ec2a4_0
- /data/data/####/2d4a5c7a30257c2b_0
- /data/data/####/2d5315af13afe831_0
- /data/data/####/2d5315af13afe831_1
- /data/data/####/307a8cdea1853fb7_0
- /data/data/####/307a8cdea1853fb7_1
- /data/data/####/31f55c26bc9937ce_0
- /data/data/####/3480.yaqcookie
- /data/data/####/35fa4bb9287770e3_0
- /data/data/####/367b8356655a4d93_0
- /data/data/####/420bc391df7d3816_0
- /data/data/####/4295ff6d2060fa8e_0
- /data/data/####/47d91cf6ed62b4c1_0
- /data/data/####/484a5713057414b2_0
- /data/data/####/484c7ab1c28de945_0
- /data/data/####/48beb3ba7f9e867d_0
- /data/data/####/4edc2ecf7ce81ee7_0
- /data/data/####/52f77e4c7620d060_0
- /data/data/####/5338bdb390efcaa0_0
- /data/data/####/53a36aea96990743_0
- /data/data/####/53aead0c3bb80f40_0
- /data/data/####/5bb34709ec849b63_0
- /data/data/####/5c7d85f130a26776_0
- /data/data/####/5eaec12641455d4c_0
- /data/data/####/60aacd26259fd836_0
- /data/data/####/60aacd26259fd836_1
- /data/data/####/616fec7cfa8128d3_0
- /data/data/####/62547a3683ef24e0_0
- /data/data/####/62547a3683ef24e0_1
- /data/data/####/65ac9e795e9e923f_0
- /data/data/####/69977be3234c0ff7_0
- /data/data/####/6a907114079d38e4_0
- /data/data/####/6a907114079d38e4_1
- /data/data/####/6b996a1aa9be52ac_0
- /data/data/####/6bb099ea76e2c702_0
- /data/data/####/70d90142530d1edd_0
- /data/data/####/7129f1d53a2710b3_0
- /data/data/####/72a57e12beabedbb_0
- /data/data/####/782f1beb21430b43_0
- /data/data/####/782f1beb21430b43_1
- /data/data/####/7c8b105166498bec_0
- /data/data/####/810955ae68c26805_0
- /data/data/####/81e4df4cdf17c92c_0
- /data/data/####/84c66fbaa5d1f495_0
- /data/data/####/86c423ef69de1847_0
- /data/data/####/87fe157bdbaa7aa3_0
- /data/data/####/88aad9f5c926b99a_0
- /data/data/####/8a0ac0457d250231_0
- /data/data/####/8d0bd2138a874034_0
- /data/data/####/8d0bd2138a874034_1
- /data/data/####/8ee6eec41ea86cc1_0
- /data/data/####/91d08823d64964d5_0
- /data/data/####/924f31ed82d231f5_0
- /data/data/####/924f31ed82d231f5_1
- /data/data/####/92a890587558ba99_0
- /data/data/####/92a890587558ba99_1
- /data/data/####/9303156feebd78ce_0
- /data/data/####/9303156feebd78ce_1
- /data/data/####/9659d518d5263d10_0
- /data/data/####/96e8fbc2be4ee302_0
- /data/data/####/97a4f19f33624f17_0
- /data/data/####/97fe990ab31163de_0
- /data/data/####/97fe990ab31163de_1
- /data/data/####/98365cfb2f4706af_0
- /data/data/####/9925c10d48820c44_0
- /data/data/####/993923871eceb58a_0
- /data/data/####/9b8e3e50b2603500_0
- /data/data/####/9c5fdda10c39d382_0
- /data/data/####/9cd6041135038085_0
- /data/data/####/9f37b3d213713b04_0
- /data/data/####/BuglySdkInfos.xml
- /data/data/####/Cookies-journal
- /data/data/####/WebViewChromiumPrefs.xml
- /data/data/####/a5d993e705866e7e_0
- /data/data/####/a6d6e4a7cafe62e342c8d78e76f8571b_0
- /data/data/####/a7d74105ab2a6528_0
- /data/data/####/aa9a9bd65b3d7079_0
- /data/data/####/ad58135d8c71a70f_0
- /data/data/####/ad58135d8c71a70f_1
- /data/data/####/b4e2cb44264dd91a_0
- /data/data/####/b4e2cb44264dd91a_1
- /data/data/####/b654313f5b6113d4_0
- /data/data/####/b654313f5b6113d4_1
- /data/data/####/b7926e09e21a75aa_0
- /data/data/####/b80ae7ea3cab8389_0
- /data/data/####/b828bbb8e56a17c7_0
- /data/data/####/b828bbb8e56a17c7_1
- /data/data/####/ba63d37d311c3645_0
- /data/data/####/ba63d37d311c3645_1
- /data/data/####/bb6ebf1929bd3176_0
- /data/data/####/bcacacab92208d7f5262de16b85db46188ff1625d2091b7...5f80.0
- /data/data/####/bd_embed_tea_agent.db-journal
- /data/data/####/be18eddcba8c4e79e761c913fbe81d34_0
- /data/data/####/bf981c130853f39e_0
- /data/data/####/bfy_ad_sp.xml
- /data/data/####/bugly_db_-journal
- /data/data/####/c1bb3b4ef8336ac6_0
- /data/data/####/c27035f82ceb8314_0
- /data/data/####/c27035f82ceb8314_1
- /data/data/####/c4961fc506074da2_0
- /data/data/####/c8ac7a3dfaf9bef3_0
- /data/data/####/c904ed1ef7f14d07_0
- /data/data/####/cc_c_t_m_l_txsdk.xml
- /data/data/####/cc_c_t_m_l_txsdk.xml.bak
- /data/data/####/ccc05f613b51ce33_0
- /data/data/####/cd98c7c224c14ca3_0
- /data/data/####/classes.dex
- /data/data/####/classes.dex;classes2.dex
- /data/data/####/classes.dex;classes3.dex
- /data/data/####/classes.dex;classes4.dex
- /data/data/####/com.google.android.gms.analytics.prefs.xml
- /data/data/####/com.htigo.ag6vj.akw.mid.world.ro.xml
- /data/data/####/com.htigo.ag6vj.akw_preferences.xml
- /data/data/####/com.qq.e.sdkconfig.xml
- /data/data/####/config
- /data/data/####/core_info
- /data/data/####/crashrecord.xml
- /data/data/####/d140ad959c3250bb_0
- /data/data/####/d4797333d9d5de61_0
- /data/data/####/d584fa151fef288f_0
- /data/data/####/d584fa151fef288f_1
- /data/data/####/d749e5ef491f6227_0
- /data/data/####/d749e5ef491f6227_1
- /data/data/####/da61b1bca4887abf_0
- /data/data/####/dba4c1c20d952204_0
- /data/data/####/dc94d4f1d68f4516d316eb1fdbb83e6d
- /data/data/####/ddedf02b1ca19aa3_0
- /data/data/####/de38669ce8c800cf_0
- /data/data/####/de38669ce8c800cf_1
- /data/data/####/de6fc6e6d00bdf773ac85456213ada55_0
- /data/data/####/debug.conf
- /data/data/####/devCloudSetting.cfg
- /data/data/####/devCloudSetting.sig
- /data/data/####/download_upload
- /data/data/####/downloader.db-journal
- /data/data/####/e01885189c27cb02_0
- /data/data/####/e0f8f97889a1b542_0
- /data/data/####/e0f8f97889a1b542_1
- /data/data/####/e557434a5ad3927b_0
- /data/data/####/e60eaf04c0275141_0
- /data/data/####/ef15709c9e856b78_0
- /data/data/####/embed_applog_stats.xml
- /data/data/####/embed_header_custom.xml
- /data/data/####/embed_last_sp_session.xml
- /data/data/####/f0b1e8b95c8a8a71_0
- /data/data/####/f5bae509eca21711_0
- /data/data/####/f5bae509eca21711_1
- /data/data/####/f668b801ca7e9707_0
- /data/data/####/fbacbbfab0aa31a6_0
- /data/data/####/ff4c465c16e9f302_0 (deleted)
- /data/data/####/gdt_config.cfg
- /data/data/####/gdt_plugin.dex
- /data/data/####/gdt_plugin.dex.flock (deleted)
- /data/data/####/gdt_plugin.jar
- /data/data/####/gdt_plugin.jar.sig
- /data/data/####/gdt_plugin.next.sig
- /data/data/####/gdt_plugin.tmp
- /data/data/####/gdt_stat.db
- /data/data/####/gdt_stat.db-journal
- /data/data/####/gdt_suid
- /data/data/####/google_analytics_v4.db-journal
- /data/data/####/http_edtnak.yizhehua.com_0.localstorage-journal
- /data/data/####/https_m.8fenyi.cn_0.localstorage-journal
- /data/data/####/hxdata.xml
- /data/data/####/hxdata.xml.bak
- /data/data/####/index
- /data/data/####/journal.tmp
- /data/data/####/libMMANDKSignature.7329028e.so
- /data/data/####/libjiagu.so
- /data/data/####/libturingau.7329028e.so
- /data/data/####/libyaqbasic.7329028e.so
- /data/data/####/libyaqpro.7329028e.so
- /data/data/####/local_crash_lock
- /data/data/####/login.xml
- /data/data/####/login.xml.bak
- /data/data/####/metrics_guid
- /data/data/####/mpdc_105498_1
- /data/data/####/native_record_lock
- /data/data/####/native_record_lock (deleted)
- /data/data/####/npth.xml
- /data/data/####/npth_log.db-journal
- /data/data/####/preferences.xml
- /data/data/####/preferences.xml.bak
- /data/data/####/pri_tencent_analysis.db_com.htigo.ag6vj.akw-journal
- /data/data/####/proc_auxv
- /data/data/####/sdkCloudSetting.cfg
- /data/data/####/sdkCloudSetting.sig
- /data/data/####/security_info
- /data/data/####/snssdk_openudid.xml
- /data/data/####/sp_global_info.xml
- /data/data/####/sp_global_info.xml.bak (deleted)
- /data/data/####/sp_multi_ttadnet_config.xml
- /data/data/####/sphelper_ttopenadsdk.xml
- /data/data/####/ss_app_config.xml
- /data/data/####/tbs_download_config.xml
- /data/data/####/tbs_download_config.xml.bak
- /data/data/####/tbs_download_stat.xml
- /data/data/####/tbs_pv_config
- /data/data/####/tbscoreinstall.txt
- /data/data/####/tbslock.txt
- /data/data/####/tencent_analysis.db_com.htigo.ag6vj.akw-journal
- /data/data/####/the-real-index
- /data/data/####/tt_sp_app_env.xml
- /data/data/####/ttnet_tnc_config.xml
- /data/data/####/ttopenadsdk.xml
- /data/data/####/ttopensdk.db-journal
- /data/data/####/turingfd_conf_105498_auMini.xml
- /data/data/####/turingfd_conf_105498_auMini.xml.bak
- /data/data/####/turingfd_protect_105498_47_auMini.xml
- /data/data/####/update_lc
- /data/data/####/yaq.7329028e.sec
- /data/data/####/yaq2.7329028e.sec
- /data/data/####/yaq3_0.7329028e.sec
- /data/data/####/yaqsdkcookie
- /data/data/####/ymads.db-journal
- /data/data/####/youyu.db-journal
- /data/media/####/clientudid.dat
- /data/media/####/d79f4e2b2f4d1070293b45ef98f197a4.tmp
- /data/media/####/f4015e603081c01acb1a16c193914cdb.tmp
- /data/media/####/tbslog.txt
- /data/media/####/temp_pkg_info.json
- /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_e_qq_com_plugin_009e8a0d3f041f12eac466e0db8c3dfa/gdt_plugin.jar --oat-fd=42 --oat-location=/data/user/0/<Package>/app_e_qq_com_dex_009e8a0d3f041f12eac466e0db8c3dfa/gdt_plugin.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_e_qq_com_plugin_009e8a0d3f041f12eac466e0db8c3dfa/gdt_plugin.jar --oat-fd=44 --oat-location=/data/user/0/<Package>/app_e_qq_com_dex_009e8a0d3f041f12eac466e0db8c3dfa/gdt_plugin.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_e_qq_com_plugin_009e8a0d3f041f12eac466e0db8c3dfa/gdt_plugin.jar --oat-fd=54 --oat-location=/data/user/0/<Package>/app_e_qq_com_dex_009e8a0d3f041f12eac466e0db8c3dfa/gdt_plugin.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/cache/1s.jar --oat-fd=138 --oat-location=/data/user/0/<Package>/app_dex/1s.dex --compiler-filter=speed
- /system/bin/df
- busybox ifconfig
- cat /sys/class/net/wlan0/address
- getprop
- getprop ro.build.version.emui
- getprop ro.letv.release.version
- getprop ro.miui.ui.version.name
- getprop ro.product.cpu.abi
- getprop ro.vivo.os.build.display.id
Uses the following algorithms to encrypt data:
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- RSA-ECB-NoPadding
- RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- DES
- RSA-ECB-PKCS1Padding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Displays its own windows over windows of other apps.
