Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Support

Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86

Profil

Android.DownLoader.4967

Added to the Dr.Web virus database: 2020-12-17

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Mobifun.30.origin
  • Android.RemoteCode.231.origin
  • Android.Triada.554.origin
  • Android.Xiny.293.origin
  • Android.Xiny.5549
Downloads the following detected threats from the Internet:
  • Android.Click.311.origin
  • Android.Click.334.origin
  • Android.RemoteCode.231.origin
  • Android.RemoteCode.306.origin
  • Android.RemoteCode.6122
  • Android.Triada.549.origin
  • Android.Triada.553.origin
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) gold####.world:80
  • TCP(HTTP/1.1) s.jop####.com:80
  • TCP(HTTP/1.1) ssl.c####.com.####.net:80
  • TCP(HTTP/1.1) aimoong####.com:80
  • TCP(HTTP/1.1) www.d####.xyz:80
  • TCP(HTTP/1.1) trans####.go####.com:80
  • TCP(HTTP/1.1) s####.us####.cdnetw####.net:80
  • TCP(HTTP/1.1) z.c####.com:80
  • TCP(HTTP/1.1) 5.z####.top:80
  • TCP(HTTP/1.1) t####.knight####.com:80
  • TCP(HTTP/1.1) www.go####.com:80
  • TCP(HTTP/1.1) s####.b####.com:80
  • TCP(HTTP/1.1) c####.howdo####.net:80
  • TCP(HTTP/1.1) p####.pay####.com:80
  • TCP(HTTP/1.1) 4.z####.top:9001
  • TCP(HTTP/1.1) cdn.tab####.com:80
  • TCP(HTTP/1.1) hw9####.new####.com:80
  • TCP(HTTP/1.1) h####.b####.com:80
  • TCP(HTTP/1.1) new.beauty####.net:80
  • TCP(HTTP/1.1) fo####.site:80
  • TCP(HTTP/1.1) lo####.suibyu####.com:80
  • TCP(HTTP/1.1) h5kg####.ly####.com:80
  • TCP(HTTP/1.1) api.applove####.com:80
  • TCP(HTTP/1.1) gc4####.9####.com:80
  • TCP(HTTP/1.1) byt####.xyz:80
  • TCP(HTTP/1.1) log.koapk####.com:80
  • TCP(HTTP/1.1) lo####.applove####.com:80
  • TCP(HTTP/1.1) sdk.jedi####.net:9001
  • TCP(HTTP/1.1) fun.biug####.com:80
  • TCP(HTTP/1.1) d####.dd7####.com:80
  • TCP(HTTP/1.1) 45.79.2####.113:80
  • TCP(HTTP/1.1) www.n####.cn.####.com:80
  • TCP(HTTP/1.1) 13.2####.16.115:8081
  • TCP(TLS/1.0) cds.tab####.com:443
  • TCP(TLS/1.0) x.bidsw####.net:443
  • TCP(TLS/1.0) 1####.217.168.226:443
  • TCP(TLS/1.0) sconten####.xx.f####.net:443
  • TCP(TLS/1.0) gd.a.s####.com:443
  • TCP(TLS/1.0) f####.gst####.com:443
  • TCP(TLS/1.0) 1####.217.17.65:443
  • TCP(TLS/1.0) ap####.uc.cn:443
  • TCP(TLS/1.0) e####.vap.l####.com:443
  • TCP(TLS/1.0) dis.cr####.com:443
  • TCP(TLS/1.0) c####.pay####.com:443
  • TCP(TLS/1.0) sb.scoreca####.com.####.net:443
  • TCP(TLS/1.0) i####.cn####.com.####.net:443
  • TCP(TLS/1.0) mobotto####.ho####.com:443
  • TCP(TLS/1.0) a####.cloudf####.com:443
  • TCP(TLS/1.0) p####.w####.com:443
  • TCP(TLS/1.0) www.google####.com:443
  • TCP(TLS/1.0) www.qq####.ltd:443
  • TCP(TLS/1.0) wcf.seven####.com:443
  • TCP(TLS/1.0) adser####.go####.com:443
  • TCP(TLS/1.0) cb148d6####.safef####.googles####.com:443
  • TCP(TLS/1.0) analy####.ray####.com:443
  • TCP(TLS/1.0) lg####.contex####.com:443
  • TCP(TLS/1.0) net.ray####.com:443
  • TCP(TLS/1.0) h####.b####.com:443
  • TCP(TLS/1.0) g.geo####.com:443
  • TCP(TLS/1.0) datasta####.zhuifen####.top:443
  • TCP(TLS/1.0) cdn.tab####.com:443
  • TCP(TLS/1.0) www.googlet####.com:443
  • TCP(TLS/1.0) s3.reuters####.net:443
  • TCP(TLS/1.0) 5.z####.top:443
  • TCP(TLS/1.0) p####.rubicon####.com:443
  • TCP(TLS/1.0) 125f5f5####.trccmp####.com:443
  • TCP(TLS/1.0) a####.b####.com:443
  • TCP(TLS/1.0) id5-####.com:443
  • TCP(TLS/1.0) e1.em####.com:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) yh####.zhuifen####.top:443
  • TCP(TLS/1.0) tpc.googles####.com:443
  • TCP(TLS/1.0) 1####.217.17.131:443
  • TCP(TLS/1.0) us-scp####.ali####.com:443
  • TCP(TLS/1.0) do####.geo.ipo####.net:443
  • TCP(TLS/1.0) al####.u####.com:443
  • TCP(TLS/1.0) s####.tab####.com:443
  • TCP(TLS/1.0) adser####.go####.nl:443
  • TCP(TLS/1.0) pug2200####.pubm####.com:443
  • TCP(TLS/1.0) 1####.217.17.67:443
  • TCP(TLS/1.0) btt####.com:443
  • TCP(TLS/1.0) n####.bellm####.ca.####.net:443
  • TCP(TLS/1.0) s.c.ap####.net:443
  • TCP(TLS/1.0) www.travelc####.com:443
  • TCP(TLS/1.0) www.google-####.com:443
  • TCP(TLS/1.0) san.cbc.ca.####.net:443
  • TCP(TLS/1.0) m####.ad####.org:443
  • TCP(TLS/1.0) cdn.amppro####.org:443
  • TCP(TLS/1.0) www.dutch####.nl:443
  • TCP(TLS/1.0) sett####.crashly####.com:443
  • TCP(TLS/1.0) dsp.adke####.com:443
  • TCP(TLS/1.0) 2####.58.208.110:443
  • TCP(TLS/1.0) na61-####.wagbr####.ali####.####.com:443
  • TCP(TLS/1.0) android####.go####.com:443
  • TCP(TLS/1.0) 1142864####.cn-hong####.fc.####.com:443
  • TCP(TLS/1.0) con####.face####.net:443
  • TCP(TLS/1.0) api.face####.com:443
  • TCP(TLS/1.0) fk-set####.ray####.com:443
  • TCP(TLS/1.0) ai.adta####.tech:443
  • TCP(TLS/1.0) sslbdst####.jom####.com:443
  • TCP(TLS/1.0) cdn-adn####.ray####.com:443
  • TCP(TLS/1.0) www.story####.net:443
  • TCP(TLS/1.0) www.science####.org:443
  • TCP(TLS/1.0) app-mea####.com:443
  • TCP(TLS/1.0) f####.google####.com:443
  • TCP(TLS/1.0) jsc.m####.com:443
  • TCP(TLS/1.0) cm.g.doublec####.net:443
  • TCP(TLS/1.0) securep####.g.doublec####.net:443
  • TCP(TLS/1.0) yun.b####.com:443
  • TCP(TLS/1.0) lp.cooktra####.com:443
  • TCP(TLS/1.2) 1####.217.168.226:443
  • TCP(TLS/1.2) www.google####.com:443
  • TCP(TLS/1.2) p####.google####.com:443
  • TCP(TLS/1.2) 1####.217.17.138:443
  • TCP(TLS/1.2) 2####.58.208.110:443
DNS requests:
  • 125f5f5####.trccmp####.com
  • 4.z####.top
  • 408bafe####.safef####.googles####.com
  • 5.z####.top
  • 7.zhuifen####.top
  • a####.b####.com
  • a####.cloudf####.com
  • adser####.go####.com
  • adser####.go####.nl
  • ai.adta####.tech
  • aimoong####.com
  • analy####.ray####.com
  • android####.go####.com
  • ap####.uc.cn
  • api.applove####.com
  • api.crashly####.com
  • api.crashly####.com.####.8
  • app-mea####.com
  • bh.contex####.com
  • btt####.com
  • byt####.xyz
  • c####.ali####.com
  • c####.howdo####.net
  • c####.pay####.com
  • cb148d6####.safef####.googles####.com
  • cdn-adn####.ray####.com
  • cdn.amppro####.org
  • cdn.m####.com
  • cdn.tab####.com
  • cds.tab####.com
  • ce.l####.com
  • cm.g.doublec####.net
  • con####.face####.net
  • confi####.ray####.com
  • d####.dd7####.com
  • datasta####.zhuifen####.top
  • dis.cr####.com
  • dsp.adke####.com
  • e1.em####.com
  • er####.u####.com
  • f####.google####.com
  • f####.gst####.com
  • fo####.site
  • fun.biug####.com
  • g####.bestv####.cc
  • g####.face####.com
  • gc4####.9####.com
  • gold####.world
  • googl####.g.doublec####.net
  • h####.b####.com
  • h5kg####.ly####.com
  • hlg.ca####.com
  • hlg.ca####.com.####.8
  • houfan####.cn
  • hw.b####.com
  • hw9####.new####.com
  • i####.cn####.com
  • i####.hb####.com
  • i####.hb####.com
  • i####.hb####.com
  • i####.hb####.com
  • i.c####.ca
  • ib.a####.com
  • id5-####.com
  • im####.tab####.com
  • jsc.m####.com
  • lo####.applove####.com
  • lo####.suibyu####.com
  • lo####.suibyu####.com.####.8
  • log.koapk####.com
  • lp.cooktra####.com
  • m####.ad####.org
  • md####.google####.com
  • mobotto####.ho####.com
  • net.ray####.com
  • new.beauty####.net
  • p####.google####.com
  • p####.pay####.com
  • p####.rubicon####.com
  • p####.w####.com
  • p####.w####.com
  • p3.img.cct####.com
  • pag####.googles####.com
  • pic.ne####.org
  • pv.s####.com
  • rtb-c####.smartad####.com
  • rtb-c####.smartad####.com.####.8
  • rtb.mfad####.com
  • s####.b####.com
  • s####.tab####.com
  • s.c.ap####.net
  • s.dailyre####.com
  • s.jop####.com
  • s2.reuters####.net
  • s3.reuters####.net
  • s4.reuters####.net
  • s9.c####.com
  • sb.scoreca####.com
  • sconten####.xx.f####.net
  • sdk.jedi####.net
  • securep####.g.doublec####.net
  • serv####.m####.com
  • sett####.crashly####.com
  • sim####.pubm####.com
  • ss0.bdst####.com
  • ss1.bdst####.com
  • ss2.bdst####.com
  • ss3.bdst####.com
  • st####.ctv####.ca
  • syn####.tab####.com
  • t####.knight####.com
  • tpc.googles####.com
  • trac####.yoh####.com
  • trans####.go####.com
  • trans####.google####.com
  • trc.tab####.com
  • u####.u####.com
  • v1.c####.com
  • wcf.seven####.com
  • www.d####.xyz
  • www.dutch####.nl
  • www.go####.com
  • www.google####.com
  • www.google-####.com
  • www.googlet####.com
  • www.n####.cn
  • www.qq####.ltd
  • www.science####.org
  • www.story####.net
  • www.travelc####.com
  • x.bidsw####.net
  • yh####.zhuifen####.top
  • yun.b####.com
  • z12.c####.com
HTTP GET requests:
  • 5.z####.top/thirdsdk/flowcashpack/11/m06151734.jar
  • 5.z####.top/thirdsdk/flowcashpack/18/news-100-202011241528d.jar
  • 5.z####.top/thirdsdk/flowcashpack/3/offer-134-202009161648d.jar
  • 5.z####.top/thirdsdk/flowcashpack/49/h07281410.jar
  • 5.z####.top/thirdsdk/flowcashpack/52/um08041214.jar
  • aimoong####.com/api/v1/sa?act=####&domain=####
  • aimoong####.com/api/v1/sa?act=####&domain=####&chid=####&template_id=###...
  • aimoong####.com/assets/pwa.js
  • aimoong####.com/assets/util.js
  • aimoong####.com/cfg71696/3004/detail.html
  • api.applove####.com/api/v3/cache/get?osv=####&srnc=####&token=####&ds=##...
  • api.applove####.com/api/v3/template/get?slot_id=####&update_time=####&us...
  • byt####.xyz/index.html
  • byt####.xyz/news_files/font_1549371_6nhnpd8gxwn.css
  • byt####.xyz/news_files/main.css
  • c####.howdo####.net/aff_track?offer_id=####&affiliate_id=####&aff_sub2=#...
  • cdn.tab####.com/libtrc/dashuye-goldgame/loader.js
  • cdn.tab####.com/libtrc/idgtnmain-network/loader.js
  • cdn.tab####.com/libtrc/snaggletooth-beautygame/loader.js
  • cdn.tab####.com/libtrc/snaggletooth-bytnews/loader.js
  • d####.dd7####.com/upload/hw/D10049dex20190529.jar
  • d####.dd7####.com/upload/hw/c1005dex20190527.jar
  • d####.dd7####.com/upload/hw/h5rq20191022.jar
  • d####.dd7####.com/upload/hw/kklz02dex20200414.jar
  • d####.dd7####.com/upload/hw/lsdk20200506.jar
  • d####.dd7####.com/upload/hw/qcdex20200316.jar
  • d####.dd7####.com/upload/hw1/CJAR20190515.jar
  • d####.dd7####.com/upload/plog/game1212.jar
  • d####.dd7####.com/upload/plog/kk20201106.jar
  • d####.dd7####.com/upload/plog/mobdex20201017.jar
  • d####.dd7####.com/upload/plog/ps20201208.jar
  • d####.dd7####.com/upload/plog/sds20201013.jar
  • fo####.site/upload/sdk_thridLib-release-unsigned-20201217.apk
  • fun.biug####.com/vip649298.html
  • gc4####.9####.com/zsyunsxda
  • gc4####.9####.com/zsyunsxda/
  • gold####.world/
  • gold####.world/common/img/320x50_News_mobile_header.jpg
  • gold####.world/img/breakingNewsMobileHeader.png
  • gold####.world/img/breakingnewsmobileTag.png
  • gold####.world/index_files/mobile.css
  • gold####.world/index_files/mobile_common.css
  • gold####.world/plugins/slick.css
  • h####.b####.com/hw/xpw/hw_irn20200926_qs004.js?key=####
  • h####.b####.com/hw/xpw/hw_irn20201023_qs001.js?key=####
  • h####.b####.com/hw/xpw/hw_irn20201113_qs008.js?key=####
  • h####.b####.com/hw/xpw/hw_irn20201130_qs009.js?key=####
  • h####.b####.com/hw/xpw/hw_irn20201202_qs003.js?key=####
  • h5kg####.ly####.com/pipe-mania/?channelid=####
  • h5kg####.ly####.com/wp-content/themes/sokidaTheme/css/mobile.css?v=####
  • h5kg####.ly####.com/wp-content/themes/sokidaTheme/css/public/bootstrap.m...
  • h5kg####.ly####.com/wp-content/themes/sokidaTheme/css/public/font-awesom...
  • h5kg####.ly####.com/wp-content/themes/sokidaTheme/css/public/reset.css
  • h5kg####.ly####.com/wp-content/themes/sokidaTheme/css/theme.css?v=####
  • h5kg####.ly####.com/wp-content/themes/sokidaTheme/fonts/fontawesome-webf...
  • h5kg####.ly####.com/wp-content/themes/sokidaTheme/images/top.png
  • h5kg####.ly####.com/wp-content/themes/sokidaTheme/js/CustomAds.js
  • h5kg####.ly####.com/wp-content/themes/sokidaTheme/js/public/bootstrap.mi...
  • h5kg####.ly####.com/wp-content/themes/sokidaTheme/js/public/jquery-1.11....
  • h5kg####.ly####.com/wp-content/themes/sokidaTheme/js/public/swiper/swipe...
  • h5kg####.ly####.com/wp-content/themes/sokidaTheme/js/shejiwo.js?v=####
  • h5kg####.ly####.com/wp-content/uploads/2020/02/183-gold-miner-excavator1...
  • h5kg####.ly####.com/wp-content/uploads/2020/02/196-tank-defense-battle1-...
  • h5kg####.ly####.com/wp-content/uploads/2020/02/218-container-room-escape...
  • h5kg####.ly####.com/wp-content/uploads/2020/02/240-billiards-hit-the-sta...
  • h5kg####.ly####.com/wp-content/uploads/2020/02/242-snail-looking-for-new...
  • h5kg####.ly####.com/wp-content/uploads/2020/02/247-crazy-plumber1-300x30...
  • h5kg####.ly####.com/wp-content/uploads/2020/02/71-Anime-star-racing1-300...
  • h5kg####.ly####.com/wp-content/uploads/2020/06/icon_20200619105434.png
  • h5kg####.ly####.com/wp-content/uploads/2020/06/微信图片_20200618094705.png
  • h5kg####.ly####.com/wp-includes/js/wp-embed.min.js?ver=####
  • lo####.suibyu####.com/android/v1/impression?slot=####&doimp=####&pkg=###...
  • new.beauty####.net/news.html
  • p####.pay####.com/s-r/292/5ee718ce1512e
  • s####.b####.com/redirect?s=####&at=####&rt=####&s1=####
  • s####.us####.cdnetw####.net/app/t2/images/2018102410025440783.png
  • s####.us####.cdnetw####.net/app/t2/images/2018112713313813099.png
  • s####.us####.cdnetw####.net/app/t2/images/2018112713575278925.jpg
  • s####.us####.cdnetw####.net/app/t2/images/CrazyZoo1.png
  • s####.us####.cdnetw####.net/app/t2/images/KISSKISS1.png
  • s####.us####.cdnetw####.net/app/t2/images/KISSKISS2.png
  • s####.us####.cdnetw####.net/app/t2/jquery-2.1.1.min.js
  • s####.us####.cdnetw####.net/app/t2/static/dist/css/basis.min.css?v=####
  • s####.us####.cdnetw####.net/app/t2/static/dist/css/detail-v2.min.css
  • s####.us####.cdnetw####.net/app/t2/static/dist/css/font_633469_vsn760jsk...
  • s####.us####.cdnetw####.net/app/t2/static/dist/js/flexible.min.js
  • s.jop####.com/favicon.ico
  • s.jop####.com/games/playgame_files/basis.min.css
  • s.jop####.com/games/playgame_files/detail-v2.min.css
  • s.jop####.com/games/playgame_files/flexible.min.js
  • s.jop####.com/games/playgame_files/font_633469_vsn760jskh.css
  • s.jop####.com/games/playgame_files/osd.js
  • s.jop####.com/games/playgame_files/quick.min.js
  • s.jop####.com/games/playgame_files/router.min.js
  • s.jop####.com/games/playgame_files/sdk.min.js
  • s.jop####.com/games/sam-bogart.htm
  • s.jop####.com/imagerec/blackmoon/sambogart_256.png
  • s.jop####.com/imagerec/d26b02e2d0bd46b5943c24addf6e32ad@256.jpg
  • s.jop####.com/imagerec/e8af16dcb95c4c87a572274df67c986a@256.jpg
  • s.jop####.com/imagerec/f409aa47f10c442eae44b223744c5ae6@256.jpg
  • ssl.c####.com.####.net/photoworkspace/contentimg/2019/12/19/201912191101...
  • t####.knight####.com/click?id=####&aff=####&gaid=####&android_id=####&pk...
  • trans####.go####.com/translate_a/element.js?cb=####
  • www.go####.com/ads/measurement/l?ebcid=####
  • www.go####.com/pagead/drt/ui
  • www.n####.cn.####.com/photo/titlepic/112641/1126414248_1598408278932_tit...
  • www.n####.cn.####.com/photo/titlepic/112661/1126616696_1602767308437_tit...
  • www.n####.cn.####.com/photo/titlepic/112662/1126620874_1602845392136_tit...
  • www.n####.cn.####.com/photo/titlepic/112662/1126621334_1602856136259_tit...
  • www.n####.cn.####.com/photo/titlepic/112662/1126621335_1602856186376_tit...
  • z.c####.com/stat.htm?id=####&cnzz_eid=####
HTTP POST requests:
  • 4.z####.top:9001/logreport
  • hw9####.new####.com/api/activite
  • hw9####.new####.com/api/back
  • hw9####.new####.com/api/offer
  • hw9####.new####.com/api/tbdynamic
  • hw9####.new####.com/apidata/showeb
  • lo####.applove####.com/android/v2/click_redirect
  • log.koapk####.com/pgm/sr/gm/gy
  • sdk.jedi####.net:9001/api/v1/cm.reqCfg
  • sdk.jedi####.net:9001/api/v1/cm.reqOff
  • sdk.jedi####.net:9001/api/v1/cm.reqUp
  • www.d####.xyz/Orders/getlive?channel=####&Slevi=####&anmac=####&anosv=##...
  • www.d####.xyz/Orders/getliveshua?channel=####&Slevi=####&anid=####&anmac...
  • www.d####.xyz/Orders/pigchannel?channel=####&nochannel=####
  • www.d####.xyz/Orders/setpnum?pnum=####&channel=####
File system changes:
Creates the following files:
  • /data/data/####/-1531069279
  • /data/data/####/-1755338451
  • /data/data/####/-604819473
  • /data/data/####/-789018423
  • /data/data/####/-898833826
  • /data/data/####/.2969407120.apk
  • /data/data/####/.2969407120.dex
  • /data/data/####/.2969407120.dex.flock (deleted)
  • /data/data/####/.imprint
  • /data/data/####/.mf
  • /data/data/####/.t
  • /data/data/####/024560b9a29d816a_0
  • /data/data/####/024560b9a29d816a_1
  • /data/data/####/02db50466a476126_0
  • /data/data/####/0405da0e0fa19087_0
  • /data/data/####/0583b02d1bf76819_0
  • /data/data/####/05c75544ab5bb899_0
  • /data/data/####/067adaaa71a803df_0 (deleted)
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760368a5bca290ca8a...1d.dex
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760368a5bca290ca8a...1d.jar
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760368a5bca290ca8a...leted)
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760368a5bca290ca8a...rcache
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760a481e950172de8d...fe.dex
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760a481e950172de8d...fe.jar
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760a481e950172de8d...leted)
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760afb3893166466d2...62.dex
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760afb3893166466d2...62.jar
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760afb3893166466d2...leted)
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760afb3893166466d2...rcache
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760b90b04be5561ceb...48.dex
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760b90b04be5561ceb...48.jar
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760b90b04be5561ceb...leted)
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760b90b04be5561ceb...rcache
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760decc828a4d17546...56.dex
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760decc828a4d17546...56.jar
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760decc828a4d17546...leted)
  • /data/data/####/06a36b34d09d11ea9799506b4b12c760decc828a4d17546...rcache
  • /data/data/####/0b897d43b337beba_0
  • /data/data/####/0b9e8ba3040361c9_0
  • /data/data/####/0b9e8ba3040361c9_1
  • /data/data/####/0caa2e90cc8e53f8_0
  • /data/data/####/0edb6b5dfe2a3f39_0
  • /data/data/####/0ee40d565e6e2a4e_0
  • /data/data/####/0f9f14e6afeb4f2d_0
  • /data/data/####/0fd1ef3c5f93a9c9_0
  • /data/data/####/1.dex
  • /data/data/####/1.dex.flock (deleted)
  • /data/data/####/1.jar
  • /data/data/####/105d36453dd9d5c5_0
  • /data/data/####/105d36453dd9d5c5_1
  • /data/data/####/10e03e484a6c0dd7_0
  • /data/data/####/1502509754
  • /data/data/####/17bbcfc7fe154a2f_0
  • /data/data/####/17bbcfc7fe154a2f_1
  • /data/data/####/1815882383
  • /data/data/####/18c45fd1e3121148_0
  • /data/data/####/1962183863
  • /data/data/####/1962675194
  • /data/data/####/197de50b3129ad01_0 (deleted)
  • /data/data/####/19854f40cba07be9_0
  • /data/data/####/2020_12_17readzibao.xml
  • /data/data/####/2020_12_17shuareadszibao.xml
  • /data/data/####/2020_12_17zibao.xml
  • /data/data/####/2021665e819e232f_0
  • /data/data/####/20f4f32d8d91cabf_0
  • /data/data/####/26350036cfb9b394_0
  • /data/data/####/272b976a655251b3_0
  • /data/data/####/273511acf38e385d_0 (deleted)
  • /data/data/####/2940195bd9870d6e_0
  • /data/data/####/2940195bd9870d6e_1
  • /data/data/####/2a9d061b4348e653_0 (deleted)
  • /data/data/####/2baf6c1d1994983f_0
  • /data/data/####/2bd98315624ef1f8_0
  • /data/data/####/2c527b62a382f910_0
  • /data/data/####/2cf0d440adb5a0bb_0
  • /data/data/####/2d5ee14a3d68c3b9_0
  • /data/data/####/2dcfe8200d3df994_0
  • /data/data/####/329665303
  • /data/data/####/3327275
  • /data/data/####/33a8f602a1cd6df5_0 (deleted)
  • /data/data/####/34263e23d45ead52_0
  • /data/data/####/34263e23d45ead52_1
  • /data/data/####/3a1d542677493df0_0
  • /data/data/####/3a4966292c0ab76c_0
  • /data/data/####/3bf82e77ee438f3d_0
  • /data/data/####/3e18ab83f89a066e_0
  • /data/data/####/3eed5553cfde2580_0
  • /data/data/####/404aef909a94465a_0
  • /data/data/####/404aef909a94465a_1
  • /data/data/####/44c63769d731f307_0
  • /data/data/####/46ec6595805093a2_0 (deleted)
  • /data/data/####/474c615f56e8ac56_0
  • /data/data/####/474c615f56e8ac56_1
  • /data/data/####/492f754bc6c472d8_0
  • /data/data/####/492f754bc6c472d8_1
  • /data/data/####/4a5329949c0a2186_0
  • /data/data/####/4a5329949c0a2186_1
  • /data/data/####/4a53aa83842367b1_0
  • /data/data/####/4ac93175981dc9e1_0
  • /data/data/####/4c24b0e2c8ff36e1_0 (deleted)
  • /data/data/####/4d746e292d2a05ac_0 (deleted)
  • /data/data/####/4e1643b751d299de_0
  • /data/data/####/4e1643b751d299de_1
  • /data/data/####/4eadde43537dbc6b_0
  • /data/data/####/4f3d1ebe13d61222_0
  • /data/data/####/4f5ac6efb5948bc5_0
  • /data/data/####/4fa680656d73e056_0
  • /data/data/####/51cca6e5a1930076_0
  • /data/data/####/52b5244155ba07a2_0
  • /data/data/####/52b5244155ba07a2_1
  • /data/data/####/54d2c79efdaa6091_0
  • /data/data/####/556772daaee17a26_0
  • /data/data/####/581fb5c5d8a34982_0
  • /data/data/####/5af363703de6892e_0
  • /data/data/####/5c9e659ec6a11a75_0
  • /data/data/####/60c65754b855e958_0
  • /data/data/####/6342d0610af80df61be9346badebbf04.d
  • /data/data/####/639895464
  • /data/data/####/63fa7437bc147a82_0
  • /data/data/####/648d2e37df860625_0
  • /data/data/####/6616f972f9884e301cd740268cfdf343
  • /data/data/####/66f00cd704d83443_0
  • /data/data/####/678ec9df5debfe5c_0
  • /data/data/####/68783520b98f98e8_0
  • /data/data/####/68b705a857a6d1f2_0
  • /data/data/####/6e5df1192bcb423b_0
  • /data/data/####/6e90d77b16118677_0
  • /data/data/####/6f67dfcbe35a6c35_0 (deleted)
  • /data/data/####/6f8b5ccd89cbcaa4_0 (deleted)
  • /data/data/####/6fd7bc923c947229_0
  • /data/data/####/6fd7bc923c947229_1
  • /data/data/####/71fb98f4da62f3a5_0
  • /data/data/####/71fb98f4da62f3a5_1
  • /data/data/####/735e0911ab158d7f_0
  • /data/data/####/735e0911ab158d7f_1
  • /data/data/####/741c5630d296bf87_0
  • /data/data/####/74d4957d4265a069_0
  • /data/data/####/74eff78eb8d96214_0
  • /data/data/####/77f1605dfaed3c5f_0
  • /data/data/####/781ea185fee7d931_0
  • /data/data/####/7abce40f99644d21_0 (deleted)
  • /data/data/####/7b0432d2af2eebe0_0
  • /data/data/####/7bd7a71a1541a8e4_0
  • /data/data/####/7bd7a71a1541a8e4_1
  • /data/data/####/7c14391470e65830_0
  • /data/data/####/7cfba443c7065e4f87058f05b248403d.d
  • /data/data/####/7eba40c5e2c50aeb_0 (deleted)
  • /data/data/####/7f1fd2e2b65144b0_0
  • /data/data/####/802c426c74661431_0
  • /data/data/####/80863b8f78bc6aa4_0 (deleted)
  • /data/data/####/809db871e07e8697_0
  • /data/data/####/80d2b996abf3b600_0 (deleted)
  • /data/data/####/80d9004169dce816_0
  • /data/data/####/831d7c7ee25ca816_0
  • /data/data/####/836241ddd71ba8de_0 (deleted)
  • /data/data/####/840d6dfccfac2735_0
  • /data/data/####/89cab6e27dd3e5b7_0 (deleted)
  • /data/data/####/8bfd8fc27cc80fae_0
  • /data/data/####/8c3091cf27575a4c_0
  • /data/data/####/8e952c58ba037422_0
  • /data/data/####/8e952c58ba037422_1
  • /data/data/####/8eecb15b0b733112_0
  • /data/data/####/902ad671aef3b5dc_0
  • /data/data/####/917c0198ce67102e_0 (deleted)
  • /data/data/####/952c4d6ebbb4a0bf_0
  • /data/data/####/9897b64f8e6f8ac0_0
  • /data/data/####/99778d24d36510e5_0
  • /data/data/####/9ad98944b8d39f26_0
  • /data/data/####/9db74b3e6837cb71_0
  • /data/data/####/9e76e6b839c48105_0
  • /data/data/####/9e876e14f49dacd6067994dabd62ddae.xml
  • /data/data/####/9e876e14f49dacd6067994dabd62ddae.xml.bak
  • /data/data/####/AppEventsLogger.persistedevents
  • /data/data/####/Cookies-journal
  • /data/data/####/DATA_DETECTION_ADDRESS_1
  • /data/data/####/E06C26E43D34FF4E65342B47801CDA0B
  • /data/data/####/REPLEHDP0DP0MOC.bati
  • /data/data/####/REPLEHDP0DP0MOC.end
  • /data/data/####/REPLEHDP0DP0MOC.hdr
  • /data/data/####/REPLEHDP0DP0MOC.meminfo
  • /data/data/####/REPLEHDP0DP0MOC.pid
  • /data/data/####/REPLEHDP0DP0MOC.ps
  • /data/data/####/REPLEHDP0DP0MOC.st
  • /data/data/####/REPLEHDP0DP0MOC.start
  • /data/data/####/REPLEHDP0DP0MOC.status
  • /data/data/####/REPLEHDP0DP0MOC.sts
  • /data/data/####/REPLEHDP0DP0MOC.time
  • /data/data/####/REPLEHDP0DP0MOC.uptime
  • /data/data/####/UM_PROBE_DATA.xml
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/ZyM2cqJMkLw.xml
  • /data/data/####/a115fc956fa27455_0
  • /data/data/####/a2bfb9e28962dbf2_0
  • /data/data/####/a3a8cf82a31113ef_0 (deleted)
  • /data/data/####/a67c7bfeaa92ff3c_0
  • /data/data/####/a6c9028059398062_0
  • /data/data/####/a6c9028059398062_1
  • /data/data/####/a74618b23cccccc3_0 (deleted)
  • /data/data/####/a81ca36cc30a3dc1_0 (deleted)
  • /data/data/####/aa30c7c678d3df1e_0
  • /data/data/####/ab9aa1390fd3e63d_0 (deleted)
  • /data/data/####/adc9e53132fce858_0
  • /data/data/####/ae7dd2a66a084947b6e24fa3259a8f96
  • /data/data/####/af42d1426c7dfbaf_0 (deleted)
  • /data/data/####/alcccu
  • /data/data/####/anl.db
  • /data/data/####/anl.db-journal
  • /data/data/####/anl.db-shm (deleted)
  • /data/data/####/anl.db-wal
  • /data/data/####/anl.db-wal (deleted)
  • /data/data/####/app_db-journal
  • /data/data/####/audience_network.dex
  • /data/data/####/audience_network.dex.flock (deleted)
  • /data/data/####/b0ca655e7681cbb4_0
  • /data/data/####/b1a2faf170507972_0
  • /data/data/####/b27678ff0e37433d_0
  • /data/data/####/b3656918ba6ce057_0
  • /data/data/####/b69b6e717b340d9a_0
  • /data/data/####/bad56febee3e2ea1_0
  • /data/data/####/base.apk
  • /data/data/####/base.dex
  • /data/data/####/base.dex.flock (deleted)
  • /data/data/####/be80e655f7a6d6b8_0
  • /data/data/####/bf536dc63098d394_0
  • /data/data/####/bi_1l1li1l1i1li1.xml
  • /data/data/####/bi_1l1li1l1i1li1.xml.bak
  • /data/data/####/bvu
  • /data/data/####/c14ab210ffd01c0d_0
  • /data/data/####/c14d2ea416cc4f8ae8e1dc95eaa2afe7.xml
  • /data/data/####/c14d2ea416cc4f8ae8e1dc95eaa2afe7.xml.bak (deleted)
  • /data/data/####/c1qa2sw3de4frf5tg6yhju78ik9olp0.xml
  • /data/data/####/c1qa2sw3de4frf5tg6yhju78ik9olp0.xml.bak
  • /data/data/####/c2b22e126e15b2c9_0
  • /data/data/####/c42302beaf730c13_0
  • /data/data/####/c5a9ac48f55358b6_0
  • /data/data/####/c67f126d2aa86022_0
  • /data/data/####/c70a4c3642251dd9_0
  • /data/data/####/c8919faefe0d4750_0 (deleted)
  • /data/data/####/ca550bc26f47eca4_0
  • /data/data/####/ca550bc26f47eca4_1
  • /data/data/####/cb3e7cfb5b588fa3_0
  • /data/data/####/cc04126c0cc669b3_0
  • /data/data/####/cc7c4259bec8eec5_0 (deleted)
  • /data/data/####/cdt.wa
  • /data/data/####/ci_v1v2v3.so
  • /data/data/####/com.bb.c2.vv.new.の.apktemp
  • /data/data/####/com.bb.c2.vv.new.の.dex (deleted)
  • /data/data/####/com.bb.c2.vv.new.の.dex.flock (deleted)
  • /data/data/####/com.facebook.internal.MODEL_STORE.xml
  • /data/data/####/com.facebook.internal.preferences.APP_GATEKEEPERS.xml
  • /data/data/####/com.facebook.internal.preferences.APP_SETTINGS.xml
  • /data/data/####/com.facebook.sdk.USER_SETTINGS.xml
  • /data/data/####/com.facebook.sdk.appEventPreferences.xml
  • /data/data/####/com.facebook.sdk.attributionTracking.xml
  • /data/data/####/com.pd.pdhelper_ct_default.xml
  • /data/data/####/com.pd.pdhelper_ct_default.xml.bak (deleted)
  • /data/data/####/com.pd.pdhelper_preferences.xml
  • /data/data/####/combbjazzkitov.
  • /data/data/####/combbjazzkitov.dex
  • /data/data/####/combbjazzkitov.dex.flock (deleted)
  • /data/data/####/core_asdjfadsfjsaio.so
  • /data/data/####/cr.wa
  • /data/data/####/cum.lock
  • /data/data/####/cv.xml
  • /data/data/####/d029f0a8fc726de4_0
  • /data/data/####/d240f38d88aa8219_0
  • /data/data/####/d33bc945fc937cef_0
  • /data/data/####/d681e7f685f323f2_0
  • /data/data/####/d681e7f685f323f2_1
  • /data/data/####/d8f32e5341e29be1_0
  • /data/data/####/d8f32e5341e29be1_1
  • /data/data/####/d94d4d2a6e0d29ae_0
  • /data/data/####/dc1507c2bc6790ca_0
  • /data/data/####/delayed_transmission_flag_new.xml
  • /data/data/####/dt.wa
  • /data/data/####/e0b6e72253c06ed1_0
  • /data/data/####/e0b6e72253c06ed1_1
  • /data/data/####/e34f187a228945b2_0
  • /data/data/####/e63d143fa8ea3870_0
  • /data/data/####/e68e4dfd74cccfcb_0 (deleted)
  • /data/data/####/e9044f739aecc6d3_0
  • /data/data/####/e966912d5f776613_0
  • /data/data/####/e9cad4debb426afd_0
  • /data/data/####/ead2dee4a9edcad1_0
  • /data/data/####/ead2dee4a9edcad1_1
  • /data/data/####/ece2dec664bc4dc7_0
  • /data/data/####/ef37d4b3278d9f59_0
  • /data/data/####/ef37d4b3278d9f59_1
  • /data/data/####/exc_log.xml
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/exid.dat
  • /data/data/####/f06506fbde751940_0
  • /data/data/####/f06506fbde751940_1
  • /data/data/####/f0f91d5e65120e6b_0
  • /data/data/####/f0f91d5e65120e6b_1
  • /data/data/####/f114d8d0c0f0c3ea_0 (deleted)
  • /data/data/####/f28f051701e27d69_0
  • /data/data/####/f28f051701e27d69_1
  • /data/data/####/f3b9fb5637c0427a_0 (deleted)
  • /data/data/####/f3e0968789cf9a9a_0
  • /data/data/####/f426701588ba759a_0
  • /data/data/####/f4bd5a2bbde31b1c255e3ec022e40c94
  • /data/data/####/f76a862ee5bdc313_0
  • /data/data/####/f96cc424e7747446_0
  • /data/data/####/fc1d9163c1fa4a57_0
  • /data/data/####/fd4990958d5cf0b0_0
  • /data/data/####/ff61c37ea9a42821_0 (deleted)
  • /data/data/####/fwj8i3dd.data-journal
  • /data/data/####/g5dtf4rd.xml
  • /data/data/####/g5dtf4rd.xml.bak
  • /data/data/####/g5dtf4rd.xml.bak (deleted)
  • /data/data/####/godzilla.db
  • /data/data/####/godzilla.db-journal
  • /data/data/####/godzilla.xml
  • /data/data/####/godzilla.xml.bak
  • /data/data/####/godzilla_update.xml
  • /data/data/####/http_bytnews.xyz_0.localstorage-journal
  • /data/data/####/http_goldgame.world_0.localstorage-journal
  • /data/data/####/http_new.beautygame.net_0.localstorage-journal
  • /data/data/####/http_s.jopikie.com_0.localstorage-journal
  • /data/data/####/i==1.2.0&&1.1.3.5_1608214884792_envelope.log
  • /data/data/####/iavi.txt.xml
  • /data/data/####/index
  • /data/data/####/info.xml
  • /data/data/####/lob.xml
  • /data/data/####/lob.xml.bak
  • /data/data/####/m2020031115.apk
  • /data/data/####/m2020031115.dex
  • /data/data/####/m2020031115.dex.flock (deleted)
  • /data/data/####/metrics_guid
  • /data/data/####/mintegral.msdk.and.db-journal
  • /data/data/####/mintegral.xml
  • /data/data/####/mintegral.xml.bak
  • /data/data/####/mobclick_agent_user_com.pd.pdhelper.xml
  • /data/data/####/mosla_update.xml
  • /data/data/####/om_js_content.txt
  • /data/data/####/proc_auxv
  • /data/data/####/pv.wa
  • /data/data/####/readzibao.xml
  • /data/data/####/s2020031115.apk
  • /data/data/####/s2020031115.dex
  • /data/data/####/s2020031115.dex.flock (deleted)
  • /data/data/####/share_date.xml
  • /data/data/####/share_date.xml.bak
  • /data/data/####/spUtils.xml
  • /data/data/####/sp_qwejrioqwjroierj.xml
  • /data/data/####/ssk_config.xml
  • /data/data/####/t==9.1.0&&1.1.3.5_1608214883175_envelope.log
  • /data/data/####/temp.zip (deleted)
  • /data/data/####/the-real-index
  • /data/data/####/ua.db
  • /data/data/####/ua.db-journal
  • /data/data/####/um_pri.xml
  • /data/data/####/um_session_id.xml
  • /data/data/####/umeng_common_config.xml
  • /data/data/####/umeng_common_location.xml
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/umeng_sp_oaid.xml
  • /data/data/####/umeng_sp_zdata.xml
  • /data/data/####/umeng_zcfg_flag
  • /data/data/####/umeng_zero_cache.db
  • /data/data/####/umeng_zero_cache.db-journal
  • /data/data/####/unique
  • /data/data/####/urlSetting.xml
  • /data/data/####/ver
  • /data/data/####/z==1.2.0&&1.1.3.5_1608214873578_envelope.log
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/cat /proc/version
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/cache/159220316063479695-1485755281/1.jar --oat-fd=162 --oat-location=/data/user/0/<Package>/cache/159220316063479695-1485755281/1.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/.2969407120.apk --oat-fd=167 --oat-location=/data/user/0/<Package>/code_cache/.2969407120.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/06a36b34d09d11ea9799506b4b12c760368a5bca290ca8ab169ed613ae1ee21d.jar --oat-fd=176 --oat-location=/data/user/0/<Package>/app_shellObj/06a36b34d09d11ea9799506b4b12c760368a5bca290ca8ab169ed613ae1ee21d.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/06a36b34d09d11ea9799506b4b12c760a481e950172de8dc7a4b968fc9c9eefe.jar --oat-fd=51 --oat-location=/data/user/0/<Package>/app_shellObj/06a36b34d09d11ea9799506b4b12c760a481e950172de8dc7a4b968fc9c9eefe.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/06a36b34d09d11ea9799506b4b12c760afb3893166466d260fd2065ba6660662.jar --oat-fd=185 --oat-location=/data/user/0/<Package>/app_shellObj/06a36b34d09d11ea9799506b4b12c760afb3893166466d260fd2065ba6660662.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/06a36b34d09d11ea9799506b4b12c760b90b04be5561cebe4056f9d38caa3948.jar --oat-fd=176 --oat-location=/data/user/0/<Package>/app_shellObj/06a36b34d09d11ea9799506b4b12c760b90b04be5561cebe4056f9d38caa3948.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/06a36b34d09d11ea9799506b4b12c760decc828a4d17546c50433d1e5eca7a56.jar --oat-fd=209 --oat-location=/data/user/0/<Package>/app_shellObj/06a36b34d09d11ea9799506b4b12c760decc828a4d17546c50433d1e5eca7a56.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/<Package>0<Package>/combbjazzkitov. --oat-fd=152 --oat-location=/data/user/0/<Package>/files/<Package>0<Package>/<Package>/1608214876265/combbjazzkitov.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/<Package>0<Package>/combbjazzkitov. --oat-fd=156 --oat-location=/data/user/0/<Package>/files/<Package>0<Package>/<Package>/1608214880395/combbjazzkitov.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/audience_network.dex --oat-fd=88 --oat-location=/data/user/0/<Package>/app_optimized/audience_network.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/com.bb.c2.vv.new. .apk --oat-fd=58 --oat-location=/data/user/0/<Package>/cache/<Package>/com.bb.c2.vv.new. .dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/m2020031115.apk --oat-fd=159 --oat-location=/data/user/0/<Package>/app_dex/m2020031115.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/s2020031115.apk --oat-fd=167 --oat-location=/data/user/0/<Package>/app_dex/s2020031115.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/oat/arm/3467/base.apk --oat-fd=148 --oat-location=/data/user/0/<Package>/oat/arm/3467/base.dex --compiler-filter=speed
  • ls /
  • ls /sys/class/thermal
  • ps
  • sh -c type su
Loads the following dynamic libraries:
  • alcccu
Uses the following algorithms to encrypt data:
  • AES
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • DES-CBC-PKCS5Padding
Uses the following algorithms to decrypt data:
  • AES
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • DES-CBC-PKCS5Padding
  • desede-CBC-PKCS5Padding
Accesses the ITelephony private interface.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Displays its own windows over windows of other apps.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android