Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Support

Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86

Profil

Android.RemoteCode.8423

Added to the Dr.Web virus database: 2024-08-27

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.RemoteCode.251.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) a####.u####.com:80
  • TCP(HTTP/1.1) 1####.190.181.236:80
  • TCP(HTTP/1.1) thi####.q####.cn:80
  • TCP(HTTP/1.1) oc.u####.com:80
  • TCP(HTTP/1.1) sho####.netwa####.com.####.com:80
  • TCP(HTTP/1.1) g####.gif####.com:80
  • TCP(TLS/1.0) adjs-de####.e.kuai####.com:443
  • TCP(TLS/1.0) nwapi####.oss-cn-####.aliy####.com:443
  • TCP(TLS/1.0) g####.gif####.com:443
  • TCP(TLS/1.0) bea####.g####.com:443
  • TCP(TLS/1.0) t####.m.qq.com:443
  • TCP(TLS/1.0) api-ac####.pangoli####.com.####.com:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) s####.e.qq.com:443
  • TCP(TLS/1.0) qzs.gd####.com.####.com:443
  • TCP(TLS/1.0) sho####.netwa####.com.####.com:443
  • TCP(TLS/1.0) gro####.pangoli####.com.####.com:443
  • TCP(TLS/1.0) pla####.google####.com:443
  • TCP(TLS/1.0) p####.ad####.com.####.com:443
  • TCP(TLS/1.0) 1####.251.36.35:443
  • TCP(TLS/1.0) thi####.q####.cn:443
  • TCP(TLS/1.0) to####.ctobsn####.com.####.com:443
  • TCP(TLS/1.0) js.a.k####.####.com:443
  • TCP(TLS/1.0) gmscomp####.google####.com:443
  • TCP(TLS/1.0) rr2---s####.g####.com:443
  • TCP(TLS/1.2) p####.ad####.com.####.com:443
  • TCP(TLS/1.2) 1####.177.14.95:443
  • TCP(TLS/1.2) 1####.194.221.95:443
  • TCP(TLS/1.2) 64.2####.164.138:443
  • TCP(TLS/1.2) 1####.177.14.104:443
  • TCP(TLS/1.2) 64.2####.163.95:443
  • UDP bea####.g####.com:443
  • TCP api-ac####.pangoli####.com.####.com:443
  • TCP sf3-fe####.pglstat####.com.####.com:443
  • TCP log####.pangoli####.com.####.net:443
  • TCP tnc3-b####.ziji####.com.####.com:443
  • UDP pla####.google####.com:443
DNS requests:
  • a####.u####.com
  • api-ac####.pangoli####.com
  • api-ac####.pangoli####.com
  • bea####.g####.com
  • g####.gif####.com
  • gmscomp####.google####.com
  • gro####.pangoli####.com
  • js.a.k####.com
  • log####.pangoli####.com
  • m####.vo####.com
  • n####.cdn.bc####.com
  • nwap####.cdn.bc####.com
  • nwapi####.oss-cn-####.aliy####.com
  • o####.e.kuai####.com
  • oc.u####.com
  • p####.ad####.com
  • p####.google####.com
  • pla####.google####.com
  • qzs.gd####.com
  • rr2---s####.g####.com
  • s####.e.qq.com
  • sf3-fe####.pglstat####.com
  • sho####.netwa####.com
  • st####.yx####.com
  • t####.m.qq.com
  • thi####.q####.cn
  • tnc3-b####.ziji####.com
  • to####.ctobsn####.com
  • ulog####.gif####.com
  • w1.ks####.com
  • www.google####.com
  • zt.gif####.com
HTTP GET requests:
  • adjs-de####.e.kuai####.com:443/rest/e/system/speed
  • js.a.k####.####.com:443/bs2/antispamWeaponApk/518d6bfd70f5858fe6856b6327...
  • nwapi####.oss-cn-####.aliy####.com:443/api.txt?-92921####
  • nwapi####.oss-cn-####.aliy####.com:443/api.txt?181252####
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220302-151536-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220317-170318-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220526-181903-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220526-181909-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220615-162507-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220630-143109-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220916-102636-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220916-102638-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220916-102642-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20221205-110412-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20221214-172826-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20230104-112230-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20230209-161202-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20230301-003842-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20230906-162258-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20231101-153706-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20240201-115039-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20240327-143255-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20240520-145242-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20240715-144142-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/polyfill/20230309-115814-ts-...
  • p####.ad####.com.####.com:443/kos/nlav11213/radar/20220215-172837-radar-...
  • p####.ad####.com.####.com:443/kos/nlav11213/radar/20220301-190615-log.br...
  • p####.ad####.com.####.com:443/kos/nlav11213/radar/20220322-113729-favico...
  • p####.ad####.com.####.com:443/kos/nlav11213/radar/20220324-105734-radar-...
  • p####.ad####.com.####.com:443/kos/nlav11213/supercard-zip/20220829-16043...
  • p####.ad####.com.####.com:443/kos/nlav11213/supercard-zip/20221010-18070...
  • p####.ad####.com.####.com:443/udata/pkg/KS-Android-KSAdSDk/kmac/ks_kmac32
  • p####.ad####.com.####.com:443/udata/pkg/KS-Android-KSAdSDk/offline_compo...
  • qzs.gd####.com.####.com:443/union/res/android/plugin/plugin.dex-1461.jar
  • qzs.gd####.com.####.com:443/union/res/union_cdn/page/android/quickjs/lib...
  • sho####.netwa####.com.####.com/admin/makesimg/output/gj_20240827/0830g3_...
  • sho####.netwa####.com.####.com/admin/makesimg/output/gj_20240827/0830g6_...
  • sho####.netwa####.com.####.com/admin/makesimg/output/gj_20240827/0830g7_...
  • sho####.netwa####.com.####.com/admin/makesimg/output/gj_20240827/0830g9_...
  • sho####.netwa####.com.####.com/admin/makesimg/output/gj_20240827/0900g10...
  • sho####.netwa####.com.####.com/admin/makesimg/output/gj_20240827/0900g3_...
  • sho####.netwa####.com.####.com/admin/makesimg/output/gj_20240827/0900g5_...
  • sho####.netwa####.com.####.com/admin/makesimg/output/gj_20240827/0900g6_...
  • sho####.netwa####.com.####.com:443/guajiplugin_self_1083
  • sho####.netwa####.com.####.com:443/showmp4/gjv/gjv_show_001_cover.png?x-...
  • sho####.netwa####.com.####.com:443/showmp4/gjv/gjv_show_001_img.png?x-bc...
  • sho####.netwa####.com.####.com:443/showmp4/gjv/gjv_show_002_cover.png?x-...
  • sho####.netwa####.com.####.com:443/showmp4/gjv/gjv_show_002_img.png?x-bc...
  • sho####.netwa####.com.####.com:443/showmp4/gjv/gjv_show_003_cover.png?x-...
  • sho####.netwa####.com.####.com:443/showmp4/gjv/gjv_show_003_img.png?x-bc...
  • sho####.netwa####.com.####.com:443/showmp4/gjv/gjv_show_004_cover2.png?x...
  • sho####.netwa####.com.####.com:443/showmp4/gjv/show_gjv_004_img.png?x-bc...
  • sho####.netwa####.com.####.com:443/showmp4/gjv/show_gjv_005_cover.png?x-...
  • sho####.netwa####.com.####.com:443/showmp4/gjv/show_gjv_005_img.png?x-bc...
  • thi####.q####.cn/mmopen/vi_32/DYAIOgq83eoET4pvRb145DvibHtpxILWkmR9wMAhFn...
  • thi####.q####.cn/mmopen/vi_32/DYAIOgq83eoNc4aUZJT2w3JAicia2fPzrkXoMykiaH...
  • thi####.q####.cn/mmopen/vi_32/DYAIOgq83eqezX5zN0fEDmzztKUCTfznWThFOum3LE...
  • thi####.q####.cn/mmopen/vi_32/Q0j4TwGTfTIcWJscFYicEUNWgT44w5BNI46Lfa51lR...
  • thi####.q####.cn/mmopen/vi_32/Q0j4TwGTfTIh9yK8Saem1vlIAicnesddgibxjT1GN4...
  • thi####.q####.cn/mmopen/vi_32/Q0j4TwGTfTJHouESAdE8DUUziaTPZRWOhMEFBDkruJ...
  • thi####.q####.cn/mmopen/vi_32/Q0j4TwGTfTK0icRXcwiaTace2amSr2CT8yiaGoTg6P...
  • thi####.q####.cn/mmopen/vi_32/Q0j4TwGTfTLcuf8LczicWQmyV67miaw9r0wClo8mXE...
  • thi####.q####.cn:443/mmopen/vi_32/8SdpYbicwXVXt0fIN7L0f2WdvTAbrkY91AloCy...
  • thi####.q####.cn:443/mmopen/vi_32/QAZ5gLTK2At42xibUW5LDFIvmejFDp8rkmFkEl...
  • thi####.q####.cn:443/mmopen/vi_32/gK9BjPHZicmLJicRvVsvNrY2RGxib6ia57Tgvg...
  • thi####.q####.cn:443/mmopen/vi_32/pt4dOV9p5KBdLX14I8ruVNIHVMiavWLxVGWWRh...
  • thi####.q####.cn:443/mmopen/vi_32/zIqugsZ8vTcibQNxfBrWhPe5c7Gjr0rjvuq8ae...
HTTP POST requests:
  • a####.u####.com/app_logs
  • adjs-de####.e.kuai####.com:443/rest/e/v3/open/config
  • adjs-de####.e.kuai####.com:443/rest/e/v3/open/kwaiGeoLocation
  • adjs-de####.e.kuai####.com:443/rest/e/v3/open/logBatch
  • adjs-de####.e.kuai####.com:443/rest/e/v3/open/sdk2
  • adjs-de####.e.kuai####.com:443/rest/e/v3/open/univ
  • g####.gif####.com/r/t/h?timestamp=####&secretkey=####&appkey=####&sign=#...
  • g####.gif####.com:443/f/a/p?timestamp=####&secretkey=####&appkey=####&si...
  • g####.gif####.com:443/rest/infra/gdfp/a/q?timestamp=####&secretkey=####&...
  • g####.gif####.com:443/x/f/g?timestamp=####&secretkey=####&appkey=####&si...
  • gro####.pangoli####.com.####.com:443/api/ad/union/mediation/config/
  • gro####.pangoli####.com.####.com:443/ri/report_otob?lc_id=####&platform=...
  • oc.u####.com/check_config_update
  • s####.e.qq.com:443/activate
  • s####.e.qq.com:443/event
  • s####.e.qq.com:443/perf
  • t####.m.qq.com:443/?mc=####
  • to####.ctobsn####.com.####.com:443/service/2/app_log/?device_platform=##...
  • to####.ctobsn####.com.####.com:443/service/2/device_register_only/?aid=#...
  • to####.ctobsn####.com.####.com:443/service/2/log_settings/?device_platfo...
File system changes:
Creates the following files:
  • /data/data/####/-1301763816-554287649
  • /data/data/####/-15465723911727244318
  • /data/data/####/-1873439809780889010
  • /data/data/####/-19132160321386605904
  • /data/data/####/-1950420643-1940539901
  • /data/data/####/.bak
  • /data/data/####/.base.dex
  • /data/data/####/.base.dex.flock (deleted)
  • /data/data/####/.base.jar
  • /data/data/####/.imprint
  • /data/data/####/.msf3_31d659304230575c05a3c5ebd11c8d076e58118c
  • /data/data/####/.msf3_4101dff45425a5380675454177d6e6b4e29a5ebb
  • /data/data/####/.msf3_6f05be3a01810a12a0dce73b48e953e9237e0a2b
  • /data/data/####/.msf3_904f2636614f90c4f53ea2df4c3b31d5d606a64b
  • /data/data/####/.msp_092fde7a53a0274594af0984c7830fc0c13dc8bd
  • /data/data/####/.msp_589c22335a381f122d129225f5c0ba3056ed5811
  • /data/data/####/.mss_1f149f2d7f76b27fded4588b7ec7fb6dd577723d
  • /data/data/####/.old_file_converted
  • /data/data/####/.t.log
  • /data/data/####/105498_au_1
  • /data/data/####/107108244-1606503382
  • /data/data/####/1520834451-866457556
  • /data/data/####/15yhsjpa8oejnck3pdyovpj31
  • /data/data/####/15yhsjpa8oejnck3pdyovpj31.tmp
  • /data/data/####/1915134271907469872
  • /data/data/####/1915134271907471639
  • /data/data/####/1cwgn7erurw4cz8ey1cg4n1zr
  • /data/data/####/1cwgn7erurw4cz8ey1cg4n1zr.tmp
  • /data/data/####/1e1ecv39kzp6vnwls87bsqkga
  • /data/data/####/1e1ecv39kzp6vnwls87bsqkga.tmp
  • /data/data/####/1l6asvs04jpelmdhwok9bp652
  • /data/data/####/1l6asvs04jpelmdhwok9bp652.tmp
  • /data/data/####/1oavg2d6n4lw2okw3qmvhk61l
  • /data/data/####/1oavg2d6n4lw2okw3qmvhk61l.tmp
  • /data/data/####/1rjrfw7u85jhz41me5427aigi
  • /data/data/####/1rjrfw7u85jhz41me5427aigi.tmp
  • /data/data/####/1wxq8euq2z153qr2r07nufw7b
  • /data/data/####/1wxq8euq2z153qr2r07nufw7b.tmp
  • /data/data/####/1xfwnvfuz2buos8u86rxny4a2
  • /data/data/####/1xfwnvfuz2buos8u86rxny4a2.tmp
  • /data/data/####/2-6.2.0.tmp
  • /data/data/####/2-6.2.0.zip
  • /data/data/####/20220215-172837-radar-test.js.zip.temp
  • /data/data/####/20220215-172837-radar-test.js.zip1724720452407 (deleted)
  • /data/data/####/20220301-190615-log.browser-full.min.js.zip
  • /data/data/####/20220301-190615-log.browser-full.min.js.zip.temp
  • /data/data/####/20220302-151536-ad-union-video-banner.zip.temp
  • /data/data/####/20220317-170318-ad-union-video-draw.zip
  • /data/data/####/20220317-170318-ad-union-video-draw.zip.temp
  • /data/data/####/20220322-113729-favicon.ico.zip.temp
  • /data/data/####/20220324-105734-radar-master.js.zip.temp
  • /data/data/####/20220324-105734-radar-master.js.zip1724720450975 (deleted)
  • /data/data/####/20220526-181903-ad-union-feed-template.zip.temp
  • /data/data/####/20220526-181909-ad-union-feed-template.zip
  • /data/data/####/20220526-181909-ad-union-feed-template.zip.temp
  • /data/data/####/20220615-162507-ad-union-video-banner.zip
  • /data/data/####/20220615-162507-ad-union-video-banner.zip.temp
  • /data/data/####/20220615-162507-ad-union-video-black-style.zip
  • /data/data/####/20220615-162507-ad-union-video-black-style.zip.temp
  • /data/data/####/20220630-143109-ad-union-stimulate-video-page.z...leted)
  • /data/data/####/20220630-143109-ad-union-stimulate-video-page.zip.temp
  • /data/data/####/20220829-160433-AdIcon-index.zip.temp
  • /data/data/####/20220829-160433-AdIcon-index.zip1724720452058 (deleted)
  • /data/data/####/20220829-160433-AppIcon-index.zip.temp
  • /data/data/####/20220829-160433-Button-index.zip
  • /data/data/####/20220829-160433-Button-index.zip.temp
  • /data/data/####/20220829-160433-Card-index.zip
  • /data/data/####/20220829-160433-Card-index.zip.temp
  • /data/data/####/20220829-160433-CloseButton-index.zip
  • /data/data/####/20220829-160433-CloseButton-index.zip.temp
  • /data/data/####/20220829-160433-Container-index.zip
  • /data/data/####/20220829-160433-Container-index.zip.temp
  • /data/data/####/20220829-160433-Des-index.zip.temp
  • /data/data/####/20220829-160433-Des-index.zip1724720450982 (deleted)
  • /data/data/####/20220829-160433-DownloadCount-index.zip
  • /data/data/####/20220829-160433-DownloadCount-index.zip.temp
  • /data/data/####/20220829-160433-Hand-index.zip.temp
  • /data/data/####/20220829-160433-Image-index.zip
  • /data/data/####/20220829-160433-Image-index.zip.temp
  • /data/data/####/20220829-160433-PermissionInfo-index.zip
  • /data/data/####/20220829-160433-PermissionInfo-index.zip.temp
  • /data/data/####/20220829-160433-Shake-index.zip.temp
  • /data/data/####/20220829-160433-Star-index.zip
  • /data/data/####/20220829-160433-Star-index.zip.temp
  • /data/data/####/20220829-160433-Tags-index.zip
  • /data/data/####/20220829-160433-Tags-index.zip.temp
  • /data/data/####/20220829-160433-Title-index.zip
  • /data/data/####/20220829-160433-Title-index.zip.temp
  • /data/data/####/20220829-160433-Video-index.zip
  • /data/data/####/20220829-160433-Video-index.zip.temp
  • /data/data/####/20220916-102636-ad-union-interstitial.zip
  • /data/data/####/20220916-102636-ad-union-interstitial.zip.temp
  • /data/data/####/20220916-102638-ad-union-download-confirm.zip.temp
  • /data/data/####/20220916-102638-ad-union-download-confirm.zip17...leted)
  • /data/data/####/20220916-102642-ad-union-live-order-small-button.zip
  • /data/data/####/20220916-102642-ad-union-live-order-small-button.zip.temp
  • /data/data/####/20220916-102642-ad-union-live-order-top-avatar.zip
  • /data/data/####/20220916-102642-ad-union-live-order-top-avatar.zip.temp
  • /data/data/####/20221010-180701-bridge.zip.temp
  • /data/data/####/20221010-180701-img.zip
  • /data/data/####/20221010-180701-img.zip.temp
  • /data/data/####/20221010-180701-indexHtml.zip
  • /data/data/####/20221010-180701-indexHtml.zip.temp
  • /data/data/####/20221010-180701-pubilc.zip
  • /data/data/####/20221010-180701-pubilc.zip.temp
  • /data/data/####/20221010-180701-runtime.zip.temp
  • /data/data/####/20221010-180701-runtime.zip1724720457923 (deleted)
  • /data/data/####/20221010-180701-vendor.zip
  • /data/data/####/20221010-180701-vendor.zip.temp
  • /data/data/####/20221205-110412-ad-union-stimulate-backflow.zip
  • /data/data/####/20221205-110412-ad-union-stimulate-backflow.zip.temp
  • /data/data/####/20221214-172826-ad-union-splash-page.zip
  • /data/data/####/20221214-172826-ad-union-splash-page.zip.temp
  • /data/data/####/20230104-112230-ad-union-live-order-left-avatar...leted)
  • /data/data/####/20230104-112230-ad-union-live-order-left-avatar.zip.temp
  • /data/data/####/20230209-161202-ad-union-splash-page-v1.zip
  • /data/data/####/20230209-161202-ad-union-splash-page-v1.zip.temp
  • /data/data/####/20230301-003842-ad-union-end-card.zip
  • /data/data/####/20230301-003842-ad-union-end-card.zip.temp
  • /data/data/####/20230309-115814-ts-polyfill.min.js.zip.temp
  • /data/data/####/20230906-162258-ad-union-middle-page.zip
  • /data/data/####/20230906-162258-ad-union-middle-page.zip.temp
  • /data/data/####/20231101-153706-ad-union-video-action-bar-times...leted)
  • /data/data/####/20231101-153706-ad-union-video-action-bar-times.zip.temp
  • /data/data/####/20231101-153706-ad-union-video-action-bar.zip
  • /data/data/####/20231101-153706-ad-union-video-action-bar.zip.temp
  • /data/data/####/20231101-153706-ad-union-video-action-layout-big.zip
  • /data/data/####/20231101-153706-ad-union-video-action-layout-big.zip.temp
  • /data/data/####/20231101-153706-ad-union-video-action-layout-sam.zip
  • /data/data/####/20231101-153706-ad-union-video-action-layout-sam.zip.temp
  • /data/data/####/20240201-115039-ad-union-video-banner.zip
  • /data/data/####/20240201-115039-ad-union-video-banner.zip.temp
  • /data/data/####/20240327-143255-ad-union-end-card.zip
  • /data/data/####/20240327-143255-ad-union-end-card.zip.temp
  • /data/data/####/20240520-145242-ad-union-feed-template.zip.temp
  • /data/data/####/20240520-145242-ad-union-feed-template.zip17247...leted)
  • /data/data/####/20240715-144142-ad-union-download-popup.zip
  • /data/data/####/20240715-144142-ad-union-download-popup.zip.temp
  • /data/data/####/22kf8h6j5phoxlllpr3brwlym
  • /data/data/####/24i049w6mo4vef7gwz5a0k9zy
  • /data/data/####/24i049w6mo4vef7gwz5a0k9zy.tmp
  • /data/data/####/2ridexzwa64742qolegds7qp5
  • /data/data/####/2ridexzwa64742qolegds7qp5.tmp
  • /data/data/####/31ls9s609cw7gpaa7txj0mryf
  • /data/data/####/31ls9s609cw7gpaa7txj0mryf.tmp
  • /data/data/####/35s6m1ufvmavr16z0wfq3my7p
  • /data/data/####/35s6m1ufvmavr16z0wfq3my7p.tmp
  • /data/data/####/38yq6wc7xq9xl4hnzsval9hs9
  • /data/data/####/38yq6wc7xq9xl4hnzsval9hs9.tmp
  • /data/data/####/3ayve35mhmgopkjccxqtnkes2
  • /data/data/####/3ayve35mhmgopkjccxqtnkes2.tmp
  • /data/data/####/3dy1w94xbz33d49q90t9n7d4s
  • /data/data/####/3dy1w94xbz33d49q90t9n7d4s.tmp
  • /data/data/####/3ohep8dqpni38egjohj8m5w2p
  • /data/data/####/3ohep8dqpni38egjohj8m5w2p (deleted)
  • /data/data/####/3u1agpdrbi8e0n15d0yhdjodi
  • /data/data/####/3u1agpdrbi8e0n15d0yhdjodi (deleted)
  • /data/data/####/3wyvsghag7opy14vpov6ni1w7
  • /data/data/####/3wyvsghag7opy14vpov6ni1w7.tmp
  • /data/data/####/3xjbywzep4d0e851qptli5rqw
  • /data/data/####/400x8lzgqd8so1zh8m0nitirl
  • /data/data/####/400x8lzgqd8so1zh8m0nitirl (deleted)
  • /data/data/####/4eowj0i1ep7et87fd64z1v9bv
  • /data/data/####/4eowj0i1ep7et87fd64z1v9bv (deleted)
  • /data/data/####/4fwiy3rrhg2qgtk92ic8z6qqv
  • /data/data/####/4fwiy3rrhg2qgtk92ic8z6qqv.tmp
  • /data/data/####/4u14zj8bw3h1rolchpo92ssov
  • /data/data/####/4u14zj8bw3h1rolchpo92ssov.tmp
  • /data/data/####/5038.yaqcookie
  • /data/data/####/50ku15twbcu49hlrrulthj5kl
  • /data/data/####/50ku15twbcu49hlrrulthj5kl.tmp
  • /data/data/####/5637uh535u483a8qsg22zr88w
  • /data/data/####/5637uh535u483a8qsg22zr88w.tmp
  • /data/data/####/5cdvi6l8zxrs9l796ruvxvumb
  • /data/data/####/5cdvi6l8zxrs9l796ruvxvumb.tmp
  • /data/data/####/5q5sap2jyqd166c46rybcrnmo
  • /data/data/####/5q5sap2jyqd166c46rybcrnmo.tmp
  • /data/data/####/5zx7yg9q6gs63uzau54oeo2gr
  • /data/data/####/5zx7yg9q6gs63uzau54oeo2gr.tmp
  • /data/data/####/66rt2kg4u5g6dzk7ian4kkmf7
  • /data/data/####/66rt2kg4u5g6dzk7ian4kkmf7.tmp
  • /data/data/####/6fcojhrh6zkmh6pqg8hj0x407
  • /data/data/####/6fcojhrh6zkmh6pqg8hj0x407.tmp
  • /data/data/####/6n8pw984cv3s6u9zx2indptyz
  • /data/data/####/6n8pw984cv3s6u9zx2indptyz.tmp
  • /data/data/####/764v16kg749advg4kmdlzk3bd
  • /data/data/####/764v16kg749advg4kmdlzk3bd.tmp
  • /data/data/####/77ec9e4d2nierbkheatp8v0gm
  • /data/data/####/77ec9e4d2nierbkheatp8v0gm.tmp
  • /data/data/####/78ui13kkimm1kq22ktqo97amo
  • /data/data/####/78ui13kkimm1kq22ktqo97amo.tmp
  • /data/data/####/7bf3d9f3041db08e1b89a2bd898ad37d.tmp
  • /data/data/####/893062516-1259278768
  • /data/data/####/9b6963ec6396a4e080fd7b61ce9e408c.tmp
  • /data/data/####/AdIcon-index.chunk.7af72bb5c31f26787425.js
  • /data/data/####/AdIcon-index.chunk.7af72bb5c31f26787425.js.map
  • /data/data/####/AppIcon-index.chunk.f8d3d7bcde7fe4dc6018.js
  • /data/data/####/AppIcon-index.chunk.f8d3d7bcde7fe4dc6018.js.map
  • /data/data/####/BuglySdkInfos.xml
  • /data/data/####/Button-index.chunk.40e33c552d0d523e3901.js
  • /data/data/####/Button-index.chunk.40e33c552d0d523e3901.js.map
  • /data/data/####/Card-index.chunk.4bde925d7d95ef96d1ce.js
  • /data/data/####/Card-index.chunk.4bde925d7d95ef96d1ce.js.map
  • /data/data/####/CloseButton-index.chunk.21e376d3cb9b6c09dd70.js
  • /data/data/####/CloseButton-index.chunk.21e376d3cb9b6c09dd70.js.map
  • /data/data/####/Container-index.chunk.7a5aa61cd8e17bbab1c8.js
  • /data/data/####/Container-index.chunk.7a5aa61cd8e17bbab1c8.js.map
  • /data/data/####/Des-index.chunk.7f3dfc0af781201feb0f.js
  • /data/data/####/Des-index.chunk.7f3dfc0af781201feb0f.js.map
  • /data/data/####/DownloadCount-index.chunk.41b30e51c3c929a3e1c2.js
  • /data/data/####/DownloadCount-index.chunk.41b30e51c3c929a3e1c2.js.map
  • /data/data/####/GDTSDK.db
  • /data/data/####/GDTSDK.db-journal
  • /data/data/####/Hand-index.chunk.eb5304f2891867b77fc5.js
  • /data/data/####/Hand-index.chunk.eb5304f2891867b77fc5.js.map
  • /data/data/####/Image-index.chunk.d1888059fd34ba299275.js
  • /data/data/####/Image-index.chunk.d1888059fd34ba299275.js.map
  • /data/data/####/PermissionInfo-index.chunk.d6c94cc2f0ecfc71e24d.js
  • /data/data/####/PermissionInfo-index.chunk.d6c94cc2f0ecfc71e24d.js.map
  • /data/data/####/Shake-index.chunk.1b1dba1f9937498f9eca.js
  • /data/data/####/Star-index.chunk.acc60f6459d6a4c0a5ca.js
  • /data/data/####/Star-index.chunk.acc60f6459d6a4c0a5ca.js.map
  • /data/data/####/Tags-index.chunk.05c573eac06db39b9f3c.js
  • /data/data/####/Tags-index.chunk.05c573eac06db39b9f3c.js.map
  • /data/data/####/Title-index.chunk.530461a5ad64c54829a8.js
  • /data/data/####/Title-index.chunk.530461a5ad64c54829a8.js.map
  • /data/data/####/Video-index.chunk.0ba1f8cff3708d406217.js
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/_manifest_.json
  • /data/data/####/a61caqs15esv1q89y2p72hwk
  • /data/data/####/a61caqs15esv1q89y2p72hwk.tmp
  • /data/data/####/acbd.xml
  • /data/data/####/ad-end-card-redPacket-pendant.4709d1e.png
  • /data/data/####/ad-end-card-redPacket.220b019.png
  • /data/data/####/ad-endCard-redPacket-text.ece8fbf.png
  • /data/data/####/ad-union-download-confirm-f926a0415d.html
  • /data/data/####/ad-union-download-confirm.26a3c5209bff368bb6cc.js
  • /data/data/####/ad-union-download-popup-74d530152f.html
  • /data/data/####/ad-union-download-popup.5ae327deb98998087493.js
  • /data/data/####/ad-union-end-card-35e0b39ba3.html
  • /data/data/####/ad-union-end-card-9edac2484a.html
  • /data/data/####/ad-union-end-card.13600d188f9ddfa23ca4.js
  • /data/data/####/ad-union-end-card.13600d188f9ddfa23ca4.js.LICENSE.txt
  • /data/data/####/ad-union-end-card.4f8dbfe6d25a66144fed.js
  • /data/data/####/ad-union-end-card.4f8dbfe6d25a66144fed.js.LICENSE.txt
  • /data/data/####/ad-union-feed-template-9903963b4d.html
  • /data/data/####/ad-union-feed-template-a84572888b.html
  • /data/data/####/ad-union-feed-template-eb8ef2505c.html
  • /data/data/####/ad-union-feed-template.55fd9260149b8846d4b2.js
  • /data/data/####/ad-union-feed-template.56783a4618d811759bc9.js
  • /data/data/####/ad-union-interstitial-df347ddc74.html
  • /data/data/####/ad-union-interstitial.227d4a1342be3dcb1ee0.js
  • /data/data/####/ad-union-live-order-left-avatar-1c7dcaa0fd.html
  • /data/data/####/ad-union-live-order-left-avatar.c6f7b90ec1adc36c827a.js
  • /data/data/####/ad-union-live-order-small-button-4e5da5114e.html
  • /data/data/####/ad-union-live-order-small-button.001d75edf1ba6c21abba.js
  • /data/data/####/ad-union-live-order-top-avatar-21085ce398.html
  • /data/data/####/ad-union-live-order-top-avatar.e6fd9aa8f3b1f54465d8.js
  • /data/data/####/ad-union-middle-page-480dac7b8b.html
  • /data/data/####/ad-union-middle-page.537344200d68b18eb7a9.js
  • /data/data/####/ad-union-splash-page-415ca3382d.html
  • /data/data/####/ad-union-splash-page-v1-0eb8d4833e.html
  • /data/data/####/ad-union-stimulate-backflow-b26908575a.html
  • /data/data/####/ad-union-stimulate-backflow.de17e27fc02b33ab7735.js
  • /data/data/####/ad-union-stimulate-video-page-0fc4975290.html
  • /data/data/####/ad-union-stimulate-video-page.01051b1f7cb5a58e9b9e.js
  • /data/data/####/ad-union-video-action-bar-5b38a6cf97.html
  • /data/data/####/ad-union-video-action-bar-times-732a2363ec.html
  • /data/data/####/ad-union-video-action-bar-times.a1e460d7891f2698856d.js
  • /data/data/####/ad-union-video-action-bar.0c8d4540001fa151ed72.js
  • /data/data/####/ad-union-video-action-layout-big-d5dae8e6c9.html
  • /data/data/####/ad-union-video-action-layout-big.80627e742e32ddf638e8.js
  • /data/data/####/ad-union-video-action-layout-sam-68222ce3b1.html
  • /data/data/####/ad-union-video-action-layout-sam.7e6b5b1cf01360f500b0.js
  • /data/data/####/ad-union-video-banner-7ad726ee61.html
  • /data/data/####/ad-union-video-banner-dfdb2a9767.html
  • /data/data/####/ad-union-video-banner-ecd6b4c8b2.html
  • /data/data/####/ad-union-video-banner.52207dd4b51b732fe49d.js
  • /data/data/####/ad-union-video-banner.58d80f2eafafdacaa944.js
  • /data/data/####/ad-union-video-banner.5e4b7dc1f98d0d54bf10.js
  • /data/data/####/ad-union-video-black-style-c9f3072071.html
  • /data/data/####/ad-union-video-black-style.72d5929d473f6b319fff.js
  • /data/data/####/ad-union-video-draw-19ead5d0a5.html
  • /data/data/####/ad-union-video-draw.230ae1783ff461ee5472.js
  • /data/data/####/ad-union-video-draw.230ae1783ff461ee5472.js.map
  • /data/data/####/background.d0e9f73.png
  • /data/data/####/base-1.apk
  • /data/data/####/base-1.dex
  • /data/data/####/base-1.dex.flock (deleted)
  • /data/data/####/bg.0545116.png
  • /data/data/####/bg.2ff5c63.png
  • /data/data/####/bg.5063005.png
  • /data/data/####/bg.ab0c34c.png
  • /data/data/####/bg.f0cbf69.png
  • /data/data/####/bridge.63c8f58276e73c242e4f.js
  • /data/data/####/bridge.63c8f58276e73c242e4f.js.map
  • /data/data/####/btn-hand.9b3063.png
  • /data/data/####/btn-hand.d623fd2.png
  • /data/data/####/button.18ae7fb.png
  • /data/data/####/cloud.a4a3d10.png
  • /data/data/####/com.android.lemeng.ahareribit.xml
  • /data/data/####/com.android.lemeng.ahareribit.xml.bak
  • /data/data/####/com.android.lemeng.ahareribit.xml.bak (deleted)
  • /data/data/####/com.android.lemeng.ahareribit_preferences.xml
  • /data/data/####/com.byted.pangle.apk
  • /data/data/####/com.qq.e.eaconfig.xml
  • /data/data/####/com.qq.e.eaconfig.xml.bak
  • /data/data/####/com.qq.e.sdkconfig.xml
  • /data/data/####/db_lib.db
  • /data/data/####/db_lib.db-journal
  • /data/data/####/devCloudSetting.cfg
  • /data/data/####/devCloudSetting.sig
  • /data/data/####/downloader.db-journal
  • /data/data/####/ea_data.db
  • /data/data/####/ea_data.db-journal
  • /data/data/####/f3102940ae9ae3bffae7c3dc4b47ccc3.tmp
  • /data/data/####/f3102940ae9ae3bffae7c3dc4b47ccc3.tmp (deleted)
  • /data/data/####/f4yfru6821ljzjod4fio61qc
  • /data/data/####/f4yfru6821ljzjod4fio61qc.tmp
  • /data/data/####/favicon.ico
  • /data/data/####/finger.ccff811.png
  • /data/data/####/gdt_config.cfg
  • /data/data/####/gdt_plugin.dex
  • /data/data/####/gdt_plugin.dex.flock (deleted)
  • /data/data/####/gdt_plugin.jar
  • /data/data/####/gdt_plugin.jar.sig
  • /data/data/####/gdt_plugin.tmp
  • /data/data/####/gdt_plugin.tmp.sig
  • /data/data/####/gdt_stat.db
  • /data/data/####/gdt_stat.db-journal
  • /data/data/####/gdt_suid
  • /data/data/####/hiqyujqhoun2xi3syplcoi5g
  • /data/data/####/hiqyujqhoun2xi3syplcoi5g.tmp
  • /data/data/####/huhs6igwk91vy0ts7f9ug5mr
  • /data/data/####/huhs6igwk91vy0ts7f9ug5mr.tmp
  • /data/data/####/ie3r6u06as061pp7ouwwcs9h
  • /data/data/####/ie3r6u06as061pp7ouwwcs9h.tmp
  • /data/data/####/index-73988e05b4.html
  • /data/data/####/ksad_file_download.db-journal
  • /data/data/####/ksadcache.db-journal
  • /data/data/####/ksadrep.db-journal
  • /data/data/####/ksadsdk_JS_CONFIG.kva
  • /data/data/####/ksadsdk_JS_CONFIG.kvb
  • /data/data/####/ksadsdk_JS_CONFIG.xml
  • /data/data/####/ksadsdk_api_path.kva
  • /data/data/####/ksadsdk_api_path.kvb
  • /data/data/####/ksadsdk_api_path.xml
  • /data/data/####/ksadsdk_config.xml
  • /data/data/####/ksadsdk_config_request.kva
  • /data/data/####/ksadsdk_config_request.kvb
  • /data/data/####/ksadsdk_config_request.xml
  • /data/data/####/ksadsdk_data_flow_auto_start.kva
  • /data/data/####/ksadsdk_data_flow_auto_start.kvb
  • /data/data/####/ksadsdk_data_flow_auto_start.xml
  • /data/data/####/ksadsdk_device_sig.kva
  • /data/data/####/ksadsdk_device_sig.kvb
  • /data/data/####/ksadsdk_device_sig.xml
  • /data/data/####/ksadsdk_download_package_length.kva
  • /data/data/####/ksadsdk_download_package_length.kvb
  • /data/data/####/ksadsdk_download_package_length.xml
  • /data/data/####/ksadsdk_download_package_md5.kva
  • /data/data/####/ksadsdk_download_package_md5.kvb
  • /data/data/####/ksadsdk_download_package_md5.xml
  • /data/data/####/ksadsdk_egid.kva
  • /data/data/####/ksadsdk_egid.kvb
  • /data/data/####/ksadsdk_egid.xml
  • /data/data/####/ksadsdk_egid.xml.bak
  • /data/data/####/ksadsdk_fullscreen_local_ad_count.kva
  • /data/data/####/ksadsdk_fullscreen_local_ad_count.kvb
  • /data/data/####/ksadsdk_fullscreen_local_ad_count.xml
  • /data/data/####/ksadsdk_gidExpireTimeMs.kva
  • /data/data/####/ksadsdk_gidExpireTimeMs.kvb
  • /data/data/####/ksadsdk_gidExpireTimeMs.xml
  • /data/data/####/ksadsdk_idc.kva
  • /data/data/####/ksadsdk_idc.kvb
  • /data/data/####/ksadsdk_idc.xml
  • /data/data/####/ksadsdk_interstitial_aggregate_daily_show_count.kva
  • /data/data/####/ksadsdk_interstitial_aggregate_daily_show_count.kvb
  • /data/data/####/ksadsdk_interstitial_aggregate_daily_show_count.xml
  • /data/data/####/ksadsdk_interstitial_daily_show_count.kva
  • /data/data/####/ksadsdk_interstitial_daily_show_count.kvb
  • /data/data/####/ksadsdk_interstitial_daily_show_count.xml
  • /data/data/####/ksadsdk_local_ad_force_active.kva
  • /data/data/####/ksadsdk_local_ad_force_active.kvb
  • /data/data/####/ksadsdk_local_ad_force_active.xml
  • /data/data/####/ksadsdk_local_ad_force_active_data.kva
  • /data/data/####/ksadsdk_local_ad_force_active_data.kvb
  • /data/data/####/ksadsdk_local_ad_force_active_data.xml
  • /data/data/####/ksadsdk_local_ad_task_info.kva
  • /data/data/####/ksadsdk_local_ad_task_info.kvb
  • /data/data/####/ksadsdk_local_ad_task_info.xml
  • /data/data/####/ksadsdk_model.kva
  • /data/data/####/ksadsdk_model.kvb
  • /data/data/####/ksadsdk_model.xml
  • /data/data/####/ksadsdk_model.xml.bak
  • /data/data/####/ksadsdk_mplogseq.kva
  • /data/data/####/ksadsdk_mplogseq.kvb
  • /data/data/####/ksadsdk_mplogseq.xml
  • /data/data/####/ksadsdk_notification_download_complete.kva
  • /data/data/####/ksadsdk_notification_download_complete.kvb
  • /data/data/####/ksadsdk_notification_download_complete.xml
  • /data/data/####/ksadsdk_perf.xml
  • /data/data/####/ksadsdk_perf.xml.bak
  • /data/data/####/ksadsdk_pref.kva
  • /data/data/####/ksadsdk_pref.kvb
  • /data/data/####/ksadsdk_pref.xml
  • /data/data/####/ksadsdk_pref.xml.bak
  • /data/data/####/ksadsdk_rep.kva
  • /data/data/####/ksadsdk_rep.kvb
  • /data/data/####/ksadsdk_rep.xml
  • /data/data/####/ksadsdk_reward_auto_call_app_card_show_count.kva
  • /data/data/####/ksadsdk_reward_auto_call_app_card_show_count.kvb
  • /data/data/####/ksadsdk_reward_auto_call_app_card_show_count.xml
  • /data/data/####/ksadsdk_reward_full_ad_jump_direct.kva
  • /data/data/####/ksadsdk_reward_full_ad_jump_direct.kvb
  • /data/data/####/ksadsdk_reward_full_ad_jump_direct.xml
  • /data/data/####/ksadsdk_reward_reflow_config.kva
  • /data/data/####/ksadsdk_reward_reflow_config.kvb
  • /data/data/####/ksadsdk_reward_reflow_config.xml
  • /data/data/####/ksadsdk_sdk_config_data
  • /data/data/####/ksadsdk_seq.kva
  • /data/data/####/ksadsdk_seq.kvb
  • /data/data/####/ksadsdk_seq.xml
  • /data/data/####/ksadsdk_seq.xml.bak (deleted)
  • /data/data/####/ksadsdk_so_load_times.kva
  • /data/data/####/ksadsdk_so_load_times.kvb
  • /data/data/####/ksadsdk_so_load_times.xml
  • /data/data/####/ksadsdk_solder.kva
  • /data/data/####/ksadsdk_solder.kvb
  • /data/data/####/ksadsdk_solder.xml
  • /data/data/####/ksadsdk_splash_daily_show_count.kva
  • /data/data/####/ksadsdk_splash_daily_show_count.kvb
  • /data/data/####/ksadsdk_splash_daily_show_count.xml
  • /data/data/####/ksadsdk_splash_local_rotate_active_count.kva
  • /data/data/####/ksadsdk_splash_local_rotate_active_count.kvb
  • /data/data/####/ksadsdk_splash_local_rotate_active_count.xml
  • /data/data/####/ksadsdk_splash_preload_id_list.kva
  • /data/data/####/ksadsdk_splash_preload_id_list.kvb
  • /data/data/####/ksadsdk_splash_preload_id_list.xml
  • /data/data/####/ksadsdk_wallpaper_path.kva
  • /data/data/####/ksadsdk_wallpaper_path.kvb
  • /data/data/####/ksadsdk_wallpaper_path.xml
  • /data/data/####/kscfg_outdfp.xml
  • /data/data/####/kssdk_api_pref.xml
  • /data/data/####/kssdk_kv_mode.xml
  • /data/data/####/lcdpr.xml
  • /data/data/####/libPglbizssdk_ml.so
  • /data/data/####/libavmdl_lite.so
  • /data/data/####/libbuffer_pg.so
  • /data/data/####/libc++_shared.so
  • /data/data/####/libfile_lock_pg.so
  • /data/data/####/libgdtqjs.so
  • /data/data/####/libipneigh-android.so
  • /data/data/####/libkeva.so
  • /data/data/####/libmaparmor.so
  • /data/data/####/libpanglearmor.so
  • /data/data/####/libquickjs.so
  • /data/data/####/libquickjs.zip
  • /data/data/####/libtobEmbedEncrypt.so
  • /data/data/####/libttmplayer_lite.so
  • /data/data/####/libturingau.ff2145fd.so
  • /data/data/####/libweapon620.so
  • /data/data/####/libyaqbasic.ff2145fd.so
  • /data/data/####/libyaqpro.ff2145fd.so
  • /data/data/####/libyoga.so
  • /data/data/####/lock
  • /data/data/####/log.browser-full.min.js
  • /data/data/####/low-price@2x.d7417b8.png
  • /data/data/####/lsymxbcq5qxngbodzhsc9px0
  • /data/data/####/lsymxbcq5qxngbodzhsc9px0.tmp
  • /data/data/####/main-footer.9d55ce9.png
  • /data/data/####/main-pointer.224b524.png
  • /data/data/####/main-table.ad76579.png
  • /data/data/####/main-table.f705a36.png
  • /data/data/####/main-wrapper.eed13ef.png
  • /data/data/####/metrics_guid
  • /data/data/####/mobclick_agent_online_setting_com.android.lemen...it.xml
  • /data/data/####/mpdc_105498_1
  • /data/data/####/mpdc_r_105498_1
  • /data/data/####/mytask.db
  • /data/data/####/mytask.db-journal
  • /data/data/####/na.czl
  • /data/data/####/packageIndex.json
  • /data/data/####/pangle_com.byted.pangle_applog_net_cache.dat.xml
  • /data/data/####/pangle_com.byted.pangle_bd_embed_tea_agent.db-journal
  • /data/data/####/pangle_com.byted.pangle_d8b674543fc0b023b69f6a3...04.xml
  • /data/data/####/pangle_com.byted.pangle_embed_applog_stats.xml
  • /data/data/####/pangle_com.byted.pangle_embed_header_custom.xml
  • /data/data/####/pangle_com.byted.pangle_embed_last_sp_session.xml
  • /data/data/####/pangle_com.byted.pangle_evt_upload_info.xml
  • /data/data/####/pangle_com.byted.pangle_freqctl_102630175.xml
  • /data/data/####/pangle_com.byted.pangle_freqctl_102640733.xml
  • /data/data/####/pangle_com.byted.pangle_freqctl_102641082.xml
  • /data/data/####/pangle_com.byted.pangle_freqctl_102925696.xml
  • /data/data/####/pangle_com.byted.pangle_freqctl_103094061.xml
  • /data/data/####/pangle_com.byted.pangle_freqctl_103097370.xml
  • /data/data/####/pangle_com.byted.pangle_label_v_v_s_3.xml
  • /data/data/####/pangle_com.byted.pangle_label_v_v_s_3.xml.bak
  • /data/data/####/pangle_com.byted.pangle_npth.xml
  • /data/data/####/pangle_com.byted.pangle_npth_log.db-journal
  • /data/data/####/pangle_com.byted.pangle_pacing_102630175.xml
  • /data/data/####/pangle_com.byted.pangle_pacing_102640733.xml
  • /data/data/####/pangle_com.byted.pangle_pacing_102641082.xml
  • /data/data/####/pangle_com.byted.pangle_pacing_102925696.xml
  • /data/data/####/pangle_com.byted.pangle_pacing_103094061.xml
  • /data/data/####/pangle_com.byted.pangle_pacing_103097370.xml
  • /data/data/####/pangle_com.byted.pangle_snssdk_openudid.xml
  • /data/data/####/pangle_com.byted.pangle_sp_dynamic_tmpl_config.xml
  • /data/data/####/pangle_com.byted.pangle_sp_dynamic_tmpl_config_v3.xml
  • /data/data/####/pangle_com.byted.pangle_sp_exec_getad_config.xml
  • /data/data/####/pangle_com.byted.pangle_sp_exec_getad_config.xml.bak
  • /data/data/####/pangle_com.byted.pangle_sp_multi_ttmadnet_config.xml
  • /data/data/####/pangle_com.byted.pangle_ss_app_config.xml
  • /data/data/####/pangle_com.byted.pangle_tt_ad_mediation_sdk_sp.xml
  • /data/data/####/pangle_com.byted.pangle_tt_ad_mediation_sdk_sp.xml.bak
  • /data/data/####/pangle_com.byted.pangle_tt_mediation_open_sdk.db-journal
  • /data/data/####/pangle_com.byted.pangle_tt_sdk_adn_init_setting...81.xml
  • /data/data/####/pangle_com.byted.pangle_tt_sdk_app_common_setti...81.xml
  • /data/data/####/pangle_com.byted.pangle_tt_sdk_gm_data_5465581.xml
  • /data/data/####/pangle_com.byted.pangle_tt_sdk_new_settings_5465581.xml
  • /data/data/####/pangle_com.byted.pangle_tt_sdk_rit_settings_546...eo.xml
  • /data/data/####/pangle_com.byted.pangle_tt_sdk_rit_settings_546...ll.xml
  • /data/data/####/pangle_com.byted.pangle_tt_sdk_rit_settings_546...sh.xml
  • /data/data/####/pangle_com.byted.pangle_tt_sdk_rit_settings_546...ve.xml
  • /data/data/####/pangle_com.byted.pangle_tt_sdk_test_tool_data_5465581.xml
  • /data/data/####/pangle_com.byted.pangle_ttnet_tnc_config1371.xml
  • /data/data/####/pangle_com.byted.pangle_ttnet_tnc_config4741.xml
  • /data/data/####/pangle_com.byted.pangle_ttopensdk.db-journal
  • /data/data/####/pangle_meta_data_sp.xml
  • /data/data/####/pangle_meta_data_sp.xml.bak
  • /data/data/####/plugin_oat_info.xml
  • /data/data/####/pre-title.e013d85.png
  • /data/data/####/proc_auxv
  • /data/data/####/radar-master.js
  • /data/data/####/radar-test.js
  • /data/data/####/re_po_rt.xml
  • /data/data/####/re_po_rt.xml.bak
  • /data/data/####/re_po_rt.xml.bak (deleted)
  • /data/data/####/report_cgi
  • /data/data/####/retain-img.835135f.png
  • /data/data/####/runtime.6701ee200ea5f1b52fae.js
  • /data/data/####/runtime.6701ee200ea5f1b52fae.js.LICENSE.txt
  • /data/data/####/runtime.6701ee200ea5f1b52fae.js.map
  • /data/data/####/scratch-background.46e0d72.png
  • /data/data/####/scratch-under.ae67d6c.png
  • /data/data/####/sdkCloudSetting.cfg
  • /data/data/####/sdkCloudSetting.sig
  • /data/data/####/sec-kill@2x.cc85c69.png
  • /data/data/####/store-end-card-bac.6d54a36.png
  • /data/data/####/stub_ver
  • /data/data/####/style.09e34d4ee565029797db.css
  • /data/data/####/style.127497ad3f455d2cf477.css
  • /data/data/####/style.213361aa9afa9c8a9323.css
  • /data/data/####/style.30300cc4b8c375a12036.css
  • /data/data/####/style.316a422a23f6cf40d0dc.css
  • /data/data/####/style.3b53656762d563f7975f.css
  • /data/data/####/style.3c5750a792a92c16025b.css
  • /data/data/####/style.3d5928985c3f94b92558.css
  • /data/data/####/style.3f6846716d816a03d6c8.css
  • /data/data/####/style.45fc5a8b1292f7945c61.css
  • /data/data/####/style.4c2beea561431e1fa114.css
  • /data/data/####/style.4c2beea561431e1fa114.css.map
  • /data/data/####/style.6fd4ccb2f955785f76e2.css
  • /data/data/####/style.7cbba7d9c0b9ad53ec22.css
  • /data/data/####/style.7fce5a7b74dad35041aa.css
  • /data/data/####/style.978c86a15b9252d2151d.css
  • /data/data/####/style.a822fc701fc9d62faa65.css
  • /data/data/####/style.b1fd9005280beef947b6.css
  • /data/data/####/style.c29837feb5fc4b884107.css
  • /data/data/####/style.c7ceccbbb1fcd5734ebf.css
  • /data/data/####/style.d6d12519f60fb6762562.css
  • /data/data/####/style.d7bc27c0805eb0094a3f.css
  • /data/data/####/style.e6e9511a2076353f6702.css
  • /data/data/####/svga.7596d4229331da938d81.js
  • /data/data/####/svga.c6455578d47f8e8070cd.js
  • /data/data/####/t6xqk7u78hzxh57fb8vuwuwo
  • /data/data/####/t6xqk7u78hzxh57fb8vuwuwo (deleted)
  • /data/data/####/texture-btn-red.dc51548.png
  • /data/data/####/title-sunshine.cad7ee5.png
  • /data/data/####/ts-polyfill.min.js
  • /data/data/####/tt_nd
  • /data/data/####/turingfd_conf_105498_au.xml
  • /data/data/####/turingfd_conf_105498_au.xml.bak (deleted)
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/update_lc
  • /data/data/####/vendor.02f2abd6f2323770cbaf.js
  • /data/data/####/vendor.0c37cf62192d713e4067.js
  • /data/data/####/vendor.17c9c60acdc93f82eabd.js
  • /data/data/####/vendor.17c9c60acdc93f82eabd.js.LICENSE.txt
  • /data/data/####/vendor.17dbe6524afef8449b5e.js
  • /data/data/####/vendor.17dbe6524afef8449b5e.js.map
  • /data/data/####/vendor.3cca32ba318186785385.js
  • /data/data/####/vendor.50ffe4f8049140bf9071.js
  • /data/data/####/vendor.50ffe4f8049140bf9071.js.LICENSE.txt
  • /data/data/####/vendor.5e9274b7b167dfdd4585.js
  • /data/data/####/vendor.5e9274b7b167dfdd4585.js.map
  • /data/data/####/vendor.92d80afeddd25d5588e2.js
  • /data/data/####/vendor.d6254980bd95dc5ad4d1.js
  • /data/data/####/vendor.d6254980bd95dc5ad4d1.js.LICENSE.txt
  • /data/data/####/w.db-journal
  • /data/data/####/win.apk
  • /data/data/####/win.dex
  • /data/data/####/win.dex.flock (deleted)
  • /data/data/####/yaq.ff2145fd.sec
  • /data/data/####/yaq2.ff2145fd.sec
  • /data/data/####/yaq3_0.ff2145fd.sec
  • /data/data/####/yaqsdkcookie
  • /data/media/####/.android_system_config.prop
  • /data/media/####/.oukdtft
  • /data/media/####/4386091253a9622d580d300c4504c2e3
  • /data/media/####/55d62352419e31ed4a45aa476119603a
  • /data/media/####/88b3e9de0a2129d5e37b293c3635efd6
  • /data/media/####/cda9457a95b6f18714c324897e98af81
  • /data/media/####/ced0915495da0d06d5ac607f3a9723c6
  • /data/media/####/clientudid.dat
  • /data/media/####/cookie
  • /data/media/####/guajiplugin_self_1083
  • /data/media/####/journal
  • /data/media/####/temp_pkg_info.json
  • /data/media/####/user.data
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • busybox df
  • id
  • which su
  • /data/user/0/<Package>/files/pangle_com.byted.pangle/tt_nd
  • /system/bin/cat /proc/cpuinfo
  • /system/bin/df
  • /system/bin/getprop
  • app_process /system/bin com.android.commands.am.Am get-config
  • app_process /system/bin com.android.commands.pm.Pm list features
  • app_process /system/bin com.android.commands.pm.Pm list instrumentation
  • app_process /system/bin com.android.commands.pm.Pm list libraries
  • app_process /system/bin com.android.commands.pm.Pm list packages -f
  • app_process /system/bin com.android.commands.pm.Pm path <Package>
  • app_process /system/bin com.android.commands.pm.Pm path com.tencent.mm
  • busybox
  • busybox df
  • busybox lspci
  • cat /proc/net/route
  • cat /proc/sys/kernel/random/boot_id
  • cat /proc/uptime
  • cat /proc/version
  • cat /sys/class/net/wlan0/address
  • cat /sys/devices/soc0/serial_number
  • chmod 777 /data/user/0/<Package>/files/pangle_com.byted.pangle/tt_nd
  • getenforce
  • getprop ro.build.version.emui
  • getprop ro.product.cpu.abi
  • grep <Package>
  • grep frida
  • grep frida-server
  • id
  • ip neigh
  • ip route
  • ls -al /proc/5038/fd
  • ls -al /proc/self/fd/242
  • lsmod
  • lspci
  • lsusb
  • netstat -nap
  • pidof adbd
  • ps
  • sh
  • sh -c ls -al /proc/5038/fd | grep frida
  • sh -c ps | grep <Package>
  • sh -c ps | grep frida-server
  • sh -c busybox 2>&1
  • sh -c toybox 2>&1
  • su -v
  • toybox
  • which su
Loads the following dynamic libraries:
  • libPglbizssdk_ml
  • libavmdl_lite
  • libeky6l
  • libgdtqjs
  • libipneigh-android
  • libkeva
  • libmaparmor
  • libpanglearmor
  • libsgcore
  • libtobEmbedEncrypt
  • libttmplayer_lite
  • libturingau.ff2145fd
  • libweapon620
  • libyaqbasic.ff2145fd
  • libyaqpro.ff2145fd
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • AES-ECB-PKCS7Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • AES-ECB-PKCS7Padding
  • RSA-ECB-PKCS1Padding
Accesses the ITelephony private interface.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.
Requests the system alert window permission.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android