Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.RemoteCode.127.origin
Accesses the ITelephony private interface.
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) nav.cn.ron####.com:80
- TCP(HTTP/1.1) ti####.c####.l####.####.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(HTTP/1.1) aexcep####.b####.qq.com:8011
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) aexcep####.b####.qq.com:8012
- TCP(TLS/1.0) api.s####.com:443
- TCP(TLS/1.0) et2-na6####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) loc.map.b####.com:443
- TCP(TLS/1.0) s####.cn.ron####.com:443
- TCP(TLS/1.0) j####.d####.com:443
- TCP(TLS/1.0) o####.map.b####.com:443
- TCP(TLS/1.0) hs-pa####.s####.com:443
- TCP(TLS/1.0) 2####.58.212.238:443
- TCP(TLS/1.0) cdn####.appa####.com:443
- TCP(TLS/1.0) wap.cmpass####.com:8443
- TCP(TLS/1.0) hs.cb####.com:443
- TCP(TLS/1.0) experi####.appa####.com:443
- TCP(TLS/1.0) api.map.b####.com:443
- TCP c####.g####.ig####.com:5224
- TCP sdk.o####.t####.####.com:5224
- TCP 1####.92.22.180:8602
DNS requests:
- 7j####.c####.z0.####.com
- a####.b####.qq.com
- aexcep####.b####.qq.com
- and####.b####.qq.com
- api.map.b####.com
- api.s####.com
- c####.g####.ig####.com
- c-h####.g####.com
- cdn####.appa####.com
- experi####.appa####.com
- hs-pa####.s####.com
- hs.cb####.com
- j####.d####.com
- loc.map.b####.com
- mt####.go####.com
- nav.cn.ron####.com
- o####.map.b####.com
- plb####.u####.com
- pub-####.qin####.com
- s####.cn.ron####.com
- sdk.c####.ig####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- u####.u####.com
- wap.cmpass####.com
HTTP GET requests:
- t####.c####.q####.####.com/tdata_bca864
- t####.c####.q####.####.com/tdata_fyR930
- ti####.c####.l####.####.com/config/hz-hzv3.conf
- ti####.c####.l####.####.com/tdata_EDT356
HTTP POST requests:
- aexcep####.b####.qq.com:8011/rqd/async
- aexcep####.b####.qq.com:8012/rqd/async
- and####.b####.qq.com/rqd/async
- c-h####.g####.com/api.php?format=####&t=####
- nav.cn.ron####.com/navipush.json
- sdk.o####.p####.####.com/api.php?format=####&t=####
File system changes:
Creates the following files:
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/0.chunk.js
- /data/data/####/000001.dbtmp
- /data/data/####/000002.dbtmp
- /data/data/####/000003.log
- /data/data/####/000004.dbtmp
- /data/data/####/000005.log
- /data/data/####/000006.dbtmp
- /data/data/####/000007.log
- /data/data/####/1.chunk.js
- /data/data/####/2.chunk.js
- /data/data/####/ADHOC_SHARED_PREFERENCE.xml
- /data/data/####/ADHOC_SHARED_PREFERENCE.xml (deleted)
- /data/data/####/COUNTLY_STORE.xml
- /data/data/####/FwLog.xml
- /data/data/####/IM.xml
- /data/data/####/INSTALLATION
- /data/data/####/LOCK
- /data/data/####/MANIFEST-000001
- /data/data/####/MANIFEST-000002
- /data/data/####/MANIFEST-000004
- /data/data/####/MANIFEST-000006
- /data/data/####/RongPush.xml
- /data/data/####/Statistics.xml
- /data/data/####/ab_test.xml
- /data/data/####/abtest.xml
- /data/data/####/account-bind-list.a27dea0fba16441ef9634585b7091103-two.css
- /data/data/####/account-bind-list.c075189e684ff22fe413.js
- /data/data/####/account-bind-list.html
- /data/data/####/account.c075189e684ff22fe413.js
- /data/data/####/account.f7a72e7865c6cf0df7cf372b34c0d9da-two.css
- /data/data/####/account.html
- /data/data/####/agreement.81d341a748c733563293e95b2cd3ef51-one.css
- /data/data/####/agreement.c075189e684ff22fe413.js
- /data/data/####/agreement.html
- /data/data/####/anti-fraud-guide.72d679301fd4078933c47956e3219d83-two.css
- /data/data/####/anti-fraud-guide.c075189e684ff22fe413.js
- /data/data/####/anti-fraud-guide.html
- /data/data/####/apply-cash-record.a86c4161011acf20609153ea0d3adf9a-two.css
- /data/data/####/apply-cash-record.c075189e684ff22fe413.js
- /data/data/####/apply-cash-record.d41d8cd98f00b204e9800998ecf8427e-one.css
- /data/data/####/apply-cash-record.html
- /data/data/####/apply-cash-success.17288137e7787c67629f2069ddbc...wo.css
- /data/data/####/apply-cash-success.c075189e684ff22fe413.js
- /data/data/####/apply-cash-success.html
- /data/data/####/apply-cash.c075189e684ff22fe413.js
- /data/data/####/apply-cash.f16c132e43e2b216f83036de86fac7e3-two.css
- /data/data/####/apply-cash.html
- /data/data/####/apply-detail.650149f6520013ab63beaf0e2b94b061-one.css
- /data/data/####/apply-detail.c075189e684ff22fe413.js
- /data/data/####/apply-detail.dc3f5a78e475ce39ec3abde75b0ea7df-two.css
- /data/data/####/apply-detail.html
- /data/data/####/apply-list.032ecd85fbfa15fa7e9c4aa745d1b3e1-two.css
- /data/data/####/apply-list.c075189e684ff22fe413.js
- /data/data/####/apply-list.d41d8cd98f00b204e9800998ecf8427e-one.css
- /data/data/####/apply-list.html
- /data/data/####/apply-success.650149f6520013ab63beaf0e2b94b061-one.css
- /data/data/####/apply-success.87784683b80980ef1dacf110f15105ca-two.css
- /data/data/####/apply-success.c075189e684ff22fe413.js
- /data/data/####/apply-success.html
- /data/data/####/authStatus_com.doumi.jianzhi.xml
- /data/data/####/authStatus_com.doumi.jianzhi;ipc.xml
- /data/data/####/authStatus_com.doumi.jianzhi;pushservice.xml
- /data/data/####/authStatus_com.doumi.jianzhi;remote.xml
- /data/data/####/authStatus_io.rong.push.xml
- /data/data/####/avatar_female.png
- /data/data/####/avatar_male.png
- /data/data/####/banner_integral.jpg
- /data/data/####/banner_share.png
- /data/data/####/banner_submit.png
- /data/data/####/bg_blacklist.png
- /data/data/####/bg_detail_banner.png
- /data/data/####/bg_detail_quanzhi.png
- /data/data/####/bg_index_column.png
- /data/data/####/bg_invite_list.png
- /data/data/####/bg_map.png
- /data/data/####/bg_mingqi_info.png
- /data/data/####/bg_popup.png
- /data/data/####/bg_regret.png
- /data/data/####/bg_renzheng.png
- /data/data/####/bg_resume.png
- /data/data/####/bg_rise.png
- /data/data/####/bg_status.png
- /data/data/####/bg_status_new.png
- /data/data/####/bg_tab.png
- /data/data/####/bg_toptips.png
- /data/data/####/bind-alipay.30dafbd020a8c6204e480314e96b22f7-one.css
- /data/data/####/bind-alipay.c075189e684ff22fe413.js
- /data/data/####/bind-alipay.c3f3409c62bd3b1c2fc4adde3cdf1109-two.css
- /data/data/####/bind-alipay.html
- /data/data/####/bind-unionpay.30dafbd020a8c6204e480314e96b22f7-one.css
- /data/data/####/bind-unionpay.9e0b20f532711addaf2726462bd1df43-two.css
- /data/data/####/bind-unionpay.c075189e684ff22fe413.js
- /data/data/####/bind-unionpay.html
- /data/data/####/bind-weixinwallet.30dafbd020a8c6204e480314e96b22f7-one.css
- /data/data/####/bind-weixinwallet.b81a73e7393e948cf5d312d93f286a0f-two.css
- /data/data/####/bind-weixinwallet.c075189e684ff22fe413.js
- /data/data/####/bind-weixinwallet.html
- /data/data/####/bugly_db_-journal
- /data/data/####/bundle.js
- /data/data/####/cache.manifest
- /data/data/####/change-mobile-number.4aee178143ea3ccb0f163074d8...wo.css
- /data/data/####/change-mobile-number.c075189e684ff22fe413.js
- /data/data/####/change-mobile-number.html
- /data/data/####/city.95e09476214ef7a72a4fdcbd8f47934c-one.css
- /data/data/####/city.c075189e684ff22fe413.js
- /data/data/####/city.html
- /data/data/####/company-detail.c075189e684ff22fe413.js
- /data/data/####/company-detail.c1141a8f9fb2c230a32bd1d9ab227924-two.css
- /data/data/####/company-detail.cca3a9431570090b72d81c9ea229d390-one.css
- /data/data/####/company-detail.html
- /data/data/####/complain-and-feedback.c075189e684ff22fe413.js
- /data/data/####/complain-and-feedback.e4549bb4c8984f56df460219a...ne.css
- /data/data/####/complain-and-feedback.html
- /data/data/####/complain.c075189e684ff22fe413.js
- /data/data/####/complain.d7b2867990eacbcec7ab7c1f8181f0d8-two.css
- /data/data/####/complain.html
- /data/data/####/complaint-forms-business-lose.c075189e684ff22fe413.js
- /data/data/####/complaint-forms-business-lose.d480476f762734f7c...wo.css
- /data/data/####/complaint-forms-business-lose.html
- /data/data/####/complaint-forms-false-information.766fda3fab29d...wo.css
- /data/data/####/complaint-forms-false-information.c075189e684ff22fe413.js
- /data/data/####/complaint-forms-false-information.html
- /data/data/####/complaint-forms-fee-charge.766fda3fab29da74ec53...wo.css
- /data/data/####/complaint-forms-fee-charge.c075189e684ff22fe413.js
- /data/data/####/complaint-forms-fee-charge.html
- /data/data/####/complaint-forms-salary-arrears.766fda3fab29da74...wo.css
- /data/data/####/complaint-forms-salary-arrears.c075189e684ff22fe413.js
- /data/data/####/complaint-forms-salary-arrears.html
- /data/data/####/complaint-success.590f459a3f48e0e1943a477ce3132c12-two.css
- /data/data/####/complaint-success.c075189e684ff22fe413.js
- /data/data/####/complaint-success.html
- /data/data/####/conf_n.pid
- /data/data/####/copy_icon.png
- /data/data/####/count-down-bg.png
- /data/data/####/cyan_face.png
- /data/data/####/cyan_face_gray.png
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQ1MTMyODM3NDE2;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQ1MTMyODU3ODM1;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQ1MTMyODcxODAy;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQ1MTMyODg3ODc5;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQ1MTMyODgwNTQ4;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQ1MTMyODk0NTU3;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQ1MTMyOTAyMjU1;
- /data/data/####/detail-address.813f73661b54c3f22a2fbc23aa045399-two.css
- /data/data/####/detail-address.c075189e684ff22fe413.js
- /data/data/####/detail-address.html
- /data/data/####/detail-mix.23954f85dc05018ea2276851501fe03e-one.css
- /data/data/####/detail-mix.c075189e684ff22fe413.js
- /data/data/####/detail-mix.df3f8cd25b765bfdcfabf1cc0c97c036-two.css
- /data/data/####/detail-mix.html
- /data/data/####/detail.0da5bcfbc0e7a74cd064da17f3d85fe6-one.css
- /data/data/####/detail.94d5cd48675a4abfdada0f34827940e9-two.css
- /data/data/####/detail.c075189e684ff22fe413.js
- /data/data/####/detail.html
- /data/data/####/detail_basic_head.png
- /data/data/####/detail_direct_head.png
- /data/data/####/detail_direct_head_big.png
- /data/data/####/detail_online_head.png
- /data/data/####/detail_online_head_big.png
- /data/data/####/detail_player_big.png
- /data/data/####/detail_player_small.png
- /data/data/####/dmdid
- /data/data/####/dmzp.png
- /data/data/####/dmzygw.png
- /data/data/####/domSetting
- /data/data/####/domSettingTime
- /data/data/####/doumi-db-journal
- /data/data/####/duiba.2839f02f6b96f7eaf8852679854b77b7-one.css
- /data/data/####/duiba.c075189e684ff22fe413.js
- /data/data/####/duiba.html
- /data/data/####/earn-score.5020b4cf9be32fd76252959305be79f5-one.css
- /data/data/####/earn-score.c075189e684ff22fe413.js
- /data/data/####/earn-score.html
- /data/data/####/empower.png
- /data/data/####/entry-details.6066c316cc602a6eed6f2dcb2bf9867d-two.css
- /data/data/####/entry-details.c075189e684ff22fe413.js
- /data/data/####/entry-details.html
- /data/data/####/evaluate-list.a4ab77a458147a754ee1d250452b2850-one.css
- /data/data/####/evaluate-list.c075189e684ff22fe413.js
- /data/data/####/evaluate-list.f6eb968fe548208733eb2830c5797a35-two.css
- /data/data/####/evaluate-list.html
- /data/data/####/evaluate.032ecd85fbfa15fa7e9c4aa745d1b3e1-two.css
- /data/data/####/evaluate.c06520a83be22d94fe2f3ea7820c185f-one.css
- /data/data/####/evaluate.c075189e684ff22fe413.js
- /data/data/####/evaluate.html
- /data/data/####/exchangeIdentity.json
- /data/data/####/exchange_icon.png
- /data/data/####/exid.dat
- /data/data/####/f1e5994e2a5f4dbe680c.worker.js
- /data/data/####/favorite.7717b69c3d63972304aeca3620a7f14a-one.css
- /data/data/####/favorite.c075189e684ff22fe413.js
- /data/data/####/favorite.html
- /data/data/####/fe5312fdbe923e425eb3.worker.js
- /data/data/####/feedback.a8229ee74a8c1d67288fcb25594a8ff9-one.css
- /data/data/####/feedback.c075189e684ff22fe413.js
- /data/data/####/feedback.html
- /data/data/####/firll.dat
- /data/data/####/gal.db
- /data/data/####/gal.db-journal
- /data/data/####/gdaemon_20161017
- /data/data/####/getui_sp.xml
- /data/data/####/gx_sp.xml
- /data/data/####/hotjob-list.718f9a4dd78c89b425f7ae1a2e25afcd-one.css
- /data/data/####/hotjob-list.c075189e684ff22fe413.js
- /data/data/####/hotjob-list.html
- /data/data/####/hst.db
- /data/data/####/hst.db-journal
- /data/data/####/huiyan-index.339866d118ada781d3ccf486f43e21ad-two.css
- /data/data/####/huiyan-index.c075189e684ff22fe413.js
- /data/data/####/huiyan-index.html
- /data/data/####/huiyan-result.67ba7bb8007d5b7b56892de0b162176c-two.css
- /data/data/####/huiyan-result.c075189e684ff22fe413.js
- /data/data/####/huiyan-result.html
- /data/data/####/i==1.2.0&&5.4.0_1545132837526_envelope.log
- /data/data/####/i==1.2.0&&5.4.0_1545132872482_envelope.log
- /data/data/####/i==1.2.0&&5.4.0_1545132880602_envelope.log
- /data/data/####/i==1.2.0&&5.4.0_1545132888664_envelope.log
- /data/data/####/i==1.2.0&&5.4.0_1545132894600_envelope.log
- /data/data/####/icon-safe.png
- /data/data/####/icon-welfare-01.png
- /data/data/####/icon-welfare-02.png
- /data/data/####/icon-welfare-03.png
- /data/data/####/icon-welfare-04.png
- /data/data/####/icon-welfare-05.png
- /data/data/####/icon-welfare-06.png
- /data/data/####/icon-welfare-07.png
- /data/data/####/icon-welfare-new-01.png
- /data/data/####/icon-welfare-new-02.png
- /data/data/####/icon-welfare-new-03.png
- /data/data/####/icon-welfare-new-04.png
- /data/data/####/icon-welfare-new-05.png
- /data/data/####/icon-welfare-new-06.png
- /data/data/####/icon-welfare-new-07.png
- /data/data/####/icon.png
- /data/data/####/icon_account.png
- /data/data/####/icon_arrow.png
- /data/data/####/icon_blacklist.png
- /data/data/####/icon_cate_check.png
- /data/data/####/icon_cate_other.png
- /data/data/####/icon_cate_promotion.png
- /data/data/####/icon_cate_reg.png
- /data/data/####/icon_cate_share.png
- /data/data/####/icon_cate_survey.png
- /data/data/####/icon_deliver.png
- /data/data/####/icon_detail.png
- /data/data/####/icon_detail_new.png
- /data/data/####/icon_doubt.png
- /data/data/####/icon_form.png
- /data/data/####/icon_index.png
- /data/data/####/icon_online.png
- /data/data/####/icon_order.png
- /data/data/####/icon_personal1.png
- /data/data/####/icon_rate.png
- /data/data/####/icon_regret.png
- /data/data/####/icon_resume.png
- /data/data/####/icon_succeed.png
- /data/data/####/icon_taobaoke.png
- /data/data/####/icon_toplist.png
- /data/data/####/icon_wallet.png
- /data/data/####/icon_warn.png
- /data/data/####/imkit.db-journal
- /data/data/####/increment_cache_file
- /data/data/####/index.44db25b36a3be6fb0957acc810bd964c-two.css
- /data/data/####/index.c075189e684ff22fe413.js
- /data/data/####/index.e90ff1638d0696015399bacb82d02381-one.css
- /data/data/####/index.html
- /data/data/####/info.xml
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/integral-detail.8232de50a72a03aea1cdc1b07f4105dd-one.css
- /data/data/####/integral-detail.c075189e684ff22fe413.js
- /data/data/####/integral-detail.html
- /data/data/####/invite-recommend-list.537a62ae6b206aa2038502d2c...wo.css
- /data/data/####/invite-recommend-list.650149f6520013ab63beaf0e2...ne.css
- /data/data/####/invite-recommend-list.c075189e684ff22fe413.js
- /data/data/####/invite-recommend-list.html
- /data/data/####/is_zan.png
- /data/data/####/jb_sp.xml
- /data/data/####/jianZhi.xml
- /data/data/####/job-publisher.53273add8084a3f017952a66e1ec983c-two.css
- /data/data/####/job-publisher.a4ab77a458147a754ee1d250452b2850-one.css
- /data/data/####/job-publisher.c075189e684ff22fe413.js
- /data/data/####/job-publisher.html
- /data/data/####/ker.db-journal
- /data/data/####/lazyload_default.png
- /data/data/####/libcuid.so
- /data/data/####/libjiagu-1123170138.so
- /data/data/####/ljzp.png
- /data/data/####/local_crash_lock
- /data/data/####/login-captcha.5742bdc933655ecb625c7b17b9fd87fc-one.css
- /data/data/####/login-captcha.c075189e684ff22fe413.js
- /data/data/####/login-captcha.html
- /data/data/####/login-check-phone.c075189e684ff22fe413.js
- /data/data/####/login-check-phone.ea7aa50e46628c34780c01b949a08eee-one.css
- /data/data/####/login-check-phone.html
- /data/data/####/login-password.c075189e684ff22fe413.js
- /data/data/####/login-password.ea7aa50e46628c34780c01b949a08eee-one.css
- /data/data/####/login-password.html
- /data/data/####/main.dek
- /data/data/####/make-money-online.875c40944cd1f35ffe05fad23781701c-one.css
- /data/data/####/make-money-online.99d4789d90236bccb5eaf27fc85a8836-two.css
- /data/data/####/make-money-online.c075189e684ff22fe413.js
- /data/data/####/make-money-online.html
- /data/data/####/mingqi_tag.png
- /data/data/####/mingqi_toutu_ placeholder.png
- /data/data/####/mingqi_toutu_default.jpg
- /data/data/####/msg-invite-list.083f253324abf6fcd60181aa7cd11dff-two.css
- /data/data/####/msg-invite-list.c075189e684ff22fe413.js
- /data/data/####/msg-invite-list.d41d8cd98f00b204e9800998ecf8427e-one.css
- /data/data/####/msg-invite-list.html
- /data/data/####/msg-news-list.c075189e684ff22fe413.js
- /data/data/####/msg-news-list.f4e0eb380f81cdb27020bde72992eb81-one.css
- /data/data/####/msg-news-list.html
- /data/data/####/msg-online-list.3f9f1d8f516cfca804ad02f48d6eb67a-one.css
- /data/data/####/msg-online-list.c075189e684ff22fe413.js
- /data/data/####/msg-online-list.html
- /data/data/####/multidex.version.xml
- /data/data/####/nearby-list.8b49ba57d8a47f3c65d53895b0a497fc-one.css
- /data/data/####/nearby-list.c075189e684ff22fe413.js
- /data/data/####/nearby-list.html
- /data/data/####/no-idencode.7418fa430c2c4b3ef49e4852e46dcb52-one.css
- /data/data/####/no-idencode.c075189e684ff22fe413.js
- /data/data/####/no-idencode.html
- /data/data/####/offline-invite-bonus.4084ef1b596abbcc99e60a7a24...ne.css
- /data/data/####/offline-invite-bonus.c075189e684ff22fe413.js
- /data/data/####/offline-invite-bonus.html
- /data/data/####/offline-invite-list.4084ef1b596abbcc99e60a7a24c...ne.css
- /data/data/####/offline-invite-list.c075189e684ff22fe413.js
- /data/data/####/offline-invite-list.html
- /data/data/####/offline-share.4084ef1b596abbcc99e60a7a24ce3894-one.css
- /data/data/####/offline-share.c075189e684ff22fe413.js
- /data/data/####/offline-share.html
- /data/data/####/ofl.config
- /data/data/####/ofl_location.db
- /data/data/####/ofl_location.db-journal
- /data/data/####/ofl_statistics.db
- /data/data/####/ofl_statistics.db-journal
- /data/data/####/online-complain-select.7f5183fcc98afcb7b9e6dc17...ne.css
- /data/data/####/online-complain-select.c075189e684ff22fe413.js
- /data/data/####/online-complain-select.html
- /data/data/####/online-complain.8def2e7a28f119daf031d7d3ba258e98-one.css
- /data/data/####/online-complain.c075189e684ff22fe413.js
- /data/data/####/online-complain.html
- /data/data/####/online-detail.14ae0f0019b999f7e51ba5fbdffe538c-two.css
- /data/data/####/online-detail.4c1c5d9a634a44d2db5d7ba88375bf38-one.css
- /data/data/####/online-detail.c075189e684ff22fe413.js
- /data/data/####/online-detail.html
- /data/data/####/online-income.78a65149714213978f86ea3594247b9e-one.css
- /data/data/####/online-income.c075189e684ff22fe413.js
- /data/data/####/online-income.html
- /data/data/####/online-index.17007d4eb3ec5a52aaa4e0206c6f147e-one.css
- /data/data/####/online-index.c075189e684ff22fe413.js
- /data/data/####/online-index.html
- /data/data/####/online-personal.7f5183fcc98afcb7b9e6dc170ebd0a4f-one.css
- /data/data/####/online-personal.c075189e684ff22fe413.js
- /data/data/####/online-personal.html
- /data/data/####/online-prefecture.5123a485a5b55423a26b945b4230db2d-one.css
- /data/data/####/online-prefecture.c075189e684ff22fe413.js
- /data/data/####/online-prefecture.html
- /data/data/####/online-retrial.c075189e684ff22fe413.js
- /data/data/####/online-retrial.d14658c9f8b3b9f18145d21a562ba87a-one.css
- /data/data/####/online-retrial.html
- /data/data/####/online-submit-detail.1e894983c71bb3dc3e3ee2f273...ne.css
- /data/data/####/online-submit-detail.c075189e684ff22fe413.js
- /data/data/####/online-submit-detail.html
- /data/data/####/online-submit-success.c075189e684ff22fe413.js
- /data/data/####/online-submit-success.d14658c9f8b3b9f18145d21a5...ne.css
- /data/data/####/online-submit-success.html
- /data/data/####/online-submit.c075189e684ff22fe413.js
- /data/data/####/online-submit.d97659ffb74602dd16ddafff37d560f3-one.css
- /data/data/####/online-submit.html
- /data/data/####/post-list.875c40944cd1f35ffe05fad23781701c-one.css
- /data/data/####/post-list.99d4789d90236bccb5eaf27fc85a8836-two.css
- /data/data/####/post-list.c075189e684ff22fe413.js
- /data/data/####/post-list.html
- /data/data/####/prefecture.c075189e684ff22fe413.js
- /data/data/####/prefecture.d007d6704dada9c39d442b0b76fa74ba-one.css
- /data/data/####/prefecture.html
- /data/data/####/preferences-job-type-select.36cff8c856e434d2241...wo.css
- /data/data/####/preferences-job-type-select.a94f09daf10d5d732ea...ne.css
- /data/data/####/preferences-job-type-select.c075189e684ff22fe413.js
- /data/data/####/preferences-job-type-select.html
- /data/data/####/privacy.c075189e684ff22fe413.js
- /data/data/####/privacy.da37ab9c528807c7e65343ff3f960ce9-two.css
- /data/data/####/privacy.html
- /data/data/####/progress_left.png
- /data/data/####/progress_right.png
- /data/data/####/prominent-tags.ab14fba0656a44af9f8cc1c062ccfe75-two.css
- /data/data/####/prominent-tags.c075189e684ff22fe413.js
- /data/data/####/prominent-tags.html
- /data/data/####/ptj_icons.png
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/qihoo_jiagu_crash_report.xml
- /data/data/####/rapidly-apply.564954de10d17d5f32bbbbac7d66d69d-one.css
- /data/data/####/rapidly-apply.c075189e684ff22fe413.js
- /data/data/####/rapidly-apply.html
- /data/data/####/recommend-list.718f9a4dd78c89b425f7ae1a2e25afcd-one.css
- /data/data/####/recommend-list.c075189e684ff22fe413.js
- /data/data/####/recommend-list.html
- /data/data/####/register.b5bba3abd015f375c4e2bd6d5eacb1b7-one.css
- /data/data/####/register.c075189e684ff22fe413.js
- /data/data/####/register.html
- /data/data/####/reset.c075189e684ff22fe413.js
- /data/data/####/reset.d9d8604340a6ed793fbdccf399d45e8f-one.css
- /data/data/####/reset.html
- /data/data/####/resume-addition.092c846fa90494869bf78c876cbc0896-two.css
- /data/data/####/resume-addition.c075189e684ff22fe413.js
- /data/data/####/resume-addition.html
- /data/data/####/resume-education.18bc07b0b27557f50d2a0ef972c72a34-two.css
- /data/data/####/resume-education.c075189e684ff22fe413.js
- /data/data/####/resume-education.html
- /data/data/####/resume-index.a4d0d4c2d5158f002b47bfab29b41b9e-two.css
- /data/data/####/resume-index.c075189e684ff22fe413.js
- /data/data/####/resume-index.html
- /data/data/####/resume-info.7b29f9129abbea6f15379995549f480a-two.css
- /data/data/####/resume-info.c075189e684ff22fe413.js
- /data/data/####/resume-info.html
- /data/data/####/resume-preference.4152666473795d7eb80d57c0a0b348e6-two.css
- /data/data/####/resume-preference.c075189e684ff22fe413.js
- /data/data/####/resume-preference.html
- /data/data/####/resume-work.62c6ce0504daff91136037ccda14e932-two.css
- /data/data/####/resume-work.c075189e684ff22fe413.js
- /data/data/####/resume-work.html
- /data/data/####/run.pid
- /data/data/####/search.54d9157f834e24b3470aa5d2466565bb-two.css
- /data/data/####/search.9158a3768e5f905610c5aa98cfe4d084-one.css
- /data/data/####/search.c075189e684ff22fe413.js
- /data/data/####/search.html
- /data/data/####/security_info
- /data/data/####/selected.05443512602f57116df9084a53518fc0-two.css
- /data/data/####/selected.34c45c6a077f961523c9ba09b8e910e5-one.css
- /data/data/####/selected.c075189e684ff22fe413.js
- /data/data/####/selected.html
- /data/data/####/selected_big.png
- /data/data/####/selected_middle.png
- /data/data/####/selected_small.png
- /data/data/####/selectiveperfect-list.c075189e684ff22fe413.js
- /data/data/####/selectiveperfect-list.ee71af79829f4576ca794031a...ne.css
- /data/data/####/selectiveperfect-list.html
- /data/data/####/set-resume-success.3870f8f1434d9211db9b1f682a1d...ne.css
- /data/data/####/set-resume-success.c075189e684ff22fe413.js
- /data/data/####/set-resume-success.html
- /data/data/####/settings.0380b5ad07fe46b7a97b155af3bf81e2-two.css
- /data/data/####/settings.c075189e684ff22fe413.js
- /data/data/####/settings.html
- /data/data/####/sign-in.7ea6495923ff03d8fee10512e536bafa-one.css
- /data/data/####/sign-in.c075189e684ff22fe413.js
- /data/data/####/sign-in.html
- /data/data/####/sobot_chat_20181218_log.txt
- /data/data/####/sobot_config.xml
- /data/data/####/start_act.xml
- /data/data/####/taobaoke-detail.358071e44592d180b1e79940927d4191-one.css
- /data/data/####/taobaoke-detail.c075189e684ff22fe413.js
- /data/data/####/taobaoke-detail.html
- /data/data/####/taobaoke-income.c075189e684ff22fe413.js
- /data/data/####/taobaoke-income.c09ceadc2e3455c79fd67f0a59f160ac-one.css
- /data/data/####/taobaoke-income.html
- /data/data/####/taobaoke-index.c075189e684ff22fe413.js
- /data/data/####/taobaoke-index.d5dd94be166cbb44ef39c36aa5f09614-one.css
- /data/data/####/taobaoke-index.html
- /data/data/####/taobaoke-order.c075189e684ff22fe413.js
- /data/data/####/taobaoke-order.d18b222592a9b845ed9722e3f4272351-one.css
- /data/data/####/taobaoke-order.html
- /data/data/####/taobaoke-search-hot-key.9cda77bb31da14cb8999ac4...ne.css
- /data/data/####/taobaoke-search-hot-key.c075189e684ff22fe413.js
- /data/data/####/taobaoke-search-hot-key.html
- /data/data/####/taobaoke-search.b78708aa1c7a04779a0da807626bafdb-one.css
- /data/data/####/taobaoke-search.c075189e684ff22fe413.js
- /data/data/####/taobaoke-search.html
- /data/data/####/taobaoke-share.c075189e684ff22fe413.js
- /data/data/####/taobaoke-share.ff00047a1ed770721cb9fa56d81ab6d4-one.css
- /data/data/####/taobaoke-share.html
- /data/data/####/tdata_bca864
- /data/data/####/tdata_bca864.jar
- /data/data/####/tdata_fyR930
- /data/data/####/tdata_fyR930.jar
- /data/data/####/tmp.zip
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/um_pri.xml
- /data/data/####/umdat.xml
- /data/data/####/umeng_common_config.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/vendor.dll.js
- /data/data/####/verified.41f71fcfc698cda5c051a7b701ac5efd-two.css
- /data/data/####/verified.c075189e684ff22fe413.js
- /data/data/####/verified.html
- /data/data/####/wallet.b7b0de3da09405b3d58fa6743ea48934-two.css
- /data/data/####/wallet.c075189e684ff22fe413.js
- /data/data/####/wallet.html
- /data/data/####/work-desc-exam.7c36f7120f9287650ea5ec282c21feb3-two.css
- /data/data/####/work-desc-exam.c075189e684ff22fe413.js
- /data/data/####/work-desc-exam.html
- /data/data/####/yellow_face.png
- /data/data/####/yellow_face_gray.png
- /data/media/####/.a.dat
- /data/media/####/.adfwe.dat
- /data/media/####/.cca.dat
- /data/media/####/.cuid
- /data/media/####/.cuid2
- /data/media/####/.nomedia
- /data/media/####/.umm.dat
- /data/media/####/BeLog_1545132858149.log
- /data/media/####/BeLog_1545132883474.log
- /data/media/####/BeLog_1545132889126.log
- /data/media/####/app.db
- /data/media/####/com.doumi.jianzhi.bin
- /data/media/####/com.doumi.jianzhi.db
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/conlts.dat
- /data/media/####/dmdid
- /data/media/####/domSetting
- /data/media/####/domSettingTime
- /data/media/####/journal
- /data/media/####/journal.tmp
- /data/media/####/ls.db
- /data/media/####/ls.db-journal
- /data/media/####/phone_uuid.tmp
- /data/media/####/rong_sdk.log
- /data/media/####/rong_sdk_debug.log
- /data/media/####/sysid.dat
- /data/media/####/tdata_bca864
- /data/media/####/tdata_fyR930
- /data/media/####/test.log
- /data/media/####/yoh.dat
- /data/media/####/yol.dat
- /data/media/####/yom.dat
Miscellaneous:
Executes the following shell scripts:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.push.GetTuiPushService 24702 300 0
- chmod 700 <Package Folder>/files/gdaemon_20161017
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.vivo.os.build.display.id
- logcat -d -v threadtime
- ls /sys/class/thermal
Loads the following dynamic libraries:
- BaiduMapSDK_base_v5_0_0
- RongIMLib
- dek
- getuiext3
- kerdb
- libjiagu-1123170138
- locSDK7b
Uses the following algorithms to encrypt data:
- AES
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
Uses the following algorithms to decrypt data:
- AES
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-GCM-NoPadding
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.