Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Click.308.origin
Network activity:
Connects to:
- UDP(DNS) 8####.8.4.4:53
- TCP(HTTP/1.1) of.okyes####.com:80
- TCP(HTTP/1.1) xml.boffoad####.com:80
- TCP(HTTP/1.1) xml.xten####.com:80
- TCP(HTTP/1.1) rtb.a####.com:80
- TCP(HTTP/1.1) ps.pop####.net:80
- TCP(HTTP/1.1) ad####.net:80
- TCP(HTTP/1.1) ad####.s3.amazo####.com:80
- TCP(HTTP/1.1) c####.showcas####.com:80
- TCP(HTTP/1.1) www.porn####.com:80
- TCP(HTTP/1.1) and####.cli####.go####.com:80
- TCP(HTTP/1.1) xml.ctrtra####.com:80
- TCP(HTTP/1.1) xml.adokutc####.com:80
- TCP(HTTP/1.1) xml.showca####.com:80
- TCP(HTTP/1.1) tr####.trackth####.club:80
- TCP(HTTP/1.1) porn####.com:80
- TCP(HTTP/1.1) ad.a####.com:80
- TCP(HTTP/1.1) surfe####.xyz:80
- TCP(HTTP/1.1) s10.his####.com.####.me:80
- TCP(HTTP/1.1) premium####.com:80
- TCP(HTTP/1.1) eb.u####.de:80
- TCP(HTTP/1.1) ads####.com:80
- TCP(HTTP/1.1) ads.adxad####.com:80
- TCP(HTTP/1.1) www.u####.de:8802
- TCP(HTTP/1.1) st####.adxad####.com:80
- TCP(HTTP/1.1) xml.admozar####.com:80
- TCP(HTTP/1.1) yvk8####.a####.net:80
- TCP(HTTP/1.1) clic####.c0c.xyz:80
- TCP(HTTP/1.1) poli####.com:80
- TCP(HTTP/1.1) vo####.com:80
- TCP(HTTP/1.1) js.juic####.com:80
- TCP(HTTP/1.1) en####.phn.double####.com:80
- TCP(HTTP/1.1) cdn.en####.phn.####.com:80
- TCP(HTTP/1.1) xml.showcas####.com:80
- TCP(HTTP/1.1) medi####.pl:80
- TCP(HTTP/1.1) admedi####.net:80
- TCP(HTTP/1.1) s####.b####.com:80
- TCP(HTTP/1.1) granat####.xyz:80
- TCP(HTTP/1.1) mo####.juic####.com:80
- TCP(HTTP/1.1) f####.beach####.club:80
- TCP(HTTP/1.1) adse####.juic####.com:80
- TCP(HTTP/1.1) latest-####.roo####.ru:80
- TCP(HTTP/1.1) s####.bet:80
- TCP(HTTP/1.1) csk####.com:80
- TCP(HTTP/1.1) t####.up####.com:80
- TCP(HTTP/1.1) mychip####.online:80
- TCP(HTTP/1.1) click-x####.o18.click:80
- TCP(HTTP/1.1) adz####.net:80
- TCP(HTTP/1.1) www.seeaw####.com:80
- TCP(HTTP/1.1) xml.mediaco####.com:80
- TCP(HTTP/1.1) cp####.com:80
- TCP(HTTP/1.1) okjoj####.com:80
- TCP(HTTP/1.1) whaleca####.com:80
- TCP(HTTP/1.1) nativea####.com:80
- TCP(HTTP/1.1) deflora####.xyz:80
- TCP(HTTP/1.1) syndica####.ex####.com:80
- TCP(HTTP/1.1) pop####.net:80
- TCP(HTTP/1.1) st####.a####.com:80
- TCP(HTTP/1.1) d####.add####.com.####.net:80
- TCP(HTTP/1.1) xml.admidai####.com:80
- TCP(HTTP/1.1) adk.mybestc####.net:80
- TCP(TLS/1.0) c.atandm####.com:443
- TCP(TLS/1.0) instant####.google####.com:443
- TCP(TLS/1.0) smart-v####.com:443
- TCP(TLS/1.0) adse####.juic####.com:443
- TCP(TLS/1.0) syndica####.ex####.com:443
- TCP(TLS/1.0) www.statcou####.com:443
- TCP(TLS/1.0) ads.adxad####.com:443
- TCP(TLS/1.0) i####.ddit####.com:443
- TCP(TLS/1.0) api.face####.com:443
- TCP(TLS/1.0) eu####.al####.com.####.net:443
- TCP(TLS/1.0) uswild####.al####.com.####.net:443
- TCP(TLS/1.0) ma####.bootstr####.com:443
- TCP(TLS/1.0) and####.google####.com:443
- TCP(TLS/1.0) www.googlet####.com:443
- TCP(TLS/1.0) and####.cli####.go####.com:443
- TCP(TLS/1.0) cdn-####.por####.com:443
- TCP(TLS/1.0) safebro####.google####.com:443
- TCP(TLS/1.0) mello####.com:443
- TCP(TLS/1.0) adserve####.net:443
- TCP(TLS/1.0) i.i####.com:443
- TCP(TLS/1.0) trafads####.ru:443
- TCP(TLS/1.0) f####.google####.com:443
- TCP(TLS/1.0) js.juic####.com:443
- TCP(TLS/1.0) sl.peakon####.com:443
- TCP(TLS/1.0) ad####.net:443
- TCP(TLS/1.0) csk####.com:443
- TCP(TLS/1.0) adz####.net:443
- TCP(TLS/1.0) app.super####.io:443
- TCP(TLS/1.0) c####.cloudf####.com:443
- TCP(TLS/1.0) w####.bol.com:443
- TCP(TLS/1.0) bang####.app.link:443
- TCP(TLS/1.0) gb####.com.edg####.net:443
- TCP(TLS/1.0) yvk8####.a####.net:443
- TCP(TLS/1.0) www.captain####.com:443
- TCP(TLS/1.0) jsde####.a7####.flexbal####.net:443
- TCP(TLS/1.0) omare####.com:443
- TCP(TLS/1.0) d####.add####.com.####.net:443
- TCP(TLS/1.0) 1####.217.168.234:443
- TCP(TLS/1.0) f####.gst####.com:443
- TCP(TLS/1.0) ads.globala####.us:443
- TCP(TLS/1.0) media####.club:443
- TCP(TLS/1.0) www.adsuppl####.net:443
- TCP(TLS/1.0) a-####.a-afde####.net.####.net:443
- TCP(TLS/1.0) www.por####.com:443
- TCP(TLS/1.0) Edge-Pr####.c####.t-####.####.net:443
- TCP(TLS/1.0) www.gst####.com:443
- TCP(TLS/1.0) surfe####.xyz:443
- TCP(TLS/1.0) globala####.com:443
- TCP(TLS/1.0) ka####.com:443
- TCP(TLS/1.0) ta####.offerst####.net:443
- TCP(TLS/1.0) sax.peakon####.com:443
- TCP(TLS/1.0) a####.google####.com:443
- TCP(TLS/1.0) mfk-net####.com:443
- TCP(TLS/1.0) p####.prizes4####.com:443
- TCP(TLS/1.0) p####.google####.com:443
- TCP(TLS/1.2) a####.google####.com:443
DNS requests:
- a####.al####.com
- a####.google####.com
- a.ex####.com
- ad####.net
- ad####.s3.amazo####.com
- ad.a####.com
- adk.mybestc####.net
- admedi####.net
- ads####.com
- ads####.com
- ads.adxad####.com
- ads.ex####.com
- ads.globala####.us
- adse####.juic####.com
- adserve####.net
- adz####.net
- and####.cli####.go####.com
- and####.google####.com
- app.super####.io
- b####.aliexp####.com
- ban####.mello####.com
- bang####.app.link
- c####.cloudf####.com
- c####.showcas####.com
- c.atandm####.com
- cdn-####.por####.com
- cdn-sta####.por####.com
- cdn.en####.phn.####.com
- cdn.jsde####.net
- clic####.c0c.xyz
- cp####.com
- cs-g####.com
- csk####.com
- deflora####.xyz
- eb.u####.de
- en####.phn.double####.com
- f####.beach####.club
- f####.google####.com
- f####.gst####.com
- g####.face####.com
- gl####.gb####.com
- globala####.com
- granat####.xyz
- i####.ddit####.com
- i####.stat####.com
- i.i####.com
- instant####.google####.com
- js.juic####.com
- ka####.com
- latest-####.roo####.ru
- limit####.xyz
- ma####.bootstr####.com
- medi####.pl
- media####.club
- mello####.com
- mfk-net####.com
- mo####.juic####.com
- mob.palmpar####.info
- mychip####.online
- myredi####.biz
- nativea####.com
- of.okyes####.com
- okjoj####.com
- omare####.com
- p####.google####.com
- p####.prizes4####.com
- poli####.com
- pop####.net
- porn####.com
- premium####.com
- ps.pop####.net
- rtb.a####.com
- s####.b####.com
- s####.bet
- s.c####.aliexp####.com
- s10.his####.com
- s7.add####.com
- safebro####.google####.com
- sax.peakon####.com
- sl.peakon####.com
- smart-v####.com
- spraytu####.xyz
- st####.a####.com
- st####.adxad####.com
- st####.ex####.com
- surfe####.xyz
- syndica####.ex####.com
- t####.c####.xyz
- t####.up####.com
- ta####.offerst####.net
- tr####.gowitht####.club
- tr####.trackth####.club
- trafads####.ru
- v.media####.club
- vo####.com
- w####.bol.com
- whaleca####.com
- www.adsuppl####.net
- www.adz####.net
- www.b####.com
- www.captain####.com
- www.google-####.com
- www.googlet####.com
- www.gst####.com
- www.por####.com
- www.porn####.com
- www.seeaw####.com
- www.statcou####.com
- www.u####.de
- xml.admidai####.com
- xml.admozar####.com
- xml.adokutc####.com
- xml.boffoad####.com
- xml.ctrtra####.com
- xml.expiali####.com
- xml.leo####.com
- xml.mediaco####.com
- xml.showca####.com
- xml.showcas####.com
- xml.xten####.com
HTTP GET requests:
- ad####.net/serve/ads.js
- ad####.s3.amazo####.com/ortb_display.js?publisher_id=####&site_id=####
- ad####.s3.amazo####.com/ortb_native.js?publisher_id=####&site_id=####
- ad.a####.com/1261399?size=####
- ad.a####.com/1261400?size=####
- ad.a####.com/1261402?size=####
- ad.a####.com/1261403?size=####
- adk.mybestc####.net/redirect?feed=####&auth=####
- admedi####.net/ads/300x250.html
- admedi####.net/js/asdshef.js
- admedi####.net/serve/ads.js
- admedi####.net/serve/ads.php?a=####&b=####&random=####&referr=####
- admedi####.net/serve/valid.php?a=####&b=####&referr=####&t=####&c=####&d...
- ads####.com/redirect?sid=####
- ads####.com/redirect?sid=####&rr=####&http_referer=####
- ads####.com/serve/show.php?a=####&b=####
- ads####.com/serve/valid.php?a=####&b=####&referr=####&t=####&c=####&e=##...
- ads.adxad####.com/ad?spotid=####&type=####&output=####
- adse####.juic####.com/adshow.php?adzone=####
- adz####.net/serve/show.php?a=####&b=####
- adz####.net/serve/valid.php?a=####&b=####&referr=####&t=####&c=####&e=##...
- and####.cli####.go####.com/analytics.js
- c####.showcas####.com/click/invalid/?tid=####
- cdn.en####.phn.####.com/Scripts/infinity.js.aspx?guid=####
- clic####.c0c.xyz/favicon.ico
- clic####.c0c.xyz/rest/ck/o/1291/2427508?click_id=####
- clic####.c0c.xyz/rest/ck/o/1291/2427508?click_id=####&mc=####
- click-x####.o18.click/c?o=####&m=####&a=####&sub_aff_id=####
- cp####.com/serve/show.php?a=####&b=####
- cp####.com/serve/valid.php?a=####&b=####&referr=####&t=####&c=####&e=###...
- cp####.com/store/300x250.png
- csk####.com/?a=####&oc=####&c=####&m=####&s1=####&s2=####
- csk####.com/favicon.ico
- d####.add####.com.####.net/js/300/addthis_widget.js
- deflora####.xyz/?subid=####
- en####.phn.double####.com/Tag.engine?time=-180&id=ebd29ac2-6528-487f-905...
- f####.beach####.club/redirect?feed=####&auth=####&lang=####&subid=####
- f####.beach####.club/redirect?feed=####&auth=####&subid=####
- f####.beach####.club/redirect?feed=####&auth=####&url=####&subid=####&qu...
- granat####.xyz/?k=53aaf####&subid=####&r=http:####&b=####&z=####
- granat####.xyz/?subid=####
- js.juic####.com/jam_min.js
- latest-####.roo####.ru/click/rtb?node=####&winPrice=####&winCurrency=###...
- medi####.pl/page.html
- medi####.pl/serve/show.php?a=####&b=####
- medi####.pl/serve/valid.php?a=####&b=####&referr=####&t=####&c=####&e=##...
- mo####.juic####.com/service_async.php/serveAd?JSON-response-callback=###...
- mo####.juic####.com/service_async.php?JSON-response-callback=####&id=###...
- mychip####.online/direct.php
- mychip####.online/gusta.php
- nativea####.com/code/3/loader.js
- of.okyes####.com/favicon.ico
- of.okyes####.com/redirect?uid=####&sourceid=####&clickid=####
- okjoj####.com/xeRxjqGKY?offer=####&cat=####&sub1=####&sub2=####
- poli####.com/portent/netbios/acl/1-945-75792d346b3f59a15409e2b6e76b807c?...
- pop####.net/world/go/150120/516864
- porn####.com/?cid=####
- premium####.com/d/46802859bf4f2398eae?sub=####&source=####
- premium####.com/d/46802859bf4f2398eae?sub=####&source=####&code=####&_td...
- premium####.com/favicon.ico
- premium####.com/gw?sub=8a9d47b8-4724-4618-8b29-5344454fea23&source=14812...
- ps.pop####.net/go/150120/516864
- rtb.a####.com/system/ip/get?callback=####
- s####.b####.com/favicon.ico
- s####.b####.com/redirect?s=####&at=####&rt=####&s2=####
- s####.bet/baner728x90.png
- s10.his####.com.####.me/js15_as.js
- st####.a####.com/a-ads-banners/77053/300x250?region=####
- st####.a####.com/a-ads-banners/77054/728x90?region=####
- st####.a####.com/a-ads-banners/92653/728x90?region=####
- st####.a####.com/a-ads-banners/97369/300x250?region=####
- st####.adxad####.com/css/wm.css
- surfe####.xyz/codes/zone_d?clicked=####&rcd=####&id=####
- syndica####.ex####.com/ads-iframe-display.php?idzone=3313702&type=300x25...
- syndica####.ex####.com/ads-iframe-display.php?idzone=3369157&type=728x90...
- t####.up####.com/click?id=####&aff=####&ost=####&click=####
- tr####.trackth####.club/l.php?trf=####&portal=####&d=####&source=####&da...
- vo####.com/opt?rid=####
- whaleca####.com/tools/iframe/dating/300x250.php?a=####
- www.porn####.com/css/style.css
- www.porn####.com/images/bg.gif
- www.porn####.com/images/logo1.png
- www.porn####.com/images/menu.gif
- www.porn####.com/images/rate-up.gif
- www.porn####.com/thumb/2i3o41po-n-ragazza-asiatica-di-londra-keyes-gioca...
- www.porn####.com/thumb/7u578yb7ec-n-duro-handjob-porno-scene-con-cattivo...
- www.porn####.com/thumb/9mcp7vlrix-n-giovane-thai-vergine-ottiene-selvagg...
- www.porn####.com/thumb/a7dyxum5-n-anne-curtis-pinay-filippina-sesso-vide...
- www.porn####.com/thumb/d6pb8pyelx-n-indonesiano-scena-panas.jpg
- www.porn####.com/thumb/ddkp7qsm01-n-indonesiano-slut.jpg
- www.porn####.com/thumb/e28jwnpf-n-1fuckdatecom-donna-asiatica-in-prestit...
- www.porn####.com/thumb/mafxzur9w6-n-asiatico-stretto-ragazza-ottiene-la-...
- www.porn####.com/thumb/mhx4jt1jia-n-asiatico-teen-ingoia-il-grande-cazzo...
- www.porn####.com/thumb/qd69nv4fqj-n-giapponese-av-modello-ottiene-un-sac...
- www.porn####.com/thumb/sm10os2yrb-n-anale-martellante-londra-keyes.jpg
- www.porn####.com/thumb/zt9p6srjmv-n-ava-devine-e-la-sua-guancia-splitter...
- www.seeaw####.com/zone/2287/107253,seeawhale
- xml.admidai####.com/redirect?feed=####&auth=####
- xml.admidai####.com/redirect?feed=####&auth=####&subid=####
- xml.admozar####.com/redirect?feed=####&auth=####
- xml.admozar####.com/redirect?feed=####&auth=####&query=####
- xml.adokutc####.com/redirect?feed=####&auth=####
- xml.boffoad####.com/redirect?feed=####&auth=####
- xml.ctrtra####.com/redirect?feed=####&auth=####
- xml.ctrtra####.com/redirect?feed=####&auth=####&subid=####
- xml.mediaco####.com/redirect?feed=####&auth=####
- xml.showca####.com/redirect?feed=####&auth=####
- xml.showcas####.com/feed/?link=####&tid=####&subid=####
- xml.xten####.com/redirect?feed=####&auth=####
- yvk8####.a####.net/iframe.php?idzone=####&size=####
- yvk8####.a####.net/library/257596/5454058a6ed6f182ace2c456308c45bcdb4b68...
- yvk8####.a####.net/library/322388/d65642d0161c921f3562b381f90ec259219b69...
HTTP POST requests:
- eb.u####.de/pgm/rt/lg
- www.u####.de:8802/sub/cb
- www.u####.de:8802/sub/v2/of
File system changes:
Creates the following files:
- /data/data/####/00d0ddf45cc6383f_0
- /data/data/####/01d1eab12affbf08_0
- /data/data/####/024861687a74493a_0
- /data/data/####/02a21c27d87e42ab_0
- /data/data/####/03be838f5e1ac55e_0 (deleted)
- /data/data/####/06538b798ea75466_0 (deleted)
- /data/data/####/07ab0760058132bd_0
- /data/data/####/0808a3ff61d2cb95_0
- /data/data/####/083c5e8ba124cb22_0
- /data/data/####/08e71b8dbc4bd19e_0
- /data/data/####/098a465910fd0a91_0 (deleted)
- /data/data/####/0d9b3b8b14c07eb6_0
- /data/data/####/0e8e9ce914f1fe4d_0 (deleted)
- /data/data/####/0f224fd74720a517_0
- /data/data/####/0f224fd74720a517_1
- /data/data/####/0f4a259b7b95dfa2_0
- /data/data/####/0fb6686f1d96c37d_0
- /data/data/####/0fc204e20d8458ac_0
- /data/data/####/0fe596bca9a47a44_0
- /data/data/####/0ffdfed7c3e62179_0
- /data/data/####/10766b9f47894660_0
- /data/data/####/121ed789ca53c6b1_0
- /data/data/####/12bffaf9e31cbbd2_0
- /data/data/####/12f594ddd3e5e2a7_0
- /data/data/####/1300aee730cfb7aa_0
- /data/data/####/14616214545947a9_0
- /data/data/####/14b02d5c7f445f1e_0
- /data/data/####/14facf4c98596c0d_0 (deleted)
- /data/data/####/1641fb12f56593a3_0
- /data/data/####/189cc51faa9df7e8_0
- /data/data/####/1c3e0796bc0eea90_0
- /data/data/####/1d5b94ce80ee123e_0
- /data/data/####/1debe05ea32b426e_0 (deleted)
- /data/data/####/1ec089c1c7e32385_0
- /data/data/####/1f261fc5ed7f32c1_0
- /data/data/####/20160121.xml
- /data/data/####/20ae4323dc585f99_0
- /data/data/####/20fce8b3aeb61ad5_0
- /data/data/####/23d3c71f8d65bc3d_0
- /data/data/####/2494ba868182194a_0
- /data/data/####/24f098faa2181147_0
- /data/data/####/2661268b5248137a_0
- /data/data/####/282d290d40da4657_0
- /data/data/####/288653e81de31bdd_0
- /data/data/####/2c3c30b620a14bac_0
- /data/data/####/2f4a41396829b0c5_0
- /data/data/####/2ff1054bbbcc5cf7_0
- /data/data/####/30b6cf486e2fdbc6_0
- /data/data/####/31a8282d7d1c9069_0
- /data/data/####/31f3c489c7797da2_0
- /data/data/####/32e03512170b2226_0
- /data/data/####/334bbb0c79871caa_0 (deleted)
- /data/data/####/33c7a7d30a68b8af_0
- /data/data/####/33e5539b42735f7c_0
- /data/data/####/34e12e4205c6ceeb_0
- /data/data/####/34f281e97e76e3cb_0
- /data/data/####/35cf68ee598f17e7_0
- /data/data/####/377cff283c1e9c16_0
- /data/data/####/37d0061f4141d9ab_0
- /data/data/####/382d18ff77e7f726_0
- /data/data/####/38366781749fb15d_0
- /data/data/####/3b665f8bae7eb996_0 (deleted)
- /data/data/####/3be1e20a515d1c17_0
- /data/data/####/3c1aef41378a253f_0
- /data/data/####/3db388e36baa2729_0
- /data/data/####/42bfee00be870022_0
- /data/data/####/44ebeed4c05b9d28_0
- /data/data/####/4578fbab6286911f_0 (deleted)
- /data/data/####/4653763c1977a37d_0 (deleted)
- /data/data/####/46739b35b94f66fd_0
- /data/data/####/479df6e6012b35c9_0
- /data/data/####/47cff2ba15008159_0
- /data/data/####/47cff2ba15008159_1
- /data/data/####/47e48122b8872905_0
- /data/data/####/4a993370a9dd24b4_0
- /data/data/####/4c05637c3ff92fe3_0
- /data/data/####/4c129f740df2e105_0
- /data/data/####/4d1682b83aa637e9_0
- /data/data/####/4d92ef08c1936985_0
- /data/data/####/50b500f3c37c21b3_0
- /data/data/####/50fcd87216232984_0
- /data/data/####/51dfe5f5e31bfd15_0
- /data/data/####/51dfe5f5e31bfd15_1
- /data/data/####/523a436888ab886f_0
- /data/data/####/53fb8d282aa399eb_0
- /data/data/####/53fb8d282aa399eb_1
- /data/data/####/54bdda0b564b43b0_0
- /data/data/####/54eb92f5870b8784_0
- /data/data/####/557123d35ab7b9fd_0
- /data/data/####/56623e1b333916c0_0
- /data/data/####/591f4c0436560bd4_0
- /data/data/####/594b2600051570f5_0
- /data/data/####/59639dfcf64b6b01_0
- /data/data/####/5980ad4139c82a3e_0
- /data/data/####/59b74a2060506a8c_0 (deleted)
- /data/data/####/5bd89eaba18f4bb3_0
- /data/data/####/5cafdb6ca988d16c_0 (deleted)
- /data/data/####/5ce54eb70c4b9da4_0
- /data/data/####/5cfcb9bf45f7668b_0 (deleted)
- /data/data/####/5da62c6a9d273fce_0 (deleted)
- /data/data/####/5da91d39f1589c2f_0
- /data/data/####/5e093ac55b95cc17_0
- /data/data/####/5eac0967109ac48f_0 (deleted)
- /data/data/####/5fd3e9efbf0f6700_0
- /data/data/####/5fd4c62e085fe11b_0
- /data/data/####/6159008457cf5310_0 (deleted)
- /data/data/####/61d9b54d02d5d48d_0
- /data/data/####/637e276e1f0d0049_0
- /data/data/####/64c4434982f37bc8_0
- /data/data/####/651d79a7aa3ead19_0
- /data/data/####/658b0eb42686dbd6_0
- /data/data/####/671056c84e8c8b80_0
- /data/data/####/6804c35bb56e9289_0
- /data/data/####/6804c35bb56e9289_1
- /data/data/####/69b7a96779a36ecc_0
- /data/data/####/6a21e617bbbd5073_0
- /data/data/####/6be0eb0b64efde5c_0
- /data/data/####/6c01ee39bca8b8a6_0
- /data/data/####/6c01ee39bca8b8a6_1
- /data/data/####/6cbdbe37752bc0a7_0
- /data/data/####/6cc9147d60320931_0
- /data/data/####/6da536effd25af11_0
- /data/data/####/6e0d0217639402d4_0
- /data/data/####/6ecd143ecb3408ab_0
- /data/data/####/6ff899500bc5dbfa_0
- /data/data/####/6ffda78af0de4e08_0
- /data/data/####/7326128916909770_0
- /data/data/####/7326128916909770_1
- /data/data/####/73bbe5adeb5ebdfc_0 (deleted)
- /data/data/####/7450a2a03c29f8e4_0
- /data/data/####/765efd0402e72e3f_0
- /data/data/####/77deeb3beafc2226_0
- /data/data/####/78c2164935ded630_0 (deleted)
- /data/data/####/78ceeef6649a5465_0
- /data/data/####/78ceeef6649a5465_1
- /data/data/####/795e8977e7c0cc1a_0
- /data/data/####/7ab2c7beab2813b6_0
- /data/data/####/7c6fdfee91393ed5_0
- /data/data/####/7d57d51608e03417_0 (deleted)
- /data/data/####/7e3b3b7b79bdeef7_0
- /data/data/####/8123a076434ee36f_0
- /data/data/####/8123a076434ee36f_1
- /data/data/####/817908d2c79b561d_0
- /data/data/####/8288c8a1cd8a541b_0
- /data/data/####/83cde9e8e08fbb05_0
- /data/data/####/850b60238314fdcb_0
- /data/data/####/8596fcf7e5f63e22_0
- /data/data/####/8596fcf7e5f63e22_1
- /data/data/####/8724c000261fd1b2_0 (deleted)
- /data/data/####/884bcbdfc1d2129d_0 (deleted)
- /data/data/####/8ac5480ef1eca30a_0
- /data/data/####/8b11473c0abb25c2_0 (deleted)
- /data/data/####/8b435b0be3dfb32c_0
- /data/data/####/8c1f0f308c0f177e_0
- /data/data/####/8c1f0f308c0f177e_1
- /data/data/####/8cbfeb6d8ca666e1_0
- /data/data/####/8d4f23c6a832a130_0
- /data/data/####/8eb55c6a0ddcae21_0
- /data/data/####/8ec77846ae80eb5f_0
- /data/data/####/8ee7ae1fdd4ac0d5_0
- /data/data/####/9000fcc22b4c8c3e_0
- /data/data/####/9000fcc22b4c8c3e_1
- /data/data/####/912c3fb3cf94866f_0
- /data/data/####/91ce2b592c5dca9a_0
- /data/data/####/939baf813f01e5af_0
- /data/data/####/95b2a4c98c7a664e_0
- /data/data/####/95e541621224a919_0
- /data/data/####/9677fba489158035_0
- /data/data/####/96f4e2c9332d7999_0
- /data/data/####/983e0078fec0ba26_0
- /data/data/####/98e2f76706750e1e_0
- /data/data/####/99c025df9243777c_0
- /data/data/####/9b33959204089754_0
- /data/data/####/9d6d53e7bf60fa4c_0
- /data/data/####/9d7badd6ff303cc4_0
- /data/data/####/9df6216f8e37bfb3_0
- /data/data/####/9e01f9f573693863_0
- /data/data/####/9e5dd863e9e6fad3_0 (deleted)
- /data/data/####/9e694ed752d2d753_0
- /data/data/####/AD_ID_SPINFO.xml
- /data/data/####/AppEventsLogger.persistedevents
- /data/data/####/Cookies-journal
- /data/data/####/WebViewChromiumPrefs.xml
- /data/data/####/a1e0f48c5a117a42_0
- /data/data/####/a239fd0a58b5fee8_0
- /data/data/####/a35157493b948996_0 (deleted)
- /data/data/####/a39282499de1c209_0
- /data/data/####/a71609262e2e52d3_0 (deleted)
- /data/data/####/a768e441318ea192_0
- /data/data/####/a7f267a9ee2c272a_0 (deleted)
- /data/data/####/a91d548d0f5f7852_0
- /data/data/####/a91d548d0f5f7852_1
- /data/data/####/aa04e397ea549cf4_0
- /data/data/####/aa04e397ea549cf4_1
- /data/data/####/aa5323162084857b_0
- /data/data/####/ab3b0bcc5210593c_0
- /data/data/####/ab3b0bcc5210593c_1
- /data/data/####/ac4b4333f1bc4153_0
- /data/data/####/ad5528f80ed6f589_0
- /data/data/####/ad74ff4ab1a0232b_0
- /data/data/####/adf1b0bb7087c12c_0
- /data/data/####/ae68a0ebdb3c219e_0
- /data/data/####/af458982c7499ec5_0
- /data/data/####/afb1d1a5c18a3ebf_0
- /data/data/####/afe092e3afbb137c_0
- /data/data/####/afe092e3afbb137c_1
- /data/data/####/afe49c5530da957c_0
- /data/data/####/b02c1f0a1d39c10f_0
- /data/data/####/b081607e6b223eba_0
- /data/data/####/b16b09b9d833963f_0
- /data/data/####/b2ee0f07efc20270_0 (deleted)
- /data/data/####/b33b73c203293871_0
- /data/data/####/b33b73c203293871_1
- /data/data/####/b35d0850755ded39_0
- /data/data/####/b48304c9307c45cc_0 (deleted)
- /data/data/####/b4b63bfd520ec52a_0
- /data/data/####/b57f69fcd4891f2f_0 (deleted)
- /data/data/####/b5aa782f087fa3de_0
- /data/data/####/b919a485e512ad2b_0
- /data/data/####/bfc8e18478c8460b_0
- /data/data/####/c16690bb2643df18_0
- /data/data/####/c18c8eea05b75338_0
- /data/data/####/c2012df0daaea192_0
- /data/data/####/c21db92bd0ea3a03_0 (deleted)
- /data/data/####/c25a92c66f827c7a_0
- /data/data/####/c29b484fd3fae648_0
- /data/data/####/c526f1646e246531_0
- /data/data/####/c526f1646e246531_1
- /data/data/####/c53f721b42af0b45_0
- /data/data/####/c60fd1af939fd293_0
- /data/data/####/c702d21c8b81a821_0
- /data/data/####/c702d21c8b81a821_1
- /data/data/####/c8917a2bdcf1daf2_0
- /data/data/####/c8a9dfb538e355ab_0
- /data/data/####/cb69b4e29be58fda_0
- /data/data/####/cc01e2ccae084534_0
- /data/data/####/cc1f88be6492a041_0 (deleted)
- /data/data/####/cd7f4171ac0b514f_0
- /data/data/####/cdd23f880b58079f_0
- /data/data/####/cdd6311848e02a14_0
- /data/data/####/ce46b7db43bedc38_0
- /data/data/####/cf10dc9c699bafd8_0 (deleted)
- /data/data/####/com.beauty.android.app.camera.BeautyService1a.xml
- /data/data/####/com.beauty.android.app.camera_preferences.xml
- /data/data/####/com.beauty.android.app.camera_preferences.xml.bak
- /data/data/####/com.facebook.internal.preferences.APP_SETTINGS.xml
- /data/data/####/com.facebook.sdk.appEventPreferences.xml
- /data/data/####/com.facebook.sdk.attributionTracking.xml
- /data/data/####/d07a90e0a251f278_0
- /data/data/####/d154e9ed4a9e54f2_0
- /data/data/####/d33e8aac5787662b_0
- /data/data/####/d33e8aac5787662b_1
- /data/data/####/d3e4412d0909b19a_0
- /data/data/####/d429b8e3777ef3db_0 (deleted)
- /data/data/####/da02077d160f7f70_0
- /data/data/####/db2c3763a52cbfd9_0
- /data/data/####/dbb5dd498e88608b_0
- /data/data/####/dc724aef475e0fd1_0
- /data/data/####/dcfb4e435921d989_0
- /data/data/####/df20d204c01ee195_0
- /data/data/####/e22ebeaeac9362c6_0
- /data/data/####/e52c3fff63732cdf_0 (deleted)
- /data/data/####/e716049129feeb78_0 (deleted)
- /data/data/####/e77b6b47dcdbf005_0
- /data/data/####/e8099867088b317f_0
- /data/data/####/e9a88c87a95493be_0
- /data/data/####/e9afcd975f630043_0
- /data/data/####/ea2b231323734d72_0
- /data/data/####/ebf61a7b90fad473_0 (deleted)
- /data/data/####/ee2e54f9f594afd7_0
- /data/data/####/ef518e2398b8ae64_0
- /data/data/####/f114b8ff4a0a1ed8_0
- /data/data/####/f12768fb637ac226_0 (deleted)
- /data/data/####/f1e195e3c00fd70e_0
- /data/data/####/f2cf4221ad26f0b6_0 (deleted)
- /data/data/####/f2f40fe120f9b8a6_0 (deleted)
- /data/data/####/f335a25ee7ecd3e9_0
- /data/data/####/f461a094374e9566_0 (deleted)
- /data/data/####/f597db8bdd5fc4e5_0
- /data/data/####/f7d367eed8380fc4_0
- /data/data/####/f7e7d721b4f5352c_0 (deleted)
- /data/data/####/f90737460ad4748f_0
- /data/data/####/fb0c9665280a70af_0 (deleted)
- /data/data/####/fc18bc3267db60c9_0
- /data/data/####/fce3eb34268758cf_0
- /data/data/####/fce3eb34268758cf_1
- /data/data/####/fd0463750703c1f7_0 (deleted)
- /data/data/####/fe15b1a5d706916e_0 (deleted)
- /data/data/####/ffd4904a109c6cae_0
- /data/data/####/fff33be0377144d2_0 (deleted)
- /data/data/####/http_porndult.com_0.localstorage-journal
- /data/data/####/index
- /data/data/####/kp.xml
- /data/data/####/loa.xml
- /data/data/####/loa.xml.bak
- /data/data/####/loa.xml.bak (deleted)
- /data/data/####/metrics_guid
- /data/data/####/o15729.dex
- /data/data/####/o15729.dex.flock (deleted)
- /data/data/####/temp-index
- /data/data/####/the-real-index
- /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_t/o15729.dex --oat-fd=51 --oat-location=/data/user/0/<Package>/app_dd/o15729.dex --compiler-filter=speed
- logcat -d -v time
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.
Manages Wi-Fi connectivity.
