ID: Sample Name: com.cleanmaster.mguard_ apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:32:59 Date: 27/02/2018 Version: 22.0.

Transcription

1 ID: Sample Name: com.cleanmaster.mguard_ apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:32:59 Date: 27/02/2018 Version:

2 Table of Contents Table of Contents Analysis Report Overview General Information Detection Classification Signature Overview Change of System Appearance: Location Tracing: Operating System Destruction: Spam, unwanted Advertisements and Ransom Demands: Exploits: Key, Mouse, Clipboard, Microphone and Screen Capturing: E-Banking Fraud: Networking: Boot Survival: Remote Access Functionality: Stealing of Sensitive Information: Persistence and Installation Behavior: Data Obfuscation: Spreading: System Summary: Anti Debugging: Malware Analysis System Evasion: Hooking and other Techniques for Hiding and Protection: Lowering of HIPS / PFW / Operating System Security Settings: Language, Device and Operating System Detection: Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Screenshot Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Static File Info General Static APK Info General Activities Receivers Services Permission Requested Certificate Resources Network Behavior Network Port Distribution Copyright Joe Security LLC 2018 Page 2 of 170

3 TCP Packets UDP Packets DNS Queries DNS Answers HTTP Request Dependency Graph HTTP Packets HTTPS Packets APK Behavior Installation Miscellaneous By Permission (executed) By Permission (non-executed) By Class (executed) By Class (non-executed) By API Disassembly 0 Executed Methods 0 Non-Executed Methods Copyright Joe Security LLC 2018 Page 3 of 170

4 Analysis Report Overview General Information Joe Sandbox Version: Analysis ID: Start time: 18:32:59 Joe Sandbox Product: CloudBasic Start date: Overall analysis duration: Hypervisor based Inspection enabled: Report type: Sample file name: Cookbook file name: 0h 6m 29s Analysis system description: Android 6.0 Detection: Classification: Warnings: Errors: false light com.cleanmaster.mguard_ apk defaultandroidfilecookbook.jbs MAL Show All An application runtime error occurred No interacted views No simulation commands forwarded to apk Not all executed log events are in report (maximum 10 identical API calls) Not all resource files were parsed Not all resource strings were parsed Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing disassembly code. Report size exceeded maximum capacity and may have missing dynamic data code. Execution failed: Runtime errorexternal Dependency Missing Detection Strategy Score Range Reporting Detection Threshold Report FP / FN Classification Copyright Joe Security LLC 2018 Page 4 of 170

5 Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Signature Overview of System Appearance Change Tracing Location System Destruction Operating unwanted Advertisements and Ransom Demands Spam, Exploits Mouse, Clipboard, Microphone and Screen Capturing Key, Fraud E-Banking Networking Survival Boot Access Functionality Remote of Sensitive Information Stealing and Installation Behavior Persistence Obfuscation Data Spreading Summary System Debugging Anti Analysis System Evasion Malware and other Techniques for Hiding and Protection Hooking of HIPS / PFW / Operating System Security Settings Lowering Language, Device and Operating System Detection Click to jump to signature section Change of System Appearance: Copyright Joe Security LLC 2018 Page 5 of 170

6 Acquires a wake lock Mutes phone vibration Mutes ringtone sound Sets a repeating alarm May access the Android keyguard (lock screen) Location Tracing: Queries the phones location (GPS) Operating System Destruction: Lists and deletes files in the same context Kills background processes Spam, unwanted Advertisements and Ransom Demands: Loads advertisement Has permission to write to the SMS storage Has permission to write to the default browser history May check for popular installed apps May dial phone number May use Google Cloud Messaging (GCM) or Google's Cloud to Device Messaging (C2DM) services Exploits: Might use exploit to break dedexer tools Key, Mouse, Clipboard, Microphone and Screen Capturing: Has permission to record audio in the background Has permission to take photos E-Banking Fraud: Contains package name strings related to banking (usually for identifying banking APKs) Has functionalty to add an overlay to other apps Has permission to query the list of currently running applications Loads a webpage with cache disabled May check for popular installed apps May query for the most recent running application (usually for UI overlaying) Likely adds an overlay to existing apps to lurk for credit card information Networking: Downloads compressed data via HTTP Downloads files from webservers via HTTP Found strings which match to known social media urls Monitors network connection state Performs DNS lookups Posts data to webserver Urls found in memory or binary data Uses HTTP for connecting to the internet Uses HTTPS Checks an internet connection is available Copyright Joe Security LLC 2018 Page 6 of 170

7 Enables or disables WIFI Loads a webpage with cache disabled Opens an internet connection Performs DNS lookups (Java API) Scans for WIFI networks Tries to resolve many domain names, but no domain seems valid Boot Survival: Installs a new wake lock (to get activate on phone screen on) Remote Access Functionality: Found suspicious command strings (may be related to BOT commands) Has permission to mount or unmount file systems (removable storage) Uses DownloadManager to fetch additional components Stealing of Sensitive Information: Has permission to query the current location Checks if a SIM card is installed Has permission to read contacts Has permission to read the SMS storage Has permission to read the call log Has permission to read the default browser history Has permission to read the phones state (phone number, device IDs, active call ect.) Has permissions to create, read or change account settings (inlcuding account password settings) Queries a list of installed applications Queries camera information Queries media storage location field Queries stored mail and application accounts (e.g. Gmail or Whatsup) Queries system settings Queries the Googl Account Name Reads boot loader settings of the device Reads logcat Leaking sensitive information via HTTP to a webserver Persistence and Installation Behavior: Creates files Installs an application shortcut on the screen Sets an intent to the APK data type (used to install other APKs) Data Obfuscation: Obfuscates method names Uses reflection Spreading: Accesses external storage location Has permission to change the WIFI configuration including connecting and disconnecting System Summary: Copyright Joe Security LLC 2018 Page 7 of 170

8 Classification label Creates SQLiteDatabase table Loads native libraries Reads shares settings Executes native commands Kills/terminates processes Requests permissions only permitted to signed APKs Requests potentially dangerous permissions Anti Debugging: Potentially drops DEX files Malware Analysis System Evasion: May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) Accesses /proc Accesses android OS build fields Checks CPU details Checks partitions Queries several sensitive phone informations Queries the unique operating system id (ANDROID_ID) Tries to detect QEMU emulator Hooking and other Techniques for Hiding and Protection: Uses Crypto APIs Has permission to draw over other applications or user interfaces Has permission to query the list of currently running applications Queries list of running processes/tasks Restarts running process Lowering of HIPS / PFW / Operating System Security Settings: May check for install Android security applications (AV and firewalls) Language, Device and Operating System Detection: Queries the SIM provider ISO country code Queries the SIM provider name (SPN - Service Provider Name) Queries the SIM provider numeric MCC+MNC (mobile country code + mobile network code) Queries the network operator ISO country code Queries the network operator name Queries the network operator numeric MCC+MNC (mobile country code + mobile network code) Queries the unqiue device ID (IMEI, MEID or ESN) Antivirus Detection Initial Sample Source Detection Scanner Label Link com.cleanmaster.mguard_ apk 0% virustotal Browse Copyright Joe Security LLC 2018 Page 8 of 170

9 Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains Source Detection Scanner Label Link setting.rayjump.com 1% virustotal Browse behacdn.ksmobile.net 0% virustotal Browse config.inmobi.com 0% virustotal Browse strategy.lmobi.net 4% virustotal Browse unconf.adkmob.com 0% virustotal Browse Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Screenshot Copyright Joe Security LLC 2018 Page 9 of 170

10 Created / dropped Files /data/user/0/com.cleanmaster.mguard/files/cleancloud/cfcl_cache File Type: Size (bytes): 32 Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: data false 811A7A186603FCAFF2C15BC6C82C3B64 C148FC340660D5A79E F735BDAFDAD 68D84B9D93F379C6FE0BDD0C548903C7DBED6986E254DA0ACB3AC44986D8AC7C 23C031FBE15FA542A4AB992FDEABD3F444CC212BABA6DC6D9FB2ABE1A BCB85EE4E2E60498F9A7E C827F13D4A3F15BF0073CD F6157B8E true low /data/user/0/com.cleanmaster.mguard/files/cleancloud/fcl_cache File Type: data Copyright Joe Security LLC 2018 Page 10 of 170

11 /data/user/0/com.cleanmaster.mguard/files/cleancloud/fcl_cache Size (bytes): 56 Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: false B451F793D AE6F97F708F60C9C D835F599A398226CA6611FF56D ED13 EDD61EEAD960C08758E1C9E85483A11E47FCCB0B37F89402AD E5C4 07D331520AD96B4ADD6E6D8E793258CD8777E15E9195EB187B9A70A65591ED0ADE2C8A1BAD4A702C994CB7E67 C1B294B4FA76525F3AFABA0BCC465D650449FA9 false low /data/user/0/com.cleanmaster.mguard/files/kctrl.dat File Type: Size (bytes): 3775 ASCII text Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: false 5418E97CA2B1AB5A8463A BC3F 1D970D6490F4EAB4F3C97ACEE3ACBD80EA FE61581DB87418E03DC26C7FECD6A843AF16FEBFDA99A525B4EAABB6260A C4009F4B4903DF1F7AA97D153F91597C8F68C9B7E6A3F730BE4BDD1C11D4890E67F75A052568BE4047FBD F8F767F0B573A24D676462FF2F12D2 true low /data/user/0/com.cleanmaster.mguard/files/kfmt.dat File Type: Size (bytes): Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: ASCII text, with very long lines, with CRLF line terminators false 98F6CCD152036DA31F6A27F8A65BE818 D34E7B3ABBE E398D03E395E41C27EFF75 D57BAA54E339D4073A41E7F4FE0778EDD3BF5B1F799A0D512E25CF606EA AF67CC323DC5792D1C5D1BC3D17938C99C4F2CCD61BF24C9F2F E48967D28303E40DC3478E8908EC8 0A1B4B08CB4F85F272957CBB2589E7936B27B true low /storage/emulated/0/android/data/com.cleanmaster.mguard/files/dump/crash_6.11.3( )_ _ txt File Type: Size (bytes): 2271 ASCII text, with very long lines Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: false 484AAFEDCED625E1F7CA E99 1C55772BA13079AB9096E19D123F05CD68DFB412 28A4F37A0139C4C932D303BA115473DF044B21AA060D78155BB502C347BB970C 3F5EC9DF5436CF7BF5D C0A32471B6824B2DE453379D758B47DB70399D6B2B2F2CE6738C0B0D79866AA0 6621EF4E05AE823A43D2F6267C0C5E4006C18 true low /storage/emulated/0/android/data/com.cleanmaster.mguard/files/dump/crash_6.11.3( )_ _ txt File Type: Size (bytes): 2321 ASCII text, with very long lines Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: false 9658F84F3FBBD7CE A70B7C92 B961EC7AE6995ED41DBDFC021CFC3AF11D6E58CF 66C1CB1DE659E1E78AC1ED C754F117E6D292A79E816F0B21E D CAB3CBA5BA584029D0D6BFAB544F29F23E47C1BC9D5E71A89DFB6E E9BF3738BC946F2C2FE4F9597B C2C0D5D5D BF995BCE73B8C8 true low Copyright Joe Security LLC 2018 Page 11 of 170

12 Contacted Domains/Contacted IPs Contacted Domains Name IP Active Malicious Antivirus Detection setting.rayjump.com true false 1%, virustotal, Browse behacdn.ksmobile.net true false 0%, virustotal, Browse config.inmobi.com true false 0%, virustotal, Browse strategy.lmobi.net true false 4%, virustotal, Browse unconf.adkmob.com true false 0%, virustotal, Browse bp.adkmob.com true false graph.facebook.com true false appinfocdn.ksmobile.net true false analytics.rayjump.com true false ups.ksmobile.net true false dl.google.com true false weather.ksmobile.net true false cmplay.did.ijinshan.com unknown unknown true cfg.cml.ksmobile.com unknown unknown true us.st.dp.ksmobile.com.example.org unknown unknown true help.pc120.com unknown unknown true cmplay.did.ijinshan.com.example.org unknown unknown true us.st.dp.ksmobile.com unknown unknown true help.pc120.com.example.org unknown unknown false cfg.cml.ksmobile.com.example.org unknown unknown false Contacted IPs No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs IP Country Flag ASN ASN Name Malicious United States AMAZON-02-AmazoncomIncUS false United States AMAZON-02-AmazoncomIncUS false United States 7018 ATT-INTERNET4- ATTServicesIncUS false Reserved unknown unknown false United States AMAZON-02-AmazoncomIncUS false United States AMAZON-02-AmazoncomIncUS false United States AMAZON-02-AmazoncomIncUS false United States 7018 ATT-INTERNET4- ATTServicesIncUS Copyright Joe Security LLC 2018 Page 12 of 170 false

13 IP Country Flag ASN ASN Name Malicious United States GOOGLE-GoogleIncUS false Ireland FACEBOOK-FacebookIncUS false United States GOOGLE-GoogleIncUS false United States GOOGLE-GoogleIncUS false United States AMAZON-02-AmazoncomIncUS false United States GOOGLE-GoogleIncUS false Singapore INMOBI-InMobiIncUS false United States 7018 ATT-INTERNET4- ATTServicesIncUS false Static File Info General File type: Zip archive data, at least v2.0 to extract Entropy (8bit): TrID: Java Enterprise Archive (19504/1) 33.91% Android Package (19004/1) 33.04% Java Archive (13504/1) 23.48% ZIP compressed archive (4004/1) 6.96% Java Script embedded in Visual Basic Script (1500/0) 2.61% File name: File size: MD5: SHA1: SHA256: SHA512: File Content Preview: com.cleanmaster.mguard_ apk 8a7cc5542e51cf3464dc3d18f73b a6ebbb4df111d3968affc1e14d3a25a146 9bb8ecaf5c9a4b69c45fc6de46f583fed1ea316b1f1cda1e 3467eb7090f345a0 2139c8cf37e9c66614bad88b467695a623ab9656aa1125 0e0a973c8d598c3d3c436b55e905bc9dd8505e8df26d3b 63f5770e3de4fe1e75e72164d5d535542e56 PK...!.9...8]...AndroidManifest.xml..yXec...&$....c02BH...$$d.u%$$...}..}..a..lc'$c..l##...'.)...s..t.9..~..~...Y..Y C..._...Z...B/...`<...I...DFD.cH..Gp#...L..K.....<..Lc...SI3'r9w.1w.<.S..\...K..d..QD.g.A..."ne.e. Static APK Info General Label: Clean Master Minimum SDK required: 18 Target SDK required: 17 Version Code: Version Name: Package Name: com.cleanmaster.mguard Is Activity: true Is Receiver: true Is Service: true Requests System Level Permissions: false Play Store Compatible: true Activities Name com.cleanmaster.mguardcom.keniu.security.main.mainactivity com.cleanmaster.mguardcom.cleanmaster.security.ui.privacycleanactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.market.activity.promotionwebviewdialog com.cleanmaster.mguardcom.cleanmaster.security.scan.result.securitymainactivity com.cleanmaster.mguardcom.cleanmaster.security.newsecpage.ui.vpnrequestactivity com.cleanmaster.mguardcom.cleanmaster.security.newsecpage.ui.vpndetailactivity com.cleanmaster.mguardcom.cleanmaster.security.newsecpage.ui.sgnewdetailactivity com.cleanmaster.mguardcom.cleanmaster.security.newsecpage.ui.vpnexperienceactivity com.cleanmaster.mguardcom.cleanmaster.security.newsecpage.ui.securitynewsettingactivity com.cleanmaster.mguardcom.cleanmaster.security.scan.ui.sdcard.securitysdscanactivity com.cleanmaster.mguardcom.cleanmaster.security.appinfo.securityappinfoactivity Is Entrypoint true Copyright Joe Security LLC 2018 Page 13 of 170

14 Name com.cleanmaster.mguardcom.cleanmaster.security.scan.ui.safeappslistactivity com.cleanmaster.mguardcom.cleanmaster.privacy.ui.browseritemdetailactivity com.cleanmaster.mguardcom.cleanmaster.photomanager.ui.photogridactivity com.cleanmaster.mguardcom.cleanmaster.photomanager.ui.photogridpathactivity com.cleanmaster.mguardcom.cleanmaster.photomanager.ui.photodetailactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junkmanageractivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.brandscreendetailvideoactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.brandscreendetailimageactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.brandscreencardvideoactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junksimilarpicactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junksimilarpicactivitya com.cleanmaster.mguardcom.cleanmaster.photo.photomanager.ui.similarpictureactivity com.cleanmaster.mguardcom.cleanmaster.photo.photomanager.ui.photodetailactivity com.cleanmaster.mguardcom.cleanmaster.photoclean.junksimilarignorepicactivity com.cleanmaster.mguardcom.cleanmaster.photo.photomanager.ui.photoignoreactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.photomanagemainactivity com.cleanmaster.mguardcom.cleanmaster.base.util.system.guideopensystempermission com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junkpicrecycleactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junkrecycleactivity com.cleanmaster.mguardcom.cleanmaster.photocompress.ui.photocompressactivity com.cleanmaster.mguardcom.keniu.security.newmain.livemewebactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.market.activity.marketappwebactivity com.cleanmaster.mguardcom.cleanmaster.weather.sdk.news.newswebactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.imgdetailactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.appdownloadmanageractivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.newappuninstallactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.newappuninstallsimpleactivity com.cleanmaster.mguardcom.cleanmaster.security.scan.monitoruninstallactivity com.cleanmaster.mguardcom.conflit.check.confcheckeractivity com.cleanmaster.mguardcom.keniu.security.main.firstaccessnetdialogactivity com.cleanmaster.mguardcom.cleanmaster.security.scan.monitorinstallactivity com.cleanmaster.mguardcom.cleanmaster.security.scan.monitorinstallremainactivity com.cleanmaster.mguardcom.cleanmaster.boost.main.processmanageractivity com.cleanmaster.mguardcom.cleanmaster.boost.main.processmanagerabove26activity com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gamemanageractivity com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gameaddactivity com.cleanmaster.mguardcom.cleanmaster.boost.process.ui.processaddmoreactivity com.cleanmaster.mguardcom.cleanmaster.processcleaner.processcleaneractivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.settingsactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.messagesettingsactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.notificationsettingsactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.notificationstylesettingsactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.setlanguageactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.swipethemeguideactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.floatswipesettingsactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.locationallowactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.trustapplistactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.junkwhitelistactivity com.cleanmaster.mguardcom.nt.sdk.tyroo.view.customactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.unrootalertdialogactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.localwebactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.cnaboutactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.aboutactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.weathersettingactivity com.cleanmaster.mguardcom.cleanmaster.weather.sdk.citiesactivity com.cleanmaster.mguardcom.cleanmaster.base.crash.crashfeedbackactivity com.cleanmaster.mguardcom.cleanmaster.applink.recommendcmxactivity com.cleanmaster.mguardcom.cleanmaster.feedback.feedbackactivity com.cleanmaster.mguardcom.cleanmaster.base.activity.dimensionalactivity com.cleanmaster.mguardcom.cleanmaster.boost.process.ui.processmanagersettingsactivity com.cleanmaster.mguardcom.cleanmaster.ui.settings.widgetguideactivity com.cleanmaster.mguardcom.cleanmaster.internalapp.ad.ui.batterydoctoractivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.uninstallmultiappactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.market.activity.marketcollectionactivity Is Entrypoint Copyright Joe Security LLC 2018 Page 14 of 170

15 Name com.cleanmaster.mguardcom.cleanmaster.internalapp.ad.ui.appmanagersmsholeactivity com.cleanmaster.mguardcom.cleanmaster.internalapp.ad.ui.recommendcmlockeractivity com.cleanmaster.mguardcom.cleanmaster.internalapp.ad.ui.newrecommendcmlockeractivity com.cleanmaster.mguardcom.cleanmaster.boost.process.ui.processwhitelistactivity com.cleanmaster.mguardcom.cooperate.uiswitchactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.dialogactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.gameboxactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.gamebox.permission.gamepermissionactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.gamebox.ui.activity.gameboostanimactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.gamebox.ui.activity.gamesorteditactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gameboxfornotificationactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gameproblemactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gameboxguidedialogactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.gamebox.ui.activity.gameboxfuncintroactivity com.cleanmaster.mguardcom.cleanmaster.boost.cpu.ui.cpunormalactivity com.cleanmaster.mguardcom.cleanmaster.security.scan.monitor.installmonitordialog com.cleanmaster.mguardcom.cleanmaster.login.userregisteroptionsactivity com.cleanmaster.mguardcom.cleanmaster.login.nicknamemodifyactivity com.cleanmaster.mguardcom.cleanmaster.login.logininputcodeactivity com.cleanmaster.mguardcom.cleanmaster.login.userregisteractivity com.cleanmaster.mguardcom.cleanmaster.login.userloginactivity com.cleanmaster.mguardcom.cleanmaster.login.userloginactivitynew com.cleanmaster.mguardcom.cleanmaster.login.userlogindialogactivity com.cleanmaster.mguardcom.cleanmaster.login.userverifyactivity com.cleanmaster.mguardcom.cleanmaster.login. sendstateactivity com.cleanmaster.mguardcom.cleanmaster.login.userhistoryloginactivity com.cleanmaster.mguardcom.cleanmaster.login.userforgetkeyactivity com.cleanmaster.mguardcom.cleanmaster.notification.notificationdialogactivity com.cleanmaster.mguardcom.cleanmaster.notification.notificationfunctionreplaceactivity com.cleanmaster.mguardcom.gau.go.launcherex.gowidget.cleanmaster.gowidgetactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.screensaversettingactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.screenlockersettingactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.screenlockersettingselecttypeactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.screenlockerguideactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.overchargingreminderactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.screensavernotificationsettingactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.screensaverguildactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junksdcardvideoactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.notificationguideblankactivity com.cleanmaster.mguardcom.cleanmaster.applock.bridge.overlaypermissionalertdialogactivity com.cleanmaster.mguardcom.ijinshan.screensavernew4.screensaver4activity com.cleanmaster.mguardcom.ijinshan.screensavernew.riskscanningactivity com.cleanmaster.mguardcom.ijinshan.screensavernew.dismisskeyguardactivity com.cleanmaster.mguardcom.cleanmaster.filemanager.ui.filemanagertabactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.honorhallactivity com.cleanmaster.mguardcom.cleanmaster.ledlight.flashlightactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.market.activity.videowebviewactivity com.cleanmaster.mguardcom.keniu.security.commonfunction.fbsharewebviewactivity com.cleanmaster.mguardcom.cleanmaster.ui.floatwindow.fifa.panel.floatnewswebviewactivity com.cleanmaster.mguardcom.cleanmaster.ui.space.spacemanageractivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.filemanageractivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.filemanagerwidgetguideactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.filemanagerappfileactivity com.cleanmaster.mguardcom.cleanmaster.ui.fmspace.fmspacemanageractivity com.cleanmaster.mguardcom.cleanmaster.ui.fmspace.item.fmspacedocsactivity com.cleanmaster.mguardcom.cleanmaster.ui.space.appcacheactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.appcategoryshortcutactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gamewebactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gamewebactivitytransparent com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gameboostwebactivity com.cleanmaster.mguardcom.cleanmaster.boost.autostarts.uistatic.autostartmanageractivity com.cleanmaster.mguardcom.cleanmaster.boost.abnormal.abnormalnotify.abnormalnotifyactivity com.cleanmaster.mguardcom.cleanmaster.phototrims.newui.phototrimcloudtoquickpicactivity com.cleanmaster.mguardcom.facebook.facebookactivity Is Entrypoint Copyright Joe Security LLC 2018 Page 15 of 170

16 Name com.cleanmaster.mguardcom.mopub.mobileads.mopubactivity com.cleanmaster.mguardcom.mopub.mobileads.mraidactivity com.cleanmaster.mguardcom.mopub.common.mopubbrowser com.cleanmaster.mguardcom.mopub.mobileads.mraidvideoplayeractivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junksimilarpicjumpactivity com.cleanmaster.mguardcom.cleanmaster.photoclean.photocleanresultactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junksimilardialogactivity com.cleanmaster.mguardcom.cleanmaster.boost.onetap.onetapcleaneractivity com.cleanmaster.mguardcom.cmcm.mixad.mixboxadactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junkdownloadmanageractivity com.cleanmaster.mguardcom.cleanmaster.internalapp.ad.contactbackuprecommendactivity com.cleanmaster.mguardcom.cleanmaster.internalapp.ad.wifiprotectionactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.applocksafequestionactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.applockpasswordactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.main.applockmainactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.applockrecommendedappactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.main.applockactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.applocksettingactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.applockinterstitialactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.applockoauthactivity com.cleanmaster.mguardcom.cleanmaster.intruder.ui.showphototimelineactivity com.cleanmaster.mguardcom.cleanmaster.intruder.ui.intruderselfiephotogridinstanceactivity com.cleanmaster.mguardcom.cleanmaster.intruder.ui.intruderselfiephotogridactivity com.cleanmaster.mguardcom.cleanmaster.intruder.ui.intruderselfiephotopageractivity com.cleanmaster.mguardcom.cleanmaster.intruder.ui.intruderselfieexperienceactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.runtimepermissionguideactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.lockscreen.activity.applockscreenactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.applockmiuifloatingwindowenableguideactivity com.cleanmaster.mguardcom.cleanmaster.security.scan.boostpageactivity com.cleanmaster.mguardcom.cleanmaster.security.appinfo.securityfeedback com.cleanmaster.mguardcom.cleanmaster.applink.deeplinkactivity com.cleanmaster.mguardcom.cleanmaster.internalapp.ad.ui.flowdatamonitoractivity com.cleanmaster.mguardcom.cleanmaster.ui.resultpage.item.newscontentactivity com.cleanmaster.mguardcom.cleanmaster.ui.space.weixinspecialactivity com.cleanmaster.mguardcom.cleanmaster.ui.space.weixinmediaactivity com.cleanmaster.mguardcom.cleanmaster.ui.space.recomfilemgractivity com.cleanmaster.mguardcom.cmcm.swiper.emptyactivity com.cleanmaster.mguardcom.cleanmaster.boost.acc.ui.appstandbyshortcut com.cleanmaster.mguardcom.cleanmaster.boost.acc.ui.onetapstandbyactivity com.cleanmaster.mguardcom.cleanmaster.boost.acc.ui.appstandbymainactivity com.cleanmaster.mguardcom.cleanmaster.boost.acc.ui.appstandbymainwidgetactivity com.cleanmaster.mguardcom.cleanmaster.boost.acc.scene.powerlandingpageactivity com.cleanmaster.mguardcom.cleanmaster.boost.acc.scene.powerscenedialogactivity com.cleanmaster.mguardcom.cleanmaster.login.bindphone.activity.personalinformationactivity com.cleanmaster.mguardcom.cleanmaster.weather.sdk.weathersdkactivity com.cleanmaster.mguardcom.cleanmaster.ui.space.scan.normalspecialactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junksysdatacacheactivity com.cleanmaster.mguardcom.cleanmaster.ncmanager.ui.notifycleaner.ncblacklistactivity com.cleanmaster.mguardcom.cleanmaster.ncmanager.ui.notifysettings.ncdisturbsettingsactivity com.cleanmaster.mguardcom.cleanmaster.ncmanager.ui.webview.ncwebactivity com.cleanmaster.mguardcom.cleanmaster.swipe.swipesearchactivity com.cleanmaster.mguardcom.ksmobile.business.sdk.search.webview.ssldialog com.cleanmaster.mguardcom.ksmobile.business.sdk.search.views.search_options.choicesearchengineactivity com.cleanmaster.mguardcom.ksmobile.business.sdk.search.webview.searchwebviewactivity com.cleanmaster.mguardcom.cleanmaster.security.scan.securityguideactivity com.cleanmaster.mguardcom.cleanmaster.ui.guide.appusageguideactivity com.cleanmaster.mguardcom.cleanmaster.ui.msgdistrub.notificationguideactivity com.cleanmaster.mguardcom.cleanmaster.ui.msgdistrub.ncpermissionguideactivity com.cleanmaster.mguardcom.cleanmaster.boost.acc.ui.powersavingalertswitchactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.screensavertoolsactivity com.cleanmaster.mguardcom.cleanmaster.locker.lockertoolsactivity com.cleanmaster.mguardcom.cleanmaster.locker.lockertoolsactivitynew com.cleanmaster.mguardcom.cleanmaster.locker.chargemasterstatusactivity com.cleanmaster.mguardcom.cleanmaster.swipe.swipeguideactivity Is Entrypoint Copyright Joe Security LLC 2018 Page 16 of 170

17 Name com.cleanmaster.mguardcom.intowow.sdk.webviewactivity com.cleanmaster.mguardcom.cleanmaster.swipe.swipeenableforactivity com.cleanmaster.mguardcom.cleanmaster.base.permission.ui.runtimepermissionactivity com.cleanmaster.mguardcom.cleanmaster.base.permission.ui.commpermissionmaskactivity com.cleanmaster.mguardcom.cleanmaster.base.permission.ui.transparentmaskactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.myappmanageractivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.myapkmanageractivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.appusagemainactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.initappactivity com.cleanmaster.mguardcom.google.android.gms.ads.adactivity com.cleanmaster.mguardcom.cleanmaster.base.activity.admobadmainactivity com.cleanmaster.mguardcom.facebook.ads.audiencenetworkactivity com.cleanmaster.mguardcom.cleanmaster.base.activity.applockfbbrowseractivity com.cleanmaster.mguardcom.cleanmaster.base.activity.interstitialfbactivity com.cleanmaster.mguardcom.keniu.security.main.business.appexitadactivity com.cleanmaster.mguardcom.cmcm.lotterysdk.ui.lotteryactivity com.cleanmaster.mguardcom.cleanmaster.notificationclean.notificationcleanguideactivity com.cleanmaster.mguardcom.mobvista.msdk.shell.mvactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.business.amazonactivity com.cleanmaster.mguardcom.mnt.mntactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junkappstorageactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.privacypictureguideactivity com.cleanmaster.mguardcom.inmobi.rendering.inmobiadactivity com.cleanmaster.mguardcom.cleanmaster.securitywifi.base.swgbaseactivity com.cleanmaster.mguardcom.cleanmaster.securitywifi.ui.activity.swgfuncintroactivity com.cleanmaster.mguardcom.cleanmaster.securitywifi.ui.activity.swgprotectconfirmactivity com.cleanmaster.mguardcom.cleanmaster.securitywifi.ui.activity.swgprotectdetailactivity com.cleanmaster.mguardcom.cleanmaster.securitywifi.ui.activity.swgsettingactivity com.cleanmaster.mguardcom.cleanmaster.ui.space.smsmanageractivity com.cleanmaster.mguardcom.cleanmaster.applock.exit.applockexitapppopactivity com.cleanmaster.mguardcom.cleanmaster.junk.uninstall.uninstalljunkpopdialog com.cleanmaster.mguardcom.cleanmaster.privacypicture.base.activity.ppbaseactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.login.ppstartupactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.login.pp associateactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.login.ppsecuritypinactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.login.ppintroduceactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.login.ppforgetpasswordactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.albumselectactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.pictureselectactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.privacyphotodetailactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.privacypicturemainactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.privacyfoldermainactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.storagepermreqactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.guide.privacyguideselectactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.guide.privacyguidedetailactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.core.player.videoplayeractivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.privacydecodeanimactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.guide.videoplayerguideactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.ppalbumeditactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.ppcoverselectactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.ppincentiveactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.ppinternalpromotionactivity com.cleanmaster.mguardcom.screenlocker.ui.cover.dismissactivity com.cleanmaster.mguardcom.screenlocker.ui.act.kpaswordtypeactivity com.cleanmaster.mguardcom.screenlocker.ui.act.ksyspwdactivity com.cleanmaster.mguardcom.screenlocker.ui.act.tempunlockblackbackgroundactivity com.cleanmaster.mguardcom.screenlocker.ui.act.fingerprintauthbgactivity com.cleanmaster.mguardcom.screenlocker.ui.act.intrudergirdphotoactivity com.cleanmaster.mguardcom.screenlocker.ui.act.intruderactivity com.cleanmaster.mguardcom.screenlocker.ui.act.intruderphotoactivity com.cleanmaster.mguardcom.screenlocker.ui.act.fingerprintguideactivity com.cleanmaster.mguardcom.screenlocker.ui.act.lockerpermissionactivity com.cleanmaster.mguardcom.screenlocker.ui.act.dismisskeyguardactivity com.cleanmaster.mguardcom.lock.common.dialogactivity Is Entrypoint Copyright Joe Security LLC 2018 Page 17 of 170

18 Name com.cleanmaster.mguardcom.ijinshan.screensavernew.ui.promotedialogactivity com.cleanmaster.mguardcom.ijinshan.screensavernew.ui.newdialogactivity com.cleanmaster.mguardcom.ijinshan.screensavernew.ui.ufoanimactivity com.cleanmaster.mguardcom.ijinshan.screensavernew.screensavertransitactivity com.cleanmaster.mguardcom.ijinshan.launcher.launchermainactivity com.cleanmaster.mguardcom.cleanmaster.ui.swipe.swipefloatguidetipactivity com.cleanmaster.mguardcom.cleanmaster.ui.capture.screencaptureimageactivity com.cleanmaster.mguardcom.cleanmaster.ui.capture.capturecommonactivity com.cleanmaster.mguardcom.ijinshan.notificationlib.notificationhelper.ui.socialmaskguideactivity com.cleanmaster.mguardcom.ijinshan.notificationlib.notificationhelper.ui.notifyguidetransitactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.utils.noaffinityforwardactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.privatebrowsingactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.privatebrowsingcmwireactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.privatebrowsingsettingactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.ui.privatebrowsingtextsizesettingactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.search.privatebrowsingsearchsettingactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.utils.pbactionrouteactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.browserutils.defaultbrowserguideactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.browserutils.fakebrowsingactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.browserutils.browserutilsactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.launchfilechooseractivity com.cleanmaster.mguardks.cm.antivirus.applock.protect.bookmark.secretboxbookmarksshareactivity com.cleanmaster.mguardks.cm.antivirus.applock.protect.bookmark.secretboxbookmarksactivity com.cleanmaster.mguardks.cm.antivirus.applock.protect.bookmark.addbookmarksactivity com.cleanmaster.mguardcom.cleanmaster.ncmanager.ui.enlarge.ncenlargeactivity com.cleanmaster.mguardcom.cleanmaster.ncmanager.ui.video.ncvideowebviewactivity com.cleanmaster.mguardcom.google.android.gms.common.api.googleapiactivity com.cleanmaster.mguardcom.google.android.gms.ads.purchase.inapppurchaseactivity com.cleanmaster.mguardcom.cmcm.orion.picks.picksloadingactivity com.cleanmaster.mguardcom.cmcm.orion.utils.internal.pickstransparentactivity com.cleanmaster.mguardcom.cmcm.orion.picks.webview.picksbrowser com.cleanmaster.mguardcom.cmcm.orion.picks.impl.picksinterstitialactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.fullscreenvideoactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.brandfeeddetailvideoactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.brandfeeddetailimageactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.brandfeeditemvideoactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.brandpgvideoactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.incentivevideoplayactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.videoaddetailactivity com.cleanmaster.mguardcom.cmcm.orion.picks.api.notiactivity com.cleanmaster.mguardcom.picksbrowser.picksbrowser com.cleanmaster.mguardcom.my.target.ads.mytargetactivity com.cleanmaster.mguardcom.google.android.gms.auth.api.signin.internal.signinhubactivity Is Entrypoint Receivers com.appsflyer.multipleinstallbroadcastreceiver com.cleanmaster.applock.receiver.applocknotificationreceiver com.cleanmaster.applock.receiver.applockreportreceiver com.cleanmaster.applock.receiver.phonestatereceiver com.cleanmaster.applocklib.base.applockactivereceiver com.cleanmaster.applocklib.core.service.applockecmoreceiver com.cleanmaster.appwidget.mainappwidgetblackprovider com.cleanmaster.appwidget.mainappwidgetwhiteprovider com.cleanmaster.appwidget.widgetbroadcastreceiver com.cleanmaster.boost.lowbatterymode.notifyachivereceiver com.cleanmaster.common_performance.inspector.changesimoperatorreceiver com.cleanmaster.login.loginnetworkreceiver com.cleanmaster.notification.monitorbroadcastreceiver com.cleanmaster.push.junknotificationreceiver Intent: com.android.vending.install_referrer Intent: applock_show_notification, applock_alarm_notification, applock_overlay_alarm_notification, applock_overlay_notification_clicked Intent: com.applock.ks.cm.antivirus.applock.action.report Intent: com.cleanmaster.applocklib.intent.receiver.applock_active Intent: android.appwidget.action.appwidget_update Intent: android.appwidget.action.appwidget_update Intent: com.cleanmaster.appwidget.appwidget_default_update, com.cleanmaster.appwidget.appwidget_fresh_update, com.cleanmaster.appwidget.appwidget_clean_process_update, com.cleanmaster.appwidget.appwidget_start_clean_process_update Intent: com.cleanmaster.api.set_operator Intent: android.net.conn.connectivity_change Copyright Joe Security LLC 2018 Page 18 of 170

19 com.cleanmaster.push.pushnotificationreceiver com.cleanmaster.screensave.locknewsnotificationdeletereceiver Intent: com.cleanmaster.push.action_push_url_jump, com.cleanmaster.push.action_push_webview_jump, com.cleanmaster.push.action_push_news_detail_jump, com.cleanmaster.push.action_push_cancel com.cleanmaster.screensave.screenadreceiver Intent: com.cleanmaster.action.screenon (Priority 1000), com.cleanmaster.action.preloadscreenad (Priority 1000), com.cleanmaster.screensave.action.screensave.state (Priority 1000), com.cleanmaster.screensave.action.powerconnected (Priority 1000), com.cleanmaster.screensave.action.powerdisconnected (Priority 1000), com.cleanmaster.screensave.action.connectivitychange (Priority 1000) com.cleanmaster.screensave.screenadservicereceiver Intent: android.intent.action.action_power_connected (Priority 1000), android.intent.action.action_power_disconnected (Priority 1000), android.net.conn.connectivity_change (Priority 1000) com.cleanmaster.screensave.screensaveutils$buttonbroadcastreceiver com.cleanmaster.screensave.screensaveutils$deletebroadcastreceiver com.cleanmaster.screensave.screensaveutils$myboostreceiver com.cleanmaster.screensave.screensavernotificationreceiver com.cleanmaster.screensave.screensaverpushreceiver com.cleanmaster.screensave.weathernotificationreceiver Intent: com.cleanmaster.screensave.intent.action.buttonclick Intent: com.cleanmaster.screensave.intent.action.deletenotify Intent: com.cmcm.screensaver.update_data_battery Intent: screen_saver_state_changed, screen_saver_show_notification, screen_saver_cloud_notification, screen_saver_ui_guide, weather_sdk_launch_from_notification Intent: com.cleanmaster.mguard.screensaver.screensaverpushreceiver Intent: com.cmcm.weather.sdk.notification com.cleanmaster.screensave.locker.screenlockerreceiver Intent: com.cleanmaster.screensave.action.preloadslad (Priority 1000), com.cleanmaster.screensave.action.screenlocker.state (Priority 1000), com.cleanmaster.screensave.action.powerconnected (Priority 1000), com.cleanmaster.screensave.action.powerdisconnected (Priority 1000), com.cleanmaster.screensave.action.connectivitychange (Priority 1000), android.intent.action.action_shutdown (Priority 1000) com.cleanmaster.security.notification.installnotificationreceiver com.cleanmaster.security.scan.installmonitorreceiver com.cleanmaster.security.scan.installnotificationdeletereceiver com.cleanmaster.ui.app.provider.download.downloadreceiver com.cleanmaster.watcher.usedmemorynotificationreceiver com.cm.root.rootkeepercrashreceiver com.cmcm.orion.utils.internal.appinstallreceiver com.cmcm.vpn.vpnconfigreceiver com.duapps.ad.base.packageaddreceiver com.google.analytics.tracking.android.campaigntrackingreceiver com.google.android.gms.measurement.appmeasurementinstallreferrerreceiver com.google.android.gms.measurement.appmeasurementreceiver com.google.firebase.iid.firebaseinstanceidinternalreceiver com.google.firebase.iid.firebaseinstanceidreceiver com.ijinshan.cleaner.receiver.alarmreceiver com.ijinshan.cleaner.receiver.connectivitychangebroadcastreceiver com.ijinshan.cleaner.receiver.mainprocessreceiver com.ijinshan.cleaner.receiver.mainprocessreceiverforpush com.ijinshan.cleaner.receiver.screenunlockreceiver Intent: android.intent.action.package_added, android.intent.action.package_removed, com.cleanmaster.security.scan.installmonitorreceiver Intent: android.intent.action.cm_download_list, android.intent.action.cm_download_open, android.intent.action.cm_download_hide, android.intent.action.cm_download_retry, android.intent.action.cm_download_wakeup Intent: com.ijinshan.rootkeeper.action.rootcrash Intent: android.intent.action.package_added, android.intent.action.package_removed Intent: com.cmcm.vpn.configuration Intent: android.intent.action.package_added Intent: com.android.vending.install_referrer Intent: com.android.vending.install_referrer Intent: com.google.android.c2dm.intent.receive, com.google.android.c2dm.intent.registration Intent: com.cleanmaster.service.alarm_show_frequence_action Intent: android.net.conn.connectivity_change, android.net.wifi.state_change Intent: com.ijinshan.cleaner.receiver.mainprocessreceiver.action1 Intent: com.ijinshan.cleaner.receiver.mainprocessreceiverforpush.action Intent: android.intent.action.user_present com.ijinshan.cleaner.receiver.storagestatusreceiver Intent: android.intent.action.media_mounted (Priority 1000), android.intent.action.media_eject (Priority 1000) com.ijinshan.cleaner.receiver.toucherappbroadcastreceiver com.ijinshan.cleaner.receiver.uninstallbroadcastreceiver com.ijinshan.screensavernew.riskscanreceiver com.ijinshan.screensavershared.screensavernullreceiver com.ijinshan.screensavershared.avoid.overchargingsoundreceiver com.ijinshan.screensavershared.mutual.charingsaverstatereceiver com.intowow.sdk.schedulereceiver com.keniu.security.update.push.gcm.sdk.gcmbroadcastreceiver com.ksmobile.business.sdk.utils.broadcastreceiverservice com.lock.common.lowbatteryreceiver com.lock.cover.wallpaperchangereceiver com.lock.sideslip.cmsideproviderreceiver Intent: action_toucher_click_advanced_clean Intent: android.intent.action.package_added, android.intent.action.package_removed, com.cleanmaster.receiver.action_removed_system_app Intent: com.ijinshan.screensaveshared.startuiprocess Intent: com.overcharging.sound.state.action Intent: com.charingsaver.state.action Intent: com.intowow.sdk.prefetch Intent: com.google.android.c2dm.intent.receive, com.google.android.c2dm.intent.registration Intent: android.intent.action.package_added Intent: com.cleanmaster.lowbatterychanged Intent: android.intent.action.wallpaper_changed Intent: com.cmcm.cmnow.internal.action.side_conflict Copyright Joe Security LLC 2018 Page 19 of 170

20 com.mnt.mntbroadcastreceiver Intent: android.intent.action.package_added, android.intent.action.package_removed com.screenlocker.receiver.lockscreenactivereceiver Intent: com.cleanmaster.action.screenon (Priority 1000), com.cleanmaster.action.screenoff (Priority 1000) ks.cm.antivirus.privatebrowsing.receiver.privatebrowsingdownloadreceiver Intent: android.intent.action.download_complete, android.intent.action.download_notification_clicked Services com.cleanmaster.api.cmapiservice Intent: com.cleanmaster.api.access (Priority 0) com.cleanmaster.applocklib.core.service.applockservice com.cleanmaster.appwidget.widgetservice Intent: com.cleanmaster.appwidget.action_fastclean (Priority 0) Intent: com.cleanmaster.appwidget.action_report_active (Priority 0) Intent: com.cleanmaster.appwidget.action_remove_go_widget (Priority 0) Intent: com.cleanmaster.appwidget.action_reset_fast_clean (Priority 0) Intent: com.cleanmaster.appwidget.action_add_go_widget (Priority 0) com.cleanmaster.base.crash.crashreportservice Intent: com.cleanmaster.crash.report (Priority 0) com.cleanmaster.boost.acc.service.accservice com.cleanmaster.boost.acc.service.accessibilitykillservice Intent: android.accessibilityservice.accessibilityservice (Priority 0) com.cleanmaster.boost.acc.ui.savepowerservice com.cleanmaster.cloudconfig.cloudcfgintentservice com.cleanmaster.dmc.dmcdatareportservice Intent: com.cleanmaster.dmc.report (Priority 0) com.cleanmaster.intruder.core.cameramanservice com.cleanmaster.junk.accessibility.accessibilityremoteservice com.cleanmaster.junk.engine.junkaccservice com.cleanmaster.login.loginservice com.cleanmaster.ncmanager.core.notificationmanagerservice com.cleanmaster.ncmanager.core.notificationtranstionservice com.cleanmaster.nrdatalearn.nrdboperatorservice com.cleanmaster.optimize.optondeviceidle com.cleanmaster.optimize.workermurder com.cleanmaster.privacypicture.core.ppguardscheduler com.cleanmaster.screensave.newscreensaver.screensaverservice com.cleanmaster.screensave.notification.lownotificationswitchservice com.cleanmaster.screensave.notification.notificationlistener Intent: android.service.notification.notificationlistenerservice (Priority 0) com.cleanmaster.screensave.workernotification.screensaverncservice com.cleanmaster.screensave.workernotification.screensavernctransservice com.cleanmaster.screensave.workernotification.workernotificationctrlservice com.cleanmaster.screensave.workernotification.workernotificationservice com.cleanmaster.security.notification.vpnnotificationservice com.cleanmaster.security.scan.sdcard.sdcardscanservice Intent: com.cleanmaseter.security.sdcard.action_new_security_scan (Priority 0) com.cleanmaster.securitywifi.service.swgmanagerservice com.cleanmaster.service.bgscanservice com.cleanmaster.service.floatservice com.cleanmaster.service.localservice Intent: com.cleanmaster.service.action_cmbox_setup (Priority 0) Intent: com.cleanmaster.service.action_move (Priority 0) Intent: com.cleanmaster.service.action_cmbox_cleanup (Priority 0) Intent: com.cleanmaster.service.action_restore (Priority 0) Intent: com.cleanmaster.service.action_get_application_info (Priority 0) Intent: com.cleanmaster.service.action_get_system_movable_apps (Priority 0) Intent: com.cleanmaster.service.action_act (Priority 0) Intent: com.cleanmaster.service.action_preload_business_ad_screen_saver (Priority 0) Intent: com.cleanmaster.service.action_preload_ad_result_page (Priority 0) com.cleanmaster.service.permanentservice com.cleanmaster.service.photocompressservice com.cleanmaster.service.workerservice com.cleanmaster.service.a com.cleanmaster.service.b com.cleanmaster.ui.app.provider.download.downloadservice com.cleanmaster.ui.app.task.topappsinterface Intent: com.cleanmaster.api.get_top_apps (Priority 0) com.cmcm.orion.picks.init.downloadservice com.cmcm.swiper.swiperservice Intent: com.cleanmaster.appwidget.action_fastclean (Priority 0) Intent: com.cleanmaster.appwidget.action_report_active (Priority 0) Intent: com.cleanmaster.appwidget.action_remove_go_widget (Priority 0) Intent: com.cleanmaster.appwidget.action_reset_fast_clean (Priority 0) Intent: com.cleanmaster.appwidget.action_add_go_widget (Priority 0) com.cmcm.vpn.localvpnservice Intent: android.net.vpnservice (Priority 0) com.google.android.gms.auth.api.signin.revocationboundservice com.google.android.gms.measurement.appmeasurementservice Copyright Joe Security LLC 2018 Page 20 of 170