ID: Sample Name: com.cleanmaster.mguard_ apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:17:05 Date: 27/02/2018 Version: 22.0.

Transcription

1 ID: Sample Name: com.cleanmaster.mguard_ apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:17:05 Date: 27/02/2018 Version:

2 Table of Contents Table of Contents Analysis Report Overview General Information Detection Classification Signature Overview Change of System Appearance: Location Tracing: Operating System Destruction: Spam, unwanted Advertisements and Ransom Demands: Exploits: Key, Mouse, Clipboard, Microphone and Screen Capturing: E-Banking Fraud: Networking: Boot Survival: Remote Access Functionality: Stealing of Sensitive Information: Persistence and Installation Behavior: Data Obfuscation: Spreading: System Summary: Anti Debugging: Malware Analysis System Evasion: Hooking and other Techniques for Hiding and Protection: Lowering of HIPS / PFW / Operating System Security Settings: Language, Device and Operating System Detection: Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Screenshot Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Static File Info General Static APK Info General Activities Receivers Services Permission Requested Certificate Resources Network Behavior Network Port Distribution Copyright Joe Security LLC 2018 Page 2 of 175

3 TCP Packets UDP Packets DNS Queries DNS Answers HTTP Request Dependency Graph HTTP Packets HTTPS Packets APK Behavior Installation Miscellaneous By Permission (executed) By Permission (non-executed) By Class (executed) By Class (non-executed) By API Disassembly 0 Executed Methods 0 Non-Executed Methods Copyright Joe Security LLC 2018 Page 3 of 175

4 Analysis Report Overview General Information Joe Sandbox Version: Analysis ID: Start time: 18:17:05 Joe Sandbox Product: CloudBasic Start date: Overall analysis duration: Hypervisor based Inspection enabled: Report type: Sample file name: Cookbook file name: 0h 9m 24s Analysis system description: Android 6.0 Detection: Classification: Warnings: Errors: false light com.cleanmaster.mguard_ apk defaultandroidfilecookbook.jbs MAL Show All An application runtime error occurred No interacted views No simulation commands forwarded to apk Not all executed log events are in report (maximum 10 identical API calls) Not all resource files were parsed Not all resource strings were parsed Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing disassembly code. Report size exceeded maximum capacity and may have missing dynamic data code. Execution failed: Runtime errorexternal Dependency Missing Detection Strategy Score Range Reporting Detection Threshold Report FP / FN Classification Copyright Joe Security LLC 2018 Page 4 of 175

5 Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Signature Overview of System Appearance Change Tracing Location System Destruction Operating unwanted Advertisements and Ransom Demands Spam, Exploits Mouse, Clipboard, Microphone and Screen Capturing Key, Fraud E-Banking Networking Survival Boot Access Functionality Remote of Sensitive Information Stealing and Installation Behavior Persistence Obfuscation Data Spreading Summary System Debugging Anti Analysis System Evasion Malware and other Techniques for Hiding and Protection Hooking of HIPS / PFW / Operating System Security Settings Lowering Language, Device and Operating System Detection Click to jump to signature section Change of System Appearance: Copyright Joe Security LLC 2018 Page 5 of 175

6 Acquires a wake lock Mutes phone vibration Mutes ringtone sound Sets a repeating alarm May access the Android keyguard (lock screen) Location Tracing: Queries the phones location (GPS) Operating System Destruction: Lists and deletes files in the same context Kills background processes Spam, unwanted Advertisements and Ransom Demands: Loads advertisement Has permission to write to the SMS storage Has permission to write to the default browser history May check for popular installed apps May dial phone number May use Google Cloud Messaging (GCM) or Google's Cloud to Device Messaging (C2DM) services Exploits: Might use exploit to break dedexer tools Key, Mouse, Clipboard, Microphone and Screen Capturing: Has permission to record audio in the background Has permission to take photos E-Banking Fraud: Contains package name strings related to banking (usually for identifying banking APKs) Has functionalty to add an overlay to other apps Has permission to query the list of currently running applications Loads a webpage with cache disabled May check for popular installed apps May query for the most recent running application (usually for UI overlaying) Likely adds an overlay to existing apps to lurk for credit card information Networking: Downloads compressed data via HTTP Downloads files from webservers via HTTP Found strings which match to known social media urls Monitors network connection state Performs DNS lookups Posts data to webserver Urls found in memory or binary data Uses HTTP for connecting to the internet Uses HTTPS Checks an internet connection is available Copyright Joe Security LLC 2018 Page 6 of 175

7 Enables or disables WIFI HTTP GET or POST without a user agent Loads a webpage with cache disabled Opens an internet connection Performs DNS lookups (Java API) Scans for WIFI networks Boot Survival: Installs a new wake lock (to get activate on phone screen on) Remote Access Functionality: Found suspicious command strings (may be related to BOT commands) Has permission to mount or unmount file systems (removable storage) Uses DownloadManager to fetch additional components Stealing of Sensitive Information: Has permission to query the current location Checks if a SIM card is installed Has permission to read contacts Has permission to read the SMS storage Has permission to read the call log Has permission to read the default browser history Has permission to read the phones state (phone number, device IDs, active call ect.) Has permissions to create, read or change account settings (inlcuding account password settings) Queries a list of installed applications Queries camera information Queries media storage location field Queries stored mail and application accounts (e.g. Gmail or Whatsup) Queries system settings Queries the Googl Account Name Reads boot loader settings of the device Reads logcat Leaking sensitive information via HTTP to a webserver Uploads sensitive phone information to the internet (privacy leak) Persistence and Installation Behavior: Creates files Installs an application shortcut on the screen Sets an intent to the APK data type (used to install other APKs) Data Obfuscation: Obfuscates method names Uses reflection Spreading: Accesses external storage location Has permission to change the WIFI configuration including connecting and disconnecting System Summary: Copyright Joe Security LLC 2018 Page 7 of 175

8 Classification label Creates SQLiteDatabase table Loads native libraries Reads shares settings Executes native commands Kills/terminates processes Requests permissions only permitted to signed APKs Requests potentially dangerous permissions Anti Debugging: Potentially drops DEX files Malware Analysis System Evasion: May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) Accesses /proc Accesses android OS build fields Checks CPU details Checks partitions Queries several sensitive phone informations Queries the unique operating system id (ANDROID_ID) Tries to detect QEMU emulator Hooking and other Techniques for Hiding and Protection: Uses Crypto APIs Has permission to draw over other applications or user interfaces Has permission to query the list of currently running applications Queries list of running processes/tasks Restarts running process Lowering of HIPS / PFW / Operating System Security Settings: May check for install Android security applications (AV and firewalls) Language, Device and Operating System Detection: Queries the SIM provider ISO country code Queries the SIM provider name (SPN - Service Provider Name) Queries the SIM provider numeric MCC+MNC (mobile country code + mobile network code) Queries the network operator ISO country code Queries the network operator name Queries the network operator numeric MCC+MNC (mobile country code + mobile network code) Queries the unqiue device ID (IMEI, MEID or ESN) Antivirus Detection Initial Sample Source Detection Scanner Label Link com.cleanmaster.mguard_ apk 0% virustotal Browse Copyright Joe Security LLC 2018 Page 8 of 175

9 Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains Source Detection Scanner Label Link setting.rayjump.com 1% virustotal Browse cmplay.did.ijinshan.com 2% virustotal Browse cfg.cml.ksmobile.com 0% virustotal Browse unconf.adkmob.com 0% virustotal Browse Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Screenshot Copyright Joe Security LLC 2018 Page 9 of 175

10 Created / dropped Files /data/user/0/com.cleanmaster.mguard/files/cleancloud/cfcl_cache File Type: Size (bytes): 32 Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: data false AC439BB00240D4075BCCF1AFBA53C740 F76DA153F8B9D4E6CA8763D076B7327BDE1FFD0A D8C51FFD9D4354AFFA6DD BE353907E3525F3E1520A958B94C C7DAB70DF64D8A2812AF1C68E93E1A3ED F60F7D4C55EE1ECBDF5A3A2B5BB A E39DFCD469A8D0865B2B83B81DD8516FCFB1CC true low /data/user/0/com.cleanmaster.mguard/files/cleancloud/fcl_cache File Type: Size (bytes): 56 Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: data false 8F81073AD9E94946D148DB790948BBF4 B8CE11A27D0E4F3BBE15F0AEE808D2CDF679A F40A6148A59693E0859F11D692D6C2B B AF89312DF2 6EC0629CC8AAC A7AC9001AF2256F06149C0B2CCE5FB70F40FA896B0C6C843ECC9BEE7F778899A A894557CD12D451D8FBD8F15BD138892A7C52 false low /data/user/0/com.cleanmaster.mguard/files/kctrl.dat File Type: ASCII text Size (bytes): 3775 Entropy (8bit): Encrypted: false MD5: 5418E97CA2B1AB5A8463A BC3F SHA1: 1D970D6490F4EAB4F3C97ACEE3ACBD80EA Copyright Joe Security LLC 2018 Page 10 of 175

11 /data/user/0/com.cleanmaster.mguard/files/kctrl.dat SHA-256: SHA-512: Malicious: Reputation: 9518FE61581DB87418E03DC26C7FECD6A843AF16FEBFDA99A525B4EAABB6260A C4009F4B4903DF1F7AA97D153F91597C8F68C9B7E6A3F730BE4BDD1C11D4890E67F75A052568BE4047FBD F8F767F0B573A24D676462FF2F12D2 true low /data/user/0/com.cleanmaster.mguard/files/kfmt.dat File Type: Size (bytes): Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: ASCII text, with very long lines, with CRLF line terminators false 98F6CCD152036DA31F6A27F8A65BE818 D34E7B3ABBE E398D03E395E41C27EFF75 D57BAA54E339D4073A41E7F4FE0778EDD3BF5B1F799A0D512E25CF606EA AF67CC323DC5792D1C5D1BC3D17938C99C4F2CCD61BF24C9F2F E48967D28303E40DC3478E8908EC8 0A1B4B08CB4F85F272957CBB2589E7936B27B true low /storage/emulated/0/android/data/com.cleanmaster.mguard/files/dump/crash_6.11.3( )_ _ txt File Type: Size (bytes): 2269 ASCII text, with very long lines Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: false 59DCA606B10D375746FB8C8BAD4777BE E FB3DAAE6ADBE792F4E80FF5 222FA6A52A73EE75BD9E550CF80BBD0062B50FEDD F218BA79668BB3C DFA16CDE0AB14AAD25B3064B607FDA1C1E80FEAFCCAB14E7E1AA A32441CB3BE33FAAB3914DB57DDD FD2FD93EAD629B9143A9874E2A9EE2AEA800ADE04 true low /storage/emulated/0/android/data/com.cleanmaster.mguard/files/dump/crash_6.11.3( )_ _ txt File Type: Size (bytes): 2267 ASCII text, with very long lines Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: false D8AF46DED8A21AD4F45C8FD32 EA9AE3AE93506C5DA15F CDEE267F BFDAF839B73C6C3A268D9A7C9AB9B09FE FA6F067C0FEA8D20B4 28CCF DB181DAFC529E0EDD CB48B3851CEB67963AEC8C EF3269C6128D33EA48D0962B5 902F4963D33817B20791B8C3B8F4D7E238154E true low Contacted Domains/Contacted IPs Contacted Domains Name IP Active Malicious Antivirus Detection setting.rayjump.com true false 1%, virustotal, Browse cmplay.did.ijinshan.com true false 2%, virustotal, Browse cfg.cml.ksmobile.com true false 0%, virustotal, Browse unconf.adkmob.com true false 0%, virustotal, Browse graph.facebook.com true false bp.adkmob.com true false play.googleapis.com true false analytics.rayjump.com true false help.pc120.com true true ups.ksmobile.net true false behacdn.ksmobile.net true false config.inmobi.com true false Copyright Joe Security LLC 2018 Page 11 of 175

12 Name IP Active Malicious Antivirus Detection us.st.dp.ksmobile.com true true strategy.lmobi.net true false dl.google.com true false weather.ksmobile.net true false Contacted IPs No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs IP Country Flag ASN ASN Name Malicious United States AMAZON-02-AmazoncomIncUS false Reserved unknown unknown false United States AMAZON-02-AmazoncomIncUS false United States GOOGLE-GoogleIncUS false United States AMAZON-02-AmazoncomIncUS false United States FACEBOOK-FacebookIncUS false United States AMAZON-02-AmazoncomIncUS false China CNNIC-TENCENT-NET- false APShenzhenTencentComputerSys temscompa United States AMAZON-AES-AmazoncomIncUS false China 4808 CHINA169- false BJChinaUnicomBeijingProvinceNe tworkcn United States GOOGLE-GoogleIncUS false United States AMAZON-02-AmazoncomIncUS false United States AMAZON-02-AmazoncomIncUS false United States GOOGLE-GoogleIncUS false United States AMAZON-02-AmazoncomIncUS false United States GOOGLE-GoogleIncUS false United States 8075 MICROSOFT-CORP-MSN-AS- BLOCK-MicrosoftCorporationUS false United States AMAZON-02-AmazoncomIncUS false United States AMAZON-02-AmazoncomIncUS false Static File Info Copyright Joe Security LLC 2018 Page 12 of 175

13 General File type: Zip archive data, at least v2.0 to extract Entropy (8bit): TrID: Java Enterprise Archive (19504/1) 33.91% Android Package (19004/1) 33.04% Java Archive (13504/1) 23.48% ZIP compressed archive (4004/1) 6.96% Java Script embedded in Visual Basic Script (1500/0) 2.61% File name: File size: MD5: SHA1: SHA256: SHA512: File Content Preview: com.cleanmaster.mguard_ apk 8a7cc5542e51cf3464dc3d18f73b a6ebbb4df111d3968affc1e14d3a25a146 9bb8ecaf5c9a4b69c45fc6de46f583fed1ea316b1f1cda1e 3467eb7090f345a0 2139c8cf37e9c66614bad88b467695a623ab9656aa1125 0e0a973c8d598c3d3c436b55e905bc9dd8505e8df26d3b 63f5770e3de4fe1e75e72164d5d535542e56 PK...!.9...8]...AndroidManifest.xml..yXec...&$....c02BH...$$d.u%$$...}..}..a..lc'$c..l##...'.)...s..t.9..~..~...Y..Y C..._...Z...B/...`<...I...DFD.cH..Gp#...L..K.....<..Lc...SI3'r9w.1w.<.S..\...K..d..QD.g.A..."ne.e. Static APK Info General Label: Clean Master Minimum SDK required: 18 Target SDK required: 17 Version Code: Version Name: Package Name: com.cleanmaster.mguard Is Activity: true Is Receiver: true Is Service: true Requests System Level Permissions: false Play Store Compatible: true Activities Name com.cleanmaster.mguardcom.keniu.security.main.mainactivity com.cleanmaster.mguardcom.cleanmaster.security.ui.privacycleanactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.market.activity.promotionwebviewdialog com.cleanmaster.mguardcom.cleanmaster.security.scan.result.securitymainactivity com.cleanmaster.mguardcom.cleanmaster.security.newsecpage.ui.vpnrequestactivity com.cleanmaster.mguardcom.cleanmaster.security.newsecpage.ui.vpndetailactivity com.cleanmaster.mguardcom.cleanmaster.security.newsecpage.ui.sgnewdetailactivity com.cleanmaster.mguardcom.cleanmaster.security.newsecpage.ui.vpnexperienceactivity com.cleanmaster.mguardcom.cleanmaster.security.newsecpage.ui.securitynewsettingactivity com.cleanmaster.mguardcom.cleanmaster.security.scan.ui.sdcard.securitysdscanactivity com.cleanmaster.mguardcom.cleanmaster.security.appinfo.securityappinfoactivity com.cleanmaster.mguardcom.cleanmaster.security.scan.ui.safeappslistactivity com.cleanmaster.mguardcom.cleanmaster.privacy.ui.browseritemdetailactivity com.cleanmaster.mguardcom.cleanmaster.photomanager.ui.photogridactivity com.cleanmaster.mguardcom.cleanmaster.photomanager.ui.photogridpathactivity com.cleanmaster.mguardcom.cleanmaster.photomanager.ui.photodetailactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junkmanageractivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.brandscreendetailvideoactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.brandscreendetailimageactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.brandscreencardvideoactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junksimilarpicactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junksimilarpicactivitya com.cleanmaster.mguardcom.cleanmaster.photo.photomanager.ui.similarpictureactivity com.cleanmaster.mguardcom.cleanmaster.photo.photomanager.ui.photodetailactivity com.cleanmaster.mguardcom.cleanmaster.photoclean.junksimilarignorepicactivity com.cleanmaster.mguardcom.cleanmaster.photo.photomanager.ui.photoignoreactivity Is Entrypoint true Copyright Joe Security LLC 2018 Page 13 of 175

14 Name com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.photomanagemainactivity com.cleanmaster.mguardcom.cleanmaster.base.util.system.guideopensystempermission com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junkpicrecycleactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junkrecycleactivity com.cleanmaster.mguardcom.cleanmaster.photocompress.ui.photocompressactivity com.cleanmaster.mguardcom.keniu.security.newmain.livemewebactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.market.activity.marketappwebactivity com.cleanmaster.mguardcom.cleanmaster.weather.sdk.news.newswebactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.imgdetailactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.appdownloadmanageractivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.newappuninstallactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.newappuninstallsimpleactivity com.cleanmaster.mguardcom.cleanmaster.security.scan.monitoruninstallactivity com.cleanmaster.mguardcom.conflit.check.confcheckeractivity com.cleanmaster.mguardcom.keniu.security.main.firstaccessnetdialogactivity com.cleanmaster.mguardcom.cleanmaster.security.scan.monitorinstallactivity com.cleanmaster.mguardcom.cleanmaster.security.scan.monitorinstallremainactivity com.cleanmaster.mguardcom.cleanmaster.boost.main.processmanageractivity com.cleanmaster.mguardcom.cleanmaster.boost.main.processmanagerabove26activity com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gamemanageractivity com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gameaddactivity com.cleanmaster.mguardcom.cleanmaster.boost.process.ui.processaddmoreactivity com.cleanmaster.mguardcom.cleanmaster.processcleaner.processcleaneractivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.settingsactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.messagesettingsactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.notificationsettingsactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.notificationstylesettingsactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.setlanguageactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.swipethemeguideactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.floatswipesettingsactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.locationallowactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.trustapplistactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.junkwhitelistactivity com.cleanmaster.mguardcom.nt.sdk.tyroo.view.customactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.unrootalertdialogactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.localwebactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.cnaboutactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.aboutactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.weathersettingactivity com.cleanmaster.mguardcom.cleanmaster.weather.sdk.citiesactivity com.cleanmaster.mguardcom.cleanmaster.base.crash.crashfeedbackactivity com.cleanmaster.mguardcom.cleanmaster.applink.recommendcmxactivity com.cleanmaster.mguardcom.cleanmaster.feedback.feedbackactivity com.cleanmaster.mguardcom.cleanmaster.base.activity.dimensionalactivity com.cleanmaster.mguardcom.cleanmaster.boost.process.ui.processmanagersettingsactivity com.cleanmaster.mguardcom.cleanmaster.ui.settings.widgetguideactivity com.cleanmaster.mguardcom.cleanmaster.internalapp.ad.ui.batterydoctoractivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.uninstallmultiappactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.market.activity.marketcollectionactivity com.cleanmaster.mguardcom.cleanmaster.internalapp.ad.ui.appmanagersmsholeactivity com.cleanmaster.mguardcom.cleanmaster.internalapp.ad.ui.recommendcmlockeractivity com.cleanmaster.mguardcom.cleanmaster.internalapp.ad.ui.newrecommendcmlockeractivity com.cleanmaster.mguardcom.cleanmaster.boost.process.ui.processwhitelistactivity com.cleanmaster.mguardcom.cooperate.uiswitchactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.dialogactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.gameboxactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.gamebox.permission.gamepermissionactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.gamebox.ui.activity.gameboostanimactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.gamebox.ui.activity.gamesorteditactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gameboxfornotificationactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gameproblemactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gameboxguidedialogactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.gamebox.ui.activity.gameboxfuncintroactivity com.cleanmaster.mguardcom.cleanmaster.boost.cpu.ui.cpunormalactivity Is Entrypoint Copyright Joe Security LLC 2018 Page 14 of 175

15 Name com.cleanmaster.mguardcom.cleanmaster.security.scan.monitor.installmonitordialog com.cleanmaster.mguardcom.cleanmaster.login.userregisteroptionsactivity com.cleanmaster.mguardcom.cleanmaster.login.nicknamemodifyactivity com.cleanmaster.mguardcom.cleanmaster.login.logininputcodeactivity com.cleanmaster.mguardcom.cleanmaster.login.userregisteractivity com.cleanmaster.mguardcom.cleanmaster.login.userloginactivity com.cleanmaster.mguardcom.cleanmaster.login.userloginactivitynew com.cleanmaster.mguardcom.cleanmaster.login.userlogindialogactivity com.cleanmaster.mguardcom.cleanmaster.login.userverifyactivity com.cleanmaster.mguardcom.cleanmaster.login. sendstateactivity com.cleanmaster.mguardcom.cleanmaster.login.userhistoryloginactivity com.cleanmaster.mguardcom.cleanmaster.login.userforgetkeyactivity com.cleanmaster.mguardcom.cleanmaster.notification.notificationdialogactivity com.cleanmaster.mguardcom.cleanmaster.notification.notificationfunctionreplaceactivity com.cleanmaster.mguardcom.gau.go.launcherex.gowidget.cleanmaster.gowidgetactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.screensaversettingactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.screenlockersettingactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.screenlockersettingselecttypeactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.screenlockerguideactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.overchargingreminderactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.screensavernotificationsettingactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.screensaverguildactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junksdcardvideoactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.notificationguideblankactivity com.cleanmaster.mguardcom.cleanmaster.applock.bridge.overlaypermissionalertdialogactivity com.cleanmaster.mguardcom.ijinshan.screensavernew4.screensaver4activity com.cleanmaster.mguardcom.ijinshan.screensavernew.riskscanningactivity com.cleanmaster.mguardcom.ijinshan.screensavernew.dismisskeyguardactivity com.cleanmaster.mguardcom.cleanmaster.filemanager.ui.filemanagertabactivity com.cleanmaster.mguardcom.cleanmaster.settings.ui.honorhallactivity com.cleanmaster.mguardcom.cleanmaster.ledlight.flashlightactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.market.activity.videowebviewactivity com.cleanmaster.mguardcom.keniu.security.commonfunction.fbsharewebviewactivity com.cleanmaster.mguardcom.cleanmaster.ui.floatwindow.fifa.panel.floatnewswebviewactivity com.cleanmaster.mguardcom.cleanmaster.ui.space.spacemanageractivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.filemanageractivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.filemanagerwidgetguideactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.filemanagerappfileactivity com.cleanmaster.mguardcom.cleanmaster.ui.fmspace.fmspacemanageractivity com.cleanmaster.mguardcom.cleanmaster.ui.fmspace.item.fmspacedocsactivity com.cleanmaster.mguardcom.cleanmaster.ui.space.appcacheactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.appcategoryshortcutactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gamewebactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gamewebactivitytransparent com.cleanmaster.mguardcom.cleanmaster.ui.game.ui.gameboostwebactivity com.cleanmaster.mguardcom.cleanmaster.boost.autostarts.uistatic.autostartmanageractivity com.cleanmaster.mguardcom.cleanmaster.boost.abnormal.abnormalnotify.abnormalnotifyactivity com.cleanmaster.mguardcom.cleanmaster.phototrims.newui.phototrimcloudtoquickpicactivity com.cleanmaster.mguardcom.facebook.facebookactivity com.cleanmaster.mguardcom.mopub.mobileads.mopubactivity com.cleanmaster.mguardcom.mopub.mobileads.mraidactivity com.cleanmaster.mguardcom.mopub.common.mopubbrowser com.cleanmaster.mguardcom.mopub.mobileads.mraidvideoplayeractivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junksimilarpicjumpactivity com.cleanmaster.mguardcom.cleanmaster.photoclean.photocleanresultactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junksimilardialogactivity com.cleanmaster.mguardcom.cleanmaster.boost.onetap.onetapcleaneractivity com.cleanmaster.mguardcom.cmcm.mixad.mixboxadactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junkdownloadmanageractivity com.cleanmaster.mguardcom.cleanmaster.internalapp.ad.contactbackuprecommendactivity com.cleanmaster.mguardcom.cleanmaster.internalapp.ad.wifiprotectionactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.applocksafequestionactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.applockpasswordactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.main.applockmainactivity Is Entrypoint Copyright Joe Security LLC 2018 Page 15 of 175

16 Name com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.applockrecommendedappactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.main.applockactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.applocksettingactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.applockinterstitialactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.applockoauthactivity com.cleanmaster.mguardcom.cleanmaster.intruder.ui.showphototimelineactivity com.cleanmaster.mguardcom.cleanmaster.intruder.ui.intruderselfiephotogridinstanceactivity com.cleanmaster.mguardcom.cleanmaster.intruder.ui.intruderselfiephotogridactivity com.cleanmaster.mguardcom.cleanmaster.intruder.ui.intruderselfiephotopageractivity com.cleanmaster.mguardcom.cleanmaster.intruder.ui.intruderselfieexperienceactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.runtimepermissionguideactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.lockscreen.activity.applockscreenactivity com.cleanmaster.mguardcom.cleanmaster.applocklib.ui.activity.applockmiuifloatingwindowenableguideactivity com.cleanmaster.mguardcom.cleanmaster.security.scan.boostpageactivity com.cleanmaster.mguardcom.cleanmaster.security.appinfo.securityfeedback com.cleanmaster.mguardcom.cleanmaster.applink.deeplinkactivity com.cleanmaster.mguardcom.cleanmaster.internalapp.ad.ui.flowdatamonitoractivity com.cleanmaster.mguardcom.cleanmaster.ui.resultpage.item.newscontentactivity com.cleanmaster.mguardcom.cleanmaster.ui.space.weixinspecialactivity com.cleanmaster.mguardcom.cleanmaster.ui.space.weixinmediaactivity com.cleanmaster.mguardcom.cleanmaster.ui.space.recomfilemgractivity com.cleanmaster.mguardcom.cmcm.swiper.emptyactivity com.cleanmaster.mguardcom.cleanmaster.boost.acc.ui.appstandbyshortcut com.cleanmaster.mguardcom.cleanmaster.boost.acc.ui.onetapstandbyactivity com.cleanmaster.mguardcom.cleanmaster.boost.acc.ui.appstandbymainactivity com.cleanmaster.mguardcom.cleanmaster.boost.acc.ui.appstandbymainwidgetactivity com.cleanmaster.mguardcom.cleanmaster.boost.acc.scene.powerlandingpageactivity com.cleanmaster.mguardcom.cleanmaster.boost.acc.scene.powerscenedialogactivity com.cleanmaster.mguardcom.cleanmaster.login.bindphone.activity.personalinformationactivity com.cleanmaster.mguardcom.cleanmaster.weather.sdk.weathersdkactivity com.cleanmaster.mguardcom.cleanmaster.ui.space.scan.normalspecialactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junksysdatacacheactivity com.cleanmaster.mguardcom.cleanmaster.ncmanager.ui.notifycleaner.ncblacklistactivity com.cleanmaster.mguardcom.cleanmaster.ncmanager.ui.notifysettings.ncdisturbsettingsactivity com.cleanmaster.mguardcom.cleanmaster.ncmanager.ui.webview.ncwebactivity com.cleanmaster.mguardcom.cleanmaster.swipe.swipesearchactivity com.cleanmaster.mguardcom.ksmobile.business.sdk.search.webview.ssldialog com.cleanmaster.mguardcom.ksmobile.business.sdk.search.views.search_options.choicesearchengineactivity com.cleanmaster.mguardcom.ksmobile.business.sdk.search.webview.searchwebviewactivity com.cleanmaster.mguardcom.cleanmaster.security.scan.securityguideactivity com.cleanmaster.mguardcom.cleanmaster.ui.guide.appusageguideactivity com.cleanmaster.mguardcom.cleanmaster.ui.msgdistrub.notificationguideactivity com.cleanmaster.mguardcom.cleanmaster.ui.msgdistrub.ncpermissionguideactivity com.cleanmaster.mguardcom.cleanmaster.boost.acc.ui.powersavingalertswitchactivity com.cleanmaster.mguardcom.cleanmaster.screensave.ui.screensavertoolsactivity com.cleanmaster.mguardcom.cleanmaster.locker.lockertoolsactivity com.cleanmaster.mguardcom.cleanmaster.locker.lockertoolsactivitynew com.cleanmaster.mguardcom.cleanmaster.locker.chargemasterstatusactivity com.cleanmaster.mguardcom.cleanmaster.swipe.swipeguideactivity com.cleanmaster.mguardcom.intowow.sdk.webviewactivity com.cleanmaster.mguardcom.cleanmaster.swipe.swipeenableforactivity com.cleanmaster.mguardcom.cleanmaster.base.permission.ui.runtimepermissionactivity com.cleanmaster.mguardcom.cleanmaster.base.permission.ui.commpermissionmaskactivity com.cleanmaster.mguardcom.cleanmaster.base.permission.ui.transparentmaskactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.myappmanageractivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.myapkmanageractivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.appusagemainactivity com.cleanmaster.mguardcom.cleanmaster.ui.app.activity.initappactivity com.cleanmaster.mguardcom.google.android.gms.ads.adactivity com.cleanmaster.mguardcom.cleanmaster.base.activity.admobadmainactivity com.cleanmaster.mguardcom.facebook.ads.audiencenetworkactivity com.cleanmaster.mguardcom.cleanmaster.base.activity.applockfbbrowseractivity com.cleanmaster.mguardcom.cleanmaster.base.activity.interstitialfbactivity com.cleanmaster.mguardcom.keniu.security.main.business.appexitadactivity Is Entrypoint Copyright Joe Security LLC 2018 Page 16 of 175

17 Name com.cleanmaster.mguardcom.cmcm.lotterysdk.ui.lotteryactivity com.cleanmaster.mguardcom.cleanmaster.notificationclean.notificationcleanguideactivity com.cleanmaster.mguardcom.mobvista.msdk.shell.mvactivity com.cleanmaster.mguardcom.cleanmaster.ui.game.business.amazonactivity com.cleanmaster.mguardcom.mnt.mntactivity com.cleanmaster.mguardcom.cleanmaster.junk.ui.activity.junkappstorageactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.privacypictureguideactivity com.cleanmaster.mguardcom.inmobi.rendering.inmobiadactivity com.cleanmaster.mguardcom.cleanmaster.securitywifi.base.swgbaseactivity com.cleanmaster.mguardcom.cleanmaster.securitywifi.ui.activity.swgfuncintroactivity com.cleanmaster.mguardcom.cleanmaster.securitywifi.ui.activity.swgprotectconfirmactivity com.cleanmaster.mguardcom.cleanmaster.securitywifi.ui.activity.swgprotectdetailactivity com.cleanmaster.mguardcom.cleanmaster.securitywifi.ui.activity.swgsettingactivity com.cleanmaster.mguardcom.cleanmaster.ui.space.smsmanageractivity com.cleanmaster.mguardcom.cleanmaster.applock.exit.applockexitapppopactivity com.cleanmaster.mguardcom.cleanmaster.junk.uninstall.uninstalljunkpopdialog com.cleanmaster.mguardcom.cleanmaster.privacypicture.base.activity.ppbaseactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.login.ppstartupactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.login.pp associateactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.login.ppsecuritypinactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.login.ppintroduceactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.login.ppforgetpasswordactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.albumselectactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.pictureselectactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.privacyphotodetailactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.privacypicturemainactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.privacyfoldermainactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.storagepermreqactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.guide.privacyguideselectactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.guide.privacyguidedetailactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.core.player.videoplayeractivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.privacydecodeanimactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.guide.videoplayerguideactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.ppalbumeditactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.ppcoverselectactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.ppincentiveactivity com.cleanmaster.mguardcom.cleanmaster.privacypicture.ui.activity.ppinternalpromotionactivity com.cleanmaster.mguardcom.screenlocker.ui.cover.dismissactivity com.cleanmaster.mguardcom.screenlocker.ui.act.kpaswordtypeactivity com.cleanmaster.mguardcom.screenlocker.ui.act.ksyspwdactivity com.cleanmaster.mguardcom.screenlocker.ui.act.tempunlockblackbackgroundactivity com.cleanmaster.mguardcom.screenlocker.ui.act.fingerprintauthbgactivity com.cleanmaster.mguardcom.screenlocker.ui.act.intrudergirdphotoactivity com.cleanmaster.mguardcom.screenlocker.ui.act.intruderactivity com.cleanmaster.mguardcom.screenlocker.ui.act.intruderphotoactivity com.cleanmaster.mguardcom.screenlocker.ui.act.fingerprintguideactivity com.cleanmaster.mguardcom.screenlocker.ui.act.lockerpermissionactivity com.cleanmaster.mguardcom.screenlocker.ui.act.dismisskeyguardactivity com.cleanmaster.mguardcom.lock.common.dialogactivity com.cleanmaster.mguardcom.ijinshan.screensavernew.ui.promotedialogactivity com.cleanmaster.mguardcom.ijinshan.screensavernew.ui.newdialogactivity com.cleanmaster.mguardcom.ijinshan.screensavernew.ui.ufoanimactivity com.cleanmaster.mguardcom.ijinshan.screensavernew.screensavertransitactivity com.cleanmaster.mguardcom.ijinshan.launcher.launchermainactivity com.cleanmaster.mguardcom.cleanmaster.ui.swipe.swipefloatguidetipactivity com.cleanmaster.mguardcom.cleanmaster.ui.capture.screencaptureimageactivity com.cleanmaster.mguardcom.cleanmaster.ui.capture.capturecommonactivity com.cleanmaster.mguardcom.ijinshan.notificationlib.notificationhelper.ui.socialmaskguideactivity com.cleanmaster.mguardcom.ijinshan.notificationlib.notificationhelper.ui.notifyguidetransitactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.utils.noaffinityforwardactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.privatebrowsingactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.privatebrowsingcmwireactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.privatebrowsingsettingactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.ui.privatebrowsingtextsizesettingactivity Is Entrypoint Copyright Joe Security LLC 2018 Page 17 of 175

18 Name com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.search.privatebrowsingsearchsettingactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.utils.pbactionrouteactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.browserutils.defaultbrowserguideactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.browserutils.fakebrowsingactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.browserutils.browserutilsactivity com.cleanmaster.mguardks.cm.antivirus.privatebrowsing.launchfilechooseractivity com.cleanmaster.mguardks.cm.antivirus.applock.protect.bookmark.secretboxbookmarksshareactivity com.cleanmaster.mguardks.cm.antivirus.applock.protect.bookmark.secretboxbookmarksactivity com.cleanmaster.mguardks.cm.antivirus.applock.protect.bookmark.addbookmarksactivity com.cleanmaster.mguardcom.cleanmaster.ncmanager.ui.enlarge.ncenlargeactivity com.cleanmaster.mguardcom.cleanmaster.ncmanager.ui.video.ncvideowebviewactivity com.cleanmaster.mguardcom.google.android.gms.common.api.googleapiactivity com.cleanmaster.mguardcom.google.android.gms.ads.purchase.inapppurchaseactivity com.cleanmaster.mguardcom.cmcm.orion.picks.picksloadingactivity com.cleanmaster.mguardcom.cmcm.orion.utils.internal.pickstransparentactivity com.cleanmaster.mguardcom.cmcm.orion.picks.webview.picksbrowser com.cleanmaster.mguardcom.cmcm.orion.picks.impl.picksinterstitialactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.fullscreenvideoactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.brandfeeddetailvideoactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.brandfeeddetailimageactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.brandfeeditemvideoactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.brandpgvideoactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.incentivevideoplayactivity com.cleanmaster.mguardcom.cmcm.orion.picks.impl.videoaddetailactivity com.cleanmaster.mguardcom.cmcm.orion.picks.api.notiactivity com.cleanmaster.mguardcom.picksbrowser.picksbrowser com.cleanmaster.mguardcom.my.target.ads.mytargetactivity com.cleanmaster.mguardcom.google.android.gms.auth.api.signin.internal.signinhubactivity Is Entrypoint Receivers com.appsflyer.multipleinstallbroadcastreceiver com.cleanmaster.applock.receiver.applocknotificationreceiver com.cleanmaster.applock.receiver.applockreportreceiver com.cleanmaster.applock.receiver.phonestatereceiver com.cleanmaster.applocklib.base.applockactivereceiver com.cleanmaster.applocklib.core.service.applockecmoreceiver com.cleanmaster.appwidget.mainappwidgetblackprovider com.cleanmaster.appwidget.mainappwidgetwhiteprovider com.cleanmaster.appwidget.widgetbroadcastreceiver com.cleanmaster.boost.lowbatterymode.notifyachivereceiver com.cleanmaster.common_performance.inspector.changesimoperatorreceiver com.cleanmaster.login.loginnetworkreceiver com.cleanmaster.notification.monitorbroadcastreceiver com.cleanmaster.push.junknotificationreceiver com.cleanmaster.push.pushnotificationreceiver com.cleanmaster.screensave.locknewsnotificationdeletereceiver Intent: com.android.vending.install_referrer Intent: applock_show_notification, applock_alarm_notification, applock_overlay_alarm_notification, applock_overlay_notification_clicked Intent: com.applock.ks.cm.antivirus.applock.action.report Intent: com.cleanmaster.applocklib.intent.receiver.applock_active Intent: android.appwidget.action.appwidget_update Intent: android.appwidget.action.appwidget_update Intent: com.cleanmaster.appwidget.appwidget_default_update, com.cleanmaster.appwidget.appwidget_fresh_update, com.cleanmaster.appwidget.appwidget_clean_process_update, com.cleanmaster.appwidget.appwidget_start_clean_process_update Intent: com.cleanmaster.api.set_operator Intent: android.net.conn.connectivity_change Intent: com.cleanmaster.push.action_push_url_jump, com.cleanmaster.push.action_push_webview_jump, com.cleanmaster.push.action_push_news_detail_jump, com.cleanmaster.push.action_push_cancel com.cleanmaster.screensave.screenadreceiver Intent: com.cleanmaster.action.screenon (Priority 1000), com.cleanmaster.action.preloadscreenad (Priority 1000), com.cleanmaster.screensave.action.screensave.state (Priority 1000), com.cleanmaster.screensave.action.powerconnected (Priority 1000), com.cleanmaster.screensave.action.powerdisconnected (Priority 1000), com.cleanmaster.screensave.action.connectivitychange (Priority 1000) com.cleanmaster.screensave.screenadservicereceiver Intent: android.intent.action.action_power_connected (Priority 1000), android.intent.action.action_power_disconnected (Priority 1000), android.net.conn.connectivity_change (Priority 1000) com.cleanmaster.screensave.screensaveutils$buttonbroadcastreceiver com.cleanmaster.screensave.screensaveutils$deletebroadcastreceiver com.cleanmaster.screensave.screensaveutils$myboostreceiver com.cleanmaster.screensave.screensavernotificationreceiver Intent: com.cleanmaster.screensave.intent.action.buttonclick Intent: com.cleanmaster.screensave.intent.action.deletenotify Intent: com.cmcm.screensaver.update_data_battery Intent: screen_saver_state_changed, screen_saver_show_notification, screen_saver_cloud_notification, screen_saver_ui_guide, weather_sdk_launch_from_notification Copyright Joe Security LLC 2018 Page 18 of 175

19 com.cleanmaster.screensave.screensaverpushreceiver com.cleanmaster.screensave.weathernotificationreceiver Intent: com.cleanmaster.mguard.screensaver.screensaverpushreceiver Intent: com.cmcm.weather.sdk.notification com.cleanmaster.screensave.locker.screenlockerreceiver Intent: com.cleanmaster.screensave.action.preloadslad (Priority 1000), com.cleanmaster.screensave.action.screenlocker.state (Priority 1000), com.cleanmaster.screensave.action.powerconnected (Priority 1000), com.cleanmaster.screensave.action.powerdisconnected (Priority 1000), com.cleanmaster.screensave.action.connectivitychange (Priority 1000), android.intent.action.action_shutdown (Priority 1000) com.cleanmaster.security.notification.installnotificationreceiver com.cleanmaster.security.scan.installmonitorreceiver com.cleanmaster.security.scan.installnotificationdeletereceiver com.cleanmaster.ui.app.provider.download.downloadreceiver com.cleanmaster.watcher.usedmemorynotificationreceiver com.cm.root.rootkeepercrashreceiver com.cmcm.orion.utils.internal.appinstallreceiver com.cmcm.vpn.vpnconfigreceiver com.duapps.ad.base.packageaddreceiver com.google.analytics.tracking.android.campaigntrackingreceiver com.google.android.gms.measurement.appmeasurementinstallreferrerreceiver com.google.android.gms.measurement.appmeasurementreceiver com.google.firebase.iid.firebaseinstanceidinternalreceiver com.google.firebase.iid.firebaseinstanceidreceiver com.ijinshan.cleaner.receiver.alarmreceiver com.ijinshan.cleaner.receiver.connectivitychangebroadcastreceiver com.ijinshan.cleaner.receiver.mainprocessreceiver com.ijinshan.cleaner.receiver.mainprocessreceiverforpush com.ijinshan.cleaner.receiver.screenunlockreceiver Intent: android.intent.action.package_added, android.intent.action.package_removed, com.cleanmaster.security.scan.installmonitorreceiver Intent: android.intent.action.cm_download_list, android.intent.action.cm_download_open, android.intent.action.cm_download_hide, android.intent.action.cm_download_retry, android.intent.action.cm_download_wakeup Intent: com.ijinshan.rootkeeper.action.rootcrash Intent: android.intent.action.package_added, android.intent.action.package_removed Intent: com.cmcm.vpn.configuration Intent: android.intent.action.package_added Intent: com.android.vending.install_referrer Intent: com.android.vending.install_referrer Intent: com.google.android.c2dm.intent.receive, com.google.android.c2dm.intent.registration Intent: com.cleanmaster.service.alarm_show_frequence_action Intent: android.net.conn.connectivity_change, android.net.wifi.state_change Intent: com.ijinshan.cleaner.receiver.mainprocessreceiver.action1 Intent: com.ijinshan.cleaner.receiver.mainprocessreceiverforpush.action Intent: android.intent.action.user_present com.ijinshan.cleaner.receiver.storagestatusreceiver Intent: android.intent.action.media_mounted (Priority 1000), android.intent.action.media_eject (Priority 1000) com.ijinshan.cleaner.receiver.toucherappbroadcastreceiver com.ijinshan.cleaner.receiver.uninstallbroadcastreceiver com.ijinshan.screensavernew.riskscanreceiver com.ijinshan.screensavershared.screensavernullreceiver com.ijinshan.screensavershared.avoid.overchargingsoundreceiver com.ijinshan.screensavershared.mutual.charingsaverstatereceiver com.intowow.sdk.schedulereceiver com.keniu.security.update.push.gcm.sdk.gcmbroadcastreceiver com.ksmobile.business.sdk.utils.broadcastreceiverservice com.lock.common.lowbatteryreceiver com.lock.cover.wallpaperchangereceiver com.lock.sideslip.cmsideproviderreceiver com.mnt.mntbroadcastreceiver Intent: action_toucher_click_advanced_clean Intent: android.intent.action.package_added, android.intent.action.package_removed, com.cleanmaster.receiver.action_removed_system_app Intent: com.ijinshan.screensaveshared.startuiprocess Intent: com.overcharging.sound.state.action Intent: com.charingsaver.state.action Intent: com.intowow.sdk.prefetch Intent: com.google.android.c2dm.intent.receive, com.google.android.c2dm.intent.registration Intent: android.intent.action.package_added Intent: com.cleanmaster.lowbatterychanged Intent: android.intent.action.wallpaper_changed Intent: com.cmcm.cmnow.internal.action.side_conflict Intent: android.intent.action.package_added, android.intent.action.package_removed com.screenlocker.receiver.lockscreenactivereceiver Intent: com.cleanmaster.action.screenon (Priority 1000), com.cleanmaster.action.screenoff (Priority 1000) ks.cm.antivirus.privatebrowsing.receiver.privatebrowsingdownloadreceiver Intent: android.intent.action.download_complete, android.intent.action.download_notification_clicked Services com.cleanmaster.api.cmapiservice Intent: com.cleanmaster.api.access (Priority 0) com.cleanmaster.applocklib.core.service.applockservice com.cleanmaster.appwidget.widgetservice Intent: com.cleanmaster.appwidget.action_fastclean (Priority 0) Intent: com.cleanmaster.appwidget.action_report_active (Priority 0) Intent: com.cleanmaster.appwidget.action_remove_go_widget (Priority 0) Intent: com.cleanmaster.appwidget.action_reset_fast_clean (Priority 0) Intent: com.cleanmaster.appwidget.action_add_go_widget (Priority 0) com.cleanmaster.base.crash.crashreportservice Intent: com.cleanmaster.crash.report (Priority 0) com.cleanmaster.boost.acc.service.accservice com.cleanmaster.boost.acc.service.accessibilitykillservice Intent: android.accessibilityservice.accessibilityservice (Priority 0) com.cleanmaster.boost.acc.ui.savepowerservice Copyright Joe Security LLC 2018 Page 19 of 175

20 com.cleanmaster.cloudconfig.cloudcfgintentservice com.cleanmaster.dmc.dmcdatareportservice Intent: com.cleanmaster.dmc.report (Priority 0) com.cleanmaster.intruder.core.cameramanservice com.cleanmaster.junk.accessibility.accessibilityremoteservice com.cleanmaster.junk.engine.junkaccservice com.cleanmaster.login.loginservice com.cleanmaster.ncmanager.core.notificationmanagerservice com.cleanmaster.ncmanager.core.notificationtranstionservice com.cleanmaster.nrdatalearn.nrdboperatorservice com.cleanmaster.optimize.optondeviceidle com.cleanmaster.optimize.workermurder com.cleanmaster.privacypicture.core.ppguardscheduler com.cleanmaster.screensave.newscreensaver.screensaverservice com.cleanmaster.screensave.notification.lownotificationswitchservice com.cleanmaster.screensave.notification.notificationlistener Intent: android.service.notification.notificationlistenerservice (Priority 0) com.cleanmaster.screensave.workernotification.screensaverncservice com.cleanmaster.screensave.workernotification.screensavernctransservice com.cleanmaster.screensave.workernotification.workernotificationctrlservice com.cleanmaster.screensave.workernotification.workernotificationservice com.cleanmaster.security.notification.vpnnotificationservice com.cleanmaster.security.scan.sdcard.sdcardscanservice Intent: com.cleanmaseter.security.sdcard.action_new_security_scan (Priority 0) com.cleanmaster.securitywifi.service.swgmanagerservice com.cleanmaster.service.bgscanservice com.cleanmaster.service.floatservice com.cleanmaster.service.localservice Intent: com.cleanmaster.service.action_cmbox_setup (Priority 0) Intent: com.cleanmaster.service.action_move (Priority 0) Intent: com.cleanmaster.service.action_cmbox_cleanup (Priority 0) Intent: com.cleanmaster.service.action_restore (Priority 0) Intent: com.cleanmaster.service.action_get_application_info (Priority 0) Intent: com.cleanmaster.service.action_get_system_movable_apps (Priority 0) Intent: com.cleanmaster.service.action_act (Priority 0) Intent: com.cleanmaster.service.action_preload_business_ad_screen_saver (Priority 0) Intent: com.cleanmaster.service.action_preload_ad_result_page (Priority 0) com.cleanmaster.service.permanentservice com.cleanmaster.service.photocompressservice com.cleanmaster.service.workerservice com.cleanmaster.service.a com.cleanmaster.service.b com.cleanmaster.ui.app.provider.download.downloadservice com.cleanmaster.ui.app.task.topappsinterface Intent: com.cleanmaster.api.get_top_apps (Priority 0) com.cmcm.orion.picks.init.downloadservice com.cmcm.swiper.swiperservice Intent: com.cleanmaster.appwidget.action_fastclean (Priority 0) Intent: com.cleanmaster.appwidget.action_report_active (Priority 0) Intent: com.cleanmaster.appwidget.action_remove_go_widget (Priority 0) Intent: com.cleanmaster.appwidget.action_reset_fast_clean (Priority 0) Intent: com.cleanmaster.appwidget.action_add_go_widget (Priority 0) com.cmcm.vpn.localvpnservice Intent: android.net.vpnservice (Priority 0) com.google.android.gms.auth.api.signin.revocationboundservice com.google.android.gms.measurement.appmeasurementservice com.google.firebase.iid.firebaseinstanceidservice Intent: com.google.firebase.instance_id_event (Priority -500) com.ijinshan.screensavernew3.listenerunlockservice com.ijinshan.screensavernew4.sslangservice com.ijinshan.screensavernew4.weather.screensaverweatherservice com.ijinshan.screensavershared.base.launcher.screensaverstartservice com.keniu.security.update.push.gcm.gcmintentservice com.lock.service.chargingdetector.chargingdetectorservice com.lock.sideslip.slideslipservice com.picksinit.downloadservice com.screenlocker.service.lockscreenservice ks.cm.antivirus.privatebrowsing.download.downloadreceiverservice Permission Requested android.permission.access_coarse_location android.permission.access_fine_location android.permission.access_network_state android.permission.access_wifi_state Copyright Joe Security LLC 2018 Page 20 of 175