Техническая информация
Вредоносные функции:
Отправляет СМС-сообщения:
- 12114: HZSY#####
Загружает на исполнение код следующих детектируемых угроз:
- Android.SmsSend.1848.origin
- Android.Triada.133
Загружает из Интернета следующие детектируемые угрозы:
- Android.Triada.133
Отправляет данные получаемых СМС-сообщений на удалённый хост.
Сетевая активность:
Подключается к:
- p####.####.com:9000
- h####.####.com
- 2####.####.111:8080
- 1####.####.57:10001
- 1####.####.45:10002
- a1637da####.####.net
- af####.####.com
- w####.####.com
- y####.####.com
- z####.####.com
- 1####.####.57
- 1####.####.56
- s####.####.com
- 1####.####.34:19000
- i####.####.com
- a####.####.site
- sd####.####.com
- p####.####.com
- 2####.####.134:8080
- reso####.####.com
- 1####.####.128:8010
- f####.####.com
- res####.####.com
- m####.####.com
- 1####.####.242:8080
- m####.####.cn
- 1####.####.242
- 1####.####.56:9039
- o####.####.com
- d####.####.com
- a####.####.site:8090
- l####.####.com
- afpt####.####.com
- 1####.####.128
- pa####.####.com
- sdkup####.####.com
- sdkup####.####.com:20000
- a####.####.com
- t####.####.com
- 2####.####.67:10001
- cloudfr####.####.com
- c####.####.com
- a6b854d####.####.net
- a08b3c8####.####.net
- y####.com
- cou####.####.com
Запросы HTTP GET:
- w####.####.com/rdo/order/invalid;jsessionid=C70738E3C29E9FA1CFD51B173BCFDC06.8ngFvPcrC.1.0?rc=####&ln=####&orderNo=####&feeCode=####&sign=####&cm=####...
- d####.####.com/dup/ui/painter/duBaoMob.js
- w####.####.com/uploadImages/2016/337/31/V0CAMT16267P_H.jpg
- f####.####.com/it/u=959100585,1197998252&fm=76
- w####.####.com/uploadImages/2016/239/15/RHHNFUL7N0KF_H.jpg
- w####.####.com/uploadImages/2017/069/11/1NO21626876V_H.jpg
- y####.com//uploadImages/2017/069/38/13D4654694X2.jpg
- p####.####.com/push.js
- w####.####.com/uploadImages/2017/091/45/4H1DUX4S76HK_H.jpg
- 1####.####.128/count.php?type=####&hKey=####&did=####
- m####.####.cn/mtin.db.shcut.zip
- w####.####.com/uploadImages/2017/069/05/KZ944314B30V_H.jpg
- p####.####.com/wcdm?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
- t####.####.com/cc/json/mobile_tel_segment.htm?tel=####
- w####.####.com/600x400/uploadImages/2017/024/19/IKQ26ONPSD72.jpg
- w####.####.com/414x480/uploadImages/2017/048/06/RU012L18BM04.jpg
- w####.####.com/uploadImages/20160316112906462.jpg
- m####.####.cn/mtin.db.unacc_TH_2017011601.zip
- y####.com/TLimages2009/yesky/js/tiaozhuanyemian.js
- m####.####.cn/kv3a1ecf93f2cffe3edb137987a2f679f650f1d61d75e13eef51322a.js
- w####.####.com/uploadImages/2017/091/10/D36EBTPW3THI_H.jpg
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&et=####&ja=####&ln=####&lo=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&tt=####&sn=####
- y####.com/TLimages2009/yesky/js/iscroll.js
- w####.####.com/uploadImages/2017/069/43/JIL790IDZSJ4_H.jpg
- w####.####.com/uploadImages/2016/340/07/4TN3Q06AA154_H.jpg
- y####.com/TLimages2009/yesky/wap/swiper.min.css
- m####.####.cn/tr3a1ecf93f7caf13fdb137987a2f679f650f1d61d75e13eef51322a.js
- f####.####.com/it/u=969850180,134163325&fm=76
- c####.####.com/cpro/ui/noexpire/img/mob_adicon.png
- w####.####.com/uploadImages/2017/091/47/8M37C94XAH71_H.jpg
- f####.####.com/it/u=285481876,3167449850&fm=76
- w####.####.com/uploadImages/2016/335/55/LR6H44Q93W6U_H.jpg
- c####.####.com/20170317/tongyu-pay-lib-2144.apk
- a08b3c8####.####.net/test.png
- 1####.####.128:8010/count.php?type=####&hKey=####&did=####
- y####.com/TLimages2009/yesky/js/wenzhangzhuan.js
- w####.####.com/120x90/uploadImages/2017/076/36/TV4FM5IGHTEE.jpg
- w####.####.com/uploadImages/2016/338/55/QGV3992737F6_H.JPG
- p####.####.com/sdkMis/getRdoUrl
- c####.####.com/sync.htm?cproid=####
- w####.####.com/600x400/uploadImages/2017/055/06/BUCNFV9P31ES.jpg
- y####.####.com/s?z=####&c=####
- w####.####.com/uploadImages/2017/004/55/YU4NZ909RAQR.jpg
- s####.####.com/core.php?web_id=####&t=####
- y####.com/TLimages2009/yesky/js/swiper.min.js
- w####.####.com/uploadImages/2015/070/03/JR81LNI33M6Y_H.jpg
- w####.####.com/uploadImages/2017/087/31/KE6G437STQH7.jpg
- w####.####.com/uploadImages/2016/146/10/95936U4RW03T.jpg
- w####.####.com/120x90/uploadImages/2017/076/44/7S4T2027J36X.jpg
- m####.####.com/getSP135.php?appName=####&productName=####&mobile=####&apiKey=####&tradeId=####&point=####&extraInfo=####&model=####&op=####&did=####&o...
- cloudfr####.####.com/x.png
- w####.####.com/uploadImages/2016/321/13/M5T0KR32E3Y6_H.jpg
- w####.####.com/600x400/uploadImages/2016/127/00/USA1PCP80FQ6.jpg
- w####.####.com/uploadImages/2017/069/06/89280OVLHG3M_H.jpg
- w####.####.com/uploadImages/2016/338/25/Z26U86815GX1_H.jpg
- w####.####.com/uploadImages/2015/160/37/82OQ76N75B35.jpg
- p####.####.com/wcdm?rdid=####&dc=####&di=####&dri=####&dis=####&dai=####&ps=####&coa=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=##...
- w####.####.com/uploadImages/2017/091/56/Y8189ND9Y1CE.jpg
- w####.####.com/uploadImages/2017/069/58/H51326FH727N_H.jpg
- f####.####.com/it/u=311668623,3349801938&fm=76
- f####.####.com/it/u=1140166009,275025161&fm=76
- s####.####.com/z_stat.php?id=####&web_id=####
- c####.####.com/cpro/ui/noexpire/img/chapin/stand.png
- f####.####.com/it/u=243522553,211790100&fm=76
- a####.####.com/g/mm/afp-cdn/JS/k.js
- w####.####.com/uploadImages/2017/087/58/I2O1BE90TC16.jpg
- w####.####.com/uploadImages/20160316112917614.jpg
- w####.####.com/uploadImages/20170310170858144001.jpg
- w####.####.com/uploadImages/2017/004/59/H4RNBRMF8NBX.jpg
- y####.com//uploadImages/2017/069/06/89280OVLHG3M.jpg
- w####.####.com/414x480/uploadImages/2017/048/14/RFV57249EIH8.jpg
- f####.####.com/it/u=1200477768,304170552&fm=76
- y####.com/TLimages2009/yesky/images/wimg/nav-top.png
- w####.####.com/414x480/uploadImages/2017/048/54/8W0N1FWEN073.jpg
- w####.####.com/120x90/uploadImages/2017/091/33/6W75153098MI.jpg
- m####.####.cn/xv3a1ecf93f7caf039db137987a2f679f650f1d61d75e13eef51322a.js
- c####.####.com/cpro/ui/noexpire/img/chapin/shrink1.png
- afpt####.####.com/imp?bid=####&pid=####&cid=####&mid=####&oid=####&productType=####&qytInfoMTime=####&e=####&k=####&cb=####
- y####.com/TLimages2009/yesky/wap/tupianshouye.css
- w####.####.com/uploadImages/2017/037/46/XX3SXF4Y8914_%7Byingke20170106%7D.png
- l####.####.com/w.gif?logtype=####&pre=####&cache=####&scr=####&cna=####&isbeta=####&
- z####.####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&showp=####&t=####&umuuid=####&h=####&rnd=####
- w####.####.com/uploadImages/2017/091/33/6W75153098MI.jpg
- 1####.####.57/v1/order/get?app_vername=####&phone=####&imei=####&package_name=####&sdk_version=####&net_type=####&callback_args=####&app_name=####&cid...
- w####.####.com/uploadImages/2017/069/41/EIEMUVH42US2_H.jpg
- a1637da####.####.net/test.png
- m####.####.cn/mtin.db.mild.zip
- y####.com/TLimages2009/yesky/images/wimg/jianbianbg.png
- m####.####.cn/ym3a1ecf92f4c9f63adb137987a2f679f650f1d61d75e13eef51322a.js
- m####.####.cn/mtin.db.meng.zip
- w####.####.com/414x480/uploadImages/2017/048/31/PLE7R804P9QE.jpg
- y####.com/TLimages2009/yesky/js/counter/web-utils.js
- reso####.####.com/gslb/gslb/getbucket.asp
- s####.####.com/s.htm?cproid=####&t=####
- 1####.####.56:9039/gamesit/jysdk/initsdk?os_info=####&os_model=####&net_info=####&imsi=####&imei=####&type=####&version=####
- a####.####.site/afee?cpid=####&appfee_id=####&fee=####&smsc=####&imsi=####&p=####&appname=####&sign=####
- cou####.####.com/counter.shtml?UV=####&VS=####&refer=####&rand=####&cur=####&language=####&system=####&browser=####&flashVesion=####&resolution=####&c...
- w####.####.com/uploadImages/2016/165/30/LJ60Q5WAS808_H.jpg
- w####.####.com/uploadImages/2016/336/21/8RUHI4TS1053_H.jpg
- w####.####.com/uploadImages/2015/317/47/UZQ3233UZX81_H.jpg
- w####.####.com/uploadImages/2017/069/33/TSF18383SKIW_H.jpg
- afpt####.####.com/opt?bid=####&pid=####&cid=####&mid=####&oid=####&productType=####&qytInfoMTime=####&cb=####
- y####.com/TLimages2009/yesky/images/ywap15/keyicon.jpg
- w####.####.com//uploadImages/20170310170858289004.jpg
- w####.####.com//uploadImages/20170310170858148006.jpg
- w####.####.com/uploadImages/2017/005/45/CHA89N3T3E15.jpg
- w####.####.com/uploadImages/2017/091/51/W2683790S1V2_H.jpg
- w####.####.com/rdo/order?mcpid=####&orderNo=####&feeCode=####&reqTime=####&sign=####&cm=####&vt=####&key=####
- c####.####.com/9.gif?abc=####&rnd=####
- w####.####.com/120x90/uploadImages/2017/076/34/CFJ8C70V4UQ8.jpg
- w####.####.com/uploadImages/2016/299/43/4M7165NSCB6P_H.jpg
- w####.####.com/uploadImages/2017/069/38/13D4654694X2_H.jpg
- w####.####.com/rdo/order/invalid;jsessionid=BB2F8974779EAC5D88CA415282121C30.8ngFvPcrC.1.0?rc=####&ln=####&orderNo=####&feeCode=####&sign=####&cm=####...
- m####.####.cn/du3a1ecf92fec2fe3ddb137987a2f679f650f1d61d75e13eef51322a.js
- w####.####.com/uploadImages/2017/005/33/4TJ79IT5NIB0.jpg
- w####.####.com/uploadImages/2015/218/58/0D8059DED1I0_H.jpg
- w####.####.com/pic/
- w####.####.com/600x400/uploadImages/2017/055/47/63HP79948BNH.jpg
- a####.####.site/getdata?cpid=####&packagename=####
- w####.####.com/uploadImages/2017/069/58/H51326FH727N.jpg
- w####.####.com/uploadImages/2017/069/31/2R1TYK120JA4_H.jpg
- w####.####.com/uploadImages/2016/179/29/6WV1TWAK8Y01.jpg
- w####.####.com/uploadImages/2016/336/13/A0S6581UZOIB_H.JPG
- res####.####.com/v3/ip?output=####&key=####
- w####.####.com/uploadImages/2017/069/18/565G4O6D653Z_H.jpg
- i####.####.com/getip.aspx
- w####.####.com/414x480/uploadImages/2017/069/57/WWH3NFX3H553.jpg
- w####.####.com/414x480/uploadImages/2017/048/34/KTR33H9H7NW0.jpg
- m####.####.cn/as3a1ecf92fec3f630db137987a2f679f650f1d61d75e13eef51322a.js
- s####.####.com/static/dspui/js/umf.js
- w####.####.com/120x90/uploadImages/2017/074/18/54Z959ZB9T0F.jpg
- s####.####.com/acookie.html
- w####.####.com/uploadImages/2017/091/17/0Q6RT21Q45G7.jpg
- 1####.####.56//gamesit/xysdk/init
- p####.####.com/sync_pos.htm?cproid=####&t=####
- y####.com//uploadImages/2017/069/41/EIEMUVH42US2.jpg
- w####.####.com/uploadImages/2016/335/50/XXK555F83H1O_H.jpg
- f####.####.com/it/u=1541475275,596992554&fm=76
- m####.####.cn/it3a1ecf93f2cffe3cdb137987a2f679f650f1d61d75e13eef51322a.js
- w####.####.com/uploadImages/2016/338/03/4DI51P792PA2_H.JPG
- 1####.####.56/gamesit/jysdk/inix
- w####.####.com/pic/c/6_22231.shtml
- y####.com/TLimages2009/yesky/js/add_adv.js
- w####.####.com/uploadImages/2016/137/56/EHWX2HJ2OG6J_H.jpg
- c####.####.com/cpro/ui/noexpire/img/2.0.1/custmLogo1.png
- w####.####.com/120x90/uploadImages/2017/091/21/1O4R47438U2I.jpg
- w####.####.com/uploadImages/2017/041/22/S1928AY5XD54_H.jpg
- w####.####.com/uploadImages/2016/336/23/08325S30QM7Q_H.jpg
- c####.####.com/cpro/expire/time2.js
- w####.####.com/uploadImages/2016/321/56/NZ1569Q81D84_H.jpg
- y####.com//uploadImages/2017/069/31/610B34YO8NC3.jpg
- w####.####.com/uploadImages/2017/087/57/2HI1U2TMH91E.jpg
- w####.####.com/414x480/uploadImages/2017/048/44/9NAI28EVS5I3.jpg
- f####.####.com/it/u=1365343343,2028412079&fm=76
- a####.####.com/s.gif?l=####
- w####.####.com/uploadImages/2017/091/08/IS23SQ7HRJQV_H.jpg
- c####.####.com/pixel?dspid=####
- w####.####.com/uploadImages/2017/087/28/0P770ULAKUF0.jpg
- w####.####.com/uploadImages/2017/087/09/7U600727TH67.jpg
- y####.com/TLimages2009/yesky/js/jquery-1.7.2.min.js
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&et=####&ja=####&ln=####&lo=####<=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&tt=####&...
- m####.####.cn/fg7e50c7dcf6cefe39974a24d9f0a667bf05.js
- p####.####.com/cityjson?ie=####
- w####.####.com/uploadImages/2016/338/44/D4P968I96S40_H.jpg
- w####.####.com/pic/479/108578979.shtml
- m####.####.cn/au3a1ecf92f1caf038db137987a2f679f650f1d61d75e13eef51322a.js
- p####.####.com/s?pss=####&ti=####&ps=####&drs=####&cfv=####&cpl=####&chi=####&cce=####&cec=####&tlm=####&uc=####&pis=####&sr=####&ccd=####&cja=####&cm...
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####<=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####
- w####.####.com/uploadImages/2017/004/55/1HW17849DKCH.jpg
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####<=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&...
- w####.####.com/uploadImages/2017/005/36/165X5QOQRJB3.jpg
- w####.####.com/600x400/uploadImages/2017/055/25/18GY8B10D62Y.jpg
- w####.####.com/uploadImages/2017/087/51/9P3PON26SZB2.jpg
- af####.####.com/ex?a=####&sp=####&cb=####&u=####&ds=####&_=####&fs=####&pvid=####&cg=####
- w####.####.com/uploadImages/2017/074/13/4JB5JFPZQXXW_H.jpg
- w####.####.com/414x480/uploadImages/2017/048/45/T36EJUC1YLAQ.jpg
- c####.####.com/cpro/ui/noexpire/img/chapin/look1.png
- m####.####.com/get139.php?apiKey=####&imsi=####
- p####.####.com/sync_pos.htm?cproid=####
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&u=####
- w####.####.com/uploadImages/2017/091/11/DY2V9R67W2AB_H.jpg
- w####.####.com/414x480/uploadImages/2017/069/29/U7PBI7M3O5N4.jpg
- w####.####.com/uploadImages/2017/091/21/1O4R47438U2I.jpg
- af####.####.com/acookie.html
- p####.####.com:9000/versionpatch?updVersion=####&crc32=####&version=####&imsi=####
- w####.####.com/uploadImages/2016/149/08/NKNXVKA64EV9.jpg
- w####.####.com/uploadImages/2016/210/53/B37E109956A5_H.jpg
- c####.####.com/cpro/ui/noexpire/img/2.0.1/bd-logo4.png
- y####.com/TLimages2009/yesky/images/pic/adtips.png
- w####.####.com/uploadImages/2015/110/23/31C74228A803.jpg
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####
- w####.####.com/adx.php?c=####
- m####.####.cn/wi3a1ecf93f5c9f230db137987a2f679f650f1d61d75e13eef51322a.js
- a####.####.com/p.htm?sp=####
- a6b854d####.####.net/test.png
- h####.####.com/hm.js?0e8d8a4####
- 1####.####.57:10001/v1/order/get?app_vername=####&phone=####&imei=####&package_name=####&sdk_version=####&net_type=####&callback_args=####&app_name=##...
- a####.####.site:8090/phoneget?cpid=####&ismi=####&calltime=####&callcount=####&smscount=####&appname=####&sign=####
- c####.####.com/du?&baidu_user_id=####&cookie_version=####×tamp=####&ext_data=####
- w####.####.com/uploadImages/20170310170858578003.jpg
- y####.com/TLimages2009/yesky/js/swiper.js
- w####.####.com/uploadImages/20170310170858849002.jpg
- w####.####.com/pic/197/108578697.shtml
- w####.####.com/uploadImages/2016/337/13/ND24N3A9O4DN_H.jpg
- w####.####.com/uploadImages/2017/039/08/7VJ0HP262753.png
- c####.####.com/cpro/ui/cm.js
- y####.com/TLimages2009/yesky/images/wimg/piclogo.png
- p####.####.com/acym?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
- w####.####.com/120x90/uploadImages/2017/091/31/TZ8622J8V68O.jpg
- w####.####.com/uploadImages/2015/345/38/V35S0MM4W4HJ_H.jpg
- w####.####.com/uploadImages/2017/069/33/8Q16D51G0KG2_H.jpg
- w####.####.com/414x480/uploadImages/2017/048/27/CTATWEF93K39.jpg
- y####.com/TLimages2009/yesky/images/wimg/pic-zd.png
- w####.####.com/uploadImages/2015/167/57/9J2WVI1E7172.jpg
- sdkup####.####.com:20000/version/29/patch/astep_A_J_3.0.0_29.apk_26_patch.apk
- m####.####.cn/ww3a1ecf93f7cbf53adb137987a2f679f650f1d61d75e13eef51322a.js
- w####.####.com//uploadImages/20170310170858290005.jpg
- w####.####.com/120x90/uploadImages/2017/091/17/0Q6RT21Q45G7.jpg
- w####.####.com/uploadImages/2017/081/06/EKILSQO5WOO0_%7B0A7C40AF-824A-45B1-9F3C-BF36EF0A763F%7D.png
- m####.####.cn/rc3a1ecf93f5c9f53fdb137987a2f679f650f1d61d75e13eef51322a.js
- w####.####.com/TLimages2009/yesky/wap/swiper.min.css
- w####.####.com/uploadImages/2017/069/31/610B34YO8NC3_H.jpg
- c####.####.com/cpro/ui/noexpire/img/chapin/blank.png
- p####.####.com/wcem?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
- w####.####.com/uploadImages/2017/091/31/TZ8622J8V68O.jpg
Запросы HTTP POST:
- p####.####.com/sdkMis/sdk-update
- p####.####.com/sdkMis/mobile-submit
- d####.####.com/mmsdk/mmsdk?func=####&appkey=####&channel=####&code=####
- 1####.####.242:8080/pay/servlet/UploadPhoneInfo2
- sd####.####.com/behaviorLogging/eventLogging/accept
- 1####.####.242/pay/servlet/UploadPhoneInfo2
- 1####.####.34:19000/v2/chis
- pa####.####.com/mobile-service/getOpenImsiMobilePhone.json
- o####.####.com/check_config_update
- a####.####.com/app_logs
- pa####.####.com/pay-sms-access//getAccessPayChannel.json
- 1####.####.242/pay/servlet/UploadPayStartInfo
- 2####.####.67:10001/con/inint.do
- p####.####.com/payorder_new
- 1####.####.45:10002/admgr/admgrsurvey.do
- 1####.####.242/pay/servlet/GetThirdInfo2
- sdkup####.####.com/manage/register/b974b2fa-35a6-407a-bebb-bb2f484cc9edAP15160916142005210000@@@YC6330316193102410002@@@250026699187743
- 2####.####.134:8080/mtin/home
- pa####.####.com/pay-sms-access//uploadOpenPayOrderResult.json?
- p####.####.com/sdkMis/mobile-status-quo
- pa####.####.com/pay-sms-access//uploadSmsDetailInfo.json?
- p####.####.com/sdkMis/init-submit
- 2####.####.111:8080/mild/mg/packet
- 1####.####.242/pay/servlet/UploadPayEndInfo
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/cache/webviewCacheChromium/f_00002f
- /data/data/####/cache/webviewCacheChromium/f_00002e
- /data/data/####/cache/webviewCacheChromium/f_00002d
- /data/data/####/cache/webviewCacheChromium/f_00002c
- /data/data/####/cache/webviewCacheChromium/f_00002b
- /data/data/####/cache/webviewCacheChromium/f_00002a
- /data/data/####/cache/webviewCacheChromium/f_000052
- /data/data/####/cache/webviewCacheChromium/f_000053
- /data/data/####/cache/webviewCacheChromium/f_000050
- /data/data/####/cache/webviewCacheChromium/f_000051
- /data/data/####/cache/webviewCacheChromium/f_000056
- /data/data/####/cache/webviewCacheChromium/f_000057
- /data/data/####/shared_prefs/b_share.xml
- /data/data/####/cache/webviewCacheChromium/f_000055
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/files/plugin.dex
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/shared_prefs/port.xml.bak
- /data/data/####/files/plugin.apk
- /data/data/####/cache/webviewCacheChromium/f_00006c
- /data/data/####/cache/webviewCacheChromium/f_00000e
- /data/data/####/shared_prefs/tools.xml.bak
- /data/data/####/shared_prefs/com.example.readcommoninfo.StatInfo.xml
- /data/data/####/shared_prefs/plugins.serviceMapping.xml
- /data/data/####/databases/bil_db-journal
- /data/data/####/shared_prefs/DATE.xml
- /data/data/####/shared_prefs/zhangpay_sms_info.xml.bak
- /data/data/####/cache/webviewCacheChromium/f_00005b
- /data/data/####/cache/webviewCacheChromium/f_00005c
- /data/data/####/cache/webviewCacheChromium/f_00005a
- /data/data/####/cache/webviewCacheChromium/f_00005f
- /data/data/####/cache/webviewCacheChromium/f_00005d
- /data/data/####/cache/webviewCacheChromium/f_00005e
- /data/data/####/cache/webviewCacheChromium/f_00006b
- /data/data/####/shared_prefs/ma_data.xml.bak
- /data/data/####/databases/webview.db-journal
- /data/data/####/cache/webviewCacheChromium/f_000026
- /data/data/####/cache/webviewCacheChromium/f_000025
- /data/data/####/cache/webviewCacheChromium/f_000024
- /data/data/####/cache/webviewCacheChromium/f_000023
- /data/data/####/cache/webviewCacheChromium/f_000022
- /data/data/####/cache/webviewCacheChromium/f_000021
- /data/data/####/cache/webviewCacheChromium/f_000020
- /data/data/####/cache/webviewCacheChromium/f_000029
- /data/data/####/cache/webviewCacheChromium/f_000028
- /data/data/####/cache/webviewCacheChromium/f_00006a
- /data/data/####/files/second_block_201.dat
- /data/data/####/shared_prefs/edition.xml
- /data/data/####/files/mtin.db.shcut.zip
- /data/data/####/databases/bil_db
- /data/data/####/files/libyunsvc
- /data/data/####/cache/webviewCacheChromium/index
- /data/data/####/cache/webviewCacheChromium/f_000054
- /data/data/####/cache/webviewCacheChromium/f_00000a
- /data/data/####/shared_prefs/ma_data.xml
- /data/data/####/cache/webviewCacheChromium/f_00000c
- /data/data/####/cache/webviewCacheChromium/f_00000b
- /data/data/####/shared_prefs/setting.xml
- /data/data/####/cache/webviewCacheChromium/f_00000d
- /data/data/####/cache/webviewCacheChromium/f_00000f
- /data/data/####/cache/webviewCacheChromium/f_000034
- /data/data/####/shared_prefs/com.example.readcommoninfo.StatInfo.xml.bak
- /data/data/####/cache/webviewCacheChromium/f_000036
- /data/data/####/cache/webviewCacheChromium/f_000037
- /data/data/####/cache/webviewCacheChromium/f_000030
- /data/data/####/cache/webviewCacheChromium/f_000031
- /data/data/####/cache/webviewCacheChromium/f_000032
- /data/data/####/cache/webviewCacheChromium/f_000033
- /data/data/####/cache/webviewCacheChromium/f_000038
- /data/data/####/cache/webviewCacheChromium/f_000039
- /data/data/####/cache/webviewCacheChromium/f_000058
- /data/data/####/cache/webviewCacheChromium/f_000059
- /data/data/####/shared_prefs/####_preferences.xml.bak
- /data/data/####/cache/webviewCacheChromium/f_000013
- /data/data/####/app_plugin_dir/com.souying.pay.plugmain/1.0_100/dalvik-cache/base-1.dex
- /data/data/####/databases/MA_epay_db-journal
- /data/data/####/cache/webviewCacheChromium/f_00006d
- /data/data/####/files/syslxd2
- /data/data/####/cache/webviewCacheChromium/f_00003d
- /data/data/####/cache/webviewCacheChromium/f_00003e
- /data/data/####/cache/webviewCacheChromium/f_00003f
- /data/data/####/cache/webviewCacheChromium/f_00003a
- /data/data/####/cache/webviewCacheChromium/f_00003b
- /data/data/####/cache/webviewCacheChromium/f_00003c
- /data/data/####/cache/webviewCacheChromium/f_00001b
- /data/data/####/files/evnlxd1
- /data/data/####/shared_prefs/yunchao_sp.xml.bak
- /data/data/####/databases/sms_db
- /data/data/####/shared_prefs/ma_epay_share.xml.bak
- /data/data/####/shared_prefs/com.souying.pay.xml
- /data/data/####/app_apCoreplugn/smp.apk
- /data/data/####/files/mtin.db.meng2.zip
- /data/data/####/cache/webviewCacheChromium/f_000001
- /data/data/####/cache/webviewCacheChromium/f_000003
- /data/data/####/cache/webviewCacheChromium/f_000002
- /data/data/####/cache/webviewCacheChromium/f_000005
- /data/data/####/cache/webviewCacheChromium/f_000004
- /data/data/####/cache/webviewCacheChromium/f_000007
- /data/data/####/shared_prefs/tools.xml
- /data/data/####/cache/webviewCacheChromium/f_000009
- /data/data/####/shared_prefs/sp_haoapp.xml
- /data/data/####/shared_prefs/b_setting.xml
- /data/data/####/cache/webviewCacheChromium/f_000008
- /data/data/####/databases/recordInfo-journal
- /data/data/####/cache/webviewCacheChromium/f_000014
- /data/data/####/shared_prefs/b_share.xml.bak
- /data/data/####/shared_prefs/com.souying.pay.plugmain_p_config.xml
- /data/data/####/baea/tmb.jar
- /data/data/####/cache/webviewCacheChromium/f_000027
- /data/data/####/shared_prefs/new_vvsion.xml
- /data/data/####/databases/database-journal
- /sdcard/qin_yuanlang/plugin.apk_29
- /data/data/####/shared_prefs/ma_epay_share.xml
- /data/data/####/cache/webviewCacheChromium/f_000018
- /data/data/####/cache/webviewCacheChromium/f_000019
- /data/data/####/cache/webviewCacheChromium/f_000016
- /data/data/####/cache/webviewCacheChromium/f_000017
- /data/data/####/shared_prefs/lxdMoblieAgent_config_####.xml
- /data/data/####/cache/webviewCacheChromium/f_000015
- /data/data/####/cache/webviewCacheChromium/f_000012
- /data/data/####/shared_prefs/lxdMoblieAgent_upload_####.xml
- /data/data/####/cache/webviewCacheChromium/f_000010
- /data/data/####/cache/webviewCacheChromium/f_000011
- /data/data/####/shared_prefs/lxdMoblieAgent_event_####.xml
- /data/data/####/shared_prefs/nnt_data.xml
- /data/data/####/app_apCoreplugn/sms.apk
- /data/data/####/shared_prefs/port.xml
- /data/data/####/shared_prefs/lxdMoblieAgent_sys_config.xml.bak
- /data/data/####/shared_prefs/plugins.installed.xml
- /data/data/####/cache/sms.apk.apk
- /data/data/####/cache/webviewCacheChromium/f_000006
- /data/data/####/databases/com.souying.pay.plugmain_sy_pay_record-journal
- /data/data/####/cache/webviewCacheChromium/f_000069
- /data/data/####/cache/webviewCacheChromium/f_000068
- /data/data/####/files/cp_block_201.dat
- /data/data/####/cache/webviewCacheChromium/f_00001f
- /data/data/####/cache/webviewCacheChromium/f_000062
- /data/data/####/cache/webviewCacheChromium/f_00001d
- /data/data/####/cache/webviewCacheChromium/f_00001e
- /data/data/####/cache/webviewCacheChromium/f_000067
- /data/data/####/cache/webviewCacheChromium/f_000066
- /data/data/####/cache/webviewCacheChromium/f_000065
- /data/data/####/cache/webviewCacheChromium/f_00001a
- /data/data/####/databases/MA_epay_db
- /data/data/####/shared_prefs/lxdMoblieAgent_state_####.xml
- /data/data/####/cache/webviewCacheChromium/f_000035
- /data/data/####/shared_prefs/nnt_data.xml.bak
- /data/data/####/shared_prefs/ma_call.xml.bak
- /data/data/####/shared_prefs/sy_pay_config.xml
- /data/data/####/shared_prefs/gud.xml
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/files/mj.apk
- /data/data/####/shared_prefs/sy_pay_config.xml.bak
- /data/data/####/shared_prefs/ma_call.xml
- /data/data/####/cache/webviewCacheChromium/f_00004e
- /data/data/####/cache/webviewCacheChromium/f_00004d
- /data/data/####/cache/webviewCacheChromium/f_00004f
- /data/data/####/cache/webviewCacheChromium/f_00004a
- /data/data/####/shared_prefs/lxdMoblieAgent_upload_####.xml.bak
- /data/data/####/cache/webviewCacheChromium/f_00004c
- /data/data/####/cache/webviewCacheChromium/f_00004b
- /data/data/####/app_tongyu/plugins/download/tongyu-pay-lib.apk
- /data/data/####/shared_prefs/aaa_online_setting_####.xml
- /data/data/####/shared_prefs/zzconfig.xml
- /data/data/####/cache/smp.apk.apk
- /data/data/####/shared_prefs/ma_phone.xml.bak
- /data/data/####/cache/webviewCacheChromium/f_000063
- /data/data/####/shared_prefs/jmsdk.dat.xml
- /data/data/####/app_plugin_dir/com.souying.pay.plugmain/1.0_100/base-1.apk
- /data/data/####/shared_prefs/zhangpay_sms_info.xml
- /data/data/####/shared_prefs/ma_phone.xml
- /data/data/####/cache/webviewCacheChromium/f_000061
- /data/data/####/files/mtin.db.mild.zip
- /data/data/####/cache/webviewCacheChromium/f_000060
- /data/data/####/cache/webviewCacheChromium/f_000049
- /data/data/####/cache/webviewCacheChromium/f_000048
- /data/data/####/cache/webviewCacheChromium/f_000042
- /data/data/####/cache/webviewCacheChromium/f_000045
- /data/data/####/cache/webviewCacheChromium/f_000044
- /data/data/####/cache/webviewCacheChromium/f_000047
- /data/data/####/cache/webviewCacheChromium/f_000046
- /data/data/####/cache/webviewCacheChromium/f_000041
- /data/data/####/cache/webviewCacheChromium/f_000040
- /data/data/####/cache/webviewCacheChromium/f_000043
- /data/data/####/cache/webviewCacheChromium/f_00001c
- /data/data/####/shared_prefs/yunchao_sp.xml
- /data/data/####/app_plugin_dir/com.souying.sysms/1.0_1/base-1.apk
- /data/data/####/shared_prefs/LANG_SDK_PREF.xml
- /data/data/####/databases/sms_db-journal
- /sdcard/qin_yuanlang/plugin.apk_26_29
- /data/data/####/cache/webviewCacheChromium/f_000064
- /data/data/####/shared_prefs/aaa_state_####.xml
- /data/data/####/app_tongyu/plugins/tongyu-pay-lib.apk
- /data/data/####/shared_prefs/zhangpay_share.xml.bak
- /data/data/####/shared_prefs/aaa_state_####.xml.bak
- /sdcard/gooogle/userid.cfg
- /data/data/####/shared_prefs/lxdMoblieAgent_sys_config.xml
- /data/data/####/baea/entrance.jar
- /data/data/####/files/mtin.db.unacc_TH_2017011601.zip
- /data/data/####/shared_prefs/aaa_header_####.xml
- /data/data/####/app_apCoreplugn/ZIP/plugin-20170105-2.1.8.6.1.bin
- /data/data/####/shared_prefs/shareyuanlangfirst.xml
- /data/data/####/app_plugin_dir/com.souying.sysms/1.0_1/dalvik-cache/base-1.dex
- /data/data/####/shared_prefs/zhangpay_share.xml
Присваивает атрибут 'исполняемый' для следующих файлов:
- /data/data/####/files/libyunsvc
- /sdcard/gooogle/userid.cfg
Другие:
Запускает следующие shell-скрипты:
- cat /proc/version
- cat /sys/class/net/wlan0/address
Может автоматически отправлять СМС-сообщения.
