Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Click.234
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) c11.la4.down####.####.com:7080
- TCP(HTTP/1.1) 2####.177.13.68:8288
- TCP(HTTP/1.1) t####.admobim####.com:8080
- TCP(HTTP/1.1) msg.api.9####.com:80
- TCP(HTTP/1.1) c4.la4.down####.####.com:7080
- TCP(HTTP/1.1) c12.la4.down####.####.com:7080
- TCP(HTTP/1.1) d####.9####.com:7080
- TCP(HTTP/1.1) c7.la4.down####.####.com:7080
- TCP(HTTP/1.1) wild####.9appsin####.com.####.net:80
- TCP(HTTP/1.1) www.zfr####.com:80
- TCP(HTTP/1.1) c2.la4.down####.####.com:7080
- TCP(HTTP/1.1) c5.la4.down####.####.com:7080
- TCP(HTTP/1.1) 8.37.2####.19:80
- TCP(HTTP/1.1) www.mmmmmm####.com:80
- TCP(HTTP/1.1) o####.d####.9####.com:80
- TCP(HTTP/1.1) c1.la4.down####.####.com:7080
- TCP(HTTP/1.1) 1####.179.9.106:80
- TCP(HTTP/1.1) c10.la4.down####.####.com:7080
- TCP(HTTP/1.1) 47.91.1####.225:80
- TCP(HTTP/1.1) c3.la4.down####.####.com:7080
- TCP(HTTP/1.1) www.cu####.com:80
- TCP(TLS/1.0) 1####.168.68.254:43918
- TCP(TLS/1.0) 1####.179.9.96:44353
- TCP(TLS/1.0) 1####.168.68.254:41087
- TCP(TLS/1.0) 2####.58.211.110:443
- TCP(TLS/1.0) y####.ali####.com:443
- TCP(TLS/1.0) 1####.168.68.254:41605
- TCP(TLS/1.0) msg.api.9####.com:443
Запросы DNS:
- a####.u####.co
- a####.u####.com
- c1.la4.down####.####.com
- c10.la4.down####.####.com
- c11.la4.down####.####.com
- c12.la4.down####.####.com
- c2.la4.down####.####.com
- c3.la4.down####.####.com
- c4.la4.down####.####.com
- c5.la4.down####.####.com
- c7.la4.down####.####.com
- d####.9####.com
- hl####.down####.9appsin####.com
- msg.api.9####.com
- o####.d####.9####.com
- oc.u####.co
- oc.u####.com
- t####.admobim####.com
- us.y####.al####.com
- www.cu####.com
- www.mmmmmm####.com
- www.zfr####.com
- y####.al####.com
Запросы HTTP GET:
- c1.la4.down####.####.com:7080/group1/M02/0A/C7/q4YBAFhmW9uAPRECAAAQyfKX2...
- c1.la4.down####.####.com:7080/group1/M02/41/EB/poYBAFkHBGWAN3dQAAAigNqAj...
- c1.la4.down####.####.com:7080/group1/M02/98/D0/qoYBAFhUnGOASV7nAAAaPeu8T...
- c1.la4.down####.####.com:7080/group2/M00/1A/D1/QQ0DAFoClUmAIjLOAAARBHkDw...
- c1.la4.down####.####.com:7080/group2/M00/1B/8E/Qg0DAFoCuYeAWkwjAAAPMOIsr...
- c1.la4.down####.####.com:7080/group2/M00/D6/C4/RA0DAFmbKVuADX9pAAASEfxpR...
- c1.la4.down####.####.com:7080/group2/M01/DD/21/Qg0DAFmj6AOAGfXVAAAKiPCu7...
- c1.la4.down####.####.com:7080/group2/M02/F3/44/RA0DAFn5YLSAbTvIAAAL-cklY...
- c1.la4.down####.####.com:7080/group2/M02/F3/45/Qg0DAFn5YL2AFvfFAAAOfsr6v...
- c10.la4.down####.####.com:7080/group1/M01/11/B8/ooYBAFTbsMmAWpWVAAAfgPTf...
- c10.la4.down####.####.com:7080/group2/M00/17/41/QQ0DAFoBo9eAVyS6AAAKYCty...
- c10.la4.down####.####.com:7080/group2/M00/1A/D0/RA0DAFoClUiALj_kAAAYRtoI...
- c10.la4.down####.####.com:7080/group2/M00/F3/47/Qg0DAFn5YQeAVIubAAAH64P3...
- c10.la4.down####.####.com:7080/group2/M01/58/16/Qg0DAFk3TryAGHEcAAAiWMTe...
- c10.la4.down####.####.com:7080/group2/M01/B0/EE/RQ0DAFnpm3iAGJxsAAATLZPS...
- c10.la4.down####.####.com:7080/group2/M02/1C/46/Qg0DAFoC18KAKM54AAASM3m8...
- c10.la4.down####.####.com:7080/group2/M02/20/95/QQ0DAFoDszOAeeyOAAAdZ7IV...
- c10.la4.down####.####.com:7080/group2/M02/91/63/RA0DAFld3HeAcGHAAAAKgO9T...
- c11.la4.down####.####.com:7080/group1/M00/BD/4E/q4YBAFkBkmOAQmWpAAAQy2wX...
- c11.la4.down####.####.com:7080/group1/M01/AF/43/poYBAFZ4ceuAKxT-AAASyZJj...
- c11.la4.down####.####.com:7080/group1/M02/2D/B0/qYYBAFiziLOALCNKAABMKlGR...
- c11.la4.down####.####.com:7080/group2/M00/36/7E/QQ0DAFnF6UOAdoTQAAAhS2Ee...
- c11.la4.down####.####.com:7080/group2/M00/C8/7E/RA0DAFmLzSKABf6_AAAJA-yL...
- c11.la4.down####.####.com:7080/group2/M00/D3/D4/QQ0DAFmW6GKAImwMAAACyCfB...
- c11.la4.down####.####.com:7080/group2/M01/14/AD/RA0DAFm7r7aAP9vRAAAGUmb0...
- c11.la4.down####.####.com:7080/group2/M01/98/83/RA0DAFnkXuWAT-U2AAAg64YL...
- c11.la4.down####.####.com:7080/group2/M01/A0/1B/RQ0DAFnl30GAARIaAAATLZPS...
- c11.la4.down####.####.com:7080/group2/M01/BD/CD/RA0DAFntrBeAYABsAAAKHty6...
- c11.la4.down####.####.com:7080/group2/M01/F3/45/RQ0DAFn5YLaAEwn1AAAM3t9m...
- c12.la4.down####.####.com:7080/group1/M00/29/86/qoYBAFjUHieANs_OAAAa5RSM...
- c12.la4.down####.####.com:7080/group2/M00/18/F7/Qg0DAFkVe-iAe6AjAAALXksb...
- c12.la4.down####.####.com:7080/group2/M00/1B/E0/RA0DAFoCxXSAPa-qAABccK0f...
- c12.la4.down####.####.com:7080/group2/M00/A0/1B/RA0DAFnl30uAKV-jAAAOYTOE...
- c12.la4.down####.####.com:7080/group2/M00/F3/47/RA0DAFn5YQSAZ9MdAAAF6srQ...
- c12.la4.down####.####.com:7080/group2/M01/EC/CF/QQ0DAFmsmfGAFhEyAAAdhBfC...
- c12.la4.down####.####.com:7080/group2/M01/F3/41/RQ0DAFn5YKaAZPQeAAAKUcow...
- c12.la4.down####.####.com:7080/group2/M02/DF/C6/QQ0DAFmmdBOAPzxdAAAH-1kg...
- c12.la4.down####.####.com:7080/group2/M02/F3/3F/RQ0DAFn5YJ6AJlO4AAAIyA8j...
- c2.la4.down####.####.com:7080/group1/M02/19/80/p4YBAFiygMOAEXPrAAAcjM8kN...
- c2.la4.down####.####.com:7080/group2/M00/54/59/RA0DAFnOHS2APJQiAAAHvaaRE...
- c3.la4.down####.####.com:7080/group1/M02/06/CC/poYBAFjUHieARKDCAAAZKK2jQ...
- c3.la4.down####.####.com:7080/group2/M00/16/2E/QQ0DAFoBVqaASS-cAAAT1vzVS...
- c3.la4.down####.####.com:7080/group2/M00/1E/38/QQ0DAFkYNCOAWmFAAAAgaVxPv...
- c3.la4.down####.####.com:7080/group2/M00/C1/32/Qg0DAFnvATiAd-sWAAAMdyX3C...
- c3.la4.down####.####.com:7080/group2/M00/C1/32/RA0DAFnvATOAN0F5AAAJC7Geb...
- c3.la4.down####.####.com:7080/group2/M00/FC/54/RQ0DAFn7PruALVlnAAAHiNZey...
- c3.la4.down####.####.com:7080/group2/M01/5A/91/RQ0DAFk444iAS-74AAASxBZQQ...
- c3.la4.down####.####.com:7080/group2/M02/1D/7D/RA0DAFoDE8iAC255AAAHPLE0E...
- c4.la4.down####.####.com:7080/group1/M00/7C/6C/qIYBAFkH_DWATu_FAAASB8Cwn...
- c4.la4.down####.####.com:7080/group1/M02/EF/39/qoYBAFiea-2ALo8VAAAiv7XEe...
- c4.la4.down####.####.com:7080/group2/M00/93/88/RA0DAFlfRHqAPmV5AAAGA8uii...
- c4.la4.down####.####.com:7080/group2/M00/D4/19/QQ0DAFnzjg6AQwEQAAALZosR4...
- c4.la4.down####.####.com:7080/group2/M00/F3/46/RQ0DAFn5YL-AKseOAAAKE_ki-...
- c4.la4.down####.####.com:7080/group2/M01/F3/3F/QQ0DAFn5YJyAUY_dAAAIs4WY4...
- c4.la4.down####.####.com:7080/group2/M02/77/C8/QQ0DAFnYfxiATiyQAAAhQB18S...
- c5.la4.down####.####.com:7080/group1/M00/A0/87/pYYBAFeIE5qAGtWvAAAUa4jwU...
- c5.la4.down####.####.com:7080/group1/M02/1A/B5/qoYBAFjHje6APl7jAAAPcPxUi...
- c5.la4.down####.####.com:7080/group2/M00/46/9F/RQ0DAFnJtTmAfk_zAABgSZqox...
- c5.la4.down####.####.com:7080/group2/M01/51/CE/RQ0DAFkzXl-AcfanAAAatbCFj...
- c5.la4.down####.####.com:7080/group2/M01/C1/28/RQ0DAFnu_cGATc8EAAAOhlBcz...
- c5.la4.down####.####.com:7080/group2/M01/F3/42/RQ0DAFn5YKmAcTCoAAAKQx9Jp...
- c7.la4.down####.####.com:7080/group1/M00/3C/F4/p4YBAFfWC0eAFrvGAAAKdmCuB...
- c7.la4.down####.####.com:7080/group1/M00/53/3A/qYYBAFjUHieAJ3SmAAAbCPiD7...
- c7.la4.down####.####.com:7080/group1/M00/85/D6/q4YBAFjUHieABjNUAAAakH8G3...
- c7.la4.down####.####.com:7080/group1/M01/09/B9/pIYBAFTc-kWARsqcAAAHgxGp1...
- c7.la4.down####.####.com:7080/group1/M01/40/76/p4YBAFjUHieAe_U3AAAb1f_Cj...
- c7.la4.down####.####.com:7080/group2/M00/0C/01/QQ0DAFm5AbCAFxlaAAANOXG7O...
- c7.la4.down####.####.com:7080/group2/M00/D9/8D/Qg0DAFmemR2AT8I_AAAK53qjJ...
- c7.la4.down####.####.com:7080/group2/M01/C1/28/RQ0DAFnu_cGATc8EAAAOhlBcz...
- c7.la4.down####.####.com:7080/group2/M02/18/F8/RQ0DAFkVe-6AMTLbAABpLUBZk...
- msg.api.9####.com/app.bizAlsoLike?sid=####&app=####&packageName=####&bet...
- msg.api.9####.com/app.editRecommend?app=####&packageName=####&versionCod...
- msg.api.9####.com/app.mustHaveColumns?app=####&versionCode=####&versionN...
- msg.api.9####.com/app.personalRecommend?app=####&packageName=####&versio...
- msg.api.9####.com/app/keywordWithTag?app=####&versionCode=####&versionNa...
- msg.api.9####.com/client/check/task?app=####&versionCode=####&versionNam...
- msg.api.9####.com/config.get?app=####&keys=####&versionCode=####&version...
- msg.api.9####.com/config?app=####&versionCode=####&versionName=####&um_c...
- msg.api.9####.com/get/msg?app=####&updateTime=####&versionCode=####&vers...
- msg.api.9####.com/get/msg?app=####&versionCode=####&versionName=####&um_...
- msg.api.9####.com/installer/whitelist?app=####&versionCode=####&versionN...
- msg.api.9####.com/messageUser?app=####®istrationId=####®Only=####&...
- msg.api.9####.com/messageUser?app=####&versionCode=####&versioncode=####...
- msg.api.9####.com/price.comprasionSwitch?app=####&versionCode=####&versi...
- msg.api.9####.com/resourceBundle.getResource?app=####&versionCode=####&v...
- msg.api.9####.com/selfTrigger.getMsg?app=####&versionCode=####&versionNa...
- msg.api.9####.com/user/property?app=####&versionCode=####&versionName=##...
- msg.api.9####.com/v3/app/com.unitedgames.mtb.downhill.bmx.racer.json?sid...
- msg.api.9####.com/v3/app/sg.bigo.live.json?sid=####&app=####&versionCode...
- msg.api.9####.com/v3/check-for-update.json?app=####&packageName=####&ver...
- msg.api.9####.com/v3/page/template?sid=####&app=####&versionCode=####&ve...
- o####.d####.9####.com/upload/9appsshare_musthave/2017/11/9/16/219e99f6-e...
- o####.d####.9####.com/upload/9appsshare_musthave/2017/11/9/16/7385258f-5...
- wild####.9appsin####.com.####.net/9apps/rs/2017/2aa2614a1f5c4ea3877129cb...
- wild####.9appsin####.com.####.net/9apps/rs/2017/2d2d99aa86aa578ac35e09eb...
- wild####.9appsin####.com.####.net/9apps/rs/2017/300426311dfbfe38f7d96d96...
- wild####.9appsin####.com.####.net/9apps/rs/2017/3c8040c8c8e69d1adf3240ee...
- wild####.9appsin####.com.####.net/9apps/rs/2017/58a600978427287f8940c386...
- wild####.9appsin####.com.####.net/9apps/rs/2017/5e045549dec51ccfed94bf62...
- wild####.9appsin####.com.####.net/9apps/rs/2017/7d0a8a810a2e1c9016ebca44...
- wild####.9appsin####.com.####.net/9apps/rs/2017/8e4ac78852a9e9b5ec2aedf8...
- wild####.9appsin####.com.####.net/9apps/rs/2017/8fca047d4cb611887c481bf2...
- wild####.9appsin####.com.####.net/9apps/rs/2017/97037dc78ffdfed7263be94c...
- wild####.9appsin####.com.####.net/9apps/rs/2017/9b27e704669c22e6ae730404...
- wild####.9appsin####.com.####.net/9apps/rs/2017/b7a07417dc4af54f56a72d75...
- wild####.9appsin####.com.####.net/9apps/rs/2017/c9686356b4926213899a0eca...
- wild####.9appsin####.com.####.net/9apps/rs/2017/ef18ce563c7f4ece26735d59...
- wild####.9appsin####.com.####.net/9apps/rs/2017/efd7386d34303a6c062924fd...
Запросы HTTP POST:
- msg.api.9####.com/checkPublishStatus?app=####&gzip=####&versionCode=####...
- msg.api.9####.com/user/check-increment-update.json?app=####&gzip=####&ve...
- t####.admobim####.com:8080/surl/api2_reg.action
- www.mmmmmm####.com/osp/oaen_get.action?tasktype=####&imei=####&imsi=####...
- www.mmmmmm####.com/osp/oaen_reg.action
- www.zfr####.com/up.do
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/HasStarted
- <Package Folder>/app_SGLib/####/libsgmainso-5.3.7011.so.tmp
- <Package Folder>/app_SGLib/####/lock.lock
- <Package Folder>/app_expose_log/1510231069864
- <Package Folder>/app_expose_log/1510231079889
- <Package Folder>/app_jniLibs/libcrash_1.5.0.0.so
- <Package Folder>/app_message_cache/639f1156d47dec1054b3cb079c523fa8
- <Package Folder>/app_message_cache/d9dac42c92eeee12ca180910e8e93e81
- <Package Folder>/app_refresh_cache/f40cd568057278248a47d87960e8605d
- <Package Folder>/app_stat_log3/1510231039199
- <Package Folder>/app_stat_log3/1510231049887
- <Package Folder>/app_stat_log3/1510231060319
- <Package Folder>/app_stat_log3/1510231070827
- <Package Folder>/app_stat_log3/1510231081224
- <Package Folder>/app_stat_log3/1510231091236
- <Package Folder>/app_wa/####/12hqtegf_1510231035682002074.wa
- <Package Folder>/app_wa/####/13irufhg_1510231039254002074.wa
- <Package Folder>/app_wa/####/15ktwhji_1510231061425002074.wa
- <Package Folder>/app_wa/####/17mvyjlk_1510231075332002074.wa
- <Package Folder>/app_wa/####/41tztufn_1510231035681002074.wa
- <Package Folder>/app_wa/####/44w2wxiq_1510231061424002074.wa
- <Package Folder>/app_wa/####/46y4yzks_1510231075331002074.wa
- <Package Folder>/cache/####/0480e85246c7a5187d5c88be62f0393b.0.tmp
- <Package Folder>/cache/####/0480e85246c7a5187d5c88be62f0393b.1.tmp
- <Package Folder>/cache/####/14eac240e642aa86aadf2855f18da493.0.tmp
- <Package Folder>/cache/####/14eac240e642aa86aadf2855f18da493.1.tmp
- <Package Folder>/cache/####/162c6bae289f32480c7c66967e1e9aec.0.tmp
- <Package Folder>/cache/####/162c6bae289f32480c7c66967e1e9aec.1.tmp
- <Package Folder>/cache/####/1905ef1c1924121ffbeba4f8aee1cefe.0.tmp
- <Package Folder>/cache/####/1905ef1c1924121ffbeba4f8aee1cefe.1.tmp
- <Package Folder>/cache/####/24d9755c94dc35fd3f0bfa4a479816a0.0.tmp
- <Package Folder>/cache/####/24d9755c94dc35fd3f0bfa4a479816a0.1.tmp
- <Package Folder>/cache/####/29cd43983fc6297f820a1410a694ab55.0.tmp
- <Package Folder>/cache/####/29cd43983fc6297f820a1410a694ab55.1.tmp
- <Package Folder>/cache/####/2a82e8e76626f667c8e5fae69342dddc.0.tmp
- <Package Folder>/cache/####/2a82e8e76626f667c8e5fae69342dddc.1.tmp
- <Package Folder>/cache/####/2bd7543ce14b9b8a9353e08740620619.0.tmp
- <Package Folder>/cache/####/2bd7543ce14b9b8a9353e08740620619.1.tmp
- <Package Folder>/cache/####/3d330593bd39fe67cfa73670684c10de.0.tmp
- <Package Folder>/cache/####/3d330593bd39fe67cfa73670684c10de.1.tmp
- <Package Folder>/cache/####/3f2de752f51cb9f06a01fbdd40675c6d.0.tmp
- <Package Folder>/cache/####/3f2de752f51cb9f06a01fbdd40675c6d.1.tmp
- <Package Folder>/cache/####/3fe592da8e828a5ffd55979b640eeb93.0.tmp
- <Package Folder>/cache/####/3fe592da8e828a5ffd55979b640eeb93.1.tmp
- <Package Folder>/cache/####/4c8cb49e80afd6bf06aacfe0c9f782b5.0.tmp
- <Package Folder>/cache/####/4c8cb49e80afd6bf06aacfe0c9f782b5.1.tmp
- <Package Folder>/cache/####/5681f58b09d695c0cccc9368083dbb44.0.tmp
- <Package Folder>/cache/####/5681f58b09d695c0cccc9368083dbb44.1....leted)
- <Package Folder>/cache/####/5681f58b09d695c0cccc9368083dbb44.1.tmp
- <Package Folder>/cache/####/582f53dff91a31c17f654e8799048fd6.0.tmp
- <Package Folder>/cache/####/582f53dff91a31c17f654e8799048fd6.1.tmp
- <Package Folder>/cache/####/58f0716309e7da5b1a560ead67a9f545.0.tmp
- <Package Folder>/cache/####/58f0716309e7da5b1a560ead67a9f545.1.tmp
- <Package Folder>/cache/####/5b0083dc810497fb4f963306d3e17893.0.tmp
- <Package Folder>/cache/####/5b0083dc810497fb4f963306d3e17893.1.tmp
- <Package Folder>/cache/####/5c549bccebf104e5c6cae6d1ec529f69.0.tmp
- <Package Folder>/cache/####/5c549bccebf104e5c6cae6d1ec529f69.1.tmp
- <Package Folder>/cache/####/6caa172aba68b9ea731392ceaef60e38.0.tmp
- <Package Folder>/cache/####/6caa172aba68b9ea731392ceaef60e38.1.tmp
- <Package Folder>/cache/####/7e0063f62db250128413874887273adb.0.tmp
- <Package Folder>/cache/####/7e0063f62db250128413874887273adb.1.tmp
- <Package Folder>/cache/####/8d4d35520092a9d4b5a72e007006da15.0.tmp
- <Package Folder>/cache/####/8d4d35520092a9d4b5a72e007006da15.1.tmp
- <Package Folder>/cache/####/8fa595ab5eaabecee5bdc8d118cf77c8.0.tmp
- <Package Folder>/cache/####/8fa595ab5eaabecee5bdc8d118cf77c8.1.tmp
- <Package Folder>/cache/####/99d970086fb72814212ddf06aba19ff6.0.tmp
- <Package Folder>/cache/####/99d970086fb72814212ddf06aba19ff6.1.tmp
- <Package Folder>/cache/####/ab190951a70178c09ec1fd3bce98f58e.0.tmp
- <Package Folder>/cache/####/ab190951a70178c09ec1fd3bce98f58e.1.tmp
- <Package Folder>/cache/####/ab6099f4c06ac96b91caacc28664b437.0.tmp
- <Package Folder>/cache/####/ab6099f4c06ac96b91caacc28664b437.1....leted)
- <Package Folder>/cache/####/f3383f830831108697536e7e58fc88c0.0.tmp
- <Package Folder>/cache/####/f3383f830831108697536e7e58fc88c0.1.tmp
- <Package Folder>/cache/####/f98f34af2c436a04754c3bf061962b00.0.tmp
- <Package Folder>/cache/####/f98f34af2c436a04754c3bf061962b00.1.tmp
- <Package Folder>/cache/####/fb7e8fc84e68a637b6372a81456407f1.0.tmp
- <Package Folder>/cache/####/fb7e8fc84e68a637b6372a81456407f1.1.tmp
- <Package Folder>/cache/####/fd8e040a7a59930ebe48bf9fe7e475b2.0.tmp
- <Package Folder>/cache/####/fd8e040a7a59930ebe48bf9fe7e475b2.1.tmp
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.bb
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.ff
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.meminfo
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.pid
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.ps
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.start
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.time
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.uptime
- <Package Folder>/crashsdk/####/REKROW1PPAIDNI0ELIBOM0MOC.bb
- <Package Folder>/crashsdk/####/unique
- <Package Folder>/databases/9apps.db-journal
- <Package Folder>/databases/WaValue.db-journal
- <Package Folder>/databases/downloader-journal
- <Package Folder>/databases/message-journal
- <Package Folder>/databases/my.db
- <Package Folder>/databases/my.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/files/####/home_app_data_us.json
- <Package Folder>/files/####/um_cache_1510231080863.env
- <Package Folder>/files/0a231bd8575dcf72.txt
- <Package Folder>/files/SGMANAGER_DATA2.tmp
- <Package Folder>/files/d.zip
- <Package Folder>/files/daemon
- <Package Folder>/files/dc3a3845ba59da361c
- <Package Folder>/files/dc5b4b5f4d257a2bb3
- <Package Folder>/files/dtemp.apk
- <Package Folder>/files/mobclick_agent_cached_<Package>126
- <Package Folder>/files/ob1.zip
- <Package Folder>/files/sp.lock
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/no_backup/com.google.android.gms.appid-no-backup
- <Package Folder>/shared_prefs/3710d74b68e6af8cade5ec187cc0f996dabc7e3c.xml
- <Package Folder>/shared_prefs/9apps.xml
- <Package Folder>/shared_prefs/9apps.xml.bak
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/ActivatePreUtil.xml
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/BusinessPreUtil.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/LoginPreUtil.xml
- <Package Folder>/shared_prefs/OfferPreUtil.xml
- <Package Folder>/shared_prefs/SYSTEM_CACHE.xml
- <Package Folder>/shared_prefs/check_publish_status.xml
- <Package Folder>/shared_prefs/cn_rs.xml
- <Package Folder>/shared_prefs/com.google.android.gms.appid.xml
- <Package Folder>/shared_prefs/device_info.xml
- <Package Folder>/shared_prefs/dns_cache.xml
- <Package Folder>/shared_prefs/f4acd030da61bd739ac44e37218b4567f7dd880f.xml
- <Package Folder>/shared_prefs/ffc1d42b1ca5e3db2657d00b91997f6a.xml
- <Package Folder>/shared_prefs/hunter_config.xml
- <Package Folder>/shared_prefs/install_list_key.xml
- <Package Folder>/shared_prefs/m_cfg.xml
- <Package Folder>/shared_prefs/other_config.xml
- <Package Folder>/shared_prefs/service_config.xml
- <Package Folder>/shared_prefs/sp_config.xml
- <Package Folder>/shared_prefs/t_ini.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/upgrade_config.xml
- <Package Folder>/shared_prefs/worker_preferences.xml
- <Package Folder>/tiny_wa/1510231046835.wa
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/.com.taobao.dp/dd7893586a493dc3
- <SD-Card>/.com.taobao.dp/hid.dat
- <SD-Card>/9appsPro/####/libcrash_1.5.0.0.so.tmp
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/08f88d72f6e426180fda44dd85b5af16b20ad003....0.tmp
- <SD-Card>/Android/####/091c3c7b923427ece4a80f4f07daf52dffca3bf7....0.tmp
- <SD-Card>/Android/####/0d92bb6f77e972a651f3bb9b0e8b2ab1a676f77f....0.tmp
- <SD-Card>/Android/####/13b749917479035a2a008d309f2402c879a871e4....0.tmp
- <SD-Card>/Android/####/175d4f08b5238046b6f699327d05fa60ba06f9f3....0.tmp
- <SD-Card>/Android/####/17beb01eac81534f430339e7d5f68542fdf448ed....0.tmp
- <SD-Card>/Android/####/191a02b5cdc7680d7a5d16da119a88603032b478....0.tmp
- <SD-Card>/Android/####/1f41cc44de1d3436bcfcab9d4c9ed88445642894....0.tmp
- <SD-Card>/Android/####/25d7af3963e4f4a53864d21e5391ea322166ff4d....0.tmp
- <SD-Card>/Android/####/28a8561808f4f357453380d7af714b519b38a456....0.tmp
- <SD-Card>/Android/####/28f6ff2b1f26e261f2a93d8e3e7c4c4eb4b4ec72....0.tmp
- <SD-Card>/Android/####/29a164915957f24fcd73d85127b6be5730771d21....0.tmp
- <SD-Card>/Android/####/2c035cacb7fb1c9c87a25feaa5cdaf686899113a....0.tmp
- <SD-Card>/Android/####/2ed0eeea0d5ae233c3953bdf5e7a83f73df7ef36....0.tmp
- <SD-Card>/Android/####/2f613c655191ddda1d41dbe090190b77c08a811c....0.tmp
- <SD-Card>/Android/####/2fc426c53d41064d9aafc0a517193bb915237a25....0.tmp
- <SD-Card>/Android/####/312d066fbf1ee04fb8e296096478ed3e3a8fefdb....0.tmp
- <SD-Card>/Android/####/3e6b459de51ef5a3591f5477926c00dcd7bff5cc....0.tmp
- <SD-Card>/Android/####/401033db9ba50f02c3de87c647db40ee193a02b5....0.tmp
- <SD-Card>/Android/####/4271542f41ee5e98f3f05833eab66ac332f1fab5....0.tmp
- <SD-Card>/Android/####/479cba16d46cc482df58ccceab5ac09c99034702....0.tmp
- <SD-Card>/Android/####/493defc33c97479d02b1feaf0babccc669a64e77....0.tmp
- <SD-Card>/Android/####/4a5963308ed3b30407236425169368cc2b61ce53....0.tmp
- <SD-Card>/Android/####/4e0b33ec20f5c59754e89e73a6984a490caa19c2....0.tmp
- <SD-Card>/Android/####/4e753be2b57366352ad5f125a060a1aad2e8f465....0.tmp
- <SD-Card>/Android/####/5046be4200a79eb9fdd5eb2cecba12893a70887f....0.tmp
- <SD-Card>/Android/####/50abbabd01af615abdadb624a3ca686f97090d25....0.tmp
- <SD-Card>/Android/####/54437d00276a48db8c1e4ef11daeffff61c42500....0.tmp
- <SD-Card>/Android/####/5863b4186c0f38f41a433d3167b16187c18910c6....0.tmp
- <SD-Card>/Android/####/5a4a4ebf1cd165c55fbd3bf33b49a4d40084d4d3....0.tmp
- <SD-Card>/Android/####/5bc75d7d0d5bce96c5e1f9c576ecdcd956a36af6....0.tmp
- <SD-Card>/Android/####/5c40cfa2a6a219f8a0faa7ec7badd6d4da256e30....0.tmp
- <SD-Card>/Android/####/5c5efbcf38eeaa41dd2f6d371fe3bd5dab01c817....0.tmp
- <SD-Card>/Android/####/63cc8db045d30422b2f179bfe18731b95741db16....0.tmp
- <SD-Card>/Android/####/649b18d2545e8d01dc078f05500d9ebbe05c2c04....0.tmp
- <SD-Card>/Android/####/6573b9334e9774024d0cdb6bafd23a6d327cdb6c....0.tmp
- <SD-Card>/Android/####/6574e1a56fb033f5d4830f8d03f8e0702f972376....0.tmp
- <SD-Card>/Android/####/6610b73c74547ca504ecca7bfe3882b11485131d....0.tmp
- <SD-Card>/Android/####/6c6ec4642f4a7390f692b7995acf82d72bca2d96....0.tmp
- <SD-Card>/Android/####/6ce47b42251990dc9ab2fddaaa9830d50bb6319a....0.tmp
- <SD-Card>/Android/####/6db76d10454af4c02b2cddb0f6b1ce11c85367d2....0.tmp
- <SD-Card>/Android/####/6e51be3ad5ded5d3364f64ed77d03c4a6d531447....0.tmp
- <SD-Card>/Android/####/72681ff2dfda1d263183f4fe60e5cda55e1e78d5....0.tmp
- <SD-Card>/Android/####/7270b7268a67619623b41c5c271d033b5cc4bbd3....0.tmp
- <SD-Card>/Android/####/7bcabf5ecd51f4a8992f525ffa29c02634f0b780....0.tmp
- <SD-Card>/Android/####/7c7b2080e45fda4963452dbc2de806676e6886a6....0.tmp
- <SD-Card>/Android/####/7e10fab99a35b2e4ea8dce9591a61d02790b3612....0.tmp
- <SD-Card>/Android/####/7e63b0f430d34e6aea6a3bd3aa2656d382f65f55....0.tmp
- <SD-Card>/Android/####/7fd1241abaa890a2e90870dcc43ebd0c569ad332....0.tmp
- <SD-Card>/Android/####/830257b7cdaac8abb91b62205ae0a3bfb6c97169....0.png
- <SD-Card>/Android/####/830257b7cdaac8abb91b62205ae0a3bfb6c97169....0.tmp
- <SD-Card>/Android/####/83a47dbeb954eeee7322c6aa9be40fb02e192513....0.tmp
- <SD-Card>/Android/####/85f3930c0a069ce4478b467d6b710896921e9dd4....0.tmp
- <SD-Card>/Android/####/90f76da245cfdee41c3af6efabfd458fcb613f83....0.tmp
- <SD-Card>/Android/####/9115783fe70bf4688cdf96a7117943986a598e97....0.tmp
- <SD-Card>/Android/####/93262d0d12d0465ae6764406159f767765a84433....0.tmp
- <SD-Card>/Android/####/97f6c1b94fb178beffe701ed4d1c30e15830b4b2....0.tmp
- <SD-Card>/Android/####/99cdb87ab451ab422549e01f96692760194a3a9a....0.tmp
- <SD-Card>/Android/####/99d8cc76f61d56a642a18337058961ee061b75d5....0.tmp
- <SD-Card>/Android/####/9cee7914eb38b4ad1892dd7c6e13525ec01572eb....0.tmp
- <SD-Card>/Android/####/9ddde7168a70952575511543dddf46fd9313e002....0.tmp
- <SD-Card>/Android/####/a4f34dd1f35f31e3aed7a5654ba0dd39de14880d....0.tmp
- <SD-Card>/Android/####/a6ba71703ee13d392a3b78ae38c5337ee5635763....0.tmp
- <SD-Card>/Android/####/a7f0e46119b827e971a83c2b1f4c840d048061a0....0.tmp
- <SD-Card>/Android/####/a89b73b4a0ccd388c2ffb9861176efe175c266c9....0.tmp
- <SD-Card>/Android/####/aa71ee5c802cd9d83c3dce0e6ae39f280005b10b....0.tmp
- <SD-Card>/Android/####/acd4d13db4c2b267be2680d1a09681e12abadac4....0.tmp
- <SD-Card>/Android/####/b066ebcc4ea4951ead62863d27a54bd84ebc1221....0.tmp
- <SD-Card>/Android/####/b8aa4948a5d8dbccab95650f51cc7800dac3101f....0.tmp
- <SD-Card>/Android/####/b968f97581f0189077876858e51235856373c0ec....0.tmp
- <SD-Card>/Android/####/b9b9c383ce0a94f8b81e6b134f197ddaaa14f377....0.tmp
- <SD-Card>/Android/####/c1c5880cf5a1e0b0f702943c548b931f35ce2075....0.tmp
- <SD-Card>/Android/####/c6d6a94007f050b5d4763b0904dffc4464fd5a8b....0.tmp
- <SD-Card>/Android/####/d51c586d482617b0757700234ba8f4e65bdfe77d....0.tmp
- <SD-Card>/Android/####/d6f5e5a713abc354d236e923c04bc7d0256c04fd....0.tmp
- <SD-Card>/Android/####/d7f459f30adeb4b1ff6fbd6feaec2b8f26cdb2e4....0.tmp
- <SD-Card>/Android/####/da258228918783a81d564c7c432890b1ade746bb....0.tmp
- <SD-Card>/Android/####/e11a37806bf81741fd7391b7ff82dd2b9bf14414....0.tmp
- <SD-Card>/Android/####/eb262825d2d4dac3b14b36d2d55ef6cf09a1c24b....0.tmp
- <SD-Card>/Android/####/ebd3a744a191058073ec26bfc3ef27f8978cc08c....0.tmp
- <SD-Card>/Android/####/f266cd84a4c90ddff160bc1cff50fd829ef964bb....0.tmp
- <SD-Card>/Android/####/f370e6394a58a8fe2ce8f8a329f6ce1210482663....0.tmp
- <SD-Card>/Android/####/f37c4f1909e3f21d8689116a6733650b2aa77751....0.png
- <SD-Card>/Android/####/f37c4f1909e3f21d8689116a6733650b2aa77751....0.tmp
- <SD-Card>/Android/####/f6bc1f19852e26332f48606d93ddff9163c23125....0.tmp
- <SD-Card>/Android/####/f74411c2d465d42af3a4bc5cc12a7bf0c4e8b0c9....0.tmp
- <SD-Card>/Android/####/f79cbe10cf232ef356d2e871371ab8389a567627....0.tmp
- <SD-Card>/Android/####/f8f1ab9a8ce286684f22f239620f6d96b48301fd....0.tmp
- <SD-Card>/Android/####/f94e142d58cb3c4fd99cbdf7b1580ef312e16b2f....0.tmp
- <SD-Card>/Android/####/ff9c7231e3ab76e3fc856e50ace1640870cc4ee8....0.tmp
- <SD-Card>/Android/####/journal.tmp
- <SD-Card>/LogG/####/sp
Другие:
Запускает следующие shell-скрипты:
- /data/user/0/<Package>/files/dc3a3845ba59da361c
- <Package Folder>/files/dc5b4b5f4d257a2bb3
- ps
- sh
Загружает динамические библиотеки:
- IncrementalUpdate
- libcrash_1.5.0.0
- ppapkpatchso
- sgmainso-5.3
- uninstall
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
