Android.Locker.4854

Техническая информация

Вредоносные функции:

Перекрывает экран собственным окном, блокируя доступ к графическому интерфейсу.

Сетевая активность:

Подключается к:

UDP(DNS) <Google DNS>
TCP(HTTP/1.1) d1e0ih9####.cloudf####.net:80
TCP(HTTP/1.1) stra####.l####.net:80
TCP(HTTP/1.1) dl.cm.ksmo####.####.com:80
TCP(HTTP/1.1) net.ray####.com:80
TCP(HTTP/1.1) beh####.ksmo####.net:80
TCP(HTTP/1.1) a####.int####.com:80
TCP(HTTP/1.1) geo####.int####.com:80
TCP(HTTP/1.1) d3hqwz3####.cloudf####.net:80
TCP(HTTP/1.1) analy####.ray####.com:80
TCP(HTTP/1.1) ads.m####.com:80
TCP(HTTP/1.1) co####.in####.com:80
TCP(HTTP/1.1) i.w.in####.com:80
TCP(HTTP/1.1) cfg.cml.ksmo####.com:80
TCP(HTTP/1.1) api.mo####.sdk.####.com:80
TCP(HTTP/1.1) set####.ray####.com:80
TCP(TLS/1.0) un####.ad####.com:443
TCP(TLS/1.0) pro####.ad####.com:443
TCP(TLS/1.0) ws.ksmo####.net:443
TCP(TLS/1.0) t.appsf####.com:443
TCP(TLS/1.0) 1####.217.20.78:443
TCP(TLS/1.0) trac####.i2w.io:443
TCP(TLS/1.0) ups.ksmo####.net:443
TCP(TLS/1.0) ufs.ad####.com:443
TCP(TLS/1.0) c####.ksmo####.com:443
TCP(TLS/1.0) s####.w.in####.com:443
TCP(TLS/1.0) d30x8mt####.cloudf####.net:443
TCP(TLS/1.0) bp.ad####.com:443
TCP(TLS/1.0) api.face####.com:443
TCP(TLS/1.0) s####.ad####.com:80
TCP(TLS/1.0) wea####.ksmo####.net:443

Запросы DNS:

a####.int####.com
ads.m####.com
analy####.ray####.com
api.mo####.sdk.####.com
beh####.ksmo####.net
bp.ad####.com
c####.ksmo####.com
cfg.cml.ksmo####.com
cm####.did.ijin####.com
co####.in####.com
d1e0ih9####.cloudf####.net
d2qmdcg####.cloudf####.net
d30x8mt####.cloudf####.net
d3hqwz3####.cloudf####.net
dl.cm.ksmo####.com
g####.face####.com
geo####.int####.com
i.w.in####.com
net.ray####.com
pro####.ad####.com
s####.ad####.com
s####.w.in####.com
s####.w.in####.com
set####.ray####.com
stra####.l####.net
t.appsf####.com
trac####.i2w.io
u####.bat####.net
ufs.ad####.com
un####.ad####.com
up.cm.ksmo####.com
ups.ksmo####.net
userl####.ksmo####.net
wea####.ksmo####.net
ws.ksmo####.net

Запросы HTTP GET:

api.mo####.sdk.####.com/adunion/rtb/fetchAd?h=####&w=####&model=####&ven...
api.mo####.sdk.####.com/adunion/rtb/getInmobiAd?h=####&w=####&model=####...
api.mo####.sdk.####.com/adunion/slot/getDlAd?h=####&w=####&model=####&ve...

Запросы HTTP POST:

co####.in####.com/config-server/v1/config/secure.cfg
i.w.in####.com/showad.asm

Изменения в файловой системе:

Создает следующие файлы:

/data/anr/traces.txt
<Package Folder>/app_I2WEVENTS/####/1511163113475.undonelog
<Package Folder>/app_I2WEVENTS/1511163111299.log
<Package Folder>/app_ctrl/libkssuenv
<Package Folder>/app_deep_cloud_config/cloudmsgadv.json
<Package Folder>/bspatch
<Package Folder>/code_cache/####/MultiDex.lock
<Package Folder>/code_cache/####/tmp-<Package>-1.apk.classes-17...04.zip
<Package Folder>/code_cache/####/tmp-<Package>-1.apk.classes-18...23.zip
<Package Folder>/code_cache/####/tmp-<Package>-1.apk.classes-19...26.zip
<Package Folder>/databases/ad_sdk.db-journal
<Package Folder>/databases/appstorage.db
<Package Folder>/databases/appstorage.db-journal
<Package Folder>/databases/autostart_rules.db-journal
<Package Folder>/databases/cc_statistics.db-journal
<Package Folder>/databases/ce-network.db-journal
<Package Folder>/databases/ce-repo.db-journal
<Package Folder>/databases/cleanmaster_process_list.db-journal
<Package Folder>/databases/cm_push_message_db.db
<Package Folder>/databases/cm_push_message_db.db-journal
<Package Folder>/databases/com.im_7.0.1.db
<Package Folder>/databases/com.im_7.0.1.db-journal
<Package Folder>/databases/diskcache.db-journal
<Package Folder>/databases/dmc_report-journal
<Package Folder>/databases/downloads.db-journal
<Package Folder>/databases/du_ad_cache.db-journal
<Package Folder>/databases/du_ad_parse.db-journal
<Package Folder>/databases/du_ad_ts.db-journal
<Package Folder>/databases/false_cache.db
<Package Folder>/databases/false_cache.db-journal
<Package Folder>/databases/false_residual.db
<Package Folder>/databases/false_residual.db-journal
<Package Folder>/databases/gamecache.db-journal
<Package Folder>/databases/google_app_measurement_local.db
<Package Folder>/databases/google_app_measurement_local.db-journal
<Package Folder>/databases/i2wapi.db
<Package Folder>/databases/i2wapi.db-journal
<Package Folder>/databases/junk_simiar_pic_finger_cache.db-journal
<Package Folder>/databases/market.db-journal
<Package Folder>/databases/memory_cache.db
<Package Folder>/databases/memory_cache.db-journal
<Package Folder>/databases/mobvista.msdk.db-journal
<Package Folder>/databases/multiunused.db-journal
<Package Folder>/databases/pkgcache2_cache.db
<Package Folder>/databases/pkgcache2_cache.db-journal
<Package Folder>/databases/ps.db-journal
<Package Folder>/databases/residual_dir2_cache.db
<Package Folder>/databases/residual_dir2_cache.db-journal
<Package Folder>/databases/residual_pkg2_cache.db
<Package Folder>/databases/residual_pkg2_cache.db-journal
<Package Folder>/databases/rp.db-journal
<Package Folder>/databases/sdk_data.db
<Package Folder>/databases/sdk_data.db-journal
<Package Folder>/databases/se_cloud_eng.db-journal
<Package Folder>/databases/timewall_cache.db-journal
<Package Folder>/databases/webview.db-journal
<Package Folder>/databases/webviewCache.db
<Package Folder>/databases/webviewCache.db-journal
<Package Folder>/databases/webviewCookiesChromium.db-journal
<Package Folder>/databases/wizd.db-journal
<Package Folder>/files/####/.ad_list
<Package Folder>/files/####/.ad_source
<Package Folder>/files/####/.geographic_info
<Package Folder>/files/####/.ph_cfg
<Package Folder>/files/####/.script
<Package Folder>/files/####/.serving_cfg
<Package Folder>/files/####/_assets.zip
<Package Folder>/files/####/_assets.zip (deleted)
<Package Folder>/files/####/ad_icon.png
<Package Folder>/files/####/apple_daily_cover.jpg
<Package Folder>/files/####/arrive_at.png
<Package Folder>/files/####/arrive_nm.png
<Package Folder>/files/####/article_border.9.png
<Package Folder>/files/####/audio_tutorial_btn.png
<Package Folder>/files/####/bg_label.png
<Package Folder>/files/####/bg_mask.9.png
<Package Folder>/files/####/btn_audio_off.png
<Package Folder>/files/####/btn_audio_on.png
<Package Folder>/files/####/btn_close_at.png
<Package Folder>/files/####/btn_close_nm.png
<Package Folder>/files/####/btn_done_at.png
<Package Folder>/files/####/btn_done_nm.png
<Package Folder>/files/####/btn_download_at.jpg
<Package Folder>/files/####/btn_download_nm.jpg
<Package Folder>/files/####/btn_landscape_image_app_install_ios_at.png
<Package Folder>/files/####/btn_landscape_image_app_install_ios_nm.png
<Package Folder>/files/####/btn_landscape_image_gamecard_instal...at.png
<Package Folder>/files/####/btn_landscape_image_gamecard_instal...nm.png
<Package Folder>/files/####/btn_landscape_video_app_install_ios_at.png
<Package Folder>/files/####/btn_landscape_video_app_install_ios_nm.png
<Package Folder>/files/####/btn_landscape_video_install_android_at.png
<Package Folder>/files/####/btn_landscape_video_install_android_nm.png
<Package Folder>/files/####/btn_play_at.png
<Package Folder>/files/####/btn_play_nm.png
<Package Folder>/files/####/btn_portrait_image_app_install_ios_at.png
<Package Folder>/files/####/btn_portrait_image_app_install_ios_nm.png
<Package Folder>/files/####/btn_protrait_image_gamecard_android_at.png
<Package Folder>/files/####/btn_protrait_image_gamecard_android_nm.png
<Package Folder>/files/####/btn_single_close_at.png
<Package Folder>/files/####/btn_single_close_nm.png
<Package Folder>/files/####/btn_skip_at.png
<Package Folder>/files/####/btn_skip_nm.png
<Package Folder>/files/####/btn_video_done_at.png
<Package Folder>/files/####/btn_video_done_nm.png
<Package Folder>/files/####/btn_webview_back_at.png
<Package Folder>/files/####/btn_webview_back_disable.png
<Package Folder>/files/####/btn_webview_back_nm.png
<Package Folder>/files/####/btn_webview_close_at.png
<Package Folder>/files/####/btn_webview_close_nm.png
<Package Folder>/files/####/btn_webview_next_at.png
<Package Folder>/files/####/btn_webview_next_disable.png
<Package Folder>/files/####/btn_webview_next_nm.png
<Package Folder>/files/####/cfcl_cache
<Package Folder>/files/####/cm_activate_cmc_1511163117953.ich
<Package Folder>/files/####/cm_activate_cmc_1511163117969.ich
<Package Folder>/files/####/cm_activity_act_1511163145424.ich
<Package Folder>/files/####/cm_cert_1511163098358.ich
<Package Folder>/files/####/cm_charge_ads_cache_info_1511163155172.ich
<Package Folder>/files/####/cm_charge_ads_cache_info_1511163155897.ich
<Package Folder>/files/####/cm_clean_time_1511163106950.ich
<Package Folder>/files/####/cm_cleancloud_querystatus_1511163102866.ich
<Package Folder>/files/####/cm_cleancloud_querystatus_1511163104041.ich
<Package Folder>/files/####/cm_cloud_reachrate_1511163102094.ich
<Package Folder>/files/####/cm_cpu_countdown_1511163147652.ich
<Package Folder>/files/####/cm_edgweather_condition_1511163098340.ich
<Package Folder>/files/####/cm_fb_login_1511163145570.ich
<Package Folder>/files/####/cm_game_installed_games_1511163150049.ich
<Package Folder>/files/####/cm_homepage_card_show_1511163149549.ich
<Package Folder>/files/####/cm_homepage_card_show_1511163149552.ich
<Package Folder>/files/####/cm_homepage_card_show_1511163149556.ich
<Package Folder>/files/####/cm_homepage_card_show_1511163149562.ich
<Package Folder>/files/####/cm_homepage_card_show_1511163149566.ich
<Package Folder>/files/####/cm_homepage_card_show_1511163149568.ich
<Package Folder>/files/####/cm_ipkg_1511163148111.ich
<Package Folder>/files/####/cm_ipkg_1511163148113.ich
<Package Folder>/files/####/cm_ipkg_1511163148114.ich
<Package Folder>/files/####/cm_ipkg_1511163148116.ich
<Package Folder>/files/####/cm_ipkg_1511163148117.ich
<Package Folder>/files/####/cm_ipkg_1511163148119.ich
<Package Folder>/files/####/cm_ipkg_1511163148177.ich
<Package Folder>/files/####/cm_ipkg_1511163148178.ich
<Package Folder>/files/####/cm_ipkg_1511163148182.ich
<Package Folder>/files/####/cm_ipkg_1511163148184.ich
<Package Folder>/files/####/cm_ipkg_1511163148185.ich
<Package Folder>/files/####/cm_ipkg_1511163148194.ich
<Package Folder>/files/####/cm_ipkg_1511163148225.ich
<Package Folder>/files/####/cm_ipkg_1511163148241.ich
<Package Folder>/files/####/cm_ipkg_1511163148259.ich
<Package Folder>/files/####/cm_ipkg_1511163148278.ich
<Package Folder>/files/####/cm_ipkg_1511163148296.ich
<Package Folder>/files/####/cm_ipkg_1511163148314.ich
<Package Folder>/files/####/cm_ipkg_1511163148332.ich
<Package Folder>/files/####/cm_ipkg_1511163148354.ich
<Package Folder>/files/####/cm_ipkg_1511163148384.ich
<Package Folder>/files/####/cm_ipkg_1511163148562.ich
<Package Folder>/files/####/cm_ipkg_1511163148592.ich
<Package Folder>/files/####/cm_ipkg_1511163148616.ich
<Package Folder>/files/####/cm_ipkg_1511163148637.ich
<Package Folder>/files/####/cm_ipkg_1511163148658.ich
<Package Folder>/files/####/cm_ipkg_1511163148676.ich
<Package Folder>/files/####/cm_ipkg_1511163148695.ich
<Package Folder>/files/####/cm_ipkg_1511163148714.ich
<Package Folder>/files/####/cm_ipkg_1511163148735.ich
<Package Folder>/files/####/cm_ipkg_1511163148763.ich
<Package Folder>/files/####/cm_ipkg_1511163148780.ich
<Package Folder>/files/####/cm_ipkg_1511163148798.ich
<Package Folder>/files/####/cm_ipkg_1511163148816.ich
<Package Folder>/files/####/cm_ipkg_1511163148837.ich
<Package Folder>/files/####/cm_ipkg_1511163148856.ich
<Package Folder>/files/####/cm_ipkg_1511163148882.ich
<Package Folder>/files/####/cm_ipkg_1511163148907.ich
<Package Folder>/files/####/cm_ipkg_1511163148926.ich
<Package Folder>/files/####/cm_ipkg_1511163148948.ich
<Package Folder>/files/####/cm_ipkg_1511163148972.ich
<Package Folder>/files/####/cm_ipkg_1511163149113.ich
<Package Folder>/files/####/cm_ipkg_1511163149129.ich
<Package Folder>/files/####/cm_ipkg_1511163149148.ich
<Package Folder>/files/####/cm_ipkg_1511163149165.ich
<Package Folder>/files/####/cm_ipkg_1511163149188.ich
<Package Folder>/files/####/cm_ipkg_1511163149210.ich
<Package Folder>/files/####/cm_ipkg_1511163149234.ich
<Package Folder>/files/####/cm_ipkg_1511163149258.ich
<Package Folder>/files/####/cm_ipkg_1511163149280.ich
<Package Folder>/files/####/cm_ipkg_1511163149293.ich
<Package Folder>/files/####/cm_ipkg_1511163149313.ich
<Package Folder>/files/####/cm_ipkg_1511163149330.ich
<Package Folder>/files/####/cm_ipkg_1511163149355.ich
<Package Folder>/files/####/cm_ipkg_1511163149373.ich
<Package Folder>/files/####/cm_ipkg_1511163149396.ich
<Package Folder>/files/####/cm_ipkg_1511163149414.ich
<Package Folder>/files/####/cm_ipkg_1511163149434.ich
<Package Folder>/files/####/cm_ipkg_1511163149452.ich
<Package Folder>/files/####/cm_ipkg_1511163149470.ich
<Package Folder>/files/####/cm_ipkg_1511163149488.ich
<Package Folder>/files/####/cm_ipkg_1511163149506.ich
<Package Folder>/files/####/cm_ipkg_1511163149525.ich
<Package Folder>/files/####/cm_juhe_orin_splash_data_1511163152199.ich
<Package Folder>/files/####/cm_junk_item_1511163147659.ich
<Package Folder>/files/####/cm_junk_item_1511163147662.ich
<Package Folder>/files/####/cm_junk_item_1511163147673.ich
<Package Folder>/files/####/cm_junk_item_1511163147677.ich
<Package Folder>/files/####/cm_junk_item_1511163147693.ich
<Package Folder>/files/####/cm_junk_item_1511163147696.ich
<Package Folder>/files/####/cm_junk_item_1511163147709.ich
<Package Folder>/files/####/cm_junk_item_1511163147715.ich
<Package Folder>/files/####/cm_junk_item_1511163147741.ich
<Package Folder>/files/####/cm_junk_item_1511163147760.ich
<Package Folder>/files/####/cm_junk_item_1511163147761.ich
<Package Folder>/files/####/cm_junk_item_1511163147763.ich
<Package Folder>/files/####/cm_junk_item_1511163147764.ich
<Package Folder>/files/####/cm_junk_item_1511163147767.ich
<Package Folder>/files/####/cm_junk_item_1511163147768.ich
<Package Folder>/files/####/cm_junk_item_1511163147942.ich
<Package Folder>/files/####/cm_junk_item_1511163147945.ich
<Package Folder>/files/####/cm_junk_item_1511163147948.ich
<Package Folder>/files/####/cm_junk_item_1511163147949.ich
<Package Folder>/files/####/cm_junk_item_1511163147960.ich
<Package Folder>/files/####/cm_junk_item_1511163147961.ich
<Package Folder>/files/####/cm_junk_item_1511163147962.ich
<Package Folder>/files/####/cm_junk_item_1511163147966.ich
<Package Folder>/files/####/cm_junk_item_1511163147967.ich
<Package Folder>/files/####/cm_junk_item_1511163147968.ich
<Package Folder>/files/####/cm_junk_item_1511163147969.ich
<Package Folder>/files/####/cm_junk_item_1511163147978.ich
<Package Folder>/files/####/cm_junkstd_action_1511163147635.ich
<Package Folder>/files/####/cm_junkstd_allsize_1511163148057.ich
<Package Folder>/files/####/cm_junkstd_allsize_1511163148058.ich
<Package Folder>/files/####/cm_junkstd_allsize_1511163148068.ich
<Package Folder>/files/####/cm_junkstd_allsize_1511163148100.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1511163147987.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1511163147988.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1511163148014.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1511163148017.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1511163148039.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1511163148042.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1511163148044.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1511163148045.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1511163148046.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1511163148048.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1511163148056.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1511163148057.ich
<Package Folder>/files/####/cm_junkstd_first_hit_1511163101783.ich
<Package Folder>/files/####/cm_junkstd_first_hit_1511163101832.ich
<Package Folder>/files/####/cm_junkstd_junkitem1_1511163147628.ich
<Package Folder>/files/####/cm_junkstd_scan_result_1511163106419.ich
<Package Folder>/files/####/cm_junkstd_size_1511163107661.ich
<Package Folder>/files/####/cm_junkstd_size_1511163107687.ich
<Package Folder>/files/####/cm_junkstd_time_1511163104982.ich
<Package Folder>/files/####/cm_lockscreen_dialog_click_1511163115856.ich
<Package Folder>/files/####/cm_lockscreen_dialog_click_1511163115870.ich
<Package Folder>/files/####/cm_lockscreen_dialog_click_1511163115877.ich
<Package Folder>/files/####/cm_lockscreen_dialog_show_1511163111209.ich
<Package Folder>/files/####/cm_newslock_ads_sspload_info_1511163156315.ich
<Package Folder>/files/####/cm_newslock_ads_sspload_info_1511163156993.ich
<Package Folder>/files/####/cm_noti_bugcollapse2_1511163164264.ich
<Package Folder>/files/####/cm_noti_bugcollapse_1511163164256.ich
<Package Folder>/files/####/cm_resultpage_new_click_1511163119054.ich
<Package Folder>/files/####/cm_resultpage_new_show_1511163108654.ich
<Package Folder>/files/####/cm_resultpage_new_staytime_1511163145417.ich
<Package Folder>/files/####/cm_resultpage_preloadad_1511163108674.ich
<Package Folder>/files/####/cm_scan_time_1511163104910.ich
<Package Folder>/files/####/cm_si_1511163104994.ich
<Package Folder>/files/####/cm_task_onetapsuccess_1511163150678.ich
<Package Folder>/files/####/cm_worker_opt_1511163125387.ich
<Package Folder>/files/####/cm_worker_opt_1511163128123.ich
<Package Folder>/files/####/eq_off.png
<Package Folder>/files/####/eq_on.png
<Package Folder>/files/####/eq_shadow_bottom.png
<Package Folder>/files/####/eq_shadow_top.png
<Package Folder>/files/####/fcl_cache
<Package Folder>/files/####/image_gamecard_mask.9.png
<Package Folder>/files/####/image_landscape_app_mask.png
<Package Folder>/files/####/image_landscape_gamecard_mask.9.png
<Package Folder>/files/####/image_portrait_app_mask.png
<Package Folder>/files/####/img_bg.9.png
<Package Folder>/files/####/mask_bottom_.9.png
<Package Folder>/files/####/mask_top_.9.png
<Package Folder>/files/####/page_index_gray.png
<Package Folder>/files/####/page_index_white.png
<Package Folder>/files/####/receiver_history_list.dat
<Package Folder>/files/####/replay_at.png
<Package Folder>/files/####/replay_nm.png
<Package Folder>/files/####/running_with_duration.dat
<Package Folder>/files/####/shadow_bottom.9.png
<Package Folder>/files/####/shadow_left.9.png
<Package Folder>/files/####/shadow_right.9.png
<Package Folder>/files/####/shadow_top.9.png
<Package Folder>/files/####/splash_btn_audio_off.png
<Package Folder>/files/####/splash_btn_audio_on.png
<Package Folder>/files/####/splash_btn_download_at.jpg
<Package Folder>/files/####/splash_btn_download_nm.jpg
<Package Folder>/files/####/splash_eq_off.png
<Package Folder>/files/####/splash_eq_on.png
<Package Folder>/files/####/splash_eq_shadow_bottom.png
<Package Folder>/files/####/splash_eq_shadow_top.png
<Package Folder>/files/####/stream_audio_off.png
<Package Folder>/files/####/stream_audio_on.png
<Package Folder>/files/####/stream_eq_off.png
<Package Folder>/files/####/stream_eq_on.png
<Package Folder>/files/####/stream_eq_shadow_bottom.png
<Package Folder>/files/####/stream_eq_shadow_top.png
<Package Folder>/files/####/tempblur.jpg
<Package Folder>/files/####/tmpfalse_e_false_cache_1511163100048
<Package Folder>/files/####/tmpfalse_e_false_residual_1511163100306
<Package Folder>/files/####/topbar.png
<Package Folder>/files/####/topbar15.png
<Package Folder>/files/####/topbar167.png
<Package Folder>/files/####/topbar178.png
<Package Folder>/files/####/wifi_tag.png
<Package Folder>/files/AF_INSTALLATION
<Package Folder>/files/appcpu_hf_en.db.bak
<Package Folder>/files/appcpu_hf_en.db.lzma.bak
<Package Folder>/files/appmem_hf_en.db.bak
<Package Folder>/files/appmem_hf_en.db.lzma.bak
<Package Folder>/files/ats2_wl_en.dat.bak
<Package Folder>/files/ats2_wl_en.dat.lzma.bak
<Package Folder>/files/clearpath_other_5.9.6.db.bak
<Package Folder>/files/clearpath_other_5.9.6.db.lzma.bak
<Package Folder>/files/clearprocess_en_5.10.1.filter.bak
<Package Folder>/files/junkwhite.db.bak
<Package Folder>/files/junkwhite.db.lzma.bak
<Package Folder>/files/kctrl.dat
<Package Folder>/files/kfmt.dat
<Package Folder>/files/melib.dat.bak
<Package Folder>/files/melib.dat.lzma.bak
<Package Folder>/files/pkgcache_hf_en_5.12.3.db.bak
<Package Folder>/files/pkgcache_hf_en_5.12.3.db.lzma.bak
<Package Folder>/files/pkgquery_hf_en_5.11.6.db.bak
<Package Folder>/files/pkgquery_hf_en_5.11.6.db.lzma.bak
<Package Folder>/files/preinstall4_hf_en.db.bak
<Package Folder>/files/preinstall4_hf_en.db.lzma.bak
<Package Folder>/files/process_tips2.db.bak
<Package Folder>/files/process_tips2.db.lzma.bak
<Package Folder>/files/rootkeeper.jar
<Package Folder>/files/se_cloud_hf.db.bak
<Package Folder>/files/se_cloud_hf.db.lzma.bak
<Package Folder>/files/searchEngine.json
<Package Folder>/files/strings2_other.db.bak
<Package Folder>/files/strings2_other.db.lzma.bak
<Package Folder>/files/wfc-13601371111
<Package Folder>/files/wfc-13601371112
<Package Folder>/files/wfc-13601371113
<Package Folder>/files/whiteNotification.json
<Package Folder>/files/whiteNotification.tmp (deleted)
<Package Folder>/no_backup/com.google.android.gms.appid-no-backup
<Package Folder>/shared_prefs/<Package>.update.UpdateManager.xml
<Package Folder>/shared_prefs/<Package>PushConfig_Pref.xml
<Package Folder>/shared_prefs/<Package>_preferences.xml
<Package Folder>/shared_prefs/<Package>_preferences.xml (deleted)
<Package Folder>/shared_prefs/<Package>_preferences.xml.bak
<Package Folder>/shared_prefs/<Package>_preferences.xml.bak (deleted)
<Package Folder>/shared_prefs/<Package>_servicehighfreqpreferences.xml
<Package Folder>/shared_prefs/<Package>_ui_preferences.xml
<Package Folder>/shared_prefs/BatteryConfigManager.xml
<Package Folder>/shared_prefs/CmSideProvider.xml
<Package Folder>/shared_prefs/FBAdPrefs.xml
<Package Folder>/shared_prefs/SDKIDFA.xml
<Package Folder>/shared_prefs/_toolbox_prefs.xml
<Package Folder>/shared_prefs/_toolbox_prefs.xml.bak
<Package Folder>/shared_prefs/appsflyer-data.xml
<Package Folder>/shared_prefs/cleancloud_pref.xml
<Package Folder>/shared_prefs/cloud_eng.xml
<Package Folder>/shared_prefs/cloudconfig.xml
<Package Folder>/shared_prefs/cmadsdk_104.xml
<Package Folder>/shared_prefs/cmcmadsdk_config.xml
<Package Folder>/shared_prefs/com.facebook.ads.FEATURE_CONFIG.xml
<Package Folder>/shared_prefs/com.facebook.internal.preferences...GS.xml
<Package Folder>/shared_prefs/com.google.android.gms.appid.xml
<Package Folder>/shared_prefs/com.google.android.gms.measuremen...leted)
<Package Folder>/shared_prefs/com.google.android.gms.measurement.prefs.xml
<Package Folder>/shared_prefs/com.im.keyValueStore.aes_key_store.xml
<Package Folder>/shared_prefs/com.im.keyValueStore.config_store.xml
<Package Folder>/shared_prefs/com.im.keyValueStore.sdk_version_store.xml
<Package Folder>/shared_prefs/dmc_default.xml
<Package Folder>/shared_prefs/dmc_receiver.xml
<Package Folder>/shared_prefs/market_config.xml
<Package Folder>/shared_prefs/misc.xml
<Package Folder>/shared_prefs/mobvista.xml
<Package Folder>/shared_prefs/multidex.version.xml
<Package Folder>/shared_prefs/rp_misc.xml
<Package Folder>/shared_prefs/sdk_preferences.xml
<Package Folder>/shared_prefs/searchengine.xml
<Package Folder>/shared_prefs/share_date.xml
<Package Folder>/shared_prefs/sharedpreferences_mnt_settings.xml
<Package Folder>/shared_prefs/sharedpreferences_mnt_strategy_info.xml
<Package Folder>/shared_prefs/sharedpreferences_mnt_strategy_re...me.xml
<Package Folder>/update/####/sdk_preferences.dat
<Package Folder>/update/####/searchengine.dat
<Package Folder>/updatedata/####/cm_wizard_cfg_res_en
<Package Folder>/updatedata/ad_control_cfg_res.dwn
<Package Folder>/updatedata/cloud_string_res_2.dwn
<Package Folder>/updatedata/cloud_string_res_2.dwn.default
<Package Folder>/updatedata/downloadzipsdes.dwn
<Package Folder>/updatedata/ips_versions.dwn
<Package Folder>/updatedata/ips_versions_cn.dwn
<Package Folder>/updatedata/m_app_start_x_v2
<Package Folder>/updatedata/versions_get.dwn
<SD-Card>/Android/####/.nomedia
<SD-Card>/Android/####/1009075405720307149
<SD-Card>/Android/####/17995657901819064192
<SD-Card>/Android/####/203189876-38772598
<SD-Card>/Android/####/203189876634133766
<SD-Card>/Android/####/UIPro0.xlog
<SD-Card>/Android/####/UIPro0.xlog.lck
<SD-Card>/Android/####/apps_dump

Другие:

Запускает следующие shell-скрипты:

<Package>.rootkeeper
id
ls -l /system/bin/su
sh
su

Загружает динамические библиотеки:

libkcmlzma
libkcmutil

Использует повышенные привилегии.

Осуществляет доступ к информации о геолокации.

Осуществляет доступ к информации о сети.

Осуществляет доступ к информации о телефоне (номер, imei и тд.).

Осуществляет доступ к информации о настроках APN.

Осуществляет доступ к информации об активных администраторах устройства.

Осуществляет доступ к информации об установленных приложениях.

Осуществляет доступ к информации о запущенных приложениях.

Осуществляет доступ к информации о зарегистрированных на устройстве аккаунтах (Google, Facebook и тд.).

Добавляет задания в системный планировщик.

Отрисовывает собственные окна поверх других приложений.

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней