Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.RemoteCode.93.origin
Предлагает установить сторонние приложения.
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) c5.la4.down####.####.com:7080
- TCP(HTTP/1.1) c4.la4.down####.####.com:7080
- TCP(HTTP/1.1) cdn.9appsdo####.com:80
- TCP(HTTP/1.1) sdk-112####.us-we####.elb.####.com:80
- TCP(HTTP/1.1) c12.la4.down####.####.com:7080
- TCP(HTTP/1.1) c11.la4.down####.####.com:7080
- TCP(HTTP/1.1) c10.la4.down####.####.com:7080
- TCP(HTTP/1.1) c7.la4.down####.####.com:7080
- TCP(HTTP/1.1) g####.u####.com:80
- TCP(HTTP/1.1) d####.9####.com:7080
- TCP(HTTP/1.1) c3.la4.down####.####.com:7080
- TCP(HTTP/1.1) c1.la4.down####.####.com:7080
- TCP(HTTP/1.1) api.9####.com:80
- TCP(HTTP/1.1) ap####.9####.com:80
- TCP(HTTP/1.1) p####.u####.com:80
- TCP(TLS/1.0) 1####.217.17.78:443
Запросы DNS:
- ap####.9####.com
- api.9####.com
- c1.la4.down####.####.com
- c10.la4.down####.####.com
- c11.la4.down####.####.com
- c12.la4.down####.####.com
- c2.la4.down####.####.com
- c3.la4.down####.####.com
- c4.la4.down####.####.com
- c5.la4.down####.####.com
- c7.la4.down####.####.com
- cdn.9appsdo####.com
- d####.9####.com
- g####.u####.com
- msg.api.9####.com
- p####.u####.com
- po####.9####.com
- sdk-112####.us-we####.elb.####.com
Запросы HTTP GET:
- ap####.9####.com/app.bizAlsoLike?sid=####&app=####&packageName=####&beta...
- ap####.9####.com/app.mustHaveApps?app=####&versionCode=####&versionName=...
- ap####.9####.com/app.searchRecommend?app=####&versionCode=####&versionNa...
- ap####.9####.com/app/keywordWithTag?app=####&versionCode=####&versionNam...
- ap####.9####.com/config.get?app=####&keys=####&versionCode=####&versionN...
- ap####.9####.com/config?app=####&versionCode=####&versionName=####&um_ch...
- ap####.9####.com/messageUser?app=####&versionCode=####&versioncode=####&...
- ap####.9####.com/pushmessage.json?app=####&updatetime=####&versionCode=#...
- ap####.9####.com/user/property?app=####&versionCode=####&versionName=###...
- ap####.9####.com/v3/app/com.facebook.Mentions.json?sid=####&app=####&ver...
- ap####.9####.com/v3/app/sg.bigo.live.json?sid=####&app=####&versionCode=...
- ap####.9####.com/v3/check-for-update.json?app=####&packageName=####&vers...
- ap####.9####.com/v3/page/template?sid=####&app=####&versionCode=####&ver...
- api.9####.com/client/check/task?app=####&versionCode=####&versionName=##...
- api.9####.com/config.get?app=####&keys=####&versionCode=####&versionName...
- api.9####.com/config?app=####&imei=####&versionCode=####&versionName=###...
- api.9####.com/config?app=####&versionCode=####&versionName=####&um_ch=##...
- api.9####.com/down.redirect?a=####&v=####&dsign=####&rnd=####&pid=####&p...
- api.9####.com/get/msg?app=####&updatetime=####&versionCode=####&versionc...
- api.9####.com/get/msg?app=####&versionCode=####&versioncode=####&version...
- api.9####.com/pushmessage.json?app=####&versionCode=####&versioncode=###...
- api.9####.com/v3/page/template?sid=####&app=####&versionCode=####&versio...
- c1.la4.down####.####.com:7080/group1/M00/18/26/pYYBAFfuN8GAS0P2AAAC0c0UW...
- c1.la4.down####.####.com:7080/group1/M00/3A/FA/qoYBAFfuOBuAHHmVAAAJjVcyi...
- c1.la4.down####.####.com:7080/group1/M00/76/22/qYYBAFf_EsSANI-NAAANZCQoX...
- c1.la4.down####.####.com:7080/group1/M00/A0/87/pYYBAFeIE5qAGtWvAAAUa4jwU...
- c1.la4.down####.####.com:7080/group1/M01/40/76/p4YBAFjUHieAe_U3AAAb1f_Cj...
- c1.la4.down####.####.com:7080/group1/M01/69/1A/poYBAFYlIymAH9X5AAARPw3P3...
- c1.la4.down####.####.com:7080/group1/M02/06/CC/poYBAFjUHieARKDCAAAZKK2jQ...
- c1.la4.down####.####.com:7080/group1/M02/0A/C5/qoYBAFi5-k-AODMBAAAZ9v8In...
- c1.la4.down####.####.com:7080/group1/M02/9F/A0/pYYBAFh3TAGAcX0fAAAe7fimX...
- c1.la4.down####.####.com:7080/group1/M02/E8/0B/poYBAFi5-k-AJgzTAAAU4KRjv...
- c1.la4.down####.####.com:7080/group1/M02/E8/0B/poYBAFi5-k-AblKpAAAMllLj0...
- c1.la4.down####.####.com:7080/group2/M00/13/E9/RQ0DAFm7dqaAcTn4AAAMU9GPS...
- c1.la4.down####.####.com:7080/group2/M00/46/9F/RQ0DAFnJtTmAfk_zAABgSZqox...
- c1.la4.down####.####.com:7080/group2/M00/EE/55/RA0DAFo8ZmeAFZGZAAAQ76pow...
- c1.la4.down####.####.com:7080/group2/M01/3B/D0/Qg0DAFknmWWABC4wAAAStCybe...
- c1.la4.down####.####.com:7080/group2/M01/82/54/QQ0DAFlUIEWASCRAAAANxvMNe...
- c1.la4.down####.####.com:7080/group2/M01/8B/68/QQ0DAFnftx2AH2LmAAAi1qff5...
- c1.la4.down####.####.com:7080/group2/M01/8C/18/RA0DAFnf8_yADbHKAAASnf91V...
- c1.la4.down####.####.com:7080/group2/M01/C0/F2/Qg0DAFopDbeAWhxQAAAJs-wvg...
- c1.la4.down####.####.com:7080/group2/M01/C1/28/RQ0DAFnu_cGATc8EAAAOhlBcz...
- c1.la4.down####.####.com:7080/group2/M01/E8/01/RA0DAFo6DfmAN-ZjAAANi3rMp...
- c10.la4.down####.####.com:7080/group1/M00/53/3A/qYYBAFjUHieAJ3SmAAAbCPiD...
- c10.la4.down####.####.com:7080/group1/M01/D2/D8/poYBAFeqZxiACY5lAAAO2SSC...
- c10.la4.down####.####.com:7080/group2/M00/D0/EC/Qg0DAFmUM8uAeIX-AAAQLnDT...
- c10.la4.down####.####.com:7080/group2/M00/D9/1B/RQ0DAFoxNNCAdpG5APnVbSRB...
- c10.la4.down####.####.com:7080/group2/M00/DE/70/RA0DAFo0CP2AB1oaAlfRiCSs...
- c10.la4.down####.####.com:7080/group2/M00/EB/82/RA0DAFo7kHiAG6NIAAALF_mN...
- c10.la4.down####.####.com:7080/group2/M01/A0/98/QQ0DAFoftyeAFUQsAAAJ8YTt...
- c10.la4.down####.####.com:7080/group2/M01/D9/1A/Qg0DAFoxNM-AHXC-AAALkdyb...
- c10.la4.down####.####.com:7080/group2/M01/DF/50/RQ0DAFo0jpOAO20bAAAKYCty...
- c10.la4.down####.####.com:7080/group2/M01/E8/1D/RQ0DAFo6HmeAPiT4AAAHPLE0...
- c10.la4.down####.####.com:7080/group2/M02/46/C8/QQ0DAFoL8ISAe99xAAAXXJFz...
- c10.la4.down####.####.com:7080/group2/M02/7F/4C/QQ0DAFoYUCmAKD4UAAAekK9y...
- c10.la4.down####.####.com:7080/group2/M02/9A/21/RA0DAFoeIaiAJfmzAAAhinQt...
- c10.la4.down####.####.com:7080/group2/M02/D0/F2/QQ0DAFouiF6ALHT7AAAMbGTb...
- c11.la4.down####.####.com:7080/group1/M01/64/AD/qYYBAFfuOBiAboOoAAAC1Bn3...
- c11.la4.down####.####.com:7080/group1/M01/84/27/qYYBAFgN05WAXw-uAAAITyh1...
- c11.la4.down####.####.com:7080/group2/M00/7C/DF/QQ0DAFoXYlWATu8fAAAjIInT...
- c11.la4.down####.####.com:7080/group2/M00/F2/9A/RQ0DAFo9rPOAYlUTAAAVvTn2...
- c11.la4.down####.####.com:7080/group2/M01/98/A1/Qg0DAFlj7WyAGGj8AAAc_VXC...
- c11.la4.down####.####.com:7080/group2/M02/A7/DB/Qg0DAFlu3NGAQLGPAAAL2CZ7...
- c11.la4.down####.####.com:7080/group2/M02/E8/B9/RQ0DAFmrKeuACDCwAAAMGvIK...
- c12.la4.down####.####.com:7080/group1/M00/29/86/qoYBAFjUHieANs_OAAAa5RSM...
- c12.la4.down####.####.com:7080/group1/M00/85/D6/q4YBAFjUHieABjNUAAAakH8G...
- c12.la4.down####.####.com:7080/group1/M02/41/EB/poYBAFkHBGWAN3dQAAAigNqA...
- c12.la4.down####.####.com:7080/group2/M00/09/59/RA0DAFm3rRGARmnVAAAWU9cs...
- c12.la4.down####.####.com:7080/group2/M00/18/F7/Qg0DAFkVe-iAe6AjAAALXksb...
- c12.la4.down####.####.com:7080/group2/M00/DF/4F/Qg0DAFo0jpOAFmqJA8-jIweV...
- c12.la4.down####.####.com:7080/group2/M01/54/63/RQ0DAFk1NRKAIMzGAAAI6_mf...
- c12.la4.down####.####.com:7080/group2/M01/5D/6B/QQ0DAFk6X6yAQJwpAAAdt-c_...
- c12.la4.down####.####.com:7080/group2/M01/C0/F4/RQ0DAFopDbyAQ88VAAAQjWys...
- c12.la4.down####.####.com:7080/group2/M01/DE/70/RA0DAFo0CP2AYE2JAAARm9dJ...
- c12.la4.down####.####.com:7080/group2/M02/06/AF/Qg0DAFm19--AAB_-AABBw2w0...
- c12.la4.down####.####.com:7080/group2/M02/E0/E5/RQ0DAFmnommAGO5DAAAWcNIc...
- c12.la4.down####.####.com:7080/group2/M02/E8/1D/QQ0DAFo6HmaAIF5KABzaoXeO...
- c3.la4.down####.####.com:7080/group1/M00/14/74/pYYBAFcNdB-ASj6uAAAOQWPqH...
- c3.la4.down####.####.com:7080/group1/M00/84/27/qYYBAFgN05KANzdLAAAB1tPaT...
- c3.la4.down####.####.com:7080/group1/M02/0A/C7/q4YBAFhmW9uAPRECAAAQyfKX2...
- c3.la4.down####.####.com:7080/group2/M00/EF/B9/QQ0DAFo8zhiALNRvAAAhJ-IHn...
- c3.la4.down####.####.com:7080/group2/M01/3B/B3/Qg0DAFknhnyAYNAeAAAIhsAxi...
- c3.la4.down####.####.com:7080/group2/M01/54/63/RA0DAFk1NPiAFronAAADKNTgE...
- c3.la4.down####.####.com:7080/group2/M02/06/AF/RQ0DAFm19-aAKl9rAAAIuFNwT...
- c4.la4.down####.####.com:7080/group1/M00/3C/D8/qIYBAFfWCtSAUgxhAAAPWUosZ...
- c4.la4.down####.####.com:7080/group1/M02/40/5E/qIYBAFjUHieAXwD3AAANFJB70...
- c4.la4.down####.####.com:7080/group2/M01/5A/89/RQ0DAFk43smAYNPqAAAhjlJ_N...
- c4.la4.down####.####.com:7080/group2/M01/77/C8/RA0DAFlOTdaAXhzkAAAhRB1Lr...
- c4.la4.down####.####.com:7080/group2/M01/7D/6C/RQ0DAFoXhXuAGaEzAAAhS2Eex...
- c4.la4.down####.####.com:7080/group2/M01/E3/37/RA0DAFo3QOKAKcOmAAAMdyX3C...
- c4.la4.down####.####.com:7080/group2/M02/C7/3C/QQ0DAFmKzNKAJVdMAAAJ3_sm5...
- c5.la4.down####.####.com:7080/group1/M01/18/2B/poYBAFfuN8OAGenKAAAJ_cFk1...
- c5.la4.down####.####.com:7080/group1/M02/2D/B0/qYYBAFiziLOALCNKAABMKlGRS...
- c5.la4.down####.####.com:7080/group1/M02/98/D0/qoYBAFhUnGOASV7nAAAaPeu8T...
- c5.la4.down####.####.com:7080/group2/M00/64/66/RQ0DAFk-Xx6ALK__AHw4DfBWa...
- c5.la4.down####.####.com:7080/group2/M00/67/F6/RA0DAFoSpbqAewkCAAB4_g3Nm...
- c5.la4.down####.####.com:7080/group2/M00/E5/40/RQ0DAFo4gkqAPLQ-AAAfV778M...
- c5.la4.down####.####.com:7080/group2/M01/D0/F2/QQ0DAFouiGCAfDBXAAALS6WJ8...
- c5.la4.down####.####.com:7080/group2/M01/ED/68/RQ0DAFo8Js-AErIWAAAlmSa39...
- c5.la4.down####.####.com:7080/group2/M02/46/F7/QQ0DAFoL_pSAKYSCAAAGUmb0q...
- c5.la4.down####.####.com:7080/group2/M02/A3/2E/RA0DAFlrbxeAKe2SAAAHXhcIj...
- c7.la4.down####.####.com:7080/group2/M00/D8/60/QQ0DAFmdMKmALs0rAABYLUUAM...
- c7.la4.down####.####.com:7080/group2/M00/E0/07/Qg0DAFo1NdqAYw4WAAAS0XRGY...
- c7.la4.down####.####.com:7080/group2/M02/3B/B3/Qg0DAFknhnmATnW6AAACwIyb1...
- c7.la4.down####.####.com:7080/group2/M02/F4/99/RA0DAFo-T9qAUYaOAAATstCny...
- cdn.9appsdo####.com/group1/M02/E4/55/poYBAFi2djaAWSfLAJwzz-dvdJs618.apk?...
- cdn.9appsdo####.com/group2/M00/EF/BE/RQ0DAFo8zziABmhTAHHSHouqo6Y860.apk?...
- cdn.9appsdo####.com/group2/M01/46/F7/RA0DAFoL_pOAXBcGAH88s5Lh3KU502.apk?...
- cdn.9appsdo####.com/group2/M01/D0/EC/Qg0DAFmUM8qAYml6AGLIKlKKNDk072.apk?...
- cdn.9appsdo####.com/group2/M01/D4/4E/RQ0DAFovrumAVddAAdMUEl519Zw425.apk?...
- cdn.9appsdo####.com/group2/M01/E8/93/RQ0DAFo6ZiqAGUJfADCunEE7tGs762.apk?...
- cdn.9appsdo####.com/group2/M01/EF/DF/RA0DAFo83cOASPZ7AG6MfjUkm1g273.apk?...
- d####.9####.com:7080/group2/M00/EF/E1/RA0DAFo835WAFF4pAAHgzqC627U456.jpg
- g####.u####.com/files/components/libcrash_x86_1.5.0.0/26/libcrashx86_V1....
- p####.u####.com/u1/ggilpgjhklgmkiglnnghjiggklnojgkoppmgiononhlggggghgghh...
Запросы HTTP POST:
- ap####.9####.com/stat/visit?app=####&gzip=####&versionCode=####&versionN...
- ap####.9####.com/user/check-increment-update.json?app=####&gzip=####&ver...
- api.9####.com/user/check-increment-update.json?app=####&gzip=####&versio...
- p####.u####.com/upgrade/index.xhtml?from=####
- sdk-112####.us-we####.elb.####.com/sdk/sdkClient/request
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/AdsBusiness-data.xml
- /data/data/####/classes.zip
- <Package Folder>/HasStarted
- <Package Folder>/app_jniLibs/libcrash_1.5.0.0.so
- <Package Folder>/app_stat_log/1510835498844
- <Package Folder>/app_stat_log/1510835508847
- <Package Folder>/app_stat_log/1510835518869
- <Package Folder>/app_stat_log/1510835529087
- <Package Folder>/app_stat_log/1510835539179
- <Package Folder>/app_stat_log/1510835549204
- <Package Folder>/app_stat_log/1510835559588
- <Package Folder>/app_wa/####/11gpsdfe_1510835506368002086.wa
- <Package Folder>/app_wa/####/12hqtegf_1510835516248002086.wa
- <Package Folder>/app_wa/####/13irufhg_1510835518342002086.wa
- <Package Folder>/app_wa/####/14jsvgih_1510835533268002086.wa
- <Package Folder>/app_wa/####/15ktwhji_1510835534145002086.wa
- <Package Folder>/app_wa/####/16luxikj_1510835540351002086.wa
- <Package Folder>/app_wa/####/17mvyjlk_1510835548173002086.wa
- <Package Folder>/cache/####/04e6fa3ea38ce28c43b5e6041d1c58fc.0.tmp
- <Package Folder>/cache/####/04e6fa3ea38ce28c43b5e6041d1c58fc.1.tmp
- <Package Folder>/cache/####/10395b2faa7659ed2366e55b6f4e4f85.0.tmp
- <Package Folder>/cache/####/10395b2faa7659ed2366e55b6f4e4f85.1.tmp
- <Package Folder>/cache/####/1faeb9f624beef2001d647a9852c8269.0.tmp
- <Package Folder>/cache/####/1faeb9f624beef2001d647a9852c8269.1.tmp
- <Package Folder>/cache/####/4b76b6992c90f9587330b58490d803bc.0.tmp
- <Package Folder>/cache/####/4b76b6992c90f9587330b58490d803bc.1.tmp
- <Package Folder>/cache/####/4e0fb2703d8dfc0012a3e53ce652c035.0.tmp
- <Package Folder>/cache/####/4e0fb2703d8dfc0012a3e53ce652c035.1.tmp
- <Package Folder>/cache/####/52807db3ae3acf778cbc9976c2d81c15.0.tmp
- <Package Folder>/cache/####/52807db3ae3acf778cbc9976c2d81c15.1.tmp
- <Package Folder>/cache/####/54d70c3c757bef11b63e49c1785611cf.0.tmp
- <Package Folder>/cache/####/54d70c3c757bef11b63e49c1785611cf.1.tmp
- <Package Folder>/cache/####/5f93629286f7f320e273c2e10f30780d.0.tmp
- <Package Folder>/cache/####/5f93629286f7f320e273c2e10f30780d.1.tmp
- <Package Folder>/cache/####/7f88a358ced64fd69b87e235b0b484af.0.tmp
- <Package Folder>/cache/####/7f88a358ced64fd69b87e235b0b484af.1.tmp
- <Package Folder>/cache/####/8100a546e8e3c0d39cd0c48ac2d4ba07.0.tmp
- <Package Folder>/cache/####/8100a546e8e3c0d39cd0c48ac2d4ba07.1.tmp
- <Package Folder>/cache/####/88593a90d57be9c114deeecd5cc1a35e.0.tmp
- <Package Folder>/cache/####/88593a90d57be9c114deeecd5cc1a35e.1.tmp
- <Package Folder>/cache/####/8890b165e63d31137e1c303ff97f85ea.0.tmp
- <Package Folder>/cache/####/8890b165e63d31137e1c303ff97f85ea.1.tmp
- <Package Folder>/cache/####/9db99ec534849c38dceb2be2826a3861.0.tmp
- <Package Folder>/cache/####/9db99ec534849c38dceb2be2826a3861.1.tmp
- <Package Folder>/cache/####/9faa4e4f11a0b44405ee362efdec26eb.0
- <Package Folder>/cache/####/9faa4e4f11a0b44405ee362efdec26eb.1
- <Package Folder>/cache/####/a10c646135e6b3da0060fd149e53429c.0.tmp
- <Package Folder>/cache/####/a10c646135e6b3da0060fd149e53429c.1.tmp
- <Package Folder>/cache/####/aca0bacb318fe4c7c671afde59e63baa.0.tmp
- <Package Folder>/cache/####/aca0bacb318fe4c7c671afde59e63baa.1.tmp
- <Package Folder>/cache/####/b411ec28e67089174da0d6b3ff150caf.0.tmp
- <Package Folder>/cache/####/b411ec28e67089174da0d6b3ff150caf.1.tmp
- <Package Folder>/cache/####/bc5e64721f0e9158b4b3ccead2417315.0.tmp
- <Package Folder>/cache/####/bc5e64721f0e9158b4b3ccead2417315.1.tmp
- <Package Folder>/cache/####/ce23e03e343edbabb2cb5ae520b4424c.0.tmp
- <Package Folder>/cache/####/ce23e03e343edbabb2cb5ae520b4424c.1.tmp
- <Package Folder>/cache/####/dd07ac2ca6b0a9436c6c6148e2aa9fa4.0.tmp
- <Package Folder>/cache/####/dd07ac2ca6b0a9436c6c6148e2aa9fa4.1.tmp
- <Package Folder>/cache/####/f54e7d575b5b38982e17092b0f02c254.0.tmp
- <Package Folder>/cache/####/f54e7d575b5b38982e17092b0f02c254.1.tmp
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.bb
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.ff
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.meminfo
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.pid
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.ps
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.start
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.time
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.uptime
- <Package Folder>/crashsdk/####/unique
- <Package Folder>/databases/WaValue.db-journal
- <Package Folder>/databases/downloader-journal
- <Package Folder>/databases/pushmessage-journal
- <Package Folder>/files/daemon
- <Package Folder>/shared_prefs/9apps.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/SYSTEM_CACHE.xml
- <Package Folder>/shared_prefs/com.google.android.gcm.xml
- <Package Folder>/shared_prefs/ffc1d42b1ca5e3db2657d00b91997f6a.xml
- <SD-Card>/9appsPro/####/RA0DAFo835WAFF4pAAHgzqC627U456.jpg.tmp
- <SD-Card>/9appsPro/####/com.UCMobile.intl_11.5.0.1015_10430pakage.apk.tmp
- <SD-Card>/9appsPro/####/com.dewmobile.kuaiya.play_5.2.1 US_201p...pk.tmp
- <SD-Card>/9appsPro/####/com.facebook.katana_153.0.0.54.88_84570...pk.tmp
- <SD-Card>/9appsPro/####/com.facebook.lite_73.0.0.7.192_84960483...pk.tmp
- <SD-Card>/9appsPro/####/com.mam.faer.nomutwo_1.0.3_103pakage.apk.tmp
- <SD-Card>/9appsPro/####/com.mxtech.videoplayer.ad_1.9.11_121000...pk.tmp
- <SD-Card>/9appsPro/####/com.nemo.vidmate_3.34_334pakage.apk.tmp
- <SD-Card>/9appsPro/####/com.shopclues_3.3.40_1056pakage.apk.tmp
- <SD-Card>/9appsPro/####/com.uc.browser.en_10.9.8_112pakage.apk.tmp
- <SD-Card>/9appsPro/####/com.uc.iflow_1.7.6.1035_89pakage.apk.tmp
- <SD-Card>/9appsPro/####/com.yz.game.teenpatti_2.0.0029_1600841p...pk.tmp
- <SD-Card>/9appsPro/####/libcrash_1.5.0.0.so.tmp
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/068dc52eea7f24527df1491864402f788b64c19e....0.tmp
- <SD-Card>/Android/####/08f88d72f6e426180fda44dd85b5af16b20ad003....0.tmp
- <SD-Card>/Android/####/0a6780c656e2d5bc7edbcd3e7d2491c70dc7eb87....0.tmp
- <SD-Card>/Android/####/0f9609adc1c40c7a9a08e12faf3e197f7a5695aa....0.tmp
- <SD-Card>/Android/####/102bc6928ef56105c9d572293be6a25f710cfbc0....0.tmp
- <SD-Card>/Android/####/11d957f978b1920aa3940bd509532bd028ae7694....0.tmp
- <SD-Card>/Android/####/1c64d8ba0f71cdef3c5af581966ca1f1d8eb27f2....0.tmp
- <SD-Card>/Android/####/1c82de0e16d9a671dfacd69d323f8e781d160bf9....0.tmp
- <SD-Card>/Android/####/203efcb36b9fae565bc42590bfdaa9ea0fb8fbf5....0.tmp
- <SD-Card>/Android/####/237af98a15dbd61e2551a55d9639ca12cd858219....0.tmp
- <SD-Card>/Android/####/25d7af3963e4f4a53864d21e5391ea322166ff4d....0.tmp
- <SD-Card>/Android/####/265a7e05483bf5159065a0307f293465cf07bf7d....0.tmp
- <SD-Card>/Android/####/280441e713ce629051b2a053eee290436f11f33e....0.tmp
- <SD-Card>/Android/####/28a8561808f4f357453380d7af714b519b38a456....0.tmp
- <SD-Card>/Android/####/2b1f70649f88deaa718375d3024a65989dd53cd3....0.tmp
- <SD-Card>/Android/####/2c31e046b055ba9a978bd393d37f862190bfb0c3....0.tmp
- <SD-Card>/Android/####/2eb1b95ff2e419772cad003f68c415dc52f8f7d6....0.tmp
- <SD-Card>/Android/####/2ed0eeea0d5ae233c3953bdf5e7a83f73df7ef36....0.tmp
- <SD-Card>/Android/####/2f730389ab88451c00d5a0800537ca510f2fa1b8....0.tmp
- <SD-Card>/Android/####/312d066fbf1ee04fb8e296096478ed3e3a8fefdb....0.tmp
- <SD-Card>/Android/####/3181eff870a0f50ff64aaaf096dbbef9b0733022....0.tmp
- <SD-Card>/Android/####/388e0e6d38292683db4d7ca5125d3f73df3348c5....0.tmp
- <SD-Card>/Android/####/39bbfedc32663862ca32e225c0e89bfc5a05170b....0.tmp
- <SD-Card>/Android/####/3f38ce2251881320f87fced6de9dc89ad325ad84....0.tmp
- <SD-Card>/Android/####/4042dd17b02ab859b0b0f196fb2b7c646f442328....0.tmp
- <SD-Card>/Android/####/4194188764487c49c9cdf940a3ef92f11859e11d....0.tmp
- <SD-Card>/Android/####/45cbb374381270ff2a559e4c28eb213dd745b471....0.tmp
- <SD-Card>/Android/####/4df6925bb339c2a1f687407bf88ef1d864587d65....0.tmp
- <SD-Card>/Android/####/4e753be2b57366352ad5f125a060a1aad2e8f465....0.tmp
- <SD-Card>/Android/####/4e8762af0f4bb4899b0b390803cebf0d0d500bbc....0.tmp
- <SD-Card>/Android/####/586fe37e56cfc2be21e753eeabe7c8756145acbf....0.tmp
- <SD-Card>/Android/####/58e92f3ee95af0d31a273523c199c3366ab9c0ed....0.tmp
- <SD-Card>/Android/####/5ba2b13af74bcf92ca919fed4662069191b4b72d....0.tmp
- <SD-Card>/Android/####/5fbda158c7ccbdbb49f8a8dd1e43cd422d27620f....0.tmp
- <SD-Card>/Android/####/6201421b524ee4f22dbc6c8c5e3c7915591b21a1....0.tmp
- <SD-Card>/Android/####/62fb9a1ddbda83ddae7df6ad8fd19756dc773732....0.tmp
- <SD-Card>/Android/####/649b18d2545e8d01dc078f05500d9ebbe05c2c04....0.tmp
- <SD-Card>/Android/####/6554a107a513e51df16cf6ea243ce4a71a65afa5....0.tmp
- <SD-Card>/Android/####/6db76d10454af4c02b2cddb0f6b1ce11c85367d2....0.tmp
- <SD-Card>/Android/####/6e51be3ad5ded5d3364f64ed77d03c4a6d531447....0.tmp
- <SD-Card>/Android/####/77bf64fde892b1872a359832fa9fc37927d4768a....0.tmp
- <SD-Card>/Android/####/77c5c006b62778298dbee85f25985b7c586cafac....0.tmp
- <SD-Card>/Android/####/786a67c91a011987c319b3dc55b0305083efbb39....0.tmp
- <SD-Card>/Android/####/7bcabf5ecd51f4a8992f525ffa29c02634f0b780....0.tmp
- <SD-Card>/Android/####/7c7b2080e45fda4963452dbc2de806676e6886a6....0.tmp
- <SD-Card>/Android/####/7e430fac53e28f97b2294c242bc8edd1d1df8646....0.tmp
- <SD-Card>/Android/####/7fa761f684b2dd223a430c29091a7043e849b5f4....0.tmp
- <SD-Card>/Android/####/80f24ee303f0355c4b6e7294f6fa0023d128bd21....0.tmp
- <SD-Card>/Android/####/842767f9cb0a0af2e573140a4b568160175349cb....0.tmp
- <SD-Card>/Android/####/89e2b0e41c17b54a22b234aa0e3c13e720a18caf....0.tmp
- <SD-Card>/Android/####/928eefc03408e17d1904dc89d0e8729bb5d6bb62....0.tmp
- <SD-Card>/Android/####/95a17eda17d55a1b4e685ef7856f15f3f27dc001....0.tmp
- <SD-Card>/Android/####/9755a6f77a545748012c4dcc8f374659b8d4bd15....0.tmp
- <SD-Card>/Android/####/9eb51493fba0c53519dff16dbe514999b345a8e4....0.tmp
- <SD-Card>/Android/####/a176ab260fb27a18c5d0c7bdfe9240b28a2f0bc6....0.tmp
- <SD-Card>/Android/####/aa71ee5c802cd9d83c3dce0e6ae39f280005b10b....0.tmp
- <SD-Card>/Android/####/ad13f50390d35d5925f1723938945c016b7928d6....0.tmp
- <SD-Card>/Android/####/ae1d31f1b2a7bc80065dcf3b2f597fd282b979dc....0.tmp
- <SD-Card>/Android/####/b11d378b34b11ed33cbf397378352fd91b8cb680....0.tmp
- <SD-Card>/Android/####/bbb5279e595520fb023246d43eb8822205251299....0.tmp
- <SD-Card>/Android/####/c0d06a6d109fe5d11d554dff2e84a94cf6d00ecc....0.tmp
- <SD-Card>/Android/####/c342bae1f0889f1053f988aff9aeec0cf367b398....0.tmp
- <SD-Card>/Android/####/c9b9f43283bf797b43782a237c0d7d60cfb7cd6f....0.tmp
- <SD-Card>/Android/####/d13475141b35e5e2123f76e948b41e2bea7f18b1....0.tmp
- <SD-Card>/Android/####/d27ace6413ecb20bc2199e4d08a8ef73cc738da4....0.tmp
- <SD-Card>/Android/####/d53f75e431b562f98e9aefca689ce46ba287521a....0.tmp
- <SD-Card>/Android/####/d6233d81471def565cf393cfe37e33b7fcfa179c....0.tmp
- <SD-Card>/Android/####/d798ddeb5af49ec0dc0a664ab1e8f95313d4be5a....0.tmp
- <SD-Card>/Android/####/d7f459f30adeb4b1ff6fbd6feaec2b8f26cdb2e4....0.tmp
- <SD-Card>/Android/####/d825f9559e5e4fda21d3cf5ecd9f2a6ecf95a37e....0.tmp
- <SD-Card>/Android/####/d913cb9f0e7b7df2caa817a03432d72617dd3585....0.tmp
- <SD-Card>/Android/####/db4b1363cf86b3a7b6ce64e764fb98332f3f4ef1....0.tmp
- <SD-Card>/Android/####/dd12d0bbcf1f91d466e24d367cf67a6442943b64....0.tmp
- <SD-Card>/Android/####/dd385cc4f70288d79ed0553bf8929c480023a085....0.tmp
- <SD-Card>/Android/####/e4a18f0f288301b7e6020d4565504de01f54b98a....0.tmp
- <SD-Card>/Android/####/eaf62ac578889867577f72777773554634bfd2ad....0.tmp
- <SD-Card>/Android/####/f055a8b40f584aa525c526caab9522d370206d21....0.tmp
- <SD-Card>/Android/####/f2ddc074216d21d6be25448b4be3833a6326bc93....0.tmp
- <SD-Card>/Android/####/f76d38a23bfe762cc40d3794c7c829751d29ae72....0.tmp
- <SD-Card>/Android/####/fa15d7c448731668d0cd0966c61e62aa7dc812d7....0.tmp
- <SD-Card>/Android/####/fad2cc2b7801d2c27a4b2d9a0261f237aec9af5c....0.tmp
- <SD-Card>/Android/####/fb6b322e60de2f0f671f4125f913d0e390b7b2ba....0.tmp
- <SD-Card>/Android/####/journal.tmp
Другие:
Запускает следующие shell-скрипты:
- chmod 777 <Package Folder>/files/daemon
- ps
- sh
Загружает динамические библиотеки:
- libcrash_1.5.0.0
- m9secure
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
