Техническая информация
Вредоносные функции:
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.0) tcms-a####.wan####.ta####.com:443
- TCP(HTTP/1.1) w####.q####.dn.####.com:80
- TCP(HTTP/1.1) c.d####.mob.com:80
- TCP(HTTP/1.1) hotp####.wan####.ta####.com:80
- TCP(HTTP/1.1) sh.wagbr####.alibaba####.com:80
- TCP(HTTP/1.1) a####.exc.mob.com:80
- TCP(HTTP/1.1) s.haowa####.com:8900
- TCP(HTTP/1.1) haowa####.oss.aliy####.com:80
- TCP(HTTP/1.1) m.d####.mob.com:80
- TCP(HTTP/1.1) msg.umengc####.com:80
- TCP(HTTP/1.1) tcms-op####.wan####.ta####.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) a####.m.ta####.com:80
- TCP(HTTP/1.1) w####.ta####.com:80
- TCP(SSL/3.0) a####.m.ta####.com:443
- TCP(TLS/1.0) a####.m.ta####.com:443
- TCP(TLS/1.0) msg.umengc####.com:443
- TCP(TLS/1.0) s.haowa####.com:8008
- TCP ope####.m.ta####.com:443
- TCP umengj####.m.ta####.com:80
- TCP 2####.204.101.107:80
- TCP zhizhi####.com:5222
Запросы DNS:
- _ja####._####.zhizhi####.com
- _xmpp-c####._####.zhizhi####.com
- a####.al####.com
- a####.exc.mob.com
- a####.m.ta####.com
- a####.m.ta####.com
- a####.u####.com
- ag####.m.ta####.com
- c.d####.mob.com
- haowa####.oss.aliy####.com
- haowa####.qin####.com
- hotp####.wan####.ta####.com
- m.d####.mob.com
- msg.umengc####.com
- s.haowa####.com
- tcms-a####.wan####.ta####.com
- tcms-op####.wan####.ta####.com
- umen####.m.ta####.com
- umengj####.m.ta####.com
- w####.ta####.com
- zhizhi####.com
Запросы HTTP GET:
- haowa####.oss.aliy####.com/0827ef73cb8fb97f2695989101f2e09d
- haowa####.oss.aliy####.com/0a73c92de4b653e6b0b915fc7646dabc
- haowa####.oss.aliy####.com/0e5c2d98c89ecdc36b3e95f76b28c060
- haowa####.oss.aliy####.com/16e8fd8d7c4f6e0266d5e79f3ce330b1
- haowa####.oss.aliy####.com/28b7caf3889de52029437353c7348654
- haowa####.oss.aliy####.com/28bda8f644eae24a4e7e10219fdd75ce
- haowa####.oss.aliy####.com/31e683827f6d5ebd46ae94814959b621
- haowa####.oss.aliy####.com/36212b7e3ec454a2d9557d4f52f7b6c2
- haowa####.oss.aliy####.com/5ada4391075f74e853cbdeb34adcd20f
- haowa####.oss.aliy####.com/5f14a8eaabc34f662334c6908c9e45f0
- haowa####.oss.aliy####.com/7292b4a513422f3583958cb2e176c654
- haowa####.oss.aliy####.com/83255c2d43df93aa905f0c7ef15e76d8
- haowa####.oss.aliy####.com/8849e282226297bb493ca19c42e35f42
- haowa####.oss.aliy####.com/8dc47254bdcd19bd1fdf2f9e7d033412
- haowa####.oss.aliy####.com/94d74bbef601abb5f95516d9c780adc3
- haowa####.oss.aliy####.com/996fcc2c93c95e95823d06f57ce5d8a3
- haowa####.oss.aliy####.com/b1821196b71f8a54e354d03ad5eb8e7e
- haowa####.oss.aliy####.com/b24b90f766274aa5cda5db00989d17e8
- haowa####.oss.aliy####.com/b5d0d71e59db70da8460ec61f421ae10
- haowa####.oss.aliy####.com/b659f6c5d1294e4d1e67cab4e1af3822
- haowa####.oss.aliy####.com/c5937d79999b954c6d1381ebdcd79e7c
- haowa####.oss.aliy####.com/c67dc43486ca0fad44604c462d1b7b63
- haowa####.oss.aliy####.com/cec897af42abe10c191b0096acf30f3e
- haowa####.oss.aliy####.com/f71482526ec3f9d8b155a37bb1fbe002
- hotp####.wan####.ta####.com/patch?version=####&patchver=####&platform=##...
- m.d####.mob.com/v3/cconf?appkey=####&plat=####&apppkg=####&appver=####&n...
- s.haowa####.com:8900/RegisterDemo1/servlet/GetAppreClassInfo?jid=####
- s.haowa####.com:8900/RegisterDemo1/servlet/GetAppreciation?jid=####&acti...
- s.haowa####.com:8900/RegisterDemo1/servlet/GetComList?noteid=####&visid=...
- s.haowa####.com:8900/RegisterDemo1/servlet/GetInvcode?jid=####
- s.haowa####.com:8900/RegisterDemo1/servlet/GetNewsList?jid=####&newsid=#...
- s.haowa####.com:8900/RegisterDemo1/servlet/GetNoteContent?noteid=####&ji...
- s.haowa####.com:8900/RegisterDemo1/servlet/GetNoteInfo?noteid=####&jid=#...
- s.haowa####.com:8900/RegisterDemo1/servlet/GetPersonalNotes?jid=####&vsj...
- s.haowa####.com:8900/RegisterDemo1/servlet/GetRecomUser?page=####&subtyp...
- s.haowa####.com:8900/RegisterDemo1/servlet/GetUserInfo?jid=####&vsjid=####
- s.haowa####.com:8900/RegisterDemo1/servlet/SyncSp?jid=####
- s.haowa####.com:8900/RegisterDemo1/servlet/UpLoadUmToken?jid=####&passwd...
- sh.wagbr####.alibaba####.com/mullidstatus.aw?charset=####&beginnum=####&...
- tcms-a####.wan####.ta####.com:443/imlogingw/tcp60login?devid=####&ver=####
- tcms-op####.wan####.ta####.com/getapprule?appkey=####&appId=####
- w####.q####.dn.####.com/0b57fc93817cd4ab750f7fdcff5f11f9
- w####.q####.dn.####.com/199ca380600472b59f3502f6125d20ab
- w####.q####.dn.####.com/1f934655d02fd22f299a335000f2bb35
- w####.q####.dn.####.com/2017-12-20-09-03-27wh6sobm-0.png
- w####.q####.dn.####.com/31382c8245d2cc56219a0bf23382ecb8
- w####.q####.dn.####.com/34d5f8caf6ab87f34cd014923096fd46
- w####.q####.dn.####.com/3e8119482822230c9b88b34c2bab2213
- w####.q####.dn.####.com/3f0186c2fa24a368226a9a922ff6426a
- w####.q####.dn.####.com/4a860ed7a7bb5ebe9987445f19e73d4b
- w####.q####.dn.####.com/4c54d5bdc602bfcdad37f7b6685065e1
- w####.q####.dn.####.com/4d36ca40bac59a48e7dbf5b4a5ad2263
- w####.q####.dn.####.com/58089e31c090a413928eeab1e8efd6b0
- w####.q####.dn.####.com/5be4d4bb0f11d2cbc89035b9f1a1f700
- w####.q####.dn.####.com/5e2f57d8b1317f4cf07fff602ffea7db
- w####.q####.dn.####.com/651f095a2a4e246bb1132e13000dfda8
- w####.q####.dn.####.com/6a4013bb5bd68a65c539f91777a7c504
- w####.q####.dn.####.com/6c0597ce72b27a5195b3ff96495e0544
- w####.q####.dn.####.com/709bbbd9c32536a6d15a059ede095d12
- w####.q####.dn.####.com/773317eb050b046d8c2bdde4740850df
- w####.q####.dn.####.com/88ba91516a3a6d15665b20d6230a37f2
- w####.q####.dn.####.com/9c44bf1e052360b98b6c3adfa349c39c
- w####.q####.dn.####.com/a14a4b0c41bb54f33d7550e1b184dbea
- w####.q####.dn.####.com/b05d404621ef62e08fc94f1631a0de4e
- w####.q####.dn.####.com/bff3459030852791a1fa1ad5cc1bfc2d
- w####.q####.dn.####.com/dbb5dc05511a326d10b3d1b537264040
- w####.q####.dn.####.com/e29b66a3a42bdbe297ada61638424c92
- w####.q####.dn.####.com/e7c45d03f2ac0cba8aee06a91503e606
Запросы HTTP POST:
- a####.exc.mob.com/errconf
- a####.m.ta####.com/amdc/mobileDispatch?appkey=####&platform=####&v=####&...
- a####.m.ta####.com/rest/gc?dd=####&nsgs=####&ak=####&av=####&c=####&v=##...
- a####.m.ta####.com/rest/gc?dd=+5Gy####&nsgs=####&ak=####&av=####&c=####&...
- a####.m.ta####.com/rest/sur?ak=####&av=####&c=####&v=####&s=####&d=####&...
- a####.u####.com/app_logs
- c.d####.mob.com/v2/cdata
- msg.umengc####.com/register
- w####.ta####.com/api/user/getUser.json
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_KeyStore/KeyStore.bks
- <Package Folder>/cache/####/059972dbe530691fa51306d2a2abe6c0.0.tmp
- <Package Folder>/cache/####/059972dbe530691fa51306d2a2abe6c0.1.tmp
- <Package Folder>/cache/####/0a025bc2a48f6ab78c4b9974d837672d.0.tmp
- <Package Folder>/cache/####/0a025bc2a48f6ab78c4b9974d837672d.1.tmp
- <Package Folder>/cache/####/0a2f2a1c981bf64877d3c0fa951ab4af.0.tmp
- <Package Folder>/cache/####/0a2f2a1c981bf64877d3c0fa951ab4af.1.tmp
- <Package Folder>/cache/####/1DVOeLT_-0esjF1xame1d-W1k7A.-812376296.tmp
- <Package Folder>/cache/####/25c468bd4b1a57698f4f85fe1ac0c9d4.0.tmp
- <Package Folder>/cache/####/25c468bd4b1a57698f4f85fe1ac0c9d4.1.tmp
- <Package Folder>/cache/####/27ec4259878d6e8d40aa123c2b7cc5a9.0.tmp
- <Package Folder>/cache/####/27ec4259878d6e8d40aa123c2b7cc5a9.1.tmp
- <Package Folder>/cache/####/2bb2cdb6030e4f02bc4a7737cf4d5ec1.0.tmp
- <Package Folder>/cache/####/2bb2cdb6030e4f02bc4a7737cf4d5ec1.1.tmp
- <Package Folder>/cache/####/2e19b5c95b53afe9c0bb1b5399cec2ea.0.tmp
- <Package Folder>/cache/####/2e19b5c95b53afe9c0bb1b5399cec2ea.1.tmp
- <Package Folder>/cache/####/313556f209f3a4440f2e937c71943d80.0.tmp
- <Package Folder>/cache/####/313556f209f3a4440f2e937c71943d80.1.tmp
- <Package Folder>/cache/####/3elx2DveLngd--ig4dIr5xmLobE.1115600503.tmp
- <Package Folder>/cache/####/3fabd9d8c126fb42b8795cabf8a5b70d.0.tmp
- <Package Folder>/cache/####/3fabd9d8c126fb42b8795cabf8a5b70d.1.tmp
- <Package Folder>/cache/####/3jG_nk0rtDlAqfgEiaq_eic16ic.1621829705.tmp
- <Package Folder>/cache/####/3ym4nc5mfx8OP1-qOfx9OVU7EE0.1733223174.tmp
- <Package Folder>/cache/####/41dcc2c0d005f2ebff00f425af7a28ec.0.tmp
- <Package Folder>/cache/####/41dcc2c0d005f2ebff00f425af7a28ec.1.tmp
- <Package Folder>/cache/####/4b4c33f8c9d0efa6faf29a6fd9cbe239.0.tmp
- <Package Folder>/cache/####/4b4c33f8c9d0efa6faf29a6fd9cbe239.1.tmp
- <Package Folder>/cache/####/4dfed4d586fd68052fcf7b847f1abbf4.0.tmp
- <Package Folder>/cache/####/4dfed4d586fd68052fcf7b847f1abbf4.1.tmp
- <Package Folder>/cache/####/4pwYCGfkTKN801jQeBtYWxTgInQ.170785084.tmp
- <Package Folder>/cache/####/58aa005e19ba1bab01d81ddd07c0e125.0.tmp
- <Package Folder>/cache/####/58aa005e19ba1bab01d81ddd07c0e125.1.tmp
- <Package Folder>/cache/####/5WI244E9-y_0kob7KaHWzqBp2F4.-309296675.tmp
- <Package Folder>/cache/####/60865240223f006a8532ba73b1b5e34d.0.tmp
- <Package Folder>/cache/####/60865240223f006a8532ba73b1b5e34d.1.tmp
- <Package Folder>/cache/####/6a2352bb836ceba0630b06328fbc6c89.0.tmp
- <Package Folder>/cache/####/6a2352bb836ceba0630b06328fbc6c89.1.tmp
- <Package Folder>/cache/####/6ba7c842f015032e135f29dcbaa5cb76.0.tmp
- <Package Folder>/cache/####/6ba7c842f015032e135f29dcbaa5cb76.1.tmp
- <Package Folder>/cache/####/7331f0ff47bb36fe8641c18ea434ffb0.0.tmp
- <Package Folder>/cache/####/7331f0ff47bb36fe8641c18ea434ffb0.1.tmp
- <Package Folder>/cache/####/75faacc6d47ddb0a6f16f0a452637368.0.tmp
- <Package Folder>/cache/####/75faacc6d47ddb0a6f16f0a452637368.1.tmp
- <Package Folder>/cache/####/7eb33e36d347538fde2f2657bbb102c1.0.tmp
- <Package Folder>/cache/####/7eb33e36d347538fde2f2657bbb102c1.1.tmp
- <Package Folder>/cache/####/7sH7g_NKOW5d394wnDihs0OEvw4.-668751423.tmp
- <Package Folder>/cache/####/807OBh_sIXXIRSiBPaRoRamouak.222350204.tmp
- <Package Folder>/cache/####/81d2fa627d4ee1709e265eea2c150ca4.0.tmp
- <Package Folder>/cache/####/81d2fa627d4ee1709e265eea2c150ca4.1.tmp
- <Package Folder>/cache/####/84Z_jKW6T4u7nA3S4nFkxw2YquI.2117459804.tmp
- <Package Folder>/cache/####/873479e477b2fc8a2bcfaaf7c89a1128.0.tmp
- <Package Folder>/cache/####/873479e477b2fc8a2bcfaaf7c89a1128.1.tmp
- <Package Folder>/cache/####/876909a946752a74d6b9a95cf8a5c6bb.0.tmp
- <Package Folder>/cache/####/876909a946752a74d6b9a95cf8a5c6bb.1.tmp
- <Package Folder>/cache/####/8e8f89ad668da9085b7861d374395505.0.tmp
- <Package Folder>/cache/####/8e8f89ad668da9085b7861d374395505.1.tmp
- <Package Folder>/cache/####/93OMa1x9KtbH-LEUmwCOa8Ngyh4.913801660.tmp
- <Package Folder>/cache/####/984da7b9d7344769bd2811d3fa95875f.0.tmp
- <Package Folder>/cache/####/984da7b9d7344769bd2811d3fa95875f.1.tmp
- <Package Folder>/cache/####/9b6460a706b5c6b051f5001872a88475.0.tmp
- <Package Folder>/cache/####/9b6460a706b5c6b051f5001872a88475.1.tmp
- <Package Folder>/cache/####/<Package>_2081
- <Package Folder>/cache/####/<Package>_2632
- <Package Folder>/cache/####/<Package>_TcmsService_2128
- <Package Folder>/cache/####/Dmsi3trWwI-CA-2Q_JlzAjd09vM.41059837.tmp
- <Package Folder>/cache/####/EI0J4u0Ol-vSLCGKLn8npne0Bmo.-1131504385.tmp
- <Package Folder>/cache/####/Fli-qmpjCaUvmpvgufw8NmhVTvY.1922028688.tmp
- <Package Folder>/cache/####/G9TNi-WLhI6afQMAz5vfW-UIrNI.-149380467.tmp
- <Package Folder>/cache/####/IZ8g-Q_HxgctwRfVTpquHeRf0P8.-1875292173.tmp
- <Package Folder>/cache/####/KSOvc1T5Q33-DgLMJrAK3iI-Yl0.211686967.tmp
- <Package Folder>/cache/####/MCVEUSeVj4L-p0RCECPg3nwwZeI.60145897.tmp
- <Package Folder>/cache/####/Ob9lyK7uAubVdsk5uyF2hf-nG8c.-1305430620.tmp
- <Package Folder>/cache/####/RMzhtug1iGpfMELqzxmbmK5kit8.-613307887.tmp
- <Package Folder>/cache/####/RVtE4VIQaO7hubcWI99A2AWOQ2I.689926495.tmp
- <Package Folder>/cache/####/Sg_a4MOKkcEppv_NQkNb4pFwE8k.1163349864.tmp
- <Package Folder>/cache/####/Slob9pQ6hIFrv5cGtWEOQ1SZmnI.-2110094443.tmp
- <Package Folder>/cache/####/TKcLW0MkP1hnyVRHWNIRocyXnYc.642355105.tmp
- <Package Folder>/cache/####/TnoAVwBoQVG-PIGuq7hMWQNgock.-1731611363.tmp
- <Package Folder>/cache/####/WFknhdNgvnOCiXH8zC5jRZQ3nOY.-1400090786.tmp
- <Package Folder>/cache/####/_1Y5wYx5LMR9uw1S5W7Tu8QEQBI.-1596282238.tmp
- <Package Folder>/cache/####/a05fdad1b35afd9fdbffb2ad583ad507.0.tmp
- <Package Folder>/cache/####/a05fdad1b35afd9fdbffb2ad583ad507.1.tmp
- <Package Folder>/cache/####/a4b0746196f87d3451be606ef4bea748.0.tmp
- <Package Folder>/cache/####/a4b0746196f87d3451be606ef4bea748.1.tmp
- <Package Folder>/cache/####/a4c59520c96405556f85cdf682805cf4.0.tmp
- <Package Folder>/cache/####/a4c59520c96405556f85cdf682805cf4.1.tmp
- <Package Folder>/cache/####/b07d37a165afab858019efe681373503.0.tmp
- <Package Folder>/cache/####/b07d37a165afab858019efe681373503.1.tmp
- <Package Folder>/cache/####/c6d0f16a3494bfdeac864a9f2e6b7891.0.tmp
- <Package Folder>/cache/####/c6d0f16a3494bfdeac864a9f2e6b7891.1.tmp
- <Package Folder>/cache/####/d34450dfd3aa22633dfbe6ee45c37c3c.0.tmp
- <Package Folder>/cache/####/d34450dfd3aa22633dfbe6ee45c37c3c.1.tmp
- <Package Folder>/cache/####/d63feb1797d22e3216703bdccd680889.0.tmp
- <Package Folder>/cache/####/d63feb1797d22e3216703bdccd680889.1.tmp
- <Package Folder>/cache/####/dR220WWXCMsW12GKCA9COLPaIkU.-1871599432.tmp
- <Package Folder>/cache/####/deQ56_6PzMNK-1Vj1dCpOAuBkPI.-1885647671.tmp
- <Package Folder>/cache/####/ea807c16022239db8cc02ef56dfa4899.0.tmp
- <Package Folder>/cache/####/ea807c16022239db8cc02ef56dfa4899.1.tmp
- <Package Folder>/cache/####/fa9052018a2b2cbd7780bc6e709cb384.0.tmp
- <Package Folder>/cache/####/fa9052018a2b2cbd7780bc6e709cb384.1.tmp
- <Package Folder>/cache/####/iTlLWAwOzykv1rCFeHqQ2eKRyUY.489900348.tmp
- <Package Folder>/cache/####/ie8yIKgD0M4edBiU0mjcZQqzBuI.1706611204.tmp
- <Package Folder>/cache/####/jE1NoPO8jnv9-WtBIViMkmYEaYA.-1956756109.tmp
- <Package Folder>/cache/####/journal
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/cache/####/k7POD1_TXwSgHpXqjkpo3_p5zHI.328678212.tmp
- <Package Folder>/cache/####/kSEnvq6rlH9_cuDhquJ2xWDkPn8.-1420850682.tmp
- <Package Folder>/cache/####/meRjMCGs6hHOZTtMVOoHEWff2Lw.-2044286286.tmp
- <Package Folder>/cache/####/n02d3dA3GAk3G5Lwh_5_aAZeQUw.693403216.tmp
- <Package Folder>/cache/####/oI17VTR-TgsSVA4L_dwP0pYvLTk.-1227369176.tmp
- <Package Folder>/cache/####/ov9S0XYl_YO9JtdzxMMqtqU4xdM.-1209757136.tmp
- <Package Folder>/cache/####/p_2c1yXddm1G8z8_ChlXoZ6Z1do.2137864067.tmp
- <Package Folder>/cache/####/qTPh55raR8Ppnijuj2k_CKenHlg.1859725587.tmp
- <Package Folder>/cache/####/qyafnjxraz0bbhH_I95ZmelMH9Q.387934082.tmp
- <Package Folder>/cache/####/sCswtsqIzMrF9SCAPjMImf6JpMs.-998268834.tmp
- <Package Folder>/cache/####/t3DzQaQXQKyvEjmPmz4DtM5Ip6A.1548743480.tmp
- <Package Folder>/cache/####/t6dP4IS5bKI38jr1-w4Lw0Wobsg.1822420646.tmp
- <Package Folder>/cache/####/t9NgZo7ObUbyqWAYvo_g6YmWKMc.-1689992018.tmp
- <Package Folder>/cache/####/zcCkrzYvxJ8-nfn3mbYX87xqWdo.-689638837.tmp
- <Package Folder>/code_cache/####/<Package>-1.apk.classes2.dex
- <Package Folder>/code_cache/####/<Package>-1.apk.classes788331187.zip
- <Package Folder>/databases/MessageStore.db
- <Package Folder>/databases/MessageStore.db-journal
- <Package Folder>/databases/MsgLogStore.db
- <Package Folder>/databases/MsgLogStore.db-journal
- <Package Folder>/databases/ThrowalbeLog.db
- <Package Folder>/databases/ThrowalbeLog.db-journal
- <Package Folder>/databases/accs.db
- <Package Folder>/databases/accs.db-journal
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/databases/fb91b23ccd93f75bde35ac7913aea3da
- <Package Folder>/databases/fb91b23ccd93f75bde35ac7913aea3da-journal
- <Package Folder>/databases/hmdb
- <Package Folder>/databases/hmdb-journal
- <Package Folder>/databases/logdb.db
- <Package Folder>/databases/logdb.db-journal
- <Package Folder>/databases/message_accs_db
- <Package Folder>/databases/message_accs_db-journal
- <Package Folder>/databases/paintgame.db
- <Package Folder>/databases/paintgame.db-journal
- <Package Folder>/databases/ua.db
- <Package Folder>/databases/ua.db-journal
- <Package Folder>/databases/webview.db
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromiumPrivate.db
- <Package Folder>/databases/webviewCookiesChromiumPrivate.db-journal
- <Package Folder>/eudemon
- <Package Folder>/files/####/1d2b904cbeadfb72ed9546111a231c85.0
- <Package Folder>/files/####/24c110e1f76093b35c3c2df1927aab79.0
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/####/journal
- <Package Folder>/files/####/journal.tmp
- <Package Folder>/files/.imprint
- <Package Folder>/files/.lock
- <Package Folder>/files/DaemonServer
- <Package Folder>/files/agoo.pid
- <Package Folder>/files/crash-1510833347902.cr
- <Package Folder>/files/exid.dat
- <Package Folder>/files/sp.lock
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/ACCS_BINDumeng;52a0242156240b5b4a0104f9.xml
- <Package Folder>/shared_prefs/ACCS_SDK.xml
- <Package Folder>/shared_prefs/ACCS_SDK_CHANNEL.xml
- <Package Folder>/shared_prefs/AGOO_BIND.xml
- <Package Folder>/shared_prefs/Agoo_AppStore.xml
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/UTCommon.xml
- <Package Folder>/shared_prefs/UTMCConf-818791854.xml
- <Package Folder>/shared_prefs/UTMCLog-818791854.xml
- <Package Folder>/shared_prefs/channel_pre.xml
- <Package Folder>/shared_prefs/cn_feng_skin_pref.xml
- <Package Folder>/shared_prefs/mob_commons_1.xml
- <Package Folder>/shared_prefs/mob_sdk_exception_1.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/tcms_setting_sp.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/ywAccount.xml
- <Package Folder>/shared_prefs/ywPrefsTools.xml
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/.bar
- <SD-Card>/.com.taobao.dp/6c709c11d2d46a7b
- <SD-Card>/.com.taobao.dp/dd7893586a493dc3
- <SD-Card>/.serveruuid
- <SD-Card>/<Package>/####/2_20171116_r
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/614f3aafe813497eb2dd640f6443f564
- <SD-Card>/Android/####/76bb42e9c8c34045b1c29843d940ce88
- <SD-Card>/Android/####/deviceToken
- <SD-Card>/Android/####/inapp_20171116.log
- <SD-Card>/Mob/####/.al
- <SD-Card>/Mob/####/.dh
- <SD-Card>/Mob/####/.dh-journal
- <SD-Card>/Mob/####/.dhlock
- <SD-Card>/Mob/####/.dic_lock
- <SD-Card>/Mob/####/.duid
- <SD-Card>/Mob/####/.globalLock
- <SD-Card>/Mob/####/.nulal
- <SD-Card>/Mob/####/.nulplt
- <SD-Card>/Mob/####/.pkg_lock
- <SD-Card>/Mob/####/.plst
- <SD-Card>/Mob/####/.rcTag
- <SD-Card>/Mob/####/.rc_lock
- <SD-Card>/amap/####/1510833294895.db
- <SD-Card>/amap/####/1510833295837.db
- <SD-Card>/amap/####/1510833304891.db
- <SD-Card>/amap/####/1510833321312.db
- <SD-Card>/amap/####/1510833353731.db
- <SD-Card>/amap/####/alsn20170807.db
- <SD-Card>/amap/####/alsn20170807.db-journal
- <SD-Card>/huaba/####/20171116115547.txt
- <SD-Card>/huaba/####/3e8119482822230c9b88b34c2bab2213
Другие:
Запускает следующие shell-скрипты:
- <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:52a0242156240b5b4a0104f9","utdid":"Wg18jeIXPKoDAGdzx1GUsnDt","sdkVersion":"220"} -I agoodm.m.taobao.com -O 80 -T -Z
- app_process /system/bin com.android.commands.pm.Pm list packages
- cat /proc/cpuinfo | grep Serial
- chmod 500 <Package Folder>/files/DaemonServer
- getprop
- getprop ro.product.cpu.abi
- grep -E -v root|shell|system
- ls -l /system/xbin/su
- pm list packages
- sh
- top -d 0 -n 1
Загружает динамические библиотеки:
- fb_jpegturbo
- imagepipeline
- inet.2.0
- neh
- securitysdk-3.1
- tnet-3.1
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
