Android.Locker.5162

Техническая информация

Вредоносные функции:

Перекрывает экран собственным окном, блокируя доступ к графическому интерфейсу.

Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).

Сетевая активность:

Подключается к:

UDP(DNS) <Google DNS>
TCP(HTTP/1.1) co####.a####.a####.####.com:80
TCP(HTTP/1.1) stra####.l####.net:80
TCP(HTTP/1.1) dl.cm.ksmo####.####.com:80
TCP(HTTP/1.1) beh####.ksmo####.net:80
TCP(HTTP/1.1) advc####.weclou####.com:80
TCP(HTTP/1.1) analy####.ray####.com:80
TCP(HTTP/1.1) cfg.cml.ksmo####.com:80
TCP(HTTP/1.1) api.mo####.sdk.####.com:80
TCP(HTTP/1.1) cm####.did.ijin####.com:80
TCP(HTTP/1.1) duapps-####.gsh####.com:80
TCP(HTTP/1.1) set####.ray####.com:80
TCP(TLS/1.0) cm####.c####.com:443
TCP(TLS/1.0) un####.ad####.com:443
TCP(TLS/1.0) pro####.ad####.com:443
TCP(TLS/1.0) s####.ad####.com:443
TCP(TLS/1.0) googl####.g.doublec####.net:443
TCP(TLS/1.0) t.appsf####.com:443
TCP(TLS/1.0) bp.ad####.com:443
TCP(TLS/1.0) 2####.58.211.110:443
TCP(TLS/1.0) ufs.ad####.com:443
TCP(TLS/1.0) ups.ksmo####.net:443
TCP(TLS/1.0) c####.ksmo####.com:443
TCP(TLS/1.0) syndica####.s####.y####.net:443
TCP(TLS/1.0) ws.ksmo####.net:443
TCP(TLS/1.0) clk.tap####.com:443
TCP(TLS/1.0) api.face####.com:443
TCP(TLS/1.0) s####.ad####.com:80
TCP(TLS/1.0) app.appsf####.com:443
TCP(TLS/1.0) wea####.ksmo####.net:443

Запросы DNS:

advc####.weclou####.com
analy####.ray####.com
api.mo####.sdk.####.com
app.appsf####.com
beh####.ksmo####.net
bp.ad####.com
c####.ksmo####.com
cfg.cml.ksmo####.com
clk.tap####.com
cm####.c####.com
cm####.did.ijin####.com
co####.in####.com
dl.cm.ksmo####.com
g####.face####.com
g####.t####.net
googl####.g.doublec####.net
img.cm.ksmo####.com
pro####.ad####.com
s####.ad####.com
set####.ray####.com
stra####.l####.net
syndica####.s####.y####.net
t.appsf####.com
ufs.ad####.com
un####.ad####.com
ups.ksmo####.net
userl####.ksmo####.net
wea####.ksmo####.net
ws.ksmo####.net

Запросы HTTP GET:

advc####.weclou####.com/advclick?advposid=####&mapid=####&aid=####&adid=...
api.mo####.sdk.####.com/adunion/rtb/fetchAd?h=####&w=####&model=####&ven...
api.mo####.sdk.####.com/adunion/rtb/getInmobiAd?h=####&w=####&model=####...
api.mo####.sdk.####.com/adunion/slot/getDlAd?h=####&w=####&model=####&ve...
api.mo####.sdk.####.com/adunion/slot/getSrcPrio?h=####&w=####&model=####...
cm####.did.ijin####.com/cp/?v=####&p=####&u=####&s=####
dl.cm.ksmo####.####.com/static/res/06/70/2_M.png
dl.cm.ksmo####.####.com/static/res/17/4d/notificationcleaner_junk_header...
dl.cm.ksmo####.####.com/static/res/2f/15/notificationcleaner_header_imag...
dl.cm.ksmo####.####.com/static/res/6d/7e/theme_config.json
dl.cm.ksmo####.####.com/static/res/72/ba/icon100x100.png
dl.cm.ksmo####.####.com/static/res/78/1a/1609011wl.db
dl.cm.ksmo####.####.com/static/res/87/ae/notificationcleaner_header_imag...
dl.cm.ksmo####.####.com/static/res/a4/cf/chargemaster2.png
dl.cm.ksmo####.####.com/static/res/b2/b8/tools_mobvista.png
dl.cm.ksmo####.####.com/static/res/d0/24/notificationcleaner_header_imag...
dl.cm.ksmo####.####.com/static/res/e1/d8/whitelist_20170523.json
dl.cm.ksmo####.####.com/static/res/e7/0e/notificationcleaner_header_imag...
dl.cm.ksmo####.####.com/static/res/e9/19/notificationcleaner_header_imag...
duapps-####.gsh####.com/prod/upload/adunion/images/4a9/796_416_9f14a9e2f...
set####.ray####.com/appwall/setting?app_id=####&sign=####&channel=####&p...
set####.ray####.com/setting?app_id=####&sign=####&channel=####&platform=...

Запросы HTTP POST:

analy####.ray####.com/
beh####.ksmo####.net/adsn
beh####.ksmo####.net/cfcl
beh####.ksmo####.net/ecfl
beh####.ksmo####.net/erfl
beh####.ksmo####.net/fcl
cfg.cml.ksmo####.com/post
co####.a####.a####.####.com/config-server/v1/config/secure.cfg
stra####.l####.net/cc/v1/api?serviceid=####

Изменения в файловой системе:

Создает следующие файлы:

<Package Folder>/app_ctrl/libkssuenv
<Package Folder>/app_deep_cloud_config/cloudmsgadv.json
<Package Folder>/bspatch
<Package Folder>/cache/####/1470286953684.jar
<Package Folder>/cache/####/1470286953684.tmp
<Package Folder>/cache/####/ApplicationCache.db-journal
<Package Folder>/cache/####/WebpageIcons.db-journal
<Package Folder>/cache/####/data_0
<Package Folder>/cache/####/data_1
<Package Folder>/cache/####/data_2
<Package Folder>/cache/####/data_3
<Package Folder>/cache/####/index
<Package Folder>/code_cache/####/MultiDex.lock
<Package Folder>/code_cache/####/tmp-<Package>-1.apk.classes-267144847.zip
<Package Folder>/code_cache/####/tmp-<Package>-1.apk.classes1567683029.zip
<Package Folder>/databases/SecretBoxBookmark-journal
<Package Folder>/databases/ad_sdk.db-journal
<Package Folder>/databases/appstorage.db
<Package Folder>/databases/appstorage.db-journal
<Package Folder>/databases/autostart_rules.db-journal
<Package Folder>/databases/cc_statistics.db-journal
<Package Folder>/databases/cleanmaster_process_list.db-journal
<Package Folder>/databases/cm_push_message_db.db
<Package Folder>/databases/cm_push_message_db.db-journal
<Package Folder>/databases/com.im_7.0.1.db
<Package Folder>/databases/com.im_7.0.1.db-journal
<Package Folder>/databases/diskcache.db-journal
<Package Folder>/databases/dmc_report-journal
<Package Folder>/databases/downloads.db-journal
<Package Folder>/databases/du_ad_cache.db-journal
<Package Folder>/databases/du_ad_parse.db-journal
<Package Folder>/databases/du_ad_ts.db-journal
<Package Folder>/databases/false_cache.db
<Package Folder>/databases/false_cache.db-journal
<Package Folder>/databases/false_residual.db
<Package Folder>/databases/false_residual.db-journal
<Package Folder>/databases/gamecache.db-journal
<Package Folder>/databases/google_app_measurement_local.db
<Package Folder>/databases/google_app_measurement_local.db-journal
<Package Folder>/databases/junk_simiar_pic_finger_cache.db-journal
<Package Folder>/databases/market.db-journal
<Package Folder>/databases/memory_cache.db
<Package Folder>/databases/memory_cache.db-journal
<Package Folder>/databases/mobvista.msdk.db-journal
<Package Folder>/databases/multiunused.db-journal
<Package Folder>/databases/pb_url_domain.db-journal
<Package Folder>/databases/pkgcache2_cache.db
<Package Folder>/databases/pkgcache2_cache.db-journal
<Package Folder>/databases/ps.db-journal
<Package Folder>/databases/residual_dir2_cache.db
<Package Folder>/databases/residual_dir2_cache.db-journal
<Package Folder>/databases/residual_pkg2_cache.db
<Package Folder>/databases/residual_pkg2_cache.db-journal
<Package Folder>/databases/rp.db-journal
<Package Folder>/databases/sdk_data.db
<Package Folder>/databases/sdk_data.db-journal
<Package Folder>/databases/se_cloud_eng.db-journal
<Package Folder>/databases/timewall_cache.db-journal
<Package Folder>/databases/webview.db-journal
<Package Folder>/databases/webviewCache.db
<Package Folder>/databases/webviewCache.db-journal
<Package Folder>/databases/webviewCookiesChromium.db-journal
<Package Folder>/databases/wizd.db-journal
<Package Folder>/files/####/cfcl_cache
<Package Folder>/files/####/cm_activity_act_1510835335510.ich
<Package Folder>/files/####/cm_app_boot_time2_1510835386175.ich
<Package Folder>/files/####/cm_app_boot_time_1510835381652.ich
<Package Folder>/files/####/cm_cert_1510835332277.ich
<Package Folder>/files/####/cm_clean_time_1510835360672.ich
<Package Folder>/files/####/cm_cleancloud_cache_upload_1510835340328.ich
<Package Folder>/files/####/cm_cleancloud_cache_upload_1510835340664.ich
<Package Folder>/files/####/cm_cleancloud_querystatus_1510835340281.ich
<Package Folder>/files/####/cm_cleancloud_querystatus_1510835341215.ich
<Package Folder>/files/####/cm_cloud_reachrate_1510835333744.ich
<Package Folder>/files/####/cm_cloud_string_1510835332287.ich
<Package Folder>/files/####/cm_cmc_entry_1510835364196.ich
<Package Folder>/files/####/cm_cmc_entry_1510835364200.ich
<Package Folder>/files/####/cm_cmc_entry_1510835364207.ich
<Package Folder>/files/####/cm_cmc_entry_1510835374282.ich
<Package Folder>/files/####/cm_cpu_countdown_1510835382425.ich
<Package Folder>/files/####/cm_edgweather_condition_1510835332265.ich
<Package Folder>/files/####/cm_fb_login_1510835381286.ich
<Package Folder>/files/####/cm_game_installed_games_1510835383255.ich
<Package Folder>/files/####/cm_game_scan_1510835358875.ich
<Package Folder>/files/####/cm_homepage_1510835383324.ich
<Package Folder>/files/####/cm_homepage_card_show_1510835385933.ich
<Package Folder>/files/####/cm_homepage_card_show_1510835385950.ich
<Package Folder>/files/####/cm_homepage_card_show_1510835385975.ich
<Package Folder>/files/####/cm_homepage_card_show_1510835386032.ich
<Package Folder>/files/####/cm_homepage_card_show_1510835386038.ich
<Package Folder>/files/####/cm_homepage_card_show_1510835386060.ich
<Package Folder>/files/####/cm_homepage_card_show_1510835386062.ich
<Package Folder>/files/####/cm_homepage_card_show_1510835386077.ich
<Package Folder>/files/####/cm_homepage_card_show_1510835386081.ich
<Package Folder>/files/####/cm_homepage_card_show_1510835386092.ich
<Package Folder>/files/####/cm_homepage_card_show_1510835386136.ich
<Package Folder>/files/####/cm_homepage_card_show_1510835386146.ich
<Package Folder>/files/####/cm_ipkg_1510835382749.ich
<Package Folder>/files/####/cm_ipkg_1510835382767.ich
<Package Folder>/files/####/cm_ipkg_1510835382768.ich
<Package Folder>/files/####/cm_ipkg_1510835382771.ich
<Package Folder>/files/####/cm_ipkg_1510835382844.ich
<Package Folder>/files/####/cm_ipkg_1510835382851.ich
<Package Folder>/files/####/cm_ipkg_1510835382857.ich
<Package Folder>/files/####/cm_ipkg_1510835382858.ich
<Package Folder>/files/####/cm_ipkg_1510835382859.ich
<Package Folder>/files/####/cm_ipkg_1510835382873.ich
<Package Folder>/files/####/cm_ipkg_1510835382894.ich
<Package Folder>/files/####/cm_ipkg_1510835382921.ich
<Package Folder>/files/####/cm_ipkg_1510835382946.ich
<Package Folder>/files/####/cm_ipkg_1510835382980.ich
<Package Folder>/files/####/cm_ipkg_1510835383010.ich
<Package Folder>/files/####/cm_ipkg_1510835383047.ich
<Package Folder>/files/####/cm_ipkg_1510835383074.ich
<Package Folder>/files/####/cm_ipkg_1510835383205.ich
<Package Folder>/files/####/cm_ipkg_1510835383223.ich
<Package Folder>/files/####/cm_ipkg_1510835383241.ich
<Package Folder>/files/####/cm_ipkg_1510835383323.ich
<Package Folder>/files/####/cm_ipkg_1510835383357.ich
<Package Folder>/files/####/cm_ipkg_1510835383392.ich
<Package Folder>/files/####/cm_ipkg_1510835383415.ich
<Package Folder>/files/####/cm_ipkg_1510835383457.ich
<Package Folder>/files/####/cm_ipkg_1510835383548.ich
<Package Folder>/files/####/cm_ipkg_1510835383681.ich
<Package Folder>/files/####/cm_ipkg_1510835383730.ich
<Package Folder>/files/####/cm_ipkg_1510835383817.ich
<Package Folder>/files/####/cm_ipkg_1510835383836.ich
<Package Folder>/files/####/cm_ipkg_1510835383853.ich
<Package Folder>/files/####/cm_ipkg_1510835383920.ich
<Package Folder>/files/####/cm_ipkg_1510835383954.ich
<Package Folder>/files/####/cm_ipkg_1510835383985.ich
<Package Folder>/files/####/cm_ipkg_1510835384109.ich
<Package Folder>/files/####/cm_ipkg_1510835384206.ich
<Package Folder>/files/####/cm_ipkg_1510835384239.ich
<Package Folder>/files/####/cm_ipkg_1510835384247.ich
<Package Folder>/files/####/cm_ipkg_1510835384265.ich
<Package Folder>/files/####/cm_ipkg_1510835384620.ich
<Package Folder>/files/####/cm_ipkg_1510835384768.ich
<Package Folder>/files/####/cm_ipkg_1510835384770.ich
<Package Folder>/files/####/cm_ipkg_1510835384843.ich
<Package Folder>/files/####/cm_ipkg_1510835384860.ich
<Package Folder>/files/####/cm_ipkg_1510835384916.ich
<Package Folder>/files/####/cm_ipkg_1510835384940.ich
<Package Folder>/files/####/cm_ipkg_1510835384995.ich
<Package Folder>/files/####/cm_ipkg_1510835385037.ich
<Package Folder>/files/####/cm_ipkg_1510835385054.ich
<Package Folder>/files/####/cm_ipkg_1510835385076.ich
<Package Folder>/files/####/cm_ipkg_1510835385093.ich
<Package Folder>/files/####/cm_ipkg_1510835385109.ich
<Package Folder>/files/####/cm_ipkg_1510835385145.ich
<Package Folder>/files/####/cm_ipkg_1510835385174.ich
<Package Folder>/files/####/cm_ipkg_1510835385209.ich
<Package Folder>/files/####/cm_ipkg_1510835385253.ich
<Package Folder>/files/####/cm_ipkg_1510835385277.ich
<Package Folder>/files/####/cm_ipkg_1510835385660.ich
<Package Folder>/files/####/cm_ipkg_1510835385685.ich
<Package Folder>/files/####/cm_ipkg_1510835385699.ich
<Package Folder>/files/####/cm_ipkg_1510835385752.ich
<Package Folder>/files/####/cm_ipkg_1510835385757.ich
<Package Folder>/files/####/cm_ipkg_1510835385827.ich
<Package Folder>/files/####/cm_iswipe_errors_1510835333346.ich
<Package Folder>/files/####/cm_iswipe_errors_1510835333767.ich
<Package Folder>/files/####/cm_junk_history_1510835336114.ich
<Package Folder>/files/####/cm_junk_item_1510835382380.ich
<Package Folder>/files/####/cm_junkstd_action_1510835382354.ich
<Package Folder>/files/####/cm_junkstd_allsize_1510835382718.ich
<Package Folder>/files/####/cm_junkstd_allsize_1510835382723.ich
<Package Folder>/files/####/cm_junkstd_allsize_1510835382726.ich
<Package Folder>/files/####/cm_junkstd_allsize_1510835382747.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1510835382459.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1510835382472.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1510835382502.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1510835382532.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1510835382564.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1510835382569.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1510835382581.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1510835382614.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1510835382658.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1510835382684.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1510835382693.ich
<Package Folder>/files/####/cm_junkstd_cleannew_1510835382694.ich
<Package Folder>/files/####/cm_junkstd_first_hit_1510835338992.ich
<Package Folder>/files/####/cm_junkstd_first_hit_1510835339032.ich
<Package Folder>/files/####/cm_junkstd_junkitem1_1510835382292.ich
<Package Folder>/files/####/cm_junkstd_junkitem1_1510835382299.ich
<Package Folder>/files/####/cm_junkstd_size_1510835360651.ich
<Package Folder>/files/####/cm_junkstd_size_1510835360658.ich
<Package Folder>/files/####/cm_junkstd_time_1510835341739.ich
<Package Folder>/files/####/cm_main_time_1510835381049.ich
<Package Folder>/files/####/cm_noti_bugcollapse2_1510835389248.ich
<Package Folder>/files/####/cm_noti_bugcollapse_1510835389240.ich
<Package Folder>/files/####/cm_private_browsing_1510835384804.ich
<Package Folder>/files/####/cm_private_browsing_homepage_operat...88.ich
<Package Folder>/files/####/cm_private_browsing_keyboard_1510835385464.ich
<Package Folder>/files/####/cm_resultpage_click_action_1510835381029.ich
<Package Folder>/files/####/cm_resultpage_new_show_1510835360832.ich
<Package Folder>/files/####/cm_resultpage_new_staytime_1510835381035.ich
<Package Folder>/files/####/cm_resultpage_preloadad_1510835360838.ich
<Package Folder>/files/####/cm_scan_time_1510835341609.ich
<Package Folder>/files/####/cm_si_1510835341761.ich
<Package Folder>/files/####/cm_start_ad_mainpage_1510835332318.ich
<Package Folder>/files/####/cm_task_onetapsuccess_1510835386536.ich
<Package Folder>/files/####/cm_xiaofuction_1510835332322.ich
<Package Folder>/files/####/cm_xiaofuction_1510835332323.ich
<Package Folder>/files/####/cm_xiaofuction_1510835332324.ich
<Package Folder>/files/####/cm_xiaofuction_1510835335287.ich
<Package Folder>/files/####/cm_xiaofuction_1510835335290.ich
<Package Folder>/files/####/fcl_cache
<Package Folder>/files/####/receiver_history_list.dat
<Package Folder>/files/####/running_with_duration.dat
<Package Folder>/files/####/swipe_theme_config.json
<Package Folder>/files/####/tempblur.jpg
<Package Folder>/files/####/tmpfalse_e_false_cache_1510835332458
<Package Folder>/files/####/tmpfalse_e_false_residual_1510835332654
<Package Folder>/files/AF_INSTALLATION
<Package Folder>/files/appcpu_hf_en.db.bak
<Package Folder>/files/appcpu_hf_en.db.lzma.bak
<Package Folder>/files/appmem_hf_en.db.bak
<Package Folder>/files/appmem_hf_en.db.lzma.bak
<Package Folder>/files/ats2_wl_en.dat.bak
<Package Folder>/files/ats2_wl_en.dat.lzma.bak
<Package Folder>/files/charge_master_banner_url_tools
<Package Folder>/files/charge_master_banner_url_tools.tmp (deleted)
<Package Folder>/files/clearpath_other_5.9.6.db.bak
<Package Folder>/files/clearpath_other_5.9.6.db.lzma.bak
<Package Folder>/files/clearprocess_en_5.10.1.filter.bak
<Package Folder>/files/fraud_hosts.json
<Package Folder>/files/junkwhite.db.bak
<Package Folder>/files/junkwhite.db.lzma.bak
<Package Folder>/files/kctrl.dat
<Package Folder>/files/kfmt.dat
<Package Folder>/files/melib.dat.bak
<Package Folder>/files/melib.dat.lzma.bak
<Package Folder>/files/nc_digest_header_config.json
<Package Folder>/files/nc_digest_header_config.json.tmp (deleted)
<Package Folder>/files/nc_junk_head_image
<Package Folder>/files/nc_junk_head_image.temp (deleted)
<Package Folder>/files/notificationcleaner_header_image_checkdetail
<Package Folder>/files/notificationcleaner_header_image_checkdetail.temp
<Package Folder>/files/notificationcleaner_header_image_gmail
<Package Folder>/files/notificationcleaner_header_image_gmail.temp
<Package Folder>/files/notificationcleaner_header_image_social
<Package Folder>/files/notificationcleaner_header_image_social.temp
<Package Folder>/files/notificationcleaner_header_image_youtube
<Package Folder>/files/notificationcleaner_header_image_youtube.temp
<Package Folder>/files/pkgcache_hf_en_5.12.3.db.bak
<Package Folder>/files/pkgcache_hf_en_5.12.3.db.lzma.bak
<Package Folder>/files/pkgquery_hf_en_5.11.6.db.bak
<Package Folder>/files/pkgquery_hf_en_5.11.6.db.lzma.bak
<Package Folder>/files/preinstall4_hf_en.db.bak
<Package Folder>/files/preinstall4_hf_en.db.lzma.bak
<Package Folder>/files/process_tips2.db.bak
<Package Folder>/files/process_tips2.db.lzma.bak
<Package Folder>/files/rootkeeper.jar
<Package Folder>/files/se_cloud_hf.db.bak
<Package Folder>/files/se_cloud_hf.db.lzma.bak
<Package Folder>/files/searchEngine.json
<Package Folder>/files/strings2_other.db.bak
<Package Folder>/files/strings2_other.db.lzma.bak
<Package Folder>/files/whiteNotification.json
<Package Folder>/files/whiteNotification.tmp (deleted)
<Package Folder>/no_backup/com.google.android.gms.appid-no-backup
<Package Folder>/shared_prefs/;theme_config_url.xml
<Package Folder>/shared_prefs/<Package>.update.UpdateManager.xml
<Package Folder>/shared_prefs/<Package>PushConfig_Pref.xml
<Package Folder>/shared_prefs/<Package>_preferences.xml
<Package Folder>/shared_prefs/<Package>_preferences.xml.bak
<Package Folder>/shared_prefs/<Package>_preferences.xml.bak (deleted)
<Package Folder>/shared_prefs/<Package>_servicehighfreqpreferences.xml
<Package Folder>/shared_prefs/<Package>_ui_preferences.xml
<Package Folder>/shared_prefs/BatteryConfigManager.xml
<Package Folder>/shared_prefs/CmSideProvider.xml
<Package Folder>/shared_prefs/FBAdPrefs.xml
<Package Folder>/shared_prefs/SDKIDFA.xml
<Package Folder>/shared_prefs/_toolbox_prefs.xml
<Package Folder>/shared_prefs/_toolbox_prefs.xml.bak
<Package Folder>/shared_prefs/appsflyer-data.xml
<Package Folder>/shared_prefs/cleancloud_pref.xml
<Package Folder>/shared_prefs/cloud_eng.xml
<Package Folder>/shared_prefs/cloudconfig.xml
<Package Folder>/shared_prefs/cmadsdk_104.xml
<Package Folder>/shared_prefs/cmcmadsdk_config.xml
<Package Folder>/shared_prefs/com.google.android.gms.appid.xml
<Package Folder>/shared_prefs/com.google.android.gms.measurement.prefs.xml
<Package Folder>/shared_prefs/com.im.keyValueStore.aes_key_store.xml
<Package Folder>/shared_prefs/com.im.keyValueStore.config_store.xml
<Package Folder>/shared_prefs/com.im.keyValueStore.sdk_version_...ml.bak
<Package Folder>/shared_prefs/com.im.keyValueStore.sdk_version_store.xml
<Package Folder>/shared_prefs/dmc_default.xml
<Package Folder>/shared_prefs/dmc_receiver.xml
<Package Folder>/shared_prefs/market_config.xml
<Package Folder>/shared_prefs/market_config.xml.bak
<Package Folder>/shared_prefs/misc.xml
<Package Folder>/shared_prefs/mobvista.xml
<Package Folder>/shared_prefs/mobvista.xml.bak
<Package Folder>/shared_prefs/multidex.version.xml
<Package Folder>/shared_prefs/rp_misc.xml
<Package Folder>/shared_prefs/sdk_preferences.xml
<Package Folder>/shared_prefs/searchengine.xml
<Package Folder>/shared_prefs/share_date.xml
<Package Folder>/shared_prefs/sharedpreferences_mnt_settings.xml
<Package Folder>/shared_prefs/sharedpreferences_mnt_strategy_info.xml
<Package Folder>/shared_prefs/sharedpreferences_mnt_strategy_re...me.xml
<Package Folder>/update/####/sdk_preferences.dat
<Package Folder>/update/####/searchengine.dat
<Package Folder>/updatedata/####/cm_wizard_cfg_res_en
<Package Folder>/updatedata/ad_control_cfg_res.dwn
<Package Folder>/updatedata/cloud_string_res_2.dwn
<Package Folder>/updatedata/cloud_string_res_2.dwn.default
<Package Folder>/updatedata/downloadzipsdes.dwn
<Package Folder>/updatedata/ips_versions.dwn
<Package Folder>/updatedata/ips_versions_cn.dwn
<Package Folder>/updatedata/m_app_start_x_v2
<Package Folder>/updatedata/versions_get.dwn
<SD-Card>/Android/####/-330975072-951822261
<SD-Card>/Android/####/.nomedia
<SD-Card>/Android/####/1009075405720307149
<SD-Card>/Android/####/17995657901819064192
<SD-Card>/Android/####/UIPro0.xlog.lck
<SD-Card>/Android/####/apps_dump

Другие:

Запускает следующие shell-скрипты:

<Package>.rootkeeper
id
ls -l /system/bin/su
sh
su

Загружает динамические библиотеки:

libkcmlzma
libkcmutil

Использует следующие алгоритмы для шифрования данных:

AES-CBC-PKCS5Padding
AES-CBC-PKCS7Padding
RSA-ECB-PKCS1PADDING
RSA-ECB-nopadding

Использует следующие алгоритмы для расшифровки данных:

AES-CBC-NoPadding
AES-CBC-PKCS5Padding
AES-CBC-PKCS7Padding

Использует повышенные привилегии.

Осуществляет доступ к информации о геолокации.

Осуществляет доступ к информации о сети.

Осуществляет доступ к информации о телефоне (номер, imei и тд.).

Осуществляет доступ к информации о настроках APN.

Осуществляет доступ к информации об активных администраторах устройства.

Осуществляет доступ к информации об установленных приложениях.

Осуществляет доступ к информации о запущенных приложениях.

Осуществляет доступ к информации о зарегистрированных на устройстве аккаунтах (Google, Facebook и тд.).

Добавляет задания в системный планировщик.

Отрисовывает собственные окна поверх других приложений.

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней