Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.Xiny.116.origin
- Android.Xiny.197
- Android.Xiny.232.origin
- Android.Xiny.244.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) www.zfr####.com:80
- TCP(HTTP/1.1) ak2.cdn.9appsdo####.####.net:80
- TCP(HTTP/1.1) api.s####.1####.com:8088
- TCP(HTTP/1.1) d####.9####.com:7080
- TCP(HTTP/1.1) 2####.177.13.68:8288
- TCP(HTTP/1.1) api.s####.1####.com:18088
- TCP(HTTP/1.1) www.cu####.com:80
- TCP(HTTP/1.1) wild####.9appsin####.com.####.net:80
- TCP(HTTP/1.1) api.9####.com:80
- TCP(HTTP/1.1) puds-####.u####.com:80
- TCP(HTTP/1.1) msg.api.9####.com:80
- TCP(HTTP/1.1) po####.9####.com:80
- TCP(TLS/1.0) 2####.58.211.110:443
- TCP(TLS/1.0) Holmes####.u####.com:443
- TCP(TLS/1.0) gj.ap####.uc.cn:443
- TCP(TLS/1.0) hk.wagbr####.non####.####.com:443
Запросы DNS:
- Holmes####.u####.com
- ak2.cdn.9appsdo####.com
- api.9####.com
- d####.9####.com
- ea.sno####.1####.com
- en.sno####.1####.com
- gjap####.uc.cn
- hl####.down####.9appsin####.com
- msg.api.9####.com
- p####.u####.com
- pdds####.u####.com
- po####.9####.com
- puds-####.u####.com
- s####.9####.com
- www.admobim####.com
- www.cu####.com
- www.mmmmmm####.com
- www.n####.com
- www.zfr####.com
- y####.al####.com
Запросы HTTP GET:
- ak2.cdn.9appsdo####.####.net/group1/M00/04/68/pYYBAFTSx_6ADiDFAAAX_UoE86...
- ak2.cdn.9appsdo####.####.net/group1/M00/61/B3/poYBAFg723CAL7AxAAVLtqkjUW...
- ak2.cdn.9appsdo####.####.net/group4/M00/C3/23/gRoGAFzT9s6ANBRBAAEu6fKO6C...
- ak2.cdn.9appsdo####.####.net/group4/M01/AB/90/gRoGAFzORRWAJV0SAAAqBPHcKF...
- ak2.cdn.9appsdo####.####.net/group4/M01/C9/00/ghoGAFzVW4GAfTbmAAEbffgqkM...
- api.9####.com/app.bizAlsoLike?sid=####&app=####&packageName=####&betaVer...
- api.9####.com/app.editRecommend?app=####&packageName=####&versionCode=##...
- api.9####.com/app.mustHaveColumns?app=####&versionCode=####&versionName=...
- api.9####.com/app.personalRecommend?app=####&packageName=####&versionCod...
- api.9####.com/app/keywordWithTag?app=####&versionCode=####&versionName=#...
- api.9####.com/checkPublishStatus?app=####&gzip=####&versionCode=####&enc...
- api.9####.com/client/check/task?app=####&versionCode=####&versionName=##...
- api.9####.com/config.get?app=####&keys=####&versionCode=####&versionName...
- api.9####.com/config?app=####&versionCode=####&versionName=####&um_ch=##...
- api.9####.com/installer/whitelist?app=####&versionCode=####&versionName=...
- api.9####.com/messageUser?app=####®istrationId=####®Only=####&vers...
- api.9####.com/messageUser?app=####&versionCode=####&versioncode=####&ver...
- api.9####.com/price.comprasionSwitch?app=####&versionCode=####&versionNa...
- api.9####.com/resourceBundle.getResource?app=####&versionCode=####&versi...
- api.9####.com/selfTrigger.getMsg?app=####&versionCode=####&versionName=#...
- api.9####.com/special.alsoLike?app=####&versionCode=####&versionName=###...
- api.9####.com/special.detail?app=####&versionCode=####&versionName=####&...
- api.9####.com/user/check-increment-update.json?app=####&gzip=####&versio...
- api.9####.com/user/property?app=####&versionCode=####&versionName=####&u...
- api.9####.com/v3/app/com.mobaxe.hillcraftracer.android.json?sid=####&app...
- api.9####.com/v3/app/com.mxtech.videoplayer.ad.json?sid=####&app=####&ve...
- api.9####.com/v3/page/template?sid=####&app=####&versionCode=####&versio...
- d####.9####.com:7080/group4/M00/C3/23/gRoGAFzT9s6ANBRBAAEu6fKO6CY337.jpg
- d####.9####.com:7080/group4/M01/C9/00/ghoGAFzVW4GAfTbmAAEbffgqkMM322.jpg
- msg.api.9####.com/get/msg?app=####&versionCode=####&versionName=####&um_...
- po####.9####.com/9apps/share?appSize=####&packageName=####&versionCode=#...
- po####.9####.com/config?app=####&versionCode=####&versionName=####&ver=#...
- po####.9####.com/get/msg?app=####&updateTime=####&versionCode=####&versi...
- po####.9####.com/get/msg?app=####&versionCode=####&versionName=####&um_c...
- puds-####.u####.com/down/u1/uuwz9uxvyzu6yxw66wuvxuuuuuuuvuuvuuuuww6g/972...
- wild####.9appsin####.com.####.net/26-3/libcrash_x86_1.5.0.0/1605/4cf38e1...
- wild####.9appsin####.com.####.net/9apps/rs/2017/02db730df64217d1cc2610d0...
- wild####.9appsin####.com.####.net/9apps/rs/2017/03ede89b7b7e786217fad8c7...
- wild####.9appsin####.com.####.net/9apps/rs/2017/065308904df215afb7c229e3...
- wild####.9appsin####.com.####.net/9apps/rs/2017/09aa105af40c95f83fa2f49f...
- wild####.9appsin####.com.####.net/9apps/rs/2017/159918c19de3254db72f9847...
- wild####.9appsin####.com.####.net/9apps/rs/2017/4620a2ef30b1988ac55964ff...
- wild####.9appsin####.com.####.net/9apps/rs/2017/58e0525b48aa88e0f2e4b138...
- wild####.9appsin####.com.####.net/9apps/rs/2017/5c244d8c794c590b31781570...
- wild####.9appsin####.com.####.net/9apps/rs/2017/7a1e70f94e3b4a7c15bd1780...
- wild####.9appsin####.com.####.net/9apps/rs/2017/8e4ac78852a9e9b5ec2aedf8...
- wild####.9appsin####.com.####.net/9apps/rs/2017/916bf8dbbfc2a4404c0b7739...
- wild####.9appsin####.com.####.net/9apps/rs/2017/95b276784a58f30dc9d331c4...
- wild####.9appsin####.com.####.net/9apps/rs/2017/976193d50e76aa46fa5a578f...
- wild####.9appsin####.com.####.net/9apps/rs/2017/99fb70ca767d3dd62f4c79d9...
- wild####.9appsin####.com.####.net/9apps/rs/2017/a12c271fd77bb79fe0e35878...
- wild####.9appsin####.com.####.net/9apps/rs/2017/c2b9dc6f28367e65fd6946bb...
- wild####.9appsin####.com.####.net/9apps/rs/2017/eacca7d7a614ee12b0754b0f...
- wild####.9appsin####.com.####.net/9apps/rs/2017/f8e5409592823847d4418e6c...
- wild####.9appsin####.com.####.net/9apps/rs/2018/0615a73e61f85843175f08ba...
- wild####.9appsin####.com.####.net/9apps/rs/2018/07c55a49ba280cc6281f9c65...
- wild####.9appsin####.com.####.net/9apps/rs/2018/07e7d90fecb9d17af645ef3a...
- wild####.9appsin####.com.####.net/9apps/rs/2018/0bb1113cc144e89b3d53c648...
- wild####.9appsin####.com.####.net/9apps/rs/2018/0bc04a07058de9dc07007603...
- wild####.9appsin####.com.####.net/9apps/rs/2018/137646dc31591a83b7bc9659...
- wild####.9appsin####.com.####.net/9apps/rs/2018/2b9b935694472938f5ddb934...
- wild####.9appsin####.com.####.net/9apps/rs/2018/3c75c10f0a92542ec27a311a...
- wild####.9appsin####.com.####.net/9apps/rs/2018/42d030745a5a1bcca03a8737...
- wild####.9appsin####.com.####.net/9apps/rs/2018/485eab96ce0ede566d50d150...
- wild####.9appsin####.com.####.net/9apps/rs/2018/4e02146e48cd4bf10d257053...
- wild####.9appsin####.com.####.net/9apps/rs/2018/4f0e537d25348fd7496083af...
- wild####.9appsin####.com.####.net/9apps/rs/2018/541c90b09a28a29fafd1bd22...
- wild####.9appsin####.com.####.net/9apps/rs/2018/59304663f9b5640a291e82ba...
- wild####.9appsin####.com.####.net/9apps/rs/2018/5b8496157d28a37f9eee8443...
- wild####.9appsin####.com.####.net/9apps/rs/2018/65fc66832e8a6d9f42d5e991...
- wild####.9appsin####.com.####.net/9apps/rs/2018/69363be5f4af044e89be8440...
- wild####.9appsin####.com.####.net/9apps/rs/2018/6ef3fb346d06e6e43301f5b9...
- wild####.9appsin####.com.####.net/9apps/rs/2018/76806d70adc876e1799be48e...
- wild####.9appsin####.com.####.net/9apps/rs/2018/7e8a23ec70e809f2ad9fbddb...
- wild####.9appsin####.com.####.net/9apps/rs/2018/8573883e1782625562bbce91...
- wild####.9appsin####.com.####.net/9apps/rs/2018/8ca94810c740b5cfc74bc059...
- wild####.9appsin####.com.####.net/9apps/rs/2018/8e0afb7489c0cbe8352d6020...
- wild####.9appsin####.com.####.net/9apps/rs/2018/927468c51080526dff52a596...
- wild####.9appsin####.com.####.net/9apps/rs/2018/a07446f8b751e4a09785da40...
- wild####.9appsin####.com.####.net/9apps/rs/2018/a140e2ebb5439d990d8be348...
- wild####.9appsin####.com.####.net/9apps/rs/2018/ade2e6ad075ec05b4b81a577...
- wild####.9appsin####.com.####.net/9apps/rs/2018/b21c47f93724385ca8c491a2...
- wild####.9appsin####.com.####.net/9apps/rs/2018/b2f10b6846a0fba8022f12aa...
- wild####.9appsin####.com.####.net/9apps/rs/2018/ba8351866b9f21b69ddcb5cf...
- wild####.9appsin####.com.####.net/9apps/rs/2018/c0682cea3cfb500f7023d80a...
- wild####.9appsin####.com.####.net/9apps/rs/2018/ca92a093dcb7ae30485bca58...
- wild####.9appsin####.com.####.net/9apps/rs/2018/ce2fb5862398ce3ef75f6838...
- wild####.9appsin####.com.####.net/9apps/rs/2018/d87723e806a5b0fc0042c8ed...
- wild####.9appsin####.com.####.net/9apps/rs/2018/dc9ec3bb2793fa1e4fe17ad1...
- wild####.9appsin####.com.####.net/9apps/rs/2018/dd96b82f2249304bb58edb05...
- wild####.9appsin####.com.####.net/9apps/rs/2018/de822f8d28bf6c68ee1309a2...
- wild####.9appsin####.com.####.net/9apps/rs/2018/ded7bd5c404fa9cb0f05af85...
- wild####.9appsin####.com.####.net/9apps/rs/2018/e17ed517a8ecd2771ebc69d0...
- wild####.9appsin####.com.####.net/9apps/rs/2018/ebec5cd39fb757190b181b9f...
- wild####.9appsin####.com.####.net/9apps/rs/2018/f4044aba7606cfed333488cd...
- wild####.9appsin####.com.####.net/9apps/rs/2018/f781dbd6f1987e06e323f9f9...
- wild####.9appsin####.com.####.net/9apps/rs/2018/f8bb6b437d14ee76b41047cd...
- wild####.9appsin####.com.####.net/9apps/rs/2019/05e85ae0206b045e33383dde...
- wild####.9appsin####.com.####.net/9apps/rs/2019/06f19faaf269cd15f136cd12...
- wild####.9appsin####.com.####.net/9apps/rs/2019/07d2815c20d57f74df16e0e4...
- wild####.9appsin####.com.####.net/9apps/rs/2019/0917ac954d7ccd4fd7670365...
- wild####.9appsin####.com.####.net/9apps/rs/2019/0d7d16264602b9c1d10eb5cb...
- wild####.9appsin####.com.####.net/9apps/rs/2019/11914db9a0b7ace50eb49f19...
- wild####.9appsin####.com.####.net/9apps/rs/2019/128e67406274a629c111f74b...
- wild####.9appsin####.com.####.net/9apps/rs/2019/12c0c2d2180a80bcc9112f55...
- wild####.9appsin####.com.####.net/9apps/rs/2019/1859c249ed09a6c2cea5b191...
- wild####.9appsin####.com.####.net/9apps/rs/2019/22add3f44ecbbe11319ce565...
- wild####.9appsin####.com.####.net/9apps/rs/2019/2594d45b949f41e580d387aa...
- wild####.9appsin####.com.####.net/9apps/rs/2019/346c523411f3081bc7a0b940...
- wild####.9appsin####.com.####.net/9apps/rs/2019/351397a75be7a136fa294ca6...
- wild####.9appsin####.com.####.net/9apps/rs/2019/3befbd4ebf08d58e3a7844bd...
- wild####.9appsin####.com.####.net/9apps/rs/2019/3f552dfb9fbd5adc75921eae...
- wild####.9appsin####.com.####.net/9apps/rs/2019/432bf87cb0cf593828aa91bc...
- wild####.9appsin####.com.####.net/9apps/rs/2019/456d9964306c7f267857efba...
- wild####.9appsin####.com.####.net/9apps/rs/2019/4688f005a7e2af0ef1516862...
- wild####.9appsin####.com.####.net/9apps/rs/2019/4b947611b930dacd7d9aef37...
- wild####.9appsin####.com.####.net/9apps/rs/2019/4ef10cc6f93ed7adc3928c07...
- wild####.9appsin####.com.####.net/9apps/rs/2019/588c47ffdadb6c93cf9775a3...
- wild####.9appsin####.com.####.net/9apps/rs/2019/64d48668d10cc99e884bd7b5...
- wild####.9appsin####.com.####.net/9apps/rs/2019/6cd26da2a17d5cbe1f91aa85...
- wild####.9appsin####.com.####.net/9apps/rs/2019/7d65e6ff8765d620247ed449...
- wild####.9appsin####.com.####.net/9apps/rs/2019/7d73fc7aac6c86110ad1ec9d...
- wild####.9appsin####.com.####.net/9apps/rs/2019/7f16e4ce9c0f00059016c675...
- wild####.9appsin####.com.####.net/9apps/rs/2019/86ce01e7ecfd2cb286c37b4c...
- wild####.9appsin####.com.####.net/9apps/rs/2019/8792155f9c5d72034532f040...
- wild####.9appsin####.com.####.net/9apps/rs/2019/9304a8a7643714f092561247...
- wild####.9appsin####.com.####.net/9apps/rs/2019/94f8f005246939a1bfa7e2ff...
- wild####.9appsin####.com.####.net/9apps/rs/2019/9d12d2b7f6b87d5edf2291d8...
- wild####.9appsin####.com.####.net/9apps/rs/2019/9d759aec7f2cfc12afb98ec9...
- wild####.9appsin####.com.####.net/9apps/rs/2019/9de1df256d547b427b512da7...
- wild####.9appsin####.com.####.net/9apps/rs/2019/9f7b0a736c42f97abdbdbb2e...
- wild####.9appsin####.com.####.net/9apps/rs/2019/a2a444a42be19a31450815da...
- wild####.9appsin####.com.####.net/9apps/rs/2019/b3c4f767c25ac04d43f3429f...
- wild####.9appsin####.com.####.net/9apps/rs/2019/b8fb143b223109a88888ec7a...
- wild####.9appsin####.com.####.net/9apps/rs/2019/b9d11aa8e1558f975b7c0d8c...
- wild####.9appsin####.com.####.net/9apps/rs/2019/ce2607cdd3ceeb7fdb462e46...
- wild####.9appsin####.com.####.net/9apps/rs/2019/cf275aefc085ac0cce5e1311...
- wild####.9appsin####.com.####.net/9apps/rs/2019/d3536d75790532d44cb51796...
- wild####.9appsin####.com.####.net/9apps/rs/2019/d5959761a8b8fb1ce7452771...
- wild####.9appsin####.com.####.net/9apps/rs/2019/d66d5f38699d6f6060e3eca7...
- wild####.9appsin####.com.####.net/9apps/rs/2019/d6a14d41423518cbfcf7f084...
- wild####.9appsin####.com.####.net/9apps/rs/2019/db0e022db1c8ed02349191a1...
- wild####.9appsin####.com.####.net/9apps/rs/2019/e24c5acece0bfe86ce90f8df...
- wild####.9appsin####.com.####.net/9apps/rs/2019/e47825d7428c3cacf615daf6...
- wild####.9appsin####.com.####.net/9apps/rs/2019/e599669fae814993fe934b40...
- wild####.9appsin####.com.####.net/9apps/rs/2019/e77e3921a83f764f8770d53c...
- wild####.9appsin####.com.####.net/9apps/rs/2019/ef71b0a221888ceafd648a62...
- wild####.9appsin####.com.####.net/9apps/rs/2019/f79eb0d28a2697414a3c2660...
- wild####.9appsin####.com.####.net/9apps/rs/2019/f83109870cd04ccf984375f8...
- wild####.9appsin####.com.####.net/9apps/rs/2019/fbafca09e4299049f96a190f...
- wild####.9appsin####.com.####.net/9apps/rs/2019/ffc0ae37649459c1bb3d7e96...
- wild####.9appsin####.com.####.net/9apps/special/2017/32868933b6291f51463...
- wild####.9appsin####.com.####.net/9apps/special/2017/dbb79f38235666fd8ba...
- www.cu####.com/20180518145925.d_201805181500.zip
Запросы HTTP POST:
- api.s####.1####.com:18088/ping
- api.s####.1####.com:18088/sdk/api/checklib
- api.s####.1####.com:18088/sdk/api/regclient
- api.s####.1####.com:8088/sdk/api/log/record
- msg.api.9####.com/upgrade/index.xhtml?from=####
- po####.9####.com/upgrade/index.xhtml?from=####
- www.zfr####.com/up.do
- www.zfr####.com/up.do?enc=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/0a231bd8575dcf72.txt
- /data/data/####/0c3df40c407c44e343f8e73ecd9933b1.0.tmp
- /data/data/####/0c3df40c407c44e343f8e73ecd9933b1.1.tmp
- /data/data/####/11gpsdfe_1557596560181002352.wa
- /data/data/####/11gpsdfe_1557596580075002955.wa
- /data/data/####/11gpsdfe_1557596607678003223.wa
- /data/data/####/12hqtegf_1557596561934002352.wa
- /data/data/####/12hqtegf_1557596584238002955.wa
- /data/data/####/12hqtegf_1557596608276003223.wa
- /data/data/####/13irufhg_1557596563229002352.wa
- /data/data/####/14jsvgih_1557596567493002352.wa
- /data/data/####/1557596558500.wa
- /data/data/####/1c43ded1ffcd60db4b72bffc542b0919.0.tmp
- /data/data/####/1c43ded1ffcd60db4b72bffc542b0919.1.tmp
- /data/data/####/1ccd60754d4e5e4a5becc3465e5a4382.0.tmp
- /data/data/####/1ccd60754d4e5e4a5becc3465e5a4382.1.tmp
- /data/data/####/2285DB089745E9F5.xml
- /data/data/####/288b731b063fb29ebda6c18c8aeee306.0.tmp
- /data/data/####/288b731b063fb29ebda6c18c8aeee306.1.tmp
- /data/data/####/2b773ebb1616940addff1df487bc2b3d.0.tmp
- /data/data/####/2b773ebb1616940addff1df487bc2b3d.1.tmp
- /data/data/####/30012cf024ac7b7b4b20740d627262bc.0.tmp
- /data/data/####/30012cf024ac7b7b4b20740d627262bc.1.tmp
- /data/data/####/3405debdf10a0645da8cde4ff551ca8f.0.tmp
- /data/data/####/3405debdf10a0645da8cde4ff551ca8f.1.tmp
- /data/data/####/3710d74b68e6af8cade5ec187cc0f996dabc7e3c.xml
- /data/data/####/3958552582f70442f3db23472ad6f26a.0.tmp
- /data/data/####/3958552582f70442f3db23472ad6f26a.1.tmp
- /data/data/####/39b2f05f725b2a18064fcce7b187823e.0.tmp
- /data/data/####/39b2f05f725b2a18064fcce7b187823e.1.tmp
- /data/data/####/3a9a1c5dda2d082b63f87c43efe9ca21.0.tmp
- /data/data/####/3a9a1c5dda2d082b63f87c43efe9ca21.1.tmp
- /data/data/####/417d28b2dd6acbb7bc291e2fa64e83d5.0.tmp
- /data/data/####/417d28b2dd6acbb7bc291e2fa64e83d5.1.tmp
- /data/data/####/44f2ea203ce2404c997dc53b4ec32a85.0.tmp
- /data/data/####/44f2ea203ce2404c997dc53b4ec32a85.1.tmp
- /data/data/####/4e71083ab063f4aed10078d66c9098d1.0.tmp
- /data/data/####/4e71083ab063f4aed10078d66c9098d1.1.tmp
- /data/data/####/4ed9f0cb21802d19e44b2cd1350ddb8d.0.tmp
- /data/data/####/4ed9f0cb21802d19e44b2cd1350ddb8d.1.tmp
- /data/data/####/599cfb90bc8cd23b580e17273a1c2ed1.0.tmp
- /data/data/####/599cfb90bc8cd23b580e17273a1c2ed1.1.tmp
- /data/data/####/5f8ddf2e900387c28a9d3fd15ef96de5.0.tmp
- /data/data/####/5f8ddf2e900387c28a9d3fd15ef96de5.1.tmp
- /data/data/####/681a9ef804346fe3d089f1e6c81652df
- /data/data/####/6838b1d99c1eaa347bae9666164486c0.0.tmp
- /data/data/####/6838b1d99c1eaa347bae9666164486c0.1.tmp
- /data/data/####/6e6d03359e672f9dd812883134987a14.0.tmp
- /data/data/####/6e6d03359e672f9dd812883134987a14.1.tmp
- /data/data/####/80da0fb54aed4d050520541f9396759d.0.tmp
- /data/data/####/80da0fb54aed4d050520541f9396759d.1.tmp
- /data/data/####/8606553618bb6aeb53bdfdaa04e32aab.0.tmp
- /data/data/####/8606553618bb6aeb53bdfdaa04e32aab.1.tmp
- /data/data/####/87a10d421b27b32c182cb75dc7fdebdc.xml
- /data/data/####/8bfad511ea530d45185691bcad84cd93.0.tmp
- /data/data/####/8bfad511ea530d45185691bcad84cd93.1.tmp
- /data/data/####/92c51c3427cd0b74
- /data/data/####/92c51c3427cd0b74-journal
- /data/data/####/93a0c862ee91f2b8faab65cdbc17eca9.0.tmp
- /data/data/####/93a0c862ee91f2b8faab65cdbc17eca9.1.tmp
- /data/data/####/9apps.db-journal
- /data/data/####/9apps.xml
- /data/data/####/ActivatePreUtil.xml
- /data/data/####/Alvin2.xml
- /data/data/####/ContextData.xml
- /data/data/####/D838other_config.xml
- /data/data/####/D838serv_config.xml
- /data/data/####/D838sp_config.xml
- /data/data/####/D838sp_config.xml.bak
- /data/data/####/D838upgrade_config.xml
- /data/data/####/HasStarted
- /data/data/####/LoginPreUtil.xml
- /data/data/####/PPAIDNI0ELIBOM0MOC.bb
- /data/data/####/PPAIDNI0ELIBOM0MOC.ff
- /data/data/####/PPAIDNI0ELIBOM0MOC.meminfo
- /data/data/####/PPAIDNI0ELIBOM0MOC.pid
- /data/data/####/PPAIDNI0ELIBOM0MOC.ps
- /data/data/####/PPAIDNI0ELIBOM0MOC.st
- /data/data/####/PPAIDNI0ELIBOM0MOC.start
- /data/data/####/PPAIDNI0ELIBOM0MOC.time
- /data/data/####/PPAIDNI0ELIBOM0MOC.uptime
- /data/data/####/REKROW1PPAIDNI0ELIBOM0MOC.bb
- /data/data/####/REKROW1PPAIDNI0ELIBOM0MOC.st
- /data/data/####/SGMANAGER_DATA2.tmp
- /data/data/####/SYSTEM_CACHE.xml
- /data/data/####/WaValue.db-journal
- /data/data/####/a1fab7356f52413fd9b1f7a71b43dca1.0.tmp
- /data/data/####/a1fab7356f52413fd9b1f7a71b43dca1.1.tmp
- /data/data/####/a4716700ef28cb58356989a8d2be8977.0.tmp
- /data/data/####/a4716700ef28cb58356989a8d2be8977.0.tmp (deleted)
- /data/data/####/a4716700ef28cb58356989a8d2be8977.1.tmp
- /data/data/####/a4c0fa3a0ce79f3167dcefc7ff9f7948.0.tmp
- /data/data/####/a4c0fa3a0ce79f3167dcefc7ff9f7948.1.tmp
- /data/data/####/ari.xml
- /data/data/####/b4f389cd08d1ac9ebe927e4e06e4b111.0.tmp
- /data/data/####/b4f389cd08d1ac9ebe927e4e06e4b111.1.tmp
- /data/data/####/b7223a4841a40a82f37fbe07ec8d1e7a.0.tmp
- /data/data/####/b7223a4841a40a82f37fbe07ec8d1e7a.1.tmp
- /data/data/####/bcdd8019dc35067c524538236ff23113.0.tmp
- /data/data/####/bcdd8019dc35067c524538236ff23113.1.tmp
- /data/data/####/c1a63e82099ae463a42245ceafab8ad6.0.tmp
- /data/data/####/c1a63e82099ae463a42245ceafab8ad6.1.tmp
- /data/data/####/c1facc6a2357fa63470e425ab38e685b.0.tmp
- /data/data/####/c1facc6a2357fa63470e425ab38e685b.1.tmp
- /data/data/####/c73fb8c66229ca3b46ddc0e4d567bc36.0.tmp
- /data/data/####/c73fb8c66229ca3b46ddc0e4d567bc36.1.tmp
- /data/data/####/com.google.android.gms.appid-no-backup
- /data/data/####/com.google.android.gms.appid.xml
- /data/data/####/com.mobile.indiapp_preferences.xml
- /data/data/####/d.zip
- /data/data/####/d3e5743ac2007d4399937e43e66bb3fd.0.tmp
- /data/data/####/d3e5743ac2007d4399937e43e66bb3fd.1.tmp
- /data/data/####/d9ab8dcf62d8069a9c0ca967f6576c76.0.tmp
- /data/data/####/d9ab8dcf62d8069a9c0ca967f6576c76.0.tmp (deleted)
- /data/data/####/d9ab8dcf62d8069a9c0ca967f6576c76.1.tmp
- /data/data/####/da3225dcf4dc425100555df96ad04f19
- /data/data/####/daemon
- /data/data/####/db5ce8d2a487c3ac6de2c24b39da60a0.0.tmp
- /data/data/####/db5ce8d2a487c3ac6de2c24b39da60a0.1.tmp
- /data/data/####/db_snowfox.db
- /data/data/####/db_snowfox.db-journal
- /data/data/####/dc0091ead8140677e2
- /data/data/####/dc092ab7707106249a
- /data/data/####/dc4b50ea9608460fc8
- /data/data/####/dc5ed6c4de343723a7
- /data/data/####/dc77f91e403706cb2a
- /data/data/####/device_info.xml
- /data/data/####/dfaf7f2e422105cde4c1564bab7b72af.0.tmp
- /data/data/####/dfaf7f2e422105cde4c1564bab7b72af.1.tmp
- /data/data/####/downloader-journal
- /data/data/####/dtemp.apk
- /data/data/####/ec0d3c55e21464e88e25897c8a803831.0.tmp
- /data/data/####/ec0d3c55e21464e88e25897c8a803831.1.tmp
- /data/data/####/f.zip
- /data/data/####/f4acd030da61bd739ac44e37218b4567f7dd880f.xml
- /data/data/####/f60510c01336f175cfbcd8def8f0d0c4.0.tmp
- /data/data/####/f60510c01336f175cfbcd8def8f0d0c4.1.tmp
- /data/data/####/ffc1d42b1ca5e3db2657d00b91997f6a.xml
- /data/data/####/fiwmw
- /data/data/####/home_app_data_xy.json
- /data/data/####/hot_word_data_xy.json
- /data/data/####/install_list_info.xml
- /data/data/####/isupdate.xml
- /data/data/####/journal.tmp
- /data/data/####/lib_v19n.dat
- /data/data/####/libcrash_1.5.0.0.so
- /data/data/####/libnonsp.so
- /data/data/####/libsgmainso-5.3.7011.so.tmp
- /data/data/####/lock.lock
- /data/data/####/m_cfg.xml
- /data/data/####/mesosphere_v19n.jar
- /data/data/####/message-journal
- /data/data/####/my.db
- /data/data/####/my.db-journal
- /data/data/####/ob.zip
- /data/data/####/pgbwaa
- /data/data/####/pid
- /data/data/####/snowfox_v19n.jar
- /data/data/####/snowfoxad_msg.db
- /data/data/####/snowfoxad_msg.db-journal
- /data/data/####/snowfoxprf.xml
- /data/data/####/sp.lock
- /data/data/####/sp_cache.xml
- /data/data/####/story.skin
- /data/data/####/swof_setting.xml
- /data/data/####/t_ini.xml
- /data/data/####/unique
- /data/data/####/webview.db-journal
- /data/data/####/worker_preferences.xml
- /data/media/####/.nomedia
- /data/media/####/02811ebc1d9a163765e64ff732b63878c96a69bf75c016....0.tmp
- /data/media/####/07bcc4c8875f926b194f8fe9a290619fdc776d4f120e56....0.tmp
- /data/media/####/0a4d8ab5003ff2ad5897960430cb7c1833bee18d4bcff8....0.tmp
- /data/media/####/0aca061b545f20c8af9bceefff817b1675abac4c9ad079....0.tmp
- /data/media/####/0b659b68c237d9b22a9468cdd71743cf58c47fb81ff1ef....0.tmp
- /data/media/####/0d9c536f6aaf070a69ac7a83eeab1674b27e55b90d65fe....0.tmp
- /data/media/####/10ba5a99cefe119af9b10cbd318ea8e31088d6aab7607e....0.tmp
- /data/media/####/110c91f0e31e4dc365b48163b30b9c4b911d8160f87790....0.tmp
- /data/media/####/1206fee0237299579ff9c1f76e0c79c03732dfa1f8ff43....0.tmp
- /data/media/####/158dc7ff3ad6060bdd91da80b0a9f8a6de68bd72065e6c....0.tmp
- /data/media/####/16e2ac1166edcc349337bdd964df6efe30f179b6c428f0....0.tmp
- /data/media/####/17c732d01dfdbc8327597fa181bdb51f471819a6568153....0.tmp
- /data/media/####/19dc4f9de9e9b908ed73acb7cc568bb97869e36b42bd4a....0.tmp
- /data/media/####/1a5dd3f9d72cc85b9cafeb4f1d1704c9cb85109d32c3a7....0.tmp
- /data/media/####/1b45c17123a1e554b48befed65069e7878a500bad26ed9....0.tmp
- /data/media/####/1b9796cec8412327dfbd20aea3dcafd3e60dd4cfc1ae35....0.tmp
- /data/media/####/1ff7f36cc06a6980c0e8ebd4d8610b955379a6802224e4....0.tmp
- /data/media/####/214f1cd769b2ecc05e16eed4bf029781fec330cf4a4c22....0.tmp
- /data/media/####/22cf0a3451f341de7fcb2afb4c00404b172faf50d20416....0.tmp
- /data/media/####/24854915ebf05ddddfc25926ece837f6d081ecae9fc4ff....0.tmp
- /data/media/####/254d9251384443cd3ead9a909199c3c4471a38237fe371....0.tmp
- /data/media/####/25a6e32961159202233bfbd7b2825a6f14962008220bc6...80bf.0
- /data/media/####/265741fd9a66631680e519ae64d10e0cac93de251185d3....0.tmp
- /data/media/####/28f0bb353c718a00dfc1949409b3e491cba60c4a61c642....0.tmp
- /data/media/####/2cd19e890033670e5ab58867d599c156a8f7641d594541....0.tmp
- /data/media/####/31919e5afc09d2811bde586ea1f5c235481321682b0901....0.tmp
- /data/media/####/3348ba11a4a7ec75cb6f452f224eccafa9fe92a37cff7c....0.tmp
- /data/media/####/342192b2f3816e4aa88dd88c9791dc6b2440d0b99e3d0b....0.tmp
- /data/media/####/3c8c5ab914c6597ac06a28b5aa13a0c40e0aab5ecb560f....0.tmp
- /data/media/####/3cb3d480fd9d08f1defbb9345c380d5197c90056fdc333....0.tmp
- /data/media/####/3deb76cd9c4da46fb93550067423ba861a551b90eb4c35....0.tmp
- /data/media/####/4141d7628604aad719bf4ba208639f17a22995f035e175....0.tmp
- /data/media/####/42489ca50af594fdec4f0055b959945ae778c01beb646e....0.tmp
- /data/media/####/42c0beeab813c0a506cde0af6672e45371077038f62ff6....0.tmp
- /data/media/####/469c4b457f672a324e135f2b001ce0105018eb348f76d1....0.tmp
- /data/media/####/4a8e9252265a942bf3b2dc9bfdb8d021c862c816487263....0.tmp
- /data/media/####/4b694b4a2699153549167f8c002999b2ae1e7964afd28d....0.tmp
- /data/media/####/4c5a15d697246d2a44820ad13409e34a12a1a209c07cdb....0.tmp
- /data/media/####/4e016838eec79a052325882a58cc8b439bd8e3e61b85b1....0.tmp
- /data/media/####/4e45c53619d2f57141082f86616b770bdf38045091f7d5....0.tmp
- /data/media/####/524e4ce94446b391dc8472b0feb80240e5adb8d0c0eced....0.tmp
- /data/media/####/52c1350b9b23baf07821f7c509bbc4120788590b956a6c....0.tmp
- /data/media/####/53172ec00439893c94f6c58b8b8b6ec86aa974fb546918....0.tmp
- /data/media/####/56324b6731387f9c2ec19494584faea737467ac7f7ad1a....0.tmp
- /data/media/####/5743892094489bb1b8eef3226f60aa2e0efac0dcbcec5f....0.tmp
- /data/media/####/57e51c65ac287b48f9923406100e2b273648ef5a2e79d5....0.tmp
- /data/media/####/58e914af20105d7c8982b43a082680205423995169a364....0.tmp
- /data/media/####/59ec59816d4e7097ea33b214330601c1720b4b6fd70e4f....0.tmp
- /data/media/####/5acfb047e02a760c963b7b59db75a20d62d47d9745b6b5....0.tmp
- /data/media/####/5cfe2f013a07ba2774a6bd8760d9b8249eb228a17e7132....0.tmp
- /data/media/####/5e34e6e9ef606bdcf0e01acc29eb3bd97e1367ad699d5e....0.tmp
- /data/media/####/5ef2fec65d704838b2c46bb42b0753a6406bc3af241864....0.tmp
- /data/media/####/5fe3b032bca1ff738fd2b4d124fa212ebd5b9cdf6f0e5c....0.tmp
- /data/media/####/6014ee5c405aaeb7238856998fd3d266bc8887348817d2....0.tmp
- /data/media/####/60490e1dbb8a618c049723626716b18c897f403cc72aa1....0.tmp
- /data/media/####/6454433b8baa235cb6f2bcb70f3927ec7d6998e86b4c1a....0.tmp
- /data/media/####/6ab9b3ec816e2efa1fc5ed491136b3df4442df8b46ffcb....0.tmp
- /data/media/####/6cfaea69451440c28867bd668bbc6e73896f65ac7db924....0.tmp
- /data/media/####/6f7357e8a5a076f68179b05e135eb3430a07c5abe04395....0.tmp
- /data/media/####/78c59a0d789732b88244243ad34f3b7ca896f1629ac706....0.tmp
- /data/media/####/79aa3172d86bf8f557bc95d97985211f39d7efb617c89a....0.tmp
- /data/media/####/7a5796bf8d0fee5982873cbdb8c24395a14add5461c2b7....0.tmp
- /data/media/####/7b75e9b1b2a4138d433c32da4970f00a18f9e6efcec14c....0.tmp
- /data/media/####/7f1a2985d122d507042b4a79f76a2b1295c051d37619f8....0.tmp
- /data/media/####/81cf9ecebd0ec6f50ddee7fc954aaf59238eccef1ac8de....0.tmp
- /data/media/####/83a3f44e65de95782e3b6d5c8cba1f06588e6b3361d457....0.tmp
- /data/media/####/85c6bc6007bf991f6ccf4c3a44d4ae4be5b5ecb83c70a3....0.tmp
- /data/media/####/86f0e20bd97fa74be62d119ad44dfbe25d18d7615c84d3....0.tmp
- /data/media/####/87485f94171116745395d58f4ccbeda1daa7252c648c4c....0.tmp
- /data/media/####/8823c0f96c90326166d5843dcdbb1bd3be1cf663c8aa9a....0.tmp
- /data/media/####/890acc8b0c5669c768d6ad8a22a3614a310ea7fe026088....0.tmp
- /data/media/####/8a9739b79c37128c62043427fbcfa2a27e5e85251f56f6....0.tmp
- /data/media/####/8fd3fcfea5ac0a00d6044b6cd03f5bc8cd54b567fd49a5....0.tmp
- /data/media/####/91048cf9e847bbb79b563a689f813aaa4f28001d7cbf98....0.tmp
- /data/media/####/94269f6fa3b9fecd310a3c785f4304e9b9f9116de58c85....0.tmp
- /data/media/####/956c39936273ca9460810bc2ce94aa38dcef231cb9c348....0.tmp
- /data/media/####/956ff58d0b7aa553a5ebce98cc9be40628ad62680da684....0.tmp
- /data/media/####/960861f0a59e5033c0ebd5a4728a521d4a593222959c43....0.tmp
- /data/media/####/9751908462eac16b2f7a92cef7274541fe1eb0fad5f6e9....0.tmp
- /data/media/####/9913b43598a1b7bc1ae783499ef66bd4b34eb4f110fdd2....0.tmp
- /data/media/####/9bbc6b9aa784793af2e31bbca0d31b21105fdaa4f7aee9....0.tmp
- /data/media/####/9faafd0ed5220517ff8a998e28711b939c767b779b91ce....0.tmp
- /data/media/####/9fb659bef310b4a0e66dd7ba5f5a57cd03df9d1582c122....0.tmp
- /data/media/####/9fb864e30126c8ddb05bc125565cbbea8cb9d1c99584a2....0.tmp
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/a0db310d14c47b5018891efc196542d9b564ad3cd5fe79....0.tmp
- /data/media/####/a7b093d2435111c975f3d263704be3a6b3fd87b619205d....0.tmp
- /data/media/####/a987cf809e696b883f71a20f95383b32d1909b45da0f36....0.tmp
- /data/media/####/a9a66d493110ff98aa8f8251c0f4a2f192522df115d2a1....0.tmp
- /data/media/####/ab614bb5380b8950de74048d2f806c3c438833ca3ca9fa....0.tmp
- /data/media/####/ac5105f2c5849fd79e2018f1b54accbb9f53847b7e0c03....0.tmp
- /data/media/####/b4d4aed503e89ec309b5287efc258f4277ee0613800704....0.tmp
- /data/media/####/b791e812f58ae9b67e4fa79010f1abcdf02c3ba40e0ca7....0.tmp
- /data/media/####/b89e0af0b8f8c8c8f0a0b7eb26bc6d7c67c770df53fb8b....0.tmp
- /data/media/####/bd3e36fd9dad6fb432743f47ad57130794174b0f82708b....0.tmp
- /data/media/####/c7ebf2a451cc474e75c65ec96d163e2350b89879d6f545....0.tmp
- /data/media/####/caccf94dd7d3c83fd63f93fcdd35b05029add0324588db....0.tmp
- /data/media/####/ccb13966790c7ad2eb1e22468ca1647efa3fa1f0f3ad10....0.tmp
- /data/media/####/d09f6fa45b77310896740949084f72a8f2109eb8200149....0.tmp
- /data/media/####/d187c777d7f0833190c037a3c5c58bfdb11d2595cc173d....0.tmp
- /data/media/####/d3096f0229710af19e80f293a41b6842880dd973494be0....0.tmp
- /data/media/####/d3532ba625cca87b57572946b6d56d378f8bb5b326bbc9....0.tmp
- /data/media/####/d5b64e7242f847514b8cfd866776f85de6bae0191daadc....0.tmp
- /data/media/####/d801d241f8609bbcc57a5b11d4048391fc8b3707929d8f....0.tmp
- /data/media/####/da1049b1d91cc568e1675ff4b685581db8ead1709684d9....0.tmp
- /data/media/####/dab4b18836a83e2b7d3eb823c4eda3c4bead7b71f700f5....0.tmp
- /data/media/####/dd7893586a493dc3
- /data/media/####/dd792be9ac6bb8a23df9015ceaf450c66e73bf557869c2....0.tmp
- /data/media/####/dev_3cd4e63c.txt
- /data/media/####/e1fe293ab5efef489cdab56ad08756c0bb1a2461833efd....0.tmp
- /data/media/####/e5d4b30305b2c1b842c367f494a75d391f4ccbe9e47ccf....0.tmp
- /data/media/####/eb2ed0130fa86578edec534ecd156ad7fb176d388b1045....0.tmp
- /data/media/####/f1e79571929637246986e915959cbe0c40c1d9c71e6f35....0.tmp
- /data/media/####/f54d5afd714ca62c0bf7e57ee35f3e77631b35bee7a1f0....0.tmp
- /data/media/####/f7cc660b73815dde94d261dc79ee21e25e72c416aa0104....0.tmp
- /data/media/####/f8a4578cf16566768a2606568542a09e9e9cb1f256f0ef....0.tmp
- /data/media/####/fbc30246ca3796b119c93ced13c5f8098997a4bf5945bd....0.tmp
- /data/media/####/fbce43c2548cbad07019f0c08e5b0e43527f0cfecaa163....0.tmp
- /data/media/####/fc9e071d851330f3df21d08d243c1bd5ffb381e945a219....0.tmp
- /data/media/####/feaa8c769d0b26b73e0ccee29fc38ea82077c30f9e4b2e....0.tmp
- /data/media/####/hid.dat
- /data/media/####/imei.txt
- /data/media/####/journal
- /data/media/####/journal.tmp
- /data/media/####/libcrash_1.5.0.0.so.tmp
- /data/media/####/poYBAFg723CAL7AxAAVLtqkjUW850.skin.tmp
- /data/media/####/sp
- /data/media/####/ua.dat
Другие:
Запускает следующие shell-скрипты:
- /data/user/0/<Package>/files/dc0091ead8140677e2
- /data/user/0/<Package>/files/dc092ab7707106249a
- /data/user/0/<Package>/files/dc5ed6c4de343723a7
- /data/user/0/<Package>/files/dc77f91e403706cb2a
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- <Package Folder>/files/dc4b50ea9608460fc8
- app_process /system/bin com.android.commands.am.Am startservice --user 0 -n <Package>/com.fmt.zcu.Eu
- cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- chmod 777 <Package Folder>/files/daemon
- ls -l /system/bin/su
- ps
- sh
Загружает динамические библиотеки:
- fiwmw
- help
- libcrash_1.5.0.0
- libnonsp
- sgmainso-5.3
- uninstall
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
- DES
- desede-ECB-PKCS5Padding
Использует следующие алгоритмы для расшифровки данных:
- AES
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
- DES
- desede-ECB-PKCS5Padding
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Получает информацию о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
Проверяет наличие популярных антивирусных приложений.
