Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.DownLoader.906.origin
- Android.RemoteCode.242.origin
- Android.RemoteCode.264.origin
- Android.RemoteCode.6457
- Android.Triada.4567
- Android.Triada.482.origin
- Android.Xiny.1513
- Android.Xiny.240.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.Xiny.1513
Предлагает установить сторонние приложения.
Сетевая активность:
Подключается к:
- UDP(DNS) 8####.8.4.4:53
- TCP(HTTP/1.1) ln####.jqshe####.com:80
- TCP(HTTP/1.1) tfs.alipayo####.com:80
- TCP(HTTP/1.1) gd.a.s####.com:80
- TCP(HTTP/1.1) bl.f.numbero####.cn:80
- TCP(HTTP/1.1) q####.0####.com:13967
- TCP(HTTP/1.1) m####.zish####.cn.####.com:80
- TCP(HTTP/1.1) upload####.doula####.com:9842
- TCP(HTTP/1.1) ot.grb.qin####.com:80
- TCP(HTTP/1.1) 47.1####.13.108:8099
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) j####.o####.com:13967
- TCP(HTTP/1.1) jp####.njt####.com:10091
- TCP(HTTP/1.1) v1.xm####.com.####.com:80
- TCP(HTTP/1.1) 14.17.1####.182:80
- TCP(HTTP/1.1) dd.bigb####.com:6099
- TCP(HTTP/1.1) alldo####.colle####.com.####.com:80
- TCP(HTTP/1.1) lp.lapia####.com:6099
- TCP(HTTP/1.1) xt####.g8####.com:20149
- TCP(HTTP/1.1) bl.r.numbero####.cn:80
- TCP(HTTP/1.1) 47.97.2####.44:18888
- TCP(HTTP/1.1) zc####.mj####.cn:80
- TCP(HTTP/1.1) e4####.0r####.com:10293
- TCP(HTTP/1.1) ym####.89####.com:34656
- TCP(HTTP/1.1) adl.a####.net:80
- TCP(TLS/1.0) 1####.217.19.206:443
- TCP(TLS/1.0) 2####.58.211.106:443
- TCP(TLS/1.0) y####.h####.com:443
- TCP(TLS/1.0) a.msst####.com.####.com:443
- TCP(TLS/1.0) stati####.msst####.com:443
- TCP(TLS/1.0) www.gst####.com:443
- TCP(TLS/1.0) www.google####.com:443
- TCP(TLS/1.0) 1####.217.168.202:443
- TCP(TLS/1.0) android####.go####.com:443
- TCP(TLS/1.0) me####.h####.com:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) p####.google####.com:443
- TCP(TLS/1.0) playato####.google####.com:443
- TCP(TLS/1.0) peopl####.google####.com:443
- TCP(TLS/1.0) voledev####.google####.com:443
- TCP(TLS/1.0) m.h####.com:443
- TCP(TLS/1.2) 2####.58.211.106:443
- TCP(TLS/1.2) 1####.217.168.195:443
- TCP(TLS/1.2) 1####.217.19.206:443
- TCP(TLS/1.2) 1####.217.168.202:443
- TCP d.angs####.com:9270
Запросы DNS:
- a####.u####.com
- a.msst####.com
- a3####.fj####.cn
- adl.a####.net
- anchor####.msst####.com
- android####.go####.com
- bl.c.numbero####.cn
- bl.f.numbero####.cn
- bl.i.numbero####.cn
- bl.r.numbero####.cn
- cryptau####.google####.com
- d.angs####.com
- dd.bigb####.com
- dwf.colle####.com
- e4####.0r####.com
- hm.b####.com
- huy####.msst####.com
- j####.o####.com
- jp####.njt####.com
- live-c####.msst####.com
- ln####.jqshe####.com
- lp.lapia####.com
- m####.zish####.cn
- m.h####.com
- me####.h####.com
- oi####.kenanta####.com
- ot.cor.qin####.com
- ot.grb.qin####.com
- ot.m.qin####.com
- p####.google####.com
- peopl####.google####.com
- playato####.google####.com
- pv.s####.com
- q####.0####.com
- sn####.kv####.com
- stati####.msst####.com
- tfs.alipayo####.com
- tx-live####.msst####.com
- upload####.doula####.com
- v1.xm####.com
- voledev####.google####.com
- www.google####.com
- www.gst####.com
- xt####.g8####.com
- y####.h####.com
- ym####.89####.com
- z####.heyc####.net
- z####.heyc####.net.####.8
- zc####.mj####.cn
Запросы HTTP GET:
- adl.a####.net/dd/a/dl?appId=####
- alldo####.colle####.com.####.com/rhsdk/sgxcx/xdt2.jar
- gd.a.s####.com/cityjson?ie=####
- ln####.jqshe####.com/c/jdigwuislgori32387s87w87s.zip
- ln####.jqshe####.com/u/2096jm-dex.jar
- m####.zish####.cn.####.com/banner_04517617e33f44bbb39c11b4598f07cf.jpg
- tfs.alipayo####.com/L1/71/100/and/alipay_2088131876115982_279.apk
- v1.xm####.com.####.com//xmy//upflie/apk/1359_0/2020/02/26/com.xingkong.k...
- zc####.mj####.cn/c/ishyqwddf.zip
- zc####.mj####.cn/c/shqgwd.zip
- zc####.mj####.cn/jz/zwbfc.jpg
- zc####.mj####.cn/tp/peatred.png
- zc####.mj####.cn/two/290-ytgvkjrcky.zip
Запросы HTTP POST:
- a####.u####.com/app_logs
- bl.f.numbero####.cn/J7Izocp1/FMc7
- bl.f.numbero####.cn/SlAybZh1/rXfV
- bl.f.numbero####.cn/q3265Xdk/E60g
- bl.r.numbero####.cn/J7Izocp1/FMc7
- bl.r.numbero####.cn/SlAybZh1/rXfV
- bl.r.numbero####.cn/m3fb2crQ/MSfQ
- bl.r.numbero####.cn/q3265Xdk/E60g
- dd.bigb####.com:6099/aps/
- e4####.0r####.com:10293/widlth/
- e4####.0r####.com:10293/xkeila/
- j####.o####.com:13967/d0oer/
- jp####.njt####.com:10091/wisdom/marking
- lp.lapia####.com:6099/aps/
- ot.grb.qin####.com/JBVZVr/niyaei
- ot.grb.qin####.com/ei6VRb/ZJnAba
- ot.grb.qin####.com/zIFvYr/uaqmAn
- q####.0####.com:13967/d0oer/
- q####.0####.com:13967/nheae/
- q####.0####.com:13967/x5qn0/
- upload####.doula####.com:9842/upload/api/getAppConfig.do
- upload####.doula####.com:9842/upload/api/getBanner.do
- xt####.g8####.com:20149/kysd7h/
- ym####.89####.com:34656/aowbg/
- ym####.89####.com:34656/ixowf/
- ym####.89####.com:34656/ntmjv/
- ym####.89####.com:34656/qdkle/
- ym####.89####.com:34656/rqiea/
Изменения в файловой системе:
Создает следующие файлы:
- /data/dalvik-cache/####/storage@emulated@0@goog1e@data@z.jar@cl...leted)
- /data/dalvik-cache/####/storage@emulated@0@goog1e@data@z.jar@classes.dex
- /data/dalvik-cache/####/system@framework@am.jar@classes.dex
- /data/dalvik-cache/####/system@framework@am.jar@classes.dex.flo...leted)
- /data/data/####/,MoPay_SP.xml
- /data/data/####/,MoPay_SP.xml.bak
- /data/data/####/.imprint
- /data/data/####/00d4612485e765f1_0
- /data/data/####/01ab6fb79fd77a6e_0
- /data/data/####/031cd5b34b1da06c_0
- /data/data/####/058714c24785e8b6_0
- /data/data/####/058714c24785e8b6_1
- /data/data/####/08c2b06825a4b02b_0
- /data/data/####/0BFC984111839B46E362B04EA10E322D.dex
- /data/data/####/0BFC984111839B46E362B04EA10E322D.dex.flock (deleted)
- /data/data/####/110
- /data/data/####/142
- /data/data/####/144
- /data/data/####/1584190445587
- /data/data/####/1584190468581
- /data/data/####/1584190488787
- /data/data/####/1584190512801
- /data/data/####/1584190532970
- /data/data/####/175
- /data/data/####/192ae6704133918d_0
- /data/data/####/1CC348654F9CF9BAD5D972EB721574B9.xml
- /data/data/####/1CC348654F9CF9BAD5D972EB721574B9.xml.bak
- /data/data/####/1c2441adc3b6b86c_0
- /data/data/####/235
- /data/data/####/249
- /data/data/####/264
- /data/data/####/265
- /data/data/####/266
- /data/data/####/269
- /data/data/####/271
- /data/data/####/273
- /data/data/####/278
- /data/data/####/279
- /data/data/####/280
- /data/data/####/282
- /data/data/####/284
- /data/data/####/289
- /data/data/####/291
- /data/data/####/293
- /data/data/####/294
- /data/data/####/295
- /data/data/####/299
- /data/data/####/300
- /data/data/####/306
- /data/data/####/34
- /data/data/####/3d437bddac8af1eb_0
- /data/data/####/3f31bd60d711392e_0
- /data/data/####/3f74ca28f7b5f717_0
- /data/data/####/40493c9b9912c780_0
- /data/data/####/4140baa200a91f48_0
- /data/data/####/4188f610d1b362ce_0
- /data/data/####/44367F39739CCD6BBF960E91E7DB78B2.xml
- /data/data/####/4534726fa13d0c7c_0
- /data/data/####/45b4fdc51de57d96_0
- /data/data/####/4702948f7addd413_0
- /data/data/####/48059d8d6c4be8bf_0
- /data/data/####/498e400a62e79b92_0
- /data/data/####/4B8DB6B83129A65A2EF4DCFC1393C3B0.xml
- /data/data/####/51745a92cb687d27_0
- /data/data/####/531c675275992572_0
- /data/data/####/531c675275992572_1
- /data/data/####/568c5ba01d4b5a5a_0
- /data/data/####/56fd64526d1effad_0
- /data/data/####/58d486da0bdff7d9_0
- /data/data/####/58d486da0bdff7d9_1
- /data/data/####/5f078279e65efbc7_0
- /data/data/####/60b0ae55c8caaa0c_0
- /data/data/####/615726c0182ad933_0
- /data/data/####/615726c0182ad933_1
- /data/data/####/61f35c63af77a101_0
- /data/data/####/62dd42616dc70822_0
- /data/data/####/655fd8e8ce9e95d7_0
- /data/data/####/68f4d19fd4a8257b_0
- /data/data/####/71394b3aa72d7853_0
- /data/data/####/7a04b13b69ac9601_0
- /data/data/####/7b2816a64a99d186_0
- /data/data/####/7d63cb246a0bbe96_0
- /data/data/####/81050f3096f66dc2_0
- /data/data/####/8450b98d5342ccef_0
- /data/data/####/8EAD111D030291821E19A80E344C340A.xml
- /data/data/####/8e8d60f3afab561b_0
- /data/data/####/91325849acc5fcf2_0
- /data/data/####/96D363AD4F05B0EF5EE8D629DB6A972D.dex
- /data/data/####/96D363AD4F05B0EF5EE8D629DB6A972D.dex.flock (deleted)
- /data/data/####/9940901b7a5a0f62_0
- /data/data/####/9a3c8d97998f6bbe_0
- /data/data/####/9cc930b3f03464f2_0
- /data/data/####/9f70818d781b1470_0
- /data/data/####/C06E266296C7829F781FDB092AC787F1.dex
- /data/data/####/C06E266296C7829F781FDB092AC787F1.dex.flock (deleted)
- /data/data/####/Cookies
- /data/data/####/Cookies-journal
- /data/data/####/F1B22AD36D1D0BEFCEC031A06B39395E.dex
- /data/data/####/F1B22AD36D1D0BEFCEC031A06B39395E.dex.flock (deleted)
- /data/data/####/JiePay.xml
- /data/data/####/Web Data
- /data/data/####/Web Data-journal
- /data/data/####/WebViewChromiumPrefs.xml
- /data/data/####/_p.xml
- /data/data/####/_sh.xml
- /data/data/####/a1ab7199c49b475f_0
- /data/data/####/a3c9d3b3e2d58123_0
- /data/data/####/a4b645a09e1352ed9a43ff469655db6d_3_1_5.dex
- /data/data/####/a4b645a09e1352ed9a43ff469655db6d_3_1_5.dex.flock (deleted)
- /data/data/####/a4b645a09e1352ed9a43ff469655db6d_3_1_5.zip
- /data/data/####/a4b645a09e1352ed9a43ff469655db6d_3_1_5.zip.tmp
- /data/data/####/a7f41c944e476bfd_0
- /data/data/####/a9dda8d01f3066e0_0
- /data/data/####/abd0a5cfa5439458_0
- /data/data/####/ad2a769961a7bd2d_0
- /data/data/####/ae25947486ec23d8_0
- /data/data/####/af686c45de239545_0
- /data/data/####/b0318b1bf4f592f1_0
- /data/data/####/b6763509836ea3fb_0
- /data/data/####/b6763509836ea3fb_1
- /data/data/####/b7e3b6faeb905b21_0
- /data/data/####/bae4a25b6a68fe08_0
- /data/data/####/be3326f5aa2160fe_0
- /data/data/####/be3326f5aa2160fe_1
- /data/data/####/buntutu_data_s.xml
- /data/data/####/c06d71227e442094_0
- /data/data/####/c23eef70fb279ec5_0
- /data/data/####/c62a1e0c101018e9_0
- /data/data/####/c62a1e0c101018e9_1
- /data/data/####/c71a18014e0025b0_0
- /data/data/####/c8d6c62bd96c4c4f_0
- /data/data/####/cCache.xml
- /data/data/####/cCache.xml.bak
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/ce0e3347e4625778_0
- /data/data/####/com.ly.sjm.d20190125_preferences.xml
- /data/data/####/dc0da524ecc6db8f_0
- /data/data/####/dcf5f9a92b3c009d_0
- /data/data/####/dea21a4007a183cd_0
- /data/data/####/dpi
- /data/data/####/e1bc887497c51d64_0
- /data/data/####/e232fdafc79c7e74_0
- /data/data/####/e37b706781ad6773_0
- /data/data/####/e4f95f2a87abbaef_0
- /data/data/####/e544e09a20284292_0
- /data/data/####/e6a676bfd24596cf_0
- /data/data/####/e8e9350767623b99_0
- /data/data/####/e8e9350767623b99_1
- /data/data/####/ebaf73baa6032b4b_0
- /data/data/####/ec7d6f854dd152c9_0
- /data/data/####/edd30a00f479a0c2_0
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f44e0e661cfec0d3_0
- /data/data/####/f50e01deca87bd75_0
- /data/data/####/f7b9224fe5015c4a_0
- /data/data/####/fce5bb8c2a18be00_0
- /data/data/####/feee4a329d9ecb76_0
- /data/data/####/flyou
- /data/data/####/flyou-journal
- /data/data/####/gameid
- /data/data/####/gameid.zip
- /data/data/####/https_m.huya.com_0.localstorage
- /data/data/####/https_m.huya.com_0.localstorage-journal
- /data/data/####/huiqcoxg.dex
- /data/data/####/huiqcoxg.dex.flock (deleted)
- /data/data/####/huiqcoxg.jar
- /data/data/####/idle_pay_config.dat.xml
- /data/data/####/idle_pay_config.dat.xml.bak (deleted)
- /data/data/####/idle_updata.dat.xml
- /data/data/####/index
- /data/data/####/jiepay_config.xml
- /data/data/####/jiepay_config.xml.bak
- /data/data/####/libengine.so
- /data/data/####/libgif.so
- /data/data/####/libn040b5.so
- /data/data/####/libplugManager.so
- /data/data/####/libqeirvf.so
- /data/data/####/libqeirvf.so-32
- /data/data/####/libqeirvf.so-64
- /data/data/####/lpbia.dex
- /data/data/####/lpbia.dex.flock (deleted)
- /data/data/####/lpbia.jar
- /data/data/####/metrics_guid
- /data/data/####/mhzb.db
- /data/data/####/mhzb.db-journal
- /data/data/####/mm_nw_app.xml
- /data/data/####/proc_auxv
- /data/data/####/qs_LcCache.xml
- /data/data/####/qs_LcCache.xml.bak
- /data/data/####/snpbko.png
- /data/data/####/sou
- /data/data/####/the-real-index
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_general_config.xml.bak
- /data/data/####/umeng_general_config.xml.bak (deleted)
- /data/data/####/umeng_it.cache
- /data/data/####/vhjn.xml
- /data/data/####/vhjn.xml.bak
- /data/data/####/vhjn.xml.bak (deleted)
- /data/data/####/wanda.xml
- /data/data/####/wanda.xml.bak
- /data/data/####/webview_data.lock
- /data/data/####/webviewtest.dex
- /data/data/####/webviewtest.dex.flock (deleted)
- /data/data/####/webviewtest.jar
- /data/data/####/xdtversion.xml
- /data/data/####/xm.xml
- /data/data/####/yd_config_c.xml
- /data/data/####/ysssfile.xml
- /data/data/####/ysssfile.xml.bak
- /data/data/####/yunUid.f
- /data/local/####/buntutu_daemon
- /data/media/####/.goj
- /data/media/####/.nid
- /data/media/####/.usdis
- /data/media/####/.vnc
- /data/media/####/0BFC984111839B46E362B04EA10E322D
- /data/media/####/0BFC984111839B46E362B04EA10E322D.jar
- /data/media/####/0BFC984111839B46E362B04EA10E322D.temp
- /data/media/####/2E46116119D6369FFDF3FC0F21D690C3
- /data/media/####/3474A894D305ABB9F81F038FF7039299
- /data/media/####/3915BACB930634B7E206116F9DC9486F
- /data/media/####/4012E3F546C333A01CF0FE15E3D163C5
- /data/media/####/42f76a2bff2dbb719df2b2ea48ea8725.0
- /data/media/####/42f76a2bff2dbb719df2b2ea48ea8725.0.tmp (deleted)
- /data/media/####/59D65A4A78D8A8F0B5FF380F2ED139F9
- /data/media/####/5a9839d71be5a7119f232204ecbcdc26
- /data/media/####/63012aa3ff312ac4242115835d579224
- /data/media/####/96D363AD4F05B0EF5EE8D629DB6A972D.jar
- /data/media/####/96D363AD4F05B0EF5EE8D629DB6A972D.temp
- /data/media/####/9E470CC64B29B65368B6AC9FB61E7AB4
- /data/media/####/A32F38FD78F2D9D417E65506ED88249E
- /data/media/####/B8238E98989162A1F912D724F7B87243
- /data/media/####/C06E266296C7829F781FDB092AC787F1 (deleted)
- /data/media/####/C06E266296C7829F781FDB092AC787F1.jar
- /data/media/####/C06E266296C7829F781FDB092AC787F1.temp
- /data/media/####/F1B22AD36D1D0BEFCEC031A06B39395E.temp
- /data/media/####/F1B22AD36D1D0BEFCEC031A06B39395E.zip
- /data/media/####/F1C43ED4C97298FF8B386312B3CF7C72.temp
- /data/media/####/F1C43ED4C97298FF8B386312B3CF7C72.zip
- /data/media/####/_pn
- /data/media/####/_shn
- /data/media/####/buntutu.jaru
- /data/media/####/com.ly.sjm.d20190125539
- /data/media/####/journal
- /data/media/####/journal.tmp
- /data/media/####/od
- /data/media/####/plugin.apk
- /data/media/####/text718bcc1d32b619bf5c250d63b8315b09
- /data/media/####/texta8949047e9418a9f9e83634298671836
- /data/media/####/z.jar
Другие:
Запускает следующие shell-скрипты:
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --debuggable --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_jar/lpbia.jar --oat-fd=52 --oat-location=/data/user/0/<Package>/app_dex/lpbia.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --debuggable --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_jifrjf_odex/webviewtest.jar --oat-fd=33 --oat-location=/data/user/0/<Package>/app_jifrjf_odex/webviewtest.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --debuggable --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/md/a4b645a09e1352ed9a43ff469655db6d_3_1_5.zip --oat-fd=144 --oat-location=/data/user/0/<Package>/app_jar/a4b645a09e1352ed9a43ff469655db6d_3_1_5.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --debuggable --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/ob/<Package>/bgao/0BFC984111839B46E362B04EA10E322D.jar --oat-fd=39 --oat-location=/data/user/0/<Package>/files/0BFC984111839B46E362B04EA10E322D.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --debuggable --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/ob/<Package>/bgao/96D363AD4F05B0EF5EE8D629DB6A972D.jar --oat-fd=58 --oat-location=/data/user/0/<Package>/files/96D363AD4F05B0EF5EE8D629DB6A972D.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --debuggable --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/ob/<Package>/bgao/C06E266296C7829F781FDB092AC787F1.jar --oat-fd=67 --oat-location=/data/user/0/<Package>/files/C06E266296C7829F781FDB092AC787F1.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --debuggable --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/buntutu_r/buntutu.jar --oat-fd=36 --oat-location=/data/user/0/com.android.wifimanager/app__mmnwn/buntutu.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --debuggable --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/buntutu_r/buntutu.jar --oat-fd=41 --oat-location=/data/user/0/com.android.wifimanager/app__mmnwn/buntutu.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/.sezhw/huiqcoxg.jar --oat-fd=51 --oat-location=/data/user/0/<Package>/.sezhw/huiqcoxg.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/qo/<Package>/tbpn/F1B22AD36D1D0BEFCEC031A06B39395E.zip --oat-fd=51 --oat-location=/data/user/0/<Package>/files/F1B22AD36D1D0BEFCEC031A06B39395E.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/qo/<Package>/tbpn/F1C43ED4C97298FF8B386312B3CF7C72.zip --oat-fd=174 --oat-location=/data/user/0/<Package>/files/F1C43ED4C97298FF8B386312B3CF7C72.dex --compiler-filter=speed
- /system/bin/log -p d -t su /dev/com.android.settings/.socket3760
- /system/bin/log -p d -t su /dev/com.android.settings/.socket4622
- /system/bin/log -p d -t su 10066 /system/bin/app_process32 executing 0 /system/bin/sh using binary /system/bin/sh : sh
- /system/bin/log -p d -t su 10067 /system/bin/app_process64 executing 0 /system/bin/sh using binary /system/bin/sh : sh
- /system/bin/log -p d -t su child exited
- /system/bin/log -p d -t su client exited 0
- /system/bin/log -p d -t su connecting client 3746
- /system/bin/log -p d -t su connecting client 4044
- /system/bin/log -p d -t su connecting client 4197
- /system/bin/log -p d -t su connecting client 4604
- /system/bin/log -p d -t su connecting client 4752
- /system/bin/log -p d -t su connecting client 5009
- /system/bin/log -p d -t su connecting client 5434
- /system/bin/log -p d -t su connecting client 5454
- /system/bin/log -p d -t su connecting client 5463
- /system/bin/log -p d -t su connecting client 5661
- /system/bin/log -p d -t su db allowed
- /system/bin/log -p d -t su remote args: 1
- /system/bin/log -p d -t su remote pid: 3746
- /system/bin/log -p d -t su remote pid: 4044
- /system/bin/log -p d -t su remote pid: 4197
- /system/bin/log -p d -t su remote pid: 4604
- /system/bin/log -p d -t su remote pid: 4752
- /system/bin/log -p d -t su remote pid: 5009
- /system/bin/log -p d -t su remote pid: 5434
- /system/bin/log -p d -t su remote pid: 5454
- /system/bin/log -p d -t su remote pid: 5463
- /system/bin/log -p d -t su remote pid: 5661
- /system/bin/log -p d -t su remote pts_slave:
- /system/bin/log -p d -t su remote req pid: 3488
- /system/bin/log -p d -t su remote req pid: 3877
- /system/bin/log -p d -t su remote req pid: 4361
- /system/bin/log -p d -t su remote req pid: 4548
- /system/bin/log -p d -t su remote req pid: 4824
- /system/bin/log -p d -t su remote req pid: 5391
- /system/bin/log -p d -t su remote uid: 10066
- /system/bin/log -p d -t su remote uid: 10067
- /system/bin/log -p d -t su sending code
- /system/bin/log -p d -t su starting daemon client 10066 10066
- /system/bin/log -p d -t su starting daemon client 10067 10067
- /system/bin/log -p d -t su su invoked.
- /system/bin/log -p d -t su waiting for child exit
- /system/bin/log -p d -t su waiting for user
- /system/bin/log -p e -t su sqlite3 open /data/user_de/0/com.android.settings/databases/su.sqlite failure: 14
- /system/bin/sh
- /system/bin/su
- app_process system/bin com.google.provider.vendor.tool.Main /storage/emulated/0/goog1e/data/plugin.apk
- cat /proc/version
- cat /sys/class/android_usb/android0/idProduct
- cat /sys/class/android_usb/android0/idVendor
- cat /sys/class/net/wlan0/address
- getprop
- getprop ro.board.platform
- getprop ro.product.cpu.abi
- ls -l /dev
- ls -l /dev/__properties__
- ls -l /dev/block
- ls -l /dev/block/pci
- ls -l /dev/block/pci/pci0000:00
- ls -l /dev/block/pci/pci0000:00/0000:00:01.1
- ls -l /dev/block/pci/pci0000:00/0000:00:01.1/by-num
- ls -l /dev/block/vold
- ls -l /dev/bus
- ls -l /dev/bus/usb
- ls -l /dev/bus/usb/001
- ls -l /dev/com.android.settings
- ls -l /dev/com.android.settings.daemon
- ls -l /dev/cpuctl
- ls -l /dev/cpuset
- ls -l /dev/cpuset/background
- ls -l /dev/cpuset/foreground
- ls -l /dev/cpuset/foreground/boost
- ls -l /dev/cpuset/system-background
- ls -l /dev/cpuset/top-app
- ls -l /dev/fscklogs
- ls -l /dev/graphics
- ls -l /dev/input
- ls -l /dev/memcg
- ls -l /dev/memcg/apps
- ls -l /dev/pts
- ls -l /dev/snd
- ls -l /dev/socket
- ls -l /dev/stune
- ls -l /dev/stune/background
- ls -l /dev/stune/foreground
- ls -l /dev/stune/top-app
- ls -l /system/bin/su
- ps
- sh
- sh -c cat /sys/block/mmcblk0/device/cid
- sh -c cat /sys/class/net/wlan0/address
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- DES
- DES-CBC-PKCS5Padding
- DESede
- RSA-None-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- DES
- DES-CBC-PKCS5Padding
- DESede
- RSA-None-PKCS1Padding
Использует повышенные привилегии.
Осуществляет доступ к приватному интерфейсу ITelephony.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
Получает информацию об отправленых/принятых SMS.
