Android.DownLoader.4882

Техническая информация

Вредоносные функции:

Выполняет код следующих детектируемых угроз:

Android.Click.311.origin
Android.DownLoader.906.origin
Android.DownLoader.960.origin
Android.Mobifun.11.origin
Android.Mobifun.29.origin
Android.Mobifun.30.origin
Android.RemoteCode.6122
Android.Triada.4567
Android.Triada.467.origin
Android.Xiny.293.origin
Android.Xiny.5411

Загружает из Интернета следующие детектируемые угрозы:

Android.Click.311.origin
Android.DownLoader.906.origin
Android.RemoteCode.6122

Сетевая активность:

Подключается к:

UDP(DNS) 8####.8.4.4:53
TCP(HTTP/1.1) x####.g####.com:8808
TCP(HTTP/1.1) 72.14.1####.42:80
TCP(HTTP/1.1) w0####.iw####.com:12038
TCP(HTTP/1.1) log.koapk####.com:80
TCP(HTTP/1.1) new.faceboo####.com:80
TCP(HTTP/1.1) qs####.1k####.com:11027
TCP(HTTP/1.1) 13.2####.16.115:8081
TCP(HTTP/1.1) 5.z####.top:80
TCP(HTTP/1.1) jz####.mc####.com:12029
TCP(HTTP/1.1) api.applove####.com:80
TCP(HTTP/1.1) 1e####.23####.com:11027
TCP(HTTP/1.1) z.c####.com:80
TCP(HTTP/1.1) api.bi####.com:80
TCP(HTTP/1.1) l.faceboo####.com:80
TCP(HTTP/1.1) sty.zk####.com:80
TCP(HTTP/1.1) d####.dd7####.com:80
TCP(HTTP/1.1) y####.k8####.com:80
TCP(HTTP/1.1) s####.b####.com:80
TCP(HTTP/1.1) dy.kr.wildpet####.info:80
TCP(HTTP/1.1) v2####.98####.com:10091
TCP(HTTP/1.1) ks####.3q####.com:12038
TCP(TLS/1.0) ti####.c####.l####.####.com:443
TCP(TLS/1.0) and####.google####.com:443
TCP(TLS/1.0) wcf.seven####.com:443
TCP(TLS/1.0) safebro####.google####.com:443
TCP(TLS/1.0) 1####.217.17.106:443
TCP(TLS/1.0) 1####.217.17.74:443
TCP(TLS/1.0) 1####.217.17.142:443
TCP(TLS/1.0) instant####.google####.com:443
TCP(TLS/1.0) datasta####.zhuifen####.top:443
TCP(TLS/1.0) md####.google####.com:443
TCP(TLS/1.0) p####.google####.com:443
TCP(TLS/1.0) h####.b####.com:443
TCP(TLS/1.0) lp.cooktra####.com:443
TCP(TLS/1.2) 1####.217.17.74:443
TCP(TLS/1.2) 1####.217.17.142:443
TCP(TLS/1.2) 1####.217.19.195:443

Запросы DNS:

1e####.23####.com
5.z####.top
and####.google####.com
api.applove####.com
api.bi####.com
cdn.xiaoshu####.net
d####.dd7####.com
d.faceboo####.com
datasta####.zhuifen####.top
dy.kr.wildpet####.info
h####.b####.com
instant####.google####.com
jz####.mc####.com
ks####.3q####.com
l.faceboo####.com
log.koapk####.com
lp.cooktra####.com
md####.google####.com
new.faceboo####.com
p####.google####.com
qs####.1k####.com
r.faceboo####.com
s####.b####.com
safebro####.google####.com
sty.zk####.com
v2####.98####.com
w0####.iw####.com
wcf.seven####.com
x####.g####.com
x####.g####.com
y####.k8####.com
z12.c####.com
z2.c####.com
z3.c####.com
z5.c####.com
z6.c####.com

Запросы HTTP GET:

5.z####.top/thirdsdk/flowcashpack/9/00012301135.jar
api.applove####.com/api/v3/cache/get?osv=####&srnc=####&token=####&ds=##...
api.applove####.com/api/v3/search/get?osv=####&token=####&pm=####&os=###...
api.applove####.com/api/v3/template/get?slot_id=####&update_time=####&us...
d####.dd7####.com/upload/hw/D10049dex20190529.jar
d####.dd7####.com/upload/hw/batdex20191010.jar
d####.dd7####.com/upload/hw/c1005dex20190527.jar
d####.dd7####.com/upload/hw/ghEC20200430.jar
d####.dd7####.com/upload/hw/h5dj202003243.jar
d####.dd7####.com/upload/hw/lsdk20200506.jar
d####.dd7####.com/upload/hw/mf20200508.jar
s####.b####.com/redirect?s=####&at=####&rt=####&s1=####
x####.g####.com:8808/a/e?a=####
y####.k8####.com/dtjz/Smobi708.jar
y####.k8####.com/dtjz/start_YYAgbaPhsCvUXUN_8780_0010_dex.jar
y####.k8####.com/dtjz/yanjie506.jar
z.c####.com/stat.htm?id=####&cnzz_eid=####

Запросы HTTP POST:

1e####.23####.com:11027/mskeww/
api.bi####.com/un
dy.kr.wildpet####.info/dykr/update
jz####.mc####.com:12029/hfdlls/
jz####.mc####.com:12029/i3v8nb/
jz####.mc####.com:12029/lfkdnr/
ks####.3q####.com:12038/neisdop/
ks####.3q####.com:12038/pwjdaae/
l.faceboo####.com/index.php?r=####
log.koapk####.com/pgm/sr/gm/gy
new.faceboo####.com/index.php?r=####
qs####.1k####.com:11027/kd92kx/
sty.zk####.com/cc/v1/api?sid=####
v2####.98####.com:10091/wisdom/marking
w0####.iw####.com:12038/iowncjk/
w0####.iw####.com:12038/neisdop/
w0####.iw####.com:12038/pwjdaae/
x####.g####.com:8808/a/f

Изменения в файловой системе:

Создает следующие файлы:

/data/data/####/.confd
/data/data/####/.confd-journal
/data/data/####/.mtj_timestamp
/data/data/####/0437750A541C5BE283568783752E76EF.xml
/data/data/####/06a36b34d09d11ea9799506b4b12c7603ccb91620c4e893...84.dex
/data/data/####/06a36b34d09d11ea9799506b4b12c7603ccb91620c4e893...84.jar
/data/data/####/06a36b34d09d11ea9799506b4b12c7603ccb91620c4e893...leted)
/data/data/####/1.dex
/data/data/####/1.dex.flock (deleted)
/data/data/####/1.jar
/data/data/####/2581d657670b72e81ce5f5a6885f38d4
/data/data/####/2f567156-81ac-4947-86f0-af9e77b7ba0b.dex
/data/data/####/2f567156-81ac-4947-86f0-af9e77b7ba0b.dex.flock (deleted)
/data/data/####/2f567156-81ac-4947-86f0-af9e77b7ba0b.jar
/data/data/####/46DC26FDAF2A2B5762075BE4D26F5990.dex
/data/data/####/46DC26FDAF2A2B5762075BE4D26F5990.dex.flock (deleted)
/data/data/####/548ec96436224a838f0ca768dd8f0c18
/data/data/####/55C989A3DB37951DE30E6ED72D213A48.xml
/data/data/####/6342d0610af80df61be9346badebbf04.d
/data/data/####/6616f972f9884e301cd740268cfdf343
/data/data/####/667A650F515E907A84F2F6467C1A6A56.xml
/data/data/####/6B59C67F4E3E07A0E22570B1D54BDC87.xml
/data/data/####/7cfba443c7065e4f87058f05b248403d.d
/data/data/####/8083FF58735015297E7624C9CFAC3D8C.xml
/data/data/####/87003F5AD19586578AFAB0588EE88573.xml
/data/data/####/958ee8b1ed1d4393_0
/data/data/####/B0461306D11662B650D268206A149C97.dex
/data/data/####/B0461306D11662B650D268206A149C97.dex.flock (deleted)
/data/data/####/Cookies-journal
/data/data/####/D10049dex20190529.dex
/data/data/####/D10049dex20190529.dex.flock (deleted)
/data/data/####/D359CD2C2147E5E69F69A135B1F939AB.dex
/data/data/####/D359CD2C2147E5E69F69A135B1F939AB.dex.flock (deleted)
/data/data/####/DE38BB7D15A7DC6F5FDD4808DE13AAFC.dex
/data/data/####/DE38BB7D15A7DC6F5FDD4808DE13AAFC.dex.flock (deleted)
/data/data/####/MobikokCommonConfig.xml
/data/data/####/MobikokDeviceConfig.xml
/data/data/####/NDIOSJD.xml
/data/data/####/WebViewChromiumPrefs.xml
/data/data/####/__Baidu_Stat_SDK_SendRem.xml
/data/data/####/__Baidu_Stat_SDK_SendRem.xml.bak
/data/data/####/__local_ap_info_cache.json
/data/data/####/__local_last_session.json
/data/data/####/__local_stat_cache.json
/data/data/####/__send_data_1596172839557
/data/data/####/__send_data_1596172932221
/data/data/####/_p.xml
/data/data/####/_sh.xml
/data/data/####/as_aa.xml
/data/data/####/awssw2qw.xml
/data/data/####/awssw2qw.xml.bak
/data/data/####/awssw2qw.xml.bak (deleted)
/data/data/####/baidu_mtj_sdk_record.xml
/data/data/####/base.apk
/data/data/####/base.dex
/data/data/####/base.dex.flock (deleted)
/data/data/####/batdex20191010.dex
/data/data/####/batdex20191010.dex.flock (deleted)
/data/data/####/c1005dex20190527.dex
/data/data/####/c1005dex20190527.dex.flock (deleted)
/data/data/####/c14d2ea416cc4f8ae8e1dc95eaa2afe7.xml
/data/data/####/c14d2ea416cc4f8ae8e1dc95eaa2afe7.xml.bak
/data/data/####/com.bb.cc.fff_ct_default.xml
/data/data/####/com.bb.cc.fff_preferences.xml
/data/data/####/com.bb.cc.fffye_after_install_pkg.xml
/data/data/####/d393dk3e3.xml
/data/data/####/d393dk3e3.xml.bak
/data/data/####/data.dex
/data/data/####/data.dex.flock (deleted)
/data/data/####/data.jar
/data/data/####/dtjzCommonConfig.xml
/data/data/####/dtjzCommonConfig.xml.bak
/data/data/####/dtjzDeviceConfig.xml
/data/data/####/fdfaasssdf.data-journal
/data/data/####/gameid
/data/data/####/gameid.zip
/data/data/####/gfmi.xml
/data/data/####/ghEC20200430.dex
/data/data/####/ghEC20200430.dex.flock (deleted)
/data/data/####/h5dj202003243.dex
/data/data/####/h5dj202003243.dex.flock (deleted)
/data/data/####/hvaa.xml
/data/data/####/index
/data/data/####/libcuid.so
/data/data/####/libnnc.so
/data/data/####/libzkus.so
/data/data/####/libzkus.so-32
/data/data/####/libzkus.so-64
/data/data/####/lob.xml
/data/data/####/lob.xml.bak
/data/data/####/lsdk20200506.dex
/data/data/####/lsdk20200506.dex.flock (deleted)
/data/data/####/m2020071317.apk
/data/data/####/m2020071317.dex
/data/data/####/m2020071317.dex.flock (deleted)
/data/data/####/metrics_guid
/data/data/####/mf20200508.dex
/data/data/####/mf20200508.dex.flock (deleted)
/data/data/####/ms.xml
/data/data/####/ocbk.png
/data/data/####/pl_config.xml
/data/data/####/plug.dataBase
/data/data/####/plug.dataBase-journal
/data/data/####/proc_auxv
/data/data/####/pvdwjpkl.dex (deleted)
/data/data/####/pvdwjpkl.dex.flock (deleted)
/data/data/####/pvdwjpkl.jar
/data/data/####/rhqhyb
/data/data/####/rsw3es.data-journal
/data/data/####/s2020071317.apk
/data/data/####/s2020071317.dex
/data/data/####/s2020071317.dex.flock (deleted)
/data/data/####/sdfasdfas.xml
/data/data/####/simple-main-msg.dat
/data/data/####/simple-main-req.dat
/data/data/####/temp.zip (deleted)
/data/data/####/the-real-index
/data/data/####/uuid_data.xml
/data/data/####/ver.ini.xml
/data/data/####/ver.ini.xml.bak
/data/data/####/vv2-dex.dex
/data/data/####/vv2-dex.dex.flock (deleted)
/data/data/####/vv2-dex.jar
/data/data/####/wdc_data.xml
/data/data/####/wpd.db
/data/data/####/wpd.db-journal
/data/data/####/xsny.xml
/data/data/####/yd_config_c.xml
/data/data/####/yf.xml
/data/data/####/yinv.dex (deleted)
/data/data/####/yinv.dex.flock (deleted)
/data/data/####/yinv.jar
/data/data/####/yoktmi
/data/data/####/zSSpKVf.dex
/data/data/####/zSSpKVf.dex.flock (deleted)
/data/data/####/zSSpKVf.jar
/data/media/####/.cg
/data/media/####/.cuid2
/data/media/####/.fbjl
/data/media/####/.pqqc
/data/media/####/.udusid
/data/media/####/.yapu
/data/media/####/45BF4E4CCCFB8CFAE7A080BA6489F131
/data/media/####/46DC26FDAF2A2B5762075BE4D26F5990.temp
/data/media/####/46DC26FDAF2A2B5762075BE4D26F5990.zip
/data/media/####/8318AB7ADC4120BC1F1AFA579C8531A5
/data/media/####/8318AB7ADC4120BC1F1AFA579C8531A5.temp
/data/media/####/8318AB7ADC4120BC1F1AFA579C8531A5.zip
/data/media/####/8B3E251E6EA009ED769690F7AD8AC6E7
/data/media/####/9302250EE836CFE24DE53F3CF78FDBB9
/data/media/####/B0461306D11662B650D268206A149C97
/data/media/####/B0461306D11662B650D268206A149C97.jar
/data/media/####/B0461306D11662B650D268206A149C97.temp
/data/media/####/Config.txt
/data/media/####/D10049dex20190529.jar
/data/media/####/D359CD2C2147E5E69F69A135B1F939AB.jar
/data/media/####/D359CD2C2147E5E69F69A135B1F939AB.temp
/data/media/####/DE38BB7D15A7DC6F5FDD4808DE13AAFC (deleted)
/data/media/####/DE38BB7D15A7DC6F5FDD4808DE13AAFC.jar
/data/media/####/DE38BB7D15A7DC6F5FDD4808DE13AAFC.temp
/data/media/####/EE46838F_E10193D4.txt
/data/media/####/FC092CD7AD476729BE96FA14ED8A06A4
/data/media/####/_pn
/data/media/####/_shn
/data/media/####/asdjfadsfjsaio.so
/data/media/####/batdex20191010.jar
/data/media/####/c1005dex20190527.jar
/data/media/####/ghEC20200430.jar
/data/media/####/h5dj202003243.jar
/data/media/####/lsdk20200506.jar
/data/media/####/mf20200508.jar
/data/misc/####/primary.prof

Другие:

Запускает следующие shell-скрипты:

/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/.xkcvn/pvdwjpkl.jar --oat-fd=101 --oat-location=/data/user/0/<Package>/.xkcvn/pvdwjpkl.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/cache/1588917811675679998-1820177831/1.jar --oat-fd=104 --oat-location=/data/user/0/<Package>/cache/1588917811675679998-1820177831/1.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/06a36b34d09d11ea9799506b4b12c7603ccb91620c4e89301972f39ffbec5b84.jar --oat-fd=101 --oat-location=/data/user/0/<Package>/app_shellObj/06a36b34d09d11ea9799506b4b12c7603ccb91620c4e89301972f39ffbec5b84.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/2f567156-81ac-4947-86f0-af9e77b7ba0b.jar --oat-fd=90 --oat-location=/data/user/0/<Package>/files/2f567156-81ac-4947-86f0-af9e77b7ba0b.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/data.jar --oat-fd=103 --oat-location=/data/user/0/<Package>/files/data.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/data.jar --oat-fd=137 --oat-location=/data/user/0/<Package>/files/data.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/data.jar --oat-fd=97 --oat-location=/data/user/0/<Package>/files/data.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/m2020071317.apk --oat-fd=98 --oat-location=/data/user/0/<Package>/app_dex/m2020071317.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/s2020071317.apk --oat-fd=98 --oat-location=/data/user/0/<Package>/app_dex/s2020071317.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/ugaswe08A1F6A4772CA5B5AB6ECE2499A842BE/rhqhybD/yinv.jar --oat-fd=106 --oat-location=/data/user/0/<Package>/files/ugaswe08A1F6A4772CA5B5AB6ECE2499A842BE/rhqhybD/yinv.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/vv2-dex.jar --oat-fd=40 --oat-location=/data/user/0/<Package>/cache/1596172925904/vv2-dex.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/vv2-dex.jar --oat-fd=41 --oat-location=/data/user/0/<Package>/cache/1596172828533/vv2-dex.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/vv2-dex.jar --oat-fd=41 --oat-location=/data/user/0/<Package>/cache/1596172833751/vv2-dex.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/oat/arm/3276/base.apk --oat-fd=99 --oat-location=/data/user/0/<Package>/oat/arm/3276/base.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/D10049dex20190529.jar --oat-fd=115 --oat-location=/data/user/0/<Package>/D10049dex20190529.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/batdex20191010.jar --oat-fd=107 --oat-location=/data/user/0/<Package>/batdex20191010.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/c1005dex20190527.jar --oat-fd=113 --oat-location=/data/user/0/<Package>/c1005dex20190527.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/ghEC20200430.jar --oat-fd=98 --oat-location=/data/user/0/<Package>/ghEC20200430.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/h5dj202003243.jar --oat-fd=103 --oat-location=/data/user/0/<Package>/h5dj202003243.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/lsdk20200506.jar --oat-fd=118 --oat-location=/data/user/0/<Package>/lsdk20200506.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/mf20200508.jar --oat-fd=111 --oat-location=/data/user/0/<Package>/mf20200508.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/dy/<Package>/wsve/B0461306D11662B650D268206A149C97.jar --oat-fd=117 --oat-location=/data/user/0/<Package>/files/B0461306D11662B650D268206A149C97.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/dy/<Package>/wsve/DE38BB7D15A7DC6F5FDD4808DE13AAFC.jar --oat-fd=108 --oat-location=/data/user/0/<Package>/files/DE38BB7D15A7DC6F5FDD4808DE13AAFC.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/lli/<Package>/as/46DC26FDAF2A2B5762075BE4D26F5990.zip --oat-fd=84 --oat-location=/data/user/0/<Package>/files/46DC26FDAF2A2B5762075BE4D26F5990.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/raes/<Package>/mb/D359CD2C2147E5E69F69A135B1F939AB.jar --oat-fd=91 --oat-location=/data/user/0/<Package>/files/D359CD2C2147E5E69F69A135B1F939AB.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/raes/<Package>/mb/DE38BB7D15A7DC6F5FDD4808DE13AAFC.jar --oat-fd=96 --oat-location=/data/user/0/<Package>/files/DE38BB7D15A7DC6F5FDD4808DE13AAFC.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/vrt/<Package>/ocae/8318AB7ADC4120BC1F1AFA579C8531A5.zip --oat-fd=118 --oat-location=/data/user/0/<Package>/files/8318AB7ADC4120BC1F1AFA579C8531A5.dex --compiler-filter=speed
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=<Package Folder>/extfiles/zSSpKVf.jar --oat-fd=86 --oat-location=<Package Folder>/extfiles/zSSpKVf.dex --compiler-filter=speed
cat /proc/version
cat /sys/class/net/wlan0/address
getprop
getprop ro.board.platform
getprop ro.build.display.id
getprop ro.build.version.emui
getprop ro.build.version.opporom
getprop ro.miui.ui.version.name
getprop ro.product.cpu.abi
getprop ro.smartisan.version
getprop ro.vivo.os.version
ps
sh

Загружает динамические библиотеки:

yoktmi

Использует следующие алгоритмы для шифрования данных:

AES
AES-CBC-PKCS5Padding
AES-ECB-PKCS5Padding
DES
DES-CBC-PKCS5Padding
RSA-ECB-PKCS1Padding
RSA-None-PKCS1Padding

Использует следующие алгоритмы для расшифровки данных:

AES
AES-CBC-PKCS5Padding
AES-CFB-NoPadding
DES
DES-CBC-PKCS5Padding
RSA-None-PKCS1Padding
desede-CBC-PKCS5Padding

Осуществляет доступ к приватному интерфейсу ITelephony.

Получает информацию о местоположении.

Получает информацию о сети.

Получает информацию о телефоне (номер, IMEI и т. д.).

Получает информацию об установленных приложениях.

Добавляет задания в системный планировщик.

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней