Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.RemoteCode.6122
- Android.Triada.4567
- Android.Triada.510.origin
- Android.Triada.566.origin
Сетевая активность:
Подключается к:
- UDP(DNS) 8####.8.4.4:53
- TCP(HTTP/1.1) api####.appclic####.com:80
- TCP(HTTP/1.1) t####.omob####.com:80
- TCP(HTTP/1.1) sdk.appclic####.com:80
- TCP(HTTP/1.1) sdk####.appclic####.com:80
- TCP(HTTP/1.1) cdn.tab####.com:80
- TCP(HTTP/1.1) s####.appclic####.com:80
- TCP(HTTP/1.1) hw9####.new####.com:80
- TCP(HTTP/1.1) cpi####.mobisma####.com:80
- TCP(HTTP/1.1) x####.me####.com:10248
- TCP(HTTP/1.1) t####.knight####.com:80
- TCP(HTTP/1.1) fortune####.fus####.com:80
- TCP(HTTP/1.1) sdk.tarrdig####.net:9001
- TCP(HTTP/1.1) ent####.xyz:80
- TCP(HTTP/1.1) y####.k8####.com:80
- TCP(HTTP/1.1) l####.392####.com:80
- TCP(HTTP/1.1) z.c####.com:80
- TCP(HTTP/1.1) api.mob####.cn:80
- TCP(HTTP/1.1) lo####.suibyu####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) c####.6k####.com:10238
- TCP(HTTP/1.1) c####.tbnet####.im:80
- TCP(HTTP/1.1) api.applove####.com:80
- TCP(HTTP/1.1) do####.offerst####.net:80
- TCP(TLS/1.0) ot####.x2.tc.####.com:443
- TCP(TLS/1.0) md####.google####.com:443
- TCP(TLS/1.0) mobotto####.ho####.com:443
- TCP(TLS/1.0) lg####.contex####.com:443
- TCP(TLS/1.0) pag####.googles####.com:443
- TCP(TLS/1.0) trac####.yoh####.com:443
- TCP(TLS/1.0) wi####.opgdig####.com:443
- TCP(TLS/1.0) jsc.adske####.co.uk:443
- TCP(TLS/1.0) www.gst####.com:443
- TCP(TLS/1.0) active####.ho####.com:443
- TCP(TLS/1.0) instant####.google####.com:443
- TCP(TLS/1.0) idu####.qini####.com:443
- TCP(TLS/1.0) dis.cr####.com:443
- TCP(TLS/1.0) f####.google####.com:443
- TCP(TLS/1.0) mookom####.g2####.com:443
- TCP(TLS/1.0) fo####.site:443
- TCP(TLS/1.0) dsp.adke####.com:443
- TCP(TLS/1.0) e####.vap.l####.com:443
- TCP(TLS/1.0) p####.google####.com:443
- TCP(TLS/1.0) www.recap####.net:443
- TCP(TLS/1.0) wcf.seven####.com:443
- TCP(TLS/1.0) 1####.250.179.138:443
- TCP(TLS/1.0) appins####.click:443
- TCP(TLS/1.0) al####.u####.com:443
- TCP(TLS/1.0) cds.tab####.com:443
- TCP(TLS/1.0) www.google####.com:443
- TCP(TLS/1.0) 1####.194.73.95:443
- TCP(TLS/1.0) cm.g.doublec####.net:443
- TCP(TLS/1.0) p####.rubicon####.com:443
- TCP(TLS/1.0) www.googlet####.com:443
- TCP(TLS/1.0) btt####.com:443
- TCP(TLS/1.0) s####.g.doublec####.net:443
- TCP(TLS/1.0) www.google-####.com:443
- TCP(TLS/1.0) i.y####.com:443
- TCP(TLS/1.0) sb.scoreca####.com.####.net:443
- TCP(TLS/1.0) ogs.go####.com:443
- TCP(TLS/1.0) id5-####.com:443
- TCP(TLS/1.0) am-####.tab####.com:443
- TCP(TLS/1.0) e1.em####.com:443
- TCP(TLS/1.0) pug-####.pubm####.com:443
- TCP(TLS/1.0) safebro####.google####.com:443
- TCP(TLS/1.0) 1142864####.cn-hong####.fc.####.com:443
- TCP(TLS/1.0) a####.cloudf####.com:443
- TCP(TLS/1.0) cdn.jsde####.net:443
- TCP(TLS/1.0) app-mea####.com:443
- TCP(TLS/1.0) 2-01-27####.cdx.ced####.net:443
- TCP(TLS/1.0) packag####.oss-ap-####.aliy####.com:443
- TCP(TLS/1.0) sett####.crashly####.com:443
- TCP(TLS/1.0) gd.a.s####.com:443
- TCP(TLS/1.0) t####.mialltr####.com:443
- TCP(TLS/1.0) s.c.ap####.net:443
- TCP(TLS/1.0) eye.recap####.xyz:443
- TCP(TLS/1.0) x.bidsw####.net:443
- TCP(TLS/1.0) yun.b####.com:443
- TCP(TLS/1.0) f####.gst####.com:443
- TCP(TLS/1.0) 77j####.mapura####.com:443
- TCP(TLS/1.0) cdn.tab####.com:443
- TCP(TLS/1.0) do####.geo.ipo####.net:443
- TCP(TLS/1.0) cm.ste####.com:443
- TCP(TLS/1.0) g.geo####.com:443
- TCP(TLS/1.0) h####.b####.com:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) m####.ad####.org:443
- TCP(TLS/1.0) lp.xl####.com:443
- TCP(TLS/1.2) safebro####.google####.com:443
- TCP(TLS/1.2) www.google####.com:443
- TCP(TLS/1.2) 64.2####.162.94:443
- TCP(TLS/1.2) sett####.crashly####.com:443
- TCP(TLS/1.2) 64.2####.165.100:443
- TCP(TLS/1.2) 1####.250.179.138:443
Запросы DNS:
- 77j####.mapura####.com
- a####.cloudf####.com
- a####.go####.com
- active####.ho####.com
- and####.b####.qq.com
- api####.appclic####.com
- api.applove####.com
- api.crashly####.com
- api.crashly####.com.####.8
- api.dc.tkcre####.com
- api.mob####.cn
- app-mea####.com
- appins####.click
- bh.contex####.com
- btt####.com
- c####.6k####.com
- c####.tbnet####.im
- c.adske####.co.uk
- cdn.adske####.co.uk
- cdn.jsde####.net
- cdn.static####.org
- cdn.tab####.com
- cds.tab####.com
- ce.l####.com
- cm.adske####.co.uk
- cm.g.doublec####.net
- cm.ste####.com
- cpi####.mobisma####.com
- dis.cr####.com
- do####.offerst####.net
- dsp.adke####.com
- e1.em####.com
- ent####.xyz
- eye.recap####.xyz
- f####.google####.com
- f####.gst####.com
- fo####.site
- fortune####.fus####.com
- ga-v####.appclic####.com
- h####.b####.com
- h5s####.com
- hlg.ca####.com
- hlg.ca####.com.####.8
- hw.b####.com
- hw9####.new####.com
- i.y####.com
- ib.a####.com
- id5-####.com
- im####.tab####.com
- instant####.google####.com
- jsc.adske####.co.uk
- l####.392####.com
- lo####.suibyu####.com
- lp.xl####.com
- m####.ad####.org
- m####.tab####.com
- md####.google####.com
- mobotto####.ho####.com
- mookom####.g2####.com
- ogs.go####.com
- p####.google####.com
- p####.rubicon####.com
- packag####.oss-ap-####.aliy####.com
- pag####.googles####.com
- plb####.u####.com
- pv.s####.com
- rtb-c####.smartad####.com
- rtb.mfad####.com
- s####.adske####.co.uk
- s####.appclic####.com
- s####.g.doublec####.net
- s####.tab####.com
- s.b####.g####.com
- s.c.ap####.net
- safebro####.google####.com
- sb.scoreca####.com
- sdk####.appclic####.com
- sdk.appclic####.com
- sdk.tarrdig####.net
- serv####.adske####.co.uk
- sett####.crashly####.com
- sim####.pubm####.com
- syn####.tab####.com
- t####.knight####.com
- t####.mialltr####.com
- t####.omob####.com
- trac####.yoh####.com
- trc.tab####.com
- u####.u####.com
- wcf.seven####.com
- wi####.opgdig####.com
- www.go####.com
- www.google####.com
- www.google-####.com
- www.googlet####.com
- www.gst####.com
- www.recap####.net
- x####.me####.com
- x.bidsw####.net
- y####.k8####.com
- yun.b####.com
- z2.c####.com
Запросы HTTP GET:
- api####.appclic####.com/ad/user_model.js?time=####
- api.applove####.com/api/v3/cache/get?osv=####&srnc=####&token=####&ds=##...
- api.applove####.com/api/v3/search/get?osv=####&token=####&pm=####&os=###...
- api.applove####.com/api/v3/template/get?slot_id=####&update_time=####&us...
- api.mob####.cn/api_offline/click?adid=####&os=####&sub3=####&appid=####&...
- c####.tbnet####.im/click?id=####&aff=####&ost=####&click_id=####&aff_sub...
- cdn.tab####.com/libtrc/cashbox-network/loader.js
- cpi####.mobisma####.com/index.php?m=####&p=####&app_id=####&offer_id=###...
- do####.offerst####.net/index.php?offer_id=####&aff_id=####&aff_sub1=####...
- ent####.xyz/
- ent####.xyz/style/css/game1.css
- ent####.xyz/style/img/20210083
- ent####.xyz/style/img/20237522.jpg
- ent####.xyz/style/img/20237882.jpg
- ent####.xyz/style/img/20237981.jpg
- ent####.xyz/style/img/20238108.jpg
- ent####.xyz/style/img/20238115.jpg
- ent####.xyz/style/img/20612831
- ent####.xyz/style/img/loading.gif
- ent####.xyz/style/img/star.jpg
- ent####.xyz/style/js/jquery-3.1.1.min.js
- ent####.xyz/style/js/main.js
- fortune####.fus####.com/tl?sub_affid=####&a=####&device_id=####&aff_clic...
- l####.392####.com/detail?id=####
- l####.392####.com/images/2018102410560828114.jpg
- l####.392####.com/images/2018102410575146312.jpg
- l####.392####.com/images/2019072308210039350.png
- l####.392####.com/images/2019092306033792673.jpg
- l####.392####.com/static/dist/css/basis.min.css
- l####.392####.com/static/dist/css/detail-v2.min.css
- l####.392####.com/static/dist/js/quick.min.js
- l####.392####.com/static/dist/js/router.min.js
- lo####.suibyu####.com/android/v1/impression?slot=####&doimp=####&pkg=###...
- s####.appclic####.com/stg?channel=####&sdk=####
- sdk.appclic####.com/check?channel=####
- t####.knight####.com/click?id=####&aff=####&gaid=####&android_id=####&pk...
- t####.knight####.com/favicon.ico
- t####.omob####.com/favicon.ico
- t####.omob####.com/trace?aff=####&ost=####&click_id=####&gaid=####&aff_s...
- y####.k8####.com/hwyw/DUF378EFIE358T7GUET35T7.zip
- y####.k8####.com/hwyw/deahexwot.zip
- y####.k8####.com/zhuti/TurxyDrzt2021112yehuo.zip
- y####.k8####.com/zhuti/YDosdmwee910.zip
- z.c####.com/stat.htm?id=####&cnzz_eid=####
Запросы HTTP POST:
- and####.b####.qq.com/rqd/async?aid=####
- api####.appclic####.com/api.php?req=####
- c####.6k####.com:10238/2ejolc/
- c####.6k####.com:10238/dts57h/
- c####.6k####.com:10238/z2s8gh/
- hw9####.new####.com/api/activite
- sdk####.appclic####.com/log
- sdk.tarrdig####.net:9001/api/v1/cm.reqAd
- sdk.tarrdig####.net:9001/api/v1/cm.reqCfg
- sdk.tarrdig####.net:9001/api/v1/cm.reqOff
- sdk.tarrdig####.net:9001/api/v1/cm.reqUp
- x####.me####.com:10248/iysyxb/
- x####.me####.com:10248/ng1fxo/
- x####.me####.com:10248/pauumd/
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/-1049109633
- /data/data/####/-1992571865
- /data/data/####/-2037138971
- /data/data/####/-262406655
- /data/data/####/-328292786
- /data/data/####/-516085385
- /data/data/####/-691410456
- /data/data/####/.1667422066.apk
- /data/data/####/.1667422066.dex
- /data/data/####/.1667422066.dex.flock (deleted)
- /data/data/####/.2969407120.apk
- /data/data/####/.2969407120.dex
- /data/data/####/.2969407120.dex.flock (deleted)
- /data/data/####/.3477600307.apk
- /data/data/####/.3477600307.dex
- /data/data/####/.3477600307.dex.flock (deleted)
- /data/data/####/.imprint
- /data/data/####/.lcj
- /data/data/####/003164c565c6288c_0
- /data/data/####/0182e9416e82fb0e_0
- /data/data/####/03e43ad1522445c1_0
- /data/data/####/0583b02d1bf76819_0
- /data/data/####/0670bd93a9d6b0e5_0
- /data/data/####/0670bd93a9d6b0e5_1
- /data/data/####/067adaaa71a803df_0 (deleted)
- /data/data/####/06baf4f2065e283c_0
- /data/data/####/0afd4ca2744f63b3_0
- /data/data/####/0bf84911cd2499ec_0
- /data/data/####/0d8526776a999e05_0
- /data/data/####/0db70cda0e83b7fd_0
- /data/data/####/0e1e45f208d025f0_0
- /data/data/####/0e1e45f208d025f0_1
- /data/data/####/0e5bf16fcaad8f7a_0
- /data/data/####/0f9f0bd23d05e2e3_0
- /data/data/####/0f9f53b96fdfb1ac_0 (deleted)
- /data/data/####/0fd1ef3c5f93a9c9_0
- /data/data/####/1.dex
- /data/data/####/1.dex.flock (deleted)
- /data/data/####/1.zip
- /data/data/####/1037f29872c936f3_0 (deleted)
- /data/data/####/1102525432
- /data/data/####/1140477397
- /data/data/####/11515ad087f6df2a_0
- /data/data/####/141ba61949c81e63_0
- /data/data/####/1502509754
- /data/data/####/165084ee040b2cdb_0
- /data/data/####/165084ee040b2cdb_1
- /data/data/####/1720327200
- /data/data/####/1779956071
- /data/data/####/17db54cd7d4711c3_0
- /data/data/####/1975708158
- /data/data/####/1D302D3E6464EA39840D761291936A8C
- /data/data/####/1abbb9fc2520d6b0_0
- /data/data/####/1f1efe9f61f25121_0
- /data/data/####/2088cfd265db6fb1_0
- /data/data/####/23d04ad976c679d2_0
- /data/data/####/242CB7B15C8571D4EA3D3E825CCE2CC5
- /data/data/####/242CB7B15C8571D4EA3D3E825CCE2CC5.dex
- /data/data/####/242CB7B15C8571D4EA3D3E825CCE2CC5.dex.flock (deleted)
- /data/data/####/242CB7B15C8571D4EA3D3E825CCE2CC5.temp
- /data/data/####/242CB7B15C8571D4EA3D3E825CCE2CC5.zip
- /data/data/####/2540701e7842c829_0
- /data/data/####/273511acf38e385d_0 (deleted)
- /data/data/####/277ebf01bc2fe095_0
- /data/data/####/2940195bd9870d6e_0
- /data/data/####/2940195bd9870d6e_1
- /data/data/####/2c94aa1eb97be93e_0
- /data/data/####/2cbe0df5f1c6a26c_0
- /data/data/####/30454147d4e65cce_0
- /data/data/####/30454147d4e65cce_1
- /data/data/####/308bd972e08b9983_0
- /data/data/####/30aa20a46d0d03c5_0
- /data/data/####/32786e255a101d60_0
- /data/data/####/32786e255a101d60_1
- /data/data/####/3327275
- /data/data/####/33c0f731d062ce70_0
- /data/data/####/34662801
- /data/data/####/34ae427be5e588bd_0
- /data/data/####/35498c79f35ba6a7_0
- /data/data/####/37832e67ce776e7a_0
- /data/data/####/386566751
- /data/data/####/3A87DDCEF2ED56FB4A5C4A6696DC6813
- /data/data/####/3A87DDCEF2ED56FB4A5C4A6696DC6813.dex
- /data/data/####/3A87DDCEF2ED56FB4A5C4A6696DC6813.dex.flock (deleted)
- /data/data/####/3A87DDCEF2ED56FB4A5C4A6696DC6813.jar
- /data/data/####/3A87DDCEF2ED56FB4A5C4A6696DC6813.temp
- /data/data/####/3cb5e90482b018dc_0
- /data/data/####/3dabb45e25ffb353_0 (deleted)
- /data/data/####/3e33d02854d242c4_0 (deleted)
- /data/data/####/3ebbcda1150cd93e_0
- /data/data/####/3ebbcda1150cd93e_1
- /data/data/####/3f71003f1ed36bdd_0 (deleted)
- /data/data/####/3fd150224fa3af99_0
- /data/data/####/448d781f85cc680e_0
- /data/data/####/44d79e47136e2dd0_0 (deleted)
- /data/data/####/46ec6595805093a2_0 (deleted)
- /data/data/####/4724690a23e10f93_0
- /data/data/####/4853d85d1ce741d9_0
- /data/data/####/4864485a65392c4a_0
- /data/data/####/4d2c3e914393693d_0 (deleted)
- /data/data/####/4ee9e347bab91c48_0
- /data/data/####/4fb7e61418f842a1_0
- /data/data/####/501c4a0ce8ad0726_0
- /data/data/####/50332de0c2804e43_0
- /data/data/####/50332de0c2804e43_1
- /data/data/####/50e0d4711ffb384d_0
- /data/data/####/50e0d4711ffb384d_1
- /data/data/####/510c67be3e363643_0
- /data/data/####/5131b53505b4add5_0 (deleted)
- /data/data/####/52c79f92397b98f6_0
- /data/data/####/57168f3924ec4f63_0
- /data/data/####/57dc768aa6c59e2c_0
- /data/data/####/5835a5258b37fef7_0
- /data/data/####/5835a5258b37fef7_1
- /data/data/####/5948a2acb967018d_0
- /data/data/####/5c95d34e9f19c9ca_0
- /data/data/####/5ca50924ce3c5c59_0
- /data/data/####/5eeb7202efdc0a9a_0
- /data/data/####/5eeb7202efdc0a9a_1
- /data/data/####/61a0c176c7f5f365_0
- /data/data/####/62c494321950bdd3_0
- /data/data/####/6342d0610af80df61be9346badebbf04.d
- /data/data/####/63e8c04c-4013-4b7a-8cf5-37961fb2af58_classes.zip.temp
- /data/data/####/63e8c04c-4013-4b7a-8cf5-37961fb2af58release.apk (deleted)
- /data/data/####/64dc74b21759a3cd_0
- /data/data/####/65ec31be35a05c5a_0
- /data/data/####/662000785c02089c_0
- /data/data/####/662ed17f5208b439_0
- /data/data/####/668559d98a7f8d95_0
- /data/data/####/68783520b98f98e8_0
- /data/data/####/68a277983705b521_0
- /data/data/####/69150d63a100ed3d_0
- /data/data/####/693118558
- /data/data/####/6d93f18ca583c434_0
- /data/data/####/6ed40a6806a3cfd1_0 (deleted)
- /data/data/####/6f67dfcbe35a6c35_0 (deleted)
- /data/data/####/6ff700010d2e47c8_0
- /data/data/####/6ff700010d2e47c8_1
- /data/data/####/72233ac516513b85_0
- /data/data/####/735e0911ab158d7f_0
- /data/data/####/735e0911ab158d7f_1
- /data/data/####/75b48344fb2bf8c4_0
- /data/data/####/75b48344fb2bf8c4_1
- /data/data/####/7609f4c33ab4c2ce_0
- /data/data/####/7781f8a4e8c00f5d_0
- /data/data/####/781ea185fee7d931_0
- /data/data/####/794bfcea07ba1ede_0 (deleted)
- /data/data/####/796ed382ae3aa9c6_0
- /data/data/####/79acc5a4cae8ea78_0
- /data/data/####/7c14391470e65830_0
- /data/data/####/7c1554a5ee5fe940_0
- /data/data/####/7c1554a5ee5fe940_1
- /data/data/####/7c3b9920caaf3e97_0
- /data/data/####/7c3b9920caaf3e97_1
- /data/data/####/7cfba443c7065e4f87058f05b248403d.d
- /data/data/####/7fa0189ec6fcc873_0
- /data/data/####/805f15dc3cb6c4d8_0
- /data/data/####/80d2b996abf3b600_0 (deleted)
- /data/data/####/826586129
- /data/data/####/8315355b57d908ee_0
- /data/data/####/831ed113e6bf5ea8_0
- /data/data/####/836241ddd71ba8de_0 (deleted)
- /data/data/####/84c3a34ad710bcb2_0
- /data/data/####/84c3a34ad710bcb2_1
- /data/data/####/854351920
- /data/data/####/897db4e76c8bb166_0
- /data/data/####/89cab6e27dd3e5b7_0 (deleted)
- /data/data/####/8a16b4531af114da_0
- /data/data/####/8aa5f722afb80bd3_0
- /data/data/####/90746ed1df2d69b7_0
- /data/data/####/90e97be55d381e65_0
- /data/data/####/911f93058d5c65f6_0
- /data/data/####/91c0c99913c7021d_0
- /data/data/####/91d4b5c1b68861e3_0
- /data/data/####/93a98e8c1440f39b_0
- /data/data/####/93a98e8c1440f39b_1
- /data/data/####/94ad06b9acb66d91_0
- /data/data/####/94ad06b9acb66d91_1
- /data/data/####/94e017f426bb0c66_0
- /data/data/####/98FDECB17B837318717C64311D2C05D8
- /data/data/####/98FDECB17B837318717C64311D2C05D8.dex
- /data/data/####/98FDECB17B837318717C64311D2C05D8.dex.flock (deleted)
- /data/data/####/98FDECB17B837318717C64311D2C05D8.jar
- /data/data/####/98FDECB17B837318717C64311D2C05D8.temp
- /data/data/####/995c22cac41d4c69_0 (deleted)
- /data/data/####/9aa8701dab7f1a2e_0
- /data/data/####/9ab6132d9894c076_0 (deleted)
- /data/data/####/9db7831e032598b7_0
- /data/data/####/B54C278E87DB316B57126FD1F662E388
- /data/data/####/Cookies-journal
- /data/data/####/FB4499202F2098BCE86847A4C7A68257
- /data/data/####/FB4499202F2098BCE86847A4C7A68257.dex
- /data/data/####/FB4499202F2098BCE86847A4C7A68257.dex.flock (deleted)
- /data/data/####/FB4499202F2098BCE86847A4C7A68257.temp
- /data/data/####/FB4499202F2098BCE86847A4C7A68257.zip
- /data/data/####/UM_PROBE_DATA.xml
- /data/data/####/WebViewChromiumPrefs.xml
- /data/data/####/YAPATCH.MF
- /data/data/####/a038d983cc9b2c35_0
- /data/data/####/a065828a6f8879e8_0
- /data/data/####/a0fbfb75fd29afc0_0
- /data/data/####/a0fbfb75fd29afc0_1
- /data/data/####/a16f6f528fed5a8f_0 (deleted)
- /data/data/####/a1b338f1bc87f15b_0 (deleted)
- /data/data/####/a2053b5b3cb9a7f1_0
- /data/data/####/a2053b5b3cb9a7f1_1
- /data/data/####/a3a8cf82a31113ef_0 (deleted)
- /data/data/####/a3f3a8ec9803e615_0
- /data/data/####/a4dab7d278af89ae_0
- /data/data/####/a5ad2a71b61214d5_0
- /data/data/####/a5dccf5c-2c9a-4db9-b68b-730b8b4c5da2.dex
- /data/data/####/a5dccf5c-2c9a-4db9-b68b-730b8b4c5da2.dex.flock (deleted)
- /data/data/####/a74618b23cccccc3_0 (deleted)
- /data/data/####/a7469f39471e1a4d_0 (deleted)
- /data/data/####/a8396320e2682d93_0
- /data/data/####/a8d4728b6bc80487_0
- /data/data/####/aG9zdF9zdGc%3D%0A
- /data/data/####/aG9zdF9zdGc%3D%0A.dex
- /data/data/####/aG9zdF9zdGc%3D%0A.dex.flock (deleted)
- /data/data/####/aG9zdF9zdGc%3D%0A.jar
- /data/data/####/ab7098a0bd47371c_0
- /data/data/####/af9d2f0e798f4678_0
- /data/data/####/anNfZW50%0A
- /data/data/####/anNfZW50%0A.dex
- /data/data/####/anNfZW50%0A.dex.flock (deleted)
- /data/data/####/anNfZW50%0A.jar
- /data/data/####/anNfbGlrZQ%3D%3D%0A
- /data/data/####/anNfbGlrZQ%3D%3D%0A.dex
- /data/data/####/anNfbGlrZQ%3D%3D%0A.dex.flock (deleted)
- /data/data/####/anNfbGlrZQ%3D%3D%0A.jar
- /data/data/####/anl.db
- /data/data/####/anl.db-journal
- /data/data/####/anl.db-shm (deleted)
- /data/data/####/anl.db-wal
- /data/data/####/anl.db-wal (deleted)
- /data/data/####/b20c5fcadc0c3516_0
- /data/data/####/b29830d42a8c511a_0
- /data/data/####/b62b0bf895b443ad_0
- /data/data/####/b62c4002cdefd35d_0
- /data/data/####/b62c4002cdefd35d_1
- /data/data/####/b69b6e717b340d9a_0
- /data/data/####/ba4e0492a94fdfc7_0
- /data/data/####/ba4e0492a94fdfc7_1
- /data/data/####/bb91af6a469bdae0_0
- /data/data/####/be6b2f8fe541b0c8_0
- /data/data/####/be6b2f8fe541b0c8_1
- /data/data/####/by_rewfrenfio2pj.ertwe
- /data/data/####/by_werjklgewjrfer.xml
- /data/data/####/c156b55f6ba28213_0
- /data/data/####/c156b55f6ba28213_1
- /data/data/####/c32079254f391d26_0
- /data/data/####/c34a4c3h54e6_z5h768e5n89g768x0u87e0j7i8a56756o....7c567e
- /data/data/####/c3ef7c5374c8ee9d_0
- /data/data/####/c5638e906db1c5f4_0
- /data/data/####/c621cabb3384016a_0 (deleted)
- /data/data/####/c657c7ab7bd02bf4_0
- /data/data/####/c6a980f4055489a4_0
- /data/data/####/c919cb695420f1ed_0
- /data/data/####/ca35fd22333dd98d_0
- /data/data/####/ca36c575536da1d2_0
- /data/data/####/cd346f8d10e5e125_0
- /data/data/####/cdc5f8292a2e28b2_0
- /data/data/####/cf5dc31b79fe7ef5_0
- /data/data/####/classes.dex
- /data/data/####/classes.dex.flock (deleted)
- /data/data/####/classes.zip
- /data/data/####/com.cc.vc3.obo2.new.の.s3u4b34f3f4_3z4x3j4.33t4e3m43p
- /data/data/####/com.wagd.flex_ct_default.xml
- /data/data/####/com.wagd.flex_preferences.xml
- /data/data/####/com.wagd.flexye_after_install_pkg.xml
- /data/data/####/comdptiksavlat.xml
- /data/data/####/comdptiksavlat.xml.bak
- /data/data/####/commainxvw2c3w5m2i2an2.2
- /data/data/####/commainxvw2c3w5m2i2an2.dex
- /data/data/####/commainxvw2c3w5m2i2an2.dex.flock (deleted)
- /data/data/####/cum.lock
- /data/data/####/d018f220bdb87d55_0 (deleted)
- /data/data/####/d0bb367a5d995f5e_0
- /data/data/####/d2cec5176ff42d70_0
- /data/data/####/d3c8107a37c88ec6_0
- /data/data/####/d3c8107a37c88ec6_1
- /data/data/####/d3d6c4e45c9c1534_0
- /data/data/####/d4accabc6afe1d72_0
- /data/data/####/d4accabc6afe1d72_1
- /data/data/####/d67c2fcd692f79f7_0
- /data/data/####/d68d56dee6de0e72_0
- /data/data/####/d68d56dee6de0e72_1
- /data/data/####/d7a6174b4d805d31_0
- /data/data/####/dW1weF9pbnRlcm5hbF8xNjE0ODUxMDkxMDYy;
- /data/data/####/daaa15a85822c05c_0
- /data/data/####/dasdasdsadsad
- /data/data/####/db3ebcffc9f12439_0
- /data/data/####/dbcaa4ffa94f9301_0
- /data/data/####/ddeec1b401688cb0_0
- /data/data/####/de5032c33a16f1da_0
- /data/data/####/dum.lock
- /data/data/####/e229357d49932e48_0 (deleted)
- /data/data/####/e3grd43rd.data-journal
- /data/data/####/e6487b0a6f92a311_0
- /data/data/####/e8606c0c729bd3c7_0
- /data/data/####/ea4c76dc4b1f5b31_0
- /data/data/####/eff08aa33094b4c9_0
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f06a67091ddb6306_0
- /data/data/####/f1b1694698a39b7c_0
- /data/data/####/f1b1694698a39b7c_1
- /data/data/####/f36845cd2c6b4ef3_0
- /data/data/####/f36845cd2c6b4ef3_1
- /data/data/####/f78212de3aff880b_0
- /data/data/####/faf63f48cb4748df_0
- /data/data/####/fb81871c7ac45903_0
- /data/data/####/fd4990958d5cf0b0_0
- /data/data/####/fdc6f7b76df249af_0
- /data/data/####/fe5155048aa53579_0
- /data/data/####/godzilla.db
- /data/data/####/godzilla.db-journal
- /data/data/####/godzilla.xml
- /data/data/####/godzilla.xml.bak
- /data/data/####/godzilla_update.xml
- /data/data/####/godzilla_update.xml.bak
- /data/data/####/gt5eer.xml
- /data/data/####/gt5eer.xml.bak
- /data/data/####/h_db_dl.db-journal
- /data/data/####/h_plugin.xml
- /data/data/####/h_plugin.xml.bak (deleted)
- /data/data/####/he
- /data/data/####/hkr.xml
- /data/data/####/http_enterus.xyz_0.localstorage-journal
- /data/data/####/http_like.3920fun.com_0.localstorage-journal
- /data/data/####/https_eye.recaptcha.xyz_0.localstorage-journal
- /data/data/####/https_www.google.com_0.localstorage-journal
- /data/data/####/i==1.2.0&&1.0_1614851091938_envelope.log
- /data/data/####/index
- /data/data/####/info.xml
- /data/data/####/kdid
- /data/data/####/life_record_config.xml
- /data/data/####/metrics_guid
- /data/data/####/mosla.xml
- /data/data/####/mosla_update.xml
- /data/data/####/mosla_update.xml.bak
- /data/data/####/pref_bl
- /data/data/####/qvlk.xml
- /data/data/####/s3p43_4z5he6n4g6x45u7e890jp-i00-ao-0.xml
- /data/data/####/s3p43_4z5he6n4g6x45u7e890jp-i00-ao-0.xml.bak
- /data/data/####/sbtyu76j7ui78pi7_6i7c8i78i78oin78fi76i8ig78i7.xml
- /data/data/####/sp_ezift.xml
- /data/data/####/sp_qyejw.xml
- /data/data/####/sp_qyejw.xml.bak
- /data/data/####/t==8.0.0&&1.0_1614851091335_envelope.log
- /data/data/####/the-real-index
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/ulanda.xml
- /data/data/####/um_pri.xml
- /data/data/####/umdat.xml
- /data/data/####/umeng_common_config.xml
- /data/data/####/umeng_common_location.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_general_config.xml.bak
- /data/data/####/umeng_it.cache
- /data/data/####/urlSetting.xml
- /data/data/####/ytu
- /data/misc/####/primary.prof
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /proc/version
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_cachedata/naac/242CB7B15C8571D4EA3D3E825CCE2CC5.zip --oat-fd=69 --oat-location=/data/user/0/<Package>/files/242CB7B15C8571D4EA3D3E825CCE2CC5.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_cachedata/naac/FB4499202F2098BCE86847A4C7A68257.zip --oat-fd=109 --oat-location=/data/user/0/<Package>/files/FB4499202F2098BCE86847A4C7A68257.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/cache/shell/1.zip --oat-fd=112 --oat-location=/data/user/0/<Package>/cache/shell/1.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/cache/ufuha/<Package>/fkugc/3A87DDCEF2ED56FB4A5C4A6696DC6813.jar --oat-fd=85 --oat-location=/data/user/0/<Package>/files/3A87DDCEF2ED56FB4A5C4A6696DC6813.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/cache/ufuha/<Package>/fkugc/98FDECB17B837318717C64311D2C05D8.jar --oat-fd=87 --oat-location=/data/user/0/<Package>/files/98FDECB17B837318717C64311D2C05D8.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/.1667422066.apk --oat-fd=113 --oat-location=/data/user/0/<Package>/code_cache/.1667422066.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/.2969407120.apk --oat-fd=86 --oat-location=/data/user/0/<Package>/code_cache/.2969407120.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/.3477600307.apk --oat-fd=88 --oat-location=/data/user/0/<Package>/code_cache/.3477600307.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/.mosla/.update/8277/classes.zip --oat-fd=103 --oat-location=/data/user/0/<Package>/files/.mosla/.update/8277/classes.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/<Package>_c/commainxvw2c3w5m2i2an2.2 --oat-fd=47 --oat-location=/data/user/0/<Package>/files/<Package>_c/<Package>/1614851090865/commainxvw2c3w5m2i2an2.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/a5dccf5c-2c9a-4db9-b68b-730b8b4c5da2.apk --oat-fd=93 --oat-location=/data/user/0/<Package>/cache/<Package>/a5dccf5c-2c9a-4db9-b68b-730b8b4c5da2.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/aG9zdF9zdGc= .jar --oat-fd=120 --oat-location=/data/user/0/<Package>/app_ /aG9zdF9zdGc= .dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/anNfZW50 .jar --oat-fd=108 --oat-location=/data/user/0/<Package>/app_ /anNfZW50 .dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/anNfbGlrZQ== .jar --oat-fd=108 --oat-location=/data/user/0/<Package>/app_ /anNfbGlrZQ== .dex --compiler-filter=speed
- cat /proc/version
- cat /sys/class/net/wlan0/address
- getprop
- getprop ro.bootimage.build.date.utc
- getprop ro.build.description
- getprop ro.build.fingerprint
- getprop ro.build.product
- getprop ro.build.version.all_codenames
- getprop ro.sf.lcd_density
- getprop ro.yunos.build.version
- ls /
- ls /sys/class/thermal
- sh
Использует следующие алгоритмы для шифрования данных:
- AES
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-None-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES
- AES-CBC-PKCS5Padding
- AES-GCM-NoPadding
- RSA-None-PKCS1Padding
- desede-CBC-PKCS5Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Добавляет задания в системный планировщик.
