Поддержка
Круглосуточная поддержка

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

Android.Triada.4925

Добавлен в вирусную базу Dr.Web: 2021-04-13

Описание добавлено:

Техническая информация

Вредоносные функции:
Выполняет код следующих детектируемых угроз:
  • Android.DownLoader.1007.origin
  • Android.RemoteCode.314.origin
  • Android.RemoteCode.316.origin
  • Android.Triada.510.origin
  • Android.Triada.559.origin
  • Android.Triada.560.origin
  • Android.Triada.561.origin
  • Android.Triada.567.origin
Детект на основе машинного обучения.
Сетевая активность:
Подключается к:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) pq-chin####.b0.a####.com:80
  • TCP(HTTP/1.1) 1####.55.41.199:8080
  • TCP(HTTP/1.1) i####.sogo####.com.####.com:80
  • TCP(HTTP/1.1) 58.2####.198.157:999
  • TCP(HTTP/1.1) www.d####.xyz:80
  • TCP(HTTP/1.1) www-new####.b0.a####.com:80
  • TCP(HTTP/1.1) mg.meit####.com:8071
  • TCP(HTTP/1.1) js.wt####.com:80
  • TCP(HTTP/1.1) d####.cn:80
  • TCP(HTTP/1.1) k####.ur####.s####.com:80
  • TCP(HTTP/1.1) sd.bu####.vip:80
  • TCP(HTTP/1.1) adcha####.bz.m####.com:80
  • TCP(HTTP/1.1) 1####.76.103.4:28018
  • TCP(HTTP/1.1) 1####.201.175.19:80
  • TCP(HTTP/1.1) w####.c####.com:80
  • TCP(HTTP/1.1) 58.2####.92.50:808
  • TCP(HTTP/1.1) xiaox####.adse####.adan####.com:80
  • TCP(HTTP/1.1) 1713464####.cn-qin####.fc.####.com:80
  • TCP(HTTP/1.1) c####.zhit####.com:99
  • TCP(HTTP/1.1) caa-qiu####.b0.a####.com:80
  • TCP(HTTP/1.1) api.yunco####.com:80
  • TCP(HTTP/1.1) kyy####.wwe####.com:17001
  • TCP(HTTP/1.1) 1####.77.67.185:28018
  • TCP(HTTP/1.1) jpg.i####.sogo####.####.com:80
  • TCP(HTTP/1.1) i####.wt####.com:80
  • TCP(HTTP/1.1) p####.gou.s####.com:80
  • TCP(HTTP/1.1) u####.b0.upa####.com:80
  • TCP(HTTP/1.1) tc.c####.com:80
  • TCP(HTTP/1.1) c####.jumen####.com:80
  • TCP(HTTP/1.1) app.a####.top:80
  • TCP(HTTP/1.1) t####.a####.top:80
  • TCP(HTTP/1.1) bbt####.wwe####.com:17001
  • TCP(HTTP/1.1) mh####.b0.a####.com:80
  • TCP(HTTP/1.1) ask.c####.com.####.com:80
  • TCP(HTTP/1.1) ha-qiuc####.b0.a####.com:80
  • TCP(HTTP/1.1) api.a####.ads####.cn:80
  • TCP(HTTP/1.1) cn.f####.top:8080
  • TCP(HTTP/1.1) lo.bu####.vip:80
  • TCP(HTTP/1.1) api.adoc####.com:80
  • TCP(HTTP/1.1) c####.baidust####.com.####.com:80
  • TCP(HTTP/1.1) gif.lu.sogo####.####.com:80
  • TCP(HTTP/1.1) z.c####.com:80
  • TCP(HTTP/1.1) 14.17.1####.182:80
  • TCP(HTTP/1.1) zha####.zhit####.com:808
  • TCP(HTTP/1.1) ip####.com:80
  • TCP(HTTP/1.1) c####.be####.s####.com:80
  • TCP(HTTP/1.1) i.c####.com.####.com:80
  • TCP(HTTP/1.1) pos.b####.com:80
  • TCP(HTTP/1.1) dup.baidust####.com:80
  • TCP(HTTP/1.1) t####.sogo####.com.####.com:80
  • TCP(HTTP/1.1) www.pc####.com.####.cn:80
  • TCP(HTTP/1.1) 2####.186.173.17:8888
  • TCP(HTTP/1.1) 47.95.1####.130:80
  • TCP(HTTP/1.1) newap####.math####.cn:80
  • TCP(HTTP/1.1) gd.a.s####.com:80
  • TCP(HTTP/1.1) 2####.73.129.195:28018
  • TCP(HTTP/1.1) ec####.b####.com:80
  • TCP(HTTP/1.1) duk.p####.com.####.com:80
  • TCP(HTTP/1.1) gn####.f####.top:8080
  • TCP(HTTP/1.1) p####.hfc####.com:80
  • TCP(HTTP/1.1) flf####.aog####.com:19001
  • TCP(HTTP/1.1) api.40088####.com:8181
  • TCP(HTTP/1.1) d####.i####.com:80
  • TCP(HTTP/1.1) cl-5307####.g####.co:80
  • TCP(HTTP/1.1) co####.ssp.adoc####.com:80
  • TCP(HTTP/1.1) kyy####.wwe####.com:17002
  • TCP(HTTP/1.1) p####.api.adoc####.com:80
  • TCP(HTTP/1.1) u####.a####.top:80
  • TCP(HTTP/1.1) www.c####.com.####.com:80
  • TCP(HTTP/1.1) c####.c####.cn:80
  • TCP(HTTP/1.1) 47.1####.222.149:996
  • TCP(HTTP/1.1) r####.bu####.vip:80
  • TCP(HTTP/1.1) n####.wangmei####.cn:80
  • TCP(TLS/1.0) 1####.194.73.100:443
  • TCP(TLS/1.0) pc####.api.m####.com:443
  • TCP(TLS/1.0) vip.bz.m####.com:443
  • TCP(TLS/1.0) 1142864####.cn-hang####.fc.####.com:443
  • TCP(TLS/1.0) p####.api.m####.com:443
  • TCP(TLS/1.0) 1####.74.90.25:31828
  • TCP(TLS/1.0) ad####.a####.com:443
  • TCP(TLS/1.0) www.qq####.ltd:443
  • TCP(TLS/1.0) hm.b####.com:443
  • TCP(TLS/1.0) w.m####.com:443
  • TCP(TLS/1.0) rc-cha####.bz.m####.com:443
  • TCP(TLS/1.0) s1.h####.com:443
  • TCP(TLS/1.0) 2####.h####.com.####.cn:443
  • TCP(TLS/1.0) md####.google####.com:443
  • TCP(TLS/1.0) pc.bz.m####.com:443
  • TCP(TLS/1.0) st####.h####.com:443
  • TCP(TLS/1.0) instant####.google####.com:443
  • TCP(TLS/1.0) a####.d####.com:443
  • TCP(TLS/1.0) s.51zishe####.com:443
  • TCP(TLS/1.0) www.m####.com:443
  • TCP(TLS/1.0) ne####.x####.com.cn:443
  • TCP(TLS/1.0) yun.b####.com:443
  • TCP(TLS/1.0) 64.2####.164.95:443
  • TCP(TLS/1.0) c####.x####.com.####.com:443
  • TCP(TLS/1.0) api.g####.vip:443
  • TCP(TLS/1.0) android####.go####.com:443
  • TCP(TLS/1.0) vi####.m####.com:443
  • TCP(TLS/1.0) mobi####.bz.m####.com:443
  • TCP(TLS/1.0) jingtai####.oss-cn-####.aliy####.com:443
  • TCP(TLS/1.0) c####.d####.v2.####.com:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) api.fou####.com:443
  • TCP(TLS/1.0) h####.m####.com:443
  • TCP(TLS/1.0) plat####.api.m####.com:443
  • TCP(TLS/1.0) u.api.m####.com:443
  • TCP(TLS/1.0) hd-pcwe####.log.m####.com:443
  • TCP(TLS/1.0) pos.b####.com:443
  • TCP(TLS/1.0) 1####.h####.com.####.com:443
  • TCP(TLS/1.0) s####.x####.com.cn:443
  • TCP(TLS/1.0) 1####.194.73.95:443
  • TCP(TLS/1.2) 64.2####.164.94:443
  • TCP(TLS/1.2) 1####.194.73.95:443
  • TCP(TLS/1.2) 1####.194.73.100:443
  • TCP 1####.0.40.254:37470
Запросы DNS:
  • 0####.h####.com
  • 1####.h####.com
  • 2####.h####.com
  • 3####.h####.com
  • 4####.h####.com
  • 653.a####.top
  • 653.a####.top.####.8
  • a####.d####.com
  • a####.new####.com
  • ad####.a####.com
  • adcha####.bz.m####.com
  • android####.go####.com
  • api.40088####.com
  • api.a####.ads####.cn
  • api.adoc####.com
  • api.fou####.com
  • api.g####.vip
  • api.yunco####.com
  • app.a####.top
  • ask.c####.com
  • bbs.c####.com
  • bbt####.wwe####.com
  • c####.baidust####.com
  • c####.be####.s####.com
  • c####.c####.cn
  • c####.d####.v2.####.com
  • c####.f####.top
  • c####.jumen####.com
  • c####.x####.com.cn
  • c####.zhit####.com
  • caa.qi####.cn
  • cdn.i.arie####.com
  • cn.f####.top
  • co####.ssp.adoc####.com
  • css.m####.com
  • d####.cn
  • duk.p####.com
  • dup.baidust####.com
  • ec####.b####.com
  • f####.c####.com
  • fc.b####.com
  • flf####.aog####.com
  • geb####.slj####.com
  • gif.lu.sogo####.com
  • gn####.f####.top
  • h####.c####.com
  • h####.m####.com
  • ha.qi####.cn
  • hd-pcwe####.log.m####.com
  • hm.b####.com
  • i####.sogo####.com
  • i####.wt####.com
  • i.c####.com
  • img.lu.sogo####.com
  • img.m####.com
  • instant####.google####.com
  • ip####.com
  • jingtai####.oss-cn-####.aliy####.com
  • jpg.i####.sogo####.com
  • js.wt####.com
  • jti.h####.s####.com
  • jxs####.slj####.com
  • k####.ur####.s####.com
  • kyy####.wwe####.com
  • lg.ca####.com
  • lg.ca####.com.####.8
  • lla####.slj####.com
  • lo.bu####.vip
  • m####.go####.com
  • md####.google####.com
  • mg.meit####.com
  • mobi####.bz.m####.com
  • n####.wangmei####.cn
  • ne####.x####.com.cn
  • newap####.math####.cn
  • p####.api.adoc####.com
  • p####.api.m####.com
  • p####.bugse####.com
  • p####.google####.com
  • p####.gou.s####.com
  • p####.hfc####.com
  • p####.p####.s####.com
  • pc####.api.m####.####.8
  • pc####.api.m####.com
  • pc####.api.m####.com
  • pc.bz.m####.com
  • plat####.api.m####.com
  • pos.b####.com
  • pq.chin####.net
  • pv.s####.com
  • qxm.p####.s####.com
  • r####.bu####.vip
  • r####.bu####.vip
  • rc-cha####.bz.m####.com
  • s####.x####.com.cn
  • s.51zishe####.com
  • s1.h####.com
  • s11.c####.com
  • s20.c####.com
  • s23.c####.com
  • s3.h####.com
  • s4.c####.com
  • s5.c####.com
  • s9.c####.com
  • s95.c####.com
  • s96.c####.com
  • sd.bu####.vip
  • sm.ca####.com
  • src.i####.sogo####.com
  • st####.h####.com
  • sta####.c####.com
  • sta####.c####.com
  • t####.a####.top
  • t####.sogo####.com
  • tc.c####.com
  • u####.a####.top
  • u####.b0.upa####.com
  • u.api.m####.com
  • ucst####.c####.com
  • v1.c####.com
  • vi####.m####.com
  • vip.bz.m####.com
  • w####.c####.com
  • w.i####.com
  • w.m####.com
  • wa.bu####.vip
  • www.c####.com
  • www.d####.xyz
  • www.m####.com
  • www.new####.com
  • www.pc####.com.cn
  • www.qq####.ltd
  • xiaox####.adse####.adan####.com
  • ycb####.slj####.com
  • yun.b####.com
  • zha####.zhit####.com
Запросы HTTP GET:
  • 58.2####.92.50:808/gh.html
  • 58.2####.92.50:808/kw2.html
  • 58.2####.92.50:808/ydc.html
  • 58.2####.92.50:808/ydc.html?1####
  • 58.2####.92.50:808/ydm.html
  • adcha####.bz.m####.com/direct?cc=####
  • app.a####.top/anshuaControl.json
  • app.a####.top/api.json
  • ask.c####.com.####.com/askques/expert/getAll
  • ask.c####.com.####.com/askques/questions/show/802640
  • ask.c####.com.####.com/js/cookie.js?2009101####
  • ask.c####.com.####.com/style/iask.css
  • ask.c####.com.####.com/style/images/ask2_blind4.gif
  • ask.c####.com.####.com/style/images/ask_done.gif
  • ask.c####.com.####.com/style/images/ask_pink.gif
  • ask.c####.com.####.com/style/images/ask_return.jpg
  • ask.c####.com.####.com/style/images/tab_pink_r_b.gif
  • ask.c####.com.####.com/style/images/tab_pink_r_t.gif
  • ask.c####.com.####.com/style/images/zj_online_bg.gif
  • ask.c####.com.####.com/style/word.css
  • ask.c####.com.####.com/styles/images/bg.gif
  • ask.c####.com.####.com/styles/images/nav_bg.jpg
  • ask.c####.com.####.com/styles/images/nav_menu2_block.gif
  • ask.c####.com.####.com/styles/images/search_sub.gif
  • ask.c####.com.####.com/styles/images/tabnavi.gif
  • c####.baidust####.com.####.com/cpro/ui/c.js
  • c####.be####.s####.com/ask?id=####&cb=####&ssi0=####&wsg=####&_v=####
  • c####.be####.s####.com/wap_ask_service?callback=####&url=####
  • c####.c####.cn/stat.php?site_id=####
  • c####.jumen####.com/init.php
  • c####.zhit####.com:99/newcar/index.html
  • c####.zhit####.com:99/pctja.html
  • c####.zhit####.com:99/wts/index.html?zha####
  • caa-qiu####.b0.a####.com/
  • caa-qiu####.b0.a####.com/css/base_v6.css
  • caa-qiu####.b0.a####.com/css/reset.css
  • caa-qiu####.b0.a####.com/wo.js?key=####
  • caa-qiu####.b0.a####.com/yvo.js?key=####
  • cl-5307####.g####.co/p16_02.ttf
  • cl-5307####.g####.co/p23_03.ttf
  • cl-5307####.g####.co/p27_16.ttf
  • cl-5307####.g####.co/p3_02.ttf
  • cl-5307####.g####.co/p44_02.ttf
  • co####.ssp.adoc####.com/api/v2/SDKActiveConfig?version=####&channelCode=...
  • co####.ssp.adoc####.com/api/v2/SDKCommonConfig?channelCode=####&version=...
  • co####.ssp.adoc####.com/api/v2/mgmConfig?channelCode=####&version=####
  • co####.ssp.adoc####.com/api/v2/mgmWebviewRatioConfig?channelCode=####&ve...
  • d####.cn/fenpei.html?1####
  • d####.cn/fenpei.html?2####
  • d####.i####.com/iwt/a.gif?url=####&ua=####&uuid=####&sign=####&ts=####
  • duk.p####.com.####.com/rhsdk/new506/xdt.jar
  • dup.baidust####.com/js/os.js
  • ec####.b####.com/se.jpg?type=####&ver=####&rdm=####
  • gd.a.s####.com/cityjson?ie=####
  • gif.lu.sogo####.####.com/wap/js/aw.js
  • gif.lu.sogo####.####.com/wap/js/wp.js
  • gn####.f####.top:8080/qsad/api/getAd/TKIshJdOMGdP7AB4ACY8CQ==
  • ha-qiuc####.b0.a####.com/
  • ha-qiuc####.b0.a####.com/css/base_v6.css
  • ha-qiuc####.b0.a####.com/css/reset.css
  • ha-qiuc####.b0.a####.com/wo.js?key=####
  • ha-qiuc####.b0.a####.com/yvo.js?key=####
  • ha-qiuc####.b0.a####.com/yvo2.js?key=####
  • i####.sogo####.com.####.com/app/a/200630/37acdc935b4072f85f2a563241dc9c2f
  • i####.wt####.com/auto/202002/css20200810/index_red_noflow.css
  • i####.wt####.com/top/202002/css/index_red_noflow.css
  • i.c####.com.####.com/css/images/foot-pic-836x60.gif
  • i.c####.com.####.com/css/layout1.css
  • i.c####.com.####.com/images/ico-25x25.gif
  • i.c####.com.####.com/js/new_sw.js?t=####
  • i.c####.com.####.com/style/ask.css?v=####
  • i.c####.com.####.com/style/frame-inner.css
  • i.c####.com.####.com/style/images/ask-cms-but-88x25.gif
  • i.c####.com.####.com/style/images/ask-cms-icon-14x14.gif
  • i.c####.com.####.com/style/images/ask-cms-top-2.gif
  • i.c####.com.####.com/style/images/ask_bg.gif
  • i.c####.com.####.com/style/images/ask_good.gif
  • i.c####.com.####.com/style/images/ask_green.gif
  • i.c####.com.####.com/style/images/ask_tiwen.jpg
  • i.c####.com.####.com/style/images/tab_pink_d.gif
  • i.c####.com.####.com/style/images/tab_pink_l_b.gif
  • i.c####.com.####.com/style/images/tab_pink_l_t.gif
  • i.c####.com.####.com/style/images/zj_online_foot.gif
  • i.c####.com.####.com/style/images/zj_online_t.gif
  • i.c####.com.####.com/styles/images/ci123_logo_ask.gif
  • i.c####.com.####.com/styles/images/icon.gif
  • i.c####.com.####.com/styles/images/nav_city_bg_160.gif
  • i.c####.com.####.com/styles/images/nav_mall_left.gif
  • i.c####.com.####.com/styles/images/nav_menu2_bg.gif
  • i.c####.com.####.com/styles/images/nav_menu2_block2.gif
  • i.c####.com.####.com/styles/images/nav_menu2_right.gif
  • i.c####.com.####.com/styles/images/nav_menu3_bg.gif
  • i.c####.com.####.com/styles/images/nav_menu3_s.gif
  • i.c####.com.####.com/styles/images/nav_tool.gif
  • i.c####.com.####.com/styles/menu_style.css?v=####
  • ip####.com/json/?lang=####
  • jpg.i####.sogo####.####.com/wap/js/wp.js
  • js.wt####.com/js/iwt/iwt1.0.1.js
  • k####.ur####.s####.com/ask?id=####&cb=####&ssi0=####&wsg=####&_v=####
  • k####.ur####.s####.com/wap_ask_service?callback=####&url=####
  • lo.bu####.vip/v1/log/track?key=####&mtype=####&device_####&pkg=####&subi...
  • mh####.b0.a####.com/sdk/cj007_cj007.html
  • mh####.b0.a####.com/sdk/cj013_cj013.html
  • n####.wangmei####.cn/styles/common.css
  • n####.wangmei####.cn/w5561/
  • n####.wangmei####.cn/w5562/
  • newap####.math####.cn/ssp/mgm/task?taskId=####&ip=####
  • p####.api.adoc####.com/ip
  • p####.gou.s####.com/wap_ask_service?callback=####&url=####
  • p####.gou.s####.com/wapxml?id=####&h=####&w=####&fv=####&if=####&mi=####...
  • p####.hfc####.com/c/12Y7TDHJSTY.zip
  • p####.hfc####.com/c/3Y4tjasjtwgsdk.zip
  • p####.hfc####.com/c/TeruKyer20210319.zip
  • p####.hfc####.com/c/TuxsTrzt.zip
  • p####.hfc####.com/c/asidahduah.zip
  • p####.hfc####.com/c/khbbgytad.zip
  • p####.hfc####.com/c/l/3Y23klvgdyedjsgdjwn.zip
  • p####.hfc####.com/c/ouasdasd.zip
  • p####.hfc####.com/c/puzanhvynvgh.zip
  • p####.hfc####.com/c/uasjdnyfea.zip
  • p####.hfc####.com/two/bhbasdd
  • pos.b####.com/bfp/snippetcacher.php?dpv=####&di=####
  • pq-chin####.b0.a####.com/yvo2.js?key=####
  • r####.bu####.vip/assets/bdtj/it8.html?hmsr=####&hmpl=####
  • r####.bu####.vip/assets/bdtj/ppt.html?hmsr=####&hmpl=####&hmcu=####
  • sd.bu####.vip/v1/log/track?key=####&mtype=####&device_####&pkg=####&subi...
  • t####.a####.top/anshua.json
  • t####.sogo####.com.####.com/wap/images/sg_logo.png
  • t####.sogo####.com.####.com/wap/js/anticheat.min.js
  • tc.c####.com/adimage.php?filename=####&contenttype=####
  • tc.c####.com/adscache/caches/104.js?n=####
  • tc.c####.com/adscache/caches/105.js?n=####
  • tc.c####.com/adscache/caches/106.js?n=####
  • tc.c####.com/adscache/caches/108.js?n=####
  • tc.c####.com/adscache/caches/109.js?n=####
  • tc.c####.com/adscache/caches/160.js?n=####
  • tc.c####.com/adscache/caches/163.js?n=####
  • tc.c####.com/adscache/caches/177.js?n=####
  • tc.c####.com/adscache/caches/178.js?n=####
  • tc.c####.com/adscache/caches/183.js?n=####
  • tc.c####.com/adscache/caches/187.js?n=####
  • tc.c####.com/adscache/caches/196.js?n=####
  • tc.c####.com/adscache/caches/205.js?n=####
  • tc.c####.com/adscache/caches/215.js?n=####
  • tc.c####.com/adscache/caches/216.js?n=####
  • tc.c####.com/adscache/caches/217.js?n=####
  • tc.c####.com/adscache/caches/227.js?n=####
  • tc.c####.com/adscache/caches/238.js?n=####
  • tc.c####.com/adscache/caches/239.js?n=####
  • tc.c####.com/adscache/caches/240.js?n=####
  • tc.c####.com/adscache/caches/242.js?n=####
  • tc.c####.com/adscache/caches/243.js?n=####
  • tc.c####.com/adscache/caches/245.js?n=####
  • tc.c####.com/adscache/caches/246.js?n=####
  • tc.c####.com/adscache/caches/25.js?n=####
  • tc.c####.com/adscache/caches/27.js?n=####
  • tc.c####.com/adscache/caches/280.js?n=####
  • tc.c####.com/adscache/caches/296.js?n=####
  • tc.c####.com/adscache/caches/304.js?n=####
  • tc.c####.com/adscache/caches/305.js?n=####
  • tc.c####.com/adscache/caches/306.js?n=####
  • tc.c####.com/adscache/caches/307.js?n=####
  • tc.c####.com/adscache/caches/308.js?n=####
  • tc.c####.com/adscache/caches/340.js?n=####
  • tc.c####.com/adscache/caches/344.js?n=####
  • tc.c####.com/adscache/caches/391.js?n=####
  • tc.c####.com/adscache/caches/393.js?n=####
  • tc.c####.com/adscache/caches/4.js?n=####
  • tc.c####.com/adscache/caches/401.js?n=####
  • tc.c####.com/adscache/caches/436.js?n=####
  • tc.c####.com/adscache/caches/492.js?n=####
  • tc.c####.com/adscache/caches/499.js?n=####
  • tc.c####.com/adscache/caches/510.js?n=####
  • tc.c####.com/adscache/caches/657.js?n=####
  • tc.c####.com/adscache/caches/72.js?n=####
  • tc.c####.com/adscache/caches/img/140912cms-300x250.jpg.jpg
  • tc.c####.com/adscache/caches/img/640x150.jpg.jpg
  • tc.c####.com/adx.js
  • tc.c####.com/iframeads/adsdispatch.php?pid=####
  • tc.c####.com/js/tcjs.php
  • u####.a####.top/653.html
  • u####.a####.top/js1002.html
  • u####.b0.upa####.com/image/auto/160630/lazyload50.jpg
  • u####.b0.upa####.com/libs/jquery/jquery-2.0.3.min.js
  • w####.c####.com/abc/xyz/point/index.php
  • w####.c####.com/abc/xyz/point/single.php?bid=####
  • www-new####.b0.a####.com/index1.html
  • www.c####.com.####.com/adicon-bottom.png
  • www.c####.com.####.com/ast/js/jquery_172.js
  • www.c####.com.####.com/ast/loginface/cookielogin10.js
  • www.c####.com.####.com/ast/loginface/cookielogin10.js?v=####
  • www.c####.com.####.com/ast/loginface/style5.css?v=####
  • www.c####.com.####.com/avatar/2239/2239072.png
  • www.c####.com.####.com/avatar/2239/2239073.png
  • www.c####.com.####.com/avatar/2998/2998265.png
  • www.c####.com.####.com/avatar/37261/37261674.png?124963####
  • www.c####.com.####.com/avatar/685/685624.png
  • www.c####.com.####.com/baike/d/272.html
  • www.c####.com.####.com/baike/d/455.html
  • www.c####.com.####.com/baike/js/global_js.js
  • www.c####.com.####.com/baike/js/jquery.cookie.js
  • www.c####.com.####.com/baike/styles/images/a-mark.png
  • www.c####.com.####.com/baike/styles/images/b-mark.png
  • www.c####.com.####.com/baike/styles/images/bksprite.png
  • www.c####.com.####.com/baike/styles/images/share.png
  • www.c####.com.####.com/baike/styles/images/view.jpg
  • www.c####.com.####.com/baike/styles/images/web-title.jpg
  • www.c####.com.####.com/baike/styles/index9.css
  • www.c####.com.####.com/banner3.html?d=####
  • www.c####.com.####.com/bd.png
  • www.c####.com.####.com/c/_i_?_=####
  • www.c####.com.####.com/c/d_i_?_=####
  • www.c####.com.####.com/c/if_i_?_=####
  • www.c####.com.####.com/c/sammer_i?_=####
  • www.c####.com.####.com/c/soft_i_?_=####
  • www.c####.com.####.com/c/wk_i_?_=####
  • www.c####.com.####.com/cmbbs/main.js
  • www.c####.com.####.com/cms_days/1409739247_5323.jpg
  • www.c####.com.####.com/cms_days/1434526867_5090.jpg
  • www.c####.com.####.com/cms_days/1434526867_5560.jpg
  • www.c####.com.####.com/cms_days/1445414149_5740.jpg
  • www.c####.com.####.com/cms_days/1470300063_4970.jpg
  • www.c####.com.####.com/cms_days/1470300063_9688.jpg
  • www.c####.com.####.com/cms_days/1490774108_3411.jpg
  • www.c####.com.####.com/cms_days/1559800050_5016.jpg
  • www.c####.com.####.com/css/other.css
  • www.c####.com.####.com/d/article.php/107
  • www.c####.com.####.com/d/post/18389085.html
  • www.c####.com.####.com/e/i.html
  • www.c####.com.####.com/e/i.js
  • www.c####.com.####.com/favicon.ico
  • www.c####.com.####.com/globalMsg.js
  • www.c####.com.####.com/home.png
  • www.c####.com.####.com/images/user_sig_split.gif
  • www.c####.com.####.com/img/new_85_1.gif
  • www.c####.com.####.com/js/iwt1.0.1.js
  • www.c####.com.####.com/jscripts/doc.js
  • www.c####.com.####.com/page-title.png
  • www.c####.com.####.com/photo/160_120/7148/1a95134ca46b17b93ae40e9415d906...
  • www.c####.com.####.com/photo/160_120/7264/93d30a4ee64d4e1b716e4d570245c7...
  • www.c####.com.####.com/photo/160_120/8763/27fe31e4c85387108c98da3e0fa04c...
  • www.c####.com.####.com/photo/160_120/8821/0e14935ebf31731351d4bee00e9395...
  • www.c####.com.####.com/style/images/bg_header.jpg
  • www.c####.com.####.com/style/images/icon.gif
  • www.c####.com.####.com/style/images/icon_num.gif
  • www.c####.com.####.com/style/images/search.gif
  • www.c####.com.####.com/style/images/use_tool.gif
  • www.c####.com.####.com/style/newPost.css?v=####
  • www.c####.com.####.com/style/style_board.css
  • www.c####.com.####.com/style/style_post3.css
  • www.c####.com.####.com/upload/images/36e4891658f5d7d0dc5b8a85e8cdee46.jpg
  • www.c####.com.####.com/xuetang20140819/css/detail1217.css?v=####
  • www.c####.com.####.com/xuetang20140819/css/style1217.css?v=####
  • www.c####.com.####.com/xuetang20140819/img/icon2.png
  • www.c####.com.####.com/xuetang20140819/img/icon_png24.png
  • www.c####.com.####.com/xuetang20140819/img/web-title.jpg
  • www.c####.com.####.com/xuetang20140819/js/loginface.js
  • www.pc####.com.####.cn/autox/6a976e56b61b2febd215f6cbe5186f5f.htm
  • z.c####.com/stat.htm?id=####&cnzz_eid=####
  • zha####.zhit####.com:808/zhangpc/index.html
  • zha####.zhit####.com:808/zhangpc/yrc_001pc.js
Запросы HTTP POST:
  • 1713464####.cn-qin####.fc.####.com/gwd/up
  • api.40088####.com:8181/v3/entry/list
  • api.a####.ads####.cn/thirdparty/sapi/chn
  • api.adoc####.com/titan/monitor/device_info
  • api.yunco####.com/service/rest
  • bbt####.wwe####.com:17001/an2y3z/
  • bbt####.wwe####.com:17001/cbcvu9/
  • cn.f####.top:8080/qsad/api/c/c
  • flf####.aog####.com:19001/vgqcuctsmu/
  • kyy####.wwe####.com:17001/karawc/
  • kyy####.wwe####.com:17002/5rhxg/
  • kyy####.wwe####.com:17002/6a4it/
  • kyy####.wwe####.com:17002/jw1pw/
  • mg.meit####.com:8071/api/v101
  • newap####.math####.cn/titan/monitor/device_info
  • sd.bu####.vip/v1/project/sdk
  • sd.bu####.vip/v1/wake/list
  • www.d####.xyz/Orders/getlive?channel=####&Slevi=####&anmac=####&anosv=##...
  • www.d####.xyz/Orders/getliveshua?channel=####&Slevi=####&anid=####&anmac...
  • www.d####.xyz/Orders/pigchannel?channel=####&nochannel=####
  • xiaox####.adse####.adan####.com/server/ad/v1
Изменения в файловой системе:
Создает следующие файлы:
  • /data/data/####/.2403297477.apk
  • /data/data/####/.2403297477.dex
  • /data/data/####/.2403297477.dex.flock (deleted)
  • /data/data/####/.2969407120.apk
  • /data/data/####/.2969407120.dex
  • /data/data/####/.2969407120.dex.flock (deleted)
  • /data/data/####/.3050965755.apk
  • /data/data/####/.3050965755.dex
  • /data/data/####/.3050965755.dex.flock (deleted)
  • /data/data/####/03a16097009cd037_0
  • /data/data/####/052da7393728e70c_0
  • /data/data/####/052da7393728e70c_1
  • /data/data/####/05386d0addb350f1_0
  • /data/data/####/05386d0addb350f1_1
  • /data/data/####/0571ff6a4cb3db85_0
  • /data/data/####/0574760c185fb809_0
  • /data/data/####/0574760c185fb809_1
  • /data/data/####/059ce224b100dcdb_0
  • /data/data/####/06af843611460037_0
  • /data/data/####/06af843611460037_1
  • /data/data/####/070a5ab53776874e_0
  • /data/data/####/0904dd88a702fb1c_0
  • /data/data/####/0904dd88a702fb1c_1
  • /data/data/####/09a6ef8b80cdc388_0
  • /data/data/####/09eddd9f7a13d712_0
  • /data/data/####/0a6b8061838b4749_0
  • /data/data/####/0ba72ca2ab0433c9_0
  • /data/data/####/0c7bafd49e831e7d_0
  • /data/data/####/0cc1813f222c92e2_0
  • /data/data/####/0e73154956080eb6_0
  • /data/data/####/0e9d9a03ec43f3b6_0
  • /data/data/####/10c232bf2cf6944e_0
  • /data/data/####/1193735283
  • /data/data/####/11bf47e486bbf254_0
  • /data/data/####/11c6cd50aee85502_0
  • /data/data/####/13278d9b411b96cd_0
  • /data/data/####/13278d9b411b96cd_1
  • /data/data/####/134be4f9f88ba94c_0
  • /data/data/####/1502509754
  • /data/data/####/16ba9ae145b027b3_0 (deleted)
  • /data/data/####/186ec5a00d432bf7_0 (deleted)
  • /data/data/####/18a8ef79807e30e9_0
  • /data/data/####/18a8ef79807e30e9_1
  • /data/data/####/18d370d2ac0b1e8b_0 (deleted)
  • /data/data/####/198470b6590b03a1_0
  • /data/data/####/199f2f20f8cacc28_0
  • /data/data/####/199f2f20f8cacc28_1
  • /data/data/####/1a40604f560c7f1d_0
  • /data/data/####/1a40604f560c7f1d_1
  • /data/data/####/1c55fc6090f68a24_0
  • /data/data/####/1cf3915ed93430bd_0
  • /data/data/####/1edb02c30d0776cf_0
  • /data/data/####/1efe5dcf42ac5511_0
  • /data/data/####/1efe5dcf42ac5511_1
  • /data/data/####/1f5356114d46fc83_0
  • /data/data/####/1f5356114d46fc83_0 (deleted)
  • /data/data/####/1fb0b356e7fc8514_0
  • /data/data/####/2021_04_13readzibao.xml
  • /data/data/####/20da8dc53d2687ca_0
  • /data/data/####/2172f6e469e5340a_0 (deleted)
  • /data/data/####/22175443bc63ffeb_0
  • /data/data/####/2254818adfee2f14_0
  • /data/data/####/22d87494eb9509eb_0
  • /data/data/####/25a742f2cd96c734_0
  • /data/data/####/26f928c827592f39_0
  • /data/data/####/27879498ef9c9689_0
  • /data/data/####/27dac8705e581c47_0
  • /data/data/####/27dac8705e581c47_1
  • /data/data/####/289c742cb05b91e9_0
  • /data/data/####/289c742cb05b91e9_1
  • /data/data/####/289f8f245c63e675_0
  • /data/data/####/2948cb8da2553809_0
  • /data/data/####/2952029974287ba4_0
  • /data/data/####/29857e5b185b6c8f_0 (deleted)
  • /data/data/####/29aef394b660f54d_0
  • /data/data/####/29b4f8f2efec44dd_0
  • /data/data/####/2b6de135735c318e_0 (deleted)
  • /data/data/####/2bb367c593030658_0
  • /data/data/####/2bb51011981679ff_0
  • /data/data/####/2c8aee03a308f1dc_0
  • /data/data/####/2c8aee03a308f1dc_1
  • /data/data/####/2d1d5122e535b11c_0
  • /data/data/####/2d3464a38259a114_0
  • /data/data/####/2d81e3d580a586aa_0 (deleted)
  • /data/data/####/2da27b22ee32400b_0
  • /data/data/####/2dc9fe42e18dab11_0
  • /data/data/####/2f4453b894254670_0
  • /data/data/####/300ba0aa62d44627_0
  • /data/data/####/304e64786a28e2f2_0
  • /data/data/####/305b631d7bbe696b_0
  • /data/data/####/30ca67afa67fdd9e_0
  • /data/data/####/30ca67afa67fdd9e_1
  • /data/data/####/3159da40b80bc5b5_0
  • /data/data/####/31a3f6c3f0152fd5_0
  • /data/data/####/31a3f6c3f0152fd5_1
  • /data/data/####/3236707ab33bbec7_0
  • /data/data/####/327f561eab5eb4b2_0
  • /data/data/####/327f561eab5eb4b2_1
  • /data/data/####/32cfd5b311076858_0
  • /data/data/####/3327275
  • /data/data/####/334ecf5a6dbecdb4_0
  • /data/data/####/336b8a40c156a00e_0 (deleted)
  • /data/data/####/33849fce5eb82d37_0
  • /data/data/####/33FC58C31FB491BC01333548F6507866.dex
  • /data/data/####/33FC58C31FB491BC01333548F6507866.dex.flock (deleted)
  • /data/data/####/344e7c07ea7f3741_0
  • /data/data/####/345f9dd4ddb6ccb2_0
  • /data/data/####/35106c5304abdde0_0
  • /data/data/####/3543d479433fbf97_0
  • /data/data/####/3608be51986c6f11_0
  • /data/data/####/3664bb0f495515af_0
  • /data/data/####/368329eed6ed9768_0
  • /data/data/####/36858e149e31f3d8_0
  • /data/data/####/37562faffefcf8b5_0
  • /data/data/####/37562faffefcf8b5_1
  • /data/data/####/3792facb119ac865_0
  • /data/data/####/37e57bd6f643a805_0
  • /data/data/####/3806033d7d8f4351_0
  • /data/data/####/3a7b0bf5416ebd60_0
  • /data/data/####/3b7dc2ae44ce2d2b_0
  • /data/data/####/3bc7ed444611a887_0
  • /data/data/####/3c95a9180ae7e19d_0
  • /data/data/####/3da7bb653c2c9f40_0
  • /data/data/####/3e00b748f92e87ec_0
  • /data/data/####/3e00b748f92e87ec_1
  • /data/data/####/3e19a939047a2c42_0
  • /data/data/####/3e19a939047a2c42_1
  • /data/data/####/3e51efc1c77e3206_0
  • /data/data/####/3e51efc1c77e3206_1
  • /data/data/####/424961eba0ff4faf_0
  • /data/data/####/4260d820ef5b4725_0
  • /data/data/####/42EF8A3EFC8DE246EF6BE2A6A7AA380B.dex
  • /data/data/####/42EF8A3EFC8DE246EF6BE2A6A7AA380B.dex.flock (deleted)
  • /data/data/####/43188e4c7f5bbfa5_0
  • /data/data/####/43188e4c7f5bbfa5_1
  • /data/data/####/432d07f9b13ae059_0
  • /data/data/####/4397b72bdfe218b9_0
  • /data/data/####/4397b72bdfe218b9_1
  • /data/data/####/43dd8768e800a4cb_0
  • /data/data/####/441e8b695652351f_0
  • /data/data/####/447a8567e12d5bc9_0
  • /data/data/####/4488723df67cddca_0
  • /data/data/####/4663b41a79f3951b_0
  • /data/data/####/47EDB4E7D8953EADC1D68DE1FD348769.dex
  • /data/data/####/47EDB4E7D8953EADC1D68DE1FD348769.dex.flock (deleted)
  • /data/data/####/47f55016548746cb_0
  • /data/data/####/4863afdec10ce0f7_0
  • /data/data/####/48ad00444790d2ad_0
  • /data/data/####/491fc489ca5c09e2_0
  • /data/data/####/491fc489ca5c09e2_1
  • /data/data/####/492ff31faff4ff43_0
  • /data/data/####/496b18d35eb5430c_0
  • /data/data/####/496b18d35eb5430c_1
  • /data/data/####/4a959f590a6a9eca_0
  • /data/data/####/4a96897df3ff906b_0
  • /data/data/####/4a96897df3ff906b_1
  • /data/data/####/4b2ec3e245f58a21_0
  • /data/data/####/4b2ec3e245f58a21_1
  • /data/data/####/4c50b05284c7d095_0
  • /data/data/####/4cd8b6a53da97139_0 (deleted)
  • /data/data/####/4d9e31893cd14211_0
  • /data/data/####/4d9e31893cd14211_1
  • /data/data/####/4dc387a6f88a988e_0
  • /data/data/####/4e20d5db48019aaf_0
  • /data/data/####/4fd400627418e188_0
  • /data/data/####/4fd400627418e188_0 (deleted)
  • /data/data/####/50b9bec156ef4a03_0
  • /data/data/####/50cd774a764a7178_0
  • /data/data/####/50e8def63ad9bed1_0
  • /data/data/####/50e8def63ad9bed1_1
  • /data/data/####/5108699136afe508_0
  • /data/data/####/51F834546E1B2B19B8BEF5098FAFFD19.dex
  • /data/data/####/51F834546E1B2B19B8BEF5098FAFFD19.dex.flock (deleted)
  • /data/data/####/52ffcf53611c8f76_0
  • /data/data/####/538088c80801c8be_0
  • /data/data/####/53e2590398bcba3c_0
  • /data/data/####/54AE2A187DE0596E8A7C359047AE12D5.dex
  • /data/data/####/54AE2A187DE0596E8A7C359047AE12D5.dex.flock (deleted)
  • /data/data/####/54fb2a7a945db526_0
  • /data/data/####/5503ab90723a4a82_0
  • /data/data/####/5503ab90723a4a82_1
  • /data/data/####/5555b7d89bbdb864_0
  • /data/data/####/5555b7d89bbdb864_1
  • /data/data/####/55df755d9113a4fa_0
  • /data/data/####/55df755d9113a4fa_0 (deleted)
  • /data/data/####/55df755d9113a4fa_1
  • /data/data/####/56d22bab2f8082ec_0
  • /data/data/####/57621f22220ee81f_0
  • /data/data/####/5790f1f637bc7155_0
  • /data/data/####/57e1d0be8de8614e_0
  • /data/data/####/5854dd33b65a4979_0
  • /data/data/####/58837f87a0bc315b_0
  • /data/data/####/59b0a905fbd5cf14_0
  • /data/data/####/59b417e112fb48a7_0
  • /data/data/####/59d1be81f9e50cdd_0
  • /data/data/####/5A596F7433DA4A9994F78A3553069154.dex
  • /data/data/####/5A596F7433DA4A9994F78A3553069154.dex.flock (deleted)
  • /data/data/####/5bd69f909036e55a_0
  • /data/data/####/5c8d038af1cf6a15_0
  • /data/data/####/5c8ecf4ccf552d9f_0
  • /data/data/####/5cdf03e901554490_0
  • /data/data/####/5ee34b61bf04d841_0
  • /data/data/####/60261ef0eddd827e_0
  • /data/data/####/613c3e7a014fbc56_0
  • /data/data/####/61ab53582e5e1f8a_0
  • /data/data/####/639201456f08268b_0
  • /data/data/####/67a0512cc5e43f44_0
  • /data/data/####/68171d9c873e38e9_0
  • /data/data/####/6817f0df710748ec_0 (deleted)
  • /data/data/####/6847176a02444990_0
  • /data/data/####/6847176a02444990_1
  • /data/data/####/68525aca86d6d82f_0
  • /data/data/####/6881b5a336ab9fa9_0
  • /data/data/####/68DEC76182C6E7F775B58FEB5EDC33E0.dex
  • /data/data/####/68DEC76182C6E7F775B58FEB5EDC33E0.dex.flock (deleted)
  • /data/data/####/693c6c9db5937bb0_0
  • /data/data/####/696f32134ad2c993_0
  • /data/data/####/69df1810aa10b905_0
  • /data/data/####/69eeb0f02de8fb80_0
  • /data/data/####/6b1b7859e20c2ee1_0
  • /data/data/####/6c99f8b29855df58_0
  • /data/data/####/6ca770d65e76c9ce_0
  • /data/data/####/6cab1dd7cba0ca12_0
  • /data/data/####/6cc5080bc6efbe55_0 (deleted)
  • /data/data/####/6d4b8488f8f3c4fb_0
  • /data/data/####/6d8f6d226fd1a906_0
  • /data/data/####/6e1e5d121f280764_0
  • /data/data/####/6e67f4edd403b5fa_0
  • /data/data/####/6e67f4edd403b5fa_1
  • /data/data/####/6ec054a5ead80582_0
  • /data/data/####/7123828dace3445b_0
  • /data/data/####/7123828dace3445b_1
  • /data/data/####/71bed5456ef63d6b_0
  • /data/data/####/728915d9256de840_0
  • /data/data/####/72ef24ed14556dda_0
  • /data/data/####/738175f7228816f8_0
  • /data/data/####/748d4326ffd375bd_0
  • /data/data/####/74a1d10ac80563df_0
  • /data/data/####/74a1d10ac80563df_1
  • /data/data/####/74d334e92f1698cc_0
  • /data/data/####/7563103c5ec74c82_0
  • /data/data/####/756a3eef8797c8ed_0
  • /data/data/####/76fa166d1303208e_0
  • /data/data/####/7861724e418729a1_0
  • /data/data/####/786abe8977519b32_0 (deleted)
  • /data/data/####/78abac4c146e5727_0
  • /data/data/####/792de6de4caffd59_0
  • /data/data/####/792de6de4caffd59_1
  • /data/data/####/7980dd479b946917_0 (deleted)
  • /data/data/####/79c25b7cbad13564_0 (deleted)
  • /data/data/####/7a763de5bc6f39c9_0 (deleted)
  • /data/data/####/7ab10d097d8f1d11_0
  • /data/data/####/7add91cdfe6122b9_0
  • /data/data/####/7b4fa92e9c155721_0
  • /data/data/####/7bbaa2c74aca6074_0
  • /data/data/####/7c1c76413d079100_0
  • /data/data/####/7c27969807ed557c_0
  • /data/data/####/7c27969807ed557c_1
  • /data/data/####/7c778db17be9191b_0
  • /data/data/####/7c99b6955eb2950a_0
  • /data/data/####/7cf726773deb49c6_0
  • /data/data/####/7cf726773deb49c6_1
  • /data/data/####/7db80d8b014f87a9_0
  • /data/data/####/7e39273e11a4c679_0
  • /data/data/####/7ed7e3de20037e25_0 (deleted)
  • /data/data/####/7ef04a8e4abf9b38_0
  • /data/data/####/7faa1a6cfd40f4b2_0
  • /data/data/####/80f57d79464952be_0
  • /data/data/####/810e8570d24dcf0b_0
  • /data/data/####/818336991fb68c19_0
  • /data/data/####/818336991fb68c19_0 (deleted)
  • /data/data/####/8358e8c7f6953b1a_0
  • /data/data/####/848f942b6db3bf58_0
  • /data/data/####/85205083
  • /data/data/####/864dd7f0e3f3a45c_0
  • /data/data/####/865DDFDE477A3DC51518CBC284893178.dex
  • /data/data/####/865DDFDE477A3DC51518CBC284893178.dex.flock (deleted)
  • /data/data/####/86bf307bd597599d_0
  • /data/data/####/871021047b8d4872_0
  • /data/data/####/877a72fba06915e7_0
  • /data/data/####/885f308c66e93cad_0
  • /data/data/####/89b2598c8f14d892_0
  • /data/data/####/8a17bef7616cac3c_0
  • /data/data/####/8b6f099ccdcf3e07_0
  • /data/data/####/8bccc18d68aaa37e_0 (deleted)
  • /data/data/####/8be546bf03ddce82_0
  • /data/data/####/8c8fba465376a16a_0
  • /data/data/####/8cab184b88040def_0
  • /data/data/####/8faa1e64ef5ddf5d_0
  • /data/data/####/9052e339c8a13cfb_0
  • /data/data/####/9070f57fffbdc536_0
  • /data/data/####/91312152ea760f59_0
  • /data/data/####/913f60674c22db79_0
  • /data/data/####/9207d62d18a4ad73_0
  • /data/data/####/9207d62d18a4ad73_1
  • /data/data/####/923d32ae6c25f2b7_0
  • /data/data/####/923d32ae6c25f2b7_1
  • /data/data/####/925ad5a02fa26249_0
  • /data/data/####/9314ec5a7e21a343_0
  • /data/data/####/93318b74c2d4881a_0 (deleted)
  • /data/data/####/935f8bdfaf60156a_0
  • /data/data/####/93678d69142594b9_0
  • /data/data/####/93bd996194271a0f_0
  • /data/data/####/94ab5be9ef691e99_0
  • /data/data/####/950e9604600cc179_0
  • /data/data/####/95c9c67e164cdc38_0
  • /data/data/####/96395d084dd2f43b_0
  • /data/data/####/96395d084dd2f43b_1
  • /data/data/####/9663d57fe8c82dee_0
  • /data/data/####/970ceb5c7bb53337_0
  • /data/data/####/983192334df152ac_0 (deleted)
  • /data/data/####/985958d976619751_0
  • /data/data/####/985958d976619751_1
  • /data/data/####/98bbadd6a2bc9db7_0
  • /data/data/####/9c802c31a4ad47df_0
  • /data/data/####/9cb1bc8d6b035b17_0
  • /data/data/####/9d08eeb386c29d7a_0
  • /data/data/####/9d33ada572df1ddf_0
  • /data/data/####/9e74370f439e0870_0
  • /data/data/####/9edf11af3e976ca0_0 (deleted)
  • /data/data/####/Cookies-journal
  • /data/data/####/D75E99C9A338D24A1F840F280B0877ED.dex
  • /data/data/####/D75E99C9A338D24A1F840F280B0877ED.dex.flock (deleted)
  • /data/data/####/Emp.xml
  • /data/data/####/Emp.xml.bak
  • /data/data/####/F0736D63ACA7F31E7D1990D953ED1922.dex
  • /data/data/####/F0736D63ACA7F31E7D1990D953ED1922.dex.flock (deleted)
  • /data/data/####/F306422A50185CD1D1975B917A5A5962.dex
  • /data/data/####/F306422A50185CD1D1975B917A5A5962.dex.flock (deleted)
  • /data/data/####/Ix132mMskey1.xml
  • /data/data/####/Ix132mMtasks.xml
  • /data/data/####/Ix132mMtasks.xml.bak
  • /data/data/####/STORE_MAIN.xml
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/___rb.p12___
  • /data/data/####/__cid__v1__.dat
  • /data/data/####/__rbpr_up18__
  • /data/data/####/a0a6aecd490cabd7_0
  • /data/data/####/a1ad25019ae337ce_0
  • /data/data/####/a1ad25019ae337ce_1
  • /data/data/####/a1fd7c3272b09c56_0
  • /data/data/####/a2b1bf2e2f0b1d2f_0
  • /data/data/####/a2b1bf2e2f0b1d2f_1
  • /data/data/####/a3d27d7ccaafe4d3_0
  • /data/data/####/a3d44880f5857a99_0
  • /data/data/####/a4395c37a9fe0946_0
  • /data/data/####/a599ca8669d53c44_0
  • /data/data/####/a5afc76552ac9fba_0
  • /data/data/####/a5dcd5e747e88e99_0
  • /data/data/####/a8e9a51516ac9934_0
  • /data/data/####/aaebb82f790ae150_0
  • /data/data/####/abs.xml
  • /data/data/####/ac1d40b1e6cd7878_0
  • /data/data/####/ac1d40b1e6cd7878_0 (deleted)
  • /data/data/####/ad4e6698d603d66d_0
  • /data/data/####/ad6ffd6294e6d642_0
  • /data/data/####/add6e83659896dcb_0
  • /data/data/####/ae2e6037f9df9f05_0
  • /data/data/####/aec321db7552fcb7_0
  • /data/data/####/aee7842c4fda2e11_0
  • /data/data/####/afa84d18baf3c8ec_0
  • /data/data/####/afc432ee41dd7f5a_0
  • /data/data/####/afc432ee41dd7f5a_1
  • /data/data/####/ahq_spu_ti.xml
  • /data/data/####/b0712b431e2458ee_0
  • /data/data/####/b20fce2a7facac03_0
  • /data/data/####/b275fadf0ca9f202_0
  • /data/data/####/b2c6c6bb27f8613b_0
  • /data/data/####/b2f5adba5dfc1d43_0
  • /data/data/####/b37aafdfba84caca_0
  • /data/data/####/b4ebbfe2fd9fc81a_0
  • /data/data/####/b544dfd4dd2a0a49_0
  • /data/data/####/b6108f0258f362a2_0
  • /data/data/####/b6108f0258f362a2_1
  • /data/data/####/b658df43504c4461_0
  • /data/data/####/b697fc909f81bce6_0
  • /data/data/####/b716dea34989f43b_0
  • /data/data/####/b73451d7c92818c0_0
  • /data/data/####/b74fcb5f57829f97_0
  • /data/data/####/b77f17956aceae83_0
  • /data/data/####/b7ae703c56542ec7_0
  • /data/data/####/b85b44f223923253_0
  • /data/data/####/b9a5402a24041e6e_0
  • /data/data/####/bb6167b9314f48ab_0
  • /data/data/####/bc29b7b70babcc85_0
  • /data/data/####/bc29b7b70babcc85_1
  • /data/data/####/bc33107cfceaaa7c_0
  • /data/data/####/bc6cba40d46eae4e_0
  • /data/data/####/bc6cba40d46eae4e_1
  • /data/data/####/bcad4dfef986d4cb_0
  • /data/data/####/bda7049d681da6e2_0
  • /data/data/####/be554f35dee4bf29_0
  • /data/data/####/be554f35dee4bf29_1
  • /data/data/####/beccfb6faabbd74e_0
  • /data/data/####/bf30031f8bd47355_0
  • /data/data/####/bf335fd4298c6504_0
  • /data/data/####/bff0016603800b2c_0
  • /data/data/####/c02816cd5941d9b5_0
  • /data/data/####/c05507fe881eed5f_0
  • /data/data/####/c05507fe881eed5f_1
  • /data/data/####/c05a5249408877b1_0
  • /data/data/####/c08b4de273799391_0
  • /data/data/####/c37d16b601ef6180_0
  • /data/data/####/c4c7046355a18024_0
  • /data/data/####/c4c7046355a18024_0 (deleted)
  • /data/data/####/c4c7046355a18024_1
  • /data/data/####/c5367926008d137d_0
  • /data/data/####/c5c3b27db18763fa_0
  • /data/data/####/c5c3b27db18763fa_1
  • /data/data/####/c709eb7e22d5f9c3_0
  • /data/data/####/c709eb7e22d5f9c3_1
  • /data/data/####/c79a64f0afb7e1a9_0
  • /data/data/####/c7f51f2f63765e65_0
  • /data/data/####/c82b3d7888ca20ee_0
  • /data/data/####/c82b3d7888ca20ee_1
  • /data/data/####/c8b2565063bf8049_0
  • /data/data/####/cbc72a3eb95ee1fd_0
  • /data/data/####/cc3c202a7e18a664_0
  • /data/data/####/ccc1734876831815_0
  • /data/data/####/ccf40e84f3246233_0
  • /data/data/####/cd24d733e9067dc4_0
  • /data/data/####/cd6f4a72c3a838a0_0
  • /data/data/####/cd6f4a72c3a838a0_1
  • /data/data/####/ce7653d669c2693c_0
  • /data/data/####/cf0ce22c2b3949de_0
  • /data/data/####/cf0ce22c2b3949de_1
  • /data/data/####/cf3fea772fd2104c_0 (deleted)
  • /data/data/####/com.kmvo.xygz_preferences.xml
  • /data/data/####/comacerbzvm.xml
  • /data/data/####/comwusigeuzxci.xml
  • /data/data/####/comwusigeuzxci.xml.bak
  • /data/data/####/comxcxid.xml
  • /data/data/####/comxcxid.xml.bak
  • /data/data/####/countApi.xml
  • /data/data/####/d07255804ad34c41_0
  • /data/data/####/d1c6fcde5f750485_0
  • /data/data/####/d2288d162dc1be8f_0
  • /data/data/####/d2695b99e1142016_0
  • /data/data/####/d310c0e3df918122_0
  • /data/data/####/d3451e8a1d543a40_0 (deleted)
  • /data/data/####/d36fea425ffd1664_0
  • /data/data/####/d49b0bd54672d981_0
  • /data/data/####/d57a64d57bf641a2_0
  • /data/data/####/d6cfdb60a4b71bce_0
  • /data/data/####/d7753b21e5938a07_0
  • /data/data/####/d8dbb00fa87d7f11_0
  • /data/data/####/d952ff91f27e44a2_0
  • /data/data/####/d9faea2b4b928702_0
  • /data/data/####/dad634afeb374a83_0
  • /data/data/####/data.m
  • /data/data/####/db9c88a79eca22ec_0
  • /data/data/####/dc0567e1f9ec191e_0
  • /data/data/####/dc0567e1f9ec191e_1
  • /data/data/####/dc1279e829b25497_0
  • /data/data/####/dc1279e829b25497_1
  • /data/data/####/dce3e65cb2a3ba0e_0
  • /data/data/####/dce3e65cb2a3ba0e_1
  • /data/data/####/df219ae7e3677b9c_0
  • /data/data/####/df219ae7e3677b9c_1
  • /data/data/####/df624de35b3e247b_0
  • /data/data/####/e01831310f2d53e9_0
  • /data/data/####/e0cc22fbd494cacc_0
  • /data/data/####/e1091179fd18b446_0
  • /data/data/####/e13ade0358217955_0
  • /data/data/####/e252ed1232066fb2_0 (deleted)
  • /data/data/####/e27f5cb830028b82_0
  • /data/data/####/e27f5cb830028b82_1
  • /data/data/####/e28b5ba5d9b70676_0
  • /data/data/####/e31e2b6ecd3e78cf_0
  • /data/data/####/e31e2b6ecd3e78cf_1
  • /data/data/####/e41c38eab55c9e57_0
  • /data/data/####/e591e2681af16715_0
  • /data/data/####/e5e3a8b36e20edaa_0
  • /data/data/####/e6c7d918986159d3_0
  • /data/data/####/e7b081539edb9e0c_0
  • /data/data/####/e8806c393c212628_0
  • /data/data/####/e964a80714d778ac_0
  • /data/data/####/e9718a5916a26937_0
  • /data/data/####/e9fce6b96743fdbf_0
  • /data/data/####/eHhkX3Nw.xml
  • /data/data/####/eaed362e71cb6067_0
  • /data/data/####/ebdce518493d6d0b_0
  • /data/data/####/ece4adbf07c9d4b4_0
  • /data/data/####/ee360c63cc80bdc0_0
  • /data/data/####/ee594ee541344bc3_0 (deleted)
  • /data/data/####/ef8577d81c3b55fe_0
  • /data/data/####/ef8577d81c3b55fe_1
  • /data/data/####/f0a2fdad4cc0ba66_0
  • /data/data/####/f24382a6622b7b8e_0
  • /data/data/####/f26005bf558319ec_0
  • /data/data/####/f3b10db176b0debe_0
  • /data/data/####/f495d3b8838162f0_0
  • /data/data/####/f4c48756b74d98b0_0
  • /data/data/####/f4d30074c0c40657_0
  • /data/data/####/f53ce28bddfb5a94_0
  • /data/data/####/f5405eafe1e6c5b5_0
  • /data/data/####/f87d1dcc9be2b9e4_0
  • /data/data/####/f8f7147affba7464_0
  • /data/data/####/f9f884e7cc3a2a4a_0
  • /data/data/####/fa7736b673dc89fa_0
  • /data/data/####/faa94fdfe1472342_0
  • /data/data/####/fas.xml
  • /data/data/####/fas.xml.bak
  • /data/data/####/fc21226e7e737ee0_0
  • /data/data/####/fc483e0133447b44_0
  • /data/data/####/fcafdb6697c94d1f_0
  • /data/data/####/fe00a63d224cef9b_0
  • /data/data/####/fec0b3bd7133d5a8_0
  • /data/data/####/fec0b3bd7133d5a8_1
  • /data/data/####/ff7be7879fd8c715_0
  • /data/data/####/ffcab1e05a855112_0
  • /data/data/####/gPjE.dex
  • /data/data/####/gPjE.dex.flock (deleted)
  • /data/data/####/gPjE.jar
  • /data/data/####/http_58.218.92.50_808.localstorage-journal
  • /data/data/####/http_ask.ci123.com_0.localstorage-journal
  • /data/data/####/http_bbs.ci123.com_0.localstorage-journal
  • /data/data/####/http_www.ci123.com_0.localstorage-journal
  • /data/data/####/http_www.news18a.com_0.localstorage-journal
  • /data/data/####/http_zhangpc.zhitouip.com_808.localstorage-journal
  • /data/data/####/https_w.mgtv.com_0.localstorage-journal
  • /data/data/####/hxdata.xml
  • /data/data/####/index
  • /data/data/####/km01
  • /data/data/####/km09_4073.so
  • /data/data/####/km09_4073.so_tmp
  • /data/data/####/km13
  • /data/data/####/kms_02ext
  • /data/data/####/kw_137728
  • /data/data/####/kw_137728_tmp (deleted)
  • /data/data/####/libkm05.so
  • /data/data/####/libkm05_64.so
  • /data/data/####/metrics_guid
  • /data/data/####/mp16.tmp
  • /data/data/####/mp23.tmp
  • /data/data/####/mp27.tmp
  • /data/data/####/mp3.tmp
  • /data/data/####/mp44.tmp
  • /data/data/####/myconfig.xml
  • /data/data/####/pref_bl
  • /data/data/####/proc_auxv
  • /data/data/####/qi542320.apk
  • /data/data/####/qi542320_o
  • /data/data/####/qi542320_o.flock (deleted)
  • /data/data/####/qqsz_file.xml
  • /data/data/####/readzibao.xml
  • /data/data/####/ri.xml
  • /data/data/####/sdkinit.xml
  • /data/data/####/sdkinit.xml.bak
  • /data/data/####/sp16.dex
  • /data/data/####/sp16.dex.flock (deleted)
  • /data/data/####/sp16.jar
  • /data/data/####/sp23.dex
  • /data/data/####/sp23.dex.flock (deleted)
  • /data/data/####/sp23.jar
  • /data/data/####/sp27.dex
  • /data/data/####/sp27.dex.flock (deleted)
  • /data/data/####/sp27.jar
  • /data/data/####/sp3.dex
  • /data/data/####/sp3.dex.flock (deleted)
  • /data/data/####/sp3.jar
  • /data/data/####/sp44.dex
  • /data/data/####/sp44.dex.flock (deleted)
  • /data/data/####/sp44.jar
  • /data/data/####/sp_name.xml
  • /data/data/####/sp_name.xml.bak
  • /data/data/####/sp_pnio.xml
  • /data/data/####/spu_gz.xml
  • /data/data/####/spu_ti.xml
  • /data/data/####/spu_yj.xml
  • /data/data/####/szsh.xml
  • /data/data/####/the-real-index
  • /data/data/####/umengc.db
  • /data/data/####/uo.xml
  • /data/data/####/upz_5
  • /data/data/####/wBrand.xml
  • /data/data/####/web_info.xml
  • /data/data/####/xconf.xml
  • /data/data/####/xdt.dex
  • /data/data/####/xdt.dex.flock (deleted)
  • /data/data/####/xdt.jar
  • /data/data/####/xdtversion.xml
  • /data/media/####/.did
  • /data/media/####/.sxpc
  • /data/media/####/0DA6795BC4C4A5E065B1DDF3489B2558
  • /data/media/####/2021_04_13zibao
  • /data/media/####/33FC58C31FB491BC01333548F6507866
  • /data/media/####/33FC58C31FB491BC01333548F6507866.jar
  • /data/media/####/33FC58C31FB491BC01333548F6507866.temp
  • /data/media/####/4150B67B7A25EC827B10016C015401DC
  • /data/media/####/42EF8A3EFC8DE246EF6BE2A6A7AA380B
  • /data/media/####/42EF8A3EFC8DE246EF6BE2A6A7AA380B.temp
  • /data/media/####/42EF8A3EFC8DE246EF6BE2A6A7AA380B.zip
  • /data/media/####/47EDB4E7D8953EADC1D68DE1FD348769
  • /data/media/####/47EDB4E7D8953EADC1D68DE1FD348769.temp
  • /data/media/####/47EDB4E7D8953EADC1D68DE1FD348769.zip
  • /data/media/####/51F834546E1B2B19B8BEF5098FAFFD19
  • /data/media/####/51F834546E1B2B19B8BEF5098FAFFD19.temp
  • /data/media/####/51F834546E1B2B19B8BEF5098FAFFD19.zip
  • /data/media/####/54AE2A187DE0596E8A7C359047AE12D5
  • /data/media/####/54AE2A187DE0596E8A7C359047AE12D5.temp
  • /data/media/####/54AE2A187DE0596E8A7C359047AE12D5.zip
  • /data/media/####/5A596F7433DA4A9994F78A3553069154
  • /data/media/####/5A596F7433DA4A9994F78A3553069154.temp
  • /data/media/####/5A596F7433DA4A9994F78A3553069154.zip
  • /data/media/####/68DEC76182C6E7F775B58FEB5EDC33E0
  • /data/media/####/68DEC76182C6E7F775B58FEB5EDC33E0.temp
  • /data/media/####/68DEC76182C6E7F775B58FEB5EDC33E0.zip
  • /data/media/####/865DDFDE477A3DC51518CBC284893178
  • /data/media/####/865DDFDE477A3DC51518CBC284893178.temp
  • /data/media/####/865DDFDE477A3DC51518CBC284893178.zip
  • /data/media/####/933222D38468A7355428245A267B14FA
  • /data/media/####/B1982BB12AA1D70AE6F0A6179639C8AF
  • /data/media/####/B6CBB835E17D59920451CB35C289C049
  • /data/media/####/BBD54D910D295D7E3D5B6076141D6C61
  • /data/media/####/D1F52F53DF8E090E2243D0705DB02652
  • /data/media/####/D75E99C9A338D24A1F840F280B0877ED
  • /data/media/####/D75E99C9A338D24A1F840F280B0877ED.temp
  • /data/media/####/D75E99C9A338D24A1F840F280B0877ED.zip
  • /data/media/####/F0736D63ACA7F31E7D1990D953ED1922
  • /data/media/####/F0736D63ACA7F31E7D1990D953ED1922.temp
  • /data/media/####/F0736D63ACA7F31E7D1990D953ED1922.zip
  • /data/media/####/F11832B65281857628793ACEB8601D0E
  • /data/media/####/F306422A50185CD1D1975B917A5A5962
  • /data/media/####/F306422A50185CD1D1975B917A5A5962.temp
  • /data/media/####/F306422A50185CD1D1975B917A5A5962.zip
  • /data/media/####/F67204BA08EAFA75211D5FE1EB25E5F1
  • /data/media/####/gd
  • /data/media/####/isreadzibao
  • /data/media/####/ov
  • /data/misc/####/primary.prof
Другие:
Запускает следующие shell-скрипты:
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_xddd/p16/sp16.jar --oat-fd=255 --oat-location=/data/user/0/<Package>/app_xddd/p16/sp16.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_xddd/p23/sp23.jar --oat-fd=330 --oat-location=/data/user/0/<Package>/app_xddd/p23/sp23.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_xddd/p27/sp27.jar --oat-fd=343 --oat-location=/data/user/0/<Package>/app_xddd/p27/sp27.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_xddd/p3/sp3.jar --oat-fd=311 --oat-location=/data/user/0/<Package>/app_xddd/p3/sp3.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_xddd/p44/sp44.jar --oat-fd=320 --oat-location=/data/user/0/<Package>/app_xddd/p44/sp44.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/.2403297477.apk --oat-fd=94 --oat-location=/data/user/0/<Package>/code_cache/.2403297477.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/.2969407120.apk --oat-fd=132 --oat-location=/data/user/0/<Package>/code_cache/.2969407120.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/.3050965755.apk --oat-fd=149 --oat-location=/data/user/0/<Package>/code_cache/.3050965755.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/qi542320.apk --oat-fd=88 --oat-location=/data/user/0/<Package>/files/qi542320_o --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/tda/xdt.jar --oat-fd=87 --oat-location=/data/user/0/<Package>/files/tda/xdt.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/ayjk/<Package>/nktu/33FC58C31FB491BC01333548F6507866.jar --oat-fd=46 --oat-location=/data/user/0/<Package>/files/33FC58C31FB491BC01333548F6507866.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/42EF8A3EFC8DE246EF6BE2A6A7AA380B.zip --oat-fd=136 --oat-location=/data/user/0/<Package>/files/42EF8A3EFC8DE246EF6BE2A6A7AA380B.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/47EDB4E7D8953EADC1D68DE1FD348769.zip --oat-fd=144 --oat-location=/data/user/0/<Package>/files/47EDB4E7D8953EADC1D68DE1FD348769.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/51F834546E1B2B19B8BEF5098FAFFD19.zip --oat-fd=73 --oat-location=/data/user/0/<Package>/files/51F834546E1B2B19B8BEF5098FAFFD19.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/54AE2A187DE0596E8A7C359047AE12D5.zip --oat-fd=135 --oat-location=/data/user/0/<Package>/files/54AE2A187DE0596E8A7C359047AE12D5.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/5A596F7433DA4A9994F78A3553069154.zip --oat-fd=86 --oat-location=/data/user/0/<Package>/files/5A596F7433DA4A9994F78A3553069154.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/68DEC76182C6E7F775B58FEB5EDC33E0.zip --oat-fd=249 --oat-location=/data/user/0/<Package>/files/68DEC76182C6E7F775B58FEB5EDC33E0.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/865DDFDE477A3DC51518CBC284893178.zip --oat-fd=210 --oat-location=/data/user/0/<Package>/files/865DDFDE477A3DC51518CBC284893178.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/D75E99C9A338D24A1F840F280B0877ED.zip --oat-fd=45 --oat-location=/data/user/0/<Package>/files/D75E99C9A338D24A1F840F280B0877ED.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/F0736D63ACA7F31E7D1990D953ED1922.zip --oat-fd=256 --oat-location=/data/user/0/<Package>/files/F0736D63ACA7F31E7D1990D953ED1922.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/F306422A50185CD1D1975B917A5A5962.zip --oat-fd=48 --oat-location=/data/user/0/<Package>/files/F306422A50185CD1D1975B917A5A5962.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=<Package Folder>/extfiles/gPjE.jar --oat-fd=38 --oat-location=<Package Folder>/extfiles/gPjE.dex --compiler-filter=speed
  • /system/lib/arm/houdini /data/user/0/<Package>/files/kms_02ext /data/user/0/<Package>/files/kms_02ext --ru89 0 /data/user/0/<Package>/files/debuggerd_real
  • /system/lib/arm/houdini <Package Folder>/files/kw_137728 <Package Folder>/files/kw_137728 3 267009
  • cat /proc/version
  • cat /sys/class/net/wlan0/address
  • getprop ro.build.version.emui
  • getprop ro.build.version.opporom
  • getprop ro.miui.ui.version.name
  • getprop ro.smartisan.version
  • getprop ro.vivo.os.version
  • getprop ro.yunos.build.version
  • sh -c <Package Folder>/files/kw_137728 3 267009 &
  • sh -c cat /proc/4098/maps
Использует следующие алгоритмы для шифрования данных:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • DES
  • RSA-ECB-PKCS1Padding
  • RSA-None-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
  • AES
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS5Padding
  • DES
  • DES-CBC-PKCS5Padding
  • RSA-ECB-PKCS1Padding
  • RSA-None-PKCS1Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
Запрашивает разрешение на отображение системных уведомлений.

Рекомендации по лечению


Android

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке