Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) api.n####.i####.com:80
- TCP(HTTP/1.1) ife####.3g.i####.com:80
- TCP(HTTP/1.1) u####.icl####.i####.com:80
- TCP(HTTP/1.1) loc.map.b####.com:80
- TCP(HTTP/1.1) i####.del####.i####.com:80
- TCP(HTTP/1.1) www.qchann####.cn:80
- TCP(HTTP/1.1) api.icl####.i####.com:80
- TCP(HTTP/1.1) api.i####.i####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) cloud####.fengkon####.com:80
- TCP(HTTP/1.1) ai####.anal####.cn:8089
- TCP(HTTP/1.1) st####.i####.com:80
- TCP(HTTP/1.1) f####.fengkon####.com:80
- TCP(HTTP/1.1) mem####.3####.net:80
- TCP(HTTP/1.1) ur####.anal####.cn:8089
- TCP(TLS/1.0) u####.icl####.i####.com:443
- TCP(TLS/1.0) api.i####.i####.com:443
- TCP(TLS/1.0) et2-na6####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) api.shu####.cn:443
- TCP(TLS/1.0) api.icl####.i####.com:443
- TCP(TLS/1.0) fp.fraudme####.cn:443
- TCP(TLS/1.0) st####.shu####.cn:443
- TCP(TLS/1.0) api.pus####.i####.com:443
- TCP(TLS/1.0) daa.shu####.cn:443
- TCP i####.ifen####.com:80
- ai####.anal####.cn
- and####.b####.qq.com
- api.i####.i####.com
- api.icl####.i####.com
- api.n####.i####.com
- api.pus####.i####.com
- api.shu####.cn
- c####.i####.com
- cloud####.fengkon####.com
- daa.shu####.cn
- dai.shu####.cn
- f####.fengkon####.com
- fp.fraudme####.cn
- i####.del####.i####.com
- i####.del####.i####.com
- i####.ifen####.com
- ife####.3g.i####.com
- loc.map.b####.com
- plb####.u####.com
- st####.i####.com
- st####.shu####.cn
- sta####.i####.com
- u####.icl####.i####.com
- u####.u####.com
- ur####.anal####.cn
- www.3####.org
- www.qchann####.cn
- api.i####.i####.com/client_base_config?configType=####&&gv=####&av=####&...
- api.i####.i####.com/client_base_config?configType=####&gv=####&av=####&u...
- api.i####.i####.com/client_base_config?gv=####&av=####&uid=####&deviceid...
- api.i####.i####.com/ifengNewsKeepLiveConfig?gv=####&av=####&uid=####&dev...
- api.i####.i####.com/interest_select?gv=####&av=####&uid=####&deviceid=##...
- api.i####.i####.com/news/adTipConfig?&headLogoType=####&province=####&ci...
- api.icl####.i####.com/client_base_config?configType=####&&gv=####&av=###...
- api.icl####.i####.com/client_base_config?configType=####&gv=####&av=####...
- api.icl####.i####.com/client_base_config?configType=####&newInstall=####...
- api.icl####.i####.com/client_base_config?gv=####&av=####&uid=####&device...
- api.icl####.i####.com/ifengNewsKeepLiveConfig?gv=####&av=####&uid=####&d...
- api.icl####.i####.com/interest_select?gv=####&av=####&uid=####&deviceid=...
- api.n####.i####.com/ClientAdversApi1508?iua=####&adids=####&gv=####&av=#...
- i####.del####.i####.com/getmcode?iua=####&adid=####&gv=####&av=####&uid=...
- ife####.3g.i####.com/ad/pid.php?pid=####&gv=####&proid=####&os=####
- mem####.3####.net/dyndns/getip
- st####.i####.com/appsta.js?datatype=####&datatype2=####&mos=####&softver...
- st####.i####.com/appsta.js?datatype=####&mos=####&softversion=####&publi...
- u####.icl####.i####.com/event_protal/list_api?gv=####&av=####&uid=####&d...
- ai####.anal####.cn:8089/
- and####.b####.qq.com/rqd/async
- api.i####.i####.com/ClientNews?id=####&action=####&gv=####&av=####&uid=#...
- cloud####.fengkon####.com/v2/device/conf
- f####.fengkon####.com/v2/device/profile
- i####.del####.i####.com/LogReceiver/savelog
- loc.map.b####.com/offline_loc
- loc.map.b####.com/sdk.php
- u####.icl####.i####.com/appsta.js
- ur####.anal####.cn:8089/
- www.qchann####.cn/center/adj
- www.qchann####.cn/center/adj?appkey=####
- /data/anr/traces.txt
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/.td-3
- /data/data/####/1cdb1292f33954bf4277f61a62229
- /data/data/####/49cef1324178a0f891518558d2f72580
- /data/data/####/54feb131db3b2146c4e35ddc399bbc90
- /data/data/####/61569f186adb1a28f957f2afc8b48c4f
- /data/data/####/73692c384a5a92e84ad3e389dfdc1
- /data/data/####/8a4966925741cd5e4c24f153f81a9
- /data/data/####/8c249dba19b8987e1ae4e85ab047a8dd
- /data/data/####/8ec69d5a71e4ddb2d381f29511aefce7
- /data/data/####/9732985cba77455a16a27d949b35516e
- /data/data/####/Alvin2.xml
- /data/data/####/COMMENTS_DB.db
- /data/data/####/COMMENTS_DB.db-journal
- /data/data/####/ContextData.xml
- /data/data/####/FirstLogin.xml
- /data/data/####/PushSettings.xml.xml
- /data/data/####/QT.xml
- /data/data/####/TeleSign.db-journal
- /data/data/####/a6f2b12d2c2c90367adfab4ca75c8d19
- /data/data/####/a==7.4.0&&6.1.8_1542282301950_envelope.log
- /data/data/####/arch.xml
- /data/data/####/b9eccfc2c8dedfc94fd4dd7301b8ae
- /data/data/####/bugly_db_-journal
- /data/data/####/c2f8c11ea23346a39deaf566e3c8b1
- /data/data/####/cloudms.conf.xml
- /data/data/####/com.ifeng.ipush.xml
- /data/data/####/com.ifext.news_dna.xml
- /data/data/####/com.ifext.news_preferences.xml
- /data/data/####/com.ifext.news_preferences.xml.bak
- /data/data/####/com.ifext.news_prefs.xml
- /data/data/####/com.ifext.news_prefs.xml.bak
- /data/data/####/com.shumei.xml
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQyMjgyMjk2OTA2;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQyMjgyMzEwOTk5;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQyMjgyMzEzODc0;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQyMjgyMzIzMTg2;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQyMjgyMzM2ODUz;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQyMjgyMzMxNDMw;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQyMjgyMzQ1NjY1;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQyMjgyMzQwMjAw;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQyMjgyMzUyNTYz;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQyMjgyMzYxNDM3;
- /data/data/####/daemon
- /data/data/####/dayofyear.xml
- /data/data/####/du.lock
- /data/data/####/eguan.db
- /data/data/####/eguan.db-journal
- /data/data/####/eguan_app.db
- /data/data/####/eguan_app.db-journal
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f668369fce3e1fe325ccd6f55d5d2a3
- /data/data/####/firll.dat
- /data/data/####/fm_shared.xml
- /data/data/####/geofencing.db
- /data/data/####/geofencing.db-journal
- /data/data/####/i==1.2.0&&6.1.8_1542282297070_envelope.log
- /data/data/####/i==1.2.0&&6.1.8_1542282311045_envelope.log
- /data/data/####/i==1.2.0&&6.1.8_1542282361453_envelope.log
- /data/data/####/ifeng_advert_pre.dat
- /data/data/####/ifeng_advert_task.dat
- /data/data/####/ifeng_log_GT-I8190.txt
- /data/data/####/ifeng_main.db
- /data/data/####/ifeng_main.db-journal
- /data/data/####/ifeng_statitics+6.1.8.dat
- /data/data/####/info.xml
- /data/data/####/info_flow_record
- /data/data/####/libjiagu-1502561448.so
- /data/data/####/local_crash_lock
- /data/data/####/mipush_extra.xml
- /data/data/####/multidex.version.xml
- /data/data/####/ofl.config
- /data/data/####/ofl_location.db
- /data/data/####/ofl_location.db-journal
- /data/data/####/ofl_statistics.db
- /data/data/####/ofl_statistics.db-journal
- /data/data/####/push_dialog_opened.xml
- /data/data/####/push_record.db
- /data/data/####/push_record.db-journal
- /data/data/####/push_switch_sp.xml
- /data/data/####/qihoo_jiagu_crash_report.xml
- /data/data/####/qtsession.xml
- /data/data/####/reading_history.db
- /data/data/####/reading_history.db-journal
- /data/data/####/red_dot_record.xml
- /data/data/####/security_info
- /data/data/####/seq.xml
- /data/data/####/sp_replace_flag.sp
- /data/data/####/sp_replace_flag.sp.bak
- /data/data/####/sputil.sp
- /data/data/####/sputil.sp.bak
- /data/data/####/subscriptionTag.xml
- /data/data/####/td_fm.jar
- /data/data/####/timereward_keys
- /data/data/####/tracker.db-journal
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/um_pri.xml
- /data/data/####/umdat.xml
- /data/data/####/umeng_common_config.xml
- /data/data/####/umeng_common_config.xml.bak
- /data/data/####/umeng_common_config.xml.bak (deleted)
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_general_config.xml.bak
- /data/data/####/umeng_general_config.xml.bak (deleted)
- /data/data/####/umeng_it.cache
- /data/data/####/webview.db-journal
- /data/media/####/._android.dat
- /data/media/####/._driver.dat
- /data/media/####/._system.dat
- /data/media/####/.a.dat
- /data/media/####/.adfwe.dat
- /data/media/####/.cca.dat
- /data/media/####/.cuid
- /data/media/####/.nomedia
- /data/media/####/.td-3
- /data/media/####/.thumbcache_idx0
- /data/media/####/.umm.dat
- /data/media/####/1cdb1292f33954bf4277f61a62229
- /data/media/####/23abac3dcac3d81af85b63f45995ca3b
- /data/media/####/2c25ce1bdc6c4034
- /data/media/####/49cef1324178a0f891518558d2f72580
- /data/media/####/54feb131db3b2146c4e35ddc399bbc90
- /data/media/####/61569f186adb1a28f957f2afc8b48c4f
- /data/media/####/62ac12d43df7379f8db2886fad729535
- /data/media/####/73692c384a5a92e84ad3e389dfdc1
- /data/media/####/8a4966925741cd5e4c24f153f81a9
- /data/media/####/8c249dba19b8987e1ae4e85ab047a8dd
- /data/media/####/8ec69d5a71e4ddb2d381f29511aefce7
- /data/media/####/93b0e6828616f746
- /data/media/####/9732985cba77455a16a27d949b35516e
- /data/media/####/9ba44b48ef720d89ca156d9ce8b4cdc4
- /data/media/####/AN.csv-20181115114506
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/TruthInfo.csv-1542282309245
- /data/media/####/UA.csv-20181115114511
- /data/media/####/_android.dat
- /data/media/####/_driver.dat
- /data/media/####/_system.dat
- /data/media/####/a6f2b12d2c2c90367adfab4ca75c8d19
- /data/media/####/ab27f9f1b93a8ae7c530bd9d5348ced7
- /data/media/####/apge.csv-20181115114518
- /data/media/####/apge.csv-20181115114532
- /data/media/####/apge.csv-20181115114541
- /data/media/####/apge.csv-20181115114549
- /data/media/####/apge.csv-20181115114557
- /data/media/####/b9eccfc2c8dedfc94fd4dd7301b8ae
- /data/media/####/bce9c779aba6926366427a98c7699cba
- /data/media/####/c2f8c11ea23346a39deaf566e3c8b1
- /data/media/####/cfbc1d23cc4b7c3336649382ee049d9c
- /data/media/####/conlts.dat
- /data/media/####/f668369fce3e1fe325ccd6f55d5d2a3
- /data/media/####/ifeng_news_cache_map
- /data/media/####/ifeng_news_cache_timestamp
- /data/media/####/ifeng_news_file_like
- /data/media/####/ifeng_news_local_select
- /data/media/####/ifeng_news_readed
- /data/media/####/ller.dat
- /data/media/####/ls.db
- /data/media/####/ls.db-journal
- /data/media/####/qt.csv.1542282299514.txt
- /data/media/####/shumei.txt
- /data/media/####/sysid.dat
- /data/media/####/test.0
- /data/media/####/uuid
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- cat /proc/cpuinfo
- cat /proc/self/cgroup
- chmod 444/storage/emulated/0/.qmt/.td-3
- chmod 444/storage/emulated/0/.td-3
- chmod 444/storage/emulated/0/.um/.td-3
- chmod 444/storage/emulated/0/Alarms/.td-3
- chmod 444/storage/emulated/0/Android/.td-3
- chmod 444/storage/emulated/0/DCIM/.td-3
- chmod 444/storage/emulated/0/Download/.td-3
- chmod 444/storage/emulated/0/MQ/.td-3
- chmod 444/storage/emulated/0/Movies/.td-3
- chmod 444/storage/emulated/0/Music/.td-3
- chmod 444/storage/emulated/0/Notifications/.td-3
- chmod 444/storage/emulated/0/Podcasts/.td-3
- chmod 444/storage/emulated/0/Ringtones/.td-3
- chmod 444/storage/emulated/0/baidu/.td-3
- chmod 444/storage/emulated/0/qmt/.td-3
- chmod 700 <Package Folder>/app_bin/daemon
- date
- df
- getprop net.dns1
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.vivo.os.build.display.id
- id
- logcat -d -v threadtime
- ls -l /system/xbin/su
- ls /dev/socket
- ls /sys/class/thermal
- ls /system/fonts
- mkdir -p <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/
- ps
- service call iphonesubinfo 1
- sh -c cat
- sh -c cat /proc/meminfo
- sh -c cat /proc/sys/kernel/osrelease
- sh -c cat /proc/sys/kernel/random/boot_id
- sh -c cat /proc/sys/kernel/random/uuid
- sh -c cat /proc/uptime
- sh -c cat /sys/block/mmcblk0/device/cid
- sh -c cat /sys/class/net/eth0/address
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/..ccdid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/..ccvid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/._android.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/._driver.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/._system.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/.aio.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.ccdid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.ccvid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_android.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_driver.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_system.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/aio.dat
- sh -c cd /proc/;cat cpuinfo
- sh -c cd /proc/net/ && cat arp
- sh -c cd /proc/self/;cat status
- sh -c cd /sys/class/net/eth0/ && cat address
- sh -c cd /sys/class/net/wlan0/ && cat address
- sh -c echo ODQzQzUyMDczMDBFRTQ5ODk4M0FEQkJGRDFENDYwQTBFOTQ5NjQ6QzhGOUMyOkU4MzdFRQ== > <SD-Card>/../../../../../..<SD-Card>/._driver.dat
- sh -c echo ODQzQzUyMDczMDBFRTQ5ODk4M0FEQkJGRDFENDYwQTBFOTQ5NjQ6QzhGOUMyOkU4MzdFRQ== > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_driver.dat
- sh -c echo QjU4NUVFQTBCMEQ3MkI1Mzg5QjM5ODQ1MzQ1NUNFMDMzQzdBQjU6ODg2Qzc4OjI3RERDMw== > <SD-Card>/../../../../../..<SD-Card>/._system.dat
- sh -c echo QjU4NUVFQTBCMEQ3MkI1Mzg5QjM5ODQ1MzQ1NUNFMDMzQzdBQjU6ODg2Qzc4OjI3RERDMw== > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_system.dat
- sh -c echo REE1QzQxN0ExOTlFOUQ1OUMyQTIyQzU5MzUzNkJBRDM0QzUxRDU6MTk1RkY3OjRFOUIyNw== > <SD-Card>/../../../../../..<SD-Card>/._android.dat
- sh -c echo REE1QzQxN0ExOTlFOUQ1OUMyQTIyQzU5MzUzNkJBRDM0QzUxRDU6MTk1RkY3OjRFOUIyNw== > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_android.dat
- toolbox ps -p -P -x -c
- Bugly
- du
- ifeng_secure
- libjiagu-1502561448
- locSDK6a
- securityenv
- sign
- smsdk
- tongdun
- tpnsSecurity
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- AES-GCM-NoPadding
- DES-CBC-PKCS5Padding
- DESede-CBC-PKCS5Padding
- RSA
- RSA-ECB-PKCS1Padding
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- AES-GCM-NoPadding
- DES-ECB-NoPadding