Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) y####.6####.com:80
- TCP(HTTP/1.1) f####.f####.com:80
- TCP(HTTP/1.1) a####.exc.mob.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) s####.e.qq.com:80
- TCP(HTTP/1.1) qzones####.g####.cn.####.com:80
- TCP(HTTP/1.1) img.f####.com.####.net:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) 61.55.1####.34:8088
- TCP(HTTP/1.1) 61.55.1####.1:8088
- TCP(HTTP/1.1) qin####.com.www.####.com:80
- TCP(HTTP/1.1) sdk-ope####.g####.com:80
- TCP(HTTP/1.1) 2####.192.139.100:8088
- TCP(HTTP/1.1) imgc####.qq.com.####.com:80
- TCP(HTTP/1.1) mi.g####.qq.com:80
- TCP(TLS/1.0) p.hul####.com:443
- TCP(TLS/1.0) s####.e.qq.com:443
- TCP(TLS/1.0) d####.in####.com:443
- TCP sdk.o####.t####.####.com:5224
- TCP c####.g####.ig####.com:5225
- 7j####.c####.z0.####.com
- a####.exc.mob.com
- and####.b####.qq.com
- c####.g####.ig####.com
- c-h####.g####.com
- cs####.98####.com
- d####.in####.com
- f####.f####.com
- img.f####.com
- imgc####.qq.com
- mi.g####.qq.com
- pub-####.qin####.com
- qzones####.g####.cn
- s####.e.qq.com
- sdk-ope####.g####.com
- sdk.c####.ig####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- y####.6####.com
- f####.f####.com/Flux4AdData.aspx?id=####&appversion=####&Type=####
- img.f####.com.####.net/Novel/166x235/0/228/000228772.jpg
- img.f####.com.####.net/Novel/166x235/0/250/000250862.jpg
- img.f####.com.####.net/Novel/166x235/0/256/000256432.jpg
- img.f####.com.####.net/Novel/166x235/0/260/000260482.jpg
- img.f####.com.####.net/Novel/166x235/0/262/000262020.jpg
- img.f####.com.####.net/Novel/166x235/0/263/000263466.jpg
- img.f####.com.####.net/Novel/166x235/0/265/000265158.jpg
- img.f####.com.####.net/Novel/166x235/0/265/000265747.jpg
- img.f####.com.####.net/Novel/166x235/0/265/000265866.jpg
- img.f####.com.####.net/Novel/166x235/0/268/000268000.jpg
- img.f####.com.####.net/Novel/166x235/0/269/000269166.jpg
- img.f####.com.####.net/Novel/166x235/0/269/000269566.jpg
- img.f####.com.####.net/Novel/166x235/0/273/000273055.jpg
- img.f####.com.####.net/Novel/166x235/0/273/000273268.jpg
- img.f####.com.####.net/Novel/166x235/0/274/000274412.jpg
- img.f####.com.####.net/Novel/166x235/0/277/000277838.jpg
- img.f####.com.####.net/Novel/166x235/0/279/000279176.jpg
- img.f####.com.####.net/ou/2018/20180815093800.png
- img.f####.com.####.net/ou/2019/20190520153032.jpg
- imgc####.qq.com.####.com/qzone/biz/gdt/mod/android/AndroidAllInOne/progu...
- mi.g####.qq.com/gdt_mview.fcg?posw=####&posh=####&count=####&r=####&data...
- mi.g####.qq.com/gdt_mview.fcg?posw=####&spsa=####&posh=####&count=####&r...
- qin####.com.www.####.com/tdata_EDT369
- qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/banner.a...
- qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/banner.h...
- qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/a...
- qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/b...
- qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/c...
- qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/d...
- qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/g...
- qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/i...
- qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/s...
- qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/t...
- qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/js-relea...
- qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/js/lib/r...
- t####.c####.q####.####.com/config/hz-hzv6.conf
- t####.c####.q####.####.com/tdata_Jga153
- t####.c####.q####.####.com/tdata_Rvc757
- t####.c####.q####.####.com/tdata_bca864
- t####.c####.q####.####.com/tdata_mSr887
- y####.6####.com/r/8f/561.html
- a####.exc.mob.com/errconf
- and####.b####.qq.com/rqd/async
- and####.b####.qq.com/rqd/async?aid=####
- c-h####.g####.com/api.php?format=####&t=####
- s####.e.qq.com/activate
- s####.e.qq.com/msg
- sdk-ope####.g####.com/api.php?format=####&t=####
- sdk-ope####.g####.com/api.php?format=####&t=####&d=####&k=####
- /data/data/####/-1154778678
- /data/data/####/.duid
- /data/data/####/.lock
- /data/data/####/.vpl_lock
- /data/data/####/1004
- /data/data/####/2301.yaqcookie
- /data/data/####/3d2bb6b2f92d
- /data/data/####/555566981
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/BuglySdkInfos.xml
- /data/data/####/GDTSDK.db
- /data/data/####/GDTSDK.db-journal
- /data/data/####/MultiDex.lock
- /data/data/####/ThrowalbeLog.db-journal
- /data/data/####/bugly_db_-journal
- /data/data/####/bugly_db_legu-journal
- /data/data/####/config.xml
- /data/data/####/crashrecord.xml
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/devCloudSetting.cfg
- /data/data/####/devCloudSetting.sig
- /data/data/####/dexMethod.82894129.dat
- /data/data/####/domain_1
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/faloodb.db-journal
- /data/data/####/gdaemon_20161017
- /data/data/####/gdt_config.cfg
- /data/data/####/gdt_plugin.jar
- /data/data/####/gdt_plugin.jar.sig
- /data/data/####/gdt_plugin.tmp
- /data/data/####/gdt_plugin.tmp.sig
- /data/data/####/gdt_stat.db
- /data/data/####/gdt_stat.db-journal
- /data/data/####/gdt_suid
- /data/data/####/getui_sp.xml
- /data/data/####/gkt-journal
- /data/data/####/gx_sp.xml
- /data/data/####/index
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/libnfix.so
- /data/data/####/libshella-2.9.0.2.so
- /data/data/####/libufix.so
- /data/data/####/libyaqbasic.82894129.so
- /data/data/####/libyaqpro.82894129.so
- /data/data/####/local_crash_lock
- /data/data/####/mfbook.db
- /data/data/####/mfbook.db-journal
- /data/data/####/mix.dex
- /data/data/####/mob_commons_1
- /data/data/####/multidex.version.xml
- /data/data/####/native_record_lock
- /data/data/####/okgo.db-journal
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushk.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/run.pid
- /data/data/####/sdkCloudSetting.cfg
- /data/data/####/sdkCloudSetting.sig
- /data/data/####/security_info
- /data/data/####/tdata_Jga153
- /data/data/####/tdata_Jga153.jar
- /data/data/####/tdata_Rvc757
- /data/data/####/tdata_Rvc757.jar
- /data/data/####/tdata_bca864
- /data/data/####/tdata_bca864.jar
- /data/data/####/tdata_mSr887
- /data/data/####/tdata_mSr887.jar
- /data/data/####/update_lc
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/yaqsdkcookie
- /data/media/####/.artc_lock
- /data/media/####/.di
- /data/media/####/.dic_lock
- /data/media/####/.duid
- /data/media/####/.globalLock
- /data/media/####/.im_lock
- /data/media/####/.lesd_lock
- /data/media/####/.mn_-1464060969
- /data/media/####/.nomedia
- /data/media/####/.pkg_lock
- /data/media/####/.pkgs_lock
- /data/media/####/.rc_lock
- /data/media/####/.slw
- /data/media/####/.ss_lock
- /data/media/####/05ab04126364e8012a41473798bca919c58fd8c13a32a3....0.tmp
- /data/media/####/11cd75ca4fe105fd6b24012b5eaee677464914e53aa181....0.tmp
- /data/media/####/1848a91e626de131677e415ed85c5bfeed5bacaa46d43c....0.tmp
- /data/media/####/1c0f92892cfe2bab34d7a2958c238f24af680099e02b5c....0.tmp
- /data/media/####/1f94177c8542ac22654a94464e83b1363815d6856c7181....0.tmp
- /data/media/####/2d699e2741135bdc8e19895d9880104d3f3300eb665990....0.tmp
- /data/media/####/2f4546209addd8011baa80ad693c0b13716a1b7c4db3c5....0.tmp
- /data/media/####/35eb354f4d52c558dfe5b32f5d2395357d9875722f8239....0.tmp
- /data/media/####/4ce472565d6af11c6b5b03c3c1e6f68e2c54ad4e2528f1....0.tmp
- /data/media/####/6e8ac538f3694605df296fb1fc33dba5016ef52eb2072c....0.tmp
- /data/media/####/7205f2bee8dbb200fef157204c838c959aa37049620cb8....0.tmp
- /data/media/####/80242a1bc77ca749acf2036119eb4b8db5e9c25cf511ac....0.tmp
- /data/media/####/8fc81199536eb79d78f64c99f4bc8c4952659d3903cd40....0.tmp
- /data/media/####/904a6521f14bfa32f854ae5fdbd5d9cb0db68ca8bb4aaf....0.tmp
- /data/media/####/9575ed9eb4d3d97ef9d40308bb5266439b056949a20123....0.tmp
- /data/media/####/a6a044ae6d6b54c256e7a364769f56740fd1e837bb9655....0.tmp
- /data/media/####/app.db
- /data/media/####/b411d54ee93c5b37705f456bbfc9d04c0fa25316556195....0.tmp
- /data/media/####/c1dd67fbdecc372cf2c53cbbb2979e1434eb0607319dc1....0.tmp
- /data/media/####/com.faloo.MFXSDaquan.bin
- /data/media/####/com.faloo.MFXSDaquan.db
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/e1479b393446e1219c526a2126861ee4f15aaa9cc05f25....0.tmp
- /data/media/####/e9e565628ae2899778d8c88915685102388bd00df34589....0.tmp
- /data/media/####/fdf74edcef60b5d4d208234bfd733ff77935dd814d5264....0.tmp
- /data/media/####/gkt-journal
- /data/media/####/gktper
- /data/media/####/journal.tmp
- /data/media/####/tdata_Jga153
- /data/media/####/tdata_Rvc757
- /data/media/####/tdata_bca864
- /data/media/####/tdata_mSr887
- /data/media/####/test.log
- /data/media/####/wddgh5-1.apk
- /data/media/####/wddgh5.apk
- /system/bin/cat /proc/cpuinfo
- /system/bin/sh -c getprop
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- <Package Folder>/files/gdaemon_20161017 0 <Package>/com.faloo.service.getui.GeTuiPushService 24860 300 0
- cat /sys/class/net/wlan0/address
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 700 <Package Folder>/tx_shell/libnfix.so
- chmod 700 <Package Folder>/tx_shell/libshella-2.9.0.2.so
- chmod 700 <Package Folder>/tx_shell/libufix.so
- getprop
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.vivo.os.build.display.id
- getprop ro.yunos.version
- logcat *:e *:i | grep (2301)
- logcat *:e *:i | grep (2370)
- logcat *:e *:i | grep "(2301)"
- logcat *:e *:i | grep "(2370)"
- logcat -d -v threadtime
- mount
- sh
- Bugly
- encrypt
- getuiext3
- libnfix
- libshella-2.9.0.2
- libufix
- libyaqbasic.82894129
- libyaqpro.82894129
- nfix
- ufix
- AES-CBC-PKCS5Padding
- AES-CFB-NoPadding
- AES-ECB-PKCS5Padding
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
- AES-ECB-NoPadding
- AES-ECB-PKCS5Padding
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding