Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) d####.dushem####.com:80
- TCP(HTTP/1.1) c.d####.mob.com:80
- TCP(HTTP/1.1) api.s####.mob.com:80
- TCP(HTTP/1.1) a####.b####.qq.com:8011
- TCP(HTTP/1.1) ti####.c####.l####.####.com:80
- TCP(HTTP/1.1) a####.b####.qq.com:8012
- TCP(HTTP/1.1) d####.d####.mob.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) rs.eas####.com:80
- TCP(HTTP/1.1) k####.eas####.com:80
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(HTTP/1.1) cd####.dushem####.com:80
- TCP(HTTP/1.1) 3####.97.9.52:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) loc.map.b####.com:80
- TCP(HTTP/1.1) im####.dushem####.com.####.cn:80
- TCP(HTTP/1.1) qin####.com.www.####.com:80
- TCP(HTTP/1.1) a####.exc.mob.com:80
- TCP(HTTP/1.1) m.d####.mob.com:80
- TCP(TLS/1.0) l####.cc:443
- TCP(TLS/1.0) api.map.b####.com:443
- TCP sdk.o####.t####.####.com:5224
- TCP c####.g####.ig####.com:5224
- 7j####.c####.z0.####.com
- a####.b####.qq.com
- a####.exc.mob.com
- aexcep####.b####.qq.com
- and####.b####.qq.com
- api.map.b####.com
- api.s####.mob.com
- c####.g####.ig####.com
- c-h####.g####.com
- c.d####.mob.com
- cd####.dushem####.com
- d####.d####.mob.com
- d####.dushem####.com
- im####.dushem####.com
- k####.eas####.com
- l####.cc
- loc.map.b####.com
- m.d####.mob.com
- pub-####.qin####.com
- rs.eas####.com
- s####.dushem####.com
- sdk.c####.ig####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- api.s####.mob.com/date
- cd####.dushem####.com/dsmovieapi/e78d375e67fa436f/ad/list_place_ads/1?sy...
- cd####.dushem####.com/dsmovieapi/e78d375e67fa436f/common/check_version/1...
- cd####.dushem####.com/dsmovieapi/e78d375e67fa436f/common/get_validate_ho...
- cd####.dushem####.com/dsmovieapi/e78d375e67fa436f/common/list_app_dictio...
- cd####.dushem####.com/dsmovieapi/e78d375e67fa436f/common/list_filter_wor...
- cd####.dushem####.com/dsmovieapi/e78d375e67fa436f/common/list_validate_t...
- cd####.dushem####.com/dsmovieapi/e78d375e67fa436f/daily-recmd/list-disco...
- cd####.dushem####.com/dsmovieapi/e78d375e67fa436f/daily_recmd/list_daily...
- cd####.dushem####.com/dsmovieapi/e78d375e67fa436f/daily_recmd/list_main_...
- cd####.dushem####.com/dsmovieapi/e78d375e67fa436f/movie/get_douban_analy...
- cd####.dushem####.com/dsmovieapi/e78d375e67fa436f/movie_sheet/get_newest...
- im####.dushem####.com.####.cn/other/20160902/44/cba3b557b4364b86b3782955...
- im####.dushem####.com.####.cn/other/20160902/c2/1913437da2504124b5248938...
- im####.dushem####.com.####.cn/other/20160902/c9/ffd77d7b5f6945af9a96eb30...
- im####.dushem####.com.####.cn/other/20160902/e6/7fba7cf6bfd448e498c887aa...
- im####.dushem####.com.####.cn/other/20170808/da/b03b9cb96d8b4b9a80c50c25...
- im####.dushem####.com.####.cn/other/20170915/a0/3cdff8dee22d4988b8b4bee9...
- im####.dushem####.com.####.cn/other/20171121/2e/4b01ce96b6bd46f58f7afa55...
- im####.dushem####.com.####.cn/other/20171121/c9/8614b8ae08264926abad7be4...
- im####.dushem####.com.####.cn/other/20171121/da/f7a0115c2c6e4603a1608eed...
- im####.dushem####.com.####.cn/other/20190219/1738/5c6bceb0ed475.png
- im####.dushem####.com.####.cn/other/20190328/1930/5c9cb057af138.jpg
- im####.dushem####.com.####.cn/other/20190401/1517/5ca1bb204aa0b.jpg
- im####.dushem####.com.####.cn/other/20190403/1028/5ca41a3287c8d.jpg
- im####.dushem####.com.####.cn/other/20190403/1921/5ca4973dceee3.jpg
- im####.dushem####.com.####.cn/other/20190404/1931/5ca5eafc21366.jpg
- im####.dushem####.com.####.cn/other/20190406/0116/5ca78d85dd202.jpg
- im####.dushem####.com.####.cn/other/20190406/0128/5ca79035ea150.jpg
- im####.dushem####.com.####.cn/other/20190406/1214/5ca8279540651.gif
- im####.dushem####.com.####.cn/portrait/20170328/26/c040536ead06471b88579...
- k####.eas####.com/v1/visitors/tenants/41744
- m.d####.mob.com/cconf?appkey=####&plat=####&apppkg=####&appver=####&netw...
- qin####.com.www.####.com/tdata_EDT369
- rs.eas####.com/easemob/server.json?sdk_version=####&app_key=####&file_ve...
- t####.c####.q####.####.com/tdata_JNg986
- t####.c####.q####.####.com/tdata_MkX219
- t####.c####.q####.####.com/tdata_iRz660
- t####.c####.q####.####.com/tdata_zzW503
- ti####.c####.l####.####.com/config/hz-hzv3.conf
- a####.b####.qq.com:8011/rqd/async
- a####.b####.qq.com:8012/rqd/async
- a####.exc.mob.com/errconf
- and####.b####.qq.com/rqd/async
- api.s####.mob.com/conf5
- api.s####.mob.com/conn
- api.s####.mob.com/data2
- api.s####.mob.com/log4
- c-h####.g####.com/api.php?format=####&t=####
- c.d####.mob.com/cdata
- d####.d####.mob.com/dinfo
- d####.d####.mob.com/dsign
- d####.dushem####.com/dsmovieapi/e78d375e67fa436f/account/report_push_tok...
- d####.dushem####.com/dsmovieapi/e78d375e67fa436f/activity/new_user_gift/1
- d####.dushem####.com/dsmovieapi/e78d375e67fa436f/daily-recmd/list-inform...
- d####.dushem####.com/dsmovieapi/e78d375e67fa436f/daily_recmd/get_daily_r...
- d####.dushem####.com/dsmovieapi/e78d375e67fa436f/daily_recmd/list_daily_...
- d####.dushem####.com/dsmovieapi/e78d375e67fa436f/movie_sheet/list_custom...
- d####.dushem####.com/dsmovieapi/e78d375e67fa436f/resource_charts/list_re...
- d####.dushem####.com/dsmovieapi/e78d375e67fa436f/user/list_grade/1
- d####.dushem####.com/dsmovieapi/e78d375e67fa436f/user/sign_in/1
- d####.dushem####.com/dsmovieapi/e78d375e67fa436f/user_relation/get_unrea...
- loc.map.b####.com/sdk.php
- sdk.o####.p####.####.com/api.php?format=####&t=####
- sdk.o####.p####.####.com/api.php?format=####&t=####&d=####&k=####
- /data/data/####/.lock
- /data/data/####/.mrecord
- /data/data/####/.mrlock
- /data/data/####/.statistics
- /data/data/####/04bfc11c9cbb2e08108a059065f1d5ca904568a28f1f468....0.tmp
- /data/data/####/0ba6b6c135df15281b6f5841866a8f42e58bbd009819fc7....0.tmp
- /data/data/####/20c3e4ad08020f7af49abf85395fb09b955b153a9047a25....0.tmp
- /data/data/####/34fd51b64acbbc87238250df248fff26e88068191fa8dde....0.tmp
- /data/data/####/46d28c8374ad5b461096648ee4c32233a81b4e40c3e229c....0.tmp
- /data/data/####/63b5b912d8a897d73cfdc95de63e1f17d96f9c382a9393b....0.tmp
- /data/data/####/6e914f030e078c7913a713aef6b09ee9f22ce6f247dc9aa....0.tmp
- /data/data/####/75c04a137fb51353cfa65f9bf54b1f60e2183e24cfbc520....0.tmp
- /data/data/####/8176ed3042e285273adf3638638ca6511df02234c77e0d8....0.tmp
- /data/data/####/8bc4e0dbde66
- /data/data/####/9e3a2cb4bfd466382a687cc5fc509c8184f3a734fa24416....0.tmp
- /data/data/####/LKME_Server_Request_Queue.xml
- /data/data/####/ThrowalbeLog.db-journal
- /data/data/####/a9b6b9ba863ad6482b0af73c78527c04244693e3fb7d5cd....0.tmp
- /data/data/####/authStatus_com.dushe.movie;remote.xml
- /data/data/####/b113430c04ab10428e72baee8f94455779653f98677e84c....0.tmp
- /data/data/####/b8ab2148000109a989bcdef399c9214b576cb70760dd613....0.tmp
- /data/data/####/bd32ea51a8586a5dcc8cb289368a730ec5dcf51fa8a8366....0.tmp
- /data/data/####/bugly_db_legu-journal
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/com.dushe.movie_preferences.xml
- /data/data/####/common_sp_0.xml
- /data/data/####/config.json
- /data/data/####/device_id.xml.xml
- /data/data/####/e16c0f24ad2eb0ae0c4f2dee4c02544449d72c1c993510b....0.tmp
- /data/data/####/ef787c327f4afe84ca88d075ae694c3986111a4d493b972....0.tmp
- /data/data/####/f52c6f1828d1ab92d893404c2f38c2cdfa5101fbdf13ef0....0.tmp
- /data/data/####/fc93d310e8b2ecda82efa4c98863f359e26f04aad6dab74....0.tmp
- /data/data/####/firll.dat
- /data/data/####/gdaemon_20161017
- /data/data/####/getui_sp.xml
- /data/data/####/gkt-journal
- /data/data/####/gx_sp.xml
- /data/data/####/httpclient-req-1774157020.cache
- /data/data/####/httpclient-req-1774157020.cache (deleted)
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/journal.tmp
- /data/data/####/libcuid.so
- /data/data/####/libnfix.so
- /data/data/####/libshella-3.0.0.0.so
- /data/data/####/libufix.so
- /data/data/####/linkedme_referral_shared_pref.xml
- /data/data/####/local_crash_lock
- /data/data/####/mix.dex
- /data/data/####/mob_commons_1.xml
- /data/data/####/mob_sdk_exception_1.xml
- /data/data/####/mobclick_agent_cached_com.dushe.movie52
- /data/data/####/movie0.db-journal
- /data/data/####/multidex.version.xml
- /data/data/####/native_record_lock
- /data/data/####/public_sp.xml
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushk.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/run.pid
- /data/data/####/security_info
- /data/data/####/server.json
- /data/data/####/share_sdk_1.xml
- /data/data/####/sharesdk.db-journal
- /data/data/####/tdata_JNg986
- /data/data/####/tdata_JNg986.jar
- /data/data/####/tdata_MkX219
- /data/data/####/tdata_MkX219.jar
- /data/data/####/tdata_iRz660
- /data/data/####/tdata_iRz660.jar
- /data/data/####/tdata_zzW503
- /data/data/####/tdata_zzW503.jar
- /data/data/####/umeng_general_config.xml
- /data/data/####/webview.db-journal
- /data/media/####/.al
- /data/media/####/.ccLock
- /data/media/####/.ccc
- /data/media/####/.cuid
- /data/media/####/.cuid2
- /data/media/####/.dh-journal
- /data/media/####/.dhlock
- /data/media/####/.dic_lock
- /data/media/####/.dk
- /data/media/####/.duid
- /data/media/####/.globalLock
- /data/media/####/.nomedia
- /data/media/####/.nulal
- /data/media/####/.nulplt
- /data/media/####/.pkg_lock
- /data/media/####/.plst
- /data/media/####/.rc_lock
- /data/media/####/.usLock
- /data/media/####/app.db
- /data/media/####/com.dushe.movie.bin
- /data/media/####/com.dushe.movie.db
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/gkt-journal
- /data/media/####/gktper
- /data/media/####/share_img.png
- /data/media/####/tdata_JNg986
- /data/media/####/tdata_MkX219
- /data/media/####/tdata_iRz660
- /data/media/####/tdata_zzW503
- /data/media/####/test.0
- /data/media/####/test.log
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- <Package Folder>/files/gdaemon_20161017 0 <Package>/com.dushe.push.getui.GTPushService 24492 300 0
- cat /sys/class/net/wlan0/address
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 700 <Package Folder>/tx_shell/libnfix.so
- chmod 700 <Package Folder>/tx_shell/libshella-3.0.0.0.so
- chmod 700 <Package Folder>/tx_shell/libufix.so
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.vivo.os.build.display.id
- getprop ro.yunos.version
- grep -E -v root|shell|system
- logcat -d -v threadtime
- mount
- sh
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/com.dushe.push.getui.GTPushService 24492 300 0
- top -d 0 -n 1
- Bugly
- getuiext2
- hyphenate
- ijkffmpeg
- libnfix
- libshella-3.0.0.0
- libufix
- locSDK7
- neh
- nfix
- ufix
- AES
- AES-CBC-PKCS5Padding
- AES-CFB-NoPadding
- AES-ECB-PKCS5Padding
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
- AES
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
- AES-GCM-NoPadding