Technical information
- Android.Triada.1248
- Android.Triada.2018
- Android.Triada.373.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) l.ace####.com:80
- TCP(HTTP/1.1) p####.tc.qq.com:80
- TCP(HTTP/1.1) www.pitu####.com:80
- TCP(HTTP/1.1) s####.e.qq.com:80
- TCP(HTTP/1.1) a####.umengc####.com:80
- TCP(HTTP/1.1) ad####.m.ta####.com:80
- TCP(HTTP/1.1) mi.g####.qq.com:80
- TCP(HTTP/1.1) ada####.m.ta####.com:80
- TCP(HTTP/1.1) a####.a####.m.####.com:80
- TCP(TLS/1.0) ssl.gst####.com:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) www.gst####.com:443
- TCP(TLS/1.0) a####.a####.m.####.com:443
- TCP ope####.m.ta####.com:443
- a####.m.ta####.com
- a####.man.aliy####.com
- a####.u####.com
- a####.umengc####.com
- ad####.m.ta####.com
- ada####.m.ta####.com
- ag####.m.ta####.com
- imgc####.qq.com
- l.ace####.com
- mi.g####.qq.com
- s####.e.qq.com
- ssl.gst####.com
- umen####.m.ta####.com
- umengj####.m.ta####.com
- www.go####.com
- www.gst####.com
- www.pitu####.com
- ad####.m.ta####.com/rest/gc2?ak=####&av=####&c=####&d=####&sv=####&t=###...
- mi.g####.qq.com/gdt_mview.fcg?datatype=####&posid=####&count=####&r=####...
- mi.g####.qq.com/gdt_mview.fcg?posw=####&posh=####&count=####&r=####&data...
- p####.tc.qq.com/qzone/biz/gdt/mod/android/AndroidAllInOne/proguard/his/r...
- www.pitu####.com/center/tab
- www.pitu####.com/center/template_found/v2?device_id=####
- www.pitu####.com/center/template_recommend/v2
- www.pitu####.com/heartbeat
- a####.a####.m.####.com/amdc/mobileDispatch?appkey=####&platform=####&v=#...
- a####.u####.com/app_logs
- a####.umengc####.com/app_logs
- ada####.m.ta####.com/rest/sur?ak=####&av=####&c=####&v=####&s=####&d=###...
- l.ace####.com/ando/v2/lv?app_id=####&r=####
- s####.e.qq.com/activate
- s####.e.qq.com/msg
- /data/data/####/.jg.ic
- /data/data/####/00wQRz5IbcYlfQ5ALkCLSV7NOrA=.new
- /data/data/####/2XDxOFHTM4JmUgIBgZYt-V86GxZNPaN1JouMFw==.new
- /data/data/####/7fhX-XI982c9yG9qugxgoQ==
- /data/data/####/8wjUreQcBxjGDLnzuhdeKQ==
- /data/data/####/94LOsRY1P-7aVW82nf7k8W3mWfQ=.new
- /data/data/####/9FE84uePNqyjCX4S.zip
- /data/data/####/ACCS_SDK.xml
- /data/data/####/ACCS_SDK_CHANNEL.xml
- /data/data/####/Agoo_AppStore.xml
- /data/data/####/Alvin2.xml
- /data/data/####/ArUl8RbFvOuaMLrlj1SwHMpaPZM=.new
- /data/data/####/BB8bGU68gWl8Tsgy
- /data/data/####/BuglySdkInfos.xml
- /data/data/####/C58Mm19OGujFfr5-PoU0qnXHvVdNMRMW.new
- /data/data/####/ContextData.xml
- /data/data/####/DaemonServer
- /data/data/####/GDTSDK.db
- /data/data/####/GDTSDK.db-journal
- /data/data/####/HQ9jcJlu8gl8p7gO0Gz-BA==.new
- /data/data/####/LMGtMlXyvyZaG4lf_MVcwk15bfkc54SQ.new
- /data/data/####/LoginManager.xml
- /data/data/####/MessageStore.db-journal
- /data/data/####/MsgLogStore.db-journal
- /data/data/####/MultiDex.lock
- /data/data/####/NfmyKYATaUbPyR4t1hFcT_h55K6A97opSVN-XST56io=.new
- /data/data/####/O7zRixRJrP8xRD7h1Nvlh20NGz5ol3ZN.new
- /data/data/####/Slank5t9GLiyG62K.new
- /data/data/####/TJfBD50D60mHm4HTfhMQI9O0MVeNrd86PfOcYLKSKsk=.new
- /data/data/####/UTCommon.xml
- /data/data/####/W8TnCizgnCgsnM_Ldbz72LpC7yk=.new
- /data/data/####/WWVKC4mWos_egwoniAfdTeqtQUmK4Ru9.new
- /data/data/####/Z2RPyFSlMAbKrhlNbJ5A2hJg13cUJYXz.new
- /data/data/####/aC7k_8svdpR9oXD-2xaw6kDQScEWTJ6H.new
- /data/data/####/accs.db-journal
- /data/data/####/agoo.pid
- /data/data/####/ap.Lock
- /data/data/####/bBL5hBzDd4y45Fdu5r85ShCqOJKlnGEfFxHjMw==.new
- /data/data/####/bugua_webfile.db-journal
- /data/data/####/cEHJ8OanCrNSppBRJtNgOA==
- /data/data/####/cEHJ8OanCrNSppBRJtNgOA==.new
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/change_head_hot.xml
- /data/data/####/cmtxg4hLWTgwnxcg6Q-vs5-TEzm59adu.new
- /data/data/####/com.airdcs.nk_preferences.xml
- /data/data/####/devCloudSetting.cfg
- /data/data/####/devCloudSetting.sig
- /data/data/####/dlmUtoLQJRFuxj_ndocWmFskDsgJ8Wpc.new
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/gdt_plugin.jar
- /data/data/####/gdt_plugin.jar.sig
- /data/data/####/gdt_plugin.tmp
- /data/data/####/gdt_plugin.tmp.sig
- /data/data/####/gdt_suid
- /data/data/####/geqpbq_f.zip
- /data/data/####/gr7P-J7vBGZwGZ-xP-ntPLApCno=.new
- /data/data/####/heRzqLP5wKJosCdos4MLkRBj5ociuHeREYTsbTWtP7s=.new
- /data/data/####/i_GYQXeFQWQ9BxGtLT5ZBb0mjS-DuSDnGpSKRA==.new
- /data/data/####/libjiagu-423953972.so
- /data/data/####/message_accs_db
- /data/data/####/message_accs_db-journal
- /data/data/####/multidex.version.xml
- /data/data/####/oENvpyB1Gc5pl_iF_Osb_SSEKIg=.new
- /data/data/####/qEnzq0vBhILE6Fsu0h-3Gdr37jA=
- /data/data/####/qr3Yv66U6K7wAsZdUEsoMcKXkQpXxxuqFcrpmkGlfVY=.new
- /data/data/####/qulhFrSxZ7RLhMx-b9vQbHHJQso=.new
- /data/data/####/rdata_comweufkahfrw.new
- /data/data/####/runner_info.prop.new
- /data/data/####/sdkCloudSetting.cfg
- /data/data/####/sdkCloudSetting.sig
- /data/data/####/t2OaX-k4rrejMX4qlrbgaCRWDrtW9g2V.new
- /data/data/####/uJxxrXDue84BrT-CIo7zYfQth1aPvAmIyqA7Vg==_B_hCsG...PSAA==
- /data/data/####/uJxxrXDue84BrT-CIo7zYfQth1aPvAmIyqA7Vg==_B_hCsG...ournal
- /data/data/####/uJxxrXDue84BrT-CIo7zYfQth1aPvAmIyqA7Vg==_D_FSp4...ournal
- /data/data/####/uJxxrXDue84BrT-CIo7zYfQth1aPvAmIyqA7Vg==_mL5WO3...Lncn0=
- /data/data/####/uJxxrXDue84BrT-CIo7zYfQth1aPvAmIyqA7Vg==_mL5WO3...ournal
- /data/data/####/uJxxrXDue84BrT-CIo7zYfQth1aPvAmIyqA7Vg==_sCfGLU...XeNA==
- /data/data/####/uJxxrXDue84BrT-CIo7zYfQth1aPvAmIyqA7Vg==_sCfGLU...ournal
- /data/data/####/uJxxrXDue84BrT-CIo7zYfQth1aPvAmIyqA7Vg==_xZiuBM...ournal
- /data/data/####/uJxxrXDue84BrT-CIo7zYfQth1aPvAmIyqA7Vg==_xZiuBM1q0yXW23DM
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/um_cache_1549477804149.env
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_general_config.xml.bak (deleted)
- /data/data/####/umeng_it.cache
- /data/data/####/umeng_message_state.xml
- /data/data/####/update_lc
- /data/data/####/ut.db
- /data/data/####/ut.db-journal
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromiumPrivate.db-journal
- /data/data/####/x0TPhK7IyL7JqSNUli8QYw==.new
- /data/data/####/zjMm64dlajPd4BKp
- /data/media/####/.nomedia
- /data/media/####/.uunique.new
- /data/media/####/5NCMj4FHDAiNMsrjQKob6JdxZXM=
- /data/media/####/5NCMj4FHDAiNMsrjQKob6JdxZXM=.new
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M
- /data/media/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M.lk
- /data/media/####/MP8MtaBuguN9jnuSwtN1kQ==
- /data/media/####/c1341c97a3d74fc08251fbf538bafe2a
- /data/media/####/r_pkDgN4OhnkSa0D
- <Package Folder>/code-3509300/zjMm64dlajPd4BKp -p <Package> -c com.weufk.ahfrw.entity.BilberryReceiver -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
- <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:5aa25c31f29d9860e9000067","utdid":"XFsnqBdByzYDAGdzx1FWn8/m","sdkVersion":"220"} -I agoodm.m.taobao.com -O 80 -T -Z
- chmod 500 <Package Folder>/files/DaemonServer
- chmod 755 <Package Folder>/.jiagu/libjiagu-423953972.so
- sh
- gifimage
- imagepipeline
- libjiagu-423953972
- tnet-3.1
- ut_c_api
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS7Padding
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS7Padding
- RSA-ECB-PKCS1Padding