Technical information
- Adware.Mobby.4.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) sv.b####.com:80
- TCP(HTTP/1.1) up####.sdk.jig####.cn:80
- TCP(HTTP/1.1) hiph####.jom####.com:80
- TCP(TLS/1.0) nsc####.b####.com:443
- TCP(TLS/1.0) tec####.b####.com:443
- TCP(TLS/1.0) pic.rmb.bdst####.####.com:443
- TCP(TLS/1.0) e####.b####.com:443
- TCP(TLS/1.0) u####.j####.cn:443
- TCP(TLS/1.0) loc.map.b####.com:443
- TCP(TLS/1.0) e####.bdst####.com.####.com:443
- TCP(TLS/1.0) sv.b####.com:443
- TCP(TLS/1.0) up####.b####.com:443
- TCP(TLS/1.0) so####.bdst####.com:443
- TCP(TLS/1.0) statson####.pu####.b####.com:443
- TCP(TLS/1.0) mbd.n.sh####.com:443
- TCP(TLS/1.0) browser####.b####.com:443
- TCP(TLS/1.0) awake-s####.j####.cn:443
- TCP(TLS/1.0) hpd.b####.com:443
- TCP(TLS/1.0) b.bdst####.com:443
- TCP(TLS/1.0) ssls####.jom####.com:443
- TCP(TLS/1.0) www.a.sh####.com:443
- TCP(TLS/1.0) wap####.b####.com:443
- TCP(TLS/1.0) api.tui####.b####.com:443
- TCP(TLS/1.0) 1####.217.17.78:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) q####.b####.com:443
- TCP(TLS/1.0) f####.b####.com:443
- TCP(TLS/1.0) h####.b####.com:443
- TCP(TLS/1.0) i####.b####.com:443
- TCP(TLS/1.0) api.map.b####.com:443
- TCP(TLS/1.0) so####.b####.com:443
- TCP sa.tui####.b####.com:5287
- api.map.b####.com
- api.tui####.b####.com
- awake-s####.j####.cn
- b.bdst####.com
- b.hiph####.b####.com
- browser####.b####.com
- c.hiph####.b####.com
- e####.b####.com
- e####.bdst####.com
- ext.b####.com
- f####.b####.com
- g####.bdst####.com
- g.hiph####.b####.com
- h####.b####.com
- hm.b####.com
- hpd.b####.com
- i####.b####.com
- loc.map.b####.com
- m.b####.com
- mbd.b####.com
- nsc####.b####.com
- pic.rmb.bdst####.com
- q####.b####.com
- rm####.baidu####.com
- sa.tui####.b####.com
- so####.b####.com
- so####.bdst####.com
- statson####.pu####.b####.com
- sv.b####.com
- tec####.b####.com
- u####.j####.cn
- up####.b####.com
- up####.sdk.jig####.cn
- wap####.b####.com
- www.b####.com
- hiph####.jom####.com/normandy/pic/item/96dda144ad345982cbee384001f431adc...
- hiph####.jom####.com/normandy/pic/item/b8014a90f603738d03ec7799bd1bb051f...
- hiph####.jom####.com/normandy/pic/item/b8014a90f603738d9736838abd1bb051f...
- sv.b####.com/haokan/api?unikey=####
- up####.sdk.jig####.cn/v1/push/sdk/postlist
- /data/anr/traces.txt
- /data/data/####/.meth
- /data/data/####/0b6f97746fba24756127cbd6d88b5619bd6318252a69daa....0.tmp
- /data/data/####/0b8940e708ca12e10b55c42c939573e9dbe21e2eeac7530....0.tmp
- /data/data/####/0bca7904258ded03e6bf0c60007faf5b7786b6b126d91ed....0.tmp
- /data/data/####/1-3.3.3.6
- /data/data/####/1-3.3.3.6.tmp
- /data/data/####/1-3.3.3.6.zip
- /data/data/####/20c86a6c4bf9b14c3fee5432f05cac3dd84e4ab4bda3868....0.tmp
- /data/data/####/217cae38be25fe856633278d43a604f03e07d5df3538cf1....0.tmp
- /data/data/####/24e099d4e3aef71e454546c2dbf9cfa116b5da00edddf7e....0.tmp
- /data/data/####/261350f07b898ad337a4848693fcf720141e222b465e2a5....0.tmp
- /data/data/####/29b5ad9804ae346fb8962b860fea1c309b56914c15524f3....0.tmp
- /data/data/####/2d967dc2678885ad6c488ead15eb27bafc5e430782fbf4b....0.tmp
- /data/data/####/35e4850d128b981e477a14937d93b19351f2ed970db1a66....0.tmp
- /data/data/####/3772e9d3-fa77-483a-802a-7fae9617bc62
- /data/data/####/3a199cada41fe962ac10848fb767bb55658b0dfafa19b30....0.tmp
- /data/data/####/4fcb97558138e9db1c2cfc9ce8697fe013b98ba7695af75....0.tmp
- /data/data/####/502de435068ba8f73d7e485d44673d25dd240cbf43a9992....0.tmp
- /data/data/####/512b321ff12c031aca56a4538de09110
- /data/data/####/5b634374cfaccde2d0666e8d254e6a20722050095b5f3e5....0.tmp
- /data/data/####/5b99325e751d5f7cb1463eef0a48be7d623c89808577d6b....0.tmp
- /data/data/####/5bdec3d51ea14fb1de15b78d51dbc08f5c26f4b79a98f38....0.tmp
- /data/data/####/698224419c5ddfe5e113c3cb76b6752377972b09a464b59....0.tmp
- /data/data/####/6d0a926c3ec1c18dba5cb01bd42accf738f0ea1000767bf....0.tmp
- /data/data/####/77e65b968e131e512d30eb2462722fe5f4d90b53521e1a7....0.tmp
- /data/data/####/801541e8a6ec3a6b49abf8cbc320bec5769cf621d4fc7e2....0.tmp
- /data/data/####/8e5edd88b20995d89a8994916b55cb571cd2d9e3a313e12....0.tmp
- /data/data/####/8eb54f731b004b5167232bc898b8cbeabc62654286116af....0.tmp
- /data/data/####/94e331d900337621e48b20594f3f9e610a0f84b6d98335e....0.tmp
- /data/data/####/COOKIE_VALUE.xml
- /data/data/####/Cookies_Prefs.xml
- /data/data/####/JPushSA_Config.xml
- /data/data/####/MultiDex.lock
- /data/data/####/__Baidu_Stat_SDK_SendRem.xml
- /data/data/####/__local_ap_info_cache.json
- /data/data/####/__local_last_session.json
- /data/data/####/__local_stat_cache.json
- /data/data/####/__send_data_1558807433417
- /data/data/####/__send_data_1558807472338
- /data/data/####/a408ea000ad0e3fb6e99023036bcc869554de3f41bbfc7b....0.tmp
- /data/data/####/ac853e7b-f628-45cf-8f21-9029e9a65694
- /data/data/####/aeea547c524de1d8801068a433e172454ee95a91a9fe596....0.tmp
- /data/data/####/appPackageNames_v2
- /data/data/####/authStatus_com.baidu.haokan;remote.xml
- /data/data/####/b0113b3700be82fd65428c1b21e0f04c9f9401985c37568....0.tmp
- /data/data/####/b7ede32b6962cade48186566d287e4ddd36a9ff3e518d26....0.tmp
- /data/data/####/baidu_mtj_sdk_record.xml
- /data/data/####/base_shared.xml
- /data/data/####/bc97d206cf611da43983b5cb69e196cda51ee02ccea4f79....0.tmp
- /data/data/####/bddownloads.db-journal
- /data/data/####/btechainh.db-journal
- /data/data/####/c3a39ed1-e6a9-45bf-b8eb-fc1740ff532c
- /data/data/####/cba6ae507e21aaa484d2ab6ea03c1eb2050cac7923a6450....0.tmp
- /data/data/####/cn.jiguang.wakesdk.preferences.xml
- /data/data/####/com.baidu.haokan.push_sync.xml
- /data/data/####/com.baidu.haokan.self_push_sync.xml
- /data/data/####/com.baidu.haokan_preferences.xml
- /data/data/####/com.baidu.haokan_preferences.xml.bak
- /data/data/####/com.baidu.haokan_sp_file_kpi.xml
- /data/data/####/com.baidu.pushservice.BIND_CACHE.xml
- /data/data/####/com.baidu.pushservice.app_stat.xml
- /data/data/####/com.baidu.pushservice.friend.xml
- /data/data/####/com.baidu.pushservice.single_conn.xml
- /data/data/####/d.db-journal
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/database.db-journal
- /data/data/####/device.xml
- /data/data/####/e13bc3622438e1dcdcee79a4005aac6e1976bcedc9317da....0.tmp
- /data/data/####/events.db-journal
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/fa2b8b3c67469ff5433100f901f7c3eb3b5c387eca07063....0.tmp
- /data/data/####/fffppcfg.xml
- /data/data/####/firll.dat
- /data/data/####/gzpfc.xml
- /data/data/####/gzpfc.xml.bak
- /data/data/####/haokandb.db-journal
- /data/data/####/hst.db
- /data/data/####/hst.db-journal
- /data/data/####/identity.xml
- /data/data/####/index
- /data/data/####/journal.tmp
- /data/data/####/jpush_device_info.xml
- /data/data/####/jpush_stat_cache.json
- /data/data/####/lcsdk_xml.xml
- /data/data/####/lcupdatedown.db-journal
- /data/data/####/leroadcfg.xml
- /data/data/####/leroadcfg.xml.bak
- /data/data/####/leroadtechaincfg.xml
- /data/data/####/libcuid.so
- /data/data/####/libsofiresec3336.so
- /data/data/####/libtdidv2.so
- /data/data/####/log_event_list.xml
- /data/data/####/multidex.version.xml
- /data/data/####/myrsdb.db-journal
- /data/data/####/notification_builder_storage.xml
- /data/data/####/pst.xml
- /data/data/####/pst.xml.bak
- /data/data/####/pushclient.xml
- /data/data/####/pushinfo.db
- /data/data/####/pushinfo.db-journal
- /data/data/####/pushstat_6.5.0.db
- /data/data/####/pushstat_6.5.0.db-journal
- /data/data/####/qapm_info.xml
- /data/data/####/re_po_rt.xml
- /data/data/####/retechain_po_rt.xml
- /data/data/####/sapi_share.xml
- /data/data/####/sapi_system.xml
- /data/data/####/techain_d.db-journal
- /data/data/####/thunder_real_log_time.xml
- /data/data/####/thunder_show_feed_log.xml
- /data/data/####/tmp-com.baidu.haokan-1.apk.classes-359994463.zip
- /data/data/####/tmp-com.baidu.haokan-1.apk.classes-622907793.zip
- /data/data/####/tpgcc.db-journal
- /data/data/####/tray.db-journal
- /data/data/####/upgrade_prompt_config.xml
- /data/data/####/video_cfg_.xml
- /data/data/####/volcano.db-journal
- /data/data/####/wappass.baidu.com-passport-login.html
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromium.db-journal (deleted)
- /data/media/####/.confd
- /data/media/####/.confd-journal
- /data/media/####/.cuid
- /data/media/####/.cuid2
- /data/media/####/.g_m_b_s
- /data/media/####/.icosc
- /data/media/####/.nomedia
- /data/media/####/.push_deviceid
- /data/media/####/.tdidv2
- /data/media/####/.timestamp
- /data/media/####/.x_b_d
- /data/media/####/512b321ff12c031aca56a4538de09110
- /data/media/####/ad_config
- /data/media/####/config_cache.txt
- /data/media/####/holiday
- /data/media/####/journal
- /data/media/####/journal.tmp
- /data/media/####/login.html
- /data/media/####/yoh.dat
- /data/media/####/yol.dat
- /data/media/####/yom.dat
- cat /proc/net/route
- cat /proc/uptime
- cat /sys/class/net/wlan0/address
- chmod 755 <Package Folder>/.BD_SAPI_CACHE
- chmod 755 <Package Folder>/.BD_SAPI_CACHE/512b321ff12c031aca56a4538de09110
- chmod 771 <Package Folder>/files/.1/dex
- chmod 771 <Package Folder>/files/.1/lib/3.3.3.6/-120103381/armeabi
- chmod 771 <Package Folder>/files/.1/lib/3.3.3.6/-120103381/armeabi/libsofiresec3336.so
- chmod 771 <Package Folder>/files/.tmp
- chmod 771 <Package Folder>/files/.tmp/1-3.3.3.6.zip
- getprop ro.build.display.id
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.build.version.security_patch
- getprop ro.miui.ui.version.name
- getprop ro.smartisan.version
- getprop ro.vivo.os.version
- ls -l /system/bin/su
- netstat -ant
- ps
- base64encoder_v1_4
- bdpush_V2_9
- crash_analysis
- fire
- hkfilter
- locSDK7b
- sofiresec3336
- techain
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- RSA-ECB-PKCS1Padding
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding