Technical information
- Adware.Dowgin.14.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) v2.dwst####.com:80
- TCP(HTTP/1.1) m2.dwst####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) v3.dwst####.com:80
- TCP(HTTP/1.1) 61.1####.36.99:80
- TCP(HTTP/1.1) ip.ta####.com:80
- TCP(HTTP/1.1) bi2.du####.com:80
- TCP(HTTP/1.1) hi.hi.hh####.com:80
- a####.u####.com
- and####.b####.qq.com
- bi2.du####.com
- hi.hi.hh####.com
- ip.ta####.com
- m2.dwst####.com
- v2.dwst####.com
- v3.dwst####.com
- bi2.du####.com/apiBiList_cate_new.php?type=####&os=####&page=####&versio...
- bi2.du####.com/apiMain_new.php?os=####&version=####
- ip.ta####.com/service/getIpInfo.php?ip=####
- m2.dwst####.com/bi_material/201704/06/7794bcc9b1076aebc2ca34128e84707514...
- m2.dwst####.com/huodong/shouji3/201706/412/77/4cfe1064350447f7f5d85846e7...
- m2.dwst####.com/huodong/shouji3/201708/555/02/fc73928b6bbd5907ebdd6a1f11...
- m2.dwst####.com/huodong/shouji3/201708/599/14/6bde23e3b687ee53b4e2f988cb...
- m2.dwst####.com/huodong/shouji3/201802/102/46/77968afd634a5d172e81eef229...
- m2.dwst####.com/huodong/shouji3/201802/102/92/05b876f8bd5da1b4f248c611d1...
- m2.dwst####.com/huodong/shouji3/201802/103/09/3f87573020a44f54012dc33e89...
- m2.dwst####.com/huodong/shouji3/201802/103/22/b0a5a3ec2e784d2483d76d77a9...
- m2.dwst####.com/huodong/shouji3/201802/103/44/0b64540f6428275e3ffb71b2d1...
- m2.dwst####.com/huodong/shouji3/201802/103/56/f2d082b8fff0730294bce9a93f...
- m2.dwst####.com/huodong/shouji3/201802/103/67/328fd21362dee0d40620afedc4...
- m2.dwst####.com/huodong/shouji3/201802/103/89/a51ce714dddc9fb39f633cffd3...
- m2.dwst####.com/huodong/shouji3/201802/104/00/95fd5b295d9ed3ab6537d908b0...
- m2.dwst####.com/huodong/shouji3/201802/104/12/e95d8c564bdebef3c2f075d6b2...
- m2.dwst####.com/huodong/shouji3/201805/731/67/3d57ae354bf76cac22257d2f50...
- v2.dwst####.com/bi/201801/18/3da0248d503d605a92585abf5bbf0000.jpg?w=####...
- v2.dwst####.com/bi/201801/18/3da0248d963d605a9c58babfbbbf0000.jpg?w=####...
- v2.dwst####.com/bi/201801/29/3da02490e5d26e5a9568abedaced0000.jpg?w=####...
- v2.dwst####.com/bi/201802/06/3da0248d8f7a795a955880c681c60000.jpg?w=####...
- v3.dwst####.com/bi/201804/04/3ad7a9341e40c45a0b7a4f3050300000.jpg?w=####...
- v3.dwst####.com/bi/201804/09/3ad7a920d6e1ca5aee5ff464f5640000.jpg?w=####...
- v3.dwst####.com/bi/201804/28/3ad7a934c248e45a0d7a614362430000.jpg?w=####...
- v3.dwst####.com/bi/201805/07/3ad7a92027f8ef5aec5fd467d5670000.jpg?w=####...
- v3.dwst####.com/bi/201805/07/3ad7a934dcf7ef5a077a172818280000.jpg?w=####...
- v3.dwst####.com/bi/201805/15/3ad7a934a4b5fa5ac39c0d660e660000.jpg?w=####...
- a####.u####.com/app_logs
- and####.b####.qq.com/rqd/async
- bi2.du####.com/getimg_v2.php
- hi.hi.hh####.com/9f/gf3
- hi.hi.hh####.com/9f/h9f
- hi.hi.hh####.com/9f/l32
- /data/data/####/.imprint
- /data/data/####/1152327451199765113
- /data/data/####/19662992971552118632
- /data/data/####/497718843272141404
- /data/data/####/605fb.xml
- /data/data/####/9603532z.jar
- /data/data/####/bugly_db_legu-journal
- /data/data/####/exchangeIdentity.json
- /data/data/####/libshella-2.8.1.so
- /data/data/####/local_crash_lock
- /data/data/####/mix.dex
- /data/data/####/native_record_lock
- /data/data/####/security_info
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/webview.db-journal
- /data/media/####/.nomedia
- /data/media/####/1nyg8erecowk2vtxjzfblxkpn.0.tmp
- /data/media/####/1saococ6bnx4pojy087mcrhvl.0.tmp
- /data/media/####/1wsld3xhloyye0h676hfm0nb1.0.tmp
- /data/media/####/2784gnmakr8hmgsd9b75nti40.0.tmp
- /data/media/####/2ax3lu6kdgug9frr07rbo5c6f.0.tmp
- /data/media/####/2noivdyjxg63d6yxer26s6bpk.0.tmp
- /data/media/####/2r3fbg5joe99onlwo41u09g33.0.tmp
- /data/media/####/2rkvti5ehditnoz23197h8tzi.0.tmp
- /data/media/####/312nz8h3buvprla5f4xbhh7gx.0.tmp
- /data/media/####/331oig8wv41c7uhpv8li827je.0.tmp
- /data/media/####/3icao7lejr0f13j6mv8mlw5y8.0.tmp
- /data/media/####/3kydoi4vtmkelwwwwz8f9myg6.0.tmp
- /data/media/####/3rev6gm9fypczwaxvr8zcuaa7.0.tmp
- /data/media/####/4e3457q1xv87opdy8hngqdwib.0.tmp
- /data/media/####/4v1g6kqhslx4lokl6tlvukqqx.0.tmp
- /data/media/####/4yx6mr4bdjb19a3knc8qx206p.0.tmp
- /data/media/####/587shw25l6rcs17xx98o2houv.0.tmp
- /data/media/####/5kdkq73le95lmsqoodchdr91m.0.tmp
- /data/media/####/6j9y566z5796o31h3uyntjmu8.0.tmp
- /data/media/####/6qhqfv4vs4v7mmvmqiv2484ff.0.tmp
- /data/media/####/73hresd34ixzjcssl385zko3k.0.tmp
- /data/media/####/HCQZ6bd79b4a9ec825ea92bbadccee2783102018051823...33.jpg
- /data/media/####/ajt4ljnk6walzrq5zaz8jalf.0.tmp
- /data/media/####/journal.tmp
- /data/media/####/nai3nqpxu6yw5ouhjqbg0mgk.0.tmp
- /data/media/####/urlhxqg2plcehjn8v0cxcmr6.0.tmp
- /data/media/####/z1ant7sl8h7d9ljluknh87iy.0.tmp
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- chmod 700 <Package Folder>/tx_shell/libshella-2.8.1.so
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.vivo.os.build.display.id
- logcat -d -v threadtime
- Bugly
- libshella-2.8.1
- AES-GCM-NoPadding
- DES
- RSA-ECB-PKCS1Padding
- AES-GCM-NoPadding
- DES