Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) o####.e.189.cn:80
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) imageji####.oss-cn-####.aliy####.com:80
- TCP(HTTP/1.1) ser####.jif####.net:80
- TCP(HTTP/1.1) ti####.c####.l####.####.com:80
- TCP(HTTP/1.1) s####.tc.qq.com:80
- TCP(TLS/1.0) api.map.b####.com:443
- TCP(TLS/1.0) o####.map.b####.com:443
- TCP(TLS/1.0) et2-na6####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) loc.map.b####.com:443
- TCP c####.g####.ig####.com:5224
- TCP sdk.o####.t####.####.com:5224
- 7j####.c####.z0.####.com
- a####.u####.com
- api.map.b####.com
- c####.g####.ig####.com
- c####.g####.ig####.com
- c-h####.g####.com
- imageji####.oss-cn-####.aliy####.com
- loc.map.b####.com
- log.u####.com
- o####.e.189.cn
- o####.map.b####.com
- r####.wx.qq.com
- s####.u####.com
- sdk.c####.ig####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- ser####.jif####.net
- imageji####.oss-cn-####.aliy####.com/app/20171115/index/382d5b3a-ed63-41...
- imageji####.oss-cn-####.aliy####.com/app/20171115/index/7a34c497-4af7-4c...
- imageji####.oss-cn-####.aliy####.com/app/20171115/index/bcf64519-6016-46...
- imageji####.oss-cn-####.aliy####.com/app/ad/102.jpg
- imageji####.oss-cn-####.aliy####.com/app/ad/130.jpg
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsHelp/AB01.html
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsIcon/AB010006...
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsIcon/AB010007...
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsIcon/AB010012...
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsIcon/AB010013...
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsIcon/AB010014...
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsTypeIcon/1/11...
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsTypeIcon/1/A....
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsTypeIcon/1/AG...
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsTypeIcon/1/B....
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsTypeIcon/1/C....
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsTypeIcon/1/F....
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsTypeIcon/1/G....
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsTypeIcon/1/H....
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsTypeIcon/1/X....
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsTypeIcon/1/ZC...
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsTypeIcon/2/AB...
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsTypeIcon/2/AD...
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsTypeIcon/2/BB...
- imageji####.oss-cn-####.aliy####.com/goodsBusiness/APPGoodsTypeIcon/2/CA...
- s####.tc.qq.com/open/js/jweixin-1.0.0.js
- ser####.jif####.net/mp/css/layer.css
- ser####.jif####.net/mp/css/public.css
- ser####.jif####.net/mp/css/style.css
- ser####.jif####.net/mp/css/swiper.min.css
- ser####.jif####.net/mp/img/bg_person_info.png
- ser####.jif####.net/mp/img/index-discount.png
- ser####.jif####.net/mp/img/index-jifen.png
- ser####.jif####.net/mp/img/index-lottery.png
- ser####.jif####.net/mp/img/index-rebate.png
- ser####.jif####.net/mp/img/zu8.png
- ser####.jif####.net/mp/js/common.js
- ser####.jif####.net/mp/js/fastclick.min.js
- ser####.jif####.net/mp/js/flexible.js
- ser####.jif####.net/mp/js/global.js
- ser####.jif####.net/mp/js/head.js
- ser####.jif####.net/mp/js/jquery-1.12.3.min.js
- ser####.jif####.net/mp/js/layer-v3.0.1/layer/layer.js
- ser####.jif####.net/mp/js/layer-v3.0.1/layer/skin/default/layer.css?v=####
- ser####.jif####.net/mp/js/md5.js
- ser####.jif####.net/mp/js/sha1.js
- ser####.jif####.net/mp/weixin/index_activity.html
- ser####.jif####.net/mp/weixin/lottery/lottery_url.html
- ser####.jif####.net/mp/weixin/signin.html?urlType=####
- ser####.jif####.net/wnservice/lottery/lottery/index
- t####.c####.q####.####.com/tdata_MkX219
- t####.c####.q####.####.com/tdata_iGj879
- ti####.c####.l####.####.com/config/hz-hzv3.conf
- a####.u####.com/app_logs
- c-h####.g####.com/api.php?format=####&t=####
- o####.e.189.cn/api/clientSuit/updateResource.do
- o####.e.189.cn/api/clientSuit/uploadResponseLog.do
- sdk.o####.p####.####.com/api.php?format=####&t=####
- ser####.jif####.net/wnservice/api4/advertising/advertising_mobile_second
- ser####.jif####.net/wnservice/api4/common/common_app_setting
- ser####.jif####.net/wnservice/api4/exchange/exchange_list
- ser####.jif####.net/wnservice/api4/goods/default_search_word
- ser####.jif####.net/wnservice/api4/goods/goods_hot
- ser####.jif####.net/wnservice/api4/goods/goods_type
- ser####.jif####.net/wnservice/api4/goods/goods_type_top
- ser####.jif####.net/wnservice/api4/user/getCollection
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/0d8aadeda8de20e56ef8e20cc8f110e54c140d5d64300ba....0.tmp
- /data/data/####/11f8d71f531c7b716384a5f8405445ab5bb3f45b10dab6b....0.tmp
- /data/data/####/1481fecc4d84310cbb7291bff9710d9286377538302e462....0.tmp
- /data/data/####/1543751758137.log
- /data/data/####/1543751758137.log.bak
- /data/data/####/16370fc98a92d4c43c9c60c39504afde5c7554e1f788787....0.tmp
- /data/data/####/209c4c2397931fa23533e63037892ae1d9021a8e8acfbd8....0.tmp
- /data/data/####/259c187b18432b940e906aacd6d14d2853e7c974505f0e4....0.tmp
- /data/data/####/36ca529aecb6ed4c03a29f22c6285d64a40ef4b81454a41....0.tmp
- /data/data/####/411c65137b342a28ed6940a7cbac855134c1ab23c72ecbc....0.tmp
- /data/data/####/41bbe232f40b1eb266cb15039dbad4b24e97daf359dc3a5....0.tmp
- /data/data/####/59a042bf7191ff0cc9b8d01925e90fc519b41c018179d83....0.tmp
- /data/data/####/6afe0f67fd292b45d38121c83cdde38234d24a404929357....0.tmp
- /data/data/####/7ba9bb84d6aa056d105d8f7cd99e2089175519438aacb5f....0.tmp
- /data/data/####/7bc4c8e4ce8fae6208f9debb7fdbd217a6ac1d362a3f138....0.tmp
- /data/data/####/85c94db86cae129cfdd23db625d42a4950f7bd43226a8ed....0.tmp
- /data/data/####/8e163cb1be29b4172d913266827d728235b8b00ccafd5c2....0.tmp
- /data/data/####/Alvin2.xml
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/ContextData.xml
- /data/data/####/INSTALLATION_NEW
- /data/data/####/a05a00b78267293e3fde870eb80401af55c945cf35664f4....0.tmp
- /data/data/####/a68beacfd81353b0d7ac085155cbeadd52252e78cf4efaf....0.tmp
- /data/data/####/authStatus_com.wcan.integralpay.xml
- /data/data/####/authStatus_com.wcan.integralpay;pushservice.xml
- /data/data/####/authStatus_com.wcan.integralpay;remote.xml
- /data/data/####/bc9f6516a6b3487fa4f76d49bc64ecde3250c8afd6031e8....0.tmp
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/cda9cdfb73b1fe2d130860b0ba76ff0cf56f74b0a736904....0.tmp
- /data/data/####/com.wcan.integralpay_account_sdk.xml
- /data/data/####/d87fb833b257093e951993ecd82fd1256dc66143e8ca358....0.tmp
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f1dca56faea0bae8d2a0992f3e435b48d1a58e12e24fc3a....0.tmp
- /data/data/####/f2d170426902ebb440f95e8a5d6474d48b51ec6a2cead0d....0.tmp
- /data/data/####/f918094ceec30044da6ef62a7816018738c6acbc77b25ef....0.tmp
- /data/data/####/f_000001
- /data/data/####/firll.dat
- /data/data/####/gal.db
- /data/data/####/gal.db-journal
- /data/data/####/gdaemon_20161017
- /data/data/####/getui_sp.xml
- /data/data/####/gx_sp.xml
- /data/data/####/hst.db
- /data/data/####/hst.db-journal
- /data/data/####/index
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/integral_pay_ap.xml
- /data/data/####/integral_pay_ap.xml.bak
- /data/data/####/jg_so_upgrade_setting.xml
- /data/data/####/journal.tmp
- /data/data/####/libcuid.so
- /data/data/####/libjiagu.so
- /data/data/####/ofl.config
- /data/data/####/ofl_location.db
- /data/data/####/ofl_location.db-journal
- /data/data/####/ofl_statistics.db
- /data/data/####/ofl_statistics.db-journal
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/run.pid
- /data/data/####/tdata_MkX219
- /data/data/####/tdata_MkX219.jar
- /data/data/####/tdata_iGj879
- /data/data/####/tdata_iGj879.jar
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/umeng_socialize.xml
- /data/data/####/umeng_socialize.xml.bak
- /data/data/####/wcan_pref.xml
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromiumPrivate.db-journal
- /data/media/####/.cuid
- /data/media/####/.cuid2
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/INSTALLATION_NEW
- /data/media/####/app.db
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/com.wcan.integralpay.bin
- /data/media/####/com.wcan.integralpay.db
- /data/media/####/conlts.dat
- /data/media/####/ls.db
- /data/media/####/ls.db-journal
- /data/media/####/tdata_MkX219
- /data/media/####/tdata_iGj879
- /data/media/####/test.log
- /data/media/####/yoh.dat
- /data/media/####/yol.dat
- /data/media/####/yom.dat
- <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.thirdpart.getui.MyPushService 25020 300 0
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.thirdpart.getui.MyPushService 25020 300 0
- BaiduMapSDK_base_v4_5_0
- getuiext2
- libjiagu
- locSDK7a
- pl_droidsonroids_gif
- AES
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- DESede-CBC-PKCS5Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding