Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) pub-####.qin####.com:80
- TCP(HTTP/1.1) ti####.c####.l####.####.com:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) cgi.con####.qq.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) p9.ps####.com.####.com:80
- TCP(HTTP/1.1) api.yi####.cc:80
- TCP(HTTP/1.1) nav.cn.ron####.com:80
- TCP(HTTP/1.1) pi####.qq.com:80
- TCP(HTTP/1.1) p1.ps####.com:80
- TCP(HTTP/1.1) a####.b####.qq.com:8011
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(HTTP/1.1) p3.ps####.com:80
- TCP(HTTP/1.1) img.yi####.cc:80
- TCP(TLS/1.0) s####.cn.ron####.com:443
- TCP 1####.92.22.163:8618
- TCP sdk.o####.t####.####.com:5224
- TCP c####.g####.ig####.com:5226
- 7j####.c####.z0.####.com
- a####.b####.qq.com
- and####.b####.qq.com
- api.yi####.cc
- c####.g####.ig####.com
- c-h####.g####.com
- cgi.con####.qq.com
- img.yi####.cc
- nav.cn.ron####.com
- p1.ps####.com
- p3.ps####.com
- p9.ps####.com
- pi####.qq.com
- pub-####.qin####.com
- s####.cn.ron####.com
- sdk.c####.ig####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- cgi.con####.qq.com/qqconnectopen/openapi/policy_conf?sdkv=####&appid=###...
- img.yi####.cc/article/mainimg/2016/11/07/0850390120056a1f24.jpeg@!w600
- img.yi####.cc/article/mainimg/2016/11/07/10114563736ffbdd93.jpeg@!w600
- img.yi####.cc/article/mainimg/2016/11/08/08391742699d491b97.jpeg@!w600
- img.yi####.cc/article/mainimg/2016/11/08/085909629517cb2232.jpeg@!w300
- img.yi####.cc/article/mainimg/2016/11/08/0859235830fda52378.jpeg@!w300
- img.yi####.cc/article/mainimg/2016/11/08/09134233940a526af0.jpg@!w200
- img.yi####.cc/article/mainimg/2016/11/08/09360081116fff83d7.jpg@!w600
- img.yi####.cc/article/mainimg/2016/11/08/09371886004fe230f1.jpg@!w600
- img.yi####.cc/article/mainimg/2016/11/08/093748298367892c95.jpg@!w600
- img.yi####.cc/article/mainimg/2016/11/08/1011025681710ad3ef.jpg@!w600
- img.yi####.cc/article/mainimg/2016/11/08/10340940057e6b66b7.jpg@!w200
- img.yi####.cc/channel/img/201608/2016081216194064938021.jpg
- p1.ps####.com/large/1024000726ec96747ef3
- p3.ps####.com/large/1064000650f79cce0f24
- p3.ps####.com/large/10640006539f9f093992
- p9.ps####.com.####.com/large/106400065019bcc20bca
- p9.ps####.com.####.com/large/106600080715c544ef7d
- pub-####.qin####.com/tdata_EDT356
- t####.c####.q####.####.com/tdata_IKl114
- t####.c####.q####.####.com/tdata_qHR433
- ti####.c####.l####.####.com/config/hz-hzv3.conf
- a####.b####.qq.com:8011/rqd/async
- and####.b####.qq.com/rqd/async
- api.yi####.cc/v1/Article.json?Action=####
- api.yi####.cc/v1/System.json?Action=####
- c-h####.g####.com/api.php?format=####&t=####
- nav.cn.ron####.com/navipush.json
- pi####.qq.com/mstat/report
- sdk.o####.p####.####.com/api.php?format=####&t=####
- /data/data/####/.jg.ic
- /data/data/####/21d04c18252a79fdb8d632a73cd357459c9f8051d6125cc....0.tmp
- /data/data/####/67bff461eb587ac195d4517ca4e00f407965aee0fa83ae4....0.tmp
- /data/data/####/7b8569dad87ff0faccd271f2704b48c24f1e08e73903c6c....0.tmp
- /data/data/####/7pHhrCYsJgZfzChFh2TrUo_aaBA.-1671016483.tmp
- /data/data/####/90c1756e3bf3640c878d6f1053cfee85340fb95d0012ecb....0.tmp
- /data/data/####/COUNTLY_STORE.xml
- /data/data/####/DF8h8U_TDxDodvVoe5VW4XY09-M.1551060443.tmp
- /data/data/####/DzzMQHLpapF_HVd7qTck6qQKsPo.1877893931.tmp
- /data/data/####/HEhZHzXI9zDxQ1H_QYYl7uHxbX4.-1417190588.tmp
- /data/data/####/OBvhA6wH5lVXmby0ILkwvjQjfXQ.726556820.tmp
- /data/data/####/PMd1SQ_EscyWCnuoPD3VwFpHfmw.-1985388109.tmp
- /data/data/####/RongPush.xml
- /data/data/####/Statistics.xml
- /data/data/####/VBHYW0m5o16x04eZBFQuzjG960Y.196517721.tmp
- /data/data/####/bugly_db_-journal
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/com.tencent.open.config.json.1105576716
- /data/data/####/com.youdiandiancn.application_preferences.xml
- /data/data/####/dI2VrMRqzquv7ua0OWE_tfy3L6g.1810717884.tmp
- /data/data/####/e-0MJQhwG13ugoWFXEqsoXgI0H8.-1126349350.tmp
- /data/data/####/f69aebe45ac34952051ec6d8e233b6c2782f3567738560b....0.tmp
- /data/data/####/fNXoGxcx53Xbr3FSt1ikDZ3ay4c.1971038888.tmp
- /data/data/####/fxmOdJ1O2K3g1n6yZgt7G_XWoA4.139432901.tmp
- /data/data/####/gdaemon_20161017
- /data/data/####/gx_sp.xml
- /data/data/####/init.pid
- /data/data/####/init_c.pid
- /data/data/####/ivS1nZ2XOSfWHABuoXx7mr4yiA0.820169018.tmp
- /data/data/####/journal.tmp
- /data/data/####/libjiagu.so
- /data/data/####/local_crash_lock
- /data/data/####/lp86r3fmDSB97DTdr2QVlI5xc-c.-222104523.tmp
- /data/data/####/mKVhjln2uMTuyuNFtnfSSEuQII4.764729559.tmp
- /data/data/####/mobclick_agent_cached_com.youdiandiancn.application10003
- /data/data/####/multidex.version.xml
- /data/data/####/native_record_lock
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/qy6fV0OTBgxriZDtdLVeTebfp90.2092032792.tmp
- /data/data/####/run.pid
- /data/data/####/security_info
- /data/data/####/share_data.xml
- /data/data/####/tdata_IKl114
- /data/data/####/tdata_IKl114.jar
- /data/data/####/tdata_qHR433
- /data/data/####/tdata_qHR433.jar
- /data/data/####/tencent_analysis.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/xsEqHu6sNx89i9OEWfdP5w1-ooY.-651027142.tmp
- /data/data/####/yml.db-journal
- /data/data/####/zcZhxGcv9EkrihGk-TA22p0hmDU.1836532493.tmp
- /data/media/####/app.db
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/com.youdiandiancn.application.db
- /data/media/####/journal.tmp
- /data/media/####/tdata_IKl114
- /data/media/####/tdata_qHR433
- /data/media/####/test.log
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- /system/bin/sh -c getprop androVM.vbox_dpi
- /system/bin/sh -c getprop gsm.sim.state
- /system/bin/sh -c getprop gsm.sim.state2
- /system/bin/sh -c getprop qemu.sf.fake_camera
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.debuggable
- /system/bin/sh -c getprop ro.genymotion.version
- /system/bin/sh -c getprop ro.secure
- /system/bin/sh -c type su
- <Package Folder>/files/gdaemon_20161017 0 <Package>/com.igexin.sdk.PushService 25965 300 0
- cat /sys/class/net/wlan0/address
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 755 <Package Folder>/files/libjiagu.so
- getprop androVM.vbox_dpi
- getprop gsm.sim.state
- getprop gsm.sim.state2
- getprop qemu.sf.fake_camera
- getprop ro.board.platform
- getprop ro.debuggable
- getprop ro.genymotion.version
- getprop ro.secure
- mount
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/com.igexin.sdk.PushService 25965 300 0
- Bugly
- MtaNativeCrash
- RongIMLib
- bitmaps
- getuiext2
- libjiagu
- memchunk
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
- AES-GCM-NoPadding