Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) www.ta####.com:80
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) sni.c####.q####.####.net:80
- TCP(HTTP/1.1) xiaoyu-####.b0.upa####.com:80
- TCP(HTTP/1.1) m.ta####.com:80
- TCP(TLS/1.0) lbs.net####.im:443
- TCP(TLS/1.0) z.c####.com:443
- TCP(TLS/1.0) at.al####.com:443
- TCP(TLS/1.0) qy-swa####.qi####.com:443
- TCP(TLS/1.0) t.growi####.com:443
- TCP(TLS/1.0) sh.wagbr####.alibaba####.com:443
- TCP(TLS/1.0) wfd.net####.im:443
- TCP(TLS/1.0) www.you####.me:443
- TCP(TLS/1.0) nim.qi####.com:443
- TCP(TLS/1.0) d506####.cdn.uc####.####.cn:443
- TCP(TLS/1.0) s####.g.doublec####.net:443
- TCP(TLS/1.0) j####.you####.me:443
- TCP(TLS/1.0) gm.mm####.com:443
- TCP(TLS/1.0) c.c####.com:443
- TCP(TLS/1.0) api.growi####.com:443
- TCP(TLS/1.0) www.google-####.com:443
- TCP(TLS/1.0) m.ta####.com:443
- TCP(TLS/1.0) t####.growi####.com:443
- TCP c####.g####.ig####.com:5227
- TCP l####.net####.im:8080
- TCP sdk.o####.t####.####.com:5224
- 7j####.c####.z0.####.com
- api.growi####.com
- as####.growi####.com
- at.al####.com
- c####.g####.ig####.com
- c####.mm####.com
- c-h####.g####.com
- c.c####.com
- h5.m.ta####.com
- j####.you####.me
- l####.net####.im
- lbs.net####.im
- m.ta####.com
- mt####.go####.com
- nim.qi####.com
- plb####.u####.com
- qy-swa####.qi####.com
- s####.g.doublec####.net
- sdk.c####.ig####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- t####.growi####.com
- t.growi####.com
- u####.u####.com
- w.c####.com
- wfd.net####.im
- www.google-####.com
- www.ta####.com
- www.you####.me
- xiaoyu-####.b0.upa####.com
- z7.c####.com
- m.ta####.com/?sprefer=####
- sni.c####.q####.####.net/config/hz-hzv3.conf
- sni.c####.q####.####.net/tdata_MkX219
- sni.c####.q####.####.net/tdata_iGj879
- www.ta####.com/
- xiaoyu-####.b0.upa####.com/uploads//home/jizu_V23.png
- xiaoyu-####.b0.upa####.com/uploads//home/use-bag_V23.png
- xiaoyu-####.b0.upa####.com/uploads/goods/20180524/97cc2a6b788e429cb72f98...
- xiaoyu-####.b0.upa####.com/uploads/goods/20180524/fb94ab0829ba4ca59f1146...
- xiaoyu-####.b0.upa####.com/uploads/goods/20180529/c40caa447f644fa49cff45...
- xiaoyu-####.b0.upa####.com/uploads/goods/20180605/1c586c19dea447cf8567cf...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180531/02e9b372b7834ccdad74dd...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180531/0ad02c08438a4953b4d358...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180531/0c2312cf69c6436493c885...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180531/1c753b030f9a4506be91f8...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180531/6b317c8bf142438bbc60cb...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180531/8ad5a84d63d5480e8ce685...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180531/9d9c7cf2cde6402eb2c9ac...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180531/b2efec18ae42458b864aa7...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180531/cb66b733654546ff803e91...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180531/cee526a671df4f84b7af7d...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180531/d7c4700ba96a46a9840f24...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180531/ffcdd5e1adba41f19ff5d5...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180601/30afc3e2a02c42c5b62433...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180613/a7cf72664e3b46c7b34c46...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180615/bdd5df51ef074ebe82d30b...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180627/c45b3a847d8e4559b74743...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180711/c96824bf68ae4c8aa0d052...
- xiaoyu-####.b0.upa####.com/uploads/topic/20180717/1e617a149f024d18b87e6c...
- c-h####.g####.com/api.php?format=####&t=####
- sdk.o####.p####.####.com/api.php?format=####&t=####
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/Alvin2.xml
- /data/data/####/ContextData.xml
- /data/data/####/NIMSDK_Config_19bb266bc86cb2cfe0f6784867b55f45.xml
- /data/data/####/NIMSDK_Config_19bb266bc86cb2cfe0f6784867b55f45_...9d.xml
- /data/data/####/UM_PROBE_DATA.xml
- /data/data/####/Unicorn.19bb266bc86cb2cfe0f6784867b55f45.xml
- /data/data/####/_nohttp_cache_db.db
- /data/data/####/_nohttp_cache_db.db-journal
- /data/data/####/_nohttp_cookies_db.db
- /data/data/####/_nohttp_cookies_db.db-journal
- /data/data/####/a==7.4.0&&2.3.1_1526453964304_envelope.log
- /data/data/####/com.qiyukf.analytics.xml
- /data/data/####/com.xiaoyu.youmiao;core.growing.db
- /data/data/####/com.xiaoyu.youmiao;core.growing.db-journal
- /data/data/####/com.xiaoyu.youmiao;pushservice.growing.db
- /data/data/####/com.xiaoyu.youmiao;pushservice.growing.db-journal
- /data/data/####/d==7.4.0&&2.3.1_1526453964581_envelope.log
- /data/data/####/d==7.4.0&&2.3.1_1526453971115_envelope.log
- /data/data/####/d==7.4.0&&2.3.1_1526453974512_envelope.log
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/gdaemon_20161017
- /data/data/####/getui_sp.xml
- /data/data/####/growing.db
- /data/data/####/growing.db-journal
- /data/data/####/growing_ecsid.xml
- /data/data/####/growing_persist_data.xml
- /data/data/####/growing_profile.xml
- /data/data/####/gx_sp.xml
- /data/data/####/i==1.2.0&&2.3.1_1526453962868_envelope.log
- /data/data/####/index
- /data/data/####/info.xml
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/libjiagu1570293535.so
- /data/data/####/msg.db-journal
- /data/data/####/multidex.version.xml
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/qiyu_save_19bb266bc86cb2cfe0f6784867b55f45.xml
- /data/data/####/run.pid
- /data/data/####/tdata_MkX219
- /data/data/####/tdata_MkX219.jar
- /data/data/####/tdata_iGj879
- /data/data/####/tdata_iGj879.jar
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/um_pri.xml
- /data/data/####/umdat.xml
- /data/data/####/umeng_common_config.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/unicorn#cheese#
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/youmiao_cache_settings.xml
- /data/media/####/.a.dat
- /data/media/####/.adfwe.dat
- /data/media/####/.cca.dat
- /data/media/####/.nomedia
- /data/media/####/.umm.dat
- /data/media/####/053881070ac52f9797b0bdd781044e9198c876f66d90d0....0.tmp
- /data/media/####/10812e84cf63c6037ec8ad7f827f8b635639a03831ce34....0.tmp
- /data/media/####/1f3f5ca9fc78f860fa7db383a611daed8f96911eed1757....0.tmp
- /data/media/####/2375db5fa4d1b4fe341c67eb9bc4813ae1cdeed7fe569e....0.tmp
- /data/media/####/2f48e097bed02ac1ad127c87ddf706423d4b47bb0db14e....0.tmp
- /data/media/####/2f7f0876528ed2d806db2c7ff2e78b60569e7450b0112f....0.tmp
- /data/media/####/3b251f8345cd5655221f3086a9032e71f8914ef91fd44d....0.tmp
- /data/media/####/71550a8535a5f33092f0d45d0d8ad58d95f8751f739d09....0.tmp
- /data/media/####/7b0c9d594d72e2a509c954aea1ed1262d3148173a04687....0.tmp
- /data/media/####/9acdde6e4cd49b3a1d9d692bd9118f8580929d76c7faa4....0.tmp
- /data/media/####/9b44c4864e89689d9e1af908e991221e0ff0b191e1b5f6....0.tmp
- /data/media/####/9f1d8343c93605e4a3484bd48709fe6ad23c39a5263f26....0.tmp
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/a1ec5614918c7a5cc0ffafa221dcd02b1193f5f4423cda....0.tmp
- /data/media/####/a9bf12b2ff4ed5923fe2b5193ec6c59c6d651ea6eaecca....0.tmp
- /data/media/####/app.db
- /data/media/####/b43b9876c1c99eb7ce4701cd7071698f9db9846dad88a5....0.tmp
- /data/media/####/b8a26a72092269b86fb7494e4064453452d9e4cb6adc34....0.tmp
- /data/media/####/c1c80eb866ed968baf5049cb059c1207daea706cb16b3b....0.tmp
- /data/media/####/c87b4a526e79d165ede95e19d8ed01909fffaadae6fd49....0.tmp
- /data/media/####/cf30c804253db2b40be35cc50fdbd3a8794a9b7445dbf5....0.tmp
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/com.xiaoyu.youmiao.bin
- /data/media/####/com.xiaoyu.youmiao.db
- /data/media/####/d7b515544a6e63ede5dc1f1e4078012fcb41de2b37cd60....0.tmp
- /data/media/####/f2d070d246266bf6731eae4cbf385c2d7f8e66c1c5dd3d....0.tmp
- /data/media/####/f4efc5164a37be20a333c7a49fbf958d52b98069805c94....0.tmp
- /data/media/####/journal.tmp
- /data/media/####/tdata_MkX219
- /data/media/####/tdata_iGj879
- /data/media/####/test.log
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.getui.GetuiPushService 24853 300 0
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 755 <Package Folder>/.jiagu/libjiagu1570293535.so
- ls /
- ls /sys/class/thermal
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.getui.GetuiPushService 24853 300 0
- getuiext2
- libjiagu1570293535
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
- AES-CBC-PKCS7Padding
- AES-ECB-NoPadding