Adware.Gexin.9773

Technical information

Malicious functions:

Executes code of the following detected threats:

Adware.Gexin.2.origin

Accesses the ITelephony private interface.

Network activity:

Connects to:

UDP(DNS) <Google DNS>
TCP(HTTP/1.1) i.t####.com:80
TCP(HTTP/1.1) a####.b####.qq.com:8011
TCP(HTTP/1.1) ti####.c####.l####.####.com:80
TCP(HTTP/1.1) a####.b####.qq.com:8012
TCP(HTTP/1.1) t####.c####.q####.####.com:80
TCP(HTTP/1.1) and####.b####.qq.com:80
TCP(HTTP/1.1) sdk.o####.p####.####.com:80
TCP(HTTP/1.1) c-h####.g####.com:80
TCP(HTTP/1.1) rp-na####.ron####.com:80
TCP(TLS/1.0) av1.x####.com:443
TCP(TLS/1.0) et2-na6####.wagbr####.ali####.####.com:443
TCP(TLS/1.0) c####.x####.com:443
TCP(TLS/1.0) adt.x####.com:443
TCP(TLS/1.0) s####.cn.ron####.com:443
TCP(TLS/1.0) j####.d####.com:443
TCP(TLS/1.0) o####.map.b####.com:443
TCP(TLS/1.0) 2####.58.212.174:443
TCP(TLS/1.0) wap.cmpass####.com:8443
TCP(TLS/1.0) api.map.b####.com:443
TCP sdk.o####.t####.####.com:5224
TCP 1####.131.13.155:8625
TCP c####.g####.ig####.com:5224

DNS requests:

7j####.c####.z0.####.com
a####.b####.qq.com
adt.x####.com
aexcep####.b####.qq.com
and####.b####.qq.com
api.map.b####.com
av1.x####.com
c####.g####.ig####.com
c####.x####.com
c-h####.g####.com
i.t####.com
j####.d####.com
nav.cn.ron####.com
o####.map.b####.com
plb####.u####.com
s####.cn.ron####.com
sdk.c####.ig####.com
sdk.o####.p####.####.com
sdk.o####.t####.####.com
sdk.o####.t####.####.com
sdk.o####.t####.####.net
u####.u####.com
wap.cmpass####.com

HTTP GET requests:

i.t####.com/a/368f6de449e9cd5d4e6e9831f32226c95
t####.c####.q####.####.com/tdata_SBh025
t####.c####.q####.####.com/tdata_ZKm258
ti####.c####.l####.####.com/config/hz-hzv3.conf

HTTP POST requests:

a####.b####.qq.com:8011/rqd/async
a####.b####.qq.com:8012/rqd/async
and####.b####.qq.com/rqd/async
c-h####.g####.com/api.php?format=####&t=####
rp-na####.ron####.com/navipush.json
sdk.o####.p####.####.com/api.php?format=####&t=####

File system changes:

Creates the following files:

/data/anr/traces.txt
/data/data/####/.imprint
/data/data/####/.jg.ic
/data/data/####/000001.dbtmp
/data/data/####/000002.dbtmp
/data/data/####/000003.log
/data/data/####/000004.dbtmp
/data/data/####/000005.log
/data/data/####/000006.dbtmp
/data/data/####/000007.log
/data/data/####/000008.dbtmp
/data/data/####/000009.log
/data/data/####/000010.dbtmp
/data/data/####/000012.dbtmp
/data/data/####/1552014695855_2278
/data/data/####/1552014697939_2278
/data/data/####/1552014698331_2278
/data/data/####/1552014701249_2278
/data/data/####/1552014701429_2278
/data/data/####/1552014701466_2367
/data/data/####/1552014701521_2384
/data/data/####/1552014701713_2339
/data/data/####/1552014703365_2367
/data/data/####/1552014703421_2278
/data/data/####/1552014703426_2278
/data/data/####/1552014703498_2367
/data/data/####/1552014704223_2339
/data/data/####/1552014705850_2699
/data/data/####/1552014707513_2699
/data/data/####/1552014709190_2770
/data/data/####/1552014709236_2699
/data/data/####/1552014710378_2770
/data/data/####/1552014710425_2770
/data/data/####/1552014711459_2339
/data/data/####/1552014711962_2770
/data/data/####/1552014713675_2384
/data/data/####/1552014713924_2384
/data/data/####/1552014716684_3013
/data/data/####/1552014717819_2339
/data/data/####/1552014718014_3013
/data/data/####/1552014719240_3013
/data/data/####/1552014719397_3013
/data/data/####/1552014719768_2339
/data/data/####/1552014721809_2983
/data/data/####/1552014721963_2983
/data/data/####/1552014722289_2983
/data/data/####/1552014724851_2384
/data/data/####/1552014725428_2384
/data/data/####/1552014730329_3257
/data/data/####/1552014732288_3257
/data/data/####/1552014734764_3332
/data/data/####/1552014735159_3332
/data/data/####/1552014737283_3506
/data/data/####/1552014738914_3506
/data/data/####/1552014740913_3568
/data/data/####/1552014743615_3690
/data/data/####/1552014746657_3690
/data/data/####/1552014749402_3756
/data/data/####/1552014751994_3896
/data/data/####/1552014756252_3896
/data/data/####/1552014757518_3963
/data/data/####/1552014757856_3963
/data/data/####/1552014763865_4151
/data/data/####/1552014766768_4240
/data/data/####/1552014768086_4240
/data/data/####/1552014768385_4240
/data/data/####/1552014769218_4151
/data/data/####/1552014772739_2384
/data/data/####/Archimedes_p1
/data/data/####/Archimedes_p2
/data/data/####/Archimedes_p3
/data/data/####/Archimedes_p4
/data/data/####/Archimedes_p5
/data/data/####/COUNTLY_STORE.xml
/data/data/####/INSTALLATION
/data/data/####/LOCK
/data/data/####/Lock0
/data/data/####/Lock1
/data/data/####/Lock2
/data/data/####/Lock7
/data/data/####/MANIFEST-000001
/data/data/####/MANIFEST-000002
/data/data/####/MANIFEST-000004
/data/data/####/MANIFEST-000006
/data/data/####/MANIFEST-000008
/data/data/####/RongPush.xml
/data/data/####/Statistics.xml
/data/data/####/TDAntiCheating_Switch_Value
/data/data/####/TDCloud_Control_Cache_Param1
/data/data/####/TDCloud_Control_Cache_Param2
/data/data/####/TD_AES_DATA_LOCK
/data/data/####/TD_AES_IV_LOCK
/data/data/####/TD_AES_SALT_LOCK
/data/data/####/TD__App_Synchronous_Lock__
/data/data/####/TD__Tracking_Synchronous_Lock__
/data/data/####/TD_app_pefercen_profile.xml
/data/data/####/TDpref_cloudcontrol1.xml
/data/data/####/TDpref_cloudcontrol2.xml
/data/data/####/TDpref_longtime.xml
/data/data/####/TDpref_longtime0.xml
/data/data/####/TDpref_longtime1.xml
/data/data/####/TDpref_shorttime.xml
/data/data/####/TDpref_shorttime0.xml
/data/data/####/a==7.5.1&&3.8.0_1552014712497_envelope.log
/data/data/####/account-bind-list.7cf033bc2df738f8f65786c007cdc644-two.css
/data/data/####/account-bind-list.9f22e609ac8690ac0811.js
/data/data/####/account-bind-list.html
/data/data/####/account.467a8146c593d9a51e1a0a7e33460662-two.css
/data/data/####/account.9f22e609ac8690ac0811.js
/data/data/####/account.html
/data/data/####/agreement.81d341a748c733563293e95b2cd3ef51-one.css
/data/data/####/agreement.9f22e609ac8690ac0811.js
/data/data/####/agreement.html
/data/data/####/appSetting.xml
/data/data/####/apply-cash-record.9f22e609ac8690ac0811.js
/data/data/####/apply-cash-record.d41d8cd98f00b204e9800998ecf8427e-one.css
/data/data/####/apply-cash-record.ed8ca29917694b057db577ff45507677-two.css
/data/data/####/apply-cash-record.html
/data/data/####/apply-cash-success.8031a7a741c9b289c9c57ba183aa...wo.css
/data/data/####/apply-cash-success.9f22e609ac8690ac0811.js
/data/data/####/apply-cash-success.html
/data/data/####/apply-cash.9f22e609ac8690ac0811.js
/data/data/####/apply-cash.dae07a27519e4057439ed94bda9c2ddc-two.css
/data/data/####/apply-cash.html
/data/data/####/apply-detail.14959a1ea747b2becc2ae80eae8c489f-two.css
/data/data/####/apply-detail.650149f6520013ab63beaf0e2b94b061-one.css
/data/data/####/apply-detail.9f22e609ac8690ac0811.js
/data/data/####/apply-detail.html
/data/data/####/apply-list.9f22e609ac8690ac0811.js
/data/data/####/apply-list.a89e4241d398b38c1efacd6025e79c1d-two.css
/data/data/####/apply-list.d41d8cd98f00b204e9800998ecf8427e-one.css
/data/data/####/apply-list.html
/data/data/####/apply-success.22cb2fd253ea48cc0bb29d8be4516539-one.css
/data/data/####/apply-success.9f22e609ac8690ac0811.js
/data/data/####/apply-success.html
/data/data/####/authStatus_com.doumi.jianzhi.xml
/data/data/####/authStatus_com.doumi.jianzhi;ipc.xml
/data/data/####/authStatus_com.doumi.jianzhi;pushservice.xml
/data/data/####/authStatus_com.doumi.jianzhi;remote.xml
/data/data/####/authStatus_io.rong.push.xml
/data/data/####/avatar_female.png
/data/data/####/avatar_male.png
/data/data/####/banner_integral.jpg
/data/data/####/banner_share.png
/data/data/####/banner_submit.png
/data/data/####/bg_blacklist.png
/data/data/####/bg_detail_banner.png
/data/data/####/bg_detail_quanzhi.png
/data/data/####/bg_index_column.png
/data/data/####/bg_popup.png
/data/data/####/bg_renzheng.png
/data/data/####/bg_resume.png
/data/data/####/bg_rise.png
/data/data/####/bg_status.png
/data/data/####/bg_status_new.png
/data/data/####/bg_tab.png
/data/data/####/bg_toptips.png
/data/data/####/bind-alipay.30dafbd020a8c6204e480314e96b22f7-one.css
/data/data/####/bind-alipay.9f22e609ac8690ac0811.js
/data/data/####/bind-alipay.b764134f9efb84fd35518735362bff2f-two.css
/data/data/####/bind-alipay.html
/data/data/####/bind-unionpay.30dafbd020a8c6204e480314e96b22f7-one.css
/data/data/####/bind-unionpay.9f22e609ac8690ac0811.js
/data/data/####/bind-unionpay.b764134f9efb84fd35518735362bff2f-two.css
/data/data/####/bind-unionpay.html
/data/data/####/bind-weixinwallet.30dafbd020a8c6204e480314e96b22f7-one.css
/data/data/####/bind-weixinwallet.6e54c3e2b34d1de1b633e5fc012dba10-two.css
/data/data/####/bind-weixinwallet.9f22e609ac8690ac0811.js
/data/data/####/bind-weixinwallet.html
/data/data/####/bugly_db_
/data/data/####/bugly_db_-journal
/data/data/####/bundle.js
/data/data/####/cache.manifest
/data/data/####/change-mobile-number.3ad596e20cd9457218249dfb09...wo.css
/data/data/####/change-mobile-number.9f22e609ac8690ac0811.js
/data/data/####/change-mobile-number.html
/data/data/####/china.zip
/data/data/####/city.95e09476214ef7a72a4fdcbd8f47934c-one.css
/data/data/####/city.9f22e609ac8690ac0811.js
/data/data/####/city.html
/data/data/####/city_1.json
/data/data/####/city_10.json
/data/data/####/city_100.json
/data/data/####/city_101.json
/data/data/####/city_102.json
/data/data/####/city_103.json
/data/data/####/city_104.json
/data/data/####/city_105.json
/data/data/####/city_106.json
/data/data/####/city_107.json
/data/data/####/city_108.json
/data/data/####/city_109.json
/data/data/####/city_11.json
/data/data/####/city_110.json
/data/data/####/city_111.json
/data/data/####/city_112.json
/data/data/####/city_113.json
/data/data/####/city_114.json
/data/data/####/city_115.json
/data/data/####/city_116.json
/data/data/####/city_117.json
/data/data/####/city_118.json
/data/data/####/city_119.json
/data/data/####/city_12.json
/data/data/####/city_120.json
/data/data/####/city_121.json
/data/data/####/city_122.json
/data/data/####/city_123.json
/data/data/####/city_124.json
/data/data/####/city_125.json
/data/data/####/city_126.json
/data/data/####/city_127.json
/data/data/####/city_128.json
/data/data/####/city_129.json
/data/data/####/city_13.json
/data/data/####/city_130.json
/data/data/####/city_131.json
/data/data/####/city_132.json
/data/data/####/city_133.json
/data/data/####/city_134.json
/data/data/####/city_135.json
/data/data/####/city_136.json
/data/data/####/city_137.json
/data/data/####/city_138.json
/data/data/####/city_139.json
/data/data/####/city_14.json
/data/data/####/city_140.json
/data/data/####/city_141.json
/data/data/####/city_142.json
/data/data/####/city_143.json
/data/data/####/city_144.json
/data/data/####/city_145.json
/data/data/####/city_146.json
/data/data/####/city_147.json
/data/data/####/city_148.json
/data/data/####/city_149.json
/data/data/####/city_15.json
/data/data/####/city_150.json
/data/data/####/city_151.json
/data/data/####/city_152.json
/data/data/####/city_153.json
/data/data/####/city_154.json
/data/data/####/city_155.json
/data/data/####/city_156.json
/data/data/####/city_157.json
/data/data/####/city_158.json
/data/data/####/city_159.json
/data/data/####/city_16.json
/data/data/####/city_160.json
/data/data/####/city_161.json
/data/data/####/city_162.json
/data/data/####/city_163.json
/data/data/####/city_164.json
/data/data/####/city_165.json
/data/data/####/city_166.json
/data/data/####/city_167.json
/data/data/####/city_168.json
/data/data/####/city_169.json
/data/data/####/city_17.json
/data/data/####/city_170.json
/data/data/####/city_171.json
/data/data/####/city_172.json
/data/data/####/city_173.json
/data/data/####/city_174.json
/data/data/####/city_175.json
/data/data/####/city_176.json
/data/data/####/city_177.json
/data/data/####/city_178.json
/data/data/####/city_179.json
/data/data/####/city_18.json
/data/data/####/city_180.json
/data/data/####/city_181.json
/data/data/####/city_182.json
/data/data/####/city_183.json
/data/data/####/city_184.json
/data/data/####/city_185.json
/data/data/####/city_186.json
/data/data/####/city_187.json
/data/data/####/city_188.json
/data/data/####/city_189.json
/data/data/####/city_19.json
/data/data/####/city_190.json
/data/data/####/city_191.json
/data/data/####/city_192.json
/data/data/####/city_193.json
/data/data/####/city_194.json
/data/data/####/city_195.json
/data/data/####/city_196.json
/data/data/####/city_197.json
/data/data/####/city_198.json
/data/data/####/city_199.json
/data/data/####/city_2.json
/data/data/####/city_20.json
/data/data/####/city_200.json
/data/data/####/city_201.json
/data/data/####/city_202.json
/data/data/####/city_203.json
/data/data/####/city_204.json
/data/data/####/city_205.json
/data/data/####/city_206.json
/data/data/####/city_207.json
/data/data/####/city_208.json
/data/data/####/city_209.json
/data/data/####/city_21.json
/data/data/####/city_210.json
/data/data/####/city_211.json
/data/data/####/city_212.json
/data/data/####/city_213.json
/data/data/####/city_214.json
/data/data/####/city_215.json
/data/data/####/city_216.json
/data/data/####/city_217.json
/data/data/####/city_218.json
/data/data/####/city_219.json
/data/data/####/city_22.json
/data/data/####/city_220.json
/data/data/####/city_221.json
/data/data/####/city_222.json
/data/data/####/city_223.json
/data/data/####/city_224.json
/data/data/####/city_225.json
/data/data/####/city_226.json
/data/data/####/city_227.json
/data/data/####/city_228.json
/data/data/####/city_229.json
/data/data/####/city_23.json
/data/data/####/city_230.json
/data/data/####/city_231.json
/data/data/####/city_232.json
/data/data/####/city_233.json
/data/data/####/city_234.json
/data/data/####/city_235.json
/data/data/####/city_236.json
/data/data/####/city_237.json
/data/data/####/city_238.json
/data/data/####/city_239.json
/data/data/####/city_24.json
/data/data/####/city_240.json
/data/data/####/city_241.json
/data/data/####/city_242.json
/data/data/####/city_243.json
/data/data/####/city_244.json
/data/data/####/city_245.json
/data/data/####/city_246.json
/data/data/####/city_247.json
/data/data/####/city_248.json
/data/data/####/city_249.json
/data/data/####/city_25.json
/data/data/####/city_250.json
/data/data/####/city_251.json
/data/data/####/city_252.json
/data/data/####/city_253.json
/data/data/####/city_254.json
/data/data/####/city_255.json
/data/data/####/city_256.json
/data/data/####/city_257.json
/data/data/####/city_258.json
/data/data/####/city_259.json
/data/data/####/city_26.json
/data/data/####/city_260.json
/data/data/####/city_261.json
/data/data/####/city_262.json
/data/data/####/city_263.json
/data/data/####/city_264.json
/data/data/####/city_265.json
/data/data/####/city_266.json
/data/data/####/city_267.json
/data/data/####/city_268.json
/data/data/####/city_269.json
/data/data/####/city_27.json
/data/data/####/city_270.json
/data/data/####/city_271.json
/data/data/####/city_272.json
/data/data/####/city_273.json
/data/data/####/city_274.json
/data/data/####/city_275.json
/data/data/####/city_276.json
/data/data/####/city_277.json
/data/data/####/city_278.json
/data/data/####/city_279.json
/data/data/####/city_28.json
/data/data/####/city_280.json
/data/data/####/city_281.json
/data/data/####/city_282.json
/data/data/####/city_283.json
/data/data/####/city_284.json
/data/data/####/city_285.json
/data/data/####/city_286.json
/data/data/####/city_287.json
/data/data/####/city_288.json
/data/data/####/city_289.json
/data/data/####/city_29.json
/data/data/####/city_290.json
/data/data/####/city_291.json
/data/data/####/city_292.json
/data/data/####/city_293.json
/data/data/####/city_294.json
/data/data/####/city_295.json
/data/data/####/city_296.json
/data/data/####/city_297.json
/data/data/####/city_298.json
/data/data/####/city_299.json
/data/data/####/city_3.json
/data/data/####/city_30.json
/data/data/####/city_300.json
/data/data/####/city_301.json
/data/data/####/city_302.json
/data/data/####/city_303.json
/data/data/####/city_304.json
/data/data/####/city_305.json
/data/data/####/city_306.json
/data/data/####/city_307.json
/data/data/####/city_308.json
/data/data/####/city_309.json
/data/data/####/city_31.json
/data/data/####/city_310.json
/data/data/####/city_311.json
/data/data/####/city_312.json
/data/data/####/city_313.json
/data/data/####/city_314.json
/data/data/####/city_315.json
/data/data/####/city_316.json
/data/data/####/city_317.json
/data/data/####/city_318.json
/data/data/####/city_319.json
/data/data/####/city_32.json
/data/data/####/city_320.json
/data/data/####/city_321.json
/data/data/####/city_322.json
/data/data/####/city_323.json
/data/data/####/city_324.json
/data/data/####/city_325.json
/data/data/####/city_326.json
/data/data/####/city_327.json
/data/data/####/city_328.json
/data/data/####/city_329.json
/data/data/####/city_33.json
/data/data/####/city_330.json
/data/data/####/city_331.json
/data/data/####/city_332.json
/data/data/####/city_333.json
/data/data/####/city_334.json
/data/data/####/city_335.json
/data/data/####/city_336.json
/data/data/####/city_337.json
/data/data/####/city_338.json
/data/data/####/city_339.json
/data/data/####/city_34.json
/data/data/####/city_340.json
/data/data/####/city_341.json
/data/data/####/city_342.json
/data/data/####/city_343.json
/data/data/####/city_344.json
/data/data/####/city_345.json
/data/data/####/city_35.json
/data/data/####/city_353.json
/data/data/####/city_36.json
/data/data/####/city_37.json
/data/data/####/city_373.json
/data/data/####/city_374.json
/data/data/####/city_375.json
/data/data/####/city_376.json
/data/data/####/city_377.json
/data/data/####/city_378.json
/data/data/####/city_379.json
/data/data/####/city_38.json
/data/data/####/city_380.json
/data/data/####/city_381.json
/data/data/####/city_382.json
/data/data/####/city_383.json
/data/data/####/city_384.json
/data/data/####/city_385.json
/data/data/####/city_386.json
/data/data/####/city_39.json
/data/data/####/city_4.json
/data/data/####/city_40.json
/data/data/####/city_41.json
/data/data/####/city_42.json
/data/data/####/city_43.json
/data/data/####/city_44.json
/data/data/####/city_45.json
/data/data/####/city_46.json
/data/data/####/city_47.json
/data/data/####/city_48.json
/data/data/####/city_49.json
/data/data/####/city_5.json
/data/data/####/city_50.json
/data/data/####/city_51.json
/data/data/####/city_52.json
/data/data/####/city_53.json
/data/data/####/city_54.json
/data/data/####/city_55.json
/data/data/####/city_56.json
/data/data/####/city_57.json
/data/data/####/city_58.json
/data/data/####/city_59.json
/data/data/####/city_6.json
/data/data/####/city_60.json
/data/data/####/city_61.json
/data/data/####/city_62.json
/data/data/####/city_63.json
/data/data/####/city_64.json
/data/data/####/city_65.json
/data/data/####/city_66.json
/data/data/####/city_67.json
/data/data/####/city_68.json
/data/data/####/city_69.json
/data/data/####/city_7.json
/data/data/####/city_70.json
/data/data/####/city_71.json
/data/data/####/city_72.json
/data/data/####/city_73.json
/data/data/####/city_74.json
/data/data/####/city_75.json
/data/data/####/city_76.json
/data/data/####/city_77.json
/data/data/####/city_78.json
/data/data/####/city_79.json
/data/data/####/city_8.json
/data/data/####/city_80.json
/data/data/####/city_81.json
/data/data/####/city_82.json
/data/data/####/city_83.json
/data/data/####/city_84.json
/data/data/####/city_85.json
/data/data/####/city_86.json
/data/data/####/city_87.json
/data/data/####/city_88.json
/data/data/####/city_89.json
/data/data/####/city_9.json
/data/data/####/city_90.json
/data/data/####/city_91.json
/data/data/####/city_92.json
/data/data/####/city_93.json
/data/data/####/city_94.json
/data/data/####/city_95.json
/data/data/####/city_96.json
/data/data/####/city_97.json
/data/data/####/city_98.json
/data/data/####/city_99.json
/data/data/####/com.doumi.jianzhi_preferences.xml
/data/data/####/company-detail.5704bedb1a335a51f96c2e7dd6fb42e2-two.css
/data/data/####/company-detail.9f22e609ac8690ac0811.js
/data/data/####/company-detail.a4ab77a458147a754ee1d250452b2850-one.css
/data/data/####/company-detail.html
/data/data/####/complain-and-feedback.9f22e609ac8690ac0811.js
/data/data/####/complain-and-feedback.e4549bb4c8984f56df460219a...ne.css
/data/data/####/complain-and-feedback.html
/data/data/####/complain.8def2e7a28f119daf031d7d3ba258e98-one.css
/data/data/####/complain.9f22e609ac8690ac0811.js
/data/data/####/complain.html
/data/data/####/conf_n.pid
/data/data/####/dW1weF9pbnRlcm5hbF8xNTUyMDE0Njk3MDgw;
/data/data/####/dW1weF9pbnRlcm5hbF8xNTUyMDE0NzA4MzA3;
/data/data/####/dW1weF9pbnRlcm5hbF8xNTUyMDE0NzE4MTYy;
/data/data/####/dW1weF9pbnRlcm5hbF8xNTUyMDE0NzM5MTkx;
/data/data/####/dW1weF9pbnRlcm5hbF8xNTUyMDE0NzMxNTQ2;
/data/data/####/dW1weF9pbnRlcm5hbF8xNTUyMDE0NzQ0NTM5;
/data/data/####/dW1weF9pbnRlcm5hbF8xNTUyMDE0NzU0NzEw;
/data/data/####/dW1weF9pbnRlcm5hbF8xNTUyMDE0NzY3NTY3;
/data/data/####/daemon
/data/data/####/detail-address.9f22e609ac8690ac0811.js
/data/data/####/detail-address.c6964467d198b3cd6bbe7ebcada9b566-two.css
/data/data/####/detail-address.html
/data/data/####/detail.9f22e609ac8690ac0811.js
/data/data/####/detail.9fe12f414bbf4a32164b57e35a394bbe-one.css
/data/data/####/detail.dbb7ab69b2aeb28c55f2d3d07206c9f2-two.css
/data/data/####/detail.html
/data/data/####/dmdid
/data/data/####/doumi-db
/data/data/####/doumi-db-journal
/data/data/####/duiba.2839f02f6b96f7eaf8852679854b77b7-one.css
/data/data/####/duiba.9f22e609ac8690ac0811.js
/data/data/####/duiba.html
/data/data/####/earn-score.42dd8c9ae626e3d2d2083a35563a66b3-one.css
/data/data/####/earn-score.9f22e609ac8690ac0811.js
/data/data/####/earn-score.html
/data/data/####/evaluate.9f22e609ac8690ac0811.js
/data/data/####/evaluate.a89e4241d398b38c1efacd6025e79c1d-two.css
/data/data/####/evaluate.c06520a83be22d94fe2f3ea7820c185f-one.css
/data/data/####/evaluate.html
/data/data/####/exchangeIdentity.json
/data/data/####/exid.dat
/data/data/####/f1e5994e2a5f4dbe680c.worker.js
/data/data/####/favorite.91e550ab6d2afc3036ed4bc604e23d4c-one.css
/data/data/####/favorite.9f22e609ac8690ac0811.js
/data/data/####/favorite.html
/data/data/####/fe5312fdbe923e425eb3.worker.js
/data/data/####/feedback.9f22e609ac8690ac0811.js
/data/data/####/feedback.a8229ee74a8c1d67288fcb25594a8ff9-one.css
/data/data/####/feedback.html
/data/data/####/gal.db
/data/data/####/gal.db-journal
/data/data/####/gdaemon_20161017
/data/data/####/getui_sp.xml
/data/data/####/gx_sp.xml
/data/data/####/hotjob-list.8ff7805c857f80223d3a9ea8398ebe23-one.css
/data/data/####/hotjob-list.9f22e609ac8690ac0811.js
/data/data/####/hotjob-list.html
/data/data/####/hst.db
/data/data/####/hst.db-journal
/data/data/####/huiyan-index.9f22e609ac8690ac0811.js
/data/data/####/huiyan-index.d1fe976d1a1a706051b9caf8a24fc075-two.css
/data/data/####/huiyan-index.html
/data/data/####/huiyan-result.9f22e609ac8690ac0811.js
/data/data/####/huiyan-result.ff6bb08462bc70411c78353484b94e37-two.css
/data/data/####/huiyan-result.html
/data/data/####/i==1.2.0&&3.8.0_1552014697275_envelope.log
/data/data/####/i==1.2.0&&3.8.0_1552014708375_envelope.log
/data/data/####/i==1.2.0&&3.8.0_1552014739279_envelope.log
/data/data/####/i==1.2.0&&3.8.0_1552014767809_envelope.log
/data/data/####/icon.png
/data/data/####/icon_account.png
/data/data/####/icon_blacklist.png
/data/data/####/icon_cate_check.png
/data/data/####/icon_cate_other.png
/data/data/####/icon_cate_promotion.png
/data/data/####/icon_cate_reg.png
/data/data/####/icon_cate_share.png
/data/data/####/icon_cate_survey.png
/data/data/####/icon_deliver.png
/data/data/####/icon_detail.png
/data/data/####/icon_detail_new.png
/data/data/####/icon_form.png
/data/data/####/icon_index.png
/data/data/####/icon_online.png
/data/data/####/icon_order.png
/data/data/####/icon_personal.png
/data/data/####/icon_rate.png
/data/data/####/icon_resume.png
/data/data/####/icon_succeed.png
/data/data/####/icon_taobaoke.png
/data/data/####/icon_toplist.png
/data/data/####/icon_wallet.png
/data/data/####/imkit.db
/data/data/####/imkit.db-journal
/data/data/####/index.0795fc42679398eb57829467169d3ada-one.css
/data/data/####/index.72530df6faa66cdedb0a93a49e6c97da-two.css
/data/data/####/index.9f22e609ac8690ac0811.js
/data/data/####/index.html
/data/data/####/info.xml
/data/data/####/init.pid
/data/data/####/init_c1.pid
/data/data/####/integral-detail.44496344f4d73e545d899c6b27b5b760-one.css
/data/data/####/integral-detail.9f22e609ac8690ac0811.js
/data/data/####/integral-detail.html
/data/data/####/iv
/data/data/####/jianZhi.xml
/data/data/####/ker.db
/data/data/####/ker.db-journal
/data/data/####/libcuid.so
/data/data/####/libjiagu-1123170138.so
/data/data/####/local_crash_lock
/data/data/####/login-captcha.9f22e609ac8690ac0811.js
/data/data/####/login-captcha.ea7aa50e46628c34780c01b949a08eee-one.css
/data/data/####/login-captcha.html
/data/data/####/login-check-phone.9f22e609ac8690ac0811.js
/data/data/####/login-check-phone.ea7aa50e46628c34780c01b949a08eee-one.css
/data/data/####/login-check-phone.html
/data/data/####/login-password.9f22e609ac8690ac0811.js
/data/data/####/login-password.ea7aa50e46628c34780c01b949a08eee-one.css
/data/data/####/login-password.html
/data/data/####/main.dek
/data/data/####/msg-invite-list.421907d40fdf41a57c1b325e86d0efec-one.css
/data/data/####/msg-invite-list.9f22e609ac8690ac0811.js
/data/data/####/msg-invite-list.html
/data/data/####/msg-news-list.9f22e609ac8690ac0811.js
/data/data/####/msg-news-list.f4e0eb380f81cdb27020bde72992eb81-one.css
/data/data/####/msg-news-list.html
/data/data/####/msg-online-list.9f22e609ac8690ac0811.js
/data/data/####/msg-online-list.f360d599f258309a437bc1375b09eaeb-one.css
/data/data/####/msg-online-list.html
/data/data/####/multidex.version.xml
/data/data/####/nearby-list.7e5fe04844f77cc57b895a1b4fff7a20-one.css
/data/data/####/nearby-list.9f22e609ac8690ac0811.js
/data/data/####/nearby-list.html
/data/data/####/no-idencode.7418fa430c2c4b3ef49e4852e46dcb52-one.css
/data/data/####/no-idencode.9f22e609ac8690ac0811.js
/data/data/####/no-idencode.html
/data/data/####/offline-invite-bonus.4084ef1b596abbcc99e60a7a24...ne.css
/data/data/####/offline-invite-bonus.9f22e609ac8690ac0811.js
/data/data/####/offline-invite-bonus.html
/data/data/####/offline-invite-list.4084ef1b596abbcc99e60a7a24c...ne.css
/data/data/####/offline-invite-list.9f22e609ac8690ac0811.js
/data/data/####/offline-invite-list.html
/data/data/####/offline-share.4084ef1b596abbcc99e60a7a24ce3894-one.css
/data/data/####/offline-share.9f22e609ac8690ac0811.js
/data/data/####/offline-share.html
/data/data/####/ofl.config
/data/data/####/ofl_location.db
/data/data/####/ofl_location.db-journal
/data/data/####/ofl_statistics.db
/data/data/####/ofl_statistics.db-journal
/data/data/####/online-complain-select.7f5183fcc98afcb7b9e6dc17...ne.css
/data/data/####/online-complain-select.9f22e609ac8690ac0811.js
/data/data/####/online-complain-select.html
/data/data/####/online-complain.8def2e7a28f119daf031d7d3ba258e98-one.css
/data/data/####/online-complain.9f22e609ac8690ac0811.js
/data/data/####/online-complain.html
/data/data/####/online-detail.4c1c5d9a634a44d2db5d7ba88375bf38-one.css
/data/data/####/online-detail.7a34f10539530e981bed88ab027c4444-two.css
/data/data/####/online-detail.9f22e609ac8690ac0811.js
/data/data/####/online-detail.html
/data/data/####/online-income.78a65149714213978f86ea3594247b9e-one.css
/data/data/####/online-income.9f22e609ac8690ac0811.js
/data/data/####/online-income.html
/data/data/####/online-index.17007d4eb3ec5a52aaa4e0206c6f147e-one.css
/data/data/####/online-index.9f22e609ac8690ac0811.js
/data/data/####/online-index.html
/data/data/####/online-personal.7f5183fcc98afcb7b9e6dc170ebd0a4f-one.css
/data/data/####/online-personal.9f22e609ac8690ac0811.js
/data/data/####/online-personal.html
/data/data/####/online-prefecture.5123a485a5b55423a26b945b4230db2d-one.css
/data/data/####/online-prefecture.9f22e609ac8690ac0811.js
/data/data/####/online-prefecture.html
/data/data/####/online-retrial.9f22e609ac8690ac0811.js
/data/data/####/online-retrial.d14658c9f8b3b9f18145d21a562ba87a-one.css
/data/data/####/online-retrial.html
/data/data/####/online-submit-detail.1e894983c71bb3dc3e3ee2f273...ne.css
/data/data/####/online-submit-detail.9f22e609ac8690ac0811.js
/data/data/####/online-submit-detail.html
/data/data/####/online-submit-success.9f22e609ac8690ac0811.js
/data/data/####/online-submit-success.d14658c9f8b3b9f18145d21a5...ne.css
/data/data/####/online-submit-success.html
/data/data/####/online-submit.9f22e609ac8690ac0811.js
/data/data/####/online-submit.d97659ffb74602dd16ddafff37d560f3-one.css
/data/data/####/online-submit.html
/data/data/####/prefecture.3b1cf503a4569d7dc845c58e2f254521-one.css
/data/data/####/prefecture.9f22e609ac8690ac0811.js
/data/data/####/prefecture.html
/data/data/####/preferences-job-type-select.9f22e609ac8690ac0811.js
/data/data/####/preferences-job-type-select.a94f09daf10d5d732ea...ne.css
/data/data/####/preferences-job-type-select.html
/data/data/####/provinces.json
/data/data/####/ptj_icons.png
/data/data/####/push.pid
/data/data/####/pushext.db-journal
/data/data/####/pushg.db-journal
/data/data/####/pushsdk.db-journal
/data/data/####/qihoo_jiagu_crash_report.xml
/data/data/####/rapidly-apply.57c4202db051a46e61e80f17b171a477-one.css
/data/data/####/rapidly-apply.9f22e609ac8690ac0811.js
/data/data/####/rapidly-apply.html
/data/data/####/recommend-list.8ff7805c857f80223d3a9ea8398ebe23-one.css
/data/data/####/recommend-list.9f22e609ac8690ac0811.js
/data/data/####/recommend-list.html
/data/data/####/register.9f22e609ac8690ac0811.js
/data/data/####/register.ea7aa50e46628c34780c01b949a08eee-one.css
/data/data/####/register.html
/data/data/####/reset.9f22e609ac8690ac0811.js
/data/data/####/reset.d9d8604340a6ed793fbdccf399d45e8f-one.css
/data/data/####/reset.html
/data/data/####/resume-addition.76706cfe369068e25ae9de45ab1506d4-two.css
/data/data/####/resume-addition.9f22e609ac8690ac0811.js
/data/data/####/resume-addition.html
/data/data/####/resume-education.1bc4edf003ee1867a6a5305766aac36e-two.css
/data/data/####/resume-education.9f22e609ac8690ac0811.js
/data/data/####/resume-education.html
/data/data/####/resume-index.1bd3052876c4f73cc4c4c102330889c5-two.css
/data/data/####/resume-index.9f22e609ac8690ac0811.js
/data/data/####/resume-index.html
/data/data/####/resume-info.6843967039798ffb922648bbe666fa3c-two.css
/data/data/####/resume-info.9f22e609ac8690ac0811.js
/data/data/####/resume-info.html
/data/data/####/resume-preference.974f16e51808e3b44642665b93f3c209-two.css
/data/data/####/resume-preference.9f22e609ac8690ac0811.js
/data/data/####/resume-preference.html
/data/data/####/resume-work.6bcfcc0dee026dbf930b56cbdd56dda4-two.css
/data/data/####/resume-work.9f22e609ac8690ac0811.js
/data/data/####/resume-work.html
/data/data/####/run.pid
/data/data/####/salt
/data/data/####/search.25823b0026c403bac744323e04233687-two.css
/data/data/####/search.6913f5ead557509e92087ee13ec5fa43-one.css
/data/data/####/search.9f22e609ac8690ac0811.js
/data/data/####/search.html
/data/data/####/security_info
/data/data/####/selectiveperfect-list.8f3939fe04618f2b2b284cef1...ne.css
/data/data/####/selectiveperfect-list.9f22e609ac8690ac0811.js
/data/data/####/selectiveperfect-list.html
/data/data/####/set-resume-success.3870f8f1434d9211db9b1f682a1d...ne.css
/data/data/####/set-resume-success.9f22e609ac8690ac0811.js
/data/data/####/set-resume-success.html
/data/data/####/settings.95345ee4e13105817bc3f75cce3920e9-two.css
/data/data/####/settings.9f22e609ac8690ac0811.js
/data/data/####/settings.html
/data/data/####/sign-in.7ea6495923ff03d8fee10512e536bafa-one.css
/data/data/####/sign-in.9f22e609ac8690ac0811.js
/data/data/####/sign-in.html
/data/data/####/taobaoke-detail.358071e44592d180b1e79940927d4191-one.css
/data/data/####/taobaoke-detail.9f22e609ac8690ac0811.js
/data/data/####/taobaoke-detail.html
/data/data/####/taobaoke-income.9f22e609ac8690ac0811.js
/data/data/####/taobaoke-income.c09ceadc2e3455c79fd67f0a59f160ac-one.css
/data/data/####/taobaoke-income.html
/data/data/####/taobaoke-index.9f22e609ac8690ac0811.js
/data/data/####/taobaoke-index.d5dd94be166cbb44ef39c36aa5f09614-one.css
/data/data/####/taobaoke-index.html
/data/data/####/taobaoke-order.9f22e609ac8690ac0811.js
/data/data/####/taobaoke-order.d18b222592a9b845ed9722e3f4272351-one.css
/data/data/####/taobaoke-order.html
/data/data/####/taobaoke-search-hot-key.9cda77bb31da14cb8999ac4...ne.css
/data/data/####/taobaoke-search-hot-key.9f22e609ac8690ac0811.js
/data/data/####/taobaoke-search-hot-key.html
/data/data/####/taobaoke-search.9f22e609ac8690ac0811.js
/data/data/####/taobaoke-search.b78708aa1c7a04779a0da807626bafdb-one.css
/data/data/####/taobaoke-search.html
/data/data/####/taobaoke-share.9f22e609ac8690ac0811.js
/data/data/####/taobaoke-share.ff00047a1ed770721cb9fa56d81ab6d4-one.css
/data/data/####/taobaoke-share.html
/data/data/####/tdata_SBh025
/data/data/####/tdata_SBh025.jar
/data/data/####/tdata_ZKm258
/data/data/####/tdata_ZKm258.jar
/data/data/####/tdid.xml
/data/data/####/tmp.zip
/data/data/####/ua.db
/data/data/####/ua.db-journal
/data/data/####/um_pri.xml
/data/data/####/umdat.xml
/data/data/####/umeng_common_config.xml
/data/data/####/umeng_general_config.xml
/data/data/####/umeng_it.cache
/data/data/####/vendor.dll.js
/data/data/####/wallet.3e7f37ef8e7e4e3e8575ff5de8f4546a-two.css
/data/data/####/wallet.9f22e609ac8690ac0811.js
/data/data/####/wallet.html
/data/data/####/webview.db
/data/data/####/webview.db-journal
/data/media/####/.a.dat
/data/media/####/.adfwe.dat
/data/media/####/.cca.dat
/data/media/####/.cuid
/data/media/####/.cuid2
/data/media/####/.nomedia
/data/media/####/.tcookieid
/data/media/####/.umm.dat
/data/media/####/BeLog_1552014710905.log
/data/media/####/BeLog_1552014718553.log
/data/media/####/BeLog_1552014744535.log
/data/media/####/BeLog_1552014754563.log
/data/media/####/app.db
/data/media/####/com.doumi.jianzhi.bin
/data/media/####/com.doumi.jianzhi.db
/data/media/####/com.getui.sdk.deviceId.db
/data/media/####/com.igexin.sdk.deviceId.db
/data/media/####/dmdid
/data/media/####/journal
/data/media/####/journal.tmp
/data/media/####/ls.db
/data/media/####/ls.db-journal
/data/media/####/rcprotocol.log
/data/media/####/sysid.dat
/data/media/####/tdata_SBh025
/data/media/####/tdata_ZKm258
/data/media/####/test.log
/data/media/####/yoh.dat
/data/media/####/yol.dat
/data/media/####/yom.dat

Miscellaneous:

Executes the following shell scripts:

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
/system/bin/sh -c getprop ro.aa.romver
/system/bin/sh -c getprop ro.board.platform
/system/bin/sh -c getprop ro.build.fingerprint
/system/bin/sh -c getprop ro.build.nubia.rom.name
/system/bin/sh -c getprop ro.build.rom.id
/system/bin/sh -c getprop ro.build.tyd.kbstyle_version
/system/bin/sh -c getprop ro.build.version.emui
/system/bin/sh -c getprop ro.build.version.opporom
/system/bin/sh -c getprop ro.gn.gnromvernumber
/system/bin/sh -c getprop ro.lenovo.series
/system/bin/sh -c getprop ro.lewa.version
/system/bin/sh -c getprop ro.meizu.product.model
/system/bin/sh -c getprop ro.miui.ui.version.name
/system/bin/sh -c getprop ro.vivo.os.build.display.id
/system/bin/sh -c type su
<Package Folder>/app_bin/daemon -p <Package> -s <Package>.daemon.DaemonService -t 120
<Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.push.GetTuiPushService 24702 300 0
chmod 0755 <Package Folder>/app_bin/daemon
chmod 700 <Package Folder>/files/gdaemon_20161017
chmod 755 <Package Folder>/.jiagu/libjiagu-1123170138.so
getprop
getprop ro.aa.romver
getprop ro.board.platform
getprop ro.build.fingerprint
getprop ro.build.nubia.rom.name
getprop ro.build.rom.id
getprop ro.build.tyd.kbstyle_version
getprop ro.build.version.emui
getprop ro.build.version.opporom
getprop ro.gn.gnromvernumber
getprop ro.lenovo.series
getprop ro.lewa.version
getprop ro.meizu.product.model
getprop ro.miui.ui.version.name
getprop ro.vivo.os.build.display.id
logcat -d -v threadtime
ls /sys/class/thermal
sh /system/bin/am startservice --user 0 -n <Package>/<Package>.daemon.DaemonService
sh <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.push.GetTuiPushService 24702 300 0

Loads the following dynamic libraries:

BaiduMapSDK_base_v5_0_0
RongIMLib
dek
getuiext2
kerdb
kerkee_util
libjiagu-1123170138
locSDK7b

Uses the following algorithms to encrypt data:

AES
AES-CBC-PKCS5Padding
AES-CBC-PKCS7Padding
AES-GCM-NoPadding
RSA-ECB-PKCS1Padding
RSA-NONE-OAEPWithSHA1AndMGF1Padding

Uses the following algorithms to decrypt data:

AES
AES-CBC-PKCS5Padding
AES-CBC-PKCS7Padding
AES-GCM-NoPadding

Uses special library to hide executable bytecode.

Gets information about location.

Gets information about network.

Gets information about phone status (number, IMEI, etc.).

Gets information about installed apps.

Adds tasks to the system scheduler.

Displays its own windows over windows of other apps.

Технологии

Термины

Обучение и просвещение

Мифы

Technical information

Рекомендации по лечению

Демо бесплатно на 14 дней