Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) s1.m####.com:80
- TCP(HTTP/1.1) idu####.qini####.com:80
- TCP(HTTP/1.1) loc.map.b####.com:80
- TCP(TLS/1.0) api.map.b####.com:443
- TCP(TLS/1.0) s1.m####.com:443
- TCP(TLS/1.0) m####.data####.sensors####.cn:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) redi####.network####.com:443
- TCP(TLS/1.0) c####.y####.com:443
- TCP(TLS/1.0) gm.mm####.com:443
- TCP(TLS/1.0) v1-auth####.visionc####.com:443
- TCP(TLS/1.0) m####.y####.com:443
- TCP(TLS/1.0) be####.tin####.com:443
- TCP(TLS/1.0) web.gzby####.com:443
- TCP(TLS/1.0) down####.y####.com:443
- TCP(TLS/1.0) z.c####.com:443
- TCP(TLS/1.0) c.c####.com:443
- TCP(TLS/1.0) dc1.network####.com:443
- TCP(TLS/1.0) yys####.y####.com:443
- a####.u####.com
- api.map.b####.com
- be####.tin####.com
- c####.mm####.com
- c####.y####.com
- c.c####.com
- dc1.network####.com
- down####.y####.com
- hm.b####.com
- i####.y####.com
- loc.map.b####.com
- m####.data####.sensors####.cn
- m####.y####.com
- redi####.network####.com
- s1.m####.com
- s13.c####.com
- v1-auth####.visionc####.com
- web.gzby####.com
- yys####.y####.com
- z7.c####.com
- idu####.qini####.com/351318054418202624.jpeg
- idu####.qini####.com/352854879318261760.jpeg
- idu####.qini####.com/380054804367880192.jpeg
- idu####.qini####.com/380054838983471104.jpeg
- idu####.qini####.com/57d66dd98ee8c83f57d66dda-bg
- idu####.qini####.com/596d876145ced31b5965e7d6?imageVi####
- idu####.qini####.com/596d876345ced31b5965e7e5?imageVi####
- idu####.qini####.com/596d876445ced31b5965e7f8?imageVi####
- idu####.qini####.com/596d876845ced31b5965e83c?imageVi####
- idu####.qini####.com/596d876945ced31b5965e84a?imageVi####
- idu####.qini####.com/596d876945ced31b5965e84e?imageVi####
- idu####.qini####.com/596d876b45ced31b5965e861?imageVi####
- idu####.qini####.com/596d876c45ced31b5965e86d?imageVi####
- idu####.qini####.com/596d876d45ced31b5965e878?imageVi####
- idu####.qini####.com/596d877245ced31b5965e89a?imageVi####
- idu####.qini####.com/596d877445ced31b5965e8a5?imageVi####
- idu####.qini####.com/596d877945ced31b5965e8ca?imageVi####
- idu####.qini####.com/596d877f45ced31b5965e8e3?imageVi####
- s1.m####.com/cms/asset/2017-04/06/2bf7/44e2/dc4655f4c7303ca6e628561a.png
- s1.m####.com/cms/asset/2017-04/06/53e3/842f/dd0c9da0f25b10567b459a50.png
- s1.m####.com/cms/asset/2017-04/06/6d75/d55b/d66740430283bcc11b7b1aee.png
- s1.m####.com/cms/asset/2017-04/06/ae39/495d/63869796433747687d81f2b4.png
- s1.m####.com/cms/asset/2017-04/06/c981/6720/1a0a4769347cfe1305e3b2b8.png
- s1.m####.com/cms/asset/2017-04/06/cbfa/cca2/9bd8c48c6e0189cc5c8c93e0.png
- s1.m####.com/cms/asset/2017-04/06/d11d/2872/2354fa39d7c460b3a98028ec.png
- s1.m####.com/cms/asset/2017-04/06/f2a6/ca37/31a54f7d2602300625cbec31.png
- s1.m####.com/cms/asset/2017-05/04/ddba/7823/4f4bdfa847d160f6c6019907.jpg
- s1.m####.com/cms/asset/2017-05/05/b1fe/19e5/90ba9e806c08ea619234ff01.jpg
- s1.m####.com/cms/asset/2017-05/11/3490/1055/d87170b84cfc06ff159d4b2d.png
- s1.m####.com/cms/asset/2017-05/11/40ce/d46b/e937e848f90ceac225983016.png
- s1.m####.com/cms/asset/2017-05/11/ea53/fa3a/68e84e41b7228996cfa198a1.png
- s1.m####.com/cms/asset/2017-05/15/d534/2847/4fe99a02f5c938f03239aa09.jpeg
- s1.m####.com/cms/asset/2017-05/16/9f49/6333/efc2b2a83270ac059d3bcb71.jpeg
- s1.m####.com/cms/asset/2017-05/24/1e7f/d66d/46d4fb5f47e5316251dc9ff6.jpg
- s1.m####.com/cms/asset/2017-05/25/26d4/ba60/32f47c7d9e240addbae3ed73.jpg
- s1.m####.com/cms/asset/2017-05/25/8bb2/8113/8c950f94c63de857cde7d079.jpg
- s1.m####.com/cms/asset/2017-05/25/f0dd/6871/6e2c23e63307955102e1563c.jpg
- s1.m####.com/cms/asset/2017-05/27/2b27/9667/7d45d466d1b3afc022f324ba.jpg
- s1.m####.com/cms/asset/2017-05/27/2ede/115c/cf5b4e51c5e8432350bb56d8.png
- s1.m####.com/cms/asset/2017-05/27/7ba2/fd73/231bfbc3754412eccadcfdcb.png
- s1.m####.com/cms/asset/2017-05/27/9f0a/81c8/e58dcf6b9500b7dc1e9faef0.png
- s1.m####.com/cms/asset/2017-05/27/aa82/7883/449f8c496427d2a3a84e9e10.png
- s1.m####.com/cms/asset/2017-05/27/c391/bb59/b902d1bf72e4773cbc028286.png
- s1.m####.com/cms/asset/2017-05/27/c695/ddfe/7f42cf0d1f5c910214b7c12d.jpg
- s1.m####.com/cms/asset/2017-05/27/cba2/a244/71dcbf3df28dfb947d84cefd.jpg
- a####.u####.com/app_logs
- loc.map.b####.com/sdk.php
- /data/data/####/-Qwzc0Bk_l1zNgoTkGG80kyU818.-490231176.tmp
- /data/data/####/-XgapTKNHHjFEbejxP0Q5hsyjSE.1028466089.tmp
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/.log.lock
- /data/data/####/.log.ls
- /data/data/####/08b8b7ccafb3fa94e626b2c16ebf8a16.0.tmp
- /data/data/####/08b8b7ccafb3fa94e626b2c16ebf8a16.1.tmp
- /data/data/####/31106c310c4ff5a832eeca806399d947.0.tmp
- /data/data/####/31106c310c4ff5a832eeca806399d947.1.tmp
- /data/data/####/33ceb5eeecf5647cefb52ed6923b8793.0.tmp
- /data/data/####/33ceb5eeecf5647cefb52ed6923b8793.1.tmp
- /data/data/####/4be74a0d03b5129e050b08c67cd799ad.0.tmp
- /data/data/####/4be74a0d03b5129e050b08c67cd799ad.1.tmp
- /data/data/####/65bc59795ffdac87c16204617bab95c3.0.tmp
- /data/data/####/65bc59795ffdac87c16204617bab95c3.1.tmp
- /data/data/####/72eee5e2471d07d27359b3e35f74811e.0.tmp
- /data/data/####/72eee5e2471d07d27359b3e35f74811e.1.tmp
- /data/data/####/746d656f62b11e397b431f9add0b5d69.0.tmp
- /data/data/####/746d656f62b11e397b431f9add0b5d69.1.tmp
- /data/data/####/849037c3c4f618c9eb5767bbe29f2bc1.0.tmp
- /data/data/####/849037c3c4f618c9eb5767bbe29f2bc1.1.tmp
- /data/data/####/8jBtCtt_k8aqeQ5gPt8cDl6zE9c.673377445.tmp
- /data/data/####/916676f901300bc67374b1b29b4ee348.data-journal
- /data/data/####/CftnZ_aHbUfYlsa-AQpgBDJ3CyU.-1500742131.tmp
- /data/data/####/EzNA4F4Tw7sgcGN772RqvPbqwXY.1310184986.tmp
- /data/data/####/NBSUserAction
- /data/data/####/RLlFKvy-KPlReUFAVy8oio27T6Q.-447931305.tmp
- /data/data/####/WdkcDgD8ukpbApInpmFYt0z9_fk.-1421615276.tmp
- /data/data/####/authStatus_com.meili.yyfenqi;remote.xml
- /data/data/####/b8fe460beb1a8952c60b33074a0535b8.0.tmp
- /data/data/####/b8fe460beb1a8952c60b33074a0535b8.1.tmp
- /data/data/####/cE7krS64o1XyeH4uWqVKyOjGHT8.-2082459586.tmp
- /data/data/####/cfCPgQjR77EpN0OAchMiWx25RPc.433966639.tmp
- /data/data/####/com.networkbench.agent.impl.v2_com.meili.yyfenqi.xml
- /data/data/####/config.xml
- /data/data/####/config.xml.bak (deleted)
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/data_3 (deleted)
- /data/data/####/disk_entries_list_image_cache_1565976845.xml
- /data/data/####/e0115f8fe2ee65915d29e307c112d425.0.tmp
- /data/data/####/e0115f8fe2ee65915d29e307c112d425.1.tmp
- /data/data/####/eTHEVMhbPlZpwuoVeuNU69NRdOw.-1499782252.tmp
- /data/data/####/efdbbfb45365f340adaa80c20d3cef07.0.tmp
- /data/data/####/efdbbfb45365f340adaa80c20d3cef07.1.tmp
- /data/data/####/exchangeIdentity.json
- /data/data/####/f7f68e26218f98d2ab896d6ac9725bb8.0.tmp
- /data/data/####/f7f68e26218f98d2ab896d6ac9725bb8.1.tmp
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/firll.dat
- /data/data/####/gOKWPEdd402lUNCJgd_eVPCoIS0.1517746413.tmp
- /data/data/####/getui_sp.xml
- /data/data/####/hAzLBmQ8PDajcBlABDie1xasviY.133953329.tmp
- /data/data/####/iBLsWvYwPd14c_bvTVoA6ObCmxc.-1080515919.tmp
- /data/data/####/index
- /data/data/####/init_c1.pid
- /data/data/####/jMcBuqZ3f3uJDgASqVLyRZP6lsk.1647882994.tmp
- /data/data/####/journal.tmp
- /data/data/####/jw3AYIxAiqC4XhFTRRWb450i7KM.-2059428695.tmp
- /data/data/####/lfOL_LO_af-hHfM2cwDzAT5w-0k.413784284.tmp
- /data/data/####/libcuid.so
- /data/data/####/libjiagu.so
- /data/data/####/mianqian_bt.xml
- /data/data/####/mobclick_agent_cached_com.meili.yyfenqi50
- /data/data/####/multidex.version.xml
- /data/data/####/nVCUs887GuTRibQNeZTbhcUya-w.-1705263367.tmp
- /data/data/####/qyZZ9pOqjGYwhVZoRru6pSAMwLA.-854992670.tmp
- /data/data/####/u6FCOVo9PSsAMno_hoon1zwNdDI.-400129728.tmp
- /data/data/####/ubWJwWRa1DQNG_ZxHLO1u-5aY0g.-1450944473.tmp
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/usBgoOIvxRk2QtW_0FnVKZA3v7Y.274231354.tmp
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/media/####/.cuid2
- /data/media/####/.nomedia
- /data/media/####/journal
- /data/media/####/journal.tmp
- /data/media/####/test.0
- /data/media/####/yoh.dat
- /data/media/####/yol.dat
- /data/media/####/yom.dat
- /data/media/####/yyfq_2.7.0.apk
- cat /sys/class/net/wlan0/address
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- getuiext2
- imagepipeline
- libjiagu
- locSDK7
- AES-CBC-PKCS5Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
- AES-CBC-PKCS5Padding