Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) n####.qq.com.####.net:80
- TCP(HTTP/1.1) 3g.163.com.####.com:80
- TCP(HTTP/1.1) oss.newairc####.com:80
- TCP(HTTP/1.1) a.appj####.com:80
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) e####.qq.com:80
- TCP(HTTP/1.1) h5####.newairc####.com:80
- TCP(HTTP/1.1) sni.c####.q####.####.net:80
- TCP(HTTP/1.1) ptmgtd0####.wsclou####.com:80
- TCP(HTTP/1.1) be####.tin####.com:80
- TCP(HTTP/1.1) analy####.163.com:80
- TCP(TLS/1.0) x####.tc.qq.com:443
- TCP(TLS/1.0) 3g.163.com.####.com:443
- TCP(TLS/1.0) t####.qq.com:443
- TCP(TLS/1.0) ipser####.163.com:443
- TCP(TLS/1.0) yt####.n####.127.net:443
- TCP(TLS/1.0) ping####.qq.com:443
- TCP(TLS/1.0) e####.qq.com:443
- TCP(TLS/1.0) pa####.m####.qq.com:443
- TCP(TLS/1.0) zz.bdst####.com:443
- TCP(TLS/1.0) l.q####.com:443
- TCP(TLS/1.0) oss.newairc####.com:443
- TCP(TLS/1.0) s####.tc.qq.com:443
- TCP(TLS/1.0) st####.ws.126.net:443
- TCP(TLS/1.0) pin####.qq.com:443
- TCP(TLS/1.0) d####.qq.com:443
- TCP(TLS/1.0) v.g####.qq.com:443
- TCP(TLS/1.0) w####.reg.163.com:443
- TCP(TLS/1.0) n####.qq.com.####.net:443
- TCP(TLS/1.0) n####.163.com:443
- TCP(TLS/1.0) p####.tc.qq.com:443
- TCP c####.g####.ig####.com:5227
- TCP sdk.o####.t####.####.com:5224
- 3g.1####.com
- 7j####.c####.z0.####.com
- a.appj####.com
- analy####.163.com
- be####.tin####.com
- bt####.qq.com
- c####.g####.ig####.com
- c-h####.g####.com
- cms-bu####.n####.127.net
- d####.qq.com
- e####.qq.com
- f####.qq.com
- g.1####.com
- h5####.newairc####.com
- i####.g####.com
- i####.g####.com
- i.g####.qq.com
- img.newairc####.com
- imgc####.qq.com
- ipser####.163.com
- j####.aq.qq.com
- l.q####.com
- m####.g####.com
- n####.163.com
- n####.qq.com
- oss.newairc####.com
- p####.g####.cn
- pa####.m####.qq.com
- pi####.qq.com
- pin####.qq.com
- ping####.qq.com
- qzones####.g####.cn
- ra.g####.com
- sdk.c####.ig####.com
- sdk.o####.i####.####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- st####.ws.126.net
- t####.qq.com
- v.g####.qq.com
- w####.reg.163.com
- x####.qq.com
- yt####.n####.127.net
- zz.bdst####.com
- 3g.163.com.####.com/touch/all?nav=####&version=####
- analy####.163.com/ntes.js
- analy####.163.com/ntes?_nacc=wap&_nvid=a4ea0f3aa8904fc4231f6edc074d711b&...
- e####.qq.com/
- h5####.newairc####.com/api/getArticles?sid=####&cid=####&lastFileID=####...
- h5####.newairc####.com/api/getColumns?sid=####&cid=####
- h5####.newairc####.com/api/getComments?&sid=####&rootID=####&sourceType=...
- h5####.newairc####.com/api/getConfig?sid=####
- h5####.newairc####.com/api/getHotComments?&sid=####&rootID=####&sourceTy...
- h5####.newairc####.com/api/getLayouts?sid=####&cid=####&date=####
- h5####.newairc####.com/api/getLiveList?sid=####&id=####&lastFileID=####&...
- h5####.newairc####.com/api/getPapers?sid=####
- n####.qq.com.####.net/ch/ent/
- oss.newairc####.com/sdgtjt/pic/201608/23/3bdbb518-1345-4775-bf50-98ceb1d...
- oss.newairc####.com/sdgtjt/pic/201608/23/f0bad302-eac3-4f97-97bc-809d46e...
- oss.newairc####.com/sdgtjt/pic/201608/24/2aef4838-7b84-4afb-bde3-16ec101...
- oss.newairc####.com/sdgtjt/pic/201608/24/3d547ee7-8fa6-47f2-b568-d14b7cc...
- oss.newairc####.com/sdgtjt/pic/201608/24/532237d7-a3e7-44f5-8910-cad0ef6...
- oss.newairc####.com/sdgtjt/pic/201608/24/b9870455-a8b9-4699-a369-5c312a0...
- oss.newairc####.com/sdgtjt/pic/201608/24/c5a20930-1100-45e4-8130-101c136...
- oss.newairc####.com/sdgtjt/pic/201608/24/e8002752-d37d-4a5a-81c0-c8fe7aa...
- oss.newairc####.com/sdgtjt/pic/201608/24/ff0a0be6-863f-42af-ae61-31e1471...
- oss.newairc####.com/sdgtjt/pic/201608/31/1eef29d9-fde1-4b84-9a14-32fac17...
- oss.newairc####.com/sdgtjt/pic/201610/13/2efc98b2-c9a1-4c2a-9b37-ec0aa92...
- oss.newairc####.com/sdgtjt/pic/201610/13/8fc4a0bb-f3a9-4708-a854-9240edf...
- oss.newairc####.com/sdgtjt/pic/201611/23/a5cd90ce-92fa-47fc-8389-a9fc2aa...
- oss.newairc####.com/sdgtjt/pic/201611/23/dcb08137-a4fd-41ba-9fd4-1bf5cb7...
- oss.newairc####.com/sdgtjt/pic/201807/28/c57af635-d290-46e4-8f4e-7216d3b...
- ptmgtd0####.wsclou####.com/2018/06/05/e7338499c529425680e1cc8bc16e6c67.j...
- sni.c####.q####.####.net/config/hz-hzv3.conf
- sni.c####.q####.####.net/tdata_SzD730
- sni.c####.q####.####.net/tdata_ZCi456
- a.appj####.com/ad-service/ad/mark
- be####.tin####.com/pf?pvid=adaba9c1-1eee-480f-b26d-f3354b9a4409&ref=http...
- c-h####.g####.com/api.php?format=####&t=####
- h5####.newairc####.com/api/event
- sdk.o####.p####.####.com/api.php?format=####&t=####
- be####.tin####.com/pf?pvid=adaba9c1-1eee-480f-b26d-f3354b9a4409&ref=http...
- /data/data/####/-1118183991
- /data/data/####/-1245048186
- /data/data/####/-1276067993
- /data/data/####/-1312716470
- /data/data/####/-1338107607
- /data/data/####/-1452598644
- /data/data/####/-1483618451
- /data/data/####/-1569049651
- /data/data/####/-1877107469
- /data/data/####/-500572818
- /data/data/####/-562612432
- /data/data/####/.jg.ic
- /data/data/####/1084282501
- /data/data/####/1389023919
- /data/data/####/1509597072
- /data/data/####/1695857311
- /data/data/####/2014114765
- /data/data/####/214641804
- /data/data/####/386967948
- /data/data/####/FZLTXHK-GBK_YS.ttf
- /data/data/####/QQ_3x.png
- /data/data/####/amazeui.min.css
- /data/data/####/amazeui.min.js
- /data/data/####/angular1.4.6.min.js
- /data/data/####/base.css
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/columnId.xml
- /data/data/####/columnId.xml.bak
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/fontawesome-webfont.ttf
- /data/data/####/gdaemon_20161017
- /data/data/####/great_button.png
- /data/data/####/great_cancel_button.png
- /data/data/####/gx_sp.xml
- /data/data/####/helpMsg.xml
- /data/data/####/icon-images.png
- /data/data/####/icon_audio_play.png
- /data/data/####/icon_file.png
- /data/data/####/icon_file_down.png
- /data/data/####/icon_meta_voice.png
- /data/data/####/icon_praise.png
- /data/data/####/icon_praiseStar.png
- /data/data/####/icon_selector_normal.png
- /data/data/####/icon_selector_press.png
- /data/data/####/increment.db-journal
- /data/data/####/index
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/jg_app_update_settings_random.xml
- /data/data/####/jquery.min2.2.0.js
- /data/data/####/js.combine.min.js
- /data/data/####/libjiagu.so
- /data/data/####/loading.png
- /data/data/####/mobclick_agent_cached_com.founder.houdaoshangang1
- /data/data/####/news_detail.html
- /data/data/####/play.png
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/reader.db
- /data/data/####/reader.db-journal
- /data/data/####/run.pid
- /data/data/####/sanjiaoxing.png
- /data/data/####/shareTimeline_3x.png
- /data/data/####/sina_3x.png
- /data/data/####/tdata_SzD730
- /data/data/####/tdata_SzD730.jar
- /data/data/####/tdata_ZCi456
- /data/data/####/tdata_ZCi456.jar
- /data/data/####/umeng_general_config.xml
- /data/data/####/video.png
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/wx_3x.png
- /data/media/####/00aa481b18802342312a68691b16b368c69d75326e8bc7....0.tmp
- /data/media/####/0bc541c98166dedf582c6a5e777f789a7cb05aedb4e2c4....0.tmp
- /data/media/####/129fb2aa3b09157e852c68d2c05800098ced23df4c19af....0.tmp
- /data/media/####/13e8ec22959021fba62e0b4e5f73958f2ccd0890678235....0.tmp
- /data/media/####/164b7faa52c70cbe3ae4192eae60ab93c0acf04c613b52....0.tmp
- /data/media/####/180f893cf14b2704d509dc8f85fd8bca1b7a1a7fbb0494....0.tmp
- /data/media/####/19f209684ecbb6fc189f91ea9b84ca3ea5dc45af785965....0.tmp
- /data/media/####/20989a2596823e9cd8c81b558cbae3154da050288ed9d6....0.tmp
- /data/media/####/2557af4e1aa1e1fee26192881679deeee4cb875f900a8f....0.tmp
- /data/media/####/26cdbf4a9facf4a9d7879a8d111733282742d879c70d38....0.tmp
- /data/media/####/3c7b12fe9c0473055b5822a8ed0acb41954c8d4645c6a7....0.tmp
- /data/media/####/4139cb350196f886b1193b66f5b2564fe8ad2531e74e6e....0.tmp
- /data/media/####/43341d1517089114a7c25785790eb4c0c3fd9cb49c9fc1....0.tmp
- /data/media/####/435643a6240125702c2611c3f75fbf6ec85f62f41624cf....0.tmp
- /data/media/####/43bab33c19fbfc0c2162ed5153a42f056b164b6797251d....0.tmp
- /data/media/####/44303c11106cc7da6fb34c6eef7689fa69c4a7e2c291e9....0.tmp
- /data/media/####/490e9c6be8424b7b7eb35ac505edca216ee73092a41013....0.tmp
- /data/media/####/526020a0bfd7c5adc2a125a6b8670a29fa423c4c8f2809....0.tmp
- /data/media/####/5ca8e79af1f3fe132d037922d70521293427735c9bfdd4....0.tmp
- /data/media/####/5d9e898b3a94adb2faf285d02e7fac8b88090ba0dfd7e7....0.tmp
- /data/media/####/5e76b93fda33c6c0aa8b91469e0ede6bf35bf50cf5c908....0.tmp
- /data/media/####/6257ebae074d9c4ff1624807b86b66a8a5fc991569932d....0.tmp
- /data/media/####/6544e8d958a18397c8449e87db9c0351e25b6bfa38262e....0.tmp
- /data/media/####/6580e0394ec0f63fce4d30f4d23f55a7fddef7ac62e64d....0.tmp
- /data/media/####/6c0df25278bc31b8137cba86839040afed5d973c5a7b51....0.tmp
- /data/media/####/7271fe71aa0ba2313045494a5b3f6276d2f8b96e80a96b....0.tmp
- /data/media/####/7bb44a0ee3980c636f278a07037fca7565d5d61d653f2e....0.tmp
- /data/media/####/81370657188194e612c2e73aa3ce53492e5e3589d8b97a....0.tmp
- /data/media/####/86816cfd08e33c2529f4c2666d3c4564eb440ca05976b1....0.tmp
- /data/media/####/87590a1079e3bb8500e7592a4937c448cadb251b74f0b0....0.tmp
- /data/media/####/8bf679d1f2f9a3a38e32b571d67616f864be4eb57efbfe....0.tmp
- /data/media/####/92ba7ad968cadc220f1ffbc9fedf942a3eb9cdfdc858c1....0.tmp
- /data/media/####/948a5615496fd85df0aeaab656dad399c532c109c2bae6....0.tmp
- /data/media/####/994d419135cc5c3d2e609dd783db29d0fcc380fa247f1f....0.tmp
- /data/media/####/9b64202bbb49ab39467df6cab89a23f81ef8c12c7597a6....0.tmp
- /data/media/####/9e0a1d3762c380b92b958e439147d7d0fecd4a66c404cb....0.tmp
- /data/media/####/a380ce674318be274a7bbda56bf6d45c5d7d6b06640d7c....0.tmp
- /data/media/####/a4a9d3bc338049ac24d85643eb2bb77478958d4b95ead8....0.tmp
- /data/media/####/a5522726406329ab342a3b5268fee564e5075ce7e28589....0.tmp
- /data/media/####/ad267a601b3d083a04b25f6bf549381b43040c98627b53....0.tmp
- /data/media/####/app.db
- /data/media/####/bcc9c098dfe3de6f375cbb9f7b17e4f9ce0fc34b0af078....0.tmp
- /data/media/####/c4a015bbc8e82bf6c290a863d54f958c05a93f9a420e2f....0.tmp
- /data/media/####/c9d8e1987b1a39bd86b15c7d91e12633c2cc12e0c95716....0.tmp
- /data/media/####/caa06c85b928706098bb66be2ed5b25fdb4cb2c32ace6f....0.tmp
- /data/media/####/com.founder.houdaoshangang.db
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/d1538231cb74221552e7a4e5013a2dfe6c80baf5f13014....0.tmp
- /data/media/####/d67901a8f5b82ddcad3ac6c31fafaa60d86ca363d85061....0.tmp
- /data/media/####/e439f9b83ab5855c8de9febc14aca553e4138a1d9d71e8....0.tmp
- /data/media/####/e64fe9d10ad2c84d8ed64210f965117f84dd47b2a1853e....0.tmp
- /data/media/####/ee3182a65db614ee958b2ae7a6b3b10d3ed8000e4a7f30....0.tmp
- /data/media/####/fb13e4dfdc43d8f1a87378466a281285b7adce6329e6f5....0.tmp
- /data/media/####/fc67e40fd6912bbdb5c340e830fdb086335273963339c2....0.tmp
- /data/media/####/journal.tmp
- /data/media/####/localTemplate.zip
- /data/media/####/tdata_SzD730
- /data/media/####/tdata_ZCi456
- /data/media/####/test.log
- <Package Folder>/files/gdaemon_20161017 0 <Package>/com.igexin.sdk.PushService 25645 300 0
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 755 <Package Folder>/files/libjiagu.so
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/com.igexin.sdk.PushService 25645 300 0
- getuiext2
- libjiagu
- RSA-NONE-OAEPWithSHA1AndMGF1Padding