Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) wap####.b####.com:80
- TCP(HTTP/1.1) h####.b####.com:80
- TCP(HTTP/1.1) or.b####.com:80
- TCP(HTTP/1.1) c####.g####.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) gs.g####.com:80
- TCP(HTTP/1.1) a####.b####.com:80
- TCP(HTTP/1.1) nsc####.b####.com:80
- TCP(HTTP/1.1) k####.b####.com:80
- TCP(HTTP/1.1) hiph####.wsh####.com:80
- TCP(HTTP/1.1) b####.g####.com:80
- TCP(TLS/1.0) nsc####.b####.com:443
- TCP(TLS/1.0) uf####.b####.com:443
- TCP(TLS/1.0) dow####.b####.com:443
- TCP(TLS/1.0) co####.a####.a####.####.com:443
- TCP(TLS/1.0) a####.b####.com:443
- TCP(TLS/1.0) ope####.b####.com:443
- TCP(TLS/1.0) ssls####.jom####.com:443
- TCP(TLS/1.0) www.a.sh####.com:443
- TCP(TLS/1.0) www.baif####.com:443
- TCP(TLS/1.0) down####.b####.com:443
- TCP(TLS/1.0) h####.b####.com:443
- TCP(TLS/1.0) i.l.inmob####.####.net:443
- TCP(TLS/1.0) edu-y####.b####.com.####.com:443
- TCP(TLS/1.0) so####.b####.com:443
- TCP(TLS/1.0) inmobis####.akam####.net.####.net:443
- TCP sdk.o####.t####.####.com:5224
- TCP p####.y####.n.####.com:8000
- a####.b####.com
- a.hiph####.b####.com
- b####.g####.com
- b.hiph####.b####.com
- c####.g####.com
- c####.g####.com
- c####.g####.ig####.com
- c.hiph####.b####.com
- config-####.in####.com
- d.ap####.com
- d.hiph####.b####.com
- dow####.b####.com
- down####.b####.com
- edu-y####.b####.com
- f.hiph####.b####.com
- g####.bdst####.com
- g.hiph####.b####.com
- gs.g####.com
- h####.b####.com
- h.hiph####.b####.com
- hiph####.b####.com
- i.l.inmob####.net
- inmobis####.akam####.net
- k####.b####.com
- m.b####.com
- mis.y####.b####.com
- mt####.go####.com
- nsc####.b####.com
- ope####.b####.com
- or.b####.com
- p####.y####.n.####.com
- sdk.c####.ig####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- so####.b####.com
- uf####.b####.com
- wap####.b####.com
- www.b####.com
- www.baif####.com
- a####.b####.com/naapi/api/sync?_services=####&_md5=####&_iszip=####&app_...
- a####.b####.com/naapi/push/storageservice?&app_ver=####&ua=####&bid=####...
- a####.b####.com/naencourage/xpage/conf?id=####&key=####
- a####.b####.com/nahome/rank?pn=####&rn=####&app_ver=####&ua=####&optk=##...
- a####.b####.com/naproxy/channel?opid=####&summary=####&wh=####&fr=####&n...
- a####.b####.com/naproxy/free?c_summary=####&app_ver=####&ua=####&optk=##...
- hiph####.wsh####.com/baidu/pic/item/377adab44aed2e736aeb9e898501a18b87d6...
- hiph####.wsh####.com/baidu/pic/item/a6efce1b9d16fdfa0b981a4ab68f8c5495ee...
- hiph####.wsh####.com/space/wh=200,300;q=90/sign=1ea5a2e0f403918fd78435c8...
- hiph####.wsh####.com/space/wh=200,300;q=90/sign=2201ee7d1ad8bc3ec65d0ec8...
- hiph####.wsh####.com/space/wh=200,300;q=90/sign=3799acd4830a19d8cb568c07...
- hiph####.wsh####.com/space/wh=200,300;q=90/sign=b0017b6578f40ad115b1cfe1...
- hiph####.wsh####.com/space/wh=200,300;q=90/sign=e2d88db35e6034a829b7b083...
- hiph####.wsh####.com/space/wh=200,300;q=90/sign=ea74986fa864034f0f98ca04...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=02bcf9be788b4710ce7af5cafb...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=145f852eb8b7d0a27b9c0c9bf3...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=1d35813bdc88d43ff0fc99f445...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=25cfaf10db33c895a62b907de9...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=2d96e02cde3f8794d3aa4028ea...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=34c01190a6af2eddd4a441efb5...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=4a5eced41a3853438c9a8f27ab...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=82c78e15cb95d143da23ec254b...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=870803992234349b74536683f1...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=8e5dc9bb59b5c9ea62a60be5ed...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=946dec2be350352ab1342d0e6b...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=99f42ab3b4096b63814c565634...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=b1cff3f30124ab18e043e9310d...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=b94d70ab0b4f78f0805e92f541...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=c144344ed52a60595245e91c10...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=d14401b055df8db1bc7b746231...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=d5710e3ef9d3572c66b794dab2...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=db12e403ae0f4bfb8c8596523b...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=e036af46ed1190ef01ae9ad9f6...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=f15408efa74bd1130498bf3462...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=f2f55638aec27d1ea57333c223...
- hiph####.wsh####.com/space/wh=68,91;q=90/sign=f893ac70a551f3dec3e7b162ac...
- k####.b####.com/rule/yuedu_android_2.1.5.rule
- k####.b####.com/rule/yuedu_android_5.9.3.1.rule
- nsc####.b####.com/v.gif?feature_type=####&clientfrom=####&package_name=#...
- t####.c####.q####.####.com/config/hz-hzv3.conf
- wap####.b####.com/static/appsapi/conf/config.txt?cdnversion=####
- a####.b####.com/naapi/api/updatesetting
- b####.g####.com/api.php?format=####&t=####
- c####.g####.com/api.php?format=####&t=####
- gs.g####.com/encryption/key/fetch
- gs.g####.com/geshu/sdkStatistics/bd
- gs.g####.com/geshu/sdkStatistics/ubi
- h####.b####.com/app.gif
- k####.b####.com/ctj/yuedu?is_new=####&enter_type=####&op=####&mc=####&c=...
- k####.b####.com/ctj/yuedu?ndid=####&enter_type=####&op=####&c=####&imei=...
- or.b####.com/or/api/get
- /data/data/####/.libbaiducuid.so
- /data/data/####/.vspush
- /data/data/####/0_freq.xml
- /data/data/####/51_bs.xml
- /data/data/####/918689903d7309f1c83e68165e7c1eab
- /data/data/####/BaiduGid.db-journal
- /data/data/####/IMAdTrackerStatusUpload.xml
- /data/data/####/MultiDex.lock
- /data/data/####/SP_AROUTER_CACHE.xml
- /data/data/####/Stat_SDK_SendRem.xml
- /data/data/####/UfoSharePreference.xml
- /data/data/####/__Baidu_Stat_SDK_SendRem.xml
- /data/data/####/__local_ap_info_cache.json
- /data/data/####/__local_last_session.json
- /data/data/####/__local_stat_cache.json
- /data/data/####/__send_data_1542468559105
- /data/data/####/_nlog_0_wenku.622207a03d27f98a1c92639d7874b0fe.dat
- /data/data/####/_nlog_0_wenku.c9b5ac2a2b68d19c635dc998f8d3dc83.dat
- /data/data/####/baidu_mtj_sdk_record.xml
- /data/data/####/bd_pass_cuid_system.xml
- /data/data/####/bdg_system.xml
- /data/data/####/bdreader.xml
- /data/data/####/befe5b2c729481d3a0dea6748aaa7d98.json
- /data/data/####/com.baidu.wallet.preferences_name.xml
- /data/data/####/com.baidu.yuedu-2.apk.classes2.zip.tmp
- /data/data/####/com.baidu.yuedu-2.apk.classes3.zip.tmp
- /data/data/####/com.baidu.yuedu-2.apk.classes4.zip.tmp
- /data/data/####/com.baidu.yuedu-2.apk.classes5.zip.tmp
- /data/data/####/crab_crash_switch.xml
- /data/data/####/crab_user_info.xml
- /data/data/####/customerservice.db-journal
- /data/data/####/d.db-journal
- /data/data/####/download.db-journal
- /data/data/####/eventlog
- /data/data/####/getui_sp.xml
- /data/data/####/gtc.db-journal
- /data/data/####/ias.db-journal
- /data/data/####/ias_sp.xml
- /data/data/####/ias_sp.xml.bak
- /data/data/####/impref.xml
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/inmobi.cache
- /data/data/####/inmobiAppAnalyticsAppId.xml
- /data/data/####/inmobiAppAnalyticsSession.xml
- /data/data/####/is_newer.txt
- /data/data/####/last_init_crab.xml
- /data/data/####/leroadcfg.xml
- /data/data/####/libcuid.so
- /data/data/####/libprocmox_v1_4.so
- /data/data/####/ltvp.db
- /data/data/####/ltvp.db-journal
- /data/data/####/multidex.version.xml
- /data/data/####/pass.p51-1.0.2-1.0.3.apk
- /data/data/####/pass.p51-1.0.2-1.0.3.png
- /data/data/####/playDuer.db-journal
- /data/data/####/push.pid
- /data/data/####/pushsdk.db-journal
- /data/data/####/re_po_rt.xml
- /data/data/####/reader.db
- /data/data/####/reader.db-journal
- /data/data/####/revertreader.db
- /data/data/####/run.pid
- /data/data/####/sapi_share.xml
- /data/data/####/sapi_system.xml
- /data/data/####/tmp-com.baidu.yuedu-2.apk.classes-143660200.zip
- /data/data/####/tmp-com.baidu.yuedu-2.apk.classes1347384120.zip
- /data/data/####/tmp-com.baidu.yuedu-2.apk.classes828625267.zip
- /data/data/####/tmp-com.baidu.yuedu-2.apk.classes855582501.zip
- /data/data/####/tpgcc.db-journal
- /data/data/####/version.dat
- /data/data/####/wappass.baidu.com-passport-login.html
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromium.db-journal (deleted)
- /data/data/####/wenku.xml
- /data/media/####/.confd
- /data/media/####/.confd-journal
- /data/media/####/.cuid
- /data/media/####/.cuid2
- /data/media/####/.icosc
- /data/media/####/.index
- /data/media/####/.libbaiducuid.so
- /data/media/####/.nomedia
- /data/media/####/.timestamp
- /data/media/####/0.part
- /data/media/####/0.part (deleted)
- /data/media/####/1.json
- /data/media/####/10.json
- /data/media/####/11.json
- /data/media/####/12.json
- /data/media/####/13.json
- /data/media/####/14.json
- /data/media/####/15.json
- /data/media/####/15314bc969e6df3766e2c646fa8a03da.0
- /data/media/####/15314bc969e6df3766e2c646fa8a03da.0.tmp
- /data/media/####/16.json
- /data/media/####/17.json
- /data/media/####/18.json
- /data/media/####/18c927a4d5b0eddbc435ec98e242c62c.0
- /data/media/####/18c927a4d5b0eddbc435ec98e242c62c.0.tmp
- /data/media/####/19.json
- /data/media/####/1e73de1a6c73e58cb460024d84d110b0.0
- /data/media/####/1e73de1a6c73e58cb460024d84d110b0.0.tmp
- /data/media/####/1f64ec4c38436cde8bf0d8acc0b0b57b.0
- /data/media/####/1f64ec4c38436cde8bf0d8acc0b0b57b.0.tmp
- /data/media/####/2.json
- /data/media/####/20.json
- /data/media/####/21.json
- /data/media/####/22.json
- /data/media/####/22ddcd9bd211897cced251ffd5d838f4.0
- /data/media/####/22ddcd9bd211897cced251ffd5d838f4.0.tmp
- /data/media/####/23.json
- /data/media/####/24.json
- /data/media/####/25.json
- /data/media/####/26.json
- /data/media/####/27.json
- /data/media/####/27869958aee23d688e97ed6a0a6a8e37.0
- /data/media/####/27869958aee23d688e97ed6a0a6a8e37.0.tmp
- /data/media/####/28.json
- /data/media/####/29.json
- /data/media/####/2afe851b744eda949b2fa770cd57bccd.0
- /data/media/####/2afe851b744eda949b2fa770cd57bccd.0.tmp
- /data/media/####/2b35a3f86294dd88d0d26bfc_bdjson.zip
- /data/media/####/2db49506c1e63a6daf993218d7143cb8.0
- /data/media/####/2db49506c1e63a6daf993218d7143cb8.0.tmp
- /data/media/####/3.json
- /data/media/####/30.json
- /data/media/####/31.json
- /data/media/####/32.json
- /data/media/####/33.json
- /data/media/####/34.json
- /data/media/####/35.json
- /data/media/####/36.json
- /data/media/####/37.json
- /data/media/####/38.json
- /data/media/####/39.json
- /data/media/####/4.json
- /data/media/####/40.json
- /data/media/####/403b0afdc47cf258e6289782346b8ae4.0
- /data/media/####/403b0afdc47cf258e6289782346b8ae4.0.tmp
- /data/media/####/41.json
- /data/media/####/42.json
- /data/media/####/43.json
- /data/media/####/44.json
- /data/media/####/45.json
- /data/media/####/456aace242eac773e4ee2dba4b7fcea6.0
- /data/media/####/456aace242eac773e4ee2dba4b7fcea6.0.tmp
- /data/media/####/46.json
- /data/media/####/46dcd7c8b5c168e6f0d120a18a3fae18.0
- /data/media/####/46dcd7c8b5c168e6f0d120a18a3fae18.0.tmp
- /data/media/####/5.json
- /data/media/####/528b3f232851e73ed945cd518c4a0049.0
- /data/media/####/528b3f232851e73ed945cd518c4a0049.0.tmp
- /data/media/####/56611629f44e067966e0eca3a2adaa12.0
- /data/media/####/56611629f44e067966e0eca3a2adaa12.0.tmp
- /data/media/####/5a35d3437ed970ad015a334777d41dcd.0
- /data/media/####/5a35d3437ed970ad015a334777d41dcd.0.tmp
- /data/media/####/5d11a72187b3cc1413b69f933f0ef0db.0
- /data/media/####/5d11a72187b3cc1413b69f933f0ef0db.0.tmp
- /data/media/####/5d2b573403ee8362e2c91d0f46f9bb88.0
- /data/media/####/5d2b573403ee8362e2c91d0f46f9bb88.0.tmp
- /data/media/####/6.json
- /data/media/####/64f859098e8d8ae5391bec5ea9b7a499.0
- /data/media/####/64f859098e8d8ae5391bec5ea9b7a499.0.tmp
- /data/media/####/680048b5820160fd69709ce11513e5fa.0
- /data/media/####/680048b5820160fd69709ce11513e5fa.0.tmp
- /data/media/####/680fde41e01ee878b6da9ce8ef141d7b.0
- /data/media/####/680fde41e01ee878b6da9ce8ef141d7b.0.tmp
- /data/media/####/68ce31ff042bfb2f5116c904d184a7da.0
- /data/media/####/68ce31ff042bfb2f5116c904d184a7da.0.tmp
- /data/media/####/69c8c57a729a23c445eb17166e722f88.0
- /data/media/####/69c8c57a729a23c445eb17166e722f88.0.tmp
- /data/media/####/6fb06ff6b14677f682ae9007dccbdb26.0
- /data/media/####/6fb06ff6b14677f682ae9007dccbdb26.0.tmp
- /data/media/####/7.json
- /data/media/####/779a1918cbe0dbff24973675cdf091f9.0
- /data/media/####/779a1918cbe0dbff24973675cdf091f9.0.tmp
- /data/media/####/8.json
- /data/media/####/823fd4aa11680fe64528515d32af0fc3.0
- /data/media/####/823fd4aa11680fe64528515d32af0fc3.0.tmp
- /data/media/####/83c2d080bbd23dbda61e425acd001968.0
- /data/media/####/83c2d080bbd23dbda61e425acd001968.0.tmp
- /data/media/####/84c3d31881ba4e3e21d92af5f669d0da.0
- /data/media/####/84c3d31881ba4e3e21d92af5f669d0da.0.tmp
- /data/media/####/8ce54752239af206f00e32706636701f.0
- /data/media/####/8ce54752239af206f00e32706636701f.0.tmp
- /data/media/####/9.json
- /data/media/####/918689903d7309f1c83e68165e7c1eab
- /data/media/####/989bdc1d2dcb2456b5056c3889d1b44e.0
- /data/media/####/989bdc1d2dcb2456b5056c3889d1b44e.0.tmp
- /data/media/####/992f9477022320ef03e99ef745c21737.0
- /data/media/####/992f9477022320ef03e99ef745c21737.0.tmp
- /data/media/####/Catelog
- /data/media/####/a67136b00725788b7b4c5ef747e8fbe4.0
- /data/media/####/a67136b00725788b7b4c5ef747e8fbe4.0.tmp
- /data/media/####/alert
- /data/media/####/b39a02bee476b1db3c16bb30df44ab93.0
- /data/media/####/b39a02bee476b1db3c16bb30df44ab93.0.tmp
- /data/media/####/c3e03394797ec8bd380d8bd57d8263bc.0
- /data/media/####/c3e03394797ec8bd380d8bd57d8263bc.0.tmp
- /data/media/####/ce39c61d69bfe449c184a36a234a35a1.0
- /data/media/####/ce39c61d69bfe449c184a36a234a35a1.0.tmp
- /data/media/####/classicStyle
- /data/media/####/columns
- /data/media/####/com.baidu.yuedu.bin
- /data/media/####/com.baidu.yuedu_.db
- /data/media/####/ctj
- /data/media/####/d48aeeadc3df1cc93178c81e2cf0de77.0
- /data/media/####/d48aeeadc3df1cc93178c81e2cf0de77.0.tmp
- /data/media/####/defaultStyle
- /data/media/####/doc.info
- /data/media/####/e29c6efbacc4aaff664b8734dd9ce938.0
- /data/media/####/e29c6efbacc4aaff664b8734dd9ce938.0.tmp
- /data/media/####/e34bd86808909e7ee5307732efc73a5a.0
- /data/media/####/e34bd86808909e7ee5307732efc73a5a.0.tmp
- /data/media/####/e34bde4de47da5366ca7af2829bac6c1.0
- /data/media/####/e34bde4de47da5366ca7af2829bac6c1.0.tmp
- /data/media/####/ee3f6096478c6fe95822aeeb1e91724b.0
- /data/media/####/ee3f6096478c6fe95822aeeb1e91724b.0.tmp
- /data/media/####/f9d722974ddb6543634740b1fa5c2205.0
- /data/media/####/f9d722974ddb6543634740b1fa5c2205.0.tmp
- /data/media/####/fbccde27605163d3b24efe8518666281.0
- /data/media/####/fbccde27605163d3b24efe8518666281.0.tmp
- /data/media/####/fd525305a216147917112886_bdjson.zip
- /data/media/####/free_zone_main
- /data/media/####/journal
- /data/media/####/journal.tmp
- /data/media/####/layoutTheme
- /data/media/####/login.html
- /data/media/####/mixStyle
- /data/media/####/pay
- /data/media/####/pureStyle
- /data/media/####/rank_main
- /data/media/####/record
- /data/media/####/record1542468544606 (deleted)
- /data/media/####/setting
- /data/media/####/style
- /data/media/####/update.zip
- /data/media/####/version
- <Package Folder>/files/libprocmox_v1_4.so <Package Folder> /data/app-lib/<Package>-1 918689903d7309f1c83e68165e7c1eab http://wenku.baidu.com/topic/uninstall_feedback/index.html?pid=1&bid=2&fr=3&i=FC8DC2F52F81FB951C3F5C8EAC73DEE6|598153950705653&uid=&c=3_1002572a&av=2.1.5&mc=<System Property>&sv=4.3.1&time=1542468472216 1
- <Package Folder>/files/libprocmox_v1_4.so <Package Folder> /data/app-lib/<Package>-1 918689903d7309f1c83e68165e7c1eab http://wenku.baidu.com/topic/uninstall_feedback/index.html?pid=1&bid=2&fr=3&i=FC8DC2F52F81FB951C3F5C8EAC73DEE6|598153950705653&uid=&c=3_1002572a&av=2.1.5&mc=<System Property>&sv=4.3.1&time=1542468472229 1
- cat /sys/class/net/wlan0/address
- chmod 755 <Package Folder>/.BD_SAPI_CACHE
- chmod 755 <Package Folder>/.BD_SAPI_CACHE/918689903d7309f1c83e68165e7c1eab
- getprop ro.build.display.id
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.miui.ui.version.name
- getprop ro.smartisan.version
- getprop ro.vivo.os.version
- ls -l /system/bin/su
- BD_YUEDU_V1
- BD_YUEDU_VIP_V1
- bd_wsp_v1_0
- crash_analysis
- getuiext2
- procmoi_v1_4
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- RSA-ECB-PKCS1Padding
- RSA-ECB-nopadding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
- RSA-NONE-PKCS1Padding
- AES
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding