ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Adware.Gexin.483

Added to the Dr.Web virus database: 2018-07-23

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.2.origin
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) p2.q####.com:80
  • TCP(HTTP/1.1) t####.me####.com:80
  • TCP(HTTP/1.1) sh####.360t####.com:80
  • TCP(HTTP/1.1) up####.sdk.jig####.cn:80
  • TCP(HTTP/1.1) p6.q####.com:80
  • TCP(HTTP/1.1) qos.l####.360.cn:80
  • TCP(HTTP/1.1) p3.q####.com:80
  • TCP(HTTP/1.1) trac####.v.tf.####.cn:80
  • TCP(HTTP/1.1) api.k.36####.com:80
  • TCP(HTTP/1.1) sdk.o####.p####.####.com:80
  • TCP(HTTP/1.1) app.v.k.####.com:80
  • TCP(HTTP/1.1) c-h####.g####.com:80
  • TCP(HTTP/1.1) s####.s.360.cn:80
  • TCP(HTTP/1.1) p1.q####.com:80
  • TCP(HTTP/1.1) u.api.l####.####.cn:80
  • TCP(HTTP/1.1) ab####.m.s.####.cn:80
  • TCP(HTTP/1.1) amdc####.m.ta####.com:80
  • TCP(HTTP/1.1) sni.c####.q####.####.net:80
  • TCP(HTTP/1.1) sdk.l####.360.cn:80
  • TCP(HTTP/1.1) p.s.3####.cn:80
  • TCP(HTTP/1.1) sh.wagbr####.aliyun####.com:80
  • TCP(HTTP/1.1) s####.l####.360.####.com:80
  • TCP(HTTP/1.1) k####.36####.com:80
  • TCP(HTTP/1.1) m3.s.3####.cn:80
  • TCP(TLS/1.0) msg.umengc####.com:443
  • TCP(TLS/1.0) t####.me####.com:443
  • TCP(TLS/1.0) app.k.36####.com:443
  • TCP(TLS/1.0) mdm.ope####.360.cn:443
  • TCP(TLS/1.0) 2####.107.1.97:443
  • TCP(TLS/1.0) sh.wagbr####.alibaba####.com:443
  • TCP(TLS/1.0) s####.tf.360.cn:443
  • TCP(TLS/1.0) sdkc####.e.360.cn:443
  • TCP(TLS/1.0) cc.p####.dc.####.cn:443
  • TCP(TLS/1.0) api####.me####.com:443
  • TCP(TLS/1.0) s####.j####.cn:443
  • TCP sdk.o####.t####.####.com:5224
  • TCP 1####.229.215.8:7005
  • TCP ope####.m.ta####.com:443
  • TCP 1####.163.230.185:80
  • TCP umengj####.m.ta####.com:80
  • UDP s.j####.cn:19000
  • TCP 1####.131.1.71:5225
DNS requests:
  • 7j####.c####.z0.####.com
  • a####.man.aliy####.com
  • ab####.m.s.####.cn
  • ag####.m.ta####.com
  • amdc####.m.ta####.com
  • api####.me####.com
  • api.k.36####.com
  • app.k.36####.com
  • app.v.k.####.com
  • c####.g####.ig####.com
  • c-h####.g####.com
  • cc.p####.dc.####.cn
  • k####.36####.com
  • m####.me####.com
  • m3.s.3####.cn
  • mdm.ope####.360.cn
  • msg.umengc####.com
  • p.s.3####.cn
  • p0.q####.com
  • p1.q####.com
  • p10.qhi####.com
  • p2.q####.com
  • p3.q####.com
  • p4.q####.com
  • p5.q####.com
  • p6.q####.com
  • p7.q####.com
  • p8.q####.com
  • p9.q####.com
  • plb####.u####.com
  • qos.l####.360.cn
  • s####.j####.cn
  • s####.l####.360.cn
  • s####.s.360.cn
  • s####.tf.360.cn
  • s.j####.cn
  • sdk.c####.ig####.com
  • sdk.l####.360.cn
  • sdk.l####.360.cn
  • sdk.me####.com
  • sdk.o####.p####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.net
  • sdkc####.e.360.cn
  • sh####.360t####.com
  • sh####.me####.com
  • t####.me####.com
  • trac####.v.tf.####.cn
  • u####.u####.com
  • u.api.l####.####.cn
  • umen####.m.ta####.com
  • umengj####.m.ta####.com
  • up####.sdk.jig####.cn
HTTP GET requests:
  • ab####.m.s.####.cn/abtest/cloud.so?appkey=####&dt=####&os=####&ov=####&m...
  • app.v.k.####.com/vod-xinxiliu-tv-q2-bj/51299625_01920fb9d-d71e-4269-bf57...
  • k####.36####.com/hotrizon2/appConfig?os=####&use_gear=####&time=####&sys...
  • k####.36####.com/hotrizon2/channelnew?m2=####&appid=####&m=####&ch=####&...
  • k####.36####.com/hotrizon2/list?svc=####&kw=####&os=####&ckw=####&sys=##...
  • k####.36####.com/hotrizon2/list?svc=####&os=####&sys=####&direction=####...
  • k####.36####.com/hotrizon2/myfollower?appid=####&maxOffset=####&m=####&m...
  • k####.36####.com/hotrizon2/play?id=####&m2=####&strategy=####&appid=####...
  • k####.36####.com/k2/api/privacy/config?appid=####&m=####&m2=####&ch=####...
  • k####.36####.com/k2/appconfig/getAbRole?os=####&time=####&sys=####&m2=##...
  • k####.36####.com/k2/appconfig/getNewinfo?appid=####&m=####&m2=####&ch=##...
  • k####.36####.com/k2/appconfig/getRedpackPop?appid=####&m=####&m2=####&ch...
  • k####.36####.com/k2/appconfig/getplugin?appid=####&m=####&m2=####&ch=###...
  • k####.36####.com/k2/appconfig/getpopup?appid=####&m=####&m2=####&ch=####...
  • k####.36####.com/k2/hotrizon2/aconfig?appid=####&m=####&m2=####&ch=####&...
  • k####.36####.com/k2/hotrizon2/gettime?os=####&sys=####&m2=####&appid=###...
  • p1.q####.com/dr/_100_70/t010994c2942c709452.jpg
  • p1.q####.com/dr/_100_70/t0113c078abe0c7fcb3.jpg
  • p1.q####.com/dr/_100_70/t01465689b82edb4cbb.png
  • p1.q####.com/dr/_100_70/t01657339cad5eae71c.jpg
  • p1.q####.com/dr/_100_70/t01813eb2bd75bfc2e3.jpg
  • p1.q####.com/dr/_100_70/t0185f12464d5798e87.jpg
  • p1.q####.com/dr/_100_70/t01b7c7fad7b33bde7e.jpg
  • p1.q####.com/dr/_100_70/t01b8458090a5d6032f.jpg
  • p1.q####.com/dr/_100_70/t01c8fc05aaa88814d6.png
  • p1.q####.com/dr/_100_70/t01ccc35c2f97b2ac0b.jpg
  • p1.q####.com/dr/_100_70/t01d17228d829694a88.png
  • p1.q####.com/dr/_100_70/t01f60d0b1c825925d8.jpg
  • p1.q####.com/dr/_280_50/t01108f1020b616dcf7.webp
  • p1.q####.com/dr/_280_50/t013524c469421ad6e4.webp
  • p1.q####.com/dr/_280_50/t01a233cf431a306e95.webp
  • p1.q####.com/t012c5f8de0b6faaa9b.jpg
  • p1.q####.com/t01704fe9eabddbec56.jpg
  • p1.q####.com/t0182d92993563c5d99.jpg
  • p1.q####.com/t018a091efca6865662.jpg
  • p1.q####.com/t018af40d754eb2552d.jpg
  • p1.q####.com/t019a1595c125875918.jpg
  • p1.q####.com/t019e9bdf43f2666ada.jpg
  • p1.q####.com/t01c1ff533a19145140.jpg
  • p1.q####.com/t01c94347ad9cab8684.jpg
  • p1.q####.com/t01d2969abcc5ec820f.jpg
  • p1.q####.com/t01f894aabbc214a7ed.jpg
  • p1.q####.com/video/568_320_70/t01420809d1d58b56b0.webp
  • p1.q####.com/video/568_320_70/t015eea29f923301318.webp
  • p1.q####.com/video/568_320_70/t01ac56e0d13901e53a.webp
  • p1.q####.com/video/568_320_70/t01e6d3b9c1bc093141.webp
  • p2.q####.com/dr/_100_70/t0101b3e163ee2c7940.jpg
  • p2.q####.com/dr/_100_70/t01094209eb47e1f66d.jpg
  • p2.q####.com/dr/_100_70/t011dda3cb7462088db.jpg
  • p2.q####.com/dr/_100_70/t01339b36e43c032cf7.jpg
  • p2.q####.com/dr/_100_70/t0149d84b4e4698cbbb.jpg
  • p2.q####.com/dr/_100_70/t01531a7ba85f6b740e.jpg
  • p2.q####.com/dr/_100_70/t01718c9358368c3949.jpg
  • p2.q####.com/dr/_100_70/t0176fa7d83faaef00a.jpg
  • p2.q####.com/dr/_100_70/t018c76262e605c6a57.jpg
  • p2.q####.com/dr/_100_70/t019823b3ef4bda71d2.jpg
  • p2.q####.com/dr/_100_70/t019dce3b7a01fe41dd.jpg
  • p2.q####.com/dr/_100_70/t01b6901becea92338c.jpg
  • p2.q####.com/dr/_100_70/t01cb37d4e4eebef95f.jpg
  • p2.q####.com/dr/_100_70/t01d16cdae7b359c160.jpg
  • p2.q####.com/dr/_100_70/t01d5b6d4bfbb567788.jpg
  • p2.q####.com/dr/_100_70/t01def7387398d1f57f.jpg
  • p2.q####.com/dr/_100_70/t01e76040ff575a1031.jpg
  • p2.q####.com/dr/_100_70/t01fb797d2127631f0b.jpg
  • p2.q####.com/dr/_100_70/t01fe5967892cc01e9f.jpg
  • p2.q####.com/dr/_100_70/t01fea2f785d0b4ab4f.jpg
  • p2.q####.com/t012d1332a4c8a2cbf1.jpg
  • p2.q####.com/t018a9cc33fe4135800.jpg
  • p2.q####.com/t01c3fccec2a8e82eca.png
  • p2.q####.com/video/568_320_70/t01007b278874a1b884.webp
  • p2.q####.com/video/568_320_70/t0101330699bd9998ce.webp
  • p2.q####.com/video/568_320_70/t0101cce8baa110beef.webp
  • p2.q####.com/video/568_320_70/t0105059f1e2034ebf6.webp
  • p2.q####.com/video/568_320_70/t01108f1020b616dcf7.webp
  • p2.q####.com/video/568_320_70/t0110d3091f44be48da.webp
  • p2.q####.com/video/568_320_70/t0112a7c02afc62b011.webp
  • p2.q####.com/video/568_320_70/t0114b7161d1a7cba48.webp
  • p2.q####.com/video/568_320_70/t01171d8ff3ddc68d25.webp
  • p2.q####.com/video/568_320_70/t0117b1b3b6c67c8f46.webp
  • p2.q####.com/video/568_320_70/t01180de73c6076f144.webp
  • p2.q####.com/video/568_320_70/t011928e5985d95cce2.webp
  • p2.q####.com/video/568_320_70/t011acaa02f0766bcba.webp
  • p2.q####.com/video/568_320_70/t011c94bbcfff34b347.webp
  • p2.q####.com/video/568_320_70/t013524c469421ad6e4.webp
  • p2.q####.com/video/568_320_70/t013d666578491db9e5.webp
  • p2.q####.com/video/568_320_70/t01450be15b7d272e9a.webp
  • p2.q####.com/video/568_320_70/t014658cb07e7468be1.webp
  • p2.q####.com/video/568_320_70/t014961d00806864a0c.webp
  • p2.q####.com/video/568_320_70/t014a90281d05f3eb64.webp
  • p2.q####.com/video/568_320_70/t014c2f1567028d5cfb.webp
  • p2.q####.com/video/568_320_70/t014d2013ad42ece642.webp
  • p2.q####.com/video/568_320_70/t01530cf13b8e529223.webp
  • p2.q####.com/video/568_320_70/t015d7b1a0e27a6506e.webp
  • p2.q####.com/video/568_320_70/t01607ffe6b9f763c2e.webp
  • p2.q####.com/video/568_320_70/t0167446f15d7166135.webp
  • p2.q####.com/video/568_320_70/t0167beaa63d5a6d3de.webp
  • p2.q####.com/video/568_320_70/t016edc4bcbe02b46dd.webp
  • p2.q####.com/video/568_320_70/t01710e8bc51c6b3be1.webp
  • p2.q####.com/video/568_320_70/t0171a2b81c5674af79.webp
  • p2.q####.com/video/568_320_70/t0175c31db8898c9e1d.webp
  • p2.q####.com/video/568_320_70/t01764324d05e05f7ea.webp
  • p2.q####.com/video/568_320_70/t01765f6e961229ebb5.webp
  • p2.q####.com/video/568_320_70/t0176fe531ea312ad81.webp
  • p2.q####.com/video/568_320_70/t017ec156c861f7e8b5.webp
  • p2.q####.com/video/568_320_70/t0182a3cf8a2d0cb132.webp
  • p2.q####.com/video/568_320_70/t0183bc6375ef79e357.webp
  • p2.q####.com/video/568_320_70/t0188ef798b737b592c.webp
  • p2.q####.com/video/568_320_70/t018cdd2f343feb731e.webp
  • p2.q####.com/video/568_320_70/t0196b131d3582a209a.webp
  • p2.q####.com/video/568_320_70/t0196ecaa590a7af098.webp
  • p2.q####.com/video/568_320_70/t0197d94a948c210485.webp
  • p2.q####.com/video/568_320_70/t019bf68d2f526883d7.webp
  • p2.q####.com/video/568_320_70/t019fc9214630d273ba.webp
  • p2.q####.com/video/568_320_70/t01a186bc46f07e81f0.webp
  • p2.q####.com/video/568_320_70/t01a233cf431a306e95.webp
  • p2.q####.com/video/568_320_70/t01a395d85e78a97e12.webp
  • p2.q####.com/video/568_320_70/t01a5753fbe3aaa4d76.webp
  • p2.q####.com/video/568_320_70/t01a5a2166c0369ac81.webp
  • p2.q####.com/video/568_320_70/t01b02b0a6ae1954f13.webp
  • p2.q####.com/video/568_320_70/t01b23d8377c19d6ffd.webp
  • p2.q####.com/video/568_320_70/t01b9ac40d23a0635f7.webp
  • p2.q####.com/video/568_320_70/t01c175fa6591e8e5ce.webp
  • p2.q####.com/video/568_320_70/t01c4dfab107175ddbb.webp
  • p2.q####.com/video/568_320_70/t01c62de6dca7b71ff9.webp
  • p2.q####.com/video/568_320_70/t01c6e17e8e9a9f301e.webp
  • p2.q####.com/video/568_320_70/t01c7b5eca8cd25e4a0.webp
  • p2.q####.com/video/568_320_70/t01cafefecac8cb8e3d.webp
  • p2.q####.com/video/568_320_70/t01d3b6443fe2206176.webp
  • p2.q####.com/video/568_320_70/t01d6e7ae51736dd8aa.webp
  • p2.q####.com/video/568_320_70/t01d702608406e9529b.webp
  • p2.q####.com/video/568_320_70/t01dd6ab881ef11996e.webp
  • p2.q####.com/video/568_320_70/t01e0714c180e4eb0bf.webp
  • p2.q####.com/video/568_320_70/t01e24b5a9a7129aaae.webp
  • p2.q####.com/video/568_320_70/t01e59b193e71fda049.webp
  • p2.q####.com/video/568_320_70/t01e940ee1e413fb694.webp
  • p2.q####.com/video/568_320_70/t01fc194b4aefdb68a2.webp
  • p2.q####.com/video/568_320_70/t01fd4e010db84595f2.webp
  • p2.q####.com/video/568_320_70/t01fed6f418608230ec.webp
  • p2.q####.com/video/568_320_70/t01ff0b18b73559e5cf.webp
  • p3.q####.com/dr/_100_70/t0100517d9c4836ab27.jpg
  • p3.q####.com/dr/_100_70/t017037ac66bbed1a72.jpg
  • p3.q####.com/dr/_100_70/t01877e70e4c2cbbf8b.jpg
  • p3.q####.com/dr/_100_70/t01886c3682212762d6.jpg
  • p3.q####.com/t013db82533aa9e5a9a.jpg
  • p3.q####.com/t017bd1f915ee55fa93.jpg
  • p3.q####.com/t01e085d1ffc4db7f58.jpg
  • p3.q####.com/t01e69681fa8d4220ab.jpg
  • p6.q####.com/dr/_100_70/t010534399d0f7a905d.jpg
  • p6.q####.com/dr/_100_70/t0139402b5a0b68b894.jpg
  • p6.q####.com/dr/_100_70/t0144eae5cbed9e2dc0.png
  • p6.q####.com/dr/_100_70/t0152f1e30ab6883c48.jpg
  • p6.q####.com/dr/_100_70/t01765ed9eb8faeb7a9.jpg
  • p6.q####.com/dr/_100_70/t01769565276d37ae88.jpg
  • p6.q####.com/dr/_100_70/t0190e84a3e15935e1c.jpg
  • p6.q####.com/dr/_100_70/t01917a10c95f7ea482.jpg
  • p6.q####.com/dr/_100_70/t01bf88044e56176805.jpg
  • p6.q####.com/dr/_100_70/t01d6710bccd90657d9.jpg
  • p6.q####.com/t0127b908eb2a7b7ab2.jpg
  • p6.q####.com/t0130fe2e13021e9499.png
  • p6.q####.com/t0147eeb331a280d627.jpg
  • p6.q####.com/t0178bccfe750f110a1.jpg
  • p6.q####.com/t018a76b42c2a942173.jpg
  • p6.q####.com/t0198f19134e8592b04.png
  • p6.q####.com/t019f6478307ad0eea6.jpg
  • p6.q####.com/t01a6e5f1d80e698090.jpg
  • p6.q####.com/t01ae70f3f6372b712d.jpg
  • p6.q####.com/t01c284e24d09f6b14d.jpg
  • p6.q####.com/t01c6d75f6f53fe256a.png
  • p6.q####.com/t01f9458c7931fe73bc.jpg
  • p6.q####.com/video/568_320_70/t01f33ad04abdf18b3c.webp
  • qos.l####.360.cn/vc.gif?&bid=####&pid=####&ver=####&c_ver=####&os=####&m...
  • s####.l####.360.####.com/Object.getFile/livecloudsdk/YW5kcm9pZF9wbHVnaW5...
  • s####.l####.360.####.com/Object.getFile/livecloudsdk/cGx1Z2luX3lmX3AycF8...
  • s####.s.360.cn/ak/6766aa2750c19aad2fa1b32f36ed4aee.html?m2=####
  • s####.s.360.cn/su/index.php?k=####&av=####&slv=####&sv=####&be=####&cv=#...
  • sdk.l####.360.cn/codec?os=####&tm=####&model=####&r=####&package=####&pi...
  • sdk.l####.360.cn/rtc?os=####&tm=####&model=####&r=####&package=####&pid=...
  • sdk.l####.360.cn/sdkconf/videoplace?sign=####&u=####&version=####&sdk_ve...
  • sdk.l####.360.cn/xinxiliu_tv_android_10228.conf?os=####&tm=####&r=####&p...
  • sh####.360t####.com/171122/c867c6e2f627a813302a3a0d0d891203/FZLTHK.TTF
  • sni.c####.q####.####.net/config/hz-hzv3.conf
  • sni.c####.q####.####.net/tdata_jVg168
  • sni.c####.q####.####.net/tdata_pSF696
  • t####.me####.com/rtb?type=####&d=####&b=####&p=####&l=####&s=####&m=####...
  • trac####.v.tf.####.cn/s?type=####&r=####&tid=####&finfo=####&enup=####&m...
HTTP POST requests:
  • amdc####.m.ta####.com/amdc/mobileDispatch?appkey=####&deviceId=####&plat...
  • api.k.36####.com/k2/api/lockscreen/config?os=####&time=####&sys=####&m2=...
  • c-h####.g####.com/api.php?format=####&t=####
  • k####.36####.com/k2/appconfig/getjarlist?appid=####&curEnv=####&m=####&m...
  • k####.36####.com/k2/hotrizon2/getSInfo?os=####&sys=####&psw2=nR####&ssid...
  • m3.s.3####.cn/api/v1/newid
  • p.s.3####.cn/pstat/plog.php
  • p.s.3####.cn/update/update.php?p=####
  • sdk.o####.p####.####.com/api.php?format=####&t=####
  • sh.wagbr####.aliyun####.com/man/api?ak=####&s=####
  • t####.me####.com/adsdk?pver=####&skey=CK####
  • t####.me####.com/adsdk?pver=####&skey=G-####
  • t####.me####.com/adsdk?pver=####&skey=Gq####
  • t####.me####.com/adsdk?pver=####&skey=LU####
  • t####.me####.com/adsdk?pver=####&skey=pM####
  • u.api.l####.####.cn/comment/lists
  • up####.sdk.jig####.cn/v1/push/sdk/postlist
Modified file system:
Creates the following files:
  • /data/data/####/.imprint
  • /data/data/####/.jg.ic
  • /data/data/####/01df6f69c88164811972c6d883ed80f9341
  • /data/data/####/1c0506fe-2c2d-46ff-8c89-271bf070fa84
  • /data/data/####/2033145970-602345128
  • /data/data/####/2ee8d501-ddc3-45b8-8383-f30fdf63a5e2
  • /data/data/####/3943a0e5-f7ae-4931-8e17-d546b0b7574b
  • /data/data/####/41cc973e-c25c-429e-a59a-e10a85a7eafe
  • /data/data/####/4c1620f2-89ad-4f38-9d36-8a0381ba6ea7
  • /data/data/####/727E4F9E3DF834239309BBBDC87BC476.png
  • /data/data/####/77452519-0cc6-44bf-8909-260c3875271c
  • /data/data/####/9a82d9f4-43f4-428f-b55e-c4a6a931e887
  • /data/data/####/ACCS_BINDumeng;5a56c9198f4a9d0c2f0001a8.xml
  • /data/data/####/ACCS_SDK.xml
  • /data/data/####/ACCS_SDK_CHANNEL.xml
  • /data/data/####/AGOO_BIND.xml
  • /data/data/####/AKTorchDownload.db
  • /data/data/####/AKTorchDownload.db-journal
  • /data/data/####/Agoo_AppStore.xml
  • /data/data/####/Alliance.xml
  • /data/data/####/Alvin2.xml
  • /data/data/####/ContextData.xml
  • /data/data/####/DaemonServer
  • /data/data/####/JPushSA_Config.xml
  • /data/data/####/MENU_CACHE.xml
  • /data/data/####/MessageStore.db-journal
  • /data/data/####/MsgLogStore.db-journal
  • /data/data/####/PendantConfig.xml
  • /data/data/####/QHA_JSON_PERSISTER_42998cf32d552343bc8e460416382dca
  • /data/data/####/QHDeviceFile
  • /data/data/####/QHDeviceID.lock
  • /data/data/####/QH_DeviceSDK.xml
  • /data/data/####/QH_SDK_M2.xml
  • /data/data/####/QH_SDK_UserData42998cf32d552343bc8e460416382dca.xml
  • /data/data/####/QH_SDK_UserData6766aa2750c19aad2fa1b32f36ed4aee.xml
  • /data/data/####/QH_SDK_sessionID42998cf32d552343bc8e460416382dca.xml
  • /data/data/####/TAB_CACHE.xml
  • /data/data/####/UM_PROBE_DATA.xml
  • /data/data/####/Y29tLmxpZ2h0c2t5LnZpZGVv.tick.lock
  • /data/data/####/ab_test_config.xml
  • /data/data/####/abtest_base_sp_filename42998cf32d552343bc8e4604...ca.xml
  • /data/data/####/abtest_base_sp_filename42998cf32d552343bc8e4604...ml.bak
  • /data/data/####/accs.db-journal
  • /data/data/####/ad_config_file.xml
  • /data/data/####/agoo.pid
  • /data/data/####/android_player_20180723_044024_000.log_0
  • /data/data/####/appPackageNames_v2
  • /data/data/####/app_globel_config_file.xml
  • /data/data/####/auth_guide_config_sdk.xml
  • /data/data/####/ba50c843-ae2c-44d1-933c-27ab38d95cc9
  • /data/data/####/banner.db-journal
  • /data/data/####/cache.ttf
  • /data/data/####/channel_webview.db-journal
  • /data/data/####/cloud_config_file.xml
  • /data/data/####/cloud_push_config_file.xml
  • /data/data/####/cloud_switch_cache
  • /data/data/####/cn.jpush.android.user.profile.xml
  • /data/data/####/cn.jpush.preferences.v2.rid.xml
  • /data/data/####/cn.jpush.preferences.v2.xml
  • /data/data/####/com.qihoo.livecloud.settings.GPWebrtcSettings.pref.xml
  • /data/data/####/core_update
  • /data/data/####/core_update_locker
  • /data/data/####/critical_service_config.xml
  • /data/data/####/daemon_webview.db-journal
  • /data/data/####/dbfocus-journal
  • /data/data/####/dd9a4c28-2d6f-4f89-ab94-cf1ca8c8d8c9
  • /data/data/####/device_collector
  • /data/data/####/device_collector_locker
  • /data/data/####/download-journal
  • /data/data/####/dso_deps
  • /data/data/####/dso_lock
  • /data/data/####/dso_manifest
  • /data/data/####/dso_state
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/exid.dat
  • /data/data/####/finalcore.jar
  • /data/data/####/gdaemon_20161017
  • /data/data/####/getui_sp.xml
  • /data/data/####/gx_sp.xml
  • /data/data/####/hotrizon_sharepref.xml
  • /data/data/####/http_cookie.xml
  • /data/data/####/httpdns_config_cache.xml
  • /data/data/####/i==1.2.0&&1.2.28_1532320797448_envelope.log
  • /data/data/####/info.xml
  • /data/data/####/init.pid
  • /data/data/####/init_c1.pid
  • /data/data/####/jpush_device_info.xml
  • /data/data/####/jpush_local_notification.db
  • /data/data/####/jpush_local_notification.db-journal
  • /data/data/####/jpush_local_notification.db-wal
  • /data/data/####/jpush_stat_cache.json
  • /data/data/####/jpush_stat_cache_history.json
  • /data/data/####/jpush_statistics.db
  • /data/data/####/jpush_statistics.db-journal
  • /data/data/####/jpush_statistics.db-shm (deleted)
  • /data/data/####/jpush_statistics.db-wal
  • /data/data/####/jpushservice_webview.db-journal
  • /data/data/####/libdvrender.so.tmp
  • /data/data/####/libjiagu-71411075.so
  • /data/data/####/libjplayer.so.tmp
  • /data/data/####/liblocalserver.so.tmp
  • /data/data/####/libmyssl.so.1.1.tmp
  • /data/data/####/libtranscore.so.tmp
  • /data/data/####/libviewer.so.tmp
  • /data/data/####/libyfnet_360.so.tmp
  • /data/data/####/light_sky_avast.xml
  • /data/data/####/localserver_2.0.3.18042602.zip
  • /data/data/####/locker
  • /data/data/####/log_reupload_task
  • /data/data/####/log_reupload_task_locker
  • /data/data/####/message.db-journal
  • /data/data/####/message_accs_db
  • /data/data/####/message_accs_db-journal
  • /data/data/####/msg_queue
  • /data/data/####/msplugin_ksp.xml
  • /data/data/####/multidex.version.xml
  • /data/data/####/p.l
  • /data/data/####/player_20180723_044024_000.log_0
  • /data/data/####/player_record_2.0.3.18051401.zip
  • /data/data/####/privacy_config_file.xml
  • /data/data/####/profile_task
  • /data/data/####/profile_task_locker
  • /data/data/####/profile_torch_platform
  • /data/data/####/push.db-journal
  • /data/data/####/push.pid
  • /data/data/####/push_share.xml
  • /data/data/####/pushext.db-journal
  • /data/data/####/pushg.db-journal
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/qhvc_plugin.xml
  • /data/data/####/qpush_msg.xml
  • /data/data/####/run.pid
  • /data/data/####/safe_user_info_file.xml
  • /data/data/####/screen_conf.xml
  • /data/data/####/session_base_sp_filename42998cf32d552343bc8e460...ca.xml
  • /data/data/####/session_base_sp_filenameandroidID.xml
  • /data/data/####/share_data.xml
  • /data/data/####/shortcut_badger_sharepref.xml
  • /data/data/####/sp.livecloud.database.xml
  • /data/data/####/sp_file_recommend_upload.xml
  • /data/data/####/tab_request_name.xml
  • /data/data/####/tdata_jVg168
  • /data/data/####/tdata_jVg168.jar
  • /data/data/####/tdata_pSF696
  • /data/data/####/tdata_pSF696.jar
  • /data/data/####/tools_2.0.3.18051401.zip
  • /data/data/####/torch_sdk_config.xml
  • /data/data/####/trans_20180723_044025_000.log_0
  • /data/data/####/um_pri.xml
  • /data/data/####/umdat.xml
  • /data/data/####/umeng_common_config.xml
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/umeng_message_state.xml
  • /data/data/####/uninstall_apk
  • /data/data/####/uninstall_apk_locker
  • /data/data/####/universalPopup.xml
  • /data/data/####/videolist.db-journal
  • /data/data/####/waitingDown
  • /data/data/####/waitingDown_locker
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal
  • /data/data/####/yf_p2p_201804191558.zip
  • /data/media/####/.a.dat
  • /data/media/####/.adfwe.dat
  • /data/media/####/.cca.dat
  • /data/media/####/.deviceId
  • /data/media/####/.iddata
  • /data/media/####/.nomedia
  • /data/media/####/.push_deviceid
  • /data/media/####/.sfp
  • /data/media/####/.testf
  • /data/media/####/.umm.dat
  • /data/media/####/1330deb0c8bd4c1abe27d9284dc46a55
  • /data/media/####/1_MxfHnWn-VQnWYiz2n6Qt2KGjs.-1212677183.tmp
  • /data/media/####/1d6t8y4_AGvUz_sB83fakcYyU_o.-1879415080.tmp
  • /data/media/####/1fNK7We1uohxpGUlzt7Oiuyykig.100392281.tmp
  • /data/media/####/27diJGHpT7xibwOhy1yW-Vgg8ZA.87201576.tmp
  • /data/media/####/2RlYVS1MZCbIOz43Y5q50_UuSX4.-2147375695.tmp
  • /data/media/####/2V-K_TlOLjmLYMAXjS6VZ3zL1pc.2043654381.tmp
  • /data/media/####/2pG-D5D4rjiN3SARpQ8uPFSXeUw.68938061.tmp
  • /data/media/####/35e0703e0c4144cd85132197210b0711
  • /data/media/####/3MZf8O07zMI99up9UT2sisx4G4I.638486726.tmp
  • /data/media/####/3XiF-3fxG8HPvr20FoNyvINQTWA.1286956069.tmp
  • /data/media/####/3wLiHea3StRKRqLCql1E3ovDGNo.-1263660279.tmp
  • /data/media/####/42998cf32d552343bc8e460416382dca
  • /data/media/####/42aDz_LSLKhyjlSNxW-YHEIuo7k.1381355950.tmp
  • /data/media/####/4aDyu0lQFsI4825hxtkHc6v6NFU.-1719802592.tmp
  • /data/media/####/4d3gpYj-jG-G_BWjEc3KaavYQM0.62845829.tmp
  • /data/media/####/4uAPGs61FLeeFDuyD7jYBrqwwHA.-1261515474.tmp
  • /data/media/####/56B2SW_CeKsVqkntPQ_FCu6_THk.-1285720353.tmp
  • /data/media/####/5UR91GU6P5kJZI0r34fctFGM9hw.1396152682.tmp
  • /data/media/####/5Uk-SXX7KXIOc7-vBBnbmyjUMdU.-659160141.tmp
  • /data/media/####/5npruhxpkEw_o-8U2ZnDnix9ZOA.-1202486933.tmp
  • /data/media/####/6766aa2750c19aad2fa1b32f36ed4aee
  • /data/media/####/6766aa2750c19aad2fa1b32f36ed4aee (deleted)
  • /data/media/####/6766aa2750c19aad2fa1b32f36ed4aee.tmp
  • /data/media/####/69Moov8KSQnxEyzDxQV7F_QEaPo.548991186.tmp
  • /data/media/####/6VzzC07JSEQODUKPvcU_1em1xjk.-1462252736.tmp
  • /data/media/####/6YhublAgHIKoE0wHUuuLbbya92k.732231395.tmp
  • /data/media/####/6lh-iI3UmymFTunhnaDxT84wfDg.-1434993148.tmp
  • /data/media/####/72101ce05b284cbbb0bac5e5084c5719
  • /data/media/####/82m9X_dT8zLY-1Tm74cwbwxKzeY.-852093204.tmp
  • /data/media/####/8RVNy-FOCmqzTnndd_0-nlDPxCg.1316746271.tmp
  • /data/media/####/9QuaNzFvYWCp6ZK7675iIjwZecc.-495455886.tmp
  • /data/media/####/9WxOB7OObra2rR9nYPhkm4nq3yk.1670979628.tmp
  • /data/media/####/9raPqEvjH94rssDVjcdp-1qpBGI.-2146839686.tmp
  • /data/media/####/AA8sZXfQpWaSOWz66bcv0Ofxn1M.2053628048.tmp
  • /data/media/####/AJj3Z9WD9Ov0kgjCoZGmXUGG-Pg.1257209071.tmp
  • /data/media/####/AcM
  • /data/media/####/AcM (deleted)
  • /data/media/####/Aej5nBMXDRfFSAnjMbLtZKXJdss.-491648551.tmp
  • /data/media/####/Alvin2.xml
  • /data/media/####/AnVQe2emSbskzgMwcGU9vOj_rdI.-1380357557.tmp
  • /data/media/####/BKJ
  • /data/media/####/BKJ (deleted)
  • /data/media/####/BqVFS7ArGM-CZjfjfHKZO5j80h0.-2107948822.tmp
  • /data/media/####/C5pNujxkIhA6TLn5x5iwLj9tTVo.1633591687.tmp
  • /data/media/####/CgxQ5uLj6ZrUqcdQhlFFfnFf2Ck.241593512.tmp
  • /data/media/####/CiEIi6LTCRxTPZkHtb5bvpX4FAY.167588509.tmp
  • /data/media/####/Clhct9GKaHXmRw7sqmhXx4o0mzg.331414451.tmp
  • /data/media/####/ContextData.xml
  • /data/media/####/DPwJ_DrqAYa6gQ537odojO38XoY.512193774.tmp
  • /data/media/####/DV1xhQsxlCoZKFxDni2jUjCO_OU.1337068479.tmp
  • /data/media/####/DXFdTLXn9tcdSA_X1ESg75tlxCU.-150714908.tmp
  • /data/media/####/E3vKIjeKCEM3Fve-I77-pIW5v1s.-1495651327.tmp
  • /data/media/####/E5rgUi6i9dYuQkf3__Yl-GgSEsA.-1756815776.tmp
  • /data/media/####/ExYodS1bqZZ83mfMayGWKWez7BI.-103852080.tmp
  • /data/media/####/F6TC2NZby9XjFAs7-HH-Cr4KupY.1806173714.tmp
  • /data/media/####/F7Dn5S-U5qq_v4wkLQMATJAJW5A.-1131128249.tmp
  • /data/media/####/FDzv1CiN6-K2I6Q453NGbct9V_M.353908148.tmp
  • /data/media/####/G92l1s5tuzDU-N2BH08wiAw_9Ag.221674501.tmp
  • /data/media/####/GE-FfCLYJ1cxt65hPHK_kz7jORs.-1228253473.tmp
  • /data/media/####/GEXXEp7QC0HhYYUVfqhfsXMe0vQ.167543798.tmp
  • /data/media/####/Gi237f0nHbG7g4WiRB3nDuAgYcE.-1691926602.tmp
  • /data/media/####/GmQ6xY0K4GKmflHBXC-3ITkVl4M.-1349148019.tmp
  • /data/media/####/GsKuasjRKLyBfpS3hACCLPVF7vM.1921548337.tmp
  • /data/media/####/GuaETviUGJkVkVKLEywuE_1VXIQ.508096652.tmp
  • /data/media/####/IJM4pMpwCRSrqmNkaHvz-bBvD7g.-1843001589.tmp
  • /data/media/####/IKhk0uN3mA5shPNbbJLGvBmEbao.573712560.tmp
  • /data/media/####/ITZ0F29ChbWak6HBdVv3T1Jb_48.-1261376037.tmp
  • /data/media/####/KvJN_AH33w7xZfUHzSyhxKYqh3w.-1479336079.tmp
  • /data/media/####/LkM09u4ppDZ9G-IybpQVGT_-Czs.-1040712972.tmp
  • /data/media/####/MdzkIMMnw-Pqb_s9BIRWUNs4v1g.-760160384.tmp
  • /data/media/####/MeoedVST4kM7bf0g-JNml4O8nfc.2069939022.tmp
  • /data/media/####/N2-nw6x-kBKaCTh0hJC9PmnqQ4E.-1997690805.tmp
  • /data/media/####/NFM8as6lr_6FmjfHDyf1iAKNK9g.cnt
  • /data/media/####/O-4mt7-bQzwMy8cM4n8CW-0giYk.583888738.tmp
  • /data/media/####/OBsFdNaPqU7Efx_jWRsSbOorSBk.-410980701.tmp
  • /data/media/####/OOPKgleLkt9JlwmsaJwtg68TP-U.-957235766.tmp
  • /data/media/####/OPQm8y6WZ07v2n79usmTDdts4ks.-1750140592.tmp
  • /data/media/####/OS_4kPmer3Nmtztz2hYeMeT7cFE.730205131.tmp
  • /data/media/####/OnLLOU9zW6GA0EJI2GmMUvWI_UY.-68102039.tmp
  • /data/media/####/PXGdgBpVxH327ipknn9PLp0Rlqw.677095991.tmp
  • /data/media/####/QmxQMYU-1jSkluhbNuPg048BdW4.-76615958.tmp
  • /data/media/####/Qt6RAt3fQzVpYav-E6MTKs3Jwo8.4201653.tmp
  • /data/media/####/RU05KQWV2NvexuVy8ypRuQANs7w.656732303.tmp
  • /data/media/####/RbjShddlaHfNbmdg9vy5awu3tcQ.-1671692380.tmp
  • /data/media/####/RgCGd8VoY1XWrprrwtA4vCRCbm0.341602604.tmp
  • /data/media/####/Rz2kxzHC0O-oVz_J4d2u8ddenD8.-1896811151.tmp
  • /data/media/####/S1iiB3h4iPNLHn4L7X-ztVlIZVE.1022464965.tmp
  • /data/media/####/S4JUCYsOcjmZMiMBwFzHGsheKtY.-319654207.tmp
  • /data/media/####/SQ16UYn6YGplwnTToRvOF1pTEiA.-1836818604.tmp
  • /data/media/####/Sah6OkkYt7vypzVK4yQJmHqiFMA.-1523031868.tmp
  • /data/media/####/T--JvkEkP_WzjJEzo_p0DQKWPPs.-894439561.tmp
  • /data/media/####/TYYD5Mj7fuwRnp2Cfbvoz0FYyOc.1318497276.tmp
  • /data/media/####/TroRiXhPpxaTTm9gLPGp8PmyE-Y.1550197063.tmp
  • /data/media/####/U68JezBRN6YPDNHMm7RXBCXhC84.120723387.tmp
  • /data/media/####/UAwe8mkoClu1j3ozAFM6y6kOSAw.-1201972032.tmp
  • /data/media/####/VVE6oN4OggNpl7Klr6BcacCg87k.-2002946319.tmp
  • /data/media/####/VezMZ5-SnRTTnxJ8Kr1cV8JYnvE.216406524.tmp
  • /data/media/####/W1s2y4DvoyLbSH5Y_ml_RWXx5Sc.-490152223.tmp
  • /data/media/####/WYyIhksfybSdr2grMzvle2mm4Y8.1995197606.tmp
  • /data/media/####/X1wrFYazcZh4Qw8MjbWgo6HxZjU.1723068129.tmp
  • /data/media/####/XQFgBqusjuDOk1VNRWZg7LfKoQA.489181995.tmp
  • /data/media/####/XUHLirofN53YTeEwYNHrc1zgqmA.-1469101928.tmp
  • /data/media/####/Y29tLmxpZ2h0c2t5LnZpZGVv
  • /data/media/####/Y29tLmxpZ2h0c2t5LnZpZGVv (deleted)
  • /data/media/####/YdPZAxOFoz1F7ksK3Coyi3YHqRc.-192593981.tmp
  • /data/media/####/YgXO7_WPS04h8WggMeVfkvgsqTI.-2017797959.tmp
  • /data/media/####/Ym3
  • /data/media/####/Ym3 (deleted)
  • /data/media/####/YsT
  • /data/media/####/YsT (deleted)
  • /data/media/####/YtPRhrggenO00jz3td3HdRpt-zk.-456043617.tmp
  • /data/media/####/YyEh0FaUuDR9VGYSSo0woTHC2Ko.1378964471.tmp
  • /data/media/####/_UjKgzxbd8AdZynhg39opDRzbxM.-1153076427.tmp
  • /data/media/####/__VERSION__
  • /data/media/####/_fC3EXeFTTlsPUxGYdglMl5J0K8.-375447861.tmp
  • /data/media/####/app.db
  • /data/media/####/avast_done
  • /data/media/####/b-Qr-QuhOeRgdPJEATflkOmNDlk.-673374542.tmp
  • /data/media/####/b05ce39c1fe9e72dc1df70989e7e6d14
  • /data/media/####/bO572N3bUpDnYgcleSIdGMSaHsU.2094927092.tmp
  • /data/media/####/bb2c59ef8f134451aff55fc9506ad3da
  • /data/media/####/bbfLtrQ9y5d_Qtt2lfAhp3Vy2Zg.-1409191856.tmp
  • /data/media/####/biDKgJhNxd_wogTti_n_yEKbvLU.2063045195.tmp
  • /data/media/####/cYVZLAyh4CrHt0c2Swsx_xYULQs.-925468539.tmp
  • /data/media/####/cfM1D_xuQ7muXK4JVZkawRdsj-8.-1727199325.tmp
  • /data/media/####/com.getui.sdk.deviceId.db
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/com.lightsky.video.bin
  • /data/media/####/com.lightsky.video.db
  • /data/media/####/dZsr_pb-954v-s1xKSZ2m7ZyQOE.-1517864276.tmp
  • /data/media/####/dZsr_pb-954v-s1xKSZ2m7ZyQOE.cnt
  • /data/media/####/data.lock
  • /data/media/####/deviceToken
  • /data/media/####/dmewFKdfdZYyp0p38RVXriHOBoc.2139167396.tmp
  • /data/media/####/eTOL-GzFcMxupnn0I-DyYfs55b4.636650221.tmp
  • /data/media/####/f_JpezmaWOz5IQf8aaGFOPuW_qo.-945322482.tmp
  • /data/media/####/fjhX6riWd9pzbfuH8R7f2k_HK6s.-1412915541.tmp
  • /data/media/####/geanDAmWNadbvPD9Yifdm5hhOPY.1049157250.tmp
  • /data/media/####/hvcmXd45OT0lbCniNlxADOFc5VY.-1872278708.tmp
  • /data/media/####/i1dIrWA4lxFuSMBI35awao_OVAM.-1802967713.tmp
  • /data/media/####/iJOLsoGmZNVF-KjQYcJ-Mh_vQLI.-470909982.tmp
  • /data/media/####/icFmaag7p4ex6neKOkH026CYh3E.-358629252.tmp
  • /data/media/####/is_CNfbRyW5D5UeSAZw5BTTLyvM.-1468663919.tmp
  • /data/media/####/jByHPcVAmMk_g_dWnpRyRs_M9rU.1119483957.tmp
  • /data/media/####/jC7foX1PWk2la587jAgcOAJN2bc.-1904369469.tmp
  • /data/media/####/jSzZylskqUIf8ZxbuOPWAv8KDqo.1715153421.tmp
  • /data/media/####/jcSAOr9jGZwkhQZMXMgqUBAFH0c.567448038.tmp
  • /data/media/####/jkdMVHCwR-ZBlAoe-hT2K1W3v1Q.-1050644587.tmp
  • /data/media/####/jo2eOOOgdtWkxOzeRPjGQralkjg.-393752943.tmp
  • /data/media/####/kEzUMY6BjWuOfK1jFvv0QQB1sZs.-352280624.tmp
  • /data/media/####/lUgnBas_Xkyc_yEwSmgtKesVH1Q.-1168476129.tmp
  • /data/media/####/lpzdbqQVz35eqvETlmuheVu8i8w.1495403611.tmp
  • /data/media/####/mM8mawL8JamPu_BnLq_7SH7MJNQ.260613323.tmp
  • /data/media/####/mjsFFLQDXc5Rh_K6lDAe15FX1XY.748627536.tmp
  • /data/media/####/o8Fjl6p1BXM-3pL8Gvp-x-5lHpo.1530388426.tmp
  • /data/media/####/ow6xKzJia2TpXAWFG-bq17Xn_vw.721840803.tmp
  • /data/media/####/p00G1-heecRGH2JDPTHplTuxVeE.1488110262.tmp
  • /data/media/####/pIbuUuzZYsyoCYw2SFb60ItCdmo.-1776137989.tmp
  • /data/media/####/pqRytHXaLByxmAcbBPtu7Kt6CFM.1634313832.tmp
  • /data/media/####/qLEWOszDfdfG3lcCGWKMJwd1360.115016351.tmp
  • /data/media/####/qcI60gBOZPF2LRtVvTc6cxlf2nU.-945078858.tmp
  • /data/media/####/qcRAHGo56SNQMxJtcha19sniwE8.-540427217.tmp
  • /data/media/####/qjwv6Gib6pMRkRvvuT9JB_z9eLU.1016691228.tmp
  • /data/media/####/qzJt45Qd4VCcSa6dHFq3eygSyYw.-1420827010.tmp
  • /data/media/####/rGT4NCnKZ5fLZRQKeaEVifcC93s.597817409.tmp
  • /data/media/####/rKU2uSTSM8hedsAnV6-Rl2E65iQ.1115795372.tmp
  • /data/media/####/razOIsBQm4jvB0VfjkXQiK-tzDw.-1951214922.tmp
  • /data/media/####/report.lock
  • /data/media/####/rx3h7CNtWz9WVzw7kmYT2hPlQdI.1183065722.tmp
  • /data/media/####/sA71cq4QyjG68QoQmSfqSvAI--g.-656012474.tmp
  • /data/media/####/su0cRAcs45NMozGvyBLc4j6rBZs.558527250.tmp
  • /data/media/####/sxr1zyxscscNFfrX8Bn001icr8w.1832880953.tmp
  • /data/media/####/t2E3Ln8EqVq3baDGzT5RXk7IkMU.424754111.tmp
  • /data/media/####/tU0dkxl-BE1ZMSgsn-kTD9pQKPo.-148701034.tmp
  • /data/media/####/tdata_jVg168
  • /data/media/####/tdata_pSF696
  • /data/media/####/test.log
  • /data/media/####/uBf
  • /data/media/####/uBf (deleted)
  • /data/media/####/uN8lWwJN5tvQeFCUV7XuJVJvtn4.410238472.tmp
  • /data/media/####/uninstall_apk_list
  • /data/media/####/w6zlBqBm6vls4v1ZWuu_0k3r_W4.-1066568999.tmp
  • /data/media/####/w_ULG3RFb0oJWbcF3Kr9sdn_NkY.-1935546740.tmp
  • /data/media/####/wrY09Ki4ax2YLcM5yWEVpJz73_Q.175100432.tmp
  • /data/media/####/wt_wWKNgv1mc-DjFIWbROOuaWvc.-1743861924.tmp
  • /data/media/####/xUm-uHLZseen7-xzU1dB1QKFots.1387733909.tmp
  • /data/media/####/y4UCgMb_bvvA26qT2rQ-U3J2U0Q.-305215663.tmp
  • /data/media/####/yAV02gB8v78trpiqmmo_9R0_qeo.1912867140.tmp
  • /data/media/####/yiDEbnuRI0nmWDX1xnqwPzJ32k0.990447545.tmp
  • /data/media/####/zKJu9ODW4NmO7xjyGlZfhXl_8Do.187827726.tmp
  • /data/media/####/zh_WQOEn9IGRjLJ0GIq9mF5-ADM.1501273113.tmp
Miscellaneous:
Executes next shell scripts:
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  • /system/xbin/which su
  • <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:5a56c9198f4a9d0c2f0001a8","utdid":"W1VcHH23McsDAGdzx1HM85K3","sdkVersion":"221"} -I agoodm.m.taobao.com -O 80 -T -Z
  • <Package Folder>/files/gdaemon_20161017 0 <Package>/com.qihoo.qpush.sdk.GeTuiPushService 24825 300 0
  • cat /proc/version
  • chmod 500 <Package Folder>/files/DaemonServer
  • chmod 700 <Package Folder>/files/gdaemon_20161017
  • chmod 755 <Package Folder>/.jiagu/libjiagu-71411075.so
  • ls /
  • ls /sys/class/thermal
  • sh
Loads the following dynamic libraries:
  • GPBreakpad
  • getuiext2
  • jcore120
  • libdvrender
  • libimagepipeline
  • libjiagu-71411075
  • libjplayer
  • liblocalserver
  • libtranscore
  • libviewer
  • libyfnet_360
  • tnet-3.1
Uses the following algorithms to encrypt data:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS7Padding
  • DES
  • RSA-ECB-PKCS1Padding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
  • RSA-None-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-NoPadding
  • DES
Uses elevated priveleges.
Uses special library to hide executable bytecode.
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about installed applications.
Gains access to information about running applications.
Gains access to information about accounts (Google, Facebook, etc.) registered on the device.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play