ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Adware.Gexin.504

Added to the Dr.Web virus database: 2018-07-24

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.2.origin
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) 1####.192.109.170:80
  • TCP(HTTP/1.1) res.qhup####.com:80
  • TCP(HTTP/1.1) t####.me####.com:80
  • TCP(HTTP/1.1) sh####.360t####.com:80
  • TCP(HTTP/1.1) up####.sdk.jig####.cn:80
  • TCP(HTTP/1.1) qos.l####.360.cn:80
  • TCP(HTTP/1.1) t####.c####.q####.####.com:80
  • TCP(HTTP/1.1) trac####.v.tf.####.cn:80
  • TCP(HTTP/1.1) m3.s.3####.cn:80
  • TCP(HTTP/1.1) api.k.36####.com:80
  • TCP(HTTP/1.1) sdk.o####.p####.####.com:80
  • TCP(HTTP/1.1) p9.q####.com:80
  • TCP(HTTP/1.1) p3.qhi####.com:80
  • TCP(HTTP/1.1) c-h####.g####.com:80
  • TCP(HTTP/1.1) s####.s.360.cn:80
  • TCP(HTTP/1.1) p1.q####.com:80
  • TCP(HTTP/1.1) u.api.l####.####.cn:80
  • TCP(HTTP/1.1) ab####.m.s.####.cn:80
  • TCP(HTTP/1.1) e.s####.com:80
  • TCP(HTTP/1.1) amdc####.m.ta####.com:80
  • TCP(HTTP/1.1) p10.qhi####.com:80
  • TCP(HTTP/1.1) sni.c####.q####.####.net:80
  • TCP(HTTP/1.1) sdk.l####.360.cn:80
  • TCP(HTTP/1.1) p.s.3####.cn:80
  • TCP(HTTP/1.1) sh.wagbr####.aliyun####.com:80
  • TCP(HTTP/1.1) s####.lian####.360.cn:80
  • TCP(HTTP/1.1) app.v.k.####.com:80
  • TCP(HTTP/1.1) sh####.me####.com:80
  • TCP(HTTP/1.1) k####.36####.com:80
  • TCP(TLS/1.0) msg.umengc####.com:443
  • TCP(TLS/1.0) t####.me####.com:443
  • TCP(TLS/1.0) app.k.36####.com:443
  • TCP(TLS/1.0) mdm.ope####.360.cn:443
  • TCP(TLS/1.0) 2####.107.1.97:443
  • TCP(TLS/1.0) sh.wagbr####.alibaba####.com:443
  • TCP(TLS/1.0) s####.tf.360.cn:443
  • TCP(TLS/1.0) sdkc####.e.360.cn:443
  • TCP(TLS/1.0) cc.p####.dc.####.cn:443
  • TCP(TLS/1.0) api####.me####.com:443
  • TCP(TLS/1.0) s####.j####.cn:443
  • TCP(TLS/1.0) w.vip.a####.####.cn:443
  • TCP c####.g####.ig####.com:5224
  • UDP s.j####.cn:19000
  • TCP 1####.121.49.90:7001
  • TCP umengj####.m.ta####.com:80
  • TCP 1####.163.230.183:80
  • TCP sdk.o####.t####.####.com:5224
  • TCP ope####.m.ta####.com:443
DNS requests:
  • 7j####.c####.z0.####.com
  • a####.man.aliy####.com
  • ab####.m.s.####.cn
  • ag####.m.ta####.com
  • amdc####.m.ta####.com
  • api####.me####.com
  • api.k.36####.com
  • app.k.36####.com
  • app.v.k.####.com
  • c####.g####.ig####.com
  • c-h####.g####.com
  • c2s.w.in####.cn
  • cc.p####.dc.####.cn
  • e.s####.com
  • k####.36####.com
  • m####.me####.com
  • m3.s.3####.cn
  • mdm.ope####.360.cn
  • msg.umengc####.com
  • p.s.3####.cn
  • p0.q####.com
  • p1.q####.com
  • p10.qhi####.com
  • p15.q####.com
  • p17.q####.com
  • p19.q####.com
  • p2.q####.com
  • p3.q####.com
  • p3.qhi####.com
  • p4.q####.com
  • p5.q####.com
  • p6.q####.com
  • p7.q####.com
  • p8.q####.com
  • p9.q####.com
  • plb####.u####.com
  • pub-####.qin####.com
  • qos.l####.360.cn
  • res.qhup####.com
  • s####.j####.cn
  • s####.l####.360.cn
  • s####.lian####.360.cn
  • s####.s.360.cn
  • s####.tf.360.cn
  • s.j####.cn
  • sdk.c####.ig####.com
  • sdk.l####.360.cn
  • sdk.l####.360.cn
  • sdk.me####.com
  • sdk.o####.p####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.net
  • sdkc####.e.360.cn
  • sh####.360t####.com
  • sh####.me####.com
  • t####.me####.com
  • trac####.v.tf.####.cn
  • u####.u####.com
  • u.api.l####.####.cn
  • umen####.m.ta####.com
  • umengj####.m.ta####.com
  • up####.sdk.jig####.cn
HTTP GET requests:
  • ab####.m.s.####.cn/abtest/cloud.so?appkey=####&dt=####&os=####&ov=####&m...
  • app.v.k.####.com/vod-xinxiliu-tv-q2-bj/46724028_14cc4c8c3-1040-4b5e-8e5e...
  • e.s####.com/max/pv?pl=####&rt=####&chan_type=####&asin=####&ctype=####
  • k####.36####.com//k2/appconfig/getjar?appid=####&m=####&m2=####&ch=####&...
  • k####.36####.com/hotrizon2/appConfig?os=####&use_gear=####&time=####&sys...
  • k####.36####.com/hotrizon2/author/videos?needAuthor=####&sys=####&m2=###...
  • k####.36####.com/hotrizon2/authorlist?pageSize=####&appid=####&curQid=##...
  • k####.36####.com/hotrizon2/channelnew?m2=####&appid=####&m=####&ch=####&...
  • k####.36####.com/hotrizon2/detail?os=####&requestNum=####&sys=####&appid...
  • k####.36####.com/hotrizon2/list?svc=####&kw=####&os=####&ckw=####&sys=##...
  • k####.36####.com/hotrizon2/list?svc=####&os=####&sys=####&direction=####...
  • k####.36####.com/hotrizon2/myfollower?appid=####&maxOffset=####&m=####&m...
  • k####.36####.com/hotrizon2/play?id=####&m2=####&strategy=####&appid=####...
  • k####.36####.com/hotrizon2/play?id=####&userclick=####&m2=####&strategy=...
  • k####.36####.com/hotrizon2/play?os=####&userclick=####&sys=####&appid=##...
  • k####.36####.com/hotrizon2/relate?os=####&sys=####&columns=####&appid=##...
  • k####.36####.com/hotrizon2/topic/detail?id=####&appid=####&cdn_url=####&...
  • k####.36####.com/k2/api/privacy/config?appid=####&m=####&m2=####&ch=####...
  • k####.36####.com/k2/appconfig/getAbRole?os=####&time=####&sys=####&m2=##...
  • k####.36####.com/k2/appconfig/getNewinfo?appid=####&m=####&m2=####&ch=##...
  • k####.36####.com/k2/appconfig/getRedpackPop?appid=####&m=####&m2=####&ch...
  • k####.36####.com/k2/appconfig/getplugin?appid=####&m=####&m2=####&ch=###...
  • k####.36####.com/k2/appconfig/getpopup?appid=####&m=####&m2=####&ch=####...
  • k####.36####.com/k2/hotrizon2/aconfig?appid=####&m=####&m2=####&ch=####&...
  • k####.36####.com/k2/hotrizon2/gettime?os=####&sys=####&m2=####&appid=###...
  • p1.q####.com/dr/160_160_/t013e12d3d8d479dec0.png
  • p1.q####.com/dr/160_160_/t0178f4940163b7d350.png
  • p1.q####.com/dr/_100_70/t010d44a5c30eace11d.png
  • p1.q####.com/dr/_100_70/t0135a66dc8875aeb9b.png
  • p1.q####.com/dr/_100_70/t0162a058383eb4c502.jpg
  • p1.q####.com/dr/_100_70/t01962c3a9d037b8120.png
  • p1.q####.com/dr/_100_70/t01b46d63c0c6640837.jpg
  • p1.q####.com/dr/_100_70/t01e510bc534b0fb055.jpg
  • p1.q####.com/dr/_280_50/t015d7252f5ebd166e4.webp
  • p1.q####.com/dr/_280_50/t01d133d5476c60fb46.webp
  • p1.q####.com/t013db82533aa9e5a9a.jpg
  • p1.q####.com/t013de51f872598e03c.jpg
  • p1.q####.com/t01462cf7b991326f0c.png
  • p1.q####.com/t0147eeb331a280d627.jpg
  • p1.q####.com/t01559f493c2c431c4e.jpg
  • p1.q####.com/t015de5881b00852f79.jpg
  • p1.q####.com/t0178bccfe750f110a1.jpg
  • p1.q####.com/t0182d92993563c5d99.jpg
  • p1.q####.com/t01895341e0317eb44d.png
  • p1.q####.com/t018a091efca6865662.jpg
  • p1.q####.com/t018a76b42c2a942173.jpg
  • p1.q####.com/t018af40d754eb2552d.jpg
  • p1.q####.com/t019a1595c125875918.jpg
  • p1.q####.com/t019ed52be13850ecf0.jpg
  • p1.q####.com/t019f6478307ad0eea6.jpg
  • p1.q####.com/t01a6e5f1d80e698090.jpg
  • p1.q####.com/t01ae70f3f6372b712d.jpg
  • p1.q####.com/t01c1ff533a19145140.jpg
  • p1.q####.com/t01c284e24d09f6b14d.jpg
  • p1.q####.com/t01c94347ad9cab8684.jpg
  • p1.q####.com/t01e69681fa8d4220ab.jpg
  • p1.q####.com/t01f9458c7931fe73bc.jpg
  • p1.q####.com/t01fbd813cffe479760.jpg
  • p1.q####.com/video/568_320_70/t0111d3f307b69d3ca5.webp
  • p1.q####.com/video/568_320_70/t01581818f8e38e91e2.webp
  • p1.q####.com/video/568_320_70/t0194227452440a0267.webp
  • p1.q####.com/video/568_320_70/t01c6310369e6696d32.webp
  • p1.q####.com/video/568_320_70/t01cbc6ef7156858bfd.webp
  • p1.q####.com/video/568_320_70/t01d19b4801033bf5ec.webp
  • p1.q####.com/video/568_320_70/t01ef4faf916ed2c82e.webp
  • p10.qhi####.com/dr/_280_50/t013ed09af88b33c2bb.webp
  • p10.qhi####.com/dr/_280_50/t01a1677a3bc7c870a4.webp
  • p10.qhi####.com/dr/_280_50/t01e0080c80d5690c15.webp
  • p3.qhi####.com/sdm/200_150_/t0137d275de81db2b33.jpg
  • p3.qhi####.com/sdm/200_150_/t01aa06f08437887f42.jpg
  • p9.q####.com/dr/_100_70/t01039b1d021c2c59be.jpg
  • p9.q####.com/dr/_100_70/t010ffb27312123c037.jpg
  • p9.q####.com/dr/_100_70/t011cae50a585de4ef7.jpg
  • p9.q####.com/dr/_100_70/t011d91f792ac76b4e7.jpg
  • p9.q####.com/dr/_100_70/t011fc6c863e91bc846.jpg
  • p9.q####.com/dr/_100_70/t012074793c4be9eca4.jpg
  • p9.q####.com/dr/_100_70/t012c6be4ef1b6e65ce.jpg
  • p9.q####.com/dr/_100_70/t01426293870c985577.jpg
  • p9.q####.com/dr/_100_70/t01439b4779cae60d38.jpg
  • p9.q####.com/dr/_100_70/t01535805bf574ffda5.jpg
  • p9.q####.com/dr/_100_70/t0162082f4812dd47d7.jpg
  • p9.q####.com/dr/_100_70/t0168c13135d27bcf6a.jpg
  • p9.q####.com/dr/_100_70/t016d25ef215427217f.jpg
  • p9.q####.com/dr/_100_70/t0175ff72a3d095923b.jpg
  • p9.q####.com/dr/_100_70/t018234f2181f163b08.jpg
  • p9.q####.com/dr/_100_70/t01850fafdd07a51d21.jpg
  • p9.q####.com/dr/_100_70/t0193a51b6d044eefa0.jpg
  • p9.q####.com/dr/_100_70/t019dd9fd0304bd8f6a.jpg
  • p9.q####.com/dr/_100_70/t01a855689adeab2078.jpg
  • p9.q####.com/dr/_100_70/t01aff09f7fb08002e8.jpg
  • p9.q####.com/dr/_100_70/t01b1b7c15594d8864d.jpg
  • p9.q####.com/dr/_100_70/t01cae87bb12e6ffd50.jpg
  • p9.q####.com/dr/_100_70/t01ccc35c2f97b2ac0b.jpg
  • p9.q####.com/dr/_100_70/t01d9f00fc6c9a0f64b.jpg
  • p9.q####.com/dr/_100_70/t01e0634fd1495096a4.jpg
  • p9.q####.com/dr/_100_70/t01ee7582648ae7e325.jpg
  • p9.q####.com/dr/_100_70/t01ef8f37d102f659ac.jpg
  • p9.q####.com/dr/_100_70/t01f06e95144202d710.jpg
  • p9.q####.com/dr/_200_100/t01b1b7c15594d8864d.jpg
  • p9.q####.com/t01153c265593f3258e.jpg
  • p9.q####.com/t011cacd50c6b7080b3.png
  • p9.q####.com/t012eed110d8121aa2d.jpg
  • p9.q####.com/t015a5b21a1401edc5c.jpg
  • p9.q####.com/t0164a008ec47604ab6.jpg
  • p9.q####.com/t018a9cc33fe4135800.jpg
  • p9.q####.com/t0199c6d41d27da8142.jpg
  • p9.q####.com/t01d2969abcc5ec820f.jpg
  • p9.q####.com/video/568_320_70/t010365ab5e8d28ff31.webp
  • p9.q####.com/video/568_320_70/t01048b3083c428f590.webp
  • p9.q####.com/video/568_320_70/t0109a53164cfd2576c.webp
  • p9.q####.com/video/568_320_70/t010a7fdc8867dc586a.webp
  • p9.q####.com/video/568_320_70/t010d8b5134fbecbabc.webp
  • p9.q####.com/video/568_320_70/t011249e84d445b267e.webp
  • p9.q####.com/video/568_320_70/t011544e8c4fe37d2ae.webp
  • p9.q####.com/video/568_320_70/t0118294688ddd85638.webp
  • p9.q####.com/video/568_320_70/t0118ac89fc51e5e77b.webp
  • p9.q####.com/video/568_320_70/t011a2010fad40735e9.webp
  • p9.q####.com/video/568_320_70/t011a2595d18ef23e81.webp
  • p9.q####.com/video/568_320_70/t011bd57d97c6ea0184.webp
  • p9.q####.com/video/568_320_70/t011e9b859fde0304b6.webp
  • p9.q####.com/video/568_320_70/t01223a61e335052f5e.webp
  • p9.q####.com/video/568_320_70/t01286bb0f1da12a2b7.webp
  • p9.q####.com/video/568_320_70/t012ae18c2d2fe5244b.webp
  • p9.q####.com/video/568_320_70/t012fced7c234dd3f57.webp
  • p9.q####.com/video/568_320_70/t0133d5d6cd0a7ba65e.webp
  • p9.q####.com/video/568_320_70/t013847e040eeb4251f.webp
  • p9.q####.com/video/568_320_70/t0139ee02a1bb35e7dd.webp
  • p9.q####.com/video/568_320_70/t013ed09af88b33c2bb.webp
  • p9.q####.com/video/568_320_70/t0143044189c624b7ff.webp
  • p9.q####.com/video/568_320_70/t0143f45dfb9256f352.webp
  • p9.q####.com/video/568_320_70/t01457a6153440aeb7c.webp
  • p9.q####.com/video/568_320_70/t014fc5d3d6db203966.webp
  • p9.q####.com/video/568_320_70/t0150bf0ad271d1576d.webp
  • p9.q####.com/video/568_320_70/t01556ca4a95cc32dba.webp
  • p9.q####.com/video/568_320_70/t015b7e4b2cc67eb533.webp
  • p9.q####.com/video/568_320_70/t015d7252f5ebd166e4.webp
  • p9.q####.com/video/568_320_70/t01603a94eb5f4f9b52.webp
  • p9.q####.com/video/568_320_70/t0160e89edd700b02ec.webp
  • p9.q####.com/video/568_320_70/t0162753c5da4afa070.webp
  • p9.q####.com/video/568_320_70/t016284c22ea4781078.webp
  • p9.q####.com/video/568_320_70/t016476fe1f3497fab4.webp
  • p9.q####.com/video/568_320_70/t01667829d4ff87a4d9.webp
  • p9.q####.com/video/568_320_70/t0169e229ec4efff683.webp
  • p9.q####.com/video/568_320_70/t016a4f29de57aafca9.webp
  • p9.q####.com/video/568_320_70/t0172a8770c7e50580f.webp
  • p9.q####.com/video/568_320_70/t017398d3ddedb8e5bf.webp
  • p9.q####.com/video/568_320_70/t01761a335df4a0b914.webp
  • p9.q####.com/video/568_320_70/t017c484bdf04b3bf3e.webp
  • p9.q####.com/video/568_320_70/t017c84171c83008651.webp
  • p9.q####.com/video/568_320_70/t017d9a5423165beacb.webp
  • p9.q####.com/video/568_320_70/t018262efa1ae4e244e.webp
  • p9.q####.com/video/568_320_70/t01833ae957ef3b718d.webp
  • p9.q####.com/video/568_320_70/t018a3f2eff22e9c096.webp
  • p9.q####.com/video/568_320_70/t018e71e78ffd954827.webp
  • p9.q####.com/video/568_320_70/t01921c49d7e8d006b6.webp
  • p9.q####.com/video/568_320_70/t01941da1592c72a8bc.webp
  • p9.q####.com/video/568_320_70/t01981ee9ec98816565.webp
  • p9.q####.com/video/568_320_70/t019954c6d15b69c3bc.webp
  • p9.q####.com/video/568_320_70/t0199b9ada74013790f.webp
  • p9.q####.com/video/568_320_70/t0199f2166b25b02fa1.webp
  • p9.q####.com/video/568_320_70/t019d3de61cd4626969.webp
  • p9.q####.com/video/568_320_70/t019ee8fd49dca5d15f.webp
  • p9.q####.com/video/568_320_70/t01a1677a3bc7c870a4.webp
  • p9.q####.com/video/568_320_70/t01a5d9413dd42f84e8.webp
  • p9.q####.com/video/568_320_70/t01a8670e21da65362b.webp
  • p9.q####.com/video/568_320_70/t01a8a7735206a6899a.webp
  • p9.q####.com/video/568_320_70/t01afa6db76cfcc0c52.webp
  • p9.q####.com/video/568_320_70/t01b0b7b06c6d8c886c.webp
  • p9.q####.com/video/568_320_70/t01b6a2841e69b5c6ff.webp
  • p9.q####.com/video/568_320_70/t01b6f3235084a60106.webp
  • p9.q####.com/video/568_320_70/t01b7bc26b788403f6f.webp
  • p9.q####.com/video/568_320_70/t01bbdf5e1defed82cb.webp
  • p9.q####.com/video/568_320_70/t01c2f5c6566ec676e9.webp
  • p9.q####.com/video/568_320_70/t01c61f3a7989dad171.webp
  • p9.q####.com/video/568_320_70/t01c7a2288fc0212580.webp
  • p9.q####.com/video/568_320_70/t01ce069cf8d07e4a67.webp
  • p9.q####.com/video/568_320_70/t01d133d5476c60fb46.webp
  • p9.q####.com/video/568_320_70/t01d1e72de860ffeb04.webp
  • p9.q####.com/video/568_320_70/t01d4d6e77dcc5376d0.webp
  • p9.q####.com/video/568_320_70/t01d844cfe60008aef3.webp
  • p9.q####.com/video/568_320_70/t01da761f70fd3f334d.webp
  • p9.q####.com/video/568_320_70/t01e0080c80d5690c15.webp
  • p9.q####.com/video/568_320_70/t01e41e2930bcf8cd31.webp
  • p9.q####.com/video/568_320_70/t01e94c597a6db87cc9.webp
  • p9.q####.com/video/568_320_70/t01ed7da35ef8fe0597.webp
  • p9.q####.com/video/568_320_70/t01efbbc4c8497b23c9.webp
  • p9.q####.com/video/568_320_70/t01f05154f603c64c9c.webp
  • p9.q####.com/video/568_320_70/t01f3c471b61a4e2bd7.webp
  • p9.q####.com/video/568_320_70/t01f6746b75af512080.webp
  • p9.q####.com/video/568_320_70/t01f7e7a118203d2327.webp
  • p9.q####.com/video/568_320_70/t01fa8608ebc70cb200.webp
  • p9.q####.com/video/568_320_70/t01fa9f0bb7fd8d4a61.webp
  • p9.q####.com/video/568_320_70/t01fc565ce727769d0d.webp
  • qos.l####.360.cn/vc.gif?&bid=####&pid=####&ver=####&c_ver=####&os=####&m...
  • res.qhup####.com/360reader/disp.gif?uid=411b8e6b4e089d595f860e0777223956...
  • s####.lian####.360.cn/m/srp.gif?lm_extend=####&lmid=####&nu=####&ls=####...
  • s####.s.360.cn/ak/6766aa2750c19aad2fa1b32f36ed4aee.html?m2=####
  • s####.s.360.cn/su/index.php?k=####&av=####&slv=####&sv=####&be=####&cv=#...
  • sdk.l####.360.cn/codec?os=####&tm=####&model=####&r=####&package=####&pi...
  • sdk.l####.360.cn/rtc?os=####&tm=####&model=####&r=####&package=####&pid=...
  • sdk.l####.360.cn/sdkconf/videoplace?sign=####&u=####&version=####&sdk_ve...
  • sdk.l####.360.cn/xinxiliu_tv_android_10228.conf?os=####&tm=####&r=####&p...
  • sh####.360t####.com/171122/c867c6e2f627a813302a3a0d0d891203/FZLTHK.TTF
  • sni.c####.q####.####.net/config/hz-hzv3.conf
  • sni.c####.q####.####.net/tdata_jVg168
  • sni.c####.q####.####.net/tdata_pSF696
  • t####.c####.q####.####.com/tdata_EDT356
  • t####.me####.com/rtb?type=####&d=####&b=####&p=####&l=####&s=####&m=####...
  • trac####.v.tf.####.cn/s?type=####&r=####&tid=####&finfo=####&enup=####&m...
  • u.api.l####.####.cn/comment/hot?client_id=####&url=####&page_key=####&fr...
  • u.api.l####.####.cn/comment/lists?client_id=####&url=####&type=####&star...
HTTP POST requests:
  • amdc####.m.ta####.com/amdc/mobileDispatch?appkey=####&deviceId=####&plat...
  • api.k.36####.com/k2/api/lockscreen/config?os=####&time=####&sys=####&m2=...
  • c-h####.g####.com/api.php?format=####&t=####
  • k####.36####.com/hotrizon2/report2?os=####&time=####&sys=####&m2=####&ap...
  • k####.36####.com/k2/appconfig/getjarlist?appid=####&curEnv=####&m=####&m...
  • k####.36####.com/k2/hotrizon2/getSInfo?os=####&sys=####&psw2=a7####&ssid...
  • m3.s.3####.cn/api/v1/newid
  • p.s.3####.cn/pstat/plog.php
  • p.s.3####.cn/update/update.php?p=####
  • sdk.o####.p####.####.com/api.php?format=####&t=####
  • sh####.me####.com/adsdk?pver=####&skey=K_####
  • sh####.me####.com/adsdk?pver=####&skey=O8####
  • sh.wagbr####.aliyun####.com/man/api?ak=####&s=####
  • t####.me####.com/adsdk?pver=####&skey=DG####
  • t####.me####.com/adsdk?pver=####&skey=Em####
  • t####.me####.com/adsdk?pver=####&skey=h4####
  • t####.me####.com/adsdk?pver=####&skey=ne####
  • t####.me####.com/adsdk?pver=####&skey=vR####
  • u.api.l####.####.cn/comment/lists
  • up####.sdk.jig####.cn/v1/push/sdk/postlist
Modified file system:
Creates the following files:
  • /data/data/####/.imprint
  • /data/data/####/.jg.ic
  • /data/data/####/02467554-af58-4bf5-975a-2791ecb1546d
  • /data/data/####/06d43087-0084-4426-bb82-b1ea937aef11
  • /data/data/####/18e898a6-7659-4825-b93b-b23a30f059a1
  • /data/data/####/2033145970-602345128
  • /data/data/####/727E4F9E3DF834239309BBBDC87BC476.png
  • /data/data/####/8c87839ccb4b
  • /data/data/####/ACCS_BINDumeng;5a56c9198f4a9d0c2f0001a8.xml
  • /data/data/####/ACCS_SDK.xml
  • /data/data/####/ACCS_SDK_CHANNEL.xml
  • /data/data/####/AGOO_BIND.xml
  • /data/data/####/AKTorchDownload.db
  • /data/data/####/AKTorchDownload.db-journal
  • /data/data/####/Agoo_AppStore.xml
  • /data/data/####/Alliance.xml
  • /data/data/####/Alvin2.xml
  • /data/data/####/ContextData.xml
  • /data/data/####/DaemonServer
  • /data/data/####/FZ.TTF
  • /data/data/####/JPushSA_Config.xml
  • /data/data/####/MENU_CACHE.xml
  • /data/data/####/MessageStore.db-journal
  • /data/data/####/MsgLogStore.db-journal
  • /data/data/####/PendantConfig.xml
  • /data/data/####/QHA_JSON_PERSISTER_42998cf32d552343bc8e460416382dca
  • /data/data/####/QHDeviceFile
  • /data/data/####/QHDeviceID.lock
  • /data/data/####/QH_DeviceSDK.xml
  • /data/data/####/QH_SDK_M2.xml
  • /data/data/####/QH_SDK_UserData42998cf32d552343bc8e460416382dca.xml
  • /data/data/####/QH_SDK_UserData6766aa2750c19aad2fa1b32f36ed4aee.xml
  • /data/data/####/QH_SDK_sessionID42998cf32d552343bc8e460416382dca.xml
  • /data/data/####/TAB_CACHE.xml
  • /data/data/####/UM_PROBE_DATA.xml
  • /data/data/####/Y29tLmxpZ2h0c2t5LnZpZGVv.tick.lock
  • /data/data/####/ab_test_config.xml
  • /data/data/####/abtest_base_sp_filename42998cf32d552343bc8e4604...ca.xml
  • /data/data/####/accs.db-journal
  • /data/data/####/ad_config_file.xml
  • /data/data/####/agoo.pid
  • /data/data/####/android_player_20180724_025043_000.log_0
  • /data/data/####/appPackageNames_v2
  • /data/data/####/app_globel_config_file.xml
  • /data/data/####/auth_guide_config_sdk.xml
  • /data/data/####/b146fb63-1825-427d-8a16-fb39f3a27fba
  • /data/data/####/banner.db-journal
  • /data/data/####/cache.ttf
  • /data/data/####/channel_webview.db-journal
  • /data/data/####/cloud_config_file.xml
  • /data/data/####/cloud_push_config_file.xml
  • /data/data/####/cloud_switch_cache
  • /data/data/####/cn.jpush.android.user.profile.xml
  • /data/data/####/cn.jpush.preferences.v2.rid.xml
  • /data/data/####/cn.jpush.preferences.v2.xml
  • /data/data/####/cn.jpush.preferences.v2.xml.bak (deleted)
  • /data/data/####/com.qihoo.livecloud.settings.GPWebrtcSettings.pref.xml
  • /data/data/####/core_update
  • /data/data/####/core_update_locker
  • /data/data/####/critical_service_config.xml
  • /data/data/####/daemon_webview.db-journal
  • /data/data/####/dbfocus-journal
  • /data/data/####/dccb2efb-d0a5-455f-90bf-3402e2c16429
  • /data/data/####/device_collector
  • /data/data/####/device_collector_locker
  • /data/data/####/download-journal
  • /data/data/####/dso_deps
  • /data/data/####/dso_lock
  • /data/data/####/dso_manifest
  • /data/data/####/dso_state
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/exid.dat
  • /data/data/####/finalcore.jar
  • /data/data/####/gdaemon_20161017
  • /data/data/####/getui_sp.xml
  • /data/data/####/gx_sp.xml
  • /data/data/####/hotrizon_sharepref.xml
  • /data/data/####/http_cookie.xml
  • /data/data/####/httpdns_config_cache.xml
  • /data/data/####/i==1.2.0&&1.2.28_1532400629807_envelope.log
  • /data/data/####/info.xml
  • /data/data/####/init.pid
  • /data/data/####/init_c1.pid
  • /data/data/####/jpush_device_info.xml
  • /data/data/####/jpush_local_notification.db
  • /data/data/####/jpush_local_notification.db-journal
  • /data/data/####/jpush_local_notification.db-wal
  • /data/data/####/jpush_stat_cache.json
  • /data/data/####/jpush_stat_cache_history.json
  • /data/data/####/jpush_statistics.db
  • /data/data/####/jpush_statistics.db-journal
  • /data/data/####/jpush_statistics.db-shm (deleted)
  • /data/data/####/jpush_statistics.db-wal
  • /data/data/####/jpushservice_webview.db-journal
  • /data/data/####/libdvrender.so.tmp
  • /data/data/####/libjiagu-71411075.so
  • /data/data/####/libjplayer.so.tmp
  • /data/data/####/liblocalserver.so.tmp
  • /data/data/####/libmyssl.so.1.1.tmp
  • /data/data/####/libtranscore.so.tmp
  • /data/data/####/libviewer.so.tmp
  • /data/data/####/libyfnet_360.so.tmp
  • /data/data/####/light_sky_avast.xml
  • /data/data/####/localserver_2.0.3.18042602.zip
  • /data/data/####/locker
  • /data/data/####/log_reupload_task
  • /data/data/####/log_reupload_task_locker
  • /data/data/####/message_accs_db
  • /data/data/####/message_accs_db-journal
  • /data/data/####/msplugin_ksp.xml
  • /data/data/####/multidex.version.xml
  • /data/data/####/p.l
  • /data/data/####/player_20180724_025056_000.log_0
  • /data/data/####/player_record_2.0.3.18051401.zip
  • /data/data/####/privacy_config_file.xml
  • /data/data/####/profile_task
  • /data/data/####/profile_task_locker
  • /data/data/####/profile_torch_platform
  • /data/data/####/push.db-journal
  • /data/data/####/push.pid
  • /data/data/####/push_share.xml
  • /data/data/####/pushext.db-journal
  • /data/data/####/pushg.db-journal
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/qhvc_plugin.xml
  • /data/data/####/run.pid
  • /data/data/####/safe_user_info_file.xml
  • /data/data/####/screen_conf.xml
  • /data/data/####/session_base_sp_filename42998cf32d552343bc8e460...ca.xml
  • /data/data/####/session_base_sp_filenameandroidID.xml
  • /data/data/####/share_data.xml
  • /data/data/####/shortcut_badger_sharepref.xml
  • /data/data/####/sp.livecloud.database.xml
  • /data/data/####/sp_file_recommend_upload.xml
  • /data/data/####/tab_request_name.xml
  • /data/data/####/tdata_jVg168
  • /data/data/####/tdata_jVg168.jar
  • /data/data/####/tdata_pSF696
  • /data/data/####/tdata_pSF696.jar
  • /data/data/####/tools_2.0.3.18051401.zip
  • /data/data/####/torch_sdk_config.xml
  • /data/data/####/trans_20180724_025056_000.log_0
  • /data/data/####/um_pri.xml
  • /data/data/####/umdat.xml
  • /data/data/####/umeng_common_config.xml
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/umeng_message_state.xml
  • /data/data/####/uninstall_apk
  • /data/data/####/uninstall_apk_locker
  • /data/data/####/universalPopup.xml
  • /data/data/####/videolist.db-journal
  • /data/data/####/waitingDown
  • /data/data/####/waitingDown_locker
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal
  • /data/data/####/yf_p2p_201804191558.zip
  • /data/media/####/-B59_KIclzxKj_z_EEX0zrZUAQA.-2144473442.tmp
  • /data/media/####/.a.dat
  • /data/media/####/.adfwe.dat
  • /data/media/####/.cca.dat
  • /data/media/####/.deviceId
  • /data/media/####/.iddata
  • /data/media/####/.nomedia
  • /data/media/####/.push_deviceid
  • /data/media/####/.sfp
  • /data/media/####/.testf
  • /data/media/####/.umm.dat
  • /data/media/####/0lmXPsPEzmMQFhEOi672Ng3WAD0.-966702781.tmp
  • /data/media/####/1CQHJ-JepcMCltw5v_m74i9j6Zc.-622003570.tmp
  • /data/media/####/1U-i84DKvOWqDIjc_EIkz0KVYq0.1476332398.tmp
  • /data/media/####/1dg_IIEWIZRb5odt81963QOhHjA.-1869962669.tmp
  • /data/media/####/1oMJkUC38Z6XIIa1vmDQCb3Cs6I.2013405331.tmp
  • /data/media/####/1rmL5RkRLJpsvUDu_MMxT7SQ8bs.-1760195739.tmp
  • /data/media/####/287ba2ea955b422e8a291e9a858180f5
  • /data/media/####/28ChV15iqwVM4fo_6kCdurM9Cc0.-25623988.tmp
  • /data/media/####/2GcZ2C7DvFKhMPoppF5u6x-gGlg.531747864.tmp
  • /data/media/####/2Hs9Q_dqjLKmbuaA7HCZuV2BPWQ.-80984048.tmp
  • /data/media/####/2nc7iwfEdUJ6Upe_YvnmKnvfPSw.-833190481.tmp
  • /data/media/####/2vL
  • /data/media/####/2vL (deleted)
  • /data/media/####/3Z6AuPHRVL8n_alB_yavzXfABlo.-1513209568.tmp
  • /data/media/####/3jFxCIesnPjON4dPmcO-uVVc4WI.788767187.tmp
  • /data/media/####/42998cf32d552343bc8e460416382dca
  • /data/media/####/42aDz_LSLKhyjlSNxW-YHEIuo7k.744068046.tmp
  • /data/media/####/563d88451270471498f6057430efca19
  • /data/media/####/598Jkna2JMM8yylNJ534qk9i-1o.-1060004267.tmp
  • /data/media/####/5T48vodXRC6z_NkE_DIdKi_RG-Y.-378426464.tmp
  • /data/media/####/5UR91GU6P5kJZI0r34fctFGM9hw.112398074.tmp
  • /data/media/####/6766aa2750c19aad2fa1b32f36ed4aee
  • /data/media/####/6766aa2750c19aad2fa1b32f36ed4aee (deleted)
  • /data/media/####/6766aa2750c19aad2fa1b32f36ed4aee.tmp
  • /data/media/####/6VzzC07JSEQODUKPvcU_1em1xjk.762725475.tmp
  • /data/media/####/6cbJMsEb3ghxT6BO3ljDsEIK0pw.-232739348.tmp
  • /data/media/####/89bd797313b44989a6b353cac4d9ce93
  • /data/media/####/93ji4uWjtkA7qB7gqQazwZwZzlQ.255625716.tmp
  • /data/media/####/9IQZT3bFuY019_srUriFRxyqIVs.-1509613058.tmp
  • /data/media/####/9WxOB7OObra2rR9nYPhkm4nq3yk.-499960358.tmp
  • /data/media/####/9XIpP_9G31P0HzIYmy-wMCSUVCE.-1844208673.tmp
  • /data/media/####/9iqMGbz0yUtdw2Q9TL5qUrCL9lM.-1946288387.tmp
  • /data/media/####/Alvin2.xml
  • /data/media/####/BbJnhJhK_UfvoZVupVU0Fv8N_gU.-1311000149.tmp
  • /data/media/####/BhPKFBgy9wQHWUp8-ANs6xKBaJU.-658757456.tmp
  • /data/media/####/C2vWv0GuHFNLv26pBNySqB6PR2A.10767883.tmp
  • /data/media/####/ContextData.xml
  • /data/media/####/CrYGQZ7Y0ehgkYGCpIKjH6MGIfU.297324592.tmp
  • /data/media/####/DdXwwj6UEUZCSmP_9M3zaZO313g.125591529.tmp
  • /data/media/####/Dqk0tgrEttBKquzSL3bI8TUxvCA.1775129977.tmp
  • /data/media/####/E1Y5MqGl0Z4prHac2J4aRp3aaG8.-1324000048.tmp
  • /data/media/####/E5s4Grh6qvBDxaEqItK-72sxn5Q.-1473775885.tmp
  • /data/media/####/EXiaKbqwOOgKNPd0EfJjagWTKSs.-826421118.tmp
  • /data/media/####/Ew6YZn3o7eCC8xXjaT6zsn52Sgo.-1558408720.tmp
  • /data/media/####/Exxm2-T-y2ZOXwbwI07Z_p3Xegw.1078187187.tmp
  • /data/media/####/FVsj59rT3SBv6_Vmr6YkLbmR_QM.-1111684813.tmp
  • /data/media/####/GEXXEp7QC0HhYYUVfqhfsXMe0vQ.-729515772.tmp
  • /data/media/####/GdVCqd5wrz94dGgu_DB0RAQU1c8.131272223.tmp
  • /data/media/####/Gi237f0nHbG7g4WiRB3nDuAgYcE.-740010561.tmp
  • /data/media/####/InSU2fsN-ZfHFMKb9JX7IMI289g.156293130.tmp
  • /data/media/####/JtZv3MVSOyNZNiv5A7RkM0KXI6k.1560413837.tmp
  • /data/media/####/Juqd36wtfr2Tckid29QqRytQIiU.-1201132953.tmp
  • /data/media/####/L-2gxPBFRcmltJKr4LX3qemzzv0.1993976789.tmp
  • /data/media/####/LkM09u4ppDZ9G-IybpQVGT_-Czs.-609830186.tmp
  • /data/media/####/M3G
  • /data/media/####/M3G (deleted)
  • /data/media/####/MA1VpN8SfPePK_2TC5sj2rev6P8.1691795335.tmp
  • /data/media/####/MY55yJIckldyus1h_hmgSO4AD_w.1299093283.tmp
  • /data/media/####/MYGQRxaU8tjUBiYshFtx9Gzht7Q.-1330205276.tmp
  • /data/media/####/MdzkIMMnw-Pqb_s9BIRWUNs4v1g.818682599.tmp
  • /data/media/####/NSq5IFTu5TwICSf7iatSn5u-QIE.553505374.tmp
  • /data/media/####/NXK5WkkgckL97_Xs6vqQVUPsog0.805838821.tmp
  • /data/media/####/NeX5sPhhibHwo8CF38iqSiFVC8s.1994860383.tmp
  • /data/media/####/NlzJnT0cy74hzEp6WptBQozakhA.137656875.tmp
  • /data/media/####/NnmGeq04PXx010rV73a2x8m-1Oo.1992259341.tmp
  • /data/media/####/NpINPGrsjzEIqoobSL8rzFOD9_c.-1950852164.tmp
  • /data/media/####/O5Q5kIU7-0JTlquzdMXicXaPML8.1418827418.tmp
  • /data/media/####/OBsFdNaPqU7Efx_jWRsSbOorSBk.-1993405230.tmp
  • /data/media/####/P65KnuDR66FwhkgL3KscWJ-wUeU.-1049014167.tmp
  • /data/media/####/PXGdgBpVxH327ipknn9PLp0Rlqw.2134086279.tmp
  • /data/media/####/QHiQFm80p8FYYjoAoIYkQB0OP5A.9267623.tmp
  • /data/media/####/Qt6RAt3fQzVpYav-E6MTKs3Jwo8.2070546745.tmp
  • /data/media/####/RM3mGAkK7eGxCYMs9IL1Wt7bukE.-1997378862.tmp
  • /data/media/####/RgAC3I9iVmT3RcMI1bN2g0HF5As.-713168525.tmp
  • /data/media/####/SCK3rxaHcBxnuHmBbX-GVWRUGho.-442290397.tmp
  • /data/media/####/SD2LDJY79xRM9i0g4WcqiFCa4YA.-931367237.tmp
  • /data/media/####/SPmPWPp0w7vNGeNzuAcVHYFV4z8.393548225.tmp
  • /data/media/####/SQNBeHbDRSCwwAzMAohtGYnMzs4.-183816437.tmp
  • /data/media/####/ShHmucqzXU1dzwYsL8asfAajafI.-1078302813.tmp
  • /data/media/####/Sphg3MCJwC2j3UtW5tZwpxW2aYw.1983176159.tmp
  • /data/media/####/T0nyizcxCsX1xsI8sqg_RMlN9OM.2085299585.tmp
  • /data/media/####/Ts431XkuQlCvLx8huALTueivsZM.1749140497.tmp
  • /data/media/####/U893FIwZKHMs9BnyKb8-uqFQlEU.865166475.tmp
  • /data/media/####/UbeD_K1taFZvviBbij_xQ6TV0PY.1224539678.tmp
  • /data/media/####/Ut8FFfuhiEXNMEqYXmNPP8M58OE.-234593711.tmp
  • /data/media/####/VIo116IL3ucGWkEcI6p47umTgR4.-1627938924.tmp
  • /data/media/####/VVE6oN4OggNpl7Klr6BcacCg87k.-1430976504.tmp
  • /data/media/####/VyFyMFmZK2bUurZgWHCb0ZwUrqI.-1482078313.tmp
  • /data/media/####/W1s2y4DvoyLbSH5Y_ml_RWXx5Sc.-1992589725.tmp
  • /data/media/####/WCcZjdiAtUKnAmFhxR86a7Yjrfg.-1565737354.tmp
  • /data/media/####/WKuiYPwCIoN2xi3gufJgzgy-DuM.-523208661.tmp
  • /data/media/####/WQFxedkqF7R1Z7vMUvIKvT_N8O0.180640228.tmp
  • /data/media/####/WTmCliPmMtoSs-8-REtYAFn-LMA.-1797314913.tmp
  • /data/media/####/WYyIhksfybSdr2grMzvle2mm4Y8.901569830.tmp
  • /data/media/####/WgZdHR_5KD8TXaZpdTX-kQOnRBE.-507464162.tmp
  • /data/media/####/WhmtwycCuuleegbuzrvz6KsM3A8.-26265929.tmp
  • /data/media/####/XZO1Kaqm_3y-lPMNP3IETMqj7fo.-2112907484.tmp
  • /data/media/####/XZZvkS93rctQFyJApHRHXkvUAZ8.527291645.tmp
  • /data/media/####/Xp5y_Vpw1BCB1HFqDl0oE0_87x8.157413632.tmp
  • /data/media/####/Y29tLmxpZ2h0c2t5LnZpZGVv
  • /data/media/####/Y29tLmxpZ2h0c2t5LnZpZGVv (deleted)
  • /data/media/####/Y3BHReMPTr6je2EFqGxuAMS6p9A.1136038629.tmp
  • /data/media/####/YNzt2PBRx9LViGD0BJrN5bI2Yv0.-535977371.tmp
  • /data/media/####/YbzRa6zW-1RCTZed96KnDxgJrXE.1175615835.tmp
  • /data/media/####/ZllXLptJAtcWtAGtuDyynfT-Oic.-740231327.tmp
  • /data/media/####/__VERSION__
  • /data/media/####/adB
  • /data/media/####/adB (deleted)
  • /data/media/####/amsnv53BV3mtBvdJiK3au2poWCM.-1626205977.tmp
  • /data/media/####/app.db
  • /data/media/####/aqbgjzlLdJmxT2dC8l-Z-XzXpN0.1666837826.tmp
  • /data/media/####/avast_done
  • /data/media/####/b05ce39c1fe9e72dc1df70989e7e6d14
  • /data/media/####/cHHBXyRLqJdPTuPku3bx0hbZ4FE.797875754.tmp
  • /data/media/####/cP2Dd7QDJjVJlXmBDNSPYcwhFPU.479388759.tmp
  • /data/media/####/cUB7TY9Kg84lagxHzP6jxqtpP6E.1423463732.tmp
  • /data/media/####/com.getui.sdk.deviceId.db
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/com.lightsky.video.bin
  • /data/media/####/com.lightsky.video.db
  • /data/media/####/csM41jyLFJQ1cjwGcGIBEq0Cyxs.-1576022796.tmp
  • /data/media/####/d44e407939744301854c9ca57a4ec255
  • /data/media/####/dJh5obFL-CdmOIRCBsOAADRRzjg.752971174.tmp
  • /data/media/####/dJh5obFL-CdmOIRCBsOAADRRzjg.cnt
  • /data/media/####/dOO8IgA7eSjsg3yfn4sa4wPbvx0.-2120765805.tmp
  • /data/media/####/data.lock
  • /data/media/####/deviceToken
  • /data/media/####/dmewFKdfdZYyp0p38RVXriHOBoc.-1040837721.tmp
  • /data/media/####/dsCqGbBnKWZai2BC-Efroq338OA.-983754598.tmp
  • /data/media/####/dsNWJ-LF81kqPyk08pc-FqUca18.1003825359.tmp
  • /data/media/####/eFs2KnsYt2hWysFzmhZVJWuem6E.-2003020736.tmp
  • /data/media/####/fj7fFCUYdCJ3SHxBbpI7LzWB_pY.-769169002.tmp
  • /data/media/####/g4flmSvRSDsnBB5ZTmQyU_7HXak.1583022629.tmp
  • /data/media/####/g4y9aSph2Bsl6olOA138IoBbWjM.938581348.tmp
  • /data/media/####/gK63zm-vt4aNaztP5-sFRwDbxj0.-1110252550.tmp
  • /data/media/####/gROuD5LhAPSVYtHEFNevT_0BzTM.454283815.tmp
  • /data/media/####/gjWqgZ46eU26-w4t2PMDu8XnEUQ.-275280669.tmp
  • /data/media/####/hPeYjAp5sD_izMHBTekAcFZP_Xo.-968106838.tmp
  • /data/media/####/htASl1ZPz_Q_0gQo-AHNYs9Hozc.-1921289974.tmp
  • /data/media/####/i-VZedL3PgZ_34O8yPRQm1l-voY.402391217.tmp
  • /data/media/####/iHzNgms7aEB06IAll7ijaPYQEyQ.1584867369.tmp
  • /data/media/####/iTc5XrBr-0OOPwRHQd1PeOL9psE.1357715293.tmp
  • /data/media/####/iXCm36XH8qffyYKYm7ipX1uCQOQ.167123226.tmp
  • /data/media/####/ihsEXRbtBOSO8_yFIKRtB7N2CUQ.574277171.tmp
  • /data/media/####/jHJxYV3pGTmIiY86udicqro84pA.350878076.tmp
  • /data/media/####/jcSAOr9jGZwkhQZMXMgqUBAFH0c.-1643166435.tmp
  • /data/media/####/jeYjSvMQXjSbCKtfxcw0YZF3kK8.-1527238051.tmp
  • /data/media/####/jkdMVHCwR-ZBlAoe-hT2K1W3v1Q.-605411847.tmp
  • /data/media/####/jwmqIiJJla-H-eEy7gvd4tf3NgY.1445471384.tmp
  • /data/media/####/jxe7mHzFL35fEPbkV5HoIoiPPSs.105924059.tmp
  • /data/media/####/k54-cTJ9Q96YX_9V_2hMJYM1hZA.1302332943.tmp
  • /data/media/####/kjQuP6ZaAHR6Jv9eOLv0ovG0tVE.1430399842.tmp
  • /data/media/####/kwpKRNV4YlNou-2AaBCtOAOHavw.1811088454.tmp
  • /data/media/####/lU9
  • /data/media/####/lU9 (deleted)
  • /data/media/####/la80tTBwsvi-5PApwIJy8V2mcRg.804366787.tmp
  • /data/media/####/mVEtHwqEgGlpynIEhwY4FVY1zWQ.2128318414.tmp
  • /data/media/####/mqwnmYgUVe9998c34TCSUqHrDeM.-1268456348.tmp
  • /data/media/####/mtsW1-Lsq76V5jePK9Q0fDEnuaU.1360351781.tmp
  • /data/media/####/mutqLQFmgNUQbkmCVyWII6MLS14.-880960551.tmp
  • /data/media/####/n8Yu_2f08c32wq5tC1gF2Zo94DQ.-900722799.tmp
  • /data/media/####/noqfCQNLHqEOOPUZ9Q-McM0wr4o.-1032775798.tmp
  • /data/media/####/nqajMLKzmWsjxKpMCNrWd3oB2oI.2080375957.tmp
  • /data/media/####/oHTwTcp-OoyF98WFIPb_P-9oC_0.-2006720346.tmp
  • /data/media/####/oHsqVwC39n7kpJsJwr7VLxL3rik.1778816898.tmp
  • /data/media/####/oRpDRjII9wEx84noqfHF-Ilc02E.-961030966.tmp
  • /data/media/####/ocS704dw0D9QsPT1o8QsbK0c2vE.-1214487549.tmp
  • /data/media/####/pZpHMdUiZC64oZKkXeu83rpTCB8.876394882.tmp
  • /data/media/####/pjc5QCCtxaxHytrZl3NFMnu42ao.-1759670705.tmp
  • /data/media/####/pvI8mGKCER4-fINSRq2-8deBtUg.309823725.tmp
  • /data/media/####/qLEWOszDfdfG3lcCGWKMJwd1360.1478632145.tmp
  • /data/media/####/qXg-6Kx2sOuMIu1pURqPjHaQi4E.-2059494266.tmp
  • /data/media/####/report.lock
  • /data/media/####/roW4VjBSlQ8sPBp4Me4rOoCRJwk.-1287076576.tmp
  • /data/media/####/tQR
  • /data/media/####/tQR (deleted)
  • /data/media/####/tdata_jVg168
  • /data/media/####/tdata_pSF696
  • /data/media/####/test.log
  • /data/media/####/ui7JF944FTFGTMGYMgK6fRWFIg0.1268301934.tmp
  • /data/media/####/uninstall_apk_list
  • /data/media/####/vAdTJ2sCw9_3tH2s5B3wi_8nP-g.1337133040.tmp
  • /data/media/####/v_1tAkbiIE0UkGG9ax_jVZ6NPUc.260148803.tmp
  • /data/media/####/vuJVPRce9tunzgwRdFPV2PzXoPs.-740122655.tmp
  • /data/media/####/xBVNS6pL3dOjxpIZCEPXgzTmmmM.128527259.tmp
  • /data/media/####/xUm-uHLZseen7-xzU1dB1QKFots.1279099754.tmp
  • /data/media/####/xrUFGk3_2o9oSySziDtOdmkPicA.1416252327.tmp
  • /data/media/####/xwrf7dy69-6YmWLEZ_OY097m6jY.-1521147499.tmp
  • /data/media/####/y5G3381wrz8PHDyJKe-IRKiSsiY.1246305111.tmp
  • /data/media/####/yKQKT-w-puqJFDpihLc6wtqxMRo.-664366902.tmp
  • /data/media/####/yiDEbnuRI0nmWDX1xnqwPzJ32k0.-2019636861.tmp
  • /data/media/####/yuLdN0AXksrZeDMa860ghJEASlE.-766358558.tmp
  • /data/media/####/zAuSoPo0aJDSOs4CUP8EuB_wnhA.1687116154.tmp
  • /data/media/####/zKVYwwVlr82lveRaMmYHES7mZ_k.21434725.tmp
  • /data/media/####/zaP9BQbwzeoFMPtgI34NOjtWt48.-76423701.tmp
  • /data/media/####/zmsPNJkoy6Otv723xj4HgK4W2bs.2084254256.tmp
  • /data/media/####/zucBdtjjyF6ceazYeIy8kvn3yB0.1547580659.tmp
Miscellaneous:
Executes next shell scripts:
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  • /system/xbin/which su
  • <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:5a56c9198f4a9d0c2f0001a8","utdid":"W1aT8qt/Ra4DAGdzx1HsoXxV","sdkVersion":"221"} -I agoodm.m.taobao.com -O 80 -T -Z
  • <Package Folder>/files/gdaemon_20161017 0 <Package>/com.qihoo.qpush.sdk.GeTuiPushService 24825 300 0
  • cat /proc/version
  • cat /sys/class/net/wlan0/address
  • chmod 500 <Package Folder>/files/DaemonServer
  • chmod 700 <Package Folder>/files/gdaemon_20161017
  • chmod 755 <Package Folder>/.jiagu/libjiagu-71411075.so
  • ls /
  • ls /sys/class/thermal
  • mount
  • sh
  • sh <Package Folder>/files/gdaemon_20161017 0 <Package>/com.qihoo.qpush.sdk.GeTuiPushService 24825 300 0
Loads the following dynamic libraries:
  • GPBreakpad
  • getuiext2
  • jcore120
  • libdvrender
  • libimagepipeline
  • libjiagu-71411075
  • libjplayer
  • liblocalserver
  • libtranscore
  • libviewer
  • libyfnet_360
  • tnet-3.1
Uses the following algorithms to encrypt data:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS7Padding
  • DES
  • RSA-ECB-PKCS1Padding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
  • RSA-None-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-NoPadding
  • DES
Uses elevated priveleges.
Uses special library to hide executable bytecode.
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about installed applications.
Gains access to information about running applications.
Gains access to information about accounts (Google, Facebook, etc.) registered on the device.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play