ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Adware.Gexin.519

Added to the Dr.Web virus database: 2018-07-24

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.2.origin
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) p2.q####.com:80
  • TCP(HTTP/1.1) t####.me####.com:80
  • TCP(HTTP/1.1) sh####.360t####.com:80
  • TCP(HTTP/1.1) up####.sdk.jig####.cn:80
  • TCP(HTTP/1.1) p6.q####.com:80
  • TCP(HTTP/1.1) qos.l####.360.cn:80
  • TCP(HTTP/1.1) trac####.v.tf.####.cn:80
  • TCP(HTTP/1.1) api.k.36####.com:80
  • TCP(HTTP/1.1) s####.l####.360.####.com:80
  • TCP(HTTP/1.1) sdk.o####.p####.####.com:80
  • TCP(HTTP/1.1) c-h####.g####.com:80
  • TCP(HTTP/1.1) s####.s.360.cn:80
  • TCP(HTTP/1.1) p1.q####.com:80
  • TCP(HTTP/1.1) u.api.l####.####.cn:80
  • TCP(HTTP/1.1) ab####.m.s.####.cn:80
  • TCP(HTTP/1.1) k####.36####.com:80
  • TCP(HTTP/1.1) amdc####.m.ta####.com:80
  • TCP(HTTP/1.1) sni.c####.q####.####.net:80
  • TCP(HTTP/1.1) sdk.l####.360.cn:80
  • TCP(HTTP/1.1) p.s.3####.cn:80
  • TCP(HTTP/1.1) sh.wagbr####.aliyun####.com:80
  • TCP(HTTP/1.1) p9.q####.com:80
  • TCP(HTTP/1.1) m3.s.3####.cn:80
  • TCP(TLS/1.0) msg.umengc####.com:443
  • TCP(TLS/1.0) t####.me####.com:443
  • TCP(TLS/1.0) app.k.36####.com:443
  • TCP(TLS/1.0) mdm.ope####.360.cn:443
  • TCP(TLS/1.0) 2####.107.1.97:443
  • TCP(TLS/1.0) sh.wagbr####.alibaba####.com:443
  • TCP(TLS/1.0) s####.tf.360.cn:443
  • TCP(TLS/1.0) sdkc####.e.360.cn:443
  • TCP(TLS/1.0) cc.p####.dc.####.cn:443
  • TCP(TLS/1.0) api####.me####.com:443
  • TCP(TLS/1.0) s####.j####.cn:443
  • TCP sdk.o####.t####.####.com:5224
  • TCP ope####.m.ta####.com:443
  • TCP 1####.121.49.95:7007
  • TCP umengj####.m.ta####.com:80
  • UDP s.j####.cn:19000
  • TCP 1####.163.230.185:80
  • TCP 1####.52.236.14:5227
DNS requests:
  • 7j####.c####.z0.####.com
  • a####.man.aliy####.com
  • ab####.m.s.####.cn
  • ag####.m.ta####.com
  • amdc####.m.ta####.com
  • api####.me####.com
  • api.k.36####.com
  • app.k.36####.com
  • app.v.k.####.com
  • c####.g####.ig####.com
  • c-h####.g####.com
  • cc.p####.dc.####.cn
  • k####.36####.com
  • m####.me####.com
  • m3.s.3####.cn
  • mdm.ope####.360.cn
  • msg.umengc####.com
  • p.s.3####.cn
  • p0.q####.com
  • p1.q####.com
  • p10.qhi####.com
  • p17.q####.com
  • p2.q####.com
  • p3.q####.com
  • p4.q####.com
  • p5.q####.com
  • p6.q####.com
  • p7.q####.com
  • p8.q####.com
  • p9.q####.com
  • plb####.u####.com
  • qos.l####.360.cn
  • s####.j####.cn
  • s####.l####.360.cn
  • s####.s.360.cn
  • s####.tf.360.cn
  • s.j####.cn
  • sdk.c####.ig####.com
  • sdk.l####.360.cn
  • sdk.l####.360.cn
  • sdk.me####.com
  • sdk.o####.p####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.net
  • sdkc####.e.360.cn
  • sh####.360t####.com
  • sh####.me####.com
  • t####.me####.com
  • trac####.v.tf.####.cn
  • u####.u####.com
  • u.api.l####.####.cn
  • umen####.m.ta####.com
  • umengj####.m.ta####.com
  • up####.sdk.jig####.cn
HTTP GET requests:
  • ab####.m.s.####.cn/abtest/cloud.so?appkey=####&dt=####&os=####&ov=####&m...
  • k####.36####.com//k2/appconfig/getjar?appid=####&m=####&m2=####&ch=####&...
  • k####.36####.com/hotrizon2/appConfig?os=####&use_gear=####&time=####&sys...
  • k####.36####.com/hotrizon2/channelnew?m2=####&appid=####&m=####&ch=####&...
  • k####.36####.com/hotrizon2/list?svc=####&kw=####&os=####&ckw=####&sys=##...
  • k####.36####.com/hotrizon2/list?svc=####&os=####&sys=####&direction=####...
  • k####.36####.com/hotrizon2/play?id=####&m2=####&strategy=####&appid=####...
  • k####.36####.com/k2/api/privacy/config?appid=####&m=####&m2=####&ch=####...
  • k####.36####.com/k2/appconfig/getAbRole?os=####&time=####&sys=####&m2=##...
  • k####.36####.com/k2/appconfig/getNewinfo?appid=####&m=####&m2=####&ch=##...
  • k####.36####.com/k2/appconfig/getRedpackPop?appid=####&m=####&m2=####&ch...
  • k####.36####.com/k2/appconfig/getpopup?appid=####&m=####&m2=####&ch=####...
  • k####.36####.com/k2/hotrizon2/aconfig?appid=####&m=####&m2=####&ch=####&...
  • k####.36####.com/k2/hotrizon2/gettime?os=####&sys=####&m2=####&appid=###...
  • p1.q####.com/dr/160_160_/t0178f4940163b7d350.png
  • p1.q####.com/dr/_100_70/t0105b3993f7ae6b6c4.jpg
  • p1.q####.com/dr/_100_70/t010db6316df570a249.jpg
  • p1.q####.com/dr/_100_70/t014db22d1b64f78547.jpg
  • p1.q####.com/dr/_100_70/t01a7b95ebe3384f0b9.png
  • p1.q####.com/dr/_100_70/t01ccc35c2f97b2ac0b.jpg
  • p1.q####.com/dr/_100_70/t01e1c4605316df4e6b.jpg
  • p1.q####.com/dr/_100_70/t01f56fa7c26ca5b688.jpg
  • p1.q####.com/dr/_280_50/t010bd35fba152ab1c6.webp
  • p1.q####.com/dr/_280_50/t010f7b287bf03e121b.webp
  • p1.q####.com/dr/_280_50/t013754e4791d9a90ec.webp
  • p1.q####.com/dr/_280_50/t013ae1d40036b081f2.webp
  • p1.q####.com/dr/_280_50/t016d291a9e8e0658c3.webp
  • p1.q####.com/dr/_280_50/t01921d60bbfc1500e0.webp
  • p1.q####.com/dr/_280_50/t01c2e8fe5ab6b99dbd.webp
  • p1.q####.com/t010bf613c949a881bf.jpg
  • p1.q####.com/t01153c265593f3258e.jpg
  • p1.q####.com/t013db82533aa9e5a9a.jpg
  • p1.q####.com/t0163f37d1ec288f88d.jpg
  • p1.q####.com/t0178bccfe750f110a1.jpg
  • p1.q####.com/t018a76b42c2a942173.jpg
  • p1.q####.com/t018af40d754eb2552d.jpg
  • p1.q####.com/t019f6478307ad0eea6.jpg
  • p1.q####.com/t01a6e5f1d80e698090.jpg
  • p1.q####.com/t01ae70f3f6372b712d.jpg
  • p1.q####.com/t01c1ff533a19145140.jpg
  • p1.q####.com/t01c94347ad9cab8684.jpg
  • p1.q####.com/t01e69681fa8d4220ab.jpg
  • p1.q####.com/t01eabeb32c4ae93244.jpg
  • p1.q####.com/t01f0970329b0fe4159.jpg
  • p1.q####.com/t01f9458c7931fe73bc.jpg
  • p1.q####.com/video/568_320_70/t0152d72f817c788f71.webp
  • p1.q####.com/video/568_320_70/t018b4ba133c3affd7a.webp
  • p1.q####.com/video/568_320_70/t01c0e18c293d6b716a.webp
  • p1.q####.com/video/568_320_70/t01e0918d63fa1b26c3.webp
  • p1.q####.com/video/568_320_70/t01f3597c74d23edea2.webp
  • p2.q####.com/dr/_100_70/t01a07f5074944acd6d.jpg
  • p2.q####.com/t01368485bff87e3e5b.jpg
  • p2.q####.com/t015de5881b00852f79.jpg
  • p2.q####.com/t019ed52be13850ecf0.jpg
  • p2.q####.com/t01ae4aad20279e7f68.png
  • p2.q####.com/t01c284e24d09f6b14d.jpg
  • p6.q####.com/dr/_100_70/t016e9eafed57f4dda6.jpg
  • p6.q####.com/t0147eeb331a280d627.jpg
  • p6.q####.com/t0182d92993563c5d99.jpg
  • p6.q####.com/t018a091efca6865662.jpg
  • p6.q####.com/t019a1595c125875918.jpg
  • p6.q####.com/video/568_320_70/t01c2e8fe5ab6b99dbd.webp
  • p9.q####.com/dr/_100_70/t0107cc23026ad3f6fb.jpg
  • p9.q####.com/dr/_100_70/t01099963ac4eea233e.jpg
  • p9.q####.com/dr/_100_70/t0115de3e6dfb91b8ae.jpg
  • p9.q####.com/dr/_100_70/t01282209c4248e2890.jpg
  • p9.q####.com/dr/_100_70/t0141fb9eff233f1ab3.jpg
  • p9.q####.com/dr/_100_70/t0146fb0db201cfdf34.jpg
  • p9.q####.com/dr/_100_70/t01496616fc6b9ea125.jpg
  • p9.q####.com/dr/_100_70/t0149f6874b3afe82fa.jpg
  • p9.q####.com/dr/_100_70/t014d4c6c39fd04a431.jpg
  • p9.q####.com/dr/_100_70/t014fe1e641932e2e3f.jpg
  • p9.q####.com/dr/_100_70/t0178a8a4c48f7bf7ac.jpg
  • p9.q####.com/dr/_100_70/t017dc1ec3c8dfcb433.jpg
  • p9.q####.com/dr/_100_70/t0181468424c7f200a7.jpg
  • p9.q####.com/dr/_100_70/t01850fafdd07a51d21.jpg
  • p9.q####.com/dr/_100_70/t018c76262e605c6a57.jpg
  • p9.q####.com/dr/_100_70/t0191463f3add10b233.jpg
  • p9.q####.com/dr/_100_70/t01932739a5dd85b42b.jpg
  • p9.q####.com/dr/_100_70/t01a955751422ba0884.jpg
  • p9.q####.com/dr/_100_70/t01bceba8120ae73c07.jpg
  • p9.q####.com/dr/_100_70/t01c20368d171c95449.jpg
  • p9.q####.com/dr/_100_70/t01deaf8716ab827c36.jpg
  • p9.q####.com/dr/_100_70/t01e1ba86583d212355.jpg
  • p9.q####.com/dr/_100_70/t01e298ed52bafdc5e6.jpg
  • p9.q####.com/dr/_100_70/t01ed5ba5e3a45f227a.jpg
  • p9.q####.com/dr/_100_70/t01fb797d2127631f0b.jpg
  • p9.q####.com/dr/_100_70/t01fd6f7ba268a84c2d.jpg
  • p9.q####.com/dr/_100_70/t01fe5967892cc01e9f.jpg
  • p9.q####.com/t010db8c55ccd0aa347.jpg
  • p9.q####.com/t011cacd50c6b7080b3.png
  • p9.q####.com/t0127dc29e45e260edd.jpg
  • p9.q####.com/t012eed110d8121aa2d.jpg
  • p9.q####.com/t0164a008ec47604ab6.jpg
  • p9.q####.com/t018a76b42c2a942173.jpg
  • p9.q####.com/t018a9cc33fe4135800.jpg
  • p9.q####.com/t0199c6d41d27da8142.jpg
  • p9.q####.com/t01c3fccec2a8e82eca.png
  • p9.q####.com/t01d2969abcc5ec820f.jpg
  • p9.q####.com/video/568_320_70/t010210a0ae0c08a007.webp
  • p9.q####.com/video/568_320_70/t01041259f5602a3996.webp
  • p9.q####.com/video/568_320_70/t0106001c05e944d8f9.webp
  • p9.q####.com/video/568_320_70/t0106866ce87aa37d4b.webp
  • p9.q####.com/video/568_320_70/t010712b65213bb9995.webp
  • p9.q####.com/video/568_320_70/t01076c34fa71e20e61.webp
  • p9.q####.com/video/568_320_70/t0107fee7ed03f3cdc6.webp
  • p9.q####.com/video/568_320_70/t0108958d220064cf31.webp
  • p9.q####.com/video/568_320_70/t010991e01e1166bfc4.webp
  • p9.q####.com/video/568_320_70/t010bd35fba152ab1c6.webp
  • p9.q####.com/video/568_320_70/t010f7b287bf03e121b.webp
  • p9.q####.com/video/568_320_70/t010f8200c2b1f43eb4.webp
  • p9.q####.com/video/568_320_70/t0110180b02993d6274.webp
  • p9.q####.com/video/568_320_70/t011132fd58024e6178.webp
  • p9.q####.com/video/568_320_70/t011192064010aef306.webp
  • p9.q####.com/video/568_320_70/t0113a9fdbd8dc84ab0.webp
  • p9.q####.com/video/568_320_70/t012364985fe731bd16.webp
  • p9.q####.com/video/568_320_70/t012471431d243e68af.webp
  • p9.q####.com/video/568_320_70/t0125d36fac08256837.webp
  • p9.q####.com/video/568_320_70/t012d5d8dac0a620925.webp
  • p9.q####.com/video/568_320_70/t01313046d14f25b553.webp
  • p9.q####.com/video/568_320_70/t0133370ebc229972de.webp
  • p9.q####.com/video/568_320_70/t013366fcef72342edc.webp
  • p9.q####.com/video/568_320_70/t013426e2f31a0c5729.webp
  • p9.q####.com/video/568_320_70/t0136ef3c1a8d659417.webp
  • p9.q####.com/video/568_320_70/t013754e4791d9a90ec.webp
  • p9.q####.com/video/568_320_70/t013ae1d40036b081f2.webp
  • p9.q####.com/video/568_320_70/t013c044b9d40540025.webp
  • p9.q####.com/video/568_320_70/t013d47d76669ddc75e.webp
  • p9.q####.com/video/568_320_70/t0145af85284d1b6b2c.webp
  • p9.q####.com/video/568_320_70/t014bf289d1b60ce45a.webp
  • p9.q####.com/video/568_320_70/t014c91711d0ccbac38.webp
  • p9.q####.com/video/568_320_70/t01519e1405993ea6d6.webp
  • p9.q####.com/video/568_320_70/t0151dfa0e26bf4c187.webp
  • p9.q####.com/video/568_320_70/t01532fa0d76743eae5.webp
  • p9.q####.com/video/568_320_70/t01574f5d6f4fb23a14.webp
  • p9.q####.com/video/568_320_70/t015b888904d6b2172c.webp
  • p9.q####.com/video/568_320_70/t015c7b6ad72e556928.webp
  • p9.q####.com/video/568_320_70/t0163a5341d49b5f0f7.webp
  • p9.q####.com/video/568_320_70/t0168d26e61751780cb.webp
  • p9.q####.com/video/568_320_70/t016d291a9e8e0658c3.webp
  • p9.q####.com/video/568_320_70/t016ec9a07ed92b2ac2.webp
  • p9.q####.com/video/568_320_70/t01703cc3ca130dcbc6.webp
  • p9.q####.com/video/568_320_70/t017265e8b1cc048463.webp
  • p9.q####.com/video/568_320_70/t01736724bb8943aaf2.webp
  • p9.q####.com/video/568_320_70/t01781dbb29cc0f3e04.webp
  • p9.q####.com/video/568_320_70/t017c0ac139cf34b1b9.webp
  • p9.q####.com/video/568_320_70/t01819d70d38fc0d0ac.webp
  • p9.q####.com/video/568_320_70/t018d918160119ce6c8.webp
  • p9.q####.com/video/568_320_70/t018ee4b447e02eaf59.webp
  • p9.q####.com/video/568_320_70/t01921d60bbfc1500e0.webp
  • p9.q####.com/video/568_320_70/t0192f02c43515755eb.webp
  • p9.q####.com/video/568_320_70/t01960e8cd500be9654.webp
  • p9.q####.com/video/568_320_70/t01995e56a61611b409.webp
  • p9.q####.com/video/568_320_70/t019d93f6d52688d885.webp
  • p9.q####.com/video/568_320_70/t01aa3684a50024d651.webp
  • p9.q####.com/video/568_320_70/t01abc89940566cd2d6.webp
  • p9.q####.com/video/568_320_70/t01ad054195ced35c11.webp
  • p9.q####.com/video/568_320_70/t01ad6e37533062a230.webp
  • p9.q####.com/video/568_320_70/t01af05d356de9ef105.webp
  • p9.q####.com/video/568_320_70/t01c315963ac0ed88f7.webp
  • p9.q####.com/video/568_320_70/t01c59b7570642a4e47.webp
  • p9.q####.com/video/568_320_70/t01c99440460866c0c7.webp
  • p9.q####.com/video/568_320_70/t01ca2627d4dd13553d.webp
  • p9.q####.com/video/568_320_70/t01cc400b2c4029d13e.webp
  • p9.q####.com/video/568_320_70/t01d31f4a86aea28721.webp
  • p9.q####.com/video/568_320_70/t01d66dd8379237d317.webp
  • p9.q####.com/video/568_320_70/t01dc15475781ccfd28.webp
  • p9.q####.com/video/568_320_70/t01dde3707320884b94.webp
  • p9.q####.com/video/568_320_70/t01ea9fc5db7ee50948.webp
  • p9.q####.com/video/568_320_70/t01eeb9a5cc5b8a7b62.webp
  • p9.q####.com/video/568_320_70/t01f093803b78595be4.webp
  • p9.q####.com/video/568_320_70/t01f0cd31aa02d25681.webp
  • p9.q####.com/video/568_320_70/t01fe4bcff608fb4999.webp
  • qos.l####.360.cn/vc.gif?&bid=####&pid=####&ver=####&c_ver=####&os=####&m...
  • s####.l####.360.####.com/Object.getFile/livecloudsdk/YW5kcm9pZF9wbHVnaW5...
  • s####.l####.360.####.com/Object.getFile/livecloudsdk/cGx1Z2luX3lmX3AycF8...
  • s####.s.360.cn/ak/6766aa2750c19aad2fa1b32f36ed4aee.html?m2=####
  • s####.s.360.cn/su/index.php?k=####&av=####&slv=####&sv=####&be=####&cv=#...
  • sdk.l####.360.cn/codec?os=####&tm=####&model=####&r=####&package=####&pi...
  • sdk.l####.360.cn/rtc?os=####&tm=####&model=####&r=####&package=####&pid=...
  • sdk.l####.360.cn/xinxiliu_tv_android_10228.conf?os=####&tm=####&r=####&p...
  • sh####.360t####.com/171122/c867c6e2f627a813302a3a0d0d891203/FZLTHK.TTF
  • sni.c####.q####.####.net/tdata_jVg168
  • sni.c####.q####.####.net/tdata_pSF696
  • t####.me####.com/rtb?type=####&d=####&b=####&p=####&l=####&s=####&m=####...
  • trac####.v.tf.####.cn/s?type=####&r=####&tid=####&finfo=####&enup=####&m...
HTTP POST requests:
  • amdc####.m.ta####.com/amdc/mobileDispatch?appkey=####&deviceId=####&plat...
  • api.k.36####.com/k2/api/lockscreen/config?os=####&time=####&sys=####&m2=...
  • c-h####.g####.com/api.php?format=####&t=####
  • k####.36####.com/hotrizon2/report2?os=####&time=####&sys=####&m2=####&ap...
  • k####.36####.com/k2/appconfig/getjarlist?appid=####&curEnv=####&m=####&m...
  • k####.36####.com/k2/hotrizon2/getSInfo?os=####&sys=####&psw2=QJ####&m2=#...
  • m3.s.3####.cn/api/v1/newid
  • p.s.3####.cn/pstat/plog.php
  • p.s.3####.cn/update/update.php?p=####
  • sdk.o####.p####.####.com/api.php?format=####&t=####
  • sh.wagbr####.aliyun####.com/man/api?ak=####&s=####
  • t####.me####.com/adsdk?pver=####&skey=L6####
  • t####.me####.com/adsdk?pver=####&skey=cU####
  • t####.me####.com/adsdk?pver=####&skey=uS####
  • t####.me####.com/adsdk?pver=####&skey=vC####
  • u.api.l####.####.cn/comment/lists
  • up####.sdk.jig####.cn/v1/push/sdk/postlist
Modified file system:
Creates the following files:
  • /data/data/####/.imprint
  • /data/data/####/.jg.ic
  • /data/data/####/2033145970-602345128
  • /data/data/####/727E4F9E3DF834239309BBBDC87BC476.png
  • /data/data/####/85361600-7eac-4ce9-82a8-a368d6671f5d
  • /data/data/####/ACCS_BINDumeng;5a56c9198f4a9d0c2f0001a8.xml
  • /data/data/####/ACCS_SDK.xml
  • /data/data/####/ACCS_SDK_CHANNEL.xml
  • /data/data/####/AGOO_BIND.xml
  • /data/data/####/AKTorchDownload.db
  • /data/data/####/AKTorchDownload.db-journal
  • /data/data/####/Agoo_AppStore.xml
  • /data/data/####/Alliance.xml
  • /data/data/####/Alvin2.xml
  • /data/data/####/ContextData.xml
  • /data/data/####/DaemonServer
  • /data/data/####/JPushSA_Config.xml
  • /data/data/####/MENU_CACHE.xml
  • /data/data/####/MessageStore.db-journal
  • /data/data/####/MsgLogStore.db-journal
  • /data/data/####/PendantConfig.xml
  • /data/data/####/QHA_JSON_PERSISTER_42998cf32d552343bc8e460416382dca
  • /data/data/####/QHDeviceFile
  • /data/data/####/QHDeviceID.lock
  • /data/data/####/QH_DeviceSDK.xml
  • /data/data/####/QH_SDK_M2.xml
  • /data/data/####/QH_SDK_UserData42998cf32d552343bc8e460416382dca...leted)
  • /data/data/####/QH_SDK_UserData42998cf32d552343bc8e460416382dca.xml
  • /data/data/####/QH_SDK_UserData6766aa2750c19aad2fa1b32f36ed4aee.xml
  • /data/data/####/QH_SDK_sessionID42998cf32d552343bc8e460416382dca.xml
  • /data/data/####/TAB_CACHE.xml
  • /data/data/####/UM_PROBE_DATA.xml
  • /data/data/####/Y29tLmxpZ2h0c2t5LnZpZGVv.tick.lock
  • /data/data/####/aad40709-0061-4f72-aafa-47faad542c3b
  • /data/data/####/ab_test_config.xml
  • /data/data/####/abtest_base_sp_filename42998cf32d552343bc8e4604...ca.xml
  • /data/data/####/accs.db-journal
  • /data/data/####/ad_config_file.xml
  • /data/data/####/agoo.pid
  • /data/data/####/android_player_20180724_141845_000.log_0
  • /data/data/####/appPackageNames_v2
  • /data/data/####/app_globel_config_file.xml
  • /data/data/####/auth_guide_config_sdk.xml
  • /data/data/####/b4315623-d494-4ab6-aa58-fa0a0bc0936b
  • /data/data/####/banner.db-journal
  • /data/data/####/cache.ttf
  • /data/data/####/channel_webview.db-journal
  • /data/data/####/cloud_config_file.xml
  • /data/data/####/cloud_push_config_file.xml
  • /data/data/####/cloud_switch_cache
  • /data/data/####/cn.jpush.android.user.profile.xml
  • /data/data/####/cn.jpush.preferences.v2.rid.xml
  • /data/data/####/cn.jpush.preferences.v2.xml
  • /data/data/####/cn.jpush.preferences.v2.xml.bak (deleted)
  • /data/data/####/com.qihoo.livecloud.settings.GPWebrtcSettings.pref.xml
  • /data/data/####/core_update
  • /data/data/####/core_update_locker
  • /data/data/####/critical_service_config.xml
  • /data/data/####/d764d5d6-95b3-4d13-a09d-0d0b9d8a5beb
  • /data/data/####/daemon_webview.db-journal
  • /data/data/####/dbfocus-journal
  • /data/data/####/ddc7ab3c-879f-49a9-b54b-ce75844fa2d2
  • /data/data/####/device_collector
  • /data/data/####/device_collector_locker
  • /data/data/####/download-journal
  • /data/data/####/dso_deps
  • /data/data/####/dso_lock
  • /data/data/####/dso_manifest
  • /data/data/####/dso_state
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/exid.dat
  • /data/data/####/finalcore.jar
  • /data/data/####/gdaemon_20161017
  • /data/data/####/getui_sp.xml
  • /data/data/####/gx_sp.xml
  • /data/data/####/hotrizon_sharepref.xml
  • /data/data/####/http_cookie.xml
  • /data/data/####/httpdns_config_cache.xml
  • /data/data/####/i==1.2.0&&1.2.28_1532441914589_envelope.log
  • /data/data/####/info.xml
  • /data/data/####/init.pid
  • /data/data/####/init_c1.pid
  • /data/data/####/jpush_device_info.xml
  • /data/data/####/jpush_local_notification.db
  • /data/data/####/jpush_local_notification.db-journal
  • /data/data/####/jpush_local_notification.db-wal
  • /data/data/####/jpush_stat_cache.json
  • /data/data/####/jpush_stat_cache_history.json
  • /data/data/####/jpush_statistics.db
  • /data/data/####/jpush_statistics.db-journal
  • /data/data/####/jpush_statistics.db-shm (deleted)
  • /data/data/####/jpush_statistics.db-wal
  • /data/data/####/jpushservice_webview.db-journal
  • /data/data/####/libdvrender.so.tmp
  • /data/data/####/libjiagu-71411075.so
  • /data/data/####/libjplayer.so.tmp
  • /data/data/####/liblocalserver.so.tmp
  • /data/data/####/libmyssl.so.1.1.tmp
  • /data/data/####/libtranscore.so.tmp
  • /data/data/####/libviewer.so.tmp
  • /data/data/####/libyfnet_360.so.tmp
  • /data/data/####/light_sky_avast.xml
  • /data/data/####/localserver_2.0.3.18042602.zip
  • /data/data/####/locker
  • /data/data/####/log_reupload_task
  • /data/data/####/log_reupload_task_locker
  • /data/data/####/message_accs_db
  • /data/data/####/message_accs_db-journal
  • /data/data/####/msplugin_ksp.xml
  • /data/data/####/multidex.version.xml
  • /data/data/####/p.l
  • /data/data/####/player_20180724_141847_000.log_0
  • /data/data/####/player_record_2.0.3.18051401.zip
  • /data/data/####/privacy_config_file.xml
  • /data/data/####/profile_task
  • /data/data/####/profile_task_locker
  • /data/data/####/profile_torch_platform
  • /data/data/####/push.db-journal
  • /data/data/####/push.pid
  • /data/data/####/push_share.xml
  • /data/data/####/pushext.db-journal
  • /data/data/####/pushg.db-journal
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/qhvc_plugin.xml
  • /data/data/####/run.pid
  • /data/data/####/safe_user_info_file.xml
  • /data/data/####/screen_conf.xml
  • /data/data/####/session_base_sp_filename42998cf32d552343bc8e460...ca.xml
  • /data/data/####/session_base_sp_filenameandroidID.xml
  • /data/data/####/share_data.xml
  • /data/data/####/shortcut_badger_sharepref.xml
  • /data/data/####/sp.livecloud.database.xml
  • /data/data/####/sp_file_recommend_upload.xml
  • /data/data/####/tab_request_name.xml
  • /data/data/####/tdata_jVg168
  • /data/data/####/tdata_jVg168.jar
  • /data/data/####/tdata_pSF696
  • /data/data/####/tdata_pSF696.jar
  • /data/data/####/tools_2.0.3.18051401.zip
  • /data/data/####/torch_sdk_config.xml
  • /data/data/####/trans_20180724_141847_000.log_0
  • /data/data/####/um_pri.xml
  • /data/data/####/umdat.xml
  • /data/data/####/umeng_common_config.xml
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/umeng_message_state.xml
  • /data/data/####/uninstall_apk
  • /data/data/####/uninstall_apk_locker
  • /data/data/####/universalPopup.xml
  • /data/data/####/videolist.db-journal
  • /data/data/####/waitingDown
  • /data/data/####/waitingDown_locker
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal
  • /data/data/####/yf_p2p_201804191558.zip
  • /data/media/####/-OG4NXcocKFQiyCW6TYS0KzIqgs.-1984039821.tmp
  • /data/media/####/-tL4oq9lIr6Z5V0O9QsVYYSaY9M.-1828139132.tmp
  • /data/media/####/-x07-JJIZ2e-mfc50JsTyLFTCgo.-419856400.tmp
  • /data/media/####/.a.dat
  • /data/media/####/.adfwe.dat
  • /data/media/####/.cca.dat
  • /data/media/####/.deviceId
  • /data/media/####/.iddata
  • /data/media/####/.nomedia
  • /data/media/####/.push_deviceid
  • /data/media/####/.sfp
  • /data/media/####/.testf
  • /data/media/####/.umm.dat
  • /data/media/####/02d6b95b7610456e9fb4d4bfa0814512
  • /data/media/####/07PAQFIg_L8mgagWRwWLjMHb28s.-183051500.tmp
  • /data/media/####/1iEwTnI5Cv6bWKfOdIOhOng3i2c.-1668535549.tmp
  • /data/media/####/20u
  • /data/media/####/20u (deleted)
  • /data/media/####/25CVui_KlSw-o_lZ3ozYkNZJJUA.1943553866.tmp
  • /data/media/####/2aMB4jpF5xeQcl-nNEiY2EyyCvo.445885632.tmp
  • /data/media/####/2yocUhe4Zw0YAG0SWy4ME4CYG0k.618226042.tmp
  • /data/media/####/376fef09d9f24d2db2e76e250400c3df
  • /data/media/####/378Q-dMf74EIyeZ4S1bdkSJuYDw.1891139621.tmp
  • /data/media/####/3PY4-Avz2DHHDhj7QdkT0KfIhu4.1899473639.tmp
  • /data/media/####/3TN9JeE7Z5mbb718lSlYzQezgFI.2053010434.tmp
  • /data/media/####/3XBQHWuMQpmZ2QCAKlhS8SE54RM.559295675.tmp
  • /data/media/####/3fpMWEGKh04iHv4lc-pekBjPO8E.-342606096.tmp
  • /data/media/####/42998cf32d552343bc8e460416382dca
  • /data/media/####/42aDz_LSLKhyjlSNxW-YHEIuo7k.-1645030502.tmp
  • /data/media/####/4899bb4fb5a141798a06a185388bfd53
  • /data/media/####/4ce89b9948dc40dabfd5da411f00fbad
  • /data/media/####/5K53T5Fui1KjcIVPtYB5d_3iJ4g.1243482844.tmp
  • /data/media/####/5UR91GU6P5kJZI0r34fctFGM9hw.-1027925113.tmp
  • /data/media/####/6766aa2750c19aad2fa1b32f36ed4aee
  • /data/media/####/6766aa2750c19aad2fa1b32f36ed4aee (deleted)
  • /data/media/####/6766aa2750c19aad2fa1b32f36ed4aee.tmp
  • /data/media/####/6F6ZGmgQNvF-gcSv4jvLFp2-o0E.-1648022232.tmp
  • /data/media/####/6VzzC07JSEQODUKPvcU_1em1xjk.-1948371656.tmp
  • /data/media/####/6yenKHaS3FhXT1neu2QA007us48.-1740305549.tmp
  • /data/media/####/75tFJpO9eLo9s7G3PAXpFPwboRM.61981773.tmp
  • /data/media/####/7LEy-u_-2dbgfzFQV3i1hIdXJLs.-1240905097.tmp
  • /data/media/####/8lOBD2zawr8w8XMNGP-cIwfn4jw.-1633577553.tmp
  • /data/media/####/9VsoIUW6cXBLwxN-X83ngBxVYSk.521847506.tmp
  • /data/media/####/9WOsQzZhiM43eAS0HZ01lRfVyHQ.-493519431.tmp
  • /data/media/####/9WxOB7OObra2rR9nYPhkm4nq3yk.-385726856.tmp
  • /data/media/####/AA8sZXfQpWaSOWz66bcv0Ofxn1M.-1683309417.tmp
  • /data/media/####/ADZYn_iSMq0JfMeVb7bzsK1sUwI.1493726726.tmp
  • /data/media/####/AQHNFevEmhqt0e652E9s03TXnVg.-1684607468.tmp
  • /data/media/####/AS-HkfQW2HklnYGLIbacddXuAP8.521053203.tmp
  • /data/media/####/Alvin2.xml
  • /data/media/####/ArEpi5B_5C3h5A9SZWbW7BGvEKE.-1139330001.tmp
  • /data/media/####/AshsVuh_c8aGKKyHqpyc9qUWn20.806846424.tmp
  • /data/media/####/Bl25bTe3F3QfBp5-nWT4SR3EM7s.-1588468507.tmp
  • /data/media/####/BvL_ek29PU6yY-4NcVYn6aznZMA.-1547338452.tmp
  • /data/media/####/COFhjIMSOgA1cywqE7wlxmDQwgg.-1710180588.tmp
  • /data/media/####/ContextData.xml
  • /data/media/####/DUWQ5RDm1IkNUAEjANP2ys8OwIs.-893467784.tmp
  • /data/media/####/E07TpnulGkou0sJbvR1kdRaUbGA.-257286096.tmp
  • /data/media/####/EwawvJqQ94At6bBpkymxaDF7qEo.-1247777126.tmp
  • /data/media/####/F2bqypflHWBNJfd2GXdgqzHO62g.-606435763.tmp
  • /data/media/####/FD5UEEBBGRn5CN4pS_balt7owLk.1677287553.tmp
  • /data/media/####/FRW4d6D4fmpVEokkZiJ9r0DC9XQ.-2031161881.tmp
  • /data/media/####/FWGyEofLrzHFSy4sMlXC0ksmrpc.-1106999700.tmp
  • /data/media/####/FXLEQiBJ6SAw-HKOuS7C_lfqBek.-435318661.tmp
  • /data/media/####/GEXXEp7QC0HhYYUVfqhfsXMe0vQ.804891727.tmp
  • /data/media/####/G_nwX57JFWcXZSkw53JqS8ckX2c.-122276169.tmp
  • /data/media/####/Gi237f0nHbG7g4WiRB3nDuAgYcE.1656966671.tmp
  • /data/media/####/Gk3BAjq07J6jEtvdWI94t2aR-VA.-1589140827.tmp
  • /data/media/####/GxJNXhIeFVbZosaiiKO8D_kUit4.-1501241969.tmp
  • /data/media/####/HBM_qDcjLYINrUUeTgu0s4ISmE4.-769522936.tmp
  • /data/media/####/HpDmkgCKAial285ANgCkZ96Hyyc.-863833504.tmp
  • /data/media/####/I2uljdXOGOBJbS89timuHroTVQY.-873659370.tmp
  • /data/media/####/IWpadkjbxzPnDEx6Fs0R6ZxSGqo.1593744070.tmp
  • /data/media/####/IiZeAhcvhU2PsmoZTg_-TP4pRnM.1733689904.tmp
  • /data/media/####/J16YcrDuOdRx4cWV9FjWW0vn12s.-754906694.tmp
  • /data/media/####/KFsnLnDcW5u4YfFqviK5PxG7kNM.-533766302.tmp
  • /data/media/####/LGiaVNVMjwOYZJnjOyQs1DUTmQ4.1251017029.tmp
  • /data/media/####/LQAJ3Hc-mZTv64L20K5R0rHcEiE.-1546772513.tmp
  • /data/media/####/LkM09u4ppDZ9G-IybpQVGT_-Czs.-289863566.tmp
  • /data/media/####/MAhOLPi7jCHofIai_EUAUyGbKBI.4112813.tmp
  • /data/media/####/MCFx8rtPogfiexLOlZmiwQDZIBo.651601159.tmp
  • /data/media/####/MUE
  • /data/media/####/MUE (deleted)
  • /data/media/####/MdzkIMMnw-Pqb_s9BIRWUNs4v1g.1456729391.tmp
  • /data/media/####/MiNt3YWIdOGBVVK4jNv7_fVk6G0.1173447796.tmp
  • /data/media/####/N54X2Rhy1IjvyGuy1KZvzYMWF2Y.1837788660.tmp
  • /data/media/####/NS_8VmZse8j2Qm33uUFwjc3jR6E.468714426.tmp
  • /data/media/####/NTcmO8O1M1jfKnVXZqStc760HlY.-876424060.tmp
  • /data/media/####/NuOtmlsnlQyauiM_D7EJClimVqU.-1660304846.tmp
  • /data/media/####/OBsFdNaPqU7Efx_jWRsSbOorSBk.-1792767260.tmp
  • /data/media/####/OjW-xRdoed50XrWkryZDNWHEOew.724429219.tmp
  • /data/media/####/PXGdgBpVxH327ipknn9PLp0Rlqw.260337061.tmp
  • /data/media/####/Q3-gM3e8InHFnYmFknFAMEaUSZg.395174523.tmp
  • /data/media/####/QBdAx5gsCxs0EuANsJdnHUOe4zo.-2080676361.tmp
  • /data/media/####/Qn2jU-Ddwe82ewptSk9Q1OqyUyg.1424026718.tmp
  • /data/media/####/Qt6RAt3fQzVpYav-E6MTKs3Jwo8.-343252732.tmp
  • /data/media/####/RZFU931HcorLqQxVuinXQjd-J60.1373689050.tmp
  • /data/media/####/Rs4f91Eyj1SeLb3JdIYmAPtRV3s.-1624892727.tmp
  • /data/media/####/SLYekV_xKZ6pyuMxVh-GNE_BlzI.365212265.tmp
  • /data/media/####/SZr6c6eMi1LHIZXZ2S6GOUrdUZs.-947071188.tmp
  • /data/media/####/T0nyizcxCsX1xsI8sqg_RMlN9OM.1693891723.tmp
  • /data/media/####/TBOJRg8aCzLXa641K4PvE2Rc1_0.1287358277.tmp
  • /data/media/####/TXxOnLdANhYaXXNQHKNB3x_A3Bw.533129428.tmp
  • /data/media/####/Tk-LXGcjXthivOHOKLGyi2tza0w.42952077.tmp
  • /data/media/####/UQKrVm-EIE0JgMI5847vJ9y_J9o.-493224515.tmp
  • /data/media/####/Uh9FrbheIUtT9bcOWus15LzhU_Q.-1679911532.tmp
  • /data/media/####/UhvpSSDiI6ZX2bCJgeBuF06Liwo.-1246424429.tmp
  • /data/media/####/UvNRSIGCjGut5ZrmvDs_y-ZPqqE.-648891071.tmp
  • /data/media/####/VCGYN4Cel3thPc9-pldJltW6q3w.582754157.tmp
  • /data/media/####/VG4l7ys3cJfZWDbIUnjlLqt9sQ0.-780140848.tmp
  • /data/media/####/VVE6oN4OggNpl7Klr6BcacCg87k.880946183.tmp
  • /data/media/####/VezMZ5-SnRTTnxJ8Kr1cV8JYnvE.-130966608.tmp
  • /data/media/####/W1s2y4DvoyLbSH5Y_ml_RWXx5Sc.1042050066.tmp
  • /data/media/####/W6zNJoYNRVR-d7F6oibG84HJY30.45277192.tmp
  • /data/media/####/W9Lc1zVaYn_LzzplsKhU6PJuFpY.-304090002.tmp
  • /data/media/####/WDNPdw5ZcDPSB26vrmpBFefQcs4.-213474428.tmp
  • /data/media/####/WYyIhksfybSdr2grMzvle2mm4Y8.1895901923.tmp
  • /data/media/####/WfAgvDAp1pMaIfeAigmHjz95XbA.1898399788.tmp
  • /data/media/####/WiaGGB-3ibi_xA1RPeNAR6JrS6c.-422095822.tmp
  • /data/media/####/X1wrFYazcZh4Qw8MjbWgo6HxZjU.-1911843667.tmp
  • /data/media/####/X2o7LGQ_jYzjmt2nlvppTt7DP6c.-166080637.tmp
  • /data/media/####/XuWyM5AcJymNKdzjA03cdkeXrII.1882349437.tmp
  • /data/media/####/Y29tLmxpZ2h0c2t5LnZpZGVv
  • /data/media/####/Y29tLmxpZ2h0c2t5LnZpZGVv (deleted)
  • /data/media/####/YFX
  • /data/media/####/YFX (deleted)
  • /data/media/####/YQ040seI4FWTgI_0i8ZesBpSffc.-815700218.tmp
  • /data/media/####/Yi_oAGmTKwS-k7C_O3BSR6TkdQg.-1682435936.tmp
  • /data/media/####/Ysh-m-0bsA_1CsEzOMWQvxBJ9FQ.2006618607.tmp
  • /data/media/####/ZAj8V3wzvu-LGx0c8s9i42KVeyY.851156825.tmp
  • /data/media/####/__VERSION__
  • /data/media/####/aOcQtI5YD4KNQJqBopcByg01k5U.1767614533.tmp
  • /data/media/####/ahS7fRc7uYgrws2lgyDDWGKyfHU.1342980159.tmp
  • /data/media/####/app.db
  • /data/media/####/avast_done
  • /data/media/####/b05ce39c1fe9e72dc1df70989e7e6d14
  • /data/media/####/bOZ6VdTv_2GPJfpJPX6A_EM6K3I.915066961.tmp
  • /data/media/####/cPh8JzHTOinlbDOWetrCQbeYPpY.804367399.tmp
  • /data/media/####/com.getui.sdk.deviceId.db
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/com.lightsky.video.bin
  • /data/media/####/com.lightsky.video.db
  • /data/media/####/data.lock
  • /data/media/####/deUlDjzZSNvgTbxwpJfo1_JLNOA.1708971830.tmp
  • /data/media/####/deviceToken
  • /data/media/####/dewwFAZ1J_O6U2T_m3fzeXlzEa0.-155019714.tmp
  • /data/media/####/di_LVo6yY6NwLGCIr38IobJWX_s.1187403589.tmp
  • /data/media/####/dmewFKdfdZYyp0p38RVXriHOBoc.-1311443217.tmp
  • /data/media/####/gga9EZO3CfB7F_t9RMUpTn_7Z6k.-339462102.tmp
  • /data/media/####/h2dUI3M3sScDQ0DHvp2Lim8qNxs.1645628482.tmp
  • /data/media/####/i-YTX3ClgRuniXYeXEDBnBTYiiU.1961028089.tmp
  • /data/media/####/ibE_H7Ux0UoVV0gmSvrLZlmQqDo.-1444714794.tmp
  • /data/media/####/igbUPcr4HVGtcFl1GKWxu8B6St0.-34100619.tmp
  • /data/media/####/ihWOMg6yn0Ed1m_yToiu0SJlIJY.272322132.tmp
  • /data/media/####/jaPSEt9GLKn0EHr6Bkbmk1RR8bQ.1345893205.tmp
  • /data/media/####/jcSAOr9jGZwkhQZMXMgqUBAFH0c.-542749093.tmp
  • /data/media/####/jkdMVHCwR-ZBlAoe-hT2K1W3v1Q.746106366.tmp
  • /data/media/####/jnUzXQub8C7E34pL_NLyIVHysbE.1710129818.tmp
  • /data/media/####/k6pAlTovdKd7D5DqXGIXIUXbMI4.1990098090.tmp
  • /data/media/####/k8j05x_smU70aqEBcpFE37V_xVg.-1446486991.tmp
  • /data/media/####/kEMCYODtXZH8vLLLl0QKNdZ8oD8.1019040266.tmp
  • /data/media/####/l1-_onHrxeWXe32z41k5vGY8RX0.-1731374448.tmp
  • /data/media/####/mA6nRU1iNM4lPxdoRAc2Mp8rRXA.-572397504.tmp
  • /data/media/####/mqwnmYgUVe9998c34TCSUqHrDeM.-449476980.tmp
  • /data/media/####/n8Yu_2f08c32wq5tC1gF2Zo94DQ.1634052517.tmp
  • /data/media/####/nZqx0mlvo0q8YuiJdbrKtLyR5jc.-48446173.tmp
  • /data/media/####/nqLFAHmZGZVxE_DMm21A2uGVLmc.2016254504.tmp
  • /data/media/####/oUzGIbVoAhzOvEo_xYlcBXFab7k.-314071532.tmp
  • /data/media/####/p1Qs7L3iedPC08eWXFDFkQUTOPw.-929434262.tmp
  • /data/media/####/p6j
  • /data/media/####/p6j (deleted)
  • /data/media/####/pEuqwot4QHIxu89rSlxc6-5cWCg.-2128060478.tmp
  • /data/media/####/qGTLjqPFi0nMqT-fsFr-eOyiYIw.-159914794.tmp
  • /data/media/####/qLEWOszDfdfG3lcCGWKMJwd1360.-160045661.tmp
  • /data/media/####/rA9W7Oqpsr8CBY3e9izMfow8OII.-34634905.tmp
  • /data/media/####/report.lock
  • /data/media/####/sPfP-69UF86NMcp-MYess6qOCTM.1070051991.tmp
  • /data/media/####/sWdonfP97XTyqtssZAanQJ25DWo.-1449467209.tmp
  • /data/media/####/sdfTUd2xJ8ft8vMyKGnmAHcErCw.839051985.tmp
  • /data/media/####/tT2NTelGCDXoVqsZqkHFt29lTqg.-455428188.tmp
  • /data/media/####/tdata_jVg168
  • /data/media/####/tdata_pSF696
  • /data/media/####/test.log
  • /data/media/####/ultgMk02nEDk2lguLZLEr0SY0_Y.571924196.tmp
  • /data/media/####/uninstall_apk_list
  • /data/media/####/uninstall_apk_list (deleted)
  • /data/media/####/unq
  • /data/media/####/unq (deleted)
  • /data/media/####/uy7Y7t4G_DTjjUv7J9Vy-FtnXr4.-129779858.tmp
  • /data/media/####/velkYBmQ_E788izPKJ9-zZ6h18U.519036099.tmp
  • /data/media/####/vkxOZShr6iUUbn4Qci6gIsfpx_s.2125738737.tmp
  • /data/media/####/vnG2zwYH4ZZc_wwaXn92LIvq0Ag.1632639440.tmp
  • /data/media/####/vtryK7_WMdayg0ieEz7GvStq6Qg.-1684743230.tmp
  • /data/media/####/w90V_HSSoPS30aOTQuN-whAJwSY.760449027.tmp
  • /data/media/####/xENGh8B9X4XBtI4Tuw_j8ebwhDE.-1887044160.tmp
  • /data/media/####/xUm-uHLZseen7-xzU1dB1QKFots.1574671159.tmp
  • /data/media/####/xmrNg74BZjiIUgawDuwr5AQtFc4.1220219257.tmp
  • /data/media/####/y6RWEGO9fnQVv8VD0jCC-T0WEyg.-1596162985.tmp
  • /data/media/####/yR5C52RmxvCbR2Gkf9byyyvw1dg.1917764448.tmp
  • /data/media/####/yVz23DW64w02KOTRN5G5x63higA.667498545.tmp
  • /data/media/####/yiDEbnuRI0nmWDX1xnqwPzJ32k0.-1561412264.tmp
  • /data/media/####/yyfAToTUxHTOnD54ClMy-VX6fr4.-1027430663.tmp
  • /data/media/####/z7nZ9y4tldtGmVHfxOYscD0idO8.65334326.tmp
  • /data/media/####/zaP9BQbwzeoFMPtgI34NOjtWt48.-929272851.tmp
Miscellaneous:
Executes next shell scripts:
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  • /system/xbin/which su
  • <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:5a56c9198f4a9d0c2f0001a8","utdid":"W1c1OIK3ukgDAGdzx1FLFdjF","sdkVersion":"221"} -I agoodm.m.taobao.com -O 80 -T -Z
  • <Package Folder>/files/gdaemon_20161017 0 <Package>/com.qihoo.qpush.sdk.GeTuiPushService 24825 300 0
  • cat /proc/version
  • chmod 500 <Package Folder>/files/DaemonServer
  • chmod 700 <Package Folder>/files/gdaemon_20161017
  • chmod 755 <Package Folder>/.jiagu/libjiagu-71411075.so
  • ls /
  • ls /sys/class/thermal
  • sh
  • sh <Package Folder>/files/gdaemon_20161017 0 <Package>/com.qihoo.qpush.sdk.GeTuiPushService 24825 300 0
Loads the following dynamic libraries:
  • GPBreakpad
  • getuiext2
  • jcore120
  • libdvrender
  • libimagepipeline
  • libjiagu-71411075
  • libjplayer
  • liblocalserver
  • libtranscore
  • libviewer
  • libyfnet_360
  • tnet-3.1
Uses the following algorithms to encrypt data:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS7Padding
  • DES
  • RSA-ECB-PKCS1Padding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
  • RSA-None-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-NoPadding
  • DES
Uses elevated priveleges.
Uses special library to hide executable bytecode.
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about installed applications.
Gains access to information about running applications.
Gains access to information about accounts (Google, Facebook, etc.) registered on the device.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play