ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Adware.Gexin.524

Added to the Dr.Web virus database: 2018-07-24

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.2.origin
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) t####.me####.com:80
  • TCP(HTTP/1.1) sh####.360t####.com:80
  • TCP(HTTP/1.1) up####.sdk.jig####.cn:80
  • TCP(HTTP/1.1) qos.l####.360.cn:80
  • TCP(HTTP/1.1) p3.q####.com:80
  • TCP(HTTP/1.1) t####.c####.q####.####.com:80
  • TCP(HTTP/1.1) trac####.v.tf.####.cn:80
  • TCP(HTTP/1.1) m3.s.3####.cn:80
  • TCP(HTTP/1.1) api.k.36####.com:80
  • TCP(HTTP/1.1) sdk.o####.p####.####.com:80
  • TCP(HTTP/1.1) p9.q####.com:80
  • TCP(HTTP/1.1) c-h####.g####.com:80
  • TCP(HTTP/1.1) s####.s.360.cn:80
  • TCP(HTTP/1.1) p1.q####.com:80
  • TCP(HTTP/1.1) u.api.l####.####.cn:80
  • TCP(HTTP/1.1) ab####.m.s.####.cn:80
  • TCP(HTTP/1.1) p3.ssl.q####.com:80
  • TCP(HTTP/1.1) amdc####.m.ta####.com:80
  • TCP(HTTP/1.1) sni.c####.q####.####.net:80
  • TCP(HTTP/1.1) sdk.l####.360.cn:80
  • TCP(HTTP/1.1) p.s.3####.cn:80
  • TCP(HTTP/1.1) sh.wagbr####.aliyun####.com:80
  • TCP(HTTP/1.1) s####.l####.360.####.com:80
  • TCP(HTTP/1.1) app.v.k.####.com:80
  • TCP(HTTP/1.1) k####.36####.com:80
  • TCP(SSL/3.0) p3.ssl.q####.com:443
  • TCP(TLS/1.0) msg.umengc####.com:443
  • TCP(TLS/1.0) t####.me####.com:443
  • TCP(TLS/1.0) app.k.36####.com:443
  • TCP(TLS/1.0) p3.ssl.q####.com:443
  • TCP(TLS/1.0) mdm.ope####.360.cn:443
  • TCP(TLS/1.0) 2####.107.1.97:443
  • TCP(TLS/1.0) sh.wagbr####.alibaba####.com:443
  • TCP(TLS/1.0) s####.tf.360.cn:443
  • TCP(TLS/1.0) sdkc####.e.360.cn:443
  • TCP(TLS/1.0) cc.p####.dc.####.cn:443
  • TCP(TLS/1.0) api####.me####.com:443
  • TCP(TLS/1.0) s####.j####.cn:443
  • TCP c####.g####.ig####.com:5225
  • TCP sdk.o####.t####.####.com:5224
  • TCP umengj####.m.ta####.com:80
  • TCP 1####.163.230.183:443
  • UDP s.j####.cn:19000
  • TCP 1####.121.49.96:7005
  • TCP ope####.m.ta####.com:443
DNS requests:
  • 7j####.c####.z0.####.com
  • a####.man.aliy####.com
  • ab####.m.s.####.cn
  • ag####.m.ta####.com
  • amdc####.m.ta####.com
  • api####.me####.com
  • api.k.36####.com
  • app.k.36####.com
  • app.v.k.####.com
  • c####.g####.ig####.com
  • c-h####.g####.com
  • cc.p####.dc.####.cn
  • k####.36####.com
  • m####.me####.com
  • m3.s.3####.cn
  • mdm.ope####.360.cn
  • msg.umengc####.com
  • p.s.3####.cn
  • p0.q####.com
  • p1.q####.com
  • p10.qhi####.com
  • p2.q####.com
  • p3.q####.com
  • p3.ssl.q####.com
  • p4.q####.com
  • p4.ssl.q####.com
  • p5.q####.com
  • p6.q####.com
  • p7.q####.com
  • p8.q####.com
  • p9.q####.com
  • plb####.u####.com
  • pub-####.qin####.com
  • qos.l####.360.cn
  • s####.j####.cn
  • s####.l####.360.cn
  • s####.s.360.cn
  • s####.tf.360.cn
  • s.j####.cn
  • sdk.c####.ig####.com
  • sdk.l####.360.cn
  • sdk.l####.360.cn
  • sdk.me####.com
  • sdk.o####.p####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.net
  • sdkc####.e.360.cn
  • sh####.360t####.com
  • sh####.me####.com
  • sis.j####.io
  • t####.me####.com
  • trac####.v.tf.####.cn
  • u####.u####.com
  • u.api.l####.####.cn
  • umen####.m.ta####.com
  • umengj####.m.ta####.com
  • up####.sdk.jig####.cn
HTTP GET requests:
  • ab####.m.s.####.cn/abtest/cloud.so?appkey=####&dt=####&os=####&ov=####&m...
  • app.v.k.####.com/vod-xinxiliu-tv-q2-bj/140651371_1-1531096448-ee084e87-3...
  • k####.36####.com//k2/appconfig/getjar?appid=####&m=####&m2=####&ch=####&...
  • k####.36####.com/hotrizon2/appConfig?os=####&use_gear=####&time=####&sys...
  • k####.36####.com/hotrizon2/channelnew?m2=####&appid=####&m=####&ch=####&...
  • k####.36####.com/hotrizon2/list?svc=####&kw=####&os=####&ckw=####&sys=##...
  • k####.36####.com/hotrizon2/list?svc=####&os=####&sys=####&direction=####...
  • k####.36####.com/hotrizon2/myfollower?appid=####&maxOffset=####&m=####&m...
  • k####.36####.com/hotrizon2/play?id=####&m2=####&strategy=####&appid=####...
  • k####.36####.com/hotrizon2/timeline?os=####&direction=####&sys=####&m2=#...
  • k####.36####.com/k2/api/privacy/config?appid=####&m=####&m2=####&ch=####...
  • k####.36####.com/k2/appconfig/getAbRole?os=####&time=####&sys=####&m2=##...
  • k####.36####.com/k2/appconfig/getNewinfo?appid=####&m=####&m2=####&ch=##...
  • k####.36####.com/k2/appconfig/getRedpackPop?appid=####&m=####&m2=####&ch...
  • k####.36####.com/k2/appconfig/getplugin?appid=####&m=####&m2=####&ch=###...
  • k####.36####.com/k2/appconfig/getpopup?appid=####&m=####&m2=####&ch=####...
  • k####.36####.com/k2/hotrizon2/aconfig?appid=####&m=####&m2=####&ch=####&...
  • k####.36####.com/k2/hotrizon2/gettime?os=####&sys=####&m2=####&appid=###...
  • p1.q####.com/dr/_100_70/t010db6316df570a249.jpg
  • p1.q####.com/dr/_100_70/t013a044c43cf8e0536.png
  • p1.q####.com/dr/_100_70/t013cfa3e2afb62a21d.jpg
  • p1.q####.com/dr/_100_70/t01765ed9eb8faeb7a9.jpg
  • p1.q####.com/dr/_100_70/t01769565276d37ae88.jpg
  • p1.q####.com/dr/_100_70/t0185f12464d5798e87.jpg
  • p1.q####.com/dr/_100_70/t018c6c3d713198cdf3.jpg
  • p1.q####.com/dr/_100_70/t019acc1c47b44cdd8f.png
  • p1.q####.com/dr/_100_70/t01a4a1030dcc705fad.jpg
  • p1.q####.com/dr/_100_70/t01bae3372b4275b5cd.jpg
  • p1.q####.com/dr/_100_70/t01ccc35c2f97b2ac0b.jpg
  • p1.q####.com/dr/_280_50/t010b3a4f492dffdfe4.webp
  • p1.q####.com/dr/_280_50/t014e6e05a90e7761ac.webp
  • p1.q####.com/dr/_280_50/t017474a9692b61aaa9.webp
  • p1.q####.com/dr/_280_50/t01a87197f18b3d1823.webp
  • p1.q####.com/dr/_280_50/t01c3fc9f2b23667fc1.webp
  • p1.q####.com/dr/_280_50/t01f7077bc2889e75ec.webp
  • p1.q####.com/t010addb4fe4834366d.png
  • p1.q####.com/t010bf613c949a881bf.jpg
  • p1.q####.com/t01153c265593f3258e.jpg
  • p1.q####.com/t0135d35544b2277ac9.png
  • p1.q####.com/t013db82533aa9e5a9a.jpg
  • p1.q####.com/t0147eeb331a280d627.jpg
  • p1.q####.com/t0166d00792c3fb1da0.jpg
  • p1.q####.com/t0178bccfe750f110a1.jpg
  • p1.q####.com/t0182d92993563c5d99.jpg
  • p1.q####.com/t018a091efca6865662.jpg
  • p1.q####.com/t018af40d754eb2552d.jpg
  • p1.q####.com/t019a1595c125875918.jpg
  • p1.q####.com/t019f6478307ad0eea6.jpg
  • p1.q####.com/t01a6e5f1d80e698090.jpg
  • p1.q####.com/t01ae70f3f6372b712d.jpg
  • p1.q####.com/t01afd638b5c80d5420.png
  • p1.q####.com/t01c1ff533a19145140.jpg
  • p1.q####.com/t01c4dd8474f9b4458c.png
  • p1.q####.com/t01c94347ad9cab8684.jpg
  • p1.q####.com/t01caff312401a34c1f.png
  • p1.q####.com/t01dda69aba5937978c.png
  • p1.q####.com/t01e012963f633dbbfb.jpg
  • p1.q####.com/t01f9458c7931fe73bc.jpg
  • p1.q####.com/video/568_320_70/t01a5e82f4fe48c49e5.webp
  • p1.q####.com/video/568_320_70/t01f82c8bf16aec7004.webp
  • p3.q####.com/dr/_100_70/t01610ce907f6555ab4.jpg
  • p3.q####.com/dr/_100_70/t017037ac66bbed1a72.jpg
  • p3.q####.com/t01e69681fa8d4220ab.jpg
  • p3.q####.com/video/568_320_70/t011755ca286b766bfb.webp
  • p3.ssl.q####.com/t01ed28f36a9fc601c4.png
  • p9.q####.com/dr/_100_70/t010994c2942c709452.jpg
  • p9.q####.com/dr/_100_70/t010b075aea97be3174.jpg
  • p9.q####.com/dr/_100_70/t01155f4cbae74a03c8.jpg
  • p9.q####.com/dr/_100_70/t011a386935e86576cd.jpg
  • p9.q####.com/dr/_100_70/t011ee0824259df3c19.jpg
  • p9.q####.com/dr/_100_70/t012c154c8fd7af949d.jpg
  • p9.q####.com/dr/_100_70/t013a9e6bfec0980655.jpg
  • p9.q####.com/dr/_100_70/t01448f36d6d50abd73.jpg
  • p9.q####.com/dr/_100_70/t014bd22fdbb4ed8760.jpg
  • p9.q####.com/dr/_100_70/t0152f1e30ab6883c48.jpg
  • p9.q####.com/dr/_100_70/t0159c31f797be69e54.jpg
  • p9.q####.com/dr/_100_70/t0163736c57e7f855fb.jpg
  • p9.q####.com/dr/_100_70/t016cc652da3f7ef931.jpg
  • p9.q####.com/dr/_100_70/t0171cba0e780b57e59.jpg
  • p9.q####.com/dr/_100_70/t017d87a72d3f6d4a37.jpg
  • p9.q####.com/dr/_100_70/t017dfc0985575b1f3f.jpg
  • p9.q####.com/dr/_100_70/t0187880622e2186097.jpg
  • p9.q####.com/dr/_100_70/t018e0edf19b18421a0.jpg
  • p9.q####.com/dr/_100_70/t019af0f7a0d0ddc2ed.jpg
  • p9.q####.com/dr/_100_70/t01a19f65a211a73305.jpg
  • p9.q####.com/dr/_100_70/t01b40d4ebb34b1082f.jpg
  • p9.q####.com/dr/_100_70/t01bdc9ad4fbdc84ccc.jpg
  • p9.q####.com/dr/_100_70/t01bf88044e56176805.jpg
  • p9.q####.com/dr/_100_70/t01c7ca73da09564cf0.jpg
  • p9.q####.com/dr/_100_70/t01d96d6560616e70a2.jpg
  • p9.q####.com/dr/_100_70/t01f2a8de3044f96f9c.jpg
  • p9.q####.com/t011cacd50c6b7080b3.png
  • p9.q####.com/t012598ef3d1904697b.png
  • p9.q####.com/t0141f5ea108f8fff56.png
  • p9.q####.com/t01752835d836d5b574.png
  • p9.q####.com/t018629396f86e8fa17.jpg
  • p9.q####.com/t018a9cc33fe4135800.jpg
  • p9.q####.com/t01ae4aad20279e7f68.png
  • p9.q####.com/t01b1843258cc20984d.jpg
  • p9.q####.com/t01c284e24d09f6b14d.jpg
  • p9.q####.com/t01c359a3526a17f613.png
  • p9.q####.com/t01c39642944668a149.png
  • p9.q####.com/t01c3fccec2a8e82eca.png
  • p9.q####.com/t01d2969abcc5ec820f.jpg
  • p9.q####.com/t01dd3943b774af2d00.png
  • p9.q####.com/t01e00e3fbca53b7ca7.jpg
  • p9.q####.com/video/568_320_70/t01007b278874a1b884.webp
  • p9.q####.com/video/568_320_70/t0106bd287340ef0335.webp
  • p9.q####.com/video/568_320_70/t010a50f4d6776501d2.webp
  • p9.q####.com/video/568_320_70/t010adfe4f60ff21e06.webp
  • p9.q####.com/video/568_320_70/t010b3a4f492dffdfe4.webp
  • p9.q####.com/video/568_320_70/t011103d36fc8619597.webp
  • p9.q####.com/video/568_320_70/t011b34f0cebc086e65.webp
  • p9.q####.com/video/568_320_70/t011cd52f0c70763a26.webp
  • p9.q####.com/video/568_320_70/t011e992d350db86b05.webp
  • p9.q####.com/video/568_320_70/t012010fb3d8f7e5f48.webp
  • p9.q####.com/video/568_320_70/t012bc662830fde62b9.webp
  • p9.q####.com/video/568_320_70/t012d611c5fc3ebcc73.webp
  • p9.q####.com/video/568_320_70/t01325c20c1c39e8d78.webp
  • p9.q####.com/video/568_320_70/t01330abdca1c856f8a.webp
  • p9.q####.com/video/568_320_70/t0133ef44506b37dc33.webp
  • p9.q####.com/video/568_320_70/t0136ff6e9c7fd0ed65.webp
  • p9.q####.com/video/568_320_70/t013ba74953137b249c.webp
  • p9.q####.com/video/568_320_70/t013fe9440905512b56.webp
  • p9.q####.com/video/568_320_70/t01443045de48c3d3cd.webp
  • p9.q####.com/video/568_320_70/t014e6e05a90e7761ac.webp
  • p9.q####.com/video/568_320_70/t014f05ed66dab87678.webp
  • p9.q####.com/video/568_320_70/t0151909d6d4e952f54.webp
  • p9.q####.com/video/568_320_70/t01528c8fff3fcaea5b.webp
  • p9.q####.com/video/568_320_70/t015706d0e5c83cb30f.webp
  • p9.q####.com/video/568_320_70/t01573616ac2a513932.webp
  • p9.q####.com/video/568_320_70/t0158087eea2b02dc9f.webp
  • p9.q####.com/video/568_320_70/t015afe2e153077318a.webp
  • p9.q####.com/video/568_320_70/t015c3cc06b1f9b04c8.webp
  • p9.q####.com/video/568_320_70/t015d183b544fad8e04.webp
  • p9.q####.com/video/568_320_70/t015d4d1ea3a5b422bf.webp
  • p9.q####.com/video/568_320_70/t015fe83a0b6be1c37f.webp
  • p9.q####.com/video/568_320_70/t0165788cc52e953866.webp
  • p9.q####.com/video/568_320_70/t0169daa4c919df770a.webp
  • p9.q####.com/video/568_320_70/t016edc4bcbe02b46dd.webp
  • p9.q####.com/video/568_320_70/t017474a9692b61aaa9.webp
  • p9.q####.com/video/568_320_70/t0175541cbebadaedfd.webp
  • p9.q####.com/video/568_320_70/t01765f6e961229ebb5.webp
  • p9.q####.com/video/568_320_70/t0176fe531ea312ad81.webp
  • p9.q####.com/video/568_320_70/t0179a4970a566a20ac.webp
  • p9.q####.com/video/568_320_70/t017a61ba8e63a6a6f0.webp
  • p9.q####.com/video/568_320_70/t017d05fb29f122ee54.webp
  • p9.q####.com/video/568_320_70/t017d2c609646f28808.webp
  • p9.q####.com/video/568_320_70/t0183e4e48aede432c6.webp
  • p9.q####.com/video/568_320_70/t0188ef798b737b592c.webp
  • p9.q####.com/video/568_320_70/t018a8059498f25b085.webp
  • p9.q####.com/video/568_320_70/t0197eb374254723deb.webp
  • p9.q####.com/video/568_320_70/t019bf68d2f526883d7.webp
  • p9.q####.com/video/568_320_70/t019dc5189b04807543.webp
  • p9.q####.com/video/568_320_70/t01a0b68c5aa68612b8.webp
  • p9.q####.com/video/568_320_70/t01a87197f18b3d1823.webp
  • p9.q####.com/video/568_320_70/t01ae47a4a454b5da4d.webp
  • p9.q####.com/video/568_320_70/t01aee8d6168820fe4b.webp
  • p9.q####.com/video/568_320_70/t01b1b14284f107ec9e.webp
  • p9.q####.com/video/568_320_70/t01b93d966653dc3bfc.webp
  • p9.q####.com/video/568_320_70/t01bab9714513fc5b1e.webp
  • p9.q####.com/video/568_320_70/t01bfc505b26da0550b.webp
  • p9.q####.com/video/568_320_70/t01c175fa6591e8e5ce.webp
  • p9.q####.com/video/568_320_70/t01c3fc9f2b23667fc1.webp
  • p9.q####.com/video/568_320_70/t01c6e28192c4600111.webp
  • p9.q####.com/video/568_320_70/t01c8bf76d7d69d231a.webp
  • p9.q####.com/video/568_320_70/t01d2b1c9e15acdd1a2.webp
  • p9.q####.com/video/568_320_70/t01d99bbb3d5236bf78.webp
  • p9.q####.com/video/568_320_70/t01dce43a72ee61420e.webp
  • p9.q####.com/video/568_320_70/t01ee72c8f2ff5f8d7e.webp
  • p9.q####.com/video/568_320_70/t01eeb2648c669d9a91.webp
  • p9.q####.com/video/568_320_70/t01f7077bc2889e75ec.webp
  • p9.q####.com/video/568_320_70/t01fc1e80f7e48066e3.webp
  • qos.l####.360.cn/vc.gif?&bid=####&pid=####&ver=####&c_ver=####&os=####&m...
  • s####.l####.360.####.com/Object.getFile/livecloudsdk/YW5kcm9pZF9wbHVnaW5...
  • s####.s.360.cn/ak/6766aa2750c19aad2fa1b32f36ed4aee.html?m2=####
  • s####.s.360.cn/su/index.php?k=####&av=####&slv=####&sv=####&be=####&cv=#...
  • sdk.l####.360.cn/codec?os=####&tm=####&model=####&r=####&package=####&pi...
  • sdk.l####.360.cn/rtc?os=####&tm=####&model=####&r=####&package=####&pid=...
  • sdk.l####.360.cn/sdkconf/videoplace?sign=####&u=####&version=####&sdk_ve...
  • sdk.l####.360.cn/xinxiliu_tv_android_10228.conf?os=####&tm=####&r=####&p...
  • sh####.360t####.com/171122/c867c6e2f627a813302a3a0d0d891203/FZLTHK.TTF
  • sni.c####.q####.####.net/config/hz-hzv3.conf
  • sni.c####.q####.####.net/tdata_jVg168
  • sni.c####.q####.####.net/tdata_pSF696
  • t####.c####.q####.####.com/tdata_EDT356
  • t####.me####.com/rtb?type=####&d=####&b=####&p=####&l=####&s=####&m=####...
  • trac####.v.tf.####.cn/s?type=####&r=####&tid=####&finfo=####&enup=####&m...
HTTP POST requests:
  • amdc####.m.ta####.com/amdc/mobileDispatch?appkey=####&deviceId=####&plat...
  • api.k.36####.com/k2/api/lockscreen/config?os=####&time=####&sys=####&m2=...
  • c-h####.g####.com/api.php?format=####&t=####
  • k####.36####.com/hotrizon2/report2?os=####&time=####&sys=####&m2=####&ap...
  • k####.36####.com/k2/appconfig/getjarlist?appid=####&curEnv=####&m=####&m...
  • k####.36####.com/k2/hotrizon2/getSInfo?os=####&sys=####&psw2=bZ####&ssid...
  • m3.s.3####.cn/api/v1/newid
  • p.s.3####.cn/pstat/plog.php
  • p.s.3####.cn/update/update.php?p=####
  • sdk.o####.p####.####.com/api.php?format=####&t=####
  • sh.wagbr####.aliyun####.com/man/api?ak=####&s=####
  • t####.me####.com/adsdk?pver=####&skey=KC####
  • t####.me####.com/adsdk?pver=####&skey=s0####
  • t####.me####.com/adsdk?pver=####&skey=tg####
  • u.api.l####.####.cn/comment/lists
  • up####.sdk.jig####.cn/v1/push/sdk/postlist
Modified file system:
Creates the following files:
  • /data/data/####/.imprint
  • /data/data/####/.jg.ic
  • /data/data/####/156b0e2c-ce02-4281-b67b-a43105a32764
  • /data/data/####/2033145970-602345128
  • /data/data/####/2c19222b-f03e-4e46-a4b8-b2338448b90d
  • /data/data/####/57c196b8-2fd2-4814-996b-859cc360d461
  • /data/data/####/65587d7a-8b42-4a9c-9268-aa2919850d11
  • /data/data/####/727E4F9E3DF834239309BBBDC87BC476.png
  • /data/data/####/8c87839ccb4b
  • /data/data/####/ACCS_BINDumeng;5a56c9198f4a9d0c2f0001a8.xml
  • /data/data/####/ACCS_SDK.xml
  • /data/data/####/ACCS_SDK_CHANNEL.xml
  • /data/data/####/AGOO_BIND.xml
  • /data/data/####/Agoo_AppStore.xml
  • /data/data/####/Alliance.xml
  • /data/data/####/Alvin2.xml
  • /data/data/####/ContextData.xml
  • /data/data/####/DaemonServer
  • /data/data/####/FZ.TTF
  • /data/data/####/JPushSA_Config.xml
  • /data/data/####/MENU_CACHE.xml
  • /data/data/####/MessageStore.db-journal
  • /data/data/####/MsgLogStore.db-journal
  • /data/data/####/PendantConfig.xml
  • /data/data/####/QHA_JSON_PERSISTER_42998cf32d552343bc8e460416382dca
  • /data/data/####/QHDeviceFile
  • /data/data/####/QHDeviceID.lock
  • /data/data/####/QH_DeviceSDK.xml
  • /data/data/####/QH_SDK_M2.xml
  • /data/data/####/QH_SDK_UserData42998cf32d552343bc8e460416382dca.xml
  • /data/data/####/QH_SDK_UserData6766aa2750c19aad2fa1b32f36ed4aee.xml
  • /data/data/####/QH_SDK_UserData6766aa2750c19aad2fa1b32f36ed4aee.xml.bak
  • /data/data/####/QH_SDK_sessionID42998cf32d552343bc8e460416382dca.xml
  • /data/data/####/TAB_CACHE.xml
  • /data/data/####/UM_PROBE_DATA.xml
  • /data/data/####/Y29tLmxpZ2h0c2t5LnZpZGVv.tick.lock
  • /data/data/####/ab_test_config.xml
  • /data/data/####/abtest_base_sp_filename42998cf32d552343bc8e4604...ca.xml
  • /data/data/####/accs.db-journal
  • /data/data/####/ad_config_file.xml
  • /data/data/####/agoo.pid
  • /data/data/####/android_player_20180724_143600_000.log_0
  • /data/data/####/appPackageNames_v2
  • /data/data/####/app_globel_config_file.xml
  • /data/data/####/auth_guide_config_sdk.xml
  • /data/data/####/banner.db-journal
  • /data/data/####/cache.ttf
  • /data/data/####/ce12bc5c-5856-48cb-a550-152c99de82e8
  • /data/data/####/channel_webview.db-journal
  • /data/data/####/cloud_config_file.xml
  • /data/data/####/cloud_push_config_file.xml
  • /data/data/####/cloud_switch_cache
  • /data/data/####/cn.jpush.android.user.profile.xml
  • /data/data/####/cn.jpush.preferences.v2.rid.xml
  • /data/data/####/cn.jpush.preferences.v2.xml
  • /data/data/####/com.qihoo.livecloud.settings.GPWebrtcSettings.pref.xml
  • /data/data/####/core_update
  • /data/data/####/core_update_locker
  • /data/data/####/country_info.xml
  • /data/data/####/critical_service_config.xml
  • /data/data/####/daemon_webview.db-journal
  • /data/data/####/dbfocus-journal
  • /data/data/####/device_collector
  • /data/data/####/device_collector_locker
  • /data/data/####/download-journal
  • /data/data/####/dso_deps
  • /data/data/####/dso_lock
  • /data/data/####/dso_manifest
  • /data/data/####/dso_state
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/exid.dat
  • /data/data/####/finalcore.jar
  • /data/data/####/gdaemon_20161017
  • /data/data/####/getui_sp.xml
  • /data/data/####/gx_sp.xml
  • /data/data/####/hotrizon_sharepref.xml
  • /data/data/####/http_cookie.xml
  • /data/data/####/httpdns_config_cache.xml
  • /data/data/####/i==1.2.0&&1.2.28_1532442945271_envelope.log
  • /data/data/####/info.xml
  • /data/data/####/init.pid
  • /data/data/####/init_c1.pid
  • /data/data/####/jpush_device_info.xml
  • /data/data/####/jpush_local_notification.db
  • /data/data/####/jpush_local_notification.db-journal
  • /data/data/####/jpush_local_notification.db-wal
  • /data/data/####/jpush_stat_cache.json
  • /data/data/####/jpush_stat_cache_history.json
  • /data/data/####/jpush_statistics.db
  • /data/data/####/jpush_statistics.db-journal
  • /data/data/####/jpush_statistics.db-shm (deleted)
  • /data/data/####/jpush_statistics.db-wal
  • /data/data/####/jpushservice_webview.db-journal
  • /data/data/####/libdvrender.so.tmp
  • /data/data/####/libjiagu-71411075.so
  • /data/data/####/libjplayer.so.tmp
  • /data/data/####/liblocalserver.so.tmp
  • /data/data/####/libmyssl.so.1.1.tmp
  • /data/data/####/libtranscore.so.tmp
  • /data/data/####/libviewer.so.tmp
  • /data/data/####/light_sky_avast.xml
  • /data/data/####/localserver_2.0.3.18042602.zip
  • /data/data/####/locker
  • /data/data/####/log_reupload_task
  • /data/data/####/log_reupload_task_locker
  • /data/data/####/message_accs_db
  • /data/data/####/message_accs_db-journal
  • /data/data/####/msplugin_ksp.xml
  • /data/data/####/multidex.version.xml
  • /data/data/####/p.l
  • /data/data/####/player_record_2.0.3.18051401.zip
  • /data/data/####/privacy_config_file.xml
  • /data/data/####/profile_task
  • /data/data/####/profile_task_locker
  • /data/data/####/profile_torch_platform
  • /data/data/####/push.db-journal
  • /data/data/####/push.pid
  • /data/data/####/push_share.xml
  • /data/data/####/pushext.db-journal
  • /data/data/####/pushg.db-journal
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/qhvc_plugin.xml
  • /data/data/####/run.pid
  • /data/data/####/safe_user_info_file.xml
  • /data/data/####/screen_conf.xml
  • /data/data/####/session_base_sp_filename42998cf32d552343bc8e460...ca.xml
  • /data/data/####/session_base_sp_filenameandroidID.xml
  • /data/data/####/share_data.xml
  • /data/data/####/shortcut_badger_sharepref.xml
  • /data/data/####/sp.livecloud.database.xml
  • /data/data/####/sp_file_recommend_upload.xml
  • /data/data/####/tab_request_name.xml
  • /data/data/####/tdata_jVg168
  • /data/data/####/tdata_jVg168.jar
  • /data/data/####/tdata_pSF696
  • /data/data/####/tdata_pSF696.jar
  • /data/data/####/tools_2.0.3.18051401.zip
  • /data/data/####/torch_sdk_config.xml
  • /data/data/####/um_pri.xml
  • /data/data/####/umdat.xml
  • /data/data/####/umeng_common_config.xml
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/umeng_message_state.xml
  • /data/data/####/uninstall_apk
  • /data/data/####/uninstall_apk_locker
  • /data/data/####/universalPopup.xml
  • /data/data/####/videolist.db-journal
  • /data/data/####/waitingDown
  • /data/data/####/waitingDown_locker
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal
  • /data/media/####/-dRgmNKrOvROfnOmmz5tku3uI1k.1405246879.tmp
  • /data/media/####/.a.dat
  • /data/media/####/.adfwe.dat
  • /data/media/####/.cca.dat
  • /data/media/####/.deviceId
  • /data/media/####/.iddata
  • /data/media/####/.nomedia
  • /data/media/####/.push_deviceid
  • /data/media/####/.sfp
  • /data/media/####/.testf
  • /data/media/####/.umm.dat
  • /data/media/####/0ncIeLeTtYUguoClbKojVXPCjLQ.575342342.tmp
  • /data/media/####/1ILfPynzCJS31D8zGLSCyw35O5g.859677568.tmp
  • /data/media/####/1fX_ubgdtAOW1cH920t0bcit2SM.-975034566.tmp
  • /data/media/####/1v-3aKWlhvYKblSCzIvPXk87G5s.-2029558864.tmp
  • /data/media/####/2RLU-DRiv8UVGXLbvqLp5NZDuLc.1292538176.tmp
  • /data/media/####/2olzX4bfeG_nx8ikHrjG-7KpfN4.-140627965.tmp
  • /data/media/####/3TN9JeE7Z5mbb718lSlYzQezgFI.-22727180.tmp
  • /data/media/####/3Vhn3Eqi5Zd7tYsfMFgDs8lWXw4.284079433.tmp
  • /data/media/####/3wLiHea3StRKRqLCql1E3ovDGNo.1612748661.tmp
  • /data/media/####/42998cf32d552343bc8e460416382dca
  • /data/media/####/42aDz_LSLKhyjlSNxW-YHEIuo7k.967965092.tmp
  • /data/media/####/4K52n5ygUeZXo_uOKvWTplMS2Qo.1455380663.tmp
  • /data/media/####/5UR91GU6P5kJZI0r34fctFGM9hw.1506322040.tmp
  • /data/media/####/5nmSN7p3Q9MNejx6T7a1DaF1ilw.923693567.tmp
  • /data/media/####/5zK_Y0dg24Fe8wGBkz01gRvXc34.1791338348.tmp
  • /data/media/####/6766aa2750c19aad2fa1b32f36ed4aee
  • /data/media/####/6VzzC07JSEQODUKPvcU_1em1xjk.927412464.tmp
  • /data/media/####/6Za8XICP8Qysizwfz408T5G6HRg.-202746161.tmp
  • /data/media/####/79OKgCvgAw09lrcIPyY7-TmdBgM.1967495190.tmp
  • /data/media/####/8RVNy-FOCmqzTnndd_0-nlDPxCg.-857539286.tmp
  • /data/media/####/98abc4f6a98c497dbcfd1564dadccbc1
  • /data/media/####/9WxOB7OObra2rR9nYPhkm4nq3yk.384216372.tmp
  • /data/media/####/9ljI98daicYCUuMB1A13DeBhS0o.1521029100.tmp
  • /data/media/####/A1CMDGGoqPIhh21PZDtF0hp5Oa4.-2102520281.tmp
  • /data/media/####/Alvin2.xml
  • /data/media/####/AnVQe2emSbskzgMwcGU9vOj_rdI.1812550960.tmp
  • /data/media/####/B4M5JuFuGrsKtlOxnUk1algOXN4.-1207774253.tmp
  • /data/media/####/Clhct9GKaHXmRw7sqmhXx4o0mzg.-1735327853.tmp
  • /data/media/####/ContextData.xml
  • /data/media/####/CyRtMT6WbxScm40kD0fezjssE2w.-71537785.tmp
  • /data/media/####/D9Ff_R8dxWYpyV9PyD0XeJWnbxs.-1431743708.tmp
  • /data/media/####/E3AmzmTPkUbKo7y4rusNxBE8iGU.-76255265.tmp
  • /data/media/####/EYReb4SuC0Q5qOqSL6mgVWargEs.-1971448250.tmp
  • /data/media/####/F7Dn5S-U5qq_v4wkLQMATJAJW5A.-1374778256.tmp
  • /data/media/####/FAN3YQjzkXI0h2Aoq_5bU-O3E_g.-1929239799.tmp
  • /data/media/####/FT6yEUc9HbXeBEBIWLTZsjbvJzE.-352226608.tmp
  • /data/media/####/FW2Nbi6d76bjp_J6EN7YeiawKps.759473373.tmp
  • /data/media/####/GE-FfCLYJ1cxt65hPHK_kz7jORs.2114122240.tmp
  • /data/media/####/GEXXEp7QC0HhYYUVfqhfsXMe0vQ.956624116.tmp
  • /data/media/####/Gb-UtJ1ImlMvagH-byKu0DV2cwk.1560533136.tmp
  • /data/media/####/Gi237f0nHbG7g4WiRB3nDuAgYcE.1661419974.tmp
  • /data/media/####/GuaETviUGJkVkVKLEywuE_1VXIQ.1980665917.tmp
  • /data/media/####/HD3TygZ0yb4xIraQrLsi9J7hD4k.-1032496404.tmp
  • /data/media/####/HONPGo1UlZNsYkr1sP6n3cRpJBQ.-1277577836.tmp
  • /data/media/####/HY3CwTKj8xM-3P1hTd3JnIdgEwo.1541217312.tmp
  • /data/media/####/HY_hI7cpBH_w_0vW9us1z-O7KNE.-1758165799.tmp
  • /data/media/####/HdEoDIEy3N1FCpU64E6fuLPJOhY.678869969.tmp
  • /data/media/####/I1hxOzVYZCa_or1P41rmpvdG9RM.1333395206.tmp
  • /data/media/####/ITZ0F29ChbWak6HBdVv3T1Jb_48.-66758016.tmp
  • /data/media/####/J8IxndFlm_sBZfm7DH0SkYQmztk.-543170126.tmp
  • /data/media/####/KQwBJ1tBib5H8bzch2Xu8xeplFA.493383572.tmp
  • /data/media/####/LCJcrlFYVKARAXxpkshKbLV95R8.-1437218583.tmp
  • /data/media/####/LFCL_sAUMtTmPTa77GRjNJJSPQU.-1630859220.tmp
  • /data/media/####/LJQCsthQvRhwWmuhZnF-M-hemvQ.-819154359.tmp
  • /data/media/####/LKTSpwZRzYv8WZkSB3iUV-slQiY.2005520930.tmp
  • /data/media/####/LkM09u4ppDZ9G-IybpQVGT_-Czs.1277955778.tmp
  • /data/media/####/Lz4KOTkUMOVKVkcVjhFp3R8d0ns.71817000.tmp
  • /data/media/####/MI0KmrZk02hilFYS9Oc5zzzW3dY.319745706.tmp
  • /data/media/####/MZwlcEsX5kVcdDNnAf3ezOnLiFc.1118232315.tmp
  • /data/media/####/MdzkIMMnw-Pqb_s9BIRWUNs4v1g.-1037902059.tmp
  • /data/media/####/Nwh
  • /data/media/####/Nwh (deleted)
  • /data/media/####/NxdQHcsl3xoO1hP0YxijUFqwEAg.18087663.tmp
  • /data/media/####/O8pBM_kntdHP2vqRR4FLZhLD-PU.499338648.tmp
  • /data/media/####/OBsFdNaPqU7Efx_jWRsSbOorSBk.-1568388897.tmp
  • /data/media/####/OKTBX5NtrU-GMsVQ_j0e64fYec8.-795257732.tmp
  • /data/media/####/OLzKrjWIBRuwaFkLSUfPAoTRbxA.1432811838.tmp
  • /data/media/####/OOPKgleLkt9JlwmsaJwtg68TP-U.625086225.tmp
  • /data/media/####/O_OhkZstdWSF9Ci9PxreK7SepK0.-230415535.tmp
  • /data/media/####/OnLLOU9zW6GA0EJI2GmMUvWI_UY.-1006647499.tmp
  • /data/media/####/PT2rcgNMlCmFqDRvQn7HCL3M4pA.-1119872108.tmp
  • /data/media/####/PXGdgBpVxH327ipknn9PLp0Rlqw.325980231.tmp
  • /data/media/####/Qt6RAt3fQzVpYav-E6MTKs3Jwo8.2129770479.tmp
  • /data/media/####/Rd6wuLl2AH_2jMgf9sKAjTI_IXw.-1050786893.tmp
  • /data/media/####/RdP_1nvHUr0o71OCFO-WgC1KGTA.-510794955.tmp
  • /data/media/####/SHp
  • /data/media/####/SHp (deleted)
  • /data/media/####/T01
  • /data/media/####/T01 (deleted)
  • /data/media/####/T0nyizcxCsX1xsI8sqg_RMlN9OM.-1848474201.tmp
  • /data/media/####/TroRiXhPpxaTTm9gLPGp8PmyE-Y.-1703909520.tmp
  • /data/media/####/U68JezBRN6YPDNHMm7RXBCXhC84.722555424.tmp
  • /data/media/####/UAwe8mkoClu1j3ozAFM6y6kOSAw.-1795171805.tmp
  • /data/media/####/UB36txjs0MVwU1HNJ-3_XRiJKDI.-74717637.tmp
  • /data/media/####/URSnCi-lMd6lVBqDzB5pR16_WU4.188656225.tmp
  • /data/media/####/Uh9FrbheIUtT9bcOWus15LzhU_Q.75818869.tmp
  • /data/media/####/VVE6oN4OggNpl7Klr6BcacCg87k.2089519803.tmp
  • /data/media/####/VXSeMyUNnl1nVWEulVOc3m91ctk.-134569076.tmp
  • /data/media/####/VaawS8-ixTGqSJ6VnpsKbOcJA9o.-38877332.tmp
  • /data/media/####/VbDau2fvxI5lsU5iEmVLDyknHn4.2000408467.tmp
  • /data/media/####/VjXFkHvM4pRPq865UyW3SfWXMqY.-104170164.tmp
  • /data/media/####/Vk2j51RPsRFdp3ZcSL8IJZPhzpo.-2072569823.tmp
  • /data/media/####/Vx4mb1EvPbFYOy0Pw6SE22D7ZUA.-748305898.tmp
  • /data/media/####/W8PYmi9beFuSKz31NSRcBP_TXiU.-187752294.tmp
  • /data/media/####/WJlFr1eiQJqIaNTjEOYimEiGGp0.1584375575.tmp
  • /data/media/####/WPtXvvEJD_jweg92PLKnlywxpH0.1774834567.tmp
  • /data/media/####/WYyIhksfybSdr2grMzvle2mm4Y8.-710961434.tmp
  • /data/media/####/Wcpy7zaTdnJoD5oDQ_lwRqrK07E.1994890896.tmp
  • /data/media/####/WgRWxB4wy32yu4JTKX7fl-8cJEY.974147527.tmp
  • /data/media/####/XlZZ5u4NxhSoVa2Hb8k4-Exa9IM.1331617188.tmp
  • /data/media/####/XvGzdAs2OfSu-QYrcj2-v3XUpRQ.666894364.tmp
  • /data/media/####/Y29tLmxpZ2h0c2t5LnZpZGVv
  • /data/media/####/Y29tLmxpZ2h0c2t5LnZpZGVv (deleted)
  • /data/media/####/YJr_gmvncx5uS5svxtlkIYZoUnY.-1910866304.tmp
  • /data/media/####/YQGDtDdk8u13JYh7N5BowCAlDwI.-1582546210.tmp
  • /data/media/####/YcF5SAyzq8m3-5vjAPSy26KUQ8Q.-1447781937.tmp
  • /data/media/####/YtPRhrggenO00jz3td3HdRpt-zk.1533686185.tmp
  • /data/media/####/Z-CwkK32x4DV2BBpdDtxZi4nwxg.723407258.tmp
  • /data/media/####/ZIWH00r-u5SyK4t6Brp6Fhy0ckU.2015109409.tmp
  • /data/media/####/ZzaVKK-IJln7kFXHS20H1xbORKU.-2134441810.tmp
  • /data/media/####/__VERSION__
  • /data/media/####/aCaPDFtSdQ_IC06W3Z9P2zELT-M.-188940914.tmp
  • /data/media/####/ahS7fRc7uYgrws2lgyDDWGKyfHU.710670315.tmp
  • /data/media/####/app.db
  • /data/media/####/avast_done
  • /data/media/####/b05ce39c1fe9e72dc1df70989e7e6d14
  • /data/media/####/b970f169368042f48980563fa9b60af6
  • /data/media/####/bQrnrsSwyVtHyOlILcwq-dn_FJY.1014016684.tmp
  • /data/media/####/bcLrPGG7YgHsmNkQViy1RN2uw-4.1701716868.tmp
  • /data/media/####/biDKgJhNxd_wogTti_n_yEKbvLU.1326547603.tmp
  • /data/media/####/biIqmYAdyFY5It_jRfPQtqgI0Ag.262843117.tmp
  • /data/media/####/c16ft1vaT_eredxO5hZb-EBDTM0.616650195.tmp
  • /data/media/####/c811677d459046f3a95c06aa944c54a0
  • /data/media/####/cA33HDfOM0O9s1fSK0tEGG1sDls.602534014.tmp
  • /data/media/####/cC2pyKKei0EvhioBr2kqWoIm5n8.1955315248.tmp
  • /data/media/####/cCpQfY8By1heXSn1UrjwpLpB9SI.-1512581380.tmp
  • /data/media/####/cExF_48JS2jppA8KgPN2rRdJGrQ.-1857700585.tmp
  • /data/media/####/cU0
  • /data/media/####/cU0 (deleted)
  • /data/media/####/cgddUmGktT87MJQV6tpdLGrCweE.-1141521546.tmp
  • /data/media/####/com.getui.sdk.deviceId.db
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/com.lightsky.video.bin
  • /data/media/####/com.lightsky.video.db
  • /data/media/####/dIDPNQ6NKhC5Nf7ktpHkP-1kmQI.119657189.tmp
  • /data/media/####/dStsO22etAmq4dPGeKl8CQah0Vw.1461142154.tmp
  • /data/media/####/data.lock
  • /data/media/####/deviceToken
  • /data/media/####/dmewFKdfdZYyp0p38RVXriHOBoc.-376904322.tmp
  • /data/media/####/dnGhiq_eSQNlXRGBIOF6NtvAZz4.-1379643907.tmp
  • /data/media/####/dpey66GzivYJI5_k123jWsWdPQk.122547956.tmp
  • /data/media/####/dt04sysXoYke6Ey5YSZzg8HzzhA.-1957173970.tmp
  • /data/media/####/ea3136e7b9cb4334a1b2e99f6768142c
  • /data/media/####/fWKq0x__oF9AZcjDFBiJkmvpbAA.-1166780177.tmp
  • /data/media/####/g7ZCY4IWNIJKZ10PGYbtiJSox1A.900302556.tmp
  • /data/media/####/gmvF-fOli2A7YPK769xN2-fK9BQ.271826815.tmp
  • /data/media/####/gsrfQkStoFSQEIL3Qzi1YHCW9y0.1933841181.tmp
  • /data/media/####/ihKXvugm3a9SVTITz2xAQSpoOjs.-175211418.tmp
  • /data/media/####/iz1xq3Cl7LMibS5zGT9nnAVapqI.-624243142.tmp
  • /data/media/####/j3kU_Hy3S2_MiODl8yDaRfkzA1Y.-1872273036.tmp
  • /data/media/####/jcSAOr9jGZwkhQZMXMgqUBAFH0c.1173892262.tmp
  • /data/media/####/jkdMVHCwR-ZBlAoe-hT2K1W3v1Q.698331388.tmp
  • /data/media/####/kMq7gF7qLPcJcH3yFDaF6vnWokA.-931493004.tmp
  • /data/media/####/kqyaL6fcsI4fvjVWhlPLMcrR8GA.2122764267.tmp
  • /data/media/####/l3_kVHDTKKKxOr4QM_8g6PwYxWA.1481837765.tmp
  • /data/media/####/lduajaTtLoQ8ddulqMARKNaxBDY.721574279.tmp
  • /data/media/####/nK5nsxc2uUNP9j6FwdqnJVheNhw.-1868111986.tmp
  • /data/media/####/nU0DwUt2FVxpO6ved09w3qW9YG0.1383622468.tmp
  • /data/media/####/njsB-TYvoI-ukDmEr-DF8ZZkwaY.599163060.tmp
  • /data/media/####/oCAw3RjQYxVTe-YeDQXkhHKtuJk.-980696740.tmp
  • /data/media/####/oi29h00tAaeAx_VIk8L7qDaEcDI.898486912.tmp
  • /data/media/####/oiHq6f8OpQyVsaNnCLqa_hXNzdQ.2043493939.tmp
  • /data/media/####/pIbuUuzZYsyoCYw2SFb60ItCdmo.-876233378.tmp
  • /data/media/####/p_JektdRrZ8r8EM9UBmssevbCEs.1619289887.tmp
  • /data/media/####/pksBO2aZol1nLJ9Mb7s5Nmx0yHc.-1716924236.tmp
  • /data/media/####/qAM1IQYIzpV7omFkZU5RX0AVjr8.750085270.tmp
  • /data/media/####/qLEWOszDfdfG3lcCGWKMJwd1360.-1344368552.tmp
  • /data/media/####/r4jXkk7TLbPO5M3CAzAQJ5HO8wI.933228252.tmp
  • /data/media/####/report.lock
  • /data/media/####/rgc-3BMJN8ksU9VtlwaGd3aioRU.751909082.tmp
  • /data/media/####/rti1RUZhh2LUsAT5dYpwAdi9564.-307845459.tmp
  • /data/media/####/sAjBKeHpj0gpGe6cxOKUmVFXf7Y.-1293059444.tmp
  • /data/media/####/sk7hatSjR-RPq9TpjosXuPOk5CQ.1824390738.tmp
  • /data/media/####/su9BPvr5GwwA_NgEOWhkqlB8Qp0.-2092354060.tmp
  • /data/media/####/sw3tXvPnt-qiUBEaTJZQN3Rdms8.707773776.tmp
  • /data/media/####/tQ-4IdmuiOWHFxsBZO4ZE3ecHOU.809272440.tmp
  • /data/media/####/tdata_jVg168
  • /data/media/####/tdata_pSF696
  • /data/media/####/test.log
  • /data/media/####/uMw
  • /data/media/####/uMw (deleted)
  • /data/media/####/uXPLK7N3GZBQskAxDRngbbDE428.162204030.tmp
  • /data/media/####/uninstall_apk_list
  • /data/media/####/vM9Am-MvlIojF6_Z6LsRMRYByRo.-757516875.tmp
  • /data/media/####/vWnlLCoKhgYR4FlWODB-_ZJhoBQ.-966470992.tmp
  • /data/media/####/w_ULG3RFb0oJWbcF3Kr9sdn_NkY.-324259673.tmp
  • /data/media/####/xUm-uHLZseen7-xzU1dB1QKFots.-426804959.tmp
  • /data/media/####/xXbAGmzT44ZIBjF8b9KHCb73K5w.-1313295134.tmp
  • /data/media/####/yiDEbnuRI0nmWDX1xnqwPzJ32k0.964270406.tmp
  • /data/media/####/zKTxYbDnG-BZTFIpBGAn1UoJ49E.-115986459.tmp
  • /data/media/####/zyX5qmyFFxbnAsmBoYuqZgApMIE.-1733772826.tmp
Miscellaneous:
Executes next shell scripts:
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  • /system/xbin/which su
  • <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:5a56c9198f4a9d0c2f0001a8","utdid":"W1c5PkMxlIYDAGdzx1GF+EYj","sdkVersion":"221"} -I agoodm.m.taobao.com -O 80 -T -Z
  • <Package Folder>/files/gdaemon_20161017 0 <Package>/com.qihoo.qpush.sdk.GeTuiPushService 24825 300 0
  • cat /proc/version
  • cat /sys/class/net/wlan0/address
  • chmod 700 <Package Folder>/files/gdaemon_20161017
  • chmod 755 <Package Folder>/.jiagu/libjiagu-71411075.so
  • ls /
  • ls /sys/class/thermal
  • mount
  • sh
  • sh <Package Folder>/files/gdaemon_20161017 0 <Package>/com.qihoo.qpush.sdk.GeTuiPushService 24825 300 0
Loads the following dynamic libraries:
  • GPBreakpad
  • getuiext2
  • jcore120
  • libdvrender
  • libimagepipeline
  • libjiagu-71411075
  • libjplayer
  • liblocalserver
  • libtranscore
  • libviewer
  • tnet-3.1
Uses the following algorithms to encrypt data:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS7Padding
  • DES
  • RSA-ECB-PKCS1Padding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
  • RSA-None-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-NoPadding
  • DES
Uses elevated priveleges.
Uses special library to hide executable bytecode.
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about installed applications.
Gains access to information about running applications.
Gains access to information about accounts (Google, Facebook, etc.) registered on the device.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play