Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) sc.appvip####.com.####.com:80
- TCP(HTTP/1.1) ti####.c####.l####.####.com:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) l####.tbs.qq.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) a.vp####.com.####.com:80
- TCP(HTTP/1.1) loc.map.b####.com:80
- TCP(HTTP/1.1) a.vp####.com.####.cn:80
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(TLS/1.0) m####.appvip####.com:443
- TCP(TLS/1.0) api.u####.vip.com:443
- TCP(TLS/1.0) a.vp####.com.####.com:443
- TCP sdk.o####.t####.####.net:5224
- TCP c####.g####.ig####.com:5225
- 7j####.c####.z0.####.com
- a.app####.com
- a.vp####.com
- a.vp####.com
- and####.b####.qq.com
- api.u####.vip.com
- b.app####.com
- c####.g####.ig####.com
- c-h####.g####.com
- c.vp####.com
- l####.tbs.qq.com
- loc.map.b####.com
- m####.appvip####.com
- r####.uu.qq.com
- sc.appvip####.com
- sdk.c####.ig####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- a.vp####.com.####.cn/upcb/2018/08/27/175/ias_153538251832663.jpg
- a.vp####.com.####.cn/upcb/2018/09/07/104/ias_153630992278534.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/06/11/11/15286886223150.png
- a.vp####.com.####.cn/upload/goadmin/2018/06/11/121/15286878758512.png
- a.vp####.com.####.cn/upload/goadmin/2018/06/11/187/15286882882933.png
- a.vp####.com.####.cn/upload/goadmin/2018/06/19/156/15293762641789.png
- a.vp####.com.####.cn/upload/goadmin/2018/06/19/78/15293785864499.png
- a.vp####.com.####.cn/upload/goadmin/2018/07/13/152/15314774727187.png
- a.vp####.com.####.cn/upload/goadmin/2018/07/13/54/15314756051117.png
- a.vp####.com.####.cn/upload/goadmin/2018/08/02/66/15331749404077.png
- a.vp####.com.####.cn/upload/goadmin/2018/08/23/143/15350012734457.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/08/23/146/15350011049577.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/08/23/27/15350010452062.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/08/23/30/15350013742843.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/08/23/32/15350011173517.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/08/23/79/15350011394778.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/08/23/9/15350012188418.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/08/24/129/15351156487378.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/08/24/167/15351132105659.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/08/24/37/15351159591009.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/08/24/66/15351132834935.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/08/26/11/15352796642133.png
- a.vp####.com.####.cn/upload/goadmin/2018/08/26/13/15352800643440.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/08/26/43/15352788993296.png
- a.vp####.com.####.cn/upload/goadmin/2018/08/26/5/15352789235129.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/09/04/138/15360510381584.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/09/17/146/15371633653231.jpg
- a.vp####.com.####.cn/upload/goadmin/2018/09/17/163/15371634376899.png
- a.vp####.com.####.com/upload/category/2018/08/24/107/7635acb8-9f7b-424d-...
- a.vp####.com.####.com/upload/merchandise/pdc/416/633/81141347167633416/9...
- a.vp####.com.####.com/upload/merchandise/pdcpos/1100000588/2018/0915/112...
- a.vp####.com.####.com/upload/merchandise/pdcpos/1100001631/2018/0904/96/...
- a.vp####.com.####.com/upload/merchandise/pdcvis/102174/2018/0903/117/a0f...
- a.vp####.com.####.com/upload/merchandise/pdcvis/114104/2018/0802/145/88f...
- a.vp####.com.####.com/upload/merchandise/ugcaudit/2018/09/13/149/978f4c3...
- sc.appvip####.com.####.com/upload/actpics/cps/0/2016/11/17/170/skn8ddl0t...
- sc.appvip####.com.####.com/upload/actpics/cps/0/2018/09/07/5/k28tyeqnkr5...
- sc.appvip####.com.####.com/upload/actpics/cps/0/2018/09/10/133/6qkmk64qd...
- sc.appvip####.com.####.com/upload/actpics/cps/0/2018/09/10/160/erg9x55z6...
- sc.appvip####.com.####.com/upload/actpics/cps/0/2018/09/10/169/ys1nd52u9...
- sc.appvip####.com.####.com/upload/actpics/cps/0/2018/09/10/194/cmxh7uizm...
- sc.appvip####.com.####.com/upload/actpics/cps/0/2018/09/10/63/btsbx92sb4...
- sc.appvip####.com.####.com/upload/actpics/cps/0/2018/09/10/63/i2notwztg1...
- sc.appvip####.com.####.com/upload/actpics/cps/0/2018/09/12/175/2sl0suyvq...
- sc.appvip####.com.####.com/upload/actpics/cps/0/2018/09/13/16/j0iugm4at1...
- sc.appvip####.com.####.com/upload/actpics/cps/0/2018/09/13/25/8hxo1vdbi2...
- sc.appvip####.com.####.com/upload/actpics/cps/0/2018/09/15/145/8h1gosle8...
- sc.appvip####.com.####.com/upload/actpics/cps/0/2018/09/16/126/qmt75ynob...
- sc.appvip####.com.####.com/upload/actpics/cps/0/2018/09/17/153/nj2zw53tk...
- sc.appvip####.com.####.com/upload/actpics/cps/0/2018/09/17/58/1n97te2r97...
- sc.appvip####.com.####.com/upload/dcvry/2018/08/16/194/w710x471h/1534410...
- sc.appvip####.com.####.com/upload/dcvry/2018/08/31/145/1535680427327_csm...
- sc.appvip####.com.####.com/upload/dcvry/2018/09/13/102/1536834991275_csm...
- sc.appvip####.com.####.com/upload/dcvry/2018/09/15/195/1537005487982_csm...
- sc.appvip####.com.####.com/upload/dcvry/2018/09/16/38/1537104877957_csms...
- sc.appvip####.com.####.com/upload/dcvry/2018/09/17/105/1537169793685_csm...
- sc.appvip####.com.####.com/upload/dcvry/2018/09/17/156/1537155763575_csm...
- sc.appvip####.com.####.com/vips-mobile-tracker/router.do?idfv=####&sessi...
- sc.appvip####.com.####.com/vips-mobile-tracker/router.do?session_id=####...
- t####.c####.q####.####.com/tdata_Soq141
- t####.c####.q####.####.com/tdata_vxj811
- ti####.c####.l####.####.com/config/hz-hzv3.conf
- and####.b####.qq.com/rqd/async
- and####.b####.qq.com/rqd/sync
- c-h####.g####.com/api.php?format=####&t=####
- l####.tbs.qq.com/ajax?c=####&k=####
- loc.map.b####.com/offline_loc
- loc.map.b####.com/sdk.php
- sdk.o####.p####.####.com/api.php?format=####&t=####
- /data/data/####/-u4wZya55Yc_mdFB6KYiy7BfRro.-341099524.tmp
- /data/data/####/111CLckzpH4pr2X9qwag7jJqrt0.-1499041845.tmp
- /data/data/####/2oqNWDLZHRHyFfSPVf7JtZjMxSY.780789398.tmp
- /data/data/####/2xGnJVYv6ec2nFQ7RzKfagWbcl8.-433601584.tmp
- /data/data/####/35ygTj5cO1p63MsUiKyG3GUoX38.720284319.tmp
- /data/data/####/6CeFFfNTuST3cUAe79lf_OLvk3I.-577554994.tmp
- /data/data/####/6e4lW3w2Mv_l2ffDHgOP0iskDz8.-903605840.tmp
- /data/data/####/6omQvGZyHgbiusDDVK-hIxQNWS8.-938065217.tmp
- /data/data/####/AhGLeDNf3ei7XDFRyOgRzyRmH8M.1271028402.tmp
- /data/data/####/EiQOX7Lv-5VhQFGWfisIGp5_tcw.-2086732920.tmp
- /data/data/####/FAMvjIpwZvl92BlW1gkUCMEFy1k.1757531573.tmp
- /data/data/####/FRXCWCTA0tdSXbDMW1FbUzhWEkk.-1934680118.tmp
- /data/data/####/Fnk4YFVjjRA0dh8R54iHr9E1HOo.1404926965.tmp
- /data/data/####/GdV8lYwHi07LkTYaIZjv5cAuino.-2013656980.tmp
- /data/data/####/HkeG1yykkdxrQYJfTxEqp2BO5Yk.-537924013.tmp
- /data/data/####/IZjIkM87kmYCLseKPUWWU7Tf5t4.-885903699.tmp
- /data/data/####/IgiYQC0Yty5x2S5GLYsx7iXb-g8.-2065136438.tmp
- /data/data/####/Lk8bNu2QuKLq5l18oHZJmcdaTzU.-1606460091.tmp
- /data/data/####/M1LZpsWZ7utkoYFAh8un3gTfQVg.-116035967.tmp
- /data/data/####/M_a97Bt6Ble5z_jKcRdPUUq1BbQ.-1783045471.tmp
- /data/data/####/NWkQPVZabh_PI1n4kBTCTTMB2wY.-273133466.tmp
- /data/data/####/OUjlWvEwPpKJfVI_mpJ2e1YHqj8.1399351703.tmp
- /data/data/####/PI37BzMg_eXGKyHK2ooF1wIBOlM.2016535964.tmp
- /data/data/####/PjkDNPVAa27iRu8MFx2401Ot7Lw.1872109560.tmp
- /data/data/####/Pld1IsgCFHuUuZN69yOENFqDe-s.-1469705788.tmp
- /data/data/####/PwLrkbyPeAhwWgrZYOMES-0gUE0.1487774353.tmp
- /data/data/####/QWWsWICmxLK-y73kHHBRHRaZwk4.-2000549560.tmp
- /data/data/####/QmyWfESaKYc8m3KwCUmWgUr9B3Y.-2007297946.tmp
- /data/data/####/SZKZ2ksa8tx8Fjnj1vzeoauU5-A.528383389.tmp
- /data/data/####/SeplollfS01bc_w-Kg55Mx1WJTQ.-909967826.tmp
- /data/data/####/TEMP_PREFERENCES_NAME.xml
- /data/data/####/TckNQ7pjcprzhOPhkKorMRUbnHU.-1935319903.tmp
- /data/data/####/VVnoBGamgZO5TvMVsqpsMeSOQZw.-1502739330.tmp
- /data/data/####/Vj_emzm_zOLQl_5PWbp22psQb3s.1569193885.tmp
- /data/data/####/XO-H24sL_ZvUtF9Fn4Iu3Qxo6HM.-2103913798.tmp
- /data/data/####/XPTfBCKZk39W8tU0oL3-V6DRP1c.-474193241.tmp
- /data/data/####/ZWeAllGfR5SskHWC9E3wH3gsa60.-1083444632.tmp
- /data/data/####/b5gphQCYo4bPpdiwMhR8uydfwl4.-337208329.tmp
- /data/data/####/bugly_data.xml
- /data/data/####/bugly_db_-journal
- /data/data/####/bugly_db_legu-journal
- /data/data/####/buglylog_com.vipshop.vswxk;pushservice_.txt
- /data/data/####/buglylog_com.vipshop.vswxk;remote_.txt
- /data/data/####/buglylog_com.vipshop.vswxk_.txt
- /data/data/####/com.vipshop.vswxk.xml
- /data/data/####/com.vipshop.vswxk.xml (deleted)
- /data/data/####/core_info
- /data/data/####/cube_ptr_classic_last_update.xml
- /data/data/####/dBQ6ZZlU7DvL_MO1zlHSnwgSHGY.-542001523.tmp
- /data/data/####/dINxPnE7LR_1-7Jv7tBSwmX1M-k.493463132.tmp
- /data/data/####/daDaTTELlI8o0OzjVP6Amk8eqz4.-1446695668.tmp
- /data/data/####/dgD4RrCAMyfhtNl2B_L4AZ8-odo.-1362095421.tmp
- /data/data/####/elqwbTYK1jOMzVwK-nNSOJoBxys.-421482668.tmp
- /data/data/####/fEAkIhLleL6AdD2-rxUvx32uN2E.-718455972.tmp
- /data/data/####/firll.dat
- /data/data/####/gdaemon_20161017
- /data/data/####/getui_sp.xml
- /data/data/####/gx_sp.xml
- /data/data/####/huKoFeClTQ1IpJTZ8vylp6nzqa0.568961055.tmp
- /data/data/####/iFC3u2CwbmEUfw0-Ux1uqXYrJJ4.287460993.tmp
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/kIkv8ESmub8xvBJA_7qL307Yyac.-1599608735.tmp
- /data/data/####/lFhcgn8259mTTMpDhBwKfDJtg9s.824750825.tmp
- /data/data/####/libnfix.so
- /data/data/####/libshella-2.9.0.2.so
- /data/data/####/libufix.so
- /data/data/####/local_crash_lock
- /data/data/####/logcache-journal
- /data/data/####/mLVIOuF_JdouCGfwDqvuXjZKi4s.-1660401019.tmp
- /data/data/####/mg9PptulJci5auTV0yxA0iIQctg.-2082357799.tmp
- /data/data/####/mix.dex
- /data/data/####/multidex.version.xml
- /data/data/####/nBuWB36_a62oyBSLvmF4mTTzg7s.150477553.tmp
- /data/data/####/native_record_lock
- /data/data/####/nxnB2PB_XF0DiiBEQSjCn2cQj1Y.-1684614263.tmp
- /data/data/####/o4ghNVpeT0PT94XmOabHso4Q4-M.-544102749.tmp
- /data/data/####/o73WtlYRY-H0y8ub0vNBNipRvj4.1492657829.tmp
- /data/data/####/oKrT181f_YySZ5Nv1ZwFr5mWe-c.-1934140296.tmp
- /data/data/####/od8VnEpS5SHcG1PFGIijZ4bnh0c.1814026299.tmp
- /data/data/####/ofl.config
- /data/data/####/ofl_location.db
- /data/data/####/ofl_location.db-journal
- /data/data/####/ofl_statistics.db
- /data/data/####/ofl_statistics.db-journal
- /data/data/####/oiTKdkmYAIlr7kdd7TwX-KC1ybw.-1806092191.tmp
- /data/data/####/pd0JGRMk8txa7OJxrTKFDa5fKD8.102880790.tmp
- /data/data/####/pinyin4android
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/run.pid
- /data/data/####/security_info
- /data/data/####/t4PW6_VkudjRlpHL1qibbikL2iM.760138885.tmp
- /data/data/####/tbs_download_config.xml
- /data/data/####/tbs_download_stat.xml
- /data/data/####/tbscoreinstall.txt
- /data/data/####/tbslock.txt
- /data/data/####/tdata_Soq141
- /data/data/####/tdata_Soq141.jar
- /data/data/####/tdata_vxj811
- /data/data/####/tdata_vxj811.jar
- /data/data/####/u42bZaMuotT8VOHrPKfquIqiFFQ.-1785718682.tmp
- /data/data/####/uhTHdtUG5BrL_3EyNI2ywpg9_0M.2112303663.tmp
- /data/data/####/vipunion.db-journal
- /data/data/####/vvkKwbHHExykCqhfFFDjANNJhqY.-2086561842.tmp
- /data/data/####/vxaAt9vo2Lr0xbdMHEuNvn6bUEk.-2037174947.tmp
- /data/data/####/zwphtrsZnv5mlGycZOSBWj7aIzk.1006283889.tmp
- /data/media/####/.cuid
- /data/media/####/.nomedia
- /data/media/####/app.db
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/com.vipshop.vswxk.bin
- /data/media/####/com.vipshop.vswxk.db
- /data/media/####/conlts.dat
- /data/media/####/ller.dat
- /data/media/####/ls.db
- /data/media/####/ls.db-journal
- /data/media/####/tdata_Soq141
- /data/media/####/tdata_vxj811
- /data/media/####/test.0
- /data/media/####/test.log
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.main.gettui.GetuiNewPushService 24767 300 0
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 700 <Package Folder>/tx_shell/libnfix.so
- chmod 700 <Package Folder>/tx_shell/libshella-2.9.0.2.so
- chmod 700 <Package Folder>/tx_shell/libufix.so
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.product.cpu.abi
- getprop ro.vivo.os.build.display.id
- getprop ro.yunos.version
- logcat -d -v threadtime
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.main.gettui.GetuiNewPushService 24767 300 0
- Bugly
- JniHelper
- getuiext2
- imagepipeline
- libnfix
- libshella-2.9.0.2
- libufix
- locSDK6a
- nfix
- ufix
- AES-CBC-PKCS5Padding
- AES-GCM-NoPadding
- DES-CBC-PKCS5Padding
- RSA-ECB-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
- AES-GCM-NoPadding
- DES-CBC-PKCS5Padding