Technical information
- Adware.Gexin.1.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) cb####.z####.com:80
- TCP(HTTP/1.1) api.z####.com:80
- TCP(HTTP/1.1) cb####.z####.com:9009
- TCP(HTTP/1.1) i####.z####.com:80
- TCP(TLS/1.0) ssl.gst####.com:443
- TCP(TLS/1.0) mobile-####.tin####.com:443
- TCP(TLS/1.0) api.map.b####.com:443
- TCP(TLS/1.0) msg.umengc####.com:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) www.gst####.com:443
- TCP(TLS/1.0) a####.a####.m.####.com:443
- TCP(TLS/1.0) redi####.network####.com:443
- TCP(TLS/1.0) dc1.network####.com:443
- TCP openj####.m.ta####.com:443
- TCP ope####.m.ta####.com:443
- a####.m.ta####.com
- a####.u####.com
- ag####.m.ta####.com
- api.map.b####.com
- api.z####.com
- cb####.z####.com
- dc1.network####.com
- i####.z####.com
- mobile-####.tin####.com
- msg.umengc####.com
- redi####.network####.com
- ssl.gst####.com
- umen####.m.ta####.com
- umengj####.m.ta####.com
- www.go####.com
- www.gst####.com
- cb####.z####.com/?c=####&a=####&game=####&rentId=####®ionId=####&vesi...
- i####.z####.com/icons_img/caizhushou_imgv_small_min.jpg
- i####.z####.com/icons_img/caizhushou_imgv_small_min.jpg?token=####&rentI...
- i####.z####.com/news_img/20181108/1541660993138047812.png
- i####.z####.com/news_img/20181108/1541661102354018039.png
- i####.z####.com/news_img/20181108/1541661326423027189.png
- i####.z####.com/news_img/20181108/1541661481935008384.png
- i####.z####.com/news_img/20181108/1541661507619022325.png
- i####.z####.com/news_img/20181108/1541661531321076748.png
- i####.z####.com/news_img/20181108/1541672115312031181.jpg
- i####.z####.com/news_img/20181108/1541675573754083691.png
- i####.z####.com/news_img/20181109/1541735885654056059.jpg
- i####.z####.com/news_img/20181109/1541735917312079665.jpg
- i####.z####.com/news_img/20181109/1541735949511001899.jpg
- i####.z####.com/news_img/20181109/1541736036938028296.jpg
- i####.z####.com/news_img/20181109/1541736100222005705.jpg
- i####.z####.com/news_img/20181109/1541736133536010221.jpg
- i####.z####.com/news_img/20181109/1541736165221031781.jpg
- i####.z####.com/news_img/20181109/1541736195711038443.jpg
- i####.z####.com/news_img/20181109/1541736225567093729.jpg
- i####.z####.com/news_img/20181109/1541736254437034189.jpg
- i####.z####.com/news_img/20181109/1541747275394015082.png
- i####.z####.com/news_img/20181109/1541751473186033158.jpg
- i####.z####.com/news_img/20181109/1541751598296080881.png
- i####.z####.com/news_img/20181109/1541751914054025413.jpg
- i####.z####.com/news_img/20181109/1541752112114020244.jpg
- i####.z####.com/news_img/20181109/1541752426543093058.jpg
- i####.z####.com/news_img/20181109/1541753147508051103.jpg
- i####.z####.com/news_img/20181109/1541761311088088983.jpg
- i####.z####.com/news_img/20181109/1541761370387049472.jpg
- i####.z####.com/news_img/20181109/1541761408073076794.jpg
- i####.z####.com/news_img/20181109/1541761469655021614.jpg
- i####.z####.com/news_img/20181109/1541761546177027409.jpg
- a####.u####.com/app_logs
- api.z####.com/api/lottery/getResults
- api.z####.com/api/news/getNewsList
- api.z####.com/api/news/getProgramaList
- api.z####.com/api/our/secret/lottery/resultsAction
- api.z####.com/api/user/startover
- cb####.z####.com:9009/api/system/selectUserAppModule
- /data/data/####/.imprint
- /data/data/####/04463c15e79633771e2da9a7854bcd0ca5b45ce2d8da6ef....0.tmp
- /data/data/####/0a6cd959a3e3e51ddcc8b0292dff17ab5b1e8b2879d2779....0.tmp
- /data/data/####/177b9599733a0bd6255706c65f5ddea4.0.tmp
- /data/data/####/177b9599733a0bd6255706c65f5ddea4.1.tmp
- /data/data/####/2ab0eb63d249541d865aa1cd1d22c81d65f0656e0778c58....0.tmp
- /data/data/####/30b9eb66e06b7e2ab5f168b979c2cf01d97501e396b4fab....0.tmp
- /data/data/####/361117cd26385549d5740e9707571d95774a11c2b8e7295....0.tmp
- /data/data/####/3651d5063400ec1ffc94d376511f9bdf0fec25ef8324bdd....0.tmp
- /data/data/####/37a5e48809400578aff30d8de6d6f4802619f75a8ca4fe4....0.tmp
- /data/data/####/59b2374e1d9809801cf41e990c2b6a82b1108f1b35dc243....0.tmp
- /data/data/####/5bff1ee4ffb8e1b32d565413729d7bda6d639be2f47011f....0.tmp
- /data/data/####/70d8964aa7f51303bdf31a1255d6a3206a3d829f9551fd0....0.tmp
- /data/data/####/72ebae64ec43b1cfeb3c6c17ea0713874efd2e91a393834....0.tmp
- /data/data/####/7b89bd64292f9bc9c3697a76ac5eadfd0bde02408a8a481....0.tmp
- /data/data/####/82348635ec02b31a08a80a176bd4c2b18c8c0c95e734032....0.tmp
- /data/data/####/83f54037ec369a9d6f685b5ccebb10ed6a2278d7acc815f....0.tmp
- /data/data/####/847b8485a02bc38f91c40af58ecc2e3b105c912fdac22d4....0.tmp
- /data/data/####/855bebd47dc56de3b5b2c63a61301ddfe63f9d26064c778....0.tmp
- /data/data/####/88813603947fa1bf8b7b9610adef3f63f9397568ff88a01....0.tmp
- /data/data/####/8a5fa79a91e65cbefbb2a560d96a8effe4be564e6f1ceb1....0.tmp
- /data/data/####/93a9ea6ac9f463f68dd20b3339d57db9b0d9dfb3fa59c0a....0.tmp
- /data/data/####/959970efa63f1b4eb3c9fb7992dd0249298854e08ac1211....0.tmp
- /data/data/####/99dfc29e428e1df19b22f24dc256706e72304e7b7fdb5dd....0.tmp
- /data/data/####/ACCS_BINDumeng;5b02349df29d9834d3000020.xml
- /data/data/####/ACCS_SDK.xml
- /data/data/####/ACCS_SDK_CHANNEL.xml
- /data/data/####/AGOO_BIND.xml
- /data/data/####/Agoo_AppStore.xml
- /data/data/####/Alvin2.xml
- /data/data/####/ContextData.xml
- /data/data/####/CookiePersistence.xml
- /data/data/####/DaemonServer
- /data/data/####/MessageStore.db-journal
- /data/data/####/MsgLogStore.db-journal
- /data/data/####/PREFS_KEY_UNIQUE_IDENTIFIER.xml
- /data/data/####/a181bc2c5d666288877c483afb30114472a6995f98020bc....0.tmp
- /data/data/####/accs.db-journal
- /data/data/####/aceaee71d1718e34c38d432db556fdf35b224e452dc52bd....0.tmp
- /data/data/####/agoo.pid
- /data/data/####/authStatus_com.zbbt.caizhushou.xml
- /data/data/####/authStatus_com.zbbt.caizhushou;channel.xml
- /data/data/####/b0c3ca328d0f59327ffd2e7b3109b6ead10e9fc26ba0d4c....0.tmp
- /data/data/####/b224bf142d1b8fa069bd51e539205d65313126ab397e17b....0.tmp
- /data/data/####/c5bd56cda9ed273eca93129de7db21c992efb9f01317850....0.tmp
- /data/data/####/cache-db-journal
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/cc43715cee2ab3eb0f4136e76e704422a8e464202657d17....0.tmp
- /data/data/####/com.networkbench.agent.impl.v2_com.zbbt.caizhushou.xml
- /data/data/####/d1cdec5d7c5efea5d1eb6a8902562d5fcf6e7dd88a78ad5....0.tmp
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/e5c332ab42945228b31b9f5dcf189225adf11c3946929ad....0.tmp
- /data/data/####/ecc5d581995f9e80b51abf8835a00000e95eb46a68f4421....0.tmp
- /data/data/####/eudemon
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f2fd5dd039fcdc3cbaf6da1ce2cfd5bb8e256d9c73b0efc....0.tmp
- /data/data/####/f_000001
- /data/data/####/fragment_json.xml
- /data/data/####/index
- /data/data/####/journal.tmp
- /data/data/####/libcuid.so
- /data/data/####/libjiagu-1870512094.so
- /data/data/####/message_accs_db
- /data/data/####/message_accs_db-journal
- /data/data/####/multidex.version.xml
- /data/data/####/share_name_def.xml
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromium.db-journal (deleted)
- /data/data/####/webviewCookiesChromiumPrivate.db-journal
- /data/media/####/.cuid
- /data/media/####/.cuid2
- /data/media/####/.nomedia
- /data/media/####/01f0e761345144e3998a5dc90dba43eb
- /data/media/####/05bcefb793044055a2e56eac9c10a4ec
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/deviceToken
- <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:5b02349df29d9834d3000020","utdid":"W+ZE5VhDo24DAGdzx1GnDVrF","sdkVersion":"220"} -I agoodm.m.taobao.com -O 80 -T -Z
- chmod 500 <Package Folder>/files/DaemonServer
- chmod 755 <Package Folder>/.jiagu/libjiagu-1870512094.so
- sh
- BaiduMapSDK_base_v4_2_1
- libjiagu-1870512094
- tnet-3.1
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding