Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.b####.qq.com:8012
- TCP(HTTP/1.1) www.j####.com:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) t.j####.com:8081
- TCP(HTTP/1.1) phon####.x####.d####.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) t.j####.com:8008
- TCP(HTTP/1.1) log.ifl####.com:80
- TCP(HTTP/1.1) a####.b####.qq.com:8011
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(HTTP/1.1) 1####.55.144.200:80
- TCP sdk.o####.t####.####.com:5224
- TCP c####.g####.ig####.com:5227
- 7j####.c####.z0.####.com
- a####.b####.qq.com
- aexcep####.b####.qq.com
- and####.b####.qq.com
- c####.g####.ig####.com
- c-h####.g####.com
- d####.opensp####.cn
- log####.ifl####.com
- log.ifl####.com
- phon####.x####.d####.com
- scs.opensp####.cn
- sdk.c####.ig####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- t.j####.com
- www.j####.com
- phon####.x####.d####.com/weather/getWeatherByAreaID?areaId=####
- t####.c####.q####.####.com/config/hz-hzv3.conf
- t####.c####.q####.####.com/tdata_Soq141
- t####.c####.q####.####.com/tdata_fEV688
- t####.c####.q####.####.com/tdata_ntt510
- t.j####.com:8008/app_if/MobileApp?appKey=####&channel=####&versionCode=#...
- t.j####.com:8008/app_if/discussCount?id=####&type=####&siteId=####&sourc...
- t.j####.com:8008/app_if/discussHot?jsoncallback=####&id=####&type=####&s...
- t.j####.com:8008/app_if/discussView?jsoncallback=####&id=####&type=####&...
- t.j####.com:8008/app_if/getArticleContent?articleId=####
- t.j####.com:8008/app_if/getArticles?columnId=####&version=####&lastFileI...
- t.j####.com:8008/app_if/getColumns?siteId=####&parentColumnId=####&versi...
- t.j####.com:8008/app_if/getConfig?appID=####
- t.j####.com:8008/app_if/hasFav?userID=####&articleID=####&siteID=####&ty...
- t.j####.com:8008/app_if/redDot?siteID=####
- t.j####.com:8081/jnrb/201707/26/2f4c0eb3-d3b2-48c7-988f-4b055ab994a2.png
- t.j####.com:8081/jnrb/201707/26/33366e2d-1b5e-48fd-866c-ee0f369bb70c.png
- t.j####.com:8081/jnrb/201707/26/f8384775-2d40-464b-aa94-a4d2390e0bee.png
- t.j####.com:8081/jnrb/201707/26/fda608e1-27e8-4cd4-8996-6f38315048d8.png
- www.j####.com/404c21bf-54f4-4830-9e14-b5ffd6db589a.zip
- www.j####.com/75423517-8a3a-4d8f-9265-1ae317d56eb2.jpg
- www.j####.com/zsjn/pic/2019-01/23/04cfe744-32b3-4043-8043-73c1ca1d8f05.jpg
- www.j####.com/zsjn/pic/2019-01/27/159de238-ff2c-472f-a2c5-8abbcb511ae7.jpg
- www.j####.com/zsjn/pic/2019-01/27/196410de-212e-4169-bb69-9daeed339548.jpg
- www.j####.com/zsjn/pic/2019-01/27/4a36548a-2b4c-49fc-824b-50a5020dd0c6.jpg
- www.j####.com/zsjn/pic/2019-01/27/5813f97b-fd66-4875-a9ab-cafe6c974b2e.jpg
- www.j####.com/zsjn/pic/2019-01/27/b7fe0106-2d15-4a34-bcc4-192d79b00353.jpg
- www.j####.com/zsjn/pic/2019-01/27/bc307d58-e15c-429c-832d-ee72f7965cbd.jpg
- www.j####.com/zsjn/pic/2019-01/28/1622206e-5438-47f5-875f-e743afae9787.jpg
- www.j####.com/zsjn/pic/2019-01/28/4763e95f-c829-454e-ab9e-b07db3fd88f017...
- www.j####.com/zsjn/pic/2019-01/28/5cfe223d-3def-424f-b951-5dffa2b88378.jpg
- www.j####.com/zsjn/pic/2019-01/28/81e4a1fe-0d74-47d1-a6fa-e79d09621fc333...
- www.j####.com/zsjn/pic/2019-01/28/94d7e9e1-a54b-475e-a227-19eed859f2ad.jpg
- www.j####.com/zsjn/pic/2019-01/28/f96a35e0-5e92-4210-87e0-6784a7afc111.jpg
- a####.b####.qq.com:8011/rqd/async
- a####.b####.qq.com:8012/rqd/async
- and####.b####.qq.com/rqd/async
- c-h####.g####.com/api.php?format=####&t=####
- log.ifl####.com/hotupdate
- log.ifl####.com/index.php/clientrequest/clientcollect/isCollect
- log.ifl####.com/log?product=####&appid=####&size=####&platform=####&sour...
- log.ifl####.com/scs?logver=####&cmd=####&size=####
- sdk.o####.p####.####.com/api.php?format=####&t=####
- t.j####.com:8008/app_if/event
- /data/data/####/-1005909431
- /data/data/####/-1084604138
- /data/data/####/-1194544856
- /data/data/####/-1391058361
- /data/data/####/-1693183643
- /data/data/####/-1791963451
- /data/data/####/-1988476956
- /data/data/####/-211977331
- /data/data/####/-408490836
- /data/data/####/-809395926
- /data/data/####/-934889704
- /data/data/####/.project
- /data/data/####/02.png
- /data/data/####/09505812ba2724a2de17ca8d5643757aa515698a00957c8....0.tmp
- /data/data/####/0b534ecbda0bd7dc72571d6c62bde6c78c7674f0337ff9c....0.tmp
- /data/data/####/0eabbcd3b5f2e1fbddfaecf42e8f1af90c74ec458e85791....0.tmp
- /data/data/####/1030950414
- /data/data/####/107192b530383501f2ff28a495409ddd3cf3b131439de58....0.tmp
- /data/data/####/1221409398
- /data/data/####/1402515637
- /data/data/####/1691443635
- /data/data/####/1887957140
- /data/data/####/18d7668777e05b9a503e420223cd5a3b00148fc55ce93cd....0.tmp
- /data/data/####/2029170732
- /data/data/####/24ea29b9372885f86de97f0136f0163a84400f8fd0c17e4....0.tmp
- /data/data/####/2afb9ea32a6ec33a3947091c1736a0cfd8e0b38f4a3f89a....0.tmp
- /data/data/####/35ec4e4ac4c318e8f5174257340c46a683f0086b66ecea9....0.tmp
- /data/data/####/394053299f4e6edd36ac5e1ab704aa7e2b9d359831b3cc2....0.tmp
- /data/data/####/397b81e9aaf91f834044181c4e5904384592055ccfd66e4....0.tmp
- /data/data/####/3a82bca909e07fad2e07ee8d30cc813ef34bb084cb63fb2....0.tmp
- /data/data/####/44ad1fcb26bb117c21131d6a30c359267ec0ebbca129ec4....0.tmp
- /data/data/####/476422952
- /data/data/####/5060b3dde6782482f9b58a32f062ec7fd3bc91890d87df0....0.tmp
- /data/data/####/708876110
- /data/data/####/71.png
- /data/data/####/72.png
- /data/data/####/733137899639ecfaf55c91eacfccca7498d0557a44658a5....0.tmp
- /data/data/####/7545ce973900a626e474162fc6208d8ec9ff145f82bc480....0.tmp
- /data/data/####/905389615
- /data/data/####/95ab9549f65601b4562c5b6a9bc2fafd8ca75173e1be0ab....0.tmp
- /data/data/####/FZLTXHK-GBK_YS.ttf
- /data/data/####/a515100a3832e7d1a4312dce97ff6d64856c1f43bbcaa31....0.tmp
- /data/data/####/active.css
- /data/data/####/active.html
- /data/data/####/active.js
- /data/data/####/active.js.bak
- /data/data/####/angular.js
- /data/data/####/articleJson.js
- /data/data/####/articleJson.js.bak
- /data/data/####/attId_5_newsId_627854_articleJson.js
- /data/data/####/b872b39f5454f6ad6eb6dc8ed6311de970546ec721b0c5b....0.tmp
- /data/data/####/base.css
- /data/data/####/bf077879d1729a27881aee96f14106f89fb35afa2e847f5....0.tmp
- /data/data/####/bfe70bbc9c068478837ef67d64caf734ca4c46fb2912e26....0.tmp
- /data/data/####/bugly_db_legu-journal
- /data/data/####/columnId.xml
- /data/data/####/com.iflytek.id.xml
- /data/data/####/com.iflytek.msc.xml
- /data/data/####/content_template.html
- /data/data/####/d889ce8b89213c5781dca540c73f01cc7cd1d9af48762a5....0.tmp
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/db_founder26118
- /data/data/####/db_founder26118-journal
- /data/data/####/defaultImg.png
- /data/data/####/e0eb5d857e952735c49e3c3c2b9a294d20a5e8385832a4f....0.tmp
- /data/data/####/f_000001
- /data/data/####/flexible.js
- /data/data/####/fontSytleMsg.xml
- /data/data/####/gdaemon_20161017
- /data/data/####/getui_sp.xml
- /data/data/####/gx_sp.xml
- /data/data/####/iflytek_cached_com.jiningdaily.product
- /data/data/####/iflytek_collect_state.xml
- /data/data/####/iflytek_device_info.jar
- /data/data/####/iflytek_state_com.jiningdaily.product.xml
- /data/data/####/iflytek_state_com.jiningdaily.product.xml.bak
- /data/data/####/index
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/journal.tmp
- /data/data/####/jquery-1.9.1.min.js
- /data/data/####/jxcom.js
- /data/data/####/libnfix.so
- /data/data/####/libshella-2.9.0.5.so
- /data/data/####/libufix.so
- /data/data/####/local_crash_lock
- /data/data/####/mix.dex
- /data/data/####/mobclick_agent_cached_com.jiningdaily.product
- /data/data/####/mobclick_agent_header_com.jiningdaily.product.xml
- /data/data/####/mobclick_agent_state_com.jiningdaily.product.xml
- /data/data/####/multidex.version.xml
- /data/data/####/my_database.db-journal
- /data/data/####/native_record_lock
- /data/data/####/playBtn.png
- /data/data/####/portrait.jpg
- /data/data/####/praise.png
- /data/data/####/praised.png
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushk.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/py.png
- /data/data/####/qaPage.css
- /data/data/####/qaPage.html
- /data/data/####/qaPage.js
- /data/data/####/qq.png
- /data/data/####/reader.db-journal
- /data/data/####/reader.png
- /data/data/####/run.pid
- /data/data/####/security_info
- /data/data/####/subscribeColumnId.xml
- /data/data/####/tdata_Soq141
- /data/data/####/tdata_Soq141.jar
- /data/data/####/tdata_fEV688
- /data/data/####/tdata_fEV688.jar
- /data/data/####/tdata_ntt510
- /data/data/####/tdata_ntt510.jar
- /data/data/####/vue-resource.js
- /data/data/####/vue.js
- /data/data/####/wb.png
- /data/data/####/weatherSp.xml
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/weibo_logo.png
- /data/data/####/wx.png
- /data/media/####/.cuid
- /data/media/####/app.db
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/com.jiningdaily.product.bin
- /data/media/####/com.jiningdaily.product.db
- /data/media/####/iflyworkdir_test
- /data/media/####/localTemplate.zip
- /data/media/####/tdata_Soq141
- /data/media/####/tdata_fEV688
- /data/media/####/tdata_ntt510
- /data/media/####/test.log
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- <Package Folder>/files/gdaemon_20161017 0 <Package>/com.founder.product.push.MyGetuiService 25350 300 0
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 700 <Package Folder>/tx_shell/libnfix.so
- chmod 700 <Package Folder>/tx_shell/libshella-2.9.0.5.so
- chmod 700 <Package Folder>/tx_shell/libufix.so
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.vivo.os.build.display.id
- getprop ro.yunos.version
- logcat -d -v threadtime
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/com.founder.product.push.MyGetuiService 25350 300 0
- Bugly
- RSSupportIO
- getuiext2
- libnfix
- librsjni
- libshella-2.9.0.5
- libufix
- msc
- nfix
- ufix
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
- AES-GCM-NoPadding