Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) sdk-ope####.g####.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) bs.great-f####.com:9080
- TCP(HTTP/1.1) bs.great-f####.com:80
- TCP sdk.o####.t####.####.com:5224
- TCP c####.g####.ig####.com:5225
- 7j####.c####.z0.####.com
- and####.b####.qq.com
- bs.great-f####.com
- c####.g####.ig####.com
- c-h####.g####.com
- m.fine-####.cn
- res.great-f####.com
- sdk-ope####.g####.com
- sdk.c####.ig####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- tj.great-f####.com
- wap.great-f####.com
- bs.great-f####.com/2016/12/02/1480635133283.jpg
- bs.great-f####.com/2016/12/02/1480636288128.jpg
- bs.great-f####.com/2016/12/02/1480636303871.jpg
- bs.great-f####.com/2016/12/02/1480636316283.jpg
- bs.great-f####.com/2016/12/06/1480986989681.jpg
- bs.great-f####.com/2016/12/06/1480987035895.jpg
- bs.great-f####.com/2016/12/06/1480987077651.jpg
- bs.great-f####.com/2016/12/06/1480987162888.jpg
- bs.great-f####.com/2016/12/06/1480987181823.jpg
- bs.great-f####.com/2016/12/06/1480987192401.jpg
- bs.great-f####.com/2016/12/12/1481508848177.JPG
- bs.great-f####.com/2017/03/04/c5vwOhxbVDrLhcCSYsUIbxrK7kPSotqf.jpg
- bs.great-f####.com/2017/05/11/kyZxIdeppttZIIxJd7onJ8ilOQuInHhO.jpg
- bs.great-f####.com/2017/05/11/xIGuCbySjZjH1DSht4jlSCRVk40L2C11.jpg
- bs.great-f####.com/2017/11/15/paHrG7jaLN7KTPRCGdmvgvBkuGwb8qjQ.jpg
- bs.great-f####.com/2018/04/28/sTEQQ4xqvIsCl404rbjg7maiko4Yutmp.jpg
- bs.great-f####.com/2018/05/02/Rz7WujDuliFPrCOBOlWNhq8ziM4ZtOQN.jpg
- bs.great-f####.com/2018/06/27/LdXciBBledzjHGiSWwwJoorlRo3k9umq.jpg
- bs.great-f####.com/activity/2018FIFA
- bs.great-f####.com/activity/2018FIFA/
- bs.great-f####.com/activity/2018FIFA/img/img/box-pic01.png
- bs.great-f####.com/activity/2018FIFA/img/img/box_pic02.png
- bs.great-f####.com/activity/2018FIFA/img/img/box_pic04.png
- bs.great-f####.com/activity/2018FIFA/img/img/box_pic05.png
- bs.great-f####.com/activity/2018FIFA/img/img/box_pic06.png
- bs.great-f####.com/activity/2018FIFA/img/img/box_pic07.png
- bs.great-f####.com/activity/2018marry/banner.jpg
- bs.great-f####.com/js/appX.js
- bs.great-f####.com/js/mui.min.js
- bs.great-f####.com/kdgold/img/Product/201806/26/ZB00426/ZB00426-BB-01.jpg
- bs.great-f####.com/kdgold/img/Product/201806/26/ZB00426/ZB00426-BB-02.jpg
- bs.great-f####.com/kdgold/img/Product/201806/26/ZB00426/ZB00426-BB-03.jpg
- bs.great-f####.com/kdgold/img/Product/201806/26/ZB00426/ZB00426-BB-04.jpg
- bs.great-f####.com/kdgold/img/Product/201806/26/ZB00426/ZB00426-BB-05.jpg
- bs.great-f####.com:9080/wb/KdGoldService?token=####&m=####&a=####&pageNo...
- bs.great-f####.com:9080/wb/KdGoldService?token=####&m=####&a=####&platfo...
- t####.c####.q####.####.com/config/hz-hzv6.conf
- t####.c####.q####.####.com/tdata_SzD730
- t####.c####.q####.####.com/tdata_ZCi456
- t####.c####.q####.####.com/tdata_aBz764
- and####.b####.qq.com/rqd/async
- bs.great-f####.com/tj.php
- c-h####.g####.com/api.php?format=####&t=####
- sdk-ope####.g####.com/api.php?format=####&t=####
- /data/data/####/bugly_db_legu-journal
- /data/data/####/clientid_igexin.xml
- /data/data/####/com.finegold.app.android.phone.xml
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/gdaemon_20161017
- /data/data/####/gkt-journal
- /data/data/####/gx_sp.xml
- /data/data/####/index
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/libnfix.so
- /data/data/####/libshella-2.10.0.so
- /data/data/####/libufix.so
- /data/data/####/local_crash_lock
- /data/data/####/mix.dex
- /data/data/####/native_record_lock
- /data/data/####/pdr.xml
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/run.pid
- /data/data/####/security_info
- /data/data/####/tdata_SzD730
- /data/data/####/tdata_SzD730.jar
- /data/data/####/tdata_ZCi456
- /data/data/####/tdata_ZCi456.jar
- /data/data/####/tdata_aBz764
- /data/data/####/tdata_aBz764.jar
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromiumPrivate.db-journal
- /data/data/####/webviewCookiesChromiumPrivate.db-journal (deleted)
- /data/media/####/1.chunk.js
- /data/media/####/2.chunk.js
- /data/media/####/ApplicationCache.db-journal
- /data/media/####/Cloud.js
- /data/media/####/CloudIM.js
- /data/media/####/IMPush.js
- /data/media/####/LeanIM.js
- /data/media/####/REST.js
- /data/media/####/Region.js
- /data/media/####/SlideMenu.js
- /data/media/####/aboutus.html
- /data/media/####/account.css
- /data/media/####/address-add.html
- /data/media/####/address-edit.html
- /data/media/####/address.html
- /data/media/####/app.css
- /data/media/####/app.db
- /data/media/####/app.js
- /data/media/####/arttmpl.js
- /data/media/####/author.png
- /data/media/####/av-core-mini-0.5.7.js
- /data/media/####/bind-login.html
- /data/media/####/bind-phone.html
- /data/media/####/blank.gif
- /data/media/####/blank.png
- /data/media/####/bonus-box.png
- /data/media/####/bonus.png
- /data/media/####/border.png
- /data/media/####/cart-box.html
- /data/media/####/cart.html
- /data/media/####/category.html
- /data/media/####/change-password.html
- /data/media/####/chatList.html
- /data/media/####/chatList.js
- /data/media/####/cmbc.png
- /data/media/####/cngold.png
- /data/media/####/com.finegold.app.android.phone.db
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/default-photo.png
- /data/media/####/default.png
- /data/media/####/delayimg.min.js
- /data/media/####/detail.html
- /data/media/####/edit-account.html
- /data/media/####/find-password.html
- /data/media/####/flow.png
- /data/media/####/getPicture.js
- /data/media/####/gkt-journal
- /data/media/####/gktper
- /data/media/####/highcharts.js
- /data/media/####/history.html
- /data/media/####/home.html
- /data/media/####/iconfont.ttf
- /data/media/####/iconfont2.ttf
- /data/media/####/iconfont3.ttf
- /data/media/####/iconfont4.ttf
- /data/media/####/iconfont5.ttf
- /data/media/####/id-bank-auth.html
- /data/media/####/im-chat.css
- /data/media/####/im-chat.html
- /data/media/####/im-chat.js
- /data/media/####/immersed.js
- /data/media/####/index-icon1.png
- /data/media/####/index-icon2.png
- /data/media/####/index-icon3.png
- /data/media/####/index-icon4.png
- /data/media/####/index-icon5.png
- /data/media/####/index-icon6.png
- /data/media/####/index-icon7.png
- /data/media/####/index-icon8.png
- /data/media/####/index.html
- /data/media/####/integral.html
- /data/media/####/integral_box.html
- /data/media/####/invite_bg.png
- /data/media/####/jbase64.js
- /data/media/####/jquery-1.8.2.min.js
- /data/media/####/jquery-2.1.4.min.js
- /data/media/####/lc_bs.html
- /data/media/####/lc_bs_box.html
- /data/media/####/lc_detail.html
- /data/media/####/lc_entity.html
- /data/media/####/lc_entity_detail.html
- /data/media/####/lc_profit.html
- /data/media/####/lc_repurchase.html
- /data/media/####/lc_repurchase_box.html
- /data/media/####/lc_statistics.html
- /data/media/####/limitbuy-list.html
- /data/media/####/login.html
- /data/media/####/logo-bg.png
- /data/media/####/logo-full.png
- /data/media/####/logo-top.png
- /data/media/####/logo.png
- /data/media/####/lrz.bundle.js
- /data/media/####/mall.html
- /data/media/####/manifest.json
- /data/media/####/md5.min.js
- /data/media/####/money_bank_card.html
- /data/media/####/money_carry.html
- /data/media/####/money_flow.html
- /data/media/####/money_flow_box.html
- /data/media/####/money_incharge.html
- /data/media/####/money_taste.html
- /data/media/####/money_taste_box.html
- /data/media/####/mui.css
- /data/media/####/mui.imageViewer.js
- /data/media/####/mui.imageviewer.css
- /data/media/####/mui.js
- /data/media/####/mui.listpicker.css
- /data/media/####/mui.listpicker.js
- /data/media/####/mui.min.css
- /data/media/####/mui.min.js
- /data/media/####/mui.poppicker.css
- /data/media/####/mui.poppicker.js
- /data/media/####/mui.previewimage.js
- /data/media/####/mui.ttf
- /data/media/####/mui.zoom.js
- /data/media/####/news.html
- /data/media/####/order-detail.html
- /data/media/####/order-evaluate-append.html
- /data/media/####/order-evaluate.html
- /data/media/####/order-list.html
- /data/media/####/order-refund-detail.html
- /data/media/####/order-refund-list.html
- /data/media/####/order-refund.html
- /data/media/####/order-submit.html
- /data/media/####/photo01.png
- /data/media/####/photo02.png
- /data/media/####/photo03.png
- /data/media/####/photo04.png
- /data/media/####/photo05.png
- /data/media/####/photo06.png
- /data/media/####/photo07.png
- /data/media/####/photo08.png
- /data/media/####/photo09.png
- /data/media/####/photo10.png
- /data/media/####/photo11.png
- /data/media/####/photo12.png
- /data/media/####/product-comment.html
- /data/media/####/push.js
- /data/media/####/pushtest.html
- /data/media/####/qq.png
- /data/media/####/reg.html
- /data/media/####/register.html
- /data/media/####/remote-webview.html
- /data/media/####/robot.png
- /data/media/####/search.html
- /data/media/####/set-pay-password.html
- /data/media/####/sge.png
- /data/media/####/special-buy.html
- /data/media/####/special-buylist.html
- /data/media/####/special-detail.html
- /data/media/####/special-price.html
- /data/media/####/special.html
- /data/media/####/style.css
- /data/media/####/swiper.min.css
- /data/media/####/swiper.min.js
- /data/media/####/tdata_SzD730
- /data/media/####/tdata_ZCi456
- /data/media/####/tdata_aBz764
- /data/media/####/template.js
- /data/media/####/test.html
- /data/media/####/test.log
- /data/media/####/topic-detail.html
- /data/media/####/topic.html
- /data/media/####/unionPay.gif
- /data/media/####/uploader.js
- /data/media/####/user-account.html
- /data/media/####/user-coupon-box.html
- /data/media/####/user-coupon.html
- /data/media/####/user-favproduct.html
- /data/media/####/user-favshop.html
- /data/media/####/user-invite.html
- /data/media/####/usercenter.html
- /data/media/####/vshop-category.html
- /data/media/####/vshop-coupon.html
- /data/media/####/vshop-detail.html
- /data/media/####/vshop-intro.html
- /data/media/####/vshop-list.html
- /data/media/####/vshop-search.html
- /data/media/####/vshop.html
- /data/media/####/wap-pay-webview.html
- /data/media/####/websocket.js
- /data/media/####/weibo.png
- /data/media/####/weixin.png
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- <Package Folder>/files/gdaemon_20161017 0 <Package>/com.igexin.sdk.PushService 25939 300 0
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 700 <Package Folder>/tx_shell/libnfix.so
- chmod 700 <Package Folder>/tx_shell/libshella-2.10.0.so
- chmod 700 <Package Folder>/tx_shell/libufix.so
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.vivo.os.build.display.id
- getprop ro.yunos.version
- logcat -d -v threadtime
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/com.igexin.sdk.PushService 25939 300 0
- Bugly
- getuiext2
- libnfix
- libshella-2.10.0
- libufix
- nfix
- ufix
- AES-ECB-PKCS5Padding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
- AES-ECB-PKCS5Padding
- AES-GCM-NoPadding