Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.exc.mob.com:80
- TCP(HTTP/1.1) zqt.go####.com:80
- TCP(HTTP/1.1) a.appj####.com:80
- a####.exc.mob.com
- a.appj####.com
- api.s####.mob.com
- zqt.go####.com
- zqt.go####.com/?r=####
- zqt.go####.com/ajax/Feedback.ashx?act=####&_=####
- zqt.go####.com/ajax/Feedback.ashx?act=####&state=####&all=####&pageSize=...
- zqt.go####.com/ajax/Notice.ashx?act=####&id=####&_=####
- zqt.go####.com/ajax/Notice.ashx?act=####&pageSize=####&pageIndex=####&_=...
- zqt.go####.com/ajax/Questionnaire.ashx?act=####&pageindex=####&pagesize=...
- zqt.go####.com/ajax/tag.ashx?act=####&_=####
- zqt.go####.com/ajax/user.ashx?act=####&_=####
- zqt.go####.com/css/global.css
- zqt.go####.com/css/media.css
- zqt.go####.com/css/reset.css
- zqt.go####.com/css/swiper.min.css
- zqt.go####.com/images/company.png
- zqt.go####.com/images/header.png
- zqt.go####.com/images/ico/notice.png
- zqt.go####.com/images/ico/ques.png
- zqt.go####.com/images/imgload.gif
- zqt.go####.com/images/login.png
- zqt.go####.com/images/logo.png
- zqt.go####.com/images/qyxs.jpg
- zqt.go####.com/images/test/code.jpg
- zqt.go####.com/images/wechatCode.png
- zqt.go####.com/images/zqtLogo.png
- zqt.go####.com/index.html
- zqt.go####.com/infoDetail.html?id=####
- zqt.go####.com/js/jquery-1.9.1.js
- zqt.go####.com/js/jquery-1.9.1.min.js
- zqt.go####.com/js/lib/alert.js
- zqt.go####.com/js/lib/common.js
- zqt.go####.com/js/lib/common.js?a=####
- zqt.go####.com/js/lib/global.js
- zqt.go####.com/js/lib/swiper.min.js
- zqt.go####.com/js/lib/vue.js
- zqt.go####.com/js/m/app.js
- zqt.go####.com/js/m/app_api.js
- zqt.go####.com/js/m/index.js
- zqt.go####.com/js/m/infodetail.js
- zqt.go####.com/js/m/question.js
- zqt.go####.com/js/m/voicelist.js
- zqt.go####.com/login.html?back=####
- zqt.go####.com/questionList.html?r=####
- zqt.go####.com/uploadimg/cover/2742f053-40ac-4088-8aec-8830537954d3.png
- zqt.go####.com/uploadimg/cover/3d11cdaf-3736-4693-8d58-3359c1cf4a22.jpg
- zqt.go####.com/uploadimg/cover/6c0651c5-3714-482d-9387-b19a72bbb91c.jpg
- zqt.go####.com/uploadimg/cover/7ffd4078-2ac7-468f-9788-d5b2cea8b45a.jpg
- zqt.go####.com/uploadimg/cover/a94d65a0-ae3f-40ac-a4b4-59a200c77bf2.jpg
- zqt.go####.com/uploadimg/cover/cace96f8-74eb-4be4-92a3-1466b7d1ad4b.jpg
- zqt.go####.com/uploadimg/cover/f3ff5de5-2644-408d-bed1-612a1a708330.jpg
- zqt.go####.com/user_enterprise.html?r=####
- zqt.go####.com/voiceList.html?r=####
- a####.exc.mob.com/errconf
- a.appj####.com/ad-service/ad/mark
- /data/data/####/.jg.ic
- /data/data/####/.log.lock
- /data/data/####/.log.ls
- /data/data/####/IndexHtml.xml
- /data/data/####/ThrowalbeLog.db-journal
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/index
- /data/data/####/jg_app_update_settings_random.xml
- /data/data/####/libjiagu.so
- /data/data/####/mob_sdk_exception_1.xml
- /data/data/####/share_sdk_1.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromiumPrivate.db-journal
- /data/data/####/webviewCookiesChromiumPrivate.db-journal (deleted)
- /data/data/####/zqwebview.db-journal
- /data/media/####/.dk
- /data/media/####/.lock
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- libjiagu
- neh
- AES-ECB-PKCS7Padding