Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) q####.c####.l####.####.com:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) sdk-ope####.g####.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) w####.yy.com:80
- TCP(HTTP/1.1) cdn.h####.com:80
- TCP(HTTP/1.1) web.yyst####.com:80
- TCP(HTTP/1.1) y####.h####.com:80
- TCP(HTTP/1.1) cdn-sdk####.g####.com.####.com:80
- TCP(HTTP/1.1) h####.huax####.com:80
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(HTTP/1.1) res.wx.qq.####.com:80
- TCP(TLS/1.0) hm.b####.com:443
- TCP sdk.o####.t####.####.com:5224
- TCP cm-1####.ig####.com:5225
- 7j####.c####.z0.####.com
- a####.u####.com
- c-h####.g####.com
- cdn-sdk####.g####.com
- cdn.h####.com
- cm-1####.ig####.com
- cm-1####.ig####.com
- cm-1####.ig####.com
- h####.huax####.com
- hm.b####.com
- pub-####.qin####.com
- r####.wx.qq.com
- sdk-ope####.g####.com
- sdk.c####.ig####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- w####.yy.com
- w####.yy.com
- w####.yy.com
- web.yyst####.com
- y####.h####.com
- cdn-sdk####.g####.com.####.com/tdata_Tno889
- cdn.h####.com/sdk/websdk.js
- h####.huax####.com/Forum/Product/Ad/List.aspx
- h####.huax####.com/Forum/Product/ProductClass.aspx
- h####.huax####.com/Product/Ad/List.aspx?ClassId=####&pageindex=####&page...
- h####.huax####.com/Show/Announcer/Detail.aspx?UN=####&AnnouncerId=####
- h####.huax####.com/Show/Announcer/List.aspx?IsRecommend=####&pageindex=#...
- h####.huax####.com/Upload/Ad/Image/20170810/20170810085407308001.jpg
- h####.huax####.com/Upload/Ad/Image/20180604/20180604164244642841.png
- h####.huax####.com/Upload/AnnouncerAlbum/Audio/20170728/2017072810324965...
- h####.huax####.com/Upload/AnnouncerAlbum/Image/20170728/2017072810304957...
- h####.huax####.com/Upload/AnnouncerAlbum/Image/Small/20170728/2017072810...
- h####.huax####.com/Upload/AnnouncerAlbum/Image/Small/20170731/2017073116...
- h####.huax####.com/Upload/AnnouncerAlbum/Image/Thumb/20170728/2017072810...
- h####.huax####.com/Upload/User/Image/20160714/20160714151407467431.jpg
- h####.huax####.com/Upload/User/Image/20170725/20170725104118333431.jpg
- h####.huax####.com/Upload/User/Image/20170727/20170727110916517151.png
- h####.huax####.com/Upload/User/Image/20170727/20170727112222829261.jpg
- h####.huax####.com/Upload/User/Image/20170727/20170727114528540331.png
- h####.huax####.com/Upload/User/Image/20171116/20171116115157550211.jpg
- h####.huax####.com/Upload/User/Image/DouYuBgCover/20170808/2017080810420...
- h####.huax####.com/Upload/User/Image/ShowBgCoverURL/20170731/20170731160...
- h####.huax####.com/User/VersionCheck.aspx?UN=####
- h####.huax####.com/show/Audio/List.aspx?announcerId=####&pageindex=####&...
- h####.huax####.com/video/class/list.aspx
- q####.c####.l####.####.com/config/hz-hzv6.conf
- q####.c####.l####.####.com/tdata_EDT369
- q####.c####.l####.####.com/tdata_Soq141
- q####.c####.l####.####.com/tdata_eTB810
- q####.c####.l####.####.com/tdata_ris804
- res.wx.qq.####.com/open/js/jweixin-1.0.0.js
- sdk.o####.p####.####.com/api/addr.htm
- w####.yy.com/js/yy-f2e-rp-pfm.min.js
- w####.yy.com/mobileweb/x/15012_1668239062_97358802_1502
- w####.yy.com/x/15012_1668239062_97358802_1502
- web.yyst####.com/project/yycom_h5_live/mobile/css/live-81d1b7f2ad.css
- web.yyst####.com/project/yycom_h5_live/mobile/images/logo-9ab6bfedb1.png
- web.yyst####.com/project/yycom_h5_live/mobile/images/yy-44d718ffd4.png
- web.yyst####.com/project/yycom_h5_live/mobile/js/live-45e5cef8e9.js
- web.yyst####.com/project/yycom_h5_live/mobile/js/vendors-c19ceca37d.js
- web.yyst####.com/project/yycom_h5_live/mobile/js/vendors-shim-85d1460c5d...
- web.yyst####.com/public/global/base/js/security.min.js?temp=####&pageTyp...
- y####.h####.com/j.gif?act=####&sdkver=####&prodid=####&eventid=####&ui=#...
- a####.u####.com/app_logs
- c-h####.g####.com/api.php?format=####&t=####
- h####.huax####.com/User/ListenRecord/Add.aspx?Id=####&ListenProgress=###...
- sdk-ope####.g####.com/api.php?format=####&t=####
- sdk-ope####.g####.com/api.php?format=####&t=####&d=####&k=####
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/2W9o2RXYFVTng3vFw3ingyj8COk.-614157894.tmp
- /data/data/####/ChatReader.db-journal
- /data/data/####/ClYpjZgbiOAFO8bOKwjUXDJsbgk.-1192448393.tmp
- /data/data/####/HpLWYjeaa9-EI1Tph_EcaxyNB1M.-53382497.tmp
- /data/data/####/JZL-kQVihbAE2p1vbOj-DdLp9rc.2001832848.tmp
- /data/data/####/LAxZkRXKGCsEpLJTMQZpTLY_0dY.1612749575.tmp
- /data/data/####/SVuDYWXc-WMEQQleG4wsfD6y7aY.2021778912.tmp
- /data/data/####/U3m30YcDc5iD3dOmRDEn4h8h-c0.-1984007833.tmp
- /data/data/####/WeLu_WNgyR3FQTA_0ZTThbjn36g.956769313.tmp
- /data/data/####/ZLg8TYYAMYx9OXveEE6-GLU5HKE.-1304781499.tmp
- /data/data/####/bLmFkWFAiJCaEE4c5LKUS0Wqm7g.-1482182907.tmp
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/ea34d1c7b3f8
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/getui_sp.xml
- /data/data/####/gx_sp.xml
- /data/data/####/index
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/libjiagu.so
- /data/data/####/mDL2TGSklVuX6kl7a9W7xXGD5kA.768812515.tmp
- /data/data/####/multidex.version.xml
- /data/data/####/nkqNVULJ7rbtUQ1k2kp12EA6Mgw.-1488176450.tmp
- /data/data/####/oap51vs8euJ9BvaYd7z4uGZ8By0.2115297128.tmp
- /data/data/####/pfj5gPiJooBbn7vQGaIOUk6bcz8.-5424123.tmp
- /data/data/####/push.pid
- /data/data/####/pushg.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/q-DxnR1y1M2pgL53MzbPFnBp0Kc.-763885880.tmp
- /data/data/####/run.pid
- /data/data/####/system_setting_name.xml
- /data/data/####/tdata_Tno889
- /data/data/####/tdata_Tno889.jar
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/y6jKOcZJuSn7Of96or9qykU3wYY.1109254120.tmp
- /data/media/####/app.db
- /data/media/####/com.hzpz.ninebirdsfm.android.bin
- /data/media/####/com.hzpz.ninebirdsfm.android.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/tdata_Tno889
- /system/bin/cat /proc/cpuinfo
- cat /sys/class/net/wlan0/address
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- mount
- sh
- getuiext2
- imagepipeline
- libjiagu
- AES-CBC-PKCS7Padding
- AES-CFB-NoPadding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding