Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- UDP(DNS) 8####.8.4.4:53
- TCP(HTTP/1.1) 64.2####.162.94:80
- TCP(TLS/1.0) rr9---s####.g####.com:443
- TCP(TLS/1.0) and####.google####.com:443
- TCP(TLS/1.0) rr18---####.g####.com:443
- TCP(TLS/1.0) fp.fraudme####.cn:443
- TCP(TLS/1.0) 74.1####.205.113:443
- TCP(TLS/1.0) 64.2####.162.94:443
- TCP(TLS/1.2) 64.2####.162.147:443
- TCP(TLS/1.2) and####.google####.com:443
- TCP(TLS/1.2) 1####.250.150.139:443
- UDP and####.google####.com:443
- TCP api.wenyuan####.com.cn:443
- UDP rr2---s####.g####.com:443
- and####.google####.com
- api.wenyuan####.com.cn
- fp.fraudme####.cn
- gmscomp####.google####.com
- m####.go####.com
- md####.google####.com
- p####.google####.com
- rr18---####.g####.com
- rr2---s####.g####.com
- rr9---s####.g####.com
- fp.fraudme####.cn:443/android3_5/profile.json?partner=####&version=####&...
- /data/data/####/.fsgkea
- /data/data/####/.jg.ac
- /data/data/####/.jg.ri
- /data/data/####/.jg.store.report_cf
- /data/data/####/.jg.store.report_pid
- /data/data/####/.td-3
- /data/data/####/classes.dex
- /data/data/####/classes.dex;classes2.dex
- /data/data/####/classes.dex;classes3.dex
- /data/data/####/classes.dex;classes4.dex
- /data/data/####/classes.dex;classes5.dex
- /data/data/####/classes.oat
- /data/data/####/com.wy.ttacg_preferences.xml
- /data/data/####/fm_shared.xml
- /data/data/####/libjiagu.so
- /data/data/####/proc_auxv
- /data/media/####/.td-3
- /data/misc/####/primary.prof
- df
- grep /sbin/.magisk
- grep com.android.commands.monkey
- grep magisk
- id
- ls /sbin
- mount
- ps
- sh -c df | grep /sbin/.magisk
- sh -c mount | grep /sbin/.magisk
- sh -c ls /sbin | grep magisk
- sh -c ps | grep magisk
- sh -c ps|grep com.android.commands.monkey
- libjiagu
- libtongdun
- AES-ECB-PKCS5Padding
- RSA-ECB-PKCS1Padding
- AES-ECB-PKCS5Padding