Technical information
- Adware.Plague.1.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) sh.wagbr####.aliyun####.com:80
- TCP(HTTP/1.1) 42.1####.252.29:80
- TCP(HTTP/1.1) pic####.fe####.tv:80
- TCP(HTTP/1.1) mobads-####.b####.com:80
- TCP(HTTP/1.1) oc.u####.com:80
- TCP(HTTP/1.1) 42.1####.60.125:80
- TCP(HTTP/1.1) mo####.b####.com:80
- TCP(HTTP/1.1) img.fe####.tv:80
- TCP(HTTP/1.1) 1####.55.105.191:80
- TCP(HTTP/1.1) 1####.62.17.34:80
- TCP(HTTP/1.1) 2####.107.1.1:80
- TCP(TLS/1.0) 2####.107.1.97:443
- a####.man.aliy####.com
- a####.u####.com
- img.fe####.tv
- mo####.b####.com
- mobads-####.b####.com
- oc.u####.co
- oc.u####.com
- p####.dj####.com
- p####.dj####.com
- p####.dj####.com
- pic####.fe####.tv
- img.fe####.tv/3a4apz1q8vypszru/thumbnail/0013.jpg@!small-img
- img.fe####.tv/7ug22g2rxvgh20oc/thumbnail/0014.jpg@!small-img
- img.fe####.tv/88c9w4f0chhbxiv5/thumbnail/0014.jpg@!small-img
- img.fe####.tv/9pesjq0avx9a4ysh/thumbnail/0036.jpg@!small-img
- img.fe####.tv/fx55zz1ekjfbo1md/thumbnail/0022.jpg
- img.fe####.tv/fx55zz1ekjfbo1md/thumbnail/0022.jpg@!small-img
- img.fe####.tv/g4gt2xqc985tknqd/thumbnail/0001.jpg@!small-img
- img.fe####.tv/i9vlqbhjvs51woqx/thumbnail/0033.jpg@!small-img
- img.fe####.tv/lg9mjbobyu2fyc5w/thumbnail/0022.jpg@!small-img
- img.fe####.tv/m5o05duszjxlr2al/thumbnail/0003.jpg@!small-img
- img.fe####.tv/oc44q0dnkwfttvxa/thumbnail/0003.jpg@!small-img
- img.fe####.tv/ot86u97itywb2w5h/thumbnail/0020.jpg@!small-img
- img.fe####.tv/topics/icon/5350fdaae8912573de7d51a6.jpg
- img.fe####.tv/ttmq9jhh3czoo1uw/thumbnail/0012.jpg@!small-img
- img.fe####.tv/ttwth5omnqmxxnoz/thumbnail/0001.jpg@!small-img
- img.fe####.tv/xqpwfpvpnwd1mhmm/thumbnail/0011.jpg@!small-img
- img.fe####.tv/z5j55pjfjq2jlld2/thumbnail/0065.jpg@!small-img
- mo####.b####.com/ads/pa/8/__pasys_remote_banner.php?bdr=####&os=####&v=#...
- mo####.b####.com/ads/pa/8/__xadsdk__remote__8.8005.jar
- mo####.b####.com/cpro/ui/mads.php?code2=####
- pic####.fe####.tv/is/img/fx55zz1ekjfbo1md?sid=####
- pic####.fe####.tv/is/smallimg/3a4apz1q8vypszru?sid=####
- pic####.fe####.tv/is/smallimg/7ug22g2rxvgh20oc?sid=####
- pic####.fe####.tv/is/smallimg/88c9w4f0chhbxiv5?sid=####
- pic####.fe####.tv/is/smallimg/9pesjq0avx9a4ysh?sid=####
- pic####.fe####.tv/is/smallimg/fx55zz1ekjfbo1md?sid=####
- pic####.fe####.tv/is/smallimg/g4gt2xqc985tknqd?sid=####
- pic####.fe####.tv/is/smallimg/i9vlqbhjvs51woqx?sid=####
- pic####.fe####.tv/is/smallimg/lg9mjbobyu2fyc5w?sid=####
- pic####.fe####.tv/is/smallimg/m5o05duszjxlr2al?sid=####
- pic####.fe####.tv/is/smallimg/oc44q0dnkwfttvxa?sid=####
- pic####.fe####.tv/is/smallimg/ot86u97itywb2w5h?sid=####
- pic####.fe####.tv/is/smallimg/ttmq9jhh3czoo1uw?sid=####
- pic####.fe####.tv/is/smallimg/ttwth5omnqmxxnoz?sid=####
- pic####.fe####.tv/is/smallimg/xqpwfpvpnwd1mhmm?sid=####
- pic####.fe####.tv/is/smallimg/z5j55pjfjq2jlld2?sid=####
- a####.u####.com/app_logs
- mobads-####.b####.com/brwhis.log
- oc.u####.com/check_config_update
- sh.wagbr####.aliyun####.com/man/api?ak=####&s=####
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/.lock
- /data/data/####/Alvin2.xml
- /data/data/####/ContextData.xml
- /data/data/####/__x_adsdk_agent_header__.xml
- /data/data/####/__xadsdk__remote__final__3ded1892-7644-4341-aff...94.jar
- /data/data/####/__xadsdk__remote__final__builtin__.jar
- /data/data/####/__xadsdk__remote__final__downloaded__.jar
- /data/data/####/__xadsdk_downloaded__version__.xml
- /data/data/####/classes.jar
- /data/data/####/com.baidu.mobads.loader.xml
- /data/data/####/dbljkj-journal
- /data/data/####/httpdns_config_cache.xml
- /data/data/####/libarm.so
- /data/data/####/libarm.so (deleted)
- /data/data/####/libjiagu617303463.so
- /data/data/####/qkwo
- /data/data/####/sid_general_adult.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/waqu_prefs.xml
- /data/data/####/waqu_prefs.xml.bak
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromium.db-journal (deleted)
- /data/data/####/webviewCookiesChromiumPrivate.db-journal
- /data/media/####/.nomedia
- /data/media/####/1fpin0s7x9sn376a3hezm4i5g.0.tmp
- /data/media/####/1ibws37c3faon97ill759csgx.0.tmp
- /data/media/####/2ntkfnww7bkym6iunf4sktgph.0.tmp
- /data/media/####/2y235nuxb4pqhg98hynatp52a.0.tmp
- /data/media/####/3g5t6k0i4zq48s6m31l03kh4w.0.tmp
- /data/media/####/3ypz7idr9grwiop7wq893bg9a.0.tmp
- /data/media/####/4eikug6uqmg5grr03vlkb5fkb.0.tmp
- /data/media/####/4nxvzr448k4ueizcrmqd8pczk.0.tmp
- /data/media/####/4obwdiifzhkxioqmlj9t32s56.0.tmp
- /data/media/####/4qiscuyzcvyow08b4lyaxpxv6.0.tmp
- /data/media/####/4urn5her0veq5wzefzvedo8nv.0.tmp
- /data/media/####/58b978rrfsn2qu0jel2xsncz0.0.tmp
- /data/media/####/5v12gvwq6kq82othclo0njs8b.0.tmp
- /data/media/####/6fffhux0u9xt5c9ex09m9rhj2.0.tmp
- /data/media/####/6fuvcacd7cn1ocx1p62krpsz8.0.tmp
- /data/media/####/7fdf12kxnk2wa55s5kbg278qw.0.tmp
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/journal
- /data/media/####/journal.tmp
- /data/media/####/s9uro6wn125z0lnmmazvyzjp.0.tmp
- /data/media/####/sid
- /data/media/####/waqu_temp
- chmod 755 <Package Folder>/.jiagu/libjiagu617303463.so
- libjiagu617303463
- vinit
- AES-CBC-PKCS5Padding
- DES-ECB-PKCS5Padding
- RSA-ECB-PKCS1Padding