Technical information
- Adware.Panda.2.origin
- Adware.Panda.3.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) i####.dl.l####.net:80
- TCP(HTTP/1.1) s.a####.com:80
- TCP(HTTP/1.1) ser####.e####.a####.com:80
- TCP(HTTP/1.1) a.appj####.com:80
- TCP(HTTP/1.1) thi####.q####.cn:80
- TCP(TLS/1.0) ser####.e####.a####.com:443
- TCP(TLS/1.0) 1####.217.17.78:443
- a.appj####.com
- au.u####.co
- au.u####.com
- fb.u####.com
- i####.dl.l####.net
- s.a####.com
- ser####.e####.a####.com
- ser####.kv.dandanj####.tv
- thi####.q####.cn
- thi####.q####.cn
- wx.q####.cn
- i####.dl.l####.net/emoji/dandan/58f31e7a9a1aa3254d6003bf?imageVi####
- i####.dl.l####.net/emoji/dandan/5ada8ec59a1aa35bec282d23?imageVi####
- i####.dl.l####.net/emoji/dandan/5ba39d629a1aa334698e405c
- i####.dl.l####.net/emoji/dandan/5ba39f729a1aa334698e409f
- i####.dl.l####.net/emoji/dandan/5bc354aa2549593aaf9e40bb?imageVi####
- i####.dl.l####.net/emoji/egg/570e0b2a69401b3b75669b8a?imageVi####
- i####.dl.l####.net/emoji/egg/5901c7a425495975d9b23801?imageVi####
- i####.dl.l####.net/emoji/egg/592952a125495903229b5c24?imageVi####
- i####.dl.l####.net/emoji/egg/5993eed22549590e5dac0eca?imageVi####
- i####.dl.l####.net/emoji/egg/59cc77022549590e1f30a7f4
- i####.dl.l####.net/emoji/egg/59cc77022549590e1f30a7f4?imageVi####
- i####.dl.l####.net/emoji/egg/5a5efdce2549590e2f25bb98
- i####.dl.l####.net/emoji/egg/5a5efdce2549590e2f25bb98?imageVi####
- i####.dl.l####.net/emoji/egg/5ad723232549596a4eca60b2
- i####.dl.l####.net/emoji/egg/5ad723232549596a4eca60b2?imageVi####
- i####.dl.l####.net/emoji/egg/5ad7238625495969b1bb1bfe
- i####.dl.l####.net/emoji/egg/5ad7239f25495969ccdc9988
- i####.dl.l####.net/emoji/egg/5b8904f125495943d5a86d5e?imageVi####
- i####.dl.l####.net/emoji/egg/5b91f15725495943e4ec7834?imageVi####
- i####.dl.l####.net/emoji/egg/5b91f4fa25495943d5a86da3
- i####.dl.l####.net/emoji/egg/5b91f4fa25495943d5a86da3?imageVi####
- i####.dl.l####.net/emoji/egg/5bb079cb25495943f4cdff22?imageVi####
- i####.dl.l####.net/emoji/egg/5bb079d025495942a0bed63d?imageVi####
- i####.dl.l####.net/emoji/egg/5bb079dc254959438f1c8326?imageVi####
- i####.dl.l####.net/emoji/egg/5bb079de254959439fc3206d?imageVi####
- i####.dl.l####.net/emoji/egg/5bf681682549591e1508d38e?imageVi####
- i####.dl.l####.net/emoji/egg/5bf681682549591e243c9ef0?imageVi####
- i####.dl.l####.net/emoji/egg/5bf681682549591e33d1730c
- i####.dl.l####.net/emoji/egg/5bf681682549591e33d1730c?imageVi####
- i####.dl.l####.net/emoji/egg/5bf681692549591de884a977?imageVi####
- i####.dl.l####.net/emoji/egg/5bf681692549591e33d1730d?imageVi####
- i####.dl.l####.net/emoji/egg/5c1b56632549591e33d17783?imageVi####
- i####.dl.l####.net/emoji/egg/5c7e58552549594d544359f3?imageVi####
- i####.dl.l####.net/emoji/egg/5c9359832549594d3385af75?imageVi####
- i####.dl.l####.net/emoji/egg/5c9a09f02549594d74acc24b?imageVi####
- i####.dl.l####.net/emoji/egg/5c9cabc42549594ceeb62980?imageVi####
- i####.dl.l####.net/emoji/egg/5c9df2d82549594cdf3d5dc2?imageVi####
- i####.dl.l####.net/emoji/wxcha/56fcb53b0a57629d13e6a5f6?imageVi####
- s.a####.com/emojifair/image/default_avatar.png
- ser####.e####.a####.com/online/params?package_name=####
- thi####.q####.cn/g?b=####&k=####&s=####
- thi####.q####.cn/mmopen/ajNVdqHZLLAVhibyou1poRXC8Tpefald2Rhm30oX0ictwuwT...
- thi####.q####.cn/mmopen/vi_32/7aNoibCt4XGce326bV6sXAjUJXmHBEc258WM99abpU...
- thi####.q####.cn/mmopen/vi_32/DYAIOgq83eoASLDv5OiadqQyaj1ibyZ7ZzpicJfwic...
- thi####.q####.cn/mmopen/vi_32/DYAIOgq83epOQ7gWDjWMTsrRqS6MibvjHaV4b7UOib...
- thi####.q####.cn/mmopen/vi_32/M2eBK39vUtNYsVjapylGLZsvF8b9N8Zlibx6yTWBKS...
- thi####.q####.cn/mmopen/vi_32/Q0j4TwGTfTJt4r0EthYibBIaFbUNNoqgxKmUP7uKmn...
- thi####.q####.cn/mmopen/vi_32/uuPwVqpGibBwx9YJpKSW2XAxUNOG9Vg4fWel8ECR0t...
- a.appj####.com/ad-service/ad/mark
- /data/data/####/.jg.ic
- /data/data/####/.log.lock
- /data/data/####/.log.ls
- /data/data/####/0KaAarYoLIQoXqBCixvqVFUzqUo.226279888.tmp
- /data/data/####/27phJn--7-lGfcmbNmL78hSzYp0.-828373157.tmp
- /data/data/####/3SEvC2HTC_7dwGIpXBhMGn4hVVU.312383007.tmp
- /data/data/####/3uDREmWO8TIZrRkpEWpvI59H8bs.1471825565.tmp
- /data/data/####/5hnHzZFwqY3-uSId0iS4cX3KUYU.35658186.tmp
- /data/data/####/6B75r5iqa3Qi_7zBaROfq9ljIAI.687101887.tmp
- /data/data/####/7YeznLxxT1ZbRMXqda89-iv-ysc.-1276161407.tmp
- /data/data/####/7pbaZpm95ZivFYiGqi-djRnLXjM.-1636748738.tmp
- /data/data/####/9RGyMJfC8pkC5ZsXvquUaHQAYMA.-107418850.tmp
- /data/data/####/9pHfsvyw_xQ4DeHtwGLaZUJ8vlQ.793211042.tmp
- /data/data/####/Alvin2.xml
- /data/data/####/AppStore.xml
- /data/data/####/B_-MHQCfUOsiAVUQRMn5HE8SlaI.160561975.tmp
- /data/data/####/CD8G6rlblUTC9fqT5h0GdN3g5n8.871525161.tmp
- /data/data/####/ContextData.xml
- /data/data/####/Dlj8lgwz8LRxIbyI5kHzoPY-m8o.-1601619520.tmp
- /data/data/####/EuJ66Olwwrs12aX2mef8qTfS760.1753356179.tmp
- /data/data/####/FzuzLkGnXtP2oNOQTzkymRb5Zcw.321343822.tmp
- /data/data/####/ID7XPhUqr-5lyjLgib4HmmHKtIg.1545361274.tmp
- /data/data/####/J7E4gurykZ_scDTMdrykpeeTXEM.-1305820370.tmp
- /data/data/####/JTVwJXas8thp4bnIQ7uoBsmFS4E.-480616169.tmp
- /data/data/####/KD7EhfWOYZ0ySCjgmoDIGBJERng.114709672.tmp
- /data/data/####/LeKlljP3KmrnTdEQDtPEzgDjn8A.1901322038.tmp
- /data/data/####/MLHONktcLuHwaVh9SgGLXvLsPQ0.344561076.tmp
- /data/data/####/N5aWnr4oIBd2kewVvsTn9y-Qu8U.90371947.tmp
- /data/data/####/O-pNdzs4d1F9hMH9Jz2lyS0SFnI.1254286178.tmp
- /data/data/####/RAXL1JRtbBhwdChhHwuLM9H20m8.-1469213542.tmp
- /data/data/####/UmengLocalNotificationStore.db-journal
- /data/data/####/VEiVYB4sovk8kelTg4UN0e82aOA.-1019861920.tmp
- /data/data/####/XqIC3vHzVQKcbnDz1x7NnujjmfE.-2101690845.tmp
- /data/data/####/Zd-VsCktDzOf9V2zAcE3SiI-9-I.-361981552.tmp
- /data/data/####/_FLqDHyS_gRG6CE78Idwj4gp8xg.-1486238233.tmp
- /data/data/####/_aC3orklSSXj79NjATU3gciiduU.-1231108705.tmp
- /data/data/####/_iA1e84VNO9PHRmYWRFK6Q2n_AM.-620296548.tmp
- /data/data/####/_quc2xMhhDbce14fT17dz2kUKZ8.-1807729131.tmp
- /data/data/####/_s_5dOLuN9L4OWpi0IGt8F2WMzQ.1765688833.tmp
- /data/data/####/cFq1D-Dvu47TySxftwjzoodGgx4.-1982301883.tmp
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/cso82aCyQSTLuJlMufFGDExj4xM.254259793.tmp
- /data/data/####/eWFr5GUMGL2MVbo9SqbeLnqjBZQ.112583085.tmp
- /data/data/####/ewzwTvQwdMMeIMZxcdiigkhxPOU.-562340650.tmp
- /data/data/####/fvunpF7LEqLlf1RmAkndIBJMYvg.-270738976.tmp
- /data/data/####/jA5P2qN7QA68_BOeHnzf0WbuDyU.-1492588345.tmp
- /data/data/####/jg_app_update_settings_random.xml
- /data/data/####/k5c6mQ-atibmwRUPDyzXHk79Jsk.-416038003.tmp
- /data/data/####/key_user_login
- /data/data/####/libjiagu.so
- /data/data/####/mobclick_agent_cached_com.emojifair.emojific5
- /data/data/####/nOCgBcJpys9IMVeGtd10isBJWJI.-289977358.tmp
- /data/data/####/o3J3eJUYS4XQU8K-vSkIt9vtObw.-1333393635.tmp
- /data/data/####/oU1ZOlpqj8VwOFtJBIF8fXa_fgE.-1671751321.tmp
- /data/data/####/online_params_pre.xml
- /data/data/####/plugin.apk
- /data/data/####/pref_sharedpreferences.xml
- /data/data/####/qFRx4VXIuSiZniXsoZH5X1dS1No.-2146399528.tmp
- /data/data/####/t3o99U-eEkCYNTEnSqQ8jKAOsrk.971285425.tmp
- /data/data/####/umeng_feedback_conversations.xml
- /data/data/####/umeng_feedback_user_info.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_message_state.xml
- /data/data/####/uzyP4cseuWPOz6ODdnpe7Lin3PU.1269085564.tmp
- /data/data/####/w7avjkgLmaTpmvWXqBdrD5glh8o.-839072990.tmp
- /data/data/####/wBaKGT5g28dCyRiLl_F3zmo6onk.2047528696.tmp
- /data/data/####/webview.db-journal
- /data/data/####/x4wu0QAAsyPvUEWAWg1D4_OMAzc.1560276293.tmp
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/cover_share
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- bspatch
- gifimage
- imagepipeline
- libjiagu
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS5Padding