Technical information
- Adware.Kyview.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) app.n####.vdon####.cn:80
- TCP(HTTP/1.1) o####.i####.com:80
- TCP(HTTP/1.1) api.5####.cn:80
- TCP(HTTP/1.1) si####.us####.cdnetw####.net:80
- TCP(HTTP/1.1) nm.a####.com:80
- TCP(HTTP/1.1) i####.i####.ali####.com:80
- TCP(HTTP/1.1) t####.qq.com:8080
- TCP(HTTP/1.1) q.q####.cn:80
- TCP(HTTP/1.1) t####.qq.com:443
- TCP(TLS/1.0) co####.ad####.cn:443
- TCP t####.qq.com:8080
- TCP t####.qq.com:443
- api.5####.cn
- app.n####.vdon####.cn
- cdn.i####.com
- co####.ad####.cn
- i####.i####.ali####.com
- i####.love####.cn
- o####.i####.com
- pi####.qq.com
- q.q####.cn
- t####.qq.com
- t####.sin####.cn
- t####.sin####.cn
- tp1.sin####.cn
- tp2.sin####.cn
- tp3.sin####.cn
- ww1.sin####.cn
- ww2.sin####.cn
- wx2.sin####.cn
- wx3.sin####.cn
- api.5####.cn/v1/banner/getlist/99
- api.5####.cn/v1/comment/getlist/1?cid=####
- api.5####.cn/v1/comment/getlist/1?cid=####&baseId=####
- api.5####.cn/v1/event/info/
- api.5####.cn/v1/said/getlist/?order=####
- app.n####.vdon####.cn/v1/ad/list_info/1?size=####
- app.n####.vdon####.cn/v1/param/list_info/1?size=####
- app.n####.vdon####.cn/v1/update/check/1?ver=####
- i####.i####.ali####.com/2016/9/11/1UaX6KcGRsVI9PMwHpI.jpeg
- i####.i####.ali####.com/2017/1/28/19dqJW6ZXcFiVwRAyo4.jpeg
- i####.i####.ali####.com/2017/1/28/OZxmP9do8HLGUwhwv9N.jpeg
- i####.i####.ali####.com/2017/4/20/tfG7E3EVkPFo38sqx6m.jpeg
- i####.i####.ali####.com/2017/6/24/rb9HS0rjTcpzCoiTiez.jpeg
- i####.i####.ali####.com/2017/7/14/1x1Htj1cmtERcjEirlw.jpeg
- i####.i####.ali####.com/2017/9/16/2FpxrB49YjCDe5alj5x.jpeg
- i####.i####.ali####.com/2017/9/7/TaDWBKwY8gx1ua30hwp.jpeg
- i####.i####.ali####.com/2018/1/29/REqtyzxJSFM0OUDleQK.jpeg
- i####.i####.ali####.com/avatar/70.jpg
- i####.i####.ali####.com/icon/52/71/pic1461419065024_11
- nm.a####.com/news/word/20180315.jpg
- o####.i####.com/dsapi
- o####.i####.com/dsapi/
- q.q####.cn/qqapp/1105132787/15A2486EB25D9D65EEA018EE6521ED16/100
- q.q####.cn/qqapp/1105132787/7F6C5CBAF196A12DC04CC21F923C4BA6/100
- q.q####.cn/qqapp/1105132787/8802D08CA09A29505EF5E618D4BE2BF7/100
- q.q####.cn/qqapp/1105132787/D429E56ADBF3676F9C38325C855FE8A3/100
- q.q####.cn/qqapp/1105132787/EDBC04EBF1CB0BA7D07EEB3E86625B40/100
- si####.us####.cdnetw####.net/2291243572/50/5626276716/0
- si####.us####.cdnetw####.net/2322613250/50/5626618266/0
- si####.us####.cdnetw####.net/2469314977/50/5646791818/0
- si####.us####.cdnetw####.net/3091377960/50/5690884659/0
- si####.us####.cdnetw####.net/bmiddle/8a704402ly1fgw864969zj20j60itq5q.jpg
- si####.us####.cdnetw####.net/bmiddle/932ec1a1gw1f89nmd0ssuj20dc0dcjs6.jpg
- si####.us####.cdnetw####.net/bmiddle/932ec1a1gy1fnaevynxa8j20jg0jg76x.jpg
- si####.us####.cdnetw####.net/bmiddle/9cf33a33ly1feool3iqwxj20ip0ip0wv.jpg
- si####.us####.cdnetw####.net/bmiddle/9cf33a33ly1ficnp0ejdvj20c80emdgq.jpg
- si####.us####.cdnetw####.net/crop.0.0.180.180.50/88919a34jw1e8qgp5bmzyj2...
- si####.us####.cdnetw####.net/crop.0.0.180.180.50/8a704402jw1e8qgp5bmzyj2...
- si####.us####.cdnetw####.net/crop.0.0.180.180.50/932ec1a1jw1e8qgp5bmzyj2...
- si####.us####.cdnetw####.net/crop.0.0.180.180.50/b842af28jw1e8qgp5bmzyj2...
- si####.us####.cdnetw####.net/crop.42.69.100.100.1024/9cf33a33jw8es7q0ijj...
- si####.us####.cdnetw####.net/large/006dJFrqjw1f7owm6fy0uj30k007adh5.jpg
- si####.us####.cdnetw####.net/large/006dJFrqjw1f7oz1xcsapj30xa0a6gnt.jpg
- si####.us####.cdnetw####.net/large/006vDpGRgw1f9n486zsfej30dl05sgmh.jpg
- si####.us####.cdnetw####.net/mw690/c32542c0jw1f2n1uu1ldwj20dl05sq36.jpg
- si####.us####.cdnetw####.net/mw690/c32542c0jw1f30d0y0b9dj20dl05smx9.jpg
- t####.qq.com:443/203.205.151.233:443/
- t####.qq.com:8080/203.205.151.233:8080/
- /data/data/####/.tpns.xml.xml
- /data/data/####/1223992354
- /data/data/####/1764662722
- /data/data/####/58is.v1.dat-journal
- /data/data/####/appdata.dat-journal
- /data/data/####/cachea.xml
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/com.menghui.lovesaid_preferences.xml
- /data/data/####/device_id.xml
- /data/data/####/eric.db
- /data/data/####/eric.db-journal
- /data/data/####/libjiagu.so
- /data/data/####/mobclick_agent_cached_com.menghui.lovesaid201611010
- /data/data/####/tpush.shareprefs.xml
- /data/data/####/umeng_general_config.xml
- /data/media/####/-1205946061.tmp
- /data/media/####/-1396584614.tmp
- /data/media/####/-1585854172.tmp
- /data/media/####/-1706052987.tmp
- /data/media/####/-1917956953.tmp
- /data/media/####/-1949987954.tmp
- /data/media/####/-2110247848.tmp
- /data/media/####/-217012186.tmp
- /data/media/####/-374329073.tmp
- /data/media/####/-447170444.tmp
- /data/media/####/-447388578.tmp
- /data/media/####/-551524476.tmp
- /data/media/####/-718385033.tmp
- /data/media/####/-727806244.tmp
- /data/media/####/-770949571.tmp
- /data/media/####/-81661070.tmp
- /data/media/####/-817528301.tmp
- /data/media/####/-821681516.tmp
- /data/media/####/.mid.txt
- /data/media/####/.nomedia
- /data/media/####/1033180701.tmp
- /data/media/####/1081802789.tmp
- /data/media/####/1447654322.tmp
- /data/media/####/1457689603.tmp
- /data/media/####/155662773.tmp
- /data/media/####/1696355730.tmp
- /data/media/####/2061901950.tmp
- /data/media/####/2078542976.tmp
- /data/media/####/288037269.tmp
- /data/media/####/433960265.tmp
- /data/media/####/458965425.tmp
- /data/media/####/523793880.tmp
- /data/media/####/621462542.tmp
- /data/media/####/89482297.tmp
- /data/media/####/f3a3c7bf6296488ac96bd1fa4be9f4.jpg
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- sh <Package Folder>/lib/libxguardian.so <Package>,2100188555; 55666 203.205.128.130 [{ idx :0, ts :%d, et :2000, si :0, ui : <IMEI> , ky : Axg%lu , mid : 0 , ev :{ ov : 18 , sr : 600*752 , md : <System Property> , lg : en , sv : 2.46 , mf : unknown , apn : %s }}] 0 18
- sh <Package Folder>/lib/libxguardian.so <Package>,2100188555;<Package>,2100188555; 55666 203.205.128.130 [{ idx :0, ts :%d, et :2000, si :0, ui : <IMEI> , ky : Axg%lu , mid : 29931aee4f65b0b9ba231e7fe38eba79ae1bae13 , ev :{ ov : 18 , sr : 600*752 , md : <System Property> , lg : en , sv : 2.46 , mf : unknown , apn : %s }}] 0 18
- libjiagu
- tpnsSecurity
- AES-CFB8-NoPadding
- RSA-ECB-PKCS1PADDING
- AES-CFB8-NoPadding