Technical information
- Adware.Panda.5.origin
- Adware.Panda.5.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) www.md####.cn:80
- TCP(HTTP/1.1) cdn.zs####.cn:8080
- TCP(SSL/3.0) microb####.zen####.com:443
- TCP(TLS/1.0) microb####.zen####.com:443
- TCP(TLS/1.0) feed####.photo####.net:443
- TCP(TLS/1.0) sett####.crashly####.com:443
- TCP(TLS/1.0) ssl.google-####.com:443
- cdn.zs####.cn
- feed####.photo####.net
- microb####.zen####.com
- sett####.crashly####.com
- ssl.google-####.com
- www.md####.cn
- cdn.zs####.cn:8080/resource/gis/45
- www.md####.cn/pservers/loadgis?token=####
- /data/data/####/.jg.ic
- /data/data/####/5BE321E9015D-0001-08ED-A039D270DC48.cls_temp
- /data/data/####/5BE321E9015D-0001-08ED-A039D270DC48BeginSession.cls_temp
- /data/data/####/5BE321E9015D-0001-08ED-A039D270DC48SessionApp.cls_temp
- /data/data/####/5BE321E9015D-0001-08ED-A039D270DC48SessionCrash.cls_temp
- /data/data/####/5BE321E9015D-0001-08ED-A039D270DC48SessionDevice.cls_temp
- /data/data/####/5BE321E9015D-0001-08ED-A039D270DC48SessionOS.cls_temp
- /data/data/####/5BE321E9015D-0001-08ED-A039D270DC48SessionUser.cls_temp
- /data/data/####/5BE321E9015D-0001-08ED-A039D270DC48user.meta
- /data/data/####/5BE321F902FC-0002-08ED-A039D270DC48BeginSession.cls_temp
- /data/data/####/5BE321F902FC-0002-08ED-A039D270DC48SessionApp.cls_temp
- /data/data/####/5BE321F902FC-0002-08ED-A039D270DC48SessionDevice.cls_temp
- /data/data/####/5BE321F902FC-0002-08ED-A039D270DC48SessionOS.cls_temp
- /data/data/####/5BE321FA02F0-0001-09C5-A039D270DC48.cls_temp
- /data/data/####/5BE321FA02F0-0001-09C5-A039D270DC48BeginSession.cls_temp
- /data/data/####/5BE321FA02F0-0001-09C5-A039D270DC48SessionApp.cls_temp
- /data/data/####/5BE321FA02F0-0001-09C5-A039D270DC48SessionCrash.cls_temp
- /data/data/####/5BE321FA02F0-0001-09C5-A039D270DC48SessionDevice.cls_temp
- /data/data/####/5BE321FA02F0-0001-09C5-A039D270DC48SessionOS.cls_temp
- /data/data/####/5BE321FA02F0-0001-09C5-A039D270DC48SessionUser.cls_temp
- /data/data/####/5BE321FA02F0-0001-09C5-A039D270DC48user.meta
- /data/data/####/5BE321FB03E0-0002-09C5-A039D270DC48BeginSession.cls_temp
- /data/data/####/5BE321FB03E0-0002-09C5-A039D270DC48SessionApp.cls_temp
- /data/data/####/5BE321FB03E0-0002-09C5-A039D270DC48SessionDevice.cls_temp
- /data/data/####/5BE321FB03E0-0002-09C5-A039D270DC48SessionOS.cls_temp
- /data/data/####/5BE321FC01A9-0001-09E2-A039D270DC48.cls_temp
- /data/data/####/5BE321FC01A9-0001-09E2-A039D270DC48BeginSession.cls_temp
- /data/data/####/5BE321FC01A9-0001-09E2-A039D270DC48SessionApp.cls_temp
- /data/data/####/5BE321FC01A9-0001-09E2-A039D270DC48SessionCrash.cls_temp
- /data/data/####/5BE321FC01A9-0001-09E2-A039D270DC48SessionDevice.cls_temp
- /data/data/####/5BE321FC01A9-0001-09E2-A039D270DC48SessionOS.cls_temp
- /data/data/####/5BE321FC01A9-0001-09E2-A039D270DC48SessionUser.cls_temp
- /data/data/####/5BE321FC01A9-0001-09E2-A039D270DC48user.meta
- /data/data/####/5BE321FD0253-0002-09E2-A039D270DC48BeginSession.cls_temp
- /data/data/####/5BE321FD0253-0002-09E2-A039D270DC48SessionApp.cls_temp
- /data/data/####/5BE321FD0253-0002-09E2-A039D270DC48SessionDevice.cls_temp
- /data/data/####/5BE321FD0253-0002-09E2-A039D270DC48SessionOS.cls_temp
- /data/data/####/5BE321FF014E-0001-0A09-A039D270DC48BeginSession.cls_temp
- /data/data/####/5BE321FF014E-0001-0A09-A039D270DC48SessionApp.cls_temp
- /data/data/####/5BE321FF014E-0001-0A09-A039D270DC48SessionDevice.cls_temp
- /data/data/####/5BE321FF014E-0001-0A09-A039D270DC48SessionOS.cls_temp
- /data/data/####/5BE321FF014E-0001-0A09-A039D270DC48user.meta
- /data/data/####/PhotoMathPrefs.xml
- /data/data/####/TwitterAdvertisingInfoPreferences.xml
- /data/data/####/com.crashlytics.prefs.xml
- /data/data/####/com.crashlytics.sdk.android;answers;settings.xml
- /data/data/####/com.crashlytics.settings.json
- /data/data/####/com.dsbadnkj.aubjh.zip
- /data/data/####/com.google.android.gms.analytics.prefs.xml
- /data/data/####/com.google.android.gms.analytics.prefs.xml.bak
- /data/data/####/crash_marker
- /data/data/####/crashlytics-userlog-5BE321E9015D-0001-08ED-A039...8.temp
- /data/data/####/crashlytics-userlog-5BE321E9015D-0001-08ED-A039...mp.tmp
- /data/data/####/crashlytics-userlog-5BE321FA02F0-0001-09C5-A039...8.temp
- /data/data/####/crashlytics-userlog-5BE321FA02F0-0001-09C5-A039...mp.tmp
- /data/data/####/crashlytics-userlog-5BE321FC01A9-0001-09E2-A039...8.temp
- /data/data/####/crashlytics-userlog-5BE321FC01A9-0001-09E2-A039...mp.tmp
- /data/data/####/crashlytics-userlog-5BE321FF014E-0001-0A09-A039...mp.tmp
- /data/data/####/fIN.zip
- /data/data/####/feedback.xml
- /data/data/####/gaClientId
- /data/data/####/google_analytics_v4.db-journal
- /data/data/####/initialization_marker
- /data/data/####/io.fabric.sdk.android;fabric;b.a.a.a.m.xml
- /data/data/####/libjiagu256036800.so
- /data/data/####/qihoo_jiagu_crash_report.xml
- /data/data/####/sa_04ee4e79-9e84-4526-a855-2d2428abaaac_1541612011329.tap
- /data/data/####/session_analytics.tap
- /data/data/####/session_analytics.tap.tmp
- /system/bin/cat /proc/cpuinfo
- chmod 755 <Package Folder>/.jiagu/libjiagu256036800.so
- Photomath
- crashlytics
- libjiagu256036800
- AES
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding