Technical information
- Adware.Plague.1.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) pic.gzp####.com:80
- TCP(HTTP/1.1) 1####.138.180.232:80
- TCP(HTTP/1.1) c####.baidust####.com.####.com:80
- TCP(HTTP/1.1) l####.cdn.bc####.####.com:80
- TCP(HTTP/1.1) s####.jom####.com:80
- TCP(HTTP/1.1) cm.pos.b####.com:80
- TCP(HTTP/1.1) ab.pi####.com:80
- TCP(HTTP/1.1) st####.gz####.cn:80
- TCP(HTTP/1.1) st####.su####.com:80
- TCP(HTTP/1.1) image####.b####.com:80
- TCP(HTTP/1.1) pos.b####.com:80
- TCP(HTTP/1.1) js.ru####.com:80
- TCP(HTTP/1.1) si####.jom####.com:80
- TCP(HTTP/1.1) a####.b####.com:80
- TCP(HTTP/1.1) wn.pos.b####.com:80
- TCP(HTTP/1.1) st####.o####.com:80
- TCP(HTTP/1.1) js.u####.com:80
- TCP(HTTP/1.1) m.o####.com:80
- TCP(HTTP/1.1) ipv6-as####.m.ta####.com:80
- TCP(HTTP/1.1) mobads-####.b####.com:80
- TCP(HTTP/1.1) my.pi####.com:80
- TCP(TLS/1.0) mobads-####.b####.com:443
- TCP(TLS/1.0) dup.baidust####.com:443
- TCP(TLS/1.0) st####.gz####.cn:443
- TCP(TLS/1.0) a####.b####.com:443
- TCP(TLS/1.0) c####.b####.com:443
- TCP(TLS/1.0) l####.cdn.bc####.####.com:443
- TCP(TLS/1.0) pos.b####.com:443
- TCP(TLS/1.0) hm.b####.com:443
- a####.b####.com
- ab.pi####.com
- api.s####.b####.com
- c####.b####.com
- c####.baidust####.com
- ch1bo####.com
- ch2.bo####.com
- cm.miao####.atm.####.com
- cm.pos.b####.com
- dup.baidust####.com
- ec####.b####.com
- f10.b####.com
- f11.b####.com
- f12.b####.com
- hm.b####.com
- image####.b####.com
- js.g####.com
- js.ru####.com
- js.u####.com
- l####.cdn.bc####.com
- m.o####.com
- mo####.b####.com
- mobads-####.b####.com
- mt####.go####.com
- my.pi####.com
- p####.zhanz####.b####.com
- pic.gzp####.com
- pos.b####.com
- st####.gz####.cn
- st####.o####.com
- st####.su####.com
- t10.b####.com
- t11.b####.com
- t12.b####.com
- wn.pos.b####.com
- 1####.138.180.232/hanjia/
- a####.b####.com/libs/jquery/1.9.1/jquery.min.js
- a####.b####.com/libs/jquery/2.1.4/jquery.min.js
- ab.pi####.com/js/logo/css/logo-sm.css
- ab.pi####.com/js/logo/js/logo.js
- c####.baidust####.com.####.com/cpro/ui/pr.js
- c####.baidust####.com.####.com/sync.htm?cproid=####
- cm.pos.b####.com/youku?mzid=####
- image####.b####.com/ui?api=####&prot=####&tu=####&pic=####&vn=####&callb...
- ipv6-as####.m.ta####.com/cm.gif?dspid=####
- js.ru####.com/cpro/ui/mi.js
- js.ru####.com/oimqva.js
- js.ru####.com/plnrwb.js
- js.ru####.com/site/openjs/source/cz4k.js?fasb=####
- js.ru####.com/site/uwzo.js?gbtckk=####
- js.u####.com/cpt/cptm.js?158117####
- l####.cdn.bc####.####.com/sync.htm?cproid=####
- m.o####.com/kaoshi/hanjia/
- m.o####.com/kaoshi/hanjia/596172.html
- m.o####.com/kaoshi/jiaoan/
- m.o####.com/kaoshi/qimokaoshi/
- m.o####.com/kaoshi/qimokaoshi/605098.html
- m.o####.com/kaoshi/qimokaoshi/605892.html
- m.o####.com/kaoshi/shujia/
- my.pi####.com/v1/trade/qr/free?title=####&m=####&k=####
- pic.gzp####.com/allimg/150107/36-15010g5104u44.png?x-oss-process=####
- pic.gzp####.com/allimg/150303/14560131q-0.jpg?x-oss-process=####
- pic.gzp####.com/allimg/150929/1r3005p3-1.jpg?x-oss-process=####
- pic.gzp####.com/allimg/151125/1531232w0-0.jpg?x-oss-process=####
- pic.gzp####.com/allimg/151207/160a35334-3.jpg?x-oss-process=####
- pic.gzp####.com/allimg/151218/15-15121pt223415.png?x-oss-process=####
- pic.gzp####.com/allimg/160216/1g50212g-0.jpg?x-oss-process=####
- pic.gzp####.com/allimg/160624/1z922h24-0.jpg?x-oss-process=####
- pic.gzp####.com/allimg/160914/16311ab4-5.jpg?x-oss-process=####
- pic.gzp####.com/allimg/1611/1614141126-31.jpg?x-oss-process=####
- pic.gzp####.com/allimg/1611/161414h03-8.jpg?x-oss-process=####
- pic.gzp####.com/allimg/161219/142ih3a-0.png?x-oss-process=####
- pic.gzp####.com/allimg/1701/1a9133247-1.jpg?x-oss-process=####
- pic.gzp####.com/allimg/170112/11243u221-7.png?x-oss-process=####
- pic.gzp####.com/allimg/1703/142352k00-7.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201501/36-150112111022z1.png?x-oss-process=####
- pic.gzp####.com/allimg/201507/35-150f61q516393.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201510/37-15101613542j55.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201510/37-151016135444h1.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201510/3953-151016155z3q4.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201601/3951-1601151632491z.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201603/3957-1603311k51co.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201604/34-1604231k935141.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201606/17-16062gq104w1.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201606/36-160601191418.png?x-oss-process=####
- pic.gzp####.com/allimg/201606/3956-1606131q5361z.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201606/57-160604143f1-50.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201607/14-160f41sp92h.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201607/16-160hg61253p0.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201607/38-160hg60613429.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201607/38-160hq45910332.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201607/8-160hg51048.png?x-oss-process=####
- pic.gzp####.com/allimg/201608/16-160p6125ull.png?x-oss-process=####
- pic.gzp####.com/allimg/201608/16-160rg6145q96.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201608/38-160r5154231643.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201609/16-16091216325hq.png?x-oss-process=####
- pic.gzp####.com/allimg/201610/77-161031145255v7.png?x-oss-process=####
- pic.gzp####.com/allimg/201611/36-16111h24k1c8.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201611/38-1611221j012k0.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201611/74-16110115400g07.png?x-oss-process=####
- pic.gzp####.com/allimg/201612/13-1612161s024.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201612/19-161216141f6.png?x-oss-process=####
- pic.gzp####.com/allimg/201612/36-161230094546-50.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201612/44-16120g63632950.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201701/13-1f1041kp53c.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201701/22-1f113162957.png?x-oss-process=####
- pic.gzp####.com/allimg/201701/45-1f11q00f6.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201701/70-1f112112942d6.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201702/23-1f224123630.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201702/6-1f224155q2.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201702/70-1f2230u30oy.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201702/70-1f2230u92m34.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201703/13-1f32g05r2245.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201703/15-1f3291pk7.png?x-oss-process=####
- pic.gzp####.com/allimg/201703/46-1f325152h0r7.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201703/6-1f321160i2.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201703/70-1f3141s55y16.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201703/82-1f3100t64o46.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201703/82-1f3100zk55t.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201704/43-1f4140956232a.png?x-oss-process=####
- pic.gzp####.com/allimg/201704/5-1f405111231.jpg?x-oss-process=####
- pic.gzp####.com/allimg/201704/77-1f411141p1.jpg?x-oss-process=####
- pos.b####.com/auto_dup?di=####<u=####&psi=####&cfv=####&exps=####&ti=#...
- pos.b####.com/auto_dup?di=####<u=####&psi=####&dai=####&pcs=####&cmi=#...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&psi=####&pis=####&cec...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&psi=####&pss=####&exp...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&psi=####&ti=####&cpl=...
- pos.b####.com/sync_pos.htm?cproid=####
- s####.jom####.com/push.js
- s####.jom####.com/s.gif?l=####
- si####.jom####.com/it/u=1099446306,3045305731&fm=76
- si####.jom####.com/it/u=140336381,2852933824&fm=76
- si####.jom####.com/it/u=148054351,1804075241&fm=76
- si####.jom####.com/it/u=1487503593,2086020933&fm=76
- si####.jom####.com/it/u=1560353806,1931939853&fm=76
- si####.jom####.com/it/u=1775064443,3210051085&fm=76
- si####.jom####.com/it/u=1911896658,3332517543&fm=76
- si####.jom####.com/it/u=1992719422,3464691711&fm=76
- si####.jom####.com/it/u=218574192,4090846155&fm=76
- si####.jom####.com/it/u=2255484390,3876305016&fm=76
- si####.jom####.com/it/u=2696357980,446993650&fm=76
- si####.jom####.com/it/u=3268691478,3723365184&fm=76
- si####.jom####.com/it/u=3326620445,118624061&fm=76
- si####.jom####.com/it/u=3364231191,977671111&fm=76
- si####.jom####.com/it/u=35041564,29987284&fm=76
- si####.jom####.com/it/u=3948334157,2273760480&fm=76
- si####.jom####.com/it/u=468234930,3376093133&fm=76
- si####.jom####.com/it/u=519272427,3829159482&fm=76
- si####.jom####.com/it/u=532945940,412418416&fm=76
- si####.jom####.com/it/u=72820032,1915531090&fm=76
- si####.jom####.com/it/u=826395512,4273563215&fm=76
- st####.gz####.cn/js/pubuliu_m.js?2019####
- st####.gz####.cn/js/readmore.js
- st####.o####.com/cpt/cptm.js?158117####
- st####.o####.com/cpt/css/m-style.css
- st####.o####.com/cpt/img/m/icon_code.png
- st####.o####.com/cpt/img/m/icon_login.png
- st####.o####.com/cpt/img/m/icon_phone.png
- st####.o####.com/cpt/img/m/icon_star.png
- st####.o####.com/cpt/img/m/pay.jpg
- st####.o####.com/cpt/img/m/wxzhifu_load.gif
- st####.o####.com/cpt/json/m.alert.2.json
- st####.o####.com/cpt/json/m.alert.json
- st####.o####.com/css/m/article.css
- st####.o####.com/css/m/list.css
- st####.o####.com/img/m/site_bg_icon.png
- st####.o####.com/img/pc_ico.png
- st####.o####.com/js/m.js?2019####
- st####.o####.com/js/m_min.js
- st####.o####.com/js/pubuliu_m_list.js?2019####
- st####.su####.com/img/wechat_kefu.png
- wn.pos.b####.com/adx.php?c=####
- mobads-####.b####.com/brwhis.log
- /data/data/####/.imprint
- /data/data/####/__x_adsdk_agent_header__.xml
- /data/data/####/__xadsdk__remote__final__builtin__.jar
- /data/data/####/app_wgwqkclasses.jar
- /data/data/####/com.baidu.mobads.loader.xml
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/dbnsgo-journal
- /data/data/####/exchangeIdentity.json
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/index
- /data/data/####/jegc
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromiumPrivate.db-journal
- yodqr
- DES-ECB-PKCS5Padding