Technical information
- Adware.Appsad.5.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) u####.b####.com:80
- TCP(HTTP/1.1) lh3.googleu####.com:80
- TCP(HTTP/1.1) net.ray####.com:80
- TCP(HTTP/1.1) www.f####.com:80
- TCP(HTTP/1.1) sts.bat####.net:80
- TCP(HTTP/1.1) rts.mo####.sdk.####.com:80
- TCP(HTTP/1.1) 1####.205.163.87:80
- TCP(HTTP/1.1) cdn.bat####.net:80
- TCP(HTTP/1.1) api.alt####.com:80
- TCP(HTTP/1.1) fk-k8s-####.ray####.com:80
- TCP(HTTP/1.1) sdk.api.alt####.com:80
- TCP(HTTP/1.1) c####.startap####.com:80
- TCP(HTTP/1.1) api.mo####.sdk.####.com:80
- TCP(HTTP/1.1) s3.pics####.com:80
- TCP(HTTP/1.1) g####.bat####.net:80
- TCP(HTTP/1.1) pl####.mob####.b####.com:80
- TCP(TLS/1.0) lh3.googleu####.com:443
- TCP(TLS/1.0) t.appsf####.com:443
- TCP(TLS/1.0) g####.bat####.net:443
- TCP(TLS/1.0) g####.s####.dogl####.####.net:443
- TCP(TLS/1.0) www.f####.com:443
- TCP(TLS/1.0) api.face####.com:443
- TCP(TLS/1.0) lh5.g####.com:443
- TCP(TLS/1.0) msg.umengc####.com:443
- TCP 1####.205.160.76:443
- TCP openj####.m.ta####.com:80
- a####.bat####.net
- a####.batm####.net
- a####.batm####.net
- ag####.m.ta####.com
- api.alt####.com
- api.mo####.sdk.####.com
- api.mob####.b####.com
- api.tinyhon####.com
- bulk-c####.startap####.com
- cdn.bat####.net
- g####.bat####.net
- g####.face####.com
- g####.s####.dogl####.net
- lh3.googleu####.com
- lh5.g####.com
- msg.umengc####.com
- net.ray####.com
- pl####.mob####.b####.com
- rts.mo####.sdk.####.com
- s####.mob####.b####.com
- s3.pics####.com
- sdk.api.alt####.com
- set####.ray####.com
- sts.bat####.net
- t.appsf####.com
- u####.b####.com
- u####.bat####.net
- umengj####.m.ta####.com
- www.f####.com
- api.mo####.sdk.####.com/adunion/rtb/fetchAd?h=####&w=####&model=####&ven...
- api.mo####.sdk.####.com/adunion/rtb/getInmobiAd?h=####&w=####&model=####...
- api.mo####.sdk.####.com/adunion/slot/getDlAd?h=####&w=####&model=####&ve...
- api.mo####.sdk.####.com/adunion/slot/getSrcPrio?h=####&w=####&model=####...
- c####.startap####.com/tracking/adClick?d=IAAAAAAgAAA6X1tPSEVBWVlZXFNJRk1...
- cdn.bat####.net/appstore/richmedia/20180928/o5fjlf5b7c1gqf7giiqrofo6_300...
- cdn.bat####.net/image/tryauto/20170409/aa806c6fdb824c10a4b047bc317cfd2e/...
- fk-k8s-####.ray####.com/appwall/setting?app_id=####&sign=####&platform=#...
- fk-k8s-####.ray####.com/setting?app_id=####&sign=####&platform=####&os_v...
- lh3.googleu####.com/q_JKIC4y9PgnfOSAsT6HjKeP2QWMyruFJarqqoJHtw8UzsBYTWv-...
- net.ray####.com/openapi/ad/v3?app_id=####&unit_id=####&category=####&req...
- sts.bat####.net/call/v2/ad/click?ads_id=####&aff_id=####&ak_id=####&loca...
- sts.bat####.net/call/v2/ad/click_callback?ads_id=####&aff_id=####&ak_id=...
- sts.bat####.net/log?partner_id=####&p_name=####&aid=####&local=####&time...
- sts.bat####.net/stat/v2/request?aff_id=####&ak_id=####&local=####&from_s...
- u####.b####.com/setting/grobal_strategy?p=####&hp=####&l=####&c=####&pro...
- www.f####.com/red.php?utm_source=####
- api.alt####.com/adserver/v1/promote/ads/sdk/v4
- g####.bat####.net/sdk/priority
- pl####.mob####.b####.com/ad_dex.php
- rts.mo####.sdk.####.com/orts/rpb?h=####&w=####&model=####&vendor=####&sd...
- s3.pics####.com/PicsJion_AdRate_Rec/public/getAdConfig
- sdk.api.alt####.com/v4/<Package>/aps.php
- sdk.api.alt####.com/v4/<Package>/config.php
- sts.bat####.net/native/v2/recommend
- /data/data/####/ACCS_BIND.xml
- /data/data/####/ACCS_SDK.xml
- /data/data/####/ACCS_SDK_CHANNEL.xml
- /data/data/####/AGOO_BIND.xml
- /data/data/####/AdsBusiness-data.xml
- /data/data/####/Agoo_AppStore.xml
- /data/data/####/Alvin2.xml
- /data/data/####/ContextData.xml
- /data/data/####/DaemonServer
- /data/data/####/FBAdPrefs.xml
- /data/data/####/L-mbv-1550689062254-108989301.log
- /data/data/####/L-mbv-1550689077193-2061849554.log
- /data/data/####/L-mbv-1550689122197-714937865.log
- /data/data/####/META_INFO.xml
- /data/data/####/MessageStore.db-journal
- /data/data/####/MsgLogStore.db-journal
- /data/data/####/SDKIDFA.xml
- /data/data/####/_toolbox_prefs.xml
- /data/data/####/_toolbox_prefs.xml (deleted)
- /data/data/####/_toolbox_prefs.xml.bak (deleted)
- /data/data/####/accs.db-journal
- /data/data/####/ad_rate_info.xml
- /data/data/####/agoo.pid
- /data/data/####/altamob_ads-journal
- /data/data/####/altamob_device
- /data/data/####/altamob_sp_sdk.xml
- /data/data/####/altamob_sp_sdk.xml (deleted)
- /data/data/####/altamob_sp_sdk.xml.bak
- /data/data/####/altamob_sp_sdk.xml.bak (deleted)
- /data/data/####/appsflyer-data.xml
- /data/data/####/aps.xml
- /data/data/####/apscomm.xml
- /data/data/####/bat_statistics.db-journal
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/classes.zip
- /data/data/####/com.facebook.ads.FEATURE_CONFIG.xml
- /data/data/####/daemon
- /data/data/####/du_ad_cache.db-journal
- /data/data/####/du_ad_ts.db-journal
- /data/data/####/eudemon
- /data/data/####/launch_app.xml
- /data/data/####/message_accs_db
- /data/data/####/message_accs_db-journal
- /data/data/####/mobclick_agent_cached_com.baiwang.videocreator21
- /data/data/####/mobvista.msdk.db-journal
- /data/data/####/mobvista.xml
- /data/data/####/multidex.version.xml
- /data/data/####/setting.xml
- /data/data/####/share_data_config.xml
- /data/data/####/sharedpreferences_batmobi_ad_clicks.xml
- /data/data/####/sharedpreferences_batmobi_ad_clicks_offers.xml
- /data/data/####/sharedpreferences_batmobi_ad_marketurl.xml
- /data/data/####/sharedpreferences_batmobi_offers.xml
- /data/data/####/sharedpreferences_batmobi_settings.xml
- /data/data/####/sharedpreferences_batmobi_third_priorities.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromiumPrivate.db
- /data/data/####/webviewCookiesChromiumPrivate.db-journal
- /data/media/####/.cuid
- /data/media/####/.nomedia
- /data/media/####/50c2388b5106499f99e3c09c40efa73e
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/accs_election
- /data/media/####/cff2ba6e41b649508d6eea8abb641cec
- /data/media/####/deviceToken
- /data/media/####/e5d5e515f8f64edb94c966e7758c0904
- /data/media/####/journal.tmp
- <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:559b942567e58e17bc005aef","utdid":"XG2jIV7rN7QDAGdzx1HamH0M","sdkVersion":"212"} -I agoodm.m.taobao.com -O 80 -T -Z
- chmod 500 <Package Folder>/files/DaemonServer
- chmod 700 <Package Folder>/app_bin/daemon
- mars_d -p <Package> -s com.marswin89.marsdaemon.config.SysDaemonService -p1r 41 -p1w 42 -p2r 43 -p2w 44
- sh
- daemon_api20
- gpuimage-library
- tnet-3.1
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-ECB-NoPadding
- Blowfish-ECB-PKCS5Padding
- DES-CBC-PKCS5Padding
- RSA-ECB-PKCS1Padding
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- DES-CBC-PKCS5Padding