Technical information
- Adware.SalmonAds.1.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) rts.mo####.sdk.####.com:80
- TCP(HTTP/1.1) fot####.traffic####.net:80
- TCP(HTTP/1.1) waws-pr####.vip.azurewe####.####.net:80
- TCP(HTTP/1.1) t####.mob####.com:80
- TCP(HTTP/1.1) ad.c####.kaf####.com:80
- TCP(HTTP/1.1) ad.lead####.net:80
- TCP(HTTP/1.1) api.lead####.net:80
- TCP(HTTP/1.1) cdn.foto####.com.####.net:80
- TCP(HTTP/1.1) cdn.a####.foto####.####.net:80
- TCP(HTTP/1.1) api.alt####.com:80
- TCP(HTTP/1.1) cdn.o####.foto####.####.net:80
- TCP(HTTP/1.1) sdk.api.alt####.com:80
- TCP(HTTP/1.1) cdn.dl.foto####.####.net:80
- TCP(HTTP/1.1) api.mo####.sdk.####.com:80
- TCP(SSL/3.0) um.si####.fi:443
- TCP(SSL/3.0) s####.tubem####.com:443
- TCP(SSL/3.0) uk.a####.com:443
- TCP(SSL/3.0) g.geo####.com:443
- TCP(TLS/1.0) d####.fl####.com:443
- TCP(TLS/1.0) wild####.outb####.com.####.net:443
- TCP(TLS/1.0) www.googlea####.com:443
- TCP(TLS/1.0) f####.gst####.com:443
- TCP(TLS/1.0) p####.everest####.net:443
- TCP(TLS/1.0) a.company####.com:443
- TCP(TLS/1.0) bat-bin####.a-####.a-ms####.net:443
- TCP(TLS/1.0) 1####.217.19.206:443
- TCP(TLS/1.0) young####.biz:443
- TCP(TLS/1.0) www.googlet####.com:443
- TCP(TLS/1.0) a.rf####.com.####.net:443
- TCP(TLS/1.0) s####.1rx.io:443
- TCP(TLS/1.0) c####.cloudf####.com:443
- TCP(TLS/1.0) pugm220####.pubm####.com:443
- TCP(TLS/1.0) ask-wi####.ex####.ie:443
- TCP(TLS/1.0) pixel-####.sites####.com:443
- TCP(TLS/1.0) y####.intelli####.com:443
- TCP(TLS/1.0) googl####.g.doublec####.net:443
- TCP(TLS/1.0) dsp.adf####.adi####.com:443
- TCP(TLS/1.0) e.crashly####.com:443
- TCP(TLS/1.0) sett####.crashly####.com:443
- TCP(TLS/1.0) pag####.googles####.com:443
- TCP(TLS/1.0) s####.mat####.com:443
- TCP(TLS/1.0) lh3.googleu####.com:443
- TCP(TLS/1.0) tpc.googles####.com:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) se####.ex####.eu:443
- TCP(TLS/1.0) pixel-e####.p####.quants####.net:443
- TCP(TLS/1.0) eb2.3####.com:443
- TCP(TLS/1.0) s####.g.doublec####.net:443
- TCP(TLS/1.0) uk.a####.com:443
- TCP(TLS/1.0) um.w####.net:443
- TCP(TLS/1.0) s####.tubem####.com:443
- TCP(TLS/1.0) stat####.face####.com:443
- TCP(TLS/1.0) www.go####.nl:443
- TCP(TLS/1.0) adser####.go####.nl:443
- TCP(TLS/1.0) al####.outb####.org:443
- TCP(TLS/1.0) d5p.d####.com:443
- TCP(TLS/1.0) trc.tab####.com:443
- TCP(TLS/1.0) waws-pr####.vip.azurewe####.####.net:443
- TCP(TLS/1.0) www.face####.com:443
- TCP(TLS/1.0) r.t####.com:443
- TCP(TLS/1.0) um.si####.fi:443
- TCP(TLS/1.0) adser####.go####.com:443
- TCP(TLS/1.0) trac####.m6r.eu.####.net:443
- TCP(TLS/1.0) cm.g.doublec####.net:443
- TCP(TLS/1.0) f####.google####.com:443
- TCP(TLS/1.0) g####.s####.dogl####.####.net:443
- TCP(TLS/1.0) www.google-####.com:443
- TCP(TLS/1.0) x.bidsw####.net:443
- TCP(TLS/1.0) api.face####.com:443
- TCP(TLS/1.0) log-ec-####.a####.tv.####.net:443
- TCP(TLS/1.0) pix.imp####.com:443
- TCP(TLS/1.0) cdn.tab####.com:443
- TCP(TLS/1.0) con####.face####.net:443
- TCP(TLS/1.0) p####.ybp.y####.com:443
- TCP(TLS/1.0) ad.t####.com:443
- TCP(TLS/1.0) g.geo####.com:443
- TCP(TLS/1.0) st####.ex####.ie:443
- TCP(TLS/1.0) st####.chame####.ad:443
- TCP(TLS/1.0) securep####.g.doublec####.net:443
- a####.mdc.akama####.net
- a.company####.com
- ad.c####.kaf####.com
- ad.lead####.net
- ad.t####.com
- adapi-a####.foto####.net
- adser####.go####.com
- adser####.go####.nl
- amp####.outb####.com
- amplify####.outb####.com
- analy####.foto####.net
- api.alt####.com
- api.foto####.com
- api.lead####.net
- api.mo####.sdk.####.com
- ask-wi####.ex####.ie
- bat.b####.com
- c####.cloudf####.com
- cdn.a####.foto####.net
- cdn.ads.foto####.net
- cdn.api.foto####.com
- cdn.api.foto####.net
- cdn.foto####.com
- cdn.o####.foto####.net
- cdn.tab####.com
- cm.g.doublec####.net
- cms.quants####.com
- con####.face####.net
- d####.fl####.com
- d5p.d####.com
- dsp.adf####.adi####.com
- e.crashly####.com
- eb2.3####.com
- f####.google####.com
- f####.gst####.com
- fot####.foto####.com
- g####.face####.com
- g####.foto####.net
- g####.s####.dogl####.net
- googl####.g.doublec####.net
- gsn.chame####.ad
- ib.a####.com
- im####.pubm####.com
- lh3.googleu####.com
- lh6.googleu####.com
- p####.everest####.net
- p####.ybp.y####.com
- p.rf####.com
- pag####.googles####.com
- pix.imp####.com
- pixel-####.sites####.com
- r####.foto####.com
- r.t####.com
- re####.foto####.net
- rts.mo####.sdk.####.com
- s####.1rx.io
- s####.ad####.adverti####.com
- s####.g.doublec####.net
- s####.mat####.com
- sdk.api.alt####.com
- se####.ex####.eu
- securep####.g.doublec####.net
- sett####.crashly####.com
- st####.chame####.ad
- st####.ex####.ie
- stat####.face####.com
- syn####.everest####.net
- t####.mob####.com
- tpc.googles####.com
- tr.outb####.com
- trac####.m6r.eu
- trc.tab####.com
- uk.a####.com
- um.si####.fi
- um.w####.net
- www.face####.com
- www.go####.com
- www.go####.nl
- www.google-####.com
- www.googlea####.com
- www.googlet####.com
- www.googlet####.com
- x.bidsw####.net
- y####.intelli####.com
- young####.biz
- ad.c####.kaf####.com/v1/click?type=####&p1=####&p8=####&p9=####&p13=####...
- ad.lead####.net/applnk/826227844?src_section_id=####
- api.alt####.com/v1/sdk4/upload/clk?type=####&p1=####&p8=####&p9=####&p13...
- api.alt####.com/v1/sdk4/upload/imp?type=####&p1=####&p8=####&p9=####&p13...
- api.lead####.net/nat_clk/429598926/12271244?devad_id=####&gid=####&gid_c...
- api.mo####.sdk.####.com/adunion/rtb/fetchAd?h=####&w=####&model=####&ven...
- api.mo####.sdk.####.com/adunion/rtb/getInmobiAd?h=####&w=####&model=####...
- api.mo####.sdk.####.com/adunion/slot/getDlAd?h=####&w=####&model=####&ve...
- api.mo####.sdk.####.com/adunion/slot/getSrcPrio?h=####&w=####&model=####...
- cdn.a####.foto####.####.net/conf/?country=####&source=####
- cdn.a####.foto####.####.net/pos/v1/?os=####&appid=####&ver=####
- cdn.a####.foto####.####.net/web/oav1?appid=####&os=####&ver=####
- cdn.dl.foto####.####.net/Advertise/ads/v4/?os=####&appid=####&enableapi=...
- cdn.dl.foto####.####.net/advertise/recommend/v1/?os=####&appid=####&ver=...
- cdn.dl.foto####.####.net/material/Adfocus/getData?os=####&appid=####&ver...
- cdn.dl.foto####.####.net/material/paintlabFilter/getMaterialList?os=####...
- cdn.dl.foto####.####.net/material/prisma/getGroups/?os=####&appid=####&v...
- cdn.foto####.com.####.net/ads/04fdb6495546a1435be4aa4a35f9f500.gif
- cdn.foto####.com.####.net/ads/237e33a4d1d725ad20dac0207c4d9a9e.webp
- cdn.foto####.com.####.net/ads/5ff560fe96a0660f3df3ab6b8649ea8e.webp
- cdn.foto####.com.####.net/ads/88a88f6bcf7c56196441e7f3958b2148.webp
- cdn.foto####.com.####.net/ads/a782f9a996ec90fd2402ea0efb06c933.webp
- cdn.foto####.com.####.net/ads/ac4fe03de26b5f5d99c82f7b213ad985.webp
- cdn.foto####.com.####.net/ads/b4bc79efd715fa789382e229545e734a.webp
- cdn.foto####.com.####.net/ads/bf2d013cd35446e10c5d17d2c335fa15.webp
- cdn.foto####.com.####.net/ads/c0a5298bc39a9207f4bc84a1badc5192.webp
- cdn.foto####.com.####.net/ads/c5a1d7c47770da071f42373063bd3905.webp
- cdn.foto####.com.####.net/materials/80ed71f40e63173ec0b57c5dc2bdfa68.png
- cdn.o####.foto####.####.net/v2/<Package>/android/NL
- cdn.o####.foto####.####.net/v2/<Package>/android/US
- fot####.traffic####.net/user/group/v1/?openuuid=####&appid=####&os=####&...
- t####.mob####.com/mobclick/track.do/435864406911322?aff_id=####&offer_id...
- t####.mob####.com/mobclick/track.do/455864406911399?aff_id=####&offer_id...
- waws-pr####.vip.azurewe####.####.net/
- waws-pr####.vip.azurewe####.####.net/adv?action=####&channel=####&adid=#...
- waws-pr####.vip.azurewe####.####.net/click/?adname=####&adid=####&countr...
- waws-pr####.vip.azurewe####.####.net/show/?adname=####&adid=####&country...
- api.alt####.com/adserver/v1/promote/ads/sdk/v4
- api.alt####.com/adserver/v1/sdk/norefferclick
- rts.mo####.sdk.####.com/orts/rpb?h=####&w=####&model=####&vendor=####&sd...
- sdk.api.alt####.com/v4/<Package>/aps.php
- sdk.api.alt####.com/v4/<Package>/config.php
- waws-pr####.vip.azurewe####.####.net/pushregist/
- waws-pr####.vip.azurewe####.####.net/regist/
- /data/data/####/-1097969700
- /data/data/####/-496381078
- /data/data/####/-515249652-975763097
- /data/data/####/.YFlurrySenderIndex.info.AnalyticsData_F4Z6CFP8...8W_216
- /data/data/####/.YFlurrySenderIndex.info.AnalyticsMain
- /data/data/####/.yflurrydatasenderblock.838b0b58-4ab2-4725-875f...25e8cb
- /data/data/####/.yflurryreport.-3c5877de4260ee78
- /data/data/####/1460683162801.jar
- /data/data/####/1460683162801.tmp
- /data/data/####/5C704E71038A-0001-08E4-E5BF61EAC57ABeginSession.cls_temp
- /data/data/####/5C704E71038A-0001-08E4-E5BF61EAC57ASessionApp.cls_temp
- /data/data/####/5C704E71038A-0001-08E4-E5BF61EAC57ASessionDevice.cls_temp
- /data/data/####/5C704E71038A-0001-08E4-E5BF61EAC57ASessionEvent...s_temp
- /data/data/####/5C704E71038A-0001-08E4-E5BF61EAC57ASessionOS.cls_temp
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/ApplicationCache.db-journal (deleted)
- /data/data/####/DeviceTestSharedPreferences.xml
- /data/data/####/FBAdPrefs.xml
- /data/data/####/FBNativeInfo.xml
- /data/data/####/FEncoureageLimited.xml
- /data/data/####/FLURRY_SHARED_PREFERENCES.xml
- /data/data/####/FotoAdMediationDB.xml
- /data/data/####/FotoAdStrategy.xml
- /data/data/####/FotoAlertFactoryPreference.xml
- /data/data/####/FotoCustomReportSet.xml
- /data/data/####/FullScreenSharedPrefrence.xml
- /data/data/####/KApplicationPref.xml
- /data/data/####/RECOMMEND_SAHREPREFRENCE.xml
- /data/data/####/SDKIDFA.xml
- /data/data/####/SharePrefFlurryEvent.xml
- /data/data/####/TPhotoAdPromoteManager.xml
- /data/data/####/TwitterAdvertisingInfoPreferences.xml
- /data/data/####/YTAdFactory.xml
- /data/data/####/_toolbox_prefs.xml
- /data/data/####/altamob_ads-journal
- /data/data/####/altamob_device
- /data/data/####/altamob_sp_sdk.xml
- /data/data/####/battery_setting.xml
- /data/data/####/com.crashlytics.prefs.xml
- /data/data/####/com.crashlytics.sdk.android;answers;settings.xml
- /data/data/####/com.crashlytics.settings.json
- /data/data/####/com.facebook.ads.FEATURE_CONFIG.xml
- /data/data/####/com.facebook.internal.preferences.APP_SETTINGS.xml
- /data/data/####/com.fotoable.coolart_preferences.xml
- /data/data/####/com.fotoable.paintlab.PrismaMainActivity2.xml
- /data/data/####/com.google.android.gms.analytics.prefs.xml
- /data/data/####/com.google.android.gms.appid-no-backup
- /data/data/####/com.google.android.gms.appid.xml
- /data/data/####/com.wantu.android.WantuSetting.xml
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/data_3 (deleted)
- /data/data/####/device_id.xml.xml
- /data/data/####/du_ad_cache.db-journal
- /data/data/####/du_ad_ts.db-journal
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/gonggong_shareprefsname.xml
- /data/data/####/google_analytics_v4.db-journal
- /data/data/####/https_googleads.g.doubleclick.net_0.localstorage-journal
- /data/data/####/index
- /data/data/####/initialization_marker
- /data/data/####/io.fabric.sdk.android;fabric;aga.xml
- /data/data/####/libjiagu.so
- /data/data/####/multidex.version.xml
- /data/data/####/recommend_archive_main
- /data/data/####/recommend_archive_save
- /data/data/####/sa_41541e3e-afcf-446b-bee2-339fc06043fa_1550863992234.tap
- /data/data/####/sa_5a2bc698-bc2d-46fe-afd9-ba96c2c0f714_1550863993950.tap
- /data/data/####/sa_5e3bd557-b23c-41b0-b810-f5650c5526d5_1550863987725.tap
- /data/data/####/sa_9dfd7f8d-e939-4404-80e9-a0c4fd4d73b9_1550863992395.tap
- /data/data/####/sa_dc33f79f-48a8-4cb8-b0cd-debd046507ce_1550864021804.tap
- /data/data/####/session_analytics.tap
- /data/data/####/session_analytics.tap (deleted)
- /data/data/####/session_analytics.tap.tmp
- /data/data/####/signOfIcon.xml
- /data/data/####/sysconfig.xml
- /data/data/####/uploadAdUserInfos.xml
- /data/data/####/wantu_localpush.xml
- /data/data/####/webview.db-journal
- /data/data/####/webviewCache.db
- /data/data/####/webviewCache.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/media/####/.nomedia
- /data/media/####/.thumbdata3--1967290299
- /data/media/####/0C237DA6EAF444E14159793A80045B29false
- /data/media/####/0CF3D1E0F9FE0E0E4EEF69554FD29904false
- /data/media/####/1550864042925.jpg
- /data/media/####/1550864043082.jpg
- /data/media/####/1d569f515759d35ef40479bb36453145.0
- /data/media/####/24663.webp
- /data/media/####/24665.webp
- /data/media/####/26E24B4AA672AF75323F51AB6680013Bfalse
- /data/media/####/2AAA64B5A7312D63C4512216F471AED2false
- /data/media/####/2c5b42399d6ff0ff57fa59ebdfeb8930.0
- /data/media/####/2ec5930e9e1e43fd0049a11d366a4186.0
- /data/media/####/3544872DE02E02C2C7E8EDCD564722A1false
- /data/media/####/72cf717324446a6306e7ec51d79cd92b.0
- /data/media/####/73BF9B25BD99D92F60DCD770CA99C77Dfalse
- /data/media/####/76e15b1b3f346514873e82ceac9db7e7.0
- /data/media/####/9F87B841A36D4228220906B8BD2C9C3Bfalse
- /data/media/####/BF91629DE564FF8ED6C41B7545DCE65Ftrue
- /data/media/####/b5a270deee23db7bfdc43c19b8a3720f.0
- /data/media/####/f9c19d1d7fec7eb41464e3549cdb9a03.0
- /data/media/####/journal.tmp
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- crashlytics
- libjiagu
- localpushservice
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS7Padding