Loading ...

Play interactive tourEdit tour

Analysis Report SM9V6KEpdQ

Overview

General Information

Joe Sandbox Version:26.0.0 Aquamarine
Analysis ID:936130
Start date:14.08.2019
Start time:15:27:57
Joe Sandbox Product:Cloud
Overall analysis duration:0h 11m 21s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:SM9V6KEpdQ
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 7.1 Nougat
APK Instrumentation enabled:true
Detection:MAL
Classification:mal100.rans.troj.spyw.expl.evad.and@0/253@0/0
Warnings:
Show All
  • Max analysis timeout: 600s exceeded, the analysis took too long
  • Excluded IPs from analysis (whitelisted): 216.58.215.227, 172.217.168.36, 172.217.168.42, 172.217.168.74, 172.217.168.10, 216.58.215.238, 172.217.168.14, 172.217.168.46, 172.217.168.78, 108.177.127.188
  • Excluded domains from analysis (whitelisted): connectivitycheck.gstatic.com, android.clients.google.com, android.l.google.com, www.google.com, www.googleapis.com, googleapis.l.google.com, mobile-gtalk.l.google.com, mtalk.google.com
  • No interacted views
  • Not all executed log events are in report (maximum 10 identical API calls)
  • Not all non-executed APIs are in report
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.

Detection

StrategyScoreRangeReportingWhitelistedThreatDetection
Threshold1000 - 100Report FP / FNfalse
Cerberus
malicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Mitre Att&ck Matrix

Signature Overview

Click to jump to signature section


AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: SM9V6KEpdQvirustotal: Detection: 43%Perma Link

Privilege Escalation:

barindex
Checks if the device administrator is activeShow sources
Source: com.mwmnfwt.arhkrgajn.b.a;->i:767API Call: android.app.admin.DevicePolicyManager.isAdminActive
Tries to add a new device administratorShow sources
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "android.app.action.ADD_DEVICE_ADMIN"

Networking:

barindex
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
Opens an internet connectionShow sources
Source: com.mwmnfwt.arhkrgajn.a.a$a;->a:3API Call: java.net.URL.openConnection (not executed)
Found strings which match to known social media urlsShow sources
Source: androidString found in binary or memory: com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android, equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: com.google.android.gm,com.mail.mobile.android.mail,com.connectivityapps.hotmail,com.microsoft.office.outlook,com.yahoo.mobile.client.android.mail, equals www.hotmail.com (Hotmail)
Source: androidString found in binary or memory: com.google.android.gm,com.mail.mobile.android.mail,com.connectivityapps.hotmail,com.microsoft.office.outlook,com.yahoo.mobile.client.android.mail, equals www.yahoo.com (Yahoo)
Urls found in memory or binary dataShow sources
Source: androidString found in binary or memory: http://94.156.77.32
Source: oyfamrcbayz.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Uses HTTP for connecting to the internetShow sources
Source: com.mwmnfwt.arhkrgajn.a.a$a;->a:23API Call: java.net.HttpURLConnection.connect

E-Banking Fraud:

barindex
Detected Cerberus Banking TrojanShow sources
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: Cerberus strings
May check for popular installed appsShow sources
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"

Spam, unwanted Advertisements and Ransom Demands:

barindex
Strings related to ransomware foundShow sources
Source: androidMethod string: click unlock device
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: click unlock device
Tries to disable the administrator userShow sources
Source: com.mwmnfwt.arhkrgajn.lupurnjzcfr.qLWIkIfYsC;->onHandleIntent:104API Call: android.app.admin.DevicePolicyManager.removeActiveAdmin
Source: com.mwmnfwt.arhkrgajn.rsvrjvalnoql.Oamndbqk;->onCreate:29API Call: android.app.admin.DevicePolicyManager.removeActiveAdmin
Has permission to perform phone calls in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Has permission to send SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.SEND_SMS
May check for popular installed appsShow sources
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: "com.android.vending,org.telegram.messenger,com.ubercab,com.whatsapp,com.tencent.mm,com.viber.voip,com.snapchat.android,com.instagram.android,com.imo.android.imoim,com.twitter.android,"

Change of System Appearance:

barindex
May access the Android keyguard (lock screen)Show sources
Source: lbiyehpnaz.dex.drString found in binary or memory: Landroid/app/KeyguardManager;
Source: lbiyehpnaz.dex.drString found in binary or memory: inKeyguardRestrictedInputMode
Source: androidString found in binary or memory: keyguard
Sets a repeating alarmShow sources
Source: com.mwmnfwt.arhkrgajn.b.a;->a:16API Call: android.app.AlarmManager.setRepeating

System Summary:

barindex
Requests to ignore battery optimizationsShow sources
Source: Lcom/mwmnfwt/arhkrgajn/tiytemkez/AkLkZlbctHib;->onCreate(Landroid/os/Bundle;)VMethod string: "android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS"
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.READ_SMS
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Source: submitted apkRequest permission: android.permission.SEND_SMS
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Classification labelShow sources
Source: classification engineClassification label: mal100.rans.troj.spyw.expl.evad.and@0/253@0/0
Reads shares settingsShow sources
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "initialization": null
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 0
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "activityAccessibilityVisible":
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 8
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 16
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 24
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 32
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 40
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 48
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 56
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 64
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 72
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "kill":
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "step": 0
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "schetBootReceiver": 0
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "schetAdmin": 0
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 80
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 88
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 96
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 104
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 112
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 120
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 128
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 136
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 144
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 152
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 160
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 168
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 176
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 184
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 192
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 200
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 208
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 216
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 224
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 232
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 240
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 248
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 256
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 264
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 272
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 280
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 288
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 296
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 304
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 312
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 320
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 328
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 336
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 344
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 352
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 360
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 368
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 376
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 384
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 392
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 400
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 408
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 416
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 424
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 432
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 440
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 448
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 456
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 464
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 472
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 480
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 488
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 496
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 504
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 512
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 520
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 528
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 536
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 544
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 552
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 560
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 568
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 576
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 584
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 592
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 600
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 608
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 616
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 624
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 632
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 640
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 648
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 656
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 664
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 672
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 680
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 688
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 696
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 704
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 712
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 720
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 728
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 736
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 744
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 752
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 760
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 768
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 776
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 784
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 792
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 800
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 808
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 816
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 824
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 832
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 840
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 848
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 856
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 864
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 872
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 880
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 888
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 896
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 904
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 912
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 920
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 928
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 936
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 944
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 952
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 960
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 968
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 976
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 984
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 992
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1000
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1008
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1016
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1024
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1032
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1040
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1048
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1056
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1064
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1072
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1080
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1088
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1096
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1104
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1112
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1120
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1128
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1136
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1144
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1152
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1160
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1168
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1176
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1184
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1192
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1200
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1208
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1216
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1224
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1232
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1240
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1248
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1256
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1264
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1272
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1280
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1288
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1296
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1304
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1312
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1320
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1328
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1336
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1344
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1352
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1360
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1368
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1376
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1384
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1392
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1400
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1408
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1416
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1424
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1432
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1440
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1448
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1456
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1464
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1472
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1480
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1488
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1496
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1504
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1512
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1520
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1528
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1536
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1544
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1552
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1560
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1568
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1576
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1584
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1592
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1600
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1608
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1616
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1624
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1632
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1640
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1648
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1656
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1664
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1672
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1680
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1688
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1696
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1704
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1712
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1720
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1728
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1736
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1744
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1752
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1760
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1768
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1776
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1784
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1792
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1800
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1808
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1816
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1824
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1832
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1840
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1848
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1856
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1864
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1872
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1880
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1888
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1896
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1904
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1912
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1920
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1928
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1936
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1944
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1952
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1960
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1968
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1976
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1984
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 1992
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2000
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2008
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2016
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2024
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2032
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2040
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2048
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2056
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2064
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2072
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2080
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2088
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2096
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2104
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2112
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2120
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2128
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2136
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2144
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2152
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2160
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2168
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2176
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2184
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2192
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2200
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2208
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2216
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2224
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2232
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2240
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2248
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2256
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2264
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2272
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2280
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2288
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2296
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2304
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2312
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2320
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2328
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2336
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2344
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2352
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2360
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2368
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2376
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2384
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2392
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2400
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2408
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2416
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2424
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2432
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2440
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2448
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2456
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2464
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2472
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2480
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2488
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2496
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2504
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2512
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2520
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2528
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2536
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2544
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2552
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2560
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2568
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2576
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2584
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2592
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2600
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2608
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2616
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2624
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2632
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2640
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2648
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2656
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2664
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2672
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2680
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2688
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2696
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2704
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2712
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2720
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2728
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2736
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2744
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2752
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2760
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2768
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2776
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2784
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2792
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2800
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2808
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2816
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2824
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2832
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2840
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2848
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2856
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2864
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2872
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2880
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2888
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2896
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2904
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2912
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2920
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2928
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2936
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2944
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2952
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2960
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2968
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2976
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2984
Source: com.mwmnfwt.arhkrgajn.b.a;->d:425API Call: "timeWorking": 2992
Registers a Sensor listener (to get data about accelerometer, gyrometer etc.)Show sources
Source: com.mwmnfwt.arhkrgajn.lupurnjzcfr.xtzGIxXJaj;->onCreate:51API Call: android.hardware.SensorManager.registerListener
Source: com.mwmnfwt.arhkrgajn.lupurnjzcfr.xtzGIxXJaj;->onSensorChanged:56API Call: android.hardware.SensorManager.registerListener
Source: com.mwmnfwt.arhkrgajn.lupurnjzcfr.xtzGIxXJaj;->onSensorChanged:59API Call: android.hardware.SensorManager.registerListener
Source: com.mwmnfwt.arhkrgajn.lupurnjzcfr.xtzGIxXJaj;->onStartCommand:83API Call: android.hardware.SensorManager.registerListener

Data Obfuscation:

barindex
Accesses Class Loader via ReflectionShow sources
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Reflective call: public java.lang.ClassLoader java.lang.Class.getClassLoader()
Accesses FileOutputStream via ReflectionShow sources
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:751API Call: Reflective call: public void java.io.FileOutputStream.write(byte[]) throws java.io.IOException
Found very long method stringsShow sources
Source: Lcom/mwmnfwt/arhkrgajn/a;->a(Ljava/lang/String;)Ljava/lang/String;Method string: PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KPGhlYWQ+CiAgICA8bWV0YSBjaGFyc2V0PSJVVEYtOCI+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CiAgICA8bWV0YSBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9Iml Length: 7440
Obfuscates method namesShow sources
Source: SM9V6KEpdQTotal valid method names: 1%
Uses reflectionShow sources
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class com.iuolnsaork.itfets.TDEaNE
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public android.content.Context android.content.ContextWrapper.getBaseContext()
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class android.app.ContextImpl
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public java.io.File android.app.ContextImpl.getDir(java.lang.String,int)
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.io.File
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public java.lang.String java.io.File.getAbsolutePath()
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:751API Call: Real call: public android.content.res.AssetManager android.content.ContextWrapper.getAssets()
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:751API Call: Real call: public final android.content.res.AssetFileDescriptor android.content.res.AssetManager.openNonAssetFd(java.lang.String) throws java.io.IOException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:751API Call: Real call: public java.io.FileInputStream android.content.res.AssetFileDescriptor.createInputStream() throws java.io.IOException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:751API Call: Real call: public int android.content.res.AssetFileDescriptor$AutoCloseInputStream.read(byte[]) throws java.io.IOException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.EOJTRGuoSy;->hKAkCZgIPvnL:76API Call: Real call: public static void java.lang.System.arraycopy(byte[],int,byte[],int,int)
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:751API Call: Real call: public int android.content.res.AssetFileDescriptor$AutoCloseInputStream.read(byte[]) throws java.io.IOException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:751API Call: Real call: public int android.content.res.AssetFileDescriptor$AutoCloseInputStream.read(byte[]) throws java.io.IOException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:751API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:751API Call: Real call: public java.lang.reflect.Constructor java.lang.Class.getConstructor(java.lang.Class[]) throws java.lang.NoSuchMethodException,java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:751API Call: Real call: public java.lang.Object java.lang.reflect.Constructor.newInstance(java.lang.Object[]) throws java.lang.InstantiationException,java.lang.IllegalAccessException,java.lang.IllegalArgumentException,java.lang.reflect.InvocationTargetException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:751API Call: Real call: public void java.io.FileOutputStream.write(byte[]) throws java.io.IOException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:699API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.Class
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public java.lang.ClassLoader java.lang.Class.getClassLoader()
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.Class
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.Class
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.Class
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public java.lang.reflect.Constructor java.lang.Class.getConstructor(java.lang.Class[]) throws java.lang.NoSuchMethodException,java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.reflect.Constructor
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public java.lang.Object java.lang.reflect.Constructor.newInstance(java.lang.Object[]) throws java.lang.InstantiationException,java.lang.IllegalAccessException,java.lang.IllegalArgumentException,java.lang.reflect.InvocationTargetException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.Class
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.reflect.Field
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public native java.lang.Object java.lang.reflect.Field.get(java.lang.Object) throws java.lang.IllegalAccessException,java.lang.IllegalArgumentException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.reflect.Field
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public void java.lang.reflect.AccessibleObject.setAccessible(boolean) throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.reflect.Field
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public native java.lang.Object java.lang.reflect.Field.get(java.lang.Object) throws java.lang.IllegalAccessException,java.lang.IllegalArgumentException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.Class
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.reflect.Field
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.reflect.Field
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public void java.lang.reflect.AccessibleObject.setAccessible(boolean) throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.reflect.Field
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.Class
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.Class
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public java.lang.reflect.Constructor java.lang.Class.getConstructor(java.lang.Class[]) throws java.lang.NoSuchMethodException,java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.reflect.Constructor
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public java.lang.Object java.lang.reflect.Constructor.newInstance(java.lang.Object[]) throws java.lang.InstantiationException,java.lang.IllegalAccessException,java.lang.IllegalArgumentException,java.lang.reflect.InvocationTargetException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.io.File
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public boolean java.io.File.delete()
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.Class
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.Class
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.lang.reflect.Constructor
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public java.lang.Object java.lang.reflect.Constructor.newInstance(java.lang.Object[]) throws java.lang.InstantiationException,java.lang.IllegalAccessException,java.lang.IllegalArgumentException,java.lang.reflect.InvocationTargetException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class java.io.File
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:746API Call: Real call: public boolean java.io.File.delete()
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: class dalvik.system.DexClassLoader
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:684API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.mwmnfwt.arhkrgajn.b.a;->b:253API Call: java.lang.reflect.Method.invoke

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Starts an activity on phone boot (autostart)Show sources
Source: com.mwmnfwt.arhkrgajn.uaebcojtfts.CmvkYQIJdX;->onReceive:183API Call: android.content.Context.startActivity (not executed)
Starts/registers a service/receiver on phone boot (autostart)Show sources
Source: com.mwmnfwt.arhkrgajn.uaebcojtfts.CmvkYQIJdX;->onReceive:46API Call: android.app.ReceiverRestrictedContext.startService("Intent { cmp=com.mwmnfwt.arhkrgajn/.lupurnjzcfr.xtzGIxXJaj }")
Source: com.mwmnfwt.arhkrgajn.uaebcojtfts.CmvkYQIJdX;->onReceive:67API Call: android.content.Context.startService (not executed)

Hooking and other Techniques for Hiding and Protection:

barindex
Icon mismatch, binary includes an icon from a different legit application in order to fool usersShow sources
Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: adobe10.png
Potential hidden JAR / DEX file creation routine foundShow sources
Source: com.iuolnsaork.itfets.FECTkBViqd;->HYmyePZxcL:129API Call: java.lang.String.<init> /lbiyehpnaz.jar
Potential hidden file creation routine foundShow sources
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:796API Call: java.lang.String.<init> java.io.FileOutputStream
Removes its application launcher (likely to stay hidden)Show sources
Source: com.mwmnfwt.arhkrgajn.b.a;->n:20API Call: java.lang.Class.unknown

Malware Analysis System Evasion:

barindex
Accesses android OS build fieldsShow sources
Source: com.mwmnfwt.arhkrgajn.b.b;->a:13Field Access: android.os.Build.MANUFACTURER
Source: com.mwmnfwt.arhkrgajn.b.b;->a:14Field Access: android.os.Build.MODEL
Source: com.mwmnfwt.arhkrgajn.lupurnjzcfr.nciTHTaN;->a:268Field Access: android.os.Build$VERSION.RELEASE

Anti Debugging:

barindex
Access the class loader (often done to load a new code)Show sources
Source: com.iuolnsaork.itfets.FECTkBViqd;->hKAkCZgIPvnL:353API Call: java.lang.Class.getDeclaredField("mClassLoader")
Source: Lcom/iuolnsaork/itfets/FECTkBViqd;->hKAkCZgIPvnL(Ljava/lang/Class;IFLjava/lang/String;)Ljava/lang/reflect/Field;Method string: "mClassLoader"
Source: Lcom/iuolnsaork/itfets/FECTkBViqd;->hKAkCZgIPvnL(Ljava/lang/Object;ILjava/lang/Object;)VMethod string: "mClassLoader"

HIPS / PFW / Operating System Protection Evasion:

barindex
Uses the DexClassLoader (often used for code injection)Show sources
Source: com.mwmnfwt.arhkrgajn.b.a;->b:245API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.mwmnfwt.arhkrgajn.b.a;->b:248API Call: dalvik.system.DexClassLoader.loadClass (not executed)

Language, Device and Operating System Detection:

barindex
Queries the network operator ISO country codeShow sources
Source: com.mwmnfwt.arhkrgajn.b.a;->a:32API Call: android.telephony.TelephonyManager.getNetworkCountryIso returned ""
Source: com.mwmnfwt.arhkrgajn.b.a;->a:36API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Queries the network operator nameShow sources
Source: com.mwmnfwt.arhkrgajn.lupurnjzcfr.nciTHTaN;->a:280API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: com.mwmnfwt.arhkrgajn.b.b;->c:44API Call: android.telephony.TelephonyManager.getLine1Number

Stealing of Sensitive Information:

barindex
Creates SMS data (e.g. PDU)Show sources
Source: com.mwmnfwt.arhkrgajn.b.a;->a:57API Call: android.telephony.SmsMessage.createFromPdu
Has permission to read contactsShow sources
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Has permission to read the SMS storageShow sources
Source: submitted apkRequest permission: android.permission.READ_SMS
Has permission to read the phones state (phone number, device IDs, active call ect.)Show sources
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Has permission to receive SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Monitors incoming SMSShow sources
Source: com.mwmnfwt.arhkrgajn.uaebcojtfts.CmvkYQIJdXRegistered receiver: android.provider.Telephony.SMS_RECEIVED
Sample Distance (10 = nearest)
10 9 8 7 6 5 4 3 2 1
Samplename Analysis ID SHA256 Similarity

Antivirus and Machine Learning Detection

Initial Sample

SourceDetectionScannerLabelLink
SM9V6KEpdQ44%virustotalBrowse

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://94.156.77.320%virustotalBrowse
http://94.156.77.320%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
173.194.69.1886chJL6dHvZ.apkGet hashmaliciousBrowse
    n3jPcvfRrm.apkGet hashmaliciousBrowse
      foto_obmen_07419084819.jpg.apkGet hashmaliciousBrowse
        best.deals.compare.coupons.discounts.tracker.assistant.alert_2018-02-24.apkGet hashmaliciousBrowse
          THR7bnBaoH.apkGet hashmaliciousBrowse
            e3ZutV3WnBGet hashmaliciousBrowse
              8ah9igjm9MGet hashmaliciousBrowse
                inpost.apkGet hashmaliciousBrowse
                  mZXkwC1n7WGet hashmaliciousBrowse
                    Noy1FsNUzV.apkGet hashmaliciousBrowse
                      z43pXNmW80.apkGet hashmaliciousBrowse
                        Wq5HPXeXge.apkGet hashmaliciousBrowse
                          base.apkGet hashmaliciousBrowse
                            Faktura_VAT_2fe8f386221e5c75e372c68061c838c6.apkGet hashmaliciousBrowse
                              nBN2DCCWieGet hashmaliciousBrowse
                                AndroidDogowar.apkGet hashmaliciousBrowse
                                  HNJ5h7RVazGet hashmaliciousBrowse
                                    Jz9QONpuEOGet hashmaliciousBrowse
                                      Yoho Sports 20.20.00.apkGet hashmaliciousBrowse
                                        test.apkGet hashmaliciousBrowse

                                          Domains

                                          No context

                                          ASN

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          unknownInvoice0186.pdfGet hashmaliciousBrowse
                                          • 192.168.0.40
                                          P_2038402.xlsxGet hashmaliciousBrowse
                                          • 192.168.0.44
                                          bad.pdfGet hashmaliciousBrowse
                                          • 192.168.0.44
                                          RFQ.pdfGet hashmaliciousBrowse
                                          • 192.168.0.44
                                          100323.pdfGet hashmaliciousBrowse
                                          • 192.168.0.44
                                          Copy.pdfGet hashmaliciousBrowse
                                          • 127.0.0.1
                                          2.exeGet hashmaliciousBrowse
                                          • 192.168.0.40
                                          UPPB502981.docGet hashmaliciousBrowse
                                          • 192.168.0.44
                                          Adm_Boleto.via2.comGet hashmaliciousBrowse
                                          • 192.168.0.40
                                          00ECF4AD.exeGet hashmaliciousBrowse
                                          • 192.168.0.40
                                          PDF_100987464500.exeGet hashmaliciousBrowse
                                          • 192.168.0.40
                                          filedata.exeGet hashmaliciousBrowse
                                          • 192.168.0.40
                                          .exeGet hashmaliciousBrowse
                                          • 192.168.1.60
                                          33redacted@threatwave.comGet hashmaliciousBrowse
                                          • 192.168.1.71

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Screenshots

                                          Thumbnails

                                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.