Loading ...

Analysis Report

Overview

General Information

Joe Sandbox Version:21.0.0
Analysis ID:36
Start time:18:01:54
Joe Sandbox Product:Complete
Start date:21.12.2017
Overall analysis duration:0h 3m 56s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:5wd2rZUWEk
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 5.1
Detection:MAL
Classification:mal88.spyw.expl.evad.and@0/253@2/0
Warnings:
Show All
  • No interacted views
  • Report size exceeded maximum capacity and may have missing dynamic data code.


Detection

StrategyScoreRangeReportingDetection
Threshold880 - 100Report FP / FNmalicious


Classification

Signature Overview

Click to jump to signature section


AV Detection:

barindex
Antivirus detection for submitted fileShow sources
Source: 5wd2rZUWEkvirustotal: Detection: 49%Perma Link

Privilege Escalation:

barindex
Requests root accessShow sources
Source: Lcom/czybg/eqtbdmzpklrgyns/xnLvoQ;->DiXsQ(Landroid/content/Context;)ZMethod string: "/system/bin/su"
Source: Lcom/czybg/eqtbdmzpklrgyns/xnLvoQ;->DiXsQ(Landroid/content/Context;)ZMethod string: "/system/xbin/su"
Source: Lmpio/fabric/sdk/android/services/common/CommonUtils;->isRooted(Landroid/content/Context;)ZMethod string: "/system/xbin/su"
Checks if the device administrator is activeShow sources
Source: com.czybg.eqtbdmzpklrgyns.hekJfDg;->DiXsQ:51API Call: android.app.admin.DevicePolicyManager.isAdminActive
Tries to add a new device administratorShow sources
Source: com.czybg.eqtbdmzpklrgyns.uIcqnrbS;->hZyMGHgz:13API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN
Source: com.czybg.eqtbdmzpklrgyns.uIcqnrbS;->DiXsQ:25API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN
Source: com.czybg.eqtbdmzpklrgyns.uIcqnrbS;->DiXsQ:34API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN

Spreading:

barindex
Accesses external storage locationShow sources
Source: mpio.fabric.sdk.android.services.persistence.FileStoreImpl;->getExternalCacheDir:20API Call: android.os.Environment.getExternalStorageDirectory
Source: mpio.fabric.sdk.android.services.persistence.FileStoreImpl;->getExternalFilesDir:34API Call: android.os.Environment.getExternalStorageDirectory
Source: mpio.fabric.sdk.android.services.persistence.FileStoreImpl;->isExternalStorageAvailable:47API Call: android.os.Environment.getExternalStorageState
Has permission to change the WIFI configuration including connecting and disconnectingShow sources
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE

Networking:

barindex
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET /android/config_update/08312017-sms-blacklist.metadata.txt HTTP/1.1User-Agent: AndroidDownloadManager/5.1.1 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Accept-Encoding: identityConnection: closeHost: www.gstatic.com
Source: global trafficHTTP traffic detected: GET /android/config_update/08312017-sms-blacklist.txt HTTP/1.1User-Agent: AndroidDownloadManager/5.1.1 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Accept-Encoding: identityConnection: closeHost: www.gstatic.com
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: www.gstatic.com
Urls found in memory or binary dataShow sources
Source: scan_process_activity.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: scan_process_activity.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: cls.dex.dr, androidString found in binary or memory: https://alluorine.info
Source: cls.dex.dr, androidString found in binary or memory: https://api-profit.com
Source: cls.dex.dr, androidString found in binary or memory: https://e.crashlytics.com/spi/v2/events
Source: cls.dex.dr, androidString found in binary or memory: https://fabric.io/sign_up
Source: cls.dex.dr, androidString found in binary or memory: https://mancortz.info
Source: cls.dex.drString found in binary or memory: https://mancortz.infoJhttps://settings.crashlytics.com/spi/v2/platforms/android/apps/%s/settings
Source: cls.dex.dr, androidString found in binary or memory: https://settings.crashlytics.com/spi/v2/platforms/android/apps/%s/settings
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52265 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52265
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50363
Source: unknownNetwork traffic detected: HTTP traffic on port 40742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52263
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 52263 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40742
Source: unknownNetwork traffic detected: HTTP traffic on port 50363 -> 443
Checks an internet connection is availableShow sources
Source: com.czybg.eqtbdmzpklrgyns.LmcGi;->CyGFDR:5API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.czybg.eqtbdmzpklrgyns.LmcGi;->LmcGi:13API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.czybg.eqtbdmzpklrgyns.LmcGi;->LmcGi:14API Call: android.net.NetworkInfo.isConnected
Source: com.czybg.eqtbdmzpklrgyns.LmcGi;->Odjrct:20API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.czybg.eqtbdmzpklrgyns.LmcGi;->hZyMGHgz:24API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.czybg.eqtbdmzpklrgyns.LmcGi;->hZyMGHgz:25API Call: android.net.NetworkInfo.getState
Source: com.czybg.eqtbdmzpklrgyns.LmcGi;->hZyMGHgz:29API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.czybg.eqtbdmzpklrgyns.LmcGi;->hZyMGHgz:30API Call: android.net.NetworkInfo.getState
Source: com.czybg.eqtbdmzpklrgyns.LmcGi;->hZyMGHgz:34API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.czybg.eqtbdmzpklrgyns.LmcGi;->xnLvoQ:48API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->canTryConnection:15API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->canTryConnection:16API Call: android.net.NetworkInfo.isConnectedOrConnecting
Opens an internet connectionShow sources
Source: com.czybg.eqtbdmzpklrgyns.MfOxe;->DiXsQ:10API Call: java.net.URL.openConnection (not executed)
Source: com.czybg.eqtbdmzpklrgyns.dclBIK;->DiXsQ:9API Call: java.net.URL.openConnection (not executed)
Source: com.czybg.eqtbdmzpklrgyns.uKHWhZbq;->DiXsQ:9API Call: java.net.URL.openConnection (not executed)
Source: com.czybg.eqtbdmzpklrgyns.wymvtEV;->DiXsQ:9API Call: java.net.URL.openConnection (not executed)
Source: mpio.fabric.sdk.android.services.network.HttpRequest$ConnectionFactory$1;->create:2API Call: java.net.URL.openConnection (not executed)
Source: mpio.fabric.sdk.android.services.network.HttpRequest$ConnectionFactory$1;->create:3API Call: java.net.URL.openConnection (not executed)

E-Banking Fraud:

barindex
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS

Operating System Destruction:

barindex
Lists and deletes files in the same contextShow sources
Source: mpcom.crashlytics.android.core.LogFileManager;->discardOldLogFiles:33API Calls in same method context: File.listFiles,File.delete
Source: mpcom.crashlytics.android.core.Utils;->capFileCount:4API Calls in same method context: File.listFiles,File.delete

Change of System Appearance:

barindex
Acquires a wake lockShow sources
Source: com.czybg.eqtbdmzpklrgyns.qwAiT;-><init>:23API Call: android.os.PowerManager$WakeLock.acquire
Sets a repeating alarmShow sources
Source: com.czybg.eqtbdmzpklrgyns.qwAiT;->DiXsQ:47API Call: android.app.AlarmManager.setRepeating

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: mal88.spyw.expl.evad.and@0/253@2/0
Reads shares settingsShow sources
Source: com.czybg.eqtbdmzpklrgyns.XpiFj;->DiXsQ:9API Call: "255251":
Source: com.czybg.eqtbdmzpklrgyns.EZmcnv;->xnLvoQ:93API Call: "kgfhjkhfshafd":
Source: com.czybg.eqtbdmzpklrgyns.EZmcnv;->hZyMGHgz:89API Call: "ttrgsvwser":
Source: com.czybg.eqtbdmzpklrgyns.EZmcnv;->DiXsQ:10API Call: android.content.SharedPreferences.getString
Source: com.czybg.eqtbdmzpklrgyns.EZmcnv;->DiXsQ:26API Call: android.content.SharedPreferences.getString
Source: com.czybg.eqtbdmzpklrgyns.EZmcnv;->LmcGi:69API Call: android.content.SharedPreferences.getString
Source: com.czybg.eqtbdmzpklrgyns.EZmcnv;->Odjrct:80API Call: android.content.SharedPreferences.getString
Source: com.czybg.eqtbdmzpklrgyns.WDAcpd;->LmcGi:192API Call: android.content.SharedPreferences.getString
Source: com.czybg.eqtbdmzpklrgyns.WDAcpd;->LmcGi:202API Call: android.content.SharedPreferences.getString
Source: com.czybg.eqtbdmzpklrgyns.YRqiaNxB;->DiXsQ:28API Call: android.content.SharedPreferences.getBoolean
Source: com.czybg.eqtbdmzpklrgyns.ciatqPxI;->DiXsQ:13API Call: android.content.SharedPreferences.getString
Source: com.czybg.eqtbdmzpklrgyns.ciatqPxI;->Odjrct:44API Call: android.content.SharedPreferences.getString
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:33API Call: android.content.SharedPreferences.getString
Source: com.czybg.eqtbdmzpklrgyns.jfIitJ;-><init>:33API Call: android.content.SharedPreferences.getString
Source: com.czybg.eqtbdmzpklrgyns.jfIitJ;-><init>:56API Call: android.content.SharedPreferences.getString
Source: com.czybg.eqtbdmzpklrgyns.siQFgImL;->DiXsQ:123API Call: android.content.SharedPreferences.getString
Source: mpcom.crashlytics.android.answers.AnswersPreferenceManager;->hasAnalyticsLaunched:8API Call: android.content.SharedPreferences.getBoolean
Source: mpio.fabric.sdk.android.services.common.AdvertisingInfoProvider;->getInfoFromPreferences:61API Call: android.content.SharedPreferences.getString
Source: mpio.fabric.sdk.android.services.common.AdvertisingInfoProvider;->getInfoFromPreferences:65API Call: android.content.SharedPreferences.getBoolean
Source: mpio.fabric.sdk.android.services.common.IdManager;->createInstallationUUID:38API Call: android.content.SharedPreferences.getString
Source: mpio.fabric.sdk.android.services.common.IdManager;->getAppInstallIdentifier:78API Call: android.content.SharedPreferences.getString
Source: mpio.fabric.sdk.android.services.common.IdManager;->getDeviceUUID:105API Call: android.content.SharedPreferences.getString
Source: mpcom.crashlytics.android.core.CrashlyticsCore;->shouldSendReportsWithoutPrompting:440API Call: android.content.SharedPreferences.getBoolean
Source: mpio.fabric.sdk.android.services.persistence.PreferenceStoreStrategy;->restore:11API Call: android.content.SharedPreferences.getString
Source: mpio.fabric.sdk.android.services.settings.DefaultSettingsController;->getStoredBuildInstanceIdentifier:57API Call: android.content.SharedPreferences.getString
Executes native commandsShow sources
Source: com.czybg.eqtbdmzpklrgyns.xnLvoQ;->DiXsQ:4API Call: java.lang.Runtime.exec
Kills/terminates processesShow sources
Source: com.czybg.eqtbdmzpklrgyns.Vdptsq.BMcoejIXiwV;->onStartCommand:8API Call: android.os.Process.killProcess
Source: com.czybg.eqtbdmzpklrgyns.Vdptsq.HOtny8Tb;->onStartCommand:8API Call: android.os.Process.killProcess
Source: com.czybg.eqtbdmzpklrgyns.Vdptsq.KdfKw0C;->onStartCommand:8API Call: android.os.Process.killProcess
Source: com.czybg.eqtbdmzpklrgyns.Vdptsq.MCq9ggDf53Iz0h9;->onStartCommand:8API Call: android.os.Process.killProcess
Source: com.czybg.eqtbdmzpklrgyns.Vdptsq.O0qC6jwgEnHh;->onStartCommand:8API Call: android.os.Process.killProcess
Source: com.czybg.eqtbdmzpklrgyns.Vdptsq.PYViEQnPOshkW8;->onStartCommand:8API Call: android.os.Process.killProcess
Source: com.czybg.eqtbdmzpklrgyns.Vdptsq.S49U6BODT8;->onStartCommand:8API Call: android.os.Process.killProcess
Source: com.czybg.eqtbdmzpklrgyns.Vdptsq.WJY2Ahxkjz;->onStartCommand:8API Call: android.os.Process.killProcess
Source: com.czybg.eqtbdmzpklrgyns.IVPcyiFs;->DiXsQ:34API Call: android.os.Process.killProcess
Source: com.czybg.eqtbdmzpklrgyns.yCJnDqab;->run:26API Call: android.os.Process.killProcess
Source: com.czybg.eqtbdmzpklrgyns.zAKRpGn;->run:13API Call: android.os.Process.killProcess
Source: etxtfvw.cqwwrwk;->attachBaseContext:363API Call: android.os.Process.killProcess
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.CHANGE_NETWORK_STATE
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE
Source: submitted apkRequest permission: android.permission.GET_TASKS
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.READ_SMS
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE

Data Obfuscation:

barindex
Uses reflectionShow sources
Source: etxtfvw.cqwwrwk;->YRkFJMV:26API Call: Real call: etxtfvw.cqwwrwk@32c17d93
Source: etxtfvw.cqwwrwk;->YRkFJMV:26API Call: Real call: public android.content.res.AssetManager android.content.ContextWrapper.getAssets()
Source: etxtfvw.cqwwrwk;->YRkFJMV:29API Call: Real call: android.content.res.AssetManager@b801830
Source: etxtfvw.cqwwrwk;->YRkFJMV:29API Call: Real call: public final java.io.InputStream android.content.res.AssetManager.open(java.lang.String) throws java.io.IOException
Source: etxtfvw.cqwwrwk;->YRkFJMV:34API Call: Real call: android.content.res.AssetManager$AssetInputStream@29c881cf
Source: etxtfvw.cqwwrwk;->YRkFJMV:34API Call: Real call: public final int android.content.res.AssetManager$AssetInputStream.available() throws java.io.IOException
Source: etxtfvw.cqwwrwk;->YRkFJMV:50API Call: Real call: etxtfvw.cqwwrwk@32c17d93
Source: etxtfvw.cqwwrwk;->YRkFJMV:50API Call: Real call: public java.io.File android.content.ContextWrapper.getFilesDir()
Source: etxtfvw.cqwwrwk;->YRkFJMV:58API Call: Real call: public static final java.lang.String java.io.File.separator
Source: etxtfvw.cqwwrwk;->YRkFJMV:69API Call: Real call: /data/data/com.czybg.eqtbdmzpklrgyns/files/cls.dex
Source: etxtfvw.cqwwrwk;->YRkFJMV:69API Call: Real call: public boolean java.io.File.createNewFile() throws java.io.IOException
Source: etxtfvw.cqwwrwk;->YRkFJMV:77API Call: Real call: android.content.res.AssetManager$AssetInputStream@29c881cf
Source: etxtfvw.cqwwrwk;->YRkFJMV:77API Call: Real call: public final int android.content.res.AssetManager$AssetInputStream.read(byte[]) throws java.io.IOException
Source: etxtfvw.cqwwrwk;->YRkFJMV:82API Call: Real call: android.content.res.AssetManager$AssetInputStream@29c881cf
Source: etxtfvw.cqwwrwk;->YRkFJMV:82API Call: Real call: public final void android.content.res.AssetManager$AssetInputStream.close() throws java.io.IOException
Source: etxtfvw.cqwwrwk;->CNLldGq:281API Call: Real call: public android.content.pm.PackageManager android.content.ContextWrapper.getPackageManager()
Source: etxtfvw.cqwwrwk;->CNLldGq:294API Call: Real call: public android.content.pm.PackageManager android.content.ContextWrapper.getPackageManager()
Source: etxtfvw.cqwwrwk;->CNLldGq:299API Call: Real call: public java.lang.String android.content.ContextWrapper.getPackageName()
Source: etxtfvw.cqwwrwk;->CNLldGq:307API Call: Real call: android.app.ApplicationPackageManager@18722bc6
Source: etxtfvw.cqwwrwk;->CNLldGq:307API Call: Real call: public android.content.pm.PackageInfo android.app.ApplicationPackageManager.getPackageInfo(java.lang.String,int) throws android.content.pm.PackageManager$NameNotFoundException
Source: etxtfvw.cqwwrwk;->CNLldGq:317API Call: Real call: public [B android.content.pm.Signature.toByteArray()
Source: etxtfvw.cqwwrwk;->CNLldGq:325API Call: Real call: private java.lang.String etxtfvw.cqwwrwk.BROqnOXwFKWnWc(byte[])
Source: etxtfvw.cqwwrwk;->CNLldGq:353API Call: Real call: public static [B android.util.Base64.decode(byte[],int)
Source: etxtfvw.cqwwrwk;->CNLldGq:358API Call: Real call: public [B java.lang.String.getBytes()
Source: etxtfvw.cqwwrwk;->CNLldGq:359API Call: Real call: private static [B etxtfvw.cqwwrwk.oDOixVSpHMour(byte[],byte[])
Source: etxtfvw.cqwwrwk;->YRkFJMV:90API Call: Real call: etxtfvw.cqwwrwk@32c17d93
Source: etxtfvw.cqwwrwk;->YRkFJMV:90API Call: Real call: public [B etxtfvw.cqwwrwk.CNLldGq(byte[])
Source: etxtfvw.cqwwrwk;->YRkFJMV:168API Call: Real call: public void java.io.OutputStream.write(byte[]) throws java.io.IOException
Source: etxtfvw.cqwwrwk;->YRkFJMV:173API Call: Real call: public void java.io.FileOutputStream.close() throws java.io.IOException
Source: etxtfvw.cqwwrwk;->YRkFJMV:185API Call: Real call: /data/data/com.czybg.eqtbdmzpklrgyns/files/cls.dex
Source: etxtfvw.cqwwrwk;->YRkFJMV:185API Call: Real call: public java.lang.String java.io.File.getAbsolutePath()
Source: etxtfvw.cqwwrwk;->YRkFJMV:190API Call: Real call: /data/data/com.czybg.eqtbdmzpklrgyns/files/cls.dex
Source: etxtfvw.cqwwrwk;->YRkFJMV:190API Call: Real call: public java.io.File java.io.File.getParentFile()
Source: etxtfvw.cqwwrwk;->YRkFJMV:199API Call: Real call: /data/data/com.czybg.eqtbdmzpklrgyns/files/cls.dex
Source: etxtfvw.cqwwrwk;->YRkFJMV:199API Call: Real call: public java.io.File java.io.File.getParentFile()
Source: etxtfvw.cqwwrwk;->YRkFJMV:200API Call: Real call: /data/data/com.czybg.eqtbdmzpklrgyns/files
Source: etxtfvw.cqwwrwk;->YRkFJMV:200API Call: Real call: public java.lang.String java.io.File.getParent()
Source: etxtfvw.cqwwrwk;->YRkFJMV:209API Call: Real call: android.content.Context android.content.ContextWrapper.mBase
Source: etxtfvw.cqwwrwk;->YRkFJMV:214API Call: Real call: final android.app.ActivityThread android.app.ContextImpl.mMainThread
Source: etxtfvw.cqwwrwk;->YRkFJMV:219API Call: Real call: final android.util.ArrayMap android.app.ActivityThread.mPackages
Source: etxtfvw.cqwwrwk;->attachBaseContext:368API Call: Real call: etxtfvw.cqwwrwk@32c17d93
Source: etxtfvw.cqwwrwk;->attachBaseContext:368API Call: Real call: private void etxtfvw.cqwwrwk.YRkFJMV()
Source: pvsaeqhpgq.zvsin;->attachBaseContext:40API Call: Real call: etxtfvw.cqwwrwk@32c17d93
Source: pvsaeqhpgq.zvsin;->attachBaseContext:40API Call: Real call: public void etxtfvw.cqwwrwk.attachBaseContext(android.content.Context)
Source: etxtfvw.cqwwrwk;->onCreate:401API Call: Real call: public java.lang.ClassLoader android.content.ContextWrapper.getClassLoader()
Source: etxtfvw.cqwwrwk;->onCreate:404API Call: Real call: dalvik.system.DexClassLoader[DexPathList[[dex file "/data/data/com.czybg.eqtbdmzpklrgyns/files/cls.dex"],nativeLibraryDirectories=[/vendor/lib, /system/lib]]]
Source: etxtfvw.cqwwrwk;->onCreate:404API Call: Real call: public java.lang.Class java.lang.ClassLoader.loadClass(java.lang.String) throws java.lang.ClassNotFoundException
Source: etxtfvw.cqwwrwk;->onCreate:409API Call: Real call: etxtfvw.cqwwrwk@32c17d93
Source: etxtfvw.cqwwrwk;->onCreate:409API Call: Real call: public android.content.Context android.content.ContextWrapper.getBaseContext()
Source: etxtfvw.cqwwrwk;->onCreate:410API Call: Real call: null
Source: etxtfvw.cqwwrwk;->onCreate:410API Call: Real call: public static android.app.Application android.app.Instrumentation.newApplication(java.lang.Class,android.content.Context) throws java.lang.InstantiationException,java.lang.IllegalAccessException,java.lang.ClassNotFoundException
Source: etxtfvw.cqwwrwk;->onCreate:411API Call: Real call: public void android.app.Application.onCreate()
Source: pvsaeqhpgq.zvsin;->onCreate:54API Call: Real call: etxtfvw.cqwwrwk@32c17d93
Source: pvsaeqhpgq.zvsin;->onCreate:54API Call: Real call: public void etxtfvw.cqwwrwk.onCreate()
Source: com.czybg.eqtbdmzpklrgyns.HLqFdR;->hZyMGHgz:60API Call: java.lang.reflect.Method.invoke
Source: com.czybg.eqtbdmzpklrgyns.NvHUu;->DiXsQ:39API Call: java.lang.reflect.Method.invoke
Source: com.czybg.eqtbdmzpklrgyns.NvHUu;->DiXsQ:41API Call: java.lang.reflect.Method.invoke
Source: com.czybg.eqtbdmzpklrgyns.WDAcpd;->LmcGi:143API Call: java.lang.reflect.Method.invoke
Source: com.czybg.eqtbdmzpklrgyns.WDAcpd;->LmcGi:160API Call: java.lang.reflect.Field.get
Source: com.czybg.eqtbdmzpklrgyns.WDAcpd;->LmcGi:174API Call: java.lang.reflect.Method.invoke
Source: com.czybg.eqtbdmzpklrgyns.WDAcpd;->LmcGi:179API Call: java.lang.reflect.Field.get
Source: com.czybg.eqtbdmzpklrgyns.WDAcpd;->LmcGi:183API Call: java.lang.reflect.Method.invoke
Source: com.czybg.eqtbdmzpklrgyns.bsLhBT;->DiXsQ:6API Call: java.lang.reflect.Method.invoke
Source: com.czybg.eqtbdmzpklrgyns.fQuMyR;->DiXsQ:7API Call: java.lang.reflect.Method.invoke
Source: mpio.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->getAdvertisingId:8API Call: java.lang.reflect.Method.invoke
Source: mpio.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->getInfo:18API Call: java.lang.reflect.Method.invoke
Source: mpio.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->isLimitAdTrackingEnabled:28API Call: java.lang.reflect.Method.invoke
Source: mpio.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->isGooglePlayServiceAvailable:43API Call: java.lang.reflect.Method.invoke
Source: etxtfvw.cqwwrwk;->YRkFJMV:132API Call: java.lang.reflect.Method.invoke
Source: etxtfvw.cqwwrwk;->YRkFJMV:140API Call: java.lang.reflect.Method.invoke
Source: etxtfvw.cqwwrwk;->YRkFJMV:145API Call: java.lang.reflect.Method.invoke
Source: etxtfvw.cqwwrwk;->YRkFJMV:150API Call: java.lang.reflect.Method.invoke
Source: etxtfvw.cqwwrwk;->YRkFJMV:160API Call: java.lang.reflect.Method.invoke
Source: etxtfvw.cqwwrwk;->YRkFJMV:178API Call: java.lang.reflect.Method.invoke
Source: etxtfvw.cqwwrwk;->CNLldGq:306API Call: java.lang.reflect.Field.get
Source: etxtfvw.cqwwrwk;->CNLldGq:312API Call: java.lang.reflect.Field.get
Source: etxtfvw.cqwwrwk;->CNLldGq:352API Call: java.lang.reflect.Field.get
Accesses Class Loader via ReflectionShow sources
Source: etxtfvw.cqwwrwk;->onCreate:401API Call: Reflective call: public java.lang.ClassLoader android.content.ContextWrapper.getClassLoader()
Accesses FileOutputStream via ReflectionShow sources
Source: etxtfvw.cqwwrwk;->YRkFJMV:173API Call: Reflective call: public void java.io.FileOutputStream.close() throws java.io.IOException
Found very long method stringsShow sources
Source: Lpvsaeqhpgq/zvsin;->attachBaseContext(Landroid/content/Context;)VMethod string: FABgc2FnWXlnRc3mFz4+ego6eVBjU71ueXZzRFdjFBkGKgoKNkUBJA0/JnxpTWH+vzRk5JohMTNod3RjWXlvRW9lQXVqzy9iPh00ypOMxMwCHdmWB2mck3a2CzDCKBldwybuakNefqjVFI8VU23ykm4uJzHhYSwXmZjpcJgp9ZYN8oj2/POqFoHIS65lkuKha1vV8c6zLxMJF0wG8y7E4JuWqBnZqMyQk++M8f83MYeD7ob2sbmsLJOEwIEyMwL Length: 7812
Loads new DEX files via dynamic constructorShow sources
Source: etxtfvw.cqwwrwk;->uxONpX:276API Call: Constructor call: public dalvik.system.DexClassLoader(java.lang.String,java.lang.String,java.lang.String,java.lang.ClassLoader)

Persistence and Installation Behavior:

barindex
Creates filesShow sources
Source: mpio.fabric.sdk.android.services.settings.DefaultCachedSettingsIo;->writeCachedSettings:40API Call: java.io.FileWriter.<init>
Launches other applicationsShow sources
Source: com.czybg.eqtbdmzpklrgyns.QsRifJa;->DiXsQ:106API Call: android.content.pm.PackageManager.getLaunchIntentForPackage

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: com.czybg.eqtbdmzpklrgyns.qwAiT;-><init>:22API Call: android.os.PowerManager.newWakeLock

Hooking and other Techniques for Hiding and Protection:

barindex
Uses Crypto APIsShow sources
Source: etxtfvw.cqwwrwk;->BROqnOXwFKWnWc:4API Call: java.security.MessageDigest.getInstance
Source: etxtfvw.cqwwrwk;->BROqnOXwFKWnWc:5API Call: java.security.MessageDigest.digest
Source: com.czybg.eqtbdmzpklrgyns.DiXsQ;->DiXsQ:9API Call: javax.crypto.KeyGenerator.generateKey
Source: com.czybg.eqtbdmzpklrgyns.HLqFdR;->DiXsQ:2API Call: java.security.MessageDigest.getInstance
Source: com.czybg.eqtbdmzpklrgyns.HLqFdR;->DiXsQ:4API Call: java.security.MessageDigest.update
Source: com.czybg.eqtbdmzpklrgyns.HLqFdR;->DiXsQ:5API Call: java.security.MessageDigest.digest
Source: com.czybg.eqtbdmzpklrgyns.MfOxe;->DiXsQ:68API Call: javax.crypto.Cipher.getInstance
Source: com.czybg.eqtbdmzpklrgyns.MfOxe;->DiXsQ:71API Call: javax.crypto.Cipher.init
Source: com.czybg.eqtbdmzpklrgyns.MfOxe;->DiXsQ:72API Call: javax.crypto.Cipher.doFinal
Source: com.czybg.eqtbdmzpklrgyns.cXdqo;->DiXsQ:20API Call: javax.crypto.Cipher.getInstance
Source: com.czybg.eqtbdmzpklrgyns.cXdqo;->DiXsQ:23API Call: javax.crypto.Cipher.init
Source: com.czybg.eqtbdmzpklrgyns.cXdqo;->DiXsQ:25API Call: javax.crypto.Cipher.doFinal
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.getInstance
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->hash:185API Call: java.security.MessageDigest.update
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->hash:191API Call: java.security.MessageDigest.digest
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->hash:195API Call: java.security.MessageDigest.getInstance
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->hash:196API Call: java.security.MessageDigest.update
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->hash:197API Call: java.security.MessageDigest.digest
Source: mpio.fabric.sdk.android.services.network.PinningTrustManager;->isValidPin:42API Call: java.security.MessageDigest.getInstance
Source: mpio.fabric.sdk.android.services.network.PinningTrustManager;->isValidPin:45API Call: java.security.MessageDigest.digest
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS
Queries list of running processes/tasksShow sources
Source: com.czybg.eqtbdmzpklrgyns.HLqFdR;->DiXsQ:19API Call: android.app.ActivityManager.getRunningTasks
Source: com.czybg.eqtbdmzpklrgyns.uIcqnrbS;->DiXsQ:3API Call: android.app.ActivityManager.getRunningTasks
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->getAppProcessInfo:99API Call: android.app.ActivityManager.getRunningAppProcesses
Queries package code path (often used for patching other applications)Show sources
Source: mpio.fabric.sdk.android.Fabric;->getKitsFinderFuture:90API Call: android.content.Context.getPackageCodePath
Removes its application launcher (likely to stay hidden)Show sources
Source: com.czybg.eqtbdmzpklrgyns.DIowQgu;->DiXsQ:70API Call: android.content.pm.PackageManager.setComponentEnabledSetting

Malware Analysis System Evasion:

barindex
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)Show sources
Source: UMQrTOWqmLFBinary or memory string: B1ZqCk1VLw1mVwI4KVZeCEYTRAdnF0AMDAM1XkwBYSJSDVQTQkQEMUZEDFZfZlgfUyhfNlUEMmsB
Accesses android OS build fieldsShow sources
Source: com.czybg.eqtbdmzpklrgyns.QsRifJa;->DiXsQ:84Field Access: android.os.Build.MANUFACTURER
Source: com.czybg.eqtbdmzpklrgyns.QsRifJa;->DiXsQ:85Field Access: android.os.Build.MANUFACTURER
Source: com.czybg.eqtbdmzpklrgyns.QsRifJa;->DiXsQ:88Field Access: android.os.Build.MODEL
Source: com.czybg.eqtbdmzpklrgyns.QsRifJa;->DiXsQ:89Field Access: android.os.Build.MODEL
Source: com.czybg.eqtbdmzpklrgyns.QsRifJa;->DiXsQ:121Field Access: android.os.Build.MANUFACTURER
Source: com.czybg.eqtbdmzpklrgyns.QsRifJa;->DiXsQ:122Field Access: android.os.Build.MANUFACTURER
Source: com.czybg.eqtbdmzpklrgyns.QsRifJa;->DiXsQ:125Field Access: android.os.Build.MODEL
Source: com.czybg.eqtbdmzpklrgyns.QsRifJa;->DiXsQ:126Field Access: android.os.Build.MODEL
Source: com.czybg.eqtbdmzpklrgyns.UBLcF;->onPostExecute:47Field Access: android.os.Build.MANUFACTURER
Source: com.czybg.eqtbdmzpklrgyns.UBLcF;->onPostExecute:48Field Access: android.os.Build.MANUFACTURER
Source: com.czybg.eqtbdmzpklrgyns.UBLcF;->onPostExecute:51Field Access: android.os.Build.MODEL
Source: com.czybg.eqtbdmzpklrgyns.UBLcF;->onPostExecute:52Field Access: android.os.Build.MODEL
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:44Field Access: android.os.Build.BOARD
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:47Field Access: android.os.Build.BRAND
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:50Field Access: android.os.Build.CPU_ABI
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:53Field Access: android.os.Build.DEVICE
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:56Field Access: android.os.Build.DISPLAY
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:59Field Access: android.os.Build.HOST
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:62Field Access: android.os.Build.ID
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:65Field Access: android.os.Build.MANUFACTURER
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:68Field Access: android.os.Build.MODEL
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:71Field Access: android.os.Build.PRODUCT
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:74Field Access: android.os.Build.TAGS
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:77Field Access: android.os.Build.TYPE
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:80Field Access: android.os.Build.USER
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:86Field Access: android.os.Build$VERSION.RELEASE
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:88Field Access: android.os.Build.MANUFACTURER
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:89Field Access: android.os.Build.MANUFACTURER
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:90Field Access: android.os.Build.MODEL
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:91Field Access: android.os.Build.MODEL
Source: com.czybg.eqtbdmzpklrgyns.xnLvoQ;->DiXsQ:12Field Access: android.os.Build.TAGS
Source: mpio.fabric.sdk.android.services.common.CommonUtils$Architecture;->getValue:48Field Access: android.os.Build.CPU_ABI
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->isEmulator:229Field Access: android.os.Build.PRODUCT
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->isEmulator:232Field Access: android.os.Build.PRODUCT
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->isRooted:236Field Access: android.os.Build.TAGS
Source: mpio.fabric.sdk.android.services.common.IdManager;->getModelName:112Field Access: android.os.Build.MANUFACTURER
Source: mpio.fabric.sdk.android.services.common.IdManager;->getModelName:114Field Access: android.os.Build.MODEL
Source: mpio.fabric.sdk.android.services.common.IdManager;->getOsDisplayVersionString:119Field Access: android.os.Build$VERSION.RELEASE
Source: mpcom.crashlytics.android.core.CrashlyticsUncaughtExceptionHandler;->writeSessionDevice:506Field Access: android.os.Build.MODEL
Source: mpcom.crashlytics.android.core.CrashlyticsUncaughtExceptionHandler;->writeSessionDevice:507Field Access: android.os.Build.MANUFACTURER
Source: mpcom.crashlytics.android.core.CrashlyticsUncaughtExceptionHandler;->writeSessionDevice:508Field Access: android.os.Build.PRODUCT
Source: mpcom.crashlytics.android.core.SessionProtobufHelper;->writeSessionOS:334Field Access: android.os.Build$VERSION.RELEASE
Queries several sensitive phone informationsShow sources
Source: Lmpio/fabric/sdk/android/services/settings/DefaultSettingsSpiCall;->applyHeadersTo(Lmpio/fabric/sdk/android/services/network/HttpRequest;Lmpio/fabric/sdk/android/services/settings/SettingsRequest;)Lmpio/fabric/sdk/android/services/network/HttpRequest;Method string: "android"
Source: Lcom/czybg/eqtbdmzpklrgyns/VsOwEHi;-><init>(I)VMethod string: "cpu"
Source: Lcom/czybg/eqtbdmzpklrgyns/jfIitJ;-><init>(Lcom/czybg/eqtbdmzpklrgyns/siQFgImL;Landroid/telephony/TelephonyManager;)VMethod string: "imsi"
Source: Lmpcom/crashlytics/android/answers/SessionEventTransform;->buildJsonForEvent(Lmpcom/crashlytics/android/answers/SessionEvent;)Lorg/json/JSONObject;Method string: "type"
Source: Lcom/czybg/eqtbdmzpklrgyns/uKHWhZbq;->DiXsQ()Lcom/czybg/eqtbdmzpklrgyns/NQaBq;Method string: "version"
Source: Lcom/czybg/eqtbdmzpklrgyns/uKHWhZbq;->DiXsQ()Lcom/czybg/eqtbdmzpklrgyns/NQaBq;Method string: "sid"
Source: Lcom/czybg/eqtbdmzpklrgyns/siQFgImL;->Odjrct()Lorg/json/JSONObject;Method string: "manufacturer"
Source: Lcom/czybg/eqtbdmzpklrgyns/LmcGi;->DiXsQ()Landroid/telephony/TelephonyManager;Method string: "phone"
Source: Lcom/czybg/eqtbdmzpklrgyns/hrYSUpo;-><init>(Lcom/czybg/eqtbdmzpklrgyns/siQFgImL;Landroid/content/Context;Landroid/telephony/TelephonyManager;Lcom/czybg/eqtbdmzpklrgyns/LmcGi;)VMethod string: "imei"
Source: Lcom/czybg/eqtbdmzpklrgyns/UBLcF;->onPostExecute(Ljava/lang/Object;)VMethod string: "model"
Source: Lmpio/fabric/sdk/android/services/common/CommonUtils;->isEmulator(Landroid/content/Context;)ZMethod string: "sdk"
Queries the unique operating system id (ANDROID_ID)Show sources
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:40API Call: android.provider.Settings$Secure.getString
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->isEmulator:227API Call: android.provider.Settings$Secure.getString
Source: mpio.fabric.sdk.android.services.common.IdManager;->getAndroidId:69API Call: android.provider.Settings$Secure.getString
Tries to detect XPosed instrumentation frameworkShow sources
Source: Letxtfvw/cqwwrwk;->YVAFbUcSQ()ZMethod string: /system/framework/XposedBridge.jar
Source: Letxtfvw/cqwwrwk;->attachBaseContext(Landroid/content/Context;)VMethod string: /system/framework/XposedBridge.jar

Anti Debugging:

barindex
Checks if debugger is runningShow sources
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->isDebuggerAttached:223API Call: android.os.Debug.isDebuggerConnected
Potentially drops DEX filesShow sources
Source: Initial APKFile created: cXdqo.smali
Source: Initial APKFile created: cls.dex
Source: Initial APKFile created: sBUetYWgmIImLKjScXPAnohMqRUDMHhwvrrmAlCsWZMkmOQFpFwHUl.zip
Access the class loader (often done to load a new code)Show sources
Source: etxtfvw.cqwwrwk;->YRkFJMV:225API Call: java.lang.Class.getDeclaredField("mClassLoader")
Source: Letxtfvw/cqwwrwk;->YRkFJMV()VMethod string: "mClassLoader"
Creates a new jar file (likely to load a new code)Show sources
Source: etxtfvw.cqwwrwk;->attachBaseContext:361API Call: java.io.File.<init>

HIPS / PFW / Operating System Protection Evasion:

barindex
Uses the DexClassLoader (often used for code injection)Show sources
Source: pvsaeqhpgq.zvsin;->attachBaseContext:28API Call: dalvik.system.DexClassLoader.<init>("/data/data/com.czybg.eqtbdmzpklrgyns/files/sBUetYWgmIImLKjScXPAnohMqRUDMHhwvrrmAlCsWZMkmOQFpFwHUl.zip")
Source: pvsaeqhpgq.zvsin;->attachBaseContext:30API Call: dalvik.system.DexClassLoader.loadClass (not executed)

Language, Device and Operating System Detection:

barindex
Checks if phone is rooted (checks for Superuser.apk)Show sources
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->isRooted:240API Call: java.io.File.<init>("/system/app/Superuser.apk")
Checks if phone is rooted (checks for test-keys build tags)Show sources
Source: com.czybg.eqtbdmzpklrgyns.xnLvoQ;->DiXsQ:14API Call: java.lang.String.contains("test-keys")
Source: mpio.fabric.sdk.android.services.common.CommonUtils;->isRooted:238API Call: java.lang.String.contains("test-keys")
Queries the SIM provider ISO country codeShow sources
Source: com.czybg.eqtbdmzpklrgyns.HLqFdR;->xnLvoQ:63API Call: android.telephony.TelephonyManager.getSimCountryIso returned ""
Source: com.czybg.eqtbdmzpklrgyns.jfIitJ;-><init>:34API Call: android.telephony.TelephonyManager.getSimCountryIso
Queries the SIM provider numeric MCC+MNC (mobile country code + mobile network code)Show sources
Source: com.czybg.eqtbdmzpklrgyns.jfIitJ;-><init>:13API Call: android.telephony.TelephonyManager.getSimOperator
Source: com.czybg.eqtbdmzpklrgyns.jfIitJ;-><init>:35API Call: android.telephony.TelephonyManager.getSimOperator
Queries the WIFI MAC addressShow sources
Source: com.czybg.eqtbdmzpklrgyns.LmcGi;->Odjrct:21API Call: android.net.wifi.WifiInfo.getMacAddress
Queries the network operator ISO country codeShow sources
Source: com.czybg.eqtbdmzpklrgyns.HLqFdR;->xnLvoQ:69API Call: android.telephony.TelephonyManager.getNetworkCountryIso returned ""
Source: com.czybg.eqtbdmzpklrgyns.jfIitJ;-><init>:11API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Queries the network operator nameShow sources
Source: com.czybg.eqtbdmzpklrgyns.jfIitJ;-><init>:12API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Source: com.czybg.eqtbdmzpklrgyns.jfIitJ;-><init>:36API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: com.czybg.eqtbdmzpklrgyns.hrYSUpo;-><init>:15API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.czybg.eqtbdmzpklrgyns.jfIitJ;-><init>:15API Call: android.telephony.TelephonyManager.getSimSerialNumber
Source: com.czybg.eqtbdmzpklrgyns.jfIitJ;-><init>:37API Call: android.telephony.TelephonyManager.getLine1Number
Source: com.czybg.eqtbdmzpklrgyns.jfIitJ;-><init>:38API Call: android.telephony.TelephonyManager.getSubscriberId

Lowering of HIPS / PFW / Operating System Security Settings:

barindex
May check for install Android security applications (AV and firewalls)Show sources
Source: Lcom/czybg/eqtbdmzpklrgyns/hekJfDg;-><init>(Landroid/content/Context;Lcom/czybg/eqtbdmzpklrgyns/OfsZk;)VMethod string: "com.drweb"
Source: Lcom/czybg/eqtbdmzpklrgyns/hekJfDg;-><init>(Landroid/content/Context;Lcom/czybg/eqtbdmzpklrgyns/OfsZk;)VMethod string: "com.eset.ems2.gp"
Source: Lcom/czybg/eqtbdmzpklrgyns/hekJfDg;-><init>(Landroid/content/Context;Lcom/czybg/eqtbdmzpklrgyns/OfsZk;)VMethod string: "com.drweb.pro"
Source: Lcom/czybg/eqtbdmzpklrgyns/hekJfDg;-><init>(Landroid/content/Context;Lcom/czybg/eqtbdmzpklrgyns/OfsZk;)VMethod string: "com.drweb.pro.market"
Source: Lcom/czybg/eqtbdmzpklrgyns/hekJfDg;-><init>(Landroid/content/Context;Lcom/czybg/eqtbdmzpklrgyns/OfsZk;)VMethod string: "com.qihoo.security"
Source: Lcom/czybg/eqtbdmzpklrgyns/hekJfDg;-><init>(Landroid/content/Context;Lcom/czybg/eqtbdmzpklrgyns/OfsZk;)VMethod string: "com.qihoo.security.lite"

Stealing of Sensitive Information:

barindex
Has permission to read contactsShow sources
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Has permission to read the SMS storageShow sources
Source: submitted apkRequest permission: android.permission.READ_SMS
Has permission to read the phones state (phone number, device IDs, active call ect.)Show sources
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Has permission to receive SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Has permissions to create, read or change account settings (inlcuding account password settings)Show sources
Source: submitted apkRequest permission: android.permission.GET_ACCOUNTS
Monitors incoming Phone callsShow sources
Source: com.czybg.eqtbdmzpklrgyns.Pu9qND8a41hRxRegistered receiver: android.intent.action.PHONE_STATE
Queries a list of installed applicationsShow sources
Source: com.czybg.eqtbdmzpklrgyns.QsRifJa;->DiXsQ:39API Call: android.content.pm.PackageManager.queryIntentActivities

Antivirus Detection

Initial Sample

SourceDetectionCloudLink
5wd2rZUWEk49%virustotalBrowse

Dropped Files

No Antivirus matches

Domains

SourceDetectionCloudLink
play.googleapis.com0%virustotalBrowse
www.gstatic.com2%virustotalBrowse

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Screenshot

android-buttoncam-android

Created / dropped Files

/data/data/com.czybg.eqtbdmzpklrgyns/files/cls.dex
File Type:Zip archive data, at least v2.0 to extract
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
MD5:F2331E42879BEFF575745020556C99EF
SHA1:C39FC7622E47DA40A15670536ADAC1B01A90BDF1
SHA-256:61F54317B64327FC0B592D265A84391B714E67F30D9473DBAF6DF715F6D8DA5C
SHA-512:339A97529D690A83770A8A944D055908A646AE738FDB7206B9FF8978034A5612FED4A37132B9C3F43CB9E32D048D9EF0E051880E85B1B425284BDA9636ABC325
Malicious:false
Reputation:low
/data/data/com.czybg.eqtbdmzpklrgyns/files/sBUetYWgmIImLKjScXPAnohMqRUDMHhwvrrmAlCsWZMkmOQFpFwHUl.zip
File Type:Dalvik dex file version 035
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
MD5:33FEBA241D388E830B985DE0945C2000
SHA1:F31204F7C0E44A939EA233F35FBC5AA30817E338
SHA-256:7F79D01ADD22D5E70FA3BCFAE3C51D0BE32D337A2E660A109BBB141E1FA4D959
SHA-512:BCC090E398466CB41AD563FF0FC458414BB44BE3B22BD3099D7528DA11DF45E463F5FFAE924F1E768827C30D0DB5B52E83D7E60F68577042FAB267FFB3E5B40E
Malicious:false
Reputation:low

Contacted Domains/Contacted IPs

Contacted Domains

NameIPActiveMaliciousAntivirus Detection
play.googleapis.com172.217.20.74truefalse0%, virustotal, Browse
www.gstatic.com172.217.17.99truefalse2%, virustotal, Browse

Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPCountryFlagASNASN NameMalicious
8.8.8.8United States
15169GOOGLE-GoogleIncUSfalse
172.217.17.99United States
15169GOOGLE-GoogleIncUSfalse
172.217.20.74United States
15169GOOGLE-GoogleIncUSfalse
172.217.17.138United States
15169GOOGLE-GoogleIncUSfalse

Static File Info

General

File type:Zip archive data, at least v2.0 to extract
Entropy (8bit):7.978031457513307
TrID:
  • Android Package (19004/1) 52.05%
  • Java Archive (13504/1) 36.99%
  • ZIP compressed archive (4004/1) 10.97%
File name:5wd2rZUWEk
File size:527982
MD5:3b574b67bf5a80c43e6430d69b72e6ec
SHA1:72b9b211982a86e04bb3fc2bc74f55dd5a73d56a
SHA256:7503c7ddc1fe21f5f50f592f9c528b7d80dc77f053fa97d1ee0cd7d8fb1378a8
SHA512:270e7e4aa9f6f7080f952a247d8aa539fcb872b2d708fb28a135da00c1fdea2e7a3bed3678feb694f431d2644f0959d8b943ac845fda2476ce3dd58561ef1b4c
File Content Preview:PK..........VK..GR............META-INF/MANIFEST.MF..K..H....Q...3aT....1.P...B....$..............kVD......{R.1r .^....._^.o....C.A.U../.o..._.Xa`..e..4. .}.......D......P.........,..<..V.c..)N..G...$~Kc..I.....ro.|y.........$F9...7........|..A...R$.....#.

Static APK Info

General

Label:AntiVirus FREE
Minimum SDK required:9
Target SDK required:22
Version Code:53
Version Name:53
Package Name:com.czybg.eqtbdmzpklrgyns
Is Activity:true
Is Receiver:true
Is Service:true
Requests System Level Permissions:false
Play Store Compatible:true

Activities

NameIs Entrypoint
com.czybg.eqtbdmzpklrgynscom.czybg.eqtbdmzpklrgyns.FooVJESlkd1K
com.czybg.eqtbdmzpklrgynsoleevf.oiqgkl.kcfcwv.bzsy.ehkjwyuad.grdoikz
com.czybg.eqtbdmzpklrgynscom.czybg.eqtbdmzpklrgyns.SplashActivitytrue
com.czybg.eqtbdmzpklrgynscom.czybg.eqtbdmzpklrgyns.AyMuwwlC
com.czybg.eqtbdmzpklrgynscom.czybg.eqtbdmzpklrgyns.ProgressActivity
com.czybg.eqtbdmzpklrgynscom.czybg.eqtbdmzpklrgyns.BaseActivity

Receivers

  • com.czybg.eqtbdmzpklrgyns.BYdZZAIwCWFdZwW
  • Intent: android.app.action.DEVICE_ADMIN_ENABLED, android.app.action.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED, android.app.action.ACTION_DEVICE_ADMIN_DISABLED
  • com.czybg.eqtbdmzpklrgyns.Pu9qND8a41hRx
  • Intent: android.intent.action.PACKAGE_REPLACED, android.intent.action.PACKAGE_ADDED, android.intent.action.PACKAGE_INSTALL, android.intent.action.PHONE_STATE, android.net.wifi.WIFI_STATE_CHANGED, android.net.wifi.STATE_CHANGE, android.intent.action.BOOT_COMPLETED, android.net.conn.CONNECTIVITY_CHANGE, android.intent.action.ACTION_BATTERY_LOW, android.intent.action.ACTION_BATTERY_OKAY, android.net.ConnectivityManager.CONNECTIVITY_ACTION, android.net.wifi.supplicant.CONNECTION_CHANGE, com.android.res
  • com.czybg.eqtbdmzpklrgyns.X39SzVuK0Fg5ZMqLx

Services

  • com.czybg.eqtbdmzpklrgyns.KezZERjCGv7fpQLHuQ
  • com.czybg.eqtbdmzpklrgyns.Vdptsq.BMcoejIXiwV
  • com.czybg.eqtbdmzpklrgyns.Vdptsq.HOtny8Tb
  • com.czybg.eqtbdmzpklrgyns.Vdptsq.KdfKw0C
  • com.czybg.eqtbdmzpklrgyns.Vdptsq.MCq9ggDf53Iz0h
  • com.czybg.eqtbdmzpklrgyns.Vdptsq.O0qC6jwgEnHh
  • com.czybg.eqtbdmzpklrgyns.Vdptsq.PYViEQnPOshkW8
  • com.czybg.eqtbdmzpklrgyns.Vdptsq.S49U6BODT8
  • com.czybg.eqtbdmzpklrgyns.Vdptsq.WJY2Ahxkjz
  • fszdepyq.bpxcvwhmp.qchfn
  • Intent: xuskmlpe.tiaszz.pxvltcxj.nlsty.qteafq (Priority 0)
  • zjswnzgx.fswiicam.iwrcuay

Permission Requested

  • android.permission.ACCESS_NETWORK_STATE
  • android.permission.ACCESS_WIFI_STATE
  • android.permission.CHANGE_NETWORK_STATE
  • android.permission.CHANGE_WIFI_STATE
  • android.permission.GET_ACCOUNTS
  • android.permission.GET_TASKS
  • android.permission.INTERNET
  • android.permission.READ_CONTACTS
  • android.permission.READ_PHONE_STATE
  • android.permission.READ_PROFILE
  • android.permission.READ_SMS
  • android.permission.REAL_GET_TASKS
  • android.permission.RECEIVE_BOOT_COMPLETED
  • android.permission.RECEIVE_SMS
  • android.permission.WAKE_LOCK
  • android.permission.WRITE_EXTERNAL_STORAGE
  • com.android.launcher.permission.UNINSTALL_SHORTCUT

Certificate

Name:classes.dex
Issuer:CN=,OU=,O=US,L=US,ST=US,C=US
Subject:CN=,OU=,O=US,L=US,ST=US,C=US

Resources

NameTypeSize
ic_launcher.pngPNG image, 48 x 48, 8-bit/color RGBA, non-interlaced3087
AndroidManifest.xmlDBase 3 data file (12184 records)12184
button_pressed_background.xmlDBase 3 data file (728 records)728
ic_launcher.pngPNG image, 96 x 96, 8-bit/color RGBA, non-interlaced7607
finish_button.xmlDBase 3 data file (740 records)740
layout_round_corner_progress_bar.xmlDBase 3 data file (824 records)824
layout_icon_round_corner_progress_bar.xmlDBase 3 data file (1216 records)1216
activity_main.xmlDBase 3 data file (1312 records)1312
button_pressed.pngPNG image, 666 x 666, 8-bit/color RGBA, non-interlaced32372
progress_image.pngPNG image, 366 x 366, 8-bit colormap, non-interlaced5852
bhwdzkxwhvfdy.xmlDBase 3 data file (392 records)392
ic_launcher.pngPNG image, 192 x 192, 8-bit/color RGBA, non-interlaced19992
antivirus_logo.pngPNG image, 424 x 554, 8-bit colormap, non-interlaced8227
474271.SFASCII text, with CRLF line terminators2954
round_corner_progress_icon.pngPNG image, 48 x 48, 8-bit colormap, non-interlaced283
button_background.xmlDBase 3 data file (728 records)728
XbHcMPcWXOjWMempty0
base_activity.xmlDBase 3 data file (1384 records)1384
MANIFEST.MFASCII text, with CRLF line terminators2833
474271.RSAdata1262
antivirus.pngPNG image, 469 x 59, 8-bit colormap, non-interlaced2186
round_corner_progress_icon.pngPNG image, 144 x 144, 8-bit colormap, non-interlaced915
classes.dexDalvik dex file version 03512032
round_corner_progress_icon.pngPNG image, 96 x 96, 8-bit colormap, non-interlaced562
scan_button.xmlDBase 3 data file (740 records)740
resources.arscdata7632
layout_text_round_corner_progress_bar.xmlDBase 3 data file (1012 records)1012
round_corner_progress_icon.pngPNG image, 72 x 72, 8-bit colormap, non-interlaced452
button_unpressed.pngPNG image, 666 x 666, 8-bit/color RGBA, non-interlaced31784
bcg_gradient.xmlDBase 3 data file (720 records)720
scan_process_activity.xmlDBase 3 data file (2200 records)2200
UMQrTOWqmLFASCII text581760
stars_finish.pngPNG image, 511 x 487, 8-bit colormap, non-interlaced9599
ic_launcher.pngPNG image, 72 x 72, 8-bit/color RGBA, non-interlaced6043
ic_launcher.pngPNG image, 144 x 144, 8-bit/color RGBA, non-interlaced19430
cls.dex.drDalvik dex file version 035430652
sBUetYWgmIImLKjScXPAnohMqRUDMHhwvrrmAlCsWZMkmOQFpFwHUl.zip.drZip archive data, at least v2.0 to extract5859
classes.dexDalvik dex file version 03511728

Network Behavior

Network Port Distribution

TCP Packets

TimestampSource PortDest PortSource IPDest IP
Dec 21, 2017 18:02:12.773937941 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.774888039 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.774914026 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.804580927 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.804631948 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.805079937 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.805103064 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.805191994 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.806221008 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.806243896 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.806247950 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.806637049 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.821661949 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.821683884 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.822499990 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.822520018 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.822602034 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.822706938 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.822729111 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.822731972 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.823005915 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.840337992 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.840359926 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.840749979 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.840770006 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.840851068 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.853682995 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.853703976 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.853707075 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.854027033 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.854403019 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.854429007 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.854657888 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.854674101 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.854748964 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.855029106 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.855047941 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.855051041 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.855272055 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.874509096 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.874535084 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.874813080 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.874830961 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.874905109 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.885030985 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.885051966 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.885055065 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.885324955 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.885417938 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.885437012 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.885632038 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.885647058 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.885711908 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.886651993 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.886682034 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.886686087 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.886739016 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.902626038 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.902676105 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.903065920 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.903085947 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.903158903 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.917807102 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.917901993 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.917910099 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.917989969 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.918026924 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.918247938 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.918303013 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.918314934 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.918445110 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.940706968 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.940767050 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.940773964 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.941080093 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.943342924 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.943378925 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.943665981 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.943682909 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.943876028 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.948705912 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.948744059 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.948750019 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.949037075 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.949937105 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.949954987 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.950504065 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.950520039 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.950603962 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.950695038 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.950728893 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.950736046 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.950820923 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.950856924 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.950907946 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.950953960 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.950964928 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.951092005 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.980469942 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.980509043 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.980515003 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.981506109 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.981872082 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.981911898 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.982438087 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.982454062 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.982592106 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.982629061 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.982629061 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.982644081 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.982985973 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.996901035 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.996965885 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.997241020 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.997257948 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.997565985 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.998737097 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.998789072 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.998795033 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.998867989 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.998874903 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.998928070 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.998934984 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.998939037 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.999144077 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.999198914 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.999211073 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:12.999274015 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:12.999316931 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:13.030124903 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.030191898 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.030198097 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.030206919 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.030210972 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.030523062 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:13.030546904 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.030600071 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:13.030646086 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:13.030813932 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.030893087 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.031084061 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.031094074 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.031097889 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.031249046 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.031255960 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:13.031259060 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.031265020 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.031272888 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.031491995 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:13.031548023 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:13.031589985 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:13.031630993 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:13.044902086 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.044964075 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.044975996 CET44340742172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.045305967 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:13.086688995 CET40742443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:13.086730003 CET44340742172.217.17.138192.168.2.2
Dec 21, 2017 18:02:13.087073088 CET40742443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:13.362551928 CET793753192.168.2.28.8.8.8
Dec 21, 2017 18:02:13.474940062 CET5379378.8.8.8192.168.2.2
Dec 21, 2017 18:02:15.473963022 CET4343653192.168.2.28.8.8.8
Dec 21, 2017 18:02:15.571135044 CET53434368.8.8.8192.168.2.2
Dec 21, 2017 18:02:15.572036982 CET3738080192.168.2.2172.217.17.99
Dec 21, 2017 18:02:15.572081089 CET8037380172.217.17.99192.168.2.2
Dec 21, 2017 18:02:15.572360039 CET3738080192.168.2.2172.217.17.99
Dec 21, 2017 18:02:15.573096991 CET3738080192.168.2.2172.217.17.99
Dec 21, 2017 18:02:15.573124886 CET8037380172.217.17.99192.168.2.2
Dec 21, 2017 18:02:15.804744005 CET8037380172.217.17.99192.168.2.2
Dec 21, 2017 18:02:15.804780960 CET8037380172.217.17.99192.168.2.2
Dec 21, 2017 18:02:15.805805922 CET3738080192.168.2.2172.217.17.99
Dec 21, 2017 18:02:15.840337992 CET3738080192.168.2.2172.217.17.99
Dec 21, 2017 18:02:15.840387106 CET8037380172.217.17.99192.168.2.2
Dec 21, 2017 18:02:15.988349915 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:15.988398075 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:15.988848925 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:15.989315033 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:15.989331007 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.225672007 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.225723028 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.225732088 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.226871967 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.227401972 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.228260994 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.228832006 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.228916883 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.228925943 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.229796886 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.230854988 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.230942011 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.248480082 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.248522043 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.248529911 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.252479076 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.252521038 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.253482103 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.253576040 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.253654957 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.253673077 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.253803015 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.253882885 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.253957033 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.256344080 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.257364988 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.277899027 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.277942896 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.277992964 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:16.279218912 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.279907942 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.280529976 CET5153880192.168.2.2172.217.17.99
Dec 21, 2017 18:02:16.280569077 CET8051538172.217.17.99192.168.2.2
Dec 21, 2017 18:02:20.264338017 CET40742443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:20.264748096 CET44340742172.217.17.138192.168.2.2
Dec 21, 2017 18:02:20.266113043 CET40742443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:20.314960003 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:20.315224886 CET44349818172.217.17.138192.168.2.2
Dec 21, 2017 18:02:20.316231966 CET49818443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:21.941541910 CET4115953192.168.2.28.8.8.8
Dec 21, 2017 18:02:22.020647049 CET53411598.8.8.8192.168.2.2
Dec 21, 2017 18:02:45.807840109 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:45.807883024 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:45.808267117 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:45.809901953 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:45.810075998 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:45.996119976 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:45.997586012 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:45.999327898 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:45.999356985 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.031313896 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.031341076 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.211724043 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.211747885 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.211755991 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.212045908 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.230880976 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.230906010 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.231600046 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.231631041 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.232096910 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.244016886 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.244040966 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.244050026 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.245064020 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.245095968 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.245116949 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.245237112 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.245246887 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.245467901 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.245495081 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.245621920 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.245708942 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.255829096 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.256885052 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.256902933 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.257307053 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.257333994 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.257922888 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.264952898 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.265010118 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.265018940 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.265638113 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.273587942 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.273613930 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.274595022 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.274657965 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.274880886 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.274899960 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.275477886 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.275501966 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.276134968 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.276917934 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.276942968 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.277401924 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.277426004 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.277923107 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.283799887 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.283823967 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.283832073 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.284483910 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.294826984 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.294847965 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.295325041 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.295350075 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.296031952 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.298672915 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.298697948 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.298706055 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.299345970 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.303009987 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.303035021 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.303595066 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.303620100 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.304256916 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:02:46.312062025 CET44352265172.217.17.138192.168.2.2
Dec 21, 2017 18:02:46.359647036 CET52265443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.057300091 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.057353973 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.058049917 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.060950994 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.061003923 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.389090061 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.389828920 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.391501904 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.391532898 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.393834114 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.393865108 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.649183035 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.649214983 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.649776936 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.675508976 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.675602913 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.675607920 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.676206112 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.680757046 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.680998087 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.681423903 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.681442976 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.682104111 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.682626009 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.683911085 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.683969975 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.684360027 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.684379101 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.685125113 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.685142994 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.686590910 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.686640024 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.687015057 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.687038898 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.687479973 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.687647104 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.690314054 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.690340996 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.691185951 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.691205025 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.691399097 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.694524050 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.694562912 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.694567919 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.694721937 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.694756031 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.695127964 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.695198059 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.695362091 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.697597027 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.697658062 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.697670937 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.697765112 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.697869062 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.697896957 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.698107004 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.698165894 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.698178053 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.698751926 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.705661058 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.711215019 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.711272955 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.711517096 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.711540937 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.712095976 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.718080044 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.730664968 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.730982065 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.731004000 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.771265030 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.779834032 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.780272961 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.781325102 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.781352997 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.781357050 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.781819105 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.781980038 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.782043934 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.782056093 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.782399893 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.793647051 CET1531953192.168.2.28.8.8.8
Dec 21, 2017 18:04:24.798067093 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.798088074 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.798091888 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.798496962 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.798543930 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.798588037 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.822208881 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.822242975 CET44350363172.217.17.138192.168.2.2
Dec 21, 2017 18:04:24.822592974 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.822680950 CET50363443192.168.2.2172.217.17.138
Dec 21, 2017 18:04:24.879168034 CET53153198.8.8.8192.168.2.2
Dec 21, 2017 18:04:24.880276918 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:24.880300999 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:24.880870104 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:24.883640051 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:24.883656979 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:25.064523935 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:25.064611912 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:25.065351009 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:25.065543890 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:25.089828014 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:25.090651035 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:25.125730991 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:25.125760078 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:25.286109924 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:25.314152002 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:25.314187050 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:25.598639011 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:25.638863087 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:25.645368099 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:25.645400047 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:25.908416986 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:25.909244061 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:25.938647032 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:25.938678980 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:26.414583921 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:26.442039967 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:26.442210913 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:26.648780107 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:26.675071955 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:26.675103903 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:26.964972019 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:26.989686012 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:26.989871025 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:27.216806889 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:27.247193098 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:27.247340918 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:27.421281099 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:27.448168039 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:27.448218107 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:27.449379921 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:27.449409008 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:27.450989008 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:27.451018095 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:27.452339888 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:27.452368021 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:27.453777075 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:27.453804016 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:27.455125093 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:27.455152035 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:27.814323902 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:27.833448887 CET52263443192.168.2.2172.217.20.74
Dec 21, 2017 18:04:27.833578110 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:28.045574903 CET44352263172.217.20.74192.168.2.2
Dec 21, 2017 18:04:28.086519003 CET52263443192.168.2.2172.217.20.74

UDP Packets

TimestampSource PortDest PortSource IPDest IP
Dec 21, 2017 18:02:13.362551928 CET793753192.168.2.28.8.8.8
Dec 21, 2017 18:02:13.474940062 CET5379378.8.8.8192.168.2.2
Dec 21, 2017 18:02:15.473963022 CET4343653192.168.2.28.8.8.8
Dec 21, 2017 18:02:15.571135044 CET53434368.8.8.8192.168.2.2
Dec 21, 2017 18:02:21.941541910 CET4115953192.168.2.28.8.8.8
Dec 21, 2017 18:02:22.020647049 CET53411598.8.8.8192.168.2.2
Dec 21, 2017 18:04:24.793647051 CET1531953192.168.2.28.8.8.8
Dec 21, 2017 18:04:24.879168034 CET53153198.8.8.8192.168.2.2

DNS Queries

TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
Dec 21, 2017 18:02:15.473963022 CET192.168.2.28.8.8.80xe03fStandard query (0)www.gstatic.comA (IP address)IN (0x0001)
Dec 21, 2017 18:04:24.793647051 CET192.168.2.28.8.8.80x52c6Standard query (0)play.googleapis.comA (IP address)IN (0x0001)

DNS Answers

TimestampSource IPDest IPTrans IDReplay CodeNameCNameAddressTypeClass
Dec 21, 2017 18:02:15.571135044 CET8.8.8.8192.168.2.20xe03fNo error (0)www.gstatic.com172.217.17.99A (IP address)IN (0x0001)
Dec 21, 2017 18:04:24.879168034 CET8.8.8.8192.168.2.20x52c6No error (0)play.googleapis.com172.217.20.74A (IP address)IN (0x0001)

HTTP Request Dependency Graph

  • www.gstatic.com

HTTP Packets

TimestampSource PortDest PortSource IPDest IPHeaderTotal Bytes Transfered (KB)
Dec 21, 2017 18:02:15.573096991 CET3738080192.168.2.2172.217.17.99GET /android/config_update/08312017-sms-blacklist.metadata.txt HTTP/1.1
User-Agent: AndroidDownloadManager/5.1.1 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)
Accept-Encoding: identity
Connection: close
Host: www.gstatic.com
195
Dec 21, 2017 18:02:15.804744005 CET8037380172.217.17.99192.168.2.2HTTP/1.1 200 OK
Accept-Ranges: none
Vary: Accept-Encoding
Content-Type: text/plain
Date: Mon, 18 Dec 2017 18:26:47 GMT
Expires: Tue, 26 Dec 2017 18:26:47 GMT
Last-Modified: Fri, 08 Sep 2017 01:15:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=691200
Age: 254128
Connection: close
Data Raw: 53 49 47 4e 41 54 55 52 45 3a 67 6a 6c 42 65 46 6f 33 49 35 51 42 74 4f 50 62 53 67 63 55 45 61 5a 51 56 31 6f 62 54 30 34 48 62 33 64 35 32 32 50 35 6d 48 77 35 76 42 70 42 38 75 38 56 64 6c 31 37 59 63 53 6a 63 37 32 6d 58 6f 72 67 76 6a 62 51 4d 79 59 61 71 41 43 64 43 63 34 4a 42 68 33 62 70 2f 6f 6f 66 37 4e 68 6d 6d 61 64 39 7a 47 55 37 6e 2b 61 56 59 63 65 46 4d 35 66 2f 41 31 6e 7a 44 68 6f 32 55 5a 37 52 50 77 75 52 70 63 52 30 6d 52 55 2b 78 52 47 6b 4a 33 69 54 6c 6b 6e 49 38 30 52 4f 34 49 43 30 63 48 51 4a 79 70 39 2f 32 2b 4f 2f 35 71 43 5a 64 46 43 6c 39 7a 61 56 64 63 34 65 36 59 55 39 53 51 58 4a 2f 71 6e 44 45 6c 37 54 38 4c 58 49 45 52 31 35 30 62 4f 63 34 43 6f 55 54 65 61 47 6f 74 55 65 67 37 6f 78 5a 76 62 6e 50 4c 54 32 6a 72 71 75 68 38 46 68 62 75 6f 52 4f 44 66 7a 66 4a 2f 34 31 49 75 30 33 41 32 50 4e 68 32 49 74 35 67 31 64 6b 62 71 79 74 4e 39 6f 43 61 49 62 53 2b 56 5a 75 30 67 48 71 75 38 75 79 39 4e 70 47 39 55 30 69 6a 2f 62 2b 65 49 4d 73 33 2f 6e 6a 6e 75 77 66 49 63 52 67 43 79 73 66 74 50 5a 6e 4d 30 41 3d 3d 0a 56 45 52 53 49 4f 4e 3a 31 35 0a 52 45 51 55 49 52 45 44 5f 48 41 53 48 3a 4e 4f 4e 45
Data Ascii: SIGNATURE:gjlBeFo3I5QBtOPbSgcUEaZQV1obT04Hb3d522P5mHw5vBpB8u8Vdl17YcSjc72mXorgvjbQMyYaqACdCc4JBh3bp/oof7Nhmmad9zGU7n+aVYceFM5f/A1nzDho2UZ7RPwuRpcR0mRU+xRGkJ3iTlknI80RO4IC0cHQJyp9/2+O/5qCZdFCl9zaVdc4e6YU9SQXJ/qnDEl7T8LXIER150bOc4CoUTeaGotUeg7oxZvbnPLT2jrquh8FhbuoRODfzfJ/41Iu03A2PNh2It5g1dkbqytN9oCaIbS+VZu0gHqu8uy9NpG9U0ij/b+eIMs3/njnuwfIcRgCysftPZnM0A==VERSION:15REQUIRED_HASH:NONE
196
Dec 21, 2017 18:02:15.989315033 CET5153880192.168.2.2172.217.17.99GET /android/config_update/08312017-sms-blacklist.txt HTTP/1.1
User-Agent: AndroidDownloadManager/5.1.1 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)
Accept-Encoding: identity
Connection: close
Host: www.gstatic.com
197
Dec 21, 2017 18:02:16.225672007 CET8051538172.217.17.99192.168.2.2HTTP/1.1 200 OK
Accept-Ranges: none
Vary: Accept-Encoding
Content-Type: text/plain
Date: Mon, 18 Dec 2017 18:54:31 GMT
Expires: Tue, 26 Dec 2017 18:54:31 GMT
Last-Modified: Fri, 08 Sep 2017 01:15:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=691200
Age: 252465
Connection: close
Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0a 3c 21 2d 2d 0a 2f 2a 0a 2a 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 32 2c 20 54 68 65 20 41 6e 64 72 6f 69 64 20 4f 70 65 6e 20 53 6f 75 72 63 65 20 50 72 6f 6a 65 63 74 0a 2a 2a 0a 2a 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 41 70 61 63 68 65 20 4c 69 63 65 6e 73 65 2c 20 56 65 72 73 69 6f 6e 20 32 2e 30 20 28 74 68 65 20 22 4c 69 63 65 6e 73 65 22 29 3b 0a 2a 2a 20 79 6f 75 20 6d 61 79 20 6e 6f 74 20 75 73 65 20 74 68 69 73 20 66 69 6c 65 20 65 78 63 65 70 74 20 69 6e 20 63 6f 6d 70 6c 69 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 4c 69 63 65 6e 73 65 2e 0a 2a 2a 20 59 6f 75 20 6d 61 79 20 6f 62 74 61 69 6e 20 61 20 63 6f 70 79 20 6f 66 20 74 68 65 20 4c 69 63 65 6e 73 65 20 61 74 0a 2a 2a 0a 2a 2a 20 20 20 20 20 68 74 74 70 3a 2f 2f 77 77 77 2e 61 70 61 63 68 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 4c 49 43 45 4e 53 45 2d 32 2e 30 0a 2a 2a 0a 2a 2a 20 55 6e 6c 65 73 73 20 72 65 71 75 69 72 65 64 20 62 79 20 61 70 70 6c 69 63 61 62 6c 65 20 6c 61 77 20 6f 72 20 61 67 72 65 65 64 20 74 6f 20 69 6e 20 77 72 69 74 69 6e 67 2c 20 73 6f 66 74 77 61 72 65 0a 2a 2a 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 74 68 65 20 4c 69 63 65 6e 73 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 6f 6e 20 61 6e 20 22 41 53 20 49 53 22 20 42 41 53 49 53 2c 0a 2a 2a 20 57 49 54 48 4f 55 54 20 57 41 52 52 41 4e 54 49 45 53 20 4f 52 20 43 4f 4e 44 49 54 49 4f 4e 53 20 4f 46 20 41 4e 59 20 4b 49 4e 44 2c 20 65 69 74 68 65 72 20 65 78 70 72 65 73 73 20 6f 72 20 69 6d 70 6c 69 65 64 2e 0a 2a 2a 20 53 65 65 20 74 68 65 20 4c 69 63 65 6e 73 65 20 66 6f 72 20 74 68 65 20 73 70 65 63 69 66 69 63 20 6c 61 6e 67 75 61 67 65 20 67 6f 76 65 72 6e 69 6e 67 20 70 65 72 6d 69 73 73 69 6f 6e 73 20 61 6e 64 0a 2a 2a 20 6c 69 6d 69 74 61 74 69 6f 6e 73 20 75 6e 64 65 72 20 74 68 65 20 4c 69 63 65 6e 73 65 2e 0a 2a 2f 0a 2d 2d 3e 0a 0a 3c 21 2d 2d 20 52 65 67 65 78 20 70 61 74 74 65 72 6e 73 20 66 6f 72 20 53 4d 53 20 73 68 6f 72 74 20 63 6f 64 65 73 20 62 79 20 63 6f 75 6e 74 72 79 2e 20 2d 2d 3e 0a 3c 73 68 6f 72 74 63 6f 64 65 73 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 54 68 65 20 63 6f 75 6e 74 72 79 20 61 74 74 72 69 62 75 74 65 20 69 73 20 74 68 65 20 49 53 4f 20 63 6f 75 6e 74 72 79 20 63 6f 64 65 20 6f 66 20 74 68 65 20 75 73 65 72 27 73 20 61 63 63 6f 75 6e 74 20 28 66 72 6f 6d 20 53 49 4d 20 63 61 72 64 20 6f 72 20 4e 56 29 2e 0a 20 20 20 20 20 20 20 20 20 54 68 65 20 70 61 74 74 65 72 6e 20 61 74 74 72 69 62 75 74 65 20 69 73 20 61 20 72 65 67 65 78 20 74 68 61 74 20 6d 61 74 63 68 65 73 20 61 6c 6c 20 53 4d 53 20 73 68 6f 72 74 20 63 6f 64 65 73 20 66 6f 72 20 74 68 65 20 63 6f 75 6e 74 72 79 2e 0a 20 20 20 20 20 20 20 20 20 54 68 65 20 70 72 65 6d 69 75 6d 20 61 74 74 72 69 62 75 74 65 20 69 73 20 61 20 72 65 67 65 78 20 74 68 61 74 20 6d 61 74 63 68 65 73 20 70 72 65 6d 69 75 6d 20 72 61 74 65 20 53 4d 53 20 73 68 6f 72 74 20 63 6f 64 65 73 2e 0a 20 20 20 20 20 20 20 20 20 54 68 65 20 66 72 65 65 20 61 74 74 72 69 62 75 74 65 20 6d 61 74 63 68 65 73 20 73 68 6f 72 74 20 63 6f 64 65 73 20 74 68 61 74 20 77 65 20 6b 6e 6f 77 20 77 69 6c 6c 20 6e 6f 74 20 63 6f 73 74
Data Ascii: <?xml version="1.0" encoding="utf-8"?>.../*** Copyright 2012, The Android Open Source Project**** Licensed under the Apache License, Version 2.0 (the "License");** you may not use this file except in compliance with the License.** You may obtain a copy of the License at**** http://www.apache.org/licenses/LICENSE-2.0**** Unless required by applicable law or agreed to in writing, software** distributed under the License is distributed on an "AS IS" BASIS,** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.** See the License for the specific language governing permissions and** limitations under the License.*/-->... Regex patterns for SMS short codes by country. --><shortcodes> ... The country attribute is the ISO country code of the user's account (from SIM card or NV). The pattern attribute is a regex that matches all SMS short codes for the country. The premium attribute is a regex that matches premium rate SMS short codes. The free attribute matches short codes that we know will not cost
198
Dec 21, 2017 18:02:16.225723028 CET8051538172.217.17.99192.168.2.2Data Raw: 20 74 68 65 20 75 73 65 72 2c 20 73 75 63 68 20 61 73 0a 20 20 20 20 20 20 20 20 20 65 6d 65 72 67 65 6e 63 79 20 6e 75 6d 62 65 72 73 2e 20 54 68 65 20 73 74 61 6e 64 61 72 64 20 61 74 74 72 69 62 75 74 65 20 6d 61 74 63 68 65 73 20 73 68 6f 72
Data Ascii: the user, such as emergency numbers. The standard attribute matches short codes that are billed at the standard SMS rate. The user is warned when the destination phone number matches the "pattern" or "premium" regex
200
Dec 21, 2017 18:02:16.225732088 CET8051538172.217.17.99192.168.2.2Data Raw: 36 7c 39 35 32 35 22 20 2f 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 42 65 6c 67 69 75 6d 3a 20 34 20 64 69 67 69 74 73 2c 20 70 6c 75 73 20 45 55 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6f 62 69 6c 65 77 65 62 2e 62 65 2f 65 6e 2f 6d 6f 62 69 6c 65
Data Ascii: 6|9525" /> ... Belgium: 4 digits, plus EU: http://www.mobileweb.be/en/mobileweb/sms-nu
200
Dec 21, 2017 18:02:16.228832006 CET8051538172.217.17.99192.168.2.2Data Raw: 6d 62 65 72 70 6c 61 6e 2e 61 73 70 20 2d 2d 3e 0a 20 20 20 20 3c 73 68 6f 72 74 63 6f 64 65 20 63 6f 75 6e 74 72 79 3d 22 62 65 22 20 70 72 65 6d 69 75 6d 3d 22 5c 64 7b 34 7d 22 20 66 72 65 65 3d 22 38 5c 64 7b 33 7d 7c 31 31 36 5c 64 7b 33 7d
Data Ascii: mberplan.asp --> <shortcode country="be" premium="\d{4}" free="8\d{3}|116\d{3}" /> ... Bulgaria: 4-5 digits, plus EU --> <shortcode country="bg" pattern="\d{4,5}" premium="18(?:16|423)|19(?:1[56]|35)" free="116\d{3}|1988|1490" />
201
Dec 21, 2017 18:02:16.228916883 CET8051538172.217.17.99192.168.2.2Data Raw: 20 20 20 3c 73 68 6f 72 74 63 6f 64 65 20 63 6f 75 6e 74 72 79 3d 22 63 6f 22 20 70 61 74 74 65 72 6e 3d 22 5c 64 7b 31 2c 36 7d 22 20 66 72 65 65 3d 22 38 39 30 33 35 30 22 20 2f 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 43 79 70 72 75 73 3a 20 34 2d
Data Ascii: <shortcode country="co" pattern="\d{1,6}" free="890350" /> ... Cyprus: 4-6 digits (not confirmed), known premium codes listed, plus EU --> <shortcode country="cy" pattern="\d{4,6}" premium="7510" free="116\d{3}" /> ... Czech
203
Dec 21, 2017 18:02:16.228925943 CET8051538172.217.17.99192.168.2.2Data Raw: 37 29 7c 38 30 28 3f 3a 30 30 38 7c 31 32 33 7c 38 38 38 29 7c 38 32 28 3f 3a 30 30 32 7c 5b 33 37 38 5d 30 30 7c 33 32 33 7c 34 34 34 7c 34 37 32 7c 34 37 34 7c 34 38 38 7c 37 32 37 29 7c 38 33 28 3f 3a 30 30 35 7c 5b 31 36 39 5d 30 30 7c 33 33
Data Ascii: 7)|80(?:008|123|888)|82(?:002|[378]00|323|444|472|474|488|727)|83(?:005|[169]00|333|830)|84(?:141|300|32[34]|343|488|499|777|888)|85888|86(?:188|566|640|644|650|677|868|888)|870[24]9|871(?:23|[49]9)|872(?:1[0-8]|49|99)|87499|875(?:49|55|99)|87
204
Dec 21, 2017 18:02:16.248480082 CET8051538172.217.17.99192.168.2.2Data Raw: 2f 45 6c 65 6b 74 72 6f 6f 6e 69 6c 69 6e 65 5f 73 69 64 65 2f 4f 69 67 75 73 61 6b 74 69 64 2f 45 4e 47 2f 45 73 74 6f 6e 69 61 6e 5f 4e 75 6d 62 65 72 69 6e 67 5f 50 6c 61 6e 5f 61 6e 6e 65 78 5f 30 36 5f 30 39 5f 32 30 31 30 2e 6d 68 74 20 2d
Data Ascii: /Elektrooniline_side/Oigusaktid/ENG/Estonian_Numbering_Plan_annex_06_09_2010.mht --> <shortcode country="ee" pattern="1\d{2,4}" premium="90\d{5}|15330|1701[0-3]" free="116\d{3}|95034" /> ... Spain: 5-6 digits: 25xxx, 27xxx, 280xx, 35
205
Dec 21, 2017 18:02:16.248522043 CET8051538172.217.17.99192.168.2.2Data Raw: 20 34 20 64 69 67 69 74 73 2c 20 6b 6e 6f 77 6e 20 70 72 65 6d 69 75 6d 20 63 6f 64 65 73 20 6c 69 73 74 65 64 20 2d 2d 3e 0a 20 20 20 20 3c 73 68 6f 72 74 63 6f 64 65 20 63 6f 75 6e 74 72 79 3d 22 67 65 22 20 70 61 74 74 65 72 6e 3d 22 5c 64 7b
Data Ascii: 4 digits, known premium codes listed --> <shortcode country="ge" pattern="\d{4}" premium="801[234]|888[239]" /> ... Ghana: 4 digits, known premium codes listed --> <shortcode country="gh" pattern="\d{4}" free="5041" /> ...
207
Dec 21, 2017 18:02:16.248529911 CET8051538172.217.17.99192.168.2.2Data Raw: 72 65 6d 69 75 6d 3d 22 34 34 32 32 7c 34 35 34 35 22 20 2f 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 49 74 61 6c 79 3a 20 35 20 64 69 67 69 74 73 20 28 70 72 65 6d 69 75 6d 3d 34 78 78 78 78 29 2c 20 70 6c 75 73 20 45 55 3a 0a 20 20 20 20 20 20 20 20
Data Ascii: remium="4422|4545" /> ... Italy: 5 digits (premium=4xxxx), plus EU: http://clients.txtnation.com/attachments/token/di5kfblvubttvlw/?name=Italy_CASP_EN.pdf --> <shortcode country="it" pattern="\d{5}" premium="4\d{4}" free="11
208
Dec 21, 2017 18:02:16.252479076 CET8051538172.217.17.99192.168.2.2Data Raw: 64 3a 20 68 74 74 70 3a 2f 2f 73 6d 73 63 6f 69 6e 2e 6e 65 74 2f 69 6e 66 6f 2f 70 72 69 63 69 6e 67 2d 6b 61 7a 61 6b 68 73 74 61 6e 2f 20 2d 2d 3e 0a 20 20 20 20 3c 73 68 6f 72 74 63 6f 64 65 20 63 6f 75 6e 74 72 79 3d 22 6b 7a 22 20 70 61 74
Data Ascii: d: http://smscoin.net/info/pricing-kazakhstan/ --> <shortcode country="kz" pattern="\d{4}" premium="335[02]|4161|444[469]|77[2359]0|8444|919[3-5]|968[2-5]" /> ... Kuwait: 1-5 digits (standard system default, not country specific) -->
209
Dec 21, 2017 18:02:16.252521038 CET8051538172.217.17.99192.168.2.2Data Raw: 20 70 72 65 6d 69 75 6d 20 63 6f 64 65 73 20 6c 69 73 74 65 64 2c 20 70 6c 75 73 20 45 55 20 2d 2d 3e 0a 20 20 20 20 3c 73 68 6f 72 74 63 6f 64 65 20 63 6f 75 6e 74 72 79 3d 22 6e 6c 22 20 70 61 74 74 65 72 6e 3d 22 5c 64 7b 34 7d 22 20 70 72 65
Data Ascii: premium codes listed, plus EU --> <shortcode country="nl" pattern="\d{4}" premium="4466|5040" free="116\d{3}|2223|6225|2223" /> ... Norway: 4-5 digits (not confirmed), known premium codes listed --> <shortcode country="no" patte
211

HTTPS Packets

TimestampSource PortDest PortSource IPDest IPSubjectIssuerNot BeforeNot AfterRaw
Dec 21, 2017 18:04:25.089828014 CET44352263172.217.20.74192.168.2.2CN=*.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=USCN=Google Internet Authority G2, O=Google Inc, C=USWed Nov 29 10:52:01 CET 2017Wed Feb 21 10:37:00 CET 2018[[ Version: V3 Subject: CN=*.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 29349691608895416868777997993100931202799362896725401169933458746256284034683729955698714146097475084656267393946110951151571966288760784678078884309286616608324002596734900404434160631595297700023785537908537696887646797059453287014878981506947636054621914755375503883361492408463370820199244901878556714797455447833878102147515265701463420887935247007586968243624915797292508909778488541474818389880673858033832261533228379428522989812874662178827649971416578211566399230176117823694263611314341931402693004169200561524693313692450474682778435538648200631514000439977927319335351842847567936487773989779441843850981 public exponent: 65537 Validity: [From: Wed Nov 29 10:52:01 CET 2017, To: Wed Feb 21 10:37:00 CET 2018] Issuer: CN=Google Internet Authority G2, O=Google Inc, C=US SerialNumber: [ 564777cb e67f5294]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://pki.google.com/GIAG2.crt, accessMethod: ocsp accessLocation: URIName: http://clients1.google.com/ocsp]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 4A DD 06 16 1B BC F6 68 B5 76 F5 81 B6 BB 62 1A J......h.v....b.0010: BA 5A 81 2F .Z./]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:false PathLen: undefined][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://pki.google.com/GIAG2.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.1][] ] [CertificatePolicyId: [2.23.140.1.2.2][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth][7]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: *.googleapis.com DNSName: *.clients6.google.com DNSName: *.cloudendpointsapis.com DNSName: cloudendpointsapis.com DNSName: googleapis.com][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: C2 49 A7 01 3F E6 75 4D F5 4E AD 0B 4F 68 1A C9 .I..?.uM.N..Oh..0010: 7A 05 FD 7F z...]]] Algorithm: [SHA256withRSA] Signature:0000: 65 95 11 08 04 B8 3C F6 93 6A 37 1B 72 9C 67 72 e.....<..j7.r.gr0010: CD BB 54 F8 76 8C 05 3E A1 A7 7F CB BB 0D F0 26 ..T.v..>.......&0020: 40 A7 56 C3 6C BC 9A 06 50 91 5F 31 25 51 A8 90 @.V.l...P._1%Q..0030: 87 37 9B 9A F4 58 FA 28 85 5B D5 EA 34 90 7A 9A .7...X.(.[..4.z.0040: EB 11 0C 98 32 BA 8E D9 39 C2 4E 36 38 5D DE 41 ....2...9.N68].A0050: 92 E7 F9 45 6C 16 90 70 4B 69 0E 90 AA E7 19 BC ...El..pKi......0060: 8F 23 06 6A 4E CA 1B 95 19 63 1D 57 1E 73 15 C8 .#.jN....c.W.s..0070: FE C9 F9 57 E0 68 9A 32 06 E6 6B E9 52 00 F8 4F ...W.h.2..k.R..O0080: BA 61 35 04 51 16 BF C3 D1 18 F3 95 91 70 02 30 .a5.Q........p.00090: 37 0A 31 DD E6 F5 71 EF EC 88 EE B0 64 EB 6D 3F 7.1...q.....d.m?00A0: 29 1B BE 09 47 91 46 E3 2C 9F C8 85 71 D7 ED 45 )...G.F.,...q..E00B0: 93 29 88 2E 47 D0 85 F2 51 DF BB ED F9 3E 56 01 .)..G...Q....>V.00C0: D3 DF 4D F5 F9 5D 16 2D 2B 19 FE 11 64 C1 2A A9 ..M..].-+...d.*.00D0: FC A5 E1 6B 69 B9 17 B0 29 04 41 5E C4 D0 1C 62 ...ki...).A^...b00E0: 6A F3 9C 19 DC F4 B6 67 53 13 B1 6F EA A6 E8 11 j......gS..o....00F0: 78 DA E2 35 25 CE 23 6B 27 3B C6 7D 6B 31 2E BA x..5%.#k';..k1..]
Dec 21, 2017 18:04:25.089828014 CET44352263172.217.20.74192.168.2.2CN=Google Internet Authority G2, O=Google Inc, C=USCN=GeoTrust Global CA, O=GeoTrust Inc., C=USMon May 22 13:32:37 CEST 2017Tue Jan 01 00:59:59 CET 2019[[ Version: V3 Subject: CN=Google Internet Authority G2, O=Google Inc, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 19713895149719550196537065661910573762693934593220985668782860735427060889140793885919063737778303548724916253252606564904177491762533295616984617709378739783748100146882543612565825906799282133510087546060971220666055151463898734279731009956582933624646298029265838127046200538496591314458940937082185029845612274584845875286257057247598474925565775989866310636633768255501748172403430876460228793912189332026189491067186811703150477068536877439284697584041860237489395099402658887745588613142391209024263265842301844868193180477031165936332420984796347731387363914950895491332976177715889375379088870580457661428329 public exponent: 65537 Validity: [From: Mon May 22 13:32:37 CEST 2017, To: Tue Jan 01 00:59:59 CET 2019] Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US SerialNumber: [ 01002125 88b0fa59 a777ef05 7b6627df]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://g.symcd.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e0010: B8 CA CC 4E ...N]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://g.symcb.com/crls/gtglobal.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.1][] ] [CertificatePolicyId: [2.23.140.1.2.2][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 4A DD 06 16 1B BC F6 68 B5 76 F5 81 B6 BB 62 1A J......h.v....b.0010: BA 5A 81 2F .Z./]]] Algorithm: [SHA256withRSA] Signature:0000: CA 49 E5 AC D7 64 64 77 5B BE 71 FA CF F4 1E 23 .I...ddw[.q....#0010: C7 9A 69 63 54 5F EB 4C D6 19 28 23 64 66 8E 1C ..icT_.L..(#df..0020: C7 87 80 64 5F 04 8B 26 AF 98 DF 0A 70 BC BC 19 ...d_..&....p...0030: 3D EE 7B 33 A9 7F BD F4 05 D4 70 BB 05 26 79 EA =..3......p..&y.0040: 9A C7 98 B9 07 19 65 34 CC 3C E9 3F C5 01 FA 6F ......e4.<.?...o0050: 0C 7E DB 7A 70 5C 4C FE 2D 00 F0 CA BE 2D 8E B4 ...zp\L.-....-..0060: A8 80 FB 01 13 88 CB 9C 3F E5 BB 77 CA 3A 67 36 ........?..w.:g60070: F3 CE D5 27 02 72 43 A0 BD 6E 02 F1 47 05 71 3E ...'.rC..n..G.q>0080: 01 59 E9 11 9E 1A F3 84 0F 80 A6 A2 78 35 2F B6 .Y..........x5/.0090: C7 A2 7F 17 7C E1 8B 56 AE EE 67 88 51 27 30 60 .......V..g.Q'0`00A0: A5 62 52 C3 37 D5 3B EA 85 2A 01 38 87 A2 CF 70 .bR.7.;..*.8...p00B0: AD A4 7A C9 C4 E7 CA C5 DA BC 23 32 F2 FE 18 C2 ..z.......#2....00C0: 7B E0 DF 3B 2F D4 D0 10 E6 96 4C FB 44 B7 21 64 ...;/.....L.D.!d00D0: 0D B9 00 94 30 12 26 87 58 98 39 05 38 0F CC 82 ....0.&.X.9.8...00E0: 48 0C 0A 47 66 EE BF B4 5F C4 FF 70 A8 E1 7F 8B H..Gf..._..p....00F0: 79 2B B8 65 32 A3 B9 B7 31 E9 0A F5 F6 1F 32 DC y+.e2...1.....2.]
Dec 21, 2017 18:04:25.089828014 CET44352263172.217.20.74192.168.2.2CN=GeoTrust Global CA, O=GeoTrust Inc., C=USOU=Equifax Secure Certificate Authority, O=Equifax, C=USTue May 21 06:00:00 CEST 2002Tue Aug 21 06:00:00 CEST 2018[[ Version: V3 Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits modulus: 27620593608073140957439440929253438012688864718977347268272053725994928948867769687165112265058896553974818505070806430256424431940072485024407486246475597522063246121214348496326377341879755851197260401080498544606788760407243324127929930612201002157618691487713632251700065187865963692723720912135393438861302779432180613616167225206519123176430362410262429702404863434904116727055203524505580952824336979641923534005571504410997292144760317953739063178352809680844232935574095508445145910310675421726257114605895831426222686272114090063230017292595425393719031924942422176213538487957041730136782988405751614792953 public exponent: 65537 Validity: [From: Tue May 21 06:00:00 CEST 2002, To: Tue Aug 21 06:00:00 CEST 2018] Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US SerialNumber: [ 12bbe6]Certificate Extensions: 6[1]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O30010: 98 90 9F D4 ....]][2]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:2147483647][3]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.geotrust.com/crls/secureca.crl]]][4]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 2D 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 65 .-https://www.ge0010: 6F 74 72 75 73 74 2E 63 6F 6D 2F 72 65 73 6F 75 otrust.com/resou0020: 72 63 65 73 2F 72 65 70 6F 73 69 74 6F 72 79 rces/repository]] ]][5]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][6]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e0010: B8 CA CC 4E ...N]]] Algorithm: [SHA1withRSA] Signature:0000: 76 E1 12 6E 4E 4B 16 12 86 30 06 B2 81 08 CF F0 v..nNK...0......0010: 08 C7 C7 71 7E 66 EE C2 ED D4 3B 1F FF F0 F0 C8 ...q.f....;.....0020: 4E D6 43 38 B0 B9 30 7D 18 D0 55 83 A2 6A CB 36 N.C8..0...U..j.60030: 11 9C E8 48 66 A3 6D 7F B8 13 D4 47 FE 8B 5A 5C ...Hf.m....G..Z\0040: 73 FC AE D9 1B 32 19 38 AB 97 34 14 AA 96 D2 EB s....2.8..4.....0050: A3 1C 14 08 49 B6 BB E5 91 EF 83 36 EB 1D 56 6F ....I......6..Vo0060: CA DA BC 73 63 90 E4 7F 7B 3E 22 CB 3D 07 ED 5F ...sc....>".=.._0070: 38 74 9C E3 03 50 4E A1 AF 98 EE 61 F2 84 3F 12 8t...PN....a..?.]

APK Behavior

Installation Messages
NameIs Error
  • Renaming /data/app/vmdl1329300705.tmp to /data/app/com.czybg.eqtbdmzpklrgyns-1
  • Running dexopt on: /data/app/com.czybg.eqtbdmzpklrgyns-1/base.apk pkg=com.czybg.eqtbdmzpklrgyns isa=x86 vmSafeMode=false
  • Not granting permission android.permission.REAL_GET_TASKS to package com.czybg.eqtbdmzpklrgyns (protectionLevel=18 flags=0x48be44)
false
Started Services

Simulated Events

TypeData
boot completed
  • -
time tick
  • -
incoming sms
  • 0123456789
  • this is a text message
outgoing sms
  • 9876543210
  • thank you
location change
  • 54.13
  • 12.14
incoming call
  • 0123456789
outgoing call
  • 9876543210
time tick
  • -
API: android.net.ConnectivityManager->getActiveNetworkInfo at com.czybg.eqtbdmzpklrgyns.LmcGi.xnLvoQ:17 Show source
API: android.net.ConnectivityManager->getActiveNetworkInfo at com.czybg.eqtbdmzpklrgyns.LmcGi.CyGFDR:3 Show source
API: android.net.ConnectivityManager->getActiveNetworkInfo at com.czybg.eqtbdmzpklrgyns.LmcGi.LmcGi:3 Show source
API: android.net.ConnectivityManager->getActiveNetworkInfo at ..:16 Show source
API: android.net.ConnectivityManager->getNetworkInfo at com.czybg.eqtbdmzpklrgyns.LmcGi.hZyMGHgz:8 Show source
API: android.net.wifi.WifiManager->getConnectionInfo at com.czybg.eqtbdmzpklrgyns.LmcGi.Odjrct:15 Show source
API: android.content.pm.PackageManager->setComponentEnabledSetting at com.czybg.eqtbdmzpklrgyns.DIowQgu.DiXsQ:162 Show source
API: android.app.ActivityManager->getRunningTasks at com.czybg.eqtbdmzpklrgyns.uIcqnrbS.DiXsQ:5 Show source
API: android.app.ActivityManager->getRunningTasks at com.czybg.eqtbdmzpklrgyns.HLqFdR.DiXsQ:11 Show source
API: java.net.URL->openConnection at com.czybg.eqtbdmzpklrgyns.wymvtEV.DiXsQ:20 Show source
API: java.net.URLConnection->getInputStream at com.czybg.eqtbdmzpklrgyns.Odjrct.Odjrct:1 Show source
API: android.webkit.WebView-><init> at com.czybg.eqtbdmzpklrgyns.siQFgImL.xnLvoQ:43 Show source
API: java.net.URL->openConnection at ..:1 Show source
API: java.net.URL->openConnection at com.czybg.eqtbdmzpklrgyns.dclBIK.DiXsQ:20 Show source
API: java.net.URL->openConnection at com.czybg.eqtbdmzpklrgyns.MfOxe.DiXsQ:27 Show source
API: java.net.URL->openConnection at ..:1 Show source
API: java.net.URL->openConnection at com.czybg.eqtbdmzpklrgyns.uKHWhZbq.DiXsQ:21 Show source
API: android.telephony.TelephonyManager->getDeviceId at com.czybg.eqtbdmzpklrgyns.hrYSUpo.<init>:49 Show source
API: android.telephony.TelephonyManager->getSimSerialNumber at com.czybg.eqtbdmzpklrgyns.jfIitJ.<init>:49 Show source
API: android.net.wifi.WifiManager$WifiLock->release at com.czybg.eqtbdmzpklrgyns.yCJnDqab.run:39 Show source
API: android.net.wifi.WifiManager$WifiLock->release at com.czybg.eqtbdmzpklrgyns.qwAiT.<init>:31 Show source
API: com.czybg.eqtbdmzpklrgyns.KezZERjCGv7fpQLHuQ->getPackageName at com.czybg.eqtbdmzpklrgyns.EZmcnv.<init>:3 Show source
NameTypeValue
Return Valuejava.lang.String
  • toString: com.czybg.eqtbdmzpklrgyns
API: android.app.SharedPreferencesImpl->getString at com.czybg.eqtbdmzpklrgyns.EZmcnv.xnLvoQ:7 Show source
NameTypeValue
p0java.lang.String
  • toString: kgfhjkhfshafd
p1java.lang.String
  • toString: ""
NameTypeValue
Return Valuejava.lang.String
  • toString: ""
API: android.app.SharedPreferencesImpl->getString at com.czybg.eqtbdmzpklrgyns.EZmcnv.hZyMGHgz:7 Show source
NameTypeValue
p0java.lang.String
  • toString: ttrgsvwser
p1java.lang.String
  • toString: ""
NameTypeValue
Return Valuejava.lang.String
  • toString: ""
API: com.czybg.eqtbdmzpklrgyns.MainApp->getSystemService at com.czybg.eqtbdmzpklrgyns.HLqFdR.xnLvoQ:6 Show source
NameTypeValue
p0java.lang.String
  • toString: phone
NameTypeValue
Return Valueandroid.telephony.TelephonyManager
  • toString: android.telephony.TelephonyManager@303eb5d8
API: android.telephony.TelephonyManager->getSimCountryIso at com.czybg.eqtbdmzpklrgyns.HLqFdR.xnLvoQ:13 Show source
NameTypeValue
Return Valuejava.lang.String
  • toString: ""
API: android.telephony.TelephonyManager->getPhoneType at com.czybg.eqtbdmzpklrgyns.HLqFdR.xnLvoQ:32 Show source
NameTypeValue
Return Valuejava.lang.Integer
  • toString: 0
API: android.telephony.TelephonyManager->getNetworkCountryIso at com.czybg.eqtbdmzpklrgyns.HLqFdR.xnLvoQ:36 Show source
NameTypeValue
Return Valuejava.lang.String
  • toString: ""
API: pvsaeqhpgq.zvsin->getSystemService at com.czybg.eqtbdmzpklrgyns.HLqFdR.LmcGi:3 Show source
NameTypeValue
p0java.lang.String
  • toString: device_policy
NameTypeValue
Return Valueandroid.app.admin.DevicePolicyManager
  • toString: android.app.admin.DevicePolicyManager@1f2c60aa
API: pvsaeqhpgq.zvsin->getPackageName at com.czybg.eqtbdmzpklrgyns.HLqFdR.LmcGi:29 Show source
NameTypeValue
Return Valuejava.lang.String
  • toString: com.czybg.eqtbdmzpklrgyns
API: pvsaeqhpgq.zvsin->getSystemService at com.czybg.eqtbdmzpklrgyns.HLqFdR.LmcGi:3 Show source
NameTypeValue
p0java.lang.String
  • toString: device_policy
NameTypeValue
Return Valueandroid.app.admin.DevicePolicyManager
  • toString: android.app.admin.DevicePolicyManager@1f2c60aa
API: pvsaeqhpgq.zvsin->getPackageName at com.czybg.eqtbdmzpklrgyns.HLqFdR.LmcGi:29 Show source
NameTypeValue
Return Valuejava.lang.String
  • toString: com.czybg.eqtbdmzpklrgyns
API: com.czybg.eqtbdmzpklrgyns.KezZERjCGv7fpQLHuQ->startService at com.czybg.eqtbdmzpklrgyns.KezZERjCGv7fpQLHuQ.onCreate:47 Show source
NameTypeValue
p0android.content.Intent
  • toString: Intent { cmp=com.czybg.eqtbdmzpklrgyns/.Vdptsq.MCq9ggDf53Iz0h }
NameTypeValue
Return Valueandroid.content.ComponentName
  • toString: ComponentInfo{com.czybg.eqtbdmzpklrgyns/com.czybg.eqtbdmzpklrgyns.Vdptsq.MCq9ggDf53Iz0h}
API: com.czybg.eqtbdmzpklrgyns.EZmcnv->xnLvoQ at com.czybg.eqtbdmzpklrgyns.KezZERjCGv7fpQLHuQ.onStartCommand:7 Show source
NameTypeValue
Return Valuejava.lang.String
  • toString: ""
API: android.content.Intent->getStringExtra at com.czybg.eqtbdmzpklrgyns.KezZERjCGv7fpQLHuQ.onStartCommand:16 Show source
NameTypeValue
p0java.lang.String
  • toString: tag
NameTypeValue
Return Valuejava.lang.String
  • toString: default
API: com.czybg.eqtbdmzpklrgyns.EZmcnv->hZyMGHgz at com.czybg.eqtbdmzpklrgyns.KezZERjCGv7fpQLHuQ.onStartCommand:25 Show source
NameTypeValue
Return Valuejava.lang.String
  • toString: ""
API: android.content.Intent->getStringExtra at com.czybg.eqtbdmzpklrgyns.KezZERjCGv7fpQLHuQ.onStartCommand:34 Show source
NameTypeValue
p0java.lang.String
  • toString: sdkId
NameTypeValue
Return Valuejava.lang.String
  • toString: szzRas4x
API: android.content.Intent->putExtra at com.czybg.eqtbdmzpklrgyns.MultiLoader.service:12 Show source
NameTypeValue
p0java.lang.String
  • toString: tag
p1java.lang.String
  • toString: default
NameTypeValue
Return Valueandroid.content.Intent
  • toString: Intent { cmp=com.czybg.eqtbdmzpklrgyns/.KezZERjCGv7fpQLHuQ (has extras) }
API: android.content.Intent->putExtra at com.czybg.eqtbdmzpklrgyns.MultiLoader.service:17 Show source
NameTypeValue
p0java.lang.String
  • toString: sdkId
p1java.lang.String
  • toString: szzRas4x
NameTypeValue
Return Valueandroid.content.Intent
  • toString: Intent { cmp=com.czybg.eqtbdmzpklrgyns/.KezZERjCGv7fpQLHuQ (has extras) }
API: com.czybg.eqtbdmzpklrgyns.MainApp->startService at com.czybg.eqtbdmzpklrgyns.MultiLoader.service:19 Show source
NameTypeValue
p0android.content.Intent
  • toString: Intent { cmp=com.czybg.eqtbdmzpklrgyns/.KezZERjCGv7fpQLHuQ (has extras) }
NameTypeValue
Return Valueandroid.content.ComponentName
  • toString: ComponentInfo{com.czybg.eqtbdmzpklrgyns/com.czybg.eqtbdmzpklrgyns.KezZERjCGv7fpQLHuQ}
API: com.czybg.eqtbdmzpklrgyns.KezZERjCGv7fpQLHuQ->getApplicationContext at com.czybg.eqtbdmzpklrgyns.QsRifJa.<init>:4 Show source
NameTypeValue
Return Valuepvsaeqhpgq.zvsin
  • toString: pvsaeqhpgq.zvsin@15460b30
API: android.content.Intent->getAction at com.czybg.eqtbdmzpklrgyns.QsRifJa.DiXsQ:5 Show source
NameTypeValue
Return Valuenull
  • toString: null
API: android.app.SharedPreferencesImpl->getString at com.czybg.eqtbdmzpklrgyns.XpiFj.DiXsQ:10 Show source
NameTypeValue
p0java.lang.String
  • toString: 255251
p1java.lang.String
  • toString: ""
NameTypeValue
Return Valuejava.lang.String
  • toString: ""
API: pvsaeqhpgq.zvsin->getSystemService at com.czybg.eqtbdmzpklrgyns.hekJfDg.<init>:84 Show source
NameTypeValue
p0java.lang.String
  • toString: device_policy
NameTypeValue
Return Valueandroid.app.admin.DevicePolicyManager
  • toString: android.app.admin.DevicePolicyManager@1f2c60aa
API: android.app.admin.DevicePolicyManager->isAdminActive at com.czybg.eqtbdmzpklrgyns.hekJfDg.DiXsQ:10 Show source
NameTypeValue
whoandroid.content.ComponentName
  • toString: ComponentInfo{com.czybg.eqtbdmzpklrgyns/com.czybg.eqtbdmzpklrgyns.BYdZZAIwCWFdZwW}
NameTypeValue
Return Valuejava.lang.Boolean
  • toString: false
API: pvsaeqhpgq.zvsin->getApplicationContext at com.czybg.eqtbdmzpklrgyns.hekJfDg.DiXsQ:34 Show source
NameTypeValue
Return Valuepvsaeqhpgq.zvsin
  • toString: pvsaeqhpgq.zvsin@15460b30
API: android.content.Intent->putExtra at com.czybg.eqtbdmzpklrgyns.hekJfDg.DiXsQ:12 Show source
NameTypeValue
p0java.lang.String
  • toString: computer
p1com.czybg.eqtbdmzpklrgyns.uIcqnrbS
  • toString: com.czybg.eqtbdmzpklrgyns.uIcqnrbS@3a498c13
NameTypeValue
Return Valueandroid.content.Intent
  • toString: Intent { cmp=com.czybg.eqtbdmzpklrgyns/.FooVJESlkd1K (has extras) }
API: pvsaeqhpgq.zvsin->startActivity at com.czybg.eqtbdmzpklrgyns.hekJfDg.DiXsQ:20 Show source
NameTypeValue
p0android.content.Intent
  • toString: Intent { cmp=com.czybg.eqtbdmzpklrgyns/.FooVJESlkd1K (has extras) }
API: pvsaeqhpgq.zvsin->getPackageName at com.czybg.eqtbdmzpklrgyns.qwAiT.<init>:19 Show source
NameTypeValue
Return Valuejava.lang.String
  • toString: com.czybg.eqtbdmzpklrgyns
API: pvsaeqhpgq.zvsin->getSystemService at com.czybg.eqtbdmzpklrgyns.qwAiT.<init>:35 Show source
NameTypeValue
p0java.lang.String
  • toString: wifi
NameTypeValue
Return Valueandroid.net.wifi.WifiManager
  • toString: android.net.wifi.WifiManager@31a7589e
API: pvsaeqhpgq.zvsin->getSystemService at com.czybg.eqtbdmzpklrgyns.qwAiT.<init>:60 Show source
NameTypeValue
p0java.lang.String
  • toString: power
NameTypeValue
Return Valueandroid.os.PowerManager
  • toString: android.os.PowerManager@2cca7b4c
API: pvsaeqhpgq.zvsin->getApplicationContext at com.czybg.eqtbdmzpklrgyns.qwAiT.DiXsQ:15 Show source
NameTypeValue
Return Valuepvsaeqhpgq.zvsin
  • toString: pvsaeqhpgq.zvsin@15460b30
API: pvsaeqhpgq.zvsin->getApplicationContext at com.czybg.eqtbdmzpklrgyns.qwAiT.DiXsQ:24 Show source
NameTypeValue
Return Valuepvsaeqhpgq.zvsin
  • toString: pvsaeqhpgq.zvsin@15460b30
API: pvsaeqhpgq.zvsin->getSystemService at com.czybg.eqtbdmzpklrgyns.qwAiT.DiXsQ:29 Show source
NameTypeValue
p0java.lang.String
  • toString: alarm
NameTypeValue
Return Valueandroid.app.AlarmManager
  • toString: android.app.AlarmManager@eca0038
API: pvsaeqhpgq.zvsin->getApplicationContext at com.czybg.eqtbdmzpklrgyns.qwAiT.DiXsQ:15 Show source
NameTypeValue
Return Valuepvsaeqhpgq.zvsin
  • toString: pvsaeqhpgq.zvsin@15460b30
API: pvsaeqhpgq.zvsin->getApplicationContext at com.czybg.eqtbdmzpklrgyns.qwAiT.DiXsQ:24 Show source
NameTypeValue
Return Valuepvsaeqhpgq.zvsin
  • toString: pvsaeqhpgq.zvsin@15460b30
API: pvsaeqhpgq.zvsin->getSystemService at com.czybg.eqtbdmzpklrgyns.qwAiT.DiXsQ:29 Show source
NameTypeValue
p0java.lang.String
  • toString: alarm
NameTypeValue
Return Valueandroid.app.AlarmManager
  • toString: android.app.AlarmManager@eca0038
API: java.io.File-><init> at etxtfvw.cqwwrwk.attachBaseContext:5 Show source
NameTypeValue
p0java.lang.String
  • toString: /system/framework/XposedBridge.jar
NameTypeValue
Return Valuejava.io.File
  • toString: /system/framework/XposedBridge.jar
API: java.io.File->exists at etxtfvw.cqwwrwk.YVAFbUcSQ:92 Show source
NameTypeValue
Return Valuejava.lang.Boolean
  • toString: false
API: etxtfvw.cqwwrwk->YVAFbUcSQ at etxtfvw.cqwwrwk.attachBaseContext:5 Show source
NameTypeValue
Return Valuejava.lang.Boolean
  • toString: false
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@2930bfa6
  • $1: YRkFJMV
  • $2: 59526B464A4D56
NameTypeValue
Return Valuejava.lang.String
  • toString: YRkFJMV
API: java.lang.Class->getDeclaredMethod at etxtfvw.cqwwrwk.attachBaseContext:25 Show source
NameTypeValue
p0java.lang.String
  • toString: YRkFJMV
p1[Ljava.lang.Class;
  • toString: [Ljava.lang.Class;@1f308d94
NameTypeValue
Return Valuejava.lang.reflect.Method
  • toString: private void etxtfvw.cqwwrwk.YRkFJMV()
  • getName: YRkFJMV
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@3d94f183
  • $1: android.content.res.AssetManager
  • $2: 616E64726F69642E636F6E74656E742E7265732E41737365744D616E61676572
NameTypeValue
Return Valuejava.lang.String
  • toString: android.content.res.AssetManager
API: java.lang.Class->forName at etxtfvw.cqwwrwk.YRkFJMV:9 Show source
NameTypeValue
p0java.lang.String
  • toString: android.content.res.AssetManager
NameTypeValue
Return Valuejava.lang.Class
  • toString: class android.content.res.AssetManager
  • getName: android.content.res.AssetManager
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@42b22df
  • $1: open
  • $2: 6F70656E
NameTypeValue
Return Valuejava.lang.String
  • toString: open
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@ba589f5
  • $1: java.lang.String
  • $2: 6A6176612E6C616E672E537472696E67
NameTypeValue
Return Valuejava.lang.String
  • toString: java.lang.String
API: java.lang.Class->forName at etxtfvw.cqwwrwk.YRkFJMV:31 Show source
NameTypeValue
p0java.lang.String
  • toString: java.lang.String
NameTypeValue
Return Valuejava.lang.Class
  • toString: class java.lang.String
  • getName: java.lang.String
API: java.lang.Class->getMethod at etxtfvw.cqwwrwk.YRkFJMV:35 Show source
NameTypeValue
p0java.lang.String
  • toString: open
p1[Ljava.lang.Class;
  • toString: [Ljava.lang.Class;@10ff9e18
  • Arrays.toString: [class java.lang.String]
NameTypeValue
Return Valuejava.lang.reflect.Method
  • toString: public final java.io.InputStream android.content.res.AssetManager.open(java.lang.String) throws java.io.IOException
  • getName: open
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@15908ed7
  • $1: getAssets
  • $2: 676574417373657473
NameTypeValue
Return Valuejava.lang.String
  • toString: getAssets
API: java.lang.Class->getMethod at etxtfvw.cqwwrwk.YRkFJMV:52 Show source
NameTypeValue
p0java.lang.String
  • toString: getAssets
p1[Ljava.lang.Class;
  • toString: [Ljava.lang.Class;@342202ad
NameTypeValue
Return Valuejava.lang.reflect.Method
  • toString: public android.content.res.AssetManager android.content.ContextWrapper.getAssets()
  • getName: getAssets
API: etxtfvw.cqwwrwk->getAssets at etxtfvw.cqwwrwk.YRkFJMV:62 Show source
NameTypeValue
Return Valueandroid.content.res.AssetManager
  • toString: android.content.res.AssetManager@b801830
API: java.lang.reflect.Method->invoke at etxtfvw.cqwwrwk.YRkFJMV:62 Show source
NameTypeValue
p0etxtfvw.cqwwrwk
  • toString: etxtfvw.cqwwrwk@32c17d93
p1[Ljava.lang.Object;
  • toString: [Ljava.lang.Object;@36e54173
NameTypeValue
Return Valueandroid.content.res.AssetManager
  • toString: android.content.res.AssetManager@b801830
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@852e22e
  • $1: UMQrTOWqmLF
  • $2: 554D5172544F57716D4C46
NameTypeValue
Return Valuejava.lang.String
  • toString: UMQrTOWqmLF
API: android.content.res.AssetManager->open at etxtfvw.cqwwrwk.YRkFJMV:78 Show source
NameTypeValue
fileNamejava.lang.Object
  • toString: UMQrTOWqmLF
NameTypeValue
Return Valueandroid.content.res.AssetManager$AssetInputStream
  • toString: android.content.res.AssetManager$AssetInputStream@29c881cf
API: java.lang.reflect.Method->invoke at etxtfvw.cqwwrwk.YRkFJMV:78 Show source
NameTypeValue
p0android.content.res.AssetManager
  • toString: android.content.res.AssetManager@b801830
p1[Ljava.lang.Object;
  • toString: [Ljava.lang.Object;@1706875c
  • Arrays.toString: [UMQrTOWqmLF]
NameTypeValue
Return Valueandroid.content.res.AssetManager$AssetInputStream
  • toString: android.content.res.AssetManager$AssetInputStream@29c881cf
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@132ef33a
  • $1: available
  • $2: 617661696C61626C65
NameTypeValue
Return Valuejava.lang.String
  • toString: available
API: java.lang.Class->getMethod at etxtfvw.cqwwrwk.YRkFJMV:95 Show source
NameTypeValue
p0java.lang.String
  • toString: available
p1[Ljava.lang.Class;
  • toString: [Ljava.lang.Class;@3526b7e1
NameTypeValue
Return Valuejava.lang.reflect.Method
  • toString: public final int android.content.res.AssetManager$AssetInputStream.available() throws java.io.IOException
  • getName: available
API: android.content.res.AssetManager$AssetInputStream->available at etxtfvw.cqwwrwk.YRkFJMV:105 Show source
NameTypeValue
Return Valuejava.lang.Integer
  • toString: 581760
API: java.lang.reflect.Method->invoke at etxtfvw.cqwwrwk.YRkFJMV:105 Show source
NameTypeValue
p0android.content.res.AssetManager$AssetInputStream
  • toString: android.content.res.AssetManager$AssetInputStream@29c881cf
p1[Ljava.lang.Object;
  • toString: [Ljava.lang.Object;@9bcdbc7
NameTypeValue
Return Valuejava.lang.Integer
  • toString: 581760
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@b1caf92
  • $1: java.io.File
  • $2: 6A6176612E696F2E46696C65
NameTypeValue
Return Valuejava.lang.String
  • toString: java.io.File
API: java.lang.Class->forName at etxtfvw.cqwwrwk.YRkFJMV:121 Show source
NameTypeValue
p0java.lang.String
  • toString: java.io.File
NameTypeValue
Return Valuejava.lang.Class
  • toString: class java.io.File
  • getName: java.io.File
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@27d232de
  • $1: java.lang.String
  • $2: 6A6176612E6C616E672E537472696E67
NameTypeValue
Return Valuejava.lang.String
  • toString: java.lang.String
API: java.lang.Class->forName at etxtfvw.cqwwrwk.YRkFJMV:136 Show source
NameTypeValue
p0java.lang.String
  • toString: java.lang.String
NameTypeValue
Return Valuejava.lang.Class
  • toString: class java.lang.String
  • getName: java.lang.String
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@26326d5
  • $1: getFilesDir
  • $2: 67657446696C6573446972
NameTypeValue
Return Valuejava.lang.String
  • toString: getFilesDir
API: java.lang.Class->getMethod at etxtfvw.cqwwrwk.YRkFJMV:170 Show source
NameTypeValue
p0java.lang.String
  • toString: getFilesDir
p1[Ljava.lang.Class;
  • toString: [Ljava.lang.Class;@30ad25db
NameTypeValue
Return Valuejava.lang.reflect.Method
  • toString: public java.io.File android.content.ContextWrapper.getFilesDir()
  • getName: getFilesDir
API: etxtfvw.cqwwrwk->getFilesDir at etxtfvw.cqwwrwk.YRkFJMV:180 Show source
NameTypeValue
Return Valuejava.io.File
  • toString: /data/data/com.czybg.eqtbdmzpklrgyns/files
API: java.lang.reflect.Method->invoke at etxtfvw.cqwwrwk.YRkFJMV:180 Show source
NameTypeValue
p0etxtfvw.cqwwrwk
  • toString: etxtfvw.cqwwrwk@32c17d93
p1[Ljava.lang.Object;
  • toString: [Ljava.lang.Object;@1e3c5b51
NameTypeValue
Return Valuejava.io.File
  • toString: /data/data/com.czybg.eqtbdmzpklrgyns/files
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@34ce44b7
  • $1: java.io.File
  • $2: 6A6176612E696F2E46696C65
NameTypeValue
Return Valuejava.lang.String
  • toString: java.io.File
API: java.lang.Class->forName at etxtfvw.cqwwrwk.YRkFJMV:193 Show source
NameTypeValue
p0java.lang.String
  • toString: java.io.File
NameTypeValue
Return Valuejava.lang.Class
  • toString: class java.io.File
  • getName: java.io.File
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@4ac2142
  • $1: separator
  • $2: 736570617261746F72
NameTypeValue
Return Valuejava.lang.String
  • toString: separator
API: java.lang.reflect.Field->get at etxtfvw.cqwwrwk.YRkFJMV:207 Show source
NameTypeValue
p0null
  • toString: null
NameTypeValue
Return Valuejava.lang.String
  • toString: /
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@2ddf0f8e
  • $1: cls.dex
  • $2: 636C732E646578
NameTypeValue
Return Valuejava.lang.String
  • toString: cls.dex
API: java.lang.reflect.Constructor->newInstance at etxtfvw.cqwwrwk.YRkFJMV:227 Show source
NameTypeValue
p0java.lang.String
  • toString: /data/data/com.czybg.eqtbdmzpklrgyns/files/cls.dex
NameTypeValue
Return Valuejava.io.File
  • toString: /data/data/com.czybg.eqtbdmzpklrgyns/files/cls.dex
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@1a7f3bcb
  • $1: createNewFile
  • $2: 6372656174654E657746696C65
NameTypeValue
Return Valuejava.lang.String
  • toString: createNewFile
API: java.lang.Class->getMethod at etxtfvw.cqwwrwk.YRkFJMV:244 Show source
NameTypeValue
p0java.lang.String
  • toString: createNewFile
p1[Ljava.lang.Class;
  • toString: [Ljava.lang.Class;@2879bac1
NameTypeValue
Return Valuejava.lang.reflect.Method
  • toString: public boolean java.io.File.createNewFile() throws java.io.IOException
  • getName: createNewFile
API: java.io.File->createNewFile at etxtfvw.cqwwrwk.YRkFJMV:254 Show source
NameTypeValue
Return Valuejava.lang.Boolean
  • toString: true
API: java.lang.reflect.Method->invoke at etxtfvw.cqwwrwk.YRkFJMV:254 Show source
NameTypeValue
p0java.io.File
  • toString: /data/data/com.czybg.eqtbdmzpklrgyns/files/cls.dex
p1[Ljava.lang.Object;
  • toString: [Ljava.lang.Object;@1843c9a7
NameTypeValue
Return Valuejava.lang.Boolean
  • toString: true
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@d935ef2
  • $1: read
  • $2: 72656164
NameTypeValue
Return Valuejava.lang.String
  • toString: read
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@58f9bc0
  • $1: [B
  • $2: 5B42
NameTypeValue
Return Valuejava.lang.String
  • toString: [B
API: java.lang.Class->forName at etxtfvw.cqwwrwk.YRkFJMV:278 Show source
NameTypeValue
p0java.lang.String
  • toString: [B
NameTypeValue
Return Valuejava.lang.Class
  • toString: class [B
  • getName: [B
API: java.lang.Class->getMethod at etxtfvw.cqwwrwk.YRkFJMV:282 Show source
NameTypeValue
p0java.lang.String
  • toString: read
p1[Ljava.lang.Class;
  • toString: [Ljava.lang.Class;@18ae469f
  • Arrays.toString: [class [B]
NameTypeValue
Return Valuejava.lang.reflect.Method
  • toString: public final int android.content.res.AssetManager$AssetInputStream.read(byte[]) throws java.io.IOException
  • getName: read
API: android.content.res.AssetManager$AssetInputStream->read at etxtfvw.cqwwrwk.YRkFJMV:294 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@11bbda4a
NameTypeValue
Return Valuejava.lang.Integer
  • toString: 581760
API: java.lang.reflect.Method->invoke at etxtfvw.cqwwrwk.YRkFJMV:294 Show source
NameTypeValue
p0android.content.res.AssetManager$AssetInputStream
  • toString: android.content.res.AssetManager$AssetInputStream@29c881cf
p1[Ljava.lang.Object;
  • toString: [Ljava.lang.Object;@3870b3b5
  • Arrays.toString: [[B@11bbda4a]
NameTypeValue
Return Valuejava.lang.Integer
  • toString: 581760
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@3b45d631
  • $1: close
  • $2: 636C6F7365
NameTypeValue
Return Valuejava.lang.String
  • toString: close
API: java.lang.Class->getMethod at etxtfvw.cqwwrwk.YRkFJMV:310 Show source
NameTypeValue
p0java.lang.String
  • toString: close
p1[Ljava.lang.Class;
  • toString: [Ljava.lang.Class;@135c6a97
NameTypeValue
Return Valuejava.lang.reflect.Method
  • toString: public final void android.content.res.AssetManager$AssetInputStream.close() throws java.io.IOException
  • getName: close
API: android.content.res.AssetManager$AssetInputStream->close at etxtfvw.cqwwrwk.YRkFJMV:320 Show source
NameTypeValue
Return Valuenull
  • toString: null
API: java.lang.reflect.Method->invoke at etxtfvw.cqwwrwk.YRkFJMV:320 Show source
NameTypeValue
p0android.content.res.AssetManager$AssetInputStream
  • toString: android.content.res.AssetManager$AssetInputStream@29c881cf
p1[Ljava.lang.Object;
  • toString: [Ljava.lang.Object;@3e70a46d
NameTypeValue
Return Valuenull
  • toString: null
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@19f31933
  • $1: CNLldGq
  • $2: 434E4C6C644771
NameTypeValue
Return Valuejava.lang.String
  • toString: CNLldGq
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@e001a69
  • $1: [B
  • $2: 5B42
NameTypeValue
Return Valuejava.lang.String
  • toString: [B
API: java.lang.Class->forName at etxtfvw.cqwwrwk.YRkFJMV:344 Show source
NameTypeValue
p0java.lang.String
  • toString: [B
NameTypeValue
Return Valuejava.lang.Class
  • toString: class [B
  • getName: [B
API: java.lang.Class->getMethod at etxtfvw.cqwwrwk.YRkFJMV:348 Show source
NameTypeValue
p0java.lang.String
  • toString: CNLldGq
p1[Ljava.lang.Class;
  • toString: [Ljava.lang.Class;@5c0f01c
  • Arrays.toString: [class [B]
NameTypeValue
Return Valuejava.lang.reflect.Method
  • toString: public [B etxtfvw.cqwwrwk.CNLldGq(byte[])
  • getName: CNLldGq
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@266e7bab
  • $1: getPackageManager
  • $2: 6765745061636B6167654D616E61676572
NameTypeValue
Return Valuejava.lang.String
  • toString: getPackageManager
API: java.lang.reflect.Method->invoke at etxtfvw.cqwwrwk.CNLldGq:18 Show source
NameTypeValue
p0etxtfvw.cqwwrwk
  • toString: etxtfvw.cqwwrwk@32c17d93
p1[Ljava.lang.Object;
  • toString: [Ljava.lang.Object;@25c7ada1
NameTypeValue
Return Valueandroid.app.ApplicationPackageManager
  • toString: android.app.ApplicationPackageManager@18722bc6
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@85126b4
  • $1: getPackageInfo
  • $2: 6765745061636B616765496E666F
NameTypeValue
Return Valuejava.lang.String
  • toString: getPackageInfo
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@34553e52
  • $1: java.lang.String
  • $2: 6A6176612E6C616E672E537472696E67
NameTypeValue
Return Valuejava.lang.String
  • toString: java.lang.String
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@2633fa20
  • $1: getPackageManager
  • $2: 6765745061636B6167654D616E61676572
NameTypeValue
Return Valuejava.lang.String
  • toString: getPackageManager
API: java.lang.reflect.Method->invoke at etxtfvw.cqwwrwk.CNLldGq:63 Show source
NameTypeValue
p0etxtfvw.cqwwrwk
  • toString: etxtfvw.cqwwrwk@32c17d93
p1[Ljava.lang.Object;
  • toString: [Ljava.lang.Object;@be4ed9e
NameTypeValue
Return Valueandroid.app.ApplicationPackageManager
  • toString: android.app.ApplicationPackageManager@18722bc6
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@5ae984c
  • $1: getPackageName
  • $2: 6765745061636B6167654E616D65
NameTypeValue
Return Valuejava.lang.String
  • toString: getPackageName
API: java.lang.reflect.Method->invoke at etxtfvw.cqwwrwk.CNLldGq:84 Show source
NameTypeValue
p0etxtfvw.cqwwrwk
  • toString: etxtfvw.cqwwrwk@32c17d93
p1[Ljava.lang.Object;
  • toString: [Ljava.lang.Object;@282e45aa
NameTypeValue
Return Valuejava.lang.String
  • toString: com.czybg.eqtbdmzpklrgyns
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@ee64111
  • $1: android.content.pm.PackageManager
  • $2: 616E64726F69642E636F6E74656E742E706D2E5061636B6167654D616E61676572
NameTypeValue
Return Valuejava.lang.String
  • toString: android.content.pm.PackageManager
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@2330077
  • $1: GET_SIGNATURES
  • $2: 4745545F5349474E415455524553
NameTypeValue
Return Valuejava.lang.String
  • toString: GET_SIGNATURES
API: android.content.pm.PackageManager->getPackageInfo at etxtfvw.cqwwrwk.CNLldGq:110 Show source
NameTypeValue
packageNamejava.lang.String
  • toString: com.czybg.eqtbdmzpklrgyns
flagsjava.lang.Integer
  • toString: 64
NameTypeValue
Return Valueandroid.content.pm.PackageInfo
  • toString: PackageInfo{29f81468 com.czybg.eqtbdmzpklrgyns}
API: java.lang.reflect.Method->invoke at etxtfvw.cqwwrwk.CNLldGq:110 Show source
NameTypeValue
p0android.app.ApplicationPackageManager
  • toString: android.app.ApplicationPackageManager@18722bc6
p1[Ljava.lang.Object;
  • toString: [Ljava.lang.Object;@b30526
  • Arrays.toString: [com.czybg.eqtbdmzpklrgyns, 64]
NameTypeValue
Return Valueandroid.content.pm.PackageInfo
  • toString: PackageInfo{29f81468 com.czybg.eqtbdmzpklrgyns}
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@1c6e0f14
  • $1: signatures
  • $2: 7369676E617475726573
NameTypeValue
Return Valuejava.lang.String
  • toString: signatures
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@24ba4db2
  • $1: toByteArray
  • $2: 746F427974654172726179
NameTypeValue
Return Valuejava.lang.String
  • toString: toByteArray
API: java.lang.reflect.Method->invoke at etxtfvw.cqwwrwk.CNLldGq:150 Show source
NameTypeValue
p0android.content.pm.Signature
  • toString: android.content.pm.Signature@d52195d5
p1[Ljava.lang.Object;
  • toString: [Ljava.lang.Object;@1fb5ceb9
NameTypeValue
Return Valuejava.lang.Object
  • toString: [B@17b92fe
  • $1: 050;~0*H0J10UUS10UUS10UUS10UUS10U10U0 171022132839Z21540914132839Z0J10UUS10UUS10UUS10UUS10U10U0"0*H0WX^jOK'x`CNG':QtC|pU1!},O?|:>.T3*ov]F#1oQ~+!'GyVo): UyM[52:~V$&] \CBv)J#=. NNkx=FoR]ro`j:>oX"sHZc)!00Uu.2:.'<[0*HWGTZH+Cc;jM?R)+VmPNAdG3"zh1znUjuYc\
  • $2: 308203353082021DA0030201020204063B7E16300D06092A864886F70D01010B0500304A310B3009060355040613025553310B3009060355040813025553310B3009060355040713025553310B3009060355040A1302555331093007060355040B130031093007060355040313003020170D3137313032323133323833395A180F32313534303931343133323833395A304A310B3009060355040613025553310B3009060355040813025553310B3009060355040713025553310B3009060355040A1302555331093007060355040B1300310930070603550403130030820122300D06092A864886F70D01010105000382010F003082010A0282010100B5570A585EFEF8E96A4F064B2778B1F7AFAE8CA78809A89C604308F794B84E47273AD21BF1517443ECFA7C70FC0C5592E9F131B2217D2CD4B14FA83F9B7C3A1CFEDB3ED42EFFD2C85433017FE0812AFDB91EA7BCD3F4EF6F7613E6E5E95D46F923316F86958EDBB8F4A751A5D1BF7ED22BC82127477956D4D7C0D08119F9D2EF9F6F29CA3A20BA5503B6798AD1E789BE4DC7C8F90CB3065BD135FE9C323A7E56EBCC2489E0265DCA20C3B35C434276294A84230EBEF4EC3D9AF1A5868A9B2E109820014EA1DF4E6BA818A3D18C78B7BB1617A014103D466F52C2905DEFE3726FCCBAB960C30B6AB13ABC3EB10E6FE7EC58FD22731C489809B8A75AE0E1E06329020301
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@6b42cac
  • $1: BROqnOXwFKWnWc
  • $2: 42524F716E4F5877464B576E5763
NameTypeValue
Return Valuejava.lang.String
  • toString: BROqnOXwFKWnWc
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@1379e10a
  • $1: [B
  • $2: 5B42
NameTypeValue
Return Valuejava.lang.String
  • toString: [B
API: java.lang.String-><init> at etxtfvw.cqwwrwk.unFeJNljZsjaw:43 Show source
NameTypeValue
p0java.lang.Object
  • toString: [B@1e8d6798
  • $1: MD5
  • $2: 4D4435