Loading ...

Play interactive tourEdit tour

Analysis Report aligned.xbot_repacked.apk

Overview

General Information

Joe Sandbox Version:28.0.0 Lapis Lazuli
Analysis ID:215201
Start date:13.03.2020
Start time:02:44:57
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 2m 15s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:aligned.xbot_repacked.apk
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 6.0
APK Instrumentation enabled:true
Detection:MAL
Classification:mal48.andAPK@0/251@0/0
Warnings:
Show All
  • Excluded IPs from analysis (whitelisted): 216.58.201.110, 172.217.23.238, 216.58.201.78, 172.217.23.195, 74.125.133.188, 172.217.23.202, 173.194.182.233, 216.58.201.106, 172.217.23.234
  • Excluded domains from analysis (whitelisted): android.clients.google.com, android.l.google.com, mobile-gtalk.l.google.com, connectivitycheck.gstatic.com, firebaseinstallations.googleapis.com, dl.google.com, cloudconfig.googleapis.com, r4---sn-4g5e6nsz.gvt1.com, play.googleapis.com, r4.sn-4g5e6nsz.gvt1.com, www.gstatic.com, digitalassetlinks.googleapis.com, mtalk.google.com
  • No dynamic data available
  • No interacted views
  • No simulation commands forwarded to apk
  • Not all non-executed APIs are in report
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.
Errors:
  • Setup command "_JBInstallAPK" failed: INSTALL_FAILED_INVALID_APK

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold480 - 100falsemalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification Spiderchart

Analysis Advice

Unable to instrument or execute APK, no dynamic information has been logged



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Remote ManagementWinlogon Helper DLLPort MonitorsFile System Logical OffsetsCredential DumpingSystem Network Connections Discovery1Application Deployment SoftwareAccess Contact List1Data CompressedStandard Cryptographic Protocol1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingSystem Information Discovery1Remote ServicesNetwork Information Discovery1Exfiltration Over Other Network MediumStandard Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureProcess Discovery1Windows Remote ManagementData from Network Shared DriveAutomated ExfiltrationCustom Cryptographic ProtocolExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Signature Overview

Click to jump to signature section


AV Detection:

barindex
Antivirus detection for sampleShow sources
Source: aligned.xbot_repacked.apkAvira: detection malicious, Label: ANDROID/Haynu.DEA.Gen

Privilege Escalation:

barindex
Checks if the device administrator is activeShow sources
Source: com.xbot.core.RunService;->isAdminActive:94API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: org.merry.core.RunService;->isAdminActive:94API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: org.luckybird.core.RunService;->isAdminActive:94API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: org.verywell.kernel.RunService;->isAdminActive:94API Call: android.app.admin.DevicePolicyManager.isAdminActive
Tries to add a new device administratorShow sources
Source: com.xbot.core.AdminActivity;->Launch:4API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN
Source: org.merry.core.AdminActivity;->Launch:4API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN
Source: org.luckybird.core.AdminActivity;->Launch:4API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN
Source: org.verywell.kernel.AdminActivity;->Launch:4API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN
Source: Lcom/xbot/core/AdminActivity;->Launch(Ljava/lang/Boolean;)VMethod string: "android.app.action.ADD_DEVICE_ADMIN"
Source: Lorg/merry/core/AdminActivity;->Launch(Ljava/lang/Boolean;)VMethod string: "android.app.action.ADD_DEVICE_ADMIN"
Source: Lorg/luckybird/core/AdminActivity;->Launch(Ljava/lang/Boolean;)VMethod string: "android.app.action.ADD_DEVICE_ADMIN"
Source: Lorg/verywell/kernel/AdminActivity;->Launch(Ljava/lang/Boolean;)VMethod string: "android.app.action.ADD_DEVICE_ADMIN"

Spreading:

barindex
Accesses external storage locationShow sources
Source: com.xbot.core.Log;->init:4API Call: android.os.Environment.getExternalStorageDirectory
Source: org.merry.core.Log;->init:4API Call: android.os.Environment.getExternalStorageDirectory
Source: org.luckybird.core.Log;->init:4API Call: android.os.Environment.getExternalStorageDirectory
Source: org.verywell.kernel.Log;->init:4API Call: android.os.Environment.getExternalStorageDirectory

Networking:

barindex
Checks an internet connection is availableShow sources
Source: com.xbot.core.tools.NetworkState;->isOnline:4API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.xbot.core.tools.NetworkState;->isOnline:5API Call: android.net.NetworkInfo.isConnected
Source: org.merry.core.utilities.NetworkState;->isOnline:4API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: org.merry.core.utilities.NetworkState;->isOnline:5API Call: android.net.NetworkInfo.isConnected
Source: org.verywell.kernel.utilities.NetworkState;->isOnline:4API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: org.verywell.kernel.utilities.NetworkState;->isOnline:5API Call: android.net.NetworkInfo.isConnected
Source: org.luckybird.core.utilities.NetworkState;->isOnline:4API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: org.luckybird.core.utilities.NetworkState;->isOnline:5API Call: android.net.NetworkInfo.isConnected
Opens an internet connectionShow sources
Source: com.esotericsoftware.kryonet.TcpConnection;->connect:49API Call: java.net.Socket.connect (not executed)
Source: org.mozilla.javascript.commonjs.module.provider.UrlModuleSourceProvider;->openUrlConnection:58API Call: java.net.URL.openConnection (not executed)
Source: org.mozilla.javascript.tools.SourceReader;->readFileOrUrl:8API Call: java.net.URL.openConnection (not executed)
Performs DNS lookups (Java API)Show sources
Source: com.google.gson.internal.bind.TypeAdapters$20;->read:7API Call: java.net.InetAddress.getByName (not executed)
Source: com.esotericsoftware.kryonet.Client;->connect:46API Call: java.net.InetAddress.getByName (not executed)
Source: com.esotericsoftware.kryonet.Client;->connect:48API Call: java.net.InetAddress.getByName (not executed)
Source: com.xbot.core.tools.NetworkState;->ping:8API Call: java.net.InetAddress.getByName (not executed)
Source: org.merry.core.utilities.NetworkState;->ping:8API Call: java.net.InetAddress.getByName (not executed)
Source: org.verywell.kernel.utilities.NetworkState;->ping:8API Call: java.net.InetAddress.getByName (not executed)
Source: org.luckybird.core.utilities.NetworkState;->ping:8API Call: java.net.InetAddress.getByName (not executed)
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.99
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.99
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.99
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.99
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.201.74
Urls found in memory or binary dataShow sources
Source: classes.dex, androidString found in binary or memory: http://192.227.137.154/request.php
Source: classes.dex, androidString found in binary or memory: http://23.227.163.110/locker.php
Source: Messages_fr.properties, LICENSE.txtString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: main.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Uses HTTP for connecting to the internetShow sources
Source: com.xbot.core.Network;->postParams:126API Call: org.apache.http.client.HttpClient.execute
Source: org.merry.core.Network;->postParams:126API Call: org.apache.http.client.HttpClient.execute
Source: org.luckybird.core.Network;->postParams:126API Call: org.apache.http.client.HttpClient.execute
Source: org.verywell.kernel.Network;->postParams:126API Call: org.apache.http.client.HttpClient.execute
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41150
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51921
Source: unknownNetwork traffic detected: HTTP traffic on port 60296 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 41150 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 33165 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50246 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 43514 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50246
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33165
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34176
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34174
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60296
Source: unknownNetwork traffic detected: HTTP traffic on port 34176 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 34174 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43514
Source: unknownNetwork traffic detected: HTTP traffic on port 51921 -> 443

E-Banking Fraud:

barindex
Has functionality to send UDP packetsShow sources
Source: com.esotericsoftware.kryonet.Client;->broadcast:35API Call: java.net.DatagramSocket.send
Source: com.esotericsoftware.kryonet.Client;->broadcast:38API Call: java.net.DatagramSocket.send

Spam, unwanted Advertisements and Ransom Demands:

barindex
Sends SMS using SmsManagerShow sources
Source: com.xbot.core.xAPI;->sendSMS:84API Call: android.telephony.SmsManager.sendTextMessage
Source: org.merry.core.xAPI;->sendSMS:84API Call: android.telephony.SmsManager.sendTextMessage
Source: org.luckybird.core.xAPI;->sendSMS:84API Call: android.telephony.SmsManager.sendTextMessage
Source: org.verywell.kernel.xAPI;->sendSMS:84API Call: android.telephony.SmsManager.sendTextMessage

Change of System Appearance:

barindex
May access the Android keyguard (lock screen)Show sources
Source: classes.dexString found in binary or memory: Landroid/app/KeyguardManager;
Source: classes.dexString found in binary or memory: Landroid/app/KeyguardManager;!Landroid/app/NotificationManager;
Source: classes.dexString found in binary or memory: _keyguard
Source: classes.dexString found in binary or memory: _k_keyguard
Source: classes.dexString found in binary or memory: getKeyguardManager
Source: classes.dexString found in binary or memory: keyguard
Acquires a wake lockShow sources
Source: com.xbot.core.RunService$1;->handleMessage:103API Call: android.os.PowerManager$WakeLock.acquire
Source: org.merry.core.RunService$1;->handleMessage:103API Call: android.os.PowerManager$WakeLock.acquire
Source: org.luckybird.core.RunService$1;->handleMessage:103API Call: android.os.PowerManager$WakeLock.acquire
Source: org.verywell.kernel.RunService$1;->handleMessage:103API Call: android.os.PowerManager$WakeLock.acquire

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: mal48.andAPK@0/251@0/0
Reads shares settingsShow sources
Source: com.xbot.core.Settings;->get:6API Call: android.content.SharedPreferences.getString
Source: org.merry.core.Settings;->get:6API Call: android.content.SharedPreferences.getString
Source: org.luckybird.core.Settings;->get:6API Call: android.content.SharedPreferences.getString
Source: org.verywell.kernel.Settings;->get:6API Call: android.content.SharedPreferences.getString

Data Obfuscation:

barindex
Uses reflectionShow sources
Source: org.objenesis.instantiator.basic.ObjectStreamClassInstantiator;->newInstance:20API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$1;->write:12API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$1;->writeField:20API Call: java.lang.reflect.Field.get
Source: org.objenesis.instantiator.gcj.GCJInstantiator;->newInstance:11API Call: java.lang.reflect.Method.invoke
Source: org.objenesis.instantiator.gcj.GCJSerializationInstantiator;->newInstance:7API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.FieldAttributes;->get:4API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:4API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator$2;->newInstance:4API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator$3;->newInstance:3API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator;->create:7API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.UnsafeAllocator;->create:14API Call: java.lang.reflect.Method.invoke
Source: org.mozilla.javascript.Context;->addContextListener:23API Call: java.lang.reflect.Method.invoke
Source: org.mozilla.javascript.FieldAndMethods;->getDefaultValue:8API Call: java.lang.reflect.Field.get
Source: org.mozilla.javascript.JavaAdapter;->getAdapterSelf:412API Call: java.lang.reflect.Field.get
Source: org.mozilla.javascript.JavaAdapter;->writeAdapterObject:516API Call: java.lang.reflect.Field.get
Source: org.mozilla.javascript.Kit;->initCause:29API Call: java.lang.reflect.Method.invoke
Source: org.mozilla.javascript.JavaMembers;->get:312API Call: java.lang.reflect.Field.get
Source: org.mozilla.javascript.MemberBox;->invoke:98API Call: java.lang.reflect.Method.invoke
Source: org.mozilla.javascript.MemberBox;->invoke:101API Call: java.lang.reflect.Method.invoke
Source: org.mozilla.javascript.NativeJavaObject;->readObject:214API Call: java.lang.reflect.Method.invoke
Source: org.mozilla.javascript.NativeJavaObject;->toDouble:232API Call: java.lang.reflect.Method.invoke
Source: org.mozilla.javascript.NativeJavaObject;->writeObject:258API Call: java.lang.reflect.Method.invoke
Source: org.mozilla.javascript.ScriptableObject;->buildClassCtor:23API Call: java.lang.reflect.Method.invoke
Source: org.mozilla.javascript.ScriptableObject;->buildClassCtor:28API Call: java.lang.reflect.Method.invoke
Source: org.mozilla.javascript.ScriptableObject;->buildClassCtor:126API Call: java.lang.reflect.Method.invoke
Source: org.objenesis.instantiator.jrockit.JRockit131Instantiator;-><init>:9API Call: java.lang.reflect.Method.invoke
Source: org.objenesis.instantiator.jrockit.JRockitLegacyInstantiator;->newInstance:22API Call: java.lang.reflect.Method.invoke
Source: com.esotericsoftware.jsonbeans.Json;->getDefaultValues:51API Call: java.lang.reflect.Field.get
Source: com.esotericsoftware.jsonbeans.Json;->writeField:530API Call: java.lang.reflect.Field.get
Source: com.esotericsoftware.jsonbeans.Json;->writeFields:577API Call: java.lang.reflect.Field.get
Source: com.esotericsoftware.kryonet.Listener$ReflectionListener;->received:13API Call: java.lang.reflect.Method.invoke
Source: org.objenesis.instantiator.perc.PercInstantiator;->newInstance:24API Call: java.lang.reflect.Method.invoke
Source: org.objenesis.instantiator.perc.PercSerializationInstantiator;-><init>:30API Call: java.lang.reflect.Method.invoke
Source: org.objenesis.instantiator.perc.PercSerializationInstantiator;-><init>:38API Call: java.lang.reflect.Method.invoke
Source: org.objenesis.instantiator.perc.PercSerializationInstantiator;->newInstance:53API Call: java.lang.reflect.Method.invoke
Source: com.esotericsoftware.reflectasm.AccessClassLoader;->defineClass:21API Call: java.lang.reflect.Method.invoke
Source: com.esotericsoftware.kryonet.rmi.ObjectSpace$RemoteInvocationHandler;->invoke:91API Call: java.lang.reflect.Method.invoke
Source: com.esotericsoftware.kryonet.rmi.ObjectSpace;->invoke:84API Call: java.lang.reflect.Method.invoke
Source: com.esotericsoftware.kryo.serializers.BeanSerializer$CachedProperty;->get:9API Call: java.lang.reflect.Method.invoke
Source: com.esotericsoftware.kryo.serializers.BeanSerializer$CachedProperty;->set:16API Call: java.lang.reflect.Method.invoke
Source: com.esotericsoftware.kryo.serializers.FieldSerializer$ObjectField;->copy:13API Call: java.lang.reflect.Field.get
Source: com.esotericsoftware.kryo.serializers.FieldSerializer$ObjectField;->write:138API Call: java.lang.reflect.Field.get
Source: org.objenesis.instantiator.sun.Sun13Instantiator;->newInstance:10API Call: java.lang.reflect.Method.invoke
Source: org.objenesis.instantiator.sun.Sun13SerializationInstantiator;->newInstance:6API Call: java.lang.reflect.Method.invoke

Persistence and Installation Behavior:

barindex
Creates filesShow sources
Source: com.esotericsoftware.jsonbeans.Json;->toJson:479API Call: java.io.FileWriter.<init>

Boot Survival:

barindex
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: com.xbot.core.RunService$1;->handleMessage:100API Call: android.os.PowerManager.newWakeLock
Source: org.merry.core.RunService$1;->handleMessage:100API Call: android.os.PowerManager.newWakeLock
Source: org.luckybird.core.RunService$1;->handleMessage:100API Call: android.os.PowerManager.newWakeLock
Source: org.verywell.kernel.RunService$1;->handleMessage:100API Call: android.os.PowerManager.newWakeLock

Hooking and other Techniques for Hiding and Protection:

barindex
Aborts a broadcast event (this is often done to hide phone events such as incoming SMS)Show sources
Source: com.xbot.core.SMSHandler;->onReceive:19API Call: com.xbot.core.SMSHandler.abortBroadcast
Source: org.merry.core.SMSHandler;->onReceive:19API Call: org.merry.core.SMSHandler.abortBroadcast
Source: org.luckybird.core.SMSHandler;->onReceive:19API Call: org.luckybird.core.SMSHandler.abortBroadcast
Source: org.verywell.kernel.SMSHandler;->onReceive:19API Call: org.verywell.kernel.SMSHandler.abortBroadcast
Queries list of running processes/tasksShow sources
Source: com.xbot.core.RunService$1;->handleMessage:12API Call: android.app.ActivityManager.getRunningTasks
Source: org.merry.core.RunService$1;->handleMessage:12API Call: android.app.ActivityManager.getRunningTasks
Source: org.luckybird.core.RunService$1;->handleMessage:12API Call: android.app.ActivityManager.getRunningTasks
Source: org.verywell.kernel.RunService$1;->handleMessage:12API Call: android.app.ActivityManager.getRunningTasks
Uses Crypto APIsShow sources
Source: com.codebutler.android_websockets.WebSocketClient;->expectedKey:33API Call: java.security.MessageDigest.getInstance
Source: com.codebutler.android_websockets.WebSocketClient;->expectedKey:35API Call: java.security.MessageDigest.digest
Source: org.java_websocket.drafts.Draft_10;->generateFinalKey:24API Call: java.security.MessageDigest.getInstance
Source: org.java_websocket.drafts.Draft_10;->generateFinalKey:26API Call: java.security.MessageDigest.digest
Source: org.java_websocket.drafts.Draft_76;->createChallenge:6API Call: java.security.MessageDigest.getInstance
Source: org.java_websocket.drafts.Draft_76;->createChallenge:7API Call: java.security.MessageDigest.digest
Source: com.esotericsoftware.kryo.serializers.BlowfishSerializer;->getCipher:5API Call: javax.crypto.Cipher.getInstance
Source: com.esotericsoftware.kryo.serializers.BlowfishSerializer;->getCipher:7API Call: javax.crypto.Cipher.init

Malware Analysis System Evasion:

barindex
Accesses android OS build fieldsShow sources
Source: com.xbot.core.xAPI;->getAndroidVersion:20Field Access: android.os.Build$VERSION.RELEASE
Source: org.merry.core.xAPI;->getAndroidVersion:20Field Access: android.os.Build$VERSION.RELEASE
Source: org.luckybird.core.xAPI;->getAndroidVersion:20Field Access: android.os.Build$VERSION.RELEASE
Source: org.verywell.kernel.xAPI;->getAndroidVersion:20Field Access: android.os.Build$VERSION.RELEASE
Source: com.xbot.core.tools.DeviceName;->getDeviceName:3611Field Access: android.os.Build.DEVICE
Source: com.xbot.core.tools.DeviceName;->getDeviceName:3615Field Access: android.os.Build.MODEL
Source: com.xbot.core.tools.DeviceName;->getDeviceName:3630Field Access: android.os.Build.MANUFACTURER
Source: com.xbot.core.tools.DeviceName;->getDeviceName:3631Field Access: android.os.Build.MODEL
Source: org.merry.core.utilities.DeviceName;->getDeviceName:3611Field Access: android.os.Build.DEVICE
Source: org.merry.core.utilities.DeviceName;->getDeviceName:3615Field Access: android.os.Build.MODEL
Source: org.merry.core.utilities.DeviceName;->getDeviceName:3630Field Access: android.os.Build.MANUFACTURER
Source: org.merry.core.utilities.DeviceName;->getDeviceName:3631Field Access: android.os.Build.MODEL
Source: org.verywell.kernel.utilities.DeviceName;->getDeviceName:3611Field Access: android.os.Build.DEVICE
Source: org.verywell.kernel.utilities.DeviceName;->getDeviceName:3615Field Access: android.os.Build.MODEL
Source: org.verywell.kernel.utilities.DeviceName;->getDeviceName:3630Field Access: android.os.Build.MANUFACTURER
Source: org.verywell.kernel.utilities.DeviceName;->getDeviceName:3631Field Access: android.os.Build.MODEL
Source: org.luckybird.core.utilities.DeviceName;->getDeviceName:3611Field Access: android.os.Build.DEVICE
Source: org.luckybird.core.utilities.DeviceName;->getDeviceName:3615Field Access: android.os.Build.MODEL
Source: org.luckybird.core.utilities.DeviceName;->getDeviceName:3630Field Access: android.os.Build.MANUFACTURER
Source: org.luckybird.core.utilities.DeviceName;->getDeviceName:3631Field Access: android.os.Build.MODEL

HIPS / PFW / Operating System Protection Evasion:

barindex
Uses the DexClassLoader (often used for code injection)Show sources
Source: com.xbot.core.tools.DexLoader;->getExternalClass:7API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.xbot.core.tools.DexLoader;->getExternalClass:8API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: org.merry.core.utilities.DexLoader;->getExternalClass:7API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: org.merry.core.utilities.DexLoader;->getExternalClass:8API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: org.verywell.kernel.utilities.DexLoader;->getExternalClass:7API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: org.verywell.kernel.utilities.DexLoader;->getExternalClass:8API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: org.luckybird.core.utilities.DexLoader;->getExternalClass:7API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: org.luckybird.core.utilities.DexLoader;->getExternalClass:8API Call: dalvik.system.DexClassLoader.loadClass (not executed)

Language, Device and Operating System Detection:

barindex
Queries the SIM provider ISO country codeShow sources
Source: com.xbot.core.xAPI;->getTelephonyInfo:59API Call: android.telephony.TelephonyManager.getSimCountryIso
Source: org.merry.core.xAPI;->getTelephonyInfo:59API Call: android.telephony.TelephonyManager.getSimCountryIso
Source: org.luckybird.core.xAPI;->getTelephonyInfo:59API Call: android.telephony.TelephonyManager.getSimCountryIso
Source: org.verywell.kernel.xAPI;->getTelephonyInfo:59API Call: android.telephony.TelephonyManager.getSimCountryIso
Queries the SIM provider name (SPN - Service Provider Name)Show sources
Source: com.xbot.core.xAPI;->getTelephonyInfo:57API Call: android.telephony.TelephonyManager.getSimOperatorName
Source: org.merry.core.xAPI;->getTelephonyInfo:57API Call: android.telephony.TelephonyManager.getSimOperatorName
Source: org.luckybird.core.xAPI;->getTelephonyInfo:57API Call: android.telephony.TelephonyManager.getSimOperatorName
Source: org.verywell.kernel.xAPI;->getTelephonyInfo:57API Call: android.telephony.TelephonyManager.getSimOperatorName
Queries the network operator ISO country codeShow sources
Source: com.xbot.core.xAPI;->getTelephonyInfo:55API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Source: org.merry.core.xAPI;->getTelephonyInfo:55API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Source: org.luckybird.core.xAPI;->getTelephonyInfo:55API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Source: org.verywell.kernel.xAPI;->getTelephonyInfo:55API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Queries the network operator nameShow sources
Source: com.xbot.core.xAPI;->getTelephonyInfo:53API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Source: org.merry.core.xAPI;->getTelephonyInfo:53API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Source: org.luckybird.core.xAPI;->getTelephonyInfo:53API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Source: org.verywell.kernel.xAPI;->getTelephonyInfo:53API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: com.xbot.core.xAPI;->getTelephonyInfo:49API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.xbot.core.xAPI;->getTelephonyInfo:51API Call: android.telephony.TelephonyManager.getLine1Number
Source: com.xbot.core.xAPI;->getTelephonyInfo:61API Call: android.telephony.TelephonyManager.getSimSerialNumber
Source: org.merry.core.xAPI;->getTelephonyInfo:49API Call: android.telephony.TelephonyManager.getDeviceId
Source: org.merry.core.xAPI;->getTelephonyInfo:51API Call: android.telephony.TelephonyManager.getLine1Number
Source: org.merry.core.xAPI;->getTelephonyInfo:61API Call: android.telephony.TelephonyManager.getSimSerialNumber
Source: org.luckybird.core.xAPI;->getTelephonyInfo:49API Call: android.telephony.TelephonyManager.getDeviceId
Source: org.luckybird.core.xAPI;->getTelephonyInfo:51API Call: android.telephony.TelephonyManager.getLine1Number
Source: org.luckybird.core.xAPI;->getTelephonyInfo:61API Call: android.telephony.TelephonyManager.getSimSerialNumber
Source: org.verywell.kernel.xAPI;->getTelephonyInfo:49API Call: android.telephony.TelephonyManager.getDeviceId
Source: org.verywell.kernel.xAPI;->getTelephonyInfo:51API Call: android.telephony.TelephonyManager.getLine1Number
Source: org.verywell.kernel.xAPI;->getTelephonyInfo:61API Call: android.telephony.TelephonyManager.getSimSerialNumber

Stealing of Sensitive Information:

barindex
Creates SMS data (e.g. PDU)Show sources
Source: com.xbot.core.SMSHandler;->onReceive:11API Call: android.telephony.SmsMessage.createFromPdu
Source: org.merry.core.SMSHandler;->onReceive:11API Call: android.telephony.SmsMessage.createFromPdu
Source: org.luckybird.core.SMSHandler;->onReceive:11API Call: android.telephony.SmsMessage.createFromPdu
Source: org.verywell.kernel.SMSHandler;->onReceive:11API Call: android.telephony.SmsMessage.createFromPdu
Parses SMS data (e.g. originating address)Show sources
Source: com.xbot.core.SMSHandler;->onReceive:12API Call: android.telephony.SmsMessage.getMessageBody
Source: com.xbot.core.SMSHandler;->onReceive:14API Call: android.telephony.SmsMessage.getOriginatingAddress
Source: org.merry.core.SMSHandler;->onReceive:12API Call: android.telephony.SmsMessage.getMessageBody
Source: org.merry.core.SMSHandler;->onReceive:14API Call: android.telephony.SmsMessage.getOriginatingAddress
Source: org.luckybird.core.SMSHandler;->onReceive:12API Call: android.telephony.SmsMessage.getMessageBody
Source: org.luckybird.core.SMSHandler;->onReceive:14API Call: android.telephony.SmsMessage.getOriginatingAddress
Source: org.verywell.kernel.SMSHandler;->onReceive:12API Call: android.telephony.SmsMessage.getMessageBody
Source: org.verywell.kernel.SMSHandler;->onReceive:14API Call: android.telephony.SmsMessage.getOriginatingAddress
Queries phone contact informationShow sources
Source: com.xbot.core.xAPI;->getContacts:34Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Source: org.merry.core.xAPI;->getContacts:34Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Source: org.luckybird.core.xAPI;->getContacts:34Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Source: org.verywell.kernel.xAPI;->getContacts:34Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI

Malware Configuration

No configs have been found

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
aligned.xbot_repacked.apk100%AviraANDROID/Haynu.DEA.Gen

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://23.227.163.110/locker.php3%VirustotalBrowse
http://23.227.163.110/locker.php0%Avira URL Cloudsafe
http://192.227.137.154/request.php3%VirustotalBrowse
http://192.227.137.154/request.php0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Sigma Overview

No Sigma rule has matched

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
172.217.23.206http://l.e.lastlap.com/rts/go2.aspx?h=700033&tp=i-H43-Q4x-J7o-GuCmL-5V-A14-1c-GuWPV-FWem8Get hashmaliciousBrowse
  • ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCFduWgpPrgDW
http://l.e.lastlap.com/rts/go2.aspx?h=700033&tp=i-H43-Q4x-J7o-GuJdM-5V-Vn2-1c-GuWPV-3WGdUGet hashmaliciousBrowse
  • ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCFduWgpPrgDW
Scoan00252018.pdfGet hashmaliciousBrowse
  • ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCHIHCLXPNvhZ
Hendry County Tax Collector.pdfGet hashmaliciousBrowse
  • clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAbAYYM2%2B27i
https://accounts.careerbuilder.com/share/setpassword?email=mscott%40peoplescout.com&token=prp6yykcba0sl4zhcxhim6xfkmieujd1jz2taoy8nkzmveGet hashmaliciousBrowse
  • clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCFOD8f4nW74L
http://www.wendysacupuncture.ca/Advertise%20Your%20Rental%20Property%20-%20List%20My%20Rental%20Home%20-%20Rent%20My%20House%20_%20Rentals.com.htmlGet hashmaliciousBrowse
  • ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCHuTlx%2BLu%2Fvo
e3dc76VHBO.exeGet hashmaliciousBrowse
  • www.youtube.com/watch?v=vsd3g0h_vs0
NhHgA03ocF.exeGet hashmaliciousBrowse
  • goo.gl/P8tFZT
216.58.201.74aligned.walkAndText_repacked.apkGet hashmaliciousBrowse
    aligned.voiceChange_repacked.apkGet hashmaliciousBrowse
      aligned.krep_repacked.apkGet hashmaliciousBrowse
        Your Webmail Quota Has Exceeded The Set Quota..pdfGet hashmaliciousBrowse
          testandroid.apkGet hashmaliciousBrowse
            testandroid.apkGet hashmaliciousBrowse
              Adobe_Flash_2020.apkGet hashmaliciousBrowse
                Adobe_Flash_2020_17_02.apkGet hashmaliciousBrowse
                  testandroid.apkGet hashmaliciousBrowse
                    fwhuUpqHPg.sampleGet hashmaliciousBrowse
                      DaaS Support for CDW_v4.569.4_apkpure.com.apkGet hashmaliciousBrowse
                        testandroid.apkGet hashmaliciousBrowse
                          Lovetrap.apkGet hashmaliciousBrowse
                            AndroidDogowar.apkGet hashmaliciousBrowse
                              vpn.apkGet hashmaliciousBrowse
                                R4Ym9dDMWt.apkGet hashmaliciousBrowse
                                  org.benews.apkGet hashmaliciousBrowse
                                    Alsalah.apkGet hashmaliciousBrowse
                                      iD54P4W02S.apkGet hashmaliciousBrowse
                                        Launcher.apkGet hashmaliciousBrowse
                                          216.58.201.99www.poisonivy-rat.comGet hashmaliciousBrowse
                                          • fonts.gstatic.com/s/librebaskerville/v5/kmKnZrc3Hgbbcjq75U4uslyuy4kn0qNZaxU.woff
                                          http://3kc5vat82.ukit.me/Get hashmaliciousBrowse
                                          • fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN8rsOVuhv.woff
                                          www.unitedcpbocaraton.comGet hashmaliciousBrowse
                                          • www.gstatic.com/wcm/impl-1_28.js

                                          Domains

                                          No context

                                          ASN

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          unknownaligned.whatsApp_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.walkAndText_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.voiceChange_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          gl18N5eIH2.exeGet hashmaliciousBrowse
                                          • 127.0.0.1
                                          https://leedclean.com/exch/index.php?m=kim.reece@hobsonwealth.co.nzGet hashmaliciousBrowse
                                          • 8.209.92.252
                                          https://completeadvantagetrainingandtherapy.com/portef/index.php?m=kim.reece@hobsonwealth.co.nzGet hashmaliciousBrowse
                                          • 104.26.13.245
                                          aligned.ru.savageknife_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.skype_repacked.apkGet hashmaliciousBrowse
                                          • 172.217.23.206
                                          aligned.monkeyJump2_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.lovetrap_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.krep_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.chistespicanticos_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.droiddream.bowlingtime_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.dogowar_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.descarga_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          Invoice.exeGet hashmaliciousBrowse
                                          • 172.217.23.193
                                          IRS.Letter.671311.docGet hashmaliciousBrowse
                                          • 192.210.226.106
                                          Barb Boyer.slkGet hashmaliciousBrowse
                                          • 52.114.6.47
                                          http://119.252.165.75Get hashmaliciousBrowse
                                          • 119.252.165.75
                                          http://coronavirusstatus.space/index.phpGet hashmaliciousBrowse
                                          • 104.16.123.96
                                          unknownaligned.whatsApp_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.walkAndText_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.voiceChange_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          gl18N5eIH2.exeGet hashmaliciousBrowse
                                          • 127.0.0.1
                                          https://leedclean.com/exch/index.php?m=kim.reece@hobsonwealth.co.nzGet hashmaliciousBrowse
                                          • 8.209.92.252
                                          https://completeadvantagetrainingandtherapy.com/portef/index.php?m=kim.reece@hobsonwealth.co.nzGet hashmaliciousBrowse
                                          • 104.26.13.245
                                          aligned.ru.savageknife_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.skype_repacked.apkGet hashmaliciousBrowse
                                          • 172.217.23.206
                                          aligned.monkeyJump2_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.lovetrap_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.krep_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.chistespicanticos_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.droiddream.bowlingtime_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.dogowar_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.descarga_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          Invoice.exeGet hashmaliciousBrowse
                                          • 172.217.23.193
                                          IRS.Letter.671311.docGet hashmaliciousBrowse
                                          • 192.210.226.106
                                          Barb Boyer.slkGet hashmaliciousBrowse
                                          • 52.114.6.47
                                          http://119.252.165.75Get hashmaliciousBrowse
                                          • 119.252.165.75
                                          http://coronavirusstatus.space/index.phpGet hashmaliciousBrowse
                                          • 104.16.123.96
                                          unknownaligned.whatsApp_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.walkAndText_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.voiceChange_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          gl18N5eIH2.exeGet hashmaliciousBrowse
                                          • 127.0.0.1
                                          https://leedclean.com/exch/index.php?m=kim.reece@hobsonwealth.co.nzGet hashmaliciousBrowse
                                          • 8.209.92.252
                                          https://completeadvantagetrainingandtherapy.com/portef/index.php?m=kim.reece@hobsonwealth.co.nzGet hashmaliciousBrowse
                                          • 104.26.13.245
                                          aligned.ru.savageknife_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.skype_repacked.apkGet hashmaliciousBrowse
                                          • 172.217.23.206
                                          aligned.monkeyJump2_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.lovetrap_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.krep_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.chistespicanticos_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.droiddream.bowlingtime_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.dogowar_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          aligned.descarga_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.99
                                          Invoice.exeGet hashmaliciousBrowse
                                          • 172.217.23.193
                                          IRS.Letter.671311.docGet hashmaliciousBrowse
                                          • 192.210.226.106
                                          Barb Boyer.slkGet hashmaliciousBrowse
                                          • 52.114.6.47
                                          http://119.252.165.75Get hashmaliciousBrowse
                                          • 119.252.165.75
                                          http://coronavirusstatus.space/index.phpGet hashmaliciousBrowse
                                          • 104.16.123.96

                                          JA3 Fingerprints

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          f8a5929f8949e846267b582072e35f84aligned.voiceChange_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          aligned.ru.savageknife_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          aligned.skype_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          aligned.monkeyJump2_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          aligned.krep_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          aligned.chistespicanticos_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          aligned.droiddream.bowlingtime_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          aligned.dogowar_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          aligned.descarga_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          aligned.cutTheRope_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          com.atools.cuttherope-LeNa.b.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          testandroid.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          testandroid.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          MicrosoftWord.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          Instagram_shared_2020v6111.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          aligned.candy_corn_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          aligned.mcpef_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          aligned.org.benews_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          aligned.batteryDoctor_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.74
                                          aligned.basebridge_repacked.apkGet hashmaliciousBrowse
                                          • 216.58.201.74

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          No created / dropped files found

                                          Domains and IPs

                                          Contacted Domains

                                          No contacted domains info

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          http://23.227.163.110/locker.phpclasses.dex, androidfalse
                                          • 3%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://192.227.137.154/request.phpclasses.dex, androidfalse
                                          • 3%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://schemas.android.com/apk/res/androidmain.xmlfalse
                                            high
                                            http://mozilla.org/MPL/2.0/.Messages_fr.properties, LICENSE.txtfalse
                                              high

                                              Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public

                                              IPCountryFlagASNASN NameMalicious
                                              172.217.23.206
                                              United States
                                              15169unknownfalse
                                              216.58.201.74
                                              United States
                                              15169unknownfalse
                                              216.58.201.99
                                              United States
                                              15169unknownfalse

                                              Static File Info

                                              General

                                              File type:Zip archive data, at least v2.0 to extract
                                              Entropy (8bit):7.992010018495205
                                              TrID:
                                              • Android Package (19004/1) 46.91%
                                              • Java Archive (13504/1) 33.34%
                                              • ZIP compressed archive (8000/1) 19.75%
                                              File name:aligned.xbot_repacked.apk
                                              File size:937322
                                              MD5:07e6a7d2f2936f92bee855e190fc0760
                                              SHA1:973564110609cb6715986bfc104d3599541b7199
                                              SHA256:a0bf2b971e180a866978ac15899db968ca9c3212606974e459e6b1701e045334
                                              SHA512:72389dc628dcce408f93f3fcd8934f364dadead82b633c858f294f116dfcd39996723cc62344f30f66eb4e801c6833d78bb6a900b4b6f5d888b8333e07c7fe74
                                              SSDEEP:24576:O2EO4KFf7/VtVX7X/R2LlgNm2RPzfr9noevO:O2EhkPx7PR2odo9
                                              File Content Preview:PK..........lPrY.;............META-INF/MANIFEST.MF..Y..8...K.....E....J....R.....^Z.8....f..MO..%..H.d.....=.Z.Yt....!&...F<.=?-0.../.....p...?....O.h.p.0................E.....i...h.......m$q.\.[..I.....p!.'7.<....!a..*pI ..(c.,..v..2V..u*..p..6.R.m6..GJ@

                                              Static APK Info

                                              General

                                              Label:
                                              Minimum SDK required:8
                                              Target SDK required:8
                                              Version Code:1
                                              Version Name:1
                                              Package Name:
                                              Is Activity:false
                                              Is Receiver:false
                                              Is Service:false
                                              Requests System Level Permissions:false
                                              Play Store Compatible:true

                                              Receivers

                                              Permission Requested

                                              Certificate

                                              Name:classes.dex
                                              Issuer:CN=Ileana Palesi,OU=Home,O=Home,L=Yonkers,ST=NY,C=NY
                                              Subject:CN=Ileana Palesi,OU=Home,O=Home,L=Yonkers,ST=NY,C=NY

                                              Resources

                                              NameTypeSize
                                              AndroidManifest.xmlXML 1.0 document, ASCII text, with CRLF line terminators4497
                                              Messages_fr.propertiesASCII text25881
                                              bootscriptnet.jsASCII text, with CRLF line terminators3380
                                              ids.xmlXML 1.0 document, ASCII text, with CRLF line terminators180
                                              lockmain.xmlXML 1.0 document, ASCII text, with CRLF line terminators389
                                              public.xmlXML 1.0 document, ASCII text, with CRLF line terminators652
                                              ok.xmlXML 1.0 document, ASCII text, with CRLF line terminators304
                                              Consts.java.templateASCII text, with CRLF line terminators1339
                                              APK-KEY.SFASCII text, with CRLF line terminators1530
                                              strings.xmlXML 1.0 document, ASCII text, with CRLF line terminators118
                                              Messages.propertiesASCII text9526
                                              MANIFEST.MFASCII text, with CRLF line terminators1409
                                              classes.dexDalvik dex file version 0352089344
                                              Messages.propertiesASCII text20585
                                              icon.pngPNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced8122
                                              resources.arscdata1700
                                              browser.xmlXML 1.0 document, ASCII text, with CRLF line terminators389
                                              main.xmlXML 1.0 document, ASCII text, with CRLF line terminators560
                                              LICENSE.txtASCII text16780
                                              APK-KEY.RSAdata1332

                                              Network Behavior

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Mar 13, 2020 02:45:20.433284044 CET33165443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:20.458410025 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.485136032 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.485157967 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.485171080 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.485378981 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.485398054 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.485553026 CET33165443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:20.485570908 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.485593081 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.485703945 CET33165443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:20.485754013 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.485773087 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.485789061 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.485802889 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.485817909 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.485929012 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.486000061 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.486357927 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.486407042 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.486422062 CET33165443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:20.486433029 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.486449003 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.486463070 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.486475945 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.486489058 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.486529112 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.486542940 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.486735106 CET33165443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:20.487052917 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.487155914 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.487174034 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.487188101 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.487200022 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.487222910 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.487237930 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.487251043 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.487262964 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.488054991 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.488238096 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.488259077 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.488271952 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:20.488759041 CET33165443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:26.059566021 CET44334176216.58.201.99192.168.2.10
                                              Mar 13, 2020 02:45:26.099456072 CET34176443192.168.2.10216.58.201.99
                                              Mar 13, 2020 02:45:38.414606094 CET34176443192.168.2.10216.58.201.99
                                              Mar 13, 2020 02:45:38.414664030 CET34174443192.168.2.10216.58.201.99
                                              Mar 13, 2020 02:45:38.414796114 CET50246443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:38.439799070 CET44334174216.58.201.99192.168.2.10
                                              Mar 13, 2020 02:45:38.439837933 CET44350246216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:38.440013885 CET34174443192.168.2.10216.58.201.99
                                              Mar 13, 2020 02:45:38.440061092 CET50246443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:38.477163076 CET33165443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:38.502341032 CET44333165216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:38.502578974 CET33165443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:51.141429901 CET44360296172.217.23.206192.168.2.10
                                              Mar 13, 2020 02:45:51.141602993 CET60296443192.168.2.10172.217.23.206
                                              Mar 13, 2020 02:45:55.054178953 CET44351921172.217.23.206192.168.2.10
                                              Mar 13, 2020 02:45:55.054375887 CET51921443192.168.2.10172.217.23.206
                                              Mar 13, 2020 02:45:55.225330114 CET44343514172.217.23.206192.168.2.10
                                              Mar 13, 2020 02:45:55.225438118 CET43514443192.168.2.10172.217.23.206
                                              Mar 13, 2020 02:45:56.681070089 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.706634045 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.706809998 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.707165956 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.732810974 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.747587919 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.747674942 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.747719049 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.747795105 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.765458107 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.791083097 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.792023897 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.792198896 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.817599058 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.821758986 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.862895966 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.862937927 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.862958908 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.863053083 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.863092899 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.863121986 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.863136053 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.863207102 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.864576101 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.864609957 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.864809036 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.866322041 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.866447926 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.866733074 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.868526936 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.868560076 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.868758917 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.870026112 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.870059013 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.870253086 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.888648987 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.888685942 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.888942957 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.889405012 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.889530897 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.889661074 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.891361952 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.891395092 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.891602993 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.893110037 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.893142939 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.893295050 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.894898891 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.895024061 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.895131111 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.896682024 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.896837950 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.897115946 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.898528099 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.898652077 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.898768902 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.900304079 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.900429010 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.900527954 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.901864052 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.902023077 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.902327061 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.903456926 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.903616905 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.903934002 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.905093908 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.905252934 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.905342102 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.906825066 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.906984091 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.907288074 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.908534050 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.908561945 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.908751011 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:56.910038948 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:56.950341940 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:57.015445948 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:57.017436981 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:57.019665003 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:57.040946007 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.042922974 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.042954922 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.045214891 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.097898960 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.098023891 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:57.098208904 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.098253012 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.098304987 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:57.099179983 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.099209070 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.099287987 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:57.100176096 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.100271940 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:57.100353956 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.100421906 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:57.101206064 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.101232052 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.101310968 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:57.102253914 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.102292061 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.102339029 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:57.103209019 CET44341150216.58.201.74192.168.2.10
                                              Mar 13, 2020 02:45:57.103327036 CET41150443192.168.2.10216.58.201.74
                                              Mar 13, 2020 02:45:57.103354931 CET41150443192.168.2.10216.58.201.74

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Mar 13, 2020 02:45:18.348186970 CET5378453192.168.2.108.8.8.8
                                              Mar 13, 2020 02:45:18.381912947 CET53537848.8.8.8192.168.2.10
                                              Mar 13, 2020 02:45:19.676057100 CET4344353192.168.2.108.8.8.8
                                              Mar 13, 2020 02:45:19.711846113 CET53434438.8.8.8192.168.2.10
                                              Mar 13, 2020 02:45:19.832077026 CET5580653192.168.2.108.8.8.8
                                              Mar 13, 2020 02:45:19.865639925 CET53558068.8.8.8192.168.2.10
                                              Mar 13, 2020 02:45:21.081412077 CET6105153192.168.2.108.8.8.8
                                              Mar 13, 2020 02:45:21.122921944 CET53610518.8.8.8192.168.2.10
                                              Mar 13, 2020 02:45:21.248433113 CET3394453192.168.2.108.8.8.8
                                              Mar 13, 2020 02:45:21.282277107 CET53339448.8.8.8192.168.2.10
                                              Mar 13, 2020 02:45:22.908422947 CET5357653192.168.2.108.8.8.8
                                              Mar 13, 2020 02:45:22.950041056 CET53535768.8.8.8192.168.2.10
                                              Mar 13, 2020 02:45:23.229111910 CET4001153192.168.2.108.8.8.8
                                              Mar 13, 2020 02:45:23.270464897 CET53400118.8.8.8192.168.2.10
                                              Mar 13, 2020 02:45:55.406277895 CET6478553192.168.2.108.8.8.8
                                              Mar 13, 2020 02:45:55.459264994 CET53647858.8.8.8192.168.2.10
                                              Mar 13, 2020 02:45:56.134917974 CET4148553192.168.2.108.8.8.8
                                              Mar 13, 2020 02:45:56.148298025 CET6315253192.168.2.108.8.8.8
                                              Mar 13, 2020 02:45:56.168682098 CET53414858.8.8.8192.168.2.10
                                              Mar 13, 2020 02:45:56.186387062 CET53631528.8.8.8192.168.2.10
                                              Mar 13, 2020 02:45:57.045241117 CET4736853192.168.2.108.8.8.8
                                              Mar 13, 2020 02:45:57.087130070 CET53473688.8.8.8192.168.2.10

                                              HTTPS Packets

                                              TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                              Mar 13, 2020 02:45:56.747719049 CET216.58.201.74443192.168.2.1041150CN=*.storage.googleapis.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Tue Feb 25 21:41:16 CET 2020 Thu Jun 15 02:00:42 CEST 2017Tue May 19 22:41:16 CEST 2020 Wed Dec 15 01:00:42 CET 2021771,49195-49196-49199-49200-158-159-49161-49162-49171-49172-51-57-49159-49169-156-157-47-53-5-255,0-23-13-11-10,23-24-25,0f8a5929f8949e846267b582072e35f84
                                              CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Jun 15 02:00:42 CEST 2017Wed Dec 15 01:00:42 CET 2021

                                              APK Behavior

                                              API: android.net.ConnectivityManager->getActiveNetworkInfo at org.luckybird.core.utilities.NetworkState.isOnline:8 Show source
                                              API: android.net.ConnectivityManager->getActiveNetworkInfo at com.xbot.core.tools.NetworkState.isOnline:8 Show source
                                              API: android.net.ConnectivityManager->getActiveNetworkInfo at org.verywell.kernel.utilities.NetworkState.isOnline:8 Show source
                                              API: android.net.ConnectivityManager->getActiveNetworkInfo at org.merry.core.utilities.NetworkState.isOnline:8 Show source
                                              API: android.app.ActivityManager->getRunningTasks at com.xbot.core.RunService$1.handleMessage:41 Show source
                                              API: android.app.ActivityManager->getRunningTasks at org.verywell.kernel.RunService$1.handleMessage:41 Show source
                                              API: android.app.ActivityManager->getRunningTasks at org.merry.core.RunService$1.handleMessage:41 Show source
                                              API: android.app.ActivityManager->getRunningTasks at org.luckybird.core.RunService$1.handleMessage:41 Show source
                                              API: java.net.URL->openConnection at org.mozilla.javascript.commonjs.module.provider.UrlModuleSourceProvider.openUrlConnection:8 Show source
                                              API: java.net.URL->openConnection at org.mozilla.javascript.tools.SourceReader.readFileOrUrl:40 Show source
                                              API: org.apache.http.impl.client.DefaultHttpClient-><init> at ..:12 Show source
                                              API: org.apache.http.impl.client.DefaultHttpClient-><init> at ..:12 Show source
                                              API: java.net.URLConnection->getInputStream at ..:3 Show source
                                              API: java.net.URLConnection->connect at ..:39 Show source
                                              API: java.net.URL->openStream at ..:8 Show source
                                              API: java.net.URLConnection->getInputStream at ..:9 Show source
                                              API: java.net.ServerSocket->bind at ..:97 Show source
                                              API: java.net.ServerSocket->bind at ..:30 Show source
                                              API: java.net.DatagramSocket-><init> at ..:4 Show source
                                              API: org.apache.http.impl.client.DefaultHttpClient-><init> at ..:12 Show source
                                              API: java.net.DatagramSocket-><init> at ..:16 Show source
                                              API: org.apache.http.impl.client.DefaultHttpClient-><init> at ..:12 Show source
                                              API: android.content.ContentResolver->query at com.xbot.core.xAPI.getContacts:23 Show source
                                              API: android.content.ContentResolver->query at org.verywell.kernel.xAPI.getContacts:23 Show source
                                              API: android.content.ContentResolver->query at org.luckybird.core.xAPI.getContacts:23 Show source
                                              API: android.content.ContentResolver->query at org.merry.core.xAPI.getContacts:23 Show source
                                              API: android.telephony.TelephonyManager->getDeviceId at org.verywell.kernel.xAPI.getTelephonyInfo:7 Show source
                                              API: android.telephony.TelephonyManager->getDeviceId at org.luckybird.core.xAPI.getTelephonyInfo:7 Show source
                                              API: android.telephony.TelephonyManager->getDeviceId at org.merry.core.xAPI.getTelephonyInfo:7 Show source
                                              API: android.telephony.TelephonyManager->getDeviceId at com.xbot.core.xAPI.getTelephonyInfo:7 Show source
                                              API: android.telephony.TelephonyManager->listen at ..:9 Show source
                                              API: android.telephony.TelephonyManager->listen at ..:9 Show source
                                              API: android.telephony.TelephonyManager->listen at ..:9 Show source
                                              API: android.telephony.TelephonyManager->listen at ..:9 Show source
                                              API: android.telephony.SmsManager->sendTextMessage at org.verywell.kernel.xAPI.sendSMS:61 Show source
                                              API: android.telephony.SmsManager->sendTextMessage at com.xbot.core.xAPI.sendSMS:61 Show source
                                              API: android.telephony.SmsManager->sendTextMessage at org.merry.core.xAPI.sendSMS:61 Show source
                                              API: android.telephony.SmsManager->sendTextMessage at org.luckybird.core.xAPI.sendSMS:61 Show source
                                              API: android.net.wifi.WifiManager$WifiLock->release at ..:13 Show source
                                              API: android.os.PowerManager$WakeLock->release at com.xbot.core.RunService$1.handleMessage:288 Show source
                                              API: android.os.PowerManager$WakeLock->release at org.verywell.kernel.RunService$1.handleMessage:288 Show source
                                              API: android.net.wifi.WifiManager$WifiLock->release at ..:13 Show source
                                              API: android.net.wifi.WifiManager$WifiLock->release at ..:13 Show source
                                              API: android.os.PowerManager$WakeLock->release at org.merry.core.RunService$1.handleMessage:288 Show source
                                              API: android.os.PowerManager$WakeLock->release at org.luckybird.core.RunService$1.handleMessage:288 Show source
                                              API: android.net.wifi.WifiManager$WifiLock->release at ..:13 Show source

                                              0 Executed Methods

                                              89 Non-Executed Methods

                                              APIs
                                              • com.xbot.core.RunService.getService
                                              • com.xbot.core.RunService.isAdminActive
                                              • java.lang.Boolean.booleanValue
                                              • com.xbot.core.RunService.getService
                                              • android.content.Intent.<init>
                                              • android.content.Intent.addFlags
                                              • com.xbot.core.RunService.getService
                                              • com.xbot.core.RunService.startActivity
                                              • com.xbot.core.RunService.getService
                                              • com.xbot.core.RunService.getActivityManager
                                              • android.app.ActivityManager.getRunningTasks
                                              • java.util.List.size
                                              • java.util.List.get
                                              • android.app.ActivityManager$RunningTaskInfo.topActivity:Landroid/content/ComponentName
                                              • android.content.ComponentName.getClassName
                                              • java.lang.Boolean.booleanValue
                                              • java.lang.Class.getName
                                              • java.lang.String.equals
                                              • com.xbot.core.RunService.getService
                                              • com.xbot.core.RunService.getSettings
                                              • java.lang.String.equals
                                              • com.xbot.core.RunService.getService
                                              • android.content.Intent.<init>
                                              • android.content.Intent.addFlags
                                              • com.xbot.core.RunService.getService
                                              • com.xbot.core.RunService.startActivity
                                              • com.xbot.core.RunService.access$000
                                              • java.lang.String.equals
                                              • java.lang.StringBuilder.<init>
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.toString
                                              • com.xbot.core.RunService.access$100
                                              • java.util.HashMap.containsKey
                                              • com.xbot.core.RunService.getService
                                              • com.xbot.core.RunService.getSettings
                                              • java.lang.StringBuilder.<init>
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.toString
                                              • java.lang.String.equals
                                              • com.xbot.core.RunService.access$100
                                              • java.util.HashMap.get
                                              • com.xbot.core.activities.Inject.setURL
                                              • com.xbot.core.RunService.access$200
                                              • com.xbot.core.RunService.getService
                                              • com.xbot.core.RunService.getScriptLoader
                                              • com.xbot.core.RunService.access$002
                                              • com.xbot.core.RunService.onTickHandler:Landroid/os/Handler
                                              • android.os.Handler.sendEmptyMessageDelayed
                                              • com.xbot.core.RunService.getService
                                              • com.xbot.core.RunService.netConnect
                                              • com.xbot.core.RunService.access$300
                                              • java.lang.String.length
                                              • com.xbot.core.RunService.getService
                                              • com.xbot.core.RunService.getScriptLoader
                                              • com.xbot.core.RunService.access$300
                                              • java.lang.StringBuilder.<init>
                                              • java.lang.StringBuilder.append
                                              • com.xbot.core.RunService.access$300
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.toString
                                              • com.xbot.core.RunService.access$302
                                              • java.lang.Boolean.valueOf
                                              • com.xbot.core.RunService.access$402
                                              • com.xbot.core.RunService.access$500
                                              • java.util.Queue.poll
                                              • com.xbot.core.RunService.getService
                                              • com.xbot.core.RunService.sendNetPacket
                                              • com.xbot.core.RunService.getService
                                              • com.xbot.core.RunService.getScriptLoader
                                              • com.xbot.core.RunService.access$600
                                              • com.xbot.core.RunService.access$600
                                              • android.os.PowerManager$WakeLock.isHeld
                                              • com.xbot.core.RunService.access$600
                                              • android.os.PowerManager$WakeLock.release
                                              • com.xbot.core.RunService.access$602
                                              • com.xbot.core.RunService.access$700
                                              • android.os.PowerManager.newWakeLock
                                              • com.xbot.core.RunService.access$602
                                              • com.xbot.core.RunService.access$600
                                              • android.os.PowerManager$WakeLock.acquire
                                              • com.xbot.core.RunService.getService
                                              • com.xbot.core.RunService.lockWifi
                                              • com.xbot.core.RunService.onTickHandler:Landroid/os/Handler
                                              • android.os.Handler.sendEmptyMessageDelayed
                                              • java.lang.Boolean.booleanValue
                                              • com.xbot.core.RunService.onTickHandler:Landroid/os/Handler
                                              • android.os.Handler.sendEmptyMessageDelayed
                                              • java.lang.StringBuilder.<init>
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.toString
                                              • com.xbot.core.RunService.getService
                                              • com.xbot.core.RunService.getScriptLoader
                                              Strings
                                              • locker
                                              • false
                                              • new activity:
                                              • .inject
                                              • onWindowChange
                                              • bootScriptNet
                                              • bootScript loaded
                                              • doQuery
                                              • LockTag
                                              • boot.script:
                                              Position Instruction Meta Information
                                              0.param p1, "msg" # Landroid/os/Message;
                                              1.prologue
                                              2const/16 v12, 0x29a
                                              3const/16 v11, 0x22b
                                              4const/4 v10, 0x2
                                              5const/4 v9, 0x0
                                              6const/4 v8, 0x1
                                              8invoke-static {}, Lcom/xbot/core/RunService;->getService()Lcom/xbot/core/RunService;
                                              9move-result-object v5
                                              11invoke-virtual {v5}, Lcom/xbot/core/RunService;->isAdminActive()Ljava/lang/Boolean;
                                              12move-result-object v5
                                              14invoke-virtual {v5}, Ljava/lang/Boolean;->booleanValue()Z
                                              15move-result v5
                                              16if-nez v5, :cond_2c
                                              17new-instance v0, Landroid/content/Intent;
                                              19invoke-static {}, Lcom/xbot/core/RunService;->getService()Lcom/xbot/core/RunService;
                                              20move-result-object v5
                                              21const-class v6, Lcom/xbot/core/AdminActivity;
                                              23invoke-direct {v0, v5, v6}, Landroid/content/Intent;-><init>(Landroid/content/Context;Ljava/lang/Class;)V
                                              24const/high16 v5, 0x10000000
                                              26invoke-virtual {v0, v5}, Landroid/content/Intent;->addFlags(I)Landroid/content/Intent;
                                              28invoke-static {}, Lcom/xbot/core/RunService;->getService()Lcom/xbot/core/RunService;
                                              29move-result-object v5
                                              31invoke-virtual {v5, v0}, Lcom/xbot/core/RunService;->startActivity(Landroid/content/Intent;)V
                                              32cond_2c: iget v5, p1, Landroid/os/Message;->what:I
                                              33if-ne v5, v11, :cond_16a
                                              35invoke-static {}, Lcom/xbot/core/RunService;->getService()Lcom/xbot/core/RunService;
                                              36move-result-object v5
                                              38invoke-virtual {v5}, Lcom/xbot/core/RunService;->getActivityManager()Landroid/app/ActivityManager;
                                              39move-result-object v5
                                              41invoke-virtual {v5, v8}, Landroid/app/ActivityManager;->getRunningTasks(I)Ljava/util/List;
                                              42move-result-object v4
                                              44invoke-interface {v4}, Ljava/util/List;->size()I
                                              45move-result v5
                                              46if-eqz v5, :cond_10a
                                              48invoke-interface {v4, v9}, Ljava/util/List;->get(I)Ljava/lang/Object;
                                              49move-result-object v5
                                              50check-cast v5, Landroid/app/ActivityManager$RunningTaskInfo;
                                              52iget-object v5, v5, Landroid/app/ActivityManager$RunningTaskInfo;->topActivity:Landroid/content/ComponentName;
                                              54invoke-virtual {v5}, Landroid/content/ComponentName;->getClassName()Ljava/lang/String;
                                              55move-result-object v2
                                              57sget-object v5, Lcom/xbot/core/Consts;->locker:Ljava/lang/Boolean;
                                              59invoke-virtual {v5}, Ljava/lang/Boolean;->booleanValue()Z
                                              60move-result v5
                                              61if-ne v5, v8, :cond_8f
                                              62const-class v5, Lcom/xbot/core/locker/Lock;
                                              64invoke-virtual {v5}, Ljava/lang/Class;->getName()Ljava/lang/String;
                                              65move-result-object v5
                                              67invoke-virtual {v2, v5}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
                                              68move-result v5
                                              69if-nez v5, :cond_8f
                                              71invoke-static {}, Lcom/xbot/core/RunService;->getService()Lcom/xbot/core/RunService;
                                              72move-result-object v5
                                              74invoke-virtual {v5}, Lcom/xbot/core/RunService;->getSettings()Lcom/xbot/core/Settings;
                                              75move-result-object v5
                                              77const-string v6, "locker"
                                              79invoke-virtual {v5, v6}, Lcom/xbot/core/Settings;->get(Ljava/lang/String;)Ljava/lang/String;
                                              80move-result-object v5
                                              82const-string v6, "false"
                                              84invoke-virtual {v5, v6}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
                                              85move-result v5
                                              86if-nez v5, :cond_8f
                                              87new-instance v0, Landroid/content/Intent;
                                              89invoke-static {}, Lcom/xbot/core/RunService;->getService()Lcom/xbot/core/RunService;
                                              90move-result-object v5
                                              91const-class v6, Lcom/xbot/core/locker/Lock;
                                              93invoke-direct {v0, v5, v6}, Landroid/content/Intent;-><init>(Landroid/content/Context;Ljava/lang/Class;)V
                                              94const/high16 v5, 0x10000000
                                              96invoke-virtual {v0, v5}, Landroid/content/Intent;->addFlags(I)Landroid/content/Intent;
                                              98invoke-static {}, Lcom/xbot/core/RunService;->getService()Lcom/xbot/core/RunService;
                                              99move-result-object v5
                                              101invoke-virtual {v5, v0}, Lcom/xbot/core/RunService;->startActivity(Landroid/content/Intent;)V
                                              102cond_8f:
                                              103invoke-static {}, Lcom/xbot/core/RunService;->access$000()Ljava/lang/String;
                                              104move-result-object v5
                                              106invoke-virtual {v2, v5}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
                                              107move-result v5
                                              108if-nez v5, :cond_10a
                                              109new-instance v5, Ljava/lang/StringBuilder;
                                              111invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
                                              113const-string v6, "new activity: "
                                              115invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              116move-result-object v5
                                              118invoke-virtual {v5, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              119move-result-object v5
                                              121invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
                                              122move-result-object v5
                                              124invoke-static {v5}, Lcom/xbot/core/Log;->write(Ljava/lang/String;)V
                                              126invoke-static {}, Lcom/xbot/core/RunService;->access$100()Ljava/util/HashMap;
                                              127move-result-object v5
                                              129invoke-virtual {v5, v2}, Ljava/util/HashMap;->containsKey(Ljava/lang/Object;)Z
                                              130move-result v5
                                              131if-eqz v5, :cond_f6
                                              133invoke-static {}, Lcom/xbot/core/RunService;->getService()Lcom/xbot/core/RunService;
                                              134move-result-object v5
                                              136invoke-virtual {v5}, Lcom/xbot/core/RunService;->getSettings()Lcom/xbot/core/Settings;
                                              137move-result-object v5
                                              138new-instance v6, Ljava/lang/StringBuilder;
                                              140invoke-direct {v6}, Ljava/lang/StringBuilder;-><init>()V
                                              142invoke-virtual {v6, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              143move-result-object v6
                                              145const-string v7, ".inject"
                                              147invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              148move-result-object v6
                                              150invoke-virtual {v6}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
                                              151move-result-object v6
                                              153invoke-virtual {v5, v6}, Lcom/xbot/core/Settings;->get(Ljava/lang/String;)Ljava/lang/String;
                                              154move-result-object v5
                                              156const-string v6, "false"
                                              158invoke-virtual {v5, v6}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
                                              159move-result v5
                                              160if-nez v5, :cond_f6
                                              162invoke-static {}, Lcom/xbot/core/RunService;->access$100()Ljava/util/HashMap;
                                              163move-result-object v5
                                              165invoke-virtual {v5, v2}, Ljava/util/HashMap;->get(Ljava/lang/Object;)Ljava/lang/Object;
                                              166move-result-object v5
                                              167check-cast v5, Ljava/lang/String;
                                              169invoke-static {v5}, Lcom/xbot/core/activities/Inject;->setURL(Ljava/lang/String;)V
                                              171invoke-static {}, Lcom/xbot/core/RunService;->access$200()Lcom/xbot/core/xAPI;
                                              172move-result-object v5
                                              173const-class v6, Lcom/xbot/core/activities/Inject;
                                              175invoke-virtual {v5, v6}, Lcom/xbot/core/xAPI;->StartNewActivity(Ljava/lang/Class;)V
                                              176cond_f6:
                                              177invoke-static {}, Lcom/xbot/core/RunService;->getService()Lcom/xbot/core/RunService;
                                              178move-result-object v5
                                              180invoke-virtual {v5}, Lcom/xbot/core/RunService;->getScriptLoader()Lcom/xbot/core/ScriptLoader;
                                              181move-result-object v5
                                              183const-string v6, "onWindowChange"
                                              184new-array v7, v8, [Ljava/lang/Object;
                                              185aput-object v2, v7, v9
                                              187invoke-virtual {v5, v6, v7}, Lcom/xbot/core/ScriptLoader;->call(Ljava/lang/String;[Ljava/lang/Object;)V
                                              189invoke-static {v2}, Lcom/xbot/core/RunService;->access$002(Ljava/lang/String;)Ljava/lang/String;
                                              190cond_10a:
                                              191sget-object v5, Lcom/xbot/core/RunService;->onTickHandler:Landroid/os/Handler;
                                              192const-wide/16 v6, 0x64
                                              194invoke-virtual {v5, v11, v6, v7}, Landroid/os/Handler;->sendEmptyMessageDelayed(IJ)Z
                                              196invoke-static {}, Lcom/xbot/core/RunService;->getService()Lcom/xbot/core/RunService;
                                              197move-result-object v5
                                              199invoke-virtual {v5}, Lcom/xbot/core/RunService;->netConnect()V
                                              201invoke-static {}, Lcom/xbot/core/RunService;->access$300()Ljava/lang/String;
                                              202move-result-object v5
                                              204invoke-virtual {v5}, Ljava/lang/String;->length()I
                                              205move-result v5
                                              206if-eqz v5, :cond_159
                                              208invoke-static {}, Lcom/xbot/core/RunService;->getService()Lcom/xbot/core/RunService;
                                              209move-result-object v5
                                              211invoke-virtual {v5}, Lcom/xbot/core/RunService;->getScriptLoader()Lcom/xbot/core/ScriptLoader;
                                              212move-result-object v5
                                              214const-string v6, "bootScriptNet"
                                              216invoke-static {}, Lcom/xbot/core/RunService;->access$300()Ljava/lang/String;
                                              217move-result-object v7
                                              219invoke-virtual {v5, v6, v7}, Lcom/xbot/core/ScriptLoader;->loadScript(Ljava/lang/String;Ljava/lang/String;)Lcom/xbot/core/Script;
                                              220new-instance v5, Ljava/lang/StringBuilder;
                                              222invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
                                              224const-string v6, "bootScript loaded"
                                              226invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              227move-result-object v5
                                              229invoke-static {}, Lcom/xbot/core/RunService;->access$300()Ljava/lang/String;
                                              230move-result-object v6
                                              232invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              233move-result-object v5
                                              235invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
                                              236move-result-object v5
                                              238invoke-static {v5}, Lcom/xbot/core/Log;->write(Ljava/lang/String;)V
                                              240const-string v5, ""
                                              242invoke-static {v5}, Lcom/xbot/core/RunService;->access$302(Ljava/lang/String;)Ljava/lang/String;
                                              244invoke-static {v8}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
                                              245move-result-object v5
                                              247invoke-static {v5}, Lcom/xbot/core/RunService;->access$402(Ljava/lang/Boolean;)Ljava/lang/Boolean;
                                              248cond_159:
                                              249invoke-static {}, Lcom/xbot/core/RunService;->access$500()Ljava/util/Queue;
                                              250move-result-object v5
                                              252invoke-interface {v5}, Ljava/util/Queue;->poll()Ljava/lang/Object;
                                              253move-result-object v3
                                              254if-eqz v3, :cond_16a
                                              256invoke-static {}, Lcom/xbot/core/RunService;->getService()Lcom/xbot/core/RunService;
                                              257move-result-object v5
                                              259invoke-virtual {v5, v3}, Lcom/xbot/core/RunService;->sendNetPacket(Ljava/lang/Object;)V
                                              260cond_16a: iget v5, p1, Landroid/os/Message;->what:I
                                              261if-ne v5, v12, :cond_1c0
                                              263invoke-static {}, Lcom/xbot/core/RunService;->getService()Lcom/xbot/core/RunService;
                                              264move-result-object v5
                                              266invoke-virtual {v5}, Lcom/xbot/core/RunService;->getScriptLoader()Lcom/xbot/core/ScriptLoader;
                                              267move-result-object v5
                                              269const-string v6, "doQuery"
                                              270new-array v7, v9, [Ljava/lang/Object;
                                              272invoke-virtual {v5, v6, v7}, Lcom/xbot/core/ScriptLoader;->call(Ljava/lang/String;[Ljava/lang/Object;)V
                                              274invoke-static {}, Lcom/xbot/core/RunService;->access$600()Landroid/os/PowerManager$WakeLock;
                                              275move-result-object v5
                                              276if-eqz v5, :cond_198
                                              278invoke-static {}, Lcom/xbot/core/RunService;->access$600()Landroid/os/PowerManager$WakeLock;
                                              279move-result-object v5
                                              281invoke-virtual {v5}, Landroid/os/PowerManager$WakeLock;->isHeld()Z
                                              282move-result v5
                                              283if-eqz v5, :cond_194
                                              285invoke-static {}, Lcom/xbot/core/RunService;->access$600()Landroid/os/PowerManager$WakeLock;
                                              286move-result-object v5
                                              288invoke-virtual {v5}, Landroid/os/PowerManager$WakeLock;->release()V
                                              289cond_194: const/4 v5, 0x0
                                              291invoke-static {v5}, Lcom/xbot/core/RunService;->access$602(Landroid/os/PowerManager$WakeLock;)Landroid/os/PowerManager$WakeLock;
                                              292cond_198:
                                              293invoke-static {}, Lcom/xbot/core/RunService;->access$700()Landroid/os/PowerManager;
                                              294move-result-object v5
                                              295const v6, 0x10000001
                                              297const-string v7, "LockTag"
                                              299invoke-virtual {v5, v6, v7}, Landroid/os/PowerManager;->newWakeLock(ILjava/lang/String;)Landroid/os/PowerManager$WakeLock;
                                              300move-result-object v5
                                              302invoke-static {v5}, Lcom/xbot/core/RunService;->access$602(Landroid/os/PowerManager$WakeLock;)Landroid/os/PowerManager$WakeLock;
                                              304invoke-static {}, Lcom/xbot/core/RunService;->access$600()Landroid/os/PowerManager$WakeLock;
                                              305move-result-object v5
                                              307invoke-virtual {v5}, Landroid/os/PowerManager$WakeLock;->acquire()V
                                              309invoke-static {}, Lcom/xbot/core/RunService;->getService()Lcom/xbot/core/RunService;
                                              310move-result-object v5
                                              312invoke-virtual {v5}, Lcom/xbot/core/RunService;->lockWifi()V
                                              314sget-object v5, Lcom/xbot/core/RunService;->onTickHandler:Landroid/os/Handler;
                                              315sget v6, Lcom/xbot/core/Consts;->queryDelay:I
                                              316mul-int/lit16 v6, v6, 0x3e8
                                              317int-to-long v6, v6
                                              319invoke-virtual {v5, v12, v6, v7}, Landroid/os/Handler;->sendEmptyMessageDelayed(IJ)Z
                                              320cond_1c0: iget v5, p1, Landroid/os/Message;->what:I
                                              321if-ne v5, v10, :cond_1d5
                                              323invoke-static {}, Lcom/xbot/core/Network;->register()Ljava/lang/Boolean;
                                              324move-result-object v5
                                              326invoke-virtual {v5}, Ljava/lang/Boolean;->booleanValue()Z
                                              327move-result v5
                                              328if-nez v5, :cond_1d6
                                              330sget-object v5, Lcom/xbot/core/RunService;->onTickHandler:Landroid/os/Handler;
                                              331const-wide/16 v6, 0x2710
                                              333invoke-virtual {v5, v10, v6, v7}, Landroid/os/Handler;->sendEmptyMessageDelayed(IJ)Z
                                              334cond_1d5: return-void
                                              335cond_1d6:
                                              336const-string v5, "bootScriptNet"
                                              338invoke-static {v5}, Lcom/xbot/core/Network;->getScript(Ljava/lang/String;)Ljava/lang/String;
                                              339move-result-object v1
                                              340new-instance v5, Ljava/lang/StringBuilder;
                                              342invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
                                              344const-string v6, "boot.script: "
                                              346invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              347move-result-object v5
                                              349invoke-virtual {v5, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              350move-result-object v5
                                              352invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
                                              353move-result-object v5
                                              355invoke-static {v5}, Lcom/xbot/core/Log;->write(Ljava/lang/String;)V
                                              357invoke-static {}, Lcom/xbot/core/RunService;->getService()Lcom/xbot/core/RunService;
                                              358move-result-object v5
                                              360invoke-virtual {v5}, Lcom/xbot/core/RunService;->getScriptLoader()Lcom/xbot/core/ScriptLoader;
                                              361move-result-object v5
                                              363const-string v6, "bootScriptNet"
                                              365invoke-virtual {v5, v6, v1}, Lcom/xbot/core/ScriptLoader;->loadScript(Ljava/lang/String;Ljava/lang/String;)Lcom/xbot/core/Script;
                                              366goto/16 :goto_1d5
                                              APIs
                                              • org.merry.core.RunService.getService
                                              • org.merry.core.RunService.isAdminActive
                                              • java.lang.Boolean.booleanValue
                                              • org.merry.core.RunService.getService
                                              • android.content.Intent.<init>
                                              • android.content.Intent.addFlags
                                              • org.merry.core.RunService.getService
                                              • org.merry.core.RunService.startActivity
                                              • org.merry.core.RunService.getService
                                              • org.merry.core.RunService.getActivityManager
                                              • android.app.ActivityManager.getRunningTasks
                                              • java.util.List.size
                                              • java.util.List.get
                                              • android.app.ActivityManager$RunningTaskInfo.topActivity:Landroid/content/ComponentName
                                              • android.content.ComponentName.getClassName
                                              • java.lang.Boolean.booleanValue
                                              • java.lang.Class.getName
                                              • java.lang.String.equals
                                              • org.merry.core.RunService.getService
                                              • org.merry.core.RunService.getSettings
                                              • java.lang.String.equals
                                              • org.merry.core.RunService.getService
                                              • android.content.Intent.<init>
                                              • android.content.Intent.addFlags
                                              • org.merry.core.RunService.getService
                                              • org.merry.core.RunService.startActivity
                                              • org.merry.core.RunService.access$000
                                              • java.lang.String.equals
                                              • java.lang.StringBuilder.<init>
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.toString
                                              • org.merry.core.RunService.access$100
                                              • java.util.HashMap.containsKey
                                              • org.merry.core.RunService.getService
                                              • org.merry.core.RunService.getSettings
                                              • java.lang.StringBuilder.<init>
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.toString
                                              • java.lang.String.equals
                                              • org.merry.core.RunService.access$100
                                              • java.util.HashMap.get
                                              • org.merry.core.activities.Inject.setURL
                                              • org.merry.core.RunService.access$200
                                              • org.merry.core.RunService.getService
                                              • org.merry.core.RunService.getScriptLoader
                                              • org.merry.core.RunService.access$002
                                              • org.merry.core.RunService.onTickHandler:Landroid/os/Handler
                                              • android.os.Handler.sendEmptyMessageDelayed
                                              • org.merry.core.RunService.getService
                                              • org.merry.core.RunService.netConnect
                                              • org.merry.core.RunService.access$300
                                              • java.lang.String.length
                                              • org.merry.core.RunService.getService
                                              • org.merry.core.RunService.getScriptLoader
                                              • org.merry.core.RunService.access$300
                                              • java.lang.StringBuilder.<init>
                                              • java.lang.StringBuilder.append
                                              • org.merry.core.RunService.access$300
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.toString
                                              • org.merry.core.RunService.access$302
                                              • java.lang.Boolean.valueOf
                                              • org.merry.core.RunService.access$402
                                              • org.merry.core.RunService.access$500
                                              • java.util.Queue.poll
                                              • org.merry.core.RunService.getService
                                              • org.merry.core.RunService.sendNetPacket
                                              • org.merry.core.RunService.getService
                                              • org.merry.core.RunService.getScriptLoader
                                              • org.merry.core.RunService.access$600
                                              • org.merry.core.RunService.access$600
                                              • android.os.PowerManager$WakeLock.isHeld
                                              • org.merry.core.RunService.access$600
                                              • android.os.PowerManager$WakeLock.release
                                              • org.merry.core.RunService.access$602
                                              • org.merry.core.RunService.access$700
                                              • android.os.PowerManager.newWakeLock
                                              • org.merry.core.RunService.access$602
                                              • org.merry.core.RunService.access$600
                                              • android.os.PowerManager$WakeLock.acquire
                                              • org.merry.core.RunService.getService
                                              • org.merry.core.RunService.lockWifi
                                              • org.merry.core.RunService.onTickHandler:Landroid/os/Handler
                                              • android.os.Handler.sendEmptyMessageDelayed
                                              • java.lang.Boolean.booleanValue
                                              • org.merry.core.RunService.onTickHandler:Landroid/os/Handler
                                              • android.os.Handler.sendEmptyMessageDelayed
                                              • java.lang.StringBuilder.<init>
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.toString
                                              • org.merry.core.RunService.getService
                                              • org.merry.core.RunService.getScriptLoader
                                              Strings
                                              • locker
                                              • false
                                              • new activity:
                                              • .inject
                                              • onWindowChange
                                              • bootScriptNet
                                              • bootScript loaded
                                              • doQuery
                                              • LockTag
                                              • boot.script:
                                              Position Instruction Meta Information
                                              0.param p1, "msg" # Landroid/os/Message;
                                              1.prologue
                                              2const/16 v12, 0x29a
                                              3const/16 v11, 0x22b
                                              4const/4 v10, 0x2
                                              5const/4 v9, 0x0
                                              6const/4 v8, 0x1
                                              8invoke-static {}, Lorg/merry/core/RunService;->getService()Lorg/merry/core/RunService;
                                              9move-result-object v5
                                              11invoke-virtual {v5}, Lorg/merry/core/RunService;->isAdminActive()Ljava/lang/Boolean;
                                              12move-result-object v5
                                              14invoke-virtual {v5}, Ljava/lang/Boolean;->booleanValue()Z
                                              15move-result v5
                                              16if-nez v5, :cond_2c
                                              17new-instance v0, Landroid/content/Intent;
                                              19invoke-static {}, Lorg/merry/core/RunService;->getService()Lorg/merry/core/RunService;
                                              20move-result-object v5
                                              21const-class v6, Lorg/merry/core/AdminActivity;
                                              23invoke-direct {v0, v5, v6}, Landroid/content/Intent;-><init>(Landroid/content/Context;Ljava/lang/Class;)V
                                              24const/high16 v5, 0x10000000
                                              26invoke-virtual {v0, v5}, Landroid/content/Intent;->addFlags(I)Landroid/content/Intent;
                                              28invoke-static {}, Lorg/merry/core/RunService;->getService()Lorg/merry/core/RunService;
                                              29move-result-object v5
                                              31invoke-virtual {v5, v0}, Lorg/merry/core/RunService;->startActivity(Landroid/content/Intent;)V
                                              32cond_2c: iget v5, p1, Landroid/os/Message;->what:I
                                              33if-ne v5, v11, :cond_16a
                                              35invoke-static {}, Lorg/merry/core/RunService;->getService()Lorg/merry/core/RunService;
                                              36move-result-object v5
                                              38invoke-virtual {v5}, Lorg/merry/core/RunService;->getActivityManager()Landroid/app/ActivityManager;
                                              39move-result-object v5
                                              41invoke-virtual {v5, v8}, Landroid/app/ActivityManager;->getRunningTasks(I)Ljava/util/List;
                                              42move-result-object v4
                                              44invoke-interface {v4}, Ljava/util/List;->size()I
                                              45move-result v5
                                              46if-eqz v5, :cond_10a
                                              48invoke-interface {v4, v9}, Ljava/util/List;->get(I)Ljava/lang/Object;
                                              49move-result-object v5
                                              50check-cast v5, Landroid/app/ActivityManager$RunningTaskInfo;
                                              52iget-object v5, v5, Landroid/app/ActivityManager$RunningTaskInfo;->topActivity:Landroid/content/ComponentName;
                                              54invoke-virtual {v5}, Landroid/content/ComponentName;->getClassName()Ljava/lang/String;
                                              55move-result-object v2
                                              57sget-object v5, Lorg/merry/core/Consts;->locker:Ljava/lang/Boolean;
                                              59invoke-virtual {v5}, Ljava/lang/Boolean;->booleanValue()Z
                                              60move-result v5
                                              61if-ne v5, v8, :cond_8f
                                              62const-class v5, Lorg/merry/corel/lck/Lock;
                                              64invoke-virtual {v5}, Ljava/lang/Class;->getName()Ljava/lang/String;
                                              65move-result-object v5
                                              67invoke-virtual {v2, v5}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
                                              68move-result v5
                                              69if-nez v5, :cond_8f
                                              71invoke-static {}, Lorg/merry/core/RunService;->getService()Lorg/merry/core/RunService;
                                              72move-result-object v5
                                              74invoke-virtual {v5}, Lorg/merry/core/RunService;->getSettings()Lorg/merry/core/Settings;
                                              75move-result-object v5
                                              77const-string v6, "locker"
                                              79invoke-virtual {v5, v6}, Lorg/merry/core/Settings;->get(Ljava/lang/String;)Ljava/lang/String;
                                              80move-result-object v5
                                              82const-string v6, "false"
                                              84invoke-virtual {v5, v6}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
                                              85move-result v5
                                              86if-nez v5, :cond_8f
                                              87new-instance v0, Landroid/content/Intent;
                                              89invoke-static {}, Lorg/merry/core/RunService;->getService()Lorg/merry/core/RunService;
                                              90move-result-object v5
                                              91const-class v6, Lorg/merry/corel/lck/Lock;
                                              93invoke-direct {v0, v5, v6}, Landroid/content/Intent;-><init>(Landroid/content/Context;Ljava/lang/Class;)V
                                              94const/high16 v5, 0x10000000
                                              96invoke-virtual {v0, v5}, Landroid/content/Intent;->addFlags(I)Landroid/content/Intent;
                                              98invoke-static {}, Lorg/merry/core/RunService;->getService()Lorg/merry/core/RunService;
                                              99move-result-object v5
                                              101invoke-virtual {v5, v0}, Lorg/merry/core/RunService;->startActivity(Landroid/content/Intent;)V
                                              102cond_8f:
                                              103invoke-static {}, Lorg/merry/core/RunService;->access$000()Ljava/lang/String;
                                              104move-result-object v5
                                              106invoke-virtual {v2, v5}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
                                              107move-result v5
                                              108if-nez v5, :cond_10a
                                              109new-instance v5, Ljava/lang/StringBuilder;
                                              111invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
                                              113const-string v6, "new activity: "
                                              115invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              116move-result-object v5
                                              118invoke-virtual {v5, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              119move-result-object v5
                                              121invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
                                              122move-result-object v5
                                              124invoke-static {v5}, Lorg/merry/core/Log;->write(Ljava/lang/String;)V
                                              126invoke-static {}, Lorg/merry/core/RunService;->access$100()Ljava/util/HashMap;
                                              127move-result-object v5
                                              129invoke-virtual {v5, v2}, Ljava/util/HashMap;->containsKey(Ljava/lang/Object;)Z
                                              130move-result v5
                                              131if-eqz v5, :cond_f6
                                              133invoke-static {}, Lorg/merry/core/RunService;->getService()Lorg/merry/core/RunService;
                                              134move-result-object v5
                                              136invoke-virtual {v5}, Lorg/merry/core/RunService;->getSettings()Lorg/merry/core/Settings;
                                              137move-result-object v5
                                              138new-instance v6, Ljava/lang/StringBuilder;
                                              140invoke-direct {v6}, Ljava/lang/StringBuilder;-><init>()V
                                              142invoke-virtual {v6, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              143move-result-object v6
                                              145const-string v7, ".inject"
                                              147invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              148move-result-object v6
                                              150invoke-virtual {v6}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
                                              151move-result-object v6
                                              153invoke-virtual {v5, v6}, Lorg/merry/core/Settings;->get(Ljava/lang/String;)Ljava/lang/String;
                                              154move-result-object v5
                                              156const-string v6, "false"
                                              158invoke-virtual {v5, v6}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
                                              159move-result v5
                                              160if-nez v5, :cond_f6
                                              162invoke-static {}, Lorg/merry/core/RunService;->access$100()Ljava/util/HashMap;
                                              163move-result-object v5
                                              165invoke-virtual {v5, v2}, Ljava/util/HashMap;->get(Ljava/lang/Object;)Ljava/lang/Object;
                                              166move-result-object v5
                                              167check-cast v5, Ljava/lang/String;
                                              169invoke-static {v5}, Lorg/merry/core/activities/Inject;->setURL(Ljava/lang/String;)V
                                              171invoke-static {}, Lorg/merry/core/RunService;->access$200()Lorg/merry/core/xAPI;
                                              172move-result-object v5
                                              173const-class v6, Lorg/merry/core/activities/Inject;
                                              175invoke-virtual {v5, v6}, Lorg/merry/core/xAPI;->StartNewActivity(Ljava/lang/Class;)V
                                              176cond_f6:
                                              177invoke-static {}, Lorg/merry/core/RunService;->getService()Lorg/merry/core/RunService;
                                              178move-result-object v5
                                              180invoke-virtual {v5}, Lorg/merry/core/RunService;->getScriptLoader()Lorg/merry/core/ScriptLoader;
                                              181move-result-object v5
                                              183const-string v6, "onWindowChange"
                                              184new-array v7, v8, [Ljava/lang/Object;
                                              185aput-object v2, v7, v9
                                              187invoke-virtual {v5, v6, v7}, Lorg/merry/core/ScriptLoader;->call(Ljava/lang/String;[Ljava/lang/Object;)V
                                              189invoke-static {v2}, Lorg/merry/core/RunService;->access$002(Ljava/lang/String;)Ljava/lang/String;
                                              190cond_10a:
                                              191sget-object v5, Lorg/merry/core/RunService;->onTickHandler:Landroid/os/Handler;
                                              192const-wide/16 v6, 0x64
                                              194invoke-virtual {v5, v11, v6, v7}, Landroid/os/Handler;->sendEmptyMessageDelayed(IJ)Z
                                              196invoke-static {}, Lorg/merry/core/RunService;->getService()Lorg/merry/core/RunService;
                                              197move-result-object v5
                                              199invoke-virtual {v5}, Lorg/merry/core/RunService;->netConnect()V
                                              201invoke-static {}, Lorg/merry/core/RunService;->access$300()Ljava/lang/String;
                                              202move-result-object v5
                                              204invoke-virtual {v5}, Ljava/lang/String;->length()I
                                              205move-result v5
                                              206if-eqz v5, :cond_159
                                              208invoke-static {}, Lorg/merry/core/RunService;->getService()Lorg/merry/core/RunService;
                                              209move-result-object v5
                                              211invoke-virtual {v5}, Lorg/merry/core/RunService;->getScriptLoader()Lorg/merry/core/ScriptLoader;
                                              212move-result-object v5
                                              214const-string v6, "bootScriptNet"
                                              216invoke-static {}, Lorg/merry/core/RunService;->access$300()Ljava/lang/String;
                                              217move-result-object v7
                                              219invoke-virtual {v5, v6, v7}, Lorg/merry/core/ScriptLoader;->loadScript(Ljava/lang/String;Ljava/lang/String;)Lorg/merry/core/Script;
                                              220new-instance v5, Ljava/lang/StringBuilder;
                                              222invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
                                              224const-string v6, "bootScript loaded"
                                              226invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              227move-result-object v5
                                              229invoke-static {}, Lorg/merry/core/RunService;->access$300()Ljava/lang/String;
                                              230move-result-object v6
                                              232invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              233move-result-object v5
                                              235invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
                                              236move-result-object v5
                                              238invoke-static {v5}, Lorg/merry/core/Log;->write(Ljava/lang/String;)V
                                              240const-string v5, ""
                                              242invoke-static {v5}, Lorg/merry/core/RunService;->access$302(Ljava/lang/String;)Ljava/lang/String;
                                              244invoke-static {v8}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
                                              245move-result-object v5
                                              247invoke-static {v5}, Lorg/merry/core/RunService;->access$402(Ljava/lang/Boolean;)Ljava/lang/Boolean;
                                              248cond_159:
                                              249invoke-static {}, Lorg/merry/core/RunService;->access$500()Ljava/util/Queue;
                                              250move-result-object v5
                                              252invoke-interface {v5}, Ljava/util/Queue;->poll()Ljava/lang/Object;
                                              253move-result-object v3
                                              254if-eqz v3, :cond_16a
                                              256invoke-static {}, Lorg/merry/core/RunService;->getService()Lorg/merry/core/RunService;
                                              257move-result-object v5
                                              259invoke-virtual {v5, v3}, Lorg/merry/core/RunService;->sendNetPacket(Ljava/lang/Object;)V
                                              260cond_16a: iget v5, p1, Landroid/os/Message;->what:I
                                              261if-ne v5, v12, :cond_1c0
                                              263invoke-static {}, Lorg/merry/core/RunService;->getService()Lorg/merry/core/RunService;
                                              264move-result-object v5
                                              266invoke-virtual {v5}, Lorg/merry/core/RunService;->getScriptLoader()Lorg/merry/core/ScriptLoader;
                                              267move-result-object v5
                                              269const-string v6, "doQuery"
                                              270new-array v7, v9, [Ljava/lang/Object;
                                              272invoke-virtual {v5, v6, v7}, Lorg/merry/core/ScriptLoader;->call(Ljava/lang/String;[Ljava/lang/Object;)V
                                              274invoke-static {}, Lorg/merry/core/RunService;->access$600()Landroid/os/PowerManager$WakeLock;
                                              275move-result-object v5
                                              276if-eqz v5, :cond_198
                                              278invoke-static {}, Lorg/merry/core/RunService;->access$600()Landroid/os/PowerManager$WakeLock;
                                              279move-result-object v5
                                              281invoke-virtual {v5}, Landroid/os/PowerManager$WakeLock;->isHeld()Z
                                              282move-result v5
                                              283if-eqz v5, :cond_194
                                              285invoke-static {}, Lorg/merry/core/RunService;->access$600()Landroid/os/PowerManager$WakeLock;
                                              286move-result-object v5
                                              288invoke-virtual {v5}, Landroid/os/PowerManager$WakeLock;->release()V
                                              289cond_194: const/4 v5, 0x0
                                              291invoke-static {v5}, Lorg/merry/core/RunService;->access$602(Landroid/os/PowerManager$WakeLock;)Landroid/os/PowerManager$WakeLock;
                                              292cond_198:
                                              293invoke-static {}, Lorg/merry/core/RunService;->access$700()Landroid/os/PowerManager;
                                              294move-result-object v5
                                              295const v6, 0x10000001
                                              297const-string v7, "LockTag"
                                              299invoke-virtual {v5, v6, v7}, Landroid/os/PowerManager;->newWakeLock(ILjava/lang/String;)Landroid/os/PowerManager$WakeLock;
                                              300move-result-object v5
                                              302invoke-static {v5}, Lorg/merry/core/RunService;->access$602(Landroid/os/PowerManager$WakeLock;)Landroid/os/PowerManager$WakeLock;
                                              304invoke-static {}, Lorg/merry/core/RunService;->access$600()Landroid/os/PowerManager$WakeLock;
                                              305move-result-object v5
                                              307invoke-virtual {v5}, Landroid/os/PowerManager$WakeLock;->acquire()V
                                              309invoke-static {}, Lorg/merry/core/RunService;->getService()Lorg/merry/core/RunService;
                                              310move-result-object v5
                                              312invoke-virtual {v5}, Lorg/merry/core/RunService;->lockWifi()V
                                              314sget-object v5, Lorg/merry/core/RunService;->onTickHandler:Landroid/os/Handler;
                                              315sget v6, Lorg/merry/core/Consts;->queryDelay:I
                                              316mul-int/lit16 v6, v6, 0x3e8
                                              317int-to-long v6, v6
                                              319invoke-virtual {v5, v12, v6, v7}, Landroid/os/Handler;->sendEmptyMessageDelayed(IJ)Z
                                              320cond_1c0: iget v5, p1, Landroid/os/Message;->what:I
                                              321if-ne v5, v10, :cond_1d5
                                              323invoke-static {}, Lorg/merry/core/Network;->register()Ljava/lang/Boolean;
                                              324move-result-object v5
                                              326invoke-virtual {v5}, Ljava/lang/Boolean;->booleanValue()Z
                                              327move-result v5
                                              328if-nez v5, :cond_1d6
                                              330sget-object v5, Lorg/merry/core/RunService;->onTickHandler:Landroid/os/Handler;
                                              331const-wide/16 v6, 0x2710
                                              333invoke-virtual {v5, v10, v6, v7}, Landroid/os/Handler;->sendEmptyMessageDelayed(IJ)Z
                                              334cond_1d5: return-void
                                              335cond_1d6:
                                              336const-string v5, "bootScriptNet"
                                              338invoke-static {v5}, Lorg/merry/core/Network;->getScript(Ljava/lang/String;)Ljava/lang/String;
                                              339move-result-object v1
                                              340new-instance v5, Ljava/lang/StringBuilder;
                                              342invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
                                              344const-string v6, "boot.script: "
                                              346invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              347move-result-object v5
                                              349invoke-virtual {v5, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
                                              350move-result-object v5
                                              352invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
                                              353move-result-object v5
                                              355invoke-static {v5}, Lorg/merry/core/Log;->write(Ljava/lang/String;)V
                                              357invoke-static {}, Lorg/merry/core/RunService;->getService()Lorg/merry/core/RunService;
                                              358move-result-object v5
                                              360invoke-virtual {v5}, Lorg/merry/core/RunService;->getScriptLoader()Lorg/merry/core/ScriptLoader;
                                              361move-result-object v5
                                              363const-string v6, "bootScriptNet"
                                              365invoke-virtual {v5, v6, v1}, Lorg/merry/core/ScriptLoader;->loadScript(Ljava/lang/String;Ljava/lang/String;)Lorg/merry/core/Script;
                                              366goto/16 :goto_1d5
                                              APIs
                                              • org.luckybird.core.RunService.getService
                                              • org.luckybird.core.RunService.isAdminActive
                                              • java.lang.Boolean.booleanValue
                                              • org.luckybird.core.RunService.getService
                                              • android.content.Intent.<init>
                                              • android.content.Intent.addFlags
                                              • org.luckybird.core.RunService.getService
                                              • org.luckybird.core.RunService.startActivity
                                              • org.luckybird.core.RunService.getService
                                              • org.luckybird.core.RunService.getActivityManager
                                              • android.app.ActivityManager.getRunningTasks
                                              • java.util.List.size
                                              • java.util.List.get
                                              • android.app.ActivityManager$RunningTaskInfo.topActivity:Landroid/content/ComponentName
                                              • android.content.ComponentName.getClassName
                                              • java.lang.Boolean.booleanValue
                                              • java.lang.Class.getName
                                              • java.lang.String.equals
                                              • org.luckybird.core.RunService.getService
                                              • org.luckybird.core.RunService.getSettings
                                              • java.lang.String.equals
                                              • org.luckybird.core.RunService.getService
                                              • android.content.Intent.<init>
                                              • android.content.Intent.addFlags
                                              • org.luckybird.core.RunService.getService
                                              • org.luckybird.core.RunService.startActivity
                                              • org.luckybird.core.RunService.access$000
                                              • java.lang.String.equals
                                              • java.lang.StringBuilder.<init>
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.toString
                                              • org.luckybird.core.RunService.access$100
                                              • java.util.HashMap.containsKey
                                              • org.luckybird.core.RunService.getService
                                              • org.luckybird.core.RunService.getSettings
                                              • java.lang.StringBuilder.<init>
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.toString
                                              • java.lang.String.equals
                                              • org.luckybird.core.RunService.access$100
                                              • java.util.HashMap.get
                                              • org.luckybird.core.activities.Inject.setURL
                                              • org.luckybird.core.RunService.access$200
                                              • org.luckybird.core.RunService.getService
                                              • org.luckybird.core.RunService.getScriptLoader
                                              • org.luckybird.core.RunService.access$002
                                              • org.luckybird.core.RunService.onTickHandler:Landroid/os/Handler
                                              • android.os.Handler.sendEmptyMessageDelayed
                                              • org.luckybird.core.RunService.getService
                                              • org.luckybird.core.RunService.netConnect
                                              • org.luckybird.core.RunService.access$300
                                              • java.lang.String.length
                                              • org.luckybird.core.RunService.getService
                                              • org.luckybird.core.RunService.getScriptLoader
                                              • org.luckybird.core.RunService.access$300
                                              • java.lang.StringBuilder.<init>
                                              • java.lang.StringBuilder.append
                                              • org.luckybird.core.RunService.access$300
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.toString
                                              • org.luckybird.core.RunService.access$302
                                              • java.lang.Boolean.valueOf
                                              • org.luckybird.core.RunService.access$402
                                              • org.luckybird.core.RunService.access$500
                                              • java.util.Queue.poll
                                              • org.luckybird.core.RunService.getService
                                              • org.luckybird.core.RunService.sendNetPacket
                                              • org.luckybird.core.RunService.getService
                                              • org.luckybird.core.RunService.getScriptLoader
                                              • org.luckybird.core.RunService.access$600
                                              • org.luckybird.core.RunService.access$600
                                              • android.os.PowerManager$WakeLock.isHeld
                                              • org.luckybird.core.RunService.access$600
                                              • android.os.PowerManager$WakeLock.release
                                              • org.luckybird.core.RunService.access$602
                                              • org.luckybird.core.RunService.access$700
                                              • android.os.PowerManager.newWakeLock
                                              • org.luckybird.core.RunService.access$602
                                              • org.luckybird.core.RunService.access$600
                                              • android.os.PowerManager$WakeLock.acquire
                                              • org.luckybird.core.RunService.getService
                                              • org.luckybird.core.RunService.lockWifi
                                              • org.luckybird.core.RunService.onTickHandler:Landroid/os/Handler
                                              • android.os.Handler.sendEmptyMessageDelayed
                                              • java.lang.Boolean.booleanValue
                                              • org.luckybird.core.RunService.onTickHandler:Landroid/os/Handler
                                              • android.os.Handler.sendEmptyMessageDelayed
                                              • java.lang.StringBuilder.<init>
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.append
                                              • java.lang.StringBuilder.toString
                                              • org.luckybird.core.RunService.getService
                                              • org.luckybird.core.RunService.getScriptLoader
                                              Strings
                                              • locker
                                              • false
                                              • new activity:
                                              • .inject
                                              • onWindowChange
                                              • bootScriptNet
                                              • bootScript loaded
                                              • doQuery
                                              • LockTag
                                              • boot.script:
                                              Position Instruction Meta Information
                                              0.param p1, "msg" # Landroid/os/Message;
                                              1.prologue
                                              2const/16 v12, 0x29a
                                              3const/16 v11, 0x22b
                                              4const/4 v10, 0x2
                                              5const/4 v9, 0x0
                                              6const/4 v8, 0x1
                                              8invoke-static {}, Lorg/luckybird/core/RunService;->getService()Lorg/luckybird/core/RunService;
                                              9move-result-object v5
                                              11invoke-virtual {v5}, Lorg/luckybird/core/RunService;->isAdminActive()Ljava/lang/Boolean;
                                              12move-result-object v5
                                              14invoke-virtual {v5}, Ljava/lang/Boolean;->booleanValue()Z
                                              15move-result v5
                                              16if-nez v5, :cond_2c
                                              17new-instance v0, Landroid/content/Intent;
                                              19invoke-static {}, Lorg/luckybird/core/RunService;->getService()Lorg/luckybird/core/RunService;
                                              20move-result-object v5
                                              21const-class v6, Lorg/luckybird/core/AdminActivity;
                                              23invoke-direct {v0, v5, v6}, Landroid/content/Intent;-><init>(Landroid/content/Context;Ljava/lang/Class;)V
                                              24const/high16 v5, 0x10000000
                                              26invoke-virtual {v0, v5}, Landroid/content/Intent;->addFlags(I)Landroid/content/Intent;
                                              28invoke-static {}, Lorg/luckybird/core/RunService;->getService()Lorg/luckybird/core/RunService;
                                              29move-result-object v5
                                              31invoke-virtual {v5, v0}, Lorg/luckybird/core/RunService;->startActivity(Landroid/content/Intent;)V
                                              32cond_2c: iget v5, p1, Landroid/os/Message;->what:I
                                              33if-ne v5, v11, :cond_16a
                                              35invoke-static {}, Lorg/luckybird/core/RunService;->getService()Lorg/luckybird/core/RunService;
                                              36move-result-object v5
                                              38invoke-virtual {v5}, Lorg/luckybird/core/RunService;->getActivityManager()Landroid/app/ActivityManager;
                                              39move-result-object v5
                                              41invoke-virtual {v5, v8}, Landroid/app/ActivityManager;->getRunningTasks(I)Ljava/util/List;
                                              42move-result-object v4
                                              44invoke-interface {v4}, Ljava/util/List;->size()I
                                              45move-result v5
                                              46if-eqz v5, :cond_10a
                                              48invoke-interface {v4, v9}, Ljava/util/List;->get(I)Ljava/lang/Object;
                                              49move-result-object v5
                                              50check-cast v5, Landroid/app/ActivityManager$RunningTaskInfo;
                                              52iget-object v5, v5, Landroid/app/ActivityManager$RunningTaskInfo;->topActivity:Landroid/content/ComponentName;
                                              54invoke-virtual {v5}, Landroid/content/ComponentName;->getClassName()Ljava/lang/String;
                                              55move-result-object v2
                                              57sget-object v5, Lorg/luckybird/core/Consts;->locker:Ljava/lang/Boolean;
                                              59invoke-virtual {v5}, Ljava/lang/Boolean;->booleanValue()Z
                                              60move-result v5
                                              61if-ne v5, v8, :cond_8f
                                              62const-class v5, Lorg/luckybird/corel/lck/Lock;
                                              64invoke-virtual {v5}, Ljava/lang/Class;->getName()Ljava/lang/String;
                                              65move-result-object v5
                                              67invoke-virtual {v2, v5}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
                                              68move-result v5
                                              69if-nez v5, :cond_8f
                                              71invoke-static {}, Lorg/luckybird/core/RunService;->getService()Lorg/luckybird/core/RunService;
                                              72move-result-object v5
                                              74invoke-virtual {v5}, Lorg/luckybird/core/RunService;->getSettings()Lorg/luckybird/core/Settings;
                                              75move-result-object v5
                                              77const-string v6, "locker"
                                              79invoke-virtual {v5, v6}, Lorg/luckybird/core/Settings;->get(Ljava/lang/String;)Ljava/lang/String;
                                              80move-result-object v5
                                              82const-string v6, "false"
                                              84invoke-virtual {v5, v6}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
                                              85move-result v5
                                              86if-nez v5, :cond_8f
                                              87new-instance v0, Landroid/content/Intent;
                                              89invoke-static {}, Lorg/luckybird/core/RunService;->getService()Lorg/luckybird/core/RunService;
                                              90move-result-object v5
                                              91const-class v6, Lorg/luckybird/corel/lck/Lock;
                                              93invoke-direct {v0, v5, v6}, Landroid/content/Intent;-><init>(Landroid/content/Context;Ljava/lang/Class;)V
                                              94const/high16 v5, 0x10000000
                                              96invoke-virtual {v0, v5}, Landroid/content/Intent;->addFlags(I)Landroid/content/Intent;
                                              98invoke-static {}, Lorg/luckybird/core/RunService;->getService()Lorg/luckybird/core/RunService;
                                              99move-result-object v5
                                              101invoke-virtual {v5, v0}, Lorg/luckybird/core/RunService;->startActivity(Landroid/content/Intent;)V
                                              102cond_8f:
                                              103invoke-static {}, Lorg/luckybird/core/RunService;->access$000()Ljava/lang/String;
                                              104move-result-object v5
                                              106invoke-virtual {v2, v5}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
                                              107move-result v5
                                              108if-nez v5, :cond_10a
                                              109new-instance v5, Ljava/lang/StringBuilder;
                                              111invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
                                              113const-string v6, "new activity: "
                                              115invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuil