ID: Sample Name: base.apk Cookbook: defaultandroidfilecookbook.jbs Time: 19:21:07 Date: 08/12/2017 Version:

Transcription

1 ID: Sample Name: base.apk Cookbook: defaultandroidfilecookbook.jbs Time: 19:21:07 Date: 08/12/2017 Version:

2 Table of Contents Table of Contents Analysis Report Overview General Information Detection Classification Sinature Overview Chane of System Appearance: AV Detection: Location Tracin: Operatin System Destruction: Spam, unwanted Advertisements and Ransom Demands: Exploits: Key, Mouse, Clipboard, Microphone and Screen Capturin: E-Bankin Fraud: Networkin: Boot Survival: Remote Access Functionality: Stealin of Sensitive Information: Data Obfuscation: Spreadin: System Summary: HIPS / PFW / Operatin System Protection Evasion: Malware Analysis System Evasion: Hookin and other Techniques for Hidin and Protection: Lanuae, Device and Operatin System Detection: Antivirus Detection Initial Sample Dropped Files Domains Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Static File Info General Static APK Info General Activities Receivers Services Permission Requested Certificate Resources Network Behavior Network Port Distribution TCP Packets UDP Packets APK Behavior Copyriht Joe Security LLC 2017 Pae 2 of 150

3 Installation Miscellaneous By Permission (executed) By Permission (non-executed) By Class (executed) By Class (non-executed) By API Disassembly 0 Executed Methods 0 Non-Executed Methods Copyriht Joe Security LLC 2017 Pae 3 of 150

4 Analysis Report Overview General Information Joe Sandbox Version: Analysis ID: Start time: 19:21:07 Joe Sandbox Product: CloudBasic Start date: Overall analysis duration: Hypervisor based Inspection enabled: Report type: Sample file name: Cookbook file name: 0h 2m 40s false liht base.apk Analysis system description: Android 6.0 Detection: Classification: Warnins: Errors: defaultandroidfilecookbook.jbs MAL Show All No dynamic available No interacted views No simulation commands forwarded to apk Not all resource files were parsed Not all resource strins were parsed Report size exceeded maximum capacity and may have missin behavior information. Report size exceeded maximum capacity and may have missin dynamic code. Setup command "_JBInstallAPK" failed: INSTALL_FAILED_UPDATE_INCOMPATIBLE Detection Stratey Score Rane Reportin Detection Threshold Report FP / FN Classification Copyriht Joe Security LLC 2017 Pae 4 of 150

5 Ransomware Miner Spreadin malicious malicious malicious Evader Phishin suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Sinature Overview of System Appearance Chane Detection AV Tracin Location System Destruction Operatin unwanted Advertisements and Ransom Demands Spam, Exploits Mouse, Clipboard, Microphone and Screen Capturin Key, Fraud E-Bankin Networkin Survival Boot Access Functionality Remote of Sensitive Information Stealin Obfuscation Data Spreadin Summary System / PFW / Operatin System Protection Evasion HIPS Analysis System Evasion Malware and other Techniques for Hidin and Protection Hookin Lanuae, Device and Operatin System Detection Click to jump to sinature section Chane of System Appearance: Copyriht Joe Security LLC 2017 Pae 5 of 150

6 Acquires a wake lock May access the Android keyuard (lock screen) AV Detection: Antivirus detection for submitted file Location Tracin: Queries the phones location (GPS) Operatin System Destruction: Lists and deletes files in the same context Spam, unwanted Advertisements and Ransom Demands: Loads advertisement Has permission to perform phone calls in the backround Has permission to send SMS in the backround Has permissions to monitor, redirect and/or block calls May dial phone number May use Goole Cloud Messain (GCM) or Goole's Cloud to Device Messain (C2DM) services Sends SMS usin SmsManaer Exploits: Miht use exploit to break dedexer tools Key, Mouse, Clipboard, Microphone and Screen Capturin: Accesses the audio/media manaers Has permission to record audio in the backround Has permission to take photos Records audio/media E-Bankin Fraud: Has permission to query the list of currently runnin applications Networkin: Found strins which match to known social media urls Monitors network connection state Urls found in memory or binary Uses HTTP for connectin to the internet Checks an internet connection is available Enables or disables WIFI Opens an internet connection Performs DNS lookups (Java API) Removes or disables confiured WIFI access points Boot Survival: Has permission to execute code after phone reboot Installs a new wake lock (to et activate on phone screen on) Copyriht Joe Security LLC 2017 Pae 6 of 150

7 Remote Access Functionality: Found suspicious command strins (may be related to BOT commands) Stealin of Sensitive Information: Has permission to query the current location Creates SMS (e.. PDU) Has permission to read contacts Has permission to read low-level lo files (spy personal ) Has permission to read the SMS storae Has permission to read the call lo Has permission to read the phones state (phone number, device IDs, active call ect.) Has permission to receive SMS in the backround Has permissions to create, read or chane account settins (inlcudin account password settins) Monitors incomin SMS Queries a list of installed applications Queries camera information Queries list of installed packaes Queries stored mail and application accounts (e.. Gmail or Whatsup) Queries the Gool Account Name Queries the list of confiured WIFI access points Monitors outoin Phone calls Data Obfuscation: Obfuscates method names Uses reflection Spreadin: Accesses external storae location Has permission to chane the WIFI confiuration includin connectin and disconnectin Has permission to download files without notification System Summary: Classification label Loads native libraries Reads shares settins Kills/terminates processes Requests permissions only permitted to sined APKs Requests permissions only permitted to sined APKs or APKs which are within the system imae Requests potentially danerous permissions HIPS / PFW / Operatin System Protection Evasion: Uses the DexClassLoader (often used for code injection) Malware Analysis System Evasion: Accesses android OS build fields Queries several sensitive phone informations Queries the unique operatin system id (ANDROID_ID) Copyriht Joe Security LLC 2017 Pae 7 of 150

8 Hookin and other Techniques for Hidin and Protection: Uses Crypto APIs Aborts a broadcast event (this is often done to hide phone events such as incomin SMS) Clears saved account passwords Has permission to draw over other applications or user interfaces Has permission to query the list of currently runnin applications Has permission to use bluetooth to discover and pair with other devices Has permissions to monitor, redirect and/or block calls Removes its application launcher (likely to stay hidden) Lanuae, Device and Operatin System Detection: Queries the network operator numeric MCC+MNC (mobile country code + mobile network code) Queries the unqiue device ID (IMEI, MEID or ESN) Antivirus Detection Initial Sample Source Detection Cloud Link base.apk 11% virustotal Browse Dropped Files No Antivirus matches Domains No Antivirus matches Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Copyriht Joe Security LLC 2017 Pae 8 of 150

9 Created / dropped Files No created / dropped files found Contacted Domains/Contacted IPs Contacted Domains No contacted domains info Contacted IPs No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs IP Country Fla ASN ASN Name Malicious Reserved unknown unknown false United States GOOGLE-GooleIncUS false United States GOOGLE-GooleIncUS false Static File Info General File type: Java Jar file (zip) TrID: MIUI Theme (30504/1) 25.63% OpenDocument Format (eneric) (25004/1) 21.01% OpenOffice Extension (21504/1) 18.07% Android Packae (19004/1) 15.97% Java Archive (13504/1) 11.35% File name: base.apk File size: MD5: SHA1: SHA256: 0f9f54f14c9f950b6283e4379b28339a b8db4fde26758b068362ef6b32 5f305a67afda9fce3ce b3d24a1e275b5e485dd1 7020ba33951c00518 Copyriht Joe Security LLC 2017 Pae 9 of 150

10 General SHA512: File Content Preview: a2da51e0c489aa8a0795c1550dc5b26d71fac118a e38680faeac9b9642d21ac721f4822aca2628e33a93663 b6b76d6840bba02e5f81e5752f9e0ce4fe1 PK...!:EN assets/HowToTapDemonstration/ Imaes/Phone.pn PNG...IHDR...Y.....IDATx...$Y...h..^..m..m..m..m...(...2ZFQQ.*K8.C^...<..k..E...~.OC]i.(...bt...(*.*..x.I.3..."...E.P.&.;... Static APK Info General Label: Goole Play services Minimum SDK required: 23 Taret SDK required: 23 Version Code: Version Name: Packae Name: com.oole.android.ms Is Activity: true Is Receiver: true Is Service: true Requests System Level Permissions: false Play Store Compatible: true Activities Name Is Entrypoint com.oole.android.mscom.oole.android.ms.common.api.gooleapiactivity com.oole.android.mscom.oole.android.ms.accountsettins.ui.myaccountnotavailablealertactivity com.oole.android.mscom.oole.android.ms.accountsettins.ui.myaccountsettinsactivity com.oole.android.mscom.oole.android.ms.accountsettins.ui.settinsloaderactivity com.oole.android.mscom.oole.android.ms.ads.settins.adssettinsactivity com.oole.android.mscom.oole.android.ms.app.settins.opensourcelicensesactivity com.oole.android.mscom.oole.android.ms.app.settins.manaespaceactivity com.oole.android.mscom.oole.android.ms.app.settins.recoverpermissionactivity com.oole.android.mscom.oole.android.ms.appinvite.appinviteactivity com.oole.android.mscom.oole.android.ms.appinvite.ui.context.contextualpeopleselectionactivity com.oole.android.mscom.oole.android.ms.appinvite.appinviteacceptinvitationactivity com.oole.android.mscom.oole.android.ms.auth.api.sinin.ui.sininactivity com.oole.android.mscom.oole.android.ms.auth.tokenactivity com.oole.android.mscom.oole.android.ms.auth.account.otp.otpactivity com.oole.android.mscom.oole.android.ms.auth.frp.factoryresetprotectionactivity com.oole.android.mscom.oole.android.ms.auth.frp.freunlockactivity com.oole.android.mscom.oole.android.ms.auth.frp.frpinterstitialactivity com.oole.android.mscom.oole.android.ms.auth.loin.checkininterstitialactivity com.oole.android.mscom.oole.android.ms.auth.loin.confirmaccountdeletionactivity com.oole.android.mscom.oole.android.ms.auth.loin.loinactivity com.oole.android.mscom.oole.android.ms.auth.loin.captchaactivity com.oole.android.mscom.oole.android.ms.auth.loin.usernamepasswordactivity com.oole.android.mscom.oole.android.ms.auth.loin.loinactivitytask com.oole.android.mscom.oole.android.ms.auth.loin.showerroractivity com.oole.android.mscom.oole.android.ms.auth.loin.browseractivity com.oole.android.mscom.oole.android.ms.auth.setup.d2d.smartdeviceactivity com.oole.android.mscom.oole.android.ms.auth.setup.d2d.sourceactivity com.oole.android.mscom.oole.android.ms.auth.setup.d2d.sourcenfchandleractivity com.oole.android.mscom.oole.android.ms.auth.uiflows.addaccount.browsersininactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.addaccount.preaddaccountactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.addaccount.uncertifiednotificationactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.addaccount.uncertifiedsecondarynotificationactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.minutemaid.minutemaidactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.addaccount.addaccountactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.addaccount.dmdownloadinstallactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.addaccount.dmsetscreenlockactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.addaccount.removeaccountactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.addaccount.erroractivity com.oole.android.mscom.oole.android.ms.auth.uiflows.addaccount.cantaddworkaccountactivity Copyriht Joe Security LLC 2017 Pae 10 of 150

11 com.oole.android.mscom.oole.android.ms.auth.uiflows.addaccount.gooleservicesactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.addaccount.accountaddedactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.addaccount.wrappercontrolledactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.common.phoneskydpcinstallactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.consent.grantcredentialswithaclactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.consent.authaudienceviewactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.consent.authscopedetailsactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.ettoken.gettokenactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.common.dmdiscoveraccountactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.common.updatecredentialsactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.common.filterinredirectactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.common.unpackinredirectactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.controller.controllerlauncheractivity com.oole.android.mscom.oole.android.ms.auth.uiflows.addaccount.accountintroactivity com.oole.android.mscom.oole.android.ms.auth.uiflows.addaccount.finishsessionactivity com.oole.android.mscom.oole.android.ms.auth.account.visibility.requestaccountsaccessactivity com.oole.android.mscom.oole.android.ms.auth.api.credentials.ui.credentialssettinsactivity com.oole.android.mscom.oole.android.ms.auth.api.credentials.ui.credentialpickeractivity com.oole.android.mscom.oole.android.ms.auth.api.credentials.ui.credentialssaveconfirmationactivity com.oole.android.mscom.oole.android.ms.auth.api.credentials.openyolo.provider.hintactivity com.oole.android.mscom.oole.android.ms.auth.api.credentials.openyolo.provider.retrievecredentialactivity com.oole.android.mscom.oole.android.ms.auth.api.credentials.openyolo.provider.savecredentialactivity com.oole.android.mscom.oole.android.ms.auth.authzen.transaction.secondscreen.secondscreengettokenactivity com.oole.android.mscom.oole.android.ms.auth.authzen.transaction.workflows.simplenotificationworkflow com.oole.android.mscom.oole.android.ms.auth.authzen.transaction.workflows.basicconfirmationworkflow com.oole.android.mscom.oole.android.ms.auth.authzen.transaction.workflows.doubleconfirmationworkflow com.oole.android.mscom.oole.android.ms.auth.authzen.transaction.workflows.pinconfirmationworkflow com.oole.android.mscom.oole.android.ms.auth.authzen.authzendeeplinkhandleractivity com.oole.android.mscom.oole.android.ms.auth.authzen.transaction.simplepromptactivity com.oole.android.mscom.oole.android.ms.auth.authzen.transaction.accountchooseractivity com.oole.android.mscom.oole.android.ms.maictether.client.activehostinfodialoactivity com.oole.android.mscom.oole.android.ms.maictether.client.connecttohostdialoactivity com.oole.android.mscom.oole.android.ms.maictether.host.firsttimesetupdialoactivity com.oole.android.mscom.oole.android.ms.maictether.host.provisioninfaileddialoactivity com.oole.android.mscom.oole.android.ms.maictether.ui.settins.settinsactivity com.oole.android.mscom.oole.android.ms.auth.manaed.ui.emmactivity com.oole.android.mscom.oole.android.ms.auth.manaed.ui.phoneskydpcinstallactivity com.oole.android.mscom.oole.android.ms.auth.manaed.ui.setupworkprofileactivity com.oole.android.mscom.oole.android.ms.autofill.ui.autofillactivity com.oole.android.mscom.oole.android.ms.autofill.ui.autofilldialoactivity com.oole.android.mscom.oole.android.ms.autofill.ui.autofillsettinsactivity com.oole.android.mscom.oole.android.ms.backup.setbackupaccountactivity com.oole.android.mscom.oole.android.ms.backup.component.d2dprelsourceactivity com.oole.android.mscom.oole.android.ms.backup.component.usbdeviceattachedactivity com.oole.android.mscom.oole.android.ms.backup.component.d2dsourceactivity com.oole.android.mscom.oole.android.ms.backup.component.d2dmirateflowactivity com.oole.android.mscom.oole.android.ms.backup.component.cloudrestoreflowactivity com.oole.android.mscom.oole.android.ms.backup.component.emmrestoreflowactivity com.oole.android.mscom.oole.android.ms.backup.component.backupoptinactivity com.oole.android.mscom.oole.android.ms.backup.component.backupsettinsactivity com.oole.android.mscom.oole.android.ms.backup.component.setbackupaccountflowactivity com.oole.android.mscom.oole.android.ms.car.broadcastredirectactivity com.oole.android.mscom.oole.android.ms.car.carhomeactivity com.oole.android.mscom.oole.android.ms.car.carservicesettinsactivity2 com.oole.android.mscom.oole.android.ms.car.stopperactivity com.oole.android.mscom.oole.android.ms.car.firstactivity com.oole.android.mscom.oole.android.ms.car.setupactivity com.oole.android.mscom.oole.android.ms.car.carerrordisplayactivity com.oole.android.mscom.oole.android.ms.carsetup.discoveraasettinsactivity com.oole.android.mscom.oole.android.ms.cast.settins.castsettinsactivity com.oole.android.mscom.oole.android.ms.cast.activity.castnearbypinactivity com.oole.android.mscom.oole.android.ms.chromesync.ui.custompassphrasedialo com.oole.android.mscom.oole.android.ms.common.account.simpleaccountpickeractivity com.oole.android.mscom.oole.android.ms.common.account.accountchipaccountpickeractivity Is Entrypoint true Copyriht Joe Security LLC 2017 Pae 11 of 150

12 com.oole.android.mscom.oole.android.ms.common.account.accountpickeractivity com.oole.android.mscom.oole.android.ms.common.download.downloadservicesettinsactivity com.oole.android.mscom.oole.android.ms.constellation.ui.constellationdebuactivity com.oole.android.mscom.oole.android.ms.constellation.ui.constellationsettinsactivity com.oole.android.mscom.oole.android.ms.constellation.ui.constellationwebsettinsactivity com.oole.android.mscom.oole.android.ms.app.settins.goolesettinsactivity com.oole.android.mscom.oole.android.ms.app.net.networkusaeactivity com.oole.android.mscom.oole.android.ms.app.net.networkusaeactivityadvanced com.oole.android.mscom.oole.android.ms.app.settins.datamanaementactivity com.oole.android.mscom.oole.android.ms.drive.ui.create.createfileactivitydeleate com.oole.android.mscom.oole.android.ms.drive.ui.select.selectfileactivity com.oole.android.mscom.oole.android.ms.drive.ui.driveuitestcreatefiledialoframentactivity com.oole.android.mscom.oole.android.ms.family.create.familycreationactivity com.oole.android.mscom.oole.android.ms.family.manae.familymanaementactivity com.oole.android.mscom.oole.android.ms.family.manae.deletememberactivity com.oole.android.mscom.oole.android.ms.family.invites.sendinvitationsactivity com.oole.android.mscom.oole.android.ms.family.v2.create.familycreationactivity com.oole.android.mscom.oole.android.ms.family.v2.manae.familymanaementactivity com.oole.android.mscom.oole.android.ms.family.v2.manae.deletememberactivity com.oole.android.mscom.oole.android.ms.family.v2.manae.invitationmanaementactivity com.oole.android.mscom.oole.android.ms.family.v2.invites.sendinvitationsactivity com.oole.android.mscom.oole.android.ms.family.v2.tos.tosactivity com.oole.android.mscom.oole.android.ms.feedback.feedbackactivity com.oole.android.mscom.oole.android.ms.feedback.suestionsactivity com.oole.android.mscom.oole.android.ms.feedback.annotatescreenshotactivity com.oole.android.mscom.oole.android.ms.feedback.previewscreenshotactivity com.oole.android.mscom.oole.android.ms.feedback.previewactivity com.oole.android.mscom.oole.android.ms.feedback.showtextactivity com.oole.android.mscom.oole.android.ms.feedback.intentlistenerfeedbackactivity com.oole.android.mscom.oole.android.ms.fido.fido2.ui.authenticateactivity com.oole.android.mscom.oole.android.ms.fido.u2f.ui.authenticateactivity com.oole.android.mscom.oole.firebase.auth.api.ms.ui.browsersininstarteractivity com.oole.android.mscom.oole.firebase.auth.api.ms.ui.browsersininresponsehandleractivity com.oole.android.mscom.oole.android.ms.fitness.settins.fitnesssettinsactivity com.oole.android.mscom.oole.android.ms.fitness.settins.manaedatasourcesactivity com.oole.android.mscom.oole.android.ms.ames.playgamesupradeactivity com.oole.android.mscom.oole.android.ms.cm.gcmdianostics com.oole.android.mscom.oole.android.ms.cm.fakegcmnotificationactivity com.oole.android.mscom.oole.android.ms.oolehelp.helpactivities.devicesinalsexportactivity com.oole.android.mscom.oole.android.ms.oolehelp.helpactivities.openhelprtcactivity com.oole.android.mscom.oole.android.ms.oolehelp.helpactivities.helpactivity com.oole.android.mscom.oole.android.ms.oolehelp.helpactivities.systemapptrampolineactivity com.oole.android.mscom.oole.android.ms.oolehelp.helpactivities.clicktocallactivity com.oole.android.mscom.oole.android.ms.oolehelp.helpactivities. activity com.oole.android.mscom.oole.android.ms.oolehelp.helpactivities.openhelpactivity com.oole.android.mscom.oole.android.ms.oolehelp.webview.goolehelprenderinapiwebviewactivity com.oole.android.mscom.oole.android.ms.oolehelp.webview.goolehelpwebviewactivity com.oole.android.mscom.oole.android.ms.oolehelp.contact.chat.chatsupportrequestformactivity com.oole.android.mscom.oole.android.ms.oolehelp.contact.chat.chatconversationactivity com.oole.android.mscom.oole.android.ms.oolehelp.helpactivities.exitactivity com.oole.android.mscom.oole.android.ms.rowth.ui.growthdebuactivity com.oole.android.mscom.oole.android.ms.icin.ui.icinmanaespaceactivity com.oole.android.mscom.oole.android.ms.icin.ui.debu.appindexindebuactivity com.oole.android.mscom.oole.android.ms.icin.ui.icinprivacyactivity com.oole.android.mscom.oole.android.ms.instantapps.settins.optinactivity com.oole.android.mscom.oole.android.ms.instantapps.settins.settinsactivity com.oole.android.mscom.oole.android.ms.kids.chimera.reisterprofileowneractivityproxy com.oole.android.mscom.oole.android.ms.kids.lockscreenactivity com.oole.android.mscom.oole.android.ms.kids.kidsetupactivity com.oole.android.mscom.oole.android.location.network.confirmalertactivity com.oole.android.mscom.oole.android.location.settins.goolelocationsettinsactivity com.oole.android.mscom.oole.android.location.settins.locationhistorysettinsactivity com.oole.android.mscom.oole.android.location.settins.activityreconitionpermissionactivity com.oole.android.mscom.oole.android.location.settins.locationsettinscheckeractivity Is Entrypoint Copyriht Joe Security LLC 2017 Pae 12 of 150

13 com.oole.android.mscom.oole.android.location.settins.locationsettinsoffdialoactivity com.oole.android.mscom.oole.android.ms.locationsharin.activity.locationsharinredirectactivity com.oole.android.mscom.oole.android.ms.locationsharin.leacy.leacylocationsharinsettinsactivity com.oole.android.mscom.oole.android.ms.locationsharin.activity.locationsharinsettinsactivity com.oole.android.mscom.oole.android.ms.locationsharin.updateshares.people.peopleselectionactivity com.oole.android.mscom.oole.android.ms.locationsharin.updateshares.updatesharesactivity com.oole.android.mscom.oole.android.ms.locationsharin.activity.onboardinactivity com.oole.android.mscom.oole.android.ms.matchstick.call.callactivity com.oole.android.mscom.oole.android.ms.matchstick.ui.messaeactivity com.oole.android.mscom.oole.android.ms.matchstick.settins.reistrationactivity com.oole.android.mscom.oole.android.ms.matchstick.settins.matchsticksettinsactivity com.oole.android.mscom.oole.android.ms.matchstick.ui.entryactivity com.oole.android.mscom.oole.android.ms.nearby.discovery.ui.discoverylistactivity com.oole.android.mscom.oole.android.ms.nearby.discovery.ui.discoverychrometabactivity com.oole.android.mscom.oole.android.ms.nearby.discovery.ui.notificationsettinsactivity com.oole.android.mscom.oole.android.ms.nearby.messaes.settins.nearbymessaesappoptinactivity com.oole.android.mscom.oole.android.ms.netrec.scorin.client.wfa.wfaoptinactivity com.oole.android.mscom.oole.android.ms.notifications.gunsnotificationactivity com.oole.android.mscom.oole.android.ms.notifications.gunsbrowseractivity com.oole.android.mscom.oole.android.ms.ocr.securedcreditcardocractivity com.oole.android.mscom.oole.android.ms.ocr.cardcaptureactivity com.oole.android.mscom.oole.android.ms.ocr.giftcardocractivity com.oole.android.mscom.oole.android.ms.octarine.ui.octarinewebviewactivity com.oole.android.mscom.oole.android.ms.update.systemupdateactivity com.oole.android.mscom.oole.android.ms.update.phone.systemupdateactivity com.oole.android.mscom.oole.android.ms.update.completedialo com.oole.android.mscom.oole.android.ms.update.updatefromsdcardactivity com.oole.android.mscom.oole.android.ms.panorama.panoramaviewactivity com.oole.android.mscom.oole.android.ms.peerdownloadmanaer.common.debuactivity com.oole.android.mscom.oole.android.ms.people.profile.avataractivity com.oole.android.mscom.oole.android.ms.people.pub.peopleinvitecontactactivity com.oole.android.mscom.oole.android.ms.people.pub.peopleviewcircleactivity com.oole.android.mscom.oole.android.ms.people.pub.peopleprofileactiongatewayactivity com.oole.android.mscom.oole.android.ms.people.person.peoplecirclepickersprinboardactivity com.oole.android.mscom.oole.android.ms.people.profile.avatarpreviewactivity com.oole.android.mscom.oole.android.ms.people.settins.peopleexternalsettinsactivity com.oole.android.mscom.oole.android.ms.people.settins.peopleinternalsettinsactivity com.oole.android.mscom.oole.android.ms.people.settins.datalayerinternalsettinsactivity com.oole.android.mscom.oole.android.ms.people.settins.peoplecontactsbackupandsyncsettinsactivity com.oole.android.mscom.oole.android.ms.people.layer.notification.apdlnotificationactivity com.oole.android.mscom.oole.android.ms.photos.autobackup.ui.autobackupsettinsactivity com.oole.android.mscom.oole.android.ms.photos.autobackup.ui.autobackupsettinsredirectactivity com.oole.android.mscom.oole.android.ms.photos.autobackup.ui.localfoldersbackupsettins com.oole.android.mscom.oole.android.ms.photos.autobackup.ui.promo.autobackuppromoactivity com.oole.android.mscom.oole.android.location.places.ui.aliaseditor.aliaseditoractivity com.oole.android.mscom.oole.android.location.places.ui.autocomplete.autocompleteactivity com.oole.android.mscom.oole.android.location.places.ui.placepicker.placepickeractivity com.oole.android.mscom.oole.android.location.places.ui.placepicker.v1.placepickeractivity com.oole.android.mscom.oole.android.ms.plus.oob.plusactivity com.oole.android.mscom.oole.android.ms.plus.oob.upradeaccountactivity com.oole.android.mscom.oole.android.ms.plus.oob.upradeaccountinfoactivity com.oole.android.mscom.oole.android.ms.plus.sharebox.shareboxactivity com.oole.android.mscom.oole.android.ms.plus.sharebox.addtocircleactivity com.oole.android.mscom.oole.android.ms.plus.audience.circlecreationactivity com.oole.android.mscom.oole.android.ms.plus.sharebox.replyboxactivity com.oole.android.mscom.oole.android.ms.plus.audience.audiencesearchactivity com.oole.android.mscom.oole.android.ms.plus.audience.aclselectionactivity com.oole.android.mscom.oole.android.ms.plus.audience.circleselectionactivity com.oole.android.mscom.oole.android.ms.plus.audience.updatecirclesactivity com.oole.android.mscom.oole.android.ms.plus.audience.updateactiononlyactivity com.oole.android.mscom.oole.android.ms.plus.audience.faclselectionactivity com.oole.android.mscom.oole.android.ms.plus.circles.addtocircleconsentactivity com.oole.android.mscom.oole.android.ms.plus.plusone.plusoneactivity com.oole.android.mscom.oole.android.ms.plus.ui.dpadnaviablewebviewactivity Is Entrypoint Copyriht Joe Security LLC 2017 Pae 13 of 150

14 com.oole.android.mscom.oole.android.ms.plus.apps.listappsactivity com.oole.android.mscom.oole.android.ms.plus.apps.manaeappactivity com.oole.android.mscom.oole.android.ms.plus.apps.manaemomentactivity com.oole.android.mscom.oole.android.ms.plus.apps.manaedeviceactivity com.oole.android.mscom.oole.android.ms.plus.activity.accountsinupactivity com.oole.android.mscom.oole.android.ms.romanesco.settins.contactsbackupandsyncsettinsactivity com.oole.android.mscom.oole.android.ms.romanesco.settins.contactsrestoresettinsactivity com.oole.android.mscom.oole.android.ms.romanesco.settins.contactsrestoredialoactivity com.oole.android.mscom.oole.android.ms.security.settins.securitysettinsactivity com.oole.android.mscom.oole.android.ms.security.settins.verifyappssettinsactivity com.oole.android.mscom.oole.android.ms.security.settins.admsettinsactivity com.oole.android.mscom.oole.android.ms.mdm.mdmsettinsactivitypermissiontrampoline com.oole.android.mscom.oole.android.ms.mdm.lockscreenactivity com.oole.android.mscom.oole.android.ms.mdm.lockscreenactivitypermissiontrampoline com.oole.android.mscom.oole.android.ms.security.recaptcha.recaptchaactivity com.oole.android.mscom.oole.android.ms.setupservices.gooleservicesactivity com.oole.android.mscom.oole.android.ms.sinin.activity.sininactivity com.oole.android.mscom.oole.android.ms.smart_profile.smartprofileactivity com.oole.android.mscom.oole.android.ms.smart_profile.contactspickeractivity com.oole.android.mscom.oole.android.ms.smartdevice.setup.ui.discoveryactivity com.oole.android.mscom.oole.android.ms.smartdevice.setup.ui.gcdsetupactivity com.oole.android.mscom.oole.android.ms.smartdevice.setup.ui.d2dsetupactivity com.oole.android.mscom.oole.android.ms.smartdevice.setup.ui.accountchalleneactivity com.oole.android.mscom.oole.android.ms.smartdevice.setup.ui.d2dsourcenfchandleractivity com.oole.android.mscom.oole.android.ms.smartdevice.d2d.ui.taretactivity com.oole.android.mscom.oole.android.ms.smartdevice.d2d.ui.sourcedirecttransferactivity com.oole.android.mscom.oole.android.ms.smartdevice.d2d.ui.taretdirecttransferactivity com.oole.android.mscom.oole.android.ms.smartdevice.d2d.ui.forwardinactivity com.oole.android.mscom.oole.android.ms.subscriptions.settins.gooleonesettinsactivity com.oole.android.mscom.oole.android.ms.tapandpay.admin.deviceadminpromptactivity com.oole.android.mscom.oole.android.ms.tapandpay.issuer.requestdeletetokenactivity com.oole.android.mscom.oole.android.ms.tapandpay.issuer.requestselecttokenactivity com.oole.android.mscom.oole.android.ms.tapandpay.issuer.requesttokenizeactivity com.oole.android.mscom.oole.android.ms.tapandpay.keyuard.keyuardsecurityinfoactivity com.oole.android.mscom.oole.android.ms.tapandpay.settins.notificationsettinsactivity com.oole.android.mscom.oole.android.ms.tapandpay.settins.selectuntokenizedcardactivity com.oole.android.mscom.oole.android.ms.tapandpay.settins.tapandpaysettinsactivity com.oole.android.mscom.oole.android.ms.tapandpay.tap.tapuiactivity com.oole.android.mscom.oole.android.ms.tapandpay.tap.tapactivity com.oole.android.mscom.oole.android.ms.tapandpay.tap.tapkeyuardactivity com.oole.android.mscom.oole.android.ms.tapandpay.tokenization.accepttosactivity com.oole.android.mscom.oole.android.ms.tapandpay.tokenization.addnewcardfortokenizationactivity com.oole.android.mscom.oole.android.ms.tapandpay.tokenization.addnewcardthrouhbrowseractivity com.oole.android.mscom.oole.android.ms.tapandpay.tokenization.enablenfcactivity com.oole.android.mscom.oole.android.ms.tapandpay.tokenization.enterverificationcodeactivity com.oole.android.mscom.oole.android.ms.tapandpay.tokenization.linkvisacheckoutactivity com.oole.android.mscom.oole.android.ms.tapandpay.tokenization.nameresolutionactivity com.oole.android.mscom.oole.android.ms.tapandpay.settins.selectotherpaymentmethodactivity com.oole.android.mscom.oole.android.ms.tapandpay.tokenization.selectverificationmethodactivity com.oole.android.mscom.oole.android.ms.tapandpay.tokenization.tokenizepanactivity com.oole.android.mscom.oole.android.ms.tapandpay.tokenization.unsupportedcardactivity com.oole.android.mscom.oole.android.ms.tapandpay.tokenization.visacheckoutsetupdoneactivity com.oole.android.mscom.oole.android.ms.tapandpay.transaction.wallettransactiondetailsactivity com.oole.android.mscom.oole.android.ms.tapandpay.ui.enablesecurekeyuardactivity com.oole.android.mscom.oole.android.ms.tapandpay.ui.postselfdestructsetupactivity com.oole.android.mscom.oole.android.ms.tapandpay.ui.promptsetupactivity com.oole.android.mscom.oole.android.ms.tapandpay.ui.securedeviceactivity com.oole.android.mscom.oole.android.ms.tapandpay.account.selectaccountactivity com.oole.android.mscom.oole.android.ms.tapandpay.ui.showsecuritypromptactivity com.oole.android.mscom.oole.android.ms.tapandpay.ui.warmwelcomeactivity com.oole.android.mscom.oole.android.ms.tapandpay.wear.wearproxyactivity com.oole.android.mscom.oole.android.ms.tapandpay.wear.wearproxycompanionactivity com.oole.android.mscom.oole.android.ms.tapandpay.wear.dialo.weartapandpaydialoactivity com.oole.android.mscom.oole.android.ms.tapandpay.wear.dialo.wearsecurekeyuarddialoactivity Is Entrypoint Copyriht Joe Security LLC 2017 Pae 14 of 150

15 com.oole.android.mscom.oole.android.ms.tapandpay.ui.tokenizationsuccessactivity com.oole.android.mscom.oole.android.ms.trustaent.gooletrustaentpersonalunlockinsettins com.oole.android.mscom.oole.android.ms.trustaent.gooletrustaenttrusteddevicessettins com.oole.android.mscom.oole.android.ms.trustaent.trusteddeviceselectionactivity com.oole.android.mscom.oole.android.ms.trustaent.bluetoothdeviceselectionactivity com.oole.android.mscom.oole.android.ms.trustaent.nfcdeviceselectionactivity com.oole.android.mscom.oole.android.ms.trustaent.gooletrustaentonbodydetectionsettins com.oole.android.mscom.oole.android.ms.trustaent.gooletrustaenttruststatusmonitorsettin com.oole.android.mscom.oole.android.ms.trustaent.trusteddevicesintroactivity com.oole.android.mscom.oole.android.ms.trustaent.confirmusercredentialandstartactivity com.oole.android.mscom.oole.android.ms.trustaent.gooletrustaentfirstnotificationactivity com.oole.android.mscom.oole.android.ms.trustaent.trustaentonboardinactivity com.oole.android.mscom.oole.android.ms.trustaent.discovery.onbodypromotionactivity com.oole.android.mscom.oole.android.ms.trustaent.discovery.webpaeonbodypromotionactivity com.oole.android.mscom.oole.android.ms.trustaent.discovery.promotescreenlockandonbodyactivity com.oole.android.mscom.oole.android.ms.trustaent.gooletrustaentfaceunlocksettins com.oole.android.mscom.oole.android.ms.trustlet.place.ui.trustedplacessettinsactivity com.oole.android.mscom.oole.android.ms.udc.ui.authenticatinwebviewactivity com.oole.android.mscom.oole.android.ms.udc.ui.udcsettinslistactivity com.oole.android.mscom.oole.android.ms.udc.ui.udcsettindetailactivity com.oole.android.mscom.oole.android.ms.udc.ui.udcconsentactivity com.oole.android.mscom.oole.android.ms.udc.ui.deviceusaeactivity com.oole.android.mscom.oole.android.ms.usaereportin.settins.usaereportinactivity com.oole.android.mscom.oole.android.ms.usaereportin.ui.usaereportindialoactivity com.oole.android.mscom.oole.android.ms.usaereportin.ui.usaereportindebuactivity com.oole.android.mscom.oole.android.ms.wallet.common.ui.updatecallinappactivity com.oole.android.mscom.oole.android.ms.wallet.common.ui.erroractivity com.oole.android.mscom.oole.android.ms.wallet.ow.rootactivity com.oole.android.mscom.oole.android.ms.wallet.ow.lockscreenforfullwalletactivity com.oole.android.mscom.oole.android.ms.wallet.ow.showlockscreenactivity com.oole.android.mscom.oole.android.ms.wallet.ow.walletframentshimactivity com.oole.android.mscom.oole.android.ms.wallet.ow.chooseaccountshimactivity com.oole.android.mscom.oole.android.ms.wallet.ow.chooseaccountshiminternalactivity com.oole.android.mscom.oole.android.ms.wallet.address.requestuseraddressactivity com.oole.android.mscom.oole.android.ms.wallet.selector.initializegenericselectorrootactivity com.oole.android.mscom.oole.android.ms.wallet.buyflow.checkoutactivity com.oole.android.mscom.oole.android.ms.wallet.im.imrootactivity com.oole.android.mscom.oole.android.ms.wallet.setupwizard.paymentssetupwizardactivity com.oole.android.mscom.oole.android.ms.wallet.im.setupwizardimrootactivity com.oole.android.mscom.oole.android.ms.wallet.pm.pmrootactivity com.oole.android.mscom.oole.android.ms.wallet.idcredit.idcreditactivity com.oole.android.mscom.oole.android.ms.wallet.paymentmethods.paymentmethodsactivity com.oole.android.mscom.oole.android.ms.wallet.addinstrument.addinstrumentrootactivity com.oole.android.mscom.oole.android.ms.wallet.fixinstrument.fixinstrumentrootactivity com.oole.android.mscom.oole.android.ms.wallet.ib.ibactivity com.oole.android.mscom.oole.android.ms.wallet.ib.launchpendinintentactivity com.oole.android.mscom.oole.android.ms.wallet.ib.ibpaymentrequestcompatactivity com.oole.android.mscom.oole.android.ms.wallet.ib.lockscreenforfullwalletactivity com.oole.android.mscom.oole.android.ms.wallet.ui.common.overlayactivity com.oole.android.mscom.oole.android.ms.wallet.ui.redirect.popupredirectproxyactivity com.oole.android.mscom.oole.android.ms.wallet.activity.deleatoractivity com.oole.android.mscom.oole.android.ms.wallet.activity.genericdeleatoractivity com.oole.android.mscom.oole.android.ms.wallet.timelineview.timelineviewactivity com.oole.android.mscom.oole.android.ms.wallet.embeddedsettins.embeddedsettinsactivity com.oole.android.mscom.oole.android.ms.wallet.usermanaement.usermanaementactivity com.oole.android.mscom.oole.android.ms.wallet.redirect.startandroidappredirectproxyactivity com.oole.android.mscom.oole.android.ms.wallet.redirect.finishandroidappredirectproxyactivity com.oole.android.mscom.oole.android.ms.walletp2p.feature.split.contactpicker.contactpickeractivity com.oole.android.mscom.oole.android.ms.walletp2p.feature.split.splitrequestactivity com.oole.android.mscom.oole.android.ms.walletp2p.feature.transfer.transfermoneyactivity com.oole.android.mscom.oole.android.ms.walletp2p.feature.completion.completemoneytransferactivity com.oole.android.mscom.oole.android.ms.wearable.ui.wearablemanaespaceactivity com.oole.android.mscom.oole.android.ms.chimera.debu.chimeradebuactivity com.oole.android.mscom.oole.android.ms.common.ui.errordialoactivity Is Entrypoint Copyriht Joe Security LLC 2017 Pae 15 of 150

16 com.oole.android.mscom.oole.android.ms.common.activity.whitelistwebviewactivity com.oole.android.mscom.oole.android.ms.auth.api.sinin.internal.sininhubactivity com.oole.android.mscom.oole.firebase.auth.internal.federatedsininactivity com.oole.android.mscom.oole.android.wallet.redirect.startandroidappredirectactivity Is Entrypoint Receivers com.oole.android.ms.ads.confi.flasreceiver com.oole.android.ms.ads.confi.gserviceschanedreceiver com.oole.android.ms.ads.jams.systemeventreceiver com.oole.android.ms.analytics.analyticsreceiver com.oole.android.ms.app.receiver.getrestrictionsreceiver com.oole.android.ms.app.receiver.onetimeinitializerreceiver com.oole.android.ms.appinvite.sms.sendsmsreceiver com.oole.android.ms.auth.account.accounttransfer.accounttransferreceiver com.oole.android.ms.auth.account.authenticator.workaccountauthenticatorinitializerr eceiver com.oole.android.ms.auth.account.be.accountstate.loinaccountschanedwakefulbr oadcastreceiver com.oole.android.ms.auth.account.be.channelid.channelbindinbroadcastreceiver com.oole.android.ms.auth.account..workaccountstorereceiver com.oole.android.ms.auth.api.credentials.openyolo.provider.credentialqueryreceiver com.oole.android.ms.auth.api.credentials.sync.credentialsyncbroadcastreceiver com.oole.android.ms.auth.authzen.authzengcmreceiver com.oole.android.ms.auth.authzen.cryptauth.dialersecretcodereceiver com.oole.android.ms.auth.easyunlock.authorization.bluetoothstatechanereceiver com.oole.android.ms.auth.easyunlock.authorization.cryptauthdevicesyncreceiver com.oole.android.ms.auth.easyunlock.reistration.bt.cryptauthgcmproximityreceiver com.oole.android.ms.auth.easyunlock.userpresence.periodiccheckreceiver com.oole.android.ms.auth.proximity.bluetoothservicesadapterstatechanereceiver Intent: com.oole.android.ms.ads.confi.flag_override, com.oole.android.ms.ads.confi.flag_reset Intent: com.oole.services.intent.action.gservices_changed Intent: com.oole.android.checkin.checkin_complete, com.oole.android.ms.auth.google_account_change Intent: com.oole.android.ms.analytics.analytics_dispatch Intent: android.intent.action.get_restriction_entries Intent: com.oole.android.onetimeinitializer.one_time_initialized Intent: com.oole.android.ms.auth.account_export_data_available, com.oole.android.ms.auth.account_import_data_available, com.oole.android.ms.auth.start_account_export, com.oole.android.ms.auth.start_account_import Intent: android.app.action.device_owner_changed, android.intent.action.user_initialize, com.oole.android.ms.auth.enable_work_authenticator Intent: android.accounts.login_accounts_changed Intent: com.oole.services.intent.action.gservices_changed Intent: com.oole.android.ms.auth.google_account_change Intent: or.openyolo.credential Intent: com.oole.services.intent.action.gservices_changed, com.oole.android.ms.auth.google_account_change Intent: com.oole.android.ms.auth.authzen.register_now, com.oole.android.ms.auth.authzen.check_registration, com.oole.android.ms.auth.authzen.test_ui, com.oole.android.ms.cm.registered Intent: android.provider.telephony.secret_code Intent: android.bluetooth.adapter.action.state_changed Intent: com.oole.android.ms.auth.authzen.device_sync_finished Intent: com.oole.android.ms.auth.authzen.gcm_device_proximity Intent: android.bluetooth.adapter.action.state_changed com.oole.android.ms.auth.proximity.gcmbroadcastreceiver com.oole.android.ms.auth.setup.devicesinals.lockscreenreceiver com.oole.android.ms.auth.uiflows.addaccount.setupwizard.setupwizardpreferencesc learinreceiver com.oole.android.ms.backup.gmsbackupstatuschanereceiver com.oole.android.ms.checkin.checkinserviceactivereceiver com.oole.android.ms.checkin.checkinserviceclockworkfallbackreceiver com.oole.android.ms.checkin.checkinserviceimposereceiver com.oole.android.ms.checkin.checkinservicereceiver com.oole.android.ms.checkin.checkinservicesecretcodereceiver com.oole.android.ms.checkin.checkinservicetrierreceiver com.oole.android.ms.checkin.eventloservicereceiver com.oole.android.ms.chimera.gmsintentoperationservice$gmsexternalreceiver com.oole.android.ms.chimera.gmsintentoperationservice$persistentdownloadrecei ver Intent: android.intent.action.user_present Intent: com.oole.android.setupwizard.setup_wizard_finished Intent: com.oole.services.intent.action.gservices_changed Intent: android.net.conn.background_data_setting_changed, android.net.conn.connectivity_change Intent: android.server.checkin.checkin_now Intent: com.oole.services.intent.action.gservices_changed Intent: android.provider.telephony.secret_code Intent: com.oole.android.ms.auth.google_account_change, android.server.checkin.checkin (Priority 1), android.app.action.device_owner_changed, com.oole.android.c2dm.intent.receive, android.intent.action.sim_state_changed Intent: android.intent.action.time_set, com.oole.services.intent.action.gservices_changed Intent: android.app.action.system_update_policy_changed, android.provider.telephony.sms_received, com.oole.android.ms.auth.frp_config_changed, thunderbird.intent.action.mock_new_outgoing_call, thunderbird.intent.action.mock_new_outgoing_sms, com.android.launcher3.action.launch, android.provider.contacts.database_created, com.oole.android.finsky.action.content_filters_changed, com.oole.iid.token_request, com.oole.android.ms.common.imaes.load_image, com.oole.vr.powerpolicy.action.action_policy_changed, android.provider.telephony.wap_push_received, android.intent.action.provider_changed Intent: android.intent.action.download_complete Copyriht Joe Security LLC 2017 Pae 16 of 150

17 com.oole.android.ms.chimera.gmsintentoperationservice$persistentinternalreceiver Intent: com.oole.android.ms.auth.google_account_change, com.oole.android.ms.fitness.app_disconnected, com.oole.android.chimera.intentoperation.targeted_intent, com.android.location.service.v3.networklocationprovider, com.android.settins.location.mode_changing, com.oole.android.c2dm.intent.register, com.oole.android.c2dm.intent.unregister, com.oole.android.checkin.checkin_complete, com.oole.android.chimera.module_configuration_changed, com.oole.android.cm.intent.send_internal, com.oole.android.ms.auth.account_services_changed, com.oole.android.ms.auth.account.visibility.whitelist_application, com.oole.android.ms.auth.authzen.device_sync_finished, com.oole.android.ms.common.lemon_log, com.oole.android.ms.deviceconnection.input_device_connected, com.oole.android.ms.deviceconnection.input_device_disconnected, com.oole.android.ms.cm.registered, com.oole.android.ms.icin.action.contact_changed, com.oole.android.ms.location.reportin.delete_operation, com.oole.android.ms.maictether.scanned_device, com.oole.android.ms.people.action.contacts_restore_progress_updated, com.oole.android.ms.phenotype.committed, com.oole.android.ms.phenotype.update, com.oole.android.ms.udc.action.setting_changed, com.oole.android.ms.update.status_changed, com.oole.android.sf.settins.goolelocationsettins.update_location_setting S, com.oole.android.location.internal.server.action_restarted, com.oole.services.intent.action.gservices_changed com.oole.android.ms.chimera.gmsintentoperationservice$persistenttrustedreceiver Intent: android.intent.action.package_added, android.intent.action.package_changed, android.intent.action.package_data_cleared, android.intent.action.package_fully_removed, android.intent.action.package_removed, android.intent.action.package_replaced, android.accounts.login_accounts_changed, android.app.action.action_password_changed, android.app.action.device_owner_changed, android.app.action.system_update_policy_changed, android.bluetooth.adapter.action.state_changed, android.bluetooth.device.action.acl_connected, android.bluetooth.device.action.bond_state_changed, android.intent.action.action_power_connected, android.intent.action.action_shutdown, android.intent.action.boot_completed, android.intent.action.date_changed, android.intent.action.device_storage_low, android.intent.action.device_storage_ok, android.intent.action.dropbox_entry_added, android.intent.action.locale_changed, android.intent.action.new_outgoing_call, android.intent.action.sim_state_changed, android.intent.action.time_set, android.intent.action.timezone_changed, android.intent.action.user_initialize, android.intent.action.user_present, android.location.mode_changed, android.location.providers_changed, android.net.conn.background_data_setting_changed, android.net.wifi.wifi_ap_state_changed, android.os.updatelock.update_lock_changed, android.intent.action.my_package_replaced com.oole.android.ms.chimera.gmsintentoperationservice$secretcodereceiver Intent: android.provider.telephony.secret_code (Priority 1) com.oole.android.ms.chromesync.sync.syncreceiverservice$receiver com.oole.android.ms.clearcut.receiver.wallclockchanedreceiver com.oole.android.ms.common.receiver.internalbroadcastreceiver com.oole.android.ms.constellation.gcmbroadcastreceiver com.oole.android.ms.contextmanaer.cm.gcmbroadcastreceiver com.oole.android.ms.ames.chimera.gamessystembroadcastreceiverproxy com.oole.android.ms.ames.chimera.internalintentreceiverproxy com.oole.android.ms.ass.chimera.packaechanebroadcastreceiver com.oole.android.ms.cm.gcminternalreceiver com.oole.android.ms.cm.gcmpackaetracker$gcmpackaechanereceiver Intent: com.oole.android.ms.auth.google_account_change Intent: android.intent.action.time_set Intent: com.oole.android.ms.common.set_gms_account, com.oole.android.ms.common.receiver.log_core_analytics Intent: com.oole.android.ms.cm.registered Intent: android.intent.action.locale_changed, android.accounts.login_accounts_changed, android.provider.telephony.secret_code, com.oole.android.ms.people.broadcast_circles_changed, android.intent.action.package_added, android.intent.action.package_removed, com.oole.android.ms.gms_updated, android.intent.action.boot_completed Intent: com.oole.android.ms.ames.acknowledge_notifications, com.oole.android.ms.ames.clear_data, com.oole.android.ms.ames.launch_game, com.oole.android.ms.ames.quest_expiring_alarm Intent: android.intent.action.package_added, android.intent.action.package_replaced Intent: com.oole.android.c2dm.intent.receive Intent: android.intent.action.package_added, android.intent.action.package_removed, com.oole.android.ms.backup.action_full_data_restore com.oole.android.ms.cm.gcmsenderproxy Intent: com.oole.android.cm.intent.send (Priority 101) Copyriht Joe Security LLC 2017 Pae 17 of 150

18 com.oole.android.ms.cm.serviceautostarter com.oole.android.ms.cm.nts.schedulerinternalreceiver com.oole.android.ms.cm.nts.schedulerreceiver com.oole.android.ms.oolehelp.gcmbroadcastreceiver com.oole.android.ms.herrevad.receivers.captiveportalreceiver com.oole.android.ms.herrevad.receivers.gservicesreceiver com.oole.android.ms.icin.proxy.applicationlauncherreceiver com.oole.android.ms.kids.account.receiver.profileownerreceiver com.oole.android.ms.location.copresence.gcmbroadcastreceiver com.oole.android.ms.location.reportin.service.gcmbroadcastreceiver com.oole.android.ms.locationsharin.notifications.gcmbroadcastreceiver com.oole.android.ms.lockbox.lockboxalarmreceiver com.oole.android.ms.matchstick.gcmbroadcastreceiver com.oole.android.ms.mdm.receivers.accountschanedreceiver com.oole.android.ms.mdm.receivers.activatedeviceadminuponunlockreceiver com.oole.android.ms.mdm.receivers.connectivityreceiver com.oole.android.ms.mdm.receivers.gooleaccountsaddedreceiver com.oole.android.ms.mdm.receivers.mdmdeviceadminreceiver com.oole.android.ms.mdm.receivers.mdmphonewearinitializer com.oole.android.ms.mdm.receivers.retryafteralarmreceiver com.oole.android.ms.measurement.appmeasurementinstallreferrerreceiver com.oole.android.ms.measurement.appmeasurementreceiver com.oole.android.ms.measurement.packaemeasurementreceiver com.oole.android.ms.measurement.internal.gserviceschanedreceiver com.oole.android.ms.netrec.scorin.receiver.scorenetworksbroadcastreceiver com.oole.android.ms.notifications.gcmbroadcastreceiver com.oole.android.ms.ocr.ocrmodelbroadcastreceiver com.oole.android.ms.phenotype.service.flaoverridereceiver com.oole.android.ms.photos.initializephotosintentreceiver com.oole.android.ms.photos.autobackup.photosappuninstalledreceiver com.oole.android.ms.security.settins.updateconsentreceiver com.oole.android.ms.smartdevice.notification.persistentnotificationcancellationbroad castreceiver Intent: android.net.conn.connectivity_change, com.oole.services.intent.action.gservices_changed, android.net.conn.background_data_setting_changed, com.oole.android.checkin.checkin_complete, com.oole.android.talk.mcs_connection_service_started Intent: com.oole.android.ms.cm.action_check_queue, com.oole.android.ms.cm.action_http_ok, com.oole.android.ms.cm.action_execute_task, com.oole.android.ms.cm.action_initialize_tasks Intent: android.intent.action.package_removed, android.intent.action.package_replaced, com.oole.android.ms.cm.action_package_replaced, com.oole.android.ms.cm.action_package_removed, android.intent.action.user_removed, android.intent.action.action_power_connected, com.oole.android.ms.cm.action_schedule, com.oole.android.ms.cm.nts.action_schedule, com.oole.android.ms.cm.action_trigger_task Intent: android.net.conn.network_conditions_measured Intent: com.oole.services.intent.action.gservices_changed Intent: com.android.launcher3.action.launch Intent: android.app.action.device_admin_enabled Intent: android.accounts.login_accounts_changed Intent: android.intent.action.user_present Intent: android.net.conn.connectivity_change Intent: com.oole.android.ms.auth.google_account_change Intent: android.app.action.device_admin_enabled Intent: com.android.vendin.install_referrer Intent: com.oole.android.ms.measurement.upload Intent: com.oole.services.intent.action.gservices_changed Intent: android.net.scorin.score_networks, android.net.scorin.scorer_changed Intent: com.oole.android.ms.gms_updated, com.oole.services.intent.action.gservices_changed, android.intent.action.device_storage_low, android.intent.action.device_storage_ok Intent: com.oole.android.ms.phenotype.flag_override Intent: android.intent.action.package_removed Intent: com.oole.android.ms.smartdevice.notification.cancel com.oole.android.ms.statementservice.intentfilterverificationreceiver Intent: android.intent.action.intent_filter_needs_verification (Priority 10) com.oole.android.ms.stats.service.dropboxentryaddedreceiver com.oole.android.ms.tapandpay.admin.tpdeviceadminreceiver com.oole.android.ms.tapandpay.notifications.gcmbroadcastreceiver com.oole.android.ms.tron.alarmreceiver com.oole.android.ms.trustaent.bluetoothdevicebondstatebroadcastreceiver com.oole.android.ms.trustaent.notificationdismissedreceiver com.oole.android.ms.trustaent.userpresentbroadcastreceiver com.oole.android.ms.udc.service.udccontextinitreceiver com.oole.android.ms.update.systemupdateserviceactivereceiver com.oole.android.ms.vision.dependencybroadcastreceiverproxy com.oole.android.libraries.social.account.refresh.receiver.accountschanedreceiver com.oole.android.libraries.social.autobackup.autobackupenvironment$batteryreceiver com.oole.android.libraries.social.autobackup.autobackupenvironment$connectivityre ceiver Intent: android.intent.action.dropbox_entry_added Intent: android.app.action.device_admin_enabled, android.app.action.device_admin_disabled, android.app.action.action_password_changed Intent: com.oole.android.ms.tron.alarm Intent: android.bluetooth.device.action.bond_state_changed Intent: com.oole.android.ms.trustaent.log_delete_notification Intent: android.intent.action.user_present Intent: com.oole.services.intent.action.gservices_changed Intent: android.net.conn.background_data_setting_changed, android.os.updatelock.update_lock_changed, android.intent.action.device_storage_ok Intent: com.oole.android.ms.vision.dependency Intent: android.accounts.login_accounts_changed Intent: android.intent.action.action_power_connected, android.intent.action.action_power_disconnected Intent: android.net.conn.connectivity_change, android.net.conn.background_data_setting_changed Copyriht Joe Security LLC 2017 Pae 18 of 150